projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix resetting remote authentication requirement after pairing
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 560
ed3fa31f 561 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 562 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
563 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
bc6d2d04
JH		 909int mgmt_update_adv_data(struct hci_dev *hdev)
910{
911 struct hci_request req;
912
913 hci_req_init(&req, hdev);
914 update_adv_data(&req);
915
916 return hci_req_run(&req, NULL);
917}
918
ef580372
JH		 919static void create_eir(struct hci_dev *hdev, u8 *data)
920{
921 u8 *ptr = data;
ef580372
JH		 922 size_t name_len;
923
924 name_len = strlen(hdev->dev_name);
925
926 if (name_len > 0) {
927 /* EIR Data type */
928 if (name_len > 48) {
929 name_len = 48;
930 ptr[1] = EIR_NAME_SHORT;
931 } else
932 ptr[1] = EIR_NAME_COMPLETE;
933
934 /* EIR Data length */
935 ptr[0] = name_len + 1;
936
937 memcpy(ptr + 2, hdev->dev_name, name_len);
938
ef580372
JH		 939 ptr += (name_len + 2);
940 }
941
bbaf444a 942 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 943 ptr[0] = 2;
944 ptr[1] = EIR_TX_POWER;
945 ptr[2] = (u8) hdev->inq_tx_power;
946
91c4e9b1
MH		 947 ptr += 3;
948 }
949
2b9be137
MH		 950 if (hdev->devid_source > 0) {
951 ptr[0] = 9;
952 ptr[1] = EIR_DEVICE_ID;
953
954 put_unaligned_le16(hdev->devid_source, ptr + 2);
955 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
956 put_unaligned_le16(hdev->devid_product, ptr + 6);
957 put_unaligned_le16(hdev->devid_version, ptr + 8);
958
2b9be137
MH		 959 ptr += 10;
960 }
961
213202ed 962 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 963 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 964 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 965}
966
890ea898 967static void update_eir(struct hci_request *req)
ef580372 968{
890ea898 969 struct hci_dev *hdev = req->hdev;
ef580372
JH		 970 struct hci_cp_write_eir cp;
971
504c8dcd 972 if (!hdev_is_powered(hdev))
890ea898 973 return;
7770c4aa 974
976eb20e 975 if (!lmp_ext_inq_capable(hdev))
890ea898 976 return;
ef580372 977
84bde9d6 978 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 979 return;
ef580372 980
a8b2d5c2 981 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 982 return;
ef580372
JH		 983
984 memset(&cp, 0, sizeof(cp));
985
986 create_eir(hdev, cp.data);
987
988 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 989 return;
ef580372
JH		 990
991 memcpy(hdev->eir, cp.data, sizeof(cp.data));
992
890ea898 993 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 994}
995
996static u8 get_service_classes(struct hci_dev *hdev)
997{
998 struct bt_uuid *uuid;
999 u8 val = 0;
1000
1001 list_for_each_entry(uuid, &hdev->uuids, list)
1002 val |= uuid->svc_hint;
1003
1004 return val;
1005}
1006
890ea898 1007static void update_class(struct hci_request *req)
ef580372 1008{
890ea898 1009 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1010 u8 cod[3];
1011
1012 BT_DBG("%s", hdev->name);
1013
504c8dcd 1014 if (!hdev_is_powered(hdev))
890ea898 1015 return;
7770c4aa 1016
f87ea1da
JH		 1017 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1018 return;
1019
a8b2d5c2 1020 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1021 return;
ef580372
JH		 1022
1023 cod[0] = hdev->minor_class;
1024 cod[1] = hdev->major_class;
1025 cod[2] = get_service_classes(hdev);
1026
6acd7db4
MH		 1027 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1028 cod[1] |= 0x20;
1029
ef580372 1030 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1031 return;
ef580372 1032
890ea898 1033 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1034}
1035
a4858cb9 1036static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1037{
1038 struct pending_cmd *cmd;
199a2fb1
JH		 1039
1040 /* If there's a pending mgmt command the flag will not yet have
1041 * it's final value, so check for this first.
1042 */
1043 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1044 if (cmd) {
1045 struct mgmt_mode *cp = cmd->param;
a4858cb9 1046 return cp->val;
199a2fb1
JH		 1047 }
1048
a4858cb9 1049 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1050}
1051
0ec5ae84
JH		 1052static void disable_advertising(struct hci_request *req)
1053{
1054 u8 enable = 0x00;
1055
1056 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1057}
1058
199a2fb1
JH		 1059static void enable_advertising(struct hci_request *req)
1060{
1061 struct hci_dev *hdev = req->hdev;
1062 struct hci_cp_le_set_adv_param cp;
8f2a0601 1063 u8 own_addr_type, enable = 0x01;
a4858cb9 1064 bool connectable;
199a2fb1 1065
0ec5ae84
JH		 1066 if (hci_conn_num(hdev, LE_LINK) > 0)
1067 return;
1068
1069 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1070 disable_advertising(req);
1071
5ce194c4 1072 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1073 * hci_update_random_address knows that it's safe to go ahead
1074 * and write a new random address. The flag will be set back on
1075 * as soon as the SET_ADV_ENABLE HCI command completes.
1076 */
5ce194c4 1077 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1078
a4858cb9 1079 connectable = get_connectable(hdev);
8f2a0601 1080
a4858cb9
JH		 1081 /* Set require_privacy to true only when non-connectable
1082 * advertising is used. In that case it is fine to use a
1083 * non-resolvable private address.
1084 */
1085 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1086 return;
1087
41c90c18 1088 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1089 cp.min_interval = cpu_to_le16(0x0800);
1090 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1091 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1092 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1093 cp.channel_map = hdev->le_adv_channel_map;
1094
1095 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1096
1097 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1098}
1099
7d78525d
JH		 1100static void service_cache_off(struct work_struct *work)
1101{
1102 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1103 service_cache.work);
890ea898 1104 struct hci_request req;
7d78525d 1105
a8b2d5c2 1106 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1107 return;
1108
890ea898
JH		 1109 hci_req_init(&req, hdev);
1110
7d78525d
JH		 1111 hci_dev_lock(hdev);
1112
890ea898
JH		 1113 update_eir(&req);
1114 update_class(&req);
7d78525d
JH		 1115
1116 hci_dev_unlock(hdev);
890ea898
JH		 1117
1118 hci_req_run(&req, NULL);
7d78525d
JH		 1119}
1120
d6bfd59c
JH		 1121static void rpa_expired(struct work_struct *work)
1122{
1123 struct hci_dev *hdev = container_of(work, struct hci_dev,
1124 rpa_expired.work);
1125 struct hci_request req;
1126
1127 BT_DBG("");
1128
1129 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1130
0ec5ae84 1131 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1132 return;
1133
1134 /* The generation of a new RPA and programming it into the
1135 * controller happens in the enable_advertising() function.
1136 */
d6bfd59c 1137 hci_req_init(&req, hdev);
d6bfd59c 1138 enable_advertising(&req);
d6bfd59c
JH		 1139 hci_req_run(&req, NULL);
1140}
1141
6a919082 1142static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1143{
4f87da80 1144 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1145 return;
1146
4f87da80 1147 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1148 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1149
4f87da80
JH		 1150 /* Non-mgmt controlled devices get this bit set
1151 * implicitly so that pairing works for them, however
1152 * for mgmt we require user-space to explicitly enable
1153 * it
1154 */
1155 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1156}
1157
0f4e68cf 1158static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1159 void *data, u16 data_len)
0381101f 1160{
a38528f1 1161 struct mgmt_rp_read_info rp;
f7b64e69 1162
bdb6d971 1163 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1164
09fd0de5 1165 hci_dev_lock(hdev);
f7b64e69 1166
dc4fe30b
JH		 1167 memset(&rp, 0, sizeof(rp));
1168
69ab39ea 1169 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1170
69ab39ea 1171 rp.version = hdev->hci_ver;
eb55ef07 1172 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1173
1174 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1175 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1176
a38528f1 1177 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1178
dc4fe30b 1179 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1180 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1181
09fd0de5 1182 hci_dev_unlock(hdev);
0381101f 1183
bdb6d971 1184 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1185 sizeof(rp));
0381101f
JH		 1186}
1187
eec8d2bc
JH		 1188static void mgmt_pending_free(struct pending_cmd *cmd)
1189{
1190 sock_put(cmd->sk);
c68fb7ff 1191 kfree(cmd->param);
eec8d2bc
JH		 1192 kfree(cmd);
1193}
1194
366a0336 1195static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1196 struct hci_dev *hdev, void *data,
1197 u16 len)
eec8d2bc
JH		 1198{
1199 struct pending_cmd *cmd;
1200
fca20018 1201 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1202 if (!cmd)
366a0336 1203 return NULL;
eec8d2bc
JH		 1204
1205 cmd->opcode = opcode;
2e58ef3e 1206 cmd->index = hdev->id;
eec8d2bc 1207
12b94565 1208 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1209 if (!cmd->param) {
eec8d2bc 1210 kfree(cmd);
366a0336 1211 return NULL;
eec8d2bc
JH		 1212 }
1213
8fce6357
SJ		 1214 if (data)
1215 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1216
1217 cmd->sk = sk;
1218 sock_hold(sk);
1219
2e58ef3e 1220 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1221
366a0336 1222 return cmd;
eec8d2bc
JH		 1223}
1224
744cf19e 1225static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1226 void (*cb)(struct pending_cmd *cmd,
1227 void *data),
04124681 1228 void *data)
eec8d2bc 1229{
a3d09356 1230 struct pending_cmd *cmd, *tmp;
eec8d2bc 1231
a3d09356 1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1233 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1234 continue;
1235
eec8d2bc
JH		 1236 cb(cmd, data);
1237 }
1238}
1239
a664b5bc 1240static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1241{
73f22f62
JH		 1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1244}
1245
69ab39ea 1246static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1247{
69ab39ea 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1249
aee9b218 1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1251 sizeof(settings));
8680570b
JH		 1252}
1253
8b064a3a
JH		 1254static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1255{
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1257
a3172b7e
JH		 1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
8b064a3a 1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1261 }
8b064a3a
JH		 1262}
1263
23a48093 1264static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1265{
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1269
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1274 } else {
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1277 }
1278
23a48093 1279 return true;
21a60d30
JH		 1280
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1283 NAME_PENDING);
1284 if (!e)
23a48093 1285 break;
21a60d30
JH		 1286
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1289 &cp);
1290
23a48093 1291 return true;
21a60d30
JH		 1292
1293 default:
1294 /* Passive scanning */
23a48093 1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1296 hci_req_add_le_scan_disable(req);
23a48093
JH		 1297 return true;
1298 }
1299
21a60d30
JH		 1300 break;
1301 }
23a48093
JH		 1302
1303 return false;
21a60d30
JH		 1304}
1305
8b064a3a
JH		 1306static int clean_up_hci_state(struct hci_dev *hdev)
1307{
1308 struct hci_request req;
1309 struct hci_conn *conn;
23a48093
JH		 1310 bool discov_stopped;
1311 int err;
8b064a3a
JH		 1312
1313 hci_req_init(&req, hdev);
1314
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 u8 scan = 0x00;
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1319 }
1320
73e082f8 1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1322 disable_advertising(&req);
1323
23a48093 1324 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1325
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
c9910d0f
JH		 1328 struct hci_cp_reject_conn_req rej;
1329
1330 switch (conn->state) {
1331 case BT_CONNECTED:
1332 case BT_CONFIG:
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1336 break;
1337 case BT_CONNECT:
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 0, NULL);
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 6, &conn->dst);
1344 break;
1345 case BT_CONNECT2:
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 sizeof(rej), &rej);
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1353 sizeof(rej), &rej);
1354 break;
1355 }
8b064a3a
JH		 1356 }
1357
23a48093
JH		 1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1361
1362 return err;
8b064a3a
JH		 1363}
1364
bdb6d971 1365static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1366 u16 len)
eec8d2bc 1367{
650f726d 1368 struct mgmt_mode *cp = data;
366a0336 1369 struct pending_cmd *cmd;
4b34ee78 1370 int err;
eec8d2bc 1371
bdb6d971 1372 BT_DBG("request for %s", hdev->name);
eec8d2bc 1373
a7e80f25
JH		 1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1377
09fd0de5 1378 hci_dev_lock(hdev);
eec8d2bc 1379
87b95ba6
JH		 1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1382 MGMT_STATUS_BUSY);
1383 goto failed;
1384 }
1385
f0d4b78a
MH		 1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1388
1389 if (cp->val) {
a1d70450
JH		 1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 data, len);
1392 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1393 goto failed;
1394 }
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
2e58ef3e 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
8b064a3a 1408 if (cp->val) {
19202573 1409 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1410 err = 0;
1411 } else {
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1414 if (!err)
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1417
8b064a3a
JH		 1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
a3172b7e 1420 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1422 err = 0;
1423 }
1424 }
eec8d2bc
JH		 1425
1426failed:
09fd0de5 1427 hci_dev_unlock(hdev);
366a0336 1428 return err;
eec8d2bc
JH		 1429}
1430
beadb2bd
JH		 1431static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432{
1433 __le32 ev;
1434
1435 ev = cpu_to_le32(get_current_settings(hdev));
1436
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1438}
1439
91a668b0
JH		 1440int mgmt_new_settings(struct hci_dev *hdev)
1441{
1442 return new_settings(hdev, NULL);
1443}
1444
bd99abdd
JH		 1445struct cmd_lookup {
1446 struct sock *sk;
1447 struct hci_dev *hdev;
1448 u8 mgmt_status;
1449};
1450
1451static void settings_rsp(struct pending_cmd *cmd, void *data)
1452{
1453 struct cmd_lookup *match = data;
1454
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1456
1457 list_del(&cmd->list);
1458
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1462 }
1463
1464 mgmt_pending_free(cmd);
1465}
1466
1467static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468{
1469 u8 *status = data;
1470
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1473}
1474
e6fe7986
JH		 1475static u8 mgmt_bredr_support(struct hci_dev *hdev)
1476{
1477 if (!lmp_bredr_capable(hdev))
1478 return MGMT_STATUS_NOT_SUPPORTED;
1479 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1480 return MGMT_STATUS_REJECTED;
1481 else
1482 return MGMT_STATUS_SUCCESS;
1483}
1484
1485static u8 mgmt_le_support(struct hci_dev *hdev)
1486{
1487 if (!lmp_le_capable(hdev))
1488 return MGMT_STATUS_NOT_SUPPORTED;
1489 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1490 return MGMT_STATUS_REJECTED;
1491 else
1492 return MGMT_STATUS_SUCCESS;
1493}
1494
bfaf8c9f
JH		 1495static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1496{
1497 struct pending_cmd *cmd;
1498 struct mgmt_mode *cp;
970ba524 1499 struct hci_request req;
bfaf8c9f
JH		 1500 bool changed;
1501
1502 BT_DBG("status 0x%02x", status);
1503
1504 hci_dev_lock(hdev);
1505
1506 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1507 if (!cmd)
1508 goto unlock;
1509
1510 if (status) {
1511 u8 mgmt_err = mgmt_status(status);
1512 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1513 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1514 goto remove_cmd;
1515 }
1516
1517 cp = cmd->param;
d4462a07 1518 if (cp->val) {
bfaf8c9f
JH		 1519 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1520 &hdev->dev_flags);
d4462a07
MH		 1521
1522 if (hdev->discov_timeout > 0) {
1523 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1524 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1525 to);
1526 }
1527 } else {
bfaf8c9f
JH		 1528 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1529 &hdev->dev_flags);
d4462a07 1530 }
bfaf8c9f
JH		 1531
1532 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1533
1534 if (changed)
1535 new_settings(hdev, cmd->sk);
1536
970ba524
MH		 1537 /* When the discoverable mode gets changed, make sure
1538 * that class of device has the limited discoverable
1539 * bit correctly set.
1540 */
1541 hci_req_init(&req, hdev);
1542 update_class(&req);
1543 hci_req_run(&req, NULL);
1544
bfaf8c9f
JH		 1545remove_cmd:
1546 mgmt_pending_remove(cmd);
1547
1548unlock:
1549 hci_dev_unlock(hdev);
1550}
1551
bdb6d971 1552static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1553 u16 len)
73f22f62 1554{
650f726d 1555 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1556 struct pending_cmd *cmd;
bfaf8c9f 1557 struct hci_request req;
5e5282bb 1558 u16 timeout;
9a43e25f 1559 u8 scan;
73f22f62
JH		 1560 int err;
1561
bdb6d971 1562 BT_DBG("request for %s", hdev->name);
73f22f62 1563
9a43e25f
JH		 1564 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1565 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1566 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1567 MGMT_STATUS_REJECTED);
33c525c0 1568
310a3d48 1569 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1571 MGMT_STATUS_INVALID_PARAMS);
1572
1f350c87 1573 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1574
1575 /* Disabling discoverable requires that no timeout is set,
1576 * and enabling limited discoverable requires a timeout.
1577 */
1578 if ((cp->val == 0x00 && timeout > 0) ||
1579 (cp->val == 0x02 && timeout == 0))
bdb6d971 1580 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1581 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1582
09fd0de5 1583 hci_dev_lock(hdev);
73f22f62 1584
5e5282bb 1585 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1586 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1587 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1588 goto failed;
1589 }
1590
2e58ef3e 1591 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1592 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1593 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1594 MGMT_STATUS_BUSY);
73f22f62
JH		 1595 goto failed;
1596 }
1597
5e5282bb 1598 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1599 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1600 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1601 goto failed;
1602 }
1603
1604 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1605 bool changed = false;
1606
310a3d48
MH		 1607 /* Setting limited discoverable when powered off is
1608 * not a valid operation since it requires a timeout
1609 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 */
0224d2fa
JH		 1611 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1612 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1613 changed = true;
1614 }
1615
5e5282bb 1616 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1617 if (err < 0)
1618 goto failed;
1619
1620 if (changed)
1621 err = new_settings(hdev, sk);
1622
5e5282bb
JH		 1623 goto failed;
1624 }
1625
310a3d48
MH		 1626 /* If the current mode is the same, then just update the timeout
1627 * value with the new value. And if only the timeout gets updated,
1628 * then no need for any HCI transactions.
1629 */
1630 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1631 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1632 &hdev->dev_flags)) {
36261547
MH		 1633 cancel_delayed_work(&hdev->discov_off);
1634 hdev->discov_timeout = timeout;
955638ec 1635
36261547
MH		 1636 if (cp->val && hdev->discov_timeout > 0) {
1637 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1638 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1639 to);
955638ec
MH		 1640 }
1641
69ab39ea 1642 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1643 goto failed;
1644 }
1645
2e58ef3e 1646 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1647 if (!cmd) {
1648 err = -ENOMEM;
73f22f62 1649 goto failed;
366a0336 1650 }
73f22f62 1651
310a3d48
MH		 1652 /* Cancel any potential discoverable timeout that might be
1653 * still active and store new timeout value. The arming of
1654 * the timeout happens in the complete handler.
1655 */
1656 cancel_delayed_work(&hdev->discov_off);
1657 hdev->discov_timeout = timeout;
1658
b456f87c
JH		 1659 /* Limited discoverable mode */
1660 if (cp->val == 0x02)
1661 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 else
1663 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664
bfaf8c9f
JH		 1665 hci_req_init(&req, hdev);
1666
9a43e25f
JH		 1667 /* The procedure for LE-only controllers is much simpler - just
1668 * update the advertising data.
