linux/net/bluetooth/mgmt.c
<<
>>
Prefs 
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3
   4   Copyright (C) 2010  Nokia Corporation
   5   Copyright (C) 2011-2012 Intel Corporation
   6
   7   This program is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU General Public License version 2 as
   9   published by the Free Software Foundation;
  10
  11   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22   SOFTWARE IS DISCLAIMED.
  23*/
  24
  25/* Bluetooth HCI Management interface */
  26
  27#include <linux/module.h>
  28#include <asm/unaligned.h>
  29
  30#include <net/bluetooth/bluetooth.h>
  31#include <net/bluetooth/hci_core.h>
  32#include <net/bluetooth/hci_sock.h>
  33#include <net/bluetooth/l2cap.h>
  34#include <net/bluetooth/mgmt.h>
  35
  36#include "hci_request.h"
  37#include "smp.h"
  38#include "mgmt_util.h"
  39#include "mgmt_config.h"
  40#include "msft.h"
  41
  42#define MGMT_VERSION    1
  43#define MGMT_REVISION   21
  44
  45static const u16 mgmt_commands[] = {
  46        MGMT_OP_READ_INDEX_LIST,
  47        MGMT_OP_READ_INFO,
  48        MGMT_OP_SET_POWERED,
  49        MGMT_OP_SET_DISCOVERABLE,
  50        MGMT_OP_SET_CONNECTABLE,
  51        MGMT_OP_SET_FAST_CONNECTABLE,
  52        MGMT_OP_SET_BONDABLE,
  53        MGMT_OP_SET_LINK_SECURITY,
  54        MGMT_OP_SET_SSP,
  55        MGMT_OP_SET_HS,
  56        MGMT_OP_SET_LE,
  57        MGMT_OP_SET_DEV_CLASS,
  58        MGMT_OP_SET_LOCAL_NAME,
  59        MGMT_OP_ADD_UUID,
  60        MGMT_OP_REMOVE_UUID,
  61        MGMT_OP_LOAD_LINK_KEYS,
  62        MGMT_OP_LOAD_LONG_TERM_KEYS,
  63        MGMT_OP_DISCONNECT,
  64        MGMT_OP_GET_CONNECTIONS,
  65        MGMT_OP_PIN_CODE_REPLY,
  66        MGMT_OP_PIN_CODE_NEG_REPLY,
  67        MGMT_OP_SET_IO_CAPABILITY,
  68        MGMT_OP_PAIR_DEVICE,
  69        MGMT_OP_CANCEL_PAIR_DEVICE,
  70        MGMT_OP_UNPAIR_DEVICE,
  71        MGMT_OP_USER_CONFIRM_REPLY,
  72        MGMT_OP_USER_CONFIRM_NEG_REPLY,
  73        MGMT_OP_USER_PASSKEY_REPLY,
  74        MGMT_OP_USER_PASSKEY_NEG_REPLY,
  75        MGMT_OP_READ_LOCAL_OOB_DATA,
  76        MGMT_OP_ADD_REMOTE_OOB_DATA,
  77        MGMT_OP_REMOVE_REMOTE_OOB_DATA,
  78        MGMT_OP_START_DISCOVERY,
  79        MGMT_OP_STOP_DISCOVERY,
  80        MGMT_OP_CONFIRM_NAME,
  81        MGMT_OP_BLOCK_DEVICE,
  82        MGMT_OP_UNBLOCK_DEVICE,
  83        MGMT_OP_SET_DEVICE_ID,
  84        MGMT_OP_SET_ADVERTISING,
  85        MGMT_OP_SET_BREDR,
  86        MGMT_OP_SET_STATIC_ADDRESS,
  87        MGMT_OP_SET_SCAN_PARAMS,
  88        MGMT_OP_SET_SECURE_CONN,
  89        MGMT_OP_SET_DEBUG_KEYS,
  90        MGMT_OP_SET_PRIVACY,
  91        MGMT_OP_LOAD_IRKS,
  92        MGMT_OP_GET_CONN_INFO,
  93        MGMT_OP_GET_CLOCK_INFO,
  94        MGMT_OP_ADD_DEVICE,
  95        MGMT_OP_REMOVE_DEVICE,
  96        MGMT_OP_LOAD_CONN_PARAM,
  97        MGMT_OP_READ_UNCONF_INDEX_LIST,
  98        MGMT_OP_READ_CONFIG_INFO,
  99        MGMT_OP_SET_EXTERNAL_CONFIG,
 100        MGMT_OP_SET_PUBLIC_ADDRESS,
 101        MGMT_OP_START_SERVICE_DISCOVERY,
 102        MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
 103        MGMT_OP_READ_EXT_INDEX_LIST,
 104        MGMT_OP_READ_ADV_FEATURES,
 105        MGMT_OP_ADD_ADVERTISING,
 106        MGMT_OP_REMOVE_ADVERTISING,
 107        MGMT_OP_GET_ADV_SIZE_INFO,
 108        MGMT_OP_START_LIMITED_DISCOVERY,
 109        MGMT_OP_READ_EXT_INFO,
 110        MGMT_OP_SET_APPEARANCE,
 111        MGMT_OP_GET_PHY_CONFIGURATION,
 112        MGMT_OP_SET_PHY_CONFIGURATION,
 113        MGMT_OP_SET_BLOCKED_KEYS,
 114        MGMT_OP_SET_WIDEBAND_SPEECH,
 115        MGMT_OP_READ_CONTROLLER_CAP,
 116        MGMT_OP_READ_EXP_FEATURES_INFO,
 117        MGMT_OP_SET_EXP_FEATURE,
 118        MGMT_OP_READ_DEF_SYSTEM_CONFIG,
 119        MGMT_OP_SET_DEF_SYSTEM_CONFIG,
 120        MGMT_OP_READ_DEF_RUNTIME_CONFIG,
 121        MGMT_OP_SET_DEF_RUNTIME_CONFIG,
 122        MGMT_OP_GET_DEVICE_FLAGS,
 123        MGMT_OP_SET_DEVICE_FLAGS,
 124        MGMT_OP_READ_ADV_MONITOR_FEATURES,
 125        MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
 126        MGMT_OP_REMOVE_ADV_MONITOR,
 127        MGMT_OP_ADD_EXT_ADV_PARAMS,
 128        MGMT_OP_ADD_EXT_ADV_DATA,
 129        MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
 130};
 131
 132static const u16 mgmt_events[] = {
 133        MGMT_EV_CONTROLLER_ERROR,
 134        MGMT_EV_INDEX_ADDED,
 135        MGMT_EV_INDEX_REMOVED,
 136        MGMT_EV_NEW_SETTINGS,
 137        MGMT_EV_CLASS_OF_DEV_CHANGED,
 138        MGMT_EV_LOCAL_NAME_CHANGED,
 139        MGMT_EV_NEW_LINK_KEY,
 140        MGMT_EV_NEW_LONG_TERM_KEY,
 141        MGMT_EV_DEVICE_CONNECTED,
 142        MGMT_EV_DEVICE_DISCONNECTED,
 143        MGMT_EV_CONNECT_FAILED,
 144        MGMT_EV_PIN_CODE_REQUEST,
 145        MGMT_EV_USER_CONFIRM_REQUEST,
 146        MGMT_EV_USER_PASSKEY_REQUEST,
 147        MGMT_EV_AUTH_FAILED,
 148        MGMT_EV_DEVICE_FOUND,
 149        MGMT_EV_DISCOVERING,
 150        MGMT_EV_DEVICE_BLOCKED,
 151        MGMT_EV_DEVICE_UNBLOCKED,
 152        MGMT_EV_DEVICE_UNPAIRED,
 153        MGMT_EV_PASSKEY_NOTIFY,
 154        MGMT_EV_NEW_IRK,
 155        MGMT_EV_NEW_CSRK,
 156        MGMT_EV_DEVICE_ADDED,
 157        MGMT_EV_DEVICE_REMOVED,
 158        MGMT_EV_NEW_CONN_PARAM,
 159        MGMT_EV_UNCONF_INDEX_ADDED,
 160        MGMT_EV_UNCONF_INDEX_REMOVED,
 161        MGMT_EV_NEW_CONFIG_OPTIONS,
 162        MGMT_EV_EXT_INDEX_ADDED,
 163        MGMT_EV_EXT_INDEX_REMOVED,
 164        MGMT_EV_LOCAL_OOB_DATA_UPDATED,
 165        MGMT_EV_ADVERTISING_ADDED,
 166        MGMT_EV_ADVERTISING_REMOVED,
 167        MGMT_EV_EXT_INFO_CHANGED,
 168        MGMT_EV_PHY_CONFIGURATION_CHANGED,
 169        MGMT_EV_EXP_FEATURE_CHANGED,
 170        MGMT_EV_DEVICE_FLAGS_CHANGED,
 171        MGMT_EV_ADV_MONITOR_ADDED,
 172        MGMT_EV_ADV_MONITOR_REMOVED,
 173        MGMT_EV_CONTROLLER_SUSPEND,
 174        MGMT_EV_CONTROLLER_RESUME,
 175};
 176
 177static const u16 mgmt_untrusted_commands[] = {
 178        MGMT_OP_READ_INDEX_LIST,
 179        MGMT_OP_READ_INFO,
 180        MGMT_OP_READ_UNCONF_INDEX_LIST,
 181        MGMT_OP_READ_CONFIG_INFO,
 182        MGMT_OP_READ_EXT_INDEX_LIST,
 183        MGMT_OP_READ_EXT_INFO,
 184        MGMT_OP_READ_CONTROLLER_CAP,
 185        MGMT_OP_READ_EXP_FEATURES_INFO,
 186        MGMT_OP_READ_DEF_SYSTEM_CONFIG,
 187        MGMT_OP_READ_DEF_RUNTIME_CONFIG,
 188};
 189
 190static const u16 mgmt_untrusted_events[] = {
 191        MGMT_EV_INDEX_ADDED,
 192        MGMT_EV_INDEX_REMOVED,
 193        MGMT_EV_NEW_SETTINGS,
 194        MGMT_EV_CLASS_OF_DEV_CHANGED,
 195        MGMT_EV_LOCAL_NAME_CHANGED,
 196        MGMT_EV_UNCONF_INDEX_ADDED,
 197        MGMT_EV_UNCONF_INDEX_REMOVED,
 198        MGMT_EV_NEW_CONFIG_OPTIONS,
 199        MGMT_EV_EXT_INDEX_ADDED,
 200        MGMT_EV_EXT_INDEX_REMOVED,
 201        MGMT_EV_EXT_INFO_CHANGED,
 202        MGMT_EV_EXP_FEATURE_CHANGED,
 203};
 204
 205#define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
 206
 207#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
 208                 "\x00\x00\x00\x00\x00\x00\x00\x00"
 209
 210/* HCI to MGMT error code conversion table */
 211static const u8 mgmt_status_table[] = {
 212        MGMT_STATUS_SUCCESS,
 213        MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
 214        MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
 215        MGMT_STATUS_FAILED,             /* Hardware Failure */
 216        MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
 217        MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
 218        MGMT_STATUS_AUTH_FAILED,        /* PIN or Key Missing */
 219        MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
 220        MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
 221        MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
 222        MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
 223        MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
 224        MGMT_STATUS_BUSY,               /* Command Disallowed */
 225        MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
 226        MGMT_STATUS_REJECTED,           /* Rejected Security */
 227        MGMT_STATUS_REJECTED,           /* Rejected Personal */
 228        MGMT_STATUS_TIMEOUT,            /* Host Timeout */
 229        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
 230        MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
 231        MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
 232        MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
 233        MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
 234        MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
 235        MGMT_STATUS_BUSY,               /* Repeated Attempts */
 236        MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
 237        MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
 238        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
 239        MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
 240        MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
 241        MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
 242        MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
 243        MGMT_STATUS_FAILED,             /* Unspecified Error */
 244        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
 245        MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
 246        MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
 247        MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
 248        MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
 249        MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
 250        MGMT_STATUS_FAILED,             /* Unit Link Key Used */
 251        MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
 252        MGMT_STATUS_TIMEOUT,            /* Instant Passed */
 253        MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
 254        MGMT_STATUS_FAILED,             /* Transaction Collision */
 255        MGMT_STATUS_FAILED,             /* Reserved for future use */
 256        MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
 257        MGMT_STATUS_REJECTED,           /* QoS Rejected */
 258        MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
 259        MGMT_STATUS_REJECTED,           /* Insufficient Security */
 260        MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
 261        MGMT_STATUS_FAILED,             /* Reserved for future use */
 262        MGMT_STATUS_BUSY,               /* Role Switch Pending */
 263        MGMT_STATUS_FAILED,             /* Reserved for future use */
 264        MGMT_STATUS_FAILED,             /* Slot Violation */
 265        MGMT_STATUS_FAILED,             /* Role Switch Failed */
 266        MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
 267        MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
 268        MGMT_STATUS_BUSY,               /* Host Busy Pairing */
 269        MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
 270        MGMT_STATUS_BUSY,               /* Controller Busy */
 271        MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
 272        MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
 273        MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
 274        MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
 275        MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
 276};
 277
 278static u8 mgmt_status(u8 hci_status)
 279{
 280        if (hci_status < ARRAY_SIZE(mgmt_status_table))
 281                return mgmt_status_table[hci_status];
 282
 283        return MGMT_STATUS_FAILED;
 284}
 285
 286static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
 287                            u16 len, int flag)
 288{
 289        return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
 290                               flag, NULL);
 291}
 292
 293static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
 294                              u16 len, int flag, struct sock *skip_sk)
 295{
 296        return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
 297                               flag, skip_sk);
 298}
 299
 300static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
 301                      struct sock *skip_sk)
 302{
 303        return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
 304                               HCI_SOCK_TRUSTED, skip_sk);
 305}
 306
 307static u8 le_addr_type(u8 mgmt_addr_type)
 308{
 309        if (mgmt_addr_type == BDADDR_LE_PUBLIC)
 310                return ADDR_LE_DEV_PUBLIC;
 311        else
 312                return ADDR_LE_DEV_RANDOM;
 313}
 314
 315void mgmt_fill_version_info(void *ver)
 316{
 317        struct mgmt_rp_read_version *rp = ver;
 318
 319        rp->version = MGMT_VERSION;
 320        rp->revision = cpu_to_le16(MGMT_REVISION);
 321}
 322
 323static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
 324                        u16 data_len)
 325{
 326        struct mgmt_rp_read_version rp;
 327
 328        bt_dev_dbg(hdev, "sock %p", sk);
 329
 330        mgmt_fill_version_info(&rp);
 331
 332        return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
 333                                 &rp, sizeof(rp));
 334}
 335
 336static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
 337                         u16 data_len)
 338{
 339        struct mgmt_rp_read_commands *rp;
 340        u16 num_commands, num_events;
 341        size_t rp_size;
 342        int i, err;
 343
 344        bt_dev_dbg(hdev, "sock %p", sk);
 345
 346        if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
 347                num_commands = ARRAY_SIZE(mgmt_commands);
 348                num_events = ARRAY_SIZE(mgmt_events);
 349        } else {
 350                num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
 351                num_events = ARRAY_SIZE(mgmt_untrusted_events);
 352        }
 353
 354        rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
 355
 356        rp = kmalloc(rp_size, GFP_KERNEL);
 357        if (!rp)
 358                return -ENOMEM;
 359
 360        rp->num_commands = cpu_to_le16(num_commands);
 361        rp->num_events = cpu_to_le16(num_events);
 362
 363        if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
 364                __le16 *opcode = rp->opcodes;
 365
 366                for (i = 0; i < num_commands; i++, opcode++)
 367                        put_unaligned_le16(mgmt_commands[i], opcode);
 368
 369                for (i = 0; i < num_events; i++, opcode++)
 370                        put_unaligned_le16(mgmt_events[i], opcode);
 371        } else {
 372                __le16 *opcode = rp->opcodes;
 373
 374                for (i = 0; i < num_commands; i++, opcode++)
 375                        put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
 376
 377                for (i = 0; i < num_events; i++, opcode++)
 378                        put_unaligned_le16(mgmt_untrusted_events[i], opcode);
 379        }
 380
 381        err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
 382                                rp, rp_size);
 383        kfree(rp);
 384
 385        return err;
 386}
 387
 388static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
 389                           u16 data_len)
 390{
 391        struct mgmt_rp_read_index_list *rp;
 392        struct hci_dev *d;
 393        size_t rp_len;
 394        u16 count;
 395        int err;
 396
 397        bt_dev_dbg(hdev, "sock %p", sk);
 398
 399        read_lock(&hci_dev_list_lock);
 400
 401        count = 0;
 402        list_for_each_entry(d, &hci_dev_list, list) {
 403                if (d->dev_type == HCI_PRIMARY &&
 404                    !hci_dev_test_flag(d, HCI_UNCONFIGURED))
 405                        count++;
 406        }
 407
 408        rp_len = sizeof(*rp) + (2 * count);
 409        rp = kmalloc(rp_len, GFP_ATOMIC);
 410        if (!rp) {
 411                read_unlock(&hci_dev_list_lock);
 412                return -ENOMEM;
 413        }
 414
 415        count = 0;
 416        list_for_each_entry(d, &hci_dev_list, list) {
 417                if (hci_dev_test_flag(d, HCI_SETUP) ||
 418                    hci_dev_test_flag(d, HCI_CONFIG) ||
 419                    hci_dev_test_flag(d, HCI_USER_CHANNEL))
 420                        continue;
 421
 422                /* Devices marked as raw-only are neither configured
 423                 * nor unconfigured controllers.
 424                 */
 425                if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
 426                        continue;
 427
 428                if (d->dev_type == HCI_PRIMARY &&
 429                    !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
 430                        rp->index[count++] = cpu_to_le16(d->id);
 431                        bt_dev_dbg(hdev, "Added hci%u", d->id);
 432                }
 433        }
 434
 435        rp->num_controllers = cpu_to_le16(count);
 436        rp_len = sizeof(*rp) + (2 * count);
 437
 438        read_unlock(&hci_dev_list_lock);
 439
 440        err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
 441                                0, rp, rp_len);
 442
 443        kfree(rp);
 444
 445        return err;
 446}
 447
 448static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
 449                                  void *data, u16 data_len)
 450{
 451        struct mgmt_rp_read_unconf_index_list *rp;
 452        struct hci_dev *d;
 453        size_t rp_len;
 454        u16 count;
 455        int err;
 456
 457        bt_dev_dbg(hdev, "sock %p", sk);
 458
 459        read_lock(&hci_dev_list_lock);
 460
 461        count = 0;
 462        list_for_each_entry(d, &hci_dev_list, list) {
 463                if (d->dev_type == HCI_PRIMARY &&
 464                    hci_dev_test_flag(d, HCI_UNCONFIGURED))
 465                        count++;
 466        }
 467
 468        rp_len = sizeof(*rp) + (2 * count);
 469        rp = kmalloc(rp_len, GFP_ATOMIC);
 470        if (!rp) {
 471                read_unlock(&hci_dev_list_lock);
 472                return -ENOMEM;
 473        }
 474
 475        count = 0;
 476        list_for_each_entry(d, &hci_dev_list, list) {
 477                if (hci_dev_test_flag(d, HCI_SETUP) ||
 478                    hci_dev_test_flag(d, HCI_CONFIG) ||
 479                    hci_dev_test_flag(d, HCI_USER_CHANNEL))
 480                        continue;
 481
 482                /* Devices marked as raw-only are neither configured
 483                 * nor unconfigured controllers.
 484                 */
 485                if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
 486                        continue;
 487
 488                if (d->dev_type == HCI_PRIMARY &&
 489                    hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
 490                        rp->index[count++] = cpu_to_le16(d->id);
 491                        bt_dev_dbg(hdev, "Added hci%u", d->id);
 492                }
 493        }
 494
 495        rp->num_controllers = cpu_to_le16(count);
 496        rp_len = sizeof(*rp) + (2 * count);
 497
 498        read_unlock(&hci_dev_list_lock);
 499
 500        err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
 501                                MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
 502
 503        kfree(rp);
 504
 505        return err;
 506}
 507
 508static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
 509                               void *data, u16 data_len)
 510{
 511        struct mgmt_rp_read_ext_index_list *rp;
 512        struct hci_dev *d;
 513        u16 count;
 514        int err;
 515
 516        bt_dev_dbg(hdev, "sock %p", sk);
 517
 518        read_lock(&hci_dev_list_lock);
 519
 520        count = 0;
 521        list_for_each_entry(d, &hci_dev_list, list) {
 522                if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
 523                        count++;
 524        }
 525
 526        rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
 527        if (!rp) {
 528                read_unlock(&hci_dev_list_lock);
 529                return -ENOMEM;
 530        }
 531
 532        count = 0;
 533        list_for_each_entry(d, &hci_dev_list, list) {
 534                if (hci_dev_test_flag(d, HCI_SETUP) ||
 535                    hci_dev_test_flag(d, HCI_CONFIG) ||
 536                    hci_dev_test_flag(d, HCI_USER_CHANNEL))
 537                        continue;
 538
 539                /* Devices marked as raw-only are neither configured
 540                 * nor unconfigured controllers.
 541                 */
 542                if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
 543                        continue;
 544
 545                if (d->dev_type == HCI_PRIMARY) {
 546                        if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
 547                                rp->entry[count].type = 0x01;
 548                        else
 549                                rp->entry[count].type = 0x00;
 550                } else if (d->dev_type == HCI_AMP) {
 551                        rp->entry[count].type = 0x02;
 552                } else {
 553                        continue;
 554                }
 555
 556                rp->entry[count].bus = d->bus;
 557                rp->entry[count++].index = cpu_to_le16(d->id);
 558                bt_dev_dbg(hdev, "Added hci%u", d->id);
 559        }
 560
 561        rp->num_controllers = cpu_to_le16(count);
 562
 563        read_unlock(&hci_dev_list_lock);
 564
 565        /* If this command is called at least once, then all the
 566         * default index and unconfigured index events are disabled
 567         * and from now on only extended index events are used.
 568         */
 569        hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
 570        hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
 571        hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
 572
 573        err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
 574                                MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
 575                                struct_size(rp, entry, count));
 576
 577        kfree(rp);
 578
 579        return err;
 580}
 581
 582static bool is_configured(struct hci_dev *hdev)
 583{
 584        if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
 585            !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
 586                return false;
 587
 588        if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
 589             test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
 590            !bacmp(&hdev->public_addr, BDADDR_ANY))
 591                return false;
 592
 593        return true;
 594}
 595
 596static __le32 get_missing_options(struct hci_dev *hdev)
 597{
 598        u32 options = 0;
 599
 600        if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
 601            !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
 602                options |= MGMT_OPTION_EXTERNAL_CONFIG;
 603
 604        if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
 605             test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
 606            !bacmp(&hdev->public_addr, BDADDR_ANY))
 607                options |= MGMT_OPTION_PUBLIC_ADDRESS;
 608
 609        return cpu_to_le32(options);
 610}
 611
 612static int new_options(struct hci_dev *hdev, struct sock *skip)
 613{
 614        __le32 options = get_missing_options(hdev);
 615
 616        return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
 617                                  sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
 618}
 619
 620static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
 621{
 622        __le32 options = get_missing_options(hdev);
 623
 624        return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
 625                                 sizeof(options));
 626}
 627
 628static int read_config_info(struct sock *sk, struct hci_dev *hdev,
 629                            void *data, u16 data_len)
 630{
 631        struct mgmt_rp_read_config_info rp;
 632        u32 options = 0;
 633
 634        bt_dev_dbg(hdev, "sock %p", sk);
 635
 636        hci_dev_lock(hdev);
 637
 638        memset(&rp, 0, sizeof(rp));
 639        rp.manufacturer = cpu_to_le16(hdev->manufacturer);
 640
 641        if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
 642                options |= MGMT_OPTION_EXTERNAL_CONFIG;
 643
 644        if (hdev->set_bdaddr)
 645                options |= MGMT_OPTION_PUBLIC_ADDRESS;
 646
 647        rp.supported_options = cpu_to_le32(options);
 648        rp.missing_options = get_missing_options(hdev);
 649
 650        hci_dev_unlock(hdev);
 651
 652        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
 653                                 &rp, sizeof(rp));
 654}
 655
 656static u32 get_supported_phys(struct hci_dev *hdev)
 657{
 658        u32 supported_phys = 0;
 659
 660        if (lmp_bredr_capable(hdev)) {
 661                supported_phys |= MGMT_PHY_BR_1M_1SLOT;
 662
 663                if (hdev->features[0][0] & LMP_3SLOT)
 664                        supported_phys |= MGMT_PHY_BR_1M_3SLOT;
 665
 666                if (hdev->features[0][0] & LMP_5SLOT)
 667                        supported_phys |= MGMT_PHY_BR_1M_5SLOT;
 668
 669                if (lmp_edr_2m_capable(hdev)) {
 670                        supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
 671
 672                        if (lmp_edr_3slot_capable(hdev))
 673                                supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
 674
 675                        if (lmp_edr_5slot_capable(hdev))
 676                                supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
 677
 678                        if (lmp_edr_3m_capable(hdev)) {
 679                                supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
 680
 681                                if (lmp_edr_3slot_capable(hdev))
 682                                        supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
 683
 684                                if (lmp_edr_5slot_capable(hdev))
 685                                        supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
 686                        }
 687                }
 688        }
 689
 690        if (lmp_le_capable(hdev)) {
 691                supported_phys |= MGMT_PHY_LE_1M_TX;
 692                supported_phys |= MGMT_PHY_LE_1M_RX;
 693
 694                if (hdev->le_features[1] & HCI_LE_PHY_2M) {
 695                        supported_phys |= MGMT_PHY_LE_2M_TX;
 696                        supported_phys |= MGMT_PHY_LE_2M_RX;
 697                }
 698
 699                if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
 700                        supported_phys |= MGMT_PHY_LE_CODED_TX;
 701                        supported_phys |= MGMT_PHY_LE_CODED_RX;
 702                }
 703        }
 704
 705        return supported_phys;
 706}
 707
 708static u32 get_selected_phys(struct hci_dev *hdev)
 709{
 710        u32 selected_phys = 0;
 711
 712        if (lmp_bredr_capable(hdev)) {
 713                selected_phys |= MGMT_PHY_BR_1M_1SLOT;
 714
 715                if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
 716                        selected_phys |= MGMT_PHY_BR_1M_3SLOT;
 717
 718                if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
 719                        selected_phys |= MGMT_PHY_BR_1M_5SLOT;
 720
 721                if (lmp_edr_2m_capable(hdev)) {
 722                        if (!(hdev->pkt_type & HCI_2DH1))
 723                                selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
 724
 725                        if (lmp_edr_3slot_capable(hdev) &&
 726                            !(hdev->pkt_type & HCI_2DH3))
 727                                selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
 728
 729                        if (lmp_edr_5slot_capable(hdev) &&
 730                            !(hdev->pkt_type & HCI_2DH5))
 731                                selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
 732
 733                        if (lmp_edr_3m_capable(hdev)) {
 734                                if (!(hdev->pkt_type & HCI_3DH1))
 735                                        selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
 736
 737                                if (lmp_edr_3slot_capable(hdev) &&
 738                                    !(hdev->pkt_type & HCI_3DH3))
 739                                        selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
 740
 741                                if (lmp_edr_5slot_capable(hdev) &&
 742                                    !(hdev->pkt_type & HCI_3DH5))
 743                                        selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
 744                        }
 745                }
 746        }
 747
 748        if (lmp_le_capable(hdev)) {
 749                if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
 750                        selected_phys |= MGMT_PHY_LE_1M_TX;
 751
 752                if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
 753                        selected_phys |= MGMT_PHY_LE_1M_RX;
 754
 755                if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
 756                        selected_phys |= MGMT_PHY_LE_2M_TX;
 757
 758                if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
 759                        selected_phys |= MGMT_PHY_LE_2M_RX;
 760
 761                if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
 762                        selected_phys |= MGMT_PHY_LE_CODED_TX;
 763
 764                if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
 765                        selected_phys |= MGMT_PHY_LE_CODED_RX;
 766        }
 767
 768        return selected_phys;
 769}
 770
 771static u32 get_configurable_phys(struct hci_dev *hdev)
 772{
 773        return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
 774                ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
 775}
 776
 777static u32 get_supported_settings(struct hci_dev *hdev)
 778{
 779        u32 settings = 0;
 780
 781        settings |= MGMT_SETTING_POWERED;
 782        settings |= MGMT_SETTING_BONDABLE;
 783        settings |= MGMT_SETTING_DEBUG_KEYS;
 784        settings |= MGMT_SETTING_CONNECTABLE;
 785        settings |= MGMT_SETTING_DISCOVERABLE;
 786
 787        if (lmp_bredr_capable(hdev)) {
 788                if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
 789                        settings |= MGMT_SETTING_FAST_CONNECTABLE;
 790                settings |= MGMT_SETTING_BREDR;
 791                settings |= MGMT_SETTING_LINK_SECURITY;
 792
 793                if (lmp_ssp_capable(hdev)) {
 794                        settings |= MGMT_SETTING_SSP;
 795                        if (IS_ENABLED(CONFIG_BT_HS))
 796                                settings |= MGMT_SETTING_HS;
 797                }
 798
 799                if (lmp_sc_capable(hdev))
 800                        settings |= MGMT_SETTING_SECURE_CONN;
 801
 802                if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
 803                             &hdev->quirks))
 804                        settings |= MGMT_SETTING_WIDEBAND_SPEECH;
 805        }
 806
 807        if (lmp_le_capable(hdev)) {
 808                settings |= MGMT_SETTING_LE;
 809                settings |= MGMT_SETTING_SECURE_CONN;
 810                settings |= MGMT_SETTING_PRIVACY;
 811                settings |= MGMT_SETTING_STATIC_ADDRESS;
 812
 813                /* When the experimental feature for LL Privacy support is
 814                 * enabled, then advertising is no longer supported.
 815                 */
 816                if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
 817                        settings |= MGMT_SETTING_ADVERTISING;
 818        }
 819
 820        if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
 821            hdev->set_bdaddr)
 822                settings |= MGMT_SETTING_CONFIGURATION;
 823
 824        settings |= MGMT_SETTING_PHY_CONFIGURATION;
 825
 826        return settings;
 827}
 828
 829static u32 get_current_settings(struct hci_dev *hdev)
 830{
 831        u32 settings = 0;
 832
 833        if (hdev_is_powered(hdev))
 834                settings |= MGMT_SETTING_POWERED;
 835
 836        if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
 837                settings |= MGMT_SETTING_CONNECTABLE;
 838
 839        if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
 840                settings |= MGMT_SETTING_FAST_CONNECTABLE;
 841
 842        if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
 843                settings |= MGMT_SETTING_DISCOVERABLE;
 844
 845        if (hci_dev_test_flag(hdev, HCI_BONDABLE))
 846                settings |= MGMT_SETTING_BONDABLE;
 847
 848        if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
 849                settings |= MGMT_SETTING_BREDR;
 850
 851        if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
 852                settings |= MGMT_SETTING_LE;
 853
 854        if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
 855                settings |= MGMT_SETTING_LINK_SECURITY;
 856
 857        if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
 858                settings |= MGMT_SETTING_SSP;
 859
 860        if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
 861                settings |= MGMT_SETTING_HS;
 862
 863        if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
 864                settings |= MGMT_SETTING_ADVERTISING;
 865
 866        if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
 867                settings |= MGMT_SETTING_SECURE_CONN;
 868
 869        if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
 870                settings |= MGMT_SETTING_DEBUG_KEYS;
 871
 872        if (hci_dev_test_flag(hdev, HCI_PRIVACY))
 873                settings |= MGMT_SETTING_PRIVACY;
 874
 875        /* The current setting for static address has two purposes. The
 876         * first is to indicate if the static address will be used and
 877         * the second is to indicate if it is actually set.
 878         *
 879         * This means if the static address is not configured, this flag
 880         * will never be set. If the address is configured, then if the
 881         * address is actually used decides if the flag is set or not.
 882         *
 883         * For single mode LE only controllers and dual-mode controllers
 884         * with BR/EDR disabled, the existence of the static address will
 885         * be evaluated.
 886         */
 887        if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
 888            !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
 889            !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
 890                if (bacmp(&hdev->static_addr, BDADDR_ANY))
 891                        settings |= MGMT_SETTING_STATIC_ADDRESS;
 892        }
 893
 894        if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
 895                settings |= MGMT_SETTING_WIDEBAND_SPEECH;
 896
 897        return settings;
 898}
 899
 900static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
 901{
 902        return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
 903}
 904
 905static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
 906                                                  struct hci_dev *hdev,
 907                                                  const void *data)
 908{
 909        return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
 910}
 911
 912u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
 913{
 914        struct mgmt_pending_cmd *cmd;
 915
 916        /* If there's a pending mgmt command the flags will not yet have
 917         * their final values, so check for this first.
 918         */
 919        cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
 920        if (cmd) {
 921                struct mgmt_mode *cp = cmd->param;
 922                if (cp->val == 0x01)
 923                        return LE_AD_GENERAL;
 924                else if (cp->val == 0x02)
 925                        return LE_AD_LIMITED;
 926        } else {
 927                if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
 928                        return LE_AD_LIMITED;
 929                else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
 930                        return LE_AD_GENERAL;
 931        }
 932
 933        return 0;
 934}
 935
 936bool mgmt_get_connectable(struct hci_dev *hdev)
 937{
 938        struct mgmt_pending_cmd *cmd;
 939
 940        /* If there's a pending mgmt command the flag will not yet have
 941         * it's final value, so check for this first.
 942         */
 943        cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
 944        if (cmd) {
 945                struct mgmt_mode *cp = cmd->param;
 946
 947                return cp->val;
 948        }
 949
 950        return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
 951}
 952
 953static void service_cache_off(struct work_struct *work)
 954{
 955        struct hci_dev *hdev = container_of(work, struct hci_dev,
 956                                            service_cache.work);
 957        struct hci_request req;
 958
 959        if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
 960                return;
 961
 962        hci_req_init(&req, hdev);
 963
 964        hci_dev_lock(hdev);
 965
 966        __hci_req_update_eir(&req);
 967        __hci_req_update_class(&req);
 968
 969        hci_dev_unlock(hdev);
 970
 971        hci_req_run(&req, NULL);
 972}
 973
 974static void rpa_expired(struct work_struct *work)
 975{
 976        struct hci_dev *hdev = container_of(work, struct hci_dev,
 977                                            rpa_expired.work);
 978        struct hci_request req;
 979
 980        bt_dev_dbg(hdev, "");
 981
 982        hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
 983
 984        if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
 985                return;
 986
 987        /* The generation of a new RPA and programming it into the
 988         * controller happens in the hci_req_enable_advertising()
 989         * function.
