1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 14 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 MGMT_OP_READ_EXT_INFO, 108 MGMT_OP_SET_APPEARANCE, 109 }; 110 111 static const u16 mgmt_events[] = { 112 MGMT_EV_CONTROLLER_ERROR, 113 MGMT_EV_INDEX_ADDED, 114 MGMT_EV_INDEX_REMOVED, 115 MGMT_EV_NEW_SETTINGS, 116 MGMT_EV_CLASS_OF_DEV_CHANGED, 117 MGMT_EV_LOCAL_NAME_CHANGED, 118 MGMT_EV_NEW_LINK_KEY, 119 MGMT_EV_NEW_LONG_TERM_KEY, 120 MGMT_EV_DEVICE_CONNECTED, 121 MGMT_EV_DEVICE_DISCONNECTED, 122 MGMT_EV_CONNECT_FAILED, 123 MGMT_EV_PIN_CODE_REQUEST, 124 MGMT_EV_USER_CONFIRM_REQUEST, 125 MGMT_EV_USER_PASSKEY_REQUEST, 126 MGMT_EV_AUTH_FAILED, 127 MGMT_EV_DEVICE_FOUND, 128 MGMT_EV_DISCOVERING, 129 MGMT_EV_DEVICE_BLOCKED, 130 MGMT_EV_DEVICE_UNBLOCKED, 131 MGMT_EV_DEVICE_UNPAIRED, 132 MGMT_EV_PASSKEY_NOTIFY, 133 MGMT_EV_NEW_IRK, 134 MGMT_EV_NEW_CSRK, 135 MGMT_EV_DEVICE_ADDED, 136 MGMT_EV_DEVICE_REMOVED, 137 MGMT_EV_NEW_CONN_PARAM, 138 MGMT_EV_UNCONF_INDEX_ADDED, 139 MGMT_EV_UNCONF_INDEX_REMOVED, 140 MGMT_EV_NEW_CONFIG_OPTIONS, 141 MGMT_EV_EXT_INDEX_ADDED, 142 MGMT_EV_EXT_INDEX_REMOVED, 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 144 MGMT_EV_ADVERTISING_ADDED, 145 MGMT_EV_ADVERTISING_REMOVED, 146 MGMT_EV_EXT_INFO_CHANGED, 147 }; 148 149 static const u16 mgmt_untrusted_commands[] = { 150 MGMT_OP_READ_INDEX_LIST, 151 MGMT_OP_READ_INFO, 152 MGMT_OP_READ_UNCONF_INDEX_LIST, 153 MGMT_OP_READ_CONFIG_INFO, 154 MGMT_OP_READ_EXT_INDEX_LIST, 155 MGMT_OP_READ_EXT_INFO, 156 }; 157 158 static const u16 mgmt_untrusted_events[] = { 159 MGMT_EV_INDEX_ADDED, 160 MGMT_EV_INDEX_REMOVED, 161 MGMT_EV_NEW_SETTINGS, 162 MGMT_EV_CLASS_OF_DEV_CHANGED, 163 MGMT_EV_LOCAL_NAME_CHANGED, 164 MGMT_EV_UNCONF_INDEX_ADDED, 165 MGMT_EV_UNCONF_INDEX_REMOVED, 166 MGMT_EV_NEW_CONFIG_OPTIONS, 167 MGMT_EV_EXT_INDEX_ADDED, 168 MGMT_EV_EXT_INDEX_REMOVED, 169 MGMT_EV_EXT_INFO_CHANGED, 170 }; 171 172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 173 174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 175 "\x00\x00\x00\x00\x00\x00\x00\x00" 176 177 /* HCI to MGMT error code conversion table */ 178 static u8 mgmt_status_table[] = { 179 MGMT_STATUS_SUCCESS, 180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 182 MGMT_STATUS_FAILED, /* Hardware Failure */ 183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 191 MGMT_STATUS_BUSY, /* Command Disallowed */ 192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 193 MGMT_STATUS_REJECTED, /* Rejected Security */ 194 MGMT_STATUS_REJECTED, /* Rejected Personal */ 195 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 202 MGMT_STATUS_BUSY, /* Repeated Attempts */ 203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 210 MGMT_STATUS_FAILED, /* Unspecified Error */ 211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 217 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 219 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 221 MGMT_STATUS_FAILED, /* Transaction Collision */ 222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 223 MGMT_STATUS_REJECTED, /* QoS Rejected */ 224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 225 MGMT_STATUS_REJECTED, /* Insufficient Security */ 226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 227 MGMT_STATUS_BUSY, /* Role Switch Pending */ 228 MGMT_STATUS_FAILED, /* Slot Violation */ 229 MGMT_STATUS_FAILED, /* Role Switch Failed */ 230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 232 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 234 MGMT_STATUS_BUSY, /* Controller Busy */ 235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 240 }; 241 242 static u8 mgmt_status(u8 hci_status) 243 { 244 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 245 return mgmt_status_table[hci_status]; 246 247 return MGMT_STATUS_FAILED; 248 } 249 250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 251 u16 len, int flag) 252 { 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 254 flag, NULL); 255 } 256 257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 258 u16 len, int flag, struct sock *skip_sk) 259 { 260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 261 flag, skip_sk); 262 } 263 264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 265 struct sock *skip_sk) 266 { 267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 268 HCI_SOCK_TRUSTED, skip_sk); 269 } 270 271 static u8 le_addr_type(u8 mgmt_addr_type) 272 { 273 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 274 return ADDR_LE_DEV_PUBLIC; 275 else 276 return ADDR_LE_DEV_RANDOM; 277 } 278 279 void mgmt_fill_version_info(void *ver) 280 { 281 struct mgmt_rp_read_version *rp = ver; 282 283 rp->version = MGMT_VERSION; 284 rp->revision = cpu_to_le16(MGMT_REVISION); 285 } 286 287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 288 u16 data_len) 289 { 290 struct mgmt_rp_read_version rp; 291 292 BT_DBG("sock %p", sk); 293 294 mgmt_fill_version_info(&rp); 295 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 297 &rp, sizeof(rp)); 298 } 299 300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 301 u16 data_len) 302 { 303 struct mgmt_rp_read_commands *rp; 304 u16 num_commands, num_events; 305 size_t rp_size; 306 int i, err; 307 308 BT_DBG("sock %p", sk); 309 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 311 num_commands = ARRAY_SIZE(mgmt_commands); 312 num_events = ARRAY_SIZE(mgmt_events); 313 } else { 314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 315 num_events = ARRAY_SIZE(mgmt_untrusted_events); 316 } 317 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 319 320 rp = kmalloc(rp_size, GFP_KERNEL); 321 if (!rp) 322 return -ENOMEM; 323 324 rp->num_commands = cpu_to_le16(num_commands); 325 rp->num_events = cpu_to_le16(num_events); 326 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 328 __le16 *opcode = rp->opcodes; 329 330 for (i = 0; i < num_commands; i++, opcode++) 331 put_unaligned_le16(mgmt_commands[i], opcode); 332 333 for (i = 0; i < num_events; i++, opcode++) 334 put_unaligned_le16(mgmt_events[i], opcode); 335 } else { 336 __le16 *opcode = rp->opcodes; 337 338 for (i = 0; i < num_commands; i++, opcode++) 339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 340 341 for (i = 0; i < num_events; i++, opcode++) 342 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 343 } 344 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 346 rp, rp_size); 347 kfree(rp); 348 349 return err; 350 } 351 352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 353 u16 data_len) 354 { 355 struct mgmt_rp_read_index_list *rp; 356 struct hci_dev *d; 357 size_t rp_len; 358 u16 count; 359 int err; 360 361 BT_DBG("sock %p", sk); 362 363 read_lock(&hci_dev_list_lock); 364 365 count = 0; 366 list_for_each_entry(d, &hci_dev_list, list) { 367 if (d->dev_type == HCI_PRIMARY && 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 369 count++; 370 } 371 372 rp_len = sizeof(*rp) + (2 * count); 373 rp = kmalloc(rp_len, GFP_ATOMIC); 374 if (!rp) { 375 read_unlock(&hci_dev_list_lock); 376 return -ENOMEM; 377 } 378 379 count = 0; 380 list_for_each_entry(d, &hci_dev_list, list) { 381 if (hci_dev_test_flag(d, HCI_SETUP) || 382 hci_dev_test_flag(d, HCI_CONFIG) || 383 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 384 continue; 385 386 /* Devices marked as raw-only are neither configured 387 * nor unconfigured controllers. 388 */ 389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 390 continue; 391 392 if (d->dev_type == HCI_PRIMARY && 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 394 rp->index[count++] = cpu_to_le16(d->id); 395 BT_DBG("Added hci%u", d->id); 396 } 397 } 398 399 rp->num_controllers = cpu_to_le16(count); 400 rp_len = sizeof(*rp) + (2 * count); 401 402 read_unlock(&hci_dev_list_lock); 403 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 405 0, rp, rp_len); 406 407 kfree(rp); 408 409 return err; 410 } 411 412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 413 void *data, u16 data_len) 414 { 415 struct mgmt_rp_read_unconf_index_list *rp; 416 struct hci_dev *d; 417 size_t rp_len; 418 u16 count; 419 int err; 420 421 BT_DBG("sock %p", sk); 422 423 read_lock(&hci_dev_list_lock); 424 425 count = 0; 426 list_for_each_entry(d, &hci_dev_list, list) { 427 if (d->dev_type == HCI_PRIMARY && 428 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 429 count++; 430 } 431 432 rp_len = sizeof(*rp) + (2 * count); 433 rp = kmalloc(rp_len, GFP_ATOMIC); 434 if (!rp) { 435 read_unlock(&hci_dev_list_lock); 436 return -ENOMEM; 437 } 438 439 count = 0; 440 list_for_each_entry(d, &hci_dev_list, list) { 441 if (hci_dev_test_flag(d, HCI_SETUP) || 442 hci_dev_test_flag(d, HCI_CONFIG) || 443 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 444 continue; 445 446 /* Devices marked as raw-only are neither configured 447 * nor unconfigured controllers. 448 */ 449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 450 continue; 451 452 if (d->dev_type == HCI_PRIMARY && 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 454 rp->index[count++] = cpu_to_le16(d->id); 455 BT_DBG("Added hci%u", d->id); 456 } 457 } 458 459 rp->num_controllers = cpu_to_le16(count); 460 rp_len = sizeof(*rp) + (2 * count); 461 462 read_unlock(&hci_dev_list_lock); 463 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 466 467 kfree(rp); 468 469 return err; 470 } 471 472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 473 void *data, u16 data_len) 474 { 475 struct mgmt_rp_read_ext_index_list *rp; 476 struct hci_dev *d; 477 size_t rp_len; 478 u16 count; 479 int err; 480 481 BT_DBG("sock %p", sk); 482 483 read_lock(&hci_dev_list_lock); 484 485 count = 0; 486 list_for_each_entry(d, &hci_dev_list, list) { 487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 488 count++; 489 } 490 491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 492 rp = kmalloc(rp_len, GFP_ATOMIC); 493 if (!rp) { 494 read_unlock(&hci_dev_list_lock); 495 return -ENOMEM; 496 } 497 498 count = 0; 499 list_for_each_entry(d, &hci_dev_list, list) { 500 if (hci_dev_test_flag(d, HCI_SETUP) || 501 hci_dev_test_flag(d, HCI_CONFIG) || 502 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 503 continue; 504 505 /* Devices marked as raw-only are neither configured 506 * nor unconfigured controllers. 507 */ 508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 509 continue; 510 511 if (d->dev_type == HCI_PRIMARY) { 512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 513 rp->entry[count].type = 0x01; 514 else 515 rp->entry[count].type = 0x00; 516 } else if (d->dev_type == HCI_AMP) { 517 rp->entry[count].type = 0x02; 518 } else { 519 continue; 520 } 521 522 rp->entry[count].bus = d->bus; 523 rp->entry[count++].index = cpu_to_le16(d->id); 524 BT_DBG("Added hci%u", d->id); 525 } 526 527 rp->num_controllers = cpu_to_le16(count); 528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 529 530 read_unlock(&hci_dev_list_lock); 531 532 /* If this command is called at least once, then all the 533 * default index and unconfigured index events are disabled 534 * and from now on only extended index events are used. 535 */ 536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 539 540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 542 543 kfree(rp); 544 545 return err; 546 } 547 548 static bool is_configured(struct hci_dev *hdev) 549 { 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 552 return false; 553 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 555 !bacmp(&hdev->public_addr, BDADDR_ANY)) 556 return false; 557 558 return true; 559 } 560 561 static __le32 get_missing_options(struct hci_dev *hdev) 562 { 563 u32 options = 0; 564 565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 567 options |= MGMT_OPTION_EXTERNAL_CONFIG; 568 569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 570 !bacmp(&hdev->public_addr, BDADDR_ANY)) 571 options |= MGMT_OPTION_PUBLIC_ADDRESS; 572 573 return cpu_to_le32(options); 574 } 575 576 static int new_options(struct hci_dev *hdev, struct sock *skip) 577 { 578 __le32 options = get_missing_options(hdev); 579 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 582 } 583 584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 585 { 586 __le32 options = get_missing_options(hdev); 587 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 589 sizeof(options)); 590 } 591 592 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 593 void *data, u16 data_len) 594 { 595 struct mgmt_rp_read_config_info rp; 596 u32 options = 0; 597 598 BT_DBG("sock %p %s", sk, hdev->name); 599 600 hci_dev_lock(hdev); 601 602 memset(&rp, 0, sizeof(rp)); 603 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 604 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 606 options |= MGMT_OPTION_EXTERNAL_CONFIG; 607 608 if (hdev->set_bdaddr) 609 options |= MGMT_OPTION_PUBLIC_ADDRESS; 610 611 rp.supported_options = cpu_to_le32(options); 612 rp.missing_options = get_missing_options(hdev); 613 614 hci_dev_unlock(hdev); 615 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 617 &rp, sizeof(rp)); 618 } 619 620 static u32 get_supported_phys(struct hci_dev *hdev) 621 { 622 u32 supported_phys = 0; 623 624 if (lmp_bredr_capable(hdev)) { 625 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 626 627 if (hdev->features[0][0] & LMP_3SLOT) 628 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 629 630 if (hdev->features[0][0] & LMP_5SLOT) 631 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 632 633 if (lmp_edr_2m_capable(hdev)) { 634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 635 636 if (lmp_edr_3slot_capable(hdev)) 637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 638 639 if (lmp_edr_5slot_capable(hdev)) 640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 641 642 if (lmp_edr_3m_capable(hdev)) { 643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 644 645 if (lmp_edr_3slot_capable(hdev)) 646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 647 648 if (lmp_edr_5slot_capable(hdev)) 649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 650 } 651 } 652 } 653 654 if (lmp_le_capable(hdev)) { 655 supported_phys |= MGMT_PHY_LE_1M_TX; 656 supported_phys |= MGMT_PHY_LE_1M_RX; 657 658 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 659 supported_phys |= MGMT_PHY_LE_2M_TX; 660 supported_phys |= MGMT_PHY_LE_2M_RX; 661 } 662 663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 664 supported_phys |= MGMT_PHY_LE_CODED_TX; 665 supported_phys |= MGMT_PHY_LE_CODED_RX; 666 } 667 } 668 669 return supported_phys; 670 } 671 672 static u32 get_selected_phys(struct hci_dev *hdev) 673 { 674 u32 selected_phys = 0; 675 676 if (lmp_bredr_capable(hdev)) { 677 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 678 679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 680 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 681 682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 683 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 684 685 if (lmp_edr_2m_capable(hdev)) { 686 if (!(hdev->pkt_type & HCI_2DH1)) 687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 688 689 if (lmp_edr_3slot_capable(hdev) && 690 !(hdev->pkt_type & HCI_2DH3)) 691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 692 693 if (lmp_edr_5slot_capable(hdev) && 694 !(hdev->pkt_type & HCI_2DH5)) 695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 696 697 if (lmp_edr_3m_capable(hdev)) { 698 if (!(hdev->pkt_type & HCI_3DH1)) 699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 700 701 if (lmp_edr_3slot_capable(hdev) && 702 !(hdev->pkt_type & HCI_3DH3)) 703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 704 705 if (lmp_edr_5slot_capable(hdev) && 706 !(hdev->pkt_type & HCI_3DH5)) 707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 708 } 709 } 710 } 711 712 if (lmp_le_capable(hdev)) { 713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 714 selected_phys |= MGMT_PHY_LE_1M_TX; 715 716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 717 selected_phys |= MGMT_PHY_LE_1M_RX; 718 719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 720 selected_phys |= MGMT_PHY_LE_2M_TX; 721 722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 723 selected_phys |= MGMT_PHY_LE_2M_RX; 724 725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 726 selected_phys |= MGMT_PHY_LE_CODED_TX; 727 728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 729 selected_phys |= MGMT_PHY_LE_CODED_RX; 730 } 731 732 return selected_phys; 733 } 734 735 static u32 get_configurable_phys(struct hci_dev *hdev) 736 { 737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 739 } 740 741 static u32 get_supported_settings(struct hci_dev *hdev) 742 { 743 u32 settings = 0; 744 745 settings |= MGMT_SETTING_POWERED; 746 settings |= MGMT_SETTING_BONDABLE; 747 settings |= MGMT_SETTING_DEBUG_KEYS; 748 settings |= MGMT_SETTING_CONNECTABLE; 749 settings |= MGMT_SETTING_DISCOVERABLE; 750 751 if (lmp_bredr_capable(hdev)) { 752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 753 settings |= MGMT_SETTING_FAST_CONNECTABLE; 754 settings |= MGMT_SETTING_BREDR; 755 settings |= MGMT_SETTING_LINK_SECURITY; 756 757 if (lmp_ssp_capable(hdev)) { 758 settings |= MGMT_SETTING_SSP; 759 settings |= MGMT_SETTING_HS; 760 } 761 762 if (lmp_sc_capable(hdev)) 763 settings |= MGMT_SETTING_SECURE_CONN; 764 } 765 766 if (lmp_le_capable(hdev)) { 767 settings |= MGMT_SETTING_LE; 768 settings |= MGMT_SETTING_ADVERTISING; 769 settings |= MGMT_SETTING_SECURE_CONN; 770 settings |= MGMT_SETTING_PRIVACY; 771 settings |= MGMT_SETTING_STATIC_ADDRESS; 772 } 773 774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 775 hdev->set_bdaddr) 776 settings |= MGMT_SETTING_CONFIGURATION; 777 778 settings |= MGMT_SETTING_PHY_CONFIGURATION; 779 780 return settings; 781 } 782 783 static u32 get_current_settings(struct hci_dev *hdev) 784 { 785 u32 settings = 0; 786 787 if (hdev_is_powered(hdev)) 788 settings |= MGMT_SETTING_POWERED; 789 790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 791 settings |= MGMT_SETTING_CONNECTABLE; 792 793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 794 settings |= MGMT_SETTING_FAST_CONNECTABLE; 795 796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 797 settings |= MGMT_SETTING_DISCOVERABLE; 798 799 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 800 settings |= MGMT_SETTING_BONDABLE; 801 802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 803 settings |= MGMT_SETTING_BREDR; 804 805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 806 settings |= MGMT_SETTING_LE; 807 808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 809 settings |= MGMT_SETTING_LINK_SECURITY; 810 811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 812 settings |= MGMT_SETTING_SSP; 813 814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 815 settings |= MGMT_SETTING_HS; 816 817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 818 settings |= MGMT_SETTING_ADVERTISING; 819 820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 821 settings |= MGMT_SETTING_SECURE_CONN; 822 823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 824 settings |= MGMT_SETTING_DEBUG_KEYS; 825 826 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 827 settings |= MGMT_SETTING_PRIVACY; 828 829 /* The current setting for static address has two purposes. The 830 * first is to indicate if the static address will be used and 831 * the second is to indicate if it is actually set. 832 * 833 * This means if the static address is not configured, this flag 834 * will never be set. If the address is configured, then if the 835 * address is actually used decides if the flag is set or not. 836 * 837 * For single mode LE only controllers and dual-mode controllers 838 * with BR/EDR disabled, the existence of the static address will 839 * be evaluated. 840 */ 841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 844 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 845 settings |= MGMT_SETTING_STATIC_ADDRESS; 846 } 847 848 return settings; 849 } 850 851 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 852 { 853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 854 } 855 856 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 857 struct hci_dev *hdev, 858 const void *data) 859 { 860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 861 } 862 863 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 864 { 865 struct mgmt_pending_cmd *cmd; 866 867 /* If there's a pending mgmt command the flags will not yet have 868 * their final values, so check for this first. 869 */ 870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 871 if (cmd) { 872 struct mgmt_mode *cp = cmd->param; 873 if (cp->val == 0x01) 874 return LE_AD_GENERAL; 875 else if (cp->val == 0x02) 876 return LE_AD_LIMITED; 877 } else { 878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 879 return LE_AD_LIMITED; 880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 881 return LE_AD_GENERAL; 882 } 883 884 return 0; 885 } 886 887 bool mgmt_get_connectable(struct hci_dev *hdev) 888 { 889 struct mgmt_pending_cmd *cmd; 890 891 /* If there's a pending mgmt command the flag will not yet have 892 * it's final value, so check for this first. 893 */ 894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 895 if (cmd) { 896 struct mgmt_mode *cp = cmd->param; 897 898 return cp->val; 899 } 900 901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 902 } 903 904 static void service_cache_off(struct work_struct *work) 905 { 906 struct hci_dev *hdev = container_of(work, struct hci_dev, 907 service_cache.work); 908 struct hci_request req; 909 910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 911 return; 912 913 hci_req_init(&req, hdev); 914 915 hci_dev_lock(hdev); 916 917 __hci_req_update_eir(&req); 918 __hci_req_update_class(&req); 919 920 hci_dev_unlock(hdev); 921 922 hci_req_run(&req, NULL); 923 } 924 925 static void rpa_expired(struct work_struct *work) 926 { 927 struct hci_dev *hdev = container_of(work, struct hci_dev, 928 rpa_expired.work); 929 struct hci_request req; 930 931 BT_DBG(""); 932 933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 934 935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 936 return; 937 938 /* The generation of a new RPA and programming it into the 939 * controller happens in the hci_req_enable_advertising() 940 * function. 941 */ 942 hci_req_init(&req, hdev); 943 if (ext_adv_capable(hdev)) 944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance); 945 else 946 __hci_req_enable_advertising(&req); 947 hci_req_run(&req, NULL); 948 } 949 950 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 951 { 952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 953 return; 954 955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 957 958 /* Non-mgmt controlled devices get this bit set 959 * implicitly so that pairing works for them, however 960 * for mgmt we require user-space to explicitly enable 961 * it 962 */ 963 hci_dev_clear_flag(hdev, HCI_BONDABLE); 964 } 965 966 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 967 void *data, u16 data_len) 968 { 969 struct mgmt_rp_read_info rp; 970 971 BT_DBG("sock %p %s", sk, hdev->name); 972 973 hci_dev_lock(hdev); 974 975 memset(&rp, 0, sizeof(rp)); 976 977 bacpy(&rp.bdaddr, &hdev->bdaddr); 978 979 rp.version = hdev->hci_ver; 980 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 981 982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 983 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 984 985 memcpy(rp.dev_class, hdev->dev_class, 3); 986 987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 989 990 hci_dev_unlock(hdev); 991 992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 993 sizeof(rp)); 994 } 995 996 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 997 { 998 u16 eir_len = 0; 999 size_t name_len; 1000 1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1003 hdev->dev_class, 3); 1004 1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1007 hdev->appearance); 1008 1009 name_len = strlen(hdev->dev_name); 1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1011 hdev->dev_name, name_len); 1012 1013 name_len = strlen(hdev->short_name); 1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1015 hdev->short_name, name_len); 1016 1017 return eir_len; 1018 } 1019 1020 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1021 void *data, u16 data_len) 1022 { 1023 char buf[512]; 1024 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1025 u16 eir_len; 1026 1027 BT_DBG("sock %p %s", sk, hdev->name); 1028 1029 memset(&buf, 0, sizeof(buf)); 1030 1031 hci_dev_lock(hdev); 1032 1033 bacpy(&rp->bdaddr, &hdev->bdaddr); 1034 1035 rp->version = hdev->hci_ver; 1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1037 1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1040 1041 1042 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1043 rp->eir_len = cpu_to_le16(eir_len); 1044 1045 hci_dev_unlock(hdev); 1046 1047 /* If this command is called at least once, then the events 1048 * for class of device and local name changes are disabled 1049 * and only the new extended controller information event 1050 * is used. 1051 */ 1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1055 1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1057 sizeof(*rp) + eir_len); 1058 } 1059 1060 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1061 { 1062 char buf[512]; 1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1064 u16 eir_len; 1065 1066 memset(buf, 0, sizeof(buf)); 1067 1068 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1069 ev->eir_len = cpu_to_le16(eir_len); 1070 1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1072 sizeof(*ev) + eir_len, 1073 HCI_MGMT_EXT_INFO_EVENTS, skip); 1074 } 1075 1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1077 { 1078 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1079 1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1081 sizeof(settings)); 1082 } 1083 1084 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1085 { 1086 BT_DBG("%s status 0x%02x", hdev->name, status); 1087 1088 if (hci_conn_count(hdev) == 0) { 1089 cancel_delayed_work(&hdev->power_off); 1090 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1091 } 1092 } 1093 1094 