1669 */
1670 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1671 goto update_ad;
1672
73f22f62
JH		 1673 scan = SCAN_PAGE;
1674
310a3d48
MH		 1675 if (cp->val) {
1676 struct hci_cp_write_current_iac_lap hci_cp;
1677
1678 if (cp->val == 0x02) {
1679 /* Limited discoverable mode */
33337dcb 1680 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1681 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1682 hci_cp.iac_lap[1] = 0x8b;
1683 hci_cp.iac_lap[2] = 0x9e;
1684 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1685 hci_cp.iac_lap[4] = 0x8b;
1686 hci_cp.iac_lap[5] = 0x9e;
1687 } else {
1688 /* General discoverable mode */
310a3d48
MH		 1689 hci_cp.num_iac = 1;
1690 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1691 hci_cp.iac_lap[1] = 0x8b;
1692 hci_cp.iac_lap[2] = 0x9e;
1693 }
1694
1695 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1696 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697
73f22f62 1698 scan |= SCAN_INQUIRY;
310a3d48
MH		 1699 } else {
1700 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1701 }
73f22f62 1702
310a3d48 1703 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1704
9a43e25f
JH		 1705update_ad:
1706 update_adv_data(&req);
1707
bfaf8c9f 1708 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1709 if (err < 0)
a664b5bc 1710 mgmt_pending_remove(cmd);
73f22f62
JH		 1711
1712failed:
09fd0de5 1713 hci_dev_unlock(hdev);
73f22f62
JH		 1714 return err;
1715}
1716
406d7804
JH		 1717static void write_fast_connectable(struct hci_request *req, bool enable)
1718{
bd98b996 1719 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1720 struct hci_cp_write_page_scan_activity acp;
1721 u8 type;
1722
547003b1
JH		 1723 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1724 return;
1725
4c01f8b8
JH		 1726 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1727 return;
1728
406d7804
JH		 1729 if (enable) {
1730 type = PAGE_SCAN_TYPE_INTERLACED;
1731
1732 /* 160 msec page scan interval */
dcf4adbf 1733 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1734 } else {
1735 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736
1737 /* default 1.28 sec page scan */
dcf4adbf 1738 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1739 }
1740
dcf4adbf 1741 acp.window = cpu_to_le16(0x0012);
406d7804 1742
bd98b996
JH		 1743 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1744 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1745 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1746 sizeof(acp), &acp);
1747
1748 if (hdev->page_scan_type != type)
1749 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1750}
1751
2b76f453
JH		 1752static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753{
1754 struct pending_cmd *cmd;
d7b856f9 1755 struct mgmt_mode *cp;
bc6d2d04 1756 bool conn_changed, discov_changed;
2b76f453
JH		 1757
1758 BT_DBG("status 0x%02x", status);
1759
1760 hci_dev_lock(hdev);
1761
1762 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1763 if (!cmd)
1764 goto unlock;
1765
37438c1f
JH		 1766 if (status) {
1767 u8 mgmt_err = mgmt_status(status);
1768 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1769 goto remove_cmd;
1770 }
1771
d7b856f9 1772 cp = cmd->param;
bc6d2d04
JH		 1773 if (cp->val) {
1774 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 &hdev->dev_flags);
1776 discov_changed = false;
1777 } else {
1778 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 &hdev->dev_flags);
1780 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1781 &hdev->dev_flags);
1782 }
d7b856f9 1783
2b76f453
JH		 1784 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785
bc6d2d04 1786 if (conn_changed || discov_changed) {
d7b856f9 1787 new_settings(hdev, cmd->sk);
bc6d2d04
JH		 1788 if (discov_changed)
1789 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1790 hci_update_background_scan(hdev);
1791 }
d7b856f9 1792
37438c1f 1793remove_cmd:
2b76f453
JH		 1794 mgmt_pending_remove(cmd);
1795
1796unlock:
1797 hci_dev_unlock(hdev);
1798}
1799
e8ba3a1f
JH		 1800static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1802{
1803 bool changed = false;
1804 int err;
1805
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1807 changed = true;
1808
1809 if (val) {
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1811 } else {
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1814 }
1815
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1817 if (err < 0)
1818 return err;
1819
562064e6
JH		 1820 if (changed) {
1821 hci_update_background_scan(hdev);
e8ba3a1f 1822 return new_settings(hdev, sk);
562064e6 1823 }
e8ba3a1f
JH		 1824
1825 return 0;
1826}
1827
bdb6d971 1828static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1829 u16 len)
9fbcbb45 1830{
650f726d 1831 struct mgmt_mode *cp = data;
366a0336 1832 struct pending_cmd *cmd;
2b76f453 1833 struct hci_request req;
1987fdc7 1834 u8 scan;
9fbcbb45
JH		 1835 int err;
1836
bdb6d971 1837 BT_DBG("request for %s", hdev->name);
9fbcbb45 1838
1987fdc7
JH		 1839 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1840 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1841 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1842 MGMT_STATUS_REJECTED);
33c525c0 1843
a7e80f25
JH		 1844 if (cp->val != 0x00 && cp->val != 0x01)
1845 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1846 MGMT_STATUS_INVALID_PARAMS);
1847
09fd0de5 1848 hci_dev_lock(hdev);
9fbcbb45 1849
4b34ee78 1850 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1851 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1852 goto failed;
1853 }
1854
2e58ef3e 1855 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1856 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1857 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1858 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1859 goto failed;
1860 }
1861
2e58ef3e 1862 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1863 if (!cmd) {
1864 err = -ENOMEM;
9fbcbb45 1865 goto failed;
366a0336 1866 }
9fbcbb45 1867
9b74246f 1868 hci_req_init(&req, hdev);
9fbcbb45 1869
9a43e25f
JH		 1870 /* If BR/EDR is not enabled and we disable advertising as a
1871 * by-product of disabling connectable, we need to update the
1872 * advertising flags.
1873 */
1874 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1875 if (!cp->val) {
1876 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1877 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1878 }
1879 update_adv_data(&req);
1880 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1881 if (cp->val) {
1882 scan = SCAN_PAGE;
1883 } else {
1884 scan = 0;
1885
1886 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1887 hdev->discov_timeout > 0)
9b74246f
JH		 1888 cancel_delayed_work(&hdev->discov_off);
1889 }
2b76f453 1890
9b74246f
JH		 1891 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1892 }
2b76f453 1893
4c01f8b8
JH		 1894 /* If we're going from non-connectable to connectable or
1895 * vice-versa when fast connectable is enabled ensure that fast
1896 * connectable gets disabled. write_fast_connectable won't do
1897 * anything if the page scan parameters are already what they
1898 * should be.
1899 */
1900 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1901 write_fast_connectable(&req, false);
1902
e8b1202c
JH		 1903 /* Update the advertising parameters if necessary */
1904 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1905 enable_advertising(&req);
1987fdc7 1906
2b76f453 1907 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1908 if (err < 0) {
a664b5bc 1909 mgmt_pending_remove(cmd);
9b74246f 1910 if (err == -ENODATA)
a81070ba
JH		 1911 err = set_connectable_update_settings(hdev, sk,
1912 cp->val);
9b74246f
JH		 1913 goto failed;
1914 }
9fbcbb45
JH		 1915
1916failed:
09fd0de5 1917 hci_dev_unlock(hdev);
9fbcbb45
JH		 1918 return err;
1919}
1920
bdb6d971 1921static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1922 u16 len)
c542a06c 1923{
650f726d 1924 struct mgmt_mode *cp = data;
55594356 1925 bool changed;
c542a06c
JH		 1926 int err;
1927
bdb6d971 1928 BT_DBG("request for %s", hdev->name);
c542a06c 1929
a7e80f25
JH		 1930 if (cp->val != 0x00 && cp->val != 0x01)
1931 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1932 MGMT_STATUS_INVALID_PARAMS);
1933
09fd0de5 1934 hci_dev_lock(hdev);
c542a06c
JH		 1935
1936 if (cp->val)
55594356 1937 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1938 else
55594356 1939 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1940
69ab39ea 1941 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1942 if (err < 0)
55594356 1943 goto unlock;
c542a06c 1944
55594356
MH		 1945 if (changed)
1946 err = new_settings(hdev, sk);
c542a06c 1947
55594356 1948unlock:
09fd0de5 1949 hci_dev_unlock(hdev);
c542a06c
JH		 1950 return err;
1951}
1952
04124681
GP		 1953static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1954 u16 len)
33ef95ed
JH		 1955{
1956 struct mgmt_mode *cp = data;
1957 struct pending_cmd *cmd;
e6fe7986 1958 u8 val, status;
33ef95ed
JH		 1959 int err;
1960
bdb6d971 1961 BT_DBG("request for %s", hdev->name);
33ef95ed 1962
e6fe7986
JH		 1963 status = mgmt_bredr_support(hdev);
1964 if (status)
33c525c0 1965 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1966 status);
33c525c0 1967
a7e80f25
JH		 1968 if (cp->val != 0x00 && cp->val != 0x01)
1969 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1970 MGMT_STATUS_INVALID_PARAMS);
1971
33ef95ed
JH		 1972 hci_dev_lock(hdev);
1973
4b34ee78 1974 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1975 bool changed = false;
1976
1977 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1978 &hdev->dev_flags)) {
47990ea0
JH		 1979 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1980 changed = true;
1981 }
1982
1983 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1984 if (err < 0)
1985 goto failed;
1986
1987 if (changed)
1988 err = new_settings(hdev, sk);
1989
33ef95ed
JH		 1990 goto failed;
1991 }
1992
1993 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1994 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1995 MGMT_STATUS_BUSY);
33ef95ed
JH		 1996 goto failed;
1997 }
1998
1999 val = !!cp->val;
2000
2001 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2002 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2003 goto failed;
2004 }
2005
2006 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2007 if (!cmd) {
2008 err = -ENOMEM;
2009 goto failed;
2010 }
2011
2012 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2013 if (err < 0) {
2014 mgmt_pending_remove(cmd);
2015 goto failed;
2016 }
2017
2018failed:
2019 hci_dev_unlock(hdev);
33ef95ed
JH		 2020 return err;
2021}
2022
bdb6d971 2023static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2024{
2025 struct mgmt_mode *cp = data;
2026 struct pending_cmd *cmd;
72ef0c1a 2027 u8 status;
ed2c4ee3
JH		 2028 int err;
2029
bdb6d971 2030 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2031
cdba5281
MH		 2032 status = mgmt_bredr_support(hdev);
2033 if (status)
2034 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2035
13ecd8b6
JH		 2036 if (!lmp_ssp_capable(hdev))
2037 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2038 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2039
a7e80f25
JH		 2040 if (cp->val != 0x00 && cp->val != 0x01)
2041 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2042 MGMT_STATUS_INVALID_PARAMS);
2043
13ecd8b6 2044 hci_dev_lock(hdev);
6c8f12c1 2045
4b34ee78 2046 if (!hdev_is_powered(hdev)) {
9ecb3e24 2047 bool changed;
c0ecddc2 2048
9ecb3e24
MH		 2049 if (cp->val) {
2050 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2051 &hdev->dev_flags);
2052 } else {
2053 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2054 &hdev->dev_flags);
2055 if (!changed)
2056 changed = test_and_clear_bit(HCI_HS_ENABLED,
2057 &hdev->dev_flags);
2058 else
2059 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2060 }
2061
2062 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2063 if (err < 0)
2064 goto failed;
2065
2066 if (changed)
2067 err = new_settings(hdev, sk);
2068
ed2c4ee3
JH		 2069 goto failed;
2070 }
2071
9ecb3e24
MH		 2072 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2073 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2074 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2075 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2076 goto failed;
2077 }
2078
72ef0c1a 2079 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2080 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2081 goto failed;
2082 }
2083
2084 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2085 if (!cmd) {
2086 err = -ENOMEM;
2087 goto failed;
2088 }
2089
3769972b
JH		 2090 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2091 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2092 sizeof(cp->val), &cp->val);
2093
72ef0c1a 2094 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2095 if (err < 0) {
2096 mgmt_pending_remove(cmd);
2097 goto failed;
2098 }
2099
2100failed:
2101 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2102 return err;
2103}
2104
bdb6d971 2105static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2106{
2107 struct mgmt_mode *cp = data;
ee392693 2108 bool changed;
e6fe7986 2109 u8 status;
ee392693 2110 int err;
6d80dfd0 2111
bdb6d971 2112 BT_DBG("request for %s", hdev->name);
6d80dfd0 2113
e6fe7986
JH		 2114 status = mgmt_bredr_support(hdev);
2115 if (status)
2116 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2117
9ecb3e24
MH		 2118 if (!lmp_ssp_capable(hdev))
2119 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2120 MGMT_STATUS_NOT_SUPPORTED);
2121
2122 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2123 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2124 MGMT_STATUS_REJECTED);
2125
a7e80f25
JH		 2126 if (cp->val != 0x00 && cp->val != 0x01)
2127 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2128 MGMT_STATUS_INVALID_PARAMS);
2129
ee392693
MH		 2130 hci_dev_lock(hdev);
2131
a0cdf960 2132 if (cp->val) {
ee392693 2133 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2134 } else {
2135 if (hdev_is_powered(hdev)) {
2136 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2138 goto unlock;
2139 }
2140
ee392693 2141 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2142 }
ee392693
MH		 2143
2144 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2145 if (err < 0)
2146 goto unlock;
2147
2148 if (changed)
2149 err = new_settings(hdev, sk);
6d80dfd0 2150
ee392693
MH		 2151unlock:
2152 hci_dev_unlock(hdev);
2153 return err;
6d80dfd0
JH		 2154}
2155
416a4ae5
JH		 2156static void le_enable_complete(struct hci_dev *hdev, u8 status)
2157{
2158 struct cmd_lookup match = { NULL, hdev };
2159
2160 if (status) {
2161 u8 mgmt_err = mgmt_status(status);
2162
2163 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2164 &mgmt_err);
2165 return;
2166 }
2167
2168 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2169
2170 new_settings(hdev, match.sk);
2171
2172 if (match.sk)
2173 sock_put(match.sk);
441ad2d0
MH		 2174
2175 /* Make sure the controller has a good default for
2176 * advertising data. Restrict the update to when LE
2177 * has actually been enabled. During power on, the
2178 * update in powered_update_hci will take care of it.
2179 */
2180 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2181 struct hci_request req;
2182
2183 hci_dev_lock(hdev);
2184
2185 hci_req_init(&req, hdev);
5947f4bc 2186 update_adv_data(&req);
f14d8f64 2187 update_scan_rsp_data(&req);
441ad2d0
MH		 2188 hci_req_run(&req, NULL);
2189
a70f4b5f
JH		 2190 hci_update_background_scan(hdev);
2191
441ad2d0
MH		 2192 hci_dev_unlock(hdev);
2193 }
416a4ae5
JH		 2194}
2195
bdb6d971 2196static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2197{
2198 struct mgmt_mode *cp = data;
2199 struct hci_cp_write_le_host_supported hci_cp;
2200 struct pending_cmd *cmd;
416a4ae5 2201 struct hci_request req;
06199cf8 2202 int err;
0b60eba1 2203 u8 val, enabled;
06199cf8 2204
bdb6d971 2205 BT_DBG("request for %s", hdev->name);
06199cf8 2206
13ecd8b6
JH		 2207 if (!lmp_le_capable(hdev))
2208 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2209 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2210
a7e80f25
JH		 2211 if (cp->val != 0x00 && cp->val != 0x01)
2212 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2213 MGMT_STATUS_INVALID_PARAMS);
2214
c73eee91 2215 /* LE-only devices do not allow toggling LE on/off */
56f87901 2216 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2217 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2218 MGMT_STATUS_REJECTED);
2219
13ecd8b6 2220 hci_dev_lock(hdev);
06199cf8
JH		 2221
2222 val = !!cp->val;
ffa88e02 2223 enabled = lmp_host_le_capable(hdev);
06199cf8 2224
0b60eba1 2225 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2226 bool changed = false;
2227
2228 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2229 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2230 changed = true;
2231 }
2232
f3d3444a
JH		 2233 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2234 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2235 changed = true;
2236 }
2237
06199cf8
JH		 2238 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2239 if (err < 0)
1de028ce 2240 goto unlock;
06199cf8
JH		 2241
2242 if (changed)
2243 err = new_settings(hdev, sk);
2244
1de028ce 2245 goto unlock;
06199cf8
JH		 2246 }
2247
4375f103
JH		 2248 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2249 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2250 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2251 MGMT_STATUS_BUSY);
1de028ce 2252 goto unlock;
06199cf8
JH		 2253 }
2254
2255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2256 if (!cmd) {
2257 err = -ENOMEM;
1de028ce 2258 goto unlock;
06199cf8
JH		 2259 }
2260
441ad2d0
MH		 2261 hci_req_init(&req, hdev);
2262
06199cf8
JH		 2263 memset(&hci_cp, 0, sizeof(hci_cp));
2264
2265 if (val) {
2266 hci_cp.le = val;
ffa88e02 2267 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0 2268 } else {
73e082f8 2269 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2270 disable_advertising(&req);
06199cf8
JH		 2271 }
2272
416a4ae5
JH		 2273 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2274 &hci_cp);
2275
2276 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2277 if (err < 0)
06199cf8 2278 mgmt_pending_remove(cmd);
06199cf8 2279
1de028ce
JH		 2280unlock:
2281 hci_dev_unlock(hdev);
06199cf8
JH		 2282 return err;
2283}
2284
0cab9c80
JH		 2285/* This is a helper function to test for pending mgmt commands that can
2286 * cause CoD or EIR HCI commands. We can only allow one such pending
2287 * mgmt command at a time since otherwise we cannot easily track what
2288 * the current values are, will be, and based on that calculate if a new
2289 * HCI command needs to be sent and if yes with what value.