 990         */
 991        hci_req_init(&req, hdev);
 992        if (ext_adv_capable(hdev))
 993                __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
 994        else
 995                __hci_req_enable_advertising(&req);
 996        hci_req_run(&req, NULL);
 997}
 998
 999static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1000{

1001        if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1002                return;
1003
1004        INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1005        INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1006
1007        /* Non-mgmt controlled devices get this bit set
1008         * implicitly so that pairing works for them, however
1009         * for mgmt we require user-space to explicitly enable
1010         * it
1011         */
1012        hci_dev_clear_flag(hdev, HCI_BONDABLE);
1013}
1014
1015static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1016                                void *data, u16 data_len)
1017{
1018        struct mgmt_rp_read_info rp;
1019
1020        bt_dev_dbg(hdev, "sock %p", sk);
1021
1022        hci_dev_lock(hdev);
1023
1024        memset(&rp, 0, sizeof(rp));
1025
1026        bacpy(&rp.bdaddr, &hdev->bdaddr);
1027
1028        rp.version = hdev->hci_ver;
1029        rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1030
1031        rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1032        rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1033
1034        memcpy(rp.dev_class, hdev->dev_class, 3);
1035
1036        memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1037        memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1038
1039        hci_dev_unlock(hdev);
1040
1041        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1042                                 sizeof(rp));
1043}
1044
1045static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1046{
1047        u16 eir_len = 0;
1048        size_t name_len;
1049
1050        if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1051                eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1052                                          hdev->dev_class, 3);
1053
1054        if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1055                eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1056                                          hdev->appearance);
1057
1058        name_len = strlen(hdev->dev_name);
1059        eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1060                                  hdev->dev_name, name_len);
1061
1062        name_len = strlen(hdev->short_name);
1063        eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1064                                  hdev->short_name, name_len);
1065
1066        return eir_len;
1067}
1068
1069static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1070                                    void *data, u16 data_len)
1071{
1072        char buf[512];
1073        struct mgmt_rp_read_ext_info *rp = (void *)buf;
1074        u16 eir_len;
1075
1076        bt_dev_dbg(hdev, "sock %p", sk);
1077
1078        memset(&buf, 0, sizeof(buf));
1079
1080        hci_dev_lock(hdev);
1081
1082        bacpy(&rp->bdaddr, &hdev->bdaddr);
1083
1084        rp->version = hdev->hci_ver;
1085        rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1086
1087        rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1088        rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1089
1090
1091        eir_len = append_eir_data_to_buf(hdev, rp->eir);
1092        rp->eir_len = cpu_to_le16(eir_len);
1093
1094        hci_dev_unlock(hdev);
1095
1096        /* If this command is called at least once, then the events
1097         * for class of device and local name changes are disabled
1098         * and only the new extended controller information event
1099         * is used.
1100         */
1101        hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1102        hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1103        hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1104
1105        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1106                                 sizeof(*rp) + eir_len);
1107}
1108
1109static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1110{
1111        char buf[512];
1112        struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1113        u16 eir_len;
1114
1115        memset(buf, 0, sizeof(buf));
1116
1117        eir_len = append_eir_data_to_buf(hdev, ev->eir);
1118        ev->eir_len = cpu_to_le16(eir_len);
1119
1120        return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1121                                  sizeof(*ev) + eir_len,
1122                                  HCI_MGMT_EXT_INFO_EVENTS, skip);
1123}
1124
1125static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1126{
1127        __le32 settings = cpu_to_le32(get_current_settings(hdev));
1128
1129        return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1130                                 sizeof(settings));
1131}
1132
1133static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1134{
1135        bt_dev_dbg(hdev, "status 0x%02x", status);
1136
1137        if (hci_conn_count(hdev) == 0) {
1138                cancel_delayed_work(&hdev->power_off);
1139                queue_work(hdev->req_workqueue, &hdev->power_off.work);
1140        }
1141}
1142
1143void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1144{
1145        struct mgmt_ev_advertising_added ev;
1146
1147        ev.instance = instance;
1148
1149        mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1150}
1151
1152void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1153                              u8 instance)
1154{
1155        struct mgmt_ev_advertising_removed ev;
1156
1157        ev.instance = instance;
1158
1159        mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1160}
1161
1162static void cancel_adv_timeout(struct hci_dev *hdev)
1163{
1164        if (hdev->adv_instance_timeout) {
1165                hdev->adv_instance_timeout = 0;
1166                cancel_delayed_work(&hdev->adv_instance_expire);
1167        }
1168}
1169
1170static int clean_up_hci_state(struct hci_dev *hdev)
1171{
1172        struct hci_request req;
1173        struct hci_conn *conn;
1174        bool discov_stopped;
1175        int err;
1176
1177        hci_req_init(&req, hdev);
1178
1179        if (test_bit(HCI_ISCAN, &hdev->flags) ||
1180            test_bit(HCI_PSCAN, &hdev->flags)) {
1181                u8 scan = 0x00;
1182                hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1183        }
1184
1185        hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1186
1187        if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1188                __hci_req_disable_advertising(&req);
1189
1190        discov_stopped = hci_req_stop_discovery(&req);
1191
1192        list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1193                /* 0x15 == Terminated due to Power Off */
1194                __hci_abort_conn(&req, conn, 0x15);
1195        }
1196
1197        err = hci_req_run(&req, clean_up_hci_complete);
1198        if (!err && discov_stopped)
1199                hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1200
1201        return err;
1202}
1203
1204static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1205                       u16 len)
1206{
1207        struct mgmt_mode *cp = data;
1208        struct mgmt_pending_cmd *cmd;
1209        int err;
1210
1211        bt_dev_dbg(hdev, "sock %p", sk);
1212
1213        if (cp->val != 0x00 && cp->val != 0x01)
1214                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1215                                       MGMT_STATUS_INVALID_PARAMS);
1216
1217        hci_dev_lock(hdev);
1218
1219        if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1220                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1221                                      MGMT_STATUS_BUSY);
1222                goto failed;
1223        }
1224
1225        if (!!cp->val == hdev_is_powered(hdev)) {
1226                err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1227                goto failed;
1228        }
1229
1230        cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1231        if (!cmd) {
1232                err = -ENOMEM;
1233                goto failed;
1234        }
1235
1236        if (cp->val) {
1237                queue_work(hdev->req_workqueue, &hdev->power_on);
1238                err = 0;
1239        } else {
1240                /* Disconnect connections, stop scans, etc */
1241                err = clean_up_hci_state(hdev);
1242                if (!err)
1243                        queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1244                                           HCI_POWER_OFF_TIMEOUT);
1245
1246                /* ENODATA means there were no HCI commands queued */
1247                if (err == -ENODATA) {
1248                        cancel_delayed_work(&hdev->power_off);
1249                        queue_work(hdev->req_workqueue, &hdev->power_off.work);
1250                        err = 0;
1251                }
1252        }
1253
1254failed:
1255        hci_dev_unlock(hdev);
1256        return err;
1257}
1258
1259static int new_settings(struct hci_dev *hdev, struct sock *skip)
1260{
1261        __le32 ev = cpu_to_le32(get_current_settings(hdev));
1262
1263        return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1264                                  sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1265}
1266
1267int mgmt_new_settings(struct hci_dev *hdev)
1268{
1269        return new_settings(hdev, NULL);
1270}
1271
1272struct cmd_lookup {
1273        struct sock *sk;
1274        struct hci_dev *hdev;
1275        u8 mgmt_status;
1276};
1277
1278static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1279{
1280        struct cmd_lookup *match = data;
1281
1282        send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1283
1284        list_del(&cmd->list);
1285
1286        if (match->sk == NULL) {
1287                match->sk = cmd->sk;
1288                sock_hold(match->sk);
1289        }
1290
1291        mgmt_pending_free(cmd);
1292}
1293
1294static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1295{
1296        u8 *status = data;
1297
1298        mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1299        mgmt_pending_remove(cmd);
1300}
1301
1302static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1303{
1304        if (cmd->cmd_complete) {
1305                u8 *status = data;
1306
1307                cmd->cmd_complete(cmd, *status);
1308                mgmt_pending_remove(cmd);
1309
1310                return;
1311        }
1312
1313        cmd_status_rsp(cmd, data);
1314}
1315
1316static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1317{
1318        return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1319                                 cmd->param, cmd->param_len);
1320}
1321
1322static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1323{
1324        return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1325                                 cmd->param, sizeof(struct mgmt_addr_info));
1326}
1327
1328static u8 mgmt_bredr_support(struct hci_dev *hdev)
1329{
1330        if (!lmp_bredr_capable(hdev))
1331                return MGMT_STATUS_NOT_SUPPORTED;
1332        else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1333                return MGMT_STATUS_REJECTED;
1334        else
1335                return MGMT_STATUS_SUCCESS;
1336}
1337
1338static u8 mgmt_le_support(struct hci_dev *hdev)
1339{
1340        if (!lmp_le_capable(hdev))
1341                return MGMT_STATUS_NOT_SUPPORTED;
1342        else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1343                return MGMT_STATUS_REJECTED;
1344        else
1345                return MGMT_STATUS_SUCCESS;
1346}
1347
1348void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1349{
1350        struct mgmt_pending_cmd *cmd;
1351
1352        bt_dev_dbg(hdev, "status 0x%02x", status);
1353
1354        hci_dev_lock(hdev);
1355
1356        cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1357        if (!cmd)
1358                goto unlock;
1359
1360        if (status) {
1361                u8 mgmt_err = mgmt_status(status);
1362                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1363                hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1364                goto remove_cmd;
1365        }
1366
1367        if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1368            hdev->discov_timeout > 0) {
1369                int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1370                queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1371        }
1372
1373        send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1374        new_settings(hdev, cmd->sk);
1375
1376remove_cmd:
1377        mgmt_pending_remove(cmd);
1378
1379unlock:
1380        hci_dev_unlock(hdev);
1381}
1382
1383static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1384                            u16 len)
1385{
1386        struct mgmt_cp_set_discoverable *cp = data;
1387        struct mgmt_pending_cmd *cmd;
1388        u16 timeout;
1389        int err;
1390
1391        bt_dev_dbg(hdev, "sock %p", sk);
1392
1393        if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1394            !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1395                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1396                                       MGMT_STATUS_REJECTED);
1397
1398        if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1399                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1400                                       MGMT_STATUS_INVALID_PARAMS);
1401
1402        timeout = __le16_to_cpu(cp->timeout);
1403
1404        /* Disabling discoverable requires that no timeout is set,
1405         * and enabling limited discoverable requires a timeout.
1406         */
1407        if ((cp->val == 0x00 && timeout > 0) ||
1408            (cp->val == 0x02 && timeout == 0))
1409                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1410                                       MGMT_STATUS_INVALID_PARAMS);
1411
1412        hci_dev_lock(hdev);
1413
1414        if (!hdev_is_powered(hdev) && timeout > 0) {
1415                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1416                                      MGMT_STATUS_NOT_POWERED);
1417                goto failed;
1418        }
1419
1420        if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1421            pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1422                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1423                                      MGMT_STATUS_BUSY);
1424                goto failed;
1425        }
1426
1427        if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1428                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1429                                      MGMT_STATUS_REJECTED);
1430                goto failed;
1431        }
1432
1433        if (hdev->advertising_paused) {
1434                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1435                                      MGMT_STATUS_BUSY);
1436                goto failed;
1437        }
1438
1439        if (!hdev_is_powered(hdev)) {
1440                bool changed = false;
1441
1442                /* Setting limited discoverable when powered off is
1443                 * not a valid operation since it requires a timeout
1444                 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1445                 */
1446                if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1447                        hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1448                        changed = true;
1449                }
1450
1451                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1452                if (err < 0)
1453                        goto failed;
1454
1455                if (changed)
1456                        err = new_settings(hdev, sk);
1457
1458                goto failed;
1459        }
1460
1461        /* If the current mode is the same, then just update the timeout
1462         * value with the new value. And if only the timeout gets updated,
1463         * then no need for any HCI transactions.
1464         */
1465        if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1466            (cp->val == 0x02) == hci_dev_test_flag(hdev,
1467                                                   HCI_LIMITED_DISCOVERABLE)) {
1468                cancel_delayed_work(&hdev->discov_off);
1469                hdev->discov_timeout = timeout;
1470
1471                if (cp->val && hdev->discov_timeout > 0) {
1472                        int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1473                        queue_delayed_work(hdev->req_workqueue,
1474                                           &hdev->discov_off, to);
1475                }
1476
1477                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1478                goto failed;
1479        }
1480
1481        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1482        if (!cmd) {
1483                err = -ENOMEM;
1484                goto failed;
1485        }
1486
1487        /* Cancel any potential discoverable timeout that might be
1488         * still active and store new timeout value. The arming of
1489         * the timeout happens in the complete handler.
1490         */
1491        cancel_delayed_work(&hdev->discov_off);
1492        hdev->discov_timeout = timeout;
1493
1494        if (cp->val)
1495                hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1496        else
1497                hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1498
1499        /* Limited discoverable mode */
1500        if (cp->val == 0x02)
1501                hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1502        else
1503                hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1504
1505        queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1506        err = 0;
1507
1508failed:
1509        hci_dev_unlock(hdev);
1510        return err;
1511}
1512
1513void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1514{
1515        struct mgmt_pending_cmd *cmd;
1516
1517        bt_dev_dbg(hdev, "status 0x%02x", status);
1518
1519        hci_dev_lock(hdev);
1520
1521        cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1522        if (!cmd)
1523                goto unlock;
1524
1525        if (status) {
1526                u8 mgmt_err = mgmt_status(status);
1527                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1528                goto remove_cmd;
1529        }
1530
1531        send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1532        new_settings(hdev, cmd->sk);
1533
1534remove_cmd:
1535        mgmt_pending_remove(cmd);
1536
1537unlock:
1538        hci_dev_unlock(hdev);
1539}
1540
1541static int set_connectable_update_settings(struct hci_dev *hdev,
1542                                           struct sock *sk, u8 val)
1543{
1544        bool changed = false;
1545        int err;
1546
1547        if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1548                changed = true;
1549
1550        if (val) {
1551                hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1552        } else {
1553                hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1554                hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1555        }
1556
1557        err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1558        if (err < 0)
1559                return err;
1560
1561        if (changed) {
1562                hci_req_update_scan(hdev);
1563                hci_update_background_scan(hdev);
1564                return new_settings(hdev, sk);
1565        }
1566
1567        return 0;
1568}
1569
1570static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1571                           u16 len)
1572{
1573        struct mgmt_mode *cp = data;
1574        struct mgmt_pending_cmd *cmd;
1575        int err;
1576
1577        bt_dev_dbg(hdev, "sock %p", sk);
1578
1579        if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1580            !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1581                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1582                                       MGMT_STATUS_REJECTED);
1583
1584        if (cp->val != 0x00 && cp->val != 0x01)
1585                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1586                                       MGMT_STATUS_INVALID_PARAMS);
1587
1588        hci_dev_lock(hdev);
1589
1590        if (!hdev_is_powered(hdev)) {
1591                err = set_connectable_update_settings(hdev, sk, cp->val);
1592                goto failed;
1593        }
1594
1595        if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1596            pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1597                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1598                                      MGMT_STATUS_BUSY);
1599                goto failed;
1600        }
1601
1602        cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1603        if (!cmd) {
1604                err = -ENOMEM;
1605                goto failed;
1606        }
1607
1608        if (cp->val) {
1609                hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1610        } else {
1611                if (hdev->discov_timeout > 0)
1612                        cancel_delayed_work(&hdev->discov_off);
1613
1614                hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1615                hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1616                hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1617        }
1618
1619        queue_work(hdev->req_workqueue, &hdev->connectable_update);
1620        err = 0;
1621
1622failed:
1623        hci_dev_unlock(hdev);
1624        return err;
1625}
1626
1627static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1628                        u16 len)
1629{
1630        struct mgmt_mode *cp = data;
1631        bool changed;
1632        int err;
1633
1634        bt_dev_dbg(hdev, "sock %p", sk);
1635
1636        if (cp->val != 0x00 && cp->val != 0x01)
1637                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1638                                       MGMT_STATUS_INVALID_PARAMS);
1639
1640        hci_dev_lock(hdev);
1641
1642        if (cp->val)
1643                changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1644        else
1645                changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1646
1647        err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1648        if (err < 0)
1649                goto unlock;
1650
1651        if (changed) {
1652                /* In limited privacy mode the change of bondable mode
1653                 * may affect the local advertising address.
1654                 */
1655                if (hdev_is_powered(hdev) &&
1656                    hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1657                    hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1658                    hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1659                        queue_work(hdev->req_workqueue,
1660                                   &hdev->discoverable_update);
1661
1662                err = new_settings(hdev, sk);
1663        }
1664
1665unlock:
1666        hci_dev_unlock(hdev);
1667        return err;
1668}
1669
1670static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1671                             u16 len)
1672{
1673        struct mgmt_mode *cp = data;
1674        struct mgmt_pending_cmd *cmd;
1675        u8 val, status;
1676        int err;
1677
1678        bt_dev_dbg(hdev, "sock %p", sk);
1679
1680        status = mgmt_bredr_support(hdev);
1681        if (status)
1682                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1683                                       status);
1684
1685        if (cp->val != 0x00 && cp->val != 0x01)
1686                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1687                                       MGMT_STATUS_INVALID_PARAMS);
1688
1689        hci_dev_lock(hdev);
1690
1691        if (!hdev_is_powered(hdev)) {
1692                bool changed = false;
1693
1694                if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1695                        hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1696                        changed = true;
1697                }
1698
1699                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1700                if (err < 0)
1701                        goto failed;
1702
1703                if (changed)
1704                        err = new_settings(hdev, sk);
1705
1706                goto failed;
1707        }
1708
1709        if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1710                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1711                                      MGMT_STATUS_BUSY);
1712                goto failed;
1713        }
1714
1715        val = !!cp->val;
1716
1717        if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1718                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1719                goto failed;
1720        }
1721
1722        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1723        if (!cmd) {
1724                err = -ENOMEM;
1725                goto failed;
1726        }
1727
1728        err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1729        if (err < 0) {
1730                mgmt_pending_remove(cmd);
1731                goto failed;
1732        }
1733
1734failed:
1735        hci_dev_unlock(hdev);
1736        return err;
1737}
1738
1739static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1740{
1741        struct mgmt_mode *cp = data;
1742        struct mgmt_pending_cmd *cmd;
1743        u8 status;
1744        int err;
1745
1746        bt_dev_dbg(hdev, "sock %p", sk);
1747
1748        status = mgmt_bredr_support(hdev);
1749        if (status)
1750                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1751
1752        if (!lmp_ssp_capable(hdev))
1753                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1754                                       MGMT_STATUS_NOT_SUPPORTED);
1755
1756        if (cp->val != 0x00 && cp->val != 0x01)
1757                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1758                                       MGMT_STATUS_INVALID_PARAMS);
1759
1760        hci_dev_lock(hdev);
1761
1762        if (!hdev_is_powered(hdev)) {
1763                bool changed;
1764
1765                if (cp->val) {
1766                        changed = !hci_dev_test_and_set_flag(hdev,
1767                                                             HCI_SSP_ENABLED);
1768                } else {
1769                        changed = hci_dev_test_and_clear_flag(hdev,
1770                                                              HCI_SSP_ENABLED);
1771                        if (!changed)
1772                                changed = hci_dev_test_and_clear_flag(hdev,
1773                                                                      HCI_HS_ENABLED);
1774                        else
1775                                hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1776                }
1777
1778                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1779                if (err < 0)
1780                        goto failed;
1781
1782                if (changed)
1783                        err = new_settings(hdev, sk);
1784
1785                goto failed;
1786        }
1787
1788        if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1789                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1790                                      MGMT_STATUS_BUSY);
1791                goto failed;
1792        }
1793
1794        if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1795                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1796                goto failed;
1797        }
1798
1799        cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1800        if (!cmd) {
1801                err = -ENOMEM;
1802                goto failed;
1803        }
1804
1805        if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1806                hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1807                             sizeof(cp->val), &cp->val);
1808
1809        err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1810        if (err < 0) {
1811                mgmt_pending_remove(cmd);
1812                goto failed;
1813        }
1814
1815failed:
1816        hci_dev_unlock(hdev);
1817        return err;
1818}
1819
1820static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1821{
1822        struct mgmt_mode *cp = data;
1823        bool changed;
1824        u8 status;
1825        int err;
1826
1827        bt_dev_dbg(hdev, "sock %p", sk);
1828
1829        if (!IS_ENABLED(CONFIG_BT_HS))
1830                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1831                                       MGMT_STATUS_NOT_SUPPORTED);
1832
1833        status = mgmt_bredr_support(hdev);
1834        if (status)
1835                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1836
1837        if (!lmp_ssp_capable(hdev))
1838                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1839                                       MGMT_STATUS_NOT_SUPPORTED);
1840
1841        if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1842                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1843                                       MGMT_STATUS_REJECTED);
1844
1845        if (cp->val != 0x00 && cp->val != 0x01)
1846                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1847                                       MGMT_STATUS_INVALID_PARAMS);
1848
1849        hci_dev_lock(hdev);
1850
1851        if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1852                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1853                                      MGMT_STATUS_BUSY);
1854                goto unlock;
1855        }
1856
1857        if (cp->val) {
1858                changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1859        } else {
1860                if (hdev_is_powered(hdev)) {
1861                        err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1862                                              MGMT_STATUS_REJECTED);
1863                        goto unlock;
1864                }
1865
1866                changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1867        }
1868
1869        err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1870        if (err < 0)
1871                goto unlock;
1872
1873        if (changed)
1874                err = new_settings(hdev, sk);
1875
1876unlock:
1877        hci_dev_unlock(hdev);
1878        return err;
1879}
1880
1881static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1882{
1883        struct cmd_lookup match = { NULL, hdev };
1884
1885        hci_dev_lock(hdev);
1886
1887        if (status) {
1888                u8 mgmt_err = mgmt_status(status);
1889
1890                mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1891                                     &mgmt_err);
1892                goto unlock;
1893        }
1894
1895        mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1896
1897        new_settings(hdev, match.sk);
1898
1899        if (match.sk)
1900                sock_put(match.sk);
1901
1902        /* Make sure the controller has a good default for
1903         * advertising data. Restrict the update to when LE
1904         * has actually been enabled. During power on, the
1905         * update in powered_update_hci will take care of it.
1906         */
1907        if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1908                struct hci_request req;
1909                hci_req_init(&req, hdev);
1910                if (ext_adv_capable(hdev)) {
1911                        int err;
1912
1913                        err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1914                        if (!err)
1915                                __hci_req_update_scan_rsp_data(&req, 0x00);
1916                } else {
1917                        __hci_req_update_adv_data(&req, 0x00);
1918                        __hci_req_update_scan_rsp_data(&req, 0x00);
1919                }
1920                hci_req_run(&req, NULL);
1921                hci_update_background_scan(hdev);
1922        }
1923
1924unlock:
1925        hci_dev_unlock(hdev);
1926}
1927
1928static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1929{
1930        struct mgmt_mode *cp = data;
1931        struct hci_cp_write_le_host_supported hci_cp;
1932        struct mgmt_pending_cmd *cmd;
1933        struct hci_request req;
1934        int err;
1935        u8 val, enabled;
1936
1937        bt_dev_dbg(hdev, "sock %p", sk);
1938
1939        if (!lmp_le_capable(hdev))
1940                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1941                                       MGMT_STATUS_NOT_SUPPORTED);
1942
1943        if (cp->val != 0x00 && cp->val != 0x01)
1944                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1945                                       MGMT_STATUS_INVALID_PARAMS);
1946
1947        /* Bluetooth single mode LE only controllers or dual-mode
1948         * controllers configured as LE only devices, do not allow
1949         * switching LE off. These have either LE enabled explicitly
1950         * or BR/EDR has been previously switched off.
1951         *
1952         * When trying to enable an already enabled LE, then gracefully
1953         * send a positive response. Trying to disable it however will
1954         * result into rejection.
1955         */
1956        if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1957                if (cp->val == 0x01)
1958                        return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1959
1960                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961                                       MGMT_STATUS_REJECTED);
1962        }
1963
1964        hci_dev_lock(hdev);
1965
1966        val = !!cp->val;
1967        enabled = lmp_host_le_capable(hdev);
1968
1969        if (!val)
1970                hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1971
1972        if (!hdev_is_powered(hdev) || val == enabled) {
1973                bool changed = false;
1974
1975                if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1976                        hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1977                        changed = true;
1978                }
1979
1980                if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1981                        hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1982                        changed = true;
1983                }
1984
1985                err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986                if (err < 0)
1987                        goto unlock;
1988
1989                if (changed)
1990                        err = new_settings(hdev, sk);
1991
1992                goto unlock;
1993        }
1994
1995        if (pending_find(MGMT_OP_SET_LE, hdev) ||
1996            pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1997                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1998                                      MGMT_STATUS_BUSY);
1999                goto unlock;
2000        }

2001
2002        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003        if (!cmd) {
2004                err = -ENOMEM;
2005                goto unlock;
2006        }
2007
2008        hci_req_init(&req, hdev);
2009
2010        memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012        if (val) {
2013                hci_cp.le = val;
2014                hci_cp.simul = 0x00;
2015        } else {
2016                if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2017                        __hci_req_disable_advertising(&req);
2018
2019                if (ext_adv_capable(hdev))
2020                        __hci_req_clear_ext_adv_sets(&req);
2021        }
2022
2023        hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2024                    &hci_cp);
2025
2026        err = hci_req_run(&req, le_enable_complete);
2027        if (err < 0)
2028                mgmt_pending_remove(cmd);
2029
2030unlock:
2031        hci_dev_unlock(hdev);
2032        return err;
2033}
2034
2035/* This is a helper function to test for pending mgmt commands that can
2036 * cause CoD or EIR HCI commands. We can only allow one such pending
2037 * mgmt command at a time since otherwise we cannot easily track what
2038 * the current values are, will be, and based on that calculate if a new
2039 * HCI command needs to be sent and if yes with what value.
2040 */
2041static bool pending_eir_or_class(struct hci_dev *hdev)
2042{
2043        struct mgmt_pending_cmd *cmd;
2044
2045        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2046                switch (cmd->opcode) {
2047                case MGMT_OP_ADD_UUID:
2048                case MGMT_OP_REMOVE_UUID:
2049                case MGMT_OP_SET_DEV_CLASS:
2050                case MGMT_OP_SET_POWERED:
2051                        return true;
2052                }
2053        }
2054
2055        return false;
2056}
2057
2058static const u8 bluetooth_base_uuid[] = {
2059                        0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2060                        0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2061};
2062
2063static u8 get_uuid_size(const u8 *uuid)
2064{
2065        u32 val;
2066
2067        if (memcmp(uuid, bluetooth_base_uuid, 12))
2068                return 128;
2069
2070        val = get_unaligned_le32(&uuid[12]);
2071        if (val > 0xffff)
2072                return 32;
2073
2074        return 16;
2075}
2076
2077static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2078{
2079        struct mgmt_pending_cmd *cmd;
2080
2081        hci_dev_lock(hdev);
2082
2083        cmd = pending_find(mgmt_op, hdev);
2084        if (!cmd)
2085                goto unlock;
2086
2087        mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2088                          mgmt_status(status), hdev->dev_class, 3);
2089
2090        mgmt_pending_remove(cmd);
2091
2092unlock:
2093        hci_dev_unlock(hdev);
2094}
2095
2096static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2097{
2098        bt_dev_dbg(hdev, "status 0x%02x", status);
2099
2100        mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2101}
2102
2103static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2104{
2105        struct mgmt_cp_add_uuid *cp = data;
2106        struct mgmt_pending_cmd *cmd;
2107        struct hci_request req;
2108        struct bt_uuid *uuid;
2109        int err;
2110
2111        bt_dev_dbg(hdev, "sock %p", sk);
2112
2113        hci_dev_lock(hdev);
2114
2115        if (pending_eir_or_class(hdev)) {
2116                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2117                                      MGMT_STATUS_BUSY);
2118                goto failed;
2119        }
2120
2121        uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2122        if (!uuid) {
2123                err = -ENOMEM;
2124                goto failed;
2125        }
2126
2127        memcpy(uuid->uuid, cp->uuid, 16);
2128        uuid->svc_hint = cp->svc_hint;
2129        uuid->size = get_uuid_size(cp->uuid);
2130
2131        list_add_tail(&uuid->list, &hdev->uuids);
2132
2133        hci_req_init(&req, hdev);
2134
2135        __hci_req_update_class(&req);
2136        __hci_req_update_eir(&req);
2137
2138        err = hci_req_run(&req, add_uuid_complete);
2139        if (err < 0) {
2140                if (err != -ENODATA)
2141                        goto failed;
2142
2143                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2144                                        hdev->dev_class, 3);
2145                goto failed;
2146        }
2147
2148        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2149        if (!cmd) {
2150                err = -ENOMEM;
2151                goto failed;
2152        }
2153
2154        err = 0;
2155
2156failed:
2157        hci_dev_unlock(hdev);
2158        return err;
2159}
2160
2161static bool enable_service_cache(struct hci_dev *hdev)
2162{
2163        if (!hdev_is_powered(hdev))
2164                return false;
2165
2166        if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2167                queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2168                                   CACHE_TIMEOUT);
2169                return true;
2170        }
2171
2172        return false;
2173}
2174
2175static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2176{
2177        bt_dev_dbg(hdev, "status 0x%02x", status);
2178
2179        mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2180}
2181
2182static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2183                       u16 len)
2184{
2185        struct mgmt_cp_remove_uuid *cp = data;
2186        struct mgmt_pending_cmd *cmd;
2187        struct bt_uuid *match, *tmp;
2188        u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2189        struct hci_request req;
2190        int err, found;
2191
2192        bt_dev_dbg(hdev, "sock %p", sk);
2193
2194        hci_dev_lock(hdev);
2195
2196        if (pending_eir_or_class(hdev)) {
2197                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2198                                      MGMT_STATUS_BUSY);
2199                goto unlock;
2200        }
2201
2202        if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2203                hci_uuids_clear(hdev);
2204
2205                if (enable_service_cache(hdev)) {
2206                        err = mgmt_cmd_complete(sk, hdev->id,
2207                                                MGMT_OP_REMOVE_UUID,
2208                                                0, hdev->dev_class, 3);
2209                        goto unlock;
2210                }
2211
2212                goto update_class;
2213        }
2214
2215        found = 0;
2216
2217        list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2218                if (memcmp(match->uuid, cp->uuid, 16) != 0)
2219                        continue;
2220
2221                list_del(&match->list);
2222                kfree(match);
2223                found++;
2224        }
2225
2226        if (found == 0) {
2227                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2228                                      MGMT_STATUS_INVALID_PARAMS);
2229                goto unlock;
2230        }
2231
2232update_class:
2233        hci_req_init(&req, hdev);
2234
2235        __hci_req_update_class(&req);
2236        __hci_req_update_eir(&req);
2237
2238        err = hci_req_run(&req, remove_uuid_complete);
2239        if (err < 0) {
2240                if (err != -ENODATA)
2241                        goto unlock;
2242
2243                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2244                                        hdev->dev_class, 3);
2245                goto unlock;
2246        }
2247
2248        cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2249        if (!cmd) {
2250                err = -ENOMEM;
2251                goto unlock;
2252        }
2253
2254        err = 0;
2255
2256unlock:
2257        hci_dev_unlock(hdev);
2258        return err;
2259}
2260
2261static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2262{
2263        bt_dev_dbg(hdev, "status 0x%02x", status);
2264
2265        mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2266}
2267
2268static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2269                         u16 len)
2270{
2271        struct mgmt_cp_set_dev_class *cp = data;
2272        struct mgmt_pending_cmd *cmd;
2273        struct hci_request req;
2274        int err;
2275
2276        bt_dev_dbg(hdev, "sock %p", sk);
2277
2278        if (!lmp_bredr_capable(hdev))
2279                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2280                                       MGMT_STATUS_NOT_SUPPORTED);
2281
2282        hci_dev_lock(hdev);
2283
2284        if (pending_eir_or_class(hdev)) {
2285                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2286                                      MGMT_STATUS_BUSY);
2287                goto unlock;
2288        }
2289
2290        if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2291                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2292                                      MGMT_STATUS_INVALID_PARAMS);
2293                goto unlock;
2294        }
2295
2296        hdev->major_class = cp->major;
2297        hdev->minor_class = cp->minor;
2298
2299        if (!hdev_is_powered(hdev)) {
2300                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2301                                        hdev->dev_class, 3);
2302                goto unlock;
2303        }
2304
2305        hci_req_init(&req, hdev);
2306
2307        if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2308                hci_dev_unlock(hdev);
2309                cancel_delayed_work_sync(&hdev->service_cache);
2310                hci_dev_lock(hdev);
2311                __hci_req_update_eir(&req);
2312        }
2313
2314        __hci_req_update_class(&req);
2315
2316        err = hci_req_run(&req, set_class_complete);
2317        if (err < 0) {
2318                if (err != -ENODATA)
2319                        goto unlock;
2320
2321                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2322                                        hdev->dev_class, 3);
2323                goto unlock;
2324        }
2325
2326        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2327        if (!cmd) {
2328                err = -ENOMEM;
2329                goto unlock;
2330        }
2331
2332        err = 0;
2333
2334unlock:
2335        hci_dev_unlock(hdev);
2336        return err;
2337}
2338
2339static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2340                          u16 len)
2341{
2342        struct mgmt_cp_load_link_keys *cp = data;
2343        const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2344                                   sizeof(struct mgmt_link_key_info));
2345        u16 key_count, expected_len;
2346        bool changed;
2347        int i;
2348
2349        bt_dev_dbg(hdev, "sock %p", sk);
2350
2351        if (!lmp_bredr_capable(hdev))
2352                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2353                                       MGMT_STATUS_NOT_SUPPORTED);
2354
2355        key_count = __le16_to_cpu(cp->key_count);
2356        if (key_count > max_key_count) {
2357                bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2358                           key_count);
2359                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2360                                       MGMT_STATUS_INVALID_PARAMS);
2361        }
2362
2363        expected_len = struct_size(cp, keys, key_count);
2364        if (expected_len != len) {
2365                bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2366                           expected_len, len);
2367                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2368                                       MGMT_STATUS_INVALID_PARAMS);
2369        }
2370
2371        if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2372                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2373                                       MGMT_STATUS_INVALID_PARAMS);
2374
2375        bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2376                   key_count);
2377
2378        for (i = 0; i < key_count; i++) {
2379                struct mgmt_link_key_info *key = &cp->keys[i];
2380
2381                if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2382                        return mgmt_cmd_status(sk, hdev->id,
2383                                               MGMT_OP_LOAD_LINK_KEYS,
2384                                               MGMT_STATUS_INVALID_PARAMS);
2385        }
2386
2387        hci_dev_lock(hdev);
2388
2389        hci_link_keys_clear(hdev);
2390
2391        if (cp->debug_keys)
2392                changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2393        else
2394                changed = hci_dev_test_and_clear_flag(hdev,
2395                                                      HCI_KEEP_DEBUG_KEYS);
2396
2397        if (changed)
2398                new_settings(hdev, NULL);
2399
2400        for (i = 0; i < key_count; i++) {
2401                struct mgmt_link_key_info *key = &cp->keys[i];
2402
2403                if (hci_is_blocked_key(hdev,
2404                                       HCI_BLOCKED_KEY_TYPE_LINKKEY,
2405                                       key->val)) {
2406                        bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2407                                    &key->addr.bdaddr);
2408                        continue;
2409                }
2410
2411                /* Always ignore debug keys and require a new pairing if
2412                 * the user wants to use them.