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1095 { 1096 struct mgmt_ev_advertising_added ev; 1097 1098 ev.instance = instance; 1099 1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1101 } 1102 1103 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1104 u8 instance) 1105 { 1106 struct mgmt_ev_advertising_removed ev; 1107 1108 ev.instance = instance; 1109 1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1111 } 1112 1113 static void cancel_adv_timeout(struct hci_dev *hdev) 1114 { 1115 if (hdev->adv_instance_timeout) { 1116 hdev->adv_instance_timeout = 0; 1117 cancel_delayed_work(&hdev->adv_instance_expire); 1118 } 1119 } 1120 1121 static int clean_up_hci_state(struct hci_dev *hdev) 1122 { 1123 struct hci_request req; 1124 struct hci_conn *conn; 1125 bool discov_stopped; 1126 int err; 1127 1128 hci_req_init(&req, hdev); 1129 1130 if (test_bit(HCI_ISCAN, &hdev->flags) || 1131 test_bit(HCI_PSCAN, &hdev->flags)) { 1132 u8 scan = 0x00; 1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1134 } 1135 1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1137 1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1139 __hci_req_disable_advertising(&req); 1140 1141 discov_stopped = hci_req_stop_discovery(&req); 1142 1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1144 /* 0x15 == Terminated due to Power Off */ 1145 __hci_abort_conn(&req, conn, 0x15); 1146 } 1147 1148 err = hci_req_run(&req, clean_up_hci_complete); 1149 if (!err && discov_stopped) 1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1151 1152 return err; 1153 } 1154 1155 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1156 u16 len) 1157 { 1158 struct mgmt_mode *cp = data; 1159 struct mgmt_pending_cmd *cmd; 1160 int err; 1161 1162 BT_DBG("request for %s", hdev->name); 1163 1164 if (cp->val != 0x00 && cp->val != 0x01) 1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1166 MGMT_STATUS_INVALID_PARAMS); 1167 1168 hci_dev_lock(hdev); 1169 1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1172 MGMT_STATUS_BUSY); 1173 goto failed; 1174 } 1175 1176 if (!!cp->val == hdev_is_powered(hdev)) { 1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1178 goto failed; 1179 } 1180 1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1182 if (!cmd) { 1183 err = -ENOMEM; 1184 goto failed; 1185 } 1186 1187 if (cp->val) { 1188 queue_work(hdev->req_workqueue, &hdev->power_on); 1189 err = 0; 1190 } else { 1191 /* Disconnect connections, stop scans, etc */ 1192 err = clean_up_hci_state(hdev); 1193 if (!err) 1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1195 HCI_POWER_OFF_TIMEOUT); 1196 1197 /* ENODATA means there were no HCI commands queued */ 1198 if (err == -ENODATA) { 1199 cancel_delayed_work(&hdev->power_off); 1200 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1201 err = 0; 1202 } 1203 } 1204 1205 failed: 1206 hci_dev_unlock(hdev); 1207 return err; 1208 } 1209 1210 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1211 { 1212 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1213 1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1216 } 1217 1218 int mgmt_new_settings(struct hci_dev *hdev) 1219 { 1220 return new_settings(hdev, NULL); 1221 } 1222 1223 struct cmd_lookup { 1224 struct sock *sk; 1225 struct hci_dev *hdev; 1226 u8 mgmt_status; 1227 }; 1228 1229 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1230 { 1231 struct cmd_lookup *match = data; 1232 1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1234 1235 list_del(&cmd->list); 1236 1237 if (match->sk == NULL) { 1238 match->sk = cmd->sk; 1239 sock_hold(match->sk); 1240 } 1241 1242 mgmt_pending_free(cmd); 1243 } 1244 1245 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1246 { 1247 u8 *status = data; 1248 1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1250 mgmt_pending_remove(cmd); 1251 } 1252 1253 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1254 { 1255 if (cmd->cmd_complete) { 1256 u8 *status = data; 1257 1258 cmd->cmd_complete(cmd, *status); 1259 mgmt_pending_remove(cmd); 1260 1261 return; 1262 } 1263 1264 cmd_status_rsp(cmd, data); 1265 } 1266 1267 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1268 { 1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1270 cmd->param, cmd->param_len); 1271 } 1272 1273 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1274 { 1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1276 cmd->param, sizeof(struct mgmt_addr_info)); 1277 } 1278 1279 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1280 { 1281 if (!lmp_bredr_capable(hdev)) 1282 return MGMT_STATUS_NOT_SUPPORTED; 1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1284 return MGMT_STATUS_REJECTED; 1285 else 1286 return MGMT_STATUS_SUCCESS; 1287 } 1288 1289 static u8 mgmt_le_support(struct hci_dev *hdev) 1290 { 1291 if (!lmp_le_capable(hdev)) 1292 return MGMT_STATUS_NOT_SUPPORTED; 1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1294 return MGMT_STATUS_REJECTED; 1295 else 1296 return MGMT_STATUS_SUCCESS; 1297 } 1298 1299 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1300 { 1301 struct mgmt_pending_cmd *cmd; 1302 1303 BT_DBG("status 0x%02x", status); 1304 1305 hci_dev_lock(hdev); 1306 1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1308 if (!cmd) 1309 goto unlock; 1310 1311 if (status) { 1312 u8 mgmt_err = mgmt_status(status); 1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1315 goto remove_cmd; 1316 } 1317 1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1319 hdev->discov_timeout > 0) { 1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1322 } 1323 1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1325 new_settings(hdev, cmd->sk); 1326 1327 remove_cmd: 1328 mgmt_pending_remove(cmd); 1329 1330 unlock: 1331 hci_dev_unlock(hdev); 1332 } 1333 1334 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1335 u16 len) 1336 { 1337 struct mgmt_cp_set_discoverable *cp = data; 1338 struct mgmt_pending_cmd *cmd; 1339 u16 timeout; 1340 int err; 1341 1342 BT_DBG("request for %s", hdev->name); 1343 1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1347 MGMT_STATUS_REJECTED); 1348 1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1351 MGMT_STATUS_INVALID_PARAMS); 1352 1353 timeout = __le16_to_cpu(cp->timeout); 1354 1355 /* Disabling discoverable requires that no timeout is set, 1356 * and enabling limited discoverable requires a timeout. 1357 */ 1358 if ((cp->val == 0x00 && timeout > 0) || 1359 (cp->val == 0x02 && timeout == 0)) 1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1361 MGMT_STATUS_INVALID_PARAMS); 1362 1363 hci_dev_lock(hdev); 1364 1365 if (!hdev_is_powered(hdev) && timeout > 0) { 1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1367 MGMT_STATUS_NOT_POWERED); 1368 goto failed; 1369 } 1370 1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1374 MGMT_STATUS_BUSY); 1375 goto failed; 1376 } 1377 1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1380 MGMT_STATUS_REJECTED); 1381 goto failed; 1382 } 1383 1384 if (!hdev_is_powered(hdev)) { 1385 bool changed = false; 1386 1387 /* Setting limited discoverable when powered off is 1388 * not a valid operation since it requires a timeout 1389 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1390 */ 1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1393 changed = true; 1394 } 1395 1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1397 if (err < 0) 1398 goto failed; 1399 1400 if (changed) 1401 err = new_settings(hdev, sk); 1402 1403 goto failed; 1404 } 1405 1406 /* If the current mode is the same, then just update the timeout 1407 * value with the new value. And if only the timeout gets updated, 1408 * then no need for any HCI transactions. 1409 */ 1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1411 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1412 HCI_LIMITED_DISCOVERABLE)) { 1413 cancel_delayed_work(&hdev->discov_off); 1414 hdev->discov_timeout = timeout; 1415 1416 if (cp->val && hdev->discov_timeout > 0) { 1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1418 queue_delayed_work(hdev->req_workqueue, 1419 &hdev->discov_off, to); 1420 } 1421 1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1423 goto failed; 1424 } 1425 1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1427 if (!cmd) { 1428 err = -ENOMEM; 1429 goto failed; 1430 } 1431 1432 /* Cancel any potential discoverable timeout that might be 1433 * still active and store new timeout value. The arming of 1434 * the timeout happens in the complete handler. 1435 */ 1436 cancel_delayed_work(&hdev->discov_off); 1437 hdev->discov_timeout = timeout; 1438 1439 if (cp->val) 1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1441 else 1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1443 1444 /* Limited discoverable mode */ 1445 if (cp->val == 0x02) 1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1447 else 1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1449 1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1451 err = 0; 1452 1453 failed: 1454 hci_dev_unlock(hdev); 1455 return err; 1456 } 1457 1458 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1459 { 1460 struct mgmt_pending_cmd *cmd; 1461 1462 BT_DBG("status 0x%02x", status); 1463 1464 hci_dev_lock(hdev); 1465 1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1467 if (!cmd) 1468 goto unlock; 1469 1470 if (status) { 1471 u8 mgmt_err = mgmt_status(status); 1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1473 goto remove_cmd; 1474 } 1475 1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1477 new_settings(hdev, cmd->sk); 1478 1479 remove_cmd: 1480 mgmt_pending_remove(cmd); 1481 1482 unlock: 1483 hci_dev_unlock(hdev); 1484 } 1485 1486 static int set_connectable_update_settings(struct hci_dev *hdev, 1487 struct sock *sk, u8 val) 1488 { 1489 bool changed = false; 1490 int err; 1491 1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1493 changed = true; 1494 1495 if (val) { 1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1497 } else { 1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1500 } 1501 1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1503 if (err < 0) 1504 return err; 1505 1506 if (changed) { 1507 hci_req_update_scan(hdev); 1508 hci_update_background_scan(hdev); 1509 return new_settings(hdev, sk); 1510 } 1511 1512 return 0; 1513 } 1514 1515 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1516 u16 len) 1517 { 1518 struct mgmt_mode *cp = data; 1519 struct mgmt_pending_cmd *cmd; 1520 int err; 1521 1522 BT_DBG("request for %s", hdev->name); 1523 1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1527 MGMT_STATUS_REJECTED); 1528 1529 if (cp->val != 0x00 && cp->val != 0x01) 1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1531 MGMT_STATUS_INVALID_PARAMS); 1532 1533 hci_dev_lock(hdev); 1534 1535 if (!hdev_is_powered(hdev)) { 1536 err = set_connectable_update_settings(hdev, sk, cp->val); 1537 goto failed; 1538 } 1539 1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1543 MGMT_STATUS_BUSY); 1544 goto failed; 1545 } 1546 1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1548 if (!cmd) { 1549 err = -ENOMEM; 1550 goto failed; 1551 } 1552 1553 if (cp->val) { 1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1555 } else { 1556 if (hdev->discov_timeout > 0) 1557 cancel_delayed_work(&hdev->discov_off); 1558 1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1562 } 1563 1564 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1565 err = 0; 1566 1567 failed: 1568 hci_dev_unlock(hdev); 1569 return err; 1570 } 1571 1572 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1573 u16 len) 1574 { 1575 struct mgmt_mode *cp = data; 1576 bool changed; 1577 int err; 1578 1579 BT_DBG("request for %s", hdev->name); 1580 1581 if (cp->val != 0x00 && cp->val != 0x01) 1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1583 MGMT_STATUS_INVALID_PARAMS); 1584 1585 hci_dev_lock(hdev); 1586 1587 if (cp->val) 1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1589 else 1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1591 1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1593 if (err < 0) 1594 goto unlock; 1595 1596 if (changed) { 1597 /* In limited privacy mode the change of bondable mode 1598 * may affect the local advertising address. 1599 */ 1600 if (hdev_is_powered(hdev) && 1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1604 queue_work(hdev->req_workqueue, 1605 &hdev->discoverable_update); 1606 1607 err = new_settings(hdev, sk); 1608 } 1609 1610 unlock: 1611 hci_dev_unlock(hdev); 1612 return err; 1613 } 1614 1615 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1616 u16 len) 1617 { 1618 struct mgmt_mode *cp = data; 1619 struct mgmt_pending_cmd *cmd; 1620 u8 val, status; 1621 int err; 1622 1623 BT_DBG("request for %s", hdev->name); 1624 1625 status = mgmt_bredr_support(hdev); 1626 if (status) 1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1628 status); 1629 1630 if (cp->val != 0x00 && cp->val != 0x01) 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1632 MGMT_STATUS_INVALID_PARAMS); 1633 1634 hci_dev_lock(hdev); 1635 1636 if (!hdev_is_powered(hdev)) { 1637 bool changed = false; 1638 1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1641 changed = true; 1642 } 1643 1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1645 if (err < 0) 1646 goto failed; 1647 1648 if (changed) 1649 err = new_settings(hdev, sk); 1650 1651 goto failed; 1652 } 1653 1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1656 MGMT_STATUS_BUSY); 1657 goto failed; 1658 } 1659 1660 val = !!cp->val; 1661 1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1664 goto failed; 1665 } 1666 1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1668 if (!cmd) { 1669 err = -ENOMEM; 1670 goto failed; 1671 } 1672 1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1674 if (err < 0) { 1675 mgmt_pending_remove(cmd); 1676 goto failed; 1677 } 1678 1679 failed: 1680 hci_dev_unlock(hdev); 1681 return err; 1682 } 1683 1684 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1685 { 1686 struct mgmt_mode *cp = data; 1687 struct mgmt_pending_cmd *cmd; 1688 u8 status; 1689 int err; 1690 1691 BT_DBG("request for %s", hdev->name); 1692 1693 status = mgmt_bredr_support(hdev); 1694 if (status) 1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1696 1697 if (!lmp_ssp_capable(hdev)) 1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1699 MGMT_STATUS_NOT_SUPPORTED); 1700 1701 if (cp->val != 0x00 && cp->val != 0x01) 1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1703 MGMT_STATUS_INVALID_PARAMS); 1704 1705 hci_dev_lock(hdev); 1706 1707 if (!hdev_is_powered(hdev)) { 1708 bool changed; 1709 1710 if (cp->val) { 1711 changed = !hci_dev_test_and_set_flag(hdev, 1712 HCI_SSP_ENABLED); 1713 } else { 1714 changed = hci_dev_test_and_clear_flag(hdev, 1715 HCI_SSP_ENABLED); 1716 if (!changed) 1717 changed = hci_dev_test_and_clear_flag(hdev, 1718 HCI_HS_ENABLED); 1719 else 1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1721 } 1722 1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1724 if (err < 0) 1725 goto failed; 1726 1727 if (changed) 1728 err = new_settings(hdev, sk); 1729 1730 goto failed; 1731 } 1732 1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1735 MGMT_STATUS_BUSY); 1736 goto failed; 1737 } 1738 1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1741 goto failed; 1742 } 1743 1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1745 if (!cmd) { 1746 err = -ENOMEM; 1747 goto failed; 1748 } 1749 1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1752 sizeof(cp->val), &cp->val); 1753 1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1755 if (err < 0) { 1756 mgmt_pending_remove(cmd); 1757 goto failed; 1758 } 1759 1760 failed: 1761 hci_dev_unlock(hdev); 1762 return err; 1763 } 1764 1765 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1766 { 1767 struct mgmt_mode *cp = data; 1768 bool changed; 1769 u8 status; 1770 int err; 1771 1772 BT_DBG("request for %s", hdev->name); 1773 1774 status = mgmt_bredr_support(hdev); 1775 if (status) 1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1777 1778 if (!lmp_ssp_capable(hdev)) 1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1780 MGMT_STATUS_NOT_SUPPORTED); 1781 1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1784 MGMT_STATUS_REJECTED); 1785 1786 if (cp->val != 0x00 && cp->val != 0x01) 1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1788 MGMT_STATUS_INVALID_PARAMS); 1789 1790 hci_dev_lock(hdev); 1791 1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1794 MGMT_STATUS_BUSY); 1795 goto unlock; 1796 } 1797 1798 if (cp->val) { 1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1800 } else { 1801 if (hdev_is_powered(hdev)) { 1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1803 MGMT_STATUS_REJECTED); 1804 goto unlock; 1805 } 1806 1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1808 } 1809 1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1811 if (err < 0) 1812 goto unlock; 1813 1814 if (changed) 1815 err = new_settings(hdev, sk); 1816 1817 unlock: 1818 hci_dev_unlock(hdev); 1819 return err; 1820 } 1821 1822 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1823 { 1824 struct cmd_lookup match = { NULL, hdev }; 1825 1826 hci_dev_lock(hdev); 1827 1828 if (status) { 1829 u8 mgmt_err = mgmt_status(status); 1830 1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1832 &mgmt_err); 1833 goto unlock; 1834 } 1835 1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1837 1838 new_settings(hdev, match.sk); 1839 1840 if (match.sk) 1841 sock_put(match.sk); 1842 1843 /* Make sure the controller has a good default for 1844 * advertising data. Restrict the update to when LE 1845 * has actually been enabled. During power on, the 1846 * update in powered_update_hci will take care of it. 1847 */ 1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1849 struct hci_request req; 1850 hci_req_init(&req, hdev); 1851 if (ext_adv_capable(hdev)) { 1852 int err; 1853 1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00); 1855 if (!err) 1856 __hci_req_update_scan_rsp_data(&req, 0x00); 1857 } else { 1858 __hci_req_update_adv_data(&req, 0x00); 1859 __hci_req_update_scan_rsp_data(&req, 0x00); 1860 } 1861 hci_req_run(&req, NULL); 1862 hci_update_background_scan(hdev); 1863 } 1864 1865 unlock: 1866 hci_dev_unlock(hdev); 1867 } 1868 1869 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1870 { 1871 struct mgmt_mode *cp = data; 1872 struct hci_cp_write_le_host_supported hci_cp; 1873 struct mgmt_pending_cmd *cmd; 1874 struct hci_request req; 1875 int err; 1876 u8 val, enabled; 1877 1878 BT_DBG("request for %s", hdev->name); 1879 1880 if (!lmp_le_capable(hdev)) 1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1882 MGMT_STATUS_NOT_SUPPORTED); 1883 1884 if (cp->val != 0x00 && cp->val != 0x01) 1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1886 MGMT_STATUS_INVALID_PARAMS); 1887 1888 /* Bluetooth single mode LE only controllers or dual-mode 1889 * controllers configured as LE only devices, do not allow 1890 * switching LE off. These have either LE enabled explicitly 1891 * or BR/EDR has been previously switched off. 1892 * 1893 * When trying to enable an already enabled LE, then gracefully 1894 * send a positive response. Trying to disable it however will 1895 * result into rejection. 1896 */ 1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1898 if (cp->val == 0x01) 1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1900 1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1902 MGMT_STATUS_REJECTED); 1903 } 1904 1905 hci_dev_lock(hdev); 1906 1907 val = !!cp->val; 1908 enabled = lmp_host_le_capable(hdev); 1909 1910 if (!val) 1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1912 1913 if (!hdev_is_powered(hdev) || val == enabled) { 1914 bool changed = false; 1915 1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1918 changed = true; 1919 } 1920 1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1923 changed = true; 1924 } 1925 1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1927 if (err < 0) 1928 goto unlock; 1929 1930 if (changed) 1931 err = new_settings(hdev, sk); 1932 1933 goto unlock; 1934 } 1935 1936 if (pending_find(MGMT_OP_SET_LE, hdev) || 1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1939 MGMT_STATUS_BUSY); 1940 goto unlock; 1941 } 1942 1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1944 if (!cmd) { 1945 err = -ENOMEM; 1946 goto unlock; 1947 } 1948 1949 hci_req_init(&req, hdev); 1950 1951 memset(&hci_cp, 0, sizeof(hci_cp)); 1952 1953 if (val) { 1954 hci_cp.le = val; 1955 hci_cp.simul = 0x00; 1956 } else { 1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1958 __hci_req_disable_advertising(&req); 1959 1960 if (ext_adv_capable(hdev)) 1961 __hci_req_clear_ext_adv_sets(&req); 1962 } 1963 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1965 &hci_cp); 1966 1967 err = hci_req_run(&req, le_enable_complete); 1968 if (err < 0) 1969 mgmt_pending_remove(cmd); 1970 1971 unlock: 1972 hci_dev_unlock(hdev); 1973 return err; 1974 } 1975 1976 /* This is a helper function to test for pending mgmt commands that can 1977 * cause CoD or EIR HCI commands. We can only allow one such pending 1978 * mgmt command at a time since otherwise we cannot easily track what 1979 * the current values are, will be, and based on that calculate if a new 1980 * HCI command needs to be sent and if yes with what value. 1981 */ 1982 static bool pending_eir_or_class(struct hci_dev *hdev) 1983 { 1984 struct mgmt_pending_cmd *cmd; 1985 1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1987 switch (cmd->opcode) { 1988 case MGMT_OP_ADD_UUID: 1989 case MGMT_OP_REMOVE_UUID: 1990 case MGMT_OP_SET_DEV_CLASS: 1991 case MGMT_OP_SET_POWERED: 1992 return true; 1993 } 1994 } 1995 1996 return false; 1997 } 1998 1999 static const u8 bluetooth_base_uuid[] = { 2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2002 }; 2003 2004 static u8 get_uuid_size(const u8 *uuid) 2005 { 2006 u32 val; 2007 2008 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2009 return 128; 2010 2011 val = get_unaligned_le32(&uuid[12]); 2012 if (val > 0xffff) 2013 return 32; 2014 2015 return 16; 2016 } 2017 2018 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 2019 { 2020 struct mgmt_pending_cmd *cmd; 2021 2022 hci_dev_lock(hdev); 2023 2024 cmd = pending_find(mgmt_op, hdev); 2025 if (!cmd) 2026 goto unlock; 2027 2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2029 mgmt_status(status), hdev->dev_class, 3); 2030 2031 mgmt_pending_remove(cmd); 2032 2033 unlock: 2034 hci_dev_unlock(hdev); 2035 } 2036 2037 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2038 { 2039 BT_DBG("status 0x%02x", status); 2040 2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 2042 } 2043 2044 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2045 { 2046 struct mgmt_cp_add_uuid *cp = data; 2047 struct mgmt_pending_cmd *cmd; 2048 struct hci_request req; 2049 struct bt_uuid *uuid; 2050 int err; 2051 2052 BT_DBG("request for %s", hdev->name); 2053 2054 hci_dev_lock(hdev); 2055 2056 if (pending_eir_or_class(hdev)) { 2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2058 MGMT_STATUS_BUSY); 2059 goto failed; 2060 } 2061 2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2063 if (!uuid) { 2064 err = -ENOMEM; 2065 goto failed; 2066 } 2067 2068 memcpy(uuid->uuid, cp->uuid, 16); 2069 uuid->svc_hint = cp->svc_hint; 2070 uuid->size = get_uuid_size(cp->uuid); 2071 2072 list_add_tail(&uuid->list, &hdev->uuids); 2073 2074 hci_req_init(&req, hdev); 2075 2076 __hci_req_update_class(&req); 2077 __hci_req_update_eir(&req); 2078 2079 err = hci_req_run(&req, add_uuid_complete); 2080 if (err < 0) { 2081 if (err != -ENODATA) 2082 goto failed; 2083 2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 2085 hdev->dev_class, 3); 2086 goto failed; 2087 } 2088 2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2090 if (!cmd) { 2091 err = -ENOMEM; 2092 goto failed; 2093 } 2094 2095 err = 0; 2096 2097 failed: 2098 hci_dev_unlock(hdev); 2099 return err; 2100 } 2101 2102 static bool enable_service_cache(struct hci_dev *hdev) 2103 { 2104 if (!hdev_is_powered(hdev)) 2105 return false; 2106 2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2109 CACHE_TIMEOUT); 2110 return true; 2111 } 2112 2113 return false; 2114 } 2115 2116 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2117 { 2118 BT_DBG("status 0x%02x", status); 2119 2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 2121 } 2122 2123 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2124 u16 len) 2125 { 2126 struct mgmt_cp_remove_uuid *cp = data; 2127 struct mgmt_pending_cmd *cmd; 2128 struct bt_uuid *match, *tmp; 2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 2130 struct hci_request req; 2131 int err, found; 2132 2133 BT_DBG("request for %s", hdev->name); 2134 2135 hci_dev_lock(hdev); 2136 2137 if (pending_eir_or_class(hdev)) { 2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2139 MGMT_STATUS_BUSY); 2140 goto unlock; 2141 } 2142 2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2144 hci_uuids_clear(hdev); 2145 2146 if (enable_service_cache(hdev)) { 2147 err = mgmt_cmd_complete(sk, hdev->id, 2148 MGMT_OP_REMOVE_UUID, 2149 0, hdev->dev_class, 3); 2150 goto unlock; 2151 } 2152 2153 goto update_class; 2154 } 2155 2156 found = 0; 2157 2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2159 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2160 continue; 2161 2162 list_del(&match->list); 2163 kfree(match); 2164 found++; 2165 } 2166 2167 if (found == 0) { 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2169 MGMT_STATUS_INVALID_PARAMS); 2170 goto unlock; 2171 } 2172 2173 update_class: 2174 hci_req_init(&req, hdev); 2175 2176 __hci_req_update_class(&req); 2177 __hci_req_update_eir(&req); 2178 2179 err = hci_req_run(&req, remove_uuid_complete); 2180 if (err < 0) { 2181 if (err != -ENODATA) 2182 goto unlock; 2183 2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2185 hdev->dev_class, 3); 2186 goto unlock; 2187 } 2188 2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2190 if (!cmd) { 2191 err = -ENOMEM; 2192 goto unlock; 2193 } 2194 2195 err = 0; 2196 2197 unlock: 2198 hci_dev_unlock(hdev); 2199 return err; 2200 } 2201 2202 