1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 14 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 MGMT_OP_READ_EXT_INFO, 108 MGMT_OP_SET_APPEARANCE, 109 }; 110 111 static const u16 mgmt_events[] = { 112 MGMT_EV_CONTROLLER_ERROR, 113 MGMT_EV_INDEX_ADDED, 114 MGMT_EV_INDEX_REMOVED, 115 MGMT_EV_NEW_SETTINGS, 116 MGMT_EV_CLASS_OF_DEV_CHANGED, 117 MGMT_EV_LOCAL_NAME_CHANGED, 118 MGMT_EV_NEW_LINK_KEY, 119 MGMT_EV_NEW_LONG_TERM_KEY, 120 MGMT_EV_DEVICE_CONNECTED, 121 MGMT_EV_DEVICE_DISCONNECTED, 122 MGMT_EV_CONNECT_FAILED, 123 MGMT_EV_PIN_CODE_REQUEST, 124 MGMT_EV_USER_CONFIRM_REQUEST, 125 MGMT_EV_USER_PASSKEY_REQUEST, 126 MGMT_EV_AUTH_FAILED, 127 MGMT_EV_DEVICE_FOUND, 128 MGMT_EV_DISCOVERING, 129 MGMT_EV_DEVICE_BLOCKED, 130 MGMT_EV_DEVICE_UNBLOCKED, 131 MGMT_EV_DEVICE_UNPAIRED, 132 MGMT_EV_PASSKEY_NOTIFY, 133 MGMT_EV_NEW_IRK, 134 MGMT_EV_NEW_CSRK, 135 MGMT_EV_DEVICE_ADDED, 136 MGMT_EV_DEVICE_REMOVED, 137 MGMT_EV_NEW_CONN_PARAM, 138 MGMT_EV_UNCONF_INDEX_ADDED, 139 MGMT_EV_UNCONF_INDEX_REMOVED, 140 MGMT_EV_NEW_CONFIG_OPTIONS, 141 MGMT_EV_EXT_INDEX_ADDED, 142 MGMT_EV_EXT_INDEX_REMOVED, 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 144 MGMT_EV_ADVERTISING_ADDED, 145 MGMT_EV_ADVERTISING_REMOVED, 146 MGMT_EV_EXT_INFO_CHANGED, 147 }; 148 149 static const u16 mgmt_untrusted_commands[] = { 150 MGMT_OP_READ_INDEX_LIST, 151 MGMT_OP_READ_INFO, 152 MGMT_OP_READ_UNCONF_INDEX_LIST, 153 MGMT_OP_READ_CONFIG_INFO, 154 MGMT_OP_READ_EXT_INDEX_LIST, 155 MGMT_OP_READ_EXT_INFO, 156 }; 157 158 static const u16 mgmt_untrusted_events[] = { 159 MGMT_EV_INDEX_ADDED, 160 MGMT_EV_INDEX_REMOVED, 161 MGMT_EV_NEW_SETTINGS, 162 MGMT_EV_CLASS_OF_DEV_CHANGED, 163 MGMT_EV_LOCAL_NAME_CHANGED, 164 MGMT_EV_UNCONF_INDEX_ADDED, 165 MGMT_EV_UNCONF_INDEX_REMOVED, 166 MGMT_EV_NEW_CONFIG_OPTIONS, 167 MGMT_EV_EXT_INDEX_ADDED, 168 MGMT_EV_EXT_INDEX_REMOVED, 169 MGMT_EV_EXT_INFO_CHANGED, 170 }; 171 172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 173 174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 175 "\x00\x00\x00\x00\x00\x00\x00\x00" 176 177 /* HCI to MGMT error code conversion table */ 178 static u8 mgmt_status_table[] = { 179 MGMT_STATUS_SUCCESS, 180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 182 MGMT_STATUS_FAILED, /* Hardware Failure */ 183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 191 MGMT_STATUS_BUSY, /* Command Disallowed */ 192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 193 MGMT_STATUS_REJECTED, /* Rejected Security */ 194 MGMT_STATUS_REJECTED, /* Rejected Personal */ 195 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 202 MGMT_STATUS_BUSY, /* Repeated Attempts */ 203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 210 MGMT_STATUS_FAILED, /* Unspecified Error */ 211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 217 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 219 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 221 MGMT_STATUS_FAILED, /* Transaction Collision */ 222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 223 MGMT_STATUS_REJECTED, /* QoS Rejected */ 224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 225 MGMT_STATUS_REJECTED, /* Insufficient Security */ 226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 227 MGMT_STATUS_BUSY, /* Role Switch Pending */ 228 MGMT_STATUS_FAILED, /* Slot Violation */ 229 MGMT_STATUS_FAILED, /* Role Switch Failed */ 230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 232 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 234 MGMT_STATUS_BUSY, /* Controller Busy */ 235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 240 }; 241 242 static u8 mgmt_status(u8 hci_status) 243 { 244 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 245 return mgmt_status_table[hci_status]; 246 247 return MGMT_STATUS_FAILED; 248 } 249 250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 251 u16 len, int flag) 252 { 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 254 flag, NULL); 255 } 256 257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 258 u16 len, int flag, struct sock *skip_sk) 259 { 260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 261 flag, skip_sk); 262 } 263 264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 265 struct sock *skip_sk) 266 { 267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 268 HCI_SOCK_TRUSTED, skip_sk); 269 } 270 271 static u8 le_addr_type(u8 mgmt_addr_type) 272 { 273 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 274 return ADDR_LE_DEV_PUBLIC; 275 else 276 return ADDR_LE_DEV_RANDOM; 277 } 278 279 void mgmt_fill_version_info(void *ver) 280 { 281 struct mgmt_rp_read_version *rp = ver; 282 283 rp->version = MGMT_VERSION; 284 rp->revision = cpu_to_le16(MGMT_REVISION); 285 } 286 287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 288 u16 data_len) 289 { 290 struct mgmt_rp_read_version rp; 291 292 BT_DBG("sock %p", sk); 293 294 mgmt_fill_version_info(&rp); 295 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 297 &rp, sizeof(rp)); 298 } 299 300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 301 u16 data_len) 302 { 303 struct mgmt_rp_read_commands *rp; 304 u16 num_commands, num_events; 305 size_t rp_size; 306 int i, err; 307 308 BT_DBG("sock %p", sk); 309 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 311 num_commands = ARRAY_SIZE(mgmt_commands); 312 num_events = ARRAY_SIZE(mgmt_events); 313 } else { 314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 315 num_events = ARRAY_SIZE(mgmt_untrusted_events); 316 } 317 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 319 320 rp = kmalloc(rp_size, GFP_KERNEL); 321 if (!rp) 322 return -ENOMEM; 323 324 rp->num_commands = cpu_to_le16(num_commands); 325 rp->num_events = cpu_to_le16(num_events); 326 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 328 __le16 *opcode = rp->opcodes; 329 330 for (i = 0; i < num_commands; i++, opcode++) 331 put_unaligned_le16(mgmt_commands[i], opcode); 332 333 for (i = 0; i < num_events; i++, opcode++) 334 put_unaligned_le16(mgmt_events[i], opcode); 335 } else { 336 __le16 *opcode = rp->opcodes; 337 338 for (i = 0; i < num_commands; i++, opcode++) 339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 340 341 for (i = 0; i < num_events; i++, opcode++) 342 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 343 } 344 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 346 rp, rp_size); 347 kfree(rp); 348 349 return err; 350 } 351 352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 353 u16 data_len) 354 { 355 struct mgmt_rp_read_index_list *rp; 356 struct hci_dev *d; 357 size_t rp_len; 358 u16 count; 359 int err; 360 361 BT_DBG("sock %p", sk); 362 363 read_lock(&hci_dev_list_lock); 364 365 count = 0; 366 list_for_each_entry(d, &hci_dev_list, list) { 367 if (d->dev_type == HCI_PRIMARY && 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 369 count++; 370 } 371 372 rp_len = sizeof(*rp) + (2 * count); 373 rp = kmalloc(rp_len, GFP_ATOMIC); 374 if (!rp) { 375 read_unlock(&hci_dev_list_lock); 376 return -ENOMEM; 377 } 378 379 count = 0; 380 list_for_each_entry(d, &hci_dev_list, list) { 381 if (hci_dev_test_flag(d, HCI_SETUP) || 382 hci_dev_test_flag(d, HCI_CONFIG) || 383 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 384 continue; 385 386 /* Devices marked as raw-only are neither configured 387 * nor unconfigured controllers. 