2413                 */
2414                if (key->type == HCI_LK_DEBUG_COMBINATION)
2415                        continue;
2416
2417                hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2418                                 key->type, key->pin_len, NULL);
2419        }
2420
2421        mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2422
2423        hci_dev_unlock(hdev);
2424
2425        return 0;
2426}
2427
2428static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2429                           u8 addr_type, struct sock *skip_sk)
2430{
2431        struct mgmt_ev_device_unpaired ev;
2432
2433        bacpy(&ev.addr.bdaddr, bdaddr);
2434        ev.addr.type = addr_type;
2435
2436        return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2437                          skip_sk);
2438}
2439
2440static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2441                         u16 len)
2442{
2443        struct mgmt_cp_unpair_device *cp = data;
2444        struct mgmt_rp_unpair_device rp;
2445        struct hci_conn_params *params;
2446        struct mgmt_pending_cmd *cmd;
2447        struct hci_conn *conn;
2448        u8 addr_type;
2449        int err;
2450
2451        memset(&rp, 0, sizeof(rp));
2452        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2453        rp.addr.type = cp->addr.type;
2454
2455        if (!bdaddr_type_is_valid(cp->addr.type))
2456                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2457                                         MGMT_STATUS_INVALID_PARAMS,
2458                                         &rp, sizeof(rp));
2459
2460        if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2461                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2462                                         MGMT_STATUS_INVALID_PARAMS,
2463                                         &rp, sizeof(rp));
2464
2465        hci_dev_lock(hdev);
2466
2467        if (!hdev_is_powered(hdev)) {
2468                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2469                                        MGMT_STATUS_NOT_POWERED, &rp,
2470                                        sizeof(rp));
2471                goto unlock;
2472        }
2473
2474        if (cp->addr.type == BDADDR_BREDR) {
2475                /* If disconnection is requested, then look up the
2476                 * connection. If the remote device is connected, it
2477                 * will be later used to terminate the link.
2478                 *
2479                 * Setting it to NULL explicitly will cause no
2480                 * termination of the link.
2481                 */
2482                if (cp->disconnect)
2483                        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2484                                                       &cp->addr.bdaddr);
2485                else
2486                        conn = NULL;
2487
2488                err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2489                if (err < 0) {
2490                        err = mgmt_cmd_complete(sk, hdev->id,
2491                                                MGMT_OP_UNPAIR_DEVICE,
2492                                                MGMT_STATUS_NOT_PAIRED, &rp,
2493                                                sizeof(rp));
2494                        goto unlock;
2495                }
2496
2497                goto done;
2498        }
2499
2500        /* LE address type */
2501        addr_type = le_addr_type(cp->addr.type);
2502
2503        /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2504        err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2505        if (err < 0) {
2506                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2507                                        MGMT_STATUS_NOT_PAIRED, &rp,
2508                                        sizeof(rp));
2509                goto unlock;
2510        }
2511
2512        conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2513        if (!conn) {
2514                hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2515                goto done;
2516        }
2517
2518
2519        /* Defer clearing up the connection parameters until closing to
2520         * give a chance of keeping them if a repairing happens.
2521         */
2522        set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2523
2524        /* Disable auto-connection parameters if present */
2525        params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2526        if (params) {
2527                if (params->explicit_connect)
2528                        params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2529                else
2530                        params->auto_connect = HCI_AUTO_CONN_DISABLED;
2531        }
2532
2533        /* If disconnection is not requested, then clear the connection
2534         * variable so that the link is not terminated.
2535         */
2536        if (!cp->disconnect)
2537                conn = NULL;
2538
2539done:
2540        /* If the connection variable is set, then termination of the
2541         * link is requested.
2542         */
2543        if (!conn) {
2544                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2545                                        &rp, sizeof(rp));
2546                device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2547                goto unlock;
2548        }
2549
2550        cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2551                               sizeof(*cp));
2552        if (!cmd) {
2553                err = -ENOMEM;
2554                goto unlock;
2555        }
2556
2557        cmd->cmd_complete = addr_cmd_complete;
2558
2559        err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2560        if (err < 0)
2561                mgmt_pending_remove(cmd);
2562
2563unlock:
2564        hci_dev_unlock(hdev);
2565        return err;
2566}
2567
2568static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2569                      u16 len)
2570{
2571        struct mgmt_cp_disconnect *cp = data;
2572        struct mgmt_rp_disconnect rp;
2573        struct mgmt_pending_cmd *cmd;
2574        struct hci_conn *conn;
2575        int err;
2576
2577        bt_dev_dbg(hdev, "sock %p", sk);
2578
2579        memset(&rp, 0, sizeof(rp));
2580        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2581        rp.addr.type = cp->addr.type;
2582
2583        if (!bdaddr_type_is_valid(cp->addr.type))
2584                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2585                                         MGMT_STATUS_INVALID_PARAMS,
2586                                         &rp, sizeof(rp));
2587
2588        hci_dev_lock(hdev);
2589
2590        if (!test_bit(HCI_UP, &hdev->flags)) {
2591                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2592                                        MGMT_STATUS_NOT_POWERED, &rp,
2593                                        sizeof(rp));
2594                goto failed;
2595        }
2596
2597        if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2598                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2599                                        MGMT_STATUS_BUSY, &rp, sizeof(rp));
2600                goto failed;
2601        }
2602
2603        if (cp->addr.type == BDADDR_BREDR)
2604                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2605                                               &cp->addr.bdaddr);
2606        else
2607                conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2608                                               le_addr_type(cp->addr.type));
2609
2610        if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2611                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2612                                        MGMT_STATUS_NOT_CONNECTED, &rp,
2613                                        sizeof(rp));
2614                goto failed;
2615        }
2616
2617        cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2618        if (!cmd) {
2619                err = -ENOMEM;
2620                goto failed;
2621        }
2622
2623        cmd->cmd_complete = generic_cmd_complete;
2624
2625        err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2626        if (err < 0)
2627                mgmt_pending_remove(cmd);
2628
2629failed:
2630        hci_dev_unlock(hdev);
2631        return err;
2632}
2633
2634static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2635{
2636        switch (link_type) {
2637        case LE_LINK:
2638                switch (addr_type) {
2639                case ADDR_LE_DEV_PUBLIC:
2640                        return BDADDR_LE_PUBLIC;
2641
2642                default:
2643                        /* Fallback to LE Random address type */
2644                        return BDADDR_LE_RANDOM;
2645                }
2646
2647        default:
2648                /* Fallback to BR/EDR type */
2649                return BDADDR_BREDR;
2650        }
2651}
2652
2653static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2654                           u16 data_len)
2655{
2656        struct mgmt_rp_get_connections *rp;
2657        struct hci_conn *c;
2658        int err;
2659        u16 i;
2660
2661        bt_dev_dbg(hdev, "sock %p", sk);
2662
2663        hci_dev_lock(hdev);
2664
2665        if (!hdev_is_powered(hdev)) {
2666                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2667                                      MGMT_STATUS_NOT_POWERED);
2668                goto unlock;
2669        }
2670
2671        i = 0;
2672        list_for_each_entry(c, &hdev->conn_hash.list, list) {
2673                if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2674                        i++;
2675        }
2676
2677        rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2678        if (!rp) {
2679                err = -ENOMEM;
2680                goto unlock;
2681        }
2682
2683        i = 0;
2684        list_for_each_entry(c, &hdev->conn_hash.list, list) {
2685                if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2686                        continue;
2687                bacpy(&rp->addr[i].bdaddr, &c->dst);
2688                rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2689                if (c->type == SCO_LINK || c->type == ESCO_LINK)
2690                        continue;
2691                i++;
2692        }
2693
2694        rp->conn_count = cpu_to_le16(i);
2695
2696        /* Recalculate length in case of filtered SCO connections, etc */
2697        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2698                                struct_size(rp, addr, i));
2699
2700        kfree(rp);
2701
2702unlock:
2703        hci_dev_unlock(hdev);
2704        return err;
2705}
2706
2707static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2708                                   struct mgmt_cp_pin_code_neg_reply *cp)
2709{
2710        struct mgmt_pending_cmd *cmd;
2711        int err;
2712
2713        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2714                               sizeof(*cp));
2715        if (!cmd)
2716                return -ENOMEM;
2717
2718        cmd->cmd_complete = addr_cmd_complete;
2719
2720        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2721                           sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2722        if (err < 0)
2723                mgmt_pending_remove(cmd);
2724
2725        return err;
2726}
2727
2728static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2729                          u16 len)
2730{
2731        struct hci_conn *conn;
2732        struct mgmt_cp_pin_code_reply *cp = data;
2733        struct hci_cp_pin_code_reply reply;
2734        struct mgmt_pending_cmd *cmd;
2735        int err;
2736
2737        bt_dev_dbg(hdev, "sock %p", sk);
2738
2739        hci_dev_lock(hdev);
2740
2741        if (!hdev_is_powered(hdev)) {
2742                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2743                                      MGMT_STATUS_NOT_POWERED);
2744                goto failed;
2745        }
2746
2747        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2748        if (!conn) {
2749                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2750                                      MGMT_STATUS_NOT_CONNECTED);
2751                goto failed;
2752        }
2753
2754        if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2755                struct mgmt_cp_pin_code_neg_reply ncp;
2756
2757                memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2758
2759                bt_dev_err(hdev, "PIN code is not 16 bytes long");
2760
2761                err = send_pin_code_neg_reply(sk, hdev, &ncp);
2762                if (err >= 0)
2763                        err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2764                                              MGMT_STATUS_INVALID_PARAMS);
2765
2766                goto failed;
2767        }
2768
2769        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2770        if (!cmd) {
2771                err = -ENOMEM;
2772                goto failed;
2773        }
2774
2775        cmd->cmd_complete = addr_cmd_complete;
2776
2777        bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2778        reply.pin_len = cp->pin_len;
2779        memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2780
2781        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2782        if (err < 0)
2783                mgmt_pending_remove(cmd);
2784
2785failed:
2786        hci_dev_unlock(hdev);
2787        return err;
2788}
2789
2790static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2791                             u16 len)
2792{
2793        struct mgmt_cp_set_io_capability *cp = data;
2794
2795        bt_dev_dbg(hdev, "sock %p", sk);
2796
2797        if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2798                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2799                                       MGMT_STATUS_INVALID_PARAMS);
2800
2801        hci_dev_lock(hdev);
2802
2803        hdev->io_capability = cp->io_capability;
2804
2805        bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2806
2807        hci_dev_unlock(hdev);
2808
2809        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2810                                 NULL, 0);
2811}
2812
2813static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2814{
2815        struct hci_dev *hdev = conn->hdev;
2816        struct mgmt_pending_cmd *cmd;
2817
2818        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2819                if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2820                        continue;
2821
2822                if (cmd->user_data != conn)
2823                        continue;
2824
2825                return cmd;
2826        }
2827
2828        return NULL;
2829}
2830
2831static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2832{
2833        struct mgmt_rp_pair_device rp;
2834        struct hci_conn *conn = cmd->user_data;
2835        int err;
2836
2837        bacpy(&rp.addr.bdaddr, &conn->dst);
2838        rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2839
2840        err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2841                                status, &rp, sizeof(rp));
2842
2843        /* So we don't get further callbacks for this connection */
2844        conn->connect_cfm_cb = NULL;
2845        conn->security_cfm_cb = NULL;
2846        conn->disconn_cfm_cb = NULL;
2847
2848        hci_conn_drop(conn);
2849
2850        /* The device is paired so there is no need to remove
2851         * its connection parameters anymore.
2852         */
2853        clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2854
2855        hci_conn_put(conn);
2856
2857        return err;
2858}
2859
2860void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2861{
2862        u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2863        struct mgmt_pending_cmd *cmd;
2864
2865        cmd = find_pairing(conn);
2866        if (cmd) {
2867                cmd->cmd_complete(cmd, status);
2868                mgmt_pending_remove(cmd);
2869        }
2870}
2871
2872static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2873{
2874        struct mgmt_pending_cmd *cmd;
2875
2876        BT_DBG("status %u", status);
2877
2878        cmd = find_pairing(conn);
2879        if (!cmd) {
2880                BT_DBG("Unable to find a pending command");
2881                return;
2882        }
2883
2884        cmd->cmd_complete(cmd, mgmt_status(status));
2885        mgmt_pending_remove(cmd);
2886}
2887
2888static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2889{
2890        struct mgmt_pending_cmd *cmd;
2891
2892        BT_DBG("status %u", status);
2893
2894        if (!status)
2895                return;
2896
2897        cmd = find_pairing(conn);
2898        if (!cmd) {
2899                BT_DBG("Unable to find a pending command");
2900                return;
2901        }
2902
2903        cmd->cmd_complete(cmd, mgmt_status(status));
2904        mgmt_pending_remove(cmd);
2905}
2906
2907static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2908                       u16 len)
2909{
2910        struct mgmt_cp_pair_device *cp = data;
2911        struct mgmt_rp_pair_device rp;
2912        struct mgmt_pending_cmd *cmd;
2913        u8 sec_level, auth_type;
2914        struct hci_conn *conn;
2915        int err;
2916
2917        bt_dev_dbg(hdev, "sock %p", sk);
2918
2919        memset(&rp, 0, sizeof(rp));
2920        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2921        rp.addr.type = cp->addr.type;
2922
2923        if (!bdaddr_type_is_valid(cp->addr.type))
2924                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2925                                         MGMT_STATUS_INVALID_PARAMS,
2926                                         &rp, sizeof(rp));
2927
2928        if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2929                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2930                                         MGMT_STATUS_INVALID_PARAMS,
2931                                         &rp, sizeof(rp));
2932
2933        hci_dev_lock(hdev);
2934
2935        if (!hdev_is_powered(hdev)) {
2936                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2937                                        MGMT_STATUS_NOT_POWERED, &rp,
2938                                        sizeof(rp));
2939                goto unlock;
2940        }
2941
2942        if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2943                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2944                                        MGMT_STATUS_ALREADY_PAIRED, &rp,
2945                                        sizeof(rp));
2946                goto unlock;
2947        }
2948
2949        sec_level = BT_SECURITY_MEDIUM;
2950        auth_type = HCI_AT_DEDICATED_BONDING;
2951
2952        if (cp->addr.type == BDADDR_BREDR) {
2953                conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2954                                       auth_type, CONN_REASON_PAIR_DEVICE);
2955        } else {
2956                u8 addr_type = le_addr_type(cp->addr.type);
2957                struct hci_conn_params *p;
2958
2959                /* When pairing a new device, it is expected to remember
2960                 * this device for future connections. Adding the connection
2961                 * parameter information ahead of time allows tracking
2962                 * of the peripheral preferred values and will speed up any
2963                 * further connection establishment.
2964                 *
2965                 * If connection parameters already exist, then they
2966                 * will be kept and this function does nothing.
2967                 */
2968                p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2969
2970                if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2971                        p->auto_connect = HCI_AUTO_CONN_DISABLED;
2972
2973                conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2974                                           sec_level, HCI_LE_CONN_TIMEOUT,
2975                                           CONN_REASON_PAIR_DEVICE);
2976        }
2977
2978        if (IS_ERR(conn)) {
2979                int status;
2980
2981                if (PTR_ERR(conn) == -EBUSY)
2982                        status = MGMT_STATUS_BUSY;
2983                else if (PTR_ERR(conn) == -EOPNOTSUPP)
2984                        status = MGMT_STATUS_NOT_SUPPORTED;
2985                else if (PTR_ERR(conn) == -ECONNREFUSED)
2986                        status = MGMT_STATUS_REJECTED;
2987                else
2988                        status = MGMT_STATUS_CONNECT_FAILED;
2989
2990                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2991                                        status, &rp, sizeof(rp));
2992                goto unlock;
2993        }
2994
2995        if (conn->connect_cfm_cb) {
2996                hci_conn_drop(conn);
2997                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2998                                        MGMT_STATUS_BUSY, &rp, sizeof(rp));
2999                goto unlock;
3000        }

3001
3002        cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3003        if (!cmd) {
3004                err = -ENOMEM;
3005                hci_conn_drop(conn);
3006                goto unlock;
3007        }
3008
3009        cmd->cmd_complete = pairing_complete;
3010
3011        /* For LE, just connecting isn't a proof that the pairing finished */
3012        if (cp->addr.type == BDADDR_BREDR) {
3013                conn->connect_cfm_cb = pairing_complete_cb;
3014                conn->security_cfm_cb = pairing_complete_cb;
3015                conn->disconn_cfm_cb = pairing_complete_cb;
3016        } else {
3017                conn->connect_cfm_cb = le_pairing_complete_cb;
3018                conn->security_cfm_cb = le_pairing_complete_cb;
3019                conn->disconn_cfm_cb = le_pairing_complete_cb;
3020        }
3021
3022        conn->io_capability = cp->io_cap;
3023        cmd->user_data = hci_conn_get(conn);
3024
3025        if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3026            hci_conn_security(conn, sec_level, auth_type, true)) {
3027                cmd->cmd_complete(cmd, 0);
3028                mgmt_pending_remove(cmd);
3029        }
3030
3031        err = 0;
3032
3033unlock:
3034        hci_dev_unlock(hdev);
3035        return err;
3036}
3037
3038static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3039                              u16 len)
3040{
3041        struct mgmt_addr_info *addr = data;
3042        struct mgmt_pending_cmd *cmd;
3043        struct hci_conn *conn;
3044        int err;
3045
3046        bt_dev_dbg(hdev, "sock %p", sk);
3047
3048        hci_dev_lock(hdev);
3049
3050        if (!hdev_is_powered(hdev)) {
3051                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3052                                      MGMT_STATUS_NOT_POWERED);
3053                goto unlock;
3054        }
3055
3056        cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3057        if (!cmd) {
3058                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3059                                      MGMT_STATUS_INVALID_PARAMS);
3060                goto unlock;
3061        }
3062
3063        conn = cmd->user_data;
3064
3065        if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3066                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3067                                      MGMT_STATUS_INVALID_PARAMS);
3068                goto unlock;
3069        }
3070
3071        cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3072        mgmt_pending_remove(cmd);
3073
3074        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3075                                addr, sizeof(*addr));
3076
3077        /* Since user doesn't want to proceed with the connection, abort any
3078         * ongoing pairing and then terminate the link if it was created
3079         * because of the pair device action.
3080         */
3081        if (addr->type == BDADDR_BREDR)
3082                hci_remove_link_key(hdev, &addr->bdaddr);
3083        else
3084                smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3085                                              le_addr_type(addr->type));
3086
3087        if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3088                hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3089
3090unlock:
3091        hci_dev_unlock(hdev);
3092        return err;
3093}
3094
3095static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3096                             struct mgmt_addr_info *addr, u16 mgmt_op,
3097                             u16 hci_op, __le32 passkey)
3098{
3099        struct mgmt_pending_cmd *cmd;
3100        struct hci_conn *conn;
3101        int err;
3102
3103        hci_dev_lock(hdev);
3104
3105        if (!hdev_is_powered(hdev)) {
3106                err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3107                                        MGMT_STATUS_NOT_POWERED, addr,
3108                                        sizeof(*addr));
3109                goto done;
3110        }
3111
3112        if (addr->type == BDADDR_BREDR)
3113                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3114        else
3115                conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3116                                               le_addr_type(addr->type));
3117
3118        if (!conn) {
3119                err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3120                                        MGMT_STATUS_NOT_CONNECTED, addr,
3121                                        sizeof(*addr));
3122                goto done;
3123        }
3124
3125        if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3126                err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3127                if (!err)
3128                        err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3129                                                MGMT_STATUS_SUCCESS, addr,
3130                                                sizeof(*addr));
3131                else
3132                        err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3133                                                MGMT_STATUS_FAILED, addr,
3134                                                sizeof(*addr));
3135
3136                goto done;
3137        }
3138
3139        cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3140        if (!cmd) {
3141                err = -ENOMEM;
3142                goto done;
3143        }
3144
3145        cmd->cmd_complete = addr_cmd_complete;
3146
3147        /* Continue with pairing via HCI */
3148        if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3149                struct hci_cp_user_passkey_reply cp;
3150
3151                bacpy(&cp.bdaddr, &addr->bdaddr);
3152                cp.passkey = passkey;
3153                err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3154        } else
3155                err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3156                                   &addr->bdaddr);
3157
3158        if (err < 0)
3159                mgmt_pending_remove(cmd);
3160
3161done:
3162        hci_dev_unlock(hdev);
3163        return err;
3164}
3165
3166static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3167                              void *data, u16 len)
3168{
3169        struct mgmt_cp_pin_code_neg_reply *cp = data;
3170
3171        bt_dev_dbg(hdev, "sock %p", sk);
3172
3173        return user_pairing_resp(sk, hdev, &cp->addr,
3174                                MGMT_OP_PIN_CODE_NEG_REPLY,
3175                                HCI_OP_PIN_CODE_NEG_REPLY, 0);
3176}
3177
3178static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3179                              u16 len)
3180{
3181        struct mgmt_cp_user_confirm_reply *cp = data;
3182
3183        bt_dev_dbg(hdev, "sock %p", sk);
3184
3185        if (len != sizeof(*cp))
3186                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3187                                       MGMT_STATUS_INVALID_PARAMS);
3188
3189        return user_pairing_resp(sk, hdev, &cp->addr,
3190                                 MGMT_OP_USER_CONFIRM_REPLY,
3191                                 HCI_OP_USER_CONFIRM_REPLY, 0);
3192}
3193
3194static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3195                                  void *data, u16 len)
3196{
3197        struct mgmt_cp_user_confirm_neg_reply *cp = data;
3198
3199        bt_dev_dbg(hdev, "sock %p", sk);
3200
3201        return user_pairing_resp(sk, hdev, &cp->addr,
3202                                 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3203                                 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3204}
3205
3206static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3207                              u16 len)
3208{
3209        struct mgmt_cp_user_passkey_reply *cp = data;
3210
3211        bt_dev_dbg(hdev, "sock %p", sk);
3212
3213        return user_pairing_resp(sk, hdev, &cp->addr,
3214                                 MGMT_OP_USER_PASSKEY_REPLY,
3215                                 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3216}
3217
3218static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3219                                  void *data, u16 len)
3220{
3221        struct mgmt_cp_user_passkey_neg_reply *cp = data;
3222
3223        bt_dev_dbg(hdev, "sock %p", sk);
3224
3225        return user_pairing_resp(sk, hdev, &cp->addr,
3226                                 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3227                                 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3228}
3229
3230static void adv_expire(struct hci_dev *hdev, u32 flags)
3231{
3232        struct adv_info *adv_instance;
3233        struct hci_request req;
3234        int err;
3235
3236        adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3237        if (!adv_instance)
3238                return;
3239
3240        /* stop if current instance doesn't need to be changed */
3241        if (!(adv_instance->flags & flags))
3242                return;
3243
3244        cancel_adv_timeout(hdev);
3245
3246        adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3247        if (!adv_instance)
3248                return;
3249
3250        hci_req_init(&req, hdev);
3251        err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3252                                              true);
3253        if (err)
3254                return;
3255
3256        hci_req_run(&req, NULL);
3257}
3258
3259static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3260{
3261        struct mgmt_cp_set_local_name *cp;
3262        struct mgmt_pending_cmd *cmd;
3263
3264        bt_dev_dbg(hdev, "status 0x%02x", status);
3265
3266        hci_dev_lock(hdev);
3267
3268        cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3269        if (!cmd)
3270                goto unlock;
3271
3272        cp = cmd->param;
3273
3274        if (status) {
3275                mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3276                                mgmt_status(status));
3277        } else {
3278                mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3279                                  cp, sizeof(*cp));
3280
3281                if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3282                        adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3283        }
3284
3285        mgmt_pending_remove(cmd);
3286
3287unlock:
3288        hci_dev_unlock(hdev);
3289}
3290
3291static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3292                          u16 len)
3293{
3294        struct mgmt_cp_set_local_name *cp = data;
3295        struct mgmt_pending_cmd *cmd;
3296        struct hci_request req;
3297        int err;
3298
3299        bt_dev_dbg(hdev, "sock %p", sk);
3300
3301        hci_dev_lock(hdev);
3302
3303        /* If the old values are the same as the new ones just return a
3304         * direct command complete event.
3305         */
3306        if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3307            !memcmp(hdev->short_name, cp->short_name,
3308                    sizeof(hdev->short_name))) {
3309                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3310                                        data, len);
3311                goto failed;
3312        }
3313
3314        memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3315
3316        if (!hdev_is_powered(hdev)) {
3317                memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3318
3319                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3320                                        data, len);
3321                if (err < 0)
3322                        goto failed;
3323
3324                err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3325                                         len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3326                ext_info_changed(hdev, sk);
3327
3328                goto failed;
3329        }
3330
3331        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3332        if (!cmd) {
3333                err = -ENOMEM;
3334                goto failed;
3335        }
3336
3337        memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3338
3339        hci_req_init(&req, hdev);
3340
3341        if (lmp_bredr_capable(hdev)) {
3342                __hci_req_update_name(&req);
3343                __hci_req_update_eir(&req);
3344        }
3345
3346        /* The name is stored in the scan response data and so
3347         * no need to update the advertising data here.
3348         */
3349        if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3350                __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3351
3352        err = hci_req_run(&req, set_name_complete);
3353        if (err < 0)
3354                mgmt_pending_remove(cmd);
3355
3356failed:
3357        hci_dev_unlock(hdev);
3358        return err;
3359}
3360
3361static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3362                          u16 len)
3363{
3364        struct mgmt_cp_set_appearance *cp = data;
3365        u16 appearance;
3366        int err;
3367
3368        bt_dev_dbg(hdev, "sock %p", sk);
3369
3370        if (!lmp_le_capable(hdev))
3371                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3372                                       MGMT_STATUS_NOT_SUPPORTED);
3373
3374        appearance = le16_to_cpu(cp->appearance);
3375
3376        hci_dev_lock(hdev);
3377
3378        if (hdev->appearance != appearance) {
3379                hdev->appearance = appearance;
3380
3381                if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3382                        adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3383
3384                ext_info_changed(hdev, sk);
3385        }
3386
3387        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3388                                0);
3389
3390        hci_dev_unlock(hdev);
3391
3392        return err;
3393}
3394
3395static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3396                                 void *data, u16 len)
3397{
3398        struct mgmt_rp_get_phy_configuration rp;
3399
3400        bt_dev_dbg(hdev, "sock %p", sk);
3401
3402        hci_dev_lock(hdev);
3403
3404        memset(&rp, 0, sizeof(rp));
3405
3406        rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3407        rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3408        rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3409
3410        hci_dev_unlock(hdev);
3411
3412        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3413                                 &rp, sizeof(rp));
3414}
3415
3416int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3417{
3418        struct mgmt_ev_phy_configuration_changed ev;
3419
3420        memset(&ev, 0, sizeof(ev));
3421
3422        ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3423
3424        return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3425                          sizeof(ev), skip);
3426}
3427
3428static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3429                                     u16 opcode, struct sk_buff *skb)
3430{
3431        struct mgmt_pending_cmd *cmd;
3432
3433        bt_dev_dbg(hdev, "status 0x%02x", status);
3434
3435        hci_dev_lock(hdev);
3436
3437        cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3438        if (!cmd)
3439                goto unlock;
3440
3441        if (status) {
3442                mgmt_cmd_status(cmd->sk, hdev->id,
3443                                MGMT_OP_SET_PHY_CONFIGURATION,
3444                                mgmt_status(status));
3445        } else {
3446                mgmt_cmd_complete(cmd->sk, hdev->id,
3447                                  MGMT_OP_SET_PHY_CONFIGURATION, 0,
3448                                  NULL, 0);
3449
3450                mgmt_phy_configuration_changed(hdev, cmd->sk);
3451        }
3452
3453        mgmt_pending_remove(cmd);
3454
3455unlock:
3456        hci_dev_unlock(hdev);
3457}
3458
3459static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3460                                 void *data, u16 len)
3461{
3462        struct mgmt_cp_set_phy_configuration *cp = data;
3463        struct hci_cp_le_set_default_phy cp_phy;
3464        struct mgmt_pending_cmd *cmd;
3465        struct hci_request req;
3466        u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3467        u16 pkt_type = (HCI_DH1 | HCI_DM1);
3468        bool changed = false;
3469        int err;
3470
3471        bt_dev_dbg(hdev, "sock %p", sk);
3472
3473        configurable_phys = get_configurable_phys(hdev);
3474        supported_phys = get_supported_phys(hdev);
3475        selected_phys = __le32_to_cpu(cp->selected_phys);
3476
3477        if (selected_phys & ~supported_phys)
3478                return mgmt_cmd_status(sk, hdev->id,
3479                                       MGMT_OP_SET_PHY_CONFIGURATION,
3480                                       MGMT_STATUS_INVALID_PARAMS);
3481
3482        unconfigure_phys = supported_phys & ~configurable_phys;
3483
3484        if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3485                return mgmt_cmd_status(sk, hdev->id,
3486                                       MGMT_OP_SET_PHY_CONFIGURATION,
3487                                       MGMT_STATUS_INVALID_PARAMS);
3488
3489        if (selected_phys == get_selected_phys(hdev))
3490                return mgmt_cmd_complete(sk, hdev->id,
3491                                         MGMT_OP_SET_PHY_CONFIGURATION,
3492                                         0, NULL, 0);
3493
3494        hci_dev_lock(hdev);
3495
3496        if (!hdev_is_powered(hdev)) {
3497                err = mgmt_cmd_status(sk, hdev->id,
3498                                      MGMT_OP_SET_PHY_CONFIGURATION,
3499                                      MGMT_STATUS_REJECTED);
3500                goto unlock;
3501        }
3502
3503        if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3504                err = mgmt_cmd_status(sk, hdev->id,
3505                                      MGMT_OP_SET_PHY_CONFIGURATION,
3506                                      MGMT_STATUS_BUSY);
3507                goto unlock;
3508        }
3509
3510        if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3511                pkt_type |= (HCI_DH3 | HCI_DM3);
3512        else
3513                pkt_type &= ~(HCI_DH3 | HCI_DM3);
3514
3515        if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3516                pkt_type |= (HCI_DH5 | HCI_DM5);
3517        else
3518                pkt_type &= ~(HCI_DH5 | HCI_DM5);
3519
3520        if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3521                pkt_type &= ~HCI_2DH1;
3522        else
3523                pkt_type |= HCI_2DH1;
3524
3525        if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3526                pkt_type &= ~HCI_2DH3;
3527        else
3528                pkt_type |= HCI_2DH3;
3529
3530        if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3531                pkt_type &= ~HCI_2DH5;
3532        else
3533                pkt_type |= HCI_2DH5;
3534
3535        if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3536                pkt_type &= ~HCI_3DH1;
3537        else
3538                pkt_type |= HCI_3DH1;
3539
3540        if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3541                pkt_type &= ~HCI_3DH3;
3542        else
3543                pkt_type |= HCI_3DH3;
3544
3545        if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3546                pkt_type &= ~HCI_3DH5;
3547        else
3548                pkt_type |= HCI_3DH5;
3549
3550        if (pkt_type != hdev->pkt_type) {
3551                hdev->pkt_type = pkt_type;
3552                changed = true;
3553        }
3554
3555        if ((selected_phys & MGMT_PHY_LE_MASK) ==
3556            (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3557                if (changed)
3558                        mgmt_phy_configuration_changed(hdev, sk);
3559
3560                err = mgmt_cmd_complete(sk, hdev->id,
3561                                        MGMT_OP_SET_PHY_CONFIGURATION,
3562                                        0, NULL, 0);
3563
3564                goto unlock;
3565        }
3566
3567        cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3568                               len);
3569        if (!cmd) {
3570                err = -ENOMEM;
3571                goto unlock;
3572        }
3573
3574        hci_req_init(&req, hdev);
3575
3576        memset(&cp_phy, 0, sizeof(cp_phy));
3577
3578        if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3579                cp_phy.all_phys |= 0x01;
3580
3581        if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3582                cp_phy.all_phys |= 0x02;
3583
3584        if (selected_phys & MGMT_PHY_LE_1M_TX)
3585                cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3586
3587        if (selected_phys & MGMT_PHY_LE_2M_TX)
3588                cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3589
3590        if (selected_phys & MGMT_PHY_LE_CODED_TX)
3591                cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3592
3593        if (selected_phys & MGMT_PHY_LE_1M_RX)
3594                cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3595
3596        if (selected_phys & MGMT_PHY_LE_2M_RX)
3597                cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3598
3599        if (selected_phys & MGMT_PHY_LE_CODED_RX)
3600                cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3601
3602        hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3603
3604        err = hci_req_run_skb(&req, set_default_phy_complete);
3605        if (err < 0)
3606                mgmt_pending_remove(cmd);
3607
3608unlock:
3609        hci_dev_unlock(hdev);
3610
3611        return err;
3612}
3613
3614static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3615                            u16 len)
3616{
3617        int err = MGMT_STATUS_SUCCESS;
3618        struct mgmt_cp_set_blocked_keys *keys = data;
3619        const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3620                                   sizeof(struct mgmt_blocked_key_info));
3621        u16 key_count, expected_len;
3622        int i;
3623
3624        bt_dev_dbg(hdev, "sock %p", sk);
3625
3626        key_count = __le16_to_cpu(keys->key_count);
3627        if (key_count > max_key_count) {
3628                bt_dev_err(hdev, "too big key_count value %u", key_count);
3629                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3630                                       MGMT_STATUS_INVALID_PARAMS);
3631        }
3632
3633        expected_len = struct_size(keys, keys, key_count);
3634        if (expected_len != len) {
3635                bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3636                           expected_len, len);
3637                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3638                                       MGMT_STATUS_INVALID_PARAMS);
3639        }
3640
3641        hci_dev_lock(hdev);
3642
3643        hci_blocked_keys_clear(hdev);
3644
3645        for (i = 0; i < keys->key_count; ++i) {
3646                struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3647
3648                if (!b) {
3649                        err = MGMT_STATUS_NO_RESOURCES;
3650                        break;
3651                }
3652
3653                b->type = keys->keys[i].type;
3654                memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3655                list_add_rcu(&b->list, &hdev->blocked_keys);
3656        }
3657        hci_dev_unlock(hdev);
3658
3659        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3660                                err, NULL, 0);
3661}
3662
3663static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3664                               void *data, u16 len)
3665{
3666        struct mgmt_mode *cp = data;
3667        int err;
3668        bool changed = false;
3669
3670        bt_dev_dbg(hdev, "sock %p", sk);
3671
3672        if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3673                return mgmt_cmd_status(sk, hdev->id,
3674                                       MGMT_OP_SET_WIDEBAND_SPEECH,
3675                                       MGMT_STATUS_NOT_SUPPORTED);
3676
3677        if (cp->val != 0x00 && cp->val != 0x01)
3678                return mgmt_cmd_status(sk, hdev->id,
3679                                       MGMT_OP_SET_WIDEBAND_SPEECH,
3680                                       MGMT_STATUS_INVALID_PARAMS);
3681
3682        hci_dev_lock(hdev);
3683
3684        if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3685                err = mgmt_cmd_status(sk, hdev->id,
3686                                      MGMT_OP_SET_WIDEBAND_SPEECH,
3687                                      MGMT_STATUS_BUSY);
3688                goto unlock;
3689        }
3690
3691        if (hdev_is_powered(hdev) &&
3692            !!cp->val != hci_dev_test_flag(hdev,
3693                                           HCI_WIDEBAND_SPEECH_ENABLED)) {
3694                err = mgmt_cmd_status(sk, hdev->id,
3695                                      MGMT_OP_SET_WIDEBAND_SPEECH,
3696                                      MGMT_STATUS_REJECTED);
3697                goto unlock;
3698        }
3699
3700        if (cp->val)
3701                changed = !hci_dev_test_and_set_flag(hdev,
3702                                                   HCI_WIDEBAND_SPEECH_ENABLED);
3703        else
3704                changed = hci_dev_test_and_clear_flag(hdev,
3705                                                   HCI_WIDEBAND_SPEECH_ENABLED);
3706
3707        err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3708        if (err < 0)
3709                goto unlock;
3710
3711        if (changed)
3712                err = new_settings(hdev, sk);
3713
3714unlock:
3715        hci_dev_unlock(hdev);
3716        return err;
3717}
3718
3719static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3720                               void *data, u16 data_len)
3721{
3722        char buf[20];
3723        struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3724        u16 cap_len = 0;
3725        u8 flags = 0;
3726        u8 tx_power_range[2];
3727
3728        bt_dev_dbg(hdev, "sock %p", sk);
3729
3730        memset(&buf, 0, sizeof(buf));
3731
3732        hci_dev_lock(hdev);
3733
3734        /* When the Read Simple Pairing Options command is supported, then
3735         * the remote public key validation is supported.
