]> git.ipfire.org Git - thirdparty/linux.git/blame - net/bluetooth/mgmt.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
arm64: tegra: Add Tegra234 thermal support
[thirdparty/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
17896406 39#include "mgmt_config.h"
e5e1e7fd 40#include "msft.h"
01ce70b0 41#include "eir.h"
258f56d1 42#include "aosp.h"
0381101f 43
2da9c55c 44#define MGMT_VERSION 1
91cb4c19 45#define MGMT_REVISION 22
02d98129 46
e70bb2e8
JH		 47static const u16 mgmt_commands[] = {
48 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_READ_INFO,
50 MGMT_OP_SET_POWERED,
51 MGMT_OP_SET_DISCOVERABLE,
52 MGMT_OP_SET_CONNECTABLE,
53 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 54 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 55 MGMT_OP_SET_LINK_SECURITY,
56 MGMT_OP_SET_SSP,
57 MGMT_OP_SET_HS,
58 MGMT_OP_SET_LE,
59 MGMT_OP_SET_DEV_CLASS,
60 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_ADD_UUID,
62 MGMT_OP_REMOVE_UUID,
63 MGMT_OP_LOAD_LINK_KEYS,
64 MGMT_OP_LOAD_LONG_TERM_KEYS,
65 MGMT_OP_DISCONNECT,
66 MGMT_OP_GET_CONNECTIONS,
67 MGMT_OP_PIN_CODE_REPLY,
68 MGMT_OP_PIN_CODE_NEG_REPLY,
69 MGMT_OP_SET_IO_CAPABILITY,
70 MGMT_OP_PAIR_DEVICE,
71 MGMT_OP_CANCEL_PAIR_DEVICE,
72 MGMT_OP_UNPAIR_DEVICE,
73 MGMT_OP_USER_CONFIRM_REPLY,
74 MGMT_OP_USER_CONFIRM_NEG_REPLY,
75 MGMT_OP_USER_PASSKEY_REPLY,
76 MGMT_OP_USER_PASSKEY_NEG_REPLY,
77 MGMT_OP_READ_LOCAL_OOB_DATA,
78 MGMT_OP_ADD_REMOTE_OOB_DATA,
79 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
80 MGMT_OP_START_DISCOVERY,
81 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_CONFIRM_NAME,
83 MGMT_OP_BLOCK_DEVICE,
84 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 85 MGMT_OP_SET_DEVICE_ID,
4375f103 86 MGMT_OP_SET_ADVERTISING,
0663ca2a 87 MGMT_OP_SET_BREDR,
d13eafce 88 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 89 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 90 MGMT_OP_SET_SECURE_CONN,
4e39ac81 91 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 92 MGMT_OP_SET_PRIVACY,
41edf160 93 MGMT_OP_LOAD_IRKS,
dd983808 94 MGMT_OP_GET_CONN_INFO,
95868426 95 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 96 MGMT_OP_ADD_DEVICE,
97 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 98 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 99 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 100 MGMT_OP_READ_CONFIG_INFO,
dbece37a 101 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 102 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 103 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 105 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 106 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 107 MGMT_OP_ADD_ADVERTISING,
da929335 108 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 109 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 110 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 111 MGMT_OP_READ_EXT_INFO,
c4960ecf 112 MGMT_OP_SET_APPEARANCE,
02431b6c
MH		 113 MGMT_OP_GET_PHY_CONFIGURATION,
114 MGMT_OP_SET_PHY_CONFIGURATION,
600a8749 115 MGMT_OP_SET_BLOCKED_KEYS,
00bce3fb 116 MGMT_OP_SET_WIDEBAND_SPEECH,
4d9b9528 117 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c
MH		 118 MGMT_OP_READ_EXP_FEATURES_INFO,
119 MGMT_OP_SET_EXP_FEATURE,
17896406
AM		 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
121 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
aececa64
MH		 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
123 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
4c54bf2b
APS		 124 MGMT_OP_GET_DEVICE_FLAGS,
125 MGMT_OP_SET_DEVICE_FLAGS,
e5e1e7fd 126 MGMT_OP_READ_ADV_MONITOR_FEATURES,
b139553d 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
bd2fbc6c 128 MGMT_OP_REMOVE_ADV_MONITOR,
12410572
DW		 129 MGMT_OP_ADD_EXT_ADV_PARAMS,
130 MGMT_OP_ADD_EXT_ADV_DATA,
b4a221ea 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
b338d917
BG		 132 MGMT_OP_SET_MESH_RECEIVER,
133 MGMT_OP_MESH_READ_FEATURES,
134 MGMT_OP_MESH_SEND,
135 MGMT_OP_MESH_SEND_CANCEL,
e70bb2e8
JH		 136};
137
138static const u16 mgmt_events[] = {
139 MGMT_EV_CONTROLLER_ERROR,
140 MGMT_EV_INDEX_ADDED,
141 MGMT_EV_INDEX_REMOVED,
142 MGMT_EV_NEW_SETTINGS,
143 MGMT_EV_CLASS_OF_DEV_CHANGED,
144 MGMT_EV_LOCAL_NAME_CHANGED,
145 MGMT_EV_NEW_LINK_KEY,
146 MGMT_EV_NEW_LONG_TERM_KEY,
147 MGMT_EV_DEVICE_CONNECTED,
148 MGMT_EV_DEVICE_DISCONNECTED,
149 MGMT_EV_CONNECT_FAILED,
150 MGMT_EV_PIN_CODE_REQUEST,
151 MGMT_EV_USER_CONFIRM_REQUEST,
152 MGMT_EV_USER_PASSKEY_REQUEST,
153 MGMT_EV_AUTH_FAILED,
154 MGMT_EV_DEVICE_FOUND,
155 MGMT_EV_DISCOVERING,
156 MGMT_EV_DEVICE_BLOCKED,
157 MGMT_EV_DEVICE_UNBLOCKED,
158 MGMT_EV_DEVICE_UNPAIRED,
92a25256 159 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 160 MGMT_EV_NEW_IRK,
7ee4ea36 161 MGMT_EV_NEW_CSRK,
8afef092
MH		 162 MGMT_EV_DEVICE_ADDED,
163 MGMT_EV_DEVICE_REMOVED,
ffb5a827 164 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 165 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 166 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 167 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 168 MGMT_EV_EXT_INDEX_ADDED,
169 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 170 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 171 MGMT_EV_ADVERTISING_ADDED,
172 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 173 MGMT_EV_EXT_INFO_CHANGED,
5f4b9172 174 MGMT_EV_PHY_CONFIGURATION_CHANGED,
a10c907c 175 MGMT_EV_EXP_FEATURE_CHANGED,
4c54bf2b 176 MGMT_EV_DEVICE_FLAGS_CHANGED,
3d34a71f
MH		 177 MGMT_EV_ADV_MONITOR_ADDED,
178 MGMT_EV_ADV_MONITOR_REMOVED,
346ce5b7
APS		 179 MGMT_EV_CONTROLLER_SUSPEND,
180 MGMT_EV_CONTROLLER_RESUME,
8d7f1677
MM		 181 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
182 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
e70bb2e8
JH		 183};
184
99c679ac
MH		 185static const u16 mgmt_untrusted_commands[] = {
186 MGMT_OP_READ_INDEX_LIST,
187 MGMT_OP_READ_INFO,
188 MGMT_OP_READ_UNCONF_INDEX_LIST,
189 MGMT_OP_READ_CONFIG_INFO,
190 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 191 MGMT_OP_READ_EXT_INFO,
4d9b9528 192 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c 193 MGMT_OP_READ_EXP_FEATURES_INFO,
17896406 194 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
aececa64 195 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
99c679ac
MH		 196};
197
198static const u16 mgmt_untrusted_events[] = {
199 MGMT_EV_INDEX_ADDED,
200 MGMT_EV_INDEX_REMOVED,
201 MGMT_EV_NEW_SETTINGS,
202 MGMT_EV_CLASS_OF_DEV_CHANGED,
203 MGMT_EV_LOCAL_NAME_CHANGED,
204 MGMT_EV_UNCONF_INDEX_ADDED,
205 MGMT_EV_UNCONF_INDEX_REMOVED,
206 MGMT_EV_NEW_CONFIG_OPTIONS,
207 MGMT_EV_EXT_INDEX_ADDED,
208 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 209 MGMT_EV_EXT_INFO_CHANGED,
a10c907c 210 MGMT_EV_EXP_FEATURE_CHANGED,
99c679ac
MH		 211};
212
17b02e62 213#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 214
d25b78e2
JH		 215#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
216 "\x00\x00\x00\x00\x00\x00\x00\x00"
217
ca69b795 218/* HCI to MGMT error code conversion table */
bdf2aca7 219static const u8 mgmt_status_table[] = {
ca69b795
JH		 220 MGMT_STATUS_SUCCESS,
221 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
222 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
223 MGMT_STATUS_FAILED, /* Hardware Failure */
224 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
225 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 226 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 227 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
228 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
229 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
230 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
231 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
232 MGMT_STATUS_BUSY, /* Command Disallowed */
233 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
234 MGMT_STATUS_REJECTED, /* Rejected Security */
235 MGMT_STATUS_REJECTED, /* Rejected Personal */
236 MGMT_STATUS_TIMEOUT, /* Host Timeout */
237 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
238 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
239 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
240 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
241 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
242 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
243 MGMT_STATUS_BUSY, /* Repeated Attempts */
244 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
245 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
247 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
248 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
249 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
250 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
251 MGMT_STATUS_FAILED, /* Unspecified Error */
252 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
253 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
254 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
255 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
256 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
257 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
258 MGMT_STATUS_FAILED, /* Unit Link Key Used */
259 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
260 MGMT_STATUS_TIMEOUT, /* Instant Passed */
261 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
262 MGMT_STATUS_FAILED, /* Transaction Collision */
4ef36a52 263 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 264 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
265 MGMT_STATUS_REJECTED, /* QoS Rejected */
266 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
267 MGMT_STATUS_REJECTED, /* Insufficient Security */
268 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
4ef36a52 269 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795 270 MGMT_STATUS_BUSY, /* Role Switch Pending */
4ef36a52 271 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 272 MGMT_STATUS_FAILED, /* Slot Violation */
273 MGMT_STATUS_FAILED, /* Role Switch Failed */
274 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
275 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
276 MGMT_STATUS_BUSY, /* Host Busy Pairing */
277 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
278 MGMT_STATUS_BUSY, /* Controller Busy */
279 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
280 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
281 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
282 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
283 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
284};
285
161510cc 286static u8 mgmt_errno_status(int err)
ca69b795 287{
161510cc
LAD		 288 switch (err) {
289 case 0:
290 return MGMT_STATUS_SUCCESS;
291 case -EPERM:
292 return MGMT_STATUS_REJECTED;
293 case -EINVAL:
294 return MGMT_STATUS_INVALID_PARAMS;
295 case -EOPNOTSUPP:
296 return MGMT_STATUS_NOT_SUPPORTED;
297 case -EBUSY:
298 return MGMT_STATUS_BUSY;
299 case -ETIMEDOUT:
300 return MGMT_STATUS_AUTH_FAILED;
301 case -ENOMEM:
302 return MGMT_STATUS_NO_RESOURCES;
303 case -EISCONN:
304 return MGMT_STATUS_ALREADY_CONNECTED;
305 case -ENOTCONN:
306 return MGMT_STATUS_DISCONNECTED;
307 }
308
309 return MGMT_STATUS_FAILED;
310}
311
312static u8 mgmt_status(int err)
313{
314 if (err < 0)
315 return mgmt_errno_status(err);
316
317 if (err < ARRAY_SIZE(mgmt_status_table))
318 return mgmt_status_table[err];
ca69b795
JH		 319
320 return MGMT_STATUS_FAILED;
321}
322
c08b1a1d
MH		 323static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
324 u16 len, int flag)
f9207338 325{
c08b1a1d
MH		 326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
327 flag, NULL);
f9207338
MH		 328}
329
72000df2
MH		 330static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
331 u16 len, int flag, struct sock *skip_sk)
332{
333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
334 flag, skip_sk);
335}
336
7a00ff44
JH		 337static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
338 struct sock *skip_sk)
339{
340 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 341 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 342}
343
cf1bce1d
LAD		 344static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
345{
346 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
347 skip_sk);
348}
349
85813a7e
JH		 350static u8 le_addr_type(u8 mgmt_addr_type)
351{
352 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
353 return ADDR_LE_DEV_PUBLIC;
354 else
355 return ADDR_LE_DEV_RANDOM;
356}
357
03c979c4
MH		 358void mgmt_fill_version_info(void *ver)
359{
360 struct mgmt_rp_read_version *rp = ver;
361
362 rp->version = MGMT_VERSION;
363 rp->revision = cpu_to_le16(MGMT_REVISION);
364}
365
04124681
GP		 366static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
367 u16 data_len)
a38528f1
JH		 368{
369 struct mgmt_rp_read_version rp;
370
181d6953 371 bt_dev_dbg(hdev, "sock %p", sk);
a38528f1 372
03c979c4 373 mgmt_fill_version_info(&rp);
a38528f1 374
2a1afb5a
JH		 375 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
376 &rp, sizeof(rp));
a38528f1
JH		 377}
378
04124681
GP		 379static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
380 u16 data_len)
e70bb2e8
JH		 381{
382 struct mgmt_rp_read_commands *rp;
99c679ac 383 u16 num_commands, num_events;
e70bb2e8
JH		 384 size_t rp_size;
385 int i, err;
386
181d6953 387 bt_dev_dbg(hdev, "sock %p", sk);
e70bb2e8 388
99c679ac
MH		 389 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
390 num_commands = ARRAY_SIZE(mgmt_commands);
391 num_events = ARRAY_SIZE(mgmt_events);
392 } else {
393 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
394 num_events = ARRAY_SIZE(mgmt_untrusted_events);
395 }
396
e70bb2e8
JH		 397 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
398
399 rp = kmalloc(rp_size, GFP_KERNEL);
400 if (!rp)
401 return -ENOMEM;
402
dcf4adbf
JP		 403 rp->num_commands = cpu_to_le16(num_commands);
404 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 405
99c679ac
MH		 406 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
407 __le16 *opcode = rp->opcodes;
408
409 for (i = 0; i < num_commands; i++, opcode++)
410 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 411
99c679ac
MH		 412 for (i = 0; i < num_events; i++, opcode++)
413 put_unaligned_le16(mgmt_events[i], opcode);
414 } else {
415 __le16 *opcode = rp->opcodes;
416
417 for (i = 0; i < num_commands; i++, opcode++)
418 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
419
420 for (i = 0; i < num_events; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
422 }
e70bb2e8 423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
425 rp, rp_size);
e70bb2e8
JH		 426 kfree(rp);
427
428 return err;
429}
430
04124681
GP		 431static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
432 u16 data_len)
faba42eb 433{
faba42eb 434 struct mgmt_rp_read_index_list *rp;
8035ded4 435 struct hci_dev *d;
a38528f1 436 size_t rp_len;
faba42eb 437 u16 count;
476e44cb 438 int err;
faba42eb 439
181d6953 440 bt_dev_dbg(hdev, "sock %p", sk);
faba42eb
JH		 441
442 read_lock(&hci_dev_list_lock);
443
444 count = 0;
bb4b2a9a 445 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 446 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 447 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 448 count++;
faba42eb
JH		 449 }
450
a38528f1
JH		 451 rp_len = sizeof(*rp) + (2 * count);
452 rp = kmalloc(rp_len, GFP_ATOMIC);
453 if (!rp) {
b2c60d42 454 read_unlock(&hci_dev_list_lock);
faba42eb 455 return -ENOMEM;
b2c60d42 456 }
faba42eb 457
476e44cb 458 count = 0;
8035ded4 459 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 460 if (hci_dev_test_flag(d, HCI_SETUP) ||
461 hci_dev_test_flag(d, HCI_CONFIG) ||
462 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 463 continue;
464
73d1df2a
MH		 465 /* Devices marked as raw-only are neither configured
466 * nor unconfigured controllers.
467 */
468 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 469 continue;
470
ca8bee5d 471 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 472 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892 473 rp->index[count++] = cpu_to_le16(d->id);
181d6953 474 bt_dev_dbg(hdev, "Added hci%u", d->id);
1514b892 475 }
faba42eb
JH		 476 }
477
476e44cb
JH		 478 rp->num_controllers = cpu_to_le16(count);
479 rp_len = sizeof(*rp) + (2 * count);
480
faba42eb
JH		 481 read_unlock(&hci_dev_list_lock);
482
2a1afb5a
JH		 483 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
484 0, rp, rp_len);
faba42eb 485
a38528f1
JH		 486 kfree(rp);
487
488 return err;
faba42eb
JH		 489}
490
73d1df2a
MH		 491static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
492 void *data, u16 data_len)
493{
494 struct mgmt_rp_read_unconf_index_list *rp;
495 struct hci_dev *d;
496 size_t rp_len;
497 u16 count;
498 int err;
499
181d6953 500 bt_dev_dbg(hdev, "sock %p", sk);
73d1df2a
MH		 501
502 read_lock(&hci_dev_list_lock);
503
504 count = 0;
505 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 506 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 507 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 508 count++;
509 }
510
511 rp_len = sizeof(*rp) + (2 * count);
512 rp = kmalloc(rp_len, GFP_ATOMIC);
513 if (!rp) {
514 read_unlock(&hci_dev_list_lock);
515 return -ENOMEM;
516 }
517
518 count = 0;
519 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 520 if (hci_dev_test_flag(d, HCI_SETUP) ||
521 hci_dev_test_flag(d, HCI_CONFIG) ||
522 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 523 continue;
524
525 /* Devices marked as raw-only are neither configured
526 * nor unconfigured controllers.
527 */
528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
529 continue;
530
ca8bee5d 531 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 532 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a 533 rp->index[count++] = cpu_to_le16(d->id);
181d6953 534 bt_dev_dbg(hdev, "Added hci%u", d->id);
73d1df2a
MH		 535 }
536 }
537
538 rp->num_controllers = cpu_to_le16(count);
539 rp_len = sizeof(*rp) + (2 * count);
540
541 read_unlock(&hci_dev_list_lock);
542
2a1afb5a
JH		 543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
544 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 545
546 kfree(rp);
547
548 return err;
549}
550
96f1474a
MH		 551static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
552 void *data, u16 data_len)
553{
554 struct mgmt_rp_read_ext_index_list *rp;
555 struct hci_dev *d;
96f1474a
MH		 556 u16 count;
557 int err;
558
181d6953 559 bt_dev_dbg(hdev, "sock %p", sk);
96f1474a
MH		 560
561 read_lock(&hci_dev_list_lock);
562
563 count = 0;
564 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 565 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 566 count++;
567 }
568
4a67e5d4 569 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 570 if (!rp) {
571 read_unlock(&hci_dev_list_lock);
572 return -ENOMEM;
573 }
574
575 count = 0;
576 list_for_each_entry(d, &hci_dev_list, list) {
577 if (hci_dev_test_flag(d, HCI_SETUP) ||
578 hci_dev_test_flag(d, HCI_CONFIG) ||
579 hci_dev_test_flag(d, HCI_USER_CHANNEL))
580 continue;
581
582 /* Devices marked as raw-only are neither configured
583 * nor unconfigured controllers.
584 */
585 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
586 continue;
587
ca8bee5d 588 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 589 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
590 rp->entry[count].type = 0x01;
591 else
592 rp->entry[count].type = 0x00;
593 } else if (d->dev_type == HCI_AMP) {
594 rp->entry[count].type = 0x02;
595 } else {
596 continue;
597 }
598
599 rp->entry[count].bus = d->bus;
600 rp->entry[count++].index = cpu_to_le16(d->id);
181d6953 601 bt_dev_dbg(hdev, "Added hci%u", d->id);
96f1474a
MH		 602 }
603
604 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 605
606 read_unlock(&hci_dev_list_lock);
607
608 /* If this command is called at least once, then all the
609 * default index and unconfigured index events are disabled
610 * and from now on only extended index events are used.
611 */
612 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
613 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
614 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
615
616 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 617 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
618 struct_size(rp, entry, count));
96f1474a
MH		 619
620 kfree(rp);
621
622 return err;
623}
624
dbece37a
MH		 625static bool is_configured(struct hci_dev *hdev)
626{
627 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 628 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 629 return false;
630
7a0e5b15
MK		 631 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
632 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 633 !bacmp(&hdev->public_addr, BDADDR_ANY))
634 return false;
635
636 return true;
637}
638
89bc22d2
MH		 639static __le32 get_missing_options(struct hci_dev *hdev)
640{
641 u32 options = 0;
642
dbece37a 643 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 644 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 645 options |= MGMT_OPTION_EXTERNAL_CONFIG;
646
7a0e5b15
MK		 647 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
648 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 649 !bacmp(&hdev->public_addr, BDADDR_ANY))
650 options |= MGMT_OPTION_PUBLIC_ADDRESS;
651
652 return cpu_to_le32(options);
653}
654
f4537c04
MH		 655static int new_options(struct hci_dev *hdev, struct sock *skip)
656{
657 __le32 options = get_missing_options(hdev);
658
5504c3a3
MH		 659 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
660 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 661}
662
dbece37a
MH		 663static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
664{
665 __le32 options = get_missing_options(hdev);
666
2a1afb5a
JH		 667 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
668 sizeof(options));
dbece37a
MH		 669}
670
9fc3bfb6
MH		 671static int read_config_info(struct sock *sk, struct hci_dev *hdev,
672 void *data, u16 data_len)
673{
674 struct mgmt_rp_read_config_info rp;
89bc22d2 675 u32 options = 0;
9fc3bfb6 676
181d6953 677 bt_dev_dbg(hdev, "sock %p", sk);
9fc3bfb6
MH		 678
679 hci_dev_lock(hdev);
680
681 memset(&rp, 0, sizeof(rp));
682 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 683
eb1904f4
MH		 684 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
685 options |= MGMT_OPTION_EXTERNAL_CONFIG;
686
9fc3bfb6 687 if (hdev->set_bdaddr)
89bc22d2
MH		 688 options |= MGMT_OPTION_PUBLIC_ADDRESS;
689
690 rp.supported_options = cpu_to_le32(options);
691 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 692
693 hci_dev_unlock(hdev);
694
2a1afb5a
JH		 695 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
696 &rp, sizeof(rp));
9fc3bfb6
MH		 697}
698
6244691f
JK		 699static u32 get_supported_phys(struct hci_dev *hdev)
700{
701 u32 supported_phys = 0;
702
703 if (lmp_bredr_capable(hdev)) {
704 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
705
706 if (hdev->features[0][0] & LMP_3SLOT)
707 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
708
709 if (hdev->features[0][0] & LMP_5SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
711
712 if (lmp_edr_2m_capable(hdev)) {
713 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
714
715 if (lmp_edr_3slot_capable(hdev))
716 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
717
718 if (lmp_edr_5slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
720
721 if (lmp_edr_3m_capable(hdev)) {
722 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
723
724 if (lmp_edr_3slot_capable(hdev))
725 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
726
727 if (lmp_edr_5slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
729 }
730 }
731 }
732
733 if (lmp_le_capable(hdev)) {
734 supported_phys |= MGMT_PHY_LE_1M_TX;
735 supported_phys |= MGMT_PHY_LE_1M_RX;
736
737 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
738 supported_phys |= MGMT_PHY_LE_2M_TX;
739 supported_phys |= MGMT_PHY_LE_2M_RX;
740 }
741
742 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
743 supported_phys |= MGMT_PHY_LE_CODED_TX;
744 supported_phys |= MGMT_PHY_LE_CODED_RX;
745 }
746 }
747
748 return supported_phys;
749}
750
751static u32 get_selected_phys(struct hci_dev *hdev)
752{
753 u32 selected_phys = 0;
754
755 if (lmp_bredr_capable(hdev)) {
756 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
757
758 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
759 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
760
761 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
762 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
763
764 if (lmp_edr_2m_capable(hdev)) {
765 if (!(hdev->pkt_type & HCI_2DH1))
766 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
767
768 if (lmp_edr_3slot_capable(hdev) &&
769 !(hdev->pkt_type & HCI_2DH3))
770 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
771
772 if (lmp_edr_5slot_capable(hdev) &&
773 !(hdev->pkt_type & HCI_2DH5))
774 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
775
776 if (lmp_edr_3m_capable(hdev)) {
777 if (!(hdev->pkt_type & HCI_3DH1))
778 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
779
780 if (lmp_edr_3slot_capable(hdev) &&
781 !(hdev->pkt_type & HCI_3DH3))
782 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
783
784 if (lmp_edr_5slot_capable(hdev) &&
785 !(hdev->pkt_type & HCI_3DH5))
786 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
787 }
788 }
789 }
790
791 if (lmp_le_capable(hdev)) {
792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
793 selected_phys |= MGMT_PHY_LE_1M_TX;
794
795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_RX;
797
798 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
799 selected_phys |= MGMT_PHY_LE_2M_TX;
800
801 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_RX;
803
804 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
805 selected_phys |= MGMT_PHY_LE_CODED_TX;
806
807 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_RX;
809 }
810
811 return selected_phys;
812}
813
814static u32 get_configurable_phys(struct hci_dev *hdev)
815{
816 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
817 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
818}
819
69ab39ea
JH		 820static u32 get_supported_settings(struct hci_dev *hdev)
821{
822 u32 settings = 0;
823
824 settings |= MGMT_SETTING_POWERED;
b2939475 825 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 826 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 827 settings |= MGMT_SETTING_CONNECTABLE;
828 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 829
ed3fa31f 830 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 831 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
832 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 833 settings |= MGMT_SETTING_BREDR;
834 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 835
836 if (lmp_ssp_capable(hdev)) {
837 settings |= MGMT_SETTING_SSP;
b560a208
LAD		 838 if (IS_ENABLED(CONFIG_BT_HS))
839 settings |= MGMT_SETTING_HS;
a82974c9 840 }
e98d2ce2 841
05b3c3e7 842 if (lmp_sc_capable(hdev))
e98d2ce2 843 settings |= MGMT_SETTING_SECURE_CONN;
4b127bd5 844
00bce3fb 845 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
4b127bd5 846 &hdev->quirks))
00bce3fb 847 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848566b3 848 }
d7b7e796 849
eeca6f89 850 if (lmp_le_capable(hdev)) {
9d42820f 851 settings |= MGMT_SETTING_LE;
a3209694 852 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 853 settings |= MGMT_SETTING_PRIVACY;
93690c22 854 settings |= MGMT_SETTING_STATIC_ADDRESS;
ad383c2c 855 settings |= MGMT_SETTING_ADVERTISING;
eeca6f89 856 }
69ab39ea 857
eb1904f4
MH		 858 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
859 hdev->set_bdaddr)
9fc3bfb6
MH		 860 settings |= MGMT_SETTING_CONFIGURATION;
861
2394186a
PV		 862 if (cis_central_capable(hdev))
863 settings |= MGMT_SETTING_CIS_CENTRAL;
864
865 if (cis_peripheral_capable(hdev))
866 settings |= MGMT_SETTING_CIS_PERIPHERAL;
867
6244691f
JK		 868 settings |= MGMT_SETTING_PHY_CONFIGURATION;
869
69ab39ea
JH		 870 return settings;
871}
872
873static u32 get_current_settings(struct hci_dev *hdev)
874{
875 u32 settings = 0;
876
f1f0eb02 877 if (hdev_is_powered(hdev))
f0d4b78a
MH		 878 settings |= MGMT_SETTING_POWERED;
879
d7a5a11d 880 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 881 settings |= MGMT_SETTING_CONNECTABLE;
882
d7a5a11d 883 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 884 settings |= MGMT_SETTING_FAST_CONNECTABLE;
885
d7a5a11d 886 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 887 settings |= MGMT_SETTING_DISCOVERABLE;
888
d7a5a11d 889 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 890 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 891
d7a5a11d 892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 893 settings |= MGMT_SETTING_BREDR;
894
d7a5a11d 895 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 896 settings |= MGMT_SETTING_LE;
897
d7a5a11d 898 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 899 settings |= MGMT_SETTING_LINK_SECURITY;
900
d7a5a11d 901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 902 settings |= MGMT_SETTING_SSP;
903
d7a5a11d 904 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 905 settings |= MGMT_SETTING_HS;
906
d7a5a11d 907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 908 settings |= MGMT_SETTING_ADVERTISING;
909
d7a5a11d 910 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 911 settings |= MGMT_SETTING_SECURE_CONN;
912
d7a5a11d 913 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 914 settings |= MGMT_SETTING_DEBUG_KEYS;
915
d7a5a11d 916 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 917 settings |= MGMT_SETTING_PRIVACY;
918
93690c22
MH		 919 /* The current setting for static address has two purposes. The
920 * first is to indicate if the static address will be used and
921 * the second is to indicate if it is actually set.
922 *
923 * This means if the static address is not configured, this flag
08dc0e98 924 * will never be set. If the address is configured, then if the
93690c22
MH		 925 * address is actually used decides if the flag is set or not.
926 *
927 * For single mode LE only controllers and dual-mode controllers
928 * with BR/EDR disabled, the existence of the static address will
929 * be evaluated.
930 */
b7cb93e5 931 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 932 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 933 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
934 if (bacmp(&hdev->static_addr, BDADDR_ANY))
935 settings |= MGMT_SETTING_STATIC_ADDRESS;
936 }
937
00bce3fb
AM		 938 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
939 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
940
2394186a
PV		 941 if (cis_central_capable(hdev))
942 settings |= MGMT_SETTING_CIS_CENTRAL;
943
944 if (cis_peripheral_capable(hdev))
945 settings |= MGMT_SETTING_CIS_PERIPHERAL;
946
69ab39ea
JH		 947 return settings;
948}
949
333ae95d
JH		 950static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
951{
952 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
953}
954
f2252570 955u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 956{
3b0602cd 957 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 958
959 /* If there's a pending mgmt command the flags will not yet have
960 * their final values, so check for this first.
961 */
333ae95d 962 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 963 if (cmd) {
964 struct mgmt_mode *cp = cmd->param;
965 if (cp->val == 0x01)
966 return LE_AD_GENERAL;
967 else if (cp->val == 0x02)
968 return LE_AD_LIMITED;
969 } else {
d7a5a11d 970 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 971 return LE_AD_LIMITED;
d7a5a11d 972 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 973 return LE_AD_GENERAL;
974 }
975
976 return 0;
977}
978
f2252570 979bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 980{
981 struct mgmt_pending_cmd *cmd;
441ad2d0 982
fdf51784
AU		 983 /* If there's a pending mgmt command the flag will not yet have
984 * it's final value, so check for this first.
985 */
986 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
987 if (cmd) {
988 struct mgmt_mode *cp = cmd->param;
441ad2d0 989
fdf51784 990 return cp->val;
441ad2d0
MH		 991 }
992
fdf51784
AU		 993 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
994}
441ad2d0 995
161510cc
LAD		 996static int service_cache_sync(struct hci_dev *hdev, void *data)
997{
998 hci_update_eir_sync(hdev);
999 hci_update_class_sync(hdev);
1000
1001 return 0;
1002}
1003
7d78525d
JH		 1004static void service_cache_off(struct work_struct *work)
1005{
1006 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1007 service_cache.work);
7d78525d 1008
a69d8927 1009 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1010 return;
1011
161510cc 1012 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
7d78525d
JH		 1013}
1014
cba6b758
LAD		 1015static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1016{
1017 /* The generation of a new RPA and programming it into the
1018 * controller happens in the hci_req_enable_advertising()
1019 * function.
1020 */
1021 if (ext_adv_capable(hdev))
1022 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1023 else
1024 return hci_enable_advertising_sync(hdev);
1025}
1026
d6bfd59c
JH		 1027static void rpa_expired(struct work_struct *work)
1028{
1029 struct hci_dev *hdev = container_of(work, struct hci_dev,
1030 rpa_expired.work);
d6bfd59c 1031
181d6953 1032 bt_dev_dbg(hdev, "");
d6bfd59c 1033
a1536da2 1034 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1035
d7a5a11d 1036 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1037 return;
1038
cba6b758 1039 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
d6bfd59c
JH		 1040}
1041
0ef08313
BG		 1042static void discov_off(struct work_struct *work)
1043{
1044 struct hci_dev *hdev = container_of(work, struct hci_dev,
1045 discov_off.work);
1046
1047 bt_dev_dbg(hdev, "");
1048
1049 hci_dev_lock(hdev);
1050
1051 /* When discoverable timeout triggers, then just make sure
1052 * the limited discoverable flag is cleared. Even in the case
1053 * of a timeout triggered from general discoverable, it is
1054 * safe to unconditionally clear the flag.
1055 */
1056 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1057 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1058 hdev->discov_timeout = 0;
1059
1060 hci_update_discoverable(hdev);
1061
1062 mgmt_new_settings(hdev);
1063
1064 hci_dev_unlock(hdev);
1065}
1066
b338d917
BG		 1067static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1068
1069static void mesh_send_complete(struct hci_dev *hdev,
1070 struct mgmt_mesh_tx *mesh_tx, bool silent)
1071{
1072 u8 handle = mesh_tx->handle;
1073
1074 if (!silent)
1075 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1076 sizeof(handle), NULL);
1077
1078 mgmt_mesh_remove(mesh_tx);
1079}
1080
1081static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1082{
1083 struct mgmt_mesh_tx *mesh_tx;
1084
1085 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1086 hci_disable_advertising_sync(hdev);
1087 mesh_tx = mgmt_mesh_next(hdev, NULL);
1088
1089 if (mesh_tx)
1090 mesh_send_complete(hdev, mesh_tx, false);
1091
1092 return 0;
1093}
1094
1095static int mesh_send_sync(struct hci_dev *hdev, void *data);
1096static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1097static void mesh_next(struct hci_dev *hdev, void *data, int err)
1098{
1099 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1100
1101 if (!mesh_tx)
1102 return;
1103
1104 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1105 mesh_send_start_complete);
1106
1107 if (err < 0)
1108 mesh_send_complete(hdev, mesh_tx, false);
1109 else
1110 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1111}
1112
1113static void mesh_send_done(struct work_struct *work)
1114{
1115 struct hci_dev *hdev = container_of(work, struct hci_dev,
1116 mesh_send_done.work);
1117
1118 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1119 return;
1120
1121 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1122}
1123
6a919082 1124static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1125{
f74ca25d 1126 if (hci_dev_test_flag(hdev, HCI_MGMT))
6a919082
JH		 1127 return;
1128
0ef08313
BG		 1129 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1130
1131 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
4f87da80 1132 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1133 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
b338d917 1134 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
7d78525d 1135
4f87da80
JH		 1136 /* Non-mgmt controlled devices get this bit set
1137 * implicitly so that pairing works for them, however
1138 * for mgmt we require user-space to explicitly enable
1139 * it
1140 */
a358dc11 1141 hci_dev_clear_flag(hdev, HCI_BONDABLE);
f74ca25d
TH		 1142
1143 hci_dev_set_flag(hdev, HCI_MGMT);
7d78525d
JH		 1144}
1145
0f4e68cf 1146static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1147 void *data, u16 data_len)
0381101f 1148{
a38528f1 1149 struct mgmt_rp_read_info rp;
f7b64e69 1150
181d6953 1151 bt_dev_dbg(hdev, "sock %p", sk);
f7b64e69 1152
09fd0de5 1153 hci_dev_lock(hdev);
f7b64e69 1154
dc4fe30b
JH		 1155 memset(&rp, 0, sizeof(rp));
1156
69ab39ea 1157 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1158
69ab39ea 1159 rp.version = hdev->hci_ver;
eb55ef07 1160 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1161
1162 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1163 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1164
a38528f1 1165 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1166
dc4fe30b 1167 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1168 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1169
09fd0de5 1170 hci_dev_unlock(hdev);
0381101f 1171
2a1afb5a
JH		 1172 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1173 sizeof(rp));
0381101f
JH		 1174}
1175
cde7a863
MN		 1176static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1177{
1178 u16 eir_len = 0;
1179 size_t name_len;
1180
1181 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1182 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1183 hdev->dev_class, 3);
1184
6a9e90bf
SJ		 1185 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1186 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1187 hdev->appearance);
1188
dd7b8cdd 1189 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
cde7a863
MN		 1190 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1191 hdev->dev_name, name_len);
1192
dd7b8cdd 1193 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
cde7a863
MN		 1194 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1195 hdev->short_name, name_len);
1196
1197 return eir_len;
1198}
1199
321c6fee
MH		 1200static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1201 void *data, u16 data_len)
1202{
7d5c11da
SJ		 1203 char buf[512];
1204 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1205 u16 eir_len;
321c6fee 1206
181d6953 1207 bt_dev_dbg(hdev, "sock %p", sk);
321c6fee 1208
7d5c11da
SJ		 1209 memset(&buf, 0, sizeof(buf));
1210
321c6fee
MH		 1211 hci_dev_lock(hdev);
1212
7d5c11da
SJ		 1213 bacpy(&rp->bdaddr, &hdev->bdaddr);
1214
1215 rp->version = hdev->hci_ver;
1216 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1217
1218 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1219 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1220
321c6fee 1221
cde7a863 1222 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1223 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1224
1225 hci_dev_unlock(hdev);
1226
1227 /* If this command is called at least once, then the events
1228 * for class of device and local name changes are disabled
1229 * and only the new extended controller information event
1230 * is used.
1231 */
1232 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1233 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1234 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1235
8a0c9f49
MN		 1236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1237 sizeof(*rp) + eir_len);
321c6fee
MH		 1238}
1239
1240static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1241{
5e9fae48
MN		 1242 char buf[512];
1243 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1244 u16 eir_len;
1245
1246 memset(buf, 0, sizeof(buf));
321c6fee 1247
5e9fae48
MN		 1248 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1249 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1250
5e9fae48
MN		 1251 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1252 sizeof(*ev) + eir_len,
1253 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1254}
1255
69ab39ea 1256static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1257{
69ab39ea 1258 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1259
2a1afb5a
JH		 1260 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1261 sizeof(settings));
8680570b
JH		 1262}
1263
f2252570 1264void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1265{
1266 struct mgmt_ev_advertising_added ev;
1267
1268 ev.instance = instance;
1269
1270 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1271}
1272
f2252570
JH		 1273void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1274 u8 instance)
912098a6
AU		 1275{
1276 struct mgmt_ev_advertising_removed ev;
1277
1278 ev.instance = instance;
1279
1280 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1281}
1282
7816b820
FG		 1283static void cancel_adv_timeout(struct hci_dev *hdev)
1284{
1285 if (hdev->adv_instance_timeout) {
1286 hdev->adv_instance_timeout = 0;
1287 cancel_delayed_work(&hdev->adv_instance_expire);
1288 }
1289}
1290
cf75ad8b
LAD		 1291/* This function requires the caller holds hdev->lock */
1292static void restart_le_actions(struct hci_dev *hdev)
8b064a3a 1293{
cf75ad8b 1294 struct hci_conn_params *p;
8b064a3a 1295
cf75ad8b
LAD		 1296 list_for_each_entry(p, &hdev->le_conn_params, list) {
1297 /* Needed for AUTO_OFF case where might not "really"
1298 * have been powered off.
1299 */
1300 list_del_init(&p->action);
8b064a3a 1301
cf75ad8b
LAD		 1302 switch (p->auto_connect) {
1303 case HCI_AUTO_CONN_DIRECT:
1304 case HCI_AUTO_CONN_ALWAYS:
1305 list_add(&p->action, &hdev->pend_le_conns);
1306 break;
1307 case HCI_AUTO_CONN_REPORT:
1308 list_add(&p->action, &hdev->pend_le_reports);
1309 break;
1310 default:
1311 break;
1312 }
8b064a3a 1313 }
cf75ad8b 1314}
8b064a3a 1315
cf75ad8b
LAD		 1316static int new_settings(struct hci_dev *hdev, struct sock *skip)
1317{
1318 __le32 ev = cpu_to_le32(get_current_settings(hdev));
912098a6 1319
cf75ad8b
LAD		 1320 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1321 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1322}
8b064a3a 1323
cf75ad8b
LAD		 1324static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1325{
1326 struct mgmt_pending_cmd *cmd = data;
275f3f64
BG		 1327 struct mgmt_mode *cp;
1328
1329 /* Make sure cmd still outstanding. */
1330 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1331 return;
1332
1333 cp = cmd->param;
cf75ad8b
LAD		 1334
1335 bt_dev_dbg(hdev, "err %d", err);
1336
1337 if (!err) {
1338 if (cp->val) {
1339 hci_dev_lock(hdev);
1340 restart_le_actions(hdev);
1341 hci_update_passive_scan(hdev);
1342 hci_dev_unlock(hdev);
1343 }
8b064a3a 1344
cf75ad8b
LAD		 1345 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1346
1347 /* Only call new_setting for power on as power off is deferred
1348 * to hdev->power_off work which does call hci_dev_do_close.