388 */ 389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 390 continue; 391 392 if (d->dev_type == HCI_PRIMARY && 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 394 rp->index[count++] = cpu_to_le16(d->id); 395 BT_DBG("Added hci%u", d->id); 396 } 397 } 398 399 rp->num_controllers = cpu_to_le16(count); 400 rp_len = sizeof(*rp) + (2 * count); 401 402 read_unlock(&hci_dev_list_lock); 403 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 405 0, rp, rp_len); 406 407 kfree(rp); 408 409 return err; 410 } 411 412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 413 void *data, u16 data_len) 414 { 415 struct mgmt_rp_read_unconf_index_list *rp; 416 struct hci_dev *d; 417 size_t rp_len; 418 u16 count; 419 int err; 420 421 BT_DBG("sock %p", sk); 422 423 read_lock(&hci_dev_list_lock); 424 425 count = 0; 426 list_for_each_entry(d, &hci_dev_list, list) { 427 if (d->dev_type == HCI_PRIMARY && 428 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 429 count++; 430 } 431 432 rp_len = sizeof(*rp) + (2 * count); 433 rp = kmalloc(rp_len, GFP_ATOMIC); 434 if (!rp) { 435 read_unlock(&hci_dev_list_lock); 436 return -ENOMEM; 437 } 438 439 count = 0; 440 list_for_each_entry(d, &hci_dev_list, list) { 441 if (hci_dev_test_flag(d, HCI_SETUP) || 442 hci_dev_test_flag(d, HCI_CONFIG) || 443 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 444 continue; 445 446 /* Devices marked as raw-only are neither configured 447 * nor unconfigured controllers. 448 */ 449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 450 continue; 451 452 if (d->dev_type == HCI_PRIMARY && 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 454 rp->index[count++] = cpu_to_le16(d->id); 455 BT_DBG("Added hci%u", d->id); 456 } 457 } 458 459 rp->num_controllers = cpu_to_le16(count); 460 rp_len = sizeof(*rp) + (2 * count); 461 462 read_unlock(&hci_dev_list_lock); 463 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 466 467 kfree(rp); 468 469 return err; 470 } 471 472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 473 void *data, u16 data_len) 474 { 475 struct mgmt_rp_read_ext_index_list *rp; 476 struct hci_dev *d; 477 size_t rp_len; 478 u16 count; 479 int err; 480 481 BT_DBG("sock %p", sk); 482 483 read_lock(&hci_dev_list_lock); 484 485 count = 0; 486 list_for_each_entry(d, &hci_dev_list, list) { 487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 488 count++; 489 } 490 491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 492 rp = kmalloc(rp_len, GFP_ATOMIC); 493 if (!rp) { 494 read_unlock(&hci_dev_list_lock); 495 return -ENOMEM; 496 } 497 498 count = 0; 499 list_for_each_entry(d, &hci_dev_list, list) { 500 if (hci_dev_test_flag(d, HCI_SETUP) || 501 hci_dev_test_flag(d, HCI_CONFIG) || 502 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 503 continue; 504 505 /* Devices marked as raw-only are neither configured 506 * nor unconfigured controllers. 507 */ 508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 509 continue; 510 511 if (d->dev_type == HCI_PRIMARY) { 512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 513 rp->entry[count].type = 0x01; 514 else 515 rp->entry[count].type = 0x00; 516 } else if (d->dev_type == HCI_AMP) { 517 rp->entry[count].type = 0x02; 518 } else { 519 continue; 520 } 521 522 rp->entry[count].bus = d->bus; 523 rp->entry[count++].index = cpu_to_le16(d->id); 524 BT_DBG("Added hci%u", d->id); 525 } 526 527 rp->num_controllers = cpu_to_le16(count); 528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 529 530 read_unlock(&hci_dev_list_lock); 531 532 /* If this command is called at least once, then all the 533 * default index and unconfigured index events are disabled 534 * and from now on only extended index events are used. 535 */ 536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 539 540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 542 543 kfree(rp); 544 545 return err; 546 } 547 548 static bool is_configured(struct hci_dev *hdev) 549 { 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 552 return false; 553 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 555 !bacmp(&hdev->public_addr, BDADDR_ANY)) 556 return false; 557 558 return true; 559 } 560 561 static __le32 get_missing_options(struct hci_dev *hdev) 562 { 563 u32 options = 0; 564 565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 567 options |= MGMT_OPTION_EXTERNAL_CONFIG; 568 569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 570 !bacmp(&hdev->public_addr, BDADDR_ANY)) 571 options |= MGMT_OPTION_PUBLIC_ADDRESS; 572 573 return cpu_to_le32(options); 574 } 575 576 static int new_options(struct hci_dev *hdev, struct sock *skip) 577 { 578 __le32 options = get_missing_options(hdev); 579 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 582 } 583 584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 585 { 586 __le32 options = get_missing_options(hdev); 587 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 589 sizeof(options)); 590 } 591 592 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 593 void *data, u16 data_len) 594 { 595 struct mgmt_rp_read_config_info rp; 596 u32 options = 0; 597 598 BT_DBG("sock %p %s", sk, hdev->name); 599 600 hci_dev_lock(hdev); 601 602 memset(&rp, 0, sizeof(rp)); 603 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 604 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 606 options |= MGMT_OPTION_EXTERNAL_CONFIG; 607 608 if (hdev->set_bdaddr) 609 options |= MGMT_OPTION_PUBLIC_ADDRESS; 610 611 rp.supported_options = cpu_to_le32(options); 612 rp.missing_options = get_missing_options(hdev); 613 614 hci_dev_unlock(hdev); 615 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 617 &rp, sizeof(rp)); 618 } 619 620 static u32 get_supported_settings(struct hci_dev *hdev) 621 { 622 u32 settings = 0; 623 624 settings |= MGMT_SETTING_POWERED; 625 settings |= MGMT_SETTING_BONDABLE; 626 settings |= MGMT_SETTING_DEBUG_KEYS; 627 settings |= MGMT_SETTING_CONNECTABLE; 628 settings |= MGMT_SETTING_DISCOVERABLE; 629 630 if (lmp_bredr_capable(hdev)) { 631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 632 settings |= MGMT_SETTING_FAST_CONNECTABLE; 633 settings |= MGMT_SETTING_BREDR; 634 settings |= MGMT_SETTING_LINK_SECURITY; 635 636 if (lmp_ssp_capable(hdev)) { 637 settings |= MGMT_SETTING_SSP; 638 settings |= MGMT_SETTING_HS; 639 } 640 641 if (lmp_sc_capable(hdev)) 642 settings |= MGMT_SETTING_SECURE_CONN; 643 } 644 645 if (lmp_le_capable(hdev)) { 646 settings |= MGMT_SETTING_LE; 647 settings |= MGMT_SETTING_ADVERTISING; 648 settings |= MGMT_SETTING_SECURE_CONN; 649 settings |= MGMT_SETTING_PRIVACY; 650 settings |= MGMT_SETTING_STATIC_ADDRESS; 651 } 652 653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 654 hdev->set_bdaddr) 655 settings |= MGMT_SETTING_CONFIGURATION; 656 657 return settings; 658 } 659 660 static u32 get_current_settings(struct hci_dev *hdev) 661 { 662 u32 settings = 0; 663 664 if (hdev_is_powered(hdev)) 665 settings |= MGMT_SETTING_POWERED; 666 667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 668 settings |= MGMT_SETTING_CONNECTABLE; 669 670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 671 settings |= MGMT_SETTING_FAST_CONNECTABLE; 672 673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 674 settings |= MGMT_SETTING_DISCOVERABLE; 675 676 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 677 settings |= MGMT_SETTING_BONDABLE; 678 