3736         *
3737         * Alternatively, when Microsoft extensions are available, they can
3738         * indicate support for public key validation as well.
3739         */
3740        if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
3741                flags |= 0x01;  /* Remote public key validation (BR/EDR) */
3742
3743        flags |= 0x02;          /* Remote public key validation (LE) */
3744
3745        /* When the Read Encryption Key Size command is supported, then the
3746         * encryption key size is enforced.
3747         */
3748        if (hdev->commands[20] & 0x10)
3749                flags |= 0x04;  /* Encryption key size enforcement (BR/EDR) */
3750
3751        flags |= 0x08;          /* Encryption key size enforcement (LE) */
3752
3753        cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3754                                  &flags, 1);
3755
3756        /* When the Read Simple Pairing Options command is supported, then
3757         * also max encryption key size information is provided.
3758         */
3759        if (hdev->commands[41] & 0x08)
3760                cap_len = eir_append_le16(rp->cap, cap_len,
3761                                          MGMT_CAP_MAX_ENC_KEY_SIZE,
3762                                          hdev->max_enc_key_size);
3763
3764        cap_len = eir_append_le16(rp->cap, cap_len,
3765                                  MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3766                                  SMP_MAX_ENC_KEY_SIZE);
3767
3768        /* Append the min/max LE tx power parameters if we were able to fetch
3769         * it from the controller
3770         */
3771        if (hdev->commands[38] & 0x80) {
3772                memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3773                memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3774                cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3775                                          tx_power_range, 2);
3776        }
3777
3778        rp->cap_len = cpu_to_le16(cap_len);
3779
3780        hci_dev_unlock(hdev);
3781
3782        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3783                                 rp, sizeof(*rp) + cap_len);
3784}
3785
3786#ifdef CONFIG_BT_FEATURE_DEBUG
3787/* d4992530-b9ec-469f-ab01-6c481c47da1c */
3788static const u8 debug_uuid[16] = {
3789        0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3790        0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3791};
3792#endif
3793
3794/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3795static const u8 simult_central_periph_uuid[16] = {
3796        0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3797        0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3798};
3799
3800/* 15c0a148-c273-11ea-b3de-0242ac130004 */
3801static const u8 rpa_resolution_uuid[16] = {
3802        0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3803        0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3804};
3805
3806static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3807                                  void *data, u16 data_len)
3808{
3809        char buf[62];   /* Enough space for 3 features */
3810        struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3811        u16 idx = 0;
3812        u32 flags;
3813
3814        bt_dev_dbg(hdev, "sock %p", sk);
3815
3816        memset(&buf, 0, sizeof(buf));
3817
3818#ifdef CONFIG_BT_FEATURE_DEBUG
3819        if (!hdev) {
3820                flags = bt_dbg_get() ? BIT(0) : 0;
3821
3822                memcpy(rp->features[idx].uuid, debug_uuid, 16);
3823                rp->features[idx].flags = cpu_to_le32(flags);
3824                idx++;
3825        }
3826#endif
3827
3828        if (hdev) {
3829                if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3830                    (hdev->le_states[4] & 0x08) &&      /* Central */
3831                    (hdev->le_states[4] & 0x40) &&      /* Peripheral */
3832                    (hdev->le_states[3] & 0x10))        /* Simultaneous */
3833                        flags = BIT(0);
3834                else
3835                        flags = 0;
3836
3837                memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3838                rp->features[idx].flags = cpu_to_le32(flags);
3839                idx++;
3840        }
3841
3842        if (hdev && use_ll_privacy(hdev)) {
3843                if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3844                        flags = BIT(0) | BIT(1);
3845                else
3846                        flags = BIT(1);
3847
3848                memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3849                rp->features[idx].flags = cpu_to_le32(flags);
3850                idx++;
3851        }
3852
3853        rp->feature_count = cpu_to_le16(idx);
3854
3855        /* After reading the experimental features information, enable
3856         * the events to update client on any future change.
3857         */
3858        hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3859
3860        return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3861                                 MGMT_OP_READ_EXP_FEATURES_INFO,
3862                                 0, rp, sizeof(*rp) + (20 * idx));
3863}
3864
3865static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3866                                          struct sock *skip)
3867{
3868        struct mgmt_ev_exp_feature_changed ev;
3869
3870        memset(&ev, 0, sizeof(ev));
3871        memcpy(ev.uuid, rpa_resolution_uuid, 16);
3872        ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3873
3874        return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3875                                  &ev, sizeof(ev),
3876                                  HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3877
3878}
3879
3880#ifdef CONFIG_BT_FEATURE_DEBUG
3881static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3882{
3883        struct mgmt_ev_exp_feature_changed ev;
3884
3885        memset(&ev, 0, sizeof(ev));
3886        memcpy(ev.uuid, debug_uuid, 16);
3887        ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3888
3889        return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3890                                  &ev, sizeof(ev),
3891                                  HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3892}
3893#endif
3894
3895static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3896                           void *data, u16 data_len)
3897{
3898        struct mgmt_cp_set_exp_feature *cp = data;
3899        struct mgmt_rp_set_exp_feature rp;
3900
3901        bt_dev_dbg(hdev, "sock %p", sk);
3902
3903        if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3904                memset(rp.uuid, 0, 16);
3905                rp.flags = cpu_to_le32(0);
3906
3907#ifdef CONFIG_BT_FEATURE_DEBUG
3908                if (!hdev) {
3909                        bool changed = bt_dbg_get();
3910
3911                        bt_dbg_set(false);
3912
3913                        if (changed)
3914                                exp_debug_feature_changed(false, sk);
3915                }
3916#endif
3917
3918                if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3919                        bool changed = hci_dev_test_flag(hdev,
3920                                                         HCI_ENABLE_LL_PRIVACY);
3921
3922                        hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3923
3924                        if (changed)
3925                                exp_ll_privacy_feature_changed(false, hdev, sk);
3926                }
3927
3928                hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3929
3930                return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3931                                         MGMT_OP_SET_EXP_FEATURE, 0,
3932                                         &rp, sizeof(rp));
3933        }
3934
3935#ifdef CONFIG_BT_FEATURE_DEBUG
3936        if (!memcmp(cp->uuid, debug_uuid, 16)) {
3937                bool val, changed;
3938                int err;
3939
3940                /* Command requires to use the non-controller index */
3941                if (hdev)
3942                        return mgmt_cmd_status(sk, hdev->id,
3943                                               MGMT_OP_SET_EXP_FEATURE,
3944                                               MGMT_STATUS_INVALID_INDEX);
3945
3946                /* Parameters are limited to a single octet */
3947                if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3948                        return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3949                                               MGMT_OP_SET_EXP_FEATURE,
3950                                               MGMT_STATUS_INVALID_PARAMS);
3951
3952                /* Only boolean on/off is supported */
3953                if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3954                        return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3955                                               MGMT_OP_SET_EXP_FEATURE,
3956                                               MGMT_STATUS_INVALID_PARAMS);
3957
3958                val = !!cp->param[0];
3959                changed = val ? !bt_dbg_get() : bt_dbg_get();
3960                bt_dbg_set(val);
3961
3962                memcpy(rp.uuid, debug_uuid, 16);
3963                rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3964
3965                hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3966
3967                err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3968                                        MGMT_OP_SET_EXP_FEATURE, 0,
3969                                        &rp, sizeof(rp));
3970
3971                if (changed)
3972                        exp_debug_feature_changed(val, sk);
3973
3974                return err;
3975        }
3976#endif
3977
3978        if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) {
3979                bool val, changed;
3980                int err;
3981                u32 flags;
3982
3983                /* Command requires to use the controller index */
3984                if (!hdev)
3985                        return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3986                                               MGMT_OP_SET_EXP_FEATURE,
3987                                               MGMT_STATUS_INVALID_INDEX);
3988
3989                /* Changes can only be made when controller is powered down */
3990                if (hdev_is_powered(hdev))
3991                        return mgmt_cmd_status(sk, hdev->id,
3992                                               MGMT_OP_SET_EXP_FEATURE,
3993                                               MGMT_STATUS_REJECTED);
3994
3995                /* Parameters are limited to a single octet */
3996                if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3997                        return mgmt_cmd_status(sk, hdev->id,
3998                                               MGMT_OP_SET_EXP_FEATURE,
3999                                               MGMT_STATUS_INVALID_PARAMS);
4000

4001                /* Only boolean on/off is supported */
4002                if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4003                        return mgmt_cmd_status(sk, hdev->id,
4004                                               MGMT_OP_SET_EXP_FEATURE,
4005                                               MGMT_STATUS_INVALID_PARAMS);
4006
4007                val = !!cp->param[0];
4008
4009                if (val) {
4010                        changed = !hci_dev_test_flag(hdev,
4011                                                     HCI_ENABLE_LL_PRIVACY);
4012                        hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4013                        hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4014
4015                        /* Enable LL privacy + supported settings changed */
4016                        flags = BIT(0) | BIT(1);
4017                } else {
4018                        changed = hci_dev_test_flag(hdev,
4019                                                    HCI_ENABLE_LL_PRIVACY);
4020                        hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4021
4022                        /* Disable LL privacy + supported settings changed */
4023                        flags = BIT(1);
4024                }
4025
4026                memcpy(rp.uuid, rpa_resolution_uuid, 16);
4027                rp.flags = cpu_to_le32(flags);
4028
4029                hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4030
4031                err = mgmt_cmd_complete(sk, hdev->id,
4032                                        MGMT_OP_SET_EXP_FEATURE, 0,
4033                                        &rp, sizeof(rp));
4034
4035                if (changed)
4036                        exp_ll_privacy_feature_changed(val, hdev, sk);
4037
4038                return err;
4039        }
4040
4041        return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4042                               MGMT_OP_SET_EXP_FEATURE,
4043                               MGMT_STATUS_NOT_SUPPORTED);
4044}
4045
4046#define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4047
4048static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4049                            u16 data_len)
4050{
4051        struct mgmt_cp_get_device_flags *cp = data;
4052        struct mgmt_rp_get_device_flags rp;
4053        struct bdaddr_list_with_flags *br_params;
4054        struct hci_conn_params *params;
4055        u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4056        u32 current_flags = 0;
4057        u8 status = MGMT_STATUS_INVALID_PARAMS;
4058
4059        bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4060                   &cp->addr.bdaddr, cp->addr.type);
4061
4062        hci_dev_lock(hdev);
4063
4064        memset(&rp, 0, sizeof(rp));
4065
4066        if (cp->addr.type == BDADDR_BREDR) {
4067                br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4068                                                              &cp->addr.bdaddr,
4069                                                              cp->addr.type);
4070                if (!br_params)
4071                        goto done;
4072
4073                current_flags = br_params->current_flags;
4074        } else {
4075                params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4076                                                le_addr_type(cp->addr.type));
4077
4078                if (!params)
4079                        goto done;
4080
4081                current_flags = params->current_flags;
4082        }
4083
4084        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4085        rp.addr.type = cp->addr.type;
4086        rp.supported_flags = cpu_to_le32(supported_flags);
4087        rp.current_flags = cpu_to_le32(current_flags);
4088
4089        status = MGMT_STATUS_SUCCESS;
4090
4091done:
4092        hci_dev_unlock(hdev);
4093
4094        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4095                                &rp, sizeof(rp));
4096}
4097
4098static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4099                                 bdaddr_t *bdaddr, u8 bdaddr_type,
4100                                 u32 supported_flags, u32 current_flags)
4101{
4102        struct mgmt_ev_device_flags_changed ev;
4103
4104        bacpy(&ev.addr.bdaddr, bdaddr);
4105        ev.addr.type = bdaddr_type;
4106        ev.supported_flags = cpu_to_le32(supported_flags);
4107        ev.current_flags = cpu_to_le32(current_flags);
4108
4109        mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4110}
4111
4112static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4113                            u16 len)
4114{
4115        struct mgmt_cp_set_device_flags *cp = data;
4116        struct bdaddr_list_with_flags *br_params;
4117        struct hci_conn_params *params;
4118        u8 status = MGMT_STATUS_INVALID_PARAMS;
4119        u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4120        u32 current_flags = __le32_to_cpu(cp->current_flags);
4121
4122        bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4123                   &cp->addr.bdaddr, cp->addr.type,
4124                   __le32_to_cpu(current_flags));
4125
4126        if ((supported_flags | current_flags) != supported_flags) {
4127                bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4128                            current_flags, supported_flags);
4129                goto done;
4130        }
4131
4132        hci_dev_lock(hdev);
4133
4134        if (cp->addr.type == BDADDR_BREDR) {
4135                br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4136                                                              &cp->addr.bdaddr,
4137                                                              cp->addr.type);
4138
4139                if (br_params) {
4140                        br_params->current_flags = current_flags;
4141                        status = MGMT_STATUS_SUCCESS;
4142                } else {
4143                        bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4144                                    &cp->addr.bdaddr, cp->addr.type);
4145                }
4146        } else {
4147                params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4148                                                le_addr_type(cp->addr.type));
4149                if (params) {
4150                        params->current_flags = current_flags;
4151                        status = MGMT_STATUS_SUCCESS;
4152                } else {
4153                        bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4154                                    &cp->addr.bdaddr,
4155                                    le_addr_type(cp->addr.type));
4156                }
4157        }
4158
4159done:
4160        hci_dev_unlock(hdev);
4161
4162        if (status == MGMT_STATUS_SUCCESS)
4163                device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4164                                     supported_flags, current_flags);
4165
4166        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4167                                 &cp->addr, sizeof(cp->addr));
4168}
4169
4170static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4171                                   u16 handle)
4172{
4173        struct mgmt_ev_adv_monitor_added ev;
4174
4175        ev.monitor_handle = cpu_to_le16(handle);
4176
4177        mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4178}
4179
4180void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
4181{
4182        struct mgmt_ev_adv_monitor_removed ev;
4183        struct mgmt_pending_cmd *cmd;
4184        struct sock *sk_skip = NULL;
4185        struct mgmt_cp_remove_adv_monitor *cp;
4186
4187        cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4188        if (cmd) {
4189                cp = cmd->param;
4190
4191                if (cp->monitor_handle)
4192                        sk_skip = cmd->sk;
4193        }
4194
4195        ev.monitor_handle = cpu_to_le16(handle);
4196
4197        mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
4198}
4199
4200static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4201                                 void *data, u16 len)
4202{
4203        struct adv_monitor *monitor = NULL;
4204        struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4205        int handle, err;
4206        size_t rp_size = 0;
4207        __u32 supported = 0;
4208        __u32 enabled = 0;
4209        __u16 num_handles = 0;
4210        __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4211
4212        BT_DBG("request for %s", hdev->name);
4213
4214        hci_dev_lock(hdev);
4215
4216        if (msft_monitor_supported(hdev))
4217                supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4218
4219        idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
4220                handles[num_handles++] = monitor->handle;
4221
4222        hci_dev_unlock(hdev);
4223
4224        rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4225        rp = kmalloc(rp_size, GFP_KERNEL);
4226        if (!rp)
4227                return -ENOMEM;
4228
4229        /* All supported features are currently enabled */
4230        enabled = supported;
4231
4232        rp->supported_features = cpu_to_le32(supported);
4233        rp->enabled_features = cpu_to_le32(enabled);
4234        rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4235        rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4236        rp->num_handles = cpu_to_le16(num_handles);
4237        if (num_handles)
4238                memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4239
4240        err = mgmt_cmd_complete(sk, hdev->id,
4241                                MGMT_OP_READ_ADV_MONITOR_FEATURES,
4242                                MGMT_STATUS_SUCCESS, rp, rp_size);
4243
4244        kfree(rp);
4245
4246        return err;
4247}
4248
4249int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
4250{
4251        struct mgmt_rp_add_adv_patterns_monitor rp;
4252        struct mgmt_pending_cmd *cmd;
4253        struct adv_monitor *monitor;
4254        int err = 0;
4255
4256        hci_dev_lock(hdev);
4257
4258        cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev);
4259        if (!cmd) {
4260                cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev);
4261                if (!cmd)
4262                        goto done;
4263        }
4264
4265        monitor = cmd->user_data;
4266        rp.monitor_handle = cpu_to_le16(monitor->handle);
4267
4268        if (!status) {
4269                mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4270                hdev->adv_monitors_cnt++;
4271                if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4272                        monitor->state = ADV_MONITOR_STATE_REGISTERED;
4273                hci_update_background_scan(hdev);
4274        }
4275
4276        err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4277                                mgmt_status(status), &rp, sizeof(rp));
4278        mgmt_pending_remove(cmd);
4279
4280done:
4281        hci_dev_unlock(hdev);
4282        bt_dev_dbg(hdev, "add monitor %d complete, status %u",
4283                   rp.monitor_handle, status);
4284
4285        return err;
4286}
4287
4288static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4289                                      struct adv_monitor *m, u8 status,
4290                                      void *data, u16 len, u16 op)
4291{
4292        struct mgmt_rp_add_adv_patterns_monitor rp;
4293        struct mgmt_pending_cmd *cmd;
4294        int err;
4295        bool pending;
4296
4297        hci_dev_lock(hdev);
4298
4299        if (status)
4300                goto unlock;
4301
4302        if (pending_find(MGMT_OP_SET_LE, hdev) ||
4303            pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4304            pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4305            pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4306                status = MGMT_STATUS_BUSY;
4307                goto unlock;
4308        }
4309
4310        cmd = mgmt_pending_add(sk, op, hdev, data, len);
4311        if (!cmd) {
4312                status = MGMT_STATUS_NO_RESOURCES;
4313                goto unlock;
4314        }
4315
4316        cmd->user_data = m;
4317        pending = hci_add_adv_monitor(hdev, m, &err);
4318        if (err) {
4319                if (err == -ENOSPC || err == -ENOMEM)
4320                        status = MGMT_STATUS_NO_RESOURCES;
4321                else if (err == -EINVAL)
4322                        status = MGMT_STATUS_INVALID_PARAMS;
4323                else
4324                        status = MGMT_STATUS_FAILED;
4325
4326                mgmt_pending_remove(cmd);
4327                goto unlock;
4328        }
4329
4330        if (!pending) {
4331                mgmt_pending_remove(cmd);
4332                rp.monitor_handle = cpu_to_le16(m->handle);
4333                mgmt_adv_monitor_added(sk, hdev, m->handle);
4334                m->state = ADV_MONITOR_STATE_REGISTERED;
4335                hdev->adv_monitors_cnt++;
4336
4337                hci_dev_unlock(hdev);
4338                return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS,
4339                                         &rp, sizeof(rp));
4340        }
4341
4342        hci_dev_unlock(hdev);
4343
4344        return 0;
4345
4346unlock:
4347        hci_free_adv_monitor(hdev, m);
4348        hci_dev_unlock(hdev);
4349        return mgmt_cmd_status(sk, hdev->id, op, status);
4350}
4351
4352static void parse_adv_monitor_rssi(struct adv_monitor *m,
4353                                   struct mgmt_adv_rssi_thresholds *rssi)
4354{
4355        if (rssi) {
4356                m->rssi.low_threshold = rssi->low_threshold;
4357                m->rssi.low_threshold_timeout =
4358                    __le16_to_cpu(rssi->low_threshold_timeout);
4359                m->rssi.high_threshold = rssi->high_threshold;
4360                m->rssi.high_threshold_timeout =
4361                    __le16_to_cpu(rssi->high_threshold_timeout);
4362                m->rssi.sampling_period = rssi->sampling_period;
4363        } else {
4364                /* Default values. These numbers are the least constricting
4365                 * parameters for MSFT API to work, so it behaves as if there
4366                 * are no rssi parameter to consider. May need to be changed
4367                 * if other API are to be supported.
4368                 */
4369                m->rssi.low_threshold = -127;
4370                m->rssi.low_threshold_timeout = 60;
4371                m->rssi.high_threshold = -127;
4372                m->rssi.high_threshold_timeout = 0;
4373                m->rssi.sampling_period = 0;
4374        }
4375}
4376
4377static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4378                                    struct mgmt_adv_pattern *patterns)
4379{
4380        u8 offset = 0, length = 0;
4381        struct adv_pattern *p = NULL;
4382        int i;
4383
4384        for (i = 0; i < pattern_count; i++) {
4385                offset = patterns[i].offset;
4386                length = patterns[i].length;
4387                if (offset >= HCI_MAX_AD_LENGTH ||
4388                    length > HCI_MAX_AD_LENGTH ||
4389                    (offset + length) > HCI_MAX_AD_LENGTH)
4390                        return MGMT_STATUS_INVALID_PARAMS;
4391
4392                p = kmalloc(sizeof(*p), GFP_KERNEL);
4393                if (!p)
4394                        return MGMT_STATUS_NO_RESOURCES;
4395
4396                p->ad_type = patterns[i].ad_type;
4397                p->offset = patterns[i].offset;
4398                p->length = patterns[i].length;
4399                memcpy(p->value, patterns[i].value, p->length);
4400
4401                INIT_LIST_HEAD(&p->list);
4402                list_add(&p->list, &m->patterns);
4403        }
4404
4405        return MGMT_STATUS_SUCCESS;
4406}
4407
4408static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4409                                    void *data, u16 len)
4410{
4411        struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4412        struct adv_monitor *m = NULL;
4413        u8 status = MGMT_STATUS_SUCCESS;
4414        size_t expected_size = sizeof(*cp);
4415
4416        BT_DBG("request for %s", hdev->name);
4417
4418        if (len <= sizeof(*cp)) {
4419                status = MGMT_STATUS_INVALID_PARAMS;
4420                goto done;
4421        }
4422
4423        expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4424        if (len != expected_size) {
4425                status = MGMT_STATUS_INVALID_PARAMS;
4426                goto done;
4427        }
4428
4429        m = kzalloc(sizeof(*m), GFP_KERNEL);
4430        if (!m) {
4431                status = MGMT_STATUS_NO_RESOURCES;
4432                goto done;
4433        }
4434
4435        INIT_LIST_HEAD(&m->patterns);
4436
4437        parse_adv_monitor_rssi(m, NULL);
4438        status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4439
4440done:
4441        return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4442                                          MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4443}
4444
4445static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4446                                         void *data, u16 len)
4447{
4448        struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4449        struct adv_monitor *m = NULL;
4450        u8 status = MGMT_STATUS_SUCCESS;
4451        size_t expected_size = sizeof(*cp);
4452
4453        BT_DBG("request for %s", hdev->name);
4454
4455        if (len <= sizeof(*cp)) {
4456                status = MGMT_STATUS_INVALID_PARAMS;
4457                goto done;
4458        }
4459
4460        expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4461        if (len != expected_size) {
4462                status = MGMT_STATUS_INVALID_PARAMS;
4463                goto done;
4464        }
4465
4466        m = kzalloc(sizeof(*m), GFP_KERNEL);
4467        if (!m) {
4468                status = MGMT_STATUS_NO_RESOURCES;
4469                goto done;
4470        }
4471
4472        INIT_LIST_HEAD(&m->patterns);
4473
4474        parse_adv_monitor_rssi(m, &cp->rssi);
4475        status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4476
4477done:
4478        return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4479                                         MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
4480}
4481
4482int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
4483{
4484        struct mgmt_rp_remove_adv_monitor rp;
4485        struct mgmt_cp_remove_adv_monitor *cp;
4486        struct mgmt_pending_cmd *cmd;
4487        int err = 0;
4488
4489        hci_dev_lock(hdev);
4490
4491        cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4492        if (!cmd)
4493                goto done;
4494
4495        cp = cmd->param;
4496        rp.monitor_handle = cp->monitor_handle;
4497
4498        if (!status)
4499                hci_update_background_scan(hdev);
4500
4501        err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4502                                mgmt_status(status), &rp, sizeof(rp));
4503        mgmt_pending_remove(cmd);
4504
4505done:
4506        hci_dev_unlock(hdev);
4507        bt_dev_dbg(hdev, "remove monitor %d complete, status %u",
4508                   rp.monitor_handle, status);
4509
4510        return err;
4511}
4512
4513static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4514                              void *data, u16 len)
4515{
4516        struct mgmt_cp_remove_adv_monitor *cp = data;
4517        struct mgmt_rp_remove_adv_monitor rp;
4518        struct mgmt_pending_cmd *cmd;
4519        u16 handle = __le16_to_cpu(cp->monitor_handle);
4520        int err, status;
4521        bool pending;
4522
4523        BT_DBG("request for %s", hdev->name);
4524        rp.monitor_handle = cp->monitor_handle;
4525
4526        hci_dev_lock(hdev);
4527
4528        if (pending_find(MGMT_OP_SET_LE, hdev) ||
4529            pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
4530            pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4531            pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
4532                status = MGMT_STATUS_BUSY;
4533                goto unlock;
4534        }
4535
4536        cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
4537        if (!cmd) {
4538                status = MGMT_STATUS_NO_RESOURCES;
4539                goto unlock;
4540        }
4541
4542        if (handle)
4543                pending = hci_remove_single_adv_monitor(hdev, handle, &err);
4544        else
4545                pending = hci_remove_all_adv_monitor(hdev, &err);
4546
4547        if (err) {
4548                mgmt_pending_remove(cmd);
4549
4550                if (err == -ENOENT)
4551                        status = MGMT_STATUS_INVALID_INDEX;
4552                else
4553                        status = MGMT_STATUS_FAILED;
4554
4555                goto unlock;
4556        }
4557
4558        /* monitor can be removed without forwarding request to controller */
4559        if (!pending) {
4560                mgmt_pending_remove(cmd);
4561                hci_dev_unlock(hdev);
4562
4563                return mgmt_cmd_complete(sk, hdev->id,
4564                                         MGMT_OP_REMOVE_ADV_MONITOR,
4565                                         MGMT_STATUS_SUCCESS,
4566                                         &rp, sizeof(rp));
4567        }
4568
4569        hci_dev_unlock(hdev);
4570        return 0;
4571
4572unlock:
4573        hci_dev_unlock(hdev);
4574        return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4575                               status);
4576}
4577
4578static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4579                                         u16 opcode, struct sk_buff *skb)
4580{
4581        struct mgmt_rp_read_local_oob_data mgmt_rp;
4582        size_t rp_size = sizeof(mgmt_rp);
4583        struct mgmt_pending_cmd *cmd;
4584
4585        bt_dev_dbg(hdev, "status %u", status);
4586
4587        cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4588        if (!cmd)
4589                return;
4590
4591        if (status || !skb) {
4592                mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4593                                status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4594                goto remove;
4595        }
4596
4597        memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4598
4599        if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4600                struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4601
4602                if (skb->len < sizeof(*rp)) {
4603                        mgmt_cmd_status(cmd->sk, hdev->id,
4604                                        MGMT_OP_READ_LOCAL_OOB_DATA,
4605                                        MGMT_STATUS_FAILED);
4606                        goto remove;
4607                }
4608
4609                memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4610                memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4611
4612                rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4613        } else {
4614                struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4615
4616                if (skb->len < sizeof(*rp)) {
4617                        mgmt_cmd_status(cmd->sk, hdev->id,
4618                                        MGMT_OP_READ_LOCAL_OOB_DATA,
4619                                        MGMT_STATUS_FAILED);
4620                        goto remove;
4621                }
4622
4623                memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4624                memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4625
4626                memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4627                memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4628        }
4629
4630        mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4631                          MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4632
4633remove:
4634        mgmt_pending_remove(cmd);
4635}
4636
4637static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
4638                               void *data, u16 data_len)
4639{
4640        struct mgmt_pending_cmd *cmd;
4641        struct hci_request req;
4642        int err;
4643
4644        bt_dev_dbg(hdev, "sock %p", sk);
4645
4646        hci_dev_lock(hdev);
4647
4648        if (!hdev_is_powered(hdev)) {
4649                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4650                                      MGMT_STATUS_NOT_POWERED);
4651                goto unlock;
4652        }
4653
4654        if (!lmp_ssp_capable(hdev)) {
4655                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4656                                      MGMT_STATUS_NOT_SUPPORTED);
4657                goto unlock;
4658        }
4659
4660        if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4661                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4662                                      MGMT_STATUS_BUSY);
4663                goto unlock;
4664        }
4665
4666        cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4667        if (!cmd) {
4668                err = -ENOMEM;
4669                goto unlock;
4670        }
4671
4672        hci_req_init(&req, hdev);
4673
4674        if (bredr_sc_enabled(hdev))
4675                hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4676        else
4677                hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4678
4679        err = hci_req_run_skb(&req, read_local_oob_data_complete);
4680        if (err < 0)
4681                mgmt_pending_remove(cmd);
4682
4683unlock:
4684        hci_dev_unlock(hdev);
4685        return err;
4686}
4687
4688static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4689                               void *data, u16 len)
4690{
4691        struct mgmt_addr_info *addr = data;
4692        int err;
4693
4694        bt_dev_dbg(hdev, "sock %p", sk);
4695
4696        if (!bdaddr_type_is_valid(addr->type))
4697                return mgmt_cmd_complete(sk, hdev->id,
4698                                         MGMT_OP_ADD_REMOTE_OOB_DATA,
4699                                         MGMT_STATUS_INVALID_PARAMS,
4700                                         addr, sizeof(*addr));
4701
4702        hci_dev_lock(hdev);
4703
4704        if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4705                struct mgmt_cp_add_remote_oob_data *cp = data;
4706                u8 status;
4707
4708                if (cp->addr.type != BDADDR_BREDR) {
4709                        err = mgmt_cmd_complete(sk, hdev->id,
4710                                                MGMT_OP_ADD_REMOTE_OOB_DATA,
4711                                                MGMT_STATUS_INVALID_PARAMS,
4712                                                &cp->addr, sizeof(cp->addr));
4713                        goto unlock;
4714                }
4715
4716                err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4717                                              cp->addr.type, cp->hash,
4718                                              cp->rand, NULL, NULL);
4719                if (err < 0)
4720                        status = MGMT_STATUS_FAILED;
4721                else
4722                        status = MGMT_STATUS_SUCCESS;
4723
4724                err = mgmt_cmd_complete(sk, hdev->id,
4725                                        MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4726                                        &cp->addr, sizeof(cp->addr));
4727        } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4728                struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4729                u8 *rand192, *hash192, *rand256, *hash256;
4730                u8 status;
4731
4732                if (bdaddr_type_is_le(cp->addr.type)) {
4733                        /* Enforce zero-valued 192-bit parameters as
4734                         * long as legacy SMP OOB isn't implemented.
4735                         */
4736                        if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4737                            memcmp(cp->hash192, ZERO_KEY, 16)) {
4738                                err = mgmt_cmd_complete(sk, hdev->id,
4739                                                        MGMT_OP_ADD_REMOTE_OOB_DATA,
4740                                                        MGMT_STATUS_INVALID_PARAMS,
4741                                                        addr, sizeof(*addr));
4742                                goto unlock;
4743                        }
4744
4745                        rand192 = NULL;
4746                        hash192 = NULL;
4747                } else {
4748                        /* In case one of the P-192 values is set to zero,
4749                         * then just disable OOB data for P-192.
4750                         */
4751                        if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4752                            !memcmp(cp->hash192, ZERO_KEY, 16)) {
4753                                rand192 = NULL;
4754                                hash192 = NULL;
4755                        } else {
4756                                rand192 = cp->rand192;
4757                                hash192 = cp->hash192;
4758                        }
4759                }
4760
4761                /* In case one of the P-256 values is set to zero, then just
4762                 * disable OOB data for P-256.