2290 */
2291static bool pending_eir_or_class(struct hci_dev *hdev)
2292{
2293 struct pending_cmd *cmd;
2294
2295 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2296 switch (cmd->opcode) {
2297 case MGMT_OP_ADD_UUID:
2298 case MGMT_OP_REMOVE_UUID:
2299 case MGMT_OP_SET_DEV_CLASS:
2300 case MGMT_OP_SET_POWERED:
2301 return true;
2302 }
2303 }
2304
2305 return false;
2306}
2307
83be8eca
JH		 2308static const u8 bluetooth_base_uuid[] = {
2309 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2311};
2312
2313static u8 get_uuid_size(const u8 *uuid)
2314{
2315 u32 val;
2316
2317 if (memcmp(uuid, bluetooth_base_uuid, 12))
2318 return 128;
2319
2320 val = get_unaligned_le32(&uuid[12]);
2321 if (val > 0xffff)
2322 return 32;
2323
2324 return 16;
2325}
2326
92da6097
JH		 2327static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2328{
2329 struct pending_cmd *cmd;
2330
2331 hci_dev_lock(hdev);
2332
2333 cmd = mgmt_pending_find(mgmt_op, hdev);
2334 if (!cmd)
2335 goto unlock;
2336
2337 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2338 hdev->dev_class, 3);
2339
2340 mgmt_pending_remove(cmd);
2341
2342unlock:
2343 hci_dev_unlock(hdev);
2344}
2345
2346static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2347{
2348 BT_DBG("status 0x%02x", status);
2349
2350 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2351}
2352
bdb6d971 2353static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2354{
650f726d 2355 struct mgmt_cp_add_uuid *cp = data;
90e70454 2356 struct pending_cmd *cmd;
890ea898 2357 struct hci_request req;
2aeb9a1a 2358 struct bt_uuid *uuid;
2aeb9a1a
JH		 2359 int err;
2360
bdb6d971 2361 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2362
09fd0de5 2363 hci_dev_lock(hdev);
2aeb9a1a 2364
0cab9c80 2365 if (pending_eir_or_class(hdev)) {
bdb6d971 2366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2367 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2368 goto failed;
2369 }
2370
92c4c204 2371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2372 if (!uuid) {
2373 err = -ENOMEM;
2374 goto failed;
2375 }
2376
2377 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2378 uuid->svc_hint = cp->svc_hint;
83be8eca 2379 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2380
de66aa63 2381 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2382
890ea898 2383 hci_req_init(&req, hdev);
1aff6f09 2384
890ea898
JH		 2385 update_class(&req);
2386 update_eir(&req);
2387
92da6097
JH		 2388 err = hci_req_run(&req, add_uuid_complete);
2389 if (err < 0) {
2390 if (err != -ENODATA)
2391 goto failed;
80a1e1db 2392
bdb6d971 2393 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2394 hdev->dev_class, 3);
90e70454
JH		 2395 goto failed;
2396 }
2397
2398 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2399 if (!cmd) {
90e70454 2400 err = -ENOMEM;
890ea898
JH		 2401 goto failed;
2402 }
2403
2404 err = 0;
2aeb9a1a
JH		 2405
2406failed:
09fd0de5 2407 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2408 return err;
2409}
2410
24b78d0f
JH		 2411static bool enable_service_cache(struct hci_dev *hdev)
2412{
2413 if (!hdev_is_powered(hdev))
2414 return false;
2415
2416 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2417 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2418 CACHE_TIMEOUT);
24b78d0f
JH		 2419 return true;
2420 }
2421
2422 return false;
2423}
2424
92da6097
JH		 2425static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2426{
2427 BT_DBG("status 0x%02x", status);
2428
2429 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2430}
2431
bdb6d971 2432static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2433 u16 len)
2aeb9a1a 2434{
650f726d 2435 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2436 struct pending_cmd *cmd;
056341c8 2437 struct bt_uuid *match, *tmp;
2aeb9a1a 2438 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2439 struct hci_request req;
2aeb9a1a
JH		 2440 int err, found;
2441
bdb6d971 2442 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2443
09fd0de5 2444 hci_dev_lock(hdev);
2aeb9a1a 2445
0cab9c80 2446 if (pending_eir_or_class(hdev)) {
bdb6d971 2447 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2448 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2449 goto unlock;
2450 }
2451
2aeb9a1a 2452 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2453 hci_uuids_clear(hdev);
4004b6d9 2454
24b78d0f 2455 if (enable_service_cache(hdev)) {
bdb6d971 2456 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2457 0, hdev->dev_class, 3);
24b78d0f
JH		 2458 goto unlock;
2459 }
4004b6d9 2460
9246a869 2461 goto update_class;
2aeb9a1a
JH		 2462 }
2463
2464 found = 0;
2465
056341c8 2466 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2467 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2468 continue;
2469
2470 list_del(&match->list);
482049f7 2471 kfree(match);
2aeb9a1a
JH		 2472 found++;
2473 }
2474
2475 if (found == 0) {
bdb6d971 2476 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2477 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2478 goto unlock;
2479 }
2480
9246a869 2481update_class:
890ea898 2482 hci_req_init(&req, hdev);
1aff6f09 2483
890ea898
JH		 2484 update_class(&req);
2485 update_eir(&req);
2486
92da6097
JH		 2487 err = hci_req_run(&req, remove_uuid_complete);
2488 if (err < 0) {
2489 if (err != -ENODATA)
2490 goto unlock;
80a1e1db 2491
bdb6d971 2492 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2493 hdev->dev_class, 3);
90e70454
JH		 2494 goto unlock;
2495 }
2496
2497 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2498 if (!cmd) {
90e70454 2499 err = -ENOMEM;
890ea898
JH		 2500 goto unlock;
2501 }
2502
2503 err = 0;
2aeb9a1a
JH		 2504
2505unlock:
09fd0de5 2506 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2507 return err;
2508}
2509
92da6097
JH		 2510static void set_class_complete(struct hci_dev *hdev, u8 status)
2511{
2512 BT_DBG("status 0x%02x", status);
2513
2514 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2515}
2516
bdb6d971 2517static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2518 u16 len)
1aff6f09 2519{
650f726d 2520 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2521 struct pending_cmd *cmd;
890ea898 2522 struct hci_request req;
1aff6f09
JH		 2523 int err;
2524
bdb6d971 2525 BT_DBG("request for %s", hdev->name);
1aff6f09 2526
6203fc98 2527 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2528 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2529 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2530
0cab9c80 2531 hci_dev_lock(hdev);
ee98f473 2532
0cab9c80
JH		 2533 if (pending_eir_or_class(hdev)) {
2534 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2535 MGMT_STATUS_BUSY);
2536 goto unlock;
2537 }
c95f0ba7 2538
0cab9c80
JH		 2539 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2541 MGMT_STATUS_INVALID_PARAMS);
2542 goto unlock;
2543 }
575b3a02 2544
932f5ff5
JH		 2545 hdev->major_class = cp->major;
2546 hdev->minor_class = cp->minor;
2547
b5235a65 2548 if (!hdev_is_powered(hdev)) {
bdb6d971 2549 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2550 hdev->dev_class, 3);
b5235a65
JH		 2551 goto unlock;
2552 }
2553
890ea898
JH		 2554 hci_req_init(&req, hdev);
2555
a8b2d5c2 2556 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2557 hci_dev_unlock(hdev);
2558 cancel_delayed_work_sync(&hdev->service_cache);
2559 hci_dev_lock(hdev);
890ea898 2560 update_eir(&req);
7d78525d 2561 }
14c0b608 2562
890ea898
JH		 2563 update_class(&req);
2564
92da6097
JH		 2565 err = hci_req_run(&req, set_class_complete);
2566 if (err < 0) {
2567 if (err != -ENODATA)
2568 goto unlock;
1aff6f09 2569
bdb6d971 2570 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2571 hdev->dev_class, 3);
90e70454
JH		 2572 goto unlock;
2573 }
2574
2575 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2576 if (!cmd) {
90e70454 2577 err = -ENOMEM;
890ea898
JH		 2578 goto unlock;
2579 }
2580
2581 err = 0;
1aff6f09 2582
b5235a65 2583unlock:
09fd0de5 2584 hci_dev_unlock(hdev);
1aff6f09
JH		 2585 return err;
2586}
2587
bdb6d971 2588static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2589 u16 len)
55ed8ca1 2590{
650f726d 2591 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2592 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2593 sizeof(struct mgmt_link_key_info));
4e51eae9 2594 u16 key_count, expected_len;
b1de97d8 2595 bool changed;
a492cd52 2596 int i;
55ed8ca1 2597
9060d5cf
MH		 2598 BT_DBG("request for %s", hdev->name);
2599
2600 if (!lmp_bredr_capable(hdev))
2601 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2602 MGMT_STATUS_NOT_SUPPORTED);
2603
1f350c87 2604 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2605 if (key_count > max_key_count) {
2606 BT_ERR("load_link_keys: too big key_count value %u",
2607 key_count);
2608 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2609 MGMT_STATUS_INVALID_PARAMS);
2610 }
55ed8ca1 2611
86742e1e
JH		 2612 expected_len = sizeof(*cp) + key_count *
2613 sizeof(struct mgmt_link_key_info);
a492cd52 2614 if (expected_len != len) {
86742e1e 2615 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2616 expected_len, len);
bdb6d971 2617 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2618 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2619 }
2620
4ae14301
JH		 2621 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2622 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2623 MGMT_STATUS_INVALID_PARAMS);
2624
bdb6d971 2625 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2626 key_count);
55ed8ca1 2627
4ee71b20
JH		 2628 for (i = 0; i < key_count; i++) {
2629 struct mgmt_link_key_info *key = &cp->keys[i];
2630
8e991132 2631 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2632 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2633 MGMT_STATUS_INVALID_PARAMS);
2634 }
2635
09fd0de5 2636 hci_dev_lock(hdev);
55ed8ca1
JH		 2637
2638 hci_link_keys_clear(hdev);
2639
55ed8ca1 2640 if (cp->debug_keys)
0663b297
JH		 2641 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2642 &hdev->dev_flags);
55ed8ca1 2643 else
0663b297
JH		 2644 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2645 &hdev->dev_flags);
b1de97d8
MH		 2646
2647 if (changed)
2648 new_settings(hdev, NULL);
55ed8ca1 2649
a492cd52 2650 for (i = 0; i < key_count; i++) {
86742e1e 2651 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2652
58e9293c
JH		 2653 /* Always ignore debug keys and require a new pairing if
2654 * the user wants to use them.
2655 */
2656 if (key->type == HCI_LK_DEBUG_COMBINATION)
2657 continue;
2658
7652ff6a
JH		 2659 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2660 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2661 }
2662
bdb6d971 2663 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2664
09fd0de5 2665 hci_dev_unlock(hdev);
55ed8ca1 2666
a492cd52 2667 return 0;
55ed8ca1
JH		 2668}
2669
b1078ad0 2670static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2671 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2672{
2673 struct mgmt_ev_device_unpaired ev;
2674
2675 bacpy(&ev.addr.bdaddr, bdaddr);
2676 ev.addr.type = addr_type;
2677
2678 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2679 skip_sk);
b1078ad0
JH		 2680}
2681
bdb6d971 2682static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2683 u16 len)
55ed8ca1 2684{
124f6e35
JH		 2685 struct mgmt_cp_unpair_device *cp = data;
2686 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2687 struct hci_cp_disconnect dc;
2688 struct pending_cmd *cmd;
55ed8ca1 2689 struct hci_conn *conn;
55ed8ca1
JH		 2690 int err;
2691
a8a1d19e 2692 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2693 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2694 rp.addr.type = cp->addr.type;
a8a1d19e 2695
4ee71b20
JH		 2696 if (!bdaddr_type_is_valid(cp->addr.type))
2697 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2698 MGMT_STATUS_INVALID_PARAMS,
2699 &rp, sizeof(rp));
2700
118da70b
JH		 2701 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2702 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2703 MGMT_STATUS_INVALID_PARAMS,
2704 &rp, sizeof(rp));
2705
4ee71b20
JH		 2706 hci_dev_lock(hdev);
2707
86a8cfc6 2708 if (!hdev_is_powered(hdev)) {
bdb6d971 2709 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2710 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2711 goto unlock;
2712 }
2713
e0b2b27e 2714 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2715 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2716 } else {
2717 u8 addr_type;
2718
2719 if (cp->addr.type == BDADDR_LE_PUBLIC)
2720 addr_type = ADDR_LE_DEV_PUBLIC;
2721 else
2722 addr_type = ADDR_LE_DEV_RANDOM;
2723
a7ec7338
JH		 2724 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2725
a9b0a04c
AG		 2726 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2727
e0b2b27e
JH		 2728 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2729 }
b0dbfb46 2730
55ed8ca1 2731 if (err < 0) {
bdb6d971 2732 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2733 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2734 goto unlock;
2735 }
2736
86a8cfc6 2737 if (cp->disconnect) {
591f47f3 2738 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2740 &cp->addr.bdaddr);
86a8cfc6
JH		 2741 else
2742 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2743 &cp->addr.bdaddr);
86a8cfc6
JH		 2744 } else {
2745 conn = NULL;
2746 }
124f6e35 2747
a8a1d19e 2748 if (!conn) {
bdb6d971 2749 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2750 &rp, sizeof(rp));
b1078ad0 2751 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2752 goto unlock;
2753 }
55ed8ca1 2754
124f6e35 2755 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2756 sizeof(*cp));
a8a1d19e
JH		 2757 if (!cmd) {
2758 err = -ENOMEM;
2759 goto unlock;
55ed8ca1
JH		 2760 }
2761
eb55ef07 2762 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2763 dc.reason = 0x13; /* Remote User Terminated Connection */
2764 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2765 if (err < 0)
2766 mgmt_pending_remove(cmd);
2767
55ed8ca1 2768unlock:
09fd0de5 2769 hci_dev_unlock(hdev);
55ed8ca1
JH		 2770 return err;
2771}
2772
bdb6d971 2773static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2774 u16 len)
8962ee74 2775{
650f726d 2776 struct mgmt_cp_disconnect *cp = data;
06a63b19 2777 struct mgmt_rp_disconnect rp;
8962ee74 2778 struct hci_cp_disconnect dc;
366a0336 2779 struct pending_cmd *cmd;
8962ee74 2780 struct hci_conn *conn;
8962ee74
JH		 2781 int err;
2782
2783 BT_DBG("");
2784
06a63b19
JH		 2785 memset(&rp, 0, sizeof(rp));
2786 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2787 rp.addr.type = cp->addr.type;
2788
4ee71b20 2789 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2790 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2791 MGMT_STATUS_INVALID_PARAMS,
2792 &rp, sizeof(rp));
4ee71b20 2793
09fd0de5 2794 hci_dev_lock(hdev);
8962ee74
JH		 2795
2796 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2797 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2798 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2799 goto failed;
2800 }
2801
2e58ef3e 2802 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2803 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2804 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2805 goto failed;
2806 }
2807
591f47f3 2808 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2809 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2810 &cp->addr.bdaddr);
88c3df13
JH		 2811 else
2812 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2813
f960727e 2814 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2815 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2816 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2817 goto failed;
2818 }
2819
2e58ef3e 2820 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2821 if (!cmd) {
2822 err = -ENOMEM;
8962ee74 2823 goto failed;
366a0336 2824 }
8962ee74 2825
eb55ef07 2826 dc.handle = cpu_to_le16(conn->handle);
3701f944 2827 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2828
2829 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2830 if (err < 0)
a664b5bc 2831 mgmt_pending_remove(cmd);
8962ee74
JH		 2832
2833failed:
09fd0de5 2834 hci_dev_unlock(hdev);
8962ee74
JH		 2835 return err;
2836}
2837
57c1477c 2838static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2839{
2840 switch (link_type) {
2841 case LE_LINK:
48264f06
JH		 2842 switch (addr_type) {
2843 case ADDR_LE_DEV_PUBLIC:
591f47f3 2844 return BDADDR_LE_PUBLIC;
0ed09148 2845
48264f06 2846 default:
0ed09148 2847 /* Fallback to LE Random address type */
591f47f3 2848 return BDADDR_LE_RANDOM;
48264f06 2849 }
0ed09148 2850
4c659c39 2851 default:
0ed09148 2852 /* Fallback to BR/EDR type */
591f47f3 2853 return BDADDR_BREDR;
4c659c39
JH		 2854 }
2855}
2856
04124681
GP		 2857static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2858 u16 data_len)
2784eb41 2859{
2784eb41 2860 struct mgmt_rp_get_connections *rp;
8035ded4 2861 struct hci_conn *c;
a38528f1 2862 size_t rp_len;
60fc5fb6
JH		 2863 int err;
2864 u16 i;
2784eb41
JH		 2865
2866 BT_DBG("");
2867
09fd0de5 2868 hci_dev_lock(hdev);
2784eb41 2869
5f97c1df 2870 if (!hdev_is_powered(hdev)) {
bdb6d971 2871 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2872 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2873 goto unlock;
2874 }
2875
60fc5fb6 2876 i = 0;
b644ba33
JH		 2877 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2878 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2879 i++;
2784eb41
JH		 2880 }
2881
60fc5fb6 2882 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2883 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2884 if (!rp) {
2784eb41
JH		 2885 err = -ENOMEM;
2886 goto unlock;
2887 }
2888
2784eb41 2889 i = 0;
4c659c39 2890 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2891 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2892 continue;
4c659c39 2893 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2894 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2895 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2896 continue;
2897 i++;
2898 }
2899
eb55ef07 2900 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2901
4c659c39
JH		 2902 /* Recalculate length in case of filtered SCO connections, etc */
2903 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2904
bdb6d971 2905 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2906 rp_len);
2784eb41 2907
a38528f1 2908 kfree(rp);
5f97c1df
JH		 2909
2910unlock:
09fd0de5 2911 hci_dev_unlock(hdev);
2784eb41
JH		 2912 return err;
2913}
2914
bdb6d971 2915static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2916 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2917{
2918 struct pending_cmd *cmd;
2919 int err;
2920
2e58ef3e 2921 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2922 sizeof(*cp));
96d97a67
WR		 2923 if (!cmd)
2924 return -ENOMEM;
2925
d8457698 2926 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2927 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2928 if (err < 0)
2929 mgmt_pending_remove(cmd);
2930
2931 return err;
2932}
2933
bdb6d971 2934static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2935 u16 len)
980e1a53 2936{
96d97a67 2937 struct hci_conn *conn;
650f726d 2938 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2939 struct hci_cp_pin_code_reply reply;
366a0336 2940 struct pending_cmd *cmd;
980e1a53
JH		 2941 int err;
2942
2943 BT_DBG("");
2944
09fd0de5 2945 hci_dev_lock(hdev);
980e1a53 2946
4b34ee78 2947 if (!hdev_is_powered(hdev)) {
bdb6d971 2948 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2949 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2950 goto failed;
2951 }
2952
d8457698 2953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2954 if (!conn) {
bdb6d971 2955 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2956 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2957 goto failed;
2958 }
2959
2960 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2961 struct mgmt_cp_pin_code_neg_reply ncp;
2962
2963 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2964
2965 BT_ERR("PIN code is not 16 bytes long");
2966
bdb6d971 2967 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2968 if (err >= 0)
bdb6d971 2969 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2970 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2971
2972 goto failed;
2973 }
2974
00abfe44 2975 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2976 if (!cmd) {
2977 err = -ENOMEM;
980e1a53 2978 goto failed;
366a0336 2979 }
980e1a53 2980
d8457698 2981 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2982 reply.pin_len = cp->pin_len;
24718ca5 2983 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2984
2985 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2986 if (err < 0)
a664b5bc 2987 mgmt_pending_remove(cmd);
980e1a53
JH		 2988
2989failed:
09fd0de5 2990 hci_dev_unlock(hdev);
980e1a53
JH		 2991 return err;
2992}
2993
04124681
GP		 2994static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2995 u16 len)
17fa4b9d 2996{
650f726d 2997 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2998
2999 BT_DBG("");
3000
4ec86d4c
JH		 3001 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3002 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3003 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3004
09fd0de5 3005 hci_dev_lock(hdev);
17fa4b9d
JH		 3006
3007 hdev->io_capability = cp->io_capability;
3008
3009 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3010 hdev->io_capability);
17fa4b9d 3011
09fd0de5 3012 hci_dev_unlock(hdev);
17fa4b9d 3013
04124681
GP		 3014 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3015 0);
17fa4b9d
JH		 3016}
3017
6039aa73 3018static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3019{
3020 struct hci_dev *hdev = conn->hdev;
8035ded4 3021 struct pending_cmd *cmd;
e9a416b5 3022
2e58ef3e 3023 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3024 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3025 continue;
3026
e9a416b5
JH		 3027 if (cmd->user_data != conn)
3028 continue;
3029
3030 return cmd;
3031 }
3032
3033 return NULL;
3034}
3035
3036static void pairing_complete(struct pending_cmd *cmd, u8 status)
3037{
3038 struct mgmt_rp_pair_device rp;
3039 struct hci_conn *conn = cmd->user_data;
3040
61b1a7fb
JH		 3041 bacpy(&rp.addr.bdaddr, &conn->dst);
3042 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3043
aee9b218 3044 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3045 &rp, sizeof(rp));
e9a416b5
JH		 3046
3047 /* So we don't get further callbacks for this connection */
3048 conn->connect_cfm_cb = NULL;
3049 conn->security_cfm_cb = NULL;
3050 conn->disconn_cfm_cb = NULL;
3051
76a68ba0 3052 hci_conn_drop(conn);
e9a416b5 3053
a664b5bc 3054 mgmt_pending_remove(cmd);
e9a416b5
JH		 3055}
3056
f4a407be
JH		 3057void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3058{
3059 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3060 struct pending_cmd *cmd;
3061
3062 cmd = find_pairing(conn);
3063 if (cmd)
3064 pairing_complete(cmd, status);
3065}
3066
e9a416b5
JH		 3067static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3068{
3069 struct pending_cmd *cmd;
3070
3071 BT_DBG("status %u", status);
3072
3073 cmd = find_pairing(conn);
56e5cb86 3074 if (!cmd)
e9a416b5 3075 BT_DBG("Unable to find a pending command");
56e5cb86 3076 else
e211326c 3077 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3078}
3079
f4a407be 3080static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3081{
3082 struct pending_cmd *cmd;
3083
3084 BT_DBG("status %u", status);
3085
3086 if (!status)
3087 return;
3088
3089 cmd = find_pairing(conn);
3090 if (!cmd)
3091 BT_DBG("Unable to find a pending command");
3092 else
3093 pairing_complete(cmd, mgmt_status(status));
3094}
3095
bdb6d971 3096static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3097 u16 len)
e9a416b5 3098{
650f726d 3099 struct mgmt_cp_pair_device *cp = data;
1425acb7 3100 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3101 struct pending_cmd *cmd;
3102 u8 sec_level, auth_type;
3103 struct hci_conn *conn;
e9a416b5
JH		 3104 int err;
3105
3106 BT_DBG("");
3107
f950a30e
SJ		 3108 memset(&rp, 0, sizeof(rp));
3109 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3110 rp.addr.type = cp->addr.type;
3111
4ee71b20
JH		 3112 if (!bdaddr_type_is_valid(cp->addr.type))
3113 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3114 MGMT_STATUS_INVALID_PARAMS,
3115 &rp, sizeof(rp));
3116
4ec86d4c
JH		 3117 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3118 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3119 MGMT_STATUS_INVALID_PARAMS,
3120 &rp, sizeof(rp));
3121
09fd0de5 3122 hci_dev_lock(hdev);
e9a416b5 3123
5f97c1df 3124 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3125 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3126 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3127 goto unlock;
3128 }
3129
c908df36 3130 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3131 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3132
6f77d8c7 3133 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3134 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3135 auth_type);
6f77d8c7
AG		 3136 } else {
3137 u8 addr_type;
3138
3139 /* Convert from L2CAP channel address type to HCI address type
3140 */
3141 if (cp->addr.type == BDADDR_LE_PUBLIC)
3142 addr_type = ADDR_LE_DEV_PUBLIC;
3143 else
3144 addr_type = ADDR_LE_DEV_RANDOM;
3145
7c264b10
MH		 3146 /* When pairing a new device, it is expected to remember
3147 * this device for future connections. Adding the connection
3148 * parameter information ahead of time allows tracking
3149 * of the slave preferred values and will speed up any
3150 * further connection establishment.
3151 *
3152 * If connection parameters already exist, then they
3153 * will be kept and this function does nothing.