1349 */
1350 if (cp->val)
1351 new_settings(hdev, cmd->sk);
1352 } else {
1353 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1354 mgmt_status(err));
8b064a3a
JH		 1355 }
1356
275f3f64 1357 mgmt_pending_remove(cmd);
cf75ad8b 1358}
23a48093 1359
cf75ad8b
LAD		 1360static int set_powered_sync(struct hci_dev *hdev, void *data)
1361{
1362 struct mgmt_pending_cmd *cmd = data;
1363 struct mgmt_mode *cp = cmd->param;
1364
1365 BT_DBG("%s", hdev->name);
1366
1367 return hci_set_powered_sync(hdev, cp->val);
8b064a3a
JH		 1368}
1369
bdb6d971 1370static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1371 u16 len)
eec8d2bc 1372{
650f726d 1373 struct mgmt_mode *cp = data;
3b0602cd 1374 struct mgmt_pending_cmd *cmd;
4b34ee78 1375 int err;
eec8d2bc 1376
181d6953 1377 bt_dev_dbg(hdev, "sock %p", sk);
eec8d2bc 1378
a7e80f25 1379 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1380 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1381 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1382
09fd0de5 1383 hci_dev_lock(hdev);
eec8d2bc 1384
333ae95d 1385 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1386 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1387 MGMT_STATUS_BUSY);
87b95ba6
JH		 1388 goto failed;
1389 }
1390
4b34ee78 1391 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1392 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1393 goto failed;
1394 }
1395
275f3f64 1396 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1397 if (!cmd) {
1398 err = -ENOMEM;
eec8d2bc 1399 goto failed;
366a0336 1400 }
eec8d2bc 1401
f4198635 1402 /* Cancel potentially blocking sync operation before power off */
d883a466 1403 if (cp->val == 0x00) {
f4198635 1404 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN);
d883a466
LAD		 1405 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1406 mgmt_set_powered_complete);
1407 } else {
1408 /* Use hci_cmd_sync_submit since hdev might not be running */
1409 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd,
1410 mgmt_set_powered_complete);
1411 }
eec8d2bc 1412
275f3f64
BG		 1413 if (err < 0)
1414 mgmt_pending_remove(cmd);
1415
eec8d2bc 1416failed:
09fd0de5 1417 hci_dev_unlock(hdev);
366a0336 1418 return err;
eec8d2bc
JH		 1419}
1420
91a668b0
JH		 1421int mgmt_new_settings(struct hci_dev *hdev)
1422{
1423 return new_settings(hdev, NULL);
1424}
1425
bd99abdd
JH		 1426struct cmd_lookup {
1427 struct sock *sk;
1428 struct hci_dev *hdev;
1429 u8 mgmt_status;
1430};
1431
3b0602cd 1432static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1433{
1434 struct cmd_lookup *match = data;
1435
1436 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1437
1438 list_del(&cmd->list);
1439
1440 if (match->sk == NULL) {
1441 match->sk = cmd->sk;
1442 sock_hold(match->sk);
1443 }
1444
1445 mgmt_pending_free(cmd);
1446}
1447
3b0602cd 1448static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1449{
1450 u8 *status = data;
1451
a69e8375 1452 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1453 mgmt_pending_remove(cmd);
1454}
1455
3b0602cd 1456static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1457{
1458 if (cmd->cmd_complete) {
1459 u8 *status = data;
1460
1461 cmd->cmd_complete(cmd, *status);
1462 mgmt_pending_remove(cmd);
1463
1464 return;
1465 }
1466
1467 cmd_status_rsp(cmd, data);
1468}
1469
3b0602cd 1470static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1471{
2a1afb5a
JH		 1472 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1473 cmd->param, cmd->param_len);
f5818c22
JH		 1474}
1475
3b0602cd 1476static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1477{
2a1afb5a
JH		 1478 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1479 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1480}
1481
e6fe7986
JH		 1482static u8 mgmt_bredr_support(struct hci_dev *hdev)
1483{
1484 if (!lmp_bredr_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1486 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1487 return MGMT_STATUS_REJECTED;
1488 else
1489 return MGMT_STATUS_SUCCESS;
1490}
1491
1492static u8 mgmt_le_support(struct hci_dev *hdev)
1493{
1494 if (!lmp_le_capable(hdev))
1495 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1496 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1497 return MGMT_STATUS_REJECTED;
1498 else
1499 return MGMT_STATUS_SUCCESS;
1500}
1501
2bd1b237
LAD		 1502static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1503 int err)
bfaf8c9f 1504{
2bd1b237 1505 struct mgmt_pending_cmd *cmd = data;
bfaf8c9f 1506
2bd1b237 1507 bt_dev_dbg(hdev, "err %d", err);
bfaf8c9f 1508
275f3f64
BG		 1509 /* Make sure cmd still outstanding. */
1510 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1511 return;
1512
bfaf8c9f
JH		 1513 hci_dev_lock(hdev);
1514
2bd1b237
LAD		 1515 if (err) {
1516 u8 mgmt_err = mgmt_status(err);
a69e8375 1517 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1518 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2bd1b237 1519 goto done;
bfaf8c9f
JH		 1520 }
1521
aed1a885
JH		 1522 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1523 hdev->discov_timeout > 0) {
1524 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1525 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1526 }
bfaf8c9f
JH		 1527
1528 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1529 new_settings(hdev, cmd->sk);
970ba524 1530
2bd1b237 1531done:
275f3f64 1532 mgmt_pending_remove(cmd);
bfaf8c9f
JH		 1533 hci_dev_unlock(hdev);
1534}
1535
2bd1b237
LAD		 1536static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1537{
1538 BT_DBG("%s", hdev->name);
1539
1540 return hci_update_discoverable_sync(hdev);
1541}
1542
bdb6d971 1543static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1544 u16 len)
73f22f62 1545{
650f726d 1546 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1547 struct mgmt_pending_cmd *cmd;
5e5282bb 1548 u16 timeout;
73f22f62
JH		 1549 int err;
1550
181d6953 1551 bt_dev_dbg(hdev, "sock %p", sk);
73f22f62 1552
d7a5a11d
MH		 1553 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1554 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1556 MGMT_STATUS_REJECTED);
33c525c0 1557
310a3d48 1558 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1560 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1561
1f350c87 1562 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1563
1564 /* Disabling discoverable requires that no timeout is set,
1565 * and enabling limited discoverable requires a timeout.
1566 */
1567 if ((cp->val == 0x00 && timeout > 0) ||
1568 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1571
09fd0de5 1572 hci_dev_lock(hdev);
73f22f62 1573
5e5282bb 1574 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1576 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1577 goto failed;
1578 }
1579
333ae95d
JH		 1580 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1581 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1583 MGMT_STATUS_BUSY);
73f22f62
JH		 1584 goto failed;
1585 }
1586
d7a5a11d 1587 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1589 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1590 goto failed;
1591 }
1592
4867bd00
APS		 1593 if (hdev->advertising_paused) {
1594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1595 MGMT_STATUS_BUSY);
1596 goto failed;
1597 }
1598
5e5282bb 1599 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1600 bool changed = false;
1601
310a3d48
MH		 1602 /* Setting limited discoverable when powered off is
1603 * not a valid operation since it requires a timeout
1604 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1605 */
d7a5a11d 1606 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1607 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1608 changed = true;
1609 }
1610
5e5282bb 1611 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1612 if (err < 0)
1613 goto failed;
1614
1615 if (changed)
1616 err = new_settings(hdev, sk);
1617
5e5282bb
JH		 1618 goto failed;
1619 }
1620
310a3d48
MH		 1621 /* If the current mode is the same, then just update the timeout
1622 * value with the new value. And if only the timeout gets updated,
1623 * then no need for any HCI transactions.
1624 */
d7a5a11d
MH		 1625 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1626 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1627 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1628 cancel_delayed_work(&hdev->discov_off);
1629 hdev->discov_timeout = timeout;
955638ec 1630
36261547
MH		 1631 if (cp->val && hdev->discov_timeout > 0) {
1632 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1633 queue_delayed_work(hdev->req_workqueue,
1634 &hdev->discov_off, to);
955638ec
MH		 1635 }
1636
69ab39ea 1637 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1638 goto failed;
1639 }
1640
275f3f64 1641 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1642 if (!cmd) {
1643 err = -ENOMEM;
73f22f62 1644 goto failed;
366a0336 1645 }
73f22f62 1646
310a3d48
MH		 1647 /* Cancel any potential discoverable timeout that might be
1648 * still active and store new timeout value. The arming of
1649 * the timeout happens in the complete handler.
1650 */
1651 cancel_delayed_work(&hdev->discov_off);
1652 hdev->discov_timeout = timeout;
1653
aed1a885
JH		 1654 if (cp->val)
1655 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1656 else
1657 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1658
b456f87c
JH		 1659 /* Limited discoverable mode */
1660 if (cp->val == 0x02)
a1536da2 1661 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1662 else
a358dc11 1663 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1664
2bd1b237
LAD		 1665 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1666 mgmt_set_discoverable_complete);
73f22f62 1667
275f3f64
BG		 1668 if (err < 0)
1669 mgmt_pending_remove(cmd);
1670
73f22f62 1671failed:
09fd0de5 1672 hci_dev_unlock(hdev);
73f22f62
JH		 1673 return err;
1674}
1675
f056a657
LAD		 1676static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1677 int err)
2b76f453 1678{
f056a657 1679 struct mgmt_pending_cmd *cmd = data;
2b76f453 1680
f056a657 1681 bt_dev_dbg(hdev, "err %d", err);
2b76f453 1682
275f3f64
BG		 1683 /* Make sure cmd still outstanding. */
1684 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1685 return;
1686
2b76f453
JH		 1687 hci_dev_lock(hdev);
1688
f056a657
LAD		 1689 if (err) {
1690 u8 mgmt_err = mgmt_status(err);
a69e8375 1691 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
f056a657 1692 goto done;
37438c1f
JH		 1693 }
1694
2b76f453 1695 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1696 new_settings(hdev, cmd->sk);
d7b856f9 1697
f056a657 1698done:
275f3f64
BG		 1699 if (cmd)
1700 mgmt_pending_remove(cmd);
1701
2b76f453
JH		 1702 hci_dev_unlock(hdev);
1703}
1704
e8ba3a1f
JH		 1705static int set_connectable_update_settings(struct hci_dev *hdev,
1706 struct sock *sk, u8 val)
1707{
1708 bool changed = false;
1709 int err;
1710
d7a5a11d 1711 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1712 changed = true;
1713
1714 if (val) {
a1536da2 1715 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1716 } else {
a358dc11
MH		 1717 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1718 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1719 }
1720
1721 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1722 if (err < 0)
1723 return err;
1724
562064e6 1725 if (changed) {
bb876725 1726 hci_update_scan(hdev);
5bee2fd6 1727 hci_update_passive_scan(hdev);
e8ba3a1f 1728 return new_settings(hdev, sk);
562064e6 1729 }
e8ba3a1f
JH		 1730
1731 return 0;
1732}
1733
f056a657
LAD		 1734static int set_connectable_sync(struct hci_dev *hdev, void *data)
1735{
1736 BT_DBG("%s", hdev->name);
1737
1738 return hci_update_connectable_sync(hdev);
1739}
1740
bdb6d971 1741static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1742 u16 len)
9fbcbb45 1743{
650f726d 1744 struct mgmt_mode *cp = data;
3b0602cd 1745 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1746 int err;
1747
181d6953 1748 bt_dev_dbg(hdev, "sock %p", sk);
9fbcbb45 1749
d7a5a11d
MH		 1750 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1751 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1753 MGMT_STATUS_REJECTED);
33c525c0 1754
a7e80f25 1755 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1757 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1758
09fd0de5 1759 hci_dev_lock(hdev);
9fbcbb45 1760
4b34ee78 1761 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1762 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1763 goto failed;
1764 }
1765
333ae95d
JH		 1766 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1767 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1768 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1769 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1770 goto failed;
1771 }
1772
275f3f64 1773 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1774 if (!cmd) {
1775 err = -ENOMEM;
9fbcbb45 1776 goto failed;
366a0336 1777 }
9fbcbb45 1778
53c0ba74
JH		 1779 if (cp->val) {
1780 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1781 } else {
1782 if (hdev->discov_timeout > 0)
1783 cancel_delayed_work(&hdev->discov_off);
2b76f453 1784
53c0ba74
JH		 1785 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1786 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1787 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1788 }
2b76f453 1789
f056a657
LAD		 1790 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1791 mgmt_set_connectable_complete);
9fbcbb45 1792
275f3f64
BG		 1793 if (err < 0)
1794 mgmt_pending_remove(cmd);
1795
9fbcbb45 1796failed:
09fd0de5 1797 hci_dev_unlock(hdev);
9fbcbb45
JH		 1798 return err;
1799}
1800
b2939475 1801static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1802 u16 len)
c542a06c 1803{
650f726d 1804 struct mgmt_mode *cp = data;
55594356 1805 bool changed;
c542a06c
JH		 1806 int err;
1807
181d6953 1808 bt_dev_dbg(hdev, "sock %p", sk);
c542a06c 1809
a7e80f25 1810 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1811 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1812 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1813
09fd0de5 1814 hci_dev_lock(hdev);
c542a06c
JH		 1815
1816 if (cp->val)
238be788 1817 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1818 else
a69d8927 1819 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1820
b2939475 1821 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1822 if (err < 0)
55594356 1823 goto unlock;
c542a06c 1824
82a37ade
JH		 1825 if (changed) {
1826 /* In limited privacy mode the change of bondable mode
1827 * may affect the local advertising address.
1828 */
2bd1b237 1829 hci_update_discoverable(hdev);
82a37ade 1830
55594356 1831 err = new_settings(hdev, sk);
82a37ade 1832 }
c542a06c 1833
55594356 1834unlock:
09fd0de5 1835 hci_dev_unlock(hdev);
c542a06c
JH		 1836 return err;
1837}
1838
04124681
GP		 1839static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1840 u16 len)
33ef95ed
JH		 1841{
1842 struct mgmt_mode *cp = data;
3b0602cd 1843 struct mgmt_pending_cmd *cmd;
e6fe7986 1844 u8 val, status;
33ef95ed
JH		 1845 int err;
1846
181d6953 1847 bt_dev_dbg(hdev, "sock %p", sk);
33ef95ed 1848
e6fe7986
JH		 1849 status = mgmt_bredr_support(hdev);
1850 if (status)
a69e8375
JH		 1851 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1852 status);
33c525c0 1853
a7e80f25 1854 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1856 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1857
33ef95ed
JH		 1858 hci_dev_lock(hdev);
1859
4b34ee78 1860 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1861 bool changed = false;
1862
d7a5a11d 1863 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1864 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1865 changed = true;
1866 }
1867
1868 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1869 if (err < 0)
1870 goto failed;
1871
1872 if (changed)
1873 err = new_settings(hdev, sk);
1874
33ef95ed
JH		 1875 goto failed;
1876 }
1877
333ae95d 1878 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1879 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1880 MGMT_STATUS_BUSY);
33ef95ed
JH		 1881 goto failed;
1882 }
1883
1884 val = !!cp->val;
1885
1886 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1887 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1888 goto failed;
1889 }
1890
1891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1892 if (!cmd) {
1893 err = -ENOMEM;
1894 goto failed;
1895 }
1896
1897 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1898 if (err < 0) {
1899 mgmt_pending_remove(cmd);
1900 goto failed;
1901 }
1902
1903failed:
1904 hci_dev_unlock(hdev);
33ef95ed
JH		 1905 return err;
1906}
1907
3244845c
BG		 1908static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1909{
1910 struct cmd_lookup match = { NULL, hdev };
1911 struct mgmt_pending_cmd *cmd = data;
1912 struct mgmt_mode *cp = cmd->param;
1913 u8 enable = cp->val;
1914 bool changed;
1915
275f3f64
BG		 1916 /* Make sure cmd still outstanding. */
1917 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1918 return;
1919
3244845c
BG		 1920 if (err) {
1921 u8 mgmt_err = mgmt_status(err);
1922
1923 if (enable && hci_dev_test_and_clear_flag(hdev,
1924 HCI_SSP_ENABLED)) {
1925 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1926 new_settings(hdev, NULL);
1927 }
1928
1929 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1930 &mgmt_err);
1931 return;
1932 }
1933
1934 if (enable) {
1935 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1936 } else {
1937 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1938
1939 if (!changed)
1940 changed = hci_dev_test_and_clear_flag(hdev,
1941 HCI_HS_ENABLED);
1942 else
1943 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1944 }
1945
1946 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1947
1948 if (changed)
1949 new_settings(hdev, match.sk);
1950
1951 if (match.sk)
1952 sock_put(match.sk);
1953
1954 hci_update_eir_sync(hdev);
1955}
1956
1957static int set_ssp_sync(struct hci_dev *hdev, void *data)
1958{
1959 struct mgmt_pending_cmd *cmd = data;
1960 struct mgmt_mode *cp = cmd->param;
1961 bool changed = false;
1962 int err;
1963
1964 if (cp->val)
1965 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1966
1967 err = hci_write_ssp_mode_sync(hdev, cp->val);
1968
1969 if (!err && changed)
1970 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1971
1972 return err;
1973}
1974
bdb6d971 1975static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1976{
1977 struct mgmt_mode *cp = data;
3b0602cd 1978 struct mgmt_pending_cmd *cmd;
72ef0c1a 1979 u8 status;
ed2c4ee3
JH		 1980 int err;
1981
181d6953 1982 bt_dev_dbg(hdev, "sock %p", sk);
ed2c4ee3 1983
cdba5281
MH		 1984 status = mgmt_bredr_support(hdev);
1985 if (status)
a69e8375 1986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1987
13ecd8b6 1988 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1990 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1991
a7e80f25 1992 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1994 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1995
13ecd8b6 1996 hci_dev_lock(hdev);
6c8f12c1 1997
4b34ee78 1998 if (!hdev_is_powered(hdev)) {
9ecb3e24 1999 bool changed;
c0ecddc2 2000
9ecb3e24 2001 if (cp->val) {
238be788
MH		 2002 changed = !hci_dev_test_and_set_flag(hdev,
2003 HCI_SSP_ENABLED);
9ecb3e24 2004 } else {
a69d8927
MH		 2005 changed = hci_dev_test_and_clear_flag(hdev,
2006 HCI_SSP_ENABLED);
9ecb3e24 2007 if (!changed)
a69d8927
MH		 2008 changed = hci_dev_test_and_clear_flag(hdev,
2009 HCI_HS_ENABLED);
9ecb3e24 2010 else
a358dc11 2011 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2012 }
2013
2014 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2015 if (err < 0)
2016 goto failed;
2017
2018 if (changed)
2019 err = new_settings(hdev, sk);
2020
ed2c4ee3
JH		 2021 goto failed;
2022 }
2023
333ae95d 2024 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2026 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2027 goto failed;
2028 }
2029
d7a5a11d 2030 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2031 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2032 goto failed;
2033 }
2034
2035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
3244845c 2036 if (!cmd)
ed2c4ee3 2037 err = -ENOMEM;
3244845c
BG		 2038 else
2039 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2040 set_ssp_complete);
3769972b 2041
ed2c4ee3 2042 if (err < 0) {
3244845c
BG		 2043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2044 MGMT_STATUS_FAILED);
2045
2046 if (cmd)
2047 mgmt_pending_remove(cmd);
ed2c4ee3
JH		 2048 }
2049
2050failed:
2051 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2052 return err;
2053}
2054
bdb6d971 2055static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2056{
2057 struct mgmt_mode *cp = data;
ee392693 2058 bool changed;
e6fe7986 2059 u8 status;
ee392693 2060 int err;
6d80dfd0 2061
181d6953 2062 bt_dev_dbg(hdev, "sock %p", sk);
6d80dfd0 2063
b560a208
LAD		 2064 if (!IS_ENABLED(CONFIG_BT_HS))
2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2066 MGMT_STATUS_NOT_SUPPORTED);
2067
e6fe7986
JH		 2068 status = mgmt_bredr_support(hdev);
2069 if (status)
a69e8375 2070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2071
9ecb3e24 2072 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2074 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2075
d7a5a11d 2076 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2077 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2078 MGMT_STATUS_REJECTED);
9ecb3e24 2079
a7e80f25 2080 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2082 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2083
ee392693
MH		 2084 hci_dev_lock(hdev);
2085
333ae95d 2086 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2087 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_BUSY);
a2cb01de
JH		 2089 goto unlock;
2090 }
2091
a0cdf960 2092 if (cp->val) {
238be788 2093 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2094 } else {
2095 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2097 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2098 goto unlock;
2099 }
2100
a69d8927 2101 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2102 }
ee392693
MH		 2103
2104 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2105 if (err < 0)
2106 goto unlock;
2107
2108 if (changed)
2109 err = new_settings(hdev, sk);
6d80dfd0 2110
ee392693
MH		 2111unlock:
2112 hci_dev_unlock(hdev);
2113 return err;
6d80dfd0
JH		 2114}
2115
d81a494c 2116static void set_le_complete(struct hci_dev *hdev, void *data, int err)
416a4ae5
JH		 2117{
2118 struct cmd_lookup match = { NULL, hdev };
d81a494c 2119 u8 status = mgmt_status(err);
416a4ae5 2120
d81a494c 2121 bt_dev_dbg(hdev, "err %d", err);
3ad67582 2122
416a4ae5 2123 if (status) {
416a4ae5 2124 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
d81a494c
BG		 2125 &status);
2126 return;
416a4ae5
JH		 2127 }
2128
2129 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2130
2131 new_settings(hdev, match.sk);
2132
2133 if (match.sk)
2134 sock_put(match.sk);
d81a494c
BG		 2135}
2136
2137static int set_le_sync(struct hci_dev *hdev, void *data)
2138{
2139 struct mgmt_pending_cmd *cmd = data;
2140 struct mgmt_mode *cp = cmd->param;
2141 u8 val = !!cp->val;
2142 int err;
2143
2144 if (!val) {
c249ea9b
BG		 2145 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2146
d81a494c
BG		 2147 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2148 hci_disable_advertising_sync(hdev);
2149
2150 if (ext_adv_capable(hdev))
2151 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2152 } else {
2153 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2154 }
2155
2156 err = hci_write_le_host_supported_sync(hdev, val, 0);
441ad2d0
MH		 2157
2158 /* Make sure the controller has a good default for
2159 * advertising data. Restrict the update to when LE
2160 * has actually been enabled. During power on, the
2161 * update in powered_update_hci will take care of it.
2162 */
d81a494c 2163 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
a0fb3726 2164 if (ext_adv_capable(hdev)) {
d81a494c 2165 int status;
a0fb3726 2166
d81a494c
BG		 2167 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2168 if (!status)
2169 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2170 } else {
d81a494c
BG		 2171 hci_update_adv_data_sync(hdev, 0x00);
2172 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2173 }
d81a494c 2174
5bee2fd6 2175 hci_update_passive_scan(hdev);
441ad2d0 2176 }
3ad67582 2177
d81a494c 2178 return err;
416a4ae5
JH		 2179}
2180
b338d917
BG		 2181static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2182{
2183 struct mgmt_pending_cmd *cmd = data;
2184 u8 status = mgmt_status(err);
2185 struct sock *sk = cmd->sk;
2186
2187 if (status) {
2188 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2189 cmd_status_rsp, &status);
2190 return;
2191 }
2192
2193 mgmt_pending_remove(cmd);
2194 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2195}
2196
2197static int set_mesh_sync(struct hci_dev *hdev, void *data)
2198{
2199 struct mgmt_pending_cmd *cmd = data;
2200 struct mgmt_cp_set_mesh *cp = cmd->param;
2201 size_t len = cmd->param_len;
2202
2203 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2204
2205 if (cp->enable)
2206 hci_dev_set_flag(hdev, HCI_MESH);
2207 else
2208 hci_dev_clear_flag(hdev, HCI_MESH);
2209
2210 len -= sizeof(*cp);
2211
2212 /* If filters don't fit, forward all adv pkts */
2213 if (len <= sizeof(hdev->mesh_ad_types))
2214 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2215
2216 hci_update_passive_scan_sync(hdev);
2217 return 0;
2218}
2219
2220static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2221{
2222 struct mgmt_cp_set_mesh *cp = data;
2223 struct mgmt_pending_cmd *cmd;
2224 int err = 0;
2225
2226 bt_dev_dbg(hdev, "sock %p", sk);
2227
af6bcc19
BG		 2228 if (!lmp_le_capable(hdev) ||
2229 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
b338d917
BG		 2230 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2231 MGMT_STATUS_NOT_SUPPORTED);
2232
2233 if (cp->enable != 0x00 && cp->enable != 0x01)
2234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2235 MGMT_STATUS_INVALID_PARAMS);
2236
2237 hci_dev_lock(hdev);
2238
2239 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2240 if (!cmd)
2241 err = -ENOMEM;
2242 else
2243 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2244 set_mesh_complete);
2245
2246 if (err < 0) {
2247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2248 MGMT_STATUS_FAILED);
2249
2250 if (cmd)
2251 mgmt_pending_remove(cmd);
2252 }
2253
2254 hci_dev_unlock(hdev);
2255 return err;
2256}
2257
2258static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2259{
2260 struct mgmt_mesh_tx *mesh_tx = data;
2261 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2262 unsigned long mesh_send_interval;
2263 u8 mgmt_err = mgmt_status(err);
2264
2265 /* Report any errors here, but don't report completion */
2266
2267 if (mgmt_err) {
2268 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2269 /* Send Complete Error Code for handle */
2270 mesh_send_complete(hdev, mesh_tx, false);
2271 return;
2272 }
2273
2274 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2275 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2276 mesh_send_interval);
2277}
2278
2279static int mesh_send_sync(struct hci_dev *hdev, void *data)
2280{
2281 struct mgmt_mesh_tx *mesh_tx = data;
2282 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2283 struct adv_info *adv, *next_instance;
2284 u8 instance = hdev->le_num_of_adv_sets + 1;
2285 u16 timeout, duration;
2286 int err = 0;
2287
2288 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2289 return MGMT_STATUS_BUSY;
2290
2291 timeout = 1000;
2292 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2293 adv = hci_add_adv_instance(hdev, instance, 0,
2294 send->adv_data_len, send->adv_data,
2295 0, NULL,
2296 timeout, duration,
2297 HCI_ADV_TX_POWER_NO_PREFERENCE,
2298 hdev->le_adv_min_interval,
2299 hdev->le_adv_max_interval,
2300 mesh_tx->handle);
2301
2302 if (!IS_ERR(adv))
2303 mesh_tx->instance = instance;
2304 else
2305 err = PTR_ERR(adv);
2306
2307 if (hdev->cur_adv_instance == instance) {
2308 /* If the currently advertised instance is being changed then
2309 * cancel the current advertising and schedule the next
2310 * instance. If there is only one instance then the overridden
2311 * advertising data will be visible right away.
2312 */
2313 cancel_adv_timeout(hdev);
2314
2315 next_instance = hci_get_next_instance(hdev, instance);
2316 if (next_instance)
2317 instance = next_instance->instance;
2318 else
2319 instance = 0;
2320 } else if (hdev->adv_instance_timeout) {
2321 /* Immediately advertise the new instance if no other, or
2322 * let it go naturally from queue if ADV is already happening
2323 */
2324 instance = 0;
2325 }
2326
2327 if (instance)
2328 return hci_schedule_adv_instance_sync(hdev, instance, true);
2329
2330 return err;
2331}
2332
2333static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2334{
2335 struct mgmt_rp_mesh_read_features *rp = data;
2336
2337 if (rp->used_handles >= rp->max_handles)
2338 return;
2339
2340 rp->handles[rp->used_handles++] = mesh_tx->handle;
2341}
2342
2343static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2344 void *data, u16 len)
2345{
2346 struct mgmt_rp_mesh_read_features rp;
2347
af6bcc19
BG		 2348 if (!lmp_le_capable(hdev) ||
2349 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
b338d917
BG		 2350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2351 MGMT_STATUS_NOT_SUPPORTED);
2352
2353 memset(&rp, 0, sizeof(rp));
2354 rp.index = cpu_to_le16(hdev->id);
2355 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2356 rp.max_handles = MESH_HANDLES_MAX;
2357
2358 hci_dev_lock(hdev);
2359
2360 if (rp.max_handles)
2361 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2362
2363 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2364 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2365
2366 hci_dev_unlock(hdev);
2367 return 0;
2368}
2369
2370static int send_cancel(struct hci_dev *hdev, void *data)
2371{
2372 struct mgmt_pending_cmd *cmd = data;
2373 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2374 struct mgmt_mesh_tx *mesh_tx;
2375
2376 if (!cancel->handle) {
2377 do {
2378 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2379
2380 if (mesh_tx)
2381 mesh_send_complete(hdev, mesh_tx, false);
2382 } while (mesh_tx);
2383 } else {
2384 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2385
2386 if (mesh_tx && mesh_tx->sk == cmd->sk)
2387 mesh_send_complete(hdev, mesh_tx, false);
2388 }
2389
2390 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2391 0, NULL, 0);
2392 mgmt_pending_free(cmd);
2393
2394 return 0;
2395}
2396
2397static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2398 void *data, u16 len)
2399{
2400 struct mgmt_pending_cmd *cmd;
2401 int err;
2402
af6bcc19
BG		 2403 if (!lmp_le_capable(hdev) ||
2404 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2406 MGMT_STATUS_NOT_SUPPORTED);
2407
b338d917
BG		 2408 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2410 MGMT_STATUS_REJECTED);
2411
2412 hci_dev_lock(hdev);
2413 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2414 if (!cmd)
2415 err = -ENOMEM;
2416 else
2417 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2418
2419 if (err < 0) {
2420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2421 MGMT_STATUS_FAILED);
2422
2423 if (cmd)
2424 mgmt_pending_free(cmd);
2425 }
2426
2427 hci_dev_unlock(hdev);
2428 return err;
2429}
2430
2431static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2432{
2433 struct mgmt_mesh_tx *mesh_tx;
2434 struct mgmt_cp_mesh_send *send = data;
2435 struct mgmt_rp_mesh_read_features rp;
2436 bool sending;
2437 int err = 0;
2438
af6bcc19
BG		 2439 if (!lmp_le_capable(hdev) ||
2440 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2442 MGMT_STATUS_NOT_SUPPORTED);
b338d917
BG		 2443 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2444 len <= MGMT_MESH_SEND_SIZE ||
2445 len > (MGMT_MESH_SEND_SIZE + 31))
2446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2447 MGMT_STATUS_REJECTED);
2448
2449 hci_dev_lock(hdev);
2450
2451 memset(&rp, 0, sizeof(rp));
2452 rp.max_handles = MESH_HANDLES_MAX;
2453
2454 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2455
2456 if (rp.max_handles <= rp.used_handles) {
2457 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2458 MGMT_STATUS_BUSY);
2459 goto done;
2460 }
2461
2462 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2463 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2464
2465 if (!mesh_tx)
2466 err = -ENOMEM;
2467 else if (!sending)
2468 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2469 mesh_send_start_complete);
2470
2471 if (err < 0) {
2472 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2474 MGMT_STATUS_FAILED);
2475
2476 if (mesh_tx) {
2477 if (sending)
2478 mgmt_mesh_remove(mesh_tx);
2479 }
2480 } else {
2481 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2482
2483 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2484 &mesh_tx->handle, 1);
2485 }
2486
2487done:
2488 hci_dev_unlock(hdev);
2489 return err;
2490}
2491
bdb6d971 2492static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2493{
2494 struct mgmt_mode *cp = data;
3b0602cd 2495 struct mgmt_pending_cmd *cmd;
06199cf8 2496 int err;
0b60eba1 2497 u8 val, enabled;
06199cf8 2498
181d6953 2499 bt_dev_dbg(hdev, "sock %p", sk);
06199cf8 2500
13ecd8b6 2501 if (!lmp_le_capable(hdev))
a69e8375
JH		 2502 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2503 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2504
a7e80f25 2505 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2507 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2508
e7844ee5
MH		 2509 /* Bluetooth single mode LE only controllers or dual-mode
2510 * controllers configured as LE only devices, do not allow
2511 * switching LE off. These have either LE enabled explicitly
2512 * or BR/EDR has been previously switched off.
2513 *
2514 * When trying to enable an already enabled LE, then gracefully
2515 * send a positive response. Trying to disable it however will
2516 * result into rejection.
2517 */
2518 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2519 if (cp->val == 0x01)
2520 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2521
a69e8375
JH		 2522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2523 MGMT_STATUS_REJECTED);
e7844ee5 2524 }
c73eee91 2525
13ecd8b6 2526 hci_dev_lock(hdev);
06199cf8
JH		 2527
2528 val = !!cp->val;
ffa88e02 2529 enabled = lmp_host_le_capable(hdev);
06199cf8 2530
0b60eba1 2531 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2532 bool changed = false;
2533
d7a5a11d 2534 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2535 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2536 changed = true;
2537 }
2538
d7a5a11d 2539 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2540 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2541 changed = true;
2542 }
2543
06199cf8
JH		 2544 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2545 if (err < 0)
1de028ce 2546 goto unlock;
06199cf8
JH		 2547
2548 if (changed)
2549 err = new_settings(hdev, sk);
2550
1de028ce 2551 goto unlock;
06199cf8
JH		 2552 }
2553
333ae95d
JH		 2554 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2555 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2556 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2557 MGMT_STATUS_BUSY);
1de028ce 2558 goto unlock;
06199cf8
JH		 2559 }
2560
2561 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
d81a494c 2562 if (!cmd)
06199cf8 2563 err = -ENOMEM;
d81a494c
BG		 2564 else
2565 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2566 set_le_complete);
06199cf8 2567
d81a494c
BG		 2568 if (err < 0) {
2569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2570 MGMT_STATUS_FAILED);
45b7749f 2571
d81a494c
BG		 2572 if (cmd)
2573 mgmt_pending_remove(cmd);
06199cf8
JH		 2574 }
2575
1de028ce
JH		 2576unlock:
2577 hci_dev_unlock(hdev);
06199cf8
JH		 2578 return err;
2579}
2580
0cab9c80
JH		 2581/* This is a helper function to test for pending mgmt commands that can
2582 * cause CoD or EIR HCI commands. We can only allow one such pending
2583 * mgmt command at a time since otherwise we cannot easily track what
2584 * the current values are, will be, and based on that calculate if a new
2585 * HCI command needs to be sent and if yes with what value.
2586 */
2587static bool pending_eir_or_class(struct hci_dev *hdev)
2588{
3b0602cd 2589 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2590
2591 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2592 switch (cmd->opcode) {
2593 case MGMT_OP_ADD_UUID:
2594 case MGMT_OP_REMOVE_UUID:
2595 case MGMT_OP_SET_DEV_CLASS:
2596 case MGMT_OP_SET_POWERED:
2597 return true;
2598 }
2599 }
2600
2601 return false;
2602}
2603
83be8eca
JH		 2604static const u8 bluetooth_base_uuid[] = {
2605 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2606 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2607};
2608
2609static u8 get_uuid_size(const u8 *uuid)
2610{
2611 u32 val;
2612
2613 if (memcmp(uuid, bluetooth_base_uuid, 12))
2614 return 128;
2615
2616 val = get_unaligned_le32(&uuid[12]);
2617 if (val > 0xffff)
2618 return 32;
2619
2620 return 16;
2621}
2622
161510cc 2623static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
92da6097 2624{
161510cc 2625 struct mgmt_pending_cmd *cmd = data;
92da6097 2626
161510cc 2627 bt_dev_dbg(hdev, "err %d", err);
92da6097 2628
2a1afb5a 2629 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
161510cc 2630 mgmt_status(err), hdev->dev_class, 3);
92da6097 2631
161510cc 2632 mgmt_pending_free(cmd);
92da6097
JH		 2633}
2634
161510cc 2635static int add_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2636{
161510cc 2637 int err;
92da6097 2638
161510cc
LAD		 2639 err = hci_update_class_sync(hdev);
2640 if (err)
2641 return err;
2642
2643 return hci_update_eir_sync(hdev);
92da6097
JH		 2644}
2645
bdb6d971 2646static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2647{
650f726d 2648 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2649 struct mgmt_pending_cmd *cmd;
2aeb9a1a 2650 struct bt_uuid *uuid;
2aeb9a1a
JH		 2651 int err;
2652
181d6953 2653 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2654
09fd0de5 2655 hci_dev_lock(hdev);
2aeb9a1a 2656
0cab9c80 2657 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2659 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2660 goto failed;
2661 }
2662
92c4c204 2663 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2664 if (!uuid) {
2665 err = -ENOMEM;
2666 goto failed;
2667 }
2668
2669 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2670 uuid->svc_hint = cp->svc_hint;
83be8eca 2671 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2672
de66aa63 2673 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2674
161510cc 2675 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2676 if (!cmd) {
90e70454 2677 err = -ENOMEM;
890ea898
JH		 2678 goto failed;
2679 }
2680
161510cc
LAD		 2681 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2682 if (err < 0) {
2683 mgmt_pending_free(cmd);
2684 goto failed;
2685 }
2aeb9a1a
JH		 2686
2687failed:
09fd0de5 2688 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2689 return err;
2690}
2691
24b78d0f
JH		 2692static bool enable_service_cache(struct hci_dev *hdev)
2693{
2694 if (!hdev_is_powered(hdev))
2695 return false;
2696
238be788 2697 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2698 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2699 CACHE_TIMEOUT);
24b78d0f
JH		 2700 return true;
2701 }
2702
2703 return false;
2704}
2705
161510cc 2706static int remove_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2707{
161510cc 2708 int err;
92da6097 2709
161510cc
LAD		 2710 err = hci_update_class_sync(hdev);
2711 if (err)
2712 return err;
2713
2714 return hci_update_eir_sync(hdev);
92da6097
JH		 2715}
2716
bdb6d971 2717static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2718 u16 len)
2aeb9a1a 2719{
650f726d 2720 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2721 struct mgmt_pending_cmd *cmd;
056341c8 2722 struct bt_uuid *match, *tmp;
e616fec6
CIK		 2723 static const u8 bt_uuid_any[] = {
2724 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2725 };
2aeb9a1a
JH		 2726 int err, found;
2727
181d6953 2728 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2729
09fd0de5 2730 hci_dev_lock(hdev);
2aeb9a1a 2731
0cab9c80 2732 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2733 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2734 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2735 goto unlock;
2736 }
2737
2aeb9a1a 2738 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2739 hci_uuids_clear(hdev);
4004b6d9 2740
24b78d0f 2741 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2742 err = mgmt_cmd_complete(sk, hdev->id,
2743 MGMT_OP_REMOVE_UUID,
2744 0, hdev->dev_class, 3);
24b78d0f
JH		 2745 goto unlock;
2746 }
4004b6d9 2747
9246a869 2748 goto update_class;
2aeb9a1a
JH		 2749 }
2750
2751 found = 0;
2752
056341c8 2753 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2754 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2755 continue;
2756
2757 list_del(&match->list);
482049f7 2758 kfree(match);
2aeb9a1a
JH		 2759 found++;
2760 }
2761
2762 if (found == 0) {
a69e8375
JH		 2763 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2764 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2765 goto unlock;
2766 }
2767
9246a869 2768update_class:
161510cc 2769 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2770 if (!cmd) {
90e70454 2771 err = -ENOMEM;
890ea898
JH		 2772 goto unlock;
2773 }
2774
161510cc
LAD		 2775 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2776 mgmt_class_complete);
2777 if (err < 0)
2778 mgmt_pending_free(cmd);
2aeb9a1a
JH		 2779
2780unlock:
09fd0de5 2781 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2782 return err;
2783}
2784
161510cc 2785static int set_class_sync(struct hci_dev *hdev, void *data)
92da6097 2786{
161510cc
LAD		 2787 int err = 0;
2788
2789 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2790 cancel_delayed_work_sync(&hdev->service_cache);
2791 err = hci_update_eir_sync(hdev);
2792 }
2793
2794 if (err)
2795 return err;
92da6097 2796
161510cc 2797 return hci_update_class_sync(hdev);
92da6097
JH		 2798}
2799
bdb6d971 2800static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2801 u16 len)
1aff6f09 2802{
650f726d 2803 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2804 struct mgmt_pending_cmd *cmd;
1aff6f09
JH		 2805 int err;
2806
181d6953 2807 bt_dev_dbg(hdev, "sock %p", sk);
1aff6f09 2808
6203fc98 2809 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2811 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2812
0cab9c80 2813 hci_dev_lock(hdev);
ee98f473 2814
0cab9c80 2815 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2817 MGMT_STATUS_BUSY);
0cab9c80
JH		 2818 goto unlock;
2819 }
c95f0ba7 2820
0cab9c80 2821 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2822 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2823 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2824 goto unlock;
2825 }
575b3a02 2826
932f5ff5
JH		 2827 hdev->major_class = cp->major;
2828 hdev->minor_class = cp->minor;
2829
b5235a65 2830 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2831 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2832 hdev->dev_class, 3);
b5235a65
JH		 2833 goto unlock;
2834 }
2835
161510cc 2836 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2837 if (!cmd) {
90e70454 2838 err = -ENOMEM;
890ea898
JH		 2839 goto unlock;
2840 }
2841
161510cc
LAD		 2842 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2843 mgmt_class_complete);
2844 if (err < 0)
2845 mgmt_pending_free(cmd);
1aff6f09 2846
b5235a65 2847unlock:
09fd0de5 2848 hci_dev_unlock(hdev);
1aff6f09
JH		 2849 return err;
2850}
2851
bdb6d971 2852static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2853 u16 len)
55ed8ca1 2854{
650f726d 2855 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2856 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2857 sizeof(struct mgmt_link_key_info));
4e51eae9 2858 u16 key_count, expected_len;
b1de97d8 2859 bool changed;
a492cd52 2860 int i;
55ed8ca1 2861
181d6953 2862 bt_dev_dbg(hdev, "sock %p", sk);
9060d5cf
MH		 2863
2864 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2866 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2867
1f350c87 2868 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2869 if (key_count > max_key_count) {
2064ee33
MH		 2870 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2871 key_count);
a69e8375
JH		 2872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2873 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2874 }
55ed8ca1 2875
5bec1fb8 2876 expected_len = struct_size(cp, keys, key_count);
a492cd52 2877 if (expected_len != len) {
2064ee33
MH		 2878 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2879 expected_len, len);
a69e8375
JH		 2880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2881 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2882 }
2883
4ae14301 2884 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2886 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2887
181d6953
MH		 2888 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2889 key_count);
55ed8ca1 2890
4ee71b20
JH		 2891 for (i = 0; i < key_count; i++) {
2892 struct mgmt_link_key_info *key = &cp->keys[i];
2893
8e991132 2894 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2895 return mgmt_cmd_status(sk, hdev->id,
2896 MGMT_OP_LOAD_LINK_KEYS,
2897 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2898 }
2899
09fd0de5 2900 hci_dev_lock(hdev);
55ed8ca1
JH		 2901
2902 hci_link_keys_clear(hdev);
2903
55ed8ca1 2904 if (cp->debug_keys)
238be788 2905 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2906 else
a69d8927
MH		 2907 changed = hci_dev_test_and_clear_flag(hdev,
2908 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2909
2910 if (changed)
2911 new_settings(hdev, NULL);
55ed8ca1 2912
a492cd52 2913 for (i = 0; i < key_count; i++) {
86742e1e 2914 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2915
600a8749
AM		 2916 if (hci_is_blocked_key(hdev,
2917 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2918 key->val)) {
2919 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2920 &key->addr.bdaddr);
2921 continue;
2922 }
2923
58e9293c
JH		 2924 /* Always ignore debug keys and require a new pairing if
2925 * the user wants to use them.