4763                 */
4764                if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4765                    !memcmp(cp->hash256, ZERO_KEY, 16)) {
4766                        rand256 = NULL;
4767                        hash256 = NULL;
4768                } else {
4769                        rand256 = cp->rand256;
4770                        hash256 = cp->hash256;
4771                }
4772
4773                err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4774                                              cp->addr.type, hash192, rand192,
4775                                              hash256, rand256);
4776                if (err < 0)
4777                        status = MGMT_STATUS_FAILED;
4778                else
4779                        status = MGMT_STATUS_SUCCESS;
4780
4781                err = mgmt_cmd_complete(sk, hdev->id,
4782                                        MGMT_OP_ADD_REMOTE_OOB_DATA,
4783                                        status, &cp->addr, sizeof(cp->addr));
4784        } else {
4785                bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4786                           len);
4787                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4788                                      MGMT_STATUS_INVALID_PARAMS);
4789        }
4790
4791unlock:
4792        hci_dev_unlock(hdev);
4793        return err;
4794}
4795
4796static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4797                                  void *data, u16 len)
4798{
4799        struct mgmt_cp_remove_remote_oob_data *cp = data;
4800        u8 status;
4801        int err;
4802
4803        bt_dev_dbg(hdev, "sock %p", sk);
4804
4805        if (cp->addr.type != BDADDR_BREDR)
4806                return mgmt_cmd_complete(sk, hdev->id,
4807                                         MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4808                                         MGMT_STATUS_INVALID_PARAMS,
4809                                         &cp->addr, sizeof(cp->addr));
4810
4811        hci_dev_lock(hdev);
4812
4813        if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4814                hci_remote_oob_data_clear(hdev);
4815                status = MGMT_STATUS_SUCCESS;
4816                goto done;
4817        }
4818
4819        err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4820        if (err < 0)
4821                status = MGMT_STATUS_INVALID_PARAMS;
4822        else
4823                status = MGMT_STATUS_SUCCESS;
4824
4825done:
4826        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4827                                status, &cp->addr, sizeof(cp->addr));
4828
4829        hci_dev_unlock(hdev);
4830        return err;
4831}
4832
4833void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
4834{
4835        struct mgmt_pending_cmd *cmd;
4836
4837        bt_dev_dbg(hdev, "status %u", status);
4838
4839        hci_dev_lock(hdev);
4840
4841        cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4842        if (!cmd)
4843                cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4844
4845        if (!cmd)
4846                cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4847
4848        if (cmd) {
4849                cmd->cmd_complete(cmd, mgmt_status(status));
4850                mgmt_pending_remove(cmd);
4851        }
4852
4853        hci_dev_unlock(hdev);
4854
4855        /* Handle suspend notifier */
4856        if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4857                               hdev->suspend_tasks)) {
4858                bt_dev_dbg(hdev, "Unpaused discovery");
4859                wake_up(&hdev->suspend_wait_q);
4860        }
4861}
4862
4863static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4864                                    uint8_t *mgmt_status)
4865{
4866        switch (type) {
4867        case DISCOV_TYPE_LE:
4868                *mgmt_status = mgmt_le_support(hdev);
4869                if (*mgmt_status)
4870                        return false;
4871                break;
4872        case DISCOV_TYPE_INTERLEAVED:
4873                *mgmt_status = mgmt_le_support(hdev);
4874                if (*mgmt_status)
4875                        return false;
4876                fallthrough;
4877        case DISCOV_TYPE_BREDR:
4878                *mgmt_status = mgmt_bredr_support(hdev);
4879                if (*mgmt_status)
4880                        return false;
4881                break;
4882        default:
4883                *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4884                return false;
4885        }
4886
4887        return true;
4888}
4889
4890static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4891                                    u16 op, void *data, u16 len)
4892{
4893        struct mgmt_cp_start_discovery *cp = data;
4894        struct mgmt_pending_cmd *cmd;
4895        u8 status;
4896        int err;
4897
4898        bt_dev_dbg(hdev, "sock %p", sk);
4899
4900        hci_dev_lock(hdev);
4901
4902        if (!hdev_is_powered(hdev)) {
4903                err = mgmt_cmd_complete(sk, hdev->id, op,
4904                                        MGMT_STATUS_NOT_POWERED,
4905                                        &cp->type, sizeof(cp->type));
4906                goto failed;
4907        }
4908
4909        if (hdev->discovery.state != DISCOVERY_STOPPED ||
4910            hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4911                err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4912                                        &cp->type, sizeof(cp->type));
4913                goto failed;
4914        }
4915
4916        if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4917                err = mgmt_cmd_complete(sk, hdev->id, op, status,
4918                                        &cp->type, sizeof(cp->type));
4919                goto failed;
4920        }
4921
4922        /* Can't start discovery when it is paused */
4923        if (hdev->discovery_paused) {
4924                err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4925                                        &cp->type, sizeof(cp->type));
4926                goto failed;
4927        }
4928
4929        /* Clear the discovery filter first to free any previously
4930         * allocated memory for the UUID list.
4931         */
4932        hci_discovery_filter_clear(hdev);
4933
4934        hdev->discovery.type = cp->type;
4935        hdev->discovery.report_invalid_rssi = false;
4936        if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4937                hdev->discovery.limited = true;
4938        else
4939                hdev->discovery.limited = false;
4940
4941        cmd = mgmt_pending_add(sk, op, hdev, data, len);
4942        if (!cmd) {
4943                err = -ENOMEM;
4944                goto failed;
4945        }
4946
4947        cmd->cmd_complete = generic_cmd_complete;
4948
4949        hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4950        queue_work(hdev->req_workqueue, &hdev->discov_update);
4951        err = 0;
4952
4953failed:
4954        hci_dev_unlock(hdev);
4955        return err;
4956}
4957
4958static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4959                           void *data, u16 len)
4960{
4961        return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4962                                        data, len);
4963}
4964
4965static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4966                                   void *data, u16 len)
4967{
4968        return start_discovery_internal(sk, hdev,
4969                                        MGMT_OP_START_LIMITED_DISCOVERY,
4970                                        data, len);
4971}
4972
4973static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4974                                          u8 status)
4975{
4976        return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4977                                 cmd->param, 1);
4978}
4979
4980static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4981                                   void *data, u16 len)
4982{
4983        struct mgmt_cp_start_service_discovery *cp = data;
4984        struct mgmt_pending_cmd *cmd;
4985        const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4986        u16 uuid_count, expected_len;
4987        u8 status;
4988        int err;
4989
4990        bt_dev_dbg(hdev, "sock %p", sk);
4991
4992        hci_dev_lock(hdev);
4993
4994        if (!hdev_is_powered(hdev)) {
4995                err = mgmt_cmd_complete(sk, hdev->id,
4996                                        MGMT_OP_START_SERVICE_DISCOVERY,
4997                                        MGMT_STATUS_NOT_POWERED,
4998                                        &cp->type, sizeof(cp->type));
4999                goto failed;
5000        }

5001
5002        if (hdev->discovery.state != DISCOVERY_STOPPED ||
5003            hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5004                err = mgmt_cmd_complete(sk, hdev->id,
5005                                        MGMT_OP_START_SERVICE_DISCOVERY,
5006                                        MGMT_STATUS_BUSY, &cp->type,
5007                                        sizeof(cp->type));
5008                goto failed;
5009        }
5010
5011        if (hdev->discovery_paused) {
5012                err = mgmt_cmd_complete(sk, hdev->id,
5013                                        MGMT_OP_START_SERVICE_DISCOVERY,
5014                                        MGMT_STATUS_BUSY, &cp->type,
5015                                        sizeof(cp->type));
5016                goto failed;
5017        }
5018
5019        uuid_count = __le16_to_cpu(cp->uuid_count);
5020        if (uuid_count > max_uuid_count) {
5021                bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5022                           uuid_count);
5023                err = mgmt_cmd_complete(sk, hdev->id,
5024                                        MGMT_OP_START_SERVICE_DISCOVERY,
5025                                        MGMT_STATUS_INVALID_PARAMS, &cp->type,
5026                                        sizeof(cp->type));
5027                goto failed;
5028        }
5029
5030        expected_len = sizeof(*cp) + uuid_count * 16;
5031        if (expected_len != len) {
5032                bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5033                           expected_len, len);
5034                err = mgmt_cmd_complete(sk, hdev->id,
5035                                        MGMT_OP_START_SERVICE_DISCOVERY,
5036                                        MGMT_STATUS_INVALID_PARAMS, &cp->type,
5037                                        sizeof(cp->type));
5038                goto failed;
5039        }
5040
5041        if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5042                err = mgmt_cmd_complete(sk, hdev->id,
5043                                        MGMT_OP_START_SERVICE_DISCOVERY,
5044                                        status, &cp->type, sizeof(cp->type));
5045                goto failed;
5046        }
5047
5048        cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
5049                               hdev, data, len);
5050        if (!cmd) {
5051                err = -ENOMEM;
5052                goto failed;
5053        }
5054
5055        cmd->cmd_complete = service_discovery_cmd_complete;
5056
5057        /* Clear the discovery filter first to free any previously
5058         * allocated memory for the UUID list.
5059         */
5060        hci_discovery_filter_clear(hdev);
5061
5062        hdev->discovery.result_filtering = true;
5063        hdev->discovery.type = cp->type;
5064        hdev->discovery.rssi = cp->rssi;
5065        hdev->discovery.uuid_count = uuid_count;
5066
5067        if (uuid_count > 0) {
5068                hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5069                                                GFP_KERNEL);
5070                if (!hdev->discovery.uuids) {
5071                        err = mgmt_cmd_complete(sk, hdev->id,
5072                                                MGMT_OP_START_SERVICE_DISCOVERY,
5073                                                MGMT_STATUS_FAILED,
5074                                                &cp->type, sizeof(cp->type));
5075                        mgmt_pending_remove(cmd);
5076                        goto failed;
5077                }
5078        }
5079
5080        hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5081        queue_work(hdev->req_workqueue, &hdev->discov_update);
5082        err = 0;
5083
5084failed:
5085        hci_dev_unlock(hdev);
5086        return err;
5087}
5088
5089void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
5090{
5091        struct mgmt_pending_cmd *cmd;
5092
5093        bt_dev_dbg(hdev, "status %u", status);
5094
5095        hci_dev_lock(hdev);
5096
5097        cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5098        if (cmd) {
5099                cmd->cmd_complete(cmd, mgmt_status(status));
5100                mgmt_pending_remove(cmd);
5101        }
5102
5103        hci_dev_unlock(hdev);
5104
5105        /* Handle suspend notifier */
5106        if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
5107                bt_dev_dbg(hdev, "Paused discovery");
5108                wake_up(&hdev->suspend_wait_q);
5109        }
5110}
5111
5112static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5113                          u16 len)
5114{
5115        struct mgmt_cp_stop_discovery *mgmt_cp = data;
5116        struct mgmt_pending_cmd *cmd;
5117        int err;
5118
5119        bt_dev_dbg(hdev, "sock %p", sk);
5120
5121        hci_dev_lock(hdev);
5122
5123        if (!hci_discovery_active(hdev)) {
5124                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5125                                        MGMT_STATUS_REJECTED, &mgmt_cp->type,
5126                                        sizeof(mgmt_cp->type));
5127                goto unlock;
5128        }
5129
5130        if (hdev->discovery.type != mgmt_cp->type) {
5131                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5132                                        MGMT_STATUS_INVALID_PARAMS,
5133                                        &mgmt_cp->type, sizeof(mgmt_cp->type));
5134                goto unlock;
5135        }
5136
5137        cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
5138        if (!cmd) {
5139                err = -ENOMEM;
5140                goto unlock;
5141        }
5142
5143        cmd->cmd_complete = generic_cmd_complete;
5144
5145        hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
5146        queue_work(hdev->req_workqueue, &hdev->discov_update);
5147        err = 0;
5148
5149unlock:
5150        hci_dev_unlock(hdev);
5151        return err;
5152}
5153
5154static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
5155                        u16 len)
5156{
5157        struct mgmt_cp_confirm_name *cp = data;
5158        struct inquiry_entry *e;
5159        int err;
5160
5161        bt_dev_dbg(hdev, "sock %p", sk);
5162
5163        hci_dev_lock(hdev);
5164
5165        if (!hci_discovery_active(hdev)) {
5166                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5167                                        MGMT_STATUS_FAILED, &cp->addr,
5168                                        sizeof(cp->addr));
5169                goto failed;
5170        }
5171
5172        e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
5173        if (!e) {
5174                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5175                                        MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5176                                        sizeof(cp->addr));
5177                goto failed;
5178        }
5179
5180        if (cp->name_known) {
5181                e->name_state = NAME_KNOWN;
5182                list_del(&e->list);
5183        } else {
5184                e->name_state = NAME_NEEDED;
5185                hci_inquiry_cache_update_resolve(hdev, e);
5186        }
5187
5188        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5189                                &cp->addr, sizeof(cp->addr));
5190
5191failed:
5192        hci_dev_unlock(hdev);
5193        return err;
5194}
5195
5196static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
5197                        u16 len)
5198{
5199        struct mgmt_cp_block_device *cp = data;
5200        u8 status;
5201        int err;
5202
5203        bt_dev_dbg(hdev, "sock %p", sk);
5204
5205        if (!bdaddr_type_is_valid(cp->addr.type))
5206                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5207                                         MGMT_STATUS_INVALID_PARAMS,
5208                                         &cp->addr, sizeof(cp->addr));
5209
5210        hci_dev_lock(hdev);
5211
5212        err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
5213                                  cp->addr.type);
5214        if (err < 0) {
5215                status = MGMT_STATUS_FAILED;
5216                goto done;
5217        }
5218
5219        mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5220                   sk);
5221        status = MGMT_STATUS_SUCCESS;
5222
5223done:
5224        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5225                                &cp->addr, sizeof(cp->addr));
5226
5227        hci_dev_unlock(hdev);
5228
5229        return err;
5230}
5231
5232static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
5233                          u16 len)
5234{
5235        struct mgmt_cp_unblock_device *cp = data;
5236        u8 status;
5237        int err;
5238
5239        bt_dev_dbg(hdev, "sock %p", sk);
5240
5241        if (!bdaddr_type_is_valid(cp->addr.type))
5242                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5243                                         MGMT_STATUS_INVALID_PARAMS,
5244                                         &cp->addr, sizeof(cp->addr));
5245
5246        hci_dev_lock(hdev);
5247
5248        err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
5249                                  cp->addr.type);
5250        if (err < 0) {
5251                status = MGMT_STATUS_INVALID_PARAMS;
5252                goto done;
5253        }
5254
5255        mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5256                   sk);
5257        status = MGMT_STATUS_SUCCESS;
5258
5259done:
5260        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5261                                &cp->addr, sizeof(cp->addr));
5262
5263        hci_dev_unlock(hdev);
5264
5265        return err;
5266}
5267
5268static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5269                         u16 len)
5270{
5271        struct mgmt_cp_set_device_id *cp = data;
5272        struct hci_request req;
5273        int err;
5274        __u16 source;
5275
5276        bt_dev_dbg(hdev, "sock %p", sk);
5277
5278        source = __le16_to_cpu(cp->source);
5279
5280        if (source > 0x0002)
5281                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5282                                       MGMT_STATUS_INVALID_PARAMS);
5283
5284        hci_dev_lock(hdev);
5285
5286        hdev->devid_source = source;
5287        hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5288        hdev->devid_product = __le16_to_cpu(cp->product);
5289        hdev->devid_version = __le16_to_cpu(cp->version);
5290
5291        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5292                                NULL, 0);
5293
5294        hci_req_init(&req, hdev);
5295        __hci_req_update_eir(&req);
5296        hci_req_run(&req, NULL);
5297
5298        hci_dev_unlock(hdev);
5299
5300        return err;
5301}
5302
5303static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5304                                        u16 opcode)
5305{
5306        bt_dev_dbg(hdev, "status %u", status);
5307}
5308
5309static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5310                                     u16 opcode)
5311{
5312        struct cmd_lookup match = { NULL, hdev };
5313        struct hci_request req;
5314        u8 instance;
5315        struct adv_info *adv_instance;
5316        int err;
5317
5318        hci_dev_lock(hdev);
5319
5320        if (status) {
5321                u8 mgmt_err = mgmt_status(status);
5322
5323                mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5324                                     cmd_status_rsp, &mgmt_err);
5325                goto unlock;
5326        }
5327
5328        if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5329                hci_dev_set_flag(hdev, HCI_ADVERTISING);
5330        else
5331                hci_dev_clear_flag(hdev, HCI_ADVERTISING);
5332
5333        mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5334                             &match);
5335
5336        new_settings(hdev, match.sk);
5337
5338        if (match.sk)
5339                sock_put(match.sk);
5340
5341        /* Handle suspend notifier */
5342        if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5343                               hdev->suspend_tasks)) {
5344                bt_dev_dbg(hdev, "Paused advertising");
5345                wake_up(&hdev->suspend_wait_q);
5346        } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5347                                      hdev->suspend_tasks)) {
5348                bt_dev_dbg(hdev, "Unpaused advertising");
5349                wake_up(&hdev->suspend_wait_q);
5350        }
5351
5352        /* If "Set Advertising" was just disabled and instance advertising was
5353         * set up earlier, then re-enable multi-instance advertising.
5354         */
5355        if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5356            list_empty(&hdev->adv_instances))
5357                goto unlock;
5358
5359        instance = hdev->cur_adv_instance;
5360        if (!instance) {
5361                adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5362                                                        struct adv_info, list);
5363                if (!adv_instance)
5364                        goto unlock;
5365
5366                instance = adv_instance->instance;
5367        }
5368
5369        hci_req_init(&req, hdev);
5370
5371        err = __hci_req_schedule_adv_instance(&req, instance, true);
5372
5373        if (!err)
5374                err = hci_req_run(&req, enable_advertising_instance);
5375
5376        if (err)
5377                bt_dev_err(hdev, "failed to re-configure advertising");
5378
5379unlock:
5380        hci_dev_unlock(hdev);
5381}
5382
5383static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5384                           u16 len)
5385{
5386        struct mgmt_mode *cp = data;
5387        struct mgmt_pending_cmd *cmd;
5388        struct hci_request req;
5389        u8 val, status;
5390        int err;
5391
5392        bt_dev_dbg(hdev, "sock %p", sk);
5393
5394        status = mgmt_le_support(hdev);
5395        if (status)
5396                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5397                                       status);
5398
5399        /* Enabling the experimental LL Privay support disables support for
5400         * advertising.
5401         */
5402        if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
5403                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5404                                       MGMT_STATUS_NOT_SUPPORTED);
5405
5406        if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5407                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5408                                       MGMT_STATUS_INVALID_PARAMS);
5409
5410        if (hdev->advertising_paused)
5411                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5412                                       MGMT_STATUS_BUSY);
5413
5414        hci_dev_lock(hdev);
5415
5416        val = !!cp->val;
5417
5418        /* The following conditions are ones which mean that we should
5419         * not do any HCI communication but directly send a mgmt
5420         * response to user space (after toggling the flag if
5421         * necessary).
5422         */
5423        if (!hdev_is_powered(hdev) ||
5424            (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5425             (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
5426            hci_conn_num(hdev, LE_LINK) > 0 ||
5427            (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5428             hdev->le_scan_type == LE_SCAN_ACTIVE)) {
5429                bool changed;
5430
5431                if (cp->val) {
5432                        hdev->cur_adv_instance = 0x00;
5433                        changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
5434                        if (cp->val == 0x02)
5435                                hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5436                        else
5437                                hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5438                } else {
5439                        changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
5440                        hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5441                }
5442
5443                err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5444                if (err < 0)
5445                        goto unlock;
5446
5447                if (changed)
5448                        err = new_settings(hdev, sk);
5449
5450                goto unlock;
5451        }
5452
5453        if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5454            pending_find(MGMT_OP_SET_LE, hdev)) {
5455                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5456                                      MGMT_STATUS_BUSY);
5457                goto unlock;
5458        }
5459
5460        cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5461        if (!cmd) {
5462                err = -ENOMEM;
5463                goto unlock;
5464        }
5465
5466        hci_req_init(&req, hdev);
5467
5468        if (cp->val == 0x02)
5469                hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5470        else
5471                hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5472
5473        cancel_adv_timeout(hdev);
5474
5475        if (val) {
5476                /* Switch to instance "0" for the Set Advertising setting.
5477                 * We cannot use update_[adv|scan_rsp]_data() here as the
5478                 * HCI_ADVERTISING flag is not yet set.
5479                 */
5480                hdev->cur_adv_instance = 0x00;
5481
5482                if (ext_adv_capable(hdev)) {
5483                        __hci_req_start_ext_adv(&req, 0x00);
5484                } else {
5485                        __hci_req_update_adv_data(&req, 0x00);
5486                        __hci_req_update_scan_rsp_data(&req, 0x00);
5487                        __hci_req_enable_advertising(&req);
5488                }
5489        } else {
5490                __hci_req_disable_advertising(&req);
5491        }
5492
5493        err = hci_req_run(&req, set_advertising_complete);
5494        if (err < 0)
5495                mgmt_pending_remove(cmd);
5496
5497unlock:
5498        hci_dev_unlock(hdev);
5499        return err;
5500}
5501
5502static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5503                              void *data, u16 len)
5504{
5505        struct mgmt_cp_set_static_address *cp = data;
5506        int err;
5507
5508        bt_dev_dbg(hdev, "sock %p", sk);
5509
5510        if (!lmp_le_capable(hdev))
5511                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5512                                       MGMT_STATUS_NOT_SUPPORTED);
5513
5514        if (hdev_is_powered(hdev))
5515                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5516                                       MGMT_STATUS_REJECTED);
5517
5518        if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5519                if (!bacmp(&cp->bdaddr, BDADDR_NONE))
5520                        return mgmt_cmd_status(sk, hdev->id,
5521                                               MGMT_OP_SET_STATIC_ADDRESS,
5522                                               MGMT_STATUS_INVALID_PARAMS);
5523
5524                /* Two most significant bits shall be set */
5525                if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
5526                        return mgmt_cmd_status(sk, hdev->id,
5527                                               MGMT_OP_SET_STATIC_ADDRESS,
5528                                               MGMT_STATUS_INVALID_PARAMS);
5529        }
5530
5531        hci_dev_lock(hdev);
5532
5533        bacpy(&hdev->static_addr, &cp->bdaddr);
5534
5535        err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5536        if (err < 0)
5537                goto unlock;
5538
5539        err = new_settings(hdev, sk);
5540
5541unlock:
5542        hci_dev_unlock(hdev);
5543        return err;
5544}
5545
5546static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5547                           void *data, u16 len)
5548{
5549        struct mgmt_cp_set_scan_params *cp = data;
5550        __u16 interval, window;
5551        int err;
5552
5553        bt_dev_dbg(hdev, "sock %p", sk);
5554
5555        if (!lmp_le_capable(hdev))
5556                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5557                                       MGMT_STATUS_NOT_SUPPORTED);
5558
5559        interval = __le16_to_cpu(cp->interval);
5560
5561        if (interval < 0x0004 || interval > 0x4000)
5562                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5563                                       MGMT_STATUS_INVALID_PARAMS);
5564
5565        window = __le16_to_cpu(cp->window);
5566
5567        if (window < 0x0004 || window > 0x4000)
5568                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5569                                       MGMT_STATUS_INVALID_PARAMS);
5570
5571        if (window > interval)
5572                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5573                                       MGMT_STATUS_INVALID_PARAMS);
5574
5575        hci_dev_lock(hdev);
5576
5577        hdev->le_scan_interval = interval;
5578        hdev->le_scan_window = window;
5579
5580        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5581                                NULL, 0);
5582
5583        /* If background scan is running, restart it so new parameters are
5584         * loaded.
5585         */
5586        if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5587            hdev->discovery.state == DISCOVERY_STOPPED) {
5588                struct hci_request req;
5589
5590                hci_req_init(&req, hdev);
5591
5592                hci_req_add_le_scan_disable(&req, false);
5593                hci_req_add_le_passive_scan(&req);
5594
5595                hci_req_run(&req, NULL);
5596        }
5597
5598        hci_dev_unlock(hdev);
5599
5600        return err;
5601}
5602
5603static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5604                                      u16 opcode)
5605{
5606        struct mgmt_pending_cmd *cmd;
5607
5608        bt_dev_dbg(hdev, "status 0x%02x", status);
5609
5610        hci_dev_lock(hdev);
5611
5612        cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5613        if (!cmd)
5614                goto unlock;
5615
5616        if (status) {
5617                mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5618                                mgmt_status(status));
5619        } else {
5620                struct mgmt_mode *cp = cmd->param;
5621
5622                if (cp->val)
5623                        hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5624                else
5625                        hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5626
5627                send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5628                new_settings(hdev, cmd->sk);
5629        }
5630
5631        mgmt_pending_remove(cmd);
5632
5633unlock:
5634        hci_dev_unlock(hdev);
5635}
5636
5637static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5638                                void *data, u16 len)
5639{
5640        struct mgmt_mode *cp = data;
5641        struct mgmt_pending_cmd *cmd;
5642        struct hci_request req;
5643        int err;
5644
5645        bt_dev_dbg(hdev, "sock %p", sk);
5646
5647        if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5648            hdev->hci_ver < BLUETOOTH_VER_1_2)
5649                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5650                                       MGMT_STATUS_NOT_SUPPORTED);
5651
5652        if (cp->val != 0x00 && cp->val != 0x01)
5653                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5654                                       MGMT_STATUS_INVALID_PARAMS);
5655
5656        hci_dev_lock(hdev);
5657
5658        if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5659                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5660                                      MGMT_STATUS_BUSY);
5661                goto unlock;
5662        }
5663
5664        if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5665                err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5666                                        hdev);
5667                goto unlock;
5668        }
5669
5670        if (!hdev_is_powered(hdev)) {
5671                hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5672                err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5673                                        hdev);
5674                new_settings(hdev, sk);
5675                goto unlock;
5676        }
5677
5678        cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5679                               data, len);
5680        if (!cmd) {
5681                err = -ENOMEM;
5682                goto unlock;
5683        }
5684
5685        hci_req_init(&req, hdev);
5686
5687        __hci_req_write_fast_connectable(&req, cp->val);
5688
5689        err = hci_req_run(&req, fast_connectable_complete);
5690        if (err < 0) {
5691                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5692                                      MGMT_STATUS_FAILED);
5693                mgmt_pending_remove(cmd);
5694        }
5695
5696unlock:
5697        hci_dev_unlock(hdev);
5698
5699        return err;
5700}
5701
5702static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5703{
5704        struct mgmt_pending_cmd *cmd;
5705
5706        bt_dev_dbg(hdev, "status 0x%02x", status);
5707
5708        hci_dev_lock(hdev);
5709
5710        cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5711        if (!cmd)
5712                goto unlock;
5713
5714        if (status) {
5715                u8 mgmt_err = mgmt_status(status);
5716
5717                /* We need to restore the flag if related HCI commands
5718                 * failed.
5719                 */
5720                hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5721
5722                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5723        } else {
5724                send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5725                new_settings(hdev, cmd->sk);
5726        }
5727
5728        mgmt_pending_remove(cmd);
5729
5730unlock:
5731        hci_dev_unlock(hdev);
5732}
5733
5734static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5735{
5736        struct mgmt_mode *cp = data;
5737        struct mgmt_pending_cmd *cmd;
5738        struct hci_request req;
5739        int err;
5740
5741        bt_dev_dbg(hdev, "sock %p", sk);
5742
5743        if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5744                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5745                                       MGMT_STATUS_NOT_SUPPORTED);
5746
5747        if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5748                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5749                                       MGMT_STATUS_REJECTED);
5750
5751        if (cp->val != 0x00 && cp->val != 0x01)
5752                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5753                                       MGMT_STATUS_INVALID_PARAMS);
5754
5755        hci_dev_lock(hdev);
5756
5757        if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5758                err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5759                goto unlock;
5760        }
5761
5762        if (!hdev_is_powered(hdev)) {
5763                if (!cp->val) {
5764                        hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5765                        hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5766                        hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5767                        hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5768                        hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5769                }
5770
5771                hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5772
5773                err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5774                if (err < 0)
5775                        goto unlock;
5776
5777                err = new_settings(hdev, sk);
5778                goto unlock;
5779        }
5780
5781        /* Reject disabling when powered on */
5782        if (!cp->val) {
5783                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5784                                      MGMT_STATUS_REJECTED);
5785                goto unlock;
5786        } else {
5787                /* When configuring a dual-mode controller to operate
5788                 * with LE only and using a static address, then switching
5789                 * BR/EDR back on is not allowed.
5790                 *
5791                 * Dual-mode controllers shall operate with the public
5792                 * address as its identity address for BR/EDR and LE. So
5793                 * reject the attempt to create an invalid configuration.
5794                 *
5795                 * The same restrictions applies when secure connections
5796                 * has been enabled. For BR/EDR this is a controller feature
5797                 * while for LE it is a host stack feature. This means that
5798                 * switching BR/EDR back on when secure connections has been
5799                 * enabled is not a supported transaction.
5800                 */
5801                if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5802                    (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5803                     hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5804                        err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5805                                              MGMT_STATUS_REJECTED);
5806                        goto unlock;
5807                }
5808        }
5809
5810        if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5811                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5812                                      MGMT_STATUS_BUSY);
5813                goto unlock;
5814        }
5815
5816        cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5817        if (!cmd) {
5818                err = -ENOMEM;
5819                goto unlock;
5820        }
5821
5822        /* We need to flip the bit already here so that
5823         * hci_req_update_adv_data generates the correct flags.
5824         */
5825        hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5826
5827        hci_req_init(&req, hdev);
5828
5829        __hci_req_write_fast_connectable(&req, false);
5830        __hci_req_update_scan(&req);
5831
5832        /* Since only the advertising data flags will change, there
5833         * is no need to update the scan response data.