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2203 { 2204 BT_DBG("status 0x%02x", status); 2205 2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2207 } 2208 2209 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2210 u16 len) 2211 { 2212 struct mgmt_cp_set_dev_class *cp = data; 2213 struct mgmt_pending_cmd *cmd; 2214 struct hci_request req; 2215 int err; 2216 2217 BT_DBG("request for %s", hdev->name); 2218 2219 if (!lmp_bredr_capable(hdev)) 2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2221 MGMT_STATUS_NOT_SUPPORTED); 2222 2223 hci_dev_lock(hdev); 2224 2225 if (pending_eir_or_class(hdev)) { 2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2227 MGMT_STATUS_BUSY); 2228 goto unlock; 2229 } 2230 2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2233 MGMT_STATUS_INVALID_PARAMS); 2234 goto unlock; 2235 } 2236 2237 hdev->major_class = cp->major; 2238 hdev->minor_class = cp->minor; 2239 2240 if (!hdev_is_powered(hdev)) { 2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2242 hdev->dev_class, 3); 2243 goto unlock; 2244 } 2245 2246 hci_req_init(&req, hdev); 2247 2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2249 hci_dev_unlock(hdev); 2250 cancel_delayed_work_sync(&hdev->service_cache); 2251 hci_dev_lock(hdev); 2252 __hci_req_update_eir(&req); 2253 } 2254 2255 __hci_req_update_class(&req); 2256 2257 err = hci_req_run(&req, set_class_complete); 2258 if (err < 0) { 2259 if (err != -ENODATA) 2260 goto unlock; 2261 2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2263 hdev->dev_class, 3); 2264 goto unlock; 2265 } 2266 2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2268 if (!cmd) { 2269 err = -ENOMEM; 2270 goto unlock; 2271 } 2272 2273 err = 0; 2274 2275 unlock: 2276 hci_dev_unlock(hdev); 2277 return err; 2278 } 2279 2280 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2281 u16 len) 2282 { 2283 struct mgmt_cp_load_link_keys *cp = data; 2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2285 sizeof(struct mgmt_link_key_info)); 2286 u16 key_count, expected_len; 2287 bool changed; 2288 int i; 2289 2290 BT_DBG("request for %s", hdev->name); 2291 2292 if (!lmp_bredr_capable(hdev)) 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2294 MGMT_STATUS_NOT_SUPPORTED); 2295 2296 key_count = __le16_to_cpu(cp->key_count); 2297 if (key_count > max_key_count) { 2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2299 key_count); 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2301 MGMT_STATUS_INVALID_PARAMS); 2302 } 2303 2304 expected_len = sizeof(*cp) + key_count * 2305 sizeof(struct mgmt_link_key_info); 2306 if (expected_len != len) { 2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2308 expected_len, len); 2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2310 MGMT_STATUS_INVALID_PARAMS); 2311 } 2312 2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2315 MGMT_STATUS_INVALID_PARAMS); 2316 2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2318 key_count); 2319 2320 for (i = 0; i < key_count; i++) { 2321 struct mgmt_link_key_info *key = &cp->keys[i]; 2322 2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2324 return mgmt_cmd_status(sk, hdev->id, 2325 MGMT_OP_LOAD_LINK_KEYS, 2326 MGMT_STATUS_INVALID_PARAMS); 2327 } 2328 2329 hci_dev_lock(hdev); 2330 2331 hci_link_keys_clear(hdev); 2332 2333 if (cp->debug_keys) 2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2335 else 2336 changed = hci_dev_test_and_clear_flag(hdev, 2337 HCI_KEEP_DEBUG_KEYS); 2338 2339 if (changed) 2340 new_settings(hdev, NULL); 2341 2342 for (i = 0; i < key_count; i++) { 2343 struct mgmt_link_key_info *key = &cp->keys[i]; 2344 2345 /* Always ignore debug keys and require a new pairing if 2346 * the user wants to use them. 2347 */ 2348 if (key->type == HCI_LK_DEBUG_COMBINATION) 2349 continue; 2350 2351 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2352 key->type, key->pin_len, NULL); 2353 } 2354 2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2356 2357 hci_dev_unlock(hdev); 2358 2359 return 0; 2360 } 2361 2362 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2363 u8 addr_type, struct sock *skip_sk) 2364 { 2365 struct mgmt_ev_device_unpaired ev; 2366 2367 bacpy(&ev.addr.bdaddr, bdaddr); 2368 ev.addr.type = addr_type; 2369 2370 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2371 skip_sk); 2372 } 2373 2374 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2375 u16 len) 2376 { 2377 struct mgmt_cp_unpair_device *cp = data; 2378 struct mgmt_rp_unpair_device rp; 2379 struct hci_conn_params *params; 2380 struct mgmt_pending_cmd *cmd; 2381 struct hci_conn *conn; 2382 u8 addr_type; 2383 int err; 2384 2385 memset(&rp, 0, sizeof(rp)); 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2387 rp.addr.type = cp->addr.type; 2388 2389 if (!bdaddr_type_is_valid(cp->addr.type)) 2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2391 MGMT_STATUS_INVALID_PARAMS, 2392 &rp, sizeof(rp)); 2393 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2396 MGMT_STATUS_INVALID_PARAMS, 2397 &rp, sizeof(rp)); 2398 2399 hci_dev_lock(hdev); 2400 2401 if (!hdev_is_powered(hdev)) { 2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2403 MGMT_STATUS_NOT_POWERED, &rp, 2404 sizeof(rp)); 2405 goto unlock; 2406 } 2407 2408 if (cp->addr.type == BDADDR_BREDR) { 2409 /* If disconnection is requested, then look up the 2410 * connection. If the remote device is connected, it 2411 * will be later used to terminate the link. 2412 * 2413 * Setting it to NULL explicitly will cause no 2414 * termination of the link. 2415 */ 2416 if (cp->disconnect) 2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2418 &cp->addr.bdaddr); 2419 else 2420 conn = NULL; 2421 2422 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2423 if (err < 0) { 2424 err = mgmt_cmd_complete(sk, hdev->id, 2425 MGMT_OP_UNPAIR_DEVICE, 2426 MGMT_STATUS_NOT_PAIRED, &rp, 2427 sizeof(rp)); 2428 goto unlock; 2429 } 2430 2431 goto done; 2432 } 2433 2434 /* LE address type */ 2435 addr_type = le_addr_type(cp->addr.type); 2436 2437 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2438 2439 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2440 if (err < 0) { 2441 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2442 MGMT_STATUS_NOT_PAIRED, &rp, 2443 sizeof(rp)); 2444 goto unlock; 2445 } 2446 2447 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2448 if (!conn) { 2449 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2450 goto done; 2451 } 2452 2453 /* Abort any ongoing SMP pairing */ 2454 smp_cancel_pairing(conn); 2455 2456 /* Defer clearing up the connection parameters until closing to 2457 * give a chance of keeping them if a repairing happens. 2458 */ 2459 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2460 2461 /* Disable auto-connection parameters if present */ 2462 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2463 if (params) { 2464 if (params->explicit_connect) 2465 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2466 else 2467 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2468 } 2469 2470 /* If disconnection is not requested, then clear the connection 2471 * variable so that the link is not terminated. 2472 */ 2473 if (!cp->disconnect) 2474 conn = NULL; 2475 2476 done: 2477 /* If the connection variable is set, then termination of the 2478 * link is requested. 2479 */ 2480 if (!conn) { 2481 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2482 &rp, sizeof(rp)); 2483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2484 goto unlock; 2485 } 2486 2487 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2488 sizeof(*cp)); 2489 if (!cmd) { 2490 err = -ENOMEM; 2491 goto unlock; 2492 } 2493 2494 cmd->cmd_complete = addr_cmd_complete; 2495 2496 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2497 if (err < 0) 2498 mgmt_pending_remove(cmd); 2499 2500 unlock: 2501 hci_dev_unlock(hdev); 2502 return err; 2503 } 2504 2505 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2506 u16 len) 2507 { 2508 struct mgmt_cp_disconnect *cp = data; 2509 struct mgmt_rp_disconnect rp; 2510 struct mgmt_pending_cmd *cmd; 2511 struct hci_conn *conn; 2512 int err; 2513 2514 BT_DBG(""); 2515 2516 memset(&rp, 0, sizeof(rp)); 2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2518 rp.addr.type = cp->addr.type; 2519 2520 if (!bdaddr_type_is_valid(cp->addr.type)) 2521 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2522 MGMT_STATUS_INVALID_PARAMS, 2523 &rp, sizeof(rp)); 2524 2525 hci_dev_lock(hdev); 2526 2527 if (!test_bit(HCI_UP, &hdev->flags)) { 2528 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2529 MGMT_STATUS_NOT_POWERED, &rp, 2530 sizeof(rp)); 2531 goto failed; 2532 } 2533 2534 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2535 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2536 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2537 goto failed; 2538 } 2539 2540 if (cp->addr.type == BDADDR_BREDR) 2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2542 &cp->addr.bdaddr); 2543 else 2544 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2545 le_addr_type(cp->addr.type)); 2546 2547 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2548 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2549 MGMT_STATUS_NOT_CONNECTED, &rp, 2550 sizeof(rp)); 2551 goto failed; 2552 } 2553 2554 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2555 if (!cmd) { 2556 err = -ENOMEM; 2557 goto failed; 2558 } 2559 2560 cmd->cmd_complete = generic_cmd_complete; 2561 2562 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2563 if (err < 0) 2564 mgmt_pending_remove(cmd); 2565 2566 failed: 2567 hci_dev_unlock(hdev); 2568 return err; 2569 } 2570 2571 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2572 { 2573 switch (link_type) { 2574 case LE_LINK: 2575 switch (addr_type) { 2576 case ADDR_LE_DEV_PUBLIC: 2577 return BDADDR_LE_PUBLIC; 2578 2579 default: 2580 /* Fallback to LE Random address type */ 2581 return BDADDR_LE_RANDOM; 2582 } 2583 2584 default: 2585 /* Fallback to BR/EDR type */ 2586 return BDADDR_BREDR; 2587 } 2588 } 2589 2590 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2591 u16 data_len) 2592 { 2593 struct mgmt_rp_get_connections *rp; 2594 struct hci_conn *c; 2595 size_t rp_len; 2596 int err; 2597 u16 i; 2598 2599 BT_DBG(""); 2600 2601 hci_dev_lock(hdev); 2602 2603 if (!hdev_is_powered(hdev)) { 2604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2605 MGMT_STATUS_NOT_POWERED); 2606 goto unlock; 2607 } 2608 2609 i = 0; 2610 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2611 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2612 i++; 2613 } 2614 2615 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2616 rp = kmalloc(rp_len, GFP_KERNEL); 2617 if (!rp) { 2618 err = -ENOMEM; 2619 goto unlock; 2620 } 2621 2622 i = 0; 2623 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2624 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2625 continue; 2626 bacpy(&rp->addr[i].bdaddr, &c->dst); 2627 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2628 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2629 continue; 2630 i++; 2631 } 2632 2633 rp->conn_count = cpu_to_le16(i); 2634 2635 /* Recalculate length in case of filtered SCO connections, etc */ 2636 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2637 2638 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2639 rp_len); 2640 2641 kfree(rp); 2642 2643 unlock: 2644 hci_dev_unlock(hdev); 2645 return err; 2646 } 2647 2648 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2649 struct mgmt_cp_pin_code_neg_reply *cp) 2650 { 2651 struct mgmt_pending_cmd *cmd; 2652 int err; 2653 2654 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2655 sizeof(*cp)); 2656 if (!cmd) 2657 return -ENOMEM; 2658 2659 cmd->cmd_complete = addr_cmd_complete; 2660 2661 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2662 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2663 if (err < 0) 2664 mgmt_pending_remove(cmd); 2665 2666 return err; 2667 } 2668 2669 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2670 u16 len) 2671 { 2672 struct hci_conn *conn; 2673 struct mgmt_cp_pin_code_reply *cp = data; 2674 struct hci_cp_pin_code_reply reply; 2675 struct mgmt_pending_cmd *cmd; 2676 int err; 2677 2678 BT_DBG(""); 2679 2680 hci_dev_lock(hdev); 2681 2682 if (!hdev_is_powered(hdev)) { 2683 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2684 MGMT_STATUS_NOT_POWERED); 2685 goto failed; 2686 } 2687 2688 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2689 if (!conn) { 2690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2691 MGMT_STATUS_NOT_CONNECTED); 2692 goto failed; 2693 } 2694 2695 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2696 struct mgmt_cp_pin_code_neg_reply ncp; 2697 2698 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2699 2700 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2701 2702 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2703 if (err >= 0) 2704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2705 MGMT_STATUS_INVALID_PARAMS); 2706 2707 goto failed; 2708 } 2709 2710 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2711 if (!cmd) { 2712 err = -ENOMEM; 2713 goto failed; 2714 } 2715 2716 cmd->cmd_complete = addr_cmd_complete; 2717 2718 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2719 reply.pin_len = cp->pin_len; 2720 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2721 2722 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2723 if (err < 0) 2724 mgmt_pending_remove(cmd); 2725 2726 failed: 2727 hci_dev_unlock(hdev); 2728 return err; 2729 } 2730 2731 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2732 u16 len) 2733 { 2734 struct mgmt_cp_set_io_capability *cp = data; 2735 2736 BT_DBG(""); 2737 2738 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2740 MGMT_STATUS_INVALID_PARAMS); 2741 2742 hci_dev_lock(hdev); 2743 2744 hdev->io_capability = cp->io_capability; 2745 2746 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2747 hdev->io_capability); 2748 2749 hci_dev_unlock(hdev); 2750 2751 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2752 NULL, 0); 2753 } 2754 2755 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2756 { 2757 struct hci_dev *hdev = conn->hdev; 2758 struct mgmt_pending_cmd *cmd; 2759 2760 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2761 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2762 continue; 2763 2764 if (cmd->user_data != conn) 2765 continue; 2766 2767 return cmd; 2768 } 2769 2770 return NULL; 2771 } 2772 2773 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2774 { 2775 struct mgmt_rp_pair_device rp; 2776 struct hci_conn *conn = cmd->user_data; 2777 int err; 2778 2779 bacpy(&rp.addr.bdaddr, &conn->dst); 2780 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2781 2782 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2783 status, &rp, sizeof(rp)); 2784 2785 /* So we don't get further callbacks for this connection */ 2786 conn->connect_cfm_cb = NULL; 2787 conn->security_cfm_cb = NULL; 2788 conn->disconn_cfm_cb = NULL; 2789 2790 hci_conn_drop(conn); 2791 2792 /* The device is paired so there is no need to remove 2793 * its connection parameters anymore. 2794 */ 2795 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2796 2797 hci_conn_put(conn); 2798 2799 return err; 2800 } 2801 2802 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2803 { 2804 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2805 struct mgmt_pending_cmd *cmd; 2806 2807 cmd = find_pairing(conn); 2808 if (cmd) { 2809 cmd->cmd_complete(cmd, status); 2810 mgmt_pending_remove(cmd); 2811 } 2812 } 2813 2814 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2815 { 2816 struct mgmt_pending_cmd *cmd; 2817 2818 BT_DBG("status %u", status); 2819 2820 cmd = find_pairing(conn); 2821 if (!cmd) { 2822 BT_DBG("Unable to find a pending command"); 2823 return; 2824 } 2825 2826 cmd->cmd_complete(cmd, mgmt_status(status)); 2827 mgmt_pending_remove(cmd); 2828 } 2829 2830 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2831 { 2832 struct mgmt_pending_cmd *cmd; 2833 2834 BT_DBG("status %u", status); 2835 2836 if (!status) 2837 return; 2838 2839 cmd = find_pairing(conn); 2840 if (!cmd) { 2841 BT_DBG("Unable to find a pending command"); 2842 return; 2843 } 2844 2845 cmd->cmd_complete(cmd, mgmt_status(status)); 2846 mgmt_pending_remove(cmd); 2847 } 2848 2849 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2850 u16 len) 2851 { 2852 struct mgmt_cp_pair_device *cp = data; 2853 struct mgmt_rp_pair_device rp; 2854 struct mgmt_pending_cmd *cmd; 2855 u8 sec_level, auth_type; 2856 struct hci_conn *conn; 2857 int err; 2858 2859 BT_DBG(""); 2860 2861 memset(&rp, 0, sizeof(rp)); 2862 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2863 rp.addr.type = cp->addr.type; 2864 2865 if (!bdaddr_type_is_valid(cp->addr.type)) 2866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2867 MGMT_STATUS_INVALID_PARAMS, 2868 &rp, sizeof(rp)); 2869 2870 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2871 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2872 MGMT_STATUS_INVALID_PARAMS, 2873 &rp, sizeof(rp)); 2874 2875 hci_dev_lock(hdev); 2876 2877 if (!hdev_is_powered(hdev)) { 2878 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2879 MGMT_STATUS_NOT_POWERED, &rp, 2880 sizeof(rp)); 2881 goto unlock; 2882 } 2883 2884 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2885 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2886 MGMT_STATUS_ALREADY_PAIRED, &rp, 2887 sizeof(rp)); 2888 goto unlock; 2889 } 2890 2891 sec_level = BT_SECURITY_MEDIUM; 2892 auth_type = HCI_AT_DEDICATED_BONDING; 2893 2894 if (cp->addr.type == BDADDR_BREDR) { 2895 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2896 auth_type); 2897 } else { 2898 u8 addr_type = le_addr_type(cp->addr.type); 2899 struct hci_conn_params *p; 2900 2901 /* When pairing a new device, it is expected to remember 2902 * this device for future connections. Adding the connection 2903 * parameter information ahead of time allows tracking 2904 * of the slave preferred values and will speed up any 2905 * further connection establishment. 2906 * 2907 * If connection parameters already exist, then they 2908 * will be kept and this function does nothing. 2909 */ 2910 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2911 2912 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2913 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2914 2915 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2916 addr_type, sec_level, 2917 HCI_LE_CONN_TIMEOUT); 2918 } 2919 2920 if (IS_ERR(conn)) { 2921 int status; 2922 2923 if (PTR_ERR(conn) == -EBUSY) 2924 status = MGMT_STATUS_BUSY; 2925 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2926 status = MGMT_STATUS_NOT_SUPPORTED; 2927 else if (PTR_ERR(conn) == -ECONNREFUSED) 2928 status = MGMT_STATUS_REJECTED; 2929 else 2930 status = MGMT_STATUS_CONNECT_FAILED; 2931 2932 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2933 status, &rp, sizeof(rp)); 2934 goto unlock; 2935 } 2936 2937 if (conn->connect_cfm_cb) { 2938 hci_conn_drop(conn); 2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2940 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2941 goto unlock; 2942 } 2943 2944 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2945 if (!cmd) { 2946 err = -ENOMEM; 2947 hci_conn_drop(conn); 2948 goto unlock; 2949 } 2950 2951 cmd->cmd_complete = pairing_complete; 2952 2953 /* For LE, just connecting isn't a proof that the pairing finished */ 2954 if (cp->addr.type == BDADDR_BREDR) { 2955 conn->connect_cfm_cb = pairing_complete_cb; 2956 conn->security_cfm_cb = pairing_complete_cb; 2957 conn->disconn_cfm_cb = pairing_complete_cb; 2958 } else { 2959 conn->connect_cfm_cb = le_pairing_complete_cb; 2960 conn->security_cfm_cb = le_pairing_complete_cb; 2961 conn->disconn_cfm_cb = le_pairing_complete_cb; 2962 } 2963 2964 conn->io_capability = cp->io_cap; 2965 cmd->user_data = hci_conn_get(conn); 2966 2967 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2968 hci_conn_security(conn, sec_level, auth_type, true)) { 2969 cmd->cmd_complete(cmd, 0); 2970 mgmt_pending_remove(cmd); 2971 } 2972 2973 err = 0; 2974 2975 unlock: 2976 hci_dev_unlock(hdev); 2977 return err; 2978 } 2979 2980 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2981 u16 len) 2982 { 2983 struct mgmt_addr_info *addr = data; 2984 struct mgmt_pending_cmd *cmd; 2985 struct hci_conn *conn; 2986 int err; 2987 2988 BT_DBG(""); 2989 2990 hci_dev_lock(hdev); 2991 2992 if (!hdev_is_powered(hdev)) { 2993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2994 MGMT_STATUS_NOT_POWERED); 2995 goto unlock; 2996 } 2997 2998 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2999 if (!cmd) { 3000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3001 MGMT_STATUS_INVALID_PARAMS); 3002 goto unlock; 3003 } 3004 3005 conn = cmd->user_data; 3006 3007 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3008 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3009 MGMT_STATUS_INVALID_PARAMS); 3010 goto unlock; 3011 } 3012 3013 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3014 mgmt_pending_remove(cmd); 3015 3016 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3017 addr, sizeof(*addr)); 3018 unlock: 3019 hci_dev_unlock(hdev); 3020 return err; 3021 } 3022 3023 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3024 struct mgmt_addr_info *addr, u16 mgmt_op, 3025 u16 hci_op, __le32 passkey) 3026 { 3027 struct mgmt_pending_cmd *cmd; 3028 struct hci_conn *conn; 3029 int err; 3030 3031 hci_dev_lock(hdev); 3032 3033 if (!hdev_is_powered(hdev)) { 3034 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3035 MGMT_STATUS_NOT_POWERED, addr, 3036 sizeof(*addr)); 3037 goto done; 3038 } 3039 3040 if (addr->type == BDADDR_BREDR) 3041 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3042 else 3043 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3044 le_addr_type(addr->type)); 3045 3046 if (!conn) { 3047 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3048 MGMT_STATUS_NOT_CONNECTED, addr, 3049 sizeof(*addr)); 3050 goto done; 3051 } 3052 3053 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3054 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3055 if (!err) 3056 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3057 MGMT_STATUS_SUCCESS, addr, 3058 sizeof(*addr)); 3059 else 3060 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3061 MGMT_STATUS_FAILED, addr, 3062 sizeof(*addr)); 3063 3064 goto done; 3065 } 3066 3067 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3068 if (!cmd) { 3069 err = -ENOMEM; 3070 goto done; 3071 } 3072 3073 cmd->cmd_complete = addr_cmd_complete; 3074 3075 /* Continue with pairing via HCI */ 3076 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3077 struct hci_cp_user_passkey_reply cp; 3078 3079 bacpy(&cp.bdaddr, &addr->bdaddr); 3080 cp.passkey = passkey; 3081 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3082 } else 3083 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3084 &addr->bdaddr); 3085 3086 if (err < 0) 3087 mgmt_pending_remove(cmd); 3088 3089 done: 3090 hci_dev_unlock(hdev); 3091 return err; 3092 } 3093 3094 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3095 void *data, u16 len) 3096 { 3097 struct mgmt_cp_pin_code_neg_reply *cp = data; 3098 3099 BT_DBG(""); 3100 3101 return user_pairing_resp(sk, hdev, &cp->addr, 3102 MGMT_OP_PIN_CODE_NEG_REPLY, 3103 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3104 } 3105 3106 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3107 u16 len) 3108 { 3109 struct mgmt_cp_user_confirm_reply *cp = data; 3110 3111 BT_DBG(""); 3112 3113 if (len != sizeof(*cp)) 3114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3115 MGMT_STATUS_INVALID_PARAMS); 3116 3117 return user_pairing_resp(sk, hdev, &cp->addr, 3118 MGMT_OP_USER_CONFIRM_REPLY, 3119 HCI_OP_USER_CONFIRM_REPLY, 0); 3120 } 3121 3122 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3123 void *data, u16 len) 3124 { 3125 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3126 3127 BT_DBG(""); 3128 3129 return user_pairing_resp(sk, hdev, &cp->addr, 3130 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3131 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3132 } 3133 3134 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3135 u16 len) 3136 { 3137 struct mgmt_cp_user_passkey_reply *cp = data; 3138 3139 BT_DBG(""); 3140 3141 return user_pairing_resp(sk, hdev, &cp->addr, 3142 MGMT_OP_USER_PASSKEY_REPLY, 3143 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3144 } 3145 3146 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3147 void *data, u16 len) 3148 { 3149 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3150 3151 BT_DBG(""); 3152 3153 return user_pairing_resp(sk, hdev, &cp->addr, 3154 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3155 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3156 } 3157 3158 static void adv_expire(struct hci_dev *hdev, u32 flags) 3159 { 3160 struct adv_info *adv_instance; 3161 struct hci_request req; 3162 int err; 3163 3164 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3165 if (!adv_instance) 3166 return; 3167 3168 /* stop if current instance doesn't need to be changed */ 3169 if (!(adv_instance->flags & flags)) 3170 return; 3171 3172 cancel_adv_timeout(hdev); 3173 3174 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3175 if (!adv_instance) 3176 return; 3177 3178 hci_req_init(&req, hdev); 3179 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3180 true); 3181 if (err) 3182 return; 3183 3184 hci_req_run(&req, NULL); 3185 } 3186 3187 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3188 { 3189 struct mgmt_cp_set_local_name *cp; 3190 struct mgmt_pending_cmd *cmd; 3191 3192 BT_DBG("status 0x%02x", status); 3193 3194 hci_dev_lock(hdev); 3195 3196 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3197 if (!cmd) 3198 goto unlock; 3199 3200 cp = cmd->param; 3201 3202 if (status) { 3203 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3204 mgmt_status(status)); 3205 } else { 3206 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3207 cp, sizeof(*cp)); 3208 3209 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3210 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3211 } 3212 3213 mgmt_pending_remove(cmd); 3214 3215 unlock: 3216 hci_dev_unlock(hdev); 3217 } 3218 3219 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3220 u16 len) 3221 { 3222 struct mgmt_cp_set_local_name *cp = data; 3223 struct mgmt_pending_cmd *cmd; 3224 struct hci_request req; 3225 int err; 3226 3227 BT_DBG(""); 3228 3229 hci_dev_lock(hdev); 3230 3231 /* If the old values are the same as the new ones just return a 3232 * direct command complete event. 