3154 */
3155 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3156
6f77d8c7 3157 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3158 sec_level, HCI_LE_CONN_TIMEOUT,
3159 HCI_ROLE_MASTER);
6f77d8c7 3160 }
7a512d01 3161
30e76272 3162 if (IS_ERR(conn)) {
489dc48e
AK		 3163 int status;
3164
3165 if (PTR_ERR(conn) == -EBUSY)
3166 status = MGMT_STATUS_BUSY;
3167 else
3168 status = MGMT_STATUS_CONNECT_FAILED;
3169
bdb6d971 3170 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3171 status, &rp,
04124681 3172 sizeof(rp));
e9a416b5
JH		 3173 goto unlock;
3174 }
3175
3176 if (conn->connect_cfm_cb) {
76a68ba0 3177 hci_conn_drop(conn);
bdb6d971 3178 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3179 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3180 goto unlock;
3181 }
3182
2e58ef3e 3183 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3184 if (!cmd) {
3185 err = -ENOMEM;
76a68ba0 3186 hci_conn_drop(conn);
e9a416b5
JH		 3187 goto unlock;
3188 }
3189
7a512d01 3190 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3191 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3192 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3193 conn->security_cfm_cb = pairing_complete_cb;
3194 conn->disconn_cfm_cb = pairing_complete_cb;
3195 } else {
3196 conn->connect_cfm_cb = le_pairing_complete_cb;
3197 conn->security_cfm_cb = le_pairing_complete_cb;
3198 conn->disconn_cfm_cb = le_pairing_complete_cb;
3199 }
7a512d01 3200
e9a416b5
JH		 3201 conn->io_capability = cp->io_cap;
3202 cmd->user_data = conn;
3203
3204 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3205 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3206 pairing_complete(cmd, 0);
3207
3208 err = 0;
3209
3210unlock:
09fd0de5 3211 hci_dev_unlock(hdev);
e9a416b5
JH		 3212 return err;
3213}
3214
04124681
GP		 3215static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3216 u16 len)
28424707 3217{
0f4e68cf 3218 struct mgmt_addr_info *addr = data;
28424707
JH		 3219 struct pending_cmd *cmd;
3220 struct hci_conn *conn;
3221 int err;
3222
3223 BT_DBG("");
3224
28424707
JH		 3225 hci_dev_lock(hdev);
3226
5f97c1df 3227 if (!hdev_is_powered(hdev)) {
bdb6d971 3228 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3229 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3230 goto unlock;
3231 }
3232
28424707
JH		 3233 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3234 if (!cmd) {
bdb6d971 3235 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3236 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3237 goto unlock;
3238 }
3239
3240 conn = cmd->user_data;
3241
3242 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3243 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3244 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3245 goto unlock;
3246 }
3247
3248 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3249
bdb6d971 3250 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3251 addr, sizeof(*addr));
28424707
JH		 3252unlock:
3253 hci_dev_unlock(hdev);
28424707
JH		 3254 return err;
3255}
3256
bdb6d971 3257static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3258 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3259 u16 hci_op, __le32 passkey)
a5c29683 3260{
a5c29683 3261 struct pending_cmd *cmd;
0df4c185 3262 struct hci_conn *conn;
a5c29683
JH		 3263 int err;
3264
09fd0de5 3265 hci_dev_lock(hdev);
08ba5382 3266
4b34ee78 3267 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3268 err = cmd_complete(sk, hdev->id, mgmt_op,
3269 MGMT_STATUS_NOT_POWERED, addr,
3270 sizeof(*addr));
0df4c185 3271 goto done;
a5c29683
JH		 3272 }
3273
1707c60e
JH		 3274 if (addr->type == BDADDR_BREDR)
3275 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3276 else
1707c60e 3277 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3278
3279 if (!conn) {
feb94d3d
JH		 3280 err = cmd_complete(sk, hdev->id, mgmt_op,
3281 MGMT_STATUS_NOT_CONNECTED, addr,
3282 sizeof(*addr));
272d90df
JH		 3283 goto done;
3284 }
47c15e2b 3285
1707c60e 3286 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3287 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3288 if (!err)
feb94d3d
JH		 3289 err = cmd_complete(sk, hdev->id, mgmt_op,
3290 MGMT_STATUS_SUCCESS, addr,
3291 sizeof(*addr));
5fe57d9e 3292 else
feb94d3d
JH		 3293 err = cmd_complete(sk, hdev->id, mgmt_op,
3294 MGMT_STATUS_FAILED, addr,
3295 sizeof(*addr));
47c15e2b 3296
47c15e2b
BG		 3297 goto done;
3298 }
3299
1707c60e 3300 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3301 if (!cmd) {
3302 err = -ENOMEM;
0df4c185 3303 goto done;
a5c29683
JH		 3304 }
3305
0df4c185 3306 /* Continue with pairing via HCI */
604086b7
BG		 3307 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3308 struct hci_cp_user_passkey_reply cp;
3309
1707c60e 3310 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3311 cp.passkey = passkey;
3312 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3313 } else
1707c60e
JH		 3314 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3315 &addr->bdaddr);
604086b7 3316
a664b5bc
JH		 3317 if (err < 0)
3318 mgmt_pending_remove(cmd);
a5c29683 3319
0df4c185 3320done:
09fd0de5 3321 hci_dev_unlock(hdev);
a5c29683
JH		 3322 return err;
3323}
3324
afeb019d
JK		 3325static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3326 void *data, u16 len)
3327{
3328 struct mgmt_cp_pin_code_neg_reply *cp = data;
3329
3330 BT_DBG("");
3331
1707c60e 3332 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3333 MGMT_OP_PIN_CODE_NEG_REPLY,
3334 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3335}
3336
04124681
GP		 3337static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3338 u16 len)
0df4c185 3339{
650f726d 3340 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3341
3342 BT_DBG("");
3343
3344 if (len != sizeof(*cp))
bdb6d971 3345 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3346 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3347
1707c60e 3348 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3349 MGMT_OP_USER_CONFIRM_REPLY,
3350 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3351}
3352
bdb6d971 3353static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3354 void *data, u16 len)
0df4c185 3355{
c9c2659f 3356 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3357
3358 BT_DBG("");
3359
1707c60e 3360 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3361 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3362 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3363}
3364
04124681
GP		 3365static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3366 u16 len)
604086b7 3367{
650f726d 3368 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3369
3370 BT_DBG("");
3371
1707c60e 3372 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3373 MGMT_OP_USER_PASSKEY_REPLY,
3374 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3375}
3376
bdb6d971 3377static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3378 void *data, u16 len)
604086b7 3379{
650f726d 3380 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3381
3382 BT_DBG("");
3383
1707c60e 3384 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3385 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3386 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3387}
3388
13928971 3389static void update_name(struct hci_request *req)
2b4bf397 3390{
13928971 3391 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3392 struct hci_cp_write_local_name cp;
3393
13928971 3394 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3395
890ea898 3396 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3397}
3398
13928971
JH		 3399static void set_name_complete(struct hci_dev *hdev, u8 status)
3400{
3401 struct mgmt_cp_set_local_name *cp;
3402 struct pending_cmd *cmd;
3403
3404 BT_DBG("status 0x%02x", status);
3405
3406 hci_dev_lock(hdev);
3407
3408 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3409 if (!cmd)
3410 goto unlock;
3411
3412 cp = cmd->param;
3413
3414 if (status)
3415 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3416 mgmt_status(status));
3417 else
3418 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3419 cp, sizeof(*cp));
3420
3421 mgmt_pending_remove(cmd);
3422
3423unlock:
3424 hci_dev_unlock(hdev);
3425}
3426
bdb6d971 3427static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3428 u16 len)
b312b161 3429{
2b4bf397 3430 struct mgmt_cp_set_local_name *cp = data;
b312b161 3431 struct pending_cmd *cmd;
890ea898 3432 struct hci_request req;
b312b161
JH		 3433 int err;
3434
3435 BT_DBG("");
3436
09fd0de5 3437 hci_dev_lock(hdev);
b312b161 3438
b3f2ca94
JH		 3439 /* If the old values are the same as the new ones just return a
3440 * direct command complete event.
3441 */
3442 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3443 !memcmp(hdev->short_name, cp->short_name,
3444 sizeof(hdev->short_name))) {
3445 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3446 data, len);
3447 goto failed;
3448 }
3449
2b4bf397 3450 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3451
b5235a65 3452 if (!hdev_is_powered(hdev)) {
2b4bf397 3453 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3454
3455 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3456 data, len);
28cc7bde
JH		 3457 if (err < 0)
3458 goto failed;
3459
3460 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3461 sk);
28cc7bde 3462
b5235a65
JH		 3463 goto failed;
3464 }
3465
28cc7bde 3466 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3467 if (!cmd) {
3468 err = -ENOMEM;
3469 goto failed;
3470 }
3471
13928971
JH		 3472 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3473
890ea898 3474 hci_req_init(&req, hdev);
3f985050
JH		 3475
3476 if (lmp_bredr_capable(hdev)) {
3477 update_name(&req);
3478 update_eir(&req);
3479 }
3480
7a5f4990
MH		 3481 /* The name is stored in the scan response data and so
3482 * no need to udpate the advertising data here.
3483 */
3f985050 3484 if (lmp_le_capable(hdev))
7a5f4990 3485 update_scan_rsp_data(&req);
3f985050 3486
13928971 3487 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3488 if (err < 0)
3489 mgmt_pending_remove(cmd);
3490
3491failed:
09fd0de5 3492 hci_dev_unlock(hdev);
b312b161
JH		 3493 return err;
3494}
3495
0f4e68cf 3496static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3497 void *data, u16 data_len)
c35938b2 3498{
c35938b2
SJ		 3499 struct pending_cmd *cmd;
3500 int err;
3501
bdb6d971 3502 BT_DBG("%s", hdev->name);
c35938b2 3503
09fd0de5 3504 hci_dev_lock(hdev);
c35938b2 3505
4b34ee78 3506 if (!hdev_is_powered(hdev)) {
bdb6d971 3507 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3508 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3509 goto unlock;
3510 }
3511
9a1a1996 3512 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3513 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3514 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3515 goto unlock;
3516 }
3517
2e58ef3e 3518 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3519 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3520 MGMT_STATUS_BUSY);
c35938b2
SJ		 3521 goto unlock;
3522 }
3523
2e58ef3e 3524 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3525 if (!cmd) {
3526 err = -ENOMEM;
3527 goto unlock;
3528 }
3529
4d2d2796
MH		 3530 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3531 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3532 0, NULL);
3533 else
3534 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3535
c35938b2
SJ		 3536 if (err < 0)
3537 mgmt_pending_remove(cmd);
3538
3539unlock:
09fd0de5 3540 hci_dev_unlock(hdev);
c35938b2
SJ		 3541 return err;
3542}
3543
bdb6d971 3544static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3545 void *data, u16 len)
2763eda6 3546{
2763eda6
SJ		 3547 int err;
3548
bdb6d971 3549 BT_DBG("%s ", hdev->name);
2763eda6 3550
09fd0de5 3551 hci_dev_lock(hdev);
2763eda6 3552
ec109113
MH		 3553 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3554 struct mgmt_cp_add_remote_oob_data *cp = data;
3555 u8 status;
bf1e3541 3556
ec109113
MH		 3557 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3558 cp->hash, cp->randomizer);
3559 if (err < 0)
3560 status = MGMT_STATUS_FAILED;
3561 else
3562 status = MGMT_STATUS_SUCCESS;
3563
3564 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3565 status, &cp->addr, sizeof(cp->addr));
3566 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3567 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3568 u8 status;
3569
3570 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3571 cp->hash192,
3572 cp->randomizer192,
3573 cp->hash256,
3574 cp->randomizer256);
3575 if (err < 0)
3576 status = MGMT_STATUS_FAILED;
3577 else
3578 status = MGMT_STATUS_SUCCESS;
3579
3580 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3581 status, &cp->addr, sizeof(cp->addr));
3582 } else {
3583 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3584 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3585 MGMT_STATUS_INVALID_PARAMS);
3586 }
2763eda6 3587
09fd0de5 3588 hci_dev_unlock(hdev);
2763eda6
SJ		 3589 return err;
3590}
3591
bdb6d971 3592static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3593 void *data, u16 len)
2763eda6 3594{
650f726d 3595 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3596 u8 status;
2763eda6
SJ		 3597 int err;
3598
bdb6d971 3599 BT_DBG("%s", hdev->name);
2763eda6 3600
09fd0de5 3601 hci_dev_lock(hdev);
2763eda6 3602
664ce4cc 3603 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3604 if (err < 0)
bf1e3541 3605 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3606 else
a6785be2 3607 status = MGMT_STATUS_SUCCESS;
bf1e3541 3608
bdb6d971 3609 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3610 status, &cp->addr, sizeof(cp->addr));
2763eda6 3611
09fd0de5 3612 hci_dev_unlock(hdev);
2763eda6
SJ		 3613 return err;
3614}
3615
41dc2bd6
AG		 3616static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3617{
3618 struct pending_cmd *cmd;
3619 u8 type;
3620 int err;
3621
3622 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3623
3624 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3625 if (!cmd)
3626 return -ENOENT;
3627
3628 type = hdev->discovery.type;
3629
3630 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3631 &type, sizeof(type));
3632 mgmt_pending_remove(cmd);
3633
3634 return err;
3635}
3636
7c307720
AG		 3637static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3638{
ae55f598
LR		 3639 unsigned long timeout = 0;
3640
7c307720
AG		 3641 BT_DBG("status %d", status);
3642
3643 if (status) {
3644 hci_dev_lock(hdev);
3645 mgmt_start_discovery_failed(hdev, status);
3646 hci_dev_unlock(hdev);
3647 return;
3648 }
3649
3650 hci_dev_lock(hdev);
3651 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3652 hci_dev_unlock(hdev);
3653
3654 switch (hdev->discovery.type) {
3655 case DISCOV_TYPE_LE:
3d5a76f0 3656 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3657 break;
3658
3659 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3660 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3661 break;
3662
3663 case DISCOV_TYPE_BREDR:
3664 break;
3665
3666 default:
3667 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3668 }
ae55f598
LR		 3669
3670 if (!timeout)
3671 return;
3672
3673 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3674}
3675
bdb6d971 3676static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3677 void *data, u16 len)
14a53664 3678{
650f726d 3679 struct mgmt_cp_start_discovery *cp = data;
14a53664 3680 struct pending_cmd *cmd;
7c307720
AG		 3681 struct hci_cp_le_set_scan_param param_cp;
3682 struct hci_cp_le_set_scan_enable enable_cp;
3683 struct hci_cp_inquiry inq_cp;
3684 struct hci_request req;
3685 /* General inquiry access code (GIAC) */
3686 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3687 u8 status, own_addr_type;
14a53664
JH		 3688 int err;
3689
bdb6d971 3690 BT_DBG("%s", hdev->name);
14a53664 3691
09fd0de5 3692 hci_dev_lock(hdev);
14a53664 3693
4b34ee78 3694 if (!hdev_is_powered(hdev)) {
bdb6d971 3695 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3696 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3697 goto failed;
3698 }
3699
642be6c7
AG		 3700 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3701 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3702 MGMT_STATUS_BUSY);
3703 goto failed;
3704 }
3705
ff9ef578 3706 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3707 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3708 MGMT_STATUS_BUSY);
ff9ef578
JH		 3709 goto failed;
3710 }
3711
2e58ef3e 3712 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3713 if (!cmd) {
3714 err = -ENOMEM;
3715 goto failed;
3716 }
3717
4aab14e5
AG		 3718 hdev->discovery.type = cp->type;
3719
7c307720
AG		 3720 hci_req_init(&req, hdev);
3721
4aab14e5 3722 switch (hdev->discovery.type) {
f39799f5 3723 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3724 status = mgmt_bredr_support(hdev);
3725 if (status) {
04106755 3726 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3727 status);
04106755
JH		 3728 mgmt_pending_remove(cmd);
3729 goto failed;
3730 }
3731
7c307720
AG		 3732 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3733 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3734 MGMT_STATUS_BUSY);
3735 mgmt_pending_remove(cmd);
3736 goto failed;
3737 }
3738
3739 hci_inquiry_cache_flush(hdev);
3740
3741 memset(&inq_cp, 0, sizeof(inq_cp));
3742 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3743 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3744 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3745 break;
3746
3747 case DISCOV_TYPE_LE:
7c307720 3748 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3749 status = mgmt_le_support(hdev);
3750 if (status) {
04106755 3751 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3752 status);
04106755
JH		 3753 mgmt_pending_remove(cmd);
3754 goto failed;
3755 }
3756
7c307720 3757 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3758 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3759 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3760 MGMT_STATUS_NOT_SUPPORTED);
3761 mgmt_pending_remove(cmd);
3762 goto failed;
3763 }
3764
e8bb6b97
JH		 3765 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3766 /* Don't let discovery abort an outgoing
3767 * connection attempt that's using directed
3768 * advertising.
3769 */
3770 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3771 BT_CONNECT)) {
3772 err = cmd_status(sk, hdev->id,
3773 MGMT_OP_START_DISCOVERY,
3774 MGMT_STATUS_REJECTED);
3775 mgmt_pending_remove(cmd);
3776 goto failed;
3777 }
3778
3779 disable_advertising(&req);
7c307720
AG		 3780 }
3781
c54c3860
AG		 3782 /* If controller is scanning, it means the background scanning
3783 * is running. Thus, we should temporarily stop it in order to
3784 * set the discovery scanning parameters.
3785 */
3786 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3787 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3788
3789 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3790
94b1fc92
MH		 3791 /* All active scans will be done with either a resolvable
3792 * private address (when privacy feature has been enabled)
3793 * or unresolvable private address.