2926 */
2927 if (key->type == HCI_LK_DEBUG_COMBINATION)
2928 continue;
2929
7652ff6a
JH		 2930 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2931 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2932 }
2933
2a1afb5a 2934 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2935
09fd0de5 2936 hci_dev_unlock(hdev);
55ed8ca1 2937
a492cd52 2938 return 0;
55ed8ca1
JH		 2939}
2940
b1078ad0 2941static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2942 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2943{
2944 struct mgmt_ev_device_unpaired ev;
2945
2946 bacpy(&ev.addr.bdaddr, bdaddr);
2947 ev.addr.type = addr_type;
2948
2949 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2950 skip_sk);
b1078ad0
JH		 2951}
2952
1f7435c8
LAD		 2953static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2954{
2955 struct mgmt_pending_cmd *cmd = data;
2956 struct mgmt_cp_unpair_device *cp = cmd->param;
2957
2958 if (!err)
2959 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2960
2961 cmd->cmd_complete(cmd, err);
2962 mgmt_pending_free(cmd);
2963}
2964
2965static int unpair_device_sync(struct hci_dev *hdev, void *data)
2966{
2967 struct mgmt_pending_cmd *cmd = data;
2968 struct mgmt_cp_unpair_device *cp = cmd->param;
2969 struct hci_conn *conn;
2970
2971 if (cp->addr.type == BDADDR_BREDR)
2972 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2973 &cp->addr.bdaddr);
2974 else
2975 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2976 le_addr_type(cp->addr.type));
2977
2978 if (!conn)
2979 return 0;
2980
2981 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2982}
2983
bdb6d971 2984static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2985 u16 len)
55ed8ca1 2986{
124f6e35
JH		 2987 struct mgmt_cp_unpair_device *cp = data;
2988 struct mgmt_rp_unpair_device rp;
fc64361a 2989 struct hci_conn_params *params;
3b0602cd 2990 struct mgmt_pending_cmd *cmd;
55ed8ca1 2991 struct hci_conn *conn;
ec182f03 2992 u8 addr_type;
55ed8ca1
JH		 2993 int err;
2994
a8a1d19e 2995 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2996 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2997 rp.addr.type = cp->addr.type;
a8a1d19e 2998
4ee71b20 2999 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3000 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3001 MGMT_STATUS_INVALID_PARAMS,
3002 &rp, sizeof(rp));
4ee71b20 3003
118da70b 3004 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 3005 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3006 MGMT_STATUS_INVALID_PARAMS,
3007 &rp, sizeof(rp));
118da70b 3008
4ee71b20
JH		 3009 hci_dev_lock(hdev);
3010
86a8cfc6 3011 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3013 MGMT_STATUS_NOT_POWERED, &rp,
3014 sizeof(rp));
86a8cfc6
JH		 3015 goto unlock;
3016 }
3017
e0b2b27e 3018 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 3019 /* If disconnection is requested, then look up the
3020 * connection. If the remote device is connected, it
3021 * will be later used to terminate the link.
3022 *
3023 * Setting it to NULL explicitly will cause no
3024 * termination of the link.
3025 */
3026 if (cp->disconnect)
3027 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3028 &cp->addr.bdaddr);
3029 else
3030 conn = NULL;
3031
124f6e35 3032 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 3033 if (err < 0) {
3034 err = mgmt_cmd_complete(sk, hdev->id,
3035 MGMT_OP_UNPAIR_DEVICE,
3036 MGMT_STATUS_NOT_PAIRED, &rp,
3037 sizeof(rp));
3038 goto unlock;
89cbb063
AA		 3039 }
3040
ec182f03 3041 goto done;
e0b2b27e 3042 }
b0dbfb46 3043
ec182f03
JH		 3044 /* LE address type */
3045 addr_type = le_addr_type(cp->addr.type);
3046
cb28c306
MK		 3047 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3048 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 3049 if (err < 0) {
2a1afb5a
JH		 3050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3051 MGMT_STATUS_NOT_PAIRED, &rp,
3052 sizeof(rp));
55ed8ca1
JH		 3053 goto unlock;
3054 }
3055
ec182f03
JH		 3056 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3057 if (!conn) {
3058 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3059 goto done;
3060 }
3061
c81d555a 3062
ec182f03
JH		 3063 /* Defer clearing up the connection parameters until closing to
3064 * give a chance of keeping them if a repairing happens.
3065 */
3066 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3067
fc64361a
JH		 3068 /* Disable auto-connection parameters if present */
3069 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3070 if (params) {
3071 if (params->explicit_connect)
3072 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3073 else
3074 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3075 }
3076
ec182f03
JH		 3077 /* If disconnection is not requested, then clear the connection
3078 * variable so that the link is not terminated.
3079 */
3080 if (!cp->disconnect)
3081 conn = NULL;
3082
3083done:
89cbb063
AA		 3084 /* If the connection variable is set, then termination of the
3085 * link is requested.
3086 */
a8a1d19e 3087 if (!conn) {
2a1afb5a
JH		 3088 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3089 &rp, sizeof(rp));
b1078ad0 3090 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3091 goto unlock;
3092 }
55ed8ca1 3093
1f7435c8 3094 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3095 sizeof(*cp));
a8a1d19e
JH		 3096 if (!cmd) {
3097 err = -ENOMEM;
3098 goto unlock;
55ed8ca1
JH		 3099 }
3100
d8b7b1e4
JH		 3101 cmd->cmd_complete = addr_cmd_complete;
3102
1f7435c8
LAD		 3103 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3104 unpair_device_complete);
a8a1d19e 3105 if (err < 0)
1f7435c8 3106 mgmt_pending_free(cmd);
a8a1d19e 3107
55ed8ca1 3108unlock:
09fd0de5 3109 hci_dev_unlock(hdev);
55ed8ca1
JH		 3110 return err;
3111}
3112
bdb6d971 3113static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3114 u16 len)
8962ee74 3115{
650f726d 3116 struct mgmt_cp_disconnect *cp = data;
06a63b19 3117 struct mgmt_rp_disconnect rp;
3b0602cd 3118 struct mgmt_pending_cmd *cmd;
8962ee74 3119 struct hci_conn *conn;
8962ee74
JH		 3120 int err;
3121
181d6953 3122 bt_dev_dbg(hdev, "sock %p", sk);
8962ee74 3123
06a63b19
JH		 3124 memset(&rp, 0, sizeof(rp));
3125 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3126 rp.addr.type = cp->addr.type;
3127
4ee71b20 3128 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3129 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3130 MGMT_STATUS_INVALID_PARAMS,
3131 &rp, sizeof(rp));
4ee71b20 3132
09fd0de5 3133 hci_dev_lock(hdev);
8962ee74
JH		 3134
3135 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3136 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3137 MGMT_STATUS_NOT_POWERED, &rp,
3138 sizeof(rp));
8962ee74
JH		 3139 goto failed;
3140 }
3141
333ae95d 3142 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3143 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3144 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3145 goto failed;
3146 }
3147
591f47f3 3148 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3149 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3150 &cp->addr.bdaddr);
88c3df13 3151 else
9d4c1cc1
JH		 3152 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3153 le_addr_type(cp->addr.type));
365227e5 3154
f960727e 3155 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3157 MGMT_STATUS_NOT_CONNECTED, &rp,
3158 sizeof(rp));
8962ee74
JH		 3159 goto failed;
3160 }
3161
2e58ef3e 3162 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3163 if (!cmd) {
3164 err = -ENOMEM;
8962ee74 3165 goto failed;
366a0336 3166 }
8962ee74 3167
f5818c22
JH		 3168 cmd->cmd_complete = generic_cmd_complete;
3169
e3f2f92a 3170 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3171 if (err < 0)
a664b5bc 3172 mgmt_pending_remove(cmd);
8962ee74
JH		 3173
3174failed:
09fd0de5 3175 hci_dev_unlock(hdev);
8962ee74
JH		 3176 return err;
3177}
3178
57c1477c 3179static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3180{
3181 switch (link_type) {
3182 case LE_LINK:
48264f06
JH		 3183 switch (addr_type) {
3184 case ADDR_LE_DEV_PUBLIC:
591f47f3 3185 return BDADDR_LE_PUBLIC;
0ed09148 3186
48264f06 3187 default:
0ed09148 3188 /* Fallback to LE Random address type */
591f47f3 3189 return BDADDR_LE_RANDOM;
48264f06 3190 }
0ed09148 3191
4c659c39 3192 default:
0ed09148 3193 /* Fallback to BR/EDR type */
591f47f3 3194 return BDADDR_BREDR;
4c659c39
JH		 3195 }
3196}
3197
04124681
GP		 3198static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3199 u16 data_len)
2784eb41 3200{
2784eb41 3201 struct mgmt_rp_get_connections *rp;
8035ded4 3202 struct hci_conn *c;
60fc5fb6
JH		 3203 int err;
3204 u16 i;
2784eb41 3205
181d6953 3206 bt_dev_dbg(hdev, "sock %p", sk);
2784eb41 3207
09fd0de5 3208 hci_dev_lock(hdev);
2784eb41 3209
5f97c1df 3210 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3212 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3213 goto unlock;
3214 }
3215
60fc5fb6 3216 i = 0;
b644ba33
JH		 3217 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3218 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3219 i++;
2784eb41
JH		 3220 }
3221
72bb169e 3222 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
a38528f1 3223 if (!rp) {
2784eb41
JH		 3224 err = -ENOMEM;
3225 goto unlock;
3226 }
3227
2784eb41 3228 i = 0;
4c659c39 3229 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3230 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3231 continue;
4c659c39 3232 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3233 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3234 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3235 continue;
3236 i++;
3237 }
3238
eb55ef07 3239 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3240
4c659c39 3241 /* Recalculate length in case of filtered SCO connections, etc */
2a1afb5a 3242 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
72bb169e 3243 struct_size(rp, addr, i));
2784eb41 3244
a38528f1 3245 kfree(rp);
5f97c1df
JH		 3246
3247unlock:
09fd0de5 3248 hci_dev_unlock(hdev);
2784eb41
JH		 3249 return err;
3250}
3251
bdb6d971 3252static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3253 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3254{
3b0602cd 3255 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3256 int err;
3257
2e58ef3e 3258 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3259 sizeof(*cp));
96d97a67
WR		 3260 if (!cmd)
3261 return -ENOMEM;
3262
dd7e39bb
AL		 3263 cmd->cmd_complete = addr_cmd_complete;
3264
d8457698 3265 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3266 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3267 if (err < 0)
3268 mgmt_pending_remove(cmd);
3269
3270 return err;
3271}
3272
bdb6d971 3273static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3274 u16 len)
980e1a53 3275{
96d97a67 3276 struct hci_conn *conn;
650f726d 3277 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3278 struct hci_cp_pin_code_reply reply;
3b0602cd 3279 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3280 int err;
3281
181d6953 3282 bt_dev_dbg(hdev, "sock %p", sk);
980e1a53 3283
09fd0de5 3284 hci_dev_lock(hdev);
980e1a53 3285
4b34ee78 3286 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3287 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3288 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3289 goto failed;
3290 }
3291
d8457698 3292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3293 if (!conn) {
a69e8375
JH		 3294 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3295 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3296 goto failed;
3297 }
3298
3299 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3300 struct mgmt_cp_pin_code_neg_reply ncp;
3301
3302 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 3303
2064ee33 3304 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 3305
bdb6d971 3306 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3307 if (err >= 0)
a69e8375
JH		 3308 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3309 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3310
3311 goto failed;
3312 }
3313
00abfe44 3314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3315 if (!cmd) {
3316 err = -ENOMEM;
980e1a53 3317 goto failed;
366a0336 3318 }
980e1a53 3319
7776d1d8
JH		 3320 cmd->cmd_complete = addr_cmd_complete;
3321
d8457698 3322 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3323 reply.pin_len = cp->pin_len;
24718ca5 3324 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3325
3326 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3327 if (err < 0)
a664b5bc 3328 mgmt_pending_remove(cmd);
980e1a53
JH		 3329
3330failed:
09fd0de5 3331 hci_dev_unlock(hdev);
980e1a53
JH		 3332 return err;
3333}
3334
04124681
GP		 3335static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3336 u16 len)
17fa4b9d 3337{
650f726d 3338 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d 3339
181d6953 3340 bt_dev_dbg(hdev, "sock %p", sk);
17fa4b9d 3341
4ec86d4c 3342 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 3343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3344 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 3345
09fd0de5 3346 hci_dev_lock(hdev);
17fa4b9d
JH		 3347
3348 hdev->io_capability = cp->io_capability;
3349
181d6953 3350 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
17fa4b9d 3351
09fd0de5 3352 hci_dev_unlock(hdev);
17fa4b9d 3353
2a1afb5a
JH		 3354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3355 NULL, 0);
17fa4b9d
JH		 3356}
3357
3b0602cd 3358static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3359{
3360 struct hci_dev *hdev = conn->hdev;
3b0602cd 3361 struct mgmt_pending_cmd *cmd;
e9a416b5 3362
2e58ef3e 3363 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3364 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3365 continue;
3366
e9a416b5
JH		 3367 if (cmd->user_data != conn)
3368 continue;
3369
3370 return cmd;
3371 }
3372
3373 return NULL;
3374}
3375
3b0602cd 3376static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3377{
3378 struct mgmt_rp_pair_device rp;
3379 struct hci_conn *conn = cmd->user_data;
9df74653 3380 int err;
e9a416b5 3381
61b1a7fb
JH		 3382 bacpy(&rp.addr.bdaddr, &conn->dst);
3383 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3384
2a1afb5a
JH		 3385 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3386 status, &rp, sizeof(rp));
e9a416b5
JH		 3387
3388 /* So we don't get further callbacks for this connection */
3389 conn->connect_cfm_cb = NULL;
3390 conn->security_cfm_cb = NULL;
3391 conn->disconn_cfm_cb = NULL;
3392
76a68ba0 3393 hci_conn_drop(conn);
89cbb063
AA		 3394
3395 /* The device is paired so there is no need to remove
3396 * its connection parameters anymore.
3397 */
3398 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3399
3400 hci_conn_put(conn);
9df74653
JH		 3401
3402 return err;
e9a416b5
JH		 3403}
3404
f4a407be
JH		 3405void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3406{
3407 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3408 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3409
3410 cmd = find_pairing(conn);
a511b35b 3411 if (cmd) {
04ab2749 3412 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3413 mgmt_pending_remove(cmd);
3414 }
f4a407be
JH		 3415}
3416
e9a416b5
JH		 3417static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3418{
3b0602cd 3419 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3420
3421 BT_DBG("status %u", status);
3422
3423 cmd = find_pairing(conn);
a511b35b 3424 if (!cmd) {
e9a416b5 3425 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3426 return;
3427 }
3428
3429 cmd->cmd_complete(cmd, mgmt_status(status));
3430 mgmt_pending_remove(cmd);
e9a416b5
JH		 3431}
3432
f4a407be 3433static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3434{
3b0602cd 3435 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3436
3437 BT_DBG("status %u", status);
3438
3439 if (!status)
3440 return;
3441
3442 cmd = find_pairing(conn);
a511b35b 3443 if (!cmd) {
4c47d739 3444 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3445 return;
3446 }
3447
3448 cmd->cmd_complete(cmd, mgmt_status(status));
3449 mgmt_pending_remove(cmd);
4c47d739
VA		 3450}
3451
bdb6d971 3452static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3453 u16 len)
e9a416b5 3454{
650f726d 3455 struct mgmt_cp_pair_device *cp = data;
1425acb7 3456 struct mgmt_rp_pair_device rp;
3b0602cd 3457 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3458 u8 sec_level, auth_type;
3459 struct hci_conn *conn;
e9a416b5
JH		 3460 int err;
3461
181d6953 3462 bt_dev_dbg(hdev, "sock %p", sk);
e9a416b5 3463
f950a30e
SJ		 3464 memset(&rp, 0, sizeof(rp));
3465 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3466 rp.addr.type = cp->addr.type;
3467
4ee71b20 3468 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3470 MGMT_STATUS_INVALID_PARAMS,
3471 &rp, sizeof(rp));
4ee71b20 3472
4ec86d4c 3473 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3474 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3475 MGMT_STATUS_INVALID_PARAMS,
3476 &rp, sizeof(rp));
4ec86d4c 3477
09fd0de5 3478 hci_dev_lock(hdev);
e9a416b5 3479
5f97c1df 3480 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3481 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3482 MGMT_STATUS_NOT_POWERED, &rp,
3483 sizeof(rp));
5f97c1df
JH		 3484 goto unlock;
3485 }
3486
55e76b38
JH		 3487 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3488 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3489 MGMT_STATUS_ALREADY_PAIRED, &rp,
3490 sizeof(rp));
3491 goto unlock;
3492 }
3493
c908df36 3494 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3495 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3496
6f77d8c7 3497 if (cp->addr.type == BDADDR_BREDR) {
04a6c589 3498 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
76b13996 3499 auth_type, CONN_REASON_PAIR_DEVICE);
6f77d8c7 3500 } else {
85813a7e 3501 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3502 struct hci_conn_params *p;
6f77d8c7 3503
7c264b10
MH		 3504 /* When pairing a new device, it is expected to remember
3505 * this device for future connections. Adding the connection
3506 * parameter information ahead of time allows tracking
67ffb185 3507 * of the peripheral preferred values and will speed up any
7c264b10
MH		 3508 * further connection establishment.
3509 *
3510 * If connection parameters already exist, then they
3511 * will be kept and this function does nothing.
3512 */
5157b8a5
JP		 3513 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3514
3515 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3516 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3517
76b13996
MM		 3518 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3519 sec_level, HCI_LE_CONN_TIMEOUT,
3520 CONN_REASON_PAIR_DEVICE);
6f77d8c7 3521 }
7a512d01 3522
30e76272 3523 if (IS_ERR(conn)) {
489dc48e
AK		 3524 int status;
3525
3526 if (PTR_ERR(conn) == -EBUSY)
3527 status = MGMT_STATUS_BUSY;
faa81030
LR		 3528 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3529 status = MGMT_STATUS_NOT_SUPPORTED;
3530 else if (PTR_ERR(conn) == -ECONNREFUSED)
3531 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3532 else
3533 status = MGMT_STATUS_CONNECT_FAILED;
3534
2a1afb5a
JH		 3535 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3536 status, &rp, sizeof(rp));
e9a416b5
JH		 3537 goto unlock;
3538 }
3539
3540 if (conn->connect_cfm_cb) {
76a68ba0 3541 hci_conn_drop(conn);
2a1afb5a
JH		 3542 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3543 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3544 goto unlock;
3545 }
3546
2e58ef3e 3547 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3548 if (!cmd) {
3549 err = -ENOMEM;
76a68ba0 3550 hci_conn_drop(conn);
e9a416b5
JH		 3551 goto unlock;
3552 }
3553
04ab2749
JH		 3554 cmd->cmd_complete = pairing_complete;
3555
7a512d01 3556 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3557 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3558 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3559 conn->security_cfm_cb = pairing_complete_cb;
3560 conn->disconn_cfm_cb = pairing_complete_cb;
3561 } else {
3562 conn->connect_cfm_cb = le_pairing_complete_cb;
3563 conn->security_cfm_cb = le_pairing_complete_cb;
3564 conn->disconn_cfm_cb = le_pairing_complete_cb;
3565 }
7a512d01 3566
e9a416b5 3567 conn->io_capability = cp->io_cap;
f8aaf9b6 3568 cmd->user_data = hci_conn_get(conn);
e9a416b5 3569
6f78fd4b 3570 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3571 hci_conn_security(conn, sec_level, auth_type, true)) {
3572 cmd->cmd_complete(cmd, 0);
3573 mgmt_pending_remove(cmd);
3574 }
e9a416b5
JH		 3575
3576 err = 0;
3577
3578unlock:
09fd0de5 3579 hci_dev_unlock(hdev);
e9a416b5
JH		 3580 return err;
3581}
3582
1a942de0
BG		 3583static int abort_conn_sync(struct hci_dev *hdev, void *data)
3584{
3585 struct hci_conn *conn;
3586 u16 handle = PTR_ERR(data);
3587
3588 conn = hci_conn_hash_lookup_handle(hdev, handle);
3589 if (!conn)
3590 return 0;
3591
3592 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
3593}
3594
04124681
GP		 3595static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3596 u16 len)
28424707 3597{
0f4e68cf 3598 struct mgmt_addr_info *addr = data;
3b0602cd 3599 struct mgmt_pending_cmd *cmd;
28424707
JH		 3600 struct hci_conn *conn;
3601 int err;
3602
181d6953 3603 bt_dev_dbg(hdev, "sock %p", sk);
28424707 3604
28424707
JH		 3605 hci_dev_lock(hdev);
3606
5f97c1df 3607 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3609 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3610 goto unlock;
3611 }
3612
333ae95d 3613 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3614 if (!cmd) {
a69e8375
JH		 3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3616 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3617 goto unlock;
3618 }
3619
3620 conn = cmd->user_data;
3621
3622 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3624 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3625 goto unlock;
3626 }
3627
a511b35b
JH		 3628 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3629 mgmt_pending_remove(cmd);
28424707 3630
2a1afb5a
JH		 3631 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3632 addr, sizeof(*addr));
76b13996
MM		 3633
3634 /* Since user doesn't want to proceed with the connection, abort any
3635 * ongoing pairing and then terminate the link if it was created
3636 * because of the pair device action.
3637 */
3638 if (addr->type == BDADDR_BREDR)
3639 hci_remove_link_key(hdev, &addr->bdaddr);
3640 else
3641 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3642 le_addr_type(addr->type));
3643
3644 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
1a942de0
BG		 3645 hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle),
3646 NULL);
76b13996 3647
28424707
JH		 3648unlock:
3649 hci_dev_unlock(hdev);
28424707
JH		 3650 return err;
3651}
3652
bdb6d971 3653static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3654 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3655 u16 hci_op, __le32 passkey)
a5c29683 3656{
3b0602cd 3657 struct mgmt_pending_cmd *cmd;
0df4c185 3658 struct hci_conn *conn;
a5c29683
JH		 3659 int err;
3660
09fd0de5 3661 hci_dev_lock(hdev);
08ba5382 3662
4b34ee78 3663 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3664 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3665 MGMT_STATUS_NOT_POWERED, addr,
3666 sizeof(*addr));
0df4c185 3667 goto done;
a5c29683
JH		 3668 }
3669
1707c60e
JH		 3670 if (addr->type == BDADDR_BREDR)
3671 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3672 else
9d4c1cc1
JH		 3673 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3674 le_addr_type(addr->type));
272d90df
JH		 3675
3676 if (!conn) {
2a1afb5a
JH		 3677 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3678 MGMT_STATUS_NOT_CONNECTED, addr,
3679 sizeof(*addr));
272d90df
JH		 3680 goto done;
3681 }
47c15e2b 3682
1707c60e 3683 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3684 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3685 if (!err)
2a1afb5a
JH		 3686 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3687 MGMT_STATUS_SUCCESS, addr,
3688 sizeof(*addr));
5fe57d9e 3689 else
2a1afb5a
JH		 3690 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3691 MGMT_STATUS_FAILED, addr,
3692 sizeof(*addr));
47c15e2b 3693
47c15e2b
BG		 3694 goto done;
3695 }
3696
1707c60e 3697 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3698 if (!cmd) {
3699 err = -ENOMEM;
0df4c185 3700 goto done;
a5c29683
JH		 3701 }
3702
7776d1d8
JH		 3703 cmd->cmd_complete = addr_cmd_complete;
3704
0df4c185 3705 /* Continue with pairing via HCI */
604086b7
BG		 3706 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3707 struct hci_cp_user_passkey_reply cp;
3708
1707c60e 3709 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3710 cp.passkey = passkey;
3711 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3712 } else
1707c60e
JH		 3713 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3714 &addr->bdaddr);
604086b7 3715
a664b5bc
JH		 3716 if (err < 0)
3717 mgmt_pending_remove(cmd);
a5c29683 3718
0df4c185 3719done:
09fd0de5 3720 hci_dev_unlock(hdev);
a5c29683
JH		 3721 return err;
3722}
3723
afeb019d
JK		 3724static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3725 void *data, u16 len)
3726{
3727 struct mgmt_cp_pin_code_neg_reply *cp = data;
3728
181d6953 3729 bt_dev_dbg(hdev, "sock %p", sk);
afeb019d 3730
1707c60e 3731 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3732 MGMT_OP_PIN_CODE_NEG_REPLY,
3733 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3734}
3735
04124681
GP		 3736static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3737 u16 len)
0df4c185 3738{
650f726d 3739 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185 3740
181d6953 3741 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185
BG		 3742
3743 if (len != sizeof(*cp))
a69e8375
JH		 3744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3745 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3746
1707c60e 3747 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3748 MGMT_OP_USER_CONFIRM_REPLY,
3749 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3750}
3751
bdb6d971 3752static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3753 void *data, u16 len)
0df4c185 3754{
c9c2659f 3755 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185 3756
181d6953 3757 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185 3758
1707c60e 3759 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3760 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3761 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3762}
3763
04124681
GP		 3764static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3765 u16 len)
604086b7 3766{
650f726d 3767 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7 3768
181d6953 3769 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3770
1707c60e 3771 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3772 MGMT_OP_USER_PASSKEY_REPLY,
3773 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3774}
3775
bdb6d971 3776static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3777 void *data, u16 len)
604086b7 3778{
650f726d 3779 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7 3780
181d6953 3781 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3782
1707c60e 3783 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3784 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3785 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3786}
3787
5e233ed5 3788static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
7c295c48
MN		 3789{
3790 struct adv_info *adv_instance;
7c295c48
MN		 3791
3792 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3793 if (!adv_instance)
5e233ed5 3794 return 0;
7c295c48
MN		 3795
3796 /* stop if current instance doesn't need to be changed */
3797 if (!(adv_instance->flags & flags))
5e233ed5 3798 return 0;
7c295c48
MN		 3799
3800 cancel_adv_timeout(hdev);
3801
3802 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3803 if (!adv_instance)
5e233ed5 3804 return 0;
7c295c48 3805
5e233ed5 3806 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
7c295c48 3807
5e233ed5
BG		 3808 return 0;
3809}
3810
3811static int name_changed_sync(struct hci_dev *hdev, void *data)
3812{
3813 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
7c295c48
MN		 3814}
3815
6f6ff38a 3816static void set_name_complete(struct hci_dev *hdev, void *data, int err)
13928971 3817{
6f6ff38a
BG		 3818 struct mgmt_pending_cmd *cmd = data;
3819 struct mgmt_cp_set_local_name *cp = cmd->param;
3820 u8 status = mgmt_status(err);
13928971 3821
6f6ff38a 3822 bt_dev_dbg(hdev, "err %d", err);
13928971 3823
275f3f64
BG		 3824 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3825 return;
3826
7c295c48 3827 if (status) {
a69e8375 3828 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
6f6ff38a 3829 status);
7c295c48 3830 } else {
2a1afb5a
JH		 3831 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3832 cp, sizeof(*cp));
13928971 3833
7c295c48 3834 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5 3835 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
7c295c48
MN		 3836 }
3837
13928971 3838 mgmt_pending_remove(cmd);
6f6ff38a 3839}
13928971 3840
6f6ff38a
BG		 3841static int set_name_sync(struct hci_dev *hdev, void *data)
3842{
3843 if (lmp_bredr_capable(hdev)) {
3844 hci_update_name_sync(hdev);
3845 hci_update_eir_sync(hdev);
3846 }
3847
3848 /* The name is stored in the scan response data and so
3849 * no need to update the advertising data here.
3850 */
3851 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3852 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3853
3854 return 0;
13928971
JH		 3855}
3856
bdb6d971 3857static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3858 u16 len)
b312b161 3859{
2b4bf397 3860 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3861 struct mgmt_pending_cmd *cmd;
b312b161
JH		 3862 int err;
3863
181d6953 3864 bt_dev_dbg(hdev, "sock %p", sk);
b312b161 3865
09fd0de5 3866 hci_dev_lock(hdev);
b312b161 3867
b3f2ca94
JH		 3868 /* If the old values are the same as the new ones just return a
3869 * direct command complete event.
3870 */
3871 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3872 !memcmp(hdev->short_name, cp->short_name,
3873 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3875 data, len);
b3f2ca94
JH		 3876 goto failed;
3877 }
3878
2b4bf397 3879 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3880
b5235a65 3881 if (!hdev_is_powered(hdev)) {
2b4bf397 3882 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3883
2a1afb5a
JH		 3884 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3885 data, len);
28cc7bde
JH		 3886 if (err < 0)
3887 goto failed;
3888
5504c3a3
MH		 3889 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3890 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3891 ext_info_changed(hdev, sk);
28cc7bde 3892
b5235a65
JH		 3893 goto failed;
3894 }
3895
28cc7bde 3896 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
6f6ff38a 3897 if (!cmd)
b312b161 3898 err = -ENOMEM;
6f6ff38a
BG		 3899 else
3900 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3901 set_name_complete);
b312b161 3902
6f6ff38a
BG		 3903 if (err < 0) {
3904 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3905 MGMT_STATUS_FAILED);
13928971 3906
6f6ff38a
BG		 3907 if (cmd)
3908 mgmt_pending_remove(cmd);
3f985050 3909
6f6ff38a 3910 goto failed;
3f985050
JH		 3911 }
3912
6f6ff38a 3913 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
b312b161
JH		 3914
3915failed:
09fd0de5 3916 hci_dev_unlock(hdev);
b312b161
JH		 3917 return err;
3918}
3919
5e233ed5
BG		 3920static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3921{
3922 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3923}
3924
c4960ecf
MN		 3925static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3926 u16 len)
3927{
3928 struct mgmt_cp_set_appearance *cp = data;
6613baba 3929 u16 appearance;
c4960ecf
MN		 3930 int err;
3931
181d6953 3932 bt_dev_dbg(hdev, "sock %p", sk);
c4960ecf 3933
af4168c5
MN		 3934 if (!lmp_le_capable(hdev))
3935 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3936 MGMT_STATUS_NOT_SUPPORTED);
3937
6613baba 3938 appearance = le16_to_cpu(cp->appearance);
c4960ecf
MN		 3939
3940 hci_dev_lock(hdev);
3941
6613baba
AM		 3942 if (hdev->appearance != appearance) {
3943 hdev->appearance = appearance;
c4960ecf
MN		 3944
3945 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5
BG		 3946 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3947 NULL);
e74317f4
MN		 3948
3949 ext_info_changed(hdev, sk);
c4960ecf
MN		 3950 }
3951
3952 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3953 0);
3954
3955 hci_dev_unlock(hdev);
3956
3957 return err;
3958}
3959
6244691f
JK		 3960static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3961 void *data, u16 len)
3962{
35302158 3963 struct mgmt_rp_get_phy_configuration rp;
6244691f 3964
181d6953 3965 bt_dev_dbg(hdev, "sock %p", sk);
6244691f
JK		 3966
3967 hci_dev_lock(hdev);
3968
3969 memset(&rp, 0, sizeof(rp));
3970
3971 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3972 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3973 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3974
3975 hci_dev_unlock(hdev);
3976
3977 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3978 &rp, sizeof(rp));
3979}
3980
b7c23df8
JK		 3981int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3982{
3983 struct mgmt_ev_phy_configuration_changed ev;
3984
3985 memset(&ev, 0, sizeof(ev));
3986
3987 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3988
3989 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3990 sizeof(ev), skip);
3991}
3992
71efbb08 3993static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
0314f286 3994{
71efbb08
BG		 3995 struct mgmt_pending_cmd *cmd = data;
3996 struct sk_buff *skb = cmd->skb;
3997 u8 status = mgmt_status(err);
0314f286 3998
275f3f64
BG		 3999 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
4000 return;
4001
71efbb08
BG		 4002 if (!status) {
4003 if (!skb)
4004 status = MGMT_STATUS_FAILED;
4005 else if (IS_ERR(skb))
4006 status = mgmt_status(PTR_ERR(skb));
4007 else
4008 status = mgmt_status(skb->data[0]);
4009 }
0314f286 4010
71efbb08 4011 bt_dev_dbg(hdev, "status %d", status);
0314f286 4012
0314f286
JK		 4013 if (status) {
4014 mgmt_cmd_status(cmd->sk, hdev->id,
71efbb08 4015 MGMT_OP_SET_PHY_CONFIGURATION, status);
0314f286
JK		 4016 } else {
4017 mgmt_cmd_complete(cmd->sk, hdev->id,
4018 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4019 NULL, 0);
b7c23df8
JK		 4020
4021 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 4022 }
4023
71efbb08
BG		 4024 if (skb && !IS_ERR(skb))
4025 kfree_skb(skb);
4026
0314f286 4027 mgmt_pending_remove(cmd);
71efbb08 4028}
0314f286 4029
71efbb08
BG		 4030static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4031{
4032 struct mgmt_pending_cmd *cmd = data;
4033 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4034 struct hci_cp_le_set_default_phy cp_phy;
4035 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4036
4037 memset(&cp_phy, 0, sizeof(cp_phy));
4038
4039 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4040 cp_phy.all_phys |= 0x01;
4041
4042 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4043 cp_phy.all_phys |= 0x02;
4044
4045 if (selected_phys & MGMT_PHY_LE_1M_TX)
4046 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4047
4048 if (selected_phys & MGMT_PHY_LE_2M_TX)
4049 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4050
4051 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4052 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4053
4054 if (selected_phys & MGMT_PHY_LE_1M_RX)
4055 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4056
4057 if (selected_phys & MGMT_PHY_LE_2M_RX)
4058 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4059
4060 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4061 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4062
4063 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4064 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4065
4066 return 0;
0314f286
JK		 4067}
4068
4069static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4070 void *data, u16 len)
4071{
35302158 4072 struct mgmt_cp_set_phy_configuration *cp = data;
0314f286 4073 struct mgmt_pending_cmd *cmd;
0314f286
JK		 4074 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4075 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 4076 bool changed = false;
0314f286
JK		 4077 int err;
4078
181d6953 4079 bt_dev_dbg(hdev, "sock %p", sk);
0314f286
JK		 4080
4081 configurable_phys = get_configurable_phys(hdev);
4082 supported_phys = get_supported_phys(hdev);
4083 selected_phys = __le32_to_cpu(cp->selected_phys);
4084
4085 if (selected_phys & ~supported_phys)
4086 return mgmt_cmd_status(sk, hdev->id,
4087 MGMT_OP_SET_PHY_CONFIGURATION,
4088 MGMT_STATUS_INVALID_PARAMS);
4089
4090 unconfigure_phys = supported_phys & ~configurable_phys;
4091
4092 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4093 return mgmt_cmd_status(sk, hdev->id,
4094 MGMT_OP_SET_PHY_CONFIGURATION,
4095 MGMT_STATUS_INVALID_PARAMS);
4096
4097 if (selected_phys == get_selected_phys(hdev))
4098 return mgmt_cmd_complete(sk, hdev->id,
4099 MGMT_OP_SET_PHY_CONFIGURATION,
4100 0, NULL, 0);
4101
4102 hci_dev_lock(hdev);
4103
4104 if (!hdev_is_powered(hdev)) {
4105 err = mgmt_cmd_status(sk, hdev->id,
4106 MGMT_OP_SET_PHY_CONFIGURATION,
4107 MGMT_STATUS_REJECTED);
4108 goto unlock;
4109 }
4110
4111 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4112 err = mgmt_cmd_status(sk, hdev->id,
4113 MGMT_OP_SET_PHY_CONFIGURATION,
4114 MGMT_STATUS_BUSY);
4115 goto unlock;
4116 }
4117
4118 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4119 pkt_type |= (HCI_DH3 | HCI_DM3);
4120 else
4121 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4122
4123 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4124 pkt_type |= (HCI_DH5 | HCI_DM5);
4125 else
4126 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4127
4128 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4129 pkt_type &= ~HCI_2DH1;
4130 else
4131 pkt_type |= HCI_2DH1;
4132
4133 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4134 pkt_type &= ~HCI_2DH3;
4135 else
4136 pkt_type |= HCI_2DH3;
4137
4138 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4139 pkt_type &= ~HCI_2DH5;
4140 else
4141 pkt_type |= HCI_2DH5;
4142
4143 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4144 pkt_type &= ~HCI_3DH1;
4145 else
4146 pkt_type |= HCI_3DH1;
4147
4148 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4149 pkt_type &= ~HCI_3DH3;
4150 else
4151 pkt_type |= HCI_3DH3;
4152
4153 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4154 pkt_type &= ~HCI_3DH5;
4155 else
4156 pkt_type |= HCI_3DH5;
4157
b7c23df8 4158 if (pkt_type != hdev->pkt_type) {
0314f286 4159 hdev->pkt_type = pkt_type;
b7c23df8
JK		 4160 changed = true;
4161 }
0314f286
JK		 4162
4163 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4164 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 4165 if (changed)
4166 mgmt_phy_configuration_changed(hdev, sk);
4167
0314f286
JK		 4168 err = mgmt_cmd_complete(sk, hdev->id,
4169 MGMT_OP_SET_PHY_CONFIGURATION,
4170 0, NULL, 0);
4171
4172 goto unlock;
4173 }
4174
4175 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4176 len);
71efbb08 4177 if (!cmd)
0314f286 4178 err = -ENOMEM;
71efbb08
BG		 4179 else
4180 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4181 set_default_phy_complete);
0314f286 4182
71efbb08
BG		 4183 if (err < 0) {
4184 err = mgmt_cmd_status(sk, hdev->id,
4185 MGMT_OP_SET_PHY_CONFIGURATION,
4186 MGMT_STATUS_FAILED);
0314f286 4187
71efbb08
BG		 4188 if (cmd)
4189 mgmt_pending_remove(cmd);
4190 }
0314f286
JK		 4191
4192unlock:
4193 hci_dev_unlock(hdev);
4194
4195 return err;
4196}
4197
600a8749
AM		 4198static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4199 u16 len)
4200{
4201 int err = MGMT_STATUS_SUCCESS;
4202 struct mgmt_cp_set_blocked_keys *keys = data;
4203 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4204 sizeof(struct mgmt_blocked_key_info));
4205 u16 key_count, expected_len;
4206 int i;
4207
181d6953 4208 bt_dev_dbg(hdev, "sock %p", sk);
600a8749
AM		 4209
4210 key_count = __le16_to_cpu(keys->key_count);
4211 if (key_count > max_key_count) {
4212 bt_dev_err(hdev, "too big key_count value %u", key_count);
4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4214 MGMT_STATUS_INVALID_PARAMS);
4215 }
4216
4217 expected_len = struct_size(keys, keys, key_count);
4218 if (expected_len != len) {
4219 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4220 expected_len, len);
4221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4222 MGMT_STATUS_INVALID_PARAMS);
4223 }
4224
4225 hci_dev_lock(hdev);
4226
4227 hci_blocked_keys_clear(hdev);
4228
0c793758 4229 for (i = 0; i < key_count; ++i) {
600a8749
AM		 4230 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4231
4232 if (!b) {
4233 err = MGMT_STATUS_NO_RESOURCES;
4234 break;
4235 }
4236
4237 b->type = keys->keys[i].type;
4238 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4239 list_add_rcu(&b->list, &hdev->blocked_keys);
4240 }
4241 hci_dev_unlock(hdev);
4242
4243 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4244 err, NULL, 0);
4245}
4246
00bce3fb
AM		 4247static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4248 void *data, u16 len)
4249{
4250 struct mgmt_mode *cp = data;
4251 int err;
4252 bool changed = false;
4253
181d6953 4254 bt_dev_dbg(hdev, "sock %p", sk);
00bce3fb
AM		 4255
4256 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4257 return mgmt_cmd_status(sk, hdev->id,
4258 MGMT_OP_SET_WIDEBAND_SPEECH,
4259 MGMT_STATUS_NOT_SUPPORTED);
4260
4261 if (cp->val != 0x00 && cp->val != 0x01)
4262 return mgmt_cmd_status(sk, hdev->id,
4263 MGMT_OP_SET_WIDEBAND_SPEECH,
4264 MGMT_STATUS_INVALID_PARAMS);
4265
4266 hci_dev_lock(hdev);
4267
00bce3fb
AM		 4268 if (hdev_is_powered(hdev) &&
4269 !!cp->val != hci_dev_test_flag(hdev,
4270 HCI_WIDEBAND_SPEECH_ENABLED)) {
4271 err = mgmt_cmd_status(sk, hdev->id,
4272 MGMT_OP_SET_WIDEBAND_SPEECH,
4273 MGMT_STATUS_REJECTED);
4274 goto unlock;
4275 }
4276
4277 if (cp->val)
4278 changed = !hci_dev_test_and_set_flag(hdev,
4279 HCI_WIDEBAND_SPEECH_ENABLED);
4280 else
4281 changed = hci_dev_test_and_clear_flag(hdev,
4282 HCI_WIDEBAND_SPEECH_ENABLED);
4283
4284 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4285 if (err < 0)
4286 goto unlock;
4287
4288 if (changed)
4289 err = new_settings(hdev, sk);
4290
4291unlock:
4292 hci_dev_unlock(hdev);
4293 return err;
4294}
4295
4d9b9528
DW		 4296static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4297 void *data, u16 data_len)
bc292258 4298{
4d9b9528
DW		 4299 char buf[20];
4300 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4301 u16 cap_len = 0;
bc292258 4302 u8 flags = 0;
4d9b9528 4303 u8 tx_power_range[2];
bc292258
MH		 4304
4305 bt_dev_dbg(hdev, "sock %p", sk);
4306
4307 memset(&buf, 0, sizeof(buf));
4308
4309 hci_dev_lock(hdev);
4310
4311 /* When the Read Simple Pairing Options command is supported, then
4312 * the remote public key validation is supported.
a61d6718
MH		 4313 *
4314 * Alternatively, when Microsoft extensions are available, they can
4315 * indicate support for public key validation as well.
bc292258 4316 */
a61d6718 4317 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
bc292258
MH		 4318 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4319
4320 flags |= 0x02; /* Remote public key validation (LE) */
4321
4322 /* When the Read Encryption Key Size command is supported, then the
4323 * encryption key size is enforced.