3233 */ 3234 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3235 !memcmp(hdev->short_name, cp->short_name, 3236 sizeof(hdev->short_name))) { 3237 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3238 data, len); 3239 goto failed; 3240 } 3241 3242 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3243 3244 if (!hdev_is_powered(hdev)) { 3245 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3246 3247 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3248 data, len); 3249 if (err < 0) 3250 goto failed; 3251 3252 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3253 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3254 ext_info_changed(hdev, sk); 3255 3256 goto failed; 3257 } 3258 3259 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3260 if (!cmd) { 3261 err = -ENOMEM; 3262 goto failed; 3263 } 3264 3265 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3266 3267 hci_req_init(&req, hdev); 3268 3269 if (lmp_bredr_capable(hdev)) { 3270 __hci_req_update_name(&req); 3271 __hci_req_update_eir(&req); 3272 } 3273 3274 /* The name is stored in the scan response data and so 3275 * no need to udpate the advertising data here. 3276 */ 3277 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3278 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3279 3280 err = hci_req_run(&req, set_name_complete); 3281 if (err < 0) 3282 mgmt_pending_remove(cmd); 3283 3284 failed: 3285 hci_dev_unlock(hdev); 3286 return err; 3287 } 3288 3289 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3290 u16 len) 3291 { 3292 struct mgmt_cp_set_appearance *cp = data; 3293 u16 apperance; 3294 int err; 3295 3296 BT_DBG(""); 3297 3298 if (!lmp_le_capable(hdev)) 3299 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3300 MGMT_STATUS_NOT_SUPPORTED); 3301 3302 apperance = le16_to_cpu(cp->appearance); 3303 3304 hci_dev_lock(hdev); 3305 3306 if (hdev->appearance != apperance) { 3307 hdev->appearance = apperance; 3308 3309 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3310 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3311 3312 ext_info_changed(hdev, sk); 3313 } 3314 3315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3316 0); 3317 3318 hci_dev_unlock(hdev); 3319 3320 return err; 3321 } 3322 3323 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3324 void *data, u16 len) 3325 { 3326 struct mgmt_rp_get_phy_confguration rp; 3327 3328 BT_DBG("sock %p %s", sk, hdev->name); 3329 3330 hci_dev_lock(hdev); 3331 3332 memset(&rp, 0, sizeof(rp)); 3333 3334 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3335 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3336 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3337 3338 hci_dev_unlock(hdev); 3339 3340 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3341 &rp, sizeof(rp)); 3342 } 3343 3344 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3345 { 3346 struct mgmt_ev_phy_configuration_changed ev; 3347 3348 memset(&ev, 0, sizeof(ev)); 3349 3350 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3351 3352 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3353 sizeof(ev), skip); 3354 } 3355 3356 static void set_default_phy_complete(struct hci_dev *hdev, u8 status, 3357 u16 opcode, struct sk_buff *skb) 3358 { 3359 struct mgmt_pending_cmd *cmd; 3360 3361 BT_DBG("status 0x%02x", status); 3362 3363 hci_dev_lock(hdev); 3364 3365 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev); 3366 if (!cmd) 3367 goto unlock; 3368 3369 if (status) { 3370 mgmt_cmd_status(cmd->sk, hdev->id, 3371 MGMT_OP_SET_PHY_CONFIGURATION, 3372 mgmt_status(status)); 3373 } else { 3374 mgmt_cmd_complete(cmd->sk, hdev->id, 3375 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3376 NULL, 0); 3377 3378 mgmt_phy_configuration_changed(hdev, cmd->sk); 3379 } 3380 3381 mgmt_pending_remove(cmd); 3382 3383 unlock: 3384 hci_dev_unlock(hdev); 3385 } 3386 3387 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3388 void *data, u16 len) 3389 { 3390 struct mgmt_cp_set_phy_confguration *cp = data; 3391 struct hci_cp_le_set_default_phy cp_phy; 3392 struct mgmt_pending_cmd *cmd; 3393 struct hci_request req; 3394 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 3395 u16 pkt_type = (HCI_DH1 | HCI_DM1); 3396 bool changed = false; 3397 int err; 3398 3399 BT_DBG("sock %p %s", sk, hdev->name); 3400 3401 configurable_phys = get_configurable_phys(hdev); 3402 supported_phys = get_supported_phys(hdev); 3403 selected_phys = __le32_to_cpu(cp->selected_phys); 3404 3405 if (selected_phys & ~supported_phys) 3406 return mgmt_cmd_status(sk, hdev->id, 3407 MGMT_OP_SET_PHY_CONFIGURATION, 3408 MGMT_STATUS_INVALID_PARAMS); 3409 3410 unconfigure_phys = supported_phys & ~configurable_phys; 3411 3412 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 3413 return mgmt_cmd_status(sk, hdev->id, 3414 MGMT_OP_SET_PHY_CONFIGURATION, 3415 MGMT_STATUS_INVALID_PARAMS); 3416 3417 if (selected_phys == get_selected_phys(hdev)) 3418 return mgmt_cmd_complete(sk, hdev->id, 3419 MGMT_OP_SET_PHY_CONFIGURATION, 3420 0, NULL, 0); 3421 3422 hci_dev_lock(hdev); 3423 3424 if (!hdev_is_powered(hdev)) { 3425 err = mgmt_cmd_status(sk, hdev->id, 3426 MGMT_OP_SET_PHY_CONFIGURATION, 3427 MGMT_STATUS_REJECTED); 3428 goto unlock; 3429 } 3430 3431 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 3432 err = mgmt_cmd_status(sk, hdev->id, 3433 MGMT_OP_SET_PHY_CONFIGURATION, 3434 MGMT_STATUS_BUSY); 3435 goto unlock; 3436 } 3437 3438 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 3439 pkt_type |= (HCI_DH3 | HCI_DM3); 3440 else 3441 pkt_type &= ~(HCI_DH3 | HCI_DM3); 3442 3443 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 3444 pkt_type |= (HCI_DH5 | HCI_DM5); 3445 else 3446 pkt_type &= ~(HCI_DH5 | HCI_DM5); 3447 3448 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 3449 pkt_type &= ~HCI_2DH1; 3450 else 3451 pkt_type |= HCI_2DH1; 3452 3453 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 3454 pkt_type &= ~HCI_2DH3; 3455 else 3456 pkt_type |= HCI_2DH3; 3457 3458 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 3459 pkt_type &= ~HCI_2DH5; 3460 else 3461 pkt_type |= HCI_2DH5; 3462 3463 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 3464 pkt_type &= ~HCI_3DH1; 3465 else 3466 pkt_type |= HCI_3DH1; 3467 3468 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 3469 pkt_type &= ~HCI_3DH3; 3470 else 3471 pkt_type |= HCI_3DH3; 3472 3473 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 3474 pkt_type &= ~HCI_3DH5; 3475 else 3476 pkt_type |= HCI_3DH5; 3477 3478 if (pkt_type != hdev->pkt_type) { 3479 hdev->pkt_type = pkt_type; 3480 changed = true; 3481 } 3482 3483 if ((selected_phys & MGMT_PHY_LE_MASK) == 3484 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 3485 if (changed) 3486 mgmt_phy_configuration_changed(hdev, sk); 3487 3488 err = mgmt_cmd_complete(sk, hdev->id, 3489 MGMT_OP_SET_PHY_CONFIGURATION, 3490 0, NULL, 0); 3491 3492 goto unlock; 3493 } 3494 3495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 3496 len); 3497 if (!cmd) { 3498 err = -ENOMEM; 3499 goto unlock; 3500 } 3501 3502 hci_req_init(&req, hdev); 3503 3504 memset(&cp_phy, 0, sizeof(cp_phy)); 3505 3506 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 3507 cp_phy.all_phys |= 0x01; 3508 3509 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 3510 cp_phy.all_phys |= 0x02; 3511 3512 if (selected_phys & MGMT_PHY_LE_1M_TX) 3513 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 3514 3515 if (selected_phys & MGMT_PHY_LE_2M_TX) 3516 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 3517 3518 if (selected_phys & MGMT_PHY_LE_CODED_TX) 3519 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 3520 3521 if (selected_phys & MGMT_PHY_LE_1M_RX) 3522 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 3523 3524 if (selected_phys & MGMT_PHY_LE_2M_RX) 3525 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 3526 3527 if (selected_phys & MGMT_PHY_LE_CODED_RX) 3528 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 3529 3530 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy); 3531 3532 err = hci_req_run_skb(&req, set_default_phy_complete); 3533 if (err < 0) 3534 mgmt_pending_remove(cmd); 3535 3536 unlock: 3537 hci_dev_unlock(hdev); 3538 3539 return err; 3540 } 3541 3542 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3543 u16 opcode, struct sk_buff *skb) 3544 { 3545 struct mgmt_rp_read_local_oob_data mgmt_rp; 3546 size_t rp_size = sizeof(mgmt_rp); 3547 struct mgmt_pending_cmd *cmd; 3548 3549 BT_DBG("%s status %u", hdev->name, status); 3550 3551 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3552 if (!cmd) 3553 return; 3554 3555 if (status || !skb) { 3556 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3557 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3558 goto remove; 3559 } 3560 3561 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3562 3563 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3564 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3565 3566 if (skb->len < sizeof(*rp)) { 3567 mgmt_cmd_status(cmd->sk, hdev->id, 3568 MGMT_OP_READ_LOCAL_OOB_DATA, 3569 MGMT_STATUS_FAILED); 3570 goto remove; 3571 } 3572 3573 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3574 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3575 3576 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3577 } else { 3578 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3579 3580 if (skb->len < sizeof(*rp)) { 3581 mgmt_cmd_status(cmd->sk, hdev->id, 3582 MGMT_OP_READ_LOCAL_OOB_DATA, 3583 MGMT_STATUS_FAILED); 3584 goto remove; 3585 } 3586 3587 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3588 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3589 3590 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3591 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3592 } 3593 3594 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3595 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3596 3597 remove: 3598 mgmt_pending_remove(cmd); 3599 } 3600 3601 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3602 void *data, u16 data_len) 3603 { 3604 struct mgmt_pending_cmd *cmd; 3605 struct hci_request req; 3606 int err; 3607 3608 BT_DBG("%s", hdev->name); 3609 3610 hci_dev_lock(hdev); 3611 3612 if (!hdev_is_powered(hdev)) { 3613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3614 MGMT_STATUS_NOT_POWERED); 3615 goto unlock; 3616 } 3617 3618 if (!lmp_ssp_capable(hdev)) { 3619 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3620 MGMT_STATUS_NOT_SUPPORTED); 3621 goto unlock; 3622 } 3623 3624 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3625 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3626 MGMT_STATUS_BUSY); 3627 goto unlock; 3628 } 3629 3630 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3631 if (!cmd) { 3632 err = -ENOMEM; 3633 goto unlock; 3634 } 3635 3636 hci_req_init(&req, hdev); 3637 3638 if (bredr_sc_enabled(hdev)) 3639 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3640 else 3641 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3642 3643 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3644 if (err < 0) 3645 mgmt_pending_remove(cmd); 3646 3647 unlock: 3648 hci_dev_unlock(hdev); 3649 return err; 3650 } 3651 3652 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3653 void *data, u16 len) 3654 { 3655 struct mgmt_addr_info *addr = data; 3656 int err; 3657 3658 BT_DBG("%s ", hdev->name); 3659 3660 if (!bdaddr_type_is_valid(addr->type)) 3661 return mgmt_cmd_complete(sk, hdev->id, 3662 MGMT_OP_ADD_REMOTE_OOB_DATA, 3663 MGMT_STATUS_INVALID_PARAMS, 3664 addr, sizeof(*addr)); 3665 3666 hci_dev_lock(hdev); 3667 3668 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3669 struct mgmt_cp_add_remote_oob_data *cp = data; 3670 u8 status; 3671 3672 if (cp->addr.type != BDADDR_BREDR) { 3673 err = mgmt_cmd_complete(sk, hdev->id, 3674 MGMT_OP_ADD_REMOTE_OOB_DATA, 3675 MGMT_STATUS_INVALID_PARAMS, 3676 &cp->addr, sizeof(cp->addr)); 3677 goto unlock; 3678 } 3679 3680 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3681 cp->addr.type, cp->hash, 3682 cp->rand, NULL, NULL); 3683 if (err < 0) 3684 status = MGMT_STATUS_FAILED; 3685 else 3686 status = MGMT_STATUS_SUCCESS; 3687 3688 err = mgmt_cmd_complete(sk, hdev->id, 3689 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3690 &cp->addr, sizeof(cp->addr)); 3691 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3692 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3693 u8 *rand192, *hash192, *rand256, *hash256; 3694 u8 status; 3695 3696 if (bdaddr_type_is_le(cp->addr.type)) { 3697 /* Enforce zero-valued 192-bit parameters as 3698 * long as legacy SMP OOB isn't implemented. 3699 */ 3700 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3701 memcmp(cp->hash192, ZERO_KEY, 16)) { 3702 err = mgmt_cmd_complete(sk, hdev->id, 3703 MGMT_OP_ADD_REMOTE_OOB_DATA, 3704 MGMT_STATUS_INVALID_PARAMS, 3705 addr, sizeof(*addr)); 3706 goto unlock; 3707 } 3708 3709 rand192 = NULL; 3710 hash192 = NULL; 3711 } else { 3712 /* In case one of the P-192 values is set to zero, 3713 * then just disable OOB data for P-192. 3714 */ 3715 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3716 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3717 rand192 = NULL; 3718 hash192 = NULL; 3719 } else { 3720 rand192 = cp->rand192; 3721 hash192 = cp->hash192; 3722 } 3723 } 3724 3725 /* In case one of the P-256 values is set to zero, then just 3726 * disable OOB data for P-256. 3727 */ 3728 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3729 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3730 rand256 = NULL; 3731 hash256 = NULL; 3732 } else { 3733 rand256 = cp->rand256; 3734 hash256 = cp->hash256; 3735 } 3736 3737 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3738 cp->addr.type, hash192, rand192, 3739 hash256, rand256); 3740 if (err < 0) 3741 status = MGMT_STATUS_FAILED; 3742 else 3743 status = MGMT_STATUS_SUCCESS; 3744 3745 err = mgmt_cmd_complete(sk, hdev->id, 3746 MGMT_OP_ADD_REMOTE_OOB_DATA, 3747 status, &cp->addr, sizeof(cp->addr)); 3748 } else { 3749 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 3750 len); 3751 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3752 MGMT_STATUS_INVALID_PARAMS); 3753 } 3754 3755 unlock: 3756 hci_dev_unlock(hdev); 3757 return err; 3758 } 3759 3760 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3761 void *data, u16 len) 3762 { 3763 struct mgmt_cp_remove_remote_oob_data *cp = data; 3764 u8 status; 3765 int err; 3766 3767 BT_DBG("%s", hdev->name); 3768 3769 if (cp->addr.type != BDADDR_BREDR) 3770 return mgmt_cmd_complete(sk, hdev->id, 3771 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3772 MGMT_STATUS_INVALID_PARAMS, 3773 &cp->addr, sizeof(cp->addr)); 3774 3775 hci_dev_lock(hdev); 3776 3777 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3778 hci_remote_oob_data_clear(hdev); 3779 status = MGMT_STATUS_SUCCESS; 3780 goto done; 3781 } 3782 3783 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3784 if (err < 0) 3785 status = MGMT_STATUS_INVALID_PARAMS; 3786 else 3787 status = MGMT_STATUS_SUCCESS; 3788 3789 done: 3790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3791 status, &cp->addr, sizeof(cp->addr)); 3792 3793 hci_dev_unlock(hdev); 3794 return err; 3795 } 3796 3797 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3798 { 3799 struct mgmt_pending_cmd *cmd; 3800 3801 BT_DBG("status %d", status); 3802 3803 hci_dev_lock(hdev); 3804 3805 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3806 if (!cmd) 3807 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3808 3809 if (!cmd) 3810 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3811 3812 if (cmd) { 3813 cmd->cmd_complete(cmd, mgmt_status(status)); 3814 mgmt_pending_remove(cmd); 3815 } 3816 3817 hci_dev_unlock(hdev); 3818 } 3819 3820 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3821 uint8_t *mgmt_status) 3822 { 3823 switch (type) { 3824 case DISCOV_TYPE_LE: 3825 *mgmt_status = mgmt_le_support(hdev); 3826 if (*mgmt_status) 3827 return false; 3828 break; 3829 case DISCOV_TYPE_INTERLEAVED: 3830 *mgmt_status = mgmt_le_support(hdev); 3831 if (*mgmt_status) 3832 return false; 3833 /* Intentional fall-through */ 3834 case DISCOV_TYPE_BREDR: 3835 *mgmt_status = mgmt_bredr_support(hdev); 3836 if (*mgmt_status) 3837 return false; 3838 break; 3839 default: 3840 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3841 return false; 3842 } 3843 3844 return true; 3845 } 3846 3847 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3848 u16 op, void *data, u16 len) 3849 { 3850 struct mgmt_cp_start_discovery *cp = data; 3851 struct mgmt_pending_cmd *cmd; 3852 u8 status; 3853 int err; 3854 3855 BT_DBG("%s", hdev->name); 3856 3857 hci_dev_lock(hdev); 3858 3859 if (!hdev_is_powered(hdev)) { 3860 err = mgmt_cmd_complete(sk, hdev->id, op, 3861 MGMT_STATUS_NOT_POWERED, 3862 &cp->type, sizeof(cp->type)); 3863 goto failed; 3864 } 3865 3866 if (hdev->discovery.state != DISCOVERY_STOPPED || 3867 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3868 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3869 &cp->type, sizeof(cp->type)); 3870 goto failed; 3871 } 3872 3873 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3874 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3875 &cp->type, sizeof(cp->type)); 3876 goto failed; 3877 } 3878 3879 /* Clear the discovery filter first to free any previously 3880 * allocated memory for the UUID list. 3881 */ 3882 hci_discovery_filter_clear(hdev); 3883 3884 hdev->discovery.type = cp->type; 3885 hdev->discovery.report_invalid_rssi = false; 3886 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3887 hdev->discovery.limited = true; 3888 else 3889 hdev->discovery.limited = false; 3890 3891 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3892 if (!cmd) { 3893 err = -ENOMEM; 3894 goto failed; 3895 } 3896 3897 cmd->cmd_complete = generic_cmd_complete; 3898 3899 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3900 queue_work(hdev->req_workqueue, &hdev->discov_update); 3901 err = 0; 3902 3903 failed: 3904 hci_dev_unlock(hdev); 3905 return err; 3906 } 3907 3908 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3909 void *data, u16 len) 3910 { 3911 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3912 data, len); 3913 } 3914 3915 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3916 void *data, u16 len) 3917 { 3918 return start_discovery_internal(sk, hdev, 3919 MGMT_OP_START_LIMITED_DISCOVERY, 3920 data, len); 3921 } 3922 3923 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3924 u8 status) 3925 { 3926 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3927 cmd->param, 1); 3928 } 3929 3930 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3931 void *data, u16 len) 3932 { 3933 struct mgmt_cp_start_service_discovery *cp = data; 3934 struct mgmt_pending_cmd *cmd; 3935 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3936 u16 uuid_count, expected_len; 3937 u8 status; 3938 int err; 3939 3940 BT_DBG("%s", hdev->name); 3941 3942 hci_dev_lock(hdev); 3943 3944 if (!hdev_is_powered(hdev)) { 3945 err = mgmt_cmd_complete(sk, hdev->id, 3946 MGMT_OP_START_SERVICE_DISCOVERY, 3947 MGMT_STATUS_NOT_POWERED, 3948 &cp->type, sizeof(cp->type)); 3949 goto failed; 3950 } 3951 3952 if (hdev->discovery.state != DISCOVERY_STOPPED || 3953 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3954 err = mgmt_cmd_complete(sk, hdev->id, 3955 MGMT_OP_START_SERVICE_DISCOVERY, 3956 MGMT_STATUS_BUSY, &cp->type, 3957 sizeof(cp->type)); 3958 goto failed; 3959 } 3960 3961 uuid_count = __le16_to_cpu(cp->uuid_count); 3962 if (uuid_count > max_uuid_count) { 3963 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 3964 uuid_count); 3965 err = mgmt_cmd_complete(sk, hdev->id, 3966 MGMT_OP_START_SERVICE_DISCOVERY, 3967 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3968 sizeof(cp->type)); 3969 goto failed; 3970 } 3971 3972 expected_len = sizeof(*cp) + uuid_count * 16; 3973 if (expected_len != len) { 3974 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 3975 expected_len, len); 3976 err = mgmt_cmd_complete(sk, hdev->id, 3977 MGMT_OP_START_SERVICE_DISCOVERY, 3978 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3979 sizeof(cp->type)); 3980 goto failed; 3981 } 3982 3983 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3984 err = mgmt_cmd_complete(sk, hdev->id, 3985 MGMT_OP_START_SERVICE_DISCOVERY, 3986 status, &cp->type, sizeof(cp->type)); 3987 goto failed; 3988 } 3989 3990 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3991 hdev, data, len); 3992 if (!cmd) { 3993 err = -ENOMEM; 3994 goto failed; 3995 } 3996 3997 cmd->cmd_complete = service_discovery_cmd_complete; 3998 3999 /* Clear the discovery filter first to free any previously 4000 * allocated memory for the UUID list. 4001 */ 4002 hci_discovery_filter_clear(hdev); 4003 4004 hdev->discovery.result_filtering = true; 4005 hdev->discovery.type = cp->type; 4006 hdev->discovery.rssi = cp->rssi; 4007 hdev->discovery.uuid_count = uuid_count; 4008 4009 if (uuid_count > 0) { 4010 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 4011 GFP_KERNEL); 4012 if (!hdev->discovery.uuids) { 4013 err = mgmt_cmd_complete(sk, hdev->id, 4014 MGMT_OP_START_SERVICE_DISCOVERY, 4015 MGMT_STATUS_FAILED, 4016 &cp->type, sizeof(cp->type)); 4017 mgmt_pending_remove(cmd); 4018 goto failed; 4019 } 4020 } 4021 4022 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4023 queue_work(hdev->req_workqueue, &hdev->discov_update); 4024 err = 0; 4025 4026 failed: 4027 hci_dev_unlock(hdev); 4028 return err; 4029 } 4030 4031 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 4032 { 4033 struct mgmt_pending_cmd *cmd; 4034 4035 BT_DBG("status %d", status); 4036 4037 hci_dev_lock(hdev); 4038 4039 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 4040 if (cmd) { 4041 cmd->cmd_complete(cmd, mgmt_status(status)); 4042 mgmt_pending_remove(cmd); 4043 } 4044 4045 hci_dev_unlock(hdev); 4046 } 4047 4048 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 4049 u16 len) 4050 { 4051 struct mgmt_cp_stop_discovery *mgmt_cp = data; 4052 struct mgmt_pending_cmd *cmd; 4053 int err; 4054 4055 BT_DBG("%s", hdev->name); 4056 4057 hci_dev_lock(hdev); 4058 4059 if (!hci_discovery_active(hdev)) { 4060 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4061 MGMT_STATUS_REJECTED, &mgmt_cp->type, 4062 sizeof(mgmt_cp->type)); 4063 goto unlock; 4064 } 4065 4066 if (hdev->discovery.type != mgmt_cp->type) { 4067 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4068 MGMT_STATUS_INVALID_PARAMS, 4069 &mgmt_cp->type, sizeof(mgmt_cp->type)); 4070 goto unlock; 4071 } 4072 4073 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 4074 if (!cmd) { 4075 err = -ENOMEM; 4076 goto unlock; 4077 } 4078 4079 cmd->cmd_complete = generic_cmd_complete; 4080 4081 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 4082 queue_work(hdev->req_workqueue, &hdev->discov_update); 4083 err = 0; 4084 4085 unlock: 4086 hci_dev_unlock(hdev); 4087 return err; 4088 } 4089 4090 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 4091 u16 len) 4092 { 4093 struct mgmt_cp_confirm_name *cp = data; 4094 struct inquiry_entry *e; 4095 int err; 4096 4097 BT_DBG("%s", hdev->name); 4098 4099 hci_dev_lock(hdev); 4100 4101 if (!hci_discovery_active(hdev)) { 4102 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4103 MGMT_STATUS_FAILED, &cp->addr, 4104 sizeof(cp->addr)); 4105 goto failed; 4106 } 4107 4108 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 4109 if (!e) { 4110 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4111 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 4112 sizeof(cp->addr)); 4113 goto failed; 4114 } 4115 4116 if (cp->name_known) { 4117 e->name_state = NAME_KNOWN; 4118 list_del(&e->list); 4119 } else { 4120 e->name_state = NAME_NEEDED; 4121 hci_inquiry_cache_update_resolve(hdev, e); 4122 } 4123 4124 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 4125 &cp->addr, sizeof(cp->addr)); 4126 4127 failed: 4128 hci_dev_unlock(hdev); 4129 return err; 4130 } 4131 4132 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 4133 u16 len) 4134 { 4135 struct mgmt_cp_block_device *cp = data; 4136 u8 status; 4137 int err; 4138 4139 BT_DBG("%s", hdev->name); 4140 4141 if (!bdaddr_type_is_valid(cp->addr.type)) 4142 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 4143 MGMT_STATUS_INVALID_PARAMS, 4144 &cp->addr, sizeof(cp->addr)); 4145 4146 hci_dev_lock(hdev); 4147 4148 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 4149 cp->addr.type); 4150 if (err < 0) { 4151 status = MGMT_STATUS_FAILED; 4152 goto done; 4153 } 4154 4155 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4156 sk); 4157 status = MGMT_STATUS_SUCCESS; 4158 4159 done: 4160 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 4161 &cp->addr, sizeof(cp->addr)); 4162 4163 hci_dev_unlock(hdev); 4164 4165 return err; 4166 } 4167 4168 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 4169 u16 len) 4170 { 4171 struct mgmt_cp_unblock_device *cp = data; 4172 u8 status; 4173 int err; 4174 4175 BT_DBG("%s", hdev->name); 4176 4177 if (!bdaddr_type_is_valid(cp->addr.type)) 4178 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 4179 MGMT_STATUS_INVALID_PARAMS, 4180 &cp->addr, sizeof(cp->addr)); 4181 4182 hci_dev_lock(hdev); 4183 4184 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 4185 cp->addr.type); 4186 if (err < 0) { 4187 status = MGMT_STATUS_INVALID_PARAMS; 4188 goto done; 4189 } 4190 4191 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4192 sk); 4193 status = MGMT_STATUS_SUCCESS; 4194 4195 done: 4196 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 4197 &cp->addr, sizeof(cp->addr)); 4198 4199 hci_dev_unlock(hdev); 4200 4201 return err; 4202 } 4203 4204 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 4205 u16 len) 4206 { 4207 struct mgmt_cp_set_device_id *cp = data; 4208 struct hci_request req; 4209 int err; 4210 __u16 source; 4211 4212 BT_DBG("%s", hdev->name); 4213 4214 source = __le16_to_cpu(cp->source); 4215 4216 if (source > 0x0002) 4217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 4218 MGMT_STATUS_INVALID_PARAMS); 4219 4220 hci_dev_lock(hdev); 4221 4222 hdev->devid_source = source; 4223 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 4224 hdev->devid_product = __le16_to_cpu(cp->product); 4225 hdev->devid_version = __le16_to_cpu(cp->version); 4226 4227 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 4228 NULL, 0); 4229 4230 hci_req_init(&req, hdev); 4231 __hci_req_update_eir(&req); 4232 hci_req_run(&req, NULL); 4233 4234 hci_dev_unlock(hdev); 4235 4236 return err; 4237 } 4238 4239 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 4240 u16 opcode) 4241 { 4242 BT_DBG("status %d", status); 4243 } 4244 4245 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 4246 u16 opcode) 4247 { 4248 struct cmd_lookup match = { NULL, hdev }; 4249 struct hci_request req; 4250 u8 instance; 4251 struct adv_info *adv_instance; 4252 int err; 4253 4254 hci_dev_lock(hdev); 4255 4256 if (status) { 4257 u8 mgmt_err = mgmt_status(status); 4258 4259 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 4260 cmd_status_rsp, &mgmt_err); 4261 goto unlock; 4262 } 4263 4264 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 4265 hci_dev_set_flag(hdev, HCI_ADVERTISING); 4266 else 4267 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4268 4269 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 4270 &match); 4271 4272 new_settings(hdev, match.sk); 4273 4274 if (match.sk) 4275 sock_put(match.sk); 4276 4277 /* If "Set Advertising" was just disabled and instance advertising was 4278 * set up earlier, then re-enable multi-instance advertising. 