5834         */
5835        __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
5836
5837        err = hci_req_run(&req, set_bredr_complete);
5838        if (err < 0)
5839                mgmt_pending_remove(cmd);
5840
5841unlock:
5842        hci_dev_unlock(hdev);
5843        return err;
5844}
5845
5846static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5847{
5848        struct mgmt_pending_cmd *cmd;
5849        struct mgmt_mode *cp;
5850
5851        bt_dev_dbg(hdev, "status %u", status);
5852
5853        hci_dev_lock(hdev);
5854
5855        cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5856        if (!cmd)
5857                goto unlock;
5858
5859        if (status) {
5860                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5861                                mgmt_status(status));
5862                goto remove;
5863        }
5864
5865        cp = cmd->param;
5866
5867        switch (cp->val) {
5868        case 0x00:
5869                hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5870                hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5871                break;
5872        case 0x01:
5873                hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5874                hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5875                break;
5876        case 0x02:
5877                hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5878                hci_dev_set_flag(hdev, HCI_SC_ONLY);
5879                break;
5880        }
5881
5882        send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5883        new_settings(hdev, cmd->sk);
5884
5885remove:
5886        mgmt_pending_remove(cmd);
5887unlock:
5888        hci_dev_unlock(hdev);
5889}
5890
5891static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5892                           void *data, u16 len)
5893{
5894        struct mgmt_mode *cp = data;
5895        struct mgmt_pending_cmd *cmd;
5896        struct hci_request req;
5897        u8 val;
5898        int err;
5899
5900        bt_dev_dbg(hdev, "sock %p", sk);
5901
5902        if (!lmp_sc_capable(hdev) &&
5903            !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5904                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5905                                       MGMT_STATUS_NOT_SUPPORTED);
5906
5907        if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5908            lmp_sc_capable(hdev) &&
5909            !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5910                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5911                                       MGMT_STATUS_REJECTED);
5912
5913        if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5914                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5915                                  MGMT_STATUS_INVALID_PARAMS);
5916
5917        hci_dev_lock(hdev);
5918
5919        if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5920            !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5921                bool changed;
5922
5923                if (cp->val) {
5924                        changed = !hci_dev_test_and_set_flag(hdev,
5925                                                             HCI_SC_ENABLED);
5926                        if (cp->val == 0x02)
5927                                hci_dev_set_flag(hdev, HCI_SC_ONLY);
5928                        else
5929                                hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5930                } else {
5931                        changed = hci_dev_test_and_clear_flag(hdev,
5932                                                              HCI_SC_ENABLED);
5933                        hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5934                }
5935
5936                err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5937                if (err < 0)
5938                        goto failed;
5939
5940                if (changed)
5941                        err = new_settings(hdev, sk);
5942
5943                goto failed;
5944        }
5945
5946        if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5947                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5948                                      MGMT_STATUS_BUSY);
5949                goto failed;
5950        }
5951
5952        val = !!cp->val;
5953
5954        if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5955            (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5956                err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5957                goto failed;
5958        }
5959
5960        cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5961        if (!cmd) {
5962                err = -ENOMEM;
5963                goto failed;
5964        }
5965
5966        hci_req_init(&req, hdev);
5967        hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5968        err = hci_req_run(&req, sc_enable_complete);
5969        if (err < 0) {
5970                mgmt_pending_remove(cmd);
5971                goto failed;
5972        }
5973
5974failed:
5975        hci_dev_unlock(hdev);
5976        return err;
5977}
5978
5979static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5980                          void *data, u16 len)
5981{
5982        struct mgmt_mode *cp = data;
5983        bool changed, use_changed;
5984        int err;
5985
5986        bt_dev_dbg(hdev, "sock %p", sk);
5987
5988        if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5989                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5990                                       MGMT_STATUS_INVALID_PARAMS);
5991
5992        hci_dev_lock(hdev);
5993
5994        if (cp->val)
5995                changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5996        else
5997                changed = hci_dev_test_and_clear_flag(hdev,
5998                                                      HCI_KEEP_DEBUG_KEYS);
5999
6000        if (cp->val == 0x02)

6001                use_changed = !hci_dev_test_and_set_flag(hdev,
6002                                                         HCI_USE_DEBUG_KEYS);
6003        else
6004                use_changed = hci_dev_test_and_clear_flag(hdev,
6005                                                          HCI_USE_DEBUG_KEYS);
6006
6007        if (hdev_is_powered(hdev) && use_changed &&
6008            hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6009                u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6010                hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6011                             sizeof(mode), &mode);
6012        }
6013
6014        err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6015        if (err < 0)
6016                goto unlock;
6017
6018        if (changed)
6019                err = new_settings(hdev, sk);
6020
6021unlock:
6022        hci_dev_unlock(hdev);
6023        return err;
6024}
6025
6026static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6027                       u16 len)
6028{
6029        struct mgmt_cp_set_privacy *cp = cp_data;
6030        bool changed;
6031        int err;
6032
6033        bt_dev_dbg(hdev, "sock %p", sk);
6034
6035        if (!lmp_le_capable(hdev))
6036                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6037                                       MGMT_STATUS_NOT_SUPPORTED);
6038
6039        if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
6040                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6041                                       MGMT_STATUS_INVALID_PARAMS);
6042
6043        if (hdev_is_powered(hdev))
6044                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6045                                       MGMT_STATUS_REJECTED);
6046
6047        hci_dev_lock(hdev);
6048
6049        /* If user space supports this command it is also expected to
6050         * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6051         */
6052        hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6053
6054        if (cp->privacy) {
6055                changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
6056                memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
6057                hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
6058                hci_adv_instances_set_rpa_expired(hdev, true);
6059                if (cp->privacy == 0x02)
6060                        hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6061                else
6062                        hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6063        } else {
6064                changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
6065                memset(hdev->irk, 0, sizeof(hdev->irk));
6066                hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
6067                hci_adv_instances_set_rpa_expired(hdev, false);
6068                hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6069        }
6070
6071        err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6072        if (err < 0)
6073                goto unlock;
6074
6075        if (changed)
6076                err = new_settings(hdev, sk);
6077
6078unlock:
6079        hci_dev_unlock(hdev);
6080        return err;
6081}
6082
6083static bool irk_is_valid(struct mgmt_irk_info *irk)
6084{
6085        switch (irk->addr.type) {
6086        case BDADDR_LE_PUBLIC:
6087                return true;
6088
6089        case BDADDR_LE_RANDOM:
6090                /* Two most significant bits shall be set */
6091                if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6092                        return false;
6093                return true;
6094        }
6095
6096        return false;
6097}
6098
6099static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6100                     u16 len)
6101{
6102        struct mgmt_cp_load_irks *cp = cp_data;
6103        const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6104                                   sizeof(struct mgmt_irk_info));
6105        u16 irk_count, expected_len;
6106        int i, err;
6107
6108        bt_dev_dbg(hdev, "sock %p", sk);
6109
6110        if (!lmp_le_capable(hdev))
6111                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6112                                       MGMT_STATUS_NOT_SUPPORTED);
6113
6114        irk_count = __le16_to_cpu(cp->irk_count);
6115        if (irk_count > max_irk_count) {
6116                bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6117                           irk_count);
6118                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6119                                       MGMT_STATUS_INVALID_PARAMS);
6120        }
6121
6122        expected_len = struct_size(cp, irks, irk_count);
6123        if (expected_len != len) {
6124                bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6125                           expected_len, len);
6126                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6127                                       MGMT_STATUS_INVALID_PARAMS);
6128        }
6129
6130        bt_dev_dbg(hdev, "irk_count %u", irk_count);
6131
6132        for (i = 0; i < irk_count; i++) {
6133                struct mgmt_irk_info *key = &cp->irks[i];
6134
6135                if (!irk_is_valid(key))
6136                        return mgmt_cmd_status(sk, hdev->id,
6137                                               MGMT_OP_LOAD_IRKS,
6138                                               MGMT_STATUS_INVALID_PARAMS);
6139        }
6140
6141        hci_dev_lock(hdev);
6142
6143        hci_smp_irks_clear(hdev);
6144
6145        for (i = 0; i < irk_count; i++) {
6146                struct mgmt_irk_info *irk = &cp->irks[i];
6147
6148                if (hci_is_blocked_key(hdev,
6149                                       HCI_BLOCKED_KEY_TYPE_IRK,
6150                                       irk->val)) {
6151                        bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6152                                    &irk->addr.bdaddr);
6153                        continue;
6154                }
6155
6156                hci_add_irk(hdev, &irk->addr.bdaddr,
6157                            le_addr_type(irk->addr.type), irk->val,
6158                            BDADDR_ANY);
6159        }
6160
6161        hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6162
6163        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
6164
6165        hci_dev_unlock(hdev);
6166
6167        return err;
6168}
6169
6170static bool ltk_is_valid(struct mgmt_ltk_info *key)
6171{
6172        if (key->initiator != 0x00 && key->initiator != 0x01)
6173                return false;
6174
6175        switch (key->addr.type) {
6176        case BDADDR_LE_PUBLIC:
6177                return true;
6178
6179        case BDADDR_LE_RANDOM:
6180                /* Two most significant bits shall be set */
6181                if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6182                        return false;
6183                return true;
6184        }
6185
6186        return false;
6187}
6188
6189static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6190                               void *cp_data, u16 len)
6191{
6192        struct mgmt_cp_load_long_term_keys *cp = cp_data;
6193        const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6194                                   sizeof(struct mgmt_ltk_info));
6195        u16 key_count, expected_len;
6196        int i, err;
6197
6198        bt_dev_dbg(hdev, "sock %p", sk);
6199
6200        if (!lmp_le_capable(hdev))
6201                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6202                                       MGMT_STATUS_NOT_SUPPORTED);
6203
6204        key_count = __le16_to_cpu(cp->key_count);
6205        if (key_count > max_key_count) {
6206                bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6207                           key_count);
6208                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6209                                       MGMT_STATUS_INVALID_PARAMS);
6210        }
6211
6212        expected_len = struct_size(cp, keys, key_count);
6213        if (expected_len != len) {
6214                bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6215                           expected_len, len);
6216                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6217                                       MGMT_STATUS_INVALID_PARAMS);
6218        }
6219
6220        bt_dev_dbg(hdev, "key_count %u", key_count);
6221
6222        for (i = 0; i < key_count; i++) {
6223                struct mgmt_ltk_info *key = &cp->keys[i];
6224
6225                if (!ltk_is_valid(key))
6226                        return mgmt_cmd_status(sk, hdev->id,
6227                                               MGMT_OP_LOAD_LONG_TERM_KEYS,
6228                                               MGMT_STATUS_INVALID_PARAMS);
6229        }
6230
6231        hci_dev_lock(hdev);
6232
6233        hci_smp_ltks_clear(hdev);
6234
6235        for (i = 0; i < key_count; i++) {
6236                struct mgmt_ltk_info *key = &cp->keys[i];
6237                u8 type, authenticated;
6238
6239                if (hci_is_blocked_key(hdev,
6240                                       HCI_BLOCKED_KEY_TYPE_LTK,
6241                                       key->val)) {
6242                        bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6243                                    &key->addr.bdaddr);
6244                        continue;
6245                }
6246
6247                switch (key->type) {
6248                case MGMT_LTK_UNAUTHENTICATED:
6249                        authenticated = 0x00;
6250                        type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6251                        break;
6252                case MGMT_LTK_AUTHENTICATED:
6253                        authenticated = 0x01;
6254                        type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6255                        break;
6256                case MGMT_LTK_P256_UNAUTH:
6257                        authenticated = 0x00;
6258                        type = SMP_LTK_P256;
6259                        break;
6260                case MGMT_LTK_P256_AUTH:
6261                        authenticated = 0x01;
6262                        type = SMP_LTK_P256;
6263                        break;
6264                case MGMT_LTK_P256_DEBUG:
6265                        authenticated = 0x00;
6266                        type = SMP_LTK_P256_DEBUG;
6267                        fallthrough;
6268                default:
6269                        continue;
6270                }
6271
6272                hci_add_ltk(hdev, &key->addr.bdaddr,
6273                            le_addr_type(key->addr.type), type, authenticated,
6274                            key->val, key->enc_size, key->ediv, key->rand);
6275        }
6276
6277        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6278                           NULL, 0);
6279
6280        hci_dev_unlock(hdev);
6281
6282        return err;
6283}
6284
6285static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6286{
6287        struct hci_conn *conn = cmd->user_data;
6288        struct mgmt_rp_get_conn_info rp;
6289        int err;
6290
6291        memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6292
6293        if (status == MGMT_STATUS_SUCCESS) {
6294                rp.rssi = conn->rssi;
6295                rp.tx_power = conn->tx_power;
6296                rp.max_tx_power = conn->max_tx_power;
6297        } else {
6298                rp.rssi = HCI_RSSI_INVALID;
6299                rp.tx_power = HCI_TX_POWER_INVALID;
6300                rp.max_tx_power = HCI_TX_POWER_INVALID;
6301        }
6302
6303        err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6304                                status, &rp, sizeof(rp));
6305
6306        hci_conn_drop(conn);
6307        hci_conn_put(conn);
6308
6309        return err;
6310}
6311
6312static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6313                                       u16 opcode)
6314{
6315        struct hci_cp_read_rssi *cp;
6316        struct mgmt_pending_cmd *cmd;
6317        struct hci_conn *conn;
6318        u16 handle;
6319        u8 status;
6320
6321        bt_dev_dbg(hdev, "status 0x%02x", hci_status);
6322
6323        hci_dev_lock(hdev);
6324
6325        /* Commands sent in request are either Read RSSI or Read Transmit Power
6326         * Level so we check which one was last sent to retrieve connection
6327         * handle.  Both commands have handle as first parameter so it's safe to
6328         * cast data on the same command struct.
6329         *
6330         * First command sent is always Read RSSI and we fail only if it fails.
6331         * In other case we simply override error to indicate success as we
6332         * already remembered if TX power value is actually valid.
6333         */
6334        cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6335        if (!cp) {
6336                cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
6337                status = MGMT_STATUS_SUCCESS;
6338        } else {
6339                status = mgmt_status(hci_status);
6340        }
6341
6342        if (!cp) {
6343                bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
6344                goto unlock;
6345        }
6346
6347        handle = __le16_to_cpu(cp->handle);
6348        conn = hci_conn_hash_lookup_handle(hdev, handle);
6349        if (!conn) {
6350                bt_dev_err(hdev, "unknown handle (%u) in conn_info response",
6351                           handle);
6352                goto unlock;
6353        }
6354
6355        cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
6356        if (!cmd)
6357                goto unlock;
6358
6359        cmd->cmd_complete(cmd, status);
6360        mgmt_pending_remove(cmd);
6361
6362unlock:
6363        hci_dev_unlock(hdev);
6364}
6365
6366static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6367                         u16 len)
6368{
6369        struct mgmt_cp_get_conn_info *cp = data;
6370        struct mgmt_rp_get_conn_info rp;
6371        struct hci_conn *conn;
6372        unsigned long conn_info_age;
6373        int err = 0;
6374
6375        bt_dev_dbg(hdev, "sock %p", sk);
6376
6377        memset(&rp, 0, sizeof(rp));
6378        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6379        rp.addr.type = cp->addr.type;
6380
6381        if (!bdaddr_type_is_valid(cp->addr.type))
6382                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6383                                         MGMT_STATUS_INVALID_PARAMS,
6384                                         &rp, sizeof(rp));
6385
6386        hci_dev_lock(hdev);
6387
6388        if (!hdev_is_powered(hdev)) {
6389                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6390                                        MGMT_STATUS_NOT_POWERED, &rp,
6391                                        sizeof(rp));
6392                goto unlock;
6393        }
6394
6395        if (cp->addr.type == BDADDR_BREDR)
6396                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6397                                               &cp->addr.bdaddr);
6398        else
6399                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6400
6401        if (!conn || conn->state != BT_CONNECTED) {
6402                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6403                                        MGMT_STATUS_NOT_CONNECTED, &rp,
6404                                        sizeof(rp));
6405                goto unlock;
6406        }
6407
6408        if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
6409                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6410                                        MGMT_STATUS_BUSY, &rp, sizeof(rp));
6411                goto unlock;
6412        }
6413
6414        /* To avoid client trying to guess when to poll again for information we
6415         * calculate conn info age as random value between min/max set in hdev.
6416         */
6417        conn_info_age = hdev->conn_info_min_age +
6418                        prandom_u32_max(hdev->conn_info_max_age -
6419                                        hdev->conn_info_min_age);
6420
6421        /* Query controller to refresh cached values if they are too old or were
6422         * never read.
6423         */
6424        if (time_after(jiffies, conn->conn_info_timestamp +
6425                       msecs_to_jiffies(conn_info_age)) ||
6426            !conn->conn_info_timestamp) {
6427                struct hci_request req;
6428                struct hci_cp_read_tx_power req_txp_cp;
6429                struct hci_cp_read_rssi req_rssi_cp;
6430                struct mgmt_pending_cmd *cmd;
6431
6432                hci_req_init(&req, hdev);
6433                req_rssi_cp.handle = cpu_to_le16(conn->handle);
6434                hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6435                            &req_rssi_cp);
6436
6437                /* For LE links TX power does not change thus we don't need to
6438                 * query for it once value is known.
6439                 */
6440                if (!bdaddr_type_is_le(cp->addr.type) ||
6441                    conn->tx_power == HCI_TX_POWER_INVALID) {
6442                        req_txp_cp.handle = cpu_to_le16(conn->handle);
6443                        req_txp_cp.type = 0x00;
6444                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
6445                                    sizeof(req_txp_cp), &req_txp_cp);
6446                }
6447
6448                /* Max TX power needs to be read only once per connection */
6449                if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6450                        req_txp_cp.handle = cpu_to_le16(conn->handle);
6451                        req_txp_cp.type = 0x01;
6452                        hci_req_add(&req, HCI_OP_READ_TX_POWER,
6453                                    sizeof(req_txp_cp), &req_txp_cp);
6454                }
6455
6456                err = hci_req_run(&req, conn_info_refresh_complete);
6457                if (err < 0)
6458                        goto unlock;
6459
6460                cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6461                                       data, len);
6462                if (!cmd) {
6463                        err = -ENOMEM;
6464                        goto unlock;
6465                }
6466
6467                hci_conn_hold(conn);
6468                cmd->user_data = hci_conn_get(conn);
6469                cmd->cmd_complete = conn_info_cmd_complete;
6470
6471                conn->conn_info_timestamp = jiffies;
6472        } else {
6473                /* Cache is valid, just reply with values cached in hci_conn */
6474                rp.rssi = conn->rssi;
6475                rp.tx_power = conn->tx_power;
6476                rp.max_tx_power = conn->max_tx_power;
6477
6478                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6479                                        MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6480        }
6481
6482unlock:
6483        hci_dev_unlock(hdev);
6484        return err;
6485}
6486
6487static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6488{
6489        struct hci_conn *conn = cmd->user_data;
6490        struct mgmt_rp_get_clock_info rp;
6491        struct hci_dev *hdev;
6492        int err;
6493
6494        memset(&rp, 0, sizeof(rp));
6495        memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6496
6497        if (status)
6498                goto complete;
6499
6500        hdev = hci_dev_get(cmd->index);
6501        if (hdev) {
6502                rp.local_clock = cpu_to_le32(hdev->clock);
6503                hci_dev_put(hdev);
6504        }
6505
6506        if (conn) {
6507                rp.piconet_clock = cpu_to_le32(conn->clock);
6508                rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6509        }
6510
6511complete:
6512        err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6513                                sizeof(rp));
6514
6515        if (conn) {
6516                hci_conn_drop(conn);
6517                hci_conn_put(conn);
6518        }
6519
6520        return err;
6521}
6522
6523static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6524{
6525        struct hci_cp_read_clock *hci_cp;
6526        struct mgmt_pending_cmd *cmd;
6527        struct hci_conn *conn;
6528
6529        bt_dev_dbg(hdev, "status %u", status);
6530
6531        hci_dev_lock(hdev);
6532
6533        hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6534        if (!hci_cp)
6535                goto unlock;
6536
6537        if (hci_cp->which) {
6538                u16 handle = __le16_to_cpu(hci_cp->handle);
6539                conn = hci_conn_hash_lookup_handle(hdev, handle);
6540        } else {
6541                conn = NULL;
6542        }
6543
6544        cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
6545        if (!cmd)
6546                goto unlock;
6547
6548        cmd->cmd_complete(cmd, mgmt_status(status));
6549        mgmt_pending_remove(cmd);
6550
6551unlock:
6552        hci_dev_unlock(hdev);
6553}
6554
6555static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6556                         u16 len)
6557{
6558        struct mgmt_cp_get_clock_info *cp = data;
6559        struct mgmt_rp_get_clock_info rp;
6560        struct hci_cp_read_clock hci_cp;
6561        struct mgmt_pending_cmd *cmd;
6562        struct hci_request req;
6563        struct hci_conn *conn;
6564        int err;
6565
6566        bt_dev_dbg(hdev, "sock %p", sk);
6567
6568        memset(&rp, 0, sizeof(rp));
6569        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6570        rp.addr.type = cp->addr.type;
6571
6572        if (cp->addr.type != BDADDR_BREDR)
6573                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6574                                         MGMT_STATUS_INVALID_PARAMS,
6575                                         &rp, sizeof(rp));
6576
6577        hci_dev_lock(hdev);
6578
6579        if (!hdev_is_powered(hdev)) {
6580                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6581                                        MGMT_STATUS_NOT_POWERED, &rp,
6582                                        sizeof(rp));
6583                goto unlock;
6584        }
6585
6586        if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6587                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6588                                               &cp->addr.bdaddr);
6589                if (!conn || conn->state != BT_CONNECTED) {
6590                        err = mgmt_cmd_complete(sk, hdev->id,
6591                                                MGMT_OP_GET_CLOCK_INFO,
6592                                                MGMT_STATUS_NOT_CONNECTED,
6593                                                &rp, sizeof(rp));
6594                        goto unlock;
6595                }
6596        } else {
6597                conn = NULL;
6598        }
6599
6600        cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6601        if (!cmd) {
6602                err = -ENOMEM;
6603                goto unlock;
6604        }
6605
6606        cmd->cmd_complete = clock_info_cmd_complete;
6607
6608        hci_req_init(&req, hdev);
6609
6610        memset(&hci_cp, 0, sizeof(hci_cp));
6611        hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6612
6613        if (conn) {
6614                hci_conn_hold(conn);
6615                cmd->user_data = hci_conn_get(conn);
6616
6617                hci_cp.handle = cpu_to_le16(conn->handle);
6618                hci_cp.which = 0x01; /* Piconet clock */
6619                hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6620        }
6621
6622        err = hci_req_run(&req, get_clock_info_complete);
6623        if (err < 0)
6624                mgmt_pending_remove(cmd);
6625
6626unlock:
6627        hci_dev_unlock(hdev);
6628        return err;
6629}
6630
6631static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6632{
6633        struct hci_conn *conn;
6634
6635        conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6636        if (!conn)
6637                return false;
6638
6639        if (conn->dst_type != type)
6640                return false;
6641
6642        if (conn->state != BT_CONNECTED)
6643                return false;
6644
6645        return true;
6646}
6647
6648/* This function requires the caller holds hdev->lock */
6649static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
6650                               u8 addr_type, u8 auto_connect)
6651{
6652        struct hci_conn_params *params;
6653
6654        params = hci_conn_params_add(hdev, addr, addr_type);
6655        if (!params)
6656                return -EIO;
6657
6658        if (params->auto_connect == auto_connect)
6659                return 0;
6660
6661        list_del_init(&params->action);
6662
6663        switch (auto_connect) {
6664        case HCI_AUTO_CONN_DISABLED:
6665        case HCI_AUTO_CONN_LINK_LOSS:
6666                /* If auto connect is being disabled when we're trying to
6667                 * connect to device, keep connecting.
6668                 */
6669                if (params->explicit_connect)
6670                        list_add(&params->action, &hdev->pend_le_conns);
6671                break;
6672        case HCI_AUTO_CONN_REPORT:
6673                if (params->explicit_connect)
6674                        list_add(&params->action, &hdev->pend_le_conns);
6675                else
6676                        list_add(&params->action, &hdev->pend_le_reports);
6677                break;
6678        case HCI_AUTO_CONN_DIRECT:
6679        case HCI_AUTO_CONN_ALWAYS:
6680                if (!is_connected(hdev, addr, addr_type))
6681                        list_add(&params->action, &hdev->pend_le_conns);
6682                break;
6683        }
6684
6685        params->auto_connect = auto_connect;
6686
6687        bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6688                   addr, addr_type, auto_connect);
6689
6690        return 0;
6691}
6692
6693static void device_added(struct sock *sk, struct hci_dev *hdev,
6694                         bdaddr_t *bdaddr, u8 type, u8 action)
6695{
6696        struct mgmt_ev_device_added ev;
6697
6698        bacpy(&ev.addr.bdaddr, bdaddr);
6699        ev.addr.type = type;
6700        ev.action = action;
6701
6702        mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6703}
6704
6705static int add_device(struct sock *sk, struct hci_dev *hdev,
6706                      void *data, u16 len)
6707{
6708        struct mgmt_cp_add_device *cp = data;
6709        u8 auto_conn, addr_type;
6710        struct hci_conn_params *params;
6711        int err;
6712        u32 current_flags = 0;
6713
6714        bt_dev_dbg(hdev, "sock %p", sk);
6715
6716        if (!bdaddr_type_is_valid(cp->addr.type) ||
6717            !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6718                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6719                                         MGMT_STATUS_INVALID_PARAMS,
6720                                         &cp->addr, sizeof(cp->addr));
6721
6722        if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6723                return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6724                                         MGMT_STATUS_INVALID_PARAMS,
6725                                         &cp->addr, sizeof(cp->addr));
6726
6727        hci_dev_lock(hdev);
6728
6729        if (cp->addr.type == BDADDR_BREDR) {
6730                /* Only incoming connections action is supported for now */
6731                if (cp->action != 0x01) {
6732                        err = mgmt_cmd_complete(sk, hdev->id,
6733                                                MGMT_OP_ADD_DEVICE,
6734                                                MGMT_STATUS_INVALID_PARAMS,
6735                                                &cp->addr, sizeof(cp->addr));
6736                        goto unlock;
6737                }
6738
6739                err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
6740                                                     &cp->addr.bdaddr,
6741                                                     cp->addr.type, 0);
6742                if (err)
6743                        goto unlock;
6744
6745                hci_req_update_scan(hdev);
6746
6747                goto added;
6748        }
6749
6750        addr_type = le_addr_type(cp->addr.type);
6751
6752        if (cp->action == 0x02)
6753                auto_conn = HCI_AUTO_CONN_ALWAYS;
6754        else if (cp->action == 0x01)
6755                auto_conn = HCI_AUTO_CONN_DIRECT;
6756        else
6757                auto_conn = HCI_AUTO_CONN_REPORT;
6758
6759        /* Kernel internally uses conn_params with resolvable private
6760         * address, but Add Device allows only identity addresses.
6761         * Make sure it is enforced before calling
6762         * hci_conn_params_lookup.
6763         */
6764        if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6765                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6766                                        MGMT_STATUS_INVALID_PARAMS,
6767                                        &cp->addr, sizeof(cp->addr));
6768                goto unlock;
6769        }
6770
6771        /* If the connection parameters don't exist for this device,
6772         * they will be created and configured with defaults.
6773         */
6774        if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
6775                                auto_conn) < 0) {
6776                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6777                                        MGMT_STATUS_FAILED, &cp->addr,
6778                                        sizeof(cp->addr));
6779                goto unlock;
6780        } else {
6781                params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6782                                                addr_type);
6783                if (params)
6784                        current_flags = params->current_flags;
6785        }
6786
6787        hci_update_background_scan(hdev);
6788
6789added:
6790        device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6791        device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
6792                             SUPPORTED_DEVICE_FLAGS(), current_flags);
6793
6794        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6795                                MGMT_STATUS_SUCCESS, &cp->addr,
6796                                sizeof(cp->addr));
6797
6798unlock:
6799        hci_dev_unlock(hdev);
6800        return err;
6801}
6802
6803static void device_removed(struct sock *sk, struct hci_dev *hdev,
6804                           bdaddr_t *bdaddr, u8 type)
6805{
6806        struct mgmt_ev_device_removed ev;
6807
6808        bacpy(&ev.addr.bdaddr, bdaddr);
6809        ev.addr.type = type;
6810
6811        mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6812}
6813
6814static int remove_device(struct sock *sk, struct hci_dev *hdev,
6815                         void *data, u16 len)
6816{
6817        struct mgmt_cp_remove_device *cp = data;
6818        int err;
6819
6820        bt_dev_dbg(hdev, "sock %p", sk);
6821
6822        hci_dev_lock(hdev);
6823
6824        if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6825                struct hci_conn_params *params;
6826                u8 addr_type;
6827
6828                if (!bdaddr_type_is_valid(cp->addr.type)) {
6829                        err = mgmt_cmd_complete(sk, hdev->id,
6830                                                MGMT_OP_REMOVE_DEVICE,
6831                                                MGMT_STATUS_INVALID_PARAMS,
6832                                                &cp->addr, sizeof(cp->addr));
6833                        goto unlock;
6834                }
6835
6836                if (cp->addr.type == BDADDR_BREDR) {
6837                        err = hci_bdaddr_list_del(&hdev->accept_list,
6838                                                  &cp->addr.bdaddr,
6839                                                  cp->addr.type);
6840                        if (err) {
6841                                err = mgmt_cmd_complete(sk, hdev->id,
6842                                                        MGMT_OP_REMOVE_DEVICE,
6843                                                        MGMT_STATUS_INVALID_PARAMS,
6844                                                        &cp->addr,
6845                                                        sizeof(cp->addr));
6846                                goto unlock;
6847                        }
6848
6849                        hci_req_update_scan(hdev);
6850
6851                        device_removed(sk, hdev, &cp->addr.bdaddr,
6852                                       cp->addr.type);
6853                        goto complete;
6854                }
6855
6856                addr_type = le_addr_type(cp->addr.type);
6857
6858                /* Kernel internally uses conn_params with resolvable private
6859                 * address, but Remove Device allows only identity addresses.
6860                 * Make sure it is enforced before calling
6861                 * hci_conn_params_lookup.
6862                 */
6863                if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6864                        err = mgmt_cmd_complete(sk, hdev->id,
6865                                                MGMT_OP_REMOVE_DEVICE,
6866                                                MGMT_STATUS_INVALID_PARAMS,
6867                                                &cp->addr, sizeof(cp->addr));
6868                        goto unlock;
6869                }
6870
6871                params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6872                                                addr_type);
6873                if (!params) {
6874                        err = mgmt_cmd_complete(sk, hdev->id,
6875                                                MGMT_OP_REMOVE_DEVICE,
6876                                                MGMT_STATUS_INVALID_PARAMS,
6877                                                &cp->addr, sizeof(cp->addr));
6878                        goto unlock;
6879                }
6880
6881                if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6882                    params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6883                        err = mgmt_cmd_complete(sk, hdev->id,
6884                                                MGMT_OP_REMOVE_DEVICE,
6885                                                MGMT_STATUS_INVALID_PARAMS,
6886                                                &cp->addr, sizeof(cp->addr));
6887                        goto unlock;
6888                }
6889
6890                list_del(&params->action);
6891                list_del(&params->list);
6892                kfree(params);
6893                hci_update_background_scan(hdev);
6894
6895                device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6896        } else {
6897                struct hci_conn_params *p, *tmp;
6898                struct bdaddr_list *b, *btmp;
6899
6900                if (cp->addr.type) {
6901                        err = mgmt_cmd_complete(sk, hdev->id,
6902                                                MGMT_OP_REMOVE_DEVICE,
6903                                                MGMT_STATUS_INVALID_PARAMS,
6904                                                &cp->addr, sizeof(cp->addr));
6905                        goto unlock;
6906                }
6907
6908                list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6909                        device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6910                        list_del(&b->list);
6911                        kfree(b);
6912                }
6913
6914                hci_req_update_scan(hdev);
6915
6916                list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6917                        if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6918                                continue;
6919                        device_removed(sk, hdev, &p->addr, p->addr_type);
6920                        if (p->explicit_connect) {
6921                                p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6922                                continue;
6923                        }
6924                        list_del(&p->action);
6925                        list_del(&p->list);
6926                        kfree(p);
6927                }
6928
6929                bt_dev_dbg(hdev, "All LE connection parameters were removed");
6930
6931                hci_update_background_scan(hdev);
6932        }
6933
6934complete:
6935        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6936                                MGMT_STATUS_SUCCESS, &cp->addr,
6937                                sizeof(cp->addr));
6938unlock:
6939        hci_dev_unlock(hdev);
6940        return err;
6941}
6942
6943static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6944                           u16 len)
6945{
6946        struct mgmt_cp_load_conn_param *cp = data;
6947        const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6948                                     sizeof(struct mgmt_conn_param));
6949        u16 param_count, expected_len;
6950        int i;
6951
6952        if (!lmp_le_capable(hdev))
6953                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6954                                       MGMT_STATUS_NOT_SUPPORTED);
6955
6956        param_count = __le16_to_cpu(cp->param_count);
6957        if (param_count > max_param_count) {
6958                bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6959                           param_count);
6960                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6961                                       MGMT_STATUS_INVALID_PARAMS);
6962        }
6963
6964        expected_len = struct_size(cp, params, param_count);
6965        if (expected_len != len) {
6966                bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6967                           expected_len, len);
6968                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6969                                       MGMT_STATUS_INVALID_PARAMS);
6970        }
6971
6972        bt_dev_dbg(hdev, "param_count %u", param_count);
6973
6974        hci_dev_lock(hdev);
6975
6976        hci_conn_params_clear_disabled(hdev);
6977
6978        for (i = 0; i < param_count; i++) {
6979                struct mgmt_conn_param *param = &cp->params[i];
6980                struct hci_conn_params *hci_param;
6981                u16 min, max, latency, timeout;
6982                u8 addr_type;
6983
6984                bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
6985                           param->addr.type);
6986
6987                if (param->addr.type == BDADDR_LE_PUBLIC) {
6988                        addr_type = ADDR_LE_DEV_PUBLIC;
6989                } else if (param->addr.type == BDADDR_LE_RANDOM) {
6990                        addr_type = ADDR_LE_DEV_RANDOM;
6991                } else {
6992                        bt_dev_err(hdev, "ignoring invalid connection parameters");
6993                        continue;
6994                }
6995
6996                min = le16_to_cpu(param->min_interval);
6997                max = le16_to_cpu(param->max_interval);
6998                latency = le16_to_cpu(param->latency);
6999                timeout = le16_to_cpu(param->timeout);
7000

7001                bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7002                           min, max, latency, timeout);
7003
7004                if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7005                        bt_dev_err(hdev, "ignoring invalid connection parameters");
7006                        continue;
7007                }
7008
7009                hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7010                                                addr_type);
7011                if (!hci_param) {
7012                        bt_dev_err(hdev, "failed to add connection parameters");
7013                        continue;
7014                }
7015
7016                hci_param->conn_min_interval = min;
7017                hci_param->conn_max_interval = max;
7018                hci_param->conn_latency = latency;
7019                hci_param->supervision_timeout = timeout;
7020        }
7021
7022        hci_dev_unlock(hdev);
7023
7024        return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7025                                 NULL, 0);
7026}
7027
7028static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7029                               void *data, u16 len)
7030{
7031        struct mgmt_cp_set_external_config *cp = data;
7032        bool changed;
7033        int err;
7034
7035        bt_dev_dbg(hdev, "sock %p", sk);
7036
7037        if (hdev_is_powered(hdev))
7038                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7039                                       MGMT_STATUS_REJECTED);
7040
7041        if (cp->config != 0x00 && cp->config != 0x01)
7042                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7043                                         MGMT_STATUS_INVALID_PARAMS);
7044
7045        if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7046                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7047                                       MGMT_STATUS_NOT_SUPPORTED);
7048
7049        hci_dev_lock(hdev);
7050
7051        if (cp->config)
7052                changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
7053        else
7054                changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
7055
7056        err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7057        if (err < 0)
7058                goto unlock;
7059
7060        if (!changed)
7061                goto unlock;
7062
7063        err = new_options(hdev, sk);
7064
7065        if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
7066                mgmt_index_removed(hdev);
7067
7068                if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
7069                        hci_dev_set_flag(hdev, HCI_CONFIG);
7070                        hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7071
7072                        queue_work(hdev->req_workqueue, &hdev->power_on);
7073                } else {
7074                        set_bit(HCI_RAW, &hdev->flags);
7075                        mgmt_index_added(hdev);
7076                }
7077        }
7078
7079unlock:
7080        hci_dev_unlock(hdev);
7081        return err;
7082}
7083
7084static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7085                              void *data, u16 len)
7086{
7087        struct mgmt_cp_set_public_address *cp = data;
7088        bool changed;
7089        int err;
7090
7091        bt_dev_dbg(hdev, "sock %p", sk);
7092
7093        if (hdev_is_powered(hdev))
7094                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7095                                       MGMT_STATUS_REJECTED);
7096
7097        if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7098                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7099                                       MGMT_STATUS_INVALID_PARAMS);
7100
7101        if (!hdev->set_bdaddr)
7102                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7103                                       MGMT_STATUS_NOT_SUPPORTED);
7104
7105        hci_dev_lock(hdev);
7106
7107        changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7108        bacpy(&hdev->public_addr, &cp->bdaddr);
7109
7110        err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7111        if (err < 0)
7112                goto unlock;
7113
7114        if (!changed)
7115                goto unlock;
7116
7117        if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
7118                err = new_options(hdev, sk);
7119
7120        if (is_configured(hdev)) {
7121                mgmt_index_removed(hdev);
7122
7123                hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
7124
7125                hci_dev_set_flag(hdev, HCI_CONFIG);
7126                hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7127
7128                queue_work(hdev->req_workqueue, &hdev->power_on);
7129        }
7130
7131unlock:
7132        hci_dev_unlock(hdev);
7133        return err;
7134}
7135
7136static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
7137                                             u16 opcode, struct sk_buff *skb)
7138{
7139        const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7140        struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7141        u8 *h192, *r192, *h256, *r256;
7142        struct mgmt_pending_cmd *cmd;
7143        u16 eir_len;
7144        int err;
7145
7146        bt_dev_dbg(hdev, "status %u", status);
7147
7148        cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
7149        if (!cmd)
7150                return;
7151
7152        mgmt_cp = cmd->param;
7153
7154        if (status) {
7155                status = mgmt_status(status);
7156                eir_len = 0;
7157
7158                h192 = NULL;
7159                r192 = NULL;
7160                h256 = NULL;
7161                r256 = NULL;
7162        } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
7163                struct hci_rp_read_local_oob_data *rp;
7164
7165                if (skb->len != sizeof(*rp)) {
7166                        status = MGMT_STATUS_FAILED;
7167                        eir_len = 0;
7168                } else {
7169                        status = MGMT_STATUS_SUCCESS;
7170                        rp = (void *)skb->data;
7171
7172                        eir_len = 5 + 18 + 18;
7173                        h192 = rp->hash;
7174                        r192 = rp->rand;
7175                        h256 = NULL;
7176                        r256 = NULL;
7177                }
7178        } else {
7179                struct hci_rp_read_local_oob_ext_data *rp;
7180
7181                if (skb->len != sizeof(*rp)) {
7182                        status = MGMT_STATUS_FAILED;
7183                        eir_len = 0;
7184                } else {
7185                        status = MGMT_STATUS_SUCCESS;
7186                        rp = (void *)skb->data;
7187
7188                        if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7189                                eir_len = 5 + 18 + 18;
7190                                h192 = NULL;
7191                                r192 = NULL;
7192                        } else {
7193                                eir_len = 5 + 18 + 18 + 18 + 18;
7194                                h192 = rp->hash192;
7195                                r192 = rp->rand192;
7196                        }
7197
7198                        h256 = rp->hash256;
7199                        r256 = rp->rand256;
7200                }
7201        }
7202
7203        mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7204        if (!mgmt_rp)
7205                goto done;
7206
7207        if (eir_len == 0)
7208                goto send_rsp;
7209
7210        eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7211                                  hdev->dev_class, 3);
7212
7213        if (h192 && r192) {
7214                eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7215                                          EIR_SSP_HASH_C192, h192, 16);
7216                eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7217                                          EIR_SSP_RAND_R192, r192, 16);
7218        }
7219
7220        if (h256 && r256) {
7221                eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7222                                          EIR_SSP_HASH_C256, h256, 16);
7223                eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7224                                          EIR_SSP_RAND_R256, r256, 16);
7225        }
7226
7227send_rsp:
7228        mgmt_rp->type = mgmt_cp->type;
7229        mgmt_rp->eir_len = cpu_to_le16(eir_len);
7230
7231        err = mgmt_cmd_complete(cmd->sk, hdev->id,
7232                                MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7233                                mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7234        if (err < 0 || status)
7235                goto done;
7236
7237        hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7238
7239        err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7240                                 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7241                                 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7242done:
7243        kfree(mgmt_rp);
7244        mgmt_pending_remove(cmd);
7245}
7246
7247static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7248                                  struct mgmt_cp_read_local_oob_ext_data *cp)
7249{
7250        struct mgmt_pending_cmd *cmd;
7251        struct hci_request req;
7252        int err;
7253
7254        cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7255                               cp, sizeof(*cp));
7256        if (!cmd)
7257                return -ENOMEM;
7258
7259        hci_req_init(&req, hdev);
7260
7261        if (bredr_sc_enabled(hdev))
7262                hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7263        else
7264                hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7265
7266        err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7267        if (err < 0) {
7268                mgmt_pending_remove(cmd);
7269                return err;
7270        }
7271
7272        return 0;
7273}
7274
7275static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7276                                   void *data, u16 data_len)
7277{
7278        struct mgmt_cp_read_local_oob_ext_data *cp = data;
7279        struct mgmt_rp_read_local_oob_ext_data *rp;
7280        size_t rp_len;
7281        u16 eir_len;
7282        u8 status, flags, role, addr[7], hash[16], rand[16];
7283        int err;
7284
7285        bt_dev_dbg(hdev, "sock %p", sk);
7286
7287        if (hdev_is_powered(hdev)) {
7288                switch (cp->type) {
7289                case BIT(BDADDR_BREDR):
7290                        status = mgmt_bredr_support(hdev);
7291                        if (status)
7292                                eir_len = 0;
7293                        else
7294                                eir_len = 5;
7295                        break;
7296                case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7297                        status = mgmt_le_support(hdev);
7298                        if (status)
7299                                eir_len = 0;
7300                        else
7301                                eir_len = 9 + 3 + 18 + 18 + 3;
7302                        break;
7303                default:
7304                        status = MGMT_STATUS_INVALID_PARAMS;
7305                        eir_len = 0;
7306                        break;
7307                }
7308        } else {
7309                status = MGMT_STATUS_NOT_POWERED;
7310                eir_len = 0;
7311        }
7312
7313        rp_len = sizeof(*rp) + eir_len;
7314        rp = kmalloc(rp_len, GFP_ATOMIC);
7315        if (!rp)
7316                return -ENOMEM;
7317
7318        if (status)
7319                goto complete;
7320
7321        hci_dev_lock(hdev);
7322
7323        eir_len = 0;
7324        switch (cp->type) {
7325        case BIT(BDADDR_BREDR):
7326                if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7327                        err = read_local_ssp_oob_req(hdev, sk, cp);
7328                        hci_dev_unlock(hdev);
7329                        if (!err)
7330                                goto done;
7331
7332                        status = MGMT_STATUS_FAILED;
7333                        goto complete;
7334                } else {
7335                        eir_len = eir_append_data(rp->eir, eir_len,
7336                                                  EIR_CLASS_OF_DEV,
7337                                                  hdev->dev_class, 3);
7338                }
7339                break;
7340        case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7341                if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7342                    smp_generate_oob(hdev, hash, rand) < 0) {
7343                        hci_dev_unlock(hdev);
7344                        status = MGMT_STATUS_FAILED;
7345                        goto complete;
7346                }
7347
7348                /* This should return the active RPA, but since the RPA
7349                 * is only programmed on demand, it is really hard to fill
7350                 * this in at the moment. For now disallow retrieving
7351                 * local out-of-band data when privacy is in use.