679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 680 settings |= MGMT_SETTING_BREDR; 681 682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 683 settings |= MGMT_SETTING_LE; 684 685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 686 settings |= MGMT_SETTING_LINK_SECURITY; 687 688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 689 settings |= MGMT_SETTING_SSP; 690 691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 692 settings |= MGMT_SETTING_HS; 693 694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 695 settings |= MGMT_SETTING_ADVERTISING; 696 697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 698 settings |= MGMT_SETTING_SECURE_CONN; 699 700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 701 settings |= MGMT_SETTING_DEBUG_KEYS; 702 703 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 704 settings |= MGMT_SETTING_PRIVACY; 705 706 /* The current setting for static address has two purposes. The 707 * first is to indicate if the static address will be used and 708 * the second is to indicate if it is actually set. 709 * 710 * This means if the static address is not configured, this flag 711 * will never be set. If the address is configured, then if the 712 * address is actually used decides if the flag is set or not. 713 * 714 * For single mode LE only controllers and dual-mode controllers 715 * with BR/EDR disabled, the existence of the static address will 716 * be evaluated. 717 */ 718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 721 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 722 settings |= MGMT_SETTING_STATIC_ADDRESS; 723 } 724 725 return settings; 726 } 727 728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 729 { 730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 731 } 732 733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 734 struct hci_dev *hdev, 735 const void *data) 736 { 737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 738 } 739 740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 741 { 742 struct mgmt_pending_cmd *cmd; 743 744 /* If there's a pending mgmt command the flags will not yet have 745 * their final values, so check for this first. 746 */ 747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 748 if (cmd) { 749 struct mgmt_mode *cp = cmd->param; 750 if (cp->val == 0x01) 751 return LE_AD_GENERAL; 752 else if (cp->val == 0x02) 753 return LE_AD_LIMITED; 754 } else { 755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 756 return LE_AD_LIMITED; 757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 758 return LE_AD_GENERAL; 759 } 760 761 return 0; 762 } 763 764 bool mgmt_get_connectable(struct hci_dev *hdev) 765 { 766 struct mgmt_pending_cmd *cmd; 767 768 /* If there's a pending mgmt command the flag will not yet have 769 * it's final value, so check for this first. 770 */ 771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 772 if (cmd) { 773 struct mgmt_mode *cp = cmd->param; 774 775 return cp->val; 776 } 777 778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 779 } 780 781 static void service_cache_off(struct work_struct *work) 782 { 783 struct hci_dev *hdev = container_of(work, struct hci_dev, 784 service_cache.work); 785 struct hci_request req; 786 787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 788 return; 789 790 hci_req_init(&req, hdev); 791 792 hci_dev_lock(hdev); 793 794 __hci_req_update_eir(&req); 795 __hci_req_update_class(&req); 796 797 hci_dev_unlock(hdev); 798 799 hci_req_run(&req, NULL); 800 } 801 802 static void rpa_expired(struct work_struct *work) 803 { 804 struct hci_dev *hdev = container_of(work, struct hci_dev, 805 rpa_expired.work); 806 struct hci_request req; 807 808 BT_DBG(""); 809 810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 811 812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 813 return; 814 815 /* The generation of a new RPA and programming it into the 816 * controller happens in the hci_req_enable_advertising() 817 * function. 818 */ 819 hci_req_init(&req, hdev); 820 __hci_req_enable_advertising(&req); 821 hci_req_run(&req, NULL); 822 } 823 824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 825 { 826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 827 return; 828 829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 831 832 /* Non-mgmt controlled devices get this bit set 833 * implicitly so that pairing works for them, however 834 * for mgmt we require user-space to explicitly enable 835 * it 836 */ 837 hci_dev_clear_flag(hdev, HCI_BONDABLE); 838 } 839 840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 841 void *data, u16 data_len) 842 { 843 struct mgmt_rp_read_info rp; 844 845 BT_DBG("sock %p %s", sk, hdev->name); 846 847 hci_dev_lock(hdev); 848 849 memset(&rp, 0, sizeof(rp)); 850 851 bacpy(&rp.bdaddr, &hdev->bdaddr); 852 853 rp.version = hdev->hci_ver; 854 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 855 856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 857 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 858 859 memcpy(rp.dev_class, hdev->dev_class, 3); 860 861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 863 864 hci_dev_unlock(hdev); 865 866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 867 sizeof(rp)); 868 } 869 870 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 871 { 872 u16 eir_len = 0; 873 size_t name_len; 874 875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 877 hdev->dev_class, 3); 878 879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 881 hdev->appearance); 882 883 name_len = strlen(hdev->dev_name); 884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 885 hdev->dev_name, name_len); 886 887 name_len = strlen(hdev->short_name); 888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 889 hdev->short_name, name_len); 890 891 return eir_len; 892 } 893 894 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 895 void *data, u16 data_len) 896 { 897 char buf[512]; 898 struct mgmt_rp_read_ext_info *rp = (void *)buf; 899 u16 eir_len; 900 901 BT_DBG("sock %p %s", sk, hdev->name); 902 903 memset(&buf, 0, sizeof(buf)); 904 905 hci_dev_lock(hdev); 906 907 bacpy(&rp->bdaddr, &hdev->bdaddr); 908 909 rp->version = hdev->hci_ver; 910 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 911 912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 913 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 914 915 916 eir_len = append_eir_data_to_buf(hdev, rp->eir); 917 rp->eir_len = cpu_to_le16(eir_len); 918 919 hci_dev_unlock(hdev); 920 921 /* If this command is called at least once, then the events 922 * for class of device and local name changes are disabled 923 * and only the new extended controller information event 924 * is used. 925 */ 926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 929 930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 931 sizeof(*rp) + eir_len); 932 } 933 934 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 935 { 936 char buf[512]; 937 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 938 u16 eir_len; 939 940 memset(buf, 0, sizeof(buf)); 941 942 eir_len = append_eir_data_to_buf(hdev, ev->eir); 943 ev->eir_len = cpu_to_le16(eir_len); 944 945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 946 sizeof(*ev) + eir_len, 947 HCI_MGMT_EXT_INFO_EVENTS, skip); 948 } 949 950 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 951 { 952 