4279 */ 4280 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 4281 list_empty(&hdev->adv_instances)) 4282 goto unlock; 4283 4284 instance = hdev->cur_adv_instance; 4285 if (!instance) { 4286 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 4287 struct adv_info, list); 4288 if (!adv_instance) 4289 goto unlock; 4290 4291 instance = adv_instance->instance; 4292 } 4293 4294 hci_req_init(&req, hdev); 4295 4296 err = __hci_req_schedule_adv_instance(&req, instance, true); 4297 4298 if (!err) 4299 err = hci_req_run(&req, enable_advertising_instance); 4300 4301 if (err) 4302 bt_dev_err(hdev, "failed to re-configure advertising"); 4303 4304 unlock: 4305 hci_dev_unlock(hdev); 4306 } 4307 4308 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 4309 u16 len) 4310 { 4311 struct mgmt_mode *cp = data; 4312 struct mgmt_pending_cmd *cmd; 4313 struct hci_request req; 4314 u8 val, status; 4315 int err; 4316 4317 BT_DBG("request for %s", hdev->name); 4318 4319 status = mgmt_le_support(hdev); 4320 if (status) 4321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4322 status); 4323 4324 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4325 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4326 MGMT_STATUS_INVALID_PARAMS); 4327 4328 hci_dev_lock(hdev); 4329 4330 val = !!cp->val; 4331 4332 /* The following conditions are ones which mean that we should 4333 * not do any HCI communication but directly send a mgmt 4334 * response to user space (after toggling the flag if 4335 * necessary). 4336 */ 4337 if (!hdev_is_powered(hdev) || 4338 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 4339 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 4340 hci_conn_num(hdev, LE_LINK) > 0 || 4341 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4342 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 4343 bool changed; 4344 4345 if (cp->val) { 4346 hdev->cur_adv_instance = 0x00; 4347 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 4348 if (cp->val == 0x02) 4349 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4350 else 4351 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4352 } else { 4353 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 4354 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4355 } 4356 4357 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 4358 if (err < 0) 4359 goto unlock; 4360 4361 if (changed) 4362 err = new_settings(hdev, sk); 4363 4364 goto unlock; 4365 } 4366 4367 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 4368 pending_find(MGMT_OP_SET_LE, hdev)) { 4369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4370 MGMT_STATUS_BUSY); 4371 goto unlock; 4372 } 4373 4374 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 4375 if (!cmd) { 4376 err = -ENOMEM; 4377 goto unlock; 4378 } 4379 4380 hci_req_init(&req, hdev); 4381 4382 if (cp->val == 0x02) 4383 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4384 else 4385 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4386 4387 cancel_adv_timeout(hdev); 4388 4389 if (val) { 4390 /* Switch to instance "0" for the Set Advertising setting. 4391 * We cannot use update_[adv|scan_rsp]_data() here as the 4392 * HCI_ADVERTISING flag is not yet set. 4393 */ 4394 hdev->cur_adv_instance = 0x00; 4395 4396 if (ext_adv_capable(hdev)) { 4397 __hci_req_start_ext_adv(&req, 0x00); 4398 } else { 4399 __hci_req_update_adv_data(&req, 0x00); 4400 __hci_req_update_scan_rsp_data(&req, 0x00); 4401 __hci_req_enable_advertising(&req); 4402 } 4403 } else { 4404 __hci_req_disable_advertising(&req); 4405 } 4406 4407 err = hci_req_run(&req, set_advertising_complete); 4408 if (err < 0) 4409 mgmt_pending_remove(cmd); 4410 4411 unlock: 4412 hci_dev_unlock(hdev); 4413 return err; 4414 } 4415 4416 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 4417 void *data, u16 len) 4418 { 4419 struct mgmt_cp_set_static_address *cp = data; 4420 int err; 4421 4422 BT_DBG("%s", hdev->name); 4423 4424 if (!lmp_le_capable(hdev)) 4425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4426 MGMT_STATUS_NOT_SUPPORTED); 4427 4428 if (hdev_is_powered(hdev)) 4429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4430 MGMT_STATUS_REJECTED); 4431 4432 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 4433 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 4434 return mgmt_cmd_status(sk, hdev->id, 4435 MGMT_OP_SET_STATIC_ADDRESS, 4436 MGMT_STATUS_INVALID_PARAMS); 4437 4438 /* Two most significant bits shall be set */ 4439 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 4440 return mgmt_cmd_status(sk, hdev->id, 4441 MGMT_OP_SET_STATIC_ADDRESS, 4442 MGMT_STATUS_INVALID_PARAMS); 4443 } 4444 4445 hci_dev_lock(hdev); 4446 4447 bacpy(&hdev->static_addr, &cp->bdaddr); 4448 4449 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 4450 if (err < 0) 4451 goto unlock; 4452 4453 err = new_settings(hdev, sk); 4454 4455 unlock: 4456 hci_dev_unlock(hdev); 4457 return err; 4458 } 4459 4460 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4461 void *data, u16 len) 4462 { 4463 struct mgmt_cp_set_scan_params *cp = data; 4464 __u16 interval, window; 4465 int err; 4466 4467 BT_DBG("%s", hdev->name); 4468 4469 if (!lmp_le_capable(hdev)) 4470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4471 MGMT_STATUS_NOT_SUPPORTED); 4472 4473 interval = __le16_to_cpu(cp->interval); 4474 4475 if (interval < 0x0004 || interval > 0x4000) 4476 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4477 MGMT_STATUS_INVALID_PARAMS); 4478 4479 window = __le16_to_cpu(cp->window); 4480 4481 if (window < 0x0004 || window > 0x4000) 4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4483 MGMT_STATUS_INVALID_PARAMS); 4484 4485 if (window > interval) 4486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4487 MGMT_STATUS_INVALID_PARAMS); 4488 4489 hci_dev_lock(hdev); 4490 4491 hdev->le_scan_interval = interval; 4492 hdev->le_scan_window = window; 4493 4494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 4495 NULL, 0); 4496 4497 /* If background scan is running, restart it so new parameters are 4498 * loaded. 4499 */ 4500 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4501 hdev->discovery.state == DISCOVERY_STOPPED) { 4502 struct hci_request req; 4503 4504 hci_req_init(&req, hdev); 4505 4506 hci_req_add_le_scan_disable(&req); 4507 hci_req_add_le_passive_scan(&req); 4508 4509 hci_req_run(&req, NULL); 4510 } 4511 4512 hci_dev_unlock(hdev); 4513 4514 return err; 4515 } 4516 4517 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4518 u16 opcode) 4519 { 4520 struct mgmt_pending_cmd *cmd; 4521 4522 BT_DBG("status 0x%02x", status); 4523 4524 hci_dev_lock(hdev); 4525 4526 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4527 if (!cmd) 4528 goto unlock; 4529 4530 if (status) { 4531 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4532 mgmt_status(status)); 4533 } else { 4534 struct mgmt_mode *cp = cmd->param; 4535 4536 if (cp->val) 4537 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4538 else 4539 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4540 4541 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4542 new_settings(hdev, cmd->sk); 4543 } 4544 4545 mgmt_pending_remove(cmd); 4546 4547 unlock: 4548 hci_dev_unlock(hdev); 4549 } 4550 4551 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4552 void *data, u16 len) 4553 { 4554 struct mgmt_mode *cp = data; 4555 struct mgmt_pending_cmd *cmd; 4556 struct hci_request req; 4557 int err; 4558 4559 BT_DBG("%s", hdev->name); 4560 4561 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4562 hdev->hci_ver < BLUETOOTH_VER_1_2) 4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4564 MGMT_STATUS_NOT_SUPPORTED); 4565 4566 if (cp->val != 0x00 && cp->val != 0x01) 4567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4568 MGMT_STATUS_INVALID_PARAMS); 4569 4570 hci_dev_lock(hdev); 4571 4572 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4573 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4574 MGMT_STATUS_BUSY); 4575 goto unlock; 4576 } 4577 4578 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4579 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4580 hdev); 4581 goto unlock; 4582 } 4583 4584 if (!hdev_is_powered(hdev)) { 4585 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4586 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4587 hdev); 4588 new_settings(hdev, sk); 4589 goto unlock; 4590 } 4591 4592 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4593 data, len); 4594 if (!cmd) { 4595 err = -ENOMEM; 4596 goto unlock; 4597 } 4598 4599 hci_req_init(&req, hdev); 4600 4601 __hci_req_write_fast_connectable(&req, cp->val); 4602 4603 err = hci_req_run(&req, fast_connectable_complete); 4604 if (err < 0) { 4605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4606 MGMT_STATUS_FAILED); 4607 mgmt_pending_remove(cmd); 4608 } 4609 4610 unlock: 4611 hci_dev_unlock(hdev); 4612 4613 return err; 4614 } 4615 4616 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4617 { 4618 struct mgmt_pending_cmd *cmd; 4619 4620 BT_DBG("status 0x%02x", status); 4621 4622 hci_dev_lock(hdev); 4623 4624 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4625 if (!cmd) 4626 goto unlock; 4627 4628 if (status) { 4629 u8 mgmt_err = mgmt_status(status); 4630 4631 /* We need to restore the flag if related HCI commands 4632 * failed. 4633 */ 4634 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4635 4636 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4637 } else { 4638 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4639 new_settings(hdev, cmd->sk); 4640 } 4641 4642 mgmt_pending_remove(cmd); 4643 4644 unlock: 4645 hci_dev_unlock(hdev); 4646 } 4647 4648 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4649 { 4650 struct mgmt_mode *cp = data; 4651 struct mgmt_pending_cmd *cmd; 4652 struct hci_request req; 4653 int err; 4654 4655 BT_DBG("request for %s", hdev->name); 4656 4657 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4659 MGMT_STATUS_NOT_SUPPORTED); 4660 4661 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4663 MGMT_STATUS_REJECTED); 4664 4665 if (cp->val != 0x00 && cp->val != 0x01) 4666 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4667 MGMT_STATUS_INVALID_PARAMS); 4668 4669 hci_dev_lock(hdev); 4670 4671 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4672 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4673 goto unlock; 4674 } 4675 4676 if (!hdev_is_powered(hdev)) { 4677 if (!cp->val) { 4678 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4679 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4680 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4681 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4682 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4683 } 4684 4685 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4686 4687 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4688 if (err < 0) 4689 goto unlock; 4690 4691 err = new_settings(hdev, sk); 4692 goto unlock; 4693 } 4694 4695 /* Reject disabling when powered on */ 4696 if (!cp->val) { 4697 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4698 MGMT_STATUS_REJECTED); 4699 goto unlock; 4700 } else { 4701 /* When configuring a dual-mode controller to operate 4702 * with LE only and using a static address, then switching 4703 * BR/EDR back on is not allowed. 4704 * 4705 * Dual-mode controllers shall operate with the public 4706 * address as its identity address for BR/EDR and LE. So 4707 * reject the attempt to create an invalid configuration. 4708 * 4709 * The same restrictions applies when secure connections 4710 * has been enabled. For BR/EDR this is a controller feature 4711 * while for LE it is a host stack feature. This means that 4712 * switching BR/EDR back on when secure connections has been 4713 * enabled is not a supported transaction. 4714 */ 4715 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4716 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4717 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4718 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4719 MGMT_STATUS_REJECTED); 4720 goto unlock; 4721 } 4722 } 4723 4724 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4725 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4726 MGMT_STATUS_BUSY); 4727 goto unlock; 4728 } 4729 4730 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4731 if (!cmd) { 4732 err = -ENOMEM; 4733 goto unlock; 4734 } 4735 4736 /* We need to flip the bit already here so that 4737 * hci_req_update_adv_data generates the correct flags. 4738 */ 4739 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4740 4741 hci_req_init(&req, hdev); 4742 4743 __hci_req_write_fast_connectable(&req, false); 4744 __hci_req_update_scan(&req); 4745 4746 /* Since only the advertising data flags will change, there 4747 * is no need to update the scan response data. 4748 */ 4749 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4750 4751 err = hci_req_run(&req, set_bredr_complete); 4752 if (err < 0) 4753 mgmt_pending_remove(cmd); 4754 4755 unlock: 4756 hci_dev_unlock(hdev); 4757 return err; 4758 } 4759 4760 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4761 { 4762 struct mgmt_pending_cmd *cmd; 4763 struct mgmt_mode *cp; 4764 4765 BT_DBG("%s status %u", hdev->name, status); 4766 4767 hci_dev_lock(hdev); 4768 4769 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4770 if (!cmd) 4771 goto unlock; 4772 4773 if (status) { 4774 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4775 mgmt_status(status)); 4776 goto remove; 4777 } 4778 4779 cp = cmd->param; 4780 4781 switch (cp->val) { 4782 case 0x00: 4783 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4784 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4785 break; 4786 case 0x01: 4787 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4788 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4789 break; 4790 case 0x02: 4791 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4792 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4793 break; 4794 } 4795 4796 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4797 new_settings(hdev, cmd->sk); 4798 4799 remove: 4800 mgmt_pending_remove(cmd); 4801 unlock: 4802 hci_dev_unlock(hdev); 4803 } 4804 4805 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4806 void *data, u16 len) 4807 { 4808 struct mgmt_mode *cp = data; 4809 struct mgmt_pending_cmd *cmd; 4810 struct hci_request req; 4811 u8 val; 4812 int err; 4813 4814 BT_DBG("request for %s", hdev->name); 4815 4816 if (!lmp_sc_capable(hdev) && 4817 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4818 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4819 MGMT_STATUS_NOT_SUPPORTED); 4820 4821 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4822 lmp_sc_capable(hdev) && 4823 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4825 MGMT_STATUS_REJECTED); 4826 4827 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4828 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4829 MGMT_STATUS_INVALID_PARAMS); 4830 4831 hci_dev_lock(hdev); 4832 4833 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4834 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4835 bool changed; 4836 4837 if (cp->val) { 4838 changed = !hci_dev_test_and_set_flag(hdev, 4839 HCI_SC_ENABLED); 4840 if (cp->val == 0x02) 4841 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4842 else 4843 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4844 } else { 4845 changed = hci_dev_test_and_clear_flag(hdev, 4846 HCI_SC_ENABLED); 4847 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4848 } 4849 4850 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4851 if (err < 0) 4852 goto failed; 4853 4854 if (changed) 4855 err = new_settings(hdev, sk); 4856 4857 goto failed; 4858 } 4859 4860 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4861 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4862 MGMT_STATUS_BUSY); 4863 goto failed; 4864 } 4865 4866 val = !!cp->val; 4867 4868 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4869 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4870 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4871 goto failed; 4872 } 4873 4874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4875 if (!cmd) { 4876 err = -ENOMEM; 4877 goto failed; 4878 } 4879 4880 hci_req_init(&req, hdev); 4881 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4882 err = hci_req_run(&req, sc_enable_complete); 4883 if (err < 0) { 4884 mgmt_pending_remove(cmd); 4885 goto failed; 4886 } 4887 4888 failed: 4889 hci_dev_unlock(hdev); 4890 return err; 4891 } 4892 4893 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4894 void *data, u16 len) 4895 { 4896 struct mgmt_mode *cp = data; 4897 bool changed, use_changed; 4898 int err; 4899 4900 BT_DBG("request for %s", hdev->name); 4901 4902 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4904 MGMT_STATUS_INVALID_PARAMS); 4905 4906 hci_dev_lock(hdev); 4907 4908 if (cp->val) 4909 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4910 else 4911 changed = hci_dev_test_and_clear_flag(hdev, 4912 HCI_KEEP_DEBUG_KEYS); 4913 4914 if (cp->val == 0x02) 4915 use_changed = !hci_dev_test_and_set_flag(hdev, 4916 HCI_USE_DEBUG_KEYS); 4917 else 4918 use_changed = hci_dev_test_and_clear_flag(hdev, 4919 HCI_USE_DEBUG_KEYS); 4920 4921 if (hdev_is_powered(hdev) && use_changed && 4922 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4923 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4924 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4925 sizeof(mode), &mode); 4926 } 4927 4928 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4929 if (err < 0) 4930 goto unlock; 4931 4932 if (changed) 4933 err = new_settings(hdev, sk); 4934 4935 unlock: 4936 hci_dev_unlock(hdev); 4937 return err; 4938 } 4939 4940 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4941 u16 len) 4942 { 4943 struct mgmt_cp_set_privacy *cp = cp_data; 4944 bool changed; 4945 int err; 4946 4947 BT_DBG("request for %s", hdev->name); 4948 4949 if (!lmp_le_capable(hdev)) 4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4951 MGMT_STATUS_NOT_SUPPORTED); 4952 4953 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 4954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4955 MGMT_STATUS_INVALID_PARAMS); 4956 4957 if (hdev_is_powered(hdev)) 4958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4959 MGMT_STATUS_REJECTED); 4960 4961 hci_dev_lock(hdev); 4962 4963 /* If user space supports this command it is also expected to 4964 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4965 */ 4966 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4967 4968 if (cp->privacy) { 4969 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4970 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4971 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4972 hci_adv_instances_set_rpa_expired(hdev, true); 4973 if (cp->privacy == 0x02) 4974 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4975 else 4976 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4977 } else { 4978 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4979 memset(hdev->irk, 0, sizeof(hdev->irk)); 4980 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4981 hci_adv_instances_set_rpa_expired(hdev, false); 4982 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4983 } 4984 4985 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4986 if (err < 0) 4987 goto unlock; 4988 4989 if (changed) 4990 err = new_settings(hdev, sk); 4991 4992 unlock: 4993 hci_dev_unlock(hdev); 4994 return err; 4995 } 4996 4997 static bool irk_is_valid(struct mgmt_irk_info *irk) 4998 { 4999 switch (irk->addr.type) { 5000 case BDADDR_LE_PUBLIC: 5001 return true; 5002 5003 case BDADDR_LE_RANDOM: 5004 /* Two most significant bits shall be set */ 5005 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5006 return false; 5007 return true; 5008 } 5009 5010 return false; 5011 } 5012 5013 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 5014 u16 len) 5015 { 5016 struct mgmt_cp_load_irks *cp = cp_data; 5017 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 5018 sizeof(struct mgmt_irk_info)); 5019 u16 irk_count, expected_len; 5020 int i, err; 5021 5022 BT_DBG("request for %s", hdev->name); 5023 5024 if (!lmp_le_capable(hdev)) 5025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5026 MGMT_STATUS_NOT_SUPPORTED); 5027 5028 irk_count = __le16_to_cpu(cp->irk_count); 5029 if (irk_count > max_irk_count) { 5030 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 5031 irk_count); 5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5033 MGMT_STATUS_INVALID_PARAMS); 5034 } 5035 5036 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 5037 if (expected_len != len) { 5038 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 5039 expected_len, len); 5040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5041 MGMT_STATUS_INVALID_PARAMS); 5042 } 5043 5044 BT_DBG("%s irk_count %u", hdev->name, irk_count); 5045 5046 for (i = 0; i < irk_count; i++) { 5047 struct mgmt_irk_info *key = &cp->irks[i]; 5048 5049 if (!irk_is_valid(key)) 5050 return mgmt_cmd_status(sk, hdev->id, 5051 MGMT_OP_LOAD_IRKS, 5052 MGMT_STATUS_INVALID_PARAMS); 5053 } 5054 5055 hci_dev_lock(hdev); 5056 5057 hci_smp_irks_clear(hdev); 5058 5059 for (i = 0; i < irk_count; i++) { 5060 struct mgmt_irk_info *irk = &cp->irks[i]; 5061 5062 hci_add_irk(hdev, &irk->addr.bdaddr, 5063 le_addr_type(irk->addr.type), irk->val, 5064 BDADDR_ANY); 5065 } 5066 5067 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5068 5069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 5070 5071 hci_dev_unlock(hdev); 5072 5073 return err; 5074 } 5075 5076 static bool ltk_is_valid(struct mgmt_ltk_info *key) 5077 { 5078 if (key->master != 0x00 && key->master != 0x01) 5079 return false; 5080 5081 switch (key->addr.type) { 5082 case BDADDR_LE_PUBLIC: 5083 return true; 5084 5085 case BDADDR_LE_RANDOM: 5086 /* Two most significant bits shall be set */ 5087 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5088 return false; 5089 return true; 5090 } 5091 5092 return false; 5093 } 5094 5095 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 5096 void *cp_data, u16 len) 5097 { 5098 struct mgmt_cp_load_long_term_keys *cp = cp_data; 5099 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 5100 sizeof(struct mgmt_ltk_info)); 5101 u16 key_count, expected_len; 5102 int i, err; 5103 5104 BT_DBG("request for %s", hdev->name); 5105 5106 if (!lmp_le_capable(hdev)) 5107 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5108 MGMT_STATUS_NOT_SUPPORTED); 5109 5110 key_count = __le16_to_cpu(cp->key_count); 5111 if (key_count > max_key_count) { 5112 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 5113 key_count); 5114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5115 MGMT_STATUS_INVALID_PARAMS); 5116 } 5117 5118 expected_len = sizeof(*cp) + key_count * 5119 sizeof(struct mgmt_ltk_info); 5120 if (expected_len != len) { 5121 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 5122 expected_len, len); 5123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5124 MGMT_STATUS_INVALID_PARAMS); 5125 } 5126 5127 BT_DBG("%s key_count %u", hdev->name, key_count); 5128 5129 for (i = 0; i < key_count; i++) { 5130 struct mgmt_ltk_info *key = &cp->keys[i]; 5131 5132 if (!ltk_is_valid(key)) 5133 return mgmt_cmd_status(sk, hdev->id, 5134 MGMT_OP_LOAD_LONG_TERM_KEYS, 5135 MGMT_STATUS_INVALID_PARAMS); 5136 } 5137 5138 hci_dev_lock(hdev); 5139 5140 hci_smp_ltks_clear(hdev); 5141 5142 for (i = 0; i < key_count; i++) { 5143 struct mgmt_ltk_info *key = &cp->keys[i]; 5144 u8 type, authenticated; 5145 5146 switch (key->type) { 5147 case MGMT_LTK_UNAUTHENTICATED: 5148 authenticated = 0x00; 5149 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5150 break; 5151 case MGMT_LTK_AUTHENTICATED: 5152 authenticated = 0x01; 5153 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5154 break; 5155 case MGMT_LTK_P256_UNAUTH: 5156 authenticated = 0x00; 5157 type = SMP_LTK_P256; 5158 break; 5159 case MGMT_LTK_P256_AUTH: 5160 authenticated = 0x01; 5161 type = SMP_LTK_P256; 5162 break; 5163 case MGMT_LTK_P256_DEBUG: 5164 authenticated = 0x00; 5165 type = SMP_LTK_P256_DEBUG; 5166 /* fall through */ 5167 default: 5168 continue; 5169 } 5170 5171 hci_add_ltk(hdev, &key->addr.bdaddr, 5172 le_addr_type(key->addr.type), type, authenticated, 5173 key->val, key->enc_size, key->ediv, key->rand); 5174 } 5175 5176 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 5177 NULL, 0); 5178 5179 hci_dev_unlock(hdev); 5180 5181 return err; 5182 } 5183 5184 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5185 { 5186 struct hci_conn *conn = cmd->user_data; 5187 struct mgmt_rp_get_conn_info rp; 5188 int err; 5189 5190 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5191 5192 if (status == MGMT_STATUS_SUCCESS) { 5193 rp.rssi = conn->rssi; 5194 rp.tx_power = conn->tx_power; 5195 rp.max_tx_power = conn->max_tx_power; 5196 } else { 5197 rp.rssi = HCI_RSSI_INVALID; 5198 rp.tx_power = HCI_TX_POWER_INVALID; 5199 rp.max_tx_power = HCI_TX_POWER_INVALID; 5200 } 5201 5202 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 5203 status, &rp, sizeof(rp)); 5204 5205 hci_conn_drop(conn); 5206 hci_conn_put(conn); 5207 5208 return err; 5209 } 5210 5211 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 5212 u16 opcode) 5213 { 5214 struct hci_cp_read_rssi *cp; 5215 struct mgmt_pending_cmd *cmd; 5216 struct hci_conn *conn; 5217 u16 handle; 5218 u8 status; 5219 5220 BT_DBG("status 0x%02x", hci_status); 5221 5222 hci_dev_lock(hdev); 5223 5224 /* Commands sent in request are either Read RSSI or Read Transmit Power 5225 * Level so we check which one was last sent to retrieve connection 5226 * handle. Both commands have handle as first parameter so it's safe to 5227 * cast data on the same command struct. 