7352                 *
7353                 * Returning the identity address will not help here since
7354                 * pairing happens before the identity resolving key is
7355                 * known and thus the connection establishment happens
7356                 * based on the RPA and not the identity address.
7357                 */
7358                if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
7359                        hci_dev_unlock(hdev);
7360                        status = MGMT_STATUS_REJECTED;
7361                        goto complete;
7362                }
7363
7364                if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7365                   !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7366                   (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7367                    bacmp(&hdev->static_addr, BDADDR_ANY))) {
7368                        memcpy(addr, &hdev->static_addr, 6);
7369                        addr[6] = 0x01;
7370                } else {
7371                        memcpy(addr, &hdev->bdaddr, 6);
7372                        addr[6] = 0x00;
7373                }
7374
7375                eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7376                                          addr, sizeof(addr));
7377
7378                if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7379                        role = 0x02;
7380                else
7381                        role = 0x01;
7382
7383                eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7384                                          &role, sizeof(role));
7385
7386                if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7387                        eir_len = eir_append_data(rp->eir, eir_len,
7388                                                  EIR_LE_SC_CONFIRM,
7389                                                  hash, sizeof(hash));
7390
7391                        eir_len = eir_append_data(rp->eir, eir_len,
7392                                                  EIR_LE_SC_RANDOM,
7393                                                  rand, sizeof(rand));
7394                }
7395
7396                flags = mgmt_get_adv_discov_flags(hdev);
7397
7398                if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7399                        flags |= LE_AD_NO_BREDR;
7400
7401                eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7402                                          &flags, sizeof(flags));
7403                break;
7404        }
7405
7406        hci_dev_unlock(hdev);
7407
7408        hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7409
7410        status = MGMT_STATUS_SUCCESS;
7411
7412complete:
7413        rp->type = cp->type;
7414        rp->eir_len = cpu_to_le16(eir_len);
7415
7416        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
7417                                status, rp, sizeof(*rp) + eir_len);
7418        if (err < 0 || status)
7419                goto done;
7420
7421        err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7422                                 rp, sizeof(*rp) + eir_len,
7423                                 HCI_MGMT_OOB_DATA_EVENTS, sk);
7424
7425done:
7426        kfree(rp);
7427
7428        return err;
7429}
7430
7431static u32 get_supported_adv_flags(struct hci_dev *hdev)
7432{
7433        u32 flags = 0;
7434
7435        flags |= MGMT_ADV_FLAG_CONNECTABLE;
7436        flags |= MGMT_ADV_FLAG_DISCOV;
7437        flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7438        flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7439        flags |= MGMT_ADV_FLAG_APPEARANCE;
7440        flags |= MGMT_ADV_FLAG_LOCAL_NAME;
7441        flags |= MGMT_ADV_PARAM_DURATION;
7442        flags |= MGMT_ADV_PARAM_TIMEOUT;
7443        flags |= MGMT_ADV_PARAM_INTERVALS;
7444        flags |= MGMT_ADV_PARAM_TX_POWER;
7445        flags |= MGMT_ADV_PARAM_SCAN_RSP;
7446
7447        /* In extended adv TX_POWER returned from Set Adv Param
7448         * will be always valid.
7449         */
7450        if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7451            ext_adv_capable(hdev))
7452                flags |= MGMT_ADV_FLAG_TX_POWER;
7453
7454        if (ext_adv_capable(hdev)) {
7455                flags |= MGMT_ADV_FLAG_SEC_1M;
7456                flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7457                flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
7458
7459                if (hdev->le_features[1] & HCI_LE_PHY_2M)
7460                        flags |= MGMT_ADV_FLAG_SEC_2M;
7461
7462                if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7463                        flags |= MGMT_ADV_FLAG_SEC_CODED;
7464        }
7465
7466        return flags;
7467}
7468
7469static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7470                             void *data, u16 data_len)
7471{
7472        struct mgmt_rp_read_adv_features *rp;
7473        size_t rp_len;
7474        int err;
7475        struct adv_info *adv_instance;
7476        u32 supported_flags;
7477        u8 *instance;
7478
7479        bt_dev_dbg(hdev, "sock %p", sk);
7480
7481        if (!lmp_le_capable(hdev))
7482                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7483                                       MGMT_STATUS_REJECTED);
7484
7485        /* Enabling the experimental LL Privay support disables support for
7486         * advertising.
7487         */
7488        if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7489                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7490                                       MGMT_STATUS_NOT_SUPPORTED);
7491
7492        hci_dev_lock(hdev);
7493
7494        rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
7495        rp = kmalloc(rp_len, GFP_ATOMIC);
7496        if (!rp) {
7497                hci_dev_unlock(hdev);
7498                return -ENOMEM;
7499        }
7500
7501        supported_flags = get_supported_adv_flags(hdev);
7502
7503        rp->supported_flags = cpu_to_le32(supported_flags);
7504        rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7505        rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7506        rp->max_instances = hdev->le_num_of_adv_sets;
7507        rp->num_instances = hdev->adv_instance_cnt;
7508
7509        instance = rp->instance;
7510        list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7511                *instance = adv_instance->instance;
7512                instance++;
7513        }
7514
7515        hci_dev_unlock(hdev);
7516
7517        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7518                                MGMT_STATUS_SUCCESS, rp, rp_len);
7519
7520        kfree(rp);
7521
7522        return err;
7523}
7524
7525static u8 calculate_name_len(struct hci_dev *hdev)
7526{
7527        u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7528
7529        return append_local_name(hdev, buf, 0);
7530}
7531
7532static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7533                           bool is_adv_data)
7534{
7535        u8 max_len = HCI_MAX_AD_LENGTH;
7536
7537        if (is_adv_data) {
7538                if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7539                                 MGMT_ADV_FLAG_LIMITED_DISCOV |
7540                                 MGMT_ADV_FLAG_MANAGED_FLAGS))
7541                        max_len -= 3;
7542
7543                if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
7544                        max_len -= 3;
7545        } else {
7546                if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
7547                        max_len -= calculate_name_len(hdev);
7548
7549                if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
7550                        max_len -= 4;
7551        }
7552
7553        return max_len;
7554}
7555
7556static bool flags_managed(u32 adv_flags)
7557{
7558        return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7559                            MGMT_ADV_FLAG_LIMITED_DISCOV |
7560                            MGMT_ADV_FLAG_MANAGED_FLAGS);
7561}
7562
7563static bool tx_power_managed(u32 adv_flags)
7564{
7565        return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7566}
7567
7568static bool name_managed(u32 adv_flags)
7569{
7570        return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7571}
7572
7573static bool appearance_managed(u32 adv_flags)
7574{
7575        return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7576}
7577
7578static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7579                              u8 len, bool is_adv_data)
7580{
7581        int i, cur_len;
7582        u8 max_len;
7583
7584        max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
7585
7586        if (len > max_len)
7587                return false;
7588
7589        /* Make sure that the data is correctly formatted. */
7590        for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7591                cur_len = data[i];
7592
7593                if (!cur_len)
7594                        continue;
7595
7596                if (data[i + 1] == EIR_FLAGS &&
7597                    (!is_adv_data || flags_managed(adv_flags)))
7598                        return false;
7599
7600                if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7601                        return false;
7602
7603                if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7604                        return false;
7605
7606                if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
7607                        return false;
7608
7609                if (data[i + 1] == EIR_APPEARANCE &&
7610                    appearance_managed(adv_flags))
7611                        return false;
7612
7613                /* If the current field length would exceed the total data
7614                 * length, then it's invalid.
7615                 */
7616                if (i + cur_len >= len)
7617                        return false;
7618        }
7619
7620        return true;
7621}
7622
7623static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
7624{
7625        u32 supported_flags, phy_flags;
7626
7627        /* The current implementation only supports a subset of the specified
7628         * flags. Also need to check mutual exclusiveness of sec flags.
7629         */
7630        supported_flags = get_supported_adv_flags(hdev);
7631        phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
7632        if (adv_flags & ~supported_flags ||
7633            ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7634                return false;
7635
7636        return true;
7637}
7638
7639static bool adv_busy(struct hci_dev *hdev)
7640{
7641        return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7642                pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7643                pending_find(MGMT_OP_SET_LE, hdev) ||
7644                pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) ||
7645                pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev));
7646}
7647
7648static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7649                                     u16 opcode)
7650{
7651        struct mgmt_pending_cmd *cmd;
7652        struct mgmt_cp_add_advertising *cp;
7653        struct mgmt_rp_add_advertising rp;
7654        struct adv_info *adv_instance, *n;
7655        u8 instance;
7656
7657        bt_dev_dbg(hdev, "status %u", status);
7658
7659        hci_dev_lock(hdev);
7660
7661        cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7662        if (!cmd)
7663                cmd = pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev);
7664
7665        list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7666                if (!adv_instance->pending)
7667                        continue;
7668
7669                if (!status) {
7670                        adv_instance->pending = false;
7671                        continue;
7672                }
7673
7674                instance = adv_instance->instance;
7675
7676                if (hdev->cur_adv_instance == instance)
7677                        cancel_adv_timeout(hdev);
7678
7679                hci_remove_adv_instance(hdev, instance);
7680                mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7681        }
7682
7683        if (!cmd)
7684                goto unlock;
7685
7686        cp = cmd->param;
7687        rp.instance = cp->instance;
7688
7689        if (status)
7690                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7691                                mgmt_status(status));
7692        else
7693                mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7694                                  mgmt_status(status), &rp, sizeof(rp));
7695
7696        mgmt_pending_remove(cmd);
7697
7698unlock:
7699        hci_dev_unlock(hdev);
7700}
7701
7702static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7703                           void *data, u16 data_len)
7704{
7705        struct mgmt_cp_add_advertising *cp = data;
7706        struct mgmt_rp_add_advertising rp;
7707        u32 flags;
7708        u8 status;
7709        u16 timeout, duration;
7710        unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7711        u8 schedule_instance = 0;
7712        struct adv_info *next_instance;
7713        int err;
7714        struct mgmt_pending_cmd *cmd;
7715        struct hci_request req;
7716
7717        bt_dev_dbg(hdev, "sock %p", sk);
7718
7719        status = mgmt_le_support(hdev);
7720        if (status)
7721                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7722                                       status);
7723
7724        /* Enabling the experimental LL Privay support disables support for
7725         * advertising.
7726         */
7727        if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7728                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7729                                       MGMT_STATUS_NOT_SUPPORTED);
7730
7731        if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7732                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7733                                       MGMT_STATUS_INVALID_PARAMS);
7734
7735        if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
7736                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7737                                       MGMT_STATUS_INVALID_PARAMS);
7738
7739        flags = __le32_to_cpu(cp->flags);
7740        timeout = __le16_to_cpu(cp->timeout);
7741        duration = __le16_to_cpu(cp->duration);
7742
7743        if (!requested_adv_flags_are_valid(hdev, flags))
7744                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7745                                       MGMT_STATUS_INVALID_PARAMS);
7746
7747        hci_dev_lock(hdev);
7748
7749        if (timeout && !hdev_is_powered(hdev)) {
7750                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7751                                      MGMT_STATUS_REJECTED);
7752                goto unlock;
7753        }
7754
7755        if (adv_busy(hdev)) {
7756                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7757                                      MGMT_STATUS_BUSY);
7758                goto unlock;
7759        }
7760
7761        if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7762            !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7763                               cp->scan_rsp_len, false)) {
7764                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7765                                      MGMT_STATUS_INVALID_PARAMS);
7766                goto unlock;
7767        }
7768
7769        err = hci_add_adv_instance(hdev, cp->instance, flags,
7770                                   cp->adv_data_len, cp->data,
7771                                   cp->scan_rsp_len,
7772                                   cp->data + cp->adv_data_len,
7773                                   timeout, duration,
7774                                   HCI_ADV_TX_POWER_NO_PREFERENCE,
7775                                   hdev->le_adv_min_interval,
7776                                   hdev->le_adv_max_interval);
7777        if (err < 0) {
7778                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7779                                      MGMT_STATUS_FAILED);
7780                goto unlock;
7781        }
7782
7783        /* Only trigger an advertising added event if a new instance was
7784         * actually added.
7785         */
7786        if (hdev->adv_instance_cnt > prev_instance_cnt)
7787                mgmt_advertising_added(sk, hdev, cp->instance);
7788
7789        if (hdev->cur_adv_instance == cp->instance) {
7790                /* If the currently advertised instance is being changed then
7791                 * cancel the current advertising and schedule the next
7792                 * instance. If there is only one instance then the overridden
7793                 * advertising data will be visible right away.
7794                 */
7795                cancel_adv_timeout(hdev);
7796
7797                next_instance = hci_get_next_instance(hdev, cp->instance);
7798                if (next_instance)
7799                        schedule_instance = next_instance->instance;
7800        } else if (!hdev->adv_instance_timeout) {
7801                /* Immediately advertise the new instance if no other
7802                 * instance is currently being advertised.
7803                 */
7804                schedule_instance = cp->instance;
7805        }
7806
7807        /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7808         * there is no instance to be advertised then we have no HCI
7809         * communication to make. Simply return.
7810         */
7811        if (!hdev_is_powered(hdev) ||
7812            hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7813            !schedule_instance) {
7814                rp.instance = cp->instance;
7815                err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7816                                        MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7817                goto unlock;
7818        }
7819
7820        /* We're good to go, update advertising data, parameters, and start
7821         * advertising.
7822         */
7823        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7824                               data_len);
7825        if (!cmd) {
7826                err = -ENOMEM;
7827                goto unlock;
7828        }
7829
7830        hci_req_init(&req, hdev);
7831
7832        err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
7833
7834        if (!err)
7835                err = hci_req_run(&req, add_advertising_complete);
7836
7837        if (err < 0) {
7838                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7839                                      MGMT_STATUS_FAILED);
7840                mgmt_pending_remove(cmd);
7841        }
7842
7843unlock:
7844        hci_dev_unlock(hdev);
7845
7846        return err;
7847}
7848
7849static void add_ext_adv_params_complete(struct hci_dev *hdev, u8 status,
7850                                        u16 opcode)
7851{
7852        struct mgmt_pending_cmd *cmd;
7853        struct mgmt_cp_add_ext_adv_params *cp;
7854        struct mgmt_rp_add_ext_adv_params rp;
7855        struct adv_info *adv_instance;
7856        u32 flags;
7857
7858        BT_DBG("%s", hdev->name);
7859
7860        hci_dev_lock(hdev);
7861
7862        cmd = pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev);
7863        if (!cmd)
7864                goto unlock;
7865
7866        cp = cmd->param;
7867        adv_instance = hci_find_adv_instance(hdev, cp->instance);
7868        if (!adv_instance)
7869                goto unlock;
7870
7871        rp.instance = cp->instance;
7872        rp.tx_power = adv_instance->tx_power;
7873
7874        /* While we're at it, inform userspace of the available space for this
7875         * advertisement, given the flags that will be used.
7876         */
7877        flags = __le32_to_cpu(cp->flags);
7878        rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7879        rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7880
7881        if (status) {
7882                /* If this advertisement was previously advertising and we
7883                 * failed to update it, we signal that it has been removed and
7884                 * delete its structure
7885                 */
7886                if (!adv_instance->pending)
7887                        mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
7888
7889                hci_remove_adv_instance(hdev, cp->instance);
7890
7891                mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7892                                mgmt_status(status));
7893
7894        } else {
7895                mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7896                                  mgmt_status(status), &rp, sizeof(rp));
7897        }
7898
7899unlock:
7900        if (cmd)
7901                mgmt_pending_remove(cmd);
7902
7903        hci_dev_unlock(hdev);
7904}
7905
7906static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
7907                              void *data, u16 data_len)
7908{
7909        struct mgmt_cp_add_ext_adv_params *cp = data;
7910        struct mgmt_rp_add_ext_adv_params rp;
7911        struct mgmt_pending_cmd *cmd = NULL;
7912        struct adv_info *adv_instance;
7913        struct hci_request req;
7914        u32 flags, min_interval, max_interval;
7915        u16 timeout, duration;
7916        u8 status;
7917        s8 tx_power;
7918        int err;
7919
7920        BT_DBG("%s", hdev->name);
7921
7922        status = mgmt_le_support(hdev);
7923        if (status)
7924                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7925                                       status);
7926
7927        if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7928                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7929                                       MGMT_STATUS_INVALID_PARAMS);
7930
7931        /* The purpose of breaking add_advertising into two separate MGMT calls
7932         * for params and data is to allow more parameters to be added to this
7933         * structure in the future. For this reason, we verify that we have the
7934         * bare minimum structure we know of when the interface was defined. Any
7935         * extra parameters we don't know about will be ignored in this request.
7936         */
7937        if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
7938                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7939                                       MGMT_STATUS_INVALID_PARAMS);
7940
7941        flags = __le32_to_cpu(cp->flags);
7942
7943        if (!requested_adv_flags_are_valid(hdev, flags))
7944                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7945                                       MGMT_STATUS_INVALID_PARAMS);
7946
7947        hci_dev_lock(hdev);
7948
7949        /* In new interface, we require that we are powered to register */
7950        if (!hdev_is_powered(hdev)) {
7951                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7952                                      MGMT_STATUS_REJECTED);
7953                goto unlock;
7954        }
7955
7956        if (adv_busy(hdev)) {
7957                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7958                                      MGMT_STATUS_BUSY);
7959                goto unlock;
7960        }
7961
7962        /* Parse defined parameters from request, use defaults otherwise */
7963        timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
7964                  __le16_to_cpu(cp->timeout) : 0;
7965
7966        duration = (flags & MGMT_ADV_PARAM_DURATION) ?
7967                   __le16_to_cpu(cp->duration) :
7968                   hdev->def_multi_adv_rotation_duration;
7969
7970        min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7971                       __le32_to_cpu(cp->min_interval) :
7972                       hdev->le_adv_min_interval;
7973
7974        max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
7975                       __le32_to_cpu(cp->max_interval) :
7976                       hdev->le_adv_max_interval;
7977
7978        tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
7979                   cp->tx_power :
7980                   HCI_ADV_TX_POWER_NO_PREFERENCE;
7981
7982        /* Create advertising instance with no advertising or response data */
7983        err = hci_add_adv_instance(hdev, cp->instance, flags,
7984                                   0, NULL, 0, NULL, timeout, duration,
7985                                   tx_power, min_interval, max_interval);
7986
7987        if (err < 0) {
7988                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
7989                                      MGMT_STATUS_FAILED);
7990                goto unlock;
7991        }
7992
7993        /* Submit request for advertising params if ext adv available */
7994        if (ext_adv_capable(hdev)) {
7995                hci_req_init(&req, hdev);
7996                adv_instance = hci_find_adv_instance(hdev, cp->instance);
7997
7998                /* Updating parameters of an active instance will return a
7999                 * Command Disallowed error, so we must first disable the
8000                 * instance if it is active.

8001                 */
8002                if (!adv_instance->pending)
8003                        __hci_req_disable_ext_adv_instance(&req, cp->instance);
8004
8005                __hci_req_setup_ext_adv_instance(&req, cp->instance);
8006
8007                err = hci_req_run(&req, add_ext_adv_params_complete);
8008
8009                if (!err)
8010                        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_PARAMS,
8011                                               hdev, data, data_len);
8012                if (!cmd) {
8013                        err = -ENOMEM;
8014                        hci_remove_adv_instance(hdev, cp->instance);
8015                        goto unlock;
8016                }
8017
8018        } else {
8019                rp.instance = cp->instance;
8020                rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8021                rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8022                rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8023                err = mgmt_cmd_complete(sk, hdev->id,
8024                                        MGMT_OP_ADD_EXT_ADV_PARAMS,
8025                                        MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8026        }
8027
8028unlock:
8029        hci_dev_unlock(hdev);
8030
8031        return err;
8032}
8033
8034static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8035                            u16 data_len)
8036{
8037        struct mgmt_cp_add_ext_adv_data *cp = data;
8038        struct mgmt_rp_add_ext_adv_data rp;
8039        u8 schedule_instance = 0;
8040        struct adv_info *next_instance;
8041        struct adv_info *adv_instance;
8042        int err = 0;
8043        struct mgmt_pending_cmd *cmd;
8044        struct hci_request req;
8045
8046        BT_DBG("%s", hdev->name);
8047
8048        hci_dev_lock(hdev);
8049
8050        adv_instance = hci_find_adv_instance(hdev, cp->instance);
8051
8052        if (!adv_instance) {
8053                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8054                                      MGMT_STATUS_INVALID_PARAMS);
8055                goto unlock;
8056        }
8057
8058        /* In new interface, we require that we are powered to register */
8059        if (!hdev_is_powered(hdev)) {
8060                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8061                                      MGMT_STATUS_REJECTED);
8062                goto clear_new_instance;
8063        }
8064
8065        if (adv_busy(hdev)) {
8066                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8067                                      MGMT_STATUS_BUSY);
8068                goto clear_new_instance;
8069        }
8070
8071        /* Validate new data */
8072        if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8073                               cp->adv_data_len, true) ||
8074            !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8075                               cp->adv_data_len, cp->scan_rsp_len, false)) {
8076                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8077                                      MGMT_STATUS_INVALID_PARAMS);
8078                goto clear_new_instance;
8079        }
8080
8081        /* Set the data in the advertising instance */
8082        hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8083                                  cp->data, cp->scan_rsp_len,
8084                                  cp->data + cp->adv_data_len);
8085
8086        /* We're good to go, update advertising data, parameters, and start
8087         * advertising.
8088         */
8089
8090        hci_req_init(&req, hdev);
8091
8092        hci_req_add(&req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
8093
8094        if (ext_adv_capable(hdev)) {
8095                __hci_req_update_adv_data(&req, cp->instance);
8096                __hci_req_update_scan_rsp_data(&req, cp->instance);
8097                __hci_req_enable_ext_advertising(&req, cp->instance);
8098
8099        } else {
8100                /* If using software rotation, determine next instance to use */
8101
8102                if (hdev->cur_adv_instance == cp->instance) {
8103                        /* If the currently advertised instance is being changed
8104                         * then cancel the current advertising and schedule the
8105                         * next instance. If there is only one instance then the
8106                         * overridden advertising data will be visible right
8107                         * away
8108                         */
8109                        cancel_adv_timeout(hdev);
8110
8111                        next_instance = hci_get_next_instance(hdev,
8112                                                              cp->instance);
8113                        if (next_instance)
8114                                schedule_instance = next_instance->instance;
8115                } else if (!hdev->adv_instance_timeout) {
8116                        /* Immediately advertise the new instance if no other
8117                         * instance is currently being advertised.
8118                         */
8119                        schedule_instance = cp->instance;
8120                }
8121
8122                /* If the HCI_ADVERTISING flag is set or there is no instance to
8123                 * be advertised then we have no HCI communication to make.
8124                 * Simply return.
8125                 */
8126                if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8127                    !schedule_instance) {
8128                        if (adv_instance->pending) {
8129                                mgmt_advertising_added(sk, hdev, cp->instance);
8130                                adv_instance->pending = false;
8131                        }
8132                        rp.instance = cp->instance;
8133                        err = mgmt_cmd_complete(sk, hdev->id,
8134                                                MGMT_OP_ADD_EXT_ADV_DATA,
8135                                                MGMT_STATUS_SUCCESS, &rp,
8136                                                sizeof(rp));
8137                        goto unlock;
8138                }
8139
8140                err = __hci_req_schedule_adv_instance(&req, schedule_instance,
8141                                                      true);
8142        }
8143
8144        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
8145                               data_len);
8146        if (!cmd) {
8147                err = -ENOMEM;
8148                goto clear_new_instance;
8149        }
8150
8151        if (!err)
8152                err = hci_req_run(&req, add_advertising_complete);
8153
8154        if (err < 0) {
8155                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8156                                      MGMT_STATUS_FAILED);
8157                mgmt_pending_remove(cmd);
8158                goto clear_new_instance;
8159        }
8160
8161        /* We were successful in updating data, so trigger advertising_added
8162         * event if this is an instance that wasn't previously advertising. If
8163         * a failure occurs in the requests we initiated, we will remove the
8164         * instance again in add_advertising_complete
8165         */
8166        if (adv_instance->pending)
8167                mgmt_advertising_added(sk, hdev, cp->instance);
8168
8169        goto unlock;
8170
8171clear_new_instance:
8172        hci_remove_adv_instance(hdev, cp->instance);
8173
8174unlock:
8175        hci_dev_unlock(hdev);
8176
8177        return err;
8178}
8179
8180static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
8181                                        u16 opcode)
8182{
8183        struct mgmt_pending_cmd *cmd;
8184        struct mgmt_cp_remove_advertising *cp;
8185        struct mgmt_rp_remove_advertising rp;
8186
8187        bt_dev_dbg(hdev, "status %u", status);
8188
8189        hci_dev_lock(hdev);
8190
8191        /* A failure status here only means that we failed to disable
8192         * advertising. Otherwise, the advertising instance has been removed,
8193         * so report success.
8194         */
8195        cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
8196        if (!cmd)
8197                goto unlock;
8198
8199        cp = cmd->param;
8200        rp.instance = cp->instance;
8201
8202        mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
8203                          &rp, sizeof(rp));
8204        mgmt_pending_remove(cmd);
8205
8206unlock:
8207        hci_dev_unlock(hdev);
8208}
8209
8210static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8211                              void *data, u16 data_len)
8212{
8213        struct mgmt_cp_remove_advertising *cp = data;
8214        struct mgmt_rp_remove_advertising rp;
8215        struct mgmt_pending_cmd *cmd;
8216        struct hci_request req;
8217        int err;
8218
8219        bt_dev_dbg(hdev, "sock %p", sk);
8220
8221        /* Enabling the experimental LL Privay support disables support for
8222         * advertising.
8223         */
8224        if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
8225                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
8226                                       MGMT_STATUS_NOT_SUPPORTED);
8227
8228        hci_dev_lock(hdev);
8229
8230        if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
8231                err = mgmt_cmd_status(sk, hdev->id,
8232                                      MGMT_OP_REMOVE_ADVERTISING,
8233                                      MGMT_STATUS_INVALID_PARAMS);
8234                goto unlock;
8235        }
8236
8237        if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
8238            pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
8239            pending_find(MGMT_OP_SET_LE, hdev)) {
8240                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8241                                      MGMT_STATUS_BUSY);
8242                goto unlock;
8243        }
8244
8245        if (list_empty(&hdev->adv_instances)) {
8246                err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8247                                      MGMT_STATUS_INVALID_PARAMS);
8248                goto unlock;
8249        }
8250
8251        hci_req_init(&req, hdev);
8252
8253        /* If we use extended advertising, instance is disabled and removed */
8254        if (ext_adv_capable(hdev)) {
8255                __hci_req_disable_ext_adv_instance(&req, cp->instance);
8256                __hci_req_remove_ext_adv_instance(&req, cp->instance);
8257        }
8258
8259        hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
8260
8261        if (list_empty(&hdev->adv_instances))
8262                __hci_req_disable_advertising(&req);
8263
8264        /* If no HCI commands have been collected so far or the HCI_ADVERTISING
8265         * flag is set or the device isn't powered then we have no HCI
8266         * communication to make. Simply return.
8267         */
8268        if (skb_queue_empty(&req.cmd_q) ||
8269            !hdev_is_powered(hdev) ||
8270            hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
8271                hci_req_purge(&req);
8272                rp.instance = cp->instance;
8273                err = mgmt_cmd_complete(sk, hdev->id,
8274                                        MGMT_OP_REMOVE_ADVERTISING,
8275                                        MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8276                goto unlock;
8277        }
8278
8279        cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
8280                               data_len);
8281        if (!cmd) {
8282                err = -ENOMEM;
8283                goto unlock;
8284        }
8285
8286        err = hci_req_run(&req, remove_advertising_complete);
8287        if (err < 0)
8288                mgmt_pending_remove(cmd);
8289
8290unlock:
8291        hci_dev_unlock(hdev);
8292
8293        return err;
8294}
8295
8296static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8297                             void *data, u16 data_len)
8298{
8299        struct mgmt_cp_get_adv_size_info *cp = data;
8300        struct mgmt_rp_get_adv_size_info rp;
8301        u32 flags, supported_flags;
8302        int err;
8303
8304        bt_dev_dbg(hdev, "sock %p", sk);
8305
8306        if (!lmp_le_capable(hdev))
8307                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8308                                       MGMT_STATUS_REJECTED);
8309
8310        if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8311                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8312                                       MGMT_STATUS_INVALID_PARAMS);
8313
8314        flags = __le32_to_cpu(cp->flags);
8315
8316        /* The current implementation only supports a subset of the specified
8317         * flags.