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 953 954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 955 sizeof(settings)); 956 } 957 958 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 959 { 960 BT_DBG("%s status 0x%02x", hdev->name, status); 961 962 if (hci_conn_count(hdev) == 0) { 963 cancel_delayed_work(&hdev->power_off); 964 queue_work(hdev->req_workqueue, &hdev->power_off.work); 965 } 966 } 967 968 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 969 { 970 struct mgmt_ev_advertising_added ev; 971 972 ev.instance = instance; 973 974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 975 } 976 977 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 978 u8 instance) 979 { 980 struct mgmt_ev_advertising_removed ev; 981 982 ev.instance = instance; 983 984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 985 } 986 987 static void cancel_adv_timeout(struct hci_dev *hdev) 988 { 989 if (hdev->adv_instance_timeout) { 990 hdev->adv_instance_timeout = 0; 991 cancel_delayed_work(&hdev->adv_instance_expire); 992 } 993 } 994 995 static int clean_up_hci_state(struct hci_dev *hdev) 996 { 997 struct hci_request req; 998 struct hci_conn *conn; 999 bool discov_stopped; 1000 int err; 1001 1002 hci_req_init(&req, hdev); 1003 1004 if (test_bit(HCI_ISCAN, &hdev->flags) || 1005 test_bit(HCI_PSCAN, &hdev->flags)) { 1006 u8 scan = 0x00; 1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1008 } 1009 1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1011 1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1013 __hci_req_disable_advertising(&req); 1014 1015 discov_stopped = hci_req_stop_discovery(&req); 1016 1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1018 /* 0x15 == Terminated due to Power Off */ 1019 __hci_abort_conn(&req, conn, 0x15); 1020 } 1021 1022 err = hci_req_run(&req, clean_up_hci_complete); 1023 if (!err && discov_stopped) 1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1025 1026 return err; 1027 } 1028 1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1030 u16 len) 1031 { 1032 struct mgmt_mode *cp = data; 1033 struct mgmt_pending_cmd *cmd; 1034 int err; 1035 1036 BT_DBG("request for %s", hdev->name); 1037 1038 if (cp->val != 0x00 && cp->val != 0x01) 1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1040 MGMT_STATUS_INVALID_PARAMS); 1041 1042 hci_dev_lock(hdev); 1043 1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1046 MGMT_STATUS_BUSY); 1047 goto failed; 1048 } 1049 1050 if (!!cp->val == hdev_is_powered(hdev)) { 1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1052 goto failed; 1053 } 1054 1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1056 if (!cmd) { 1057 err = -ENOMEM; 1058 goto failed; 1059 } 1060 1061 if (cp->val) { 1062 queue_work(hdev->req_workqueue, &hdev->power_on); 1063 err = 0; 1064 } else { 1065 /* Disconnect connections, stop scans, etc */ 1066 err = clean_up_hci_state(hdev); 1067 if (!err) 1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1069 HCI_POWER_OFF_TIMEOUT); 1070 1071 /* ENODATA means there were no HCI commands queued */ 1072 if (err == -ENODATA) { 1073 cancel_delayed_work(&hdev->power_off); 1074 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1075 err = 0; 1076 } 1077 } 1078 1079 failed: 1080 hci_dev_unlock(hdev); 1081 return err; 1082 } 1083 1084 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1085 { 1086 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1087 1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1090 } 1091 1092 int mgmt_new_settings(struct hci_dev *hdev) 1093 { 1094 return new_settings(hdev, NULL); 1095 } 1096 1097 struct cmd_lookup { 1098 struct sock *sk; 1099 struct hci_dev *hdev; 1100 u8 mgmt_status; 1101 }; 1102 1103 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1104 { 1105 struct cmd_lookup *match = data; 1106 1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1108 1109 list_del(&cmd->list); 1110 1111 if (match->sk == NULL) { 1112 match->sk = cmd->sk; 1113 sock_hold(match->sk); 1114 } 1115 1116 mgmt_pending_free(cmd); 1117 } 1118 1119 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1120 { 1121 u8 *status = data; 1122 1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1124 mgmt_pending_remove(cmd); 1125 } 1126 1127 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1128 { 1129 if (cmd->cmd_complete) { 1130 u8 *status = data; 1131 1132 cmd->cmd_complete(cmd, *status); 1133 mgmt_pending_remove(cmd); 1134 1135 return; 1136 } 1137 1138 cmd_status_rsp(cmd, data); 1139 } 1140 1141 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1142 { 1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1144 cmd->param, cmd->param_len); 1145 } 1146 1147 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1148 { 1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1150 cmd->param, sizeof(struct mgmt_addr_info)); 1151 } 1152 1153 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1154 { 1155 if (!lmp_bredr_capable(hdev)) 1156 return MGMT_STATUS_NOT_SUPPORTED; 1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1158 return MGMT_STATUS_REJECTED; 1159 else 1160 return MGMT_STATUS_SUCCESS; 1161 } 1162 1163 static u8 mgmt_le_support(struct hci_dev *hdev) 1164 { 1165 if (!lmp_le_capable(hdev)) 1166 return MGMT_STATUS_NOT_SUPPORTED; 1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1168 return MGMT_STATUS_REJECTED; 1169 else 1170 return MGMT_STATUS_SUCCESS; 1171 } 1172 1173 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1174 { 1175 struct mgmt_pending_cmd *cmd; 1176 1177 BT_DBG("status 0x%02x", status); 1178 1179 hci_dev_lock(hdev); 1180 1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1182 if (!cmd) 1183 goto unlock; 1184 1185 if (status) { 1186 u8 mgmt_err = mgmt_status(status); 1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1189 goto remove_cmd; 1190 } 1191 1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1193 hdev->discov_timeout > 0) { 1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1196 } 1197 1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1199 new_settings(hdev, cmd->sk); 1200 1201 remove_cmd: 1202 mgmt_pending_remove(cmd); 1203 1204 unlock: 1205 hci_dev_unlock(hdev); 1206 } 1207 1208 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1209 u16 len) 1210 { 1211 struct mgmt_cp_set_discoverable *cp = data; 1212 struct mgmt_pending_cmd *cmd; 1213 u16 timeout; 1214 int err; 1215 1216 BT_DBG("request for %s", hdev->name); 1217 1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1221 MGMT_STATUS_REJECTED); 1222 1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1225 MGMT_STATUS_INVALID_PARAMS); 1226 1227 timeout = __le16_to_cpu(cp->timeout); 1228 1229 /* Disabling discoverable requires that no timeout is set, 1230 * and enabling limited discoverable requires a timeout. 