3794 */
3795 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3796 if (err < 0) {
3797 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3798 MGMT_STATUS_FAILED);
3799 mgmt_pending_remove(cmd);
3800 goto failed;
3801 }
3802
7c307720 3803 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3804 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3805 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3806 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3807 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3808 &param_cp);
3809
3810 memset(&enable_cp, 0, sizeof(enable_cp));
3811 enable_cp.enable = LE_SCAN_ENABLE;
3812 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3813 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3814 &enable_cp);
5e0452c0
AG		 3815 break;
3816
f39799f5 3817 default:
04106755
JH		 3818 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3819 MGMT_STATUS_INVALID_PARAMS);
3820 mgmt_pending_remove(cmd);
3821 goto failed;
f39799f5 3822 }
3fd24153 3823
7c307720 3824 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3825 if (err < 0)
3826 mgmt_pending_remove(cmd);
ff9ef578
JH		 3827 else
3828 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3829
3830failed:
09fd0de5 3831 hci_dev_unlock(hdev);
14a53664
JH		 3832 return err;
3833}
3834
1183fdca
AG		 3835static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3836{
3837 struct pending_cmd *cmd;
3838 int err;
3839
3840 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3841 if (!cmd)
3842 return -ENOENT;
3843
3844 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3845 &hdev->discovery.type, sizeof(hdev->discovery.type));
3846 mgmt_pending_remove(cmd);
3847
3848 return err;
3849}
3850
0e05bba6
AG		 3851static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3852{
3853 BT_DBG("status %d", status);
3854
3855 hci_dev_lock(hdev);
3856
3857 if (status) {
3858 mgmt_stop_discovery_failed(hdev, status);
3859 goto unlock;
3860 }
3861
3862 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3863
3864unlock:
3865 hci_dev_unlock(hdev);
3866}
3867
bdb6d971 3868static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3869 u16 len)
14a53664 3870{
d930650b 3871 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3872 struct pending_cmd *cmd;
0e05bba6 3873 struct hci_request req;
14a53664
JH		 3874 int err;
3875
bdb6d971 3876 BT_DBG("%s", hdev->name);
14a53664 3877
09fd0de5 3878 hci_dev_lock(hdev);
14a53664 3879
30dc78e1 3880 if (!hci_discovery_active(hdev)) {
bdb6d971 3881 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3882 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3883 sizeof(mgmt_cp->type));
d930650b
JH		 3884 goto unlock;
3885 }
3886
3887 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3888 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3889 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3890 sizeof(mgmt_cp->type));
30dc78e1 3891 goto unlock;
ff9ef578
JH		 3892 }
3893
2e58ef3e 3894 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3895 if (!cmd) {
3896 err = -ENOMEM;
30dc78e1
JH		 3897 goto unlock;
3898 }
3899
0e05bba6
AG		 3900 hci_req_init(&req, hdev);
3901
21a60d30 3902 hci_stop_discovery(&req);
e0d9727e 3903
21a60d30
JH		 3904 err = hci_req_run(&req, stop_discovery_complete);
3905 if (!err) {
3906 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3907 goto unlock;
14a53664
JH		 3908 }
3909
21a60d30
JH		 3910 mgmt_pending_remove(cmd);
3911
3912 /* If no HCI commands were sent we're done */
3913 if (err == -ENODATA) {
3914 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3915 &mgmt_cp->type, sizeof(mgmt_cp->type));
3916 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3917 }
14a53664 3918
30dc78e1 3919unlock:
09fd0de5 3920 hci_dev_unlock(hdev);
14a53664
JH		 3921 return err;
3922}
3923
bdb6d971 3924static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3925 u16 len)
561aafbc 3926{
650f726d 3927 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3928 struct inquiry_entry *e;
561aafbc
JH		 3929 int err;
3930
bdb6d971 3931 BT_DBG("%s", hdev->name);
561aafbc 3932
561aafbc
JH		 3933 hci_dev_lock(hdev);
3934
30dc78e1 3935 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3936 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3937 MGMT_STATUS_FAILED, &cp->addr,
3938 sizeof(cp->addr));
30dc78e1
JH		 3939 goto failed;
3940 }
3941
a198e7b1 3942 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3943 if (!e) {
d3a2541d
LR		 3944 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3945 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3946 sizeof(cp->addr));
561aafbc
JH		 3947 goto failed;
3948 }
3949
3950 if (cp->name_known) {
3951 e->name_state = NAME_KNOWN;
3952 list_del(&e->list);
3953 } else {
3954 e->name_state = NAME_NEEDED;
a3d4e20a 3955 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3956 }
3957
e384662b
JH		 3958 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3959 sizeof(cp->addr));
561aafbc
JH		 3960
3961failed:
3962 hci_dev_unlock(hdev);
561aafbc
JH		 3963 return err;
3964}
3965
bdb6d971 3966static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3967 u16 len)
7fbec224 3968{
650f726d 3969 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3970 u8 status;
7fbec224
AJ		 3971 int err;
3972
bdb6d971 3973 BT_DBG("%s", hdev->name);
7fbec224 3974
4ee71b20 3975 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3976 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3977 MGMT_STATUS_INVALID_PARAMS,
3978 &cp->addr, sizeof(cp->addr));
4ee71b20 3979
09fd0de5 3980 hci_dev_lock(hdev);
5e762444 3981
dcc36c16
JH		 3982 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3983 cp->addr.type);
2a8357f2 3984 if (err < 0) {
f0eeea8b 3985 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3986 goto done;
3987 }
3988
3989 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3990 sk);
3991 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3992
2a8357f2 3993done:
bdb6d971 3994 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3995 &cp->addr, sizeof(cp->addr));
5e762444 3996
09fd0de5 3997 hci_dev_unlock(hdev);
7fbec224
AJ		 3998
3999 return err;
4000}
4001
bdb6d971 4002static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4003 u16 len)
7fbec224 4004{
650f726d 4005 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4006 u8 status;
7fbec224
AJ		 4007 int err;
4008
bdb6d971 4009 BT_DBG("%s", hdev->name);
7fbec224 4010
4ee71b20 4011 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4012 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4013 MGMT_STATUS_INVALID_PARAMS,
4014 &cp->addr, sizeof(cp->addr));
4ee71b20 4015
09fd0de5 4016 hci_dev_lock(hdev);
5e762444 4017
dcc36c16
JH		 4018 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4019 cp->addr.type);
2a8357f2 4020 if (err < 0) {
f0eeea8b 4021 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4022 goto done;
4023 }
4024
4025 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4026 sk);
4027 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4028
2a8357f2 4029done:
bdb6d971 4030 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4031 &cp->addr, sizeof(cp->addr));
5e762444 4032
09fd0de5 4033 hci_dev_unlock(hdev);
7fbec224
AJ		 4034
4035 return err;
4036}
4037
cdbaccca
MH		 4038static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4039 u16 len)
4040{
4041 struct mgmt_cp_set_device_id *cp = data;
890ea898 4042 struct hci_request req;
cdbaccca 4043 int err;
c72d4b8a 4044 __u16 source;
cdbaccca
MH		 4045
4046 BT_DBG("%s", hdev->name);
4047
c72d4b8a
SJ		 4048 source = __le16_to_cpu(cp->source);
4049
4050 if (source > 0x0002)
4051 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4052 MGMT_STATUS_INVALID_PARAMS);
4053
cdbaccca
MH		 4054 hci_dev_lock(hdev);
4055
c72d4b8a 4056 hdev->devid_source = source;
cdbaccca
MH		 4057 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4058 hdev->devid_product = __le16_to_cpu(cp->product);
4059 hdev->devid_version = __le16_to_cpu(cp->version);
4060
4061 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4062
890ea898
JH		 4063 hci_req_init(&req, hdev);
4064 update_eir(&req);
4065 hci_req_run(&req, NULL);
cdbaccca
MH		 4066
4067 hci_dev_unlock(hdev);
4068
4069 return err;
4070}
4071
4375f103
JH		 4072static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4073{
4074 struct cmd_lookup match = { NULL, hdev };
4075
4076 if (status) {
4077 u8 mgmt_err = mgmt_status(status);
4078
4079 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4080 cmd_status_rsp, &mgmt_err);
4081 return;
4082 }
4083
c93bd150
JH		 4084 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4085 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4086 else
4087 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4088
4375f103
JH		 4089 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4090 &match);
4091
4092 new_settings(hdev, match.sk);
4093
4094 if (match.sk)
4095 sock_put(match.sk);
4096}
4097
21b5187f
MH		 4098static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4099 u16 len)
4375f103
JH		 4100{
4101 struct mgmt_mode *cp = data;
4102 struct pending_cmd *cmd;
4103 struct hci_request req;
e6fe7986 4104 u8 val, enabled, status;
4375f103
JH		 4105 int err;
4106
4107 BT_DBG("request for %s", hdev->name);
4108
e6fe7986
JH		 4109 status = mgmt_le_support(hdev);
4110 if (status)
4375f103 4111 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4112 status);
4375f103
JH		 4113
4114 if (cp->val != 0x00 && cp->val != 0x01)
4115 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4116 MGMT_STATUS_INVALID_PARAMS);
4117
4118 hci_dev_lock(hdev);
4119
4120 val = !!cp->val;
f3d3444a 4121 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4122
f74ca9b8
JH		 4123 /* The following conditions are ones which mean that we should
4124 * not do any HCI communication but directly send a mgmt
4125 * response to user space (after toggling the flag if
4126 * necessary).
4127 */
4128 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4129 hci_conn_num(hdev, LE_LINK) > 0 ||
4130 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4131 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4132 bool changed = false;
4133
f3d3444a
JH		 4134 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4135 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4136 changed = true;
4137 }
4138
4139 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4140 if (err < 0)
4141 goto unlock;
4142
4143 if (changed)
4144 err = new_settings(hdev, sk);
4145
4146 goto unlock;
4147 }
4148
4149 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4150 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4151 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4152 MGMT_STATUS_BUSY);
4153 goto unlock;
4154 }
4155
4156 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4157 if (!cmd) {
4158 err = -ENOMEM;
4159 goto unlock;
4160 }
4161
4162 hci_req_init(&req, hdev);
4163
bba3aa55
MH		 4164 if (val)
4165 enable_advertising(&req);
4166 else
4167 disable_advertising(&req);
4375f103
JH		 4168
4169 err = hci_req_run(&req, set_advertising_complete);
4170 if (err < 0)
4171 mgmt_pending_remove(cmd);
4172
4173unlock:
4174 hci_dev_unlock(hdev);
4175 return err;
4176}
4177
d13eafce
MH		 4178static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4179 void *data, u16 len)
4180{
4181 struct mgmt_cp_set_static_address *cp = data;
4182 int err;
4183
4184 BT_DBG("%s", hdev->name);
4185
62af4443 4186 if (!lmp_le_capable(hdev))
d13eafce 4187 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4188 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4189
4190 if (hdev_is_powered(hdev))
4191 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4192 MGMT_STATUS_REJECTED);
4193
4194 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4195 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4196 return cmd_status(sk, hdev->id,
4197 MGMT_OP_SET_STATIC_ADDRESS,
4198 MGMT_STATUS_INVALID_PARAMS);
4199
4200 /* Two most significant bits shall be set */
4201 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4202 return cmd_status(sk, hdev->id,
4203 MGMT_OP_SET_STATIC_ADDRESS,
4204 MGMT_STATUS_INVALID_PARAMS);
4205 }
4206
4207 hci_dev_lock(hdev);
4208
4209 bacpy(&hdev->static_addr, &cp->bdaddr);
4210
4211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4212
4213 hci_dev_unlock(hdev);
4214
4215 return err;
4216}
4217
14b49b9a
MH		 4218static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4219 void *data, u16 len)
4220{
4221 struct mgmt_cp_set_scan_params *cp = data;
4222 __u16 interval, window;
4223 int err;
4224
4225 BT_DBG("%s", hdev->name);
4226
4227 if (!lmp_le_capable(hdev))
4228 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4229 MGMT_STATUS_NOT_SUPPORTED);
4230
4231 interval = __le16_to_cpu(cp->interval);
4232
4233 if (interval < 0x0004 || interval > 0x4000)
4234 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4235 MGMT_STATUS_INVALID_PARAMS);
4236
4237 window = __le16_to_cpu(cp->window);
4238
4239 if (window < 0x0004 || window > 0x4000)
4240 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4241 MGMT_STATUS_INVALID_PARAMS);
4242
899e1075
MH		 4243 if (window > interval)
4244 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4245 MGMT_STATUS_INVALID_PARAMS);
4246
14b49b9a
MH		 4247 hci_dev_lock(hdev);
4248
4249 hdev->le_scan_interval = interval;
4250 hdev->le_scan_window = window;
4251
4252 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4253
dd2ef8e2
AG		 4254 /* If background scan is running, restart it so new parameters are
4255 * loaded.
4256 */
4257 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4258 hdev->discovery.state == DISCOVERY_STOPPED) {
4259 struct hci_request req;
4260
4261 hci_req_init(&req, hdev);
4262
4263 hci_req_add_le_scan_disable(&req);
4264 hci_req_add_le_passive_scan(&req);
4265
4266 hci_req_run(&req, NULL);
4267 }
4268
14b49b9a
MH		 4269 hci_dev_unlock(hdev);
4270
4271 return err;
4272}
4273
33e38b3e
JH		 4274static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4275{
4276 struct pending_cmd *cmd;
4277
4278 BT_DBG("status 0x%02x", status);
4279
4280 hci_dev_lock(hdev);
4281
4282 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4283 if (!cmd)
4284 goto unlock;
4285
4286 if (status) {
4287 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4288 mgmt_status(status));
4289 } else {
1a4d3c4b
JH		 4290 struct mgmt_mode *cp = cmd->param;
4291
4292 if (cp->val)
4293 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4294 else
4295 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4296
33e38b3e
JH		 4297 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4298 new_settings(hdev, cmd->sk);
4299 }
4300
4301 mgmt_pending_remove(cmd);
4302
4303unlock:
4304 hci_dev_unlock(hdev);
4305}
4306
bdb6d971 4307static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4308 void *data, u16 len)
f6422ec6 4309{
650f726d 4310 struct mgmt_mode *cp = data;
33e38b3e
JH		 4311 struct pending_cmd *cmd;
4312 struct hci_request req;
f6422ec6
AJ		 4313 int err;
4314
bdb6d971 4315 BT_DBG("%s", hdev->name);
f6422ec6 4316
56f87901
JH		 4317 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4318 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4319 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4320 MGMT_STATUS_NOT_SUPPORTED);
4321
a7e80f25
JH		 4322 if (cp->val != 0x00 && cp->val != 0x01)
4323 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4324 MGMT_STATUS_INVALID_PARAMS);
4325
5400c044 4326 if (!hdev_is_powered(hdev))
bdb6d971 4327 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4328 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4329
4330 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4331 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4332 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4333
4334 hci_dev_lock(hdev);
4335
05cbf29f
JH		 4336 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4337 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4338 MGMT_STATUS_BUSY);
4339 goto unlock;
4340 }
4341
1a4d3c4b
JH		 4342 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4343 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4344 hdev);
4345 goto unlock;
4346 }
4347
33e38b3e
JH		 4348 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4349 data, len);
4350 if (!cmd) {
4351 err = -ENOMEM;
4352 goto unlock;
f6422ec6
AJ		 4353 }
4354
33e38b3e
JH		 4355 hci_req_init(&req, hdev);
4356
406d7804 4357 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4358
4359 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4360 if (err < 0) {
bdb6d971 4361 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4362 MGMT_STATUS_FAILED);
33e38b3e 4363 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4364 }
4365
33e38b3e 4366unlock:
f6422ec6 4367 hci_dev_unlock(hdev);
33e38b3e 4368
f6422ec6
AJ		 4369 return err;
4370}
4371
67e5a7a3
JH		 4372static void set_bredr_scan(struct hci_request *req)
4373{
4374 struct hci_dev *hdev = req->hdev;
4375 u8 scan = 0;
4376
4377 /* Ensure that fast connectable is disabled. This function will
4378 * not do anything if the page scan parameters are already what
4379 * they should be.
4380 */
4381 write_fast_connectable(req, false);
4382
6cebb9e7
JH		 4383 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
4384 !list_empty(&hdev->whitelist))
67e5a7a3
JH		 4385 scan |= SCAN_PAGE;
4386 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4387 scan |= SCAN_INQUIRY;
4388
4389 if (scan)
4390 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4391}
4392
0663ca2a
JH		 4393static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4394{
4395 struct pending_cmd *cmd;
4396
4397 BT_DBG("status 0x%02x", status);
4398
4399 hci_dev_lock(hdev);
4400
4401 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4402 if (!cmd)
4403 goto unlock;
4404
4405 if (status) {
4406 u8 mgmt_err = mgmt_status(status);
4407
4408 /* We need to restore the flag if related HCI commands
4409 * failed.
4410 */
4411 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4412
4413 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4414 } else {
4415 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4416 new_settings(hdev, cmd->sk);
4417 }
4418
4419 mgmt_pending_remove(cmd);
4420
4421unlock:
4422 hci_dev_unlock(hdev);
4423}
4424
4425static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4426{
4427 struct mgmt_mode *cp = data;
4428 struct pending_cmd *cmd;
4429 struct hci_request req;
4430 int err;
4431
4432 BT_DBG("request for %s", hdev->name);
4433
4434 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4435 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4436 MGMT_STATUS_NOT_SUPPORTED);
4437
4438 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4439 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4440 MGMT_STATUS_REJECTED);
4441
4442 if (cp->val != 0x00 && cp->val != 0x01)
4443 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4444 MGMT_STATUS_INVALID_PARAMS);
4445
4446 hci_dev_lock(hdev);
4447
4448 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4449 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4450 goto unlock;
4451 }
4452
4453 if (!hdev_is_powered(hdev)) {
4454 if (!cp->val) {
0663ca2a
JH		 4455 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4456 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4457 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4458 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4459 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4460 }
4461
4462 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4463
4464 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4465 if (err < 0)
4466 goto unlock;
4467
4468 err = new_settings(hdev, sk);
4469 goto unlock;
4470 }
4471
4472 /* Reject disabling when powered on */
4473 if (!cp->val) {
4474 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4475 MGMT_STATUS_REJECTED);
4476 goto unlock;
4477 }
4478
4479 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4480 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4481 MGMT_STATUS_BUSY);
4482 goto unlock;
4483 }
4484
4485 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4486 if (!cmd) {
4487 err = -ENOMEM;
4488 goto unlock;
4489 }
4490
5947f4bc 4491 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4492 * generates the correct flags.
4493 */
4494 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4495
4496 hci_req_init(&req, hdev);
aa8af46e 4497
6cebb9e7
JH		 4498 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
4499 !list_empty(&hdev->whitelist))
aa8af46e
JH		 4500 set_bredr_scan(&req);
4501
f14d8f64
MH		 4502 /* Since only the advertising data flags will change, there
4503 * is no need to update the scan response data.