4324 */
4325 if (hdev->commands[20] & 0x10)
4326 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4327
4328 flags |= 0x08; /* Encryption key size enforcement (LE) */
4329
4d9b9528
DW		 4330 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4331 &flags, 1);
bc292258
MH		 4332
4333 /* When the Read Simple Pairing Options command is supported, then
4334 * also max encryption key size information is provided.
4335 */
4336 if (hdev->commands[41] & 0x08)
4d9b9528
DW		 4337 cap_len = eir_append_le16(rp->cap, cap_len,
4338 MGMT_CAP_MAX_ENC_KEY_SIZE,
bc292258
MH		 4339 hdev->max_enc_key_size);
4340
4d9b9528
DW		 4341 cap_len = eir_append_le16(rp->cap, cap_len,
4342 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4343 SMP_MAX_ENC_KEY_SIZE);
4344
4345 /* Append the min/max LE tx power parameters if we were able to fetch
4346 * it from the controller
4347 */
4348 if (hdev->commands[38] & 0x80) {
4349 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4350 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4351 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4352 tx_power_range, 2);
4353 }
bc292258 4354
4d9b9528 4355 rp->cap_len = cpu_to_le16(cap_len);
bc292258
MH		 4356
4357 hci_dev_unlock(hdev);
4358
4d9b9528
DW		 4359 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4360 rp, sizeof(*rp) + cap_len);
bc292258
MH		 4361}
4362
e625e50c
MH		 4363#ifdef CONFIG_BT_FEATURE_DEBUG
4364/* d4992530-b9ec-469f-ab01-6c481c47da1c */
4365static const u8 debug_uuid[16] = {
4366 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4367 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4368};
4369#endif
4370
ae7d925b
JH		 4371/* 330859bc-7506-492d-9370-9a6f0614037f */
4372static const u8 quality_report_uuid[16] = {
4373 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4374 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4375};
4376
ad933151
K		 4377/* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4378static const u8 offload_codecs_uuid[16] = {
4379 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4380 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4381};
4382
15d8ce05 4383/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
76d0685b 4384static const u8 le_simultaneous_roles_uuid[16] = {
15d8ce05
AM		 4385 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4386 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4387};
4388
cbbdfa6f
SN		 4389/* 15c0a148-c273-11ea-b3de-0242ac130004 */
4390static const u8 rpa_resolution_uuid[16] = {
4391 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4392 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4393};
4394
ccf74f23
LAD		 4395/* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4396static const u8 iso_socket_uuid[16] = {
4397 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4398 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4399};
4400
af6bcc19
BG		 4401/* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4402static const u8 mgmt_mesh_uuid[16] = {
4403 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4404 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4405};
4406
a10c907c
MH		 4407static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4408 void *data, u16 data_len)
4409{
af6bcc19
BG		 4410 struct mgmt_rp_read_exp_features_info *rp;
4411 size_t len;
a10c907c 4412 u16 idx = 0;
15d8ce05 4413 u32 flags;
af6bcc19 4414 int status;
a10c907c
MH		 4415
4416 bt_dev_dbg(hdev, "sock %p", sk);
4417
af6bcc19
BG		 4418 /* Enough space for 7 features */
4419 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
bb20da18 4420 rp = kzalloc(len, GFP_KERNEL);
af6bcc19
BG		 4421 if (!rp)
4422 return -ENOMEM;
4423
e625e50c
MH		 4424#ifdef CONFIG_BT_FEATURE_DEBUG
4425 if (!hdev) {
15d8ce05 4426 flags = bt_dbg_get() ? BIT(0) : 0;
e625e50c
MH		 4427
4428 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4429 rp->features[idx].flags = cpu_to_le32(flags);
4430 idx++;
4431 }
4432#endif
4433
76d0685b
LAD		 4434 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4435 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
15d8ce05
AM		 4436 flags = BIT(0);
4437 else
4438 flags = 0;
4439
76d0685b 4440 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
15d8ce05
AM		 4441 rp->features[idx].flags = cpu_to_le32(flags);
4442 idx++;
4443 }
4444
ad383c2c 4445 if (hdev && ll_privacy_capable(hdev)) {
cbbdfa6f
SN		 4446 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4447 flags = BIT(0) | BIT(1);
4448 else
4449 flags = BIT(1);
4450
4451 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4452 rp->features[idx].flags = cpu_to_le32(flags);
4453 idx++;
4454 }
4455
258f56d1
JH		 4456 if (hdev && (aosp_has_quality_report(hdev) ||
4457 hdev->set_quality_report)) {
823f3bc4 4458 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
ae7d925b 4459 flags = BIT(0);
823f3bc4 4460 else
ae7d925b 4461 flags = 0;
823f3bc4 4462
ae7d925b
JH		 4463 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4464 rp->features[idx].flags = cpu_to_le32(flags);
4465 idx++;
4466 }
4467
7f7fd17e
MH		 4468 if (hdev && hdev->get_data_path_id) {
4469 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
ad933151 4470 flags = BIT(0);
7f7fd17e 4471 else
ad933151 4472 flags = 0;
7f7fd17e 4473
ad933151
K		 4474 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4475 rp->features[idx].flags = cpu_to_le32(flags);
4476 idx++;
4477 }
4478
ccf74f23
LAD		 4479 if (IS_ENABLED(CONFIG_BT_LE)) {
4480 flags = iso_enabled() ? BIT(0) : 0;
4481 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4482 rp->features[idx].flags = cpu_to_le32(flags);
4483 idx++;
4484 }
4485
af6bcc19
BG		 4486 if (hdev && lmp_le_capable(hdev)) {
4487 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4488 flags = BIT(0);
4489 else
4490 flags = 0;
4491
4492 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4493 rp->features[idx].flags = cpu_to_le32(flags);
4494 idx++;
4495 }
4496
a10c907c
MH		 4497 rp->feature_count = cpu_to_le16(idx);
4498
4499 /* After reading the experimental features information, enable
4500 * the events to update client on any future change.
4501 */
4502 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4503
af6bcc19
BG		 4504 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4505 MGMT_OP_READ_EXP_FEATURES_INFO,
4506 0, rp, sizeof(*rp) + (20 * idx));
4507
4508 kfree(rp);
4509 return status;
a10c907c
MH		 4510}
4511
cbbdfa6f
SN		 4512static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4513 struct sock *skip)
4514{
4515 struct mgmt_ev_exp_feature_changed ev;
4516
4517 memset(&ev, 0, sizeof(ev));
4518 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4519 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4520
e1cff700 4521 // Do we need to be atomic with the conn_flags?
6126ffab 4522 if (enabled && privacy_mode_capable(hdev))
e1cff700 4523 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
6126ffab 4524 else
e1cff700 4525 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
6126ffab 4526
cbbdfa6f
SN		 4527 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4528 &ev, sizeof(ev),
4529 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4530
4531}
4532
76d0685b
LAD		 4533static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4534 bool enabled, struct sock *skip)
ae7d925b
JH		 4535{
4536 struct mgmt_ev_exp_feature_changed ev;
4537
4538 memset(&ev, 0, sizeof(ev));
76d0685b 4539 memcpy(ev.uuid, uuid, 16);
ae7d925b
JH		 4540 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4541
b15bfa4d 4542 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ae7d925b
JH		 4543 &ev, sizeof(ev),
4544 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4545}
4546
93fb70bc
JH		 4547#define EXP_FEAT(_uuid, _set_func) \
4548{ \
4549 .uuid = _uuid, \
4550 .set_func = _set_func, \
4551}
4552
4553/* The zero key uuid is special. Multiple exp features are set through it. */
4554static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4555 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
a10c907c 4556{
a10c907c
MH		 4557 struct mgmt_rp_set_exp_feature rp;
4558
93fb70bc
JH		 4559 memset(rp.uuid, 0, 16);
4560 rp.flags = cpu_to_le32(0);
a10c907c 4561
e625e50c 4562#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4563 if (!hdev) {
4564 bool changed = bt_dbg_get();
e625e50c 4565
93fb70bc 4566 bt_dbg_set(false);
e625e50c 4567
93fb70bc 4568 if (changed)
76d0685b 4569 exp_feature_changed(NULL, ZERO_KEY, false, sk);
93fb70bc 4570 }
e625e50c
MH		 4571#endif
4572
93fb70bc 4573 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
6f59f991 4574 bool changed;
cbbdfa6f 4575
6f59f991
LAD		 4576 changed = hci_dev_test_and_clear_flag(hdev,
4577 HCI_ENABLE_LL_PRIVACY);
93fb70bc 4578 if (changed)
76d0685b
LAD		 4579 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4580 sk);
93fb70bc 4581 }
cbbdfa6f 4582
93fb70bc 4583 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
a10c907c 4584
93fb70bc
JH		 4585 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4586 MGMT_OP_SET_EXP_FEATURE, 0,
4587 &rp, sizeof(rp));
4588}
a10c907c 4589
e625e50c 4590#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4591static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4592 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4593{
4594 struct mgmt_rp_set_exp_feature rp;
e625e50c 4595
93fb70bc
JH		 4596 bool val, changed;
4597 int err;
e625e50c 4598
93fb70bc
JH		 4599 /* Command requires to use the non-controller index */
4600 if (hdev)
4601 return mgmt_cmd_status(sk, hdev->id,
4602 MGMT_OP_SET_EXP_FEATURE,
4603 MGMT_STATUS_INVALID_INDEX);
e625e50c 4604
93fb70bc
JH		 4605 /* Parameters are limited to a single octet */
4606 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4607 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4608 MGMT_OP_SET_EXP_FEATURE,
4609 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4610
93fb70bc
JH		 4611 /* Only boolean on/off is supported */
4612 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4613 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4614 MGMT_OP_SET_EXP_FEATURE,
4615 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4616
93fb70bc
JH		 4617 val = !!cp->param[0];
4618 changed = val ? !bt_dbg_get() : bt_dbg_get();
4619 bt_dbg_set(val);
e625e50c 4620
93fb70bc
JH		 4621 memcpy(rp.uuid, debug_uuid, 16);
4622 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
e625e50c 4623
93fb70bc 4624 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
e625e50c 4625
93fb70bc
JH		 4626 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4627 MGMT_OP_SET_EXP_FEATURE, 0,
4628 &rp, sizeof(rp));
e625e50c 4629
93fb70bc 4630 if (changed)
76d0685b 4631 exp_feature_changed(hdev, debug_uuid, val, sk);
93fb70bc
JH		 4632
4633 return err;
4634}
e625e50c
MH		 4635#endif
4636
af6bcc19
BG		 4637static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4638 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4639{
4640 struct mgmt_rp_set_exp_feature rp;
4641 bool val, changed;
4642 int err;
4643
4644 /* Command requires to use the controller index */
4645 if (!hdev)
4646 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4647 MGMT_OP_SET_EXP_FEATURE,
4648 MGMT_STATUS_INVALID_INDEX);
4649
af6bcc19
BG		 4650 /* Parameters are limited to a single octet */
4651 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4652 return mgmt_cmd_status(sk, hdev->id,
4653 MGMT_OP_SET_EXP_FEATURE,
4654 MGMT_STATUS_INVALID_PARAMS);
4655
4656 /* Only boolean on/off is supported */
4657 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4658 return mgmt_cmd_status(sk, hdev->id,
4659 MGMT_OP_SET_EXP_FEATURE,
4660 MGMT_STATUS_INVALID_PARAMS);
4661
4662 val = !!cp->param[0];
4663
4664 if (val) {
4665 changed = !hci_dev_test_and_set_flag(hdev,
4666 HCI_MESH_EXPERIMENTAL);
4667 } else {
4668 hci_dev_clear_flag(hdev, HCI_MESH);
4669 changed = hci_dev_test_and_clear_flag(hdev,
4670 HCI_MESH_EXPERIMENTAL);
4671 }
4672
4673 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4674 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4675
4676 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4677
4678 err = mgmt_cmd_complete(sk, hdev->id,
4679 MGMT_OP_SET_EXP_FEATURE, 0,
4680 &rp, sizeof(rp));
4681
4682 if (changed)
4683 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4684
4685 return err;
4686}
4687
93fb70bc
JH		 4688static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4689 struct mgmt_cp_set_exp_feature *cp,
4690 u16 data_len)
4691{
4692 struct mgmt_rp_set_exp_feature rp;
4693 bool val, changed;
4694 int err;
4695 u32 flags;
4696
4697 /* Command requires to use the controller index */
4698 if (!hdev)
4699 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4700 MGMT_OP_SET_EXP_FEATURE,
4701 MGMT_STATUS_INVALID_INDEX);
cbbdfa6f 4702
93fb70bc
JH		 4703 /* Changes can only be made when controller is powered down */
4704 if (hdev_is_powered(hdev))
4705 return mgmt_cmd_status(sk, hdev->id,
4706 MGMT_OP_SET_EXP_FEATURE,
4707 MGMT_STATUS_REJECTED);
cbbdfa6f 4708
93fb70bc
JH		 4709 /* Parameters are limited to a single octet */
4710 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4711 return mgmt_cmd_status(sk, hdev->id,
4712 MGMT_OP_SET_EXP_FEATURE,
4713 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4714
93fb70bc
JH		 4715 /* Only boolean on/off is supported */
4716 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4717 return mgmt_cmd_status(sk, hdev->id,
4718 MGMT_OP_SET_EXP_FEATURE,
4719 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4720
93fb70bc 4721 val = !!cp->param[0];
cbbdfa6f 4722
93fb70bc 4723 if (val) {
6f59f991
LAD		 4724 changed = !hci_dev_test_and_set_flag(hdev,
4725 HCI_ENABLE_LL_PRIVACY);
93fb70bc 4726 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
cbbdfa6f 4727
93fb70bc
JH		 4728 /* Enable LL privacy + supported settings changed */
4729 flags = BIT(0) | BIT(1);
4730 } else {
6f59f991
LAD		 4731 changed = hci_dev_test_and_clear_flag(hdev,
4732 HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4733
93fb70bc
JH		 4734 /* Disable LL privacy + supported settings changed */
4735 flags = BIT(1);
4736 }
cbbdfa6f 4737
93fb70bc
JH		 4738 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4739 rp.flags = cpu_to_le32(flags);
cbbdfa6f 4740
93fb70bc 4741 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
cbbdfa6f 4742
93fb70bc
JH		 4743 err = mgmt_cmd_complete(sk, hdev->id,
4744 MGMT_OP_SET_EXP_FEATURE, 0,
4745 &rp, sizeof(rp));
cbbdfa6f 4746
93fb70bc
JH		 4747 if (changed)
4748 exp_ll_privacy_feature_changed(val, hdev, sk);
cbbdfa6f 4749
93fb70bc
JH		 4750 return err;
4751}
cbbdfa6f 4752
ae7d925b
JH		 4753static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4754 struct mgmt_cp_set_exp_feature *cp,
4755 u16 data_len)
4756{
4757 struct mgmt_rp_set_exp_feature rp;
4758 bool val, changed;
4759 int err;
4760
4761 /* Command requires to use a valid controller index */
4762 if (!hdev)
4763 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4764 MGMT_OP_SET_EXP_FEATURE,
4765 MGMT_STATUS_INVALID_INDEX);
4766
4767 /* Parameters are limited to a single octet */
4768 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4769 return mgmt_cmd_status(sk, hdev->id,
4770 MGMT_OP_SET_EXP_FEATURE,
4771 MGMT_STATUS_INVALID_PARAMS);
4772
4773 /* Only boolean on/off is supported */
4774 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4775 return mgmt_cmd_status(sk, hdev->id,
4776 MGMT_OP_SET_EXP_FEATURE,
4777 MGMT_STATUS_INVALID_PARAMS);
4778
4779 hci_req_sync_lock(hdev);
4780
4781 val = !!cp->param[0];
4782 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4783
258f56d1 4784 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
ae7d925b
JH		 4785 err = mgmt_cmd_status(sk, hdev->id,
4786 MGMT_OP_SET_EXP_FEATURE,
4787 MGMT_STATUS_NOT_SUPPORTED);
4788 goto unlock_quality_report;
4789 }
4790
4791 if (changed) {
258f56d1
JH		 4792 if (hdev->set_quality_report)
4793 err = hdev->set_quality_report(hdev, val);
4794 else
4795 err = aosp_set_quality_report(hdev, val);
4796
ae7d925b
JH		 4797 if (err) {
4798 err = mgmt_cmd_status(sk, hdev->id,
4799 MGMT_OP_SET_EXP_FEATURE,
4800 MGMT_STATUS_FAILED);
4801 goto unlock_quality_report;
4802 }
258f56d1 4803
ae7d925b
JH		 4804 if (val)
4805 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4806 else
4807 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4808 }
4809
4810 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4811
4812 memcpy(rp.uuid, quality_report_uuid, 16);
4813 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4814 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
258f56d1
JH		 4815
4816 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
ae7d925b
JH		 4817 &rp, sizeof(rp));
4818
4819 if (changed)
76d0685b 4820 exp_feature_changed(hdev, quality_report_uuid, val, sk);
ae7d925b
JH		 4821
4822unlock_quality_report:
4823 hci_req_sync_unlock(hdev);
4824 return err;
4825}
4826
ad933151
K		 4827static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4828 struct mgmt_cp_set_exp_feature *cp,
4829 u16 data_len)
4830{
4831 bool val, changed;
4832 int err;
4833 struct mgmt_rp_set_exp_feature rp;
4834
4835 /* Command requires to use a valid controller index */
4836 if (!hdev)
4837 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4838 MGMT_OP_SET_EXP_FEATURE,
4839 MGMT_STATUS_INVALID_INDEX);
4840
4841 /* Parameters are limited to a single octet */
4842 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4843 return mgmt_cmd_status(sk, hdev->id,
4844 MGMT_OP_SET_EXP_FEATURE,
4845 MGMT_STATUS_INVALID_PARAMS);
4846
4847 /* Only boolean on/off is supported */
4848 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4849 return mgmt_cmd_status(sk, hdev->id,
4850 MGMT_OP_SET_EXP_FEATURE,
4851 MGMT_STATUS_INVALID_PARAMS);
4852
4853 val = !!cp->param[0];
4854 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4855
4856 if (!hdev->get_data_path_id) {
4857 return mgmt_cmd_status(sk, hdev->id,
4858 MGMT_OP_SET_EXP_FEATURE,
4859 MGMT_STATUS_NOT_SUPPORTED);
4860 }
4861
4862 if (changed) {
4863 if (val)
4864 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4865 else
4866 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4867 }
4868
4869 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4870 val, changed);
4871
4872 memcpy(rp.uuid, offload_codecs_uuid, 16);
4873 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4874 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4875 err = mgmt_cmd_complete(sk, hdev->id,
4876 MGMT_OP_SET_EXP_FEATURE, 0,
4877 &rp, sizeof(rp));
4878
4879 if (changed)
76d0685b
LAD		 4880 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4881
4882 return err;
4883}
4884
4885static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4886 struct mgmt_cp_set_exp_feature *cp,
4887 u16 data_len)
4888{
4889 bool val, changed;
4890 int err;
4891 struct mgmt_rp_set_exp_feature rp;
4892
4893 /* Command requires to use a valid controller index */
4894 if (!hdev)
4895 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4896 MGMT_OP_SET_EXP_FEATURE,
4897 MGMT_STATUS_INVALID_INDEX);
4898
4899 /* Parameters are limited to a single octet */
4900 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4901 return mgmt_cmd_status(sk, hdev->id,
4902 MGMT_OP_SET_EXP_FEATURE,
4903 MGMT_STATUS_INVALID_PARAMS);
4904
4905 /* Only boolean on/off is supported */
4906 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4907 return mgmt_cmd_status(sk, hdev->id,
4908 MGMT_OP_SET_EXP_FEATURE,
4909 MGMT_STATUS_INVALID_PARAMS);
4910
4911 val = !!cp->param[0];
4912 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4913
4914 if (!hci_dev_le_state_simultaneous(hdev)) {
4915 return mgmt_cmd_status(sk, hdev->id,
4916 MGMT_OP_SET_EXP_FEATURE,
4917 MGMT_STATUS_NOT_SUPPORTED);
4918 }
4919
4920 if (changed) {
4921 if (val)
4922 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4923 else
4924 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4925 }
4926
5d1dd2e5 4927 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
76d0685b
LAD		 4928 val, changed);
4929
4930 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4931 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4932 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4933 err = mgmt_cmd_complete(sk, hdev->id,
4934 MGMT_OP_SET_EXP_FEATURE, 0,
4935 &rp, sizeof(rp));
4936
4937 if (changed)
4938 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
ad933151
K		 4939
4940 return err;
4941}
4942
ccf74f23
LAD		 4943#ifdef CONFIG_BT_LE
4944static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4945 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4946{
4947 struct mgmt_rp_set_exp_feature rp;
4948 bool val, changed = false;
4949 int err;
4950
4951 /* Command requires to use the non-controller index */
4952 if (hdev)
4953 return mgmt_cmd_status(sk, hdev->id,
4954 MGMT_OP_SET_EXP_FEATURE,
4955 MGMT_STATUS_INVALID_INDEX);
4956
4957 /* Parameters are limited to a single octet */
4958 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4959 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4960 MGMT_OP_SET_EXP_FEATURE,
4961 MGMT_STATUS_INVALID_PARAMS);
4962
4963 /* Only boolean on/off is supported */
4964 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4965 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4966 MGMT_OP_SET_EXP_FEATURE,
4967 MGMT_STATUS_INVALID_PARAMS);
4968
4969 val = cp->param[0] ? true : false;
4970 if (val)
4971 err = iso_init();
4972 else
4973 err = iso_exit();
4974
4975 if (!err)
4976 changed = true;
4977
4978 memcpy(rp.uuid, iso_socket_uuid, 16);
4979 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4980
4981 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4982
4983 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4984 MGMT_OP_SET_EXP_FEATURE, 0,
4985 &rp, sizeof(rp));
4986
4987 if (changed)
4988 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4989
4990 return err;
4991}
4992#endif
4993
93fb70bc
JH		 4994static const struct mgmt_exp_feature {
4995 const u8 *uuid;
4996 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4997 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4998} exp_features[] = {
4999 EXP_FEAT(ZERO_KEY, set_zero_key_func),
5000#ifdef CONFIG_BT_FEATURE_DEBUG
5001 EXP_FEAT(debug_uuid, set_debug_func),
5002#endif
af6bcc19 5003 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
93fb70bc 5004 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
ae7d925b 5005 EXP_FEAT(quality_report_uuid, set_quality_report_func),
ad933151 5006 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
76d0685b 5007 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
ccf74f23
LAD		 5008#ifdef CONFIG_BT_LE
5009 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5010#endif
93fb70bc
JH		 5011
5012 /* end with a null feature */
5013 EXP_FEAT(NULL, NULL)
5014};
5015
5016static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5017 void *data, u16 data_len)
5018{
5019 struct mgmt_cp_set_exp_feature *cp = data;
5020 size_t i = 0;
5021
5022 bt_dev_dbg(hdev, "sock %p", sk);
5023
5024 for (i = 0; exp_features[i].uuid; i++) {
5025 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5026 return exp_features[i].set_func(sk, hdev, cp, data_len);
cbbdfa6f
SN		 5027 }
5028
a10c907c
MH		 5029 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5030 MGMT_OP_SET_EXP_FEATURE,
5031 MGMT_STATUS_NOT_SUPPORTED);
5032}
5033
529d4492
LAD		 5034static u32 get_params_flags(struct hci_dev *hdev,
5035 struct hci_conn_params *params)
5036{
5037 u32 flags = hdev->conn_flags;
5038
5039 /* Devices using RPAs can only be programmed in the acceptlist if
5040 * LL Privacy has been enable otherwise they cannot mark
5041 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5042 */
5043 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5044 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type))
5045 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5046
5047 return flags;
5048}
5049
4c54bf2b
APS		 5050static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5051 u16 data_len)
5052{
5053 struct mgmt_cp_get_device_flags *cp = data;
5054 struct mgmt_rp_get_device_flags rp;
5055 struct bdaddr_list_with_flags *br_params;
5056 struct hci_conn_params *params;
fe92ee64 5057 u32 supported_flags;
4c54bf2b
APS		 5058 u32 current_flags = 0;
5059 u8 status = MGMT_STATUS_INVALID_PARAMS;
5060
5061 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5062 &cp->addr.bdaddr, cp->addr.type);
5063
3ca33e3f
APS		 5064 hci_dev_lock(hdev);
5065
e1cff700 5066 supported_flags = hdev->conn_flags;
fe92ee64 5067
02ce2c2c
THJA		 5068 memset(&rp, 0, sizeof(rp));
5069
4c54bf2b 5070 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 5071 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 5072 &cp->addr.bdaddr,
5073 cp->addr.type);
5074 if (!br_params)
5075 goto done;
5076
e1cff700 5077 current_flags = br_params->flags;
4c54bf2b
APS		 5078 } else {
5079 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5080 le_addr_type(cp->addr.type));
4c54bf2b
APS		 5081 if (!params)
5082 goto done;
5083
529d4492 5084 supported_flags = get_params_flags(hdev, params);
e1cff700 5085 current_flags = params->flags;
4c54bf2b
APS		 5086 }
5087
5088 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5089 rp.addr.type = cp->addr.type;
5090 rp.supported_flags = cpu_to_le32(supported_flags);
5091 rp.current_flags = cpu_to_le32(current_flags);
5092
5093 status = MGMT_STATUS_SUCCESS;
5094
5095done:
3ca33e3f
APS		 5096 hci_dev_unlock(hdev);
5097
4c54bf2b
APS		 5098 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5099 &rp, sizeof(rp));
5100}
5101
5102static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5103 bdaddr_t *bdaddr, u8 bdaddr_type,
5104 u32 supported_flags, u32 current_flags)
5105{
5106 struct mgmt_ev_device_flags_changed ev;
5107
5108 bacpy(&ev.addr.bdaddr, bdaddr);
5109 ev.addr.type = bdaddr_type;
5110 ev.supported_flags = cpu_to_le32(supported_flags);
5111 ev.current_flags = cpu_to_le32(current_flags);
5112
5113 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5114}
5115
5116static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5117 u16 len)
5118{
5119 struct mgmt_cp_set_device_flags *cp = data;
5120 struct bdaddr_list_with_flags *br_params;
5121 struct hci_conn_params *params;
5122 u8 status = MGMT_STATUS_INVALID_PARAMS;
fe92ee64 5123 u32 supported_flags;
4c54bf2b
APS		 5124 u32 current_flags = __le32_to_cpu(cp->current_flags);
5125
5126 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
0c793758 5127 &cp->addr.bdaddr, cp->addr.type, current_flags);
4c54bf2b 5128
e1cff700
LT		 5129 // We should take hci_dev_lock() early, I think.. conn_flags can change
5130 supported_flags = hdev->conn_flags;
fe92ee64 5131
4c54bf2b
APS		 5132 if ((supported_flags | current_flags) != supported_flags) {
5133 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5134 current_flags, supported_flags);
5135 goto done;
5136 }
5137
3ca33e3f
APS		 5138 hci_dev_lock(hdev);
5139
4c54bf2b 5140 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 5141 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 5142 &cp->addr.bdaddr,
5143 cp->addr.type);
5144
5145 if (br_params) {
e1cff700 5146 br_params->flags = current_flags;
4c54bf2b
APS		 5147 status = MGMT_STATUS_SUCCESS;
5148 } else {
5149 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5150 &cp->addr.bdaddr, cp->addr.type);
5151 }
a9a34765 5152
529d4492
LAD		 5153 goto unlock;
5154 }
6126ffab 5155
529d4492
LAD		 5156 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5157 le_addr_type(cp->addr.type));
5158 if (!params) {
5159 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5160 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5161 goto unlock;
5162 }
5163
5164 supported_flags = get_params_flags(hdev, params);
5165
5166 if ((supported_flags | current_flags) != supported_flags) {
5167 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5168 current_flags, supported_flags);
5169 goto unlock;
4c54bf2b
APS		 5170 }
5171
529d4492
LAD		 5172 params->flags = current_flags;
5173 status = MGMT_STATUS_SUCCESS;
5174
5175 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5176 * has been set.
5177 */
5178 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5179 hci_update_passive_scan(hdev);
5180
a9a34765 5181unlock:
3ca33e3f
APS		 5182 hci_dev_unlock(hdev);
5183
815d5121 5184done:
4c54bf2b
APS		 5185 if (status == MGMT_STATUS_SUCCESS)
5186 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5187 supported_flags, current_flags);
5188
5189 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5190 &cp->addr, sizeof(cp->addr));
5191}
5192
b52729f2
MC		 5193static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5194 u16 handle)
5195{
5196 struct mgmt_ev_adv_monitor_added ev;
5197
5198 ev.monitor_handle = cpu_to_le16(handle);
5199
5200 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5201}
5202
66bd095a 5203void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
cdde92e2 5204{
66bd095a
AP		 5205 struct mgmt_ev_adv_monitor_removed ev;
5206 struct mgmt_pending_cmd *cmd;
5207 struct sock *sk_skip = NULL;
5208 struct mgmt_cp_remove_adv_monitor *cp;
5209
5210 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5211 if (cmd) {
5212 cp = cmd->param;
5213
5214 if (cp->monitor_handle)
5215 sk_skip = cmd->sk;
5216 }
cdde92e2
MC		 5217
5218 ev.monitor_handle = cpu_to_le16(handle);
5219
66bd095a 5220 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
cdde92e2
MC		 5221}
5222
e5e1e7fd
MC		 5223static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5224 void *data, u16 len)
5225{
5226 struct adv_monitor *monitor = NULL;
5227 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
cafd472a 5228 int handle, err;
e5e1e7fd
MC		 5229 size_t rp_size = 0;
5230 __u32 supported = 0;
a2a4dedf 5231 __u32 enabled = 0;
e5e1e7fd
MC		 5232 __u16 num_handles = 0;
5233 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5234
5235 BT_DBG("request for %s", hdev->name);
5236
5237 hci_dev_lock(hdev);
5238
a2a4dedf 5239 if (msft_monitor_supported(hdev))
e5e1e7fd
MC		 5240 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5241
a2a4dedf 5242 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
e5e1e7fd 5243 handles[num_handles++] = monitor->handle;
e5e1e7fd
MC		 5244
5245 hci_dev_unlock(hdev);
5246
5247 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5248 rp = kmalloc(rp_size, GFP_KERNEL);
5249 if (!rp)
5250 return -ENOMEM;
5251
a2a4dedf
AP		 5252 /* All supported features are currently enabled */
5253 enabled = supported;
5254
e5e1e7fd 5255 rp->supported_features = cpu_to_le32(supported);
a2a4dedf 5256 rp->enabled_features = cpu_to_le32(enabled);
e5e1e7fd
MC		 5257 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5258 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5259 rp->num_handles = cpu_to_le16(num_handles);
5260 if (num_handles)
5261 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5262
cafd472a
PY		 5263 err = mgmt_cmd_complete(sk, hdev->id,
5264 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5265 MGMT_STATUS_SUCCESS, rp, rp_size);
5266
5267 kfree(rp);
5268
5269 return err;
e5e1e7fd
MC		 5270}
5271
b747a836
MM		 5272static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5273 void *data, int status)
a2a4dedf
AP		 5274{
5275 struct mgmt_rp_add_adv_patterns_monitor rp;
b747a836
MM		 5276 struct mgmt_pending_cmd *cmd = data;
5277 struct adv_monitor *monitor = cmd->user_data;
a2a4dedf
AP		 5278
5279 hci_dev_lock(hdev);
5280
a2a4dedf
AP		 5281 rp.monitor_handle = cpu_to_le16(monitor->handle);
5282
5283 if (!status) {
5284 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5285 hdev->adv_monitors_cnt++;
5286 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5287 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5bee2fd6 5288 hci_update_passive_scan(hdev);
a2a4dedf
AP		 5289 }
5290
b747a836
MM		 5291 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5292 mgmt_status(status), &rp, sizeof(rp));
a2a4dedf
AP		 5293 mgmt_pending_remove(cmd);
5294
a2a4dedf 5295 hci_dev_unlock(hdev);
b747a836 5296 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
a2a4dedf 5297 rp.monitor_handle, status);
b747a836 5298}
a2a4dedf 5299
b747a836
MM		 5300static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5301{
5302 struct mgmt_pending_cmd *cmd = data;
5303 struct adv_monitor *monitor = cmd->user_data;
5304
5305 return hci_add_adv_monitor(hdev, monitor);
a2a4dedf
AP		 5306}
5307
b4a221ea 5308static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
a2a4dedf
AP		 5309 struct adv_monitor *m, u8 status,
5310 void *data, u16 len, u16 op)
b139553d 5311{
a2a4dedf 5312 struct mgmt_pending_cmd *cmd;
b4a221ea 5313 int err;
a2a4dedf
AP		 5314
5315 hci_dev_lock(hdev);
b139553d 5316
b4a221ea 5317 if (status)
a2a4dedf 5318 goto unlock;
b139553d 5319
a2a4dedf
AP		 5320 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5321 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5322 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5323 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5324 status = MGMT_STATUS_BUSY;
5325 goto unlock;
5326 }
b139553d 5327
a2a4dedf
AP		 5328 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5329 if (!cmd) {
5330 status = MGMT_STATUS_NO_RESOURCES;
5331 goto unlock;
5332 }
b52729f2 5333
b1810feb 5334 cmd->user_data = m;
b747a836
MM		 5335 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5336 mgmt_add_adv_patterns_monitor_complete);
b139553d 5337 if (err) {
b747a836 5338 if (err == -ENOMEM)
b4a221ea
AP		 5339 status = MGMT_STATUS_NO_RESOURCES;
5340 else
5341 status = MGMT_STATUS_FAILED;
5342
b139553d
MC		 5343 goto unlock;
5344 }
5345
a2a4dedf 5346 hci_dev_unlock(hdev);
b139553d 5347
a2a4dedf 5348 return 0;
b139553d
MC		 5349
5350unlock:
66bd095a 5351 hci_free_adv_monitor(hdev, m);
b139553d 5352 hci_dev_unlock(hdev);
b4a221ea
AP		 5353 return mgmt_cmd_status(sk, hdev->id, op, status);
5354}
5355
5356static void parse_adv_monitor_rssi(struct adv_monitor *m,
5357 struct mgmt_adv_rssi_thresholds *rssi)
5358{
5359 if (rssi) {
5360 m->rssi.low_threshold = rssi->low_threshold;
5361 m->rssi.low_threshold_timeout =
5362 __le16_to_cpu(rssi->low_threshold_timeout);
5363 m->rssi.high_threshold = rssi->high_threshold;
5364 m->rssi.high_threshold_timeout =
5365 __le16_to_cpu(rssi->high_threshold_timeout);
5366 m->rssi.sampling_period = rssi->sampling_period;
5367 } else {
5368 /* Default values. These numbers are the least constricting
5369 * parameters for MSFT API to work, so it behaves as if there
5370 * are no rssi parameter to consider. May need to be changed
5371 * if other API are to be supported.