1231 */ 1232 if ((cp->val == 0x00 && timeout > 0) || 1233 (cp->val == 0x02 && timeout == 0)) 1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1235 MGMT_STATUS_INVALID_PARAMS); 1236 1237 hci_dev_lock(hdev); 1238 1239 if (!hdev_is_powered(hdev) && timeout > 0) { 1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1241 MGMT_STATUS_NOT_POWERED); 1242 goto failed; 1243 } 1244 1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1248 MGMT_STATUS_BUSY); 1249 goto failed; 1250 } 1251 1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1254 MGMT_STATUS_REJECTED); 1255 goto failed; 1256 } 1257 1258 if (!hdev_is_powered(hdev)) { 1259 bool changed = false; 1260 1261 /* Setting limited discoverable when powered off is 1262 * not a valid operation since it requires a timeout 1263 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1264 */ 1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1267 changed = true; 1268 } 1269 1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1271 if (err < 0) 1272 goto failed; 1273 1274 if (changed) 1275 err = new_settings(hdev, sk); 1276 1277 goto failed; 1278 } 1279 1280 /* If the current mode is the same, then just update the timeout 1281 * value with the new value. And if only the timeout gets updated, 1282 * then no need for any HCI transactions. 1283 */ 1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1285 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1286 HCI_LIMITED_DISCOVERABLE)) { 1287 cancel_delayed_work(&hdev->discov_off); 1288 hdev->discov_timeout = timeout; 1289 1290 if (cp->val && hdev->discov_timeout > 0) { 1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1292 queue_delayed_work(hdev->req_workqueue, 1293 &hdev->discov_off, to); 1294 } 1295 1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1297 goto failed; 1298 } 1299 1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1301 if (!cmd) { 1302 err = -ENOMEM; 1303 goto failed; 1304 } 1305 1306 /* Cancel any potential discoverable timeout that might be 1307 * still active and store new timeout value. The arming of 1308 * the timeout happens in the complete handler. 1309 */ 1310 cancel_delayed_work(&hdev->discov_off); 1311 hdev->discov_timeout = timeout; 1312 1313 if (cp->val) 1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1315 else 1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1317 1318 /* Limited discoverable mode */ 1319 if (cp->val == 0x02) 1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1321 else 1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1323 1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1325 err = 0; 1326 1327 failed: 1328 hci_dev_unlock(hdev); 1329 return err; 1330 } 1331 1332 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1333 { 1334 struct mgmt_pending_cmd *cmd; 1335 1336 BT_DBG("status 0x%02x", status); 1337 1338 hci_dev_lock(hdev); 1339 1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1341 if (!cmd) 1342 goto unlock; 1343 1344 if (status) { 1345 u8 mgmt_err = mgmt_status(status); 1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1347 goto remove_cmd; 1348 } 1349 1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1351 new_settings(hdev, cmd->sk); 1352 1353 remove_cmd: 1354 mgmt_pending_remove(cmd); 1355 1356 unlock: 1357 hci_dev_unlock(hdev); 1358 } 1359 1360 static int set_connectable_update_settings(struct hci_dev *hdev, 1361 struct sock *sk, u8 val) 1362 { 1363 bool changed = false; 1364 int err; 1365 1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1367 changed = true; 1368 1369 if (val) { 1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1371 } else { 1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1374 } 1375 1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1377 if (err < 0) 1378 return err; 1379 1380 if (changed) { 1381 hci_req_update_scan(hdev); 1382 hci_update_background_scan(hdev); 1383 return new_settings(hdev, sk); 1384 } 1385 1386 return 0; 1387 } 1388 1389 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1390 u16 len) 1391 { 1392 struct mgmt_mode *cp = data; 1393 struct mgmt_pending_cmd *cmd; 1394 int err; 1395 1396 BT_DBG("request for %s", hdev->name); 1397 1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1401 MGMT_STATUS_REJECTED); 1402 1403 if (cp->val != 0x00 && cp->val != 0x01) 1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1405 MGMT_STATUS_INVALID_PARAMS); 1406 1407 hci_dev_lock(hdev); 1408 1409 if (!hdev_is_powered(hdev)) { 1410 err = set_connectable_update_settings(hdev, sk, cp->val); 1411 goto failed; 1412 } 1413 1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1417 MGMT_STATUS_BUSY); 1418 goto failed; 1419 } 1420 1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1422 if (!cmd) { 1423 err = -ENOMEM; 1424 goto failed; 1425 } 1426 1427 if (cp->val) { 1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1429 } else { 1430 if (hdev->discov_timeout > 0) 1431 cancel_delayed_work(&hdev->discov_off); 1432 1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1436 } 1437 1438 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1439 err = 0; 1440 1441 failed: 1442 hci_dev_unlock(hdev); 1443 return err; 1444 } 1445 1446 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1447 u16 len) 1448 { 1449 struct mgmt_mode *cp = data; 1450 bool changed; 1451 int err; 1452 1453 BT_DBG("request for %s", hdev->name); 1454 1455 if (cp->val != 0x00 && cp->val != 0x01) 1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1457 MGMT_STATUS_INVALID_PARAMS); 1458 1459 hci_dev_lock(hdev); 1460 1461 if (cp->val) 1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1463 else 1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1465 1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1467 if (err < 0) 1468 goto unlock; 1469 1470 if (changed) { 1471 /* In limited privacy mode the change of bondable mode 1472 * may affect the local advertising address. 1473 */ 1474 if (hdev_is_powered(hdev) && 1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1478 queue_work(hdev->req_workqueue, 1479 &hdev->discoverable_update); 1480 1481 err = new_settings(hdev, sk); 1482 } 1483 1484 unlock: 1485 hci_dev_unlock(hdev); 1486 return err; 1487 } 1488 1489 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1490 u16 len) 1491 { 1492 struct mgmt_mode *cp = data; 1493 struct mgmt_pending_cmd *cmd; 1494 u8 val, status; 1495 int err; 1496 1497 BT_DBG("request for %s", hdev->name); 1498 1499 status = mgmt_bredr_support(hdev); 1500 if (status) 1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1502 status); 1503 1504 if (cp->val != 0x00 && cp->val != 0x01) 1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1506 MGMT_STATUS_INVALID_PARAMS); 1507 1508 hci_dev_lock(hdev); 1509 1510 if (!hdev_is_powered(hdev)) { 1511 bool changed = false; 1512 1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1515 changed = true; 1516 } 1517 1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1519 if (err < 0) 1520 goto failed; 1521 1522 if (changed) 1523 err = new_settings(hdev, sk); 1524 1525 goto failed; 1526 } 1527 1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1530 MGMT_STATUS_BUSY); 1531 goto failed; 1532 } 1533 1534 val = !!cp->val; 1535 1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1538 goto failed; 1539 } 1540 1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1542 if (!cmd) { 1543 err = -ENOMEM; 1544 goto failed; 1545 } 1546 1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1548 if (err < 0) { 1549 mgmt_pending_remove(cmd); 1550 goto failed; 1551 } 1552 1553 failed: 1554 hci_dev_unlock(hdev); 1555 return err; 1556 } 1557 1558 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1559 { 1560 struct mgmt_mode *cp = data; 1561 struct mgmt_pending_cmd *cmd; 1562 u8 status; 1563 int err; 1564 1565 BT_DBG("request for %s", hdev->name); 1566 1567 status = mgmt_bredr_support(hdev); 1568 if (status) 1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1570 1571 if (!lmp_ssp_capable(hdev)) 