5228 * 5229 * First command sent is always Read RSSI and we fail only if it fails. 5230 * In other case we simply override error to indicate success as we 5231 * already remembered if TX power value is actually valid. 5232 */ 5233 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 5234 if (!cp) { 5235 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 5236 status = MGMT_STATUS_SUCCESS; 5237 } else { 5238 status = mgmt_status(hci_status); 5239 } 5240 5241 if (!cp) { 5242 bt_dev_err(hdev, "invalid sent_cmd in conn_info response"); 5243 goto unlock; 5244 } 5245 5246 handle = __le16_to_cpu(cp->handle); 5247 conn = hci_conn_hash_lookup_handle(hdev, handle); 5248 if (!conn) { 5249 bt_dev_err(hdev, "unknown handle (%d) in conn_info response", 5250 handle); 5251 goto unlock; 5252 } 5253 5254 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 5255 if (!cmd) 5256 goto unlock; 5257 5258 cmd->cmd_complete(cmd, status); 5259 mgmt_pending_remove(cmd); 5260 5261 unlock: 5262 hci_dev_unlock(hdev); 5263 } 5264 5265 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 5266 u16 len) 5267 { 5268 struct mgmt_cp_get_conn_info *cp = data; 5269 struct mgmt_rp_get_conn_info rp; 5270 struct hci_conn *conn; 5271 unsigned long conn_info_age; 5272 int err = 0; 5273 5274 BT_DBG("%s", hdev->name); 5275 5276 memset(&rp, 0, sizeof(rp)); 5277 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5278 rp.addr.type = cp->addr.type; 5279 5280 if (!bdaddr_type_is_valid(cp->addr.type)) 5281 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5282 MGMT_STATUS_INVALID_PARAMS, 5283 &rp, sizeof(rp)); 5284 5285 hci_dev_lock(hdev); 5286 5287 if (!hdev_is_powered(hdev)) { 5288 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5289 MGMT_STATUS_NOT_POWERED, &rp, 5290 sizeof(rp)); 5291 goto unlock; 5292 } 5293 5294 if (cp->addr.type == BDADDR_BREDR) 5295 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5296 &cp->addr.bdaddr); 5297 else 5298 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 5299 5300 if (!conn || conn->state != BT_CONNECTED) { 5301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5302 MGMT_STATUS_NOT_CONNECTED, &rp, 5303 sizeof(rp)); 5304 goto unlock; 5305 } 5306 5307 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 5308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5309 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 5310 goto unlock; 5311 } 5312 5313 /* To avoid client trying to guess when to poll again for information we 5314 * calculate conn info age as random value between min/max set in hdev. 5315 */ 5316 conn_info_age = hdev->conn_info_min_age + 5317 prandom_u32_max(hdev->conn_info_max_age - 5318 hdev->conn_info_min_age); 5319 5320 /* Query controller to refresh cached values if they are too old or were 5321 * never read. 5322 */ 5323 if (time_after(jiffies, conn->conn_info_timestamp + 5324 msecs_to_jiffies(conn_info_age)) || 5325 !conn->conn_info_timestamp) { 5326 struct hci_request req; 5327 struct hci_cp_read_tx_power req_txp_cp; 5328 struct hci_cp_read_rssi req_rssi_cp; 5329 struct mgmt_pending_cmd *cmd; 5330 5331 hci_req_init(&req, hdev); 5332 req_rssi_cp.handle = cpu_to_le16(conn->handle); 5333 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 5334 &req_rssi_cp); 5335 5336 /* For LE links TX power does not change thus we don't need to 5337 * query for it once value is known. 5338 */ 5339 if (!bdaddr_type_is_le(cp->addr.type) || 5340 conn->tx_power == HCI_TX_POWER_INVALID) { 5341 req_txp_cp.handle = cpu_to_le16(conn->handle); 5342 req_txp_cp.type = 0x00; 5343 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5344 sizeof(req_txp_cp), &req_txp_cp); 5345 } 5346 5347 /* Max TX power needs to be read only once per connection */ 5348 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 5349 req_txp_cp.handle = cpu_to_le16(conn->handle); 5350 req_txp_cp.type = 0x01; 5351 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5352 sizeof(req_txp_cp), &req_txp_cp); 5353 } 5354 5355 err = hci_req_run(&req, conn_info_refresh_complete); 5356 if (err < 0) 5357 goto unlock; 5358 5359 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 5360 data, len); 5361 if (!cmd) { 5362 err = -ENOMEM; 5363 goto unlock; 5364 } 5365 5366 hci_conn_hold(conn); 5367 cmd->user_data = hci_conn_get(conn); 5368 cmd->cmd_complete = conn_info_cmd_complete; 5369 5370 conn->conn_info_timestamp = jiffies; 5371 } else { 5372 /* Cache is valid, just reply with values cached in hci_conn */ 5373 rp.rssi = conn->rssi; 5374 rp.tx_power = conn->tx_power; 5375 rp.max_tx_power = conn->max_tx_power; 5376 5377 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5378 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 5379 } 5380 5381 unlock: 5382 hci_dev_unlock(hdev); 5383 return err; 5384 } 5385 5386 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5387 { 5388 struct hci_conn *conn = cmd->user_data; 5389 struct mgmt_rp_get_clock_info rp; 5390 struct hci_dev *hdev; 5391 int err; 5392 5393 memset(&rp, 0, sizeof(rp)); 5394 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5395 5396 if (status) 5397 goto complete; 5398 5399 hdev = hci_dev_get(cmd->index); 5400 if (hdev) { 5401 rp.local_clock = cpu_to_le32(hdev->clock); 5402 hci_dev_put(hdev); 5403 } 5404 5405 if (conn) { 5406 rp.piconet_clock = cpu_to_le32(conn->clock); 5407 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 5408 } 5409 5410 complete: 5411 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 5412 sizeof(rp)); 5413 5414 if (conn) { 5415 hci_conn_drop(conn); 5416 hci_conn_put(conn); 5417 } 5418 5419 return err; 5420 } 5421 5422 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5423 { 5424 struct hci_cp_read_clock *hci_cp; 5425 struct mgmt_pending_cmd *cmd; 5426 struct hci_conn *conn; 5427 5428 BT_DBG("%s status %u", hdev->name, status); 5429 5430 hci_dev_lock(hdev); 5431 5432 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 5433 if (!hci_cp) 5434 goto unlock; 5435 5436 if (hci_cp->which) { 5437 u16 handle = __le16_to_cpu(hci_cp->handle); 5438 conn = hci_conn_hash_lookup_handle(hdev, handle); 5439 } else { 5440 conn = NULL; 5441 } 5442 5443 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 5444 if (!cmd) 5445 goto unlock; 5446 5447 cmd->cmd_complete(cmd, mgmt_status(status)); 5448 mgmt_pending_remove(cmd); 5449 5450 unlock: 5451 hci_dev_unlock(hdev); 5452 } 5453 5454 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 5455 u16 len) 5456 { 5457 struct mgmt_cp_get_clock_info *cp = data; 5458 struct mgmt_rp_get_clock_info rp; 5459 struct hci_cp_read_clock hci_cp; 5460 struct mgmt_pending_cmd *cmd; 5461 struct hci_request req; 5462 struct hci_conn *conn; 5463 int err; 5464 5465 BT_DBG("%s", hdev->name); 5466 5467 memset(&rp, 0, sizeof(rp)); 5468 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5469 rp.addr.type = cp->addr.type; 5470 5471 if (cp->addr.type != BDADDR_BREDR) 5472 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5473 MGMT_STATUS_INVALID_PARAMS, 5474 &rp, sizeof(rp)); 5475 5476 hci_dev_lock(hdev); 5477 5478 if (!hdev_is_powered(hdev)) { 5479 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5480 MGMT_STATUS_NOT_POWERED, &rp, 5481 sizeof(rp)); 5482 goto unlock; 5483 } 5484 5485 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5487 &cp->addr.bdaddr); 5488 if (!conn || conn->state != BT_CONNECTED) { 5489 err = mgmt_cmd_complete(sk, hdev->id, 5490 MGMT_OP_GET_CLOCK_INFO, 5491 MGMT_STATUS_NOT_CONNECTED, 5492 &rp, sizeof(rp)); 5493 goto unlock; 5494 } 5495 } else { 5496 conn = NULL; 5497 } 5498 5499 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 5500 if (!cmd) { 5501 err = -ENOMEM; 5502 goto unlock; 5503 } 5504 5505 cmd->cmd_complete = clock_info_cmd_complete; 5506 5507 hci_req_init(&req, hdev); 5508 5509 memset(&hci_cp, 0, sizeof(hci_cp)); 5510 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5511 5512 if (conn) { 5513 hci_conn_hold(conn); 5514 cmd->user_data = hci_conn_get(conn); 5515 5516 hci_cp.handle = cpu_to_le16(conn->handle); 5517 hci_cp.which = 0x01; /* Piconet clock */ 5518 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5519 } 5520 5521 err = hci_req_run(&req, get_clock_info_complete); 5522 if (err < 0) 5523 mgmt_pending_remove(cmd); 5524 5525 unlock: 5526 hci_dev_unlock(hdev); 5527 return err; 5528 } 5529 5530 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5531 { 5532 struct hci_conn *conn; 5533 5534 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5535 if (!conn) 5536 return false; 5537 5538 if (conn->dst_type != type) 5539 return false; 5540 5541 if (conn->state != BT_CONNECTED) 5542 return false; 5543 5544 return true; 5545 } 5546 5547 /* This function requires the caller holds hdev->lock */ 5548 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5549 u8 addr_type, u8 auto_connect) 5550 { 5551 struct hci_conn_params *params; 5552 5553 params = hci_conn_params_add(hdev, addr, addr_type); 5554 if (!params) 5555 return -EIO; 5556 5557 if (params->auto_connect == auto_connect) 5558 return 0; 5559 5560 list_del_init(¶ms->action); 5561 5562 switch (auto_connect) { 5563 case HCI_AUTO_CONN_DISABLED: 5564 case HCI_AUTO_CONN_LINK_LOSS: 5565 /* If auto connect is being disabled when we're trying to 5566 * connect to device, keep connecting. 5567 */ 5568 if (params->explicit_connect) 5569 list_add(¶ms->action, &hdev->pend_le_conns); 5570 break; 5571 case HCI_AUTO_CONN_REPORT: 5572 if (params->explicit_connect) 5573 list_add(¶ms->action, &hdev->pend_le_conns); 5574 else 5575 list_add(¶ms->action, &hdev->pend_le_reports); 5576 break; 5577 case HCI_AUTO_CONN_DIRECT: 5578 case HCI_AUTO_CONN_ALWAYS: 5579 if (!is_connected(hdev, addr, addr_type)) 5580 list_add(¶ms->action, &hdev->pend_le_conns); 5581 break; 5582 } 5583 5584 params->auto_connect = auto_connect; 5585 5586 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5587 auto_connect); 5588 5589 return 0; 5590 } 5591 5592 static void device_added(struct sock *sk, struct hci_dev *hdev, 5593 bdaddr_t *bdaddr, u8 type, u8 action) 5594 { 5595 struct mgmt_ev_device_added ev; 5596 5597 bacpy(&ev.addr.bdaddr, bdaddr); 5598 ev.addr.type = type; 5599 ev.action = action; 5600 5601 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5602 } 5603 5604 static int add_device(struct sock *sk, struct hci_dev *hdev, 5605 void *data, u16 len) 5606 { 5607 struct mgmt_cp_add_device *cp = data; 5608 u8 auto_conn, addr_type; 5609 int err; 5610 5611 BT_DBG("%s", hdev->name); 5612 5613 if (!bdaddr_type_is_valid(cp->addr.type) || 5614 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5616 MGMT_STATUS_INVALID_PARAMS, 5617 &cp->addr, sizeof(cp->addr)); 5618 5619 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5620 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5621 MGMT_STATUS_INVALID_PARAMS, 5622 &cp->addr, sizeof(cp->addr)); 5623 5624 hci_dev_lock(hdev); 5625 5626 if (cp->addr.type == BDADDR_BREDR) { 5627 /* Only incoming connections action is supported for now */ 5628 if (cp->action != 0x01) { 5629 err = mgmt_cmd_complete(sk, hdev->id, 5630 MGMT_OP_ADD_DEVICE, 5631 MGMT_STATUS_INVALID_PARAMS, 5632 &cp->addr, sizeof(cp->addr)); 5633 goto unlock; 5634 } 5635 5636 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5637 cp->addr.type); 5638 if (err) 5639 goto unlock; 5640 5641 hci_req_update_scan(hdev); 5642 5643 goto added; 5644 } 5645 5646 addr_type = le_addr_type(cp->addr.type); 5647 5648 if (cp->action == 0x02) 5649 auto_conn = HCI_AUTO_CONN_ALWAYS; 5650 else if (cp->action == 0x01) 5651 auto_conn = HCI_AUTO_CONN_DIRECT; 5652 else 5653 auto_conn = HCI_AUTO_CONN_REPORT; 5654 5655 /* Kernel internally uses conn_params with resolvable private 5656 * address, but Add Device allows only identity addresses. 5657 * Make sure it is enforced before calling 5658 * hci_conn_params_lookup. 5659 */ 5660 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5662 MGMT_STATUS_INVALID_PARAMS, 5663 &cp->addr, sizeof(cp->addr)); 5664 goto unlock; 5665 } 5666 5667 /* If the connection parameters don't exist for this device, 5668 * they will be created and configured with defaults. 5669 */ 5670 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5671 auto_conn) < 0) { 5672 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5673 MGMT_STATUS_FAILED, &cp->addr, 5674 sizeof(cp->addr)); 5675 goto unlock; 5676 } 5677 5678 hci_update_background_scan(hdev); 5679 5680 added: 5681 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5682 5683 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5684 MGMT_STATUS_SUCCESS, &cp->addr, 5685 sizeof(cp->addr)); 5686 5687 unlock: 5688 hci_dev_unlock(hdev); 5689 return err; 5690 } 5691 5692 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5693 bdaddr_t *bdaddr, u8 type) 5694 { 5695 struct mgmt_ev_device_removed ev; 5696 5697 bacpy(&ev.addr.bdaddr, bdaddr); 5698 ev.addr.type = type; 5699 5700 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5701 } 5702 5703 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5704 void *data, u16 len) 5705 { 5706 struct mgmt_cp_remove_device *cp = data; 5707 int err; 5708 5709 BT_DBG("%s", hdev->name); 5710 5711 hci_dev_lock(hdev); 5712 5713 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5714 struct hci_conn_params *params; 5715 u8 addr_type; 5716 5717 if (!bdaddr_type_is_valid(cp->addr.type)) { 5718 err = mgmt_cmd_complete(sk, hdev->id, 5719 MGMT_OP_REMOVE_DEVICE, 5720 MGMT_STATUS_INVALID_PARAMS, 5721 &cp->addr, sizeof(cp->addr)); 5722 goto unlock; 5723 } 5724 5725 if (cp->addr.type == BDADDR_BREDR) { 5726 err = hci_bdaddr_list_del(&hdev->whitelist, 5727 &cp->addr.bdaddr, 5728 cp->addr.type); 5729 if (err) { 5730 err = mgmt_cmd_complete(sk, hdev->id, 5731 MGMT_OP_REMOVE_DEVICE, 5732 MGMT_STATUS_INVALID_PARAMS, 5733 &cp->addr, 5734 sizeof(cp->addr)); 5735 goto unlock; 5736 } 5737 5738 hci_req_update_scan(hdev); 5739 5740 device_removed(sk, hdev, &cp->addr.bdaddr, 5741 cp->addr.type); 5742 goto complete; 5743 } 5744 5745 addr_type = le_addr_type(cp->addr.type); 5746 5747 /* Kernel internally uses conn_params with resolvable private 5748 * address, but Remove Device allows only identity addresses. 5749 * Make sure it is enforced before calling 5750 * hci_conn_params_lookup. 5751 */ 5752 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5753 err = mgmt_cmd_complete(sk, hdev->id, 5754 MGMT_OP_REMOVE_DEVICE, 5755 MGMT_STATUS_INVALID_PARAMS, 5756 &cp->addr, sizeof(cp->addr)); 5757 goto unlock; 5758 } 5759 5760 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5761 addr_type); 5762 if (!params) { 5763 err = mgmt_cmd_complete(sk, hdev->id, 5764 MGMT_OP_REMOVE_DEVICE, 5765 MGMT_STATUS_INVALID_PARAMS, 5766 &cp->addr, sizeof(cp->addr)); 5767 goto unlock; 5768 } 5769 5770 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5771 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5772 err = mgmt_cmd_complete(sk, hdev->id, 5773 MGMT_OP_REMOVE_DEVICE, 5774 MGMT_STATUS_INVALID_PARAMS, 5775 &cp->addr, sizeof(cp->addr)); 5776 goto unlock; 5777 } 5778 5779 list_del(¶ms->action); 5780 list_del(¶ms->list); 5781 kfree(params); 5782 hci_update_background_scan(hdev); 5783 5784 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5785 } else { 5786 struct hci_conn_params *p, *tmp; 5787 struct bdaddr_list *b, *btmp; 5788 5789 if (cp->addr.type) { 5790 err = mgmt_cmd_complete(sk, hdev->id, 5791 MGMT_OP_REMOVE_DEVICE, 5792 MGMT_STATUS_INVALID_PARAMS, 5793 &cp->addr, sizeof(cp->addr)); 5794 goto unlock; 5795 } 5796 5797 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5798 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5799 list_del(&b->list); 5800 kfree(b); 5801 } 5802 5803 hci_req_update_scan(hdev); 5804 5805 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5806 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5807 continue; 5808 device_removed(sk, hdev, &p->addr, p->addr_type); 5809 if (p->explicit_connect) { 5810 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5811 continue; 5812 } 5813 list_del(&p->action); 5814 list_del(&p->list); 5815 kfree(p); 5816 } 5817 5818 BT_DBG("All LE connection parameters were removed"); 5819 5820 hci_update_background_scan(hdev); 5821 } 5822 5823 complete: 5824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5825 MGMT_STATUS_SUCCESS, &cp->addr, 5826 sizeof(cp->addr)); 5827 unlock: 5828 hci_dev_unlock(hdev); 5829 return err; 5830 } 5831 5832 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5833 u16 len) 5834 { 5835 struct mgmt_cp_load_conn_param *cp = data; 5836 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5837 sizeof(struct mgmt_conn_param)); 5838 u16 param_count, expected_len; 5839 int i; 5840 5841 if (!lmp_le_capable(hdev)) 5842 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5843 MGMT_STATUS_NOT_SUPPORTED); 5844 5845 param_count = __le16_to_cpu(cp->param_count); 5846 if (param_count > max_param_count) { 5847 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 5848 param_count); 5849 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5850 MGMT_STATUS_INVALID_PARAMS); 5851 } 5852 5853 expected_len = sizeof(*cp) + param_count * 5854 sizeof(struct mgmt_conn_param); 5855 if (expected_len != len) { 5856 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 5857 expected_len, len); 5858 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5859 MGMT_STATUS_INVALID_PARAMS); 5860 } 5861 5862 BT_DBG("%s param_count %u", hdev->name, param_count); 5863 5864 hci_dev_lock(hdev); 5865 5866 hci_conn_params_clear_disabled(hdev); 5867 5868 for (i = 0; i < param_count; i++) { 5869 struct mgmt_conn_param *param = &cp->params[i]; 5870 struct hci_conn_params *hci_param; 5871 u16 min, max, latency, timeout; 5872 u8 addr_type; 5873 5874 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5875 param->addr.type); 5876 5877 if (param->addr.type == BDADDR_LE_PUBLIC) { 5878 addr_type = ADDR_LE_DEV_PUBLIC; 5879 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5880 addr_type = ADDR_LE_DEV_RANDOM; 5881 } else { 5882 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5883 continue; 5884 } 5885 5886 min = le16_to_cpu(param->min_interval); 5887 max = le16_to_cpu(param->max_interval); 5888 latency = le16_to_cpu(param->latency); 5889 timeout = le16_to_cpu(param->timeout); 5890 5891 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5892 min, max, latency, timeout); 5893 5894 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5895 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5896 continue; 5897 } 5898 5899 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5900 addr_type); 5901 if (!hci_param) { 5902 bt_dev_err(hdev, "failed to add connection parameters"); 5903 continue; 5904 } 5905 5906 hci_param->conn_min_interval = min; 5907 hci_param->conn_max_interval = max; 5908 hci_param->conn_latency = latency; 5909 hci_param->supervision_timeout = timeout; 5910 } 5911 5912 hci_dev_unlock(hdev); 5913 5914 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5915 NULL, 0); 5916 } 5917 5918 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5919 void *data, u16 len) 5920 { 5921 struct mgmt_cp_set_external_config *cp = data; 5922 bool changed; 5923 int err; 5924 5925 BT_DBG("%s", hdev->name); 5926 5927 if (hdev_is_powered(hdev)) 5928 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5929 MGMT_STATUS_REJECTED); 5930 5931 if (cp->config != 0x00 && cp->config != 0x01) 5932 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5933 MGMT_STATUS_INVALID_PARAMS); 5934 5935 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5936 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5937 MGMT_STATUS_NOT_SUPPORTED); 5938 5939 hci_dev_lock(hdev); 5940 5941 if (cp->config) 5942 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5943 else 5944 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5945 5946 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5947 if (err < 0) 5948 goto unlock; 5949 5950 if (!changed) 5951 goto unlock; 5952 5953 err = new_options(hdev, sk); 5954 5955 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5956 mgmt_index_removed(hdev); 5957 5958 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5959 hci_dev_set_flag(hdev, HCI_CONFIG); 5960 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5961 5962 queue_work(hdev->req_workqueue, &hdev->power_on); 5963 } else { 5964 set_bit(HCI_RAW, &hdev->flags); 5965 mgmt_index_added(hdev); 5966 } 5967 } 5968 5969 unlock: 5970 hci_dev_unlock(hdev); 5971 return err; 5972 } 5973 5974 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5975 void *data, u16 len) 5976 { 5977 struct mgmt_cp_set_public_address *cp = data; 5978 bool changed; 5979 int err; 5980 5981 BT_DBG("%s", hdev->name); 5982 5983 if (hdev_is_powered(hdev)) 5984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5985 MGMT_STATUS_REJECTED); 5986 5987 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5989 MGMT_STATUS_INVALID_PARAMS); 5990 5991 if (!hdev->set_bdaddr) 5992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5993 MGMT_STATUS_NOT_SUPPORTED); 5994 5995 hci_dev_lock(hdev); 5996 5997 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5998 bacpy(&hdev->public_addr, &cp->bdaddr); 5999 6000 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 6001 if (err < 0) 6002 goto unlock; 6003 6004 if (!changed) 6005 goto unlock; 6006 6007 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 6008 err = new_options(hdev, sk); 6009 6010 if (is_configured(hdev)) { 6011 mgmt_index_removed(hdev); 6012 6013 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 6014 6015 hci_dev_set_flag(hdev, HCI_CONFIG); 6016 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6017 6018 queue_work(hdev->req_workqueue, &hdev->power_on); 6019 } 6020 6021 unlock: 6022 hci_dev_unlock(hdev); 6023 return err; 6024 } 6025 6026 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 6027 u16 opcode, struct sk_buff *skb) 6028 { 6029 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 6030 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 6031 u8 *h192, *r192, *h256, *r256; 6032 struct mgmt_pending_cmd *cmd; 6033 u16 eir_len; 6034 int err; 6035 6036 BT_DBG("%s status %u", hdev->name, status); 6037 6038 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 6039 if (!cmd) 6040 return; 6041 6042 mgmt_cp = cmd->param; 6043 6044 if (status) { 6045 status = mgmt_status(status); 6046 eir_len = 0; 6047 6048 h192 = NULL; 6049 r192 = NULL; 6050 h256 = NULL; 6051 r256 = NULL; 6052 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 6053 struct hci_rp_read_local_oob_data *rp; 6054 6055 if (skb->len != sizeof(*rp)) { 6056 status = MGMT_STATUS_FAILED; 6057 eir_len = 0; 6058 } else { 6059 status = MGMT_STATUS_SUCCESS; 6060 rp = (void *)skb->data; 6061 6062 eir_len = 5 + 18 + 18; 6063 h192 = rp->hash; 6064 r192 = rp->rand; 6065 h256 = NULL; 6066 r256 = NULL; 6067 } 6068 } else { 6069 struct hci_rp_read_local_oob_ext_data *rp; 6070 6071 if (skb->len != sizeof(*rp)) { 6072 status = MGMT_STATUS_FAILED; 6073 eir_len = 0; 6074 } else { 6075 status = MGMT_STATUS_SUCCESS; 6076 rp = (void *)skb->data; 6077 6078 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6079 eir_len = 5 + 18 + 18; 6080 h192 = NULL; 6081 r192 = NULL; 6082 } else { 6083 eir_len = 5 + 18 + 18 + 18 + 18; 6084 h192 = rp->hash192; 6085 r192 = rp->rand192; 6086 } 6087 6088 h256 = rp->hash256; 6089 r256 = rp->rand256; 6090 } 6091 } 6092 6093 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 6094 if (!mgmt_rp) 6095 goto done; 6096 6097 if (status) 6098 goto send_rsp; 6099 6100 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 6101 hdev->dev_class, 3); 6102 6103 if (h192 && r192) { 6104 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6105 EIR_SSP_HASH_C192, h192, 16); 6106 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6107 EIR_SSP_RAND_R192, r192, 16); 6108 } 6109 6110 if (h256 && r256) { 6111 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6112 EIR_SSP_HASH_C256, h256, 16); 6113 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6114 EIR_SSP_RAND_R256, r256, 16); 6115 } 6116 6117 send_rsp: 6118 mgmt_rp->type = mgmt_cp->type; 6119 mgmt_rp->eir_len = cpu_to_le16(eir_len); 6120 6121 err = mgmt_cmd_complete(cmd->sk, hdev->id, 6122 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 6123 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 6124 if (err < 0 || status) 6125 goto done; 6126 6127 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 6128 6129 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6130 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 6131 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 6132 done: 6133 kfree(mgmt_rp); 6134 mgmt_pending_remove(cmd); 6135 } 6136 6137 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 6138 struct mgmt_cp_read_local_oob_ext_data *cp) 6139 { 6140 struct mgmt_pending_cmd *cmd; 6141 struct hci_request req; 6142 int err; 6143 6144 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 6145 cp, sizeof(*cp)); 6146 if (!cmd) 6147 return -ENOMEM; 6148 6149 hci_req_init(&req, hdev); 6150 6151 if (bredr_sc_enabled(hdev)) 6152 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 6153 else 6154 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 6155 6156 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 6157 if (err < 0) { 6158 mgmt_pending_remove(cmd); 6159 return err; 6160 } 6161 6162 return 0; 6163 } 6164 6165 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 6166 void *data, u16 data_len) 6167 { 6168 struct mgmt_cp_read_local_oob_ext_data *cp = data; 6169 struct mgmt_rp_read_local_oob_ext_data *rp; 6170 size_t rp_len; 6171 u16 eir_len; 6172 u8 status, flags, role, addr[7], hash[16], rand[16]; 6173 int err; 6174 6175 BT_DBG("%s", hdev->name); 6176 6177 if (hdev_is_powered(hdev)) { 6178 switch (cp->type) { 6179 case BIT(BDADDR_BREDR): 6180 status = mgmt_bredr_support(hdev); 6181 if (status) 6182 eir_len = 0; 6183 else 6184 eir_len = 5; 6185 break; 6186 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6187 status = mgmt_le_support(hdev); 6188 if (status) 6189 eir_len = 0; 6190 else 6191 eir_len = 9 + 3 + 18 + 18 + 3; 6192 break; 6193 default: 6194 status = MGMT_STATUS_INVALID_PARAMS; 6195 eir_len = 0; 6196 break; 6197 } 6198 } else { 6199 status = MGMT_STATUS_NOT_POWERED; 6200 eir_len = 0; 6201 } 6202 6203 rp_len = sizeof(*rp) + eir_len; 6204 rp = kmalloc(rp_len, GFP_ATOMIC); 6205 if (!rp) 6206 return -ENOMEM; 6207 6208 if (status) 6209 goto complete; 6210 6211 hci_dev_lock(hdev); 6212 6213 eir_len = 0; 6214 switch (cp->type) { 6215 case BIT(BDADDR_BREDR): 6216 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6217 err = read_local_ssp_oob_req(hdev, sk, cp); 6218 hci_dev_unlock(hdev); 6219 if (!err) 6220 goto done; 6221 6222 status = MGMT_STATUS_FAILED; 6223 goto complete; 6224 } else { 6225 eir_len = eir_append_data(rp->eir, eir_len, 6226 EIR_CLASS_OF_DEV, 6227 hdev->dev_class, 3); 6228 } 6229 break; 6230 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6231 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6232 smp_generate_oob(hdev, hash, rand) < 0) { 6233 hci_dev_unlock(hdev); 6234 status = MGMT_STATUS_FAILED; 6235 goto complete; 6236 } 6237 6238 /* This should return the active RPA, but since the RPA 6239 * is only programmed on demand, it is really hard to fill 6240 * this in at the moment. For now disallow retrieving 6241 * local out-of-band data when privacy is in use. 6242 * 6243 * Returning the identity address will not help here since 6244 * pairing happens before the identity resolving key is 6245 * known and thus the connection establishment happens 6246 * based on the RPA and not the identity address. 