5372 */
5373 m->rssi.low_threshold = -127;
5374 m->rssi.low_threshold_timeout = 60;
5375 m->rssi.high_threshold = -127;
5376 m->rssi.high_threshold_timeout = 0;
5377 m->rssi.sampling_period = 0;
5378 }
5379}
5380
5381static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5382 struct mgmt_adv_pattern *patterns)
5383{
5384 u8 offset = 0, length = 0;
5385 struct adv_pattern *p = NULL;
b4a221ea
AP		 5386 int i;
5387
5388 for (i = 0; i < pattern_count; i++) {
b4a221ea
AP		 5389 offset = patterns[i].offset;
5390 length = patterns[i].length;
5391 if (offset >= HCI_MAX_AD_LENGTH ||
5392 length > HCI_MAX_AD_LENGTH ||
5393 (offset + length) > HCI_MAX_AD_LENGTH)
5394 return MGMT_STATUS_INVALID_PARAMS;
5395
5396 p = kmalloc(sizeof(*p), GFP_KERNEL);
5397 if (!p)
5398 return MGMT_STATUS_NO_RESOURCES;
5399
5400 p->ad_type = patterns[i].ad_type;
5401 p->offset = patterns[i].offset;
5402 p->length = patterns[i].length;
5403 memcpy(p->value, patterns[i].value, p->length);
5404
5405 INIT_LIST_HEAD(&p->list);
5406 list_add(&p->list, &m->patterns);
5407 }
5408
b4a221ea
AP		 5409 return MGMT_STATUS_SUCCESS;
5410}
5411
5412static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5413 void *data, u16 len)
5414{
5415 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5416 struct adv_monitor *m = NULL;
5417 u8 status = MGMT_STATUS_SUCCESS;
5418 size_t expected_size = sizeof(*cp);
5419
5420 BT_DBG("request for %s", hdev->name);
5421
5422 if (len <= sizeof(*cp)) {
5423 status = MGMT_STATUS_INVALID_PARAMS;
5424 goto done;
5425 }
5426
5427 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5428 if (len != expected_size) {
5429 status = MGMT_STATUS_INVALID_PARAMS;
5430 goto done;
5431 }
5432
5433 m = kzalloc(sizeof(*m), GFP_KERNEL);
5434 if (!m) {
5435 status = MGMT_STATUS_NO_RESOURCES;
5436 goto done;
5437 }
5438
5439 INIT_LIST_HEAD(&m->patterns);
5440
5441 parse_adv_monitor_rssi(m, NULL);
5442 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5443
5444done:
a2a4dedf 5445 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea
AP		 5446 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5447}
5448
5449static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5450 void *data, u16 len)
5451{
5452 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5453 struct adv_monitor *m = NULL;
5454 u8 status = MGMT_STATUS_SUCCESS;
5455 size_t expected_size = sizeof(*cp);
5456
5457 BT_DBG("request for %s", hdev->name);
5458
5459 if (len <= sizeof(*cp)) {
5460 status = MGMT_STATUS_INVALID_PARAMS;
5461 goto done;
5462 }
5463
5464 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5465 if (len != expected_size) {
5466 status = MGMT_STATUS_INVALID_PARAMS;
5467 goto done;
5468 }
5469
5470 m = kzalloc(sizeof(*m), GFP_KERNEL);
5471 if (!m) {
5472 status = MGMT_STATUS_NO_RESOURCES;
5473 goto done;
5474 }
5475
5476 INIT_LIST_HEAD(&m->patterns);
5477
5478 parse_adv_monitor_rssi(m, &cp->rssi);
5479 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5480
5481done:
a2a4dedf 5482 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea 5483 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
b139553d
MC		 5484}
5485
7cf5c297
MM		 5486static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5487 void *data, int status)
66bd095a
AP		 5488{
5489 struct mgmt_rp_remove_adv_monitor rp;
7cf5c297
MM		 5490 struct mgmt_pending_cmd *cmd = data;
5491 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
66bd095a
AP		 5492
5493 hci_dev_lock(hdev);
5494
66bd095a
AP		 5495 rp.monitor_handle = cp->monitor_handle;
5496
5497 if (!status)
5bee2fd6 5498 hci_update_passive_scan(hdev);
66bd095a 5499
7cf5c297
MM		 5500 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5501 mgmt_status(status), &rp, sizeof(rp));
66bd095a
AP		 5502 mgmt_pending_remove(cmd);
5503
66bd095a 5504 hci_dev_unlock(hdev);
7cf5c297 5505 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
66bd095a 5506 rp.monitor_handle, status);
7cf5c297 5507}
66bd095a 5508
7cf5c297
MM		 5509static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5510{
5511 struct mgmt_pending_cmd *cmd = data;
5512 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5513 u16 handle = __le16_to_cpu(cp->monitor_handle);
5514
5515 if (!handle)
5516 return hci_remove_all_adv_monitor(hdev);
5517
5518 return hci_remove_single_adv_monitor(hdev, handle);
66bd095a
AP		 5519}
5520
bd2fbc6c
MC		 5521static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5522 void *data, u16 len)
5523{
66bd095a 5524 struct mgmt_pending_cmd *cmd;
66bd095a 5525 int err, status;
bd2fbc6c
MC		 5526
5527 hci_dev_lock(hdev);
5528
66bd095a
AP		 5529 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5530 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5531 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5532 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5533 status = MGMT_STATUS_BUSY;
5534 goto unlock;
5535 }
bd2fbc6c 5536
66bd095a
AP		 5537 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5538 if (!cmd) {
5539 status = MGMT_STATUS_NO_RESOURCES;
bd2fbc6c
MC		 5540 goto unlock;
5541 }
5542
7cf5c297
MM		 5543 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5544 mgmt_remove_adv_monitor_complete);
cdde92e2 5545
66bd095a
AP		 5546 if (err) {
5547 mgmt_pending_remove(cmd);
bd2fbc6c 5548
7cf5c297
MM		 5549 if (err == -ENOMEM)
5550 status = MGMT_STATUS_NO_RESOURCES;
66bd095a
AP		 5551 else
5552 status = MGMT_STATUS_FAILED;
5553
7cf5c297 5554 goto unlock;
66bd095a 5555 }
bd2fbc6c 5556
66bd095a 5557 hci_dev_unlock(hdev);
7cf5c297 5558
66bd095a 5559 return 0;
bd2fbc6c
MC		 5560
5561unlock:
5562 hci_dev_unlock(hdev);
66bd095a
AP		 5563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5564 status);
bd2fbc6c
MC		 5565}
5566
f892244b 5567static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
1b9441f8
JH		 5568{
5569 struct mgmt_rp_read_local_oob_data mgmt_rp;
5570 size_t rp_size = sizeof(mgmt_rp);
f892244b
BG		 5571 struct mgmt_pending_cmd *cmd = data;
5572 struct sk_buff *skb = cmd->skb;
5573 u8 status = mgmt_status(err);
1b9441f8 5574
f892244b
BG		 5575 if (!status) {
5576 if (!skb)
5577 status = MGMT_STATUS_FAILED;
5578 else if (IS_ERR(skb))
5579 status = mgmt_status(PTR_ERR(skb));
5580 else
5581 status = mgmt_status(skb->data[0]);
5582 }
1b9441f8 5583
f892244b 5584 bt_dev_dbg(hdev, "status %d", status);
1b9441f8 5585
f892244b
BG		 5586 if (status) {
5587 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
1b9441f8
JH		 5588 goto remove;
5589 }
5590
5591 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5592
f892244b 5593 if (!bredr_sc_enabled(hdev)) {
1b9441f8
JH		 5594 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5595
5596 if (skb->len < sizeof(*rp)) {
5597 mgmt_cmd_status(cmd->sk, hdev->id,
5598 MGMT_OP_READ_LOCAL_OOB_DATA,
5599 MGMT_STATUS_FAILED);
5600 goto remove;
5601 }
5602
5603 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5604 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5605
5606 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5607 } else {
5608 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5609
5610 if (skb->len < sizeof(*rp)) {
5611 mgmt_cmd_status(cmd->sk, hdev->id,
5612 MGMT_OP_READ_LOCAL_OOB_DATA,
5613 MGMT_STATUS_FAILED);
5614 goto remove;
5615 }
5616
5617 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5618 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5619
5620 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5621 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5622 }
5623
5624 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5625 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5626
5627remove:
f892244b
BG		 5628 if (skb && !IS_ERR(skb))
5629 kfree_skb(skb);
5630
5631 mgmt_pending_free(cmd);
5632}
5633
5634static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5635{
5636 struct mgmt_pending_cmd *cmd = data;
5637
5638 if (bredr_sc_enabled(hdev))
5639 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5640 else
5641 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5642
5643 if (IS_ERR(cmd->skb))
5644 return PTR_ERR(cmd->skb);
5645 else
5646 return 0;
1b9441f8
JH		 5647}
5648
0f4e68cf 5649static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 5650 void *data, u16 data_len)
c35938b2 5651{
3b0602cd 5652 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 5653 int err;
5654
181d6953 5655 bt_dev_dbg(hdev, "sock %p", sk);
c35938b2 5656
09fd0de5 5657 hci_dev_lock(hdev);
c35938b2 5658
4b34ee78 5659 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 5660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5661 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 5662 goto unlock;
5663 }
5664
9a1a1996 5665 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 5666 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5667 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 5668 goto unlock;
5669 }
5670
f892244b
BG		 5671 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5672 if (!cmd)
c35938b2 5673 err = -ENOMEM;
4d2d2796 5674 else
f892244b
BG		 5675 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5676 read_local_oob_data_complete);
4d2d2796 5677
f892244b
BG		 5678 if (err < 0) {
5679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5680 MGMT_STATUS_FAILED);
5681
5682 if (cmd)
5683 mgmt_pending_free(cmd);
5684 }
c35938b2
SJ		 5685
5686unlock:
09fd0de5 5687 hci_dev_unlock(hdev);
c35938b2
SJ		 5688 return err;
5689}
5690
bdb6d971 5691static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 5692 void *data, u16 len)
2763eda6 5693{
5d57e796 5694 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 5695 int err;
5696
181d6953 5697 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5698
5d57e796 5699 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 5700 return mgmt_cmd_complete(sk, hdev->id,
5701 MGMT_OP_ADD_REMOTE_OOB_DATA,
5702 MGMT_STATUS_INVALID_PARAMS,
5703 addr, sizeof(*addr));
5d57e796 5704
09fd0de5 5705 hci_dev_lock(hdev);
2763eda6 5706
ec109113
MH		 5707 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5708 struct mgmt_cp_add_remote_oob_data *cp = data;
5709 u8 status;
bf1e3541 5710
c19a495c 5711 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 5712 err = mgmt_cmd_complete(sk, hdev->id,
5713 MGMT_OP_ADD_REMOTE_OOB_DATA,
5714 MGMT_STATUS_INVALID_PARAMS,
5715 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 5716 goto unlock;
5717 }
5718
ec109113 5719 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 5720 cp->addr.type, cp->hash,
5721 cp->rand, NULL, NULL);
ec109113
MH		 5722 if (err < 0)
5723 status = MGMT_STATUS_FAILED;
5724 else
5725 status = MGMT_STATUS_SUCCESS;
5726
2a1afb5a
JH		 5727 err = mgmt_cmd_complete(sk, hdev->id,
5728 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5729 &cp->addr, sizeof(cp->addr));
ec109113
MH		 5730 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5731 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 5732 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 5733 u8 status;
5734
86df9200 5735 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 5736 /* Enforce zero-valued 192-bit parameters as
5737 * long as legacy SMP OOB isn't implemented.
5738 */
5739 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5740 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 5741 err = mgmt_cmd_complete(sk, hdev->id,
5742 MGMT_OP_ADD_REMOTE_OOB_DATA,
5743 MGMT_STATUS_INVALID_PARAMS,
5744 addr, sizeof(*addr));
d25b78e2
JH		 5745 goto unlock;
5746 }
5747
86df9200
JH		 5748 rand192 = NULL;
5749 hash192 = NULL;
5750 } else {
41bcfd50
MH		 5751 /* In case one of the P-192 values is set to zero,
5752 * then just disable OOB data for P-192.
5753 */
5754 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5755 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5756 rand192 = NULL;
5757 hash192 = NULL;
5758 } else {
5759 rand192 = cp->rand192;
5760 hash192 = cp->hash192;
5761 }
5762 }
5763
5764 /* In case one of the P-256 values is set to zero, then just
5765 * disable OOB data for P-256.
5766 */
5767 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5768 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5769 rand256 = NULL;
5770 hash256 = NULL;
5771 } else {
5772 rand256 = cp->rand256;
5773 hash256 = cp->hash256;
86df9200
JH		 5774 }
5775
81328d5c 5776 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 5777 cp->addr.type, hash192, rand192,
41bcfd50 5778 hash256, rand256);
ec109113
MH		 5779 if (err < 0)
5780 status = MGMT_STATUS_FAILED;
5781 else
5782 status = MGMT_STATUS_SUCCESS;
5783
2a1afb5a
JH		 5784 err = mgmt_cmd_complete(sk, hdev->id,
5785 MGMT_OP_ADD_REMOTE_OOB_DATA,
5786 status, &cp->addr, sizeof(cp->addr));
ec109113 5787 } else {
2064ee33
MH		 5788 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5789 len);
a69e8375
JH		 5790 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5791 MGMT_STATUS_INVALID_PARAMS);
ec109113 5792 }
2763eda6 5793
c19a495c 5794unlock:
09fd0de5 5795 hci_dev_unlock(hdev);
2763eda6
SJ		 5796 return err;
5797}
5798
bdb6d971 5799static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 5800 void *data, u16 len)
2763eda6 5801{
650f726d 5802 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 5803 u8 status;
2763eda6
SJ		 5804 int err;
5805
181d6953 5806 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5807
c19a495c 5808 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5809 return mgmt_cmd_complete(sk, hdev->id,
5810 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5811 MGMT_STATUS_INVALID_PARAMS,
5812 &cp->addr, sizeof(cp->addr));
c19a495c 5813
09fd0de5 5814 hci_dev_lock(hdev);
2763eda6 5815
eedbd581
JH		 5816 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5817 hci_remote_oob_data_clear(hdev);
5818 status = MGMT_STATUS_SUCCESS;
5819 goto done;
5820 }
5821
6928a924 5822 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 5823 if (err < 0)
bf1e3541 5824 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 5825 else
a6785be2 5826 status = MGMT_STATUS_SUCCESS;
bf1e3541 5827
eedbd581 5828done:
2a1afb5a
JH		 5829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5830 status, &cp->addr, sizeof(cp->addr));
2763eda6 5831
09fd0de5 5832 hci_dev_unlock(hdev);
2763eda6
SJ		 5833 return err;
5834}
5835
e68f072b 5836void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 5837{
3b0602cd 5838 struct mgmt_pending_cmd *cmd;
ae55f598 5839
85d67284 5840 bt_dev_dbg(hdev, "status %u", status);
7c307720 5841
11e6e25d 5842 hci_dev_lock(hdev);
41dc2bd6 5843
333ae95d 5844 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 5845 if (!cmd)
333ae95d 5846 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 5847
78b781ca
JH		 5848 if (!cmd)
5849 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5850
11e6e25d 5851 if (cmd) {
2922a94f 5852 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 5853 mgmt_pending_remove(cmd);
5854 }
7c307720 5855
11e6e25d 5856 hci_dev_unlock(hdev);
7c307720
AG		 5857}
5858
591752af
JH		 5859static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5860 uint8_t *mgmt_status)
5861{
5862 switch (type) {
5863 case DISCOV_TYPE_LE:
5864 *mgmt_status = mgmt_le_support(hdev);
5865 if (*mgmt_status)
5866 return false;
5867 break;
5868 case DISCOV_TYPE_INTERLEAVED:
5869 *mgmt_status = mgmt_le_support(hdev);
5870 if (*mgmt_status)
5871 return false;
19186c7b 5872 fallthrough;
591752af
JH		 5873 case DISCOV_TYPE_BREDR:
5874 *mgmt_status = mgmt_bredr_support(hdev);
5875 if (*mgmt_status)
5876 return false;
5877 break;
5878 default:
5879 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5880 return false;
5881 }
5882
5883 return true;
5884}
5885
abfeea47
LAD		 5886static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5887{
5888 struct mgmt_pending_cmd *cmd = data;
5889
275f3f64
BG		 5890 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5891 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5892 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5893 return;
5894
abfeea47
LAD		 5895 bt_dev_dbg(hdev, "err %d", err);
5896
5897 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5898 cmd->param, 1);
275f3f64 5899 mgmt_pending_remove(cmd);
abfeea47 5900
182ee45d 5901 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
abfeea47
LAD		 5902 DISCOVERY_FINDING);
5903}
5904
5905static int start_discovery_sync(struct hci_dev *hdev, void *data)
5906{
5907 return hci_start_discovery_sync(hdev);
5908}
5909
78b781ca
JH		 5910static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5911 u16 op, void *data, u16 len)
14a53664 5912{
650f726d 5913 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 5914 struct mgmt_pending_cmd *cmd;
8019044d 5915 u8 status;
14a53664
JH		 5916 int err;
5917
181d6953 5918 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5919
09fd0de5 5920 hci_dev_lock(hdev);
14a53664 5921
4b34ee78 5922 if (!hdev_is_powered(hdev)) {
78b781ca 5923 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 5924 MGMT_STATUS_NOT_POWERED,
5925 &cp->type, sizeof(cp->type));
bd2d1334
JH		 5926 goto failed;
5927 }
5928
f5a969f2 5929 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5930 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 5931 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5932 &cp->type, sizeof(cp->type));
642be6c7
AG		 5933 goto failed;
5934 }
5935
591752af 5936 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 5937 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5938 &cp->type, sizeof(cp->type));
591752af
JH		 5939 goto failed;
5940 }
5941
4867bd00
APS		 5942 /* Can't start discovery when it is paused */
5943 if (hdev->discovery_paused) {
5944 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5945 &cp->type, sizeof(cp->type));
5946 goto failed;
5947 }
5948
22078800
MH		 5949 /* Clear the discovery filter first to free any previously
5950 * allocated memory for the UUID list.
5951 */
5952 hci_discovery_filter_clear(hdev);
5953
4aab14e5 5954 hdev->discovery.type = cp->type;
da25cf6a 5955 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 5956 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5957 hdev->discovery.limited = true;
5958 else
5959 hdev->discovery.limited = false;
4aab14e5 5960
275f3f64 5961 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 5962 if (!cmd) {
5963 err = -ENOMEM;
04106755 5964 goto failed;
f39799f5 5965 }
04106755 5966
abfeea47
LAD		 5967 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5968 start_discovery_complete);
5969 if (err < 0) {
275f3f64 5970 mgmt_pending_remove(cmd);
abfeea47
LAD		 5971 goto failed;
5972 }
7c307720 5973
f5a969f2 5974 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 5975
14a53664 5976failed:
09fd0de5 5977 hci_dev_unlock(hdev);
14a53664
JH		 5978 return err;
5979}
f39799f5 5980
78b781ca
JH		 5981static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5982 void *data, u16 len)
5983{
5984 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5985 data, len);
5986}
5987
5988static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5989 void *data, u16 len)
5990{
5991 return start_discovery_internal(sk, hdev,
5992 MGMT_OP_START_LIMITED_DISCOVERY,
5993 data, len);
5994}
5995
66ea9427
JP		 5996static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5997 void *data, u16 len)
5998{
5999 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 6000 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 6001 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
6002 u16 uuid_count, expected_len;
6003 u8 status;
6004 int err;
04106755 6005
181d6953 6006 bt_dev_dbg(hdev, "sock %p", sk);
e8bb6b97 6007
66ea9427 6008 hci_dev_lock(hdev);
7c307720 6009
66ea9427 6010 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6011 err = mgmt_cmd_complete(sk, hdev->id,
6012 MGMT_OP_START_SERVICE_DISCOVERY,
6013 MGMT_STATUS_NOT_POWERED,
6014 &cp->type, sizeof(cp->type));
66ea9427
JP		 6015 goto failed;
6016 }
7c307720 6017
66ea9427 6018 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 6019 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
36211f7f
APS		 6020 err = mgmt_cmd_complete(sk, hdev->id,
6021 MGMT_OP_START_SERVICE_DISCOVERY,
6022 MGMT_STATUS_BUSY, &cp->type,
6023 sizeof(cp->type));
6024 goto failed;
6025 }
6026
6027 if (hdev->discovery_paused) {
2a1afb5a
JH		 6028 err = mgmt_cmd_complete(sk, hdev->id,
6029 MGMT_OP_START_SERVICE_DISCOVERY,
6030 MGMT_STATUS_BUSY, &cp->type,
6031 sizeof(cp->type));
66ea9427
JP		 6032 goto failed;
6033 }
d9483943 6034
66ea9427
JP		 6035 uuid_count = __le16_to_cpu(cp->uuid_count);
6036 if (uuid_count > max_uuid_count) {
2064ee33
MH		 6037 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6038 uuid_count);
2a1afb5a
JH		 6039 err = mgmt_cmd_complete(sk, hdev->id,
6040 MGMT_OP_START_SERVICE_DISCOVERY,
6041 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6042 sizeof(cp->type));
66ea9427
JP		 6043 goto failed;
6044 }
6045
6046 expected_len = sizeof(*cp) + uuid_count * 16;
6047 if (expected_len != len) {
2064ee33
MH		 6048 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6049 expected_len, len);
2a1afb5a
JH		 6050 err = mgmt_cmd_complete(sk, hdev->id,
6051 MGMT_OP_START_SERVICE_DISCOVERY,
6052 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6053 sizeof(cp->type));
66ea9427
JP		 6054 goto failed;
6055 }
6056
591752af
JH		 6057 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6058 err = mgmt_cmd_complete(sk, hdev->id,
6059 MGMT_OP_START_SERVICE_DISCOVERY,
6060 status, &cp->type, sizeof(cp->type));
6061 goto failed;
6062 }
6063
275f3f64 6064 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 6065 hdev, data, len);
66ea9427
JP		 6066 if (!cmd) {
6067 err = -ENOMEM;
6068 goto failed;
6069 }
6070
22078800
MH		 6071 /* Clear the discovery filter first to free any previously
6072 * allocated memory for the UUID list.
6073 */
6074 hci_discovery_filter_clear(hdev);
6075
82f8b651 6076 hdev->discovery.result_filtering = true;
66ea9427
JP		 6077 hdev->discovery.type = cp->type;
6078 hdev->discovery.rssi = cp->rssi;
6079 hdev->discovery.uuid_count = uuid_count;
6080
6081 if (uuid_count > 0) {
6082 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6083 GFP_KERNEL);
6084 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 6085 err = mgmt_cmd_complete(sk, hdev->id,
6086 MGMT_OP_START_SERVICE_DISCOVERY,
6087 MGMT_STATUS_FAILED,
6088 &cp->type, sizeof(cp->type));
d9483943
JH		 6089 mgmt_pending_remove(cmd);
6090 goto failed;
6091 }
66ea9427 6092 }
d9483943 6093
abfeea47
LAD		 6094 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6095 start_discovery_complete);
6096 if (err < 0) {
275f3f64 6097 mgmt_pending_remove(cmd);
abfeea47
LAD		 6098 goto failed;
6099 }
6100
66ea9427 6101 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 6102
6103failed:
09fd0de5 6104 hci_dev_unlock(hdev);
14a53664
JH		 6105 return err;
6106}
6107
2154d3f4 6108void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 6109{
3b0602cd 6110 struct mgmt_pending_cmd *cmd;
1183fdca 6111
85d67284 6112 bt_dev_dbg(hdev, "status %u", status);
0e05bba6
AG		 6113
6114 hci_dev_lock(hdev);
6115
333ae95d 6116 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 6117 if (cmd) {
2922a94f 6118 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 6119 mgmt_pending_remove(cmd);
0e05bba6
AG		 6120 }
6121
0e05bba6
AG		 6122 hci_dev_unlock(hdev);
6123}
6124
abfeea47
LAD		 6125static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6126{
6127 struct mgmt_pending_cmd *cmd = data;
6128
275f3f64
BG		 6129 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6130 return;
6131
abfeea47
LAD		 6132 bt_dev_dbg(hdev, "err %d", err);
6133
6134 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6135 cmd->param, 1);
275f3f64 6136 mgmt_pending_remove(cmd);
abfeea47 6137
abfeea47
LAD		 6138 if (!err)
6139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6140}
6141
6142static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6143{
6144 return hci_stop_discovery_sync(hdev);
6145}
6146
bdb6d971 6147static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6148 u16 len)
14a53664 6149{
d930650b 6150 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 6151 struct mgmt_pending_cmd *cmd;
14a53664
JH		 6152 int err;
6153
181d6953 6154 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 6155
09fd0de5 6156 hci_dev_lock(hdev);
14a53664 6157
30dc78e1 6158 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 6159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6160 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6161 sizeof(mgmt_cp->type));
d930650b
JH		 6162 goto unlock;
6163 }
6164
6165 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 6166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6167 MGMT_STATUS_INVALID_PARAMS,
6168 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 6169 goto unlock;
ff9ef578
JH		 6170 }
6171
275f3f64 6172 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 6173 if (!cmd) {
6174 err = -ENOMEM;
30dc78e1
JH		 6175 goto unlock;
6176 }
6177
abfeea47
LAD		 6178 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6179 stop_discovery_complete);
6180 if (err < 0) {
275f3f64 6181 mgmt_pending_remove(cmd);
abfeea47
LAD		 6182 goto unlock;
6183 }
2922a94f 6184
2154d3f4 6185 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 6186
30dc78e1 6187unlock:
09fd0de5 6188 hci_dev_unlock(hdev);
14a53664
JH		 6189 return err;
6190}
6191
bdb6d971 6192static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6193 u16 len)
561aafbc 6194{
650f726d 6195 struct mgmt_cp_confirm_name *cp = data;
561aafbc 6196 struct inquiry_entry *e;
561aafbc
JH		 6197 int err;
6198
181d6953 6199 bt_dev_dbg(hdev, "sock %p", sk);
561aafbc 6200
561aafbc
JH		 6201 hci_dev_lock(hdev);
6202
30dc78e1 6203 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 6204 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6205 MGMT_STATUS_FAILED, &cp->addr,
6206 sizeof(cp->addr));
30dc78e1
JH		 6207 goto failed;
6208 }
6209
a198e7b1 6210 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 6211 if (!e) {
2a1afb5a
JH		 6212 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6213 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6214 sizeof(cp->addr));
561aafbc
JH		 6215 goto failed;
6216 }
6217
6218 if (cp->name_known) {
6219 e->name_state = NAME_KNOWN;
6220 list_del(&e->list);
6221 } else {
6222 e->name_state = NAME_NEEDED;
a3d4e20a 6223 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 6224 }
6225
2a1afb5a
JH		 6226 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6227 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 6228
6229failed:
6230 hci_dev_unlock(hdev);
561aafbc
JH		 6231 return err;
6232}
6233
bdb6d971 6234static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6235 u16 len)
7fbec224 6236{
650f726d 6237 struct mgmt_cp_block_device *cp = data;
f0eeea8b 6238 u8 status;
7fbec224
AJ		 6239 int err;
6240
181d6953 6241 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 6242
4ee71b20 6243 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6244 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6245 MGMT_STATUS_INVALID_PARAMS,
6246 &cp->addr, sizeof(cp->addr));
4ee71b20 6247
09fd0de5 6248 hci_dev_lock(hdev);
5e762444 6249
3d4f9c00 6250 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 6251 cp->addr.type);
2a8357f2 6252 if (err < 0) {
f0eeea8b 6253 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 6254 goto done;
6255 }
6256
6257 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6258 sk);
6259 status = MGMT_STATUS_SUCCESS;
f0eeea8b 6260
2a8357f2 6261done:
2a1afb5a
JH		 6262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6263 &cp->addr, sizeof(cp->addr));
5e762444 6264
09fd0de5 6265 hci_dev_unlock(hdev);
7fbec224
AJ		 6266
6267 return err;
6268}
6269
bdb6d971 6270static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6271 u16 len)
7fbec224 6272{
650f726d 6273 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 6274 u8 status;
7fbec224
AJ		 6275 int err;
6276
181d6953 6277 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 6278
4ee71b20 6279 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6280 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6281 MGMT_STATUS_INVALID_PARAMS,
6282 &cp->addr, sizeof(cp->addr));
4ee71b20 6283
09fd0de5 6284 hci_dev_lock(hdev);
5e762444 6285
3d4f9c00 6286 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 6287 cp->addr.type);
2a8357f2 6288 if (err < 0) {
f0eeea8b 6289 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 6290 goto done;
6291 }
6292
6293 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6294 sk);
6295 status = MGMT_STATUS_SUCCESS;
f0eeea8b 6296
2a8357f2 6297done:
2a1afb5a
JH		 6298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6299 &cp->addr, sizeof(cp->addr));
5e762444 6300
09fd0de5 6301 hci_dev_unlock(hdev);
7fbec224
AJ		 6302
6303 return err;
6304}
6305
161510cc
LAD		 6306static int set_device_id_sync(struct hci_dev *hdev, void *data)
6307{
6308 return hci_update_eir_sync(hdev);
6309}
6310
cdbaccca
MH		 6311static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6312 u16 len)
6313{
6314 struct mgmt_cp_set_device_id *cp = data;
6315 int err;
c72d4b8a 6316 __u16 source;
cdbaccca 6317
181d6953 6318 bt_dev_dbg(hdev, "sock %p", sk);
cdbaccca 6319
c72d4b8a
SJ		 6320 source = __le16_to_cpu(cp->source);
6321
6322 if (source > 0x0002)
a69e8375
JH		 6323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6324 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 6325
cdbaccca
MH		 6326 hci_dev_lock(hdev);
6327
c72d4b8a 6328 hdev->devid_source = source;
cdbaccca
MH		 6329 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6330 hdev->devid_product = __le16_to_cpu(cp->product);
6331 hdev->devid_version = __le16_to_cpu(cp->version);
6332
2a1afb5a
JH		 6333 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6334 NULL, 0);
cdbaccca 6335
161510cc 6336 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
cdbaccca
MH		 6337
6338 hci_dev_unlock(hdev);
6339
6340 return err;
6341}
6342
26ac4c56 6343static void enable_advertising_instance(struct hci_dev *hdev, int err)
24b4f38f 6344{
26ac4c56
BG		 6345 if (err)
6346 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6347 else
6348 bt_dev_dbg(hdev, "status %d", err);
24b4f38f
AU		 6349}
6350
26ac4c56 6351static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
4375f103
JH		 6352{
6353 struct cmd_lookup match = { NULL, hdev };
7816b820
FG		 6354 u8 instance;
6355 struct adv_info *adv_instance;
26ac4c56 6356 u8 status = mgmt_status(err);
3ad67582 6357
4375f103 6358 if (status) {
4375f103 6359 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
26ac4c56
BG		 6360 cmd_status_rsp, &status);
6361 return;
4375f103
JH		 6362 }
6363
d7a5a11d 6364 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 6365 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 6366 else
a358dc11 6367 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 6368
4375f103
JH		 6369 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6370 &match);
6371
6372 new_settings(hdev, match.sk);
6373
6374 if (match.sk)
6375 sock_put(match.sk);
3ad67582 6376
24b4f38f 6377 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 6378 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 6379 */
6380 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 6381 list_empty(&hdev->adv_instances))
26ac4c56 6382 return;
24b4f38f 6383
7816b820
FG		 6384 instance = hdev->cur_adv_instance;
6385 if (!instance) {
6386 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6387 struct adv_info, list);
6388 if (!adv_instance)
26ac4c56 6389 return;
7816b820
FG		 6390
6391 instance = adv_instance->instance;
6392 }
6393
26ac4c56 6394 err = hci_schedule_adv_instance_sync(hdev, instance, true);
24b4f38f 6395
26ac4c56
BG		 6396 enable_advertising_instance(hdev, err);
6397}
7816b820 6398
26ac4c56
BG		 6399static int set_adv_sync(struct hci_dev *hdev, void *data)
6400{
6401 struct mgmt_pending_cmd *cmd = data;
6402 struct mgmt_mode *cp = cmd->param;
6403 u8 val = !!cp->val;
24b4f38f 6404
26ac4c56
BG		 6405 if (cp->val == 0x02)
6406 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6407 else
6408 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
24b4f38f 6409
26ac4c56
BG		 6410 cancel_adv_timeout(hdev);
6411
6412 if (val) {
6413 /* Switch to instance "0" for the Set Advertising setting.
6414 * We cannot use update_[adv|scan_rsp]_data() here as the
6415 * HCI_ADVERTISING flag is not yet set.
6416 */
6417 hdev->cur_adv_instance = 0x00;
6418
6419 if (ext_adv_capable(hdev)) {
6420 hci_start_ext_adv_sync(hdev, 0x00);
6421 } else {
6422 hci_update_adv_data_sync(hdev, 0x00);
6423 hci_update_scan_rsp_data_sync(hdev, 0x00);
6424 hci_enable_advertising_sync(hdev);
6425 }
6426 } else {
6427 hci_disable_advertising_sync(hdev);
6428 }
6429
6430 return 0;
4375f103
JH		 6431}
6432
21b5187f
MH		 6433static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6434 u16 len)
4375f103
JH		 6435{
6436 struct mgmt_mode *cp = data;
3b0602cd 6437 struct mgmt_pending_cmd *cmd;
cc91cb04 6438 u8 val, status;
4375f103
JH		 6439 int err;
6440
181d6953 6441 bt_dev_dbg(hdev, "sock %p", sk);
4375f103 6442
e6fe7986
JH		 6443 status = mgmt_le_support(hdev);
6444 if (status)
a69e8375
JH		 6445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6446 status);
4375f103 6447
cc91cb04 6448 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6449 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6450 MGMT_STATUS_INVALID_PARAMS);
4375f103 6451
4867bd00
APS		 6452 if (hdev->advertising_paused)
6453 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6454 MGMT_STATUS_BUSY);
6455
4375f103
JH		 6456 hci_dev_lock(hdev);
6457
6458 val = !!cp->val;
4375f103 6459
f74ca9b8
JH		 6460 /* The following conditions are ones which mean that we should
6461 * not do any HCI communication but directly send a mgmt
6462 * response to user space (after toggling the flag if
6463 * necessary).
6464 */
cc91cb04 6465 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 6466 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6467 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
b338d917 6468 hci_dev_test_flag(hdev, HCI_MESH) ||
e8bb6b97 6469 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 6470 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 6471 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 6472 bool changed;
4375f103 6473
cc91cb04 6474 if (cp->val) {
cab054ab 6475 hdev->cur_adv_instance = 0x00;
238be788 6476 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 6477 if (cp->val == 0x02)
a1536da2 6478 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 6479 else
a358dc11 6480 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 6481 } else {
a69d8927 6482 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 6483 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 6484 }
6485
6486 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6487 if (err < 0)
6488 goto unlock;
6489
6490 if (changed)
6491 err = new_settings(hdev, sk);
6492
6493 goto unlock;
6494 }
6495
333ae95d
JH		 6496 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6497 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 6498 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6499 MGMT_STATUS_BUSY);
4375f103
JH		 6500 goto unlock;
6501 }
6502
6503 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
26ac4c56 6504 if (!cmd)
4375f103 6505 err = -ENOMEM;
cc91cb04 6506 else
26ac4c56
BG		 6507 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6508 set_advertising_complete);
de181e88 6509
26ac4c56 6510 if (err < 0 && cmd)
4375f103
JH		 6511 mgmt_pending_remove(cmd);
6512
6513unlock:
6514 hci_dev_unlock(hdev);
6515 return err;
6516}
6517
d13eafce
MH		 6518static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6519 void *data, u16 len)
6520{
6521 struct mgmt_cp_set_static_address *cp = data;
6522 int err;
6523
181d6953 6524 bt_dev_dbg(hdev, "sock %p", sk);
d13eafce 6525
62af4443 6526 if (!lmp_le_capable(hdev))
a69e8375
JH		 6527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6528 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 6529
6530 if (hdev_is_powered(hdev))
a69e8375
JH		 6531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6532 MGMT_STATUS_REJECTED);
d13eafce
MH		 6533
6534 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6535 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 6536 return mgmt_cmd_status(sk, hdev->id,
6537 MGMT_OP_SET_STATIC_ADDRESS,
6538 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 6539
6540 /* Two most significant bits shall be set */
6541 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 6542 return mgmt_cmd_status(sk, hdev->id,
6543 MGMT_OP_SET_STATIC_ADDRESS,
6544 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 6545 }
6546
6547 hci_dev_lock(hdev);
6548
6549 bacpy(&hdev->static_addr, &cp->bdaddr);
6550
93690c22
MH		 6551 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6552 if (err < 0)
6553 goto unlock;
6554
6555 err = new_settings(hdev, sk);
d13eafce 6556
93690c22 6557unlock:
d13eafce 6558 hci_dev_unlock(hdev);
d13eafce
MH		 6559 return err;
6560}
6561
14b49b9a
MH		 6562static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6563 void *data, u16 len)
6564{
6565 struct mgmt_cp_set_scan_params *cp = data;
6566 __u16 interval, window;
6567 int err;
6568
181d6953 6569 bt_dev_dbg(hdev, "sock %p", sk);
14b49b9a
MH		 6570
6571 if (!lmp_le_capable(hdev))
a69e8375
JH		 6572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6573 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 6574
6575 interval = __le16_to_cpu(cp->interval);
6576
6577 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 6578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6579 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 6580
6581 window = __le16_to_cpu(cp->window);
6582
6583 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 6584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6585 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 6586
899e1075 6587 if (window > interval)
a69e8375
JH		 6588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6589 MGMT_STATUS_INVALID_PARAMS);
899e1075 6590
14b49b9a
MH		 6591 hci_dev_lock(hdev);
6592
6593 hdev->le_scan_interval = interval;
6594 hdev->le_scan_window = window;
6595
2a1afb5a
JH		 6596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6597 NULL, 0);
14b49b9a 6598
dd2ef8e2
AG		 6599 /* If background scan is running, restart it so new parameters are
6600 * loaded.
6601 */
d7a5a11d 6602 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
abfeea47
LAD		 6603 hdev->discovery.state == DISCOVERY_STOPPED)
6604 hci_update_passive_scan(hdev);
dd2ef8e2 6605
14b49b9a
MH		 6606 hci_dev_unlock(hdev);
6607
6608 return err;
6609}
6610
353a0249 6611static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
33e38b3e 6612{
353a0249 6613 struct mgmt_pending_cmd *cmd = data;
33e38b3e 6614
353a0249 6615 bt_dev_dbg(hdev, "err %d", err);
33e38b3e 6616
353a0249 6617 if (err) {
a69e8375 6618 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
353a0249 6619 mgmt_status(err));
33e38b3e 6620 } else {
1a4d3c4b
JH		 6621 struct mgmt_mode *cp = cmd->param;
6622
6623 if (cp->val)
a1536da2 6624 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 6625 else
a358dc11 6626 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 6627
33e38b3e
JH		 6628 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6629 new_settings(hdev, cmd->sk);
6630 }
6631
353a0249
BG		 6632 mgmt_pending_free(cmd);
6633}
33e38b3e 6634
353a0249
BG		 6635static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6636{
6637 struct mgmt_pending_cmd *cmd = data;
6638 struct mgmt_mode *cp = cmd->param;
6639
6640 return hci_write_fast_connectable_sync(hdev, cp->val);
33e38b3e
JH		 6641}
6642
bdb6d971 6643static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 6644 void *data, u16 len)
f6422ec6 6645{
650f726d 6646 struct mgmt_mode *cp = data;
3b0602cd 6647 struct mgmt_pending_cmd *cmd;
f6422ec6
AJ		 6648 int err;
6649
181d6953 6650 bt_dev_dbg(hdev, "sock %p", sk);
f6422ec6 6651
d7a5a11d 6652 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 6653 hdev->hci_ver < BLUETOOTH_VER_1_2)
353a0249
BG		 6654 return mgmt_cmd_status(sk, hdev->id,
6655 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 6656 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 6657
a7e80f25 6658 if (cp->val != 0x00 && cp->val != 0x01)
353a0249
BG		 6659 return mgmt_cmd_status(sk, hdev->id,
6660 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 6661 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 6662
f6422ec6
AJ		 6663 hci_dev_lock(hdev);
6664
d7a5a11d 6665 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
353a0249 6666 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
1a4d3c4b
JH		 6667 goto unlock;
6668 }
6669
406ef2a6 6670 if (!hdev_is_powered(hdev)) {
ce05d603 6671 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
353a0249 6672 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
406ef2a6
JH		 6673 new_settings(hdev, sk);
6674 goto unlock;
6675 }
6676
353a0249
BG		 6677 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6678 len);
6679 if (!cmd)
33e38b3e 6680 err = -ENOMEM;
353a0249
BG		 6681 else
6682 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6683 fast_connectable_complete);
f6422ec6 6684
353a0249
BG		 6685 if (err < 0) {
6686 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6687 MGMT_STATUS_FAILED);
33e38b3e 6688
353a0249
BG		 6689 if (cmd)
6690 mgmt_pending_free(cmd);
f6422ec6
AJ		 6691 }
6692
33e38b3e 6693unlock:
f6422ec6 6694 hci_dev_unlock(hdev);
33e38b3e 6695
f6422ec6
AJ		 6696 return err;
6697}
6698
451d95a9 6699static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
0663ca2a 6700{
451d95a9 6701 struct mgmt_pending_cmd *cmd = data;
0663ca2a 6702
451d95a9 6703 bt_dev_dbg(hdev, "err %d", err);
0663ca2a 6704
451d95a9
BG		 6705 if (err) {
6706 u8 mgmt_err = mgmt_status(err);
0663ca2a
JH		 6707
6708 /* We need to restore the flag if related HCI commands
6709 * failed.