8318         */
8319        supported_flags = get_supported_adv_flags(hdev);
8320        if (flags & ~supported_flags)
8321                return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8322                                       MGMT_STATUS_INVALID_PARAMS);
8323
8324        rp.instance = cp->instance;
8325        rp.flags = cp->flags;
8326        rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8327        rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8328
8329        err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8330                                MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8331
8332        return err;
8333}
8334
8335static const struct hci_mgmt_handler mgmt_handlers[] = {
8336        { NULL }, /* 0x0000 (no command) */
8337        { read_version,            MGMT_READ_VERSION_SIZE,
8338                                                HCI_MGMT_NO_HDEV |
8339                                                HCI_MGMT_UNTRUSTED },
8340        { read_commands,           MGMT_READ_COMMANDS_SIZE,
8341                                                HCI_MGMT_NO_HDEV |
8342                                                HCI_MGMT_UNTRUSTED },
8343        { read_index_list,         MGMT_READ_INDEX_LIST_SIZE,
8344                                                HCI_MGMT_NO_HDEV |
8345                                                HCI_MGMT_UNTRUSTED },
8346        { read_controller_info,    MGMT_READ_INFO_SIZE,
8347                                                HCI_MGMT_UNTRUSTED },
8348        { set_powered,             MGMT_SETTING_SIZE },
8349        { set_discoverable,        MGMT_SET_DISCOVERABLE_SIZE },
8350        { set_connectable,         MGMT_SETTING_SIZE },
8351        { set_fast_connectable,    MGMT_SETTING_SIZE },
8352        { set_bondable,            MGMT_SETTING_SIZE },
8353        { set_link_security,       MGMT_SETTING_SIZE },
8354        { set_ssp,                 MGMT_SETTING_SIZE },
8355        { set_hs,                  MGMT_SETTING_SIZE },
8356        { set_le,                  MGMT_SETTING_SIZE },
8357        { set_dev_class,           MGMT_SET_DEV_CLASS_SIZE },
8358        { set_local_name,          MGMT_SET_LOCAL_NAME_SIZE },
8359        { add_uuid,                MGMT_ADD_UUID_SIZE },
8360        { remove_uuid,             MGMT_REMOVE_UUID_SIZE },
8361        { load_link_keys,          MGMT_LOAD_LINK_KEYS_SIZE,
8362                                                HCI_MGMT_VAR_LEN },
8363        { load_long_term_keys,     MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8364                                                HCI_MGMT_VAR_LEN },
8365        { disconnect,              MGMT_DISCONNECT_SIZE },
8366        { get_connections,         MGMT_GET_CONNECTIONS_SIZE },
8367        { pin_code_reply,          MGMT_PIN_CODE_REPLY_SIZE },
8368        { pin_code_neg_reply,      MGMT_PIN_CODE_NEG_REPLY_SIZE },
8369        { set_io_capability,       MGMT_SET_IO_CAPABILITY_SIZE },
8370        { pair_device,             MGMT_PAIR_DEVICE_SIZE },
8371        { cancel_pair_device,      MGMT_CANCEL_PAIR_DEVICE_SIZE },
8372        { unpair_device,           MGMT_UNPAIR_DEVICE_SIZE },
8373        { user_confirm_reply,      MGMT_USER_CONFIRM_REPLY_SIZE },
8374        { user_confirm_neg_reply,  MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8375        { user_passkey_reply,      MGMT_USER_PASSKEY_REPLY_SIZE },
8376        { user_passkey_neg_reply,  MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8377        { read_local_oob_data,     MGMT_READ_LOCAL_OOB_DATA_SIZE },
8378        { add_remote_oob_data,     MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8379                                                HCI_MGMT_VAR_LEN },
8380        { remove_remote_oob_data,  MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8381        { start_discovery,         MGMT_START_DISCOVERY_SIZE },
8382        { stop_discovery,          MGMT_STOP_DISCOVERY_SIZE },
8383        { confirm_name,            MGMT_CONFIRM_NAME_SIZE },
8384        { block_device,            MGMT_BLOCK_DEVICE_SIZE },
8385        { unblock_device,          MGMT_UNBLOCK_DEVICE_SIZE },
8386        { set_device_id,           MGMT_SET_DEVICE_ID_SIZE },
8387        { set_advertising,         MGMT_SETTING_SIZE },
8388        { set_bredr,               MGMT_SETTING_SIZE },
8389        { set_static_address,      MGMT_SET_STATIC_ADDRESS_SIZE },
8390        { set_scan_params,         MGMT_SET_SCAN_PARAMS_SIZE },
8391        { set_secure_conn,         MGMT_SETTING_SIZE },
8392        { set_debug_keys,          MGMT_SETTING_SIZE },
8393        { set_privacy,             MGMT_SET_PRIVACY_SIZE },
8394        { load_irks,               MGMT_LOAD_IRKS_SIZE,
8395                                                HCI_MGMT_VAR_LEN },
8396        { get_conn_info,           MGMT_GET_CONN_INFO_SIZE },
8397        { get_clock_info,          MGMT_GET_CLOCK_INFO_SIZE },
8398        { add_device,              MGMT_ADD_DEVICE_SIZE },
8399        { remove_device,           MGMT_REMOVE_DEVICE_SIZE },
8400        { load_conn_param,         MGMT_LOAD_CONN_PARAM_SIZE,
8401                                                HCI_MGMT_VAR_LEN },
8402        { read_unconf_index_list,  MGMT_READ_UNCONF_INDEX_LIST_SIZE,
8403                                                HCI_MGMT_NO_HDEV |
8404                                                HCI_MGMT_UNTRUSTED },
8405        { read_config_info,        MGMT_READ_CONFIG_INFO_SIZE,
8406                                                HCI_MGMT_UNCONFIGURED |
8407                                                HCI_MGMT_UNTRUSTED },
8408        { set_external_config,     MGMT_SET_EXTERNAL_CONFIG_SIZE,
8409                                                HCI_MGMT_UNCONFIGURED },
8410        { set_public_address,      MGMT_SET_PUBLIC_ADDRESS_SIZE,
8411                                                HCI_MGMT_UNCONFIGURED },
8412        { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8413                                                HCI_MGMT_VAR_LEN },
8414        { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
8415        { read_ext_index_list,     MGMT_READ_EXT_INDEX_LIST_SIZE,
8416                                                HCI_MGMT_NO_HDEV |
8417                                                HCI_MGMT_UNTRUSTED },
8418        { read_adv_features,       MGMT_READ_ADV_FEATURES_SIZE },
8419        { add_advertising,         MGMT_ADD_ADVERTISING_SIZE,
8420                                                HCI_MGMT_VAR_LEN },
8421        { remove_advertising,      MGMT_REMOVE_ADVERTISING_SIZE },
8422        { get_adv_size_info,       MGMT_GET_ADV_SIZE_INFO_SIZE },
8423        { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
8424        { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8425                                                HCI_MGMT_UNTRUSTED },
8426        { set_appearance,          MGMT_SET_APPEARANCE_SIZE },
8427        { get_phy_configuration,   MGMT_GET_PHY_CONFIGURATION_SIZE },
8428        { set_phy_configuration,   MGMT_SET_PHY_CONFIGURATION_SIZE },
8429        { set_blocked_keys,        MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8430                                                HCI_MGMT_VAR_LEN },
8431        { set_wideband_speech,     MGMT_SETTING_SIZE },
8432        { read_controller_cap,     MGMT_READ_CONTROLLER_CAP_SIZE,
8433                                                HCI_MGMT_UNTRUSTED },
8434        { read_exp_features_info,  MGMT_READ_EXP_FEATURES_INFO_SIZE,
8435                                                HCI_MGMT_UNTRUSTED |
8436                                                HCI_MGMT_HDEV_OPTIONAL },
8437        { set_exp_feature,         MGMT_SET_EXP_FEATURE_SIZE,
8438                                                HCI_MGMT_VAR_LEN |
8439                                                HCI_MGMT_HDEV_OPTIONAL },
8440        { read_def_system_config,  MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8441                                                HCI_MGMT_UNTRUSTED },
8442        { set_def_system_config,   MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8443                                                HCI_MGMT_VAR_LEN },
8444        { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8445                                                HCI_MGMT_UNTRUSTED },
8446        { set_def_runtime_config,  MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8447                                                HCI_MGMT_VAR_LEN },
8448        { get_device_flags,        MGMT_GET_DEVICE_FLAGS_SIZE },
8449        { set_device_flags,        MGMT_SET_DEVICE_FLAGS_SIZE },
8450        { read_adv_mon_features,   MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
8451        { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8452                                                HCI_MGMT_VAR_LEN },
8453        { remove_adv_monitor,      MGMT_REMOVE_ADV_MONITOR_SIZE },
8454        { add_ext_adv_params,      MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8455                                                HCI_MGMT_VAR_LEN },
8456        { add_ext_adv_data,        MGMT_ADD_EXT_ADV_DATA_SIZE,
8457                                                HCI_MGMT_VAR_LEN },
8458        { add_adv_patterns_monitor_rssi,
8459                                   MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8460                                                HCI_MGMT_VAR_LEN },
8461};
8462
8463void mgmt_index_added(struct hci_dev *hdev)
8464{
8465        struct mgmt_ev_ext_index ev;
8466
8467        if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8468                return;
8469
8470        switch (hdev->dev_type) {
8471        case HCI_PRIMARY:
8472                if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8473                        mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8474                                         NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8475                        ev.type = 0x01;
8476                } else {
8477                        mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8478                                         HCI_MGMT_INDEX_EVENTS);
8479                        ev.type = 0x00;
8480                }
8481                break;
8482        case HCI_AMP:
8483                ev.type = 0x02;
8484                break;
8485        default:
8486                return;
8487        }
8488
8489        ev.bus = hdev->bus;
8490
8491        mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8492                         HCI_MGMT_EXT_INDEX_EVENTS);
8493}
8494
8495void mgmt_index_removed(struct hci_dev *hdev)
8496{
8497        struct mgmt_ev_ext_index ev;
8498        u8 status = MGMT_STATUS_INVALID_INDEX;
8499
8500        if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8501                return;
8502
8503        switch (hdev->dev_type) {
8504        case HCI_PRIMARY:
8505                mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8506
8507                if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8508                        mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8509                                         NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8510                        ev.type = 0x01;
8511                } else {
8512                        mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8513                                         HCI_MGMT_INDEX_EVENTS);
8514                        ev.type = 0x00;
8515                }
8516                break;
8517        case HCI_AMP:
8518                ev.type = 0x02;
8519                break;
8520        default:
8521                return;
8522        }
8523
8524        ev.bus = hdev->bus;
8525
8526        mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8527                         HCI_MGMT_EXT_INDEX_EVENTS);
8528}
8529
8530/* This function requires the caller holds hdev->lock */
8531static void restart_le_actions(struct hci_dev *hdev)
8532{
8533        struct hci_conn_params *p;
8534
8535        list_for_each_entry(p, &hdev->le_conn_params, list) {
8536                /* Needed for AUTO_OFF case where might not "really"
8537                 * have been powered off.
8538                 */
8539                list_del_init(&p->action);
8540
8541                switch (p->auto_connect) {
8542                case HCI_AUTO_CONN_DIRECT:
8543                case HCI_AUTO_CONN_ALWAYS:
8544                        list_add(&p->action, &hdev->pend_le_conns);
8545                        break;
8546                case HCI_AUTO_CONN_REPORT:
8547                        list_add(&p->action, &hdev->pend_le_reports);
8548                        break;
8549                default:
8550                        break;
8551                }
8552        }
8553}
8554
8555void mgmt_power_on(struct hci_dev *hdev, int err)
8556{
8557        struct cmd_lookup match = { NULL, hdev };
8558
8559        bt_dev_dbg(hdev, "err %d", err);
8560
8561        hci_dev_lock(hdev);
8562
8563        if (!err) {
8564                restart_le_actions(hdev);
8565                hci_update_background_scan(hdev);
8566        }
8567
8568        mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8569
8570        new_settings(hdev, match.sk);
8571
8572        if (match.sk)
8573                sock_put(match.sk);
8574
8575        hci_dev_unlock(hdev);
8576}
8577
8578void __mgmt_power_off(struct hci_dev *hdev)
8579{
8580        struct cmd_lookup match = { NULL, hdev };
8581        u8 status, zero_cod[] = { 0, 0, 0 };
8582
8583        mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8584
8585        /* If the power off is because of hdev unregistration let
8586         * use the appropriate INVALID_INDEX status. Otherwise use
8587         * NOT_POWERED. We cover both scenarios here since later in
8588         * mgmt_index_removed() any hci_conn callbacks will have already
8589         * been triggered, potentially causing misleading DISCONNECTED
8590         * status responses.
8591         */
8592        if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
8593                status = MGMT_STATUS_INVALID_INDEX;
8594        else
8595                status = MGMT_STATUS_NOT_POWERED;
8596
8597        mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8598
8599        if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
8600                mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8601                                   zero_cod, sizeof(zero_cod),
8602                                   HCI_MGMT_DEV_CLASS_EVENTS, NULL);
8603                ext_info_changed(hdev, NULL);
8604        }
8605
8606        new_settings(hdev, match.sk);
8607
8608        if (match.sk)
8609                sock_put(match.sk);
8610}
8611
8612void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8613{
8614        struct mgmt_pending_cmd *cmd;
8615        u8 status;
8616
8617        cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8618        if (!cmd)
8619                return;
8620
8621        if (err == -ERFKILL)
8622                status = MGMT_STATUS_RFKILLED;
8623        else
8624                status = MGMT_STATUS_FAILED;
8625
8626        mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8627
8628        mgmt_pending_remove(cmd);
8629}
8630
8631void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8632                       bool persistent)
8633{
8634        struct mgmt_ev_new_link_key ev;
8635
8636        memset(&ev, 0, sizeof(ev));
8637
8638        ev.store_hint = persistent;
8639        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8640        ev.key.addr.type = BDADDR_BREDR;
8641        ev.key.type = key->type;
8642        memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8643        ev.key.pin_len = key->pin_len;
8644
8645        mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8646}
8647
8648static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8649{
8650        switch (ltk->type) {
8651        case SMP_LTK:
8652        case SMP_LTK_RESPONDER:
8653                if (ltk->authenticated)
8654                        return MGMT_LTK_AUTHENTICATED;
8655                return MGMT_LTK_UNAUTHENTICATED;
8656        case SMP_LTK_P256:
8657                if (ltk->authenticated)
8658                        return MGMT_LTK_P256_AUTH;
8659                return MGMT_LTK_P256_UNAUTH;
8660        case SMP_LTK_P256_DEBUG:
8661                return MGMT_LTK_P256_DEBUG;
8662        }
8663
8664        return MGMT_LTK_UNAUTHENTICATED;
8665}
8666
8667void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8668{
8669        struct mgmt_ev_new_long_term_key ev;
8670
8671        memset(&ev, 0, sizeof(ev));
8672
8673        /* Devices using resolvable or non-resolvable random addresses
8674         * without providing an identity resolving key don't require
8675         * to store long term keys. Their addresses will change the
8676         * next time around.
8677         *
8678         * Only when a remote device provides an identity address
8679         * make sure the long term key is stored. If the remote
8680         * identity is known, the long term keys are internally
8681         * mapped to the identity address. So allow static random
8682         * and public addresses here.
8683         */
8684        if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8685            (key->bdaddr.b[5] & 0xc0) != 0xc0)
8686                ev.store_hint = 0x00;
8687        else
8688                ev.store_hint = persistent;
8689
8690        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8691        ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8692        ev.key.type = mgmt_ltk_type(key);
8693        ev.key.enc_size = key->enc_size;
8694        ev.key.ediv = key->ediv;
8695        ev.key.rand = key->rand;
8696
8697        if (key->type == SMP_LTK)
8698                ev.key.initiator = 1;
8699
8700        /* Make sure we copy only the significant bytes based on the
8701         * encryption key size, and set the rest of the value to zeroes.
8702         */
8703        memcpy(ev.key.val, key->val, key->enc_size);
8704        memset(ev.key.val + key->enc_size, 0,
8705               sizeof(ev.key.val) - key->enc_size);
8706
8707        mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8708}
8709
8710void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
8711{
8712        struct mgmt_ev_new_irk ev;
8713
8714        memset(&ev, 0, sizeof(ev));
8715
8716        ev.store_hint = persistent;
8717
8718        bacpy(&ev.rpa, &irk->rpa);
8719        bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8720        ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8721        memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8722
8723        mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8724}
8725
8726void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8727                   bool persistent)
8728{
8729        struct mgmt_ev_new_csrk ev;
8730
8731        memset(&ev, 0, sizeof(ev));
8732
8733        /* Devices using resolvable or non-resolvable random addresses
8734         * without providing an identity resolving key don't require
8735         * to store signature resolving keys. Their addresses will change
8736         * the next time around.
8737         *
8738         * Only when a remote device provides an identity address
8739         * make sure the signature resolving key is stored. So allow
8740         * static random and public addresses here.
8741         */
8742        if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8743            (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8744                ev.store_hint = 0x00;
8745        else
8746                ev.store_hint = persistent;
8747
8748        bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8749        ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8750        ev.key.type = csrk->type;
8751        memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8752
8753        mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8754}
8755
8756void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8757                         u8 bdaddr_type, u8 store_hint, u16 min_interval,
8758                         u16 max_interval, u16 latency, u16 timeout)
8759{
8760        struct mgmt_ev_new_conn_param ev;
8761
8762        if (!hci_is_identity_address(bdaddr, bdaddr_type))
8763                return;
8764
8765        memset(&ev, 0, sizeof(ev));
8766        bacpy(&ev.addr.bdaddr, bdaddr);
8767        ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8768        ev.store_hint = store_hint;
8769        ev.min_interval = cpu_to_le16(min_interval);
8770        ev.max_interval = cpu_to_le16(max_interval);
8771        ev.latency = cpu_to_le16(latency);
8772        ev.timeout = cpu_to_le16(timeout);
8773
8774        mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8775}
8776
8777void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8778                           u8 *name, u8 name_len)
8779{
8780        char buf[512];
8781        struct mgmt_ev_device_connected *ev = (void *) buf;
8782        u16 eir_len = 0;
8783        u32 flags = 0;
8784
8785        bacpy(&ev->addr.bdaddr, &conn->dst);
8786        ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8787
8788        if (conn->out)
8789                flags |= MGMT_DEV_FOUND_INITIATED_CONN;
8790
8791        ev->flags = __cpu_to_le32(flags);
8792
8793        /* We must ensure that the EIR Data fields are ordered and
8794         * unique. Keep it simple for now and avoid the problem by not
8795         * adding any BR/EDR data to the LE adv.
8796         */
8797        if (conn->le_adv_data_len > 0) {
8798                memcpy(&ev->eir[eir_len],
8799                       conn->le_adv_data, conn->le_adv_data_len);
8800                eir_len = conn->le_adv_data_len;
8801        } else {
8802                if (name_len > 0)
8803                        eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8804                                                  name, name_len);
8805
8806                if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8807                        eir_len = eir_append_data(ev->eir, eir_len,
8808                                                  EIR_CLASS_OF_DEV,
8809                                                  conn->dev_class, 3);
8810        }
8811
8812        ev->eir_len = cpu_to_le16(eir_len);
8813
8814        mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8815                    sizeof(*ev) + eir_len, NULL);
8816}
8817
8818static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8819{
8820        struct sock **sk = data;
8821
8822        cmd->cmd_complete(cmd, 0);
8823
8824        *sk = cmd->sk;
8825        sock_hold(*sk);
8826
8827        mgmt_pending_remove(cmd);
8828}
8829
8830static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8831{
8832        struct hci_dev *hdev = data;
8833        struct mgmt_cp_unpair_device *cp = cmd->param;
8834
8835        device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8836
8837        cmd->cmd_complete(cmd, 0);
8838        mgmt_pending_remove(cmd);
8839}
8840
8841bool mgmt_powering_down(struct hci_dev *hdev)
8842{
8843        struct mgmt_pending_cmd *cmd;
8844        struct mgmt_mode *cp;
8845
8846        cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8847        if (!cmd)
8848                return false;
8849
8850        cp = cmd->param;
8851        if (!cp->val)
8852                return true;
8853
8854        return false;
8855}
8856
8857void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8858                              u8 link_type, u8 addr_type, u8 reason,
8859                              bool mgmt_connected)
8860{
8861        struct mgmt_ev_device_disconnected ev;
8862        struct sock *sk = NULL;
8863
8864        /* The connection is still in hci_conn_hash so test for 1
8865         * instead of 0 to know if this is the last one.
8866         */
8867        if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8868                cancel_delayed_work(&hdev->power_off);
8869                queue_work(hdev->req_workqueue, &hdev->power_off.work);
8870        }
8871
8872        if (!mgmt_connected)
8873                return;
8874
8875        if (link_type != ACL_LINK && link_type != LE_LINK)
8876                return;
8877
8878        mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8879
8880        bacpy(&ev.addr.bdaddr, bdaddr);
8881        ev.addr.type = link_to_bdaddr(link_type, addr_type);
8882        ev.reason = reason;
8883
8884        /* Report disconnects due to suspend */
8885        if (hdev->suspended)
8886                ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
8887
8888        mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8889
8890        if (sk)
8891                sock_put(sk);
8892
8893        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8894                             hdev);
8895}
8896
8897void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8898                            u8 link_type, u8 addr_type, u8 status)
8899{
8900        u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8901        struct mgmt_cp_disconnect *cp;
8902        struct mgmt_pending_cmd *cmd;
8903
8904        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8905                             hdev);
8906
8907        cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8908        if (!cmd)
8909                return;
8910
8911        cp = cmd->param;
8912
8913        if (bacmp(bdaddr, &cp->addr.bdaddr))
8914                return;
8915
8916        if (cp->addr.type != bdaddr_type)
8917                return;
8918
8919        cmd->cmd_complete(cmd, mgmt_status(status));
8920        mgmt_pending_remove(cmd);
8921}
8922
8923void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8924                         u8 addr_type, u8 status)
8925{
8926        struct mgmt_ev_connect_failed ev;
8927
8928        /* The connection is still in hci_conn_hash so test for 1
8929         * instead of 0 to know if this is the last one.
8930         */
8931        if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8932                cancel_delayed_work(&hdev->power_off);
8933                queue_work(hdev->req_workqueue, &hdev->power_off.work);
8934        }
8935
8936        bacpy(&ev.addr.bdaddr, bdaddr);
8937        ev.addr.type = link_to_bdaddr(link_type, addr_type);
8938        ev.status = mgmt_status(status);
8939
8940        mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8941}
8942
8943void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8944{
8945        struct mgmt_ev_pin_code_request ev;
8946
8947        bacpy(&ev.addr.bdaddr, bdaddr);
8948        ev.addr.type = BDADDR_BREDR;
8949        ev.secure = secure;
8950
8951        mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8952}
8953
8954void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8955                                  u8 status)
8956{
8957        struct mgmt_pending_cmd *cmd;
8958
8959        cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8960        if (!cmd)
8961                return;
8962
8963        cmd->cmd_complete(cmd, mgmt_status(status));
8964        mgmt_pending_remove(cmd);
8965}
8966
8967void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8968                                      u8 status)
8969{
8970        struct mgmt_pending_cmd *cmd;
8971
8972        cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8973        if (!cmd)
8974                return;
8975
8976        cmd->cmd_complete(cmd, mgmt_status(status));
8977        mgmt_pending_remove(cmd);
8978}
8979
8980int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8981                              u8 link_type, u8 addr_type, u32 value,
8982                              u8 confirm_hint)
8983{
8984        struct mgmt_ev_user_confirm_request ev;
8985
8986        bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8987
8988        bacpy(&ev.addr.bdaddr, bdaddr);
8989        ev.addr.type = link_to_bdaddr(link_type, addr_type);
8990        ev.confirm_hint = confirm_hint;
8991        ev.value = cpu_to_le32(value);
8992
8993        return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8994                          NULL);
8995}
8996
8997int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8998                              u8 link_type, u8 addr_type)
8999{
9000        struct mgmt_ev_user_passkey_request ev;

9001
9002        bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9003
9004        bacpy(&ev.addr.bdaddr, bdaddr);
9005        ev.addr.type = link_to_bdaddr(link_type, addr_type);
9006
9007        return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
9008                          NULL);
9009}
9010
9011static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9012                                      u8 link_type, u8 addr_type, u8 status,
9013                                      u8 opcode)
9014{
9015        struct mgmt_pending_cmd *cmd;
9016
9017        cmd = pending_find(opcode, hdev);
9018        if (!cmd)
9019                return -ENOENT;
9020
9021        cmd->cmd_complete(cmd, mgmt_status(status));
9022        mgmt_pending_remove(cmd);
9023
9024        return 0;
9025}
9026
9027int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9028                                     u8 link_type, u8 addr_type, u8 status)
9029{
9030        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9031                                          status, MGMT_OP_USER_CONFIRM_REPLY);
9032}
9033
9034int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9035                                         u8 link_type, u8 addr_type, u8 status)
9036{
9037        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9038                                          status,
9039                                          MGMT_OP_USER_CONFIRM_NEG_REPLY);
9040}
9041
9042int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9043                                     u8 link_type, u8 addr_type, u8 status)
9044{
9045        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9046                                          status, MGMT_OP_USER_PASSKEY_REPLY);
9047}
9048
9049int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9050                                         u8 link_type, u8 addr_type, u8 status)
9051{
9052        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9053                                          status,
9054                                          MGMT_OP_USER_PASSKEY_NEG_REPLY);
9055}
9056
9057int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9058                             u8 link_type, u8 addr_type, u32 passkey,
9059                             u8 entered)
9060{
9061        struct mgmt_ev_passkey_notify ev;
9062
9063        bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9064
9065        bacpy(&ev.addr.bdaddr, bdaddr);
9066        ev.addr.type = link_to_bdaddr(link_type, addr_type);
9067        ev.passkey = __cpu_to_le32(passkey);
9068        ev.entered = entered;
9069
9070        return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9071}
9072
9073void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9074{
9075        struct mgmt_ev_auth_failed ev;
9076        struct mgmt_pending_cmd *cmd;
9077        u8 status = mgmt_status(hci_status);
9078
9079        bacpy(&ev.addr.bdaddr, &conn->dst);
9080        ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9081        ev.status = status;
9082
9083        cmd = find_pairing(conn);
9084
9085        mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9086                    cmd ? cmd->sk : NULL);
9087
9088        if (cmd) {
9089                cmd->cmd_complete(cmd, status);
9090                mgmt_pending_remove(cmd);
9091        }
9092}
9093
9094void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9095{
9096        struct cmd_lookup match = { NULL, hdev };
9097        bool changed;
9098
9099        if (status) {
9100                u8 mgmt_err = mgmt_status(status);
9101                mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9102                                     cmd_status_rsp, &mgmt_err);
9103                return;
9104        }
9105
9106        if (test_bit(HCI_AUTH, &hdev->flags))
9107                changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
9108        else
9109                changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
9110
9111        mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9112                             &match);
9113
9114        if (changed)
9115                new_settings(hdev, match.sk);
9116
9117        if (match.sk)
9118                sock_put(match.sk);
9119}
9120
9121static void clear_eir(struct hci_request *req)
9122{
9123        struct hci_dev *hdev = req->hdev;
9124        struct hci_cp_write_eir cp;
9125
9126        if (!lmp_ext_inq_capable(hdev))
9127                return;
9128
9129        memset(hdev->eir, 0, sizeof(hdev->eir));
9130
9131        memset(&cp, 0, sizeof(cp));
9132
9133        hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9134}
9135
9136void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9137{
9138        struct cmd_lookup match = { NULL, hdev };
9139        struct hci_request req;
9140        bool changed = false;
9141
9142        if (status) {
9143                u8 mgmt_err = mgmt_status(status);
9144
9145                if (enable && hci_dev_test_and_clear_flag(hdev,
9146                                                          HCI_SSP_ENABLED)) {
9147                        hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9148                        new_settings(hdev, NULL);
9149                }
9150
9151                mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9152                                     &mgmt_err);
9153                return;
9154        }
9155
9156        if (enable) {
9157                changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
9158        } else {
9159                changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9160                if (!changed)
9161                        changed = hci_dev_test_and_clear_flag(hdev,
9162                                                              HCI_HS_ENABLED);
9163                else
9164                        hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
9165        }
9166
9167        mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9168
9169        if (changed)
9170                new_settings(hdev, match.sk);
9171
9172        if (match.sk)
9173                sock_put(match.sk);
9174
9175        hci_req_init(&req, hdev);
9176
9177        if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9178                if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
9179                        hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9180                                    sizeof(enable), &enable);
9181                __hci_req_update_eir(&req);
9182        } else {
9183                clear_eir(&req);
9184        }
9185
9186        hci_req_run(&req, NULL);
9187}
9188
9189static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
9190{
9191        struct cmd_lookup *match = data;
9192
9193        if (match->sk == NULL) {
9194                match->sk = cmd->sk;
9195                sock_hold(match->sk);
9196        }
9197}
9198
9199void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9200                                    u8 status)
9201{
9202        struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9203
9204        mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9205        mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9206        mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9207
9208        if (!status) {
9209                mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9210                                   3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9211                ext_info_changed(hdev, NULL);
9212        }
9213
9214        if (match.sk)
9215                sock_put(match.sk);
9216}
9217
9218void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9219{
9220        struct mgmt_cp_set_local_name ev;
9221        struct mgmt_pending_cmd *cmd;
9222
9223        if (status)
9224                return;
9225
9226        memset(&ev, 0, sizeof(ev));
9227        memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9228        memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9229
9230        cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9231        if (!cmd) {
9232                memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9233
9234                /* If this is a HCI command related to powering on the
9235                 * HCI dev don't send any mgmt signals.
9236                 */
9237                if (pending_find(MGMT_OP_SET_POWERED, hdev))
9238                        return;
9239        }
9240
9241        mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9242                           HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
9243        ext_info_changed(hdev, cmd ? cmd->sk : NULL);
9244}
9245
9246static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9247{
9248        int i;
9249
9250        for (i = 0; i < uuid_count; i++) {
9251                if (!memcmp(uuid, uuids[i], 16))
9252                        return true;
9253        }
9254
9255        return false;
9256}
9257
9258static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9259{
9260        u16 parsed = 0;
9261
9262        while (parsed < eir_len) {
9263                u8 field_len = eir[0];
9264                u8 uuid[16];
9265                int i;
9266
9267                if (field_len == 0)
9268                        break;
9269
9270                if (eir_len - parsed < field_len + 1)
9271                        break;
9272
9273                switch (eir[1]) {
9274                case EIR_UUID16_ALL:
9275                case EIR_UUID16_SOME:
9276                        for (i = 0; i + 3 <= field_len; i += 2) {
9277                                memcpy(uuid, bluetooth_base_uuid, 16);
9278                                uuid[13] = eir[i + 3];
9279                                uuid[12] = eir[i + 2];
9280                                if (has_uuid(uuid, uuid_count, uuids))
9281                                        return true;
9282                        }
9283                        break;
9284                case EIR_UUID32_ALL:
9285                case EIR_UUID32_SOME:
9286                        for (i = 0; i + 5 <= field_len; i += 4) {
9287                                memcpy(uuid, bluetooth_base_uuid, 16);
9288                                uuid[15] = eir[i + 5];
9289                                uuid[14] = eir[i + 4];
9290                                uuid[13] = eir[i + 3];
9291                                uuid[12] = eir[i + 2];
9292                                if (has_uuid(uuid, uuid_count, uuids))
9293                                        return true;
9294                        }
9295                        break;
9296                case EIR_UUID128_ALL:
9297                case EIR_UUID128_SOME:
9298                        for (i = 0; i + 17 <= field_len; i += 16) {
9299                                memcpy(uuid, eir + i + 2, 16);
9300                                if (has_uuid(uuid, uuid_count, uuids))
9301                                        return true;
9302                        }
9303                        break;
9304                }
9305
9306                parsed += field_len + 1;
9307                eir += field_len + 1;
9308        }
9309
9310        return false;
9311}
9312
9313static void restart_le_scan(struct hci_dev *hdev)
9314{
9315        /* If controller is not scanning we are done. */
9316        if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
9317                return;
9318
9319        if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9320                       hdev->discovery.scan_start +
9321                       hdev->discovery.scan_duration))
9322                return;
9323
9324        queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
9325                           DISCOV_LE_RESTART_DELAY);
9326}
9327
9328static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9329                            u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9330{
9331        /* If a RSSI threshold has been specified, and
9332         * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9333         * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9334         * is set, let it through for further processing, as we might need to
9335         * restart the scan.
9336         *
9337         * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9338         * the results are also dropped.
9339         */
9340        if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9341            (rssi == HCI_RSSI_INVALID ||
9342            (rssi < hdev->discovery.rssi &&
9343             !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
9344                return  false;
9345
9346        if (hdev->discovery.uuid_count != 0) {
9347                /* If a list of UUIDs is provided in filter, results with no
9348                 * matching UUID should be dropped.
9349                 */
9350                if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9351                                   hdev->discovery.uuids) &&
9352                    !eir_has_uuids(scan_rsp, scan_rsp_len,
9353                                   hdev->discovery.uuid_count,
9354                                   hdev->discovery.uuids))
9355                        return false;
9356        }
9357
9358        /* If duplicate filtering does not report RSSI changes, then restart
9359         * scanning to ensure updated result with updated RSSI values.
9360         */
9361        if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9362                restart_le_scan(hdev);
9363
9364                /* Validate RSSI value against the RSSI threshold once more. */
9365                if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9366                    rssi < hdev->discovery.rssi)
9367                        return false;
9368        }
9369
9370        return true;
9371}
9372
9373void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9374                       u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9375                       u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9376{
9377        char buf[512];
9378        struct mgmt_ev_device_found *ev = (void *)buf;
9379        size_t ev_size;
9380
9381        /* Don't send events for a non-kernel initiated discovery. With
9382         * LE one exception is if we have pend_le_reports > 0 in which
9383         * case we're doing passive scanning and want these events.
9384         */
9385        if (!hci_discovery_active(hdev)) {
9386                if (link_type == ACL_LINK)
9387                        return;
9388                if (link_type == LE_LINK &&
9389                    list_empty(&hdev->pend_le_reports) &&
9390                    !hci_is_adv_monitoring(hdev)) {
9391                        return;
9392                }
9393        }
9394
9395        if (hdev->discovery.result_filtering) {
9396                /* We are using service discovery */
9397                if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9398                                     scan_rsp_len))
9399                        return;
9400        }
9401
9402        if (hdev->discovery.limited) {
9403                /* Check for limited discoverable bit */
9404                if (dev_class) {
9405                        if (!(dev_class[1] & 0x20))
9406                                return;
9407                } else {
9408                        u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9409                        if (!flags || !(flags[0] & LE_AD_LIMITED))
9410                                return;
9411                }
9412        }
9413
9414        /* Make sure that the buffer is big enough. The 5 extra bytes
9415         * are for the potential CoD field.
9416         */
9417        if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9418                return;
9419
9420        memset(buf, 0, sizeof(buf));
9421
9422        /* In case of device discovery with BR/EDR devices (pre 1.2), the
9423         * RSSI value was reported as 0 when not available. This behavior
9424         * is kept when using device discovery. This is required for full
9425         * backwards compatibility with the API.
9426         *
9427         * However when using service discovery, the value 127 will be
9428         * returned when the RSSI is not available.
9429         */
9430        if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9431            link_type == ACL_LINK)
9432                rssi = 0;
9433
9434        bacpy(&ev->addr.bdaddr, bdaddr);
9435        ev->addr.type = link_to_bdaddr(link_type, addr_type);
9436        ev->rssi = rssi;
9437        ev->flags = cpu_to_le32(flags);
9438
9439        if (eir_len > 0)
9440                /* Copy EIR or advertising data into event */
9441                memcpy(ev->eir, eir, eir_len);
9442
9443        if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9444                                       NULL))
9445                eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9446                                          dev_class, 3);
9447
9448        if (scan_rsp_len > 0)
9449                /* Append scan response data to event */
9450                memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9451
9452        ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9453        ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9454
9455        mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9456}
9457
9458void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9459                      u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9460{
9461        struct mgmt_ev_device_found *ev;
9462        char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9463        u16 eir_len;
9464
9465        ev = (struct mgmt_ev_device_found *) buf;
9466
9467        memset(buf, 0, sizeof(buf));
9468
9469        bacpy(&ev->addr.bdaddr, bdaddr);
9470        ev->addr.type = link_to_bdaddr(link_type, addr_type);
9471        ev->rssi = rssi;
9472
9473        eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9474                                  name_len);
9475
9476        ev->eir_len = cpu_to_le16(eir_len);
9477
9478        mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9479}
9480
9481void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9482{
9483        struct mgmt_ev_discovering ev;
9484
9485        bt_dev_dbg(hdev, "discovering %u", discovering);
9486
9487        memset(&ev, 0, sizeof(ev));
9488        ev.type = hdev->discovery.type;
9489        ev.discovering = discovering;
9490
9491        mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9492}
9493
9494void mgmt_suspending(struct hci_dev *hdev, u8 state)
9495{
9496        struct mgmt_ev_controller_suspend ev;
9497
9498        ev.suspend_state = state;
9499        mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9500}
9501
9502void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9503                   u8 addr_type)
9504{
9505        struct mgmt_ev_controller_resume ev;
9506
9507        ev.wake_reason = reason;
9508        if (bdaddr) {
9509                bacpy(&ev.addr.bdaddr, bdaddr);
9510                ev.addr.type = addr_type;
9511        } else {
9512                memset(&ev.addr, 0, sizeof(ev.addr));
9513        }
9514
9515        mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9516}
9517
9518static struct hci_mgmt_chan chan = {
9519        .channel        = HCI_CHANNEL_CONTROL,
9520        .handler_count  = ARRAY_SIZE(mgmt_handlers),
9521        .handlers       = mgmt_handlers,
9522        .hdev_init      = mgmt_init_hdev,
9523};
9524
9525int mgmt_init(void)
9526{
9527        return hci_mgmt_chan_register(&chan);
9528}
9529
9530void mgmt_exit(void)
9531{
9532        hci_mgmt_chan_unregister(&chan);
9533}
9534
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.