1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1573 MGMT_STATUS_NOT_SUPPORTED); 1574 1575 if (cp->val != 0x00 && cp->val != 0x01) 1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1577 MGMT_STATUS_INVALID_PARAMS); 1578 1579 hci_dev_lock(hdev); 1580 1581 if (!hdev_is_powered(hdev)) { 1582 bool changed; 1583 1584 if (cp->val) { 1585 changed = !hci_dev_test_and_set_flag(hdev, 1586 HCI_SSP_ENABLED); 1587 } else { 1588 changed = hci_dev_test_and_clear_flag(hdev, 1589 HCI_SSP_ENABLED); 1590 if (!changed) 1591 changed = hci_dev_test_and_clear_flag(hdev, 1592 HCI_HS_ENABLED); 1593 else 1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1595 } 1596 1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1598 if (err < 0) 1599 goto failed; 1600 1601 if (changed) 1602 err = new_settings(hdev, sk); 1603 1604 goto failed; 1605 } 1606 1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1609 MGMT_STATUS_BUSY); 1610 goto failed; 1611 } 1612 1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1615 goto failed; 1616 } 1617 1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1619 if (!cmd) { 1620 err = -ENOMEM; 1621 goto failed; 1622 } 1623 1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1626 sizeof(cp->val), &cp->val); 1627 1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1629 if (err < 0) { 1630 mgmt_pending_remove(cmd); 1631 goto failed; 1632 } 1633 1634 failed: 1635 hci_dev_unlock(hdev); 1636 return err; 1637 } 1638 1639 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1640 { 1641 struct mgmt_mode *cp = data; 1642 bool changed; 1643 u8 status; 1644 int err; 1645 1646 BT_DBG("request for %s", hdev->name); 1647 1648 status = mgmt_bredr_support(hdev); 1649 if (status) 1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1651 1652 if (!lmp_ssp_capable(hdev)) 1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1654 MGMT_STATUS_NOT_SUPPORTED); 1655 1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1658 MGMT_STATUS_REJECTED); 1659 1660 if (cp->val != 0x00 && cp->val != 0x01) 1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1662 MGMT_STATUS_INVALID_PARAMS); 1663 1664 hci_dev_lock(hdev); 1665 1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1668 MGMT_STATUS_BUSY); 1669 goto unlock; 1670 } 1671 1672 if (cp->val) { 1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1674 } else { 1675 if (hdev_is_powered(hdev)) { 1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1677 MGMT_STATUS_REJECTED); 1678 goto unlock; 1679 } 1680 1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1682 } 1683 1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1685 if (err < 0) 1686 goto unlock; 1687 1688 if (changed) 1689 err = new_settings(hdev, sk); 1690 1691 unlock: 1692 hci_dev_unlock(hdev); 1693 return err; 1694 } 1695 1696 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1697 { 1698 struct cmd_lookup match = { NULL, hdev }; 1699 1700 hci_dev_lock(hdev); 1701 1702 if (status) { 1703 u8 mgmt_err = mgmt_status(status); 1704 1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1706 &mgmt_err); 1707 goto unlock; 1708 } 1709 1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1711 1712 new_settings(hdev, match.sk); 1713 1714 if (match.sk) 1715 sock_put(match.sk); 1716 1717 /* Make sure the controller has a good default for 1718 * advertising data. Restrict the update to when LE 1719 * has actually been enabled. During power on, the 1720 * update in powered_update_hci will take care of it. 1721 */ 1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1723 struct hci_request req; 1724 1725 hci_req_init(&req, hdev); 1726 __hci_req_update_adv_data(&req, 0x00); 1727 __hci_req_update_scan_rsp_data(&req, 0x00); 1728 hci_req_run(&req, NULL); 1729 hci_update_background_scan(hdev); 1730 } 1731 1732 unlock: 1733 hci_dev_unlock(hdev); 1734 } 1735 1736 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1737 { 1738 struct mgmt_mode *cp = data; 1739 struct hci_cp_write_le_host_supported hci_cp; 1740 struct mgmt_pending_cmd *cmd; 1741 struct hci_request req; 1742 int err; 1743 u8 val, enabled; 1744 1745 BT_DBG("request for %s", hdev->name); 1746 1747 if (!lmp_le_capable(hdev)) 1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1749 MGMT_STATUS_NOT_SUPPORTED); 1750 1751 if (cp->val != 0x00 && cp->val != 0x01) 1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1753 MGMT_STATUS_INVALID_PARAMS); 1754 1755 /* Bluetooth single mode LE only controllers or dual-mode 1756 * controllers configured as LE only devices, do not allow 1757 * switching LE off. These have either LE enabled explicitly 1758 * or BR/EDR has been previously switched off. 1759 * 1760 * When trying to enable an already enabled LE, then gracefully 1761 * send a positive response. Trying to disable it however will 1762 * result into rejection. 1763 */ 1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1765 if (cp->val == 0x01) 1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1767 1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1769 MGMT_STATUS_REJECTED); 1770 } 1771 1772 hci_dev_lock(hdev); 1773 1774 val = !!cp->val; 1775 enabled = lmp_host_le_capable(hdev); 1776 1777 if (!val) 1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1779 1780 if (!hdev_is_powered(hdev) || val == enabled) { 1781 bool changed = false; 1782 1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1785 changed = true; 1786 } 1787 1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1790 changed = true; 1791 } 1792 1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1794 if (err < 0) 1795 goto unlock; 1796 1797 if (changed) 1798 err = new_settings(hdev, sk); 1799 1800 goto unlock; 1801 } 1802 1803 if (pending_find(MGMT_OP_SET_LE, hdev) || 1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1806 MGMT_STATUS_BUSY); 1807 goto unlock; 1808 } 1809 1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1811 if (!cmd) { 1812 err = -ENOMEM; 1813 goto unlock; 1814 } 1815 1816 hci_req_init(&req, hdev); 1817 1818 memset(&hci_cp, 0, sizeof(hci_cp)); 1819 1820 if (val) { 1821 hci_cp.le = val; 1822 hci_cp.simul = 0x00; 1823 } else { 1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1825 __hci_req_disable_advertising(&req); 1826 } 1827 1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1829 &hci_cp); 1830 1831 err = hci_req_run(&req, le_enable_complete); 1832 if (err < 0) 1833 mgmt_pending_remove(cmd); 1834 1835 unlock: 1836 hci_dev_unlock(hdev); 1837 return err; 1838 } 1839 1840 /* This is a helper function to test for pending mgmt commands that can 1841 * cause CoD or EIR HCI commands. We can only allow one such pending 1842 * mgmt command at a time since otherwise we cannot easily track what 1843 * the current values are, will be, and based on that calculate if a new 1844 * HCI command needs to be sent and if yes with what value. 