6710 */
a358dc11 6711 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6712
a69e8375 6713 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 6714 } else {
6715 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6716 new_settings(hdev, cmd->sk);
6717 }
6718
451d95a9
BG		 6719 mgmt_pending_free(cmd);
6720}
0663ca2a 6721
451d95a9
BG		 6722static int set_bredr_sync(struct hci_dev *hdev, void *data)
6723{
6724 int status;
6725
6726 status = hci_write_fast_connectable_sync(hdev, false);
6727
6728 if (!status)
6729 status = hci_update_scan_sync(hdev);
6730
6731 /* Since only the advertising data flags will change, there
6732 * is no need to update the scan response data.
6733 */
6734 if (!status)
6735 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6736
6737 return status;
0663ca2a
JH		 6738}
6739
6740static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6741{
6742 struct mgmt_mode *cp = data;
3b0602cd 6743 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 6744 int err;
6745
181d6953 6746 bt_dev_dbg(hdev, "sock %p", sk);
0663ca2a
JH		 6747
6748 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 6749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6750 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 6751
d7a5a11d 6752 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6753 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6754 MGMT_STATUS_REJECTED);
0663ca2a
JH		 6755
6756 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 6757 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6758 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 6759
6760 hci_dev_lock(hdev);
6761
d7a5a11d 6762 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 6763 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6764 goto unlock;
6765 }
6766
6767 if (!hdev_is_powered(hdev)) {
6768 if (!cp->val) {
a358dc11
MH		 6769 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6770 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6771 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6772 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6773 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 6774 }
6775
ce05d603 6776 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 6777
6778 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6779 if (err < 0)
6780 goto unlock;
6781
6782 err = new_settings(hdev, sk);
6783 goto unlock;
6784 }
6785
6786 /* Reject disabling when powered on */
6787 if (!cp->val) {
a69e8375
JH		 6788 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6789 MGMT_STATUS_REJECTED);
0663ca2a 6790 goto unlock;
111e4bcc
MH		 6791 } else {
6792 /* When configuring a dual-mode controller to operate
6793 * with LE only and using a static address, then switching
6794 * BR/EDR back on is not allowed.
6795 *
6796 * Dual-mode controllers shall operate with the public
6797 * address as its identity address for BR/EDR and LE. So
6798 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 6799 *
6800 * The same restrictions applies when secure connections
6801 * has been enabled. For BR/EDR this is a controller feature
6802 * while for LE it is a host stack feature. This means that
6803 * switching BR/EDR back on when secure connections has been
6804 * enabled is not a supported transaction.
111e4bcc 6805 */
d7a5a11d 6806 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 6807 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 6808 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 6809 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6810 MGMT_STATUS_REJECTED);
111e4bcc
MH		 6811 goto unlock;
6812 }
0663ca2a
JH		 6813 }
6814
451d95a9
BG		 6815 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6816 if (!cmd)
0663ca2a 6817 err = -ENOMEM;
451d95a9
BG		 6818 else
6819 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6820 set_bredr_complete);
6821
6822 if (err < 0) {
6823 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6824 MGMT_STATUS_FAILED);
6825 if (cmd)
6826 mgmt_pending_free(cmd);
6827
0663ca2a
JH		 6828 goto unlock;
6829 }
6830
f2252570
JH		 6831 /* We need to flip the bit already here so that
6832 * hci_req_update_adv_data generates the correct flags.
0663ca2a 6833 */
a1536da2 6834 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6835
0663ca2a
JH		 6836unlock:
6837 hci_dev_unlock(hdev);
6838 return err;
6839}
6840
2f2eb0c9 6841static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
a1443f5a 6842{
2f2eb0c9 6843 struct mgmt_pending_cmd *cmd = data;
a1443f5a
JH		 6844 struct mgmt_mode *cp;
6845
2f2eb0c9 6846 bt_dev_dbg(hdev, "err %d", err);
a1443f5a 6847
2f2eb0c9
BG		 6848 if (err) {
6849 u8 mgmt_err = mgmt_status(err);
a1443f5a 6850
2f2eb0c9
BG		 6851 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6852 goto done;
a1443f5a
JH		 6853 }
6854
6855 cp = cmd->param;
6856
6857 switch (cp->val) {
6858 case 0x00:
a358dc11
MH		 6859 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6860 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6861 break;
6862 case 0x01:
a1536da2 6863 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 6864 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6865 break;
6866 case 0x02:
a1536da2
MH		 6867 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6868 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6869 break;
6870 }
6871
2f2eb0c9 6872 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
a1443f5a
JH		 6873 new_settings(hdev, cmd->sk);
6874
2f2eb0c9
BG		 6875done:
6876 mgmt_pending_free(cmd);
6877}
6878
6879static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6880{
6881 struct mgmt_pending_cmd *cmd = data;
6882 struct mgmt_mode *cp = cmd->param;
6883 u8 val = !!cp->val;
6884
6885 /* Force write of val */
6886 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6887
6888 return hci_write_sc_support_sync(hdev, val);
a1443f5a
JH		 6889}
6890
eac83dc6
MH		 6891static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6892 void *data, u16 len)
6893{
6894 struct mgmt_mode *cp = data;
3b0602cd 6895 struct mgmt_pending_cmd *cmd;
a3209694 6896 u8 val;
eac83dc6
MH		 6897 int err;
6898
181d6953 6899 bt_dev_dbg(hdev, "sock %p", sk);
eac83dc6 6900
05b3c3e7 6901 if (!lmp_sc_capable(hdev) &&
d7a5a11d 6902 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6904 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 6905
d7a5a11d 6906 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 6907 lmp_sc_capable(hdev) &&
d7a5a11d 6908 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 6909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6910 MGMT_STATUS_REJECTED);
ed93ec69 6911
0ab04a9c 6912 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 6913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
2f2eb0c9 6914 MGMT_STATUS_INVALID_PARAMS);
eac83dc6
MH		 6915
6916 hci_dev_lock(hdev);
6917
05b3c3e7 6918 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 6919 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 6920 bool changed;
6921
0ab04a9c 6922 if (cp->val) {
238be788
MH		 6923 changed = !hci_dev_test_and_set_flag(hdev,
6924 HCI_SC_ENABLED);
0ab04a9c 6925 if (cp->val == 0x02)
a1536da2 6926 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6927 else
a358dc11 6928 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6929 } else {
a69d8927
MH		 6930 changed = hci_dev_test_and_clear_flag(hdev,
6931 HCI_SC_ENABLED);
a358dc11 6932 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6933 }
eac83dc6
MH		 6934
6935 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6936 if (err < 0)
6937 goto failed;
6938
6939 if (changed)
6940 err = new_settings(hdev, sk);
6941
6942 goto failed;
6943 }
6944
0ab04a9c
MH		 6945 val = !!cp->val;
6946
d7a5a11d
MH		 6947 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6948 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 6949 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6950 goto failed;
6951 }
6952
2f2eb0c9
BG		 6953 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6954 if (!cmd)
eac83dc6 6955 err = -ENOMEM;
2f2eb0c9
BG		 6956 else
6957 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6958 set_secure_conn_complete);
eac83dc6 6959
eac83dc6 6960 if (err < 0) {
2f2eb0c9
BG		 6961 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6962 MGMT_STATUS_FAILED);
6963 if (cmd)
6964 mgmt_pending_free(cmd);
eac83dc6
MH		 6965 }
6966
6967failed:
6968 hci_dev_unlock(hdev);
6969 return err;
6970}
6971
4e39ac81
MH		 6972static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6973 void *data, u16 len)
6974{
6975 struct mgmt_mode *cp = data;
b9710979 6976 bool changed, use_changed;
4e39ac81
MH		 6977 int err;
6978
181d6953 6979 bt_dev_dbg(hdev, "sock %p", sk);
4e39ac81 6980
b9710979 6981 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6983 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 6984
6985 hci_dev_lock(hdev);
6986
6987 if (cp->val)
238be788 6988 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 6989 else
a69d8927
MH		 6990 changed = hci_dev_test_and_clear_flag(hdev,
6991 HCI_KEEP_DEBUG_KEYS);
4e39ac81 6992
b9710979 6993 if (cp->val == 0x02)
238be788
MH		 6994 use_changed = !hci_dev_test_and_set_flag(hdev,
6995 HCI_USE_DEBUG_KEYS);
b9710979 6996 else
a69d8927
MH		 6997 use_changed = hci_dev_test_and_clear_flag(hdev,
6998 HCI_USE_DEBUG_KEYS);
b9710979
JH		 6999
7000 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 7001 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 7002 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
7003 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
7004 sizeof(mode), &mode);
7005 }
7006
4e39ac81
MH		 7007 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7008 if (err < 0)
7009 goto unlock;
7010
7011 if (changed)
7012 err = new_settings(hdev, sk);
7013
7014unlock:
7015 hci_dev_unlock(hdev);
7016 return err;
7017}
7018
62b04cd1
JH		 7019static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7020 u16 len)
7021{
7022 struct mgmt_cp_set_privacy *cp = cp_data;
7023 bool changed;
7024 int err;
7025
181d6953 7026 bt_dev_dbg(hdev, "sock %p", sk);
62b04cd1
JH		 7027
7028 if (!lmp_le_capable(hdev))
a69e8375
JH		 7029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7030 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 7031
82a37ade 7032 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 7033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7034 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 7035
7036 if (hdev_is_powered(hdev))
a69e8375
JH		 7037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7038 MGMT_STATUS_REJECTED);
62b04cd1
JH		 7039
7040 hci_dev_lock(hdev);
7041
c21c0ea0
JH		 7042 /* If user space supports this command it is also expected to
7043 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7044 */
a1536da2 7045 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 7046
62b04cd1 7047 if (cp->privacy) {
238be788 7048 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 7049 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 7050 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 7051 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 7052 if (cp->privacy == 0x02)
7053 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7054 else
7055 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 7056 } else {
a69d8927 7057 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 7058 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 7059 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 7060 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 7061 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 7062 }
7063
7064 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7065 if (err < 0)
7066 goto unlock;
7067
7068 if (changed)
7069 err = new_settings(hdev, sk);
7070
7071unlock:
7072 hci_dev_unlock(hdev);
7073 return err;
7074}
7075
41edf160
JH		 7076static bool irk_is_valid(struct mgmt_irk_info *irk)
7077{
7078 switch (irk->addr.type) {
7079 case BDADDR_LE_PUBLIC:
7080 return true;
7081
7082 case BDADDR_LE_RANDOM:
7083 /* Two most significant bits shall be set */
7084 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7085 return false;
7086 return true;
7087 }
7088
7089 return false;
7090}
7091
7092static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7093 u16 len)
7094{
7095 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 7096 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7097 sizeof(struct mgmt_irk_info));
41edf160
JH		 7098 u16 irk_count, expected_len;
7099 int i, err;
7100
181d6953 7101 bt_dev_dbg(hdev, "sock %p", sk);
41edf160
JH		 7102
7103 if (!lmp_le_capable(hdev))
a69e8375
JH		 7104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7105 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 7106
7107 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 7108 if (irk_count > max_irk_count) {
2064ee33
MH		 7109 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7110 irk_count);
a69e8375
JH		 7111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7112 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7113 }
41edf160 7114
5bec1fb8 7115 expected_len = struct_size(cp, irks, irk_count);
41edf160 7116 if (expected_len != len) {
2064ee33
MH		 7117 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7118 expected_len, len);
a69e8375
JH		 7119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7120 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 7121 }
7122
181d6953 7123 bt_dev_dbg(hdev, "irk_count %u", irk_count);
41edf160
JH		 7124
7125 for (i = 0; i < irk_count; i++) {
7126 struct mgmt_irk_info *key = &cp->irks[i];
7127
7128 if (!irk_is_valid(key))
a69e8375
JH		 7129 return mgmt_cmd_status(sk, hdev->id,
7130 MGMT_OP_LOAD_IRKS,
7131 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 7132 }
7133
7134 hci_dev_lock(hdev);
7135
7136 hci_smp_irks_clear(hdev);
7137
7138 for (i = 0; i < irk_count; i++) {
7139 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 7140
600a8749
AM		 7141 if (hci_is_blocked_key(hdev,
7142 HCI_BLOCKED_KEY_TYPE_IRK,
7143 irk->val)) {
7144 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7145 &irk->addr.bdaddr);
7146 continue;
7147 }
7148
85813a7e
JH		 7149 hci_add_irk(hdev, &irk->addr.bdaddr,
7150 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 7151 BDADDR_ANY);
7152 }
7153
a1536da2 7154 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 7155
2a1afb5a 7156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 7157
7158 hci_dev_unlock(hdev);
7159
7160 return err;
7161}
7162
3f706b72
JH		 7163static bool ltk_is_valid(struct mgmt_ltk_info *key)
7164{
fad646e1 7165 if (key->initiator != 0x00 && key->initiator != 0x01)
3f706b72 7166 return false;
490cb0b3
MH		 7167
7168 switch (key->addr.type) {
7169 case BDADDR_LE_PUBLIC:
7170 return true;
7171
7172 case BDADDR_LE_RANDOM:
7173 /* Two most significant bits shall be set */
7174 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7175 return false;
7176 return true;
7177 }
7178
7179 return false;
3f706b72
JH		 7180}
7181
bdb6d971 7182static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 7183 void *cp_data, u16 len)
346af67b 7184{
346af67b 7185 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 7186 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7187 sizeof(struct mgmt_ltk_info));
346af67b 7188 u16 key_count, expected_len;
715a5bf2 7189 int i, err;
346af67b 7190
181d6953 7191 bt_dev_dbg(hdev, "sock %p", sk);
cf99ba13
MH		 7192
7193 if (!lmp_le_capable(hdev))
a69e8375
JH		 7194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7195 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 7196
1f350c87 7197 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 7198 if (key_count > max_key_count) {
2064ee33
MH		 7199 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
7200 key_count);
a69e8375
JH		 7201 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7202 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7203 }
346af67b 7204
5bec1fb8 7205 expected_len = struct_size(cp, keys, key_count);
346af67b 7206 if (expected_len != len) {
2064ee33
MH		 7207 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
7208 expected_len, len);
a69e8375
JH		 7209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7210 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 7211 }
7212
181d6953 7213 bt_dev_dbg(hdev, "key_count %u", key_count);
346af67b 7214
54ad6d8a
JH		 7215 for (i = 0; i < key_count; i++) {
7216 struct mgmt_ltk_info *key = &cp->keys[i];
7217
3f706b72 7218 if (!ltk_is_valid(key))
a69e8375
JH		 7219 return mgmt_cmd_status(sk, hdev->id,
7220 MGMT_OP_LOAD_LONG_TERM_KEYS,
7221 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 7222 }
7223
346af67b
VCG		 7224 hci_dev_lock(hdev);
7225
7226 hci_smp_ltks_clear(hdev);
7227
7228 for (i = 0; i < key_count; i++) {
7229 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 7230 u8 type, authenticated;
346af67b 7231
600a8749
AM		 7232 if (hci_is_blocked_key(hdev,
7233 HCI_BLOCKED_KEY_TYPE_LTK,
7234 key->val)) {
7235 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
7236 &key->addr.bdaddr);
7237 continue;
7238 }
7239
61b43357
JH		 7240 switch (key->type) {
7241 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 7242 authenticated = 0x00;
fad646e1 7243 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
61b43357
JH		 7244 break;
7245 case MGMT_LTK_AUTHENTICATED:
d7b25450 7246 authenticated = 0x01;
fad646e1 7247 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
23fb8de3
JH		 7248 break;
7249 case MGMT_LTK_P256_UNAUTH:
7250 authenticated = 0x00;
7251 type = SMP_LTK_P256;
61b43357 7252 break;
23fb8de3
JH		 7253 case MGMT_LTK_P256_AUTH:
7254 authenticated = 0x01;
7255 type = SMP_LTK_P256;
61b43357 7256 break;
23fb8de3
JH		 7257 case MGMT_LTK_P256_DEBUG:
7258 authenticated = 0x00;
7259 type = SMP_LTK_P256_DEBUG;
19186c7b 7260 fallthrough;
61b43357
JH		 7261 default:
7262 continue;
7263 }
d7b25450 7264
85813a7e
JH		 7265 hci_add_ltk(hdev, &key->addr.bdaddr,
7266 le_addr_type(key->addr.type), type, authenticated,
7267 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 7268 }
7269
2a1afb5a 7270 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 7271 NULL, 0);
7272
346af67b 7273 hci_dev_unlock(hdev);
346af67b 7274
715a5bf2 7275 return err;
346af67b
VCG		 7276}
7277
47db6b42 7278static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
dd983808 7279{
47db6b42 7280 struct mgmt_pending_cmd *cmd = data;
dd983808 7281 struct hci_conn *conn = cmd->user_data;
47db6b42 7282 struct mgmt_cp_get_conn_info *cp = cmd->param;
9981bdb0 7283 struct mgmt_rp_get_conn_info rp;
47db6b42 7284 u8 status;
dd983808 7285
47db6b42
BG		 7286 bt_dev_dbg(hdev, "err %d", err);
7287
7288 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr));
dd983808 7289
47db6b42 7290 status = mgmt_status(err);
9981bdb0 7291 if (status == MGMT_STATUS_SUCCESS) {
dd983808 7292 rp.rssi = conn->rssi;
9981bdb0
JH		 7293 rp.tx_power = conn->tx_power;
7294 rp.max_tx_power = conn->max_tx_power;
7295 } else {
7296 rp.rssi = HCI_RSSI_INVALID;
7297 rp.tx_power = HCI_TX_POWER_INVALID;
7298 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 7299 }
7300
47db6b42
BG		 7301 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7302 &rp, sizeof(rp));
dd983808 7303
47db6b42 7304 mgmt_pending_free(cmd);
dd983808
AK		 7305}
7306
47db6b42 7307static int get_conn_info_sync(struct hci_dev *hdev, void *data)
dd983808 7308{
47db6b42
BG		 7309 struct mgmt_pending_cmd *cmd = data;
7310 struct mgmt_cp_get_conn_info *cp = cmd->param;
dd983808 7311 struct hci_conn *conn;
47db6b42
BG		 7312 int err;
7313 __le16 handle;
dd983808 7314
47db6b42
BG		 7315 /* Make sure we are still connected */
7316 if (cp->addr.type == BDADDR_BREDR)
7317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7318 &cp->addr.bdaddr);
7319 else
7320 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
dd983808 7321
7b445e22 7322 if (!conn || conn->state != BT_CONNECTED)
47db6b42 7323 return MGMT_STATUS_NOT_CONNECTED;
dd983808 7324
7b445e22 7325 cmd->user_data = conn;
47db6b42 7326 handle = cpu_to_le16(conn->handle);
dd983808 7327
47db6b42
BG		 7328 /* Refresh RSSI each time */
7329 err = hci_read_rssi_sync(hdev, handle);
dd983808 7330
47db6b42
BG		 7331 /* For LE links TX power does not change thus we don't need to
7332 * query for it once value is known.
7333 */
7334 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
7335 conn->tx_power == HCI_TX_POWER_INVALID))
7336 err = hci_read_tx_power_sync(hdev, handle, 0x00);
dd983808 7337
47db6b42
BG		 7338 /* Max TX power needs to be read only once per connection */
7339 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
7340 err = hci_read_tx_power_sync(hdev, handle, 0x01);
dd983808 7341
47db6b42 7342 return err;
dd983808
AK		 7343}
7344
7345static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7346 u16 len)
7347{
7348 struct mgmt_cp_get_conn_info *cp = data;
7349 struct mgmt_rp_get_conn_info rp;
7350 struct hci_conn *conn;
7351 unsigned long conn_info_age;
7352 int err = 0;
7353
181d6953 7354 bt_dev_dbg(hdev, "sock %p", sk);
dd983808
AK		 7355
7356 memset(&rp, 0, sizeof(rp));
7357 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7358 rp.addr.type = cp->addr.type;
7359
7360 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 7361 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7362 MGMT_STATUS_INVALID_PARAMS,
7363 &rp, sizeof(rp));
dd983808
AK		 7364
7365 hci_dev_lock(hdev);
7366
7367 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 7368 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7369 MGMT_STATUS_NOT_POWERED, &rp,
7370 sizeof(rp));
dd983808
AK		 7371 goto unlock;
7372 }
7373
7374 if (cp->addr.type == BDADDR_BREDR)
7375 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7376 &cp->addr.bdaddr);
7377 else
7378 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7379
7380 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 7381 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7382 MGMT_STATUS_NOT_CONNECTED, &rp,
7383 sizeof(rp));
dd983808
AK		 7384 goto unlock;
7385 }
7386
7387 /* To avoid client trying to guess when to poll again for information we
7388 * calculate conn info age as random value between min/max set in hdev.
7389 */
e8a533cb
JD		 7390 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age,
7391 hdev->conn_info_max_age - 1);
dd983808
AK		 7392
7393 /* Query controller to refresh cached values if they are too old or were
7394 * never read.
7395 */
f4e2dd53
AK		 7396 if (time_after(jiffies, conn->conn_info_timestamp +
7397 msecs_to_jiffies(conn_info_age)) ||
dd983808 7398 !conn->conn_info_timestamp) {
3b0602cd 7399 struct mgmt_pending_cmd *cmd;
dd983808 7400
47db6b42
BG		 7401 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
7402 len);
d7b2fdfb 7403 if (!cmd) {
47db6b42 7404 err = -ENOMEM;
d7b2fdfb 7405 } else {
47db6b42
BG		 7406 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
7407 cmd, get_conn_info_complete);
d7b2fdfb 7408 }
dd983808 7409
47db6b42
BG		 7410 if (err < 0) {
7411 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7412 MGMT_STATUS_FAILED, &rp, sizeof(rp));
eed5daf3 7413
47db6b42
BG		 7414 if (cmd)
7415 mgmt_pending_free(cmd);
dd983808 7416
dd983808
AK		 7417 goto unlock;
7418 }
7419
dd983808
AK		 7420 conn->conn_info_timestamp = jiffies;
7421 } else {
7422 /* Cache is valid, just reply with values cached in hci_conn */
7423 rp.rssi = conn->rssi;
7424 rp.tx_power = conn->tx_power;
eed5daf3 7425 rp.max_tx_power = conn->max_tx_power;
dd983808 7426
2a1afb5a
JH		 7427 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7428 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 7429 }
7430
7431unlock:
7432 hci_dev_unlock(hdev);
7433 return err;
7434}
7435
5a750137 7436static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
95868426 7437{
5a750137
BG		 7438 struct mgmt_pending_cmd *cmd = data;
7439 struct mgmt_cp_get_clock_info *cp = cmd->param;
95868426 7440 struct mgmt_rp_get_clock_info rp;
5a750137
BG		 7441 struct hci_conn *conn = cmd->user_data;
7442 u8 status = mgmt_status(err);
7443
7444 bt_dev_dbg(hdev, "err %d", err);
69487371
JH		 7445
7446 memset(&rp, 0, sizeof(rp));
5a750137
BG		 7447 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7448 rp.addr.type = cp->addr.type;
69487371 7449
5a750137 7450 if (err)
69487371
JH		 7451 goto complete;
7452
5a750137 7453 rp.local_clock = cpu_to_le32(hdev->clock);
69487371
JH		 7454
7455 if (conn) {
7456 rp.piconet_clock = cpu_to_le32(conn->clock);
7457 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
69487371 7458 }
9df74653 7459
5a750137
BG		 7460complete:
7461 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7462 sizeof(rp));
7463
7464 mgmt_pending_free(cmd);
69487371
JH		 7465}
7466
5a750137 7467static int get_clock_info_sync(struct hci_dev *hdev, void *data)
69487371 7468{
5a750137
BG		 7469 struct mgmt_pending_cmd *cmd = data;
7470 struct mgmt_cp_get_clock_info *cp = cmd->param;
7471 struct hci_cp_read_clock hci_cp;
7b445e22 7472 struct hci_conn *conn;
95868426 7473
5a750137 7474 memset(&hci_cp, 0, sizeof(hci_cp));
7b445e22 7475 hci_read_clock_sync(hdev, &hci_cp);
95868426 7476
7b445e22
LAD		 7477 /* Make sure connection still exists */
7478 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
7479 if (!conn || conn->state != BT_CONNECTED)
7480 return MGMT_STATUS_NOT_CONNECTED;
95868426 7481
7b445e22
LAD		 7482 cmd->user_data = conn;
7483 hci_cp.handle = cpu_to_le16(conn->handle);
7484 hci_cp.which = 0x01; /* Piconet clock */
95868426 7485
7b445e22 7486 return hci_read_clock_sync(hdev, &hci_cp);
95868426
JH		 7487}
7488
7489static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5a750137 7490 u16 len)
95868426
JH		 7491{
7492 struct mgmt_cp_get_clock_info *cp = data;
7493 struct mgmt_rp_get_clock_info rp;
3b0602cd 7494 struct mgmt_pending_cmd *cmd;
95868426
JH		 7495 struct hci_conn *conn;
7496 int err;
7497
181d6953 7498 bt_dev_dbg(hdev, "sock %p", sk);
95868426
JH		 7499
7500 memset(&rp, 0, sizeof(rp));
7501 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7502 rp.addr.type = cp->addr.type;
7503
7504 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 7505 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7506 MGMT_STATUS_INVALID_PARAMS,
7507 &rp, sizeof(rp));
95868426
JH		 7508
7509 hci_dev_lock(hdev);
7510
7511 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 7512 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7513 MGMT_STATUS_NOT_POWERED, &rp,
7514 sizeof(rp));
95868426
JH		 7515 goto unlock;
7516 }
7517
7518 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7520 &cp->addr.bdaddr);
7521 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 7522 err = mgmt_cmd_complete(sk, hdev->id,
7523 MGMT_OP_GET_CLOCK_INFO,
7524 MGMT_STATUS_NOT_CONNECTED,
7525 &rp, sizeof(rp));
95868426
JH		 7526 goto unlock;
7527 }
7528 } else {
7529 conn = NULL;
7530 }
7531
5a750137
BG		 7532 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7533 if (!cmd)
95868426 7534 err = -ENOMEM;
5a750137
BG		 7535 else
7536 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
7537 get_clock_info_complete);
69487371 7538
5a750137
BG		 7539 if (err < 0) {
7540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7541 MGMT_STATUS_FAILED, &rp, sizeof(rp));
95868426 7542
5a750137
BG		 7543 if (cmd)
7544 mgmt_pending_free(cmd);
95868426
JH		 7545 }
7546
95868426
JH		 7547
7548unlock:
7549 hci_dev_unlock(hdev);
7550 return err;
7551}
7552
5a154e6f
JH		 7553static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7554{
7555 struct hci_conn *conn;
7556
7557 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7558 if (!conn)
7559 return false;
7560
7561 if (conn->dst_type != type)
7562 return false;
7563
7564 if (conn->state != BT_CONNECTED)
7565 return false;
7566
7567 return true;
7568}
7569
7570/* This function requires the caller holds hdev->lock */
51d7a94d 7571static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 7572 u8 addr_type, u8 auto_connect)
7573{
5a154e6f
JH		 7574 struct hci_conn_params *params;
7575
7576 params = hci_conn_params_add(hdev, addr, addr_type);
7577 if (!params)
7578 return -EIO;
7579
7580 if (params->auto_connect == auto_connect)
7581 return 0;
7582
7583 list_del_init(&params->action);
7584
7585 switch (auto_connect) {
7586 case HCI_AUTO_CONN_DISABLED:
7587 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 7588 /* If auto connect is being disabled when we're trying to
7589 * connect to device, keep connecting.
7590 */
7591 if (params->explicit_connect)
7592 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 7593 break;
7594 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 7595 if (params->explicit_connect)
7596 list_add(&params->action, &hdev->pend_le_conns);
7597 else
7598 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 7599 break;
7600 case HCI_AUTO_CONN_DIRECT:
7601 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 7602 if (!is_connected(hdev, addr, addr_type))
5a154e6f 7603 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 7604 break;
7605 }
7606
7607 params->auto_connect = auto_connect;
7608
181d6953
MH		 7609 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
7610 addr, addr_type, auto_connect);
5a154e6f
JH		 7611
7612 return 0;
7613}
7614
8afef092
MH		 7615static void device_added(struct sock *sk, struct hci_dev *hdev,
7616 bdaddr_t *bdaddr, u8 type, u8 action)
7617{
7618 struct mgmt_ev_device_added ev;
7619
7620 bacpy(&ev.addr.bdaddr, bdaddr);
7621 ev.addr.type = type;
7622 ev.action = action;
7623
7624 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7625}
7626
e8907f76
LAD		 7627static int add_device_sync(struct hci_dev *hdev, void *data)
7628{
7629 return hci_update_passive_scan_sync(hdev);
7630}
7631
2faade53
MH		 7632static int add_device(struct sock *sk, struct hci_dev *hdev,
7633 void *data, u16 len)
7634{
7635 struct mgmt_cp_add_device *cp = data;
7636 u8 auto_conn, addr_type;
4c54bf2b 7637 struct hci_conn_params *params;
2faade53 7638 int err;
4c54bf2b 7639 u32 current_flags = 0;
fe92ee64 7640 u32 supported_flags;
2faade53 7641
181d6953 7642 bt_dev_dbg(hdev, "sock %p", sk);
2faade53 7643
6659358e 7644 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 7645 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 7646 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7647 MGMT_STATUS_INVALID_PARAMS,
7648 &cp->addr, sizeof(cp->addr));
2faade53 7649
4b9e7e75 7650 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 7651 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7652 MGMT_STATUS_INVALID_PARAMS,
7653 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7654
7655 hci_dev_lock(hdev);
7656
6659358e 7657 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 7658 /* Only incoming connections action is supported for now */
6659358e 7659 if (cp->action != 0x01) {
51d7a94d
JH		 7660 err = mgmt_cmd_complete(sk, hdev->id,
7661 MGMT_OP_ADD_DEVICE,
7662 MGMT_STATUS_INVALID_PARAMS,
7663 &cp->addr, sizeof(cp->addr));
6659358e
JH		 7664 goto unlock;
7665 }
7666
3d4f9c00 7667 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
8baaa403
APS		 7668 &cp->addr.bdaddr,
7669 cp->addr.type, 0);
6659358e
JH		 7670 if (err)
7671 goto unlock;
a397407f 7672
bb876725 7673 hci_update_scan(hdev);
a397407f 7674
6659358e
JH		 7675 goto added;
7676 }
7677
85813a7e 7678 addr_type = le_addr_type(cp->addr.type);
2faade53 7679
4b9e7e75 7680 if (cp->action == 0x02)
2faade53 7681 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 7682 else if (cp->action == 0x01)
7683 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 7684 else
a3451d27 7685 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 7686
9a0a8a8e
JP		 7687 /* Kernel internally uses conn_params with resolvable private
7688 * address, but Add Device allows only identity addresses.
7689 * Make sure it is enforced before calling
7690 * hci_conn_params_lookup.
7691 */
7692 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7694 MGMT_STATUS_INVALID_PARAMS,
7695 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7696 goto unlock;
7697 }
7698
bf5b3c8b
MH		 7699 /* If the connection parameters don't exist for this device,
7700 * they will be created and configured with defaults.
7701 */
51d7a94d 7702 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 7703 auto_conn) < 0) {
51d7a94d
JH		 7704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7705 MGMT_STATUS_FAILED, &cp->addr,
7706 sizeof(cp->addr));
2faade53 7707 goto unlock;
4c54bf2b
APS		 7708 } else {
7709 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7710 addr_type);
7711 if (params)
e1cff700 7712 current_flags = params->flags;
2faade53
MH		 7713 }
7714
e8907f76
LAD		 7715 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7716 if (err < 0)
7717 goto unlock;
51d7a94d 7718
6659358e 7719added:
8afef092 7720 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
e1cff700 7721 supported_flags = hdev->conn_flags;
4c54bf2b 7722 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
fe92ee64 7723 supported_flags, current_flags);
8afef092 7724
51d7a94d
JH		 7725 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7726 MGMT_STATUS_SUCCESS, &cp->addr,
7727 sizeof(cp->addr));
2faade53
MH		 7728
7729unlock:
7730 hci_dev_unlock(hdev);
7731 return err;
7732}
7733
8afef092
MH		 7734static void device_removed(struct sock *sk, struct hci_dev *hdev,
7735 bdaddr_t *bdaddr, u8 type)
7736{
7737 struct mgmt_ev_device_removed ev;
7738
7739 bacpy(&ev.addr.bdaddr, bdaddr);
7740 ev.addr.type = type;
7741
7742 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7743}
7744
e8907f76
LAD		 7745static int remove_device_sync(struct hci_dev *hdev, void *data)
7746{
7747 return hci_update_passive_scan_sync(hdev);
7748}
7749
2faade53
MH		 7750static int remove_device(struct sock *sk, struct hci_dev *hdev,
7751 void *data, u16 len)
7752{
7753 struct mgmt_cp_remove_device *cp = data;
7754 int err;
7755
181d6953 7756 bt_dev_dbg(hdev, "sock %p", sk);
2faade53
MH		 7757
7758 hci_dev_lock(hdev);
7759
7760 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 7761 struct hci_conn_params *params;
2faade53
MH		 7762 u8 addr_type;
7763
6659358e 7764 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 7765 err = mgmt_cmd_complete(sk, hdev->id,
7766 MGMT_OP_REMOVE_DEVICE,
7767 MGMT_STATUS_INVALID_PARAMS,
7768 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7769 goto unlock;
7770 }
7771
6659358e 7772 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 7773 err = hci_bdaddr_list_del(&hdev->accept_list,
6659358e
JH		 7774 &cp->addr.bdaddr,
7775 cp->addr.type);
7776 if (err) {
51d7a94d
JH		 7777 err = mgmt_cmd_complete(sk, hdev->id,
7778 MGMT_OP_REMOVE_DEVICE,
7779 MGMT_STATUS_INVALID_PARAMS,
7780 &cp->addr,
7781 sizeof(cp->addr));
6659358e
JH		 7782 goto unlock;
7783 }
7784
bb876725 7785 hci_update_scan(hdev);
a397407f 7786
6659358e
JH		 7787 device_removed(sk, hdev, &cp->addr.bdaddr,
7788 cp->addr.type);
7789 goto complete;
7790 }
7791
85813a7e 7792 addr_type = le_addr_type(cp->addr.type);
2faade53 7793
9a0a8a8e
JP		 7794 /* Kernel internally uses conn_params with resolvable private
7795 * address, but Remove Device allows only identity addresses.
7796 * Make sure it is enforced before calling
7797 * hci_conn_params_lookup.