6247 */ 6248 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 6249 hci_dev_unlock(hdev); 6250 status = MGMT_STATUS_REJECTED; 6251 goto complete; 6252 } 6253 6254 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 6255 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 6256 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6257 bacmp(&hdev->static_addr, BDADDR_ANY))) { 6258 memcpy(addr, &hdev->static_addr, 6); 6259 addr[6] = 0x01; 6260 } else { 6261 memcpy(addr, &hdev->bdaddr, 6); 6262 addr[6] = 0x00; 6263 } 6264 6265 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 6266 addr, sizeof(addr)); 6267 6268 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 6269 role = 0x02; 6270 else 6271 role = 0x01; 6272 6273 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 6274 &role, sizeof(role)); 6275 6276 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 6277 eir_len = eir_append_data(rp->eir, eir_len, 6278 EIR_LE_SC_CONFIRM, 6279 hash, sizeof(hash)); 6280 6281 eir_len = eir_append_data(rp->eir, eir_len, 6282 EIR_LE_SC_RANDOM, 6283 rand, sizeof(rand)); 6284 } 6285 6286 flags = mgmt_get_adv_discov_flags(hdev); 6287 6288 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 6289 flags |= LE_AD_NO_BREDR; 6290 6291 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 6292 &flags, sizeof(flags)); 6293 break; 6294 } 6295 6296 hci_dev_unlock(hdev); 6297 6298 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 6299 6300 status = MGMT_STATUS_SUCCESS; 6301 6302 complete: 6303 rp->type = cp->type; 6304 rp->eir_len = cpu_to_le16(eir_len); 6305 6306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 6307 status, rp, sizeof(*rp) + eir_len); 6308 if (err < 0 || status) 6309 goto done; 6310 6311 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6312 rp, sizeof(*rp) + eir_len, 6313 HCI_MGMT_OOB_DATA_EVENTS, sk); 6314 6315 done: 6316 kfree(rp); 6317 6318 return err; 6319 } 6320 6321 static u32 get_supported_adv_flags(struct hci_dev *hdev) 6322 { 6323 u32 flags = 0; 6324 6325 flags |= MGMT_ADV_FLAG_CONNECTABLE; 6326 flags |= MGMT_ADV_FLAG_DISCOV; 6327 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 6328 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 6329 flags |= MGMT_ADV_FLAG_APPEARANCE; 6330 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 6331 6332 /* In extended adv TX_POWER returned from Set Adv Param 6333 * will be always valid. 6334 */ 6335 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) || 6336 ext_adv_capable(hdev)) 6337 flags |= MGMT_ADV_FLAG_TX_POWER; 6338 6339 if (ext_adv_capable(hdev)) { 6340 flags |= MGMT_ADV_FLAG_SEC_1M; 6341 6342 if (hdev->le_features[1] & HCI_LE_PHY_2M) 6343 flags |= MGMT_ADV_FLAG_SEC_2M; 6344 6345 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 6346 flags |= MGMT_ADV_FLAG_SEC_CODED; 6347 } 6348 6349 return flags; 6350 } 6351 6352 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 6353 void *data, u16 data_len) 6354 { 6355 struct mgmt_rp_read_adv_features *rp; 6356 size_t rp_len; 6357 int err; 6358 struct adv_info *adv_instance; 6359 u32 supported_flags; 6360 u8 *instance; 6361 6362 BT_DBG("%s", hdev->name); 6363 6364 if (!lmp_le_capable(hdev)) 6365 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6366 MGMT_STATUS_REJECTED); 6367 6368 hci_dev_lock(hdev); 6369 6370 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 6371 rp = kmalloc(rp_len, GFP_ATOMIC); 6372 if (!rp) { 6373 hci_dev_unlock(hdev); 6374 return -ENOMEM; 6375 } 6376 6377 supported_flags = get_supported_adv_flags(hdev); 6378 6379 rp->supported_flags = cpu_to_le32(supported_flags); 6380 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 6381 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 6382 rp->max_instances = HCI_MAX_ADV_INSTANCES; 6383 rp->num_instances = hdev->adv_instance_cnt; 6384 6385 instance = rp->instance; 6386 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 6387 *instance = adv_instance->instance; 6388 instance++; 6389 } 6390 6391 hci_dev_unlock(hdev); 6392 6393 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6394 MGMT_STATUS_SUCCESS, rp, rp_len); 6395 6396 kfree(rp); 6397 6398 return err; 6399 } 6400 6401 static u8 calculate_name_len(struct hci_dev *hdev) 6402 { 6403 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 6404 6405 return append_local_name(hdev, buf, 0); 6406 } 6407 6408 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 6409 bool is_adv_data) 6410 { 6411 u8 max_len = HCI_MAX_AD_LENGTH; 6412 6413 if (is_adv_data) { 6414 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6415 MGMT_ADV_FLAG_LIMITED_DISCOV | 6416 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6417 max_len -= 3; 6418 6419 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6420 max_len -= 3; 6421 } else { 6422 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 6423 max_len -= calculate_name_len(hdev); 6424 6425 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 6426 max_len -= 4; 6427 } 6428 6429 return max_len; 6430 } 6431 6432 static bool flags_managed(u32 adv_flags) 6433 { 6434 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 6435 MGMT_ADV_FLAG_LIMITED_DISCOV | 6436 MGMT_ADV_FLAG_MANAGED_FLAGS); 6437 } 6438 6439 static bool tx_power_managed(u32 adv_flags) 6440 { 6441 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 6442 } 6443 6444 static bool name_managed(u32 adv_flags) 6445 { 6446 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 6447 } 6448 6449 static bool appearance_managed(u32 adv_flags) 6450 { 6451 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 6452 } 6453 6454 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 6455 u8 len, bool is_adv_data) 6456 { 6457 int i, cur_len; 6458 u8 max_len; 6459 6460 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 6461 6462 if (len > max_len) 6463 return false; 6464 6465 /* Make sure that the data is correctly formatted. */ 6466 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 6467 cur_len = data[i]; 6468 6469 if (data[i + 1] == EIR_FLAGS && 6470 (!is_adv_data || flags_managed(adv_flags))) 6471 return false; 6472 6473 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 6474 return false; 6475 6476 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 6477 return false; 6478 6479 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 6480 return false; 6481 6482 if (data[i + 1] == EIR_APPEARANCE && 6483 appearance_managed(adv_flags)) 6484 return false; 6485 6486 /* If the current field length would exceed the total data 6487 * length, then it's invalid. 6488 */ 6489 if (i + cur_len >= len) 6490 return false; 6491 } 6492 6493 return true; 6494 } 6495 6496 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 6497 u16 opcode) 6498 { 6499 struct mgmt_pending_cmd *cmd; 6500 struct mgmt_cp_add_advertising *cp; 6501 struct mgmt_rp_add_advertising rp; 6502 struct adv_info *adv_instance, *n; 6503 u8 instance; 6504 6505 BT_DBG("status %d", status); 6506 6507 hci_dev_lock(hdev); 6508 6509 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 6510 6511 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 6512 if (!adv_instance->pending) 6513 continue; 6514 6515 if (!status) { 6516 adv_instance->pending = false; 6517 continue; 6518 } 6519 6520 instance = adv_instance->instance; 6521 6522 if (hdev->cur_adv_instance == instance) 6523 cancel_adv_timeout(hdev); 6524 6525 hci_remove_adv_instance(hdev, instance); 6526 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 6527 } 6528 6529 if (!cmd) 6530 goto unlock; 6531 6532 cp = cmd->param; 6533 rp.instance = cp->instance; 6534 6535 if (status) 6536 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 6537 mgmt_status(status)); 6538 else 6539 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 6540 mgmt_status(status), &rp, sizeof(rp)); 6541 6542 mgmt_pending_remove(cmd); 6543 6544 unlock: 6545 hci_dev_unlock(hdev); 6546 } 6547 6548 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 6549 void *data, u16 data_len) 6550 { 6551 struct mgmt_cp_add_advertising *cp = data; 6552 struct mgmt_rp_add_advertising rp; 6553 u32 flags; 6554 u32 supported_flags, phy_flags; 6555 u8 status; 6556 u16 timeout, duration; 6557 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6558 u8 schedule_instance = 0; 6559 struct adv_info *next_instance; 6560 int err; 6561 struct mgmt_pending_cmd *cmd; 6562 struct hci_request req; 6563 6564 BT_DBG("%s", hdev->name); 6565 6566 status = mgmt_le_support(hdev); 6567 if (status) 6568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6569 status); 6570 6571 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6573 MGMT_STATUS_INVALID_PARAMS); 6574 6575 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 6576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6577 MGMT_STATUS_INVALID_PARAMS); 6578 6579 flags = __le32_to_cpu(cp->flags); 6580 timeout = __le16_to_cpu(cp->timeout); 6581 duration = __le16_to_cpu(cp->duration); 6582 6583 /* The current implementation only supports a subset of the specified 6584 * flags. Also need to check mutual exclusiveness of sec flags. 6585 */ 6586 supported_flags = get_supported_adv_flags(hdev); 6587 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK; 6588 if (flags & ~supported_flags || 6589 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 6590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6591 MGMT_STATUS_INVALID_PARAMS); 6592 6593 hci_dev_lock(hdev); 6594 6595 if (timeout && !hdev_is_powered(hdev)) { 6596 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6597 MGMT_STATUS_REJECTED); 6598 goto unlock; 6599 } 6600 6601 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6602 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6603 pending_find(MGMT_OP_SET_LE, hdev)) { 6604 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6605 MGMT_STATUS_BUSY); 6606 goto unlock; 6607 } 6608 6609 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6610 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6611 cp->scan_rsp_len, false)) { 6612 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6613 MGMT_STATUS_INVALID_PARAMS); 6614 goto unlock; 6615 } 6616 6617 err = hci_add_adv_instance(hdev, cp->instance, flags, 6618 cp->adv_data_len, cp->data, 6619 cp->scan_rsp_len, 6620 cp->data + cp->adv_data_len, 6621 timeout, duration); 6622 if (err < 0) { 6623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6624 MGMT_STATUS_FAILED); 6625 goto unlock; 6626 } 6627 6628 /* Only trigger an advertising added event if a new instance was 6629 * actually added. 6630 */ 6631 if (hdev->adv_instance_cnt > prev_instance_cnt) 6632 mgmt_advertising_added(sk, hdev, cp->instance); 6633 6634 if (hdev->cur_adv_instance == cp->instance) { 6635 /* If the currently advertised instance is being changed then 6636 * cancel the current advertising and schedule the next 6637 * instance. If there is only one instance then the overridden 6638 * advertising data will be visible right away. 6639 */ 6640 cancel_adv_timeout(hdev); 6641 6642 next_instance = hci_get_next_instance(hdev, cp->instance); 6643 if (next_instance) 6644 schedule_instance = next_instance->instance; 6645 } else if (!hdev->adv_instance_timeout) { 6646 /* Immediately advertise the new instance if no other 6647 * instance is currently being advertised. 6648 */ 6649 schedule_instance = cp->instance; 6650 } 6651 6652 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6653 * there is no instance to be advertised then we have no HCI 6654 * communication to make. Simply return. 6655 */ 6656 if (!hdev_is_powered(hdev) || 6657 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6658 !schedule_instance) { 6659 rp.instance = cp->instance; 6660 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6661 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6662 goto unlock; 6663 } 6664 6665 /* We're good to go, update advertising data, parameters, and start 6666 * advertising. 6667 */ 6668 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6669 data_len); 6670 if (!cmd) { 6671 err = -ENOMEM; 6672 goto unlock; 6673 } 6674 6675 hci_req_init(&req, hdev); 6676 6677 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6678 6679 if (!err) 6680 err = hci_req_run(&req, add_advertising_complete); 6681 6682 if (err < 0) 6683 mgmt_pending_remove(cmd); 6684 6685 unlock: 6686 hci_dev_unlock(hdev); 6687 6688 return err; 6689 } 6690 6691 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6692 u16 opcode) 6693 { 6694 struct mgmt_pending_cmd *cmd; 6695 struct mgmt_cp_remove_advertising *cp; 6696 struct mgmt_rp_remove_advertising rp; 6697 6698 BT_DBG("status %d", status); 6699 6700 hci_dev_lock(hdev); 6701 6702 /* A failure status here only means that we failed to disable 6703 * advertising. Otherwise, the advertising instance has been removed, 6704 * so report success. 6705 */ 6706 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6707 if (!cmd) 6708 goto unlock; 6709 6710 cp = cmd->param; 6711 rp.instance = cp->instance; 6712 6713 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6714 &rp, sizeof(rp)); 6715 mgmt_pending_remove(cmd); 6716 6717 unlock: 6718 hci_dev_unlock(hdev); 6719 } 6720 6721 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6722 void *data, u16 data_len) 6723 { 6724 struct mgmt_cp_remove_advertising *cp = data; 6725 struct mgmt_rp_remove_advertising rp; 6726 struct mgmt_pending_cmd *cmd; 6727 struct hci_request req; 6728 int err; 6729 6730 BT_DBG("%s", hdev->name); 6731 6732 hci_dev_lock(hdev); 6733 6734 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6735 err = mgmt_cmd_status(sk, hdev->id, 6736 MGMT_OP_REMOVE_ADVERTISING, 6737 MGMT_STATUS_INVALID_PARAMS); 6738 goto unlock; 6739 } 6740 6741 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6742 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6743 pending_find(MGMT_OP_SET_LE, hdev)) { 6744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6745 MGMT_STATUS_BUSY); 6746 goto unlock; 6747 } 6748 6749 if (list_empty(&hdev->adv_instances)) { 6750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6751 MGMT_STATUS_INVALID_PARAMS); 6752 goto unlock; 6753 } 6754 6755 hci_req_init(&req, hdev); 6756 6757 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 6758 6759 if (list_empty(&hdev->adv_instances)) 6760 __hci_req_disable_advertising(&req); 6761 6762 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6763 * flag is set or the device isn't powered then we have no HCI 6764 * communication to make. Simply return. 6765 */ 6766 if (skb_queue_empty(&req.cmd_q) || 6767 !hdev_is_powered(hdev) || 6768 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6769 hci_req_purge(&req); 6770 rp.instance = cp->instance; 6771 err = mgmt_cmd_complete(sk, hdev->id, 6772 MGMT_OP_REMOVE_ADVERTISING, 6773 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6774 goto unlock; 6775 } 6776 6777 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6778 data_len); 6779 if (!cmd) { 6780 err = -ENOMEM; 6781 goto unlock; 6782 } 6783 6784 err = hci_req_run(&req, remove_advertising_complete); 6785 if (err < 0) 6786 mgmt_pending_remove(cmd); 6787 6788 unlock: 6789 hci_dev_unlock(hdev); 6790 6791 return err; 6792 } 6793 6794 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6795 void *data, u16 data_len) 6796 { 6797 struct mgmt_cp_get_adv_size_info *cp = data; 6798 struct mgmt_rp_get_adv_size_info rp; 6799 u32 flags, supported_flags; 6800 int err; 6801 6802 BT_DBG("%s", hdev->name); 6803 6804 if (!lmp_le_capable(hdev)) 6805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6806 MGMT_STATUS_REJECTED); 6807 6808 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6809 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6810 MGMT_STATUS_INVALID_PARAMS); 6811 6812 flags = __le32_to_cpu(cp->flags); 6813 6814 /* The current implementation only supports a subset of the specified 6815 * flags. 6816 */ 6817 supported_flags = get_supported_adv_flags(hdev); 6818 if (flags & ~supported_flags) 6819 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6820 MGMT_STATUS_INVALID_PARAMS); 6821 6822 rp.instance = cp->instance; 6823 rp.flags = cp->flags; 6824 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 6825 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 6826 6827 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6828 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6829 6830 return err; 6831 } 6832 6833 static const struct hci_mgmt_handler mgmt_handlers[] = { 6834 { NULL }, /* 0x0000 (no command) */ 6835 { read_version, MGMT_READ_VERSION_SIZE, 6836 HCI_MGMT_NO_HDEV | 6837 HCI_MGMT_UNTRUSTED }, 6838 { read_commands, MGMT_READ_COMMANDS_SIZE, 6839 HCI_MGMT_NO_HDEV | 6840 HCI_MGMT_UNTRUSTED }, 6841 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6842 HCI_MGMT_NO_HDEV | 6843 HCI_MGMT_UNTRUSTED }, 6844 { read_controller_info, MGMT_READ_INFO_SIZE, 6845 HCI_MGMT_UNTRUSTED }, 6846 { set_powered, MGMT_SETTING_SIZE }, 6847 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6848 { set_connectable, MGMT_SETTING_SIZE }, 6849 { set_fast_connectable, MGMT_SETTING_SIZE }, 6850 { set_bondable, MGMT_SETTING_SIZE }, 6851 { set_link_security, MGMT_SETTING_SIZE }, 6852 { set_ssp, MGMT_SETTING_SIZE }, 6853 { set_hs, MGMT_SETTING_SIZE }, 6854 { set_le, MGMT_SETTING_SIZE }, 6855 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6856 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6857 { add_uuid, MGMT_ADD_UUID_SIZE }, 6858 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6859 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6860 HCI_MGMT_VAR_LEN }, 6861 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6862 HCI_MGMT_VAR_LEN }, 6863 { disconnect, MGMT_DISCONNECT_SIZE }, 6864 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6865 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6866 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6867 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6868 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6869 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6870 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6871 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6872 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6873 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6874 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6875 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6876 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6877 HCI_MGMT_VAR_LEN }, 6878 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6879 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6880 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6881 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6882 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6883 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6884 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6885 { set_advertising, MGMT_SETTING_SIZE }, 6886 { set_bredr, MGMT_SETTING_SIZE }, 6887 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6888 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6889 { set_secure_conn, MGMT_SETTING_SIZE }, 6890 { set_debug_keys, MGMT_SETTING_SIZE }, 6891 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6892 { load_irks, MGMT_LOAD_IRKS_SIZE, 6893 HCI_MGMT_VAR_LEN }, 6894 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6895 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6896 { add_device, MGMT_ADD_DEVICE_SIZE }, 6897 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6898 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6899 HCI_MGMT_VAR_LEN }, 6900 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6901 HCI_MGMT_NO_HDEV | 6902 HCI_MGMT_UNTRUSTED }, 6903 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6904 HCI_MGMT_UNCONFIGURED | 6905 HCI_MGMT_UNTRUSTED }, 6906 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6907 HCI_MGMT_UNCONFIGURED }, 6908 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6909 HCI_MGMT_UNCONFIGURED }, 6910 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6911 HCI_MGMT_VAR_LEN }, 6912 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6913 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6914 HCI_MGMT_NO_HDEV | 6915 HCI_MGMT_UNTRUSTED }, 6916 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6917 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6918 HCI_MGMT_VAR_LEN }, 6919 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6920 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6921 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6922 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6923 HCI_MGMT_UNTRUSTED }, 6924 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6925 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 6926 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 6927 }; 6928 6929 void mgmt_index_added(struct hci_dev *hdev) 6930 { 6931 struct mgmt_ev_ext_index ev; 6932 6933 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6934 return; 6935 6936 switch (hdev->dev_type) { 6937 case HCI_PRIMARY: 6938 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6939 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6940 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6941 ev.type = 0x01; 6942 } else { 6943 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6944 HCI_MGMT_INDEX_EVENTS); 6945 ev.type = 0x00; 6946 } 6947 break; 6948 case HCI_AMP: 6949 ev.type = 0x02; 6950 break; 6951 default: 6952 return; 6953 } 6954 6955 ev.bus = hdev->bus; 6956 6957 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6958 HCI_MGMT_EXT_INDEX_EVENTS); 6959 } 6960 6961 void mgmt_index_removed(struct hci_dev *hdev) 6962 { 6963 struct mgmt_ev_ext_index ev; 6964 u8 status = MGMT_STATUS_INVALID_INDEX; 6965 6966 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6967 return; 6968 6969 switch (hdev->dev_type) { 6970 case HCI_PRIMARY: 6971 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6972 6973 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6974 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6975 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6976 ev.type = 0x01; 6977 } else { 6978 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6979 HCI_MGMT_INDEX_EVENTS); 6980 ev.type = 0x00; 6981 } 6982 break; 6983 case HCI_AMP: 6984 ev.type = 0x02; 6985 break; 6986 default: 6987 return; 6988 } 6989 6990 ev.bus = hdev->bus; 6991 6992 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6993 HCI_MGMT_EXT_INDEX_EVENTS); 6994 } 6995 6996 /* This function requires the caller holds hdev->lock */ 6997 static void restart_le_actions(struct hci_dev *hdev) 6998 { 6999 struct hci_conn_params *p; 7000 7001 list_for_each_entry(p, &hdev->le_conn_params, list) { 7002 /* Needed for AUTO_OFF case where might not "really" 7003 * have been powered off. 7004 */ 7005 list_del_init(&p->action); 7006 7007 switch (p->auto_connect) { 7008 case HCI_AUTO_CONN_DIRECT: 7009 case HCI_AUTO_CONN_ALWAYS: 7010 list_add(&p->action, &hdev->pend_le_conns); 7011 break; 7012 case HCI_AUTO_CONN_REPORT: 7013 list_add(&p->action, &hdev->pend_le_reports); 7014 break; 7015 default: 7016 break; 7017 } 7018 } 7019 } 7020 7021 void mgmt_power_on(struct hci_dev *hdev, int err) 7022 { 7023 struct cmd_lookup match = { NULL, hdev }; 7024 7025 BT_DBG("err %d", err); 7026 7027 hci_dev_lock(hdev); 7028 7029 if (!err) { 7030 restart_le_actions(hdev); 7031 hci_update_background_scan(hdev); 7032 } 7033 7034 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7035 7036 new_settings(hdev, match.sk); 7037 7038 if (match.sk) 7039 sock_put(match.sk); 7040 7041 hci_dev_unlock(hdev); 7042 } 7043 7044 void __mgmt_power_off(struct hci_dev *hdev) 7045 { 7046 struct cmd_lookup match = { NULL, hdev }; 7047 u8 status, zero_cod[] = { 0, 0, 0 }; 7048 7049 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7050 7051 /* If the power off is because of hdev unregistration let 7052 * use the appropriate INVALID_INDEX status. Otherwise use 7053 * NOT_POWERED. We cover both scenarios here since later in 7054 * mgmt_index_removed() any hci_conn callbacks will have already 7055 * been triggered, potentially causing misleading DISCONNECTED 7056 * status responses. 