1845 */ 1846 static bool pending_eir_or_class(struct hci_dev *hdev) 1847 { 1848 struct mgmt_pending_cmd *cmd; 1849 1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1851 switch (cmd->opcode) { 1852 case MGMT_OP_ADD_UUID: 1853 case MGMT_OP_REMOVE_UUID: 1854 case MGMT_OP_SET_DEV_CLASS: 1855 case MGMT_OP_SET_POWERED: 1856 return true; 1857 } 1858 } 1859 1860 return false; 1861 } 1862 1863 static const u8 bluetooth_base_uuid[] = { 1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1866 }; 1867 1868 static u8 get_uuid_size(const u8 *uuid) 1869 { 1870 u32 val; 1871 1872 if (memcmp(uuid, bluetooth_base_uuid, 12)) 1873 return 128; 1874 1875 val = get_unaligned_le32(&uuid[12]); 1876 if (val > 0xffff) 1877 return 32; 1878 1879 return 16; 1880 } 1881 1882 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 1883 { 1884 struct mgmt_pending_cmd *cmd; 1885 1886 hci_dev_lock(hdev); 1887 1888 cmd = pending_find(mgmt_op, hdev); 1889 if (!cmd) 1890 goto unlock; 1891 1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 1893 mgmt_status(status), hdev->dev_class, 3); 1894 1895 mgmt_pending_remove(cmd); 1896 1897 unlock: 1898 hci_dev_unlock(hdev); 1899 } 1900 1901 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1902 { 1903 BT_DBG("status 0x%02x", status); 1904 1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 1906 } 1907 1908 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1909 { 1910 struct mgmt_cp_add_uuid *cp = data; 1911 struct mgmt_pending_cmd *cmd; 1912 struct hci_request req; 1913 struct bt_uuid *uuid; 1914 int err; 1915 1916 BT_DBG("request for %s", hdev->name); 1917 1918 hci_dev_lock(hdev); 1919 1920 if (pending_eir_or_class(hdev)) { 1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1922 MGMT_STATUS_BUSY); 1923 goto failed; 1924 } 1925 1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 1927 if (!uuid) { 1928 err = -ENOMEM; 1929 goto failed; 1930 } 1931 1932 memcpy(uuid->uuid, cp->uuid, 16); 1933 uuid->svc_hint = cp->svc_hint; 1934 uuid->size = get_uuid_size(cp->uuid); 1935 1936 list_add_tail(&uuid->list, &hdev->uuids); 1937 1938 hci_req_init(&req, hdev); 1939 1940 __hci_req_update_class(&req); 1941 __hci_req_update_eir(&req); 1942 1943 err = hci_req_run(&req, add_uuid_complete); 1944 if (err < 0) { 1945 if (err != -ENODATA) 1946 goto failed; 1947 1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1949 hdev->dev_class, 3); 1950 goto failed; 1951 } 1952 1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1954 if (!cmd) { 1955 err = -ENOMEM; 1956 goto failed; 1957 } 1958 1959 err = 0; 1960 1961 failed: 1962 hci_dev_unlock(hdev); 1963 return err; 1964 } 1965 1966 static bool enable_service_cache(struct hci_dev *hdev) 1967 { 1968 if (!hdev_is_powered(hdev)) 1969 return false; 1970 1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 1973 CACHE_TIMEOUT); 1974 return true; 1975 } 1976 1977 return false; 1978 } 1979 1980 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1981 { 1982 BT_DBG("status 0x%02x", status); 1983 1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 1985 } 1986 1987 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1988 u16 len) 1989 { 1990 struct mgmt_cp_remove_uuid *cp = data; 1991 struct mgmt_pending_cmd *cmd; 1992 struct bt_uuid *match, *tmp; 1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1994 struct hci_request req; 1995 int err, found; 1996 1997 BT_DBG("request for %s", hdev->name); 1998 1999 hci_dev_lock(hdev); 2000 2001 if (pending_eir_or_class(hdev)) { 2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2003 MGMT_STATUS_BUSY); 2004 goto unlock; 2005 } 2006 2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2008 hci_uuids_clear(hdev); 2009 2010 if (enable_service_cache(hdev)) { 2011 err = mgmt_cmd_complete(sk, hdev->id, 2012 MGMT_OP_REMOVE_UUID, 2013 0, hdev->dev_class, 3); 2014 goto unlock; 2015 } 2016 2017 goto update_class; 2018 } 2019 2020 found = 0; 2021 2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2023 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2024 continue; 2025 2026 list_del(&match->list); 2027 kfree(match); 2028 found++; 2029 } 2030 2031 if (found == 0) { 2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2033 MGMT_STATUS_INVALID_PARAMS); 2034 goto unlock; 2035 } 2036 2037 update_class: 2038 hci_req_init(&req, hdev); 2039 2040 __hci_req_update_class(&req); 2041 __hci_req_update_eir(&req); 2042 2043 err = hci_req_run(&req, remove_uuid_complete); 2044 if (err < 0) { 2045 if (err != -ENODATA) 2046 goto unlock; 2047 2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2049 hdev->dev_class, 3); 2050 goto unlock; 2051 } 2052 2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2054 if (!cmd) { 2055 err = -ENOMEM; 2056 goto unlock; 2057 } 2058 2059 err = 0; 2060 2061 unlock: 2062 hci_dev_unlock(hdev); 2063 return err; 2064 } 2065 2066 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2067 { 2068 BT_DBG("status 0x%02x", status); 2069 2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2071 } 2072 2073 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2074 u16 len) 2075 { 2076 struct mgmt_cp_set_dev_class *cp = data; 2077 struct mgmt_pending_cmd *cmd; 2078 struct hci_request req; 2079 int err; 2080 2081 BT_DBG("request for %s", hdev->name); 2082 2083 if (!lmp_bredr_capable(hdev)) 2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2085 MGMT_STATUS_NOT_SUPPORTED); 2086 2087 hci_dev_lock(hdev); 2088 2089 if (pending_eir_or_class(hdev)) { 2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2091 MGMT_STATUS_BUSY); 2092 goto unlock; 2093 } 2094 2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2097 MGMT_STATUS_INVALID_PARAMS); 2098 goto unlock; 2099 } 2100 2101 hdev->major_class = cp->major; 2102 hdev->minor_class = cp->minor; 2103 2104 if (!hdev_is_powered(hdev)) { 2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2106 hdev->dev_class, 3); 2107 goto unlock; 2108 } 2109 2110 hci_req_init(&req, hdev); 2111 2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2113 hci_dev_unlock(hdev); 2114 cancel_delayed_work_sync(&hdev->service_cache); 2115 hci_dev_lock(hdev); 2116 __hci_req_update_eir(&req); 2117 } 2118 2119 __hci_req_update_class(&req); 2120 2121 err = hci_req_run(&req, set_class_complete); 2122 if (err < 0) { 2123 if (err != -ENODATA) 2124 goto unlock; 2125 2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2127 hdev->dev_class, 3); 2128 goto unlock; 2129 } 2130 2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2132 if (!cmd) { 2133 err = -ENOMEM; 2134 goto unlock; 2135 } 2136 2137 err = 0; 2138 2139 unlock: 2140 hci_dev_unlock(hdev); 2141 return err; 2142 } 2143 2144 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2145 u16 len) 2146 { 2147 struct mgmt_cp_load_link_keys *cp = data; 2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2149 sizeof(struct mgmt_link_key_info)); 2150 u16 key_count, expected_len; 2151 bool changed; 2152 int i; 2153 2154 BT_DBG("request for %s", hdev->name); 2155 2156 if (!lmp_bredr_capable(hdev)) 2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2158 MGMT_STATUS_NOT_SUPPORTED); 2159 2160 key_count = __le16_to_cpu(cp->key_count); 2161 if (key_count > max_key_count) { 2162 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2163 key_count); 2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2165 MGMT_STATUS_INVALID_PARAMS); 2166 } 2167 2168 expected_len = sizeof(*cp) + key_count * 2169 sizeof(struct mgmt_link_key_info); 2170 if (expected_len != len) { 2171 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2172 expected_len, len); 2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2174 MGMT_STATUS_INVALID_PARAMS); 2175 } 2176 2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2179 MGMT_STATUS_INVALID_PARAMS); 2180 2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2182 key_count); 2183 2184 for (i = 0; i < key_count; i++) { 2185 struct mgmt_link_key_info *key = &cp->keys[i]; 2186 