7798 */
7799 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7800 err = mgmt_cmd_complete(sk, hdev->id,
7801 MGMT_OP_REMOVE_DEVICE,
7802 MGMT_STATUS_INVALID_PARAMS,
7803 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7804 goto unlock;
7805 }
7806
c71593dd
JH		 7807 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7808 addr_type);
7809 if (!params) {
51d7a94d
JH		 7810 err = mgmt_cmd_complete(sk, hdev->id,
7811 MGMT_OP_REMOVE_DEVICE,
7812 MGMT_STATUS_INVALID_PARAMS,
7813 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7814 goto unlock;
7815 }
7816
679d2b6f
JH		 7817 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7818 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 7819 err = mgmt_cmd_complete(sk, hdev->id,
7820 MGMT_OP_REMOVE_DEVICE,
7821 MGMT_STATUS_INVALID_PARAMS,
7822 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7823 goto unlock;
7824 }
7825
d1dbf12e 7826 list_del(&params->action);
c71593dd
JH		 7827 list_del(&params->list);
7828 kfree(params);
8afef092
MH		 7829
7830 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 7831 } else {
19de0825 7832 struct hci_conn_params *p, *tmp;
6659358e 7833 struct bdaddr_list *b, *btmp;
19de0825 7834
2faade53 7835 if (cp->addr.type) {
51d7a94d
JH		 7836 err = mgmt_cmd_complete(sk, hdev->id,
7837 MGMT_OP_REMOVE_DEVICE,
7838 MGMT_STATUS_INVALID_PARAMS,
7839 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7840 goto unlock;
7841 }
7842
3d4f9c00 7843 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6659358e
JH		 7844 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7845 list_del(&b->list);
7846 kfree(b);
7847 }
7848
bb876725 7849 hci_update_scan(hdev);
a397407f 7850
19de0825
JH		 7851 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7852 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7853 continue;
7854 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 7855 if (p->explicit_connect) {
7856 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7857 continue;
7858 }
19de0825
JH		 7859 list_del(&p->action);
7860 list_del(&p->list);
7861 kfree(p);
7862 }
7863
181d6953 7864 bt_dev_dbg(hdev, "All LE connection parameters were removed");
2faade53
MH		 7865 }
7866
e8907f76
LAD		 7867 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7868
6659358e 7869complete:
51d7a94d
JH		 7870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7871 MGMT_STATUS_SUCCESS, &cp->addr,
7872 sizeof(cp->addr));
2faade53
MH		 7873unlock:
7874 hci_dev_unlock(hdev);
7875 return err;
7876}
7877
a26f3dcf
JH		 7878static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7879 u16 len)
7880{
7881 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 7882 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7883 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 7884 u16 param_count, expected_len;
7885 int i;
7886
7887 if (!lmp_le_capable(hdev))
a69e8375
JH		 7888 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7889 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 7890
7891 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 7892 if (param_count > max_param_count) {
2064ee33
MH		 7893 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7894 param_count);
a69e8375
JH		 7895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7896 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7897 }
a26f3dcf 7898
5bec1fb8 7899 expected_len = struct_size(cp, params, param_count);
a26f3dcf 7900 if (expected_len != len) {
2064ee33
MH		 7901 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7902 expected_len, len);
a69e8375
JH		 7903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7904 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 7905 }
7906
181d6953 7907 bt_dev_dbg(hdev, "param_count %u", param_count);
a26f3dcf
JH		 7908
7909 hci_dev_lock(hdev);
7910
7911 hci_conn_params_clear_disabled(hdev);
7912
7913 for (i = 0; i < param_count; i++) {
7914 struct mgmt_conn_param *param = &cp->params[i];
7915 struct hci_conn_params *hci_param;
7916 u16 min, max, latency, timeout;
7917 u8 addr_type;
7918
181d6953
MH		 7919 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
7920 param->addr.type);
a26f3dcf
JH		 7921
7922 if (param->addr.type == BDADDR_LE_PUBLIC) {
7923 addr_type = ADDR_LE_DEV_PUBLIC;
7924 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7925 addr_type = ADDR_LE_DEV_RANDOM;
7926 } else {
2064ee33 7927 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7928 continue;
7929 }
7930
7931 min = le16_to_cpu(param->min_interval);
7932 max = le16_to_cpu(param->max_interval);
7933 latency = le16_to_cpu(param->latency);
7934 timeout = le16_to_cpu(param->timeout);
7935
181d6953
MH		 7936 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7937 min, max, latency, timeout);
a26f3dcf
JH		 7938
7939 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 7940 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7941 continue;
7942 }
7943
7944 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7945 addr_type);
7946 if (!hci_param) {
2064ee33 7947 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 7948 continue;
7949 }
7950
7951 hci_param->conn_min_interval = min;
7952 hci_param->conn_max_interval = max;
7953 hci_param->conn_latency = latency;
7954 hci_param->supervision_timeout = timeout;
7955 }
7956
7957 hci_dev_unlock(hdev);
7958
2a1afb5a
JH		 7959 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7960 NULL, 0);
a26f3dcf
JH		 7961}
7962
dbece37a
MH		 7963static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7964 void *data, u16 len)
7965{
7966 struct mgmt_cp_set_external_config *cp = data;
7967 bool changed;
7968 int err;
7969
181d6953 7970 bt_dev_dbg(hdev, "sock %p", sk);
dbece37a
MH		 7971
7972 if (hdev_is_powered(hdev))
a69e8375
JH		 7973 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7974 MGMT_STATUS_REJECTED);
dbece37a
MH		 7975
7976 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 7977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7978 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 7979
7980 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 7981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7982 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 7983
7984 hci_dev_lock(hdev);
7985
7986 if (cp->config)
238be788 7987 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 7988 else
a69d8927 7989 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 7990
7991 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7992 if (err < 0)
7993 goto unlock;
7994
7995 if (!changed)
7996 goto unlock;
7997
f4537c04
MH		 7998 err = new_options(hdev, sk);
7999
d7a5a11d 8000 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 8001 mgmt_index_removed(hdev);
d603b76b 8002
516018a9 8003 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 8004 hci_dev_set_flag(hdev, HCI_CONFIG);
8005 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 8006
8007 queue_work(hdev->req_workqueue, &hdev->power_on);
8008 } else {
5ea234d3 8009 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 8010 mgmt_index_added(hdev);
8011 }
dbece37a
MH		 8012 }
8013
8014unlock:
8015 hci_dev_unlock(hdev);
8016 return err;
8017}
8018
9713c17b
MH		 8019static int set_public_address(struct sock *sk, struct hci_dev *hdev,
8020 void *data, u16 len)
8021{
8022 struct mgmt_cp_set_public_address *cp = data;
8023 bool changed;
8024 int err;
8025
181d6953 8026 bt_dev_dbg(hdev, "sock %p", sk);
9713c17b
MH		 8027
8028 if (hdev_is_powered(hdev))
a69e8375
JH		 8029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8030 MGMT_STATUS_REJECTED);
9713c17b
MH		 8031
8032 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 8033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8034 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 8035
8036 if (!hdev->set_bdaddr)
a69e8375
JH		 8037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8038 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 8039
8040 hci_dev_lock(hdev);
8041
8042 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
8043 bacpy(&hdev->public_addr, &cp->bdaddr);
8044
8045 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
8046 if (err < 0)
8047 goto unlock;
8048
8049 if (!changed)
8050 goto unlock;
8051
d7a5a11d 8052 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 8053 err = new_options(hdev, sk);
8054
8055 if (is_configured(hdev)) {
8056 mgmt_index_removed(hdev);
8057
a358dc11 8058 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 8059
a1536da2
MH		 8060 hci_dev_set_flag(hdev, HCI_CONFIG);
8061 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 8062
8063 queue_work(hdev->req_workqueue, &hdev->power_on);
8064 }
8065
8066unlock:
8067 hci_dev_unlock(hdev);
8068 return err;
8069}
8070
177e77a3
BG		 8071static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
8072 int err)
40f66c05
JH		 8073{
8074 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
8075 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
8076 u8 *h192, *r192, *h256, *r256;
177e77a3
BG		 8077 struct mgmt_pending_cmd *cmd = data;
8078 struct sk_buff *skb = cmd->skb;
8079 u8 status = mgmt_status(err);
40f66c05 8080 u16 eir_len;
40f66c05 8081
275f3f64
BG		 8082 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
8083 return;
8084
177e77a3
BG		 8085 if (!status) {
8086 if (!skb)
8087 status = MGMT_STATUS_FAILED;
8088 else if (IS_ERR(skb))
8089 status = mgmt_status(PTR_ERR(skb));
8090 else
8091 status = mgmt_status(skb->data[0]);
8092 }
40f66c05 8093
177e77a3 8094 bt_dev_dbg(hdev, "status %u", status);
40f66c05
JH		 8095
8096 mgmt_cp = cmd->param;
8097
8098 if (status) {
8099 status = mgmt_status(status);
8100 eir_len = 0;
8101
8102 h192 = NULL;
8103 r192 = NULL;
8104 h256 = NULL;
8105 r256 = NULL;
177e77a3 8106 } else if (!bredr_sc_enabled(hdev)) {
40f66c05
JH		 8107 struct hci_rp_read_local_oob_data *rp;
8108
8109 if (skb->len != sizeof(*rp)) {
8110 status = MGMT_STATUS_FAILED;
8111 eir_len = 0;
8112 } else {
8113 status = MGMT_STATUS_SUCCESS;
8114 rp = (void *)skb->data;
8115
8116 eir_len = 5 + 18 + 18;
8117 h192 = rp->hash;
8118 r192 = rp->rand;
8119 h256 = NULL;
8120 r256 = NULL;
8121 }
8122 } else {
8123 struct hci_rp_read_local_oob_ext_data *rp;
8124
8125 if (skb->len != sizeof(*rp)) {
8126 status = MGMT_STATUS_FAILED;
8127 eir_len = 0;
8128 } else {
8129 status = MGMT_STATUS_SUCCESS;
8130 rp = (void *)skb->data;
8131
8132 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
8133 eir_len = 5 + 18 + 18;
8134 h192 = NULL;
8135 r192 = NULL;
8136 } else {
8137 eir_len = 5 + 18 + 18 + 18 + 18;
8138 h192 = rp->hash192;
8139 r192 = rp->rand192;
8140 }
8141
8142 h256 = rp->hash256;
8143 r256 = rp->rand256;
8144 }
8145 }
8146
8147 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
8148 if (!mgmt_rp)
8149 goto done;
8150
a31e5a41 8151 if (eir_len == 0)
40f66c05
JH		 8152 goto send_rsp;
8153
8154 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
8155 hdev->dev_class, 3);
8156
8157 if (h192 && r192) {
8158 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8159 EIR_SSP_HASH_C192, h192, 16);
8160 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8161 EIR_SSP_RAND_R192, r192, 16);
8162 }
8163
8164 if (h256 && r256) {
8165 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8166 EIR_SSP_HASH_C256, h256, 16);
8167 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8168 EIR_SSP_RAND_R256, r256, 16);
8169 }
8170
8171send_rsp:
8172 mgmt_rp->type = mgmt_cp->type;
8173 mgmt_rp->eir_len = cpu_to_le16(eir_len);
8174
8175 err = mgmt_cmd_complete(cmd->sk, hdev->id,
8176 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
8177 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
8178 if (err < 0 || status)
8179 goto done;
8180
8181 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
8182
8183 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8184 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
8185 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
8186done:
177e77a3
BG		 8187 if (skb && !IS_ERR(skb))
8188 kfree_skb(skb);
8189
40f66c05
JH		 8190 kfree(mgmt_rp);
8191 mgmt_pending_remove(cmd);
8192}
8193
8194static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
8195 struct mgmt_cp_read_local_oob_ext_data *cp)
8196{
8197 struct mgmt_pending_cmd *cmd;
40f66c05
JH		 8198 int err;
8199
8200 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
8201 cp, sizeof(*cp));
8202 if (!cmd)
8203 return -ENOMEM;
8204
177e77a3
BG		 8205 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
8206 read_local_oob_ext_data_complete);
40f66c05 8207
40f66c05
JH		 8208 if (err < 0) {
8209 mgmt_pending_remove(cmd);
8210 return err;
8211 }
8212
8213 return 0;
8214}
8215
4f0f155c
MH		 8216static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
8217 void *data, u16 data_len)
8218{
8219 struct mgmt_cp_read_local_oob_ext_data *cp = data;
8220 struct mgmt_rp_read_local_oob_ext_data *rp;
8221 size_t rp_len;
8222 u16 eir_len;
0821a2c5 8223 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 8224 int err;
8225
181d6953 8226 bt_dev_dbg(hdev, "sock %p", sk);
4f0f155c 8227
57b0d3e8
MH		 8228 if (hdev_is_powered(hdev)) {
8229 switch (cp->type) {
8230 case BIT(BDADDR_BREDR):
8231 status = mgmt_bredr_support(hdev);
8232 if (status)
8233 eir_len = 0;
8234 else
8235 eir_len = 5;
8236 break;
8237 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
8238 status = mgmt_le_support(hdev);
8239 if (status)
8240 eir_len = 0;
8241 else
8242 eir_len = 9 + 3 + 18 + 18 + 3;
8243 break;
8244 default:
8245 status = MGMT_STATUS_INVALID_PARAMS;
8246 eir_len = 0;
8247 break;
8248 }
8249 } else {
8250 status = MGMT_STATUS_NOT_POWERED;
8251 eir_len = 0;
4f0f155c
MH		 8252 }
8253
4f0f155c
MH		 8254 rp_len = sizeof(*rp) + eir_len;
8255 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 8256 if (!rp)
4f0f155c 8257 return -ENOMEM;
efcd8c98 8258
81218cbe
BG		 8259 if (!status && !lmp_ssp_capable(hdev)) {
8260 status = MGMT_STATUS_NOT_SUPPORTED;
8261 eir_len = 0;
8262 }
8263
57b0d3e8
MH		 8264 if (status)
8265 goto complete;
8266
efcd8c98 8267 hci_dev_lock(hdev);
4f0f155c
MH		 8268
8269 eir_len = 0;
8270 switch (cp->type) {
8271 case BIT(BDADDR_BREDR):
40f66c05
JH		 8272 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8273 err = read_local_ssp_oob_req(hdev, sk, cp);
8274 hci_dev_unlock(hdev);
8275 if (!err)
8276 goto done;
8277
8278 status = MGMT_STATUS_FAILED;
8279 goto complete;
8280 } else {
8281 eir_len = eir_append_data(rp->eir, eir_len,
8282 EIR_CLASS_OF_DEV,
8283 hdev->dev_class, 3);
8284 }
4f0f155c
MH		 8285 break;
8286 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 8287 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
8288 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 8289 hci_dev_unlock(hdev);
57b0d3e8
MH		 8290 status = MGMT_STATUS_FAILED;
8291 goto complete;
0821a2c5
MH		 8292 }
8293
e213568a
MH		 8294 /* This should return the active RPA, but since the RPA
8295 * is only programmed on demand, it is really hard to fill
8296 * this in at the moment. For now disallow retrieving
8297 * local out-of-band data when privacy is in use.
8298 *
8299 * Returning the identity address will not help here since
8300 * pairing happens before the identity resolving key is
8301 * known and thus the connection establishment happens
8302 * based on the RPA and not the identity address.
8303 */
4f0f155c 8304 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 8305 hci_dev_unlock(hdev);
8306 status = MGMT_STATUS_REJECTED;
8307 goto complete;
8308 }
8309
8310 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
8311 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
8312 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
8313 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 8314 memcpy(addr, &hdev->static_addr, 6);
8315 addr[6] = 0x01;
8316 } else {
8317 memcpy(addr, &hdev->bdaddr, 6);
8318 addr[6] = 0x00;
8319 }
8320
8321 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
8322 addr, sizeof(addr));
8323
8324 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
8325 role = 0x02;
8326 else
8327 role = 0x01;
8328
8329 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
8330 &role, sizeof(role));
8331
5082a599
MH		 8332 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
8333 eir_len = eir_append_data(rp->eir, eir_len,
8334 EIR_LE_SC_CONFIRM,
8335 hash, sizeof(hash));
0821a2c5 8336
5082a599
MH		 8337 eir_len = eir_append_data(rp->eir, eir_len,
8338 EIR_LE_SC_RANDOM,
8339 rand, sizeof(rand));
8340 }
0821a2c5 8341
f2252570 8342 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 8343
8344 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
8345 flags |= LE_AD_NO_BREDR;
8346
8347 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
8348 &flags, sizeof(flags));
8349 break;
8350 }
8351
4f0f155c
MH		 8352 hci_dev_unlock(hdev);
8353
72000df2
MH		 8354 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
8355
57b0d3e8
MH		 8356 status = MGMT_STATUS_SUCCESS;
8357
8358complete:
efcd8c98
MH		 8359 rp->type = cp->type;
8360 rp->eir_len = cpu_to_le16(eir_len);
8361
4f0f155c 8362 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 8363 status, rp, sizeof(*rp) + eir_len);
8364 if (err < 0 || status)
72000df2
MH		 8365 goto done;
8366
8367 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8368 rp, sizeof(*rp) + eir_len,
8369 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 8370
0821a2c5 8371done:
4f0f155c
MH		 8372 kfree(rp);
8373
8374 return err;
8375}
8376
089fa8c0
AU		 8377static u32 get_supported_adv_flags(struct hci_dev *hdev)
8378{
8379 u32 flags = 0;
8380
8381 flags |= MGMT_ADV_FLAG_CONNECTABLE;
8382 flags |= MGMT_ADV_FLAG_DISCOV;
8383 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
8384 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 8385 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 8386 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
12410572
DW		 8387 flags |= MGMT_ADV_PARAM_DURATION;
8388 flags |= MGMT_ADV_PARAM_TIMEOUT;
8389 flags |= MGMT_ADV_PARAM_INTERVALS;
8390 flags |= MGMT_ADV_PARAM_TX_POWER;
ff02db13 8391 flags |= MGMT_ADV_PARAM_SCAN_RSP;
089fa8c0 8392
de181e88
JK		 8393 /* In extended adv TX_POWER returned from Set Adv Param
8394 * will be always valid.
8395 */
b338d917 8396 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
089fa8c0
AU		 8397 flags |= MGMT_ADV_FLAG_TX_POWER;
8398
85a721a8
JK		 8399 if (ext_adv_capable(hdev)) {
8400 flags |= MGMT_ADV_FLAG_SEC_1M;
d5ea32da
DW		 8401 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
8402 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
85a721a8 8403
288c9022 8404 if (le_2m_capable(hdev))
85a721a8
JK		 8405 flags |= MGMT_ADV_FLAG_SEC_2M;
8406
288c9022 8407 if (le_coded_capable(hdev))
85a721a8
JK		 8408 flags |= MGMT_ADV_FLAG_SEC_CODED;
8409 }
8410
089fa8c0
AU		 8411 return flags;
8412}
8413
d3d5305b
MH		 8414static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
8415 void *data, u16 data_len)
8416{
8417 struct mgmt_rp_read_adv_features *rp;
8418 size_t rp_len;
02c04afe 8419 int err;
286e0c83 8420 struct adv_info *adv_instance;
089fa8c0 8421 u32 supported_flags;
02c04afe 8422 u8 *instance;
d3d5305b 8423
181d6953 8424 bt_dev_dbg(hdev, "sock %p", sk);
d3d5305b 8425
089fa8c0
AU		 8426 if (!lmp_le_capable(hdev))
8427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8428 MGMT_STATUS_REJECTED);
8429
d3d5305b
MH		 8430 hci_dev_lock(hdev);
8431
02c04afe 8432 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 8433 rp = kmalloc(rp_len, GFP_ATOMIC);
8434 if (!rp) {
8435 hci_dev_unlock(hdev);
8436 return -ENOMEM;
8437 }
8438
089fa8c0
AU		 8439 supported_flags = get_supported_adv_flags(hdev);
8440
8441 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 8442 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
8443 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
87597482 8444 rp->max_instances = hdev->le_num_of_adv_sets;
02c04afe 8445 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 8446
02c04afe
JH		 8447 instance = rp->instance;
8448 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
b338d917
BG		 8449 /* Only instances 1-le_num_of_adv_sets are externally visible */
8450 if (adv_instance->instance <= hdev->adv_instance_cnt) {
8451 *instance = adv_instance->instance;
8452 instance++;
8453 } else {
8454 rp->num_instances--;
8455 rp_len--;
8456 }
24b4f38f 8457 }
d3d5305b
MH		 8458
8459 hci_dev_unlock(hdev);
8460
8461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8462 MGMT_STATUS_SUCCESS, rp, rp_len);
8463
8464 kfree(rp);
8465
8466 return err;
8467}
8468
f61851f6
MN		 8469static u8 calculate_name_len(struct hci_dev *hdev)
8470{
8471 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
8472
01ce70b0 8473 return eir_append_local_name(hdev, buf, 0);
f61851f6
MN		 8474}
8475
8476static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
8477 bool is_adv_data)
24b4f38f 8478{
4117ed70 8479 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 8480
31a3248d
MH		 8481 if (is_adv_data) {
8482 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
8483 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 8484 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 8485 max_len -= 3;
24b4f38f 8486
2bb36870 8487 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 8488 max_len -= 3;
7c295c48 8489 } else {
7c295c48 8490 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 8491 max_len -= calculate_name_len(hdev);
c4960ecf 8492
2bb36870 8493 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 8494 max_len -= 4;
5507e358
AU		 8495 }
8496
2bb36870
SJ		 8497 return max_len;
8498}
8499
8500static bool flags_managed(u32 adv_flags)
8501{
8502 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
8503 MGMT_ADV_FLAG_LIMITED_DISCOV |
8504 MGMT_ADV_FLAG_MANAGED_FLAGS);
8505}
8506
8507static bool tx_power_managed(u32 adv_flags)
8508{
8509 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
8510}
8511
8512static bool name_managed(u32 adv_flags)
8513{
8514 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
8515}
8516
8517static bool appearance_managed(u32 adv_flags)
8518{
8519 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
8520}
8521
f61851f6
MN		 8522static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
8523 u8 len, bool is_adv_data)
2bb36870
SJ		 8524{
8525 int i, cur_len;
8526 u8 max_len;
8527
f61851f6 8528 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 8529
4117ed70 8530 if (len > max_len)
24b4f38f
AU		 8531 return false;
8532
4117ed70 8533 /* Make sure that the data is correctly formatted. */
0ca8794a 8534 for (i = 0; i < len; i += (cur_len + 1)) {
4117ed70 8535 cur_len = data[i];
24b4f38f 8536
799acb93
LAD		 8537 if (!cur_len)
8538 continue;
8539
9c9db78d
SJ		 8540 if (data[i + 1] == EIR_FLAGS &&
8541 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 8542 return false;
8543
8544 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
8545 return false;
8546
8547 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
8548 return false;
8549
8550 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 8551 return false;
8552
2bb36870
SJ		 8553 if (data[i + 1] == EIR_APPEARANCE &&
8554 appearance_managed(adv_flags))
5507e358
AU		 8555 return false;
8556
24b4f38f
AU		 8557 /* If the current field length would exceed the total data
8558 * length, then it's invalid.
8559 */
4117ed70 8560 if (i + cur_len >= len)
24b4f38f
AU		 8561 return false;
8562 }
8563
8564 return true;
8565}
8566
12410572
DW		 8567static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
8568{
8569 u32 supported_flags, phy_flags;
8570
8571 /* The current implementation only supports a subset of the specified
8572 * flags. Also need to check mutual exclusiveness of sec flags.
8573 */
8574 supported_flags = get_supported_adv_flags(hdev);
8575 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
8576 if (adv_flags & ~supported_flags ||
8577 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
8578 return false;
8579
8580 return true;
8581}
8582
8583static bool adv_busy(struct hci_dev *hdev)
8584{
275f3f64 8585 return pending_find(MGMT_OP_SET_LE, hdev);
12410572
DW		 8586}
8587
cba6b758
LAD		 8588static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
8589 int err)
24b4f38f 8590{
cba6b758 8591 struct adv_info *adv, *n;
24b4f38f 8592
cba6b758 8593 bt_dev_dbg(hdev, "err %d", err);
24b4f38f
AU		 8594
8595 hci_dev_lock(hdev);
8596
cba6b758
LAD		 8597 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
8598 u8 instance;
24b4f38f 8599
cba6b758 8600 if (!adv->pending)
fffd38bc
FG		 8601 continue;
8602
cba6b758
LAD		 8603 if (!err) {
8604 adv->pending = false;
fffd38bc
FG		 8605 continue;
8606 }
8607
cba6b758 8608 instance = adv->instance;
fffd38bc
FG		 8609
8610 if (hdev->cur_adv_instance == instance)
8611 cancel_adv_timeout(hdev);
8612
8613 hci_remove_adv_instance(hdev, instance);
cba6b758 8614 mgmt_advertising_removed(sk, hdev, instance);
24b4f38f
AU		 8615 }
8616
cba6b758
LAD		 8617 hci_dev_unlock(hdev);
8618}
8619
8620static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
8621{
8622 struct mgmt_pending_cmd *cmd = data;
8623 struct mgmt_cp_add_advertising *cp = cmd->param;
8624 struct mgmt_rp_add_advertising rp;
8625
8626 memset(&rp, 0, sizeof(rp));
24b4f38f 8627
fffd38bc 8628 rp.instance = cp->instance;
24b4f38f 8629
cba6b758 8630 if (err)
24b4f38f 8631 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8632 mgmt_status(err));
24b4f38f
AU		 8633 else
8634 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8635 mgmt_status(err), &rp, sizeof(rp));
24b4f38f 8636
cba6b758 8637 add_adv_complete(hdev, cmd->sk, cp->instance, err);
24b4f38f 8638
cba6b758
LAD		 8639 mgmt_pending_free(cmd);
8640}
8641
8642static int add_advertising_sync(struct hci_dev *hdev, void *data)
8643{
8644 struct mgmt_pending_cmd *cmd = data;
8645 struct mgmt_cp_add_advertising *cp = cmd->param;
8646
8647 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
24b4f38f
AU		 8648}
8649
8650static int add_advertising(struct sock *sk, struct hci_dev *hdev,
8651 void *data, u16 data_len)
8652{
8653 struct mgmt_cp_add_advertising *cp = data;
8654 struct mgmt_rp_add_advertising rp;
8655 u32 flags;
8656 u8 status;
fffd38bc 8657 u16 timeout, duration;
4bd80d7a 8658 unsigned int prev_instance_cnt;
fffd38bc 8659 u8 schedule_instance = 0;
eca0ae4a 8660 struct adv_info *adv, *next_instance;
24b4f38f
AU		 8661 int err;
8662 struct mgmt_pending_cmd *cmd;
24b4f38f 8663
181d6953 8664 bt_dev_dbg(hdev, "sock %p", sk);
24b4f38f
AU		 8665
8666 status = mgmt_le_support(hdev);
8667 if (status)
8668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8669 status);
8670
87597482 8671 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
6a0e7807
JH		 8672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8673 MGMT_STATUS_INVALID_PARAMS);
8674
8675 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 8676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8677 MGMT_STATUS_INVALID_PARAMS);
8678
24b4f38f 8679 flags = __le32_to_cpu(cp->flags);
912098a6 8680 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 8681 duration = __le16_to_cpu(cp->duration);
24b4f38f 8682
12410572 8683 if (!requested_adv_flags_are_valid(hdev, flags))
24b4f38f
AU		 8684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8685 MGMT_STATUS_INVALID_PARAMS);
8686
8687 hci_dev_lock(hdev);
8688
912098a6
AU		 8689 if (timeout && !hdev_is_powered(hdev)) {
8690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8691 MGMT_STATUS_REJECTED);
8692 goto unlock;
8693 }
8694
12410572 8695 if (adv_busy(hdev)) {
24b4f38f
AU		 8696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8697 MGMT_STATUS_BUSY);
8698 goto unlock;
8699 }
8700
f61851f6
MN		 8701 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8702 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 8703 cp->scan_rsp_len, false)) {
24b4f38f
AU		 8704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8705 MGMT_STATUS_INVALID_PARAMS);
8706 goto unlock;
8707 }
8708
4bd80d7a
ND		 8709 prev_instance_cnt = hdev->adv_instance_cnt;
8710
eca0ae4a 8711 adv = hci_add_adv_instance(hdev, cp->instance, flags,
fffd38bc
FG		 8712 cp->adv_data_len, cp->data,
8713 cp->scan_rsp_len,
8714 cp->data + cp->adv_data_len,
9bf9f4b6
DW		 8715 timeout, duration,
8716 HCI_ADV_TX_POWER_NO_PREFERENCE,
8717 hdev->le_adv_min_interval,
b338d917 8718 hdev->le_adv_max_interval, 0);
eca0ae4a 8719 if (IS_ERR(adv)) {
fffd38bc
FG		 8720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8721 MGMT_STATUS_FAILED);
8722 goto unlock;
8723 }
24b4f38f 8724
fffd38bc
FG		 8725 /* Only trigger an advertising added event if a new instance was
8726 * actually added.
8727 */
8728 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 8729 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 8730
fffd38bc
FG		 8731 if (hdev->cur_adv_instance == cp->instance) {
8732 /* If the currently advertised instance is being changed then
8733 * cancel the current advertising and schedule the next
8734 * instance. If there is only one instance then the overridden
8735 * advertising data will be visible right away.
8736 */
8737 cancel_adv_timeout(hdev);
912098a6 8738
fffd38bc
FG		 8739 next_instance = hci_get_next_instance(hdev, cp->instance);
8740 if (next_instance)
8741 schedule_instance = next_instance->instance;
8742 } else if (!hdev->adv_instance_timeout) {
8743 /* Immediately advertise the new instance if no other
8744 * instance is currently being advertised.
8745 */
8746 schedule_instance = cp->instance;
8747 }
24b4f38f 8748
fffd38bc
FG		 8749 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8750 * there is no instance to be advertised then we have no HCI
8751 * communication to make. Simply return.
24b4f38f
AU		 8752 */
8753 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 8754 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8755 !schedule_instance) {
8756 rp.instance = cp->instance;
24b4f38f
AU		 8757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8758 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8759 goto unlock;
8760 }
8761
8762 /* We're good to go, update advertising data, parameters, and start
8763 * advertising.
8764 */
cba6b758 8765 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
24b4f38f
AU		 8766 data_len);
8767 if (!cmd) {
8768 err = -ENOMEM;
8769 goto unlock;
8770 }
8771
cba6b758 8772 cp->instance = schedule_instance;
24b4f38f 8773
cba6b758
LAD		 8774 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8775 add_advertising_complete);
8776 if (err < 0)
8777 mgmt_pending_free(cmd);
24b4f38f
AU		 8778
8779unlock:
8780 hci_dev_unlock(hdev);
8781
8782 return err;
8783}
8784
cba6b758
LAD		 8785static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8786 int err)
12410572 8787{
cba6b758
LAD		 8788 struct mgmt_pending_cmd *cmd = data;
8789 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
12410572 8790 struct mgmt_rp_add_ext_adv_params rp;
cba6b758 8791 struct adv_info *adv;
12410572
DW		 8792 u32 flags;
8793
8794 BT_DBG("%s", hdev->name);
8795
8796 hci_dev_lock(hdev);
8797
cba6b758
LAD		 8798 adv = hci_find_adv_instance(hdev, cp->instance);
8799 if (!adv)
12410572
DW		 8800 goto unlock;
8801
8802 rp.instance = cp->instance;
cba6b758 8803 rp.tx_power = adv->tx_power;
12410572
DW		 8804
8805 /* While we're at it, inform userspace of the available space for this
8806 * advertisement, given the flags that will be used.
8807 */
8808 flags = __le32_to_cpu(cp->flags);
8809 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8810 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8811
cba6b758 8812 if (err) {
12410572
DW		 8813 /* If this advertisement was previously advertising and we
8814 * failed to update it, we signal that it has been removed and
8815 * delete its structure
8816 */
cba6b758 8817 if (!adv->pending)
12410572
DW		 8818 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8819
8820 hci_remove_adv_instance(hdev, cp->instance);
8821
8822 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8823 mgmt_status(err));
12410572
DW		 8824 } else {
8825 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8826 mgmt_status(err), &rp, sizeof(rp));
12410572
DW		 8827 }
8828
8829unlock:
8830 if (cmd)
cba6b758 8831 mgmt_pending_free(cmd);
12410572
DW		 8832
8833 hci_dev_unlock(hdev);
8834}
8835
cba6b758
LAD		 8836static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8837{
8838 struct mgmt_pending_cmd *cmd = data;
8839 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8840
8841 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8842}
8843
12410572
DW		 8844static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8845 void *data, u16 data_len)
8846{
8847 struct mgmt_cp_add_ext_adv_params *cp = data;
8848 struct mgmt_rp_add_ext_adv_params rp;
8849 struct mgmt_pending_cmd *cmd = NULL;
eca0ae4a 8850 struct adv_info *adv;
12410572
DW		 8851 u32 flags, min_interval, max_interval;
8852 u16 timeout, duration;
8853 u8 status;
8854 s8 tx_power;
8855 int err;
8856
8857 BT_DBG("%s", hdev->name);
8858
8859 status = mgmt_le_support(hdev);
8860 if (status)
8861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8862 status);
8863
8864 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8866 MGMT_STATUS_INVALID_PARAMS);
8867
8868 /* The purpose of breaking add_advertising into two separate MGMT calls
8869 * for params and data is to allow more parameters to be added to this
8870 * structure in the future. For this reason, we verify that we have the
8871 * bare minimum structure we know of when the interface was defined. Any
8872 * extra parameters we don't know about will be ignored in this request.
8873 */
8874 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
3b1c7c00 8875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
12410572
DW		 8876 MGMT_STATUS_INVALID_PARAMS);
8877
8878 flags = __le32_to_cpu(cp->flags);
8879
8880 if (!requested_adv_flags_are_valid(hdev, flags))
8881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8882 MGMT_STATUS_INVALID_PARAMS);
8883
8884 hci_dev_lock(hdev);
8885
8886 /* In new interface, we require that we are powered to register */
8887 if (!hdev_is_powered(hdev)) {
8888 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8889 MGMT_STATUS_REJECTED);
8890 goto unlock;
8891 }
8892
8893 if (adv_busy(hdev)) {
8894 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8895 MGMT_STATUS_BUSY);
8896 goto unlock;
8897 }
8898
8899 /* Parse defined parameters from request, use defaults otherwise */
8900 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8901 __le16_to_cpu(cp->timeout) : 0;
8902
8903 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8904 __le16_to_cpu(cp->duration) :
8905 hdev->def_multi_adv_rotation_duration;
8906
8907 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8908 __le32_to_cpu(cp->min_interval) :
8909 hdev->le_adv_min_interval;
8910
8911 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8912 __le32_to_cpu(cp->max_interval) :
8913 hdev->le_adv_max_interval;
8914
8915 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8916 cp->tx_power :
8917 HCI_ADV_TX_POWER_NO_PREFERENCE;
8918
8919 /* Create advertising instance with no advertising or response data */
eca0ae4a
LAD		 8920 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
8921 timeout, duration, tx_power, min_interval,
b338d917 8922 max_interval, 0);
12410572 8923
eca0ae4a 8924 if (IS_ERR(adv)) {
12410572
DW		 8925 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8926 MGMT_STATUS_FAILED);
8927 goto unlock;
8928 }
8929
12410572
DW		 8930 /* Submit request for advertising params if ext adv available */
8931 if (ext_adv_capable(hdev)) {
cba6b758
LAD		 8932 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8933 data, data_len);
12410572
DW		 8934 if (!cmd) {
8935 err = -ENOMEM;
8936 hci_remove_adv_instance(hdev, cp->instance);
8937 goto unlock;
8938 }
8939
cba6b758
LAD		 8940 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8941 add_ext_adv_params_complete);
8942 if (err < 0)
8943 mgmt_pending_free(cmd);
12410572
DW		 8944 } else {
8945 rp.instance = cp->instance;
8946 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8947 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8948 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8949 err = mgmt_cmd_complete(sk, hdev->id,
8950 MGMT_OP_ADD_EXT_ADV_PARAMS,
8951 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8952 }
8953
8954unlock:
8955 hci_dev_unlock(hdev);
8956
8957 return err;
8958}
8959
cba6b758
LAD		 8960static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8961{
8962 struct mgmt_pending_cmd *cmd = data;
8963 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8964 struct mgmt_rp_add_advertising rp;
8965
8966 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8967
8968 memset(&rp, 0, sizeof(rp));
8969
8970 rp.instance = cp->instance;
8971
8972 if (err)
8973 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8974 mgmt_status(err));
8975 else
8976 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8977 mgmt_status(err), &rp, sizeof(rp));
8978
8979 mgmt_pending_free(cmd);
8980}
8981
8982static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8983{
8984 struct mgmt_pending_cmd *cmd = data;
8985 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8986 int err;
8987
8988 if (ext_adv_capable(hdev)) {
8989 err = hci_update_adv_data_sync(hdev, cp->instance);
8990 if (err)
8991 return err;
8992
8993 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8994 if (err)
8995 return err;
8996
8997 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8998 }
8999
9000 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
9001}
9002
12410572
DW		 9003static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
9004 u16 data_len)
9005{
9006 struct mgmt_cp_add_ext_adv_data *cp = data;
9007 struct mgmt_rp_add_ext_adv_data rp;
9008 u8 schedule_instance = 0;
9009 struct adv_info *next_instance;
9010 struct adv_info *adv_instance;
9011 int err = 0;
9012 struct mgmt_pending_cmd *cmd;
12410572
DW		 9013
9014 BT_DBG("%s", hdev->name);
9015
9016 hci_dev_lock(hdev);
9017
9018 adv_instance = hci_find_adv_instance(hdev, cp->instance);
9019
9020 if (!adv_instance) {
9021 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9022 MGMT_STATUS_INVALID_PARAMS);
9023 goto unlock;
9024 }
9025
9026 /* In new interface, we require that we are powered to register */
9027 if (!hdev_is_powered(hdev)) {
9028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9029 MGMT_STATUS_REJECTED);
9030 goto clear_new_instance;
9031 }
9032
9033 if (adv_busy(hdev)) {
9034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9035 MGMT_STATUS_BUSY);
9036 goto clear_new_instance;
9037 }
9038
9039 /* Validate new data */
9040 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
9041 cp->adv_data_len, true) ||
9042 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
9043 cp->adv_data_len, cp->scan_rsp_len, false)) {
9044 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9045 MGMT_STATUS_INVALID_PARAMS);
9046 goto clear_new_instance;
9047 }
9048
9049 /* Set the data in the advertising instance */
9050 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
9051 cp->data, cp->scan_rsp_len,
9052 cp->data + cp->adv_data_len);
9053
cba6b758
LAD		 9054 /* If using software rotation, determine next instance to use */
9055 if (hdev->cur_adv_instance == cp->instance) {
9056 /* If the currently advertised instance is being changed
9057 * then cancel the current advertising and schedule the
9058 * next instance. If there is only one instance then the
9059 * overridden advertising data will be visible right
9060 * away
9061 */
9062 cancel_adv_timeout(hdev);
12410572 9063
cba6b758
LAD		 9064 next_instance = hci_get_next_instance(hdev, cp->instance);
9065 if (next_instance)
9066 schedule_instance = next_instance->instance;
9067 } else if (!hdev->adv_instance_timeout) {
9068 /* Immediately advertise the new instance if no other
9069 * instance is currently being advertised.
12410572 9070 */
cba6b758
LAD		 9071 schedule_instance = cp->instance;
9072 }
12410572 9073
cba6b758
LAD		 9074 /* If the HCI_ADVERTISING flag is set or there is no instance to
9075 * be advertised then we have no HCI communication to make.
9076 * Simply return.
9077 */
9078 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
9079 if (adv_instance->pending) {
9080 mgmt_advertising_added(sk, hdev, cp->instance);
9081 adv_instance->pending = false;
9082 }
9083 rp.instance = cp->instance;
9084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9085 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9086 goto unlock;
12410572
DW		 9087 }
9088
cba6b758 9089 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
12410572
DW		 9090 data_len);
9091 if (!cmd) {
9092 err = -ENOMEM;
9093 goto clear_new_instance;
9094 }
9095
cba6b758
LAD		 9096 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
9097 add_ext_adv_data_complete);
12410572 9098 if (err < 0) {
cba6b758 9099 mgmt_pending_free(cmd);
12410572
DW		 9100 goto clear_new_instance;
9101 }
9102
9103 /* We were successful in updating data, so trigger advertising_added
9104 * event if this is an instance that wasn't previously advertising. If
9105 * a failure occurs in the requests we initiated, we will remove the
9106 * instance again in add_advertising_complete
9107 */
9108 if (adv_instance->pending)
9109 mgmt_advertising_added(sk, hdev, cp->instance);
9110
9111 goto unlock;
9112
9113clear_new_instance:
9114 hci_remove_adv_instance(hdev, cp->instance);
9115
9116unlock:
9117 hci_dev_unlock(hdev);
9118
9119 return err;
9120}
9121
cba6b758
LAD		 9122static void remove_advertising_complete(struct hci_dev *hdev, void *data,
9123 int err)
da929335 9124{
cba6b758
LAD		 9125 struct mgmt_pending_cmd *cmd = data;
9126 struct mgmt_cp_remove_advertising *cp = cmd->param;
da929335
AU		 9127 struct mgmt_rp_remove_advertising rp;
9128
cba6b758 9129 bt_dev_dbg(hdev, "err %d", err);
da929335 9130
cba6b758
LAD		 9131 memset(&rp, 0, sizeof(rp));
9132 rp.instance = cp->instance;
da929335 9133
cba6b758
LAD		 9134 if (err)
9135 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
9136 mgmt_status(err));
9137 else
9138 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
9139 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
da929335 9140
cba6b758
LAD		 9141 mgmt_pending_free(cmd);
9142}
da929335 9143
cba6b758
LAD		 9144static int remove_advertising_sync(struct hci_dev *hdev, void *data)
9145{
9146 struct mgmt_pending_cmd *cmd = data;
9147 struct mgmt_cp_remove_advertising *cp = cmd->param;
9148 int err;
da929335 9149
cba6b758
LAD		 9150 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
9151 if (err)
9152 return err;
9153
9154 if (list_empty(&hdev->adv_instances))
9155 err = hci_disable_advertising_sync(hdev);
9156
9157 return err;
da929335
AU		 9158}
9159
9160static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
9161 void *data, u16 data_len)
9162{
9163 struct mgmt_cp_remove_advertising *cp = data;
da929335 9164 struct mgmt_pending_cmd *cmd;
952497b1 9165 int err;
da929335 9166
181d6953 9167 bt_dev_dbg(hdev, "sock %p", sk);
da929335 9168
da929335
AU		 9169 hci_dev_lock(hdev);
9170
952497b1 9171 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 9172 err = mgmt_cmd_status(sk, hdev->id,
9173 MGMT_OP_REMOVE_ADVERTISING,
9174 MGMT_STATUS_INVALID_PARAMS);
9175 goto unlock;
9176 }
9177
275f3f64 9178 if (pending_find(MGMT_OP_SET_LE, hdev)) {
da929335
AU		 9179 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9180 MGMT_STATUS_BUSY);
9181 goto unlock;
9182 }
9183
17fd08ff 9184 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 9185 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9186 MGMT_STATUS_INVALID_PARAMS);
9187 goto unlock;
9188 }
9189
cba6b758 9190 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
da929335
AU		 9191 data_len);
9192 if (!cmd) {
9193 err = -ENOMEM;
9194 goto unlock;
9195 }
9196
cba6b758
LAD		 9197 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
9198 remove_advertising_complete);
da929335 9199 if (err < 0)
cba6b758 9200 mgmt_pending_free(cmd);
da929335
AU		 9201
9202unlock:
9203 hci_dev_unlock(hdev);
9204
9205 return err;
9206}
9207
40b25fe5
MH		 9208static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
9209 void *data, u16 data_len)
9210{
9211 struct mgmt_cp_get_adv_size_info *cp = data;
9212 struct mgmt_rp_get_adv_size_info rp;
9213 u32 flags, supported_flags;
40b25fe5 9214
181d6953 9215 bt_dev_dbg(hdev, "sock %p", sk);
40b25fe5
MH		 9216
9217 if (!lmp_le_capable(hdev))
9218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9219 MGMT_STATUS_REJECTED);
9220
87597482 9221 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
40b25fe5
MH		 9222 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9223 MGMT_STATUS_INVALID_PARAMS);
9224
9225 flags = __le32_to_cpu(cp->flags);
9226
9227 /* The current implementation only supports a subset of the specified
9228 * flags.