7057 */ 7058 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 7059 status = MGMT_STATUS_INVALID_INDEX; 7060 else 7061 status = MGMT_STATUS_NOT_POWERED; 7062 7063 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 7064 7065 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 7066 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 7067 zero_cod, sizeof(zero_cod), 7068 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7069 ext_info_changed(hdev, NULL); 7070 } 7071 7072 new_settings(hdev, match.sk); 7073 7074 if (match.sk) 7075 sock_put(match.sk); 7076 } 7077 7078 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 7079 { 7080 struct mgmt_pending_cmd *cmd; 7081 u8 status; 7082 7083 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7084 if (!cmd) 7085 return; 7086 7087 if (err == -ERFKILL) 7088 status = MGMT_STATUS_RFKILLED; 7089 else 7090 status = MGMT_STATUS_FAILED; 7091 7092 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 7093 7094 mgmt_pending_remove(cmd); 7095 } 7096 7097 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 7098 bool persistent) 7099 { 7100 struct mgmt_ev_new_link_key ev; 7101 7102 memset(&ev, 0, sizeof(ev)); 7103 7104 ev.store_hint = persistent; 7105 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7106 ev.key.addr.type = BDADDR_BREDR; 7107 ev.key.type = key->type; 7108 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 7109 ev.key.pin_len = key->pin_len; 7110 7111 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 7112 } 7113 7114 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 7115 { 7116 switch (ltk->type) { 7117 case SMP_LTK: 7118 case SMP_LTK_SLAVE: 7119 if (ltk->authenticated) 7120 return MGMT_LTK_AUTHENTICATED; 7121 return MGMT_LTK_UNAUTHENTICATED; 7122 case SMP_LTK_P256: 7123 if (ltk->authenticated) 7124 return MGMT_LTK_P256_AUTH; 7125 return MGMT_LTK_P256_UNAUTH; 7126 case SMP_LTK_P256_DEBUG: 7127 return MGMT_LTK_P256_DEBUG; 7128 } 7129 7130 return MGMT_LTK_UNAUTHENTICATED; 7131 } 7132 7133 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 7134 { 7135 struct mgmt_ev_new_long_term_key ev; 7136 7137 memset(&ev, 0, sizeof(ev)); 7138 7139 /* Devices using resolvable or non-resolvable random addresses 7140 * without providing an identity resolving key don't require 7141 * to store long term keys. Their addresses will change the 7142 * next time around. 7143 * 7144 * Only when a remote device provides an identity address 7145 * make sure the long term key is stored. If the remote 7146 * identity is known, the long term keys are internally 7147 * mapped to the identity address. So allow static random 7148 * and public addresses here. 7149 */ 7150 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 7151 (key->bdaddr.b[5] & 0xc0) != 0xc0) 7152 ev.store_hint = 0x00; 7153 else 7154 ev.store_hint = persistent; 7155 7156 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7157 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 7158 ev.key.type = mgmt_ltk_type(key); 7159 ev.key.enc_size = key->enc_size; 7160 ev.key.ediv = key->ediv; 7161 ev.key.rand = key->rand; 7162 7163 if (key->type == SMP_LTK) 7164 ev.key.master = 1; 7165 7166 /* Make sure we copy only the significant bytes based on the 7167 * encryption key size, and set the rest of the value to zeroes. 7168 */ 7169 memcpy(ev.key.val, key->val, key->enc_size); 7170 memset(ev.key.val + key->enc_size, 0, 7171 sizeof(ev.key.val) - key->enc_size); 7172 7173 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 7174 } 7175 7176 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 7177 { 7178 struct mgmt_ev_new_irk ev; 7179 7180 memset(&ev, 0, sizeof(ev)); 7181 7182 ev.store_hint = persistent; 7183 7184 bacpy(&ev.rpa, &irk->rpa); 7185 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 7186 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 7187 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 7188 7189 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 7190 } 7191 7192 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 7193 bool persistent) 7194 { 7195 struct mgmt_ev_new_csrk ev; 7196 7197 memset(&ev, 0, sizeof(ev)); 7198 7199 /* Devices using resolvable or non-resolvable random addresses 7200 * without providing an identity resolving key don't require 7201 * to store signature resolving keys. Their addresses will change 7202 * the next time around. 7203 * 7204 * Only when a remote device provides an identity address 7205 * make sure the signature resolving key is stored. So allow 7206 * static random and public addresses here. 7207 */ 7208 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 7209 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 7210 ev.store_hint = 0x00; 7211 else 7212 ev.store_hint = persistent; 7213 7214 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 7215 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 7216 ev.key.type = csrk->type; 7217 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 7218 7219 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 7220 } 7221 7222 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 7223 u8 bdaddr_type, u8 store_hint, u16 min_interval, 7224 u16 max_interval, u16 latency, u16 timeout) 7225 { 7226 struct mgmt_ev_new_conn_param ev; 7227 7228 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 7229 return; 7230 7231 memset(&ev, 0, sizeof(ev)); 7232 bacpy(&ev.addr.bdaddr, bdaddr); 7233 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 7234 ev.store_hint = store_hint; 7235 ev.min_interval = cpu_to_le16(min_interval); 7236 ev.max_interval = cpu_to_le16(max_interval); 7237 ev.latency = cpu_to_le16(latency); 7238 ev.timeout = cpu_to_le16(timeout); 7239 7240 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 7241 } 7242 7243 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 7244 u32 flags, u8 *name, u8 name_len) 7245 { 7246 char buf[512]; 7247 struct mgmt_ev_device_connected *ev = (void *) buf; 7248 u16 eir_len = 0; 7249 7250 bacpy(&ev->addr.bdaddr, &conn->dst); 7251 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7252 7253 ev->flags = __cpu_to_le32(flags); 7254 7255 /* We must ensure that the EIR Data fields are ordered and 7256 * unique. Keep it simple for now and avoid the problem by not 7257 * adding any BR/EDR data to the LE adv. 7258 */ 7259 if (conn->le_adv_data_len > 0) { 7260 memcpy(&ev->eir[eir_len], 7261 conn->le_adv_data, conn->le_adv_data_len); 7262 eir_len = conn->le_adv_data_len; 7263 } else { 7264 if (name_len > 0) 7265 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 7266 name, name_len); 7267 7268 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 7269 eir_len = eir_append_data(ev->eir, eir_len, 7270 EIR_CLASS_OF_DEV, 7271 conn->dev_class, 3); 7272 } 7273 7274 ev->eir_len = cpu_to_le16(eir_len); 7275 7276 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 7277 sizeof(*ev) + eir_len, NULL); 7278 } 7279 7280 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 7281 { 7282 struct sock **sk = data; 7283 7284 cmd->cmd_complete(cmd, 0); 7285 7286 *sk = cmd->sk; 7287 sock_hold(*sk); 7288 7289 mgmt_pending_remove(cmd); 7290 } 7291 7292 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 7293 { 7294 struct hci_dev *hdev = data; 7295 struct mgmt_cp_unpair_device *cp = cmd->param; 7296 7297 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 7298 7299 cmd->cmd_complete(cmd, 0); 7300 mgmt_pending_remove(cmd); 7301 } 7302 7303 bool mgmt_powering_down(struct hci_dev *hdev) 7304 { 7305 struct mgmt_pending_cmd *cmd; 7306 struct mgmt_mode *cp; 7307 7308 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7309 if (!cmd) 7310 return false; 7311 7312 cp = cmd->param; 7313 if (!cp->val) 7314 return true; 7315 7316 return false; 7317 } 7318 7319 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 7320 u8 link_type, u8 addr_type, u8 reason, 7321 bool mgmt_connected) 7322 { 7323 struct mgmt_ev_device_disconnected ev; 7324 struct sock *sk = NULL; 7325 7326 /* The connection is still in hci_conn_hash so test for 1 7327 * instead of 0 to know if this is the last one. 7328 */ 7329 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7330 cancel_delayed_work(&hdev->power_off); 7331 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7332 } 7333 7334 if (!mgmt_connected) 7335 return; 7336 7337 if (link_type != ACL_LINK && link_type != LE_LINK) 7338 return; 7339 7340 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 7341 7342 bacpy(&ev.addr.bdaddr, bdaddr); 7343 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7344 ev.reason = reason; 7345 7346 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 7347 7348 if (sk) 7349 sock_put(sk); 7350 7351 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7352 hdev); 7353 } 7354 7355 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 7356 u8 link_type, u8 addr_type, u8 status) 7357 { 7358 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 7359 struct mgmt_cp_disconnect *cp; 7360 struct mgmt_pending_cmd *cmd; 7361 7362 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7363 hdev); 7364 7365 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 7366 if (!cmd) 7367 return; 7368 7369 cp = cmd->param; 7370 7371 if (bacmp(bdaddr, &cp->addr.bdaddr)) 7372 return; 7373 7374 if (cp->addr.type != bdaddr_type) 7375 return; 7376 7377 cmd->cmd_complete(cmd, mgmt_status(status)); 7378 mgmt_pending_remove(cmd); 7379 } 7380 7381 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7382 u8 addr_type, u8 status) 7383 { 7384 struct mgmt_ev_connect_failed ev; 7385 7386 /* The connection is still in hci_conn_hash so test for 1 7387 * instead of 0 to know if this is the last one. 7388 */ 7389 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7390 cancel_delayed_work(&hdev->power_off); 7391 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7392 } 7393 7394 bacpy(&ev.addr.bdaddr, bdaddr); 7395 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7396 ev.status = mgmt_status(status); 7397 7398 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 7399 } 7400 7401 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 7402 { 7403 struct mgmt_ev_pin_code_request ev; 7404 7405 bacpy(&ev.addr.bdaddr, bdaddr); 7406 ev.addr.type = BDADDR_BREDR; 7407 ev.secure = secure; 7408 7409 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 7410 } 7411 7412 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7413 u8 status) 7414 { 7415 struct mgmt_pending_cmd *cmd; 7416 7417 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 7418 if (!cmd) 7419 return; 7420 7421 cmd->cmd_complete(cmd, mgmt_status(status)); 7422 mgmt_pending_remove(cmd); 7423 } 7424 7425 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7426 u8 status) 7427 { 7428 struct mgmt_pending_cmd *cmd; 7429 7430 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 7431 if (!cmd) 7432 return; 7433 7434 cmd->cmd_complete(cmd, mgmt_status(status)); 7435 mgmt_pending_remove(cmd); 7436 } 7437 7438 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7439 u8 link_type, u8 addr_type, u32 value, 7440 u8 confirm_hint) 7441 { 7442 struct mgmt_ev_user_confirm_request ev; 7443 7444 BT_DBG("%s", hdev->name); 7445 7446 bacpy(&ev.addr.bdaddr, bdaddr); 7447 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7448 ev.confirm_hint = confirm_hint; 7449 ev.value = cpu_to_le32(value); 7450 7451 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 7452 NULL); 7453 } 7454 7455 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7456 u8 link_type, u8 addr_type) 7457 { 7458 struct mgmt_ev_user_passkey_request ev; 7459 7460 BT_DBG("%s", hdev->name); 7461 7462 bacpy(&ev.addr.bdaddr, bdaddr); 7463 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7464 7465 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 7466 NULL); 7467 } 7468 7469 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7470 u8 link_type, u8 addr_type, u8 status, 7471 u8 opcode) 7472 { 7473 struct mgmt_pending_cmd *cmd; 7474 7475 cmd = pending_find(opcode, hdev); 7476 if (!cmd) 7477 return -ENOENT; 7478 7479 cmd->cmd_complete(cmd, mgmt_status(status)); 7480 mgmt_pending_remove(cmd); 7481 7482 return 0; 7483 } 7484 7485 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7486 u8 link_type, u8 addr_type, u8 status) 7487 { 7488 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7489 status, MGMT_OP_USER_CONFIRM_REPLY); 7490 } 7491 7492 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7493 u8 link_type, u8 addr_type, u8 status) 7494 { 7495 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7496 status, 7497 MGMT_OP_USER_CONFIRM_NEG_REPLY); 7498 } 7499 7500 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7501 u8 link_type, u8 addr_type, u8 status) 7502 { 7503 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7504 status, MGMT_OP_USER_PASSKEY_REPLY); 7505 } 7506 7507 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7508 u8 link_type, u8 addr_type, u8 status) 7509 { 7510 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7511 status, 7512 MGMT_OP_USER_PASSKEY_NEG_REPLY); 7513 } 7514 7515 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 7516 u8 link_type, u8 addr_type, u32 passkey, 7517 u8 entered) 7518 { 7519 struct mgmt_ev_passkey_notify ev; 7520 7521 BT_DBG("%s", hdev->name); 7522 7523 bacpy(&ev.addr.bdaddr, bdaddr); 7524 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7525 ev.passkey = __cpu_to_le32(passkey); 7526 ev.entered = entered; 7527 7528 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 7529 } 7530 7531 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 7532 { 7533 struct mgmt_ev_auth_failed ev; 7534 struct mgmt_pending_cmd *cmd; 7535 u8 status = mgmt_status(hci_status); 7536 7537 bacpy(&ev.addr.bdaddr, &conn->dst); 7538 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7539 ev.status = status; 7540 7541 cmd = find_pairing(conn); 7542 7543 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 7544 cmd ? cmd->sk : NULL); 7545 7546 if (cmd) { 7547 cmd->cmd_complete(cmd, status); 7548 mgmt_pending_remove(cmd); 7549 } 7550 } 7551 7552 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 7553 { 7554 struct cmd_lookup match = { NULL, hdev }; 7555 bool changed; 7556 7557 if (status) { 7558 u8 mgmt_err = mgmt_status(status); 7559 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 7560 cmd_status_rsp, &mgmt_err); 7561 return; 7562 } 7563 7564 if (test_bit(HCI_AUTH, &hdev->flags)) 7565 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 7566 else 7567 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 7568 7569 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 7570 &match); 7571 7572 if (changed) 7573 new_settings(hdev, match.sk); 7574 7575 if (match.sk) 7576 sock_put(match.sk); 7577 } 7578 7579 static void clear_eir(struct hci_request *req) 7580 { 7581 struct hci_dev *hdev = req->hdev; 7582 struct hci_cp_write_eir cp; 7583 7584 if (!lmp_ext_inq_capable(hdev)) 7585 return; 7586 7587 memset(hdev->eir, 0, sizeof(hdev->eir)); 7588 7589 memset(&cp, 0, sizeof(cp)); 7590 7591 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7592 } 7593 7594 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7595 { 7596 struct cmd_lookup match = { NULL, hdev }; 7597 struct hci_request req; 7598 bool changed = false; 7599 7600 if (status) { 7601 u8 mgmt_err = mgmt_status(status); 7602 7603 if (enable && hci_dev_test_and_clear_flag(hdev, 7604 HCI_SSP_ENABLED)) { 7605 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7606 new_settings(hdev, NULL); 7607 } 7608 7609 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7610 &mgmt_err); 7611 return; 7612 } 7613 7614 if (enable) { 7615 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7616 } else { 7617 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7618 if (!changed) 7619 changed = hci_dev_test_and_clear_flag(hdev, 7620 HCI_HS_ENABLED); 7621 else 7622 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7623 } 7624 7625 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7626 7627 if (changed) 7628 new_settings(hdev, match.sk); 7629 7630 if (match.sk) 7631 sock_put(match.sk); 7632 7633 hci_req_init(&req, hdev); 7634 7635 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7636 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7637 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7638 sizeof(enable), &enable); 7639 __hci_req_update_eir(&req); 7640 } else { 7641 clear_eir(&req); 7642 } 7643 7644 hci_req_run(&req, NULL); 7645 } 7646 7647 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7648 { 7649 struct cmd_lookup *match = data; 7650 7651 if (match->sk == NULL) { 7652 match->sk = cmd->sk; 7653 sock_hold(match->sk); 7654 } 7655 } 7656 7657 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7658 u8 status) 7659 { 7660 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7661 7662 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7663 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7664 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7665 7666 if (!status) { 7667 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 7668 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7669 ext_info_changed(hdev, NULL); 7670 } 7671 7672 if (match.sk) 7673 sock_put(match.sk); 7674 } 7675 7676 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7677 { 7678 struct mgmt_cp_set_local_name ev; 7679 struct mgmt_pending_cmd *cmd; 7680 7681 if (status) 7682 return; 7683 7684 memset(&ev, 0, sizeof(ev)); 7685 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7686 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7687 7688 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7689 if (!cmd) { 7690 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7691 7692 /* If this is a HCI command related to powering on the 7693 * HCI dev don't send any mgmt signals. 7694 */ 7695 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7696 return; 7697 } 7698 7699 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7700 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 7701 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 7702 } 7703 7704 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7705 { 7706 int i; 7707 7708 for (i = 0; i < uuid_count; i++) { 7709 if (!memcmp(uuid, uuids[i], 16)) 7710 return true; 7711 } 7712 7713 return false; 7714 } 7715 7716 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7717 { 7718 u16 parsed = 0; 7719 7720 while (parsed < eir_len) { 7721 u8 field_len = eir[0]; 7722 u8 uuid[16]; 7723 int i; 7724 7725 if (field_len == 0) 7726 break; 7727 7728 if (eir_len - parsed < field_len + 1) 7729 break; 7730 7731 switch (eir[1]) { 7732 case EIR_UUID16_ALL: 7733 case EIR_UUID16_SOME: 7734 for (i = 0; i + 3 <= field_len; i += 2) { 7735 memcpy(uuid, bluetooth_base_uuid, 16); 7736 uuid[13] = eir[i + 3]; 7737 uuid[12] = eir[i + 2]; 7738 if (has_uuid(uuid, uuid_count, uuids)) 7739 return true; 7740 } 7741 break; 7742 case EIR_UUID32_ALL: 7743 case EIR_UUID32_SOME: 7744 for (i = 0; i + 5 <= field_len; i += 4) { 7745 memcpy(uuid, bluetooth_base_uuid, 16); 7746 uuid[15] = eir[i + 5]; 7747 uuid[14] = eir[i + 4]; 7748 uuid[13] = eir[i + 3]; 7749 uuid[12] = eir[i + 2]; 7750 if (has_uuid(uuid, uuid_count, uuids)) 7751 return true; 7752 } 7753 break; 7754 case EIR_UUID128_ALL: 7755 case EIR_UUID128_SOME: 7756 for (i = 0; i + 17 <= field_len; i += 16) { 7757 memcpy(uuid, eir + i + 2, 16); 7758 if (has_uuid(uuid, uuid_count, uuids)) 7759 return true; 7760 } 7761 break; 7762 } 7763 7764 parsed += field_len + 1; 7765 eir += field_len + 1; 7766 } 7767 7768 return false; 7769 } 7770 7771 static void restart_le_scan(struct hci_dev *hdev) 7772 { 7773 /* If controller is not scanning we are done. */ 7774 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7775 return; 7776 7777 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7778 hdev->discovery.scan_start + 7779 hdev->discovery.scan_duration)) 7780 return; 7781 7782 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7783 DISCOV_LE_RESTART_DELAY); 7784 } 7785 7786 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7787 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7788 { 7789 /* If a RSSI threshold has been specified, and 7790 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7791 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7792 * is set, let it through for further processing, as we might need to 7793 * restart the scan. 7794 * 7795 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7796 * the results are also dropped. 7797 */ 7798 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7799 (rssi == HCI_RSSI_INVALID || 7800 (rssi < hdev->discovery.rssi && 7801 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7802 return false; 7803 7804 if (hdev->discovery.uuid_count != 0) { 7805 /* If a list of UUIDs is provided in filter, results with no 7806 * matching UUID should be dropped. 7807 */ 7808 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7809 hdev->discovery.uuids) && 7810 !eir_has_uuids(scan_rsp, scan_rsp_len, 7811 hdev->discovery.uuid_count, 7812 hdev->discovery.uuids)) 7813 return false; 7814 } 7815 7816 /* If duplicate filtering does not report RSSI changes, then restart 7817 * scanning to ensure updated result with updated RSSI values. 7818 */ 7819 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7820 restart_le_scan(hdev); 7821 7822 /* Validate RSSI value against the RSSI threshold once more. */ 7823 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7824 rssi < hdev->discovery.rssi) 7825 return false; 7826 } 7827 7828 return true; 7829 } 7830 7831 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7832 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7833 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7834 { 7835 char buf[512]; 7836 struct mgmt_ev_device_found *ev = (void *)buf; 7837 size_t ev_size; 7838 7839 /* Don't send events for a non-kernel initiated discovery. With 7840 * LE one exception is if we have pend_le_reports > 0 in which 7841 * case we're doing passive scanning and want these events. 7842 */ 7843 if (!hci_discovery_active(hdev)) { 7844 if (link_type == ACL_LINK) 7845 return; 7846 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7847 return; 7848 } 7849 7850 if (hdev->discovery.result_filtering) { 7851 /* We are using service discovery */ 7852 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7853 scan_rsp_len)) 7854 return; 7855 } 7856 7857 if (hdev->discovery.limited) { 7858 /* Check for limited discoverable bit */ 7859 if (dev_class) { 7860 if (!(dev_class[1] & 0x20)) 7861 return; 7862 } else { 7863 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7864 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7865 return; 7866 } 7867 } 7868 7869 /* Make sure that the buffer is big enough. The 5 extra bytes 7870 * are for the potential CoD field. 7871 */ 7872 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7873 return; 7874 7875 memset(buf, 0, sizeof(buf)); 7876 7877 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7878 * RSSI value was reported as 0 when not available. This behavior 7879 * is kept when using device discovery. This is required for full 7880 * backwards compatibility with the API. 7881 * 7882 * However when using service discovery, the value 127 will be 7883 * returned when the RSSI is not available. 7884 */ 7885 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7886 link_type == ACL_LINK) 7887 rssi = 0; 7888 7889 bacpy(&ev->addr.bdaddr, bdaddr); 7890 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7891 ev->rssi = rssi; 7892 ev->flags = cpu_to_le32(flags); 7893 7894 if (eir_len > 0) 7895 /* Copy EIR or advertising data into event */ 7896 memcpy(ev->eir, eir, eir_len); 7897 7898 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7899 NULL)) 7900 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7901 dev_class, 3); 7902 7903 if (scan_rsp_len > 0) 7904 /* Append scan response data to event */ 7905 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7906 7907 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7908 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7909 7910 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7911 } 7912 7913 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7914 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7915 { 7916 struct mgmt_ev_device_found *ev; 7917 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7918 u16 eir_len; 7919 7920 ev = (struct mgmt_ev_device_found *) buf; 7921 7922 memset(buf, 0, sizeof(buf)); 7923 7924 bacpy(&ev->addr.bdaddr, bdaddr); 7925 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7926 ev->rssi = rssi; 7927 7928 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7929 name_len); 7930 7931 ev->eir_len = cpu_to_le16(eir_len); 7932 7933 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7934 } 7935 7936 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7937 { 7938 struct mgmt_ev_discovering ev; 7939 7940 BT_DBG("%s discovering %u", hdev->name, discovering); 7941 7942 memset(&ev, 0, sizeof(ev)); 7943 ev.type = hdev->discovery.type; 7944 ev.discovering = discovering; 7945 7946 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7947 } 7948 7949 static struct hci_mgmt_chan chan = { 7950 .channel = HCI_CHANNEL_CONTROL, 7951 .handler_count = ARRAY_SIZE(mgmt_handlers), 7952 .handlers = mgmt_handlers, 7953 .hdev_init = mgmt_init_hdev, 7954 }; 7955 7956 int mgmt_init(void) 7957 { 7958 return hci_mgmt_chan_register(&chan); 7959 } 7960 7961 void mgmt_exit(void) 7962 { 7963 hci_mgmt_chan_unregister(&chan); 7964 } 7965