4504 */
5947f4bc 4505 update_adv_data(&req);
aa8af46e 4506
0663ca2a
JH		 4507 err = hci_req_run(&req, set_bredr_complete);
4508 if (err < 0)
4509 mgmt_pending_remove(cmd);
4510
4511unlock:
4512 hci_dev_unlock(hdev);
4513 return err;
4514}
4515
eac83dc6
MH		 4516static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4517 void *data, u16 len)
4518{
4519 struct mgmt_mode *cp = data;
4520 struct pending_cmd *cmd;
0ab04a9c 4521 u8 val, status;
eac83dc6
MH		 4522 int err;
4523
4524 BT_DBG("request for %s", hdev->name);
4525
4526 status = mgmt_bredr_support(hdev);
4527 if (status)
4528 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4529 status);
4530
5afeac14 4531 if (!lmp_sc_capable(hdev) &&
111902f7 4532 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4533 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4534 MGMT_STATUS_NOT_SUPPORTED);
4535
0ab04a9c 4536 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4537 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4538 MGMT_STATUS_INVALID_PARAMS);
4539
4540 hci_dev_lock(hdev);
4541
4542 if (!hdev_is_powered(hdev)) {
4543 bool changed;
4544
0ab04a9c 4545 if (cp->val) {
eac83dc6
MH		 4546 changed = !test_and_set_bit(HCI_SC_ENABLED,
4547 &hdev->dev_flags);
0ab04a9c
MH		 4548 if (cp->val == 0x02)
4549 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4550 else
4551 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4552 } else {
eac83dc6
MH		 4553 changed = test_and_clear_bit(HCI_SC_ENABLED,
4554 &hdev->dev_flags);
0ab04a9c
MH		 4555 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4556 }
eac83dc6
MH		 4557
4558 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4559 if (err < 0)
4560 goto failed;
4561
4562 if (changed)
4563 err = new_settings(hdev, sk);
4564
4565 goto failed;
4566 }
4567
4568 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4570 MGMT_STATUS_BUSY);
4571 goto failed;
4572 }
4573
0ab04a9c
MH		 4574 val = !!cp->val;
4575
4576 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4577 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4578 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4579 goto failed;
4580 }
4581
4582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4583 if (!cmd) {
4584 err = -ENOMEM;
4585 goto failed;
4586 }
4587
0ab04a9c 4588 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4589 if (err < 0) {
4590 mgmt_pending_remove(cmd);
4591 goto failed;
4592 }
4593
0ab04a9c
MH		 4594 if (cp->val == 0x02)
4595 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4596 else
4597 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4598
eac83dc6
MH		 4599failed:
4600 hci_dev_unlock(hdev);
4601 return err;
4602}
4603
4e39ac81
MH		 4604static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4605 void *data, u16 len)
4606{
4607 struct mgmt_mode *cp = data;
b9710979 4608 bool changed, use_changed;
4e39ac81
MH		 4609 int err;
4610
4611 BT_DBG("request for %s", hdev->name);
4612
b9710979 4613 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4614 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4615 MGMT_STATUS_INVALID_PARAMS);
4616
4617 hci_dev_lock(hdev);
4618
4619 if (cp->val)
0663b297
JH		 4620 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4621 &hdev->dev_flags);
4e39ac81 4622 else
0663b297
JH		 4623 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4624 &hdev->dev_flags);
4e39ac81 4625
b9710979
JH		 4626 if (cp->val == 0x02)
4627 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4628 &hdev->dev_flags);
4629 else
4630 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4631 &hdev->dev_flags);
4632
4633 if (hdev_is_powered(hdev) && use_changed &&
4634 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4635 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4636 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4637 sizeof(mode), &mode);
4638 }
4639
4e39ac81
MH		 4640 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4641 if (err < 0)
4642 goto unlock;
4643
4644 if (changed)
4645 err = new_settings(hdev, sk);
4646
4647unlock:
4648 hci_dev_unlock(hdev);
4649 return err;
4650}
4651
62b04cd1
JH		 4652static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4653 u16 len)
4654{
4655 struct mgmt_cp_set_privacy *cp = cp_data;
4656 bool changed;
4657 int err;
4658
4659 BT_DBG("request for %s", hdev->name);
4660
4661 if (!lmp_le_capable(hdev))
4662 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4663 MGMT_STATUS_NOT_SUPPORTED);
4664
4665 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4666 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4667 MGMT_STATUS_INVALID_PARAMS);
4668
4669 if (hdev_is_powered(hdev))
4670 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4671 MGMT_STATUS_REJECTED);
4672
4673 hci_dev_lock(hdev);
4674
c21c0ea0
JH		 4675 /* If user space supports this command it is also expected to
4676 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4677 */
4678 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4679
62b04cd1
JH		 4680 if (cp->privacy) {
4681 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4682 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4683 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4684 } else {
4685 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4686 memset(hdev->irk, 0, sizeof(hdev->irk));
4687 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4688 }
4689
4690 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4691 if (err < 0)
4692 goto unlock;
4693
4694 if (changed)
4695 err = new_settings(hdev, sk);
4696
4697unlock:
4698 hci_dev_unlock(hdev);
4699 return err;
4700}
4701
41edf160
JH		 4702static bool irk_is_valid(struct mgmt_irk_info *irk)
4703{
4704 switch (irk->addr.type) {
4705 case BDADDR_LE_PUBLIC:
4706 return true;
4707
4708 case BDADDR_LE_RANDOM:
4709 /* Two most significant bits shall be set */
4710 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4711 return false;
4712 return true;
4713 }
4714
4715 return false;
4716}
4717
4718static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4719 u16 len)
4720{
4721 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4722 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4723 sizeof(struct mgmt_irk_info));
41edf160
JH		 4724 u16 irk_count, expected_len;
4725 int i, err;
4726
4727 BT_DBG("request for %s", hdev->name);
4728
4729 if (!lmp_le_capable(hdev))
4730 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4731 MGMT_STATUS_NOT_SUPPORTED);
4732
4733 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4734 if (irk_count > max_irk_count) {
4735 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4736 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4737 MGMT_STATUS_INVALID_PARAMS);
4738 }
41edf160
JH		 4739
4740 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4741 if (expected_len != len) {
4742 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4743 expected_len, len);
41edf160
JH		 4744 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4745 MGMT_STATUS_INVALID_PARAMS);
4746 }
4747
4748 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4749
4750 for (i = 0; i < irk_count; i++) {
4751 struct mgmt_irk_info *key = &cp->irks[i];
4752
4753 if (!irk_is_valid(key))
4754 return cmd_status(sk, hdev->id,
4755 MGMT_OP_LOAD_IRKS,
4756 MGMT_STATUS_INVALID_PARAMS);
4757 }
4758
4759 hci_dev_lock(hdev);
4760
4761 hci_smp_irks_clear(hdev);
4762
4763 for (i = 0; i < irk_count; i++) {
4764 struct mgmt_irk_info *irk = &cp->irks[i];
4765 u8 addr_type;
4766
4767 if (irk->addr.type == BDADDR_LE_PUBLIC)
4768 addr_type = ADDR_LE_DEV_PUBLIC;
4769 else
4770 addr_type = ADDR_LE_DEV_RANDOM;
4771
4772 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4773 BDADDR_ANY);
4774 }
4775
4776 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4777
4778 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4779
4780 hci_dev_unlock(hdev);
4781
4782 return err;
4783}
4784
3f706b72
JH		 4785static bool ltk_is_valid(struct mgmt_ltk_info *key)
4786{
4787 if (key->master != 0x00 && key->master != 0x01)
4788 return false;
490cb0b3
MH		 4789
4790 switch (key->addr.type) {
4791 case BDADDR_LE_PUBLIC:
4792 return true;
4793
4794 case BDADDR_LE_RANDOM:
4795 /* Two most significant bits shall be set */
4796 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4797 return false;
4798 return true;
4799 }
4800
4801 return false;
3f706b72
JH		 4802}
4803
bdb6d971 4804static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4805 void *cp_data, u16 len)
346af67b 4806{
346af67b 4807 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4808 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4809 sizeof(struct mgmt_ltk_info));
346af67b 4810 u16 key_count, expected_len;
715a5bf2 4811 int i, err;
346af67b 4812
cf99ba13
MH		 4813 BT_DBG("request for %s", hdev->name);
4814
4815 if (!lmp_le_capable(hdev))
4816 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4817 MGMT_STATUS_NOT_SUPPORTED);
4818
1f350c87 4819 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4820 if (key_count > max_key_count) {
4821 BT_ERR("load_ltks: too big key_count value %u", key_count);
4822 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4823 MGMT_STATUS_INVALID_PARAMS);
4824 }
346af67b
VCG		 4825
4826 expected_len = sizeof(*cp) + key_count *
4827 sizeof(struct mgmt_ltk_info);
4828 if (expected_len != len) {
4829 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4830 expected_len, len);
bdb6d971 4831 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4832 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4833 }
4834
bdb6d971 4835 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4836
54ad6d8a
JH		 4837 for (i = 0; i < key_count; i++) {
4838 struct mgmt_ltk_info *key = &cp->keys[i];
4839
3f706b72 4840 if (!ltk_is_valid(key))
54ad6d8a
JH		 4841 return cmd_status(sk, hdev->id,
4842 MGMT_OP_LOAD_LONG_TERM_KEYS,
4843 MGMT_STATUS_INVALID_PARAMS);
4844 }
4845
346af67b
VCG		 4846 hci_dev_lock(hdev);
4847
4848 hci_smp_ltks_clear(hdev);
4849
4850 for (i = 0; i < key_count; i++) {
4851 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4852 u8 type, addr_type, authenticated;
79d95a19
MH		 4853
4854 if (key->addr.type == BDADDR_LE_PUBLIC)
4855 addr_type = ADDR_LE_DEV_PUBLIC;
4856 else
4857 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4858
4859 if (key->master)
2ceba539 4860 type = SMP_LTK;
346af67b 4861 else
2ceba539 4862 type = SMP_LTK_SLAVE;
346af67b 4863
61b43357
JH		 4864 switch (key->type) {
4865 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4866 authenticated = 0x00;
61b43357
JH		 4867 break;
4868 case MGMT_LTK_AUTHENTICATED:
d7b25450 4869 authenticated = 0x01;
61b43357
JH		 4870 break;
4871 default:
4872 continue;
4873 }
d7b25450 4874
35d70271 4875 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4876 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4877 key->rand);
346af67b
VCG		 4878 }
4879
715a5bf2
JH		 4880 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4881 NULL, 0);
4882
346af67b 4883 hci_dev_unlock(hdev);
346af67b 4884
715a5bf2 4885 return err;
346af67b
VCG		 4886}
4887
dd983808
AK		 4888struct cmd_conn_lookup {
4889 struct hci_conn *conn;
4890 bool valid_tx_power;
4891 u8 mgmt_status;
4892};
4893
4894static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4895{
4896 struct cmd_conn_lookup *match = data;
4897 struct mgmt_cp_get_conn_info *cp;
4898 struct mgmt_rp_get_conn_info rp;
4899 struct hci_conn *conn = cmd->user_data;
4900
4901 if (conn != match->conn)
4902 return;
4903
4904 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4905
4906 memset(&rp, 0, sizeof(rp));
4907 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4908 rp.addr.type = cp->addr.type;
4909
4910 if (!match->mgmt_status) {
4911 rp.rssi = conn->rssi;
4912
eed5daf3 4913 if (match->valid_tx_power) {
dd983808 4914 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4915 rp.max_tx_power = conn->max_tx_power;
4916 } else {
dd983808 4917 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4918 rp.max_tx_power = HCI_TX_POWER_INVALID;
4919 }
dd983808
AK		 4920 }
4921
4922 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4923 match->mgmt_status, &rp, sizeof(rp));
4924
4925 hci_conn_drop(conn);
4926
4927 mgmt_pending_remove(cmd);
4928}
4929
4930static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4931{
4932 struct hci_cp_read_rssi *cp;
4933 struct hci_conn *conn;
4934 struct cmd_conn_lookup match;
4935 u16 handle;
4936
4937 BT_DBG("status 0x%02x", status);
4938
4939 hci_dev_lock(hdev);
4940
4941 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4942 * otherwise we assume it's not valid. At the moment we assume that
4943 * either both or none of current and max values are valid to keep code
4944 * simple.
dd983808
AK		 4945 */
4946 match.valid_tx_power = !status;
4947
4948 /* Commands sent in request are either Read RSSI or Read Transmit Power
4949 * Level so we check which one was last sent to retrieve connection
4950 * handle. Both commands have handle as first parameter so it's safe to
4951 * cast data on the same command struct.
4952 *
4953 * First command sent is always Read RSSI and we fail only if it fails.
4954 * In other case we simply override error to indicate success as we
4955 * already remembered if TX power value is actually valid.
4956 */
4957 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4958 if (!cp) {
4959 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4960 status = 0;
4961 }
4962
4963 if (!cp) {
4964 BT_ERR("invalid sent_cmd in response");
4965 goto unlock;
4966 }
4967
4968 handle = __le16_to_cpu(cp->handle);
4969 conn = hci_conn_hash_lookup_handle(hdev, handle);
4970 if (!conn) {
4971 BT_ERR("unknown handle (%d) in response", handle);
4972 goto unlock;
4973 }
4974
4975 match.conn = conn;
4976 match.mgmt_status = mgmt_status(status);
4977
4978 /* Cache refresh is complete, now reply for mgmt request for given
4979 * connection only.
4980 */
4981 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4982 get_conn_info_complete, &match);
4983
4984unlock:
4985 hci_dev_unlock(hdev);
4986}
4987
4988static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4989 u16 len)
4990{
4991 struct mgmt_cp_get_conn_info *cp = data;
4992 struct mgmt_rp_get_conn_info rp;
4993 struct hci_conn *conn;
4994 unsigned long conn_info_age;
4995 int err = 0;
4996
4997 BT_DBG("%s", hdev->name);
4998
4999 memset(&rp, 0, sizeof(rp));
5000 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5001 rp.addr.type = cp->addr.type;
5002
5003 if (!bdaddr_type_is_valid(cp->addr.type))
5004 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5005 MGMT_STATUS_INVALID_PARAMS,
5006 &rp, sizeof(rp));
5007
5008 hci_dev_lock(hdev);
5009
5010 if (!hdev_is_powered(hdev)) {
5011 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5012 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5013 goto unlock;
5014 }
5015
5016 if (cp->addr.type == BDADDR_BREDR)
5017 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5018 &cp->addr.bdaddr);
5019 else
5020 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5021
5022 if (!conn || conn->state != BT_CONNECTED) {
5023 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5024 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5025 goto unlock;
5026 }
5027
5028 /* To avoid client trying to guess when to poll again for information we
5029 * calculate conn info age as random value between min/max set in hdev.
5030 */
5031 conn_info_age = hdev->conn_info_min_age +
5032 prandom_u32_max(hdev->conn_info_max_age -
5033 hdev->conn_info_min_age);
5034
5035 /* Query controller to refresh cached values if they are too old or were
5036 * never read.
5037 */
f4e2dd53
AK		 5038 if (time_after(jiffies, conn->conn_info_timestamp +
5039 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5040 !conn->conn_info_timestamp) {
5041 struct hci_request req;
5042 struct hci_cp_read_tx_power req_txp_cp;
5043 struct hci_cp_read_rssi req_rssi_cp;
5044 struct pending_cmd *cmd;
5045
5046 hci_req_init(&req, hdev);
5047 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5048 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5049 &req_rssi_cp);
5050
f7faab0c
AK		 5051 /* For LE links TX power does not change thus we don't need to
5052 * query for it once value is known.
5053 */
5054 if (!bdaddr_type_is_le(cp->addr.type) ||
5055 conn->tx_power == HCI_TX_POWER_INVALID) {
5056 req_txp_cp.handle = cpu_to_le16(conn->handle);
5057 req_txp_cp.type = 0x00;
5058 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5059 sizeof(req_txp_cp), &req_txp_cp);
5060 }
dd983808 5061
eed5daf3
AK		 5062 /* Max TX power needs to be read only once per connection */
5063 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5064 req_txp_cp.handle = cpu_to_le16(conn->handle);
5065 req_txp_cp.type = 0x01;
5066 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5067 sizeof(req_txp_cp), &req_txp_cp);
5068 }
5069
dd983808
AK		 5070 err = hci_req_run(&req, conn_info_refresh_complete);
5071 if (err < 0)
5072 goto unlock;
5073
5074 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5075 data, len);
5076 if (!cmd) {
5077 err = -ENOMEM;
5078 goto unlock;
5079 }
5080
5081 hci_conn_hold(conn);
5082 cmd->user_data = conn;
5083
5084 conn->conn_info_timestamp = jiffies;
5085 } else {
5086 /* Cache is valid, just reply with values cached in hci_conn */
5087 rp.rssi = conn->rssi;
5088 rp.tx_power = conn->tx_power;
eed5daf3 5089 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5090
5091 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5092 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5093 }
5094
5095unlock:
5096 hci_dev_unlock(hdev);
5097 return err;
5098}
5099
95868426
JH		 5100static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5101{
5102 struct mgmt_cp_get_clock_info *cp;
5103 struct mgmt_rp_get_clock_info rp;
5104 struct hci_cp_read_clock *hci_cp;
5105 struct pending_cmd *cmd;
5106 struct hci_conn *conn;
5107
5108 BT_DBG("%s status %u", hdev->name, status);
5109
5110 hci_dev_lock(hdev);
5111
5112 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5113 if (!hci_cp)
5114 goto unlock;
5115
5116 if (hci_cp->which) {
5117 u16 handle = __le16_to_cpu(hci_cp->handle);
5118 conn = hci_conn_hash_lookup_handle(hdev, handle);
5119 } else {
5120 conn = NULL;
5121 }
5122
5123 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5124 if (!cmd)
5125 goto unlock;
5126
5127 cp = cmd->param;
5128
5129 memset(&rp, 0, sizeof(rp));
5130 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5131
5132 if (status)
5133 goto send_rsp;
5134
5135 rp.local_clock = cpu_to_le32(hdev->clock);
5136
5137 if (conn) {
5138 rp.piconet_clock = cpu_to_le32(conn->clock);
5139 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5140 }
5141
5142send_rsp:
5143 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5144 &rp, sizeof(rp));
5145 mgmt_pending_remove(cmd);
5146 if (conn)
5147 hci_conn_drop(conn);
5148
5149unlock:
5150 hci_dev_unlock(hdev);
5151}
5152
5153static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5154 u16 len)
5155{
5156 struct mgmt_cp_get_clock_info *cp = data;
5157 struct mgmt_rp_get_clock_info rp;
5158 struct hci_cp_read_clock hci_cp;
5159 struct pending_cmd *cmd;
5160 struct hci_request req;
5161 struct hci_conn *conn;
5162 int err;
5163
5164 BT_DBG("%s", hdev->name);
5165
5166 memset(&rp, 0, sizeof(rp));
5167 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5168 rp.addr.type = cp->addr.type;
5169
5170 if (cp->addr.type != BDADDR_BREDR)
5171 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5172 MGMT_STATUS_INVALID_PARAMS,
5173 &rp, sizeof(rp));
5174
5175 hci_dev_lock(hdev);
5176
5177 if (!hdev_is_powered(hdev)) {
5178 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5179 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5180 goto unlock;
5181 }
5182
5183 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5185 &cp->addr.bdaddr);
5186 if (!conn || conn->state != BT_CONNECTED) {
5187 err = cmd_complete(sk, hdev->id,
5188 MGMT_OP_GET_CLOCK_INFO,
5189 MGMT_STATUS_NOT_CONNECTED,
5190 &rp, sizeof(rp));
5191 goto unlock;
5192 }
5193 } else {
5194 conn = NULL;
5195 }
5196
5197 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5198 if (!cmd) {
5199 err = -ENOMEM;
5200 goto unlock;
5201 }
5202
5203 hci_req_init(&req, hdev);
5204
5205 memset(&hci_cp, 0, sizeof(hci_cp));
5206 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5207
5208 if (conn) {
5209 hci_conn_hold(conn);
5210 cmd->user_data = conn;
5211
5212 hci_cp.handle = cpu_to_le16(conn->handle);
5213 hci_cp.which = 0x01; /* Piconet clock */
5214 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5215 }
5216
5217 err = hci_req_run(&req, get_clock_info_complete);
5218 if (err < 0)
5219 mgmt_pending_remove(cmd);
5220
5221unlock:
5222 hci_dev_unlock(hdev);
5223 return err;
5224}
5225
a397407f
JH		 5226/* Helper for Add/Remove Device commands */
5227static void update_page_scan(struct hci_dev *hdev, u8 scan)
5228{
5229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5230 return;
5231
5232 if (!hdev_is_powered(hdev))
5233 return;
5234
5235 /* If HCI_CONNECTABLE is set then Add/Remove Device should not
5236 * make any changes to page scanning.
5237 */
5238 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5239 return;
5240
5241 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5242 scan |= SCAN_INQUIRY;
5243
5244 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5245}
5246
8afef092
MH		 5247static void device_added(struct sock *sk, struct hci_dev *hdev,
5248 bdaddr_t *bdaddr, u8 type, u8 action)
5249{
5250 struct mgmt_ev_device_added ev;
5251
5252 bacpy(&ev.addr.bdaddr, bdaddr);
5253 ev.addr.type = type;
5254 ev.action = action;
5255
5256 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5257}
5258
2faade53
MH		 5259static int add_device(struct sock *sk, struct hci_dev *hdev,
5260 void *data, u16 len)
5261{
5262 struct mgmt_cp_add_device *cp = data;
5263 u8 auto_conn, addr_type;
5264 int err;
5265
5266 BT_DBG("%s", hdev->name);
5267
6659358e 5268 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5269 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5270 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5271 MGMT_STATUS_INVALID_PARAMS,
5272 &cp->addr, sizeof(cp->addr));
5273
5274 if (cp->action != 0x00 && cp->action != 0x01)
5275 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5276 MGMT_STATUS_INVALID_PARAMS,
5277 &cp->addr, sizeof(cp->addr));
5278
5279 hci_dev_lock(hdev);
5280
6659358e 5281 if (cp->addr.type == BDADDR_BREDR) {
a397407f
JH		 5282 bool update_scan;
5283
6659358e
JH		 5284 /* Only "connect" action supported for now */
5285 if (cp->action != 0x01) {
5286 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5287 MGMT_STATUS_INVALID_PARAMS,
5288 &cp->addr, sizeof(cp->addr));
5289 goto unlock;
5290 }
5291
a397407f
JH		 5292 update_scan = list_empty(&hdev->whitelist);
5293
6659358e
JH		 5294 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5295 cp->addr.type);
5296 if (err)
5297 goto unlock;
a397407f
JH		 5298
5299 if (update_scan)
5300 update_page_scan(hdev, SCAN_PAGE);
5301
6659358e
JH		 5302 goto added;
5303 }
5304
2faade53
MH		 5305 if (cp->addr.type == BDADDR_LE_PUBLIC)
5306 addr_type = ADDR_LE_DEV_PUBLIC;
5307 else
5308 addr_type = ADDR_LE_DEV_RANDOM;
5309
5310 if (cp->action)
5311 auto_conn = HCI_AUTO_CONN_ALWAYS;
5312 else
a3451d27 5313 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5314
bf5b3c8b
MH		 5315 /* If the connection parameters don't exist for this device,
5316 * they will be created and configured with defaults.