2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2188 return mgmt_cmd_status(sk, hdev->id, 2189 MGMT_OP_LOAD_LINK_KEYS, 2190 MGMT_STATUS_INVALID_PARAMS); 2191 } 2192 2193 hci_dev_lock(hdev); 2194 2195 hci_link_keys_clear(hdev); 2196 2197 if (cp->debug_keys) 2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2199 else 2200 changed = hci_dev_test_and_clear_flag(hdev, 2201 HCI_KEEP_DEBUG_KEYS); 2202 2203 if (changed) 2204 new_settings(hdev, NULL); 2205 2206 for (i = 0; i < key_count; i++) { 2207 struct mgmt_link_key_info *key = &cp->keys[i]; 2208 2209 /* Always ignore debug keys and require a new pairing if 2210 * the user wants to use them. 2211 */ 2212 if (key->type == HCI_LK_DEBUG_COMBINATION) 2213 continue; 2214 2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2216 key->type, key->pin_len, NULL); 2217 } 2218 2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2220 2221 hci_dev_unlock(hdev); 2222 2223 return 0; 2224 } 2225 2226 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2227 u8 addr_type, struct sock *skip_sk) 2228 { 2229 struct mgmt_ev_device_unpaired ev; 2230 2231 bacpy(&ev.addr.bdaddr, bdaddr); 2232 ev.addr.type = addr_type; 2233 2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2235 skip_sk); 2236 } 2237 2238 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2239 u16 len) 2240 { 2241 struct mgmt_cp_unpair_device *cp = data; 2242 struct mgmt_rp_unpair_device rp; 2243 struct hci_conn_params *params; 2244 struct mgmt_pending_cmd *cmd; 2245 struct hci_conn *conn; 2246 u8 addr_type; 2247 int err; 2248 2249 memset(&rp, 0, sizeof(rp)); 2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2251 rp.addr.type = cp->addr.type; 2252 2253 if (!bdaddr_type_is_valid(cp->addr.type)) 2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2255 MGMT_STATUS_INVALID_PARAMS, 2256 &rp, sizeof(rp)); 2257 2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2260 MGMT_STATUS_INVALID_PARAMS, 2261 &rp, sizeof(rp)); 2262 2263 hci_dev_lock(hdev); 2264 2265 if (!hdev_is_powered(hdev)) { 2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2267 MGMT_STATUS_NOT_POWERED, &rp, 2268 sizeof(rp)); 2269 goto unlock; 2270 } 2271 2272 if (cp->addr.type == BDADDR_BREDR) { 2273 /* If disconnection is requested, then look up the 2274 * connection. If the remote device is connected, it 2275 * will be later used to terminate the link. 2276 * 2277 * Setting it to NULL explicitly will cause no 2278 * termination of the link. 2279 */ 2280 if (cp->disconnect) 2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2282 &cp->addr.bdaddr); 2283 else 2284 conn = NULL; 2285 2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2287 if (err < 0) { 2288 err = mgmt_cmd_complete(sk, hdev->id, 2289 MGMT_OP_UNPAIR_DEVICE, 2290 MGMT_STATUS_NOT_PAIRED, &rp, 2291 sizeof(rp)); 2292 goto unlock; 2293 } 2294 2295 goto done; 2296 } 2297 2298 /* LE address type */ 2299 addr_type = le_addr_type(cp->addr.type); 2300 2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2302 2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2304 if (err < 0) { 2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2306 MGMT_STATUS_NOT_PAIRED, &rp, 2307 sizeof(rp)); 2308 goto unlock; 2309 } 2310 2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2312 if (!conn) { 2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2314 goto done; 2315 } 2316 2317 /* Abort any ongoing SMP pairing */ 2318 smp_cancel_pairing(conn); 2319 2320 /* Defer clearing up the connection parameters until closing to 2321 * give a chance of keeping them if a repairing happens. 2322 */ 2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2324 2325 /* Disable auto-connection parameters if present */ 2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2327 if (params) { 2328 if (params->explicit_connect) 2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2330 else 2331 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2332 } 2333 2334 /* If disconnection is not requested, then clear the connection 2335 * variable so that the link is not terminated. 2336 */ 2337 if (!cp->disconnect) 2338 conn = NULL; 2339 2340 done: 2341 /* If the connection variable is set, then termination of the 2342 * link is requested. 2343 */ 2344 if (!conn) { 2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2346 &rp, sizeof(rp)); 2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2348 goto unlock; 2349 } 2350 2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2352 sizeof(*cp)); 2353 if (!cmd) { 2354 err = -ENOMEM; 2355 goto unlock; 2356 } 2357 2358 cmd->cmd_complete = addr_cmd_complete; 2359 2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2361 if (err < 0) 2362 mgmt_pending_remove(cmd); 2363 2364 unlock: 2365 hci_dev_unlock(hdev); 2366 return err; 2367 } 2368 2369 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2370 u16 len) 2371 { 2372 struct mgmt_cp_disconnect *cp = data; 2373 struct mgmt_rp_disconnect rp; 2374 struct mgmt_pending_cmd *cmd; 2375 struct hci_conn *conn; 2376 int err; 2377 2378 BT_DBG(""); 2379 2380 memset(&rp, 0, sizeof(rp)); 2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2382 rp.addr.type = cp->addr.type; 2383 2384 if (!bdaddr_type_is_valid(cp->addr.type)) 2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2386 MGMT_STATUS_INVALID_PARAMS, 2387 &rp, sizeof(rp)); 2388 2389 hci_dev_lock(hdev); 2390 2391 if (!test_bit(HCI_UP, &hdev->flags)) { 2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2393 MGMT_STATUS_NOT_POWERED, &rp, 2394 sizeof(rp)); 2395 goto failed; 2396 } 2397 2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2400 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2401 goto failed; 2402 } 2403 2404 if (cp->addr.type == BDADDR_BREDR) 2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2406 &cp->addr.bdaddr); 2407 else 2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2409 le_addr_type(cp->addr.type)); 2410 2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2413 MGMT_STATUS_NOT_CONNECTED, &rp, 2414 sizeof(rp)); 2415 goto failed; 2416 } 2417 2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2419 if (!cmd) { 2420 err = -ENOMEM; 2421 goto failed; 2422 } 2423 2424 cmd->cmd_complete = generic_cmd_complete; 2425 2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2427 if (err < 0) 2428 mgmt_pending_remove(cmd); 2429 2430 failed: 2431 hci_dev_unlock(hdev); 2432 return err; 2433 } 2434 2435 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2436 { 2437 switch (link_type) { 2438 case LE_LINK: 2439 switch (addr_type) { 2440 case ADDR_LE_DEV_PUBLIC: 2441 return BDADDR_LE_PUBLIC; 2442 2443 default: 2444 /* Fallback to LE Random address type */ 2445 return BDADDR_LE_RANDOM; 2446 } 2447 2448 default: 2449 /* Fallback to BR/EDR type */ 2450 return BDADDR_BREDR; 2451 } 2452 } 2453 2454 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2455 u16 data_len) 2456 { 2457 struct mgmt_rp_get_connections *rp; 2458 struct hci_conn *c; 2459 size_t rp_len; 2460 int err; 2461 u16 i; 2462 2463 BT_DBG(""); 2464 2465 hci_dev_lock(hdev); 2466 2467 if (!hdev_is_powered(hdev)) { 2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2469 MGMT_STATUS_NOT_POWERED); 2470 goto unlock; 2471 } 2472 2473 i = 0; 2474 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2476 i++; 2477 } 2478 2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2480 rp = kmalloc(rp_len, GFP_KERNEL); 2481 if (!rp