9229 */
9230 supported_flags = get_supported_adv_flags(hdev);
9231 if (flags & ~supported_flags)
9232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9233 MGMT_STATUS_INVALID_PARAMS);
9234
9235 rp.instance = cp->instance;
9236 rp.flags = cp->flags;
f61851f6
MN		 9237 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
9238 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5 9239
a6fbb2bf
MC		 9240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9241 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
40b25fe5
MH		 9242}
9243
6d785aa3 9244static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 9245 { NULL }, /* 0x0000 (no command) */
b9a245fb 9246 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 9247 HCI_MGMT_NO_HDEV |
9248 HCI_MGMT_UNTRUSTED },
b9a245fb 9249 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 9250 HCI_MGMT_NO_HDEV |
9251 HCI_MGMT_UNTRUSTED },
b9a245fb 9252 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 9253 HCI_MGMT_NO_HDEV |
9254 HCI_MGMT_UNTRUSTED },
9255 { read_controller_info, MGMT_READ_INFO_SIZE,
9256 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 9257 { set_powered, MGMT_SETTING_SIZE },
9258 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
9259 { set_connectable, MGMT_SETTING_SIZE },
9260 { set_fast_connectable, MGMT_SETTING_SIZE },
9261 { set_bondable, MGMT_SETTING_SIZE },
9262 { set_link_security, MGMT_SETTING_SIZE },
9263 { set_ssp, MGMT_SETTING_SIZE },
9264 { set_hs, MGMT_SETTING_SIZE },
9265 { set_le, MGMT_SETTING_SIZE },
9266 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
9267 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
9268 { add_uuid, MGMT_ADD_UUID_SIZE },
9269 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 9270 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
9271 HCI_MGMT_VAR_LEN },
9272 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
9273 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9274 { disconnect, MGMT_DISCONNECT_SIZE },
9275 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
9276 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
9277 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
9278 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
9279 { pair_device, MGMT_PAIR_DEVICE_SIZE },
9280 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
9281 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
9282 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
9283 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
9284 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
9285 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 9286 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
9287 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
9288 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9289 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
9290 { start_discovery, MGMT_START_DISCOVERY_SIZE },
9291 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
9292 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
9293 { block_device, MGMT_BLOCK_DEVICE_SIZE },
9294 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
9295 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
9296 { set_advertising, MGMT_SETTING_SIZE },
9297 { set_bredr, MGMT_SETTING_SIZE },
9298 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
9299 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
9300 { set_secure_conn, MGMT_SETTING_SIZE },
9301 { set_debug_keys, MGMT_SETTING_SIZE },
9302 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 9303 { load_irks, MGMT_LOAD_IRKS_SIZE,
9304 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9305 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
9306 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
9307 { add_device, MGMT_ADD_DEVICE_SIZE },
9308 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 9309 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
9310 HCI_MGMT_VAR_LEN },
9311 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 9312 HCI_MGMT_NO_HDEV |
9313 HCI_MGMT_UNTRUSTED },
b9a245fb 9314 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 9315 HCI_MGMT_UNCONFIGURED |
9316 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 9317 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
9318 HCI_MGMT_UNCONFIGURED },
9319 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
9320 HCI_MGMT_UNCONFIGURED },
9321 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
9322 HCI_MGMT_VAR_LEN },
4f0f155c 9323 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 9324 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 9325 HCI_MGMT_NO_HDEV |
9326 HCI_MGMT_UNTRUSTED },
d3d5305b 9327 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 9328 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
9329 HCI_MGMT_VAR_LEN },
da929335 9330 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 9331 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 9332 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 9333 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
9334 HCI_MGMT_UNTRUSTED },
c4960ecf 9335 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 9336 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 9337 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
600a8749
AM		 9338 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
9339 HCI_MGMT_VAR_LEN },
00bce3fb 9340 { set_wideband_speech, MGMT_SETTING_SIZE },
4d9b9528 9341 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
bc292258 9342 HCI_MGMT_UNTRUSTED },
a10c907c
MH		 9343 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
9344 HCI_MGMT_UNTRUSTED |
9345 HCI_MGMT_HDEV_OPTIONAL },
9346 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
9347 HCI_MGMT_VAR_LEN |
9348 HCI_MGMT_HDEV_OPTIONAL },
17896406
AM		 9349 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
9350 HCI_MGMT_UNTRUSTED },
9351 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
9352 HCI_MGMT_VAR_LEN },
aececa64
MH		 9353 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
9354 HCI_MGMT_UNTRUSTED },
9355 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
9356 HCI_MGMT_VAR_LEN },
4c54bf2b
APS		 9357 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
9358 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
e5e1e7fd 9359 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
b139553d
MC		 9360 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
9361 HCI_MGMT_VAR_LEN },
bd2fbc6c 9362 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
12410572
DW		 9363 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
9364 HCI_MGMT_VAR_LEN },
9365 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
9366 HCI_MGMT_VAR_LEN },
b4a221ea 9367 { add_adv_patterns_monitor_rssi,
1a0291f8
HC		 9368 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
9369 HCI_MGMT_VAR_LEN },
b338d917 9370 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
b4a221ea 9371 HCI_MGMT_VAR_LEN },
b338d917
BG		 9372 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
9373 { mesh_send, MGMT_MESH_SEND_SIZE,
9374 HCI_MGMT_VAR_LEN },
9375 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
0f4e68cf
JH		 9376};
9377
bf6b56db 9378void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 9379{
ced85549 9380 struct mgmt_ev_ext_index ev;
bb4b2a9a 9381
0602a8ad
MH		 9382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9383 return;
9384
f9207338 9385 switch (hdev->dev_type) {
ca8bee5d 9386 case HCI_PRIMARY:
f9207338
MH		 9387 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9388 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
9389 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 9390 ev.type = 0x01;
f9207338
MH		 9391 } else {
9392 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
9393 HCI_MGMT_INDEX_EVENTS);
ced85549 9394 ev.type = 0x00;
f9207338
MH		 9395 }
9396 break;
ced85549
MH		 9397 case HCI_AMP:
9398 ev.type = 0x02;
9399 break;
9400 default:
9401 return;
f9207338 9402 }
ced85549
MH		 9403
9404 ev.bus = hdev->bus;
9405
9406 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
9407 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 9408}
9409
bf6b56db 9410void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 9411{
ced85549 9412 struct mgmt_ev_ext_index ev;
5f159032 9413 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 9414
0602a8ad
MH		 9415 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9416 return;
9417
f9207338 9418 switch (hdev->dev_type) {
ca8bee5d 9419 case HCI_PRIMARY:
f9207338 9420 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 9421
f9207338
MH		 9422 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9423 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
9424 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 9425 ev.type = 0x01;
f9207338
MH		 9426 } else {
9427 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
9428 HCI_MGMT_INDEX_EVENTS);
ced85549 9429 ev.type = 0x00;
f9207338
MH		 9430 }
9431 break;
ced85549
MH		 9432 case HCI_AMP:
9433 ev.type = 0x02;
9434 break;
9435 default:
9436 return;
f9207338 9437 }
ced85549
MH		 9438
9439 ev.bus = hdev->bus;
9440
9441 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
9442 HCI_MGMT_EXT_INDEX_EVENTS);
0ef08313
BG		 9443
9444 /* Cancel any remaining timed work */
3f2893d3
TH		 9445 if (!hci_dev_test_flag(hdev, HCI_MGMT))
9446 return;
0ef08313
BG		 9447 cancel_delayed_work_sync(&hdev->discov_off);
9448 cancel_delayed_work_sync(&hdev->service_cache);
9449 cancel_delayed_work_sync(&hdev->rpa_expired);
eec8d2bc
JH		 9450}
9451
2ff13894 9452void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 9453{
9454 struct cmd_lookup match = { NULL, hdev };
9455
181d6953 9456 bt_dev_dbg(hdev, "err %d", err);
229ab39c 9457
2ff13894
JH		 9458 hci_dev_lock(hdev);
9459
9460 if (!err) {
af02dd44 9461 restart_le_actions(hdev);
ad383c2c 9462 hci_update_passive_scan(hdev);
162a3bac
MH		 9463 }
9464
229ab39c
JH		 9465 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9466
9467 new_settings(hdev, match.sk);
9468
229ab39c
JH		 9469 if (match.sk)
9470 sock_put(match.sk);
229ab39c 9471
2ff13894 9472 hci_dev_unlock(hdev);
70da6243 9473}
562fcc24 9474
2ff13894 9475void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 9476{
9477 struct cmd_lookup match = { NULL, hdev };
9845904f 9478 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 9479
229ab39c 9480 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 9481
9482 /* If the power off is because of hdev unregistration let
9483 * use the appropriate INVALID_INDEX status. Otherwise use
9484 * NOT_POWERED. We cover both scenarios here since later in
9485 * mgmt_index_removed() any hci_conn callbacks will have already
9486 * been triggered, potentially causing misleading DISCONNECTED
9487 * status responses.
9488 */
d7a5a11d 9489 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 9490 status = MGMT_STATUS_INVALID_INDEX;
9491 else
9492 status = MGMT_STATUS_NOT_POWERED;
9493
9494 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 9495
321c6fee 9496 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 9497 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
9498 zero_cod, sizeof(zero_cod),
9499 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 9500 ext_info_changed(hdev, NULL);
9501 }
229ab39c 9502
2ff13894 9503 new_settings(hdev, match.sk);
eec8d2bc
JH		 9504
9505 if (match.sk)
9506 sock_put(match.sk);
5add6af8 9507}
73f22f62 9508
3eec705e 9509void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 9510{
3b0602cd 9511 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 9512 u8 status;
9513
333ae95d 9514 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 9515 if (!cmd)
3eec705e 9516 return;
96570ffc
JH		 9517
9518 if (err == -ERFKILL)
9519 status = MGMT_STATUS_RFKILLED;
9520 else
9521 status = MGMT_STATUS_FAILED;
9522
a69e8375 9523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 9524
9525 mgmt_pending_remove(cmd);
96570ffc
JH		 9526}
9527
dc4a5ee2
MH		 9528void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
9529 bool persistent)
55ed8ca1 9530{
86742e1e 9531 struct mgmt_ev_new_link_key ev;
55ed8ca1 9532
a492cd52 9533 memset(&ev, 0, sizeof(ev));
55ed8ca1 9534
a492cd52 9535 ev.store_hint = persistent;
d753fdc4 9536 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 9537 ev.key.addr.type = BDADDR_BREDR;
a492cd52 9538 ev.key.type = key->type;
9b3b4460 9539 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 9540 ev.key.pin_len = key->pin_len;
55ed8ca1 9541
dc4a5ee2 9542 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 9543}
f7520543 9544
d7b25450
JH		 9545static u8 mgmt_ltk_type(struct smp_ltk *ltk)
9546{
23fb8de3
JH		 9547 switch (ltk->type) {
9548 case SMP_LTK:
fad646e1 9549 case SMP_LTK_RESPONDER:
23fb8de3
JH		 9550 if (ltk->authenticated)
9551 return MGMT_LTK_AUTHENTICATED;
9552 return MGMT_LTK_UNAUTHENTICATED;
9553 case SMP_LTK_P256:
9554 if (ltk->authenticated)
9555 return MGMT_LTK_P256_AUTH;
9556 return MGMT_LTK_P256_UNAUTH;
9557 case SMP_LTK_P256_DEBUG:
9558 return MGMT_LTK_P256_DEBUG;
9559 }
d7b25450
JH		 9560
9561 return MGMT_LTK_UNAUTHENTICATED;
9562}
9563
53ac6ab6 9564void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 9565{
9566 struct mgmt_ev_new_long_term_key ev;
9567
9568 memset(&ev, 0, sizeof(ev));
9569
5192d301 9570 /* Devices using resolvable or non-resolvable random addresses
f72186d2 9571 * without providing an identity resolving key don't require
5192d301
MH		 9572 * to store long term keys. Their addresses will change the
9573 * next time around.
9574 *
9575 * Only when a remote device provides an identity address
9576 * make sure the long term key is stored. If the remote
9577 * identity is known, the long term keys are internally
9578 * mapped to the identity address. So allow static random
9579 * and public addresses here.
9580 */
ba74b666
JH		 9581 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9582 (key->bdaddr.b[5] & 0xc0) != 0xc0)
9583 ev.store_hint = 0x00;
9584 else
53ac6ab6 9585 ev.store_hint = persistent;
ba74b666 9586
346af67b 9587 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 9588 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 9589 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 9590 ev.key.enc_size = key->enc_size;
9591 ev.key.ediv = key->ediv;
fe39c7b2 9592 ev.key.rand = key->rand;
346af67b 9593
2ceba539 9594 if (key->type == SMP_LTK)
fad646e1 9595 ev.key.initiator = 1;
346af67b 9596
1fc62c52
JH		 9597 /* Make sure we copy only the significant bytes based on the
9598 * encryption key size, and set the rest of the value to zeroes.
9599 */
cb92205b 9600 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 9601 memset(ev.key.val + key->enc_size, 0,
9602 sizeof(ev.key.val) - key->enc_size);
346af67b 9603
083368f7 9604 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 9605}
9606
cad20c27 9607void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 9608{
9609 struct mgmt_ev_new_irk ev;
9610
9611 memset(&ev, 0, sizeof(ev));
9612
cad20c27 9613 ev.store_hint = persistent;
bab6d1e5 9614
95fbac8a
JH		 9615 bacpy(&ev.rpa, &irk->rpa);
9616 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
9617 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
9618 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
9619
9620 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
9621}
9622
53ac6ab6
MH		 9623void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
9624 bool persistent)
7ee4ea36
MH		 9625{
9626 struct mgmt_ev_new_csrk ev;
9627
9628 memset(&ev, 0, sizeof(ev));
9629
9630 /* Devices using resolvable or non-resolvable random addresses
f72186d2 9631 * without providing an identity resolving key don't require
7ee4ea36
MH		 9632 * to store signature resolving keys. Their addresses will change
9633 * the next time around.
9634 *
9635 * Only when a remote device provides an identity address
9636 * make sure the signature resolving key is stored. So allow
9637 * static random and public addresses here.
9638 */
9639 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9640 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
9641 ev.store_hint = 0x00;
9642 else
53ac6ab6 9643 ev.store_hint = persistent;
7ee4ea36
MH		 9644
9645 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
9646 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 9647 ev.key.type = csrk->type;
7ee4ea36
MH		 9648 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
9649
9650 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
9651}
9652
ffb5a827 9653void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 9654 u8 bdaddr_type, u8 store_hint, u16 min_interval,
9655 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 9656{
9657 struct mgmt_ev_new_conn_param ev;
9658
c103aea6
JH		 9659 if (!hci_is_identity_address(bdaddr, bdaddr_type))
9660 return;
9661
ffb5a827
AG		 9662 memset(&ev, 0, sizeof(ev));
9663 bacpy(&ev.addr.bdaddr, bdaddr);
9664 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 9665 ev.store_hint = store_hint;
ffb5a827
AG		 9666 ev.min_interval = cpu_to_le16(min_interval);
9667 ev.max_interval = cpu_to_le16(max_interval);
9668 ev.latency = cpu_to_le16(latency);
9669 ev.timeout = cpu_to_le16(timeout);
9670
9671 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
9672}
9673
48ec92fa 9674void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
1c6ed31b 9675 u8 *name, u8 name_len)
f7520543 9676{
e9674143
LAD		 9677 struct sk_buff *skb;
9678 struct mgmt_ev_device_connected *ev;
b644ba33 9679 u16 eir_len = 0;
1c6ed31b 9680 u32 flags = 0;
f7520543 9681
ba17bb62 9682 /* allocate buff for LE or BR/EDR adv */
e9674143
LAD		 9683 if (conn->le_adv_data_len > 0)
9684 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
ba17bb62 9685 sizeof(*ev) + conn->le_adv_data_len);
e9674143
LAD		 9686 else
9687 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
ba17bb62
RB		 9688 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
9689 eir_precalc_len(sizeof(conn->dev_class)));
e9674143
LAD		 9690
9691 ev = skb_put(skb, sizeof(*ev));
48ec92fa
AA		 9692 bacpy(&ev->addr.bdaddr, &conn->dst);
9693 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 9694
1c6ed31b
YL		 9695 if (conn->out)
9696 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9697
c95f0ba7 9698 ev->flags = __cpu_to_le32(flags);
08c79b61 9699
fd45ada9
AA		 9700 /* We must ensure that the EIR Data fields are ordered and
9701 * unique. Keep it simple for now and avoid the problem by not
9702 * adding any BR/EDR data to the LE adv.
9703 */
9704 if (conn->le_adv_data_len > 0) {
e9674143 9705 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
fd45ada9
AA		 9706 eir_len = conn->le_adv_data_len;
9707 } else {
c2b2a1a7
RB		 9708 if (name)
9709 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
b644ba33 9710
c2b2a1a7
RB		 9711 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
9712 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
9713 conn->dev_class, sizeof(conn->dev_class));
fd45ada9 9714 }
b644ba33 9715
eb55ef07 9716 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 9717
e9674143 9718 mgmt_event_skb(skb, NULL);
f7520543
JH		 9719}
9720
3b0602cd 9721static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 9722{
8962ee74 9723 struct sock **sk = data;
8962ee74 9724
f5818c22 9725 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 9726
9727 *sk = cmd->sk;
9728 sock_hold(*sk);
9729
a664b5bc 9730 mgmt_pending_remove(cmd);
8962ee74
JH		 9731}
9732
3b0602cd 9733static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 9734{
b1078ad0 9735 struct hci_dev *hdev = data;
124f6e35 9736 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 9737
b1078ad0
JH		 9738 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9739
d8b7b1e4 9740 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 9741 mgmt_pending_remove(cmd);
9742}
9743
84c61d92
JH		 9744bool mgmt_powering_down(struct hci_dev *hdev)
9745{
3b0602cd 9746 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 9747 struct mgmt_mode *cp;
9748
333ae95d 9749 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 9750 if (!cmd)
9751 return false;
9752
9753 cp = cmd->param;
9754 if (!cp->val)
9755 return true;
9756
9757 return false;
9758}
9759
9b80ec5e 9760void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 9761 u8 link_type, u8 addr_type, u8 reason,
9762 bool mgmt_connected)
f7520543 9763{
f0d6a0ea 9764 struct mgmt_ev_device_disconnected ev;
8962ee74 9765 struct sock *sk = NULL;
8962ee74 9766
84c61d92
JH		 9767 /* The connection is still in hci_conn_hash so test for 1
9768 * instead of 0 to know if this is the last one.
9769 */
9770 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9771 cancel_delayed_work(&hdev->power_off);
9772 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 9773 }
9774
12d4a3b2
JH		 9775 if (!mgmt_connected)
9776 return;
9777
57eb776f
AG		 9778 if (link_type != ACL_LINK && link_type != LE_LINK)
9779 return;
9780
744cf19e 9781 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 9782
f0d6a0ea
MA		 9783 bacpy(&ev.addr.bdaddr, bdaddr);
9784 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9785 ev.reason = reason;
f7520543 9786
f0cfc486
APS		 9787 /* Report disconnects due to suspend */
9788 if (hdev->suspended)
9789 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9790
9b80ec5e 9791 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 9792
9793 if (sk)
d97dcb66 9794 sock_put(sk);
8962ee74 9795
124f6e35 9796 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 9797 hdev);
8962ee74
JH		 9798}
9799
7892924c
MH		 9800void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9801 u8 link_type, u8 addr_type, u8 status)
8962ee74 9802{
3655bba8
AG		 9803 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9804 struct mgmt_cp_disconnect *cp;
3b0602cd 9805 struct mgmt_pending_cmd *cmd;
8962ee74 9806
36a75f1b
JD		 9807 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9808 hdev);
9809
333ae95d 9810 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 9811 if (!cmd)
7892924c 9812 return;
8962ee74 9813
3655bba8
AG		 9814 cp = cmd->param;
9815
9816 if (bacmp(bdaddr, &cp->addr.bdaddr))
9817 return;
9818
9819 if (cp->addr.type != bdaddr_type)
9820 return;
9821
f5818c22 9822 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9823 mgmt_pending_remove(cmd);
f7520543 9824}
17d5c04c 9825
445608d0
MH		 9826void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9827 u8 addr_type, u8 status)
17d5c04c
JH		 9828{
9829 struct mgmt_ev_connect_failed ev;
c9910d0f 9830
84c61d92
JH		 9831 /* The connection is still in hci_conn_hash so test for 1
9832 * instead of 0 to know if this is the last one.
9833 */
9834 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9835 cancel_delayed_work(&hdev->power_off);
9836 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 9837 }
17d5c04c 9838
4c659c39 9839 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9840 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 9841 ev.status = mgmt_status(status);
17d5c04c 9842
445608d0 9843 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 9844}
980e1a53 9845
ce0e4a0d 9846void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 9847{
9848 struct mgmt_ev_pin_code_request ev;
9849
d8457698 9850 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 9851 ev.addr.type = BDADDR_BREDR;
a770bb5a 9852 ev.secure = secure;
980e1a53 9853
ce0e4a0d 9854 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 9855}
9856
e669cf80
MH		 9857void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9858 u8 status)
980e1a53 9859{
3b0602cd 9860 struct mgmt_pending_cmd *cmd;
980e1a53 9861
333ae95d 9862 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 9863 if (!cmd)
e669cf80 9864 return;
980e1a53 9865
7776d1d8 9866 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9867 mgmt_pending_remove(cmd);
980e1a53
JH		 9868}
9869
3eb38528
MH		 9870void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9871 u8 status)
980e1a53 9872{
3b0602cd 9873 struct mgmt_pending_cmd *cmd;
980e1a53 9874
333ae95d 9875 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 9876 if (!cmd)
3eb38528 9877 return;
980e1a53 9878
7776d1d8 9879 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9880 mgmt_pending_remove(cmd);
980e1a53 9881}
a5c29683 9882
744cf19e 9883int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 9884 u8 link_type, u8 addr_type, u32 value,
04124681 9885 u8 confirm_hint)
a5c29683
JH		 9886{
9887 struct mgmt_ev_user_confirm_request ev;
9888
181d6953 9889 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
a5c29683 9890
272d90df 9891 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9892 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 9893 ev.confirm_hint = confirm_hint;
39adbffe 9894 ev.value = cpu_to_le32(value);
a5c29683 9895
744cf19e 9896 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 9897 NULL);
a5c29683
JH		 9898}
9899
272d90df 9900int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 9901 u8 link_type, u8 addr_type)
604086b7
BG		 9902{
9903 struct mgmt_ev_user_passkey_request ev;
9904
181d6953 9905 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
604086b7 9906
272d90df 9907 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9908 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 9909
9910 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 9911 NULL);
604086b7
BG		 9912}
9913
0df4c185 9914static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 9915 u8 link_type, u8 addr_type, u8 status,
9916 u8 opcode)
a5c29683 9917{
3b0602cd 9918 struct mgmt_pending_cmd *cmd;
a5c29683 9919
333ae95d 9920 cmd = pending_find(opcode, hdev);
a5c29683
JH		 9921 if (!cmd)
9922 return -ENOENT;
9923
7776d1d8 9924 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9925 mgmt_pending_remove(cmd);
a5c29683 9926
7776d1d8 9927 return 0;
a5c29683
JH		 9928}
9929
744cf19e 9930int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9931 u8 link_type, u8 addr_type, u8 status)
a5c29683 9932{
272d90df 9933 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9934 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 9935}
9936
272d90df 9937int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9938 u8 link_type, u8 addr_type, u8 status)
a5c29683 9939{
272d90df 9940 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9941 status,
9942 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 9943}
2a611692 9944
604086b7 9945int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9946 u8 link_type, u8 addr_type, u8 status)
604086b7 9947{
272d90df 9948 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9949 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 9950}
9951
272d90df 9952int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9953 u8 link_type, u8 addr_type, u8 status)
604086b7 9954{
272d90df 9955 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9956 status,
9957 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 9958}
9959
92a25256
JH		 9960int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9961 u8 link_type, u8 addr_type, u32 passkey,
9962 u8 entered)
9963{
9964 struct mgmt_ev_passkey_notify ev;
9965
181d6953 9966 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
92a25256
JH		 9967
9968 bacpy(&ev.addr.bdaddr, bdaddr);
9969 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9970 ev.passkey = __cpu_to_le32(passkey);
9971 ev.entered = entered;
9972
9973 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9974}
9975
e1e930f5 9976void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 9977{
9978 struct mgmt_ev_auth_failed ev;
3b0602cd 9979 struct mgmt_pending_cmd *cmd;
e1e930f5 9980 u8 status = mgmt_status(hci_status);
2a611692 9981
e1e930f5
JH		 9982 bacpy(&ev.addr.bdaddr, &conn->dst);
9983 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9984 ev.status = status;
2a611692 9985
e1e930f5
JH		 9986 cmd = find_pairing(conn);
9987
9988 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9989 cmd ? cmd->sk : NULL);
9990
a511b35b
JH		 9991 if (cmd) {
9992 cmd->cmd_complete(cmd, status);
9993 mgmt_pending_remove(cmd);
9994 }
2a611692 9995}
b312b161 9996
464996ae 9997void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 9998{
9999 struct cmd_lookup match = { NULL, hdev };
464996ae 10000 bool changed;
33ef95ed
JH		 10001
10002 if (status) {
10003 u8 mgmt_err = mgmt_status(status);
10004 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 10005 cmd_status_rsp, &mgmt_err);
464996ae 10006 return;
33ef95ed
JH		 10007 }
10008
464996ae 10009 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 10010 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 10011 else
a69d8927 10012 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 10013
33ef95ed 10014 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 10015 &match);
33ef95ed 10016
47990ea0 10017 if (changed)
464996ae 10018 new_settings(hdev, match.sk);
33ef95ed
JH		 10019
10020 if (match.sk)
10021 sock_put(match.sk);
33ef95ed
JH		 10022}
10023
3b0602cd 10024static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 10025{
10026 struct cmd_lookup *match = data;
10027
90e70454
JH		 10028 if (match->sk == NULL) {
10029 match->sk = cmd->sk;
10030 sock_hold(match->sk);
10031 }
90e70454
JH		 10032}
10033
4e1b0245
MH		 10034void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
10035 u8 status)
7f9a903c 10036{
90e70454 10037 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 10038
92da6097
JH		 10039 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
10040 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
10041 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 10042
321c6fee 10043 if (!status) {
5504c3a3
MH		 10044 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
10045 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 10046 ext_info_changed(hdev, NULL);
10047 }
90e70454
JH		 10048
10049 if (match.sk)
10050 sock_put(match.sk);
7f9a903c
MH		 10051}
10052
7667da34 10053void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 10054{
b312b161 10055 struct mgmt_cp_set_local_name ev;
3b0602cd 10056 struct mgmt_pending_cmd *cmd;
28cc7bde 10057
13928971 10058 if (status)
7667da34 10059 return;
b312b161
JH		 10060
10061 memset(&ev, 0, sizeof(ev));
10062 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 10063 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 10064
333ae95d 10065 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 10066 if (!cmd) {
10067 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 10068
13928971
JH		 10069 /* If this is a HCI command related to powering on the
10070 * HCI dev don't send any mgmt signals.
10071 */
333ae95d 10072 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 10073 return;
890ea898 10074 }
b312b161 10075
5504c3a3
MH		 10076 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
10077 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 10078 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 10079}
c35938b2 10080
799ce93d
JP		 10081static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
10082{
10083 int i;
10084
10085 for (i = 0; i < uuid_count; i++) {
10086 if (!memcmp(uuid, uuids[i], 16))
10087 return true;
10088 }
10089
10090 return false;
10091}
10092
b487b9ce
MH		 10093static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
10094{
799ce93d
JP		 10095 u16 parsed = 0;
10096
10097 while (parsed < eir_len) {
10098 u8 field_len = eir[0];
10099 u8 uuid[16];
10100 int i;
10101
10102 if (field_len == 0)
10103 break;
10104
10105 if (eir_len - parsed < field_len + 1)
10106 break;
10107
10108 switch (eir[1]) {
10109 case EIR_UUID16_ALL:
10110 case EIR_UUID16_SOME:
10111 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 10112 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 10113 uuid[13] = eir[i + 3];
10114 uuid[12] = eir[i + 2];
10115 if (has_uuid(uuid, uuid_count, uuids))
10116 return true;
10117 }
10118 break;
10119 case EIR_UUID32_ALL:
10120 case EIR_UUID32_SOME:
10121 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 10122 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 10123 uuid[15] = eir[i + 5];
10124 uuid[14] = eir[i + 4];
10125 uuid[13] = eir[i + 3];
10126 uuid[12] = eir[i + 2];
10127 if (has_uuid(uuid, uuid_count, uuids))
10128 return true;
10129 }
10130 break;
10131 case EIR_UUID128_ALL:
10132 case EIR_UUID128_SOME:
10133 for (i = 0; i + 17 <= field_len; i += 16) {
10134 memcpy(uuid, eir + i + 2, 16);
10135 if (has_uuid(uuid, uuid_count, uuids))
10136 return true;
10137 }
10138 break;
10139 }
10140
10141 parsed += field_len + 1;
10142 eir += field_len + 1;
10143 }
10144
b487b9ce
MH		 10145 return false;
10146}
10147
4b0e0ced
JP		 10148static void restart_le_scan(struct hci_dev *hdev)
10149{
10150 /* If controller is not scanning we are done. */
d7a5a11d 10151 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 10152 return;
10153
10154 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
10155 hdev->discovery.scan_start +
10156 hdev->discovery.scan_duration))
10157 return;
10158
7c1fbed2 10159 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 10160 DISCOV_LE_RESTART_DELAY);
10161}
10162
48f86b7f
JP		 10163static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
10164 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 10165{
48f86b7f
JP		 10166 /* If a RSSI threshold has been specified, and
10167 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
10168 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
10169 * is set, let it through for further processing, as we might need to
10170 * restart the scan.
efb2513f
MH		 10171 *
10172 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
10173 * the results are also dropped.
bda157a4
MH		 10174 */
10175 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 10176 (rssi == HCI_RSSI_INVALID ||
10177 (rssi < hdev->discovery.rssi &&
10178 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 10179 return false;
efb2513f 10180
2976cdeb
JP		 10181 if (hdev->discovery.uuid_count != 0) {
10182 /* If a list of UUIDs is provided in filter, results with no
10183 * matching UUID should be dropped.
b487b9ce 10184 */
2976cdeb
JP		 10185 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
10186 hdev->discovery.uuids) &&
10187 !eir_has_uuids(scan_rsp, scan_rsp_len,
10188 hdev->discovery.uuid_count,
10189 hdev->discovery.uuids))
10190 return false;
b487b9ce 10191 }
5d2e9fad 10192
2976cdeb
JP		 10193 /* If duplicate filtering does not report RSSI changes, then restart
10194 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 10195 */
2976cdeb
JP		 10196 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
10197 restart_le_scan(hdev);
10198
10199 /* Validate RSSI value against the RSSI threshold once more. */
10200 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
10201 rssi < hdev->discovery.rssi)
10202 return false;
10203 }
48f86b7f
JP		 10204
10205 return true;
10206}
10207
8d7f1677
MM		 10208void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
10209 bdaddr_t *bdaddr, u8 addr_type)
10210{
10211 struct mgmt_ev_adv_monitor_device_lost ev;
10212
10213 ev.monitor_handle = cpu_to_le16(handle);
10214 bacpy(&ev.addr.bdaddr, bdaddr);
10215 ev.addr.type = addr_type;
10216
10217 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
10218 NULL);
10219}
10220
ff39fc1b
MM		 10221static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
10222 struct sk_buff *skb,
10223 struct sock *skip_sk,
10224 u16 handle)
10225{
10226 struct sk_buff *advmon_skb;
10227 size_t advmon_skb_len;
10228 __le16 *monitor_handle;
10229
10230 if (!skb)
10231 return;
10232
10233 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
10234 sizeof(struct mgmt_ev_device_found)) + skb->len;
10235 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
10236 advmon_skb_len);
10237 if (!advmon_skb)
10238 return;
10239
10240 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
10241 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
10242 * store monitor_handle of the matched monitor.
10243 */
10244 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
10245 *monitor_handle = cpu_to_le16(handle);
10246 skb_put_data(advmon_skb, skb->data, skb->len);
10247
10248 mgmt_event_skb(advmon_skb, skip_sk);
10249}
10250
8d7f1677
MM		 10251static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
10252 bdaddr_t *bdaddr, bool report_device,
10253 struct sk_buff *skb,
10254 struct sock *skip_sk)
10255{
8d7f1677
MM		 10256 struct monitored_device *dev, *tmp;
10257 bool matched = false;
ff39fc1b 10258 bool notified = false;
8d7f1677
MM		 10259
10260 /* We have received the Advertisement Report because:
10261 * 1. the kernel has initiated active discovery
10262 * 2. if not, we have pend_le_reports > 0 in which case we are doing
10263 * passive scanning
10264 * 3. if none of the above is true, we have one or more active
10265 * Advertisement Monitor
10266 *
10267 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
10268 * and report ONLY one advertisement per device for the matched Monitor
10269 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10270 *
10271 * For case 3, since we are not active scanning and all advertisements
10272 * received are due to a matched Advertisement Monitor, report all
10273 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10274 */
10275 if (report_device && !hdev->advmon_pend_notify) {
10276 mgmt_event_skb(skb, skip_sk);
10277 return;
10278 }
10279
8d7f1677
MM		 10280 hdev->advmon_pend_notify = false;
10281
10282 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
10283 if (!bacmp(&dev->bdaddr, bdaddr)) {
10284 matched = true;
10285
10286 if (!dev->notified) {
ff39fc1b
MM		 10287 mgmt_send_adv_monitor_device_found(hdev, skb,
10288 skip_sk,
10289 dev->handle);
10290 notified = true;
8d7f1677
MM		 10291 dev->notified = true;
10292 }
10293 }
10294
10295 if (!dev->notified)
10296 hdev->advmon_pend_notify = true;
10297 }
10298
10299 if (!report_device &&
ff39fc1b 10300 ((matched && !notified) || !msft_monitor_supported(hdev))) {
8d7f1677
MM		 10301 /* Handle 0 indicates that we are not active scanning and this
10302 * is a subsequent advertisement report for an already matched
10303 * Advertisement Monitor or the controller offloading support
10304 * is not available.
10305 */
ff39fc1b 10306 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
8d7f1677
MM		 10307 }
10308
10309 if (report_device)
10310 mgmt_event_skb(skb, skip_sk);
10311 else
10312 kfree_skb(skb);
8d7f1677
MM		 10313}
10314
b338d917
BG		 10315static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
10316 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
10317 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10318 u64 instant)
10319{
10320 struct sk_buff *skb;
10321 struct mgmt_ev_mesh_device_found *ev;
10322 int i, j;
10323
10324 if (!hdev->mesh_ad_types[0])
10325 goto accepted;
10326
10327 /* Scan for requested AD types */
10328 if (eir_len > 0) {
10329 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
10330 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10331 if (!hdev->mesh_ad_types[j])
10332 break;
10333
10334 if (hdev->mesh_ad_types[j] == eir[i + 1])
10335 goto accepted;
10336 }
10337 }
10338 }
10339
10340 if (scan_rsp_len > 0) {
10341 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
10342 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10343 if (!hdev->mesh_ad_types[j])
10344 break;
10345
10346 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
10347 goto accepted;
10348 }
10349 }
10350 }
10351
10352 return;
10353
10354accepted:
10355 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
10356 sizeof(*ev) + eir_len + scan_rsp_len);
10357 if (!skb)
10358 return;
10359
10360 ev = skb_put(skb, sizeof(*ev));
10361
10362 bacpy(&ev->addr.bdaddr, bdaddr);
10363 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
10364 ev->rssi = rssi;
10365 ev->flags = cpu_to_le32(flags);
10366 ev->instant = cpu_to_le64(instant);
10367
10368 if (eir_len > 0)
10369 /* Copy EIR or advertising data into event */
10370 skb_put_data(skb, eir, eir_len);
10371
10372 if (scan_rsp_len > 0)
10373 /* Append scan response data to event */
10374 skb_put_data(skb, scan_rsp, scan_rsp_len);
10375
10376 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
10377
10378 mgmt_event_skb(skb, NULL);
10379}
10380
48f86b7f
JP		 10381void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10382 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
b338d917
BG		 10383 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10384 u64 instant)
48f86b7f 10385{
cf1bce1d
LAD		 10386 struct sk_buff *skb;
10387 struct mgmt_ev_device_found *ev;
8d7f1677 10388 bool report_device = hci_discovery_active(hdev);
48f86b7f 10389
b338d917
BG		 10390 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
10391 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
10392 eir, eir_len, scan_rsp, scan_rsp_len,
10393 instant);
10394
48f86b7f
JP		 10395 /* Don't send events for a non-kernel initiated discovery. With
10396 * LE one exception is if we have pend_le_reports > 0 in which
10397 * case we're doing passive scanning and want these events.
10398 */
10399 if (!hci_discovery_active(hdev)) {
10400 if (link_type == ACL_LINK)
10401 return;
8d7f1677
MM		 10402 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
10403 report_device = true;
10404 else if (!hci_is_adv_monitoring(hdev))
48f86b7f
JP		 10405 return;
10406 }
10407
82f8b651 10408 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 10409 /* We are using service discovery */
10410 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
10411 scan_rsp_len))
10412 return;
10413 }
10414
78b781ca
JH		 10415 if (hdev->discovery.limited) {
10416 /* Check for limited discoverable bit */
10417 if (dev_class) {
10418 if (!(dev_class[1] & 0x20))
10419 return;
10420 } else {
10421 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
10422 if (!flags || !(flags[0] & LE_AD_LIMITED))
10423 return;
10424 }
10425 }
10426
cf1bce1d
LAD		 10427 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
10428 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10429 sizeof(*ev) + eir_len + scan_rsp_len + 5);
10430 if (!skb)
4b0e0ced
JP		 10431 return;
10432
cf1bce1d 10433 ev = skb_put(skb, sizeof(*ev));
48f86b7f
JP		 10434
10435 /* In case of device discovery with BR/EDR devices (pre 1.2), the
10436 * RSSI value was reported as 0 when not available. This behavior
10437 * is kept when using device discovery. This is required for full
10438 * backwards compatibility with the API.
10439 *
10440 * However when using service discovery, the value 127 will be
10441 * returned when the RSSI is not available.
10442 */
10443 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
10444 link_type == ACL_LINK)
10445 rssi = 0;
10446
10447 bacpy(&ev->addr.bdaddr, bdaddr);
10448 ev->addr.type = link_to_bdaddr(link_type, addr_type);
10449 ev->rssi = rssi;
10450 ev->flags = cpu_to_le32(flags);
10451
10452 if (eir_len > 0)
10453 /* Copy EIR or advertising data into event */
cf1bce1d
LAD		 10454 skb_put_data(skb, eir, eir_len);
10455
10456 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
10457 u8 eir_cod[5];
48f86b7f 10458
cf1bce1d
LAD		 10459 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
10460 dev_class, 3);
10461 skb_put_data(skb, eir_cod, sizeof(eir_cod));
10462 }
48f86b7f
JP		 10463
10464 if (scan_rsp_len > 0)
10465 /* Append scan response data to event */
cf1bce1d 10466 skb_put_data(skb, scan_rsp, scan_rsp_len);
48f86b7f 10467
5d2e9fad 10468 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
f8523598 10469
8d7f1677 10470 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
e17acd40 10471}
a88a9652 10472
9cf12aee
MH		 10473void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10474 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 10475{
cf1bce1d 10476 struct sk_buff *skb;
b644ba33 10477 struct mgmt_ev_device_found *ev;
ba17bb62
RB		 10478 u16 eir_len = 0;
10479 u32 flags = 0;
a88a9652 10480
ba17bb62
RB		 10481 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10482 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
b644ba33 10483
cf1bce1d 10484 ev = skb_put(skb, sizeof(*ev));
b644ba33 10485 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 10486 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 10487 ev->rssi = rssi;
10488
c2b2a1a7
RB		 10489 if (name)
10490 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
10491 else
ea13aed5 10492 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
b644ba33 10493
eb55ef07 10494 ev->eir_len = cpu_to_le16(eir_len);
ea13aed5 10495 ev->flags = cpu_to_le32(flags);
a88a9652 10496
cf1bce1d 10497 mgmt_event_skb(skb, NULL);
a88a9652 10498}
314b2381 10499
2f1e063b 10500void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 10501{
f963e8e9 10502 struct mgmt_ev_discovering ev;
164a6e78 10503
181d6953 10504 bt_dev_dbg(hdev, "discovering %u", discovering);
343fb145 10505
f963e8e9
JH		 10506 memset(&ev, 0, sizeof(ev));
10507 ev.type = hdev->discovery.type;
10508 ev.discovering = discovering;
10509
2f1e063b 10510 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 10511}
5e762444 10512
346ce5b7
APS		 10513void mgmt_suspending(struct hci_dev *hdev, u8 state)
10514{
10515 struct mgmt_ev_controller_suspend ev;
10516
10517 ev.suspend_state = state;
10518 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
10519}
10520
10521void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
10522 u8 addr_type)
10523{
10524 struct mgmt_ev_controller_resume ev;
10525
10526 ev.wake_reason = reason;
10527 if (bdaddr) {
10528 bacpy(&ev.addr.bdaddr, bdaddr);
10529 ev.addr.type = addr_type;
10530 } else {
10531 memset(&ev.addr, 0, sizeof(ev.addr));
10532 }
10533
10534 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
10535}
10536
6d785aa3
JH		 10537static struct hci_mgmt_chan chan = {
10538 .channel = HCI_CHANNEL_CONTROL,
10539 .handler_count = ARRAY_SIZE(mgmt_handlers),
10540 .handlers = mgmt_handlers,
88b94ce9 10541 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 10542};
10543
10544int mgmt_init(void)
10545{
10546 return hci_mgmt_chan_register(&chan);
10547}
10548
10549void mgmt_exit(void)
10550{
10551 hci_mgmt_chan_unregister(&chan);
10552}
b338d917
BG		 10553
10554void mgmt_cleanup(struct sock *sk)
10555{
10556 struct mgmt_mesh_tx *mesh_tx;
10557 struct hci_dev *hdev;
10558
10559 read_lock(&hci_dev_list_lock);
10560
10561 list_for_each_entry(hdev, &hci_dev_list, list) {
10562 do {
10563 mesh_tx = mgmt_mesh_next(hdev, sk);
10564
10565 if (mesh_tx)
10566 mesh_send_complete(hdev, mesh_tx, true);
10567 } while (mesh_tx);
10568 }
10569
10570 read_unlock(&hci_dev_list_lock);
10571}
A mirror of Linus' kernel repository