5317 */
d06b50ce
MH		 5318 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5319 auto_conn) < 0) {
2faade53
MH		 5320 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5321 MGMT_STATUS_FAILED,
5322 &cp->addr, sizeof(cp->addr));
5323 goto unlock;
5324 }
5325
6659358e 5326added:
8afef092
MH		 5327 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5328
2faade53
MH		 5329 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5330 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5331
5332unlock:
5333 hci_dev_unlock(hdev);
5334 return err;
5335}
5336
8afef092
MH		 5337static void device_removed(struct sock *sk, struct hci_dev *hdev,
5338 bdaddr_t *bdaddr, u8 type)
5339{
5340 struct mgmt_ev_device_removed ev;
5341
5342 bacpy(&ev.addr.bdaddr, bdaddr);
5343 ev.addr.type = type;
5344
5345 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5346}
5347
2faade53
MH		 5348static int remove_device(struct sock *sk, struct hci_dev *hdev,
5349 void *data, u16 len)
5350{
5351 struct mgmt_cp_remove_device *cp = data;
5352 int err;
5353
5354 BT_DBG("%s", hdev->name);
5355
5356 hci_dev_lock(hdev);
5357
5358 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5359 struct hci_conn_params *params;
2faade53
MH		 5360 u8 addr_type;
5361
6659358e 5362 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5363 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5364 MGMT_STATUS_INVALID_PARAMS,
5365 &cp->addr, sizeof(cp->addr));
5366 goto unlock;
5367 }
5368
6659358e
JH		 5369 if (cp->addr.type == BDADDR_BREDR) {
5370 err = hci_bdaddr_list_del(&hdev->whitelist,
5371 &cp->addr.bdaddr,
5372 cp->addr.type);
5373 if (err) {
5374 err = cmd_complete(sk, hdev->id,
5375 MGMT_OP_REMOVE_DEVICE,
5376 MGMT_STATUS_INVALID_PARAMS,
5377 &cp->addr, sizeof(cp->addr));
5378 goto unlock;
5379 }
5380
a397407f
JH		 5381 if (list_empty(&hdev->whitelist))
5382 update_page_scan(hdev, SCAN_DISABLED);
5383
6659358e
JH		 5384 device_removed(sk, hdev, &cp->addr.bdaddr,
5385 cp->addr.type);
5386 goto complete;
5387 }
5388
2faade53
MH		 5389 if (cp->addr.type == BDADDR_LE_PUBLIC)
5390 addr_type = ADDR_LE_DEV_PUBLIC;
5391 else
5392 addr_type = ADDR_LE_DEV_RANDOM;
5393
c71593dd
JH		 5394 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5395 addr_type);
5396 if (!params) {
5397 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5398 MGMT_STATUS_INVALID_PARAMS,
5399 &cp->addr, sizeof(cp->addr));
5400 goto unlock;
5401 }
5402
5403 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5404 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5405 MGMT_STATUS_INVALID_PARAMS,
5406 &cp->addr, sizeof(cp->addr));
5407 goto unlock;
5408 }
5409
d1dbf12e 5410 list_del(&params->action);
c71593dd
JH		 5411 list_del(&params->list);
5412 kfree(params);
95305baa 5413 hci_update_background_scan(hdev);
8afef092
MH		 5414
5415 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5416 } else {
19de0825 5417 struct hci_conn_params *p, *tmp;
6659358e 5418 struct bdaddr_list *b, *btmp;
19de0825 5419
2faade53
MH		 5420 if (cp->addr.type) {
5421 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5422 MGMT_STATUS_INVALID_PARAMS,
5423 &cp->addr, sizeof(cp->addr));
5424 goto unlock;
5425 }
5426
6659358e
JH		 5427 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5428 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5429 list_del(&b->list);
5430 kfree(b);
5431 }
5432
a397407f
JH		 5433 update_page_scan(hdev, SCAN_DISABLED);
5434
19de0825
JH		 5435 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5436 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5437 continue;
5438 device_removed(sk, hdev, &p->addr, p->addr_type);
5439 list_del(&p->action);
5440 list_del(&p->list);
5441 kfree(p);
5442 }
5443
5444 BT_DBG("All LE connection parameters were removed");
5445
5446 hci_update_background_scan(hdev);
2faade53
MH		 5447 }
5448
6659358e 5449complete:
2faade53
MH		 5450 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5451 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5452
5453unlock:
5454 hci_dev_unlock(hdev);
5455 return err;
5456}
5457
a26f3dcf
JH		 5458static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5459 u16 len)
5460{
5461 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5462 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5463 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5464 u16 param_count, expected_len;
5465 int i;
5466
5467 if (!lmp_le_capable(hdev))
5468 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5469 MGMT_STATUS_NOT_SUPPORTED);
5470
5471 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5472 if (param_count > max_param_count) {
5473 BT_ERR("load_conn_param: too big param_count value %u",
5474 param_count);
5475 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5476 MGMT_STATUS_INVALID_PARAMS);
5477 }
a26f3dcf
JH		 5478
5479 expected_len = sizeof(*cp) + param_count *
5480 sizeof(struct mgmt_conn_param);
5481 if (expected_len != len) {
5482 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5483 expected_len, len);
5484 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5485 MGMT_STATUS_INVALID_PARAMS);
5486 }
5487
5488 BT_DBG("%s param_count %u", hdev->name, param_count);
5489
5490 hci_dev_lock(hdev);
5491
5492 hci_conn_params_clear_disabled(hdev);
5493
5494 for (i = 0; i < param_count; i++) {
5495 struct mgmt_conn_param *param = &cp->params[i];
5496 struct hci_conn_params *hci_param;
5497 u16 min, max, latency, timeout;
5498 u8 addr_type;
5499
5500 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5501 param->addr.type);
5502
5503 if (param->addr.type == BDADDR_LE_PUBLIC) {
5504 addr_type = ADDR_LE_DEV_PUBLIC;
5505 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5506 addr_type = ADDR_LE_DEV_RANDOM;
5507 } else {
5508 BT_ERR("Ignoring invalid connection parameters");
5509 continue;
5510 }
5511
5512 min = le16_to_cpu(param->min_interval);
5513 max = le16_to_cpu(param->max_interval);
5514 latency = le16_to_cpu(param->latency);
5515 timeout = le16_to_cpu(param->timeout);
5516
5517 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5518 min, max, latency, timeout);
5519
5520 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5521 BT_ERR("Ignoring invalid connection parameters");
5522 continue;
5523 }
5524
5525 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5526 addr_type);
5527 if (!hci_param) {
5528 BT_ERR("Failed to add connection parameters");
5529 continue;
5530 }
5531
5532 hci_param->conn_min_interval = min;
5533 hci_param->conn_max_interval = max;
5534 hci_param->conn_latency = latency;
5535 hci_param->supervision_timeout = timeout;
5536 }
5537
5538 hci_dev_unlock(hdev);
5539
5540 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5541}
5542
dbece37a
MH		 5543static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5544 void *data, u16 len)
5545{
5546 struct mgmt_cp_set_external_config *cp = data;
5547 bool changed;
5548 int err;
5549
5550 BT_DBG("%s", hdev->name);
5551
5552 if (hdev_is_powered(hdev))
5553 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5554 MGMT_STATUS_REJECTED);
5555
5556 if (cp->config != 0x00 && cp->config != 0x01)
5557 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5558 MGMT_STATUS_INVALID_PARAMS);
5559
5560 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5561 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5562 MGMT_STATUS_NOT_SUPPORTED);
5563
5564 hci_dev_lock(hdev);
5565
5566 if (cp->config)
5567 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5568 &hdev->dev_flags);
5569 else
5570 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5571 &hdev->dev_flags);
5572
5573 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5574 if (err < 0)
5575 goto unlock;
5576
5577 if (!changed)
5578 goto unlock;
5579
f4537c04
MH		 5580 err = new_options(hdev, sk);
5581
dbece37a
MH		 5582 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5583 mgmt_index_removed(hdev);
d603b76b
MH		 5584
5585 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5586 set_bit(HCI_CONFIG, &hdev->dev_flags);
5587 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5588
5589 queue_work(hdev->req_workqueue, &hdev->power_on);
5590 } else {
5ea234d3 5591 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5592 mgmt_index_added(hdev);
5593 }
dbece37a
MH		 5594 }
5595
5596unlock:
5597 hci_dev_unlock(hdev);
5598 return err;
5599}
5600
9713c17b
MH		 5601static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5603{
5604 struct mgmt_cp_set_public_address *cp = data;
5605 bool changed;
5606 int err;
5607
5608 BT_DBG("%s", hdev->name);
5609
5610 if (hdev_is_powered(hdev))
5611 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5612 MGMT_STATUS_REJECTED);
5613
5614 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5615 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5616 MGMT_STATUS_INVALID_PARAMS);
5617
5618 if (!hdev->set_bdaddr)
5619 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5620 MGMT_STATUS_NOT_SUPPORTED);
5621
5622 hci_dev_lock(hdev);
5623
5624 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5625 bacpy(&hdev->public_addr, &cp->bdaddr);
5626
5627 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5628 if (err < 0)
5629 goto unlock;
5630
5631 if (!changed)
5632 goto unlock;
5633
5634 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5635 err = new_options(hdev, sk);
5636
5637 if (is_configured(hdev)) {
5638 mgmt_index_removed(hdev);
5639
5640 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5641
5642 set_bit(HCI_CONFIG, &hdev->dev_flags);
5643 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5644
5645 queue_work(hdev->req_workqueue, &hdev->power_on);
5646 }
5647
5648unlock:
5649 hci_dev_unlock(hdev);
5650 return err;
5651}
5652
2e3c35ea 5653static const struct mgmt_handler {
04124681
GP		 5654 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5655 u16 data_len);
be22b54e
JH		 5656 bool var_len;
5657 size_t data_len;
0f4e68cf
JH		 5658} mgmt_handlers[] = {
5659 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5660 { read_version, false, MGMT_READ_VERSION_SIZE },
5661 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5662 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5663 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5664 { set_powered, false, MGMT_SETTING_SIZE },
5665 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5666 { set_connectable, false, MGMT_SETTING_SIZE },
5667 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5668 { set_pairable, false, MGMT_SETTING_SIZE },
5669 { set_link_security, false, MGMT_SETTING_SIZE },
5670 { set_ssp, false, MGMT_SETTING_SIZE },
5671 { set_hs, false, MGMT_SETTING_SIZE },
5672 { set_le, false, MGMT_SETTING_SIZE },
5673 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5674 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5675 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5676 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5677 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5678 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5679 { disconnect, false, MGMT_DISCONNECT_SIZE },
5680 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5681 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5682 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5683 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5684 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5685 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5686 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5687 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5688 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5689 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5690 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5691 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5692 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5693 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5694 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5695 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5696 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5697 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5698 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5699 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5700 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5701 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5702 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5703 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5704 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5705 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5706 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5707 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5708 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5709 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5710 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5711 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5712 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5713 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5714 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5715 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5716 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5717};
5718
0381101f
JH		 5719int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5720{
650f726d
VCG		 5721 void *buf;
5722 u8 *cp;
0381101f 5723 struct mgmt_hdr *hdr;
4e51eae9 5724 u16 opcode, index, len;
bdb6d971 5725 struct hci_dev *hdev = NULL;
2e3c35ea 5726 const struct mgmt_handler *handler;
0381101f
JH		 5727 int err;
5728
5729 BT_DBG("got %zu bytes", msglen);
5730
5731 if (msglen < sizeof(*hdr))
5732 return -EINVAL;
5733
e63a15ec 5734 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5735 if (!buf)
5736 return -ENOMEM;
5737
5738 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5739 err = -EFAULT;
5740 goto done;
5741 }
5742
650f726d 5743 hdr = buf;
1f350c87
MH		 5744 opcode = __le16_to_cpu(hdr->opcode);
5745 index = __le16_to_cpu(hdr->index);
5746 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5747
5748 if (len != msglen - sizeof(*hdr)) {
5749 err = -EINVAL;
5750 goto done;
5751 }
5752
0f4e68cf 5753 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5754 hdev = hci_dev_get(index);
5755 if (!hdev) {
5756 err = cmd_status(sk, index, opcode,
04124681 5757 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5758 goto done;
5759 }
0736cfa8 5760
cebf4cfd 5761 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5762 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5763 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5764 err = cmd_status(sk, index, opcode,
5765 MGMT_STATUS_INVALID_INDEX);
5766 goto done;
5767 }
42a9bc14
MH		 5768
5769 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5770 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5771 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5772 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5773 err = cmd_status(sk, index, opcode,
5774 MGMT_STATUS_INVALID_INDEX);
5775 goto done;
5776 }
bdb6d971
JH		 5777 }
5778
0f4e68cf 5779 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5780 mgmt_handlers[opcode].func == NULL) {
0381101f 5781 BT_DBG("Unknown op %u", opcode);
ca69b795 5782 err = cmd_status(sk, index, opcode,
04124681 5783 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5784 goto done;
5785 }
5786
73d1df2a
MH		 5787 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5788 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5789 err = cmd_status(sk, index, opcode,
5790 MGMT_STATUS_INVALID_INDEX);
5791 goto done;
5792 }
5793
5794 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5795 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5796 err = cmd_status(sk, index, opcode,
04124681 5797 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5798 goto done;
0381101f
JH		 5799 }
5800
be22b54e
JH		 5801 handler = &mgmt_handlers[opcode];
5802
5803 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5804 (!handler->var_len && len != handler->data_len)) {
be22b54e 5805 err = cmd_status(sk, index, opcode,
04124681 5806 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5807 goto done;
5808 }
5809
0f4e68cf
JH		 5810 if (hdev)
5811 mgmt_init_hdev(sk, hdev);
5812
5813 cp = buf + sizeof(*hdr);
5814
be22b54e 5815 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5816 if (err < 0)
5817 goto done;
5818
0381101f
JH		 5819 err = msglen;
5820
5821done:
bdb6d971
JH		 5822 if (hdev)
5823 hci_dev_put(hdev);
5824
0381101f
JH		 5825 kfree(buf);
5826 return err;
5827}
c71e97bf 5828
bf6b56db 5829void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5830{
1514b892 5831 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5832 return;
bb4b2a9a 5833
0602a8ad
MH		 5834 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5835 return;
5836
5837 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5838 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5839 else
5840 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5841}
5842
bf6b56db 5843void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5844{
5f159032 5845 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5846
1514b892 5847 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5848 return;
bb4b2a9a 5849
0602a8ad
MH		 5850 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5851 return;
5852
744cf19e 5853 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5854
edd3896b
MH		 5855 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5856 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5857 else
5858 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5859}
5860
6046dc3e 5861/* This function requires the caller holds hdev->lock */
d7347f3c 5862static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5863{
5864 struct hci_conn_params *p;
5865
5866 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5867 /* Needed for AUTO_OFF case where might not "really"
5868 * have been powered off.
5869 */
5870 list_del_init(&p->action);
5871
5872 switch (p->auto_connect) {
5873 case HCI_AUTO_CONN_ALWAYS:
5874 list_add(&p->action, &hdev->pend_le_conns);
5875 break;
5876 case HCI_AUTO_CONN_REPORT:
5877 list_add(&p->action, &hdev->pend_le_reports);
5878 break;
5879 default:
5880 break;
c83ed19d 5881 }
6046dc3e 5882 }
c83ed19d 5883
c83ed19d 5884 hci_update_background_scan(hdev);
6046dc3e
AG		 5885}
5886
229ab39c
JH		 5887static void powered_complete(struct hci_dev *hdev, u8 status)
5888{
5889 struct cmd_lookup match = { NULL, hdev };
5890
5891 BT_DBG("status 0x%02x", status);
5892
5893 hci_dev_lock(hdev);
5894
d7347f3c 5895 restart_le_actions(hdev);
6046dc3e 5896
229ab39c
JH		 5897 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5898
5899 new_settings(hdev, match.sk);
5900
5901 hci_dev_unlock(hdev);
5902
5903 if (match.sk)
5904 sock_put(match.sk);
5905}
5906
70da6243 5907static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5908{
890ea898 5909 struct hci_request req;
70da6243 5910 u8 link_sec;
5add6af8 5911
890ea898
JH		 5912 hci_req_init(&req, hdev);
5913
70da6243
JH		 5914 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5915 !lmp_host_ssp_capable(hdev)) {
5916 u8 ssp = 1;
5e5282bb 5917
890ea898 5918 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5919 }
5add6af8 5920
c73eee91
JH		 5921 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5922 lmp_bredr_capable(hdev)) {
70da6243 5923 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5924
70da6243
JH		 5925 cp.le = 1;
5926 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5927
70da6243
JH		 5928 /* Check first if we already have the right
5929 * host state (host features set)
5930 */
5931 if (cp.le != lmp_host_le_capable(hdev) ||
5932 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5933 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5934 sizeof(cp), &cp);
70da6243 5935 }
3d1cbdd6 5936
d13eafce 5937 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5938 /* Make sure the controller has a good default for
5939 * advertising data. This also applies to the case
5940 * where BR/EDR was toggled during the AUTO_OFF phase.
5941 */
f14d8f64 5942 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5943 update_adv_data(&req);
f14d8f64
MH		 5944 update_scan_rsp_data(&req);
5945 }
441ad2d0 5946
bba3aa55
MH		 5947 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5948 enable_advertising(&req);
eeca6f89
JH		 5949 }
5950
70da6243
JH		 5951 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5952 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5953 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5954 sizeof(link_sec), &link_sec);
562fcc24 5955
70da6243 5956 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5957 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5958 set_bredr_scan(&req);
890ea898 5959 update_class(&req);
13928971 5960 update_name(&req);
890ea898 5961 update_eir(&req);
70da6243 5962 }
562fcc24 5963
229ab39c 5964 return hci_req_run(&req, powered_complete);
70da6243 5965}
562fcc24 5966
70da6243
JH		 5967int mgmt_powered(struct hci_dev *hdev, u8 powered)
5968{
5969 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5970 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5971 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5972 int err;
f0ff92fb 5973
70da6243
JH		 5974 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5975 return 0;
5976
70da6243 5977 if (powered) {
229ab39c
JH		 5978 if (powered_update_hci(hdev) == 0)
5979 return 0;
fe038884 5980
229ab39c
JH		 5981 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5982 &match);
5983 goto new_settings;
b24752fe
JH		 5984 }
5985
229ab39c
JH		 5986 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5987 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5988
5989 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5990 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5991 zero_cod, sizeof(zero_cod), NULL);
5992
5993new_settings:
beadb2bd 5994 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5995
5996 if (match.sk)
5997 sock_put(match.sk);
5998
7bb895d6 5999 return err;
5add6af8 6000}
73f22f62 6001
3eec705e 6002void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6003{
6004 struct pending_cmd *cmd;
6005 u8 status;
6006
6007 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6008 if (!cmd)
3eec705e 6009 return;
96570ffc
JH		 6010
6011 if (err == -ERFKILL)
6012 status = MGMT_STATUS_RFKILLED;
6013 else
6014 status = MGMT_STATUS_FAILED;
6015
3eec705e 6016 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6017
6018 mgmt_pending_remove(cmd);
96570ffc
JH		 6019}
6020
d1967ff8
MH		 6021void mgmt_discoverable_timeout(struct hci_dev *hdev)
6022{
6023 struct hci_request req;
d1967ff8
MH		 6024
6025 hci_dev_lock(hdev);
6026
6027 /* When discoverable timeout triggers, then just make sure
6028 * the limited discoverable flag is cleared. Even in the case
6029 * of a timeout triggered from general discoverable, it is
6030 * safe to unconditionally clear the flag.
6031 */
6032 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6033 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6034
6035 hci_req_init(&req, hdev);
4b580614
JH		 6036 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6037 u8 scan = SCAN_PAGE;
6038 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6039 sizeof(scan), &scan);
6040 }
d1967ff8 6041 update_class(&req);
9a43e25f 6042 update_adv_data(&req);
d1967ff8
MH		 6043 hci_req_run(&req, NULL);
6044
6045 hdev->discov_timeout = 0;
6046
9a43e25f
JH		 6047 new_settings(hdev, NULL);
6048
d1967ff8
MH		 6049 hci_dev_unlock(hdev);
6050}
6051
dc4a5ee2
MH		 6052void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6053 bool persistent)
55ed8ca1 6054{
86742e1e 6055 struct mgmt_ev_new_link_key ev;
55ed8ca1 6056
a492cd52 6057 memset(&ev, 0, sizeof(ev));
55ed8ca1 6058
a492cd52 6059 ev.store_hint = persistent;
d753fdc4 6060 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6061 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6062 ev.key.type = key->type;
9b3b4460 6063 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6064 ev.key.pin_len = key->pin_len;
55ed8ca1 6065
dc4a5ee2 6066 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6067}
f7520543 6068
d7b25450
JH		 6069static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6070{
6071 if (ltk->authenticated)
6072 return MGMT_LTK_AUTHENTICATED;
6073
6074 return MGMT_LTK_UNAUTHENTICATED;
6075}
6076
53ac6ab6 6077void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6078{
6079 struct mgmt_ev_new_long_term_key ev;
6080
6081 memset(&ev, 0, sizeof(ev));
6082
5192d301
MH		 6083 /* Devices using resolvable or non-resolvable random addresses
6084 * without providing an indentity resolving key don't require
6085 * to store long term keys. Their addresses will change the
6086 * next time around.
6087 *
6088 * Only when a remote device provides an identity address
6089 * make sure the long term key is stored. If the remote
6090 * identity is known, the long term keys are internally
6091 * mapped to the identity address. So allow static random
6092 * and public addresses here.
6093 */
ba74b666
JH		 6094 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6095 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6096 ev.store_hint = 0x00;
6097 else
53ac6ab6 6098 ev.store_hint = persistent;
ba74b666 6099
346af67b 6100 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6101 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6102 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6103 ev.key.enc_size = key->enc_size;
6104 ev.key.ediv = key->ediv;
fe39c7b2 6105 ev.key.rand = key->rand;
346af67b 6106
2ceba539 6107 if (key->type == SMP_LTK)
346af67b
VCG		 6108 ev.key.master = 1;
6109
346af67b
VCG		 6110 memcpy(ev.key.val, key->val, sizeof(key->val));
6111
083368f7 6112 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6113}
6114
95fbac8a
JH		 6115void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6116{
6117 struct mgmt_ev_new_irk ev;
6118
6119 memset(&ev, 0, sizeof(ev));
6120
bab6d1e5
MH		 6121 /* For identity resolving keys from devices that are already
6122 * using a public address or static random address, do not
6123 * ask for storing this key. The identity resolving key really
6124 * is only mandatory for devices using resovlable random
6125 * addresses.
6126 *
6127 * Storing all identity resolving keys has the downside that
6128 * they will be also loaded on next boot of they system. More
6129 * identity resolving keys, means more time during scanning is
6130 * needed to actually resolve these addresses.
6131 */
6132 if (bacmp(&irk->rpa, BDADDR_ANY))
6133 ev.store_hint = 0x01;
6134 else
6135 ev.store_hint = 0x00;
6136
95fbac8a
JH		 6137 bacpy(&ev.rpa, &irk->rpa);
6138 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6139 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6140 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6141
6142 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6143}
6144
53ac6ab6
MH		 6145void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6146 bool persistent)
7ee4ea36
MH		 6147{
6148 struct mgmt_ev_new_csrk ev;
6149
6150 memset(&ev, 0, sizeof(ev));
6151
6152 /* Devices using resolvable or non-resolvable random addresses
6153 * without providing an indentity resolving key don't require
6154 * to store signature resolving keys. Their addresses will change
6155 * the next time around.
6156 *
6157 * Only when a remote device provides an identity address
6158 * make sure the signature resolving key is stored. So allow
6159 * static random and public addresses here.
6160 */
6161 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6162 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6163 ev.store_hint = 0x00;
6164 else
53ac6ab6 6165 ev.store_hint = persistent;
7ee4ea36
MH		 6166
6167 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6168 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6169 ev.key.master = csrk->master;
6170 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6171
6172 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6173}
6174
ffb5a827 6175void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6176 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6177 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6178{
6179 struct mgmt_ev_new_conn_param ev;
6180
c103aea6
JH		 6181 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6182 return;
6183
ffb5a827
AG		 6184 memset(&ev, 0, sizeof(ev));
6185 bacpy(&ev.addr.bdaddr, bdaddr);
6186 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6187 ev.store_hint = store_hint;
ffb5a827
AG		 6188 ev.min_interval = cpu_to_le16(min_interval);
6189 ev.max_interval = cpu_to_le16(max_interval);
6190 ev.latency = cpu_to_le16(latency);
6191 ev.timeout = cpu_to_le16(timeout);
6192
6193 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6194}
6195
94933991
MH		 6196static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6197 u8 data_len)
6198{
6199 eir[eir_len++] = sizeof(type) + data_len;
6200 eir[eir_len++] = type;
6201 memcpy(&eir[eir_len], data, data_len);
6202 eir_len += data_len;
6203
6204 return eir_len;
6205}
6206
ecd90ae7
MH		 6207void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6208 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6209 u8 *dev_class)
f7520543 6210{
b644ba33
JH		 6211 char buf[512];
6212 struct mgmt_ev_device_connected *ev = (void *) buf;
6213 u16 eir_len = 0;
f7520543 6214
b644ba33 6215 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6216 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6217
c95f0ba7 6218 ev->flags = __cpu_to_le32(flags);
08c79b61 6219
b644ba33
JH		 6220 if (name_len > 0)
6221 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6222 name, name_len);
b644ba33
JH		 6223
6224 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6225 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6226 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6227
eb55ef07 6228 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6229
ecd90ae7
MH		 6230 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6231 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6232}
6233
8962ee74
JH		 6234static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6235{
c68fb7ff 6236 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6237 struct sock **sk = data;
a38528f1 6238 struct mgmt_rp_disconnect rp;
8962ee74 6239
88c3df13
JH		 6240 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6241 rp.addr.type = cp->addr.type;
8962ee74 6242
aee9b218 6243 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6244 sizeof(rp));
8962ee74
JH		 6245
6246 *sk = cmd->sk;
6247 sock_hold(*sk);
6248
a664b5bc 6249 mgmt_pending_remove(cmd);
8962ee74
JH		 6250}
6251
124f6e35 6252static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6253{
b1078ad0 6254 struct hci_dev *hdev = data;
124f6e35
JH		 6255 struct mgmt_cp_unpair_device *cp = cmd->param;
6256 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6257
6258 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6259 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6260 rp.addr.type = cp->addr.type;
a8a1d19e 6261
b1078ad0
JH		 6262 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6263
aee9b218 6264 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6265
6266 mgmt_pending_remove(cmd);
6267}
6268
9b80ec5e 6269void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6270 u8 link_type, u8 addr_type, u8 reason,
6271 bool mgmt_connected)
f7520543 6272{
f0d6a0ea 6273 struct mgmt_ev_device_disconnected ev;
8b064a3a 6274 struct pending_cmd *power_off;
8962ee74 6275 struct sock *sk = NULL;
8962ee74 6276
8b064a3a
JH		 6277 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6278 if (power_off) {
6279 struct mgmt_mode *cp = power_off->param;
6280
6281 /* The connection is still in hci_conn_hash so test for 1
6282 * instead of 0 to know if this is the last one.
6283 */
a3172b7e
JH		 6284 if (!cp->val && hci_conn_count(hdev) == 1) {
6285 cancel_delayed_work(&hdev->power_off);
8b064a3a 6286 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6287 }
8b064a3a
JH		 6288 }
6289
12d4a3b2
JH		 6290 if (!mgmt_connected)
6291 return;
6292
57eb776f
AG		 6293 if (link_type != ACL_LINK && link_type != LE_LINK)
6294 return;
6295
744cf19e 6296 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6297
f0d6a0ea
MA		 6298 bacpy(&ev.addr.bdaddr, bdaddr);
6299 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6300 ev.reason = reason;
f7520543 6301
9b80ec5e 6302 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6303
6304 if (sk)
d97dcb66 6305 sock_put(sk);
8962ee74 6306
124f6e35 6307 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6308 hdev);
8962ee74
JH		 6309}
6310
7892924c
MH		 6311void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6312 u8 link_type, u8 addr_type, u8 status)
8962ee74 6313{
3655bba8
AG		 6314 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6315 struct mgmt_cp_disconnect *cp;
88c3df13 6316 struct mgmt_rp_disconnect rp;
8962ee74 6317 struct pending_cmd *cmd;
8962ee74 6318
36a75f1b
JD		 6319 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6320 hdev);
6321
2e58ef3e 6322 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6323 if (!cmd)
7892924c 6324 return;
8962ee74 6325
3655bba8
AG		 6326 cp = cmd->param;
6327
6328 if (bacmp(bdaddr, &cp->addr.bdaddr))
6329 return;
6330
6331 if (cp->addr.type != bdaddr_type)
6332 return;
6333
88c3df13 6334 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6335 rp.addr.type = bdaddr_type;
37d9ef76 6336
7892924c
MH		 6337 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6338 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6339
a664b5bc 6340 mgmt_pending_remove(cmd);
f7520543 6341}
17d5c04c 6342
445608d0
MH		 6343void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6344 u8 addr_type, u8 status)
17d5c04c
JH		 6345{
6346 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6347 struct pending_cmd *power_off;
6348
6349 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6350 if (power_off) {
6351 struct mgmt_mode *cp = power_off->param;
6352
6353 /* The connection is still in hci_conn_hash so test for 1
6354 * instead of 0 to know if this is the last one.
6355 */
a3172b7e
JH		 6356 if (!cp->val && hci_conn_count(hdev) == 1) {
6357 cancel_delayed_work(&hdev->power_off);
c9910d0f 6358 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6359 }
c9910d0f 6360 }
17d5c04c 6361
4c659c39 6362 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6363 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6364 ev.status = mgmt_status(status);
17d5c04c 6365
445608d0 6366 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6367}
980e1a53 6368
ce0e4a0d 6369void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6370{
6371 struct mgmt_ev_pin_code_request ev;
6372
d8457698 6373 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6374 ev.addr.type = BDADDR_BREDR;
a770bb5a 6375 ev.secure = secure;
980e1a53 6376
ce0e4a0d 6377 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6378}
6379
e669cf80
MH		 6380void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6381 u8 status)
980e1a53
JH		 6382{
6383 struct pending_cmd *cmd;
ac56fb13 6384 struct mgmt_rp_pin_code_reply rp;
980e1a53 6385
2e58ef3e 6386 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6387 if (!cmd)
e669cf80 6388 return;
980e1a53 6389
d8457698 6390 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6391 rp.addr.type = BDADDR_BREDR;
ac56fb13 6392
e669cf80
MH		 6393 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6394 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6395
a664b5bc 6396 mgmt_pending_remove(cmd);
980e1a53
JH		 6397}
6398
3eb38528
MH		 6399void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6400 u8 status)
980e1a53
JH		 6401{
6402 struct pending_cmd *cmd;
ac56fb13 6403 struct mgmt_rp_pin_code_reply rp;
980e1a53 6404
2e58ef3e 6405 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6406 if (!cmd)
3eb38528 6407 return;
980e1a53 6408
d8457698 6409 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6410 rp.addr.type = BDADDR_BREDR;
ac56fb13 6411
3eb38528
MH		 6412 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6413 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6414
a664b5bc 6415 mgmt_pending_remove(cmd);
980e1a53 6416}
a5c29683 6417
744cf19e 6418int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6419 u8 link_type, u8 addr_type, u32 value,
04124681 6420 u8 confirm_hint)
a5c29683
JH		 6421{
6422 struct mgmt_ev_user_confirm_request ev;
6423
744cf19e 6424 BT_DBG("%s", hdev->name);
a5c29683 6425
272d90df 6426 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6427 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6428 ev.confirm_hint = confirm_hint;
39adbffe 6429 ev.value = cpu_to_le32(value);
a5c29683 6430
744cf19e 6431 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6432 NULL);
a5c29683
JH		 6433}
6434
272d90df 6435int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6436 u8 link_type, u8 addr_type)
604086b7
BG		 6437{
6438 struct mgmt_ev_user_passkey_request ev;
6439
6440 BT_DBG("%s", hdev->name);
6441
272d90df 6442 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6443 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6444
6445 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6446 NULL);
604086b7
BG		 6447}
6448
0df4c185 6449static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6450 u8 link_type, u8 addr_type, u8 status,
6451 u8 opcode)
a5c29683
JH		 6452{
6453 struct pending_cmd *cmd;
6454 struct mgmt_rp_user_confirm_reply rp;
6455 int err;
6456
2e58ef3e 6457 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6458 if (!cmd)
6459 return -ENOENT;
6460
272d90df 6461 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6462 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6463 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6464 &rp, sizeof(rp));
a5c29683 6465
a664b5bc 6466 mgmt_pending_remove(cmd);
a5c29683
JH		 6467
6468 return err;
6469}
6470
744cf19e 6471int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6472 u8 link_type, u8 addr_type, u8 status)
a5c29683 6473{
272d90df 6474 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6475 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6476}
6477
272d90df 6478int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6479 u8 link_type, u8 addr_type, u8 status)
a5c29683 6480{
272d90df 6481 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6482 status,
6483 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6484}
2a611692 6485
604086b7 6486int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6487 u8 link_type, u8 addr_type, u8 status)
604086b7 6488{
272d90df 6489 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6490 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6491}
6492
272d90df 6493int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6494 u8 link_type, u8 addr_type, u8 status)
604086b7 6495{
272d90df 6496 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6497 status,
6498 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6499}
6500
92a25256
JH		 6501int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6502 u8 link_type, u8 addr_type, u32 passkey,
6503 u8 entered)
6504{
6505 struct mgmt_ev_passkey_notify ev;
6506
6507 BT_DBG("%s", hdev->name);
6508
6509 bacpy(&ev.addr.bdaddr, bdaddr);
6510 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6511 ev.passkey = __cpu_to_le32(passkey);
6512 ev.entered = entered;
6513
6514 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6515}
6516
e546099c
MH		 6517void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6518 u8 addr_type, u8 status)
2a611692
JH		 6519{
6520 struct mgmt_ev_auth_failed ev;
6521
bab73cb6 6522 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6523 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6524 ev.status = mgmt_status(status);
2a611692 6525
e546099c 6526 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6527}
b312b161 6528
464996ae 6529void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6530{
6531 struct cmd_lookup match = { NULL, hdev };
464996ae 6532 bool changed;
33ef95ed
JH		 6533
6534 if (status) {
6535 u8 mgmt_err = mgmt_status(status);
6536 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6537 cmd_status_rsp, &mgmt_err);
464996ae 6538 return;
33ef95ed
JH		 6539 }
6540
464996ae
MH		 6541 if (test_bit(HCI_AUTH, &hdev->flags))
6542 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6543 &hdev->dev_flags);
6544 else
6545 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6546 &hdev->dev_flags);
47990ea0 6547
33ef95ed 6548 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6549 &match);
33ef95ed 6550
47990ea0 6551 if (changed)
464996ae 6552 new_settings(hdev, match.sk);
33ef95ed
JH		 6553
6554 if (match.sk)
6555 sock_put(match.sk);
33ef95ed
JH		 6556}
6557
890ea898 6558static void clear_eir(struct hci_request *req)
cacaf52f 6559{
890ea898 6560 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6561 struct hci_cp_write_eir cp;
6562
976eb20e 6563 if (!lmp_ext_inq_capable(hdev))
890ea898 6564 return;
cacaf52f 6565
c80da27e
JH		 6566 memset(hdev->eir, 0, sizeof(hdev->eir));
6567
cacaf52f
JH		 6568 memset(&cp, 0, sizeof(cp));
6569
890ea898 6570 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6571}
6572
3e248560 6573void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6574{
6575 struct cmd_lookup match = { NULL, hdev };
890ea898 6576 struct hci_request req;
c0ecddc2 6577 bool changed = false;
ed2c4ee3
JH		 6578
6579 if (status) {
6580 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6581
6582 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6583 &hdev->dev_flags)) {
6584 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6585 new_settings(hdev, NULL);
9ecb3e24 6586 }
c0ecddc2 6587
04124681
GP		 6588 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6589 &mgmt_err);
3e248560 6590 return;
c0ecddc2
JH		 6591 }
6592
6593 if (enable) {
9ecb3e24 6594 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6595 } else {
9ecb3e24
MH		 6596 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6597 if (!changed)
6598 changed = test_and_clear_bit(HCI_HS_ENABLED,
6599 &hdev->dev_flags);
6600 else
6601 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6602 }
6603
6604 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6605
c0ecddc2 6606 if (changed)
3e248560 6607 new_settings(hdev, match.sk);
ed2c4ee3 6608
5fc6ebb1 6609 if (match.sk)
ed2c4ee3
JH		 6610 sock_put(match.sk);
6611
890ea898
JH		 6612 hci_req_init(&req, hdev);
6613
3769972b
JH		 6614 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6615 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6616 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6617 sizeof(enable), &enable);
890ea898 6618 update_eir(&req);
3769972b 6619 } else {
890ea898 6620 clear_eir(&req);
3769972b 6621 }
890ea898
JH		 6622
6623 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6624}
6625
eac83dc6
MH		 6626void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6627{
6628 struct cmd_lookup match = { NULL, hdev };
6629 bool changed = false;
6630
6631 if (status) {
6632 u8 mgmt_err = mgmt_status(status);
6633
0ab04a9c
MH		 6634 if (enable) {
6635 if (test_and_clear_bit(HCI_SC_ENABLED,
6636 &hdev->dev_flags))
6637 new_settings(hdev, NULL);
6638 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6639 }
eac83dc6
MH		 6640
6641 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6642 cmd_status_rsp, &mgmt_err);
6643 return;
6644 }
6645
0ab04a9c 6646 if (enable) {
eac83dc6 6647 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6648 } else {
eac83dc6 6649 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6650 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6651 }
eac83dc6
MH		 6652
6653 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6654 settings_rsp, &match);
6655
6656 if (changed)
6657 new_settings(hdev, match.sk);
6658
6659 if (match.sk)
6660 sock_put(match.sk);
6661}
6662
92da6097 6663static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6664{
6665 struct cmd_lookup *match = data;
6666
90e70454
JH		 6667 if (match->sk == NULL) {
6668 match->sk = cmd->sk;
6669 sock_hold(match->sk);
6670 }
90e70454
JH		 6671}
6672
4e1b0245
MH		 6673void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6674 u8 status)
7f9a903c 6675{
90e70454 6676 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6677
92da6097
JH		 6678 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6679 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6680 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6681
6682 if (!status)
4e1b0245
MH		 6683 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6684 NULL);
90e70454
JH		 6685
6686 if (match.sk)
6687 sock_put(match.sk);
7f9a903c
MH		 6688}
6689
7667da34 6690void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6691{
b312b161 6692 struct mgmt_cp_set_local_name ev;
13928971 6693 struct pending_cmd *cmd;
28cc7bde 6694
13928971 6695 if (status)
7667da34 6696 return;
b312b161
JH		 6697
6698 memset(&ev, 0, sizeof(ev));
6699 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6700 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6701
2e58ef3e 6702 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6703 if (!cmd) {
6704 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6705
13928971
JH		 6706 /* If this is a HCI command related to powering on the
6707 * HCI dev don't send any mgmt signals.
6708 */
6709 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6710 return;
890ea898 6711 }
b312b161 6712
7667da34
MH		 6713 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6714 cmd ? cmd->sk : NULL);
b312b161 6715}
c35938b2 6716
4d2d2796
MH		 6717void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6718 u8 *randomizer192, u8 *hash256,
6719 u8 *randomizer256, u8 status)
c35938b2
SJ		 6720{
6721 struct pending_cmd *cmd;
c35938b2 6722
744cf19e 6723 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6724
2e58ef3e 6725 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6726 if (!cmd)
3edaf092 6727 return;
c35938b2
SJ		 6728
6729 if (status) {
3edaf092
MH		 6730 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6731 mgmt_status(status));
c35938b2 6732 } else {
4d2d2796
MH		 6733 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6734 hash256 && randomizer256) {
6735 struct mgmt_rp_read_local_oob_ext_data rp;
6736
6737 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6738 memcpy(rp.randomizer192, randomizer192,
6739 sizeof(rp.randomizer192));
c35938b2 6740
4d2d2796
MH		 6741 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6742 memcpy(rp.randomizer256, randomizer256,
6743 sizeof(rp.randomizer256));
c35938b2 6744
4d2d2796
MH		 6745 cmd_complete(cmd->sk, hdev->id,
6746 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6747 &rp, sizeof(rp));
6748 } else {
6749 struct mgmt_rp_read_local_oob_data rp;
6750
6751 memcpy(rp.hash, hash192, sizeof(rp.hash));
6752 memcpy(rp.randomizer, randomizer192,
6753 sizeof(rp.randomizer));
6754
6755 cmd_complete(cmd->sk, hdev->id,
6756 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6757 &rp, sizeof(rp));
6758 }
c35938b2
SJ		 6759 }
6760
6761 mgmt_pending_remove(cmd);
c35938b2 6762}
e17acd40 6763
901801b9 6764void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6765 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6766 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6767{
e319d2e7
JH		 6768 char buf[512];
6769 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6770 size_t ev_size;
e17acd40 6771
75ce208c
JH		 6772 /* Don't send events for a non-kernel initiated discovery. With
6773 * LE one exception is if we have pend_le_reports > 0 in which
6774 * case we're doing passive scanning and want these events.
6775 */
6776 if (!hci_discovery_active(hdev)) {
6777 if (link_type == ACL_LINK)
6778 return;
66f8455a 6779 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6780 return;
6781 }
12602d0c 6782
5d2e9fad
JH		 6783 /* Make sure that the buffer is big enough. The 5 extra bytes
6784 * are for the potential CoD field.
6785 */
6786 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6787 return;
7d262f86 6788
1dc06093
JH		 6789 memset(buf, 0, sizeof(buf));
6790
841c5644
JH		 6791 bacpy(&ev->addr.bdaddr, bdaddr);
6792 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6793 ev->rssi = rssi;
af58925c 6794 ev->flags = cpu_to_le32(flags);
e17acd40 6795
1dc06093 6796 if (eir_len > 0)
e319d2e7 6797 memcpy(ev->eir, eir, eir_len);
e17acd40 6798
1dc06093
JH		 6799 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6800 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6801 dev_class, 3);
1dc06093 6802
5d2e9fad
JH		 6803 if (scan_rsp_len > 0)
6804 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6805
6806 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6807 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6808
901801b9 6809 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6810}
a88a9652 6811
9cf12aee
MH		 6812void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6813 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6814{
b644ba33
JH		 6815 struct mgmt_ev_device_found *ev;
6816 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6817 u16 eir_len;
a88a9652 6818
b644ba33 6819 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6820
b644ba33
JH		 6821 memset(buf, 0, sizeof(buf));
6822
6823 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6824 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6825 ev->rssi = rssi;
6826
6827 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6828 name_len);
b644ba33 6829
eb55ef07 6830 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6831
9cf12aee 6832 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6833}
314b2381 6834
2f1e063b 6835void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6836{
f963e8e9 6837 struct mgmt_ev_discovering ev;
164a6e78
JH		 6838 struct pending_cmd *cmd;
6839
343fb145
AG		 6840 BT_DBG("%s discovering %u", hdev->name, discovering);
6841
164a6e78 6842 if (discovering)
2e58ef3e 6843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6844 else
2e58ef3e 6845 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6846
6847 if (cmd != NULL) {
f808e166
JH		 6848 u8 type = hdev->discovery.type;
6849
04124681
GP		 6850 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6851 sizeof(type));
164a6e78
JH		 6852 mgmt_pending_remove(cmd);
6853 }
6854
f963e8e9
JH		 6855 memset(&ev, 0, sizeof(ev));
6856 ev.type = hdev->discovery.type;
6857 ev.discovering = discovering;
6858
2f1e063b 6859 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6860}
5e762444 6861
5976e608
MH		 6862static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6863{
6864 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6865}
6866
6867void mgmt_reenable_advertising(struct hci_dev *hdev)
6868{
6869 struct hci_request req;
6870
5976e608
MH		 6871 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6872 return;
6873
6874 hci_req_init(&req, hdev);
6875 enable_advertising(&req);
0ec5ae84 6876 hci_req_run(&req, adv_enable_complete);
5976e608 6877}
Linux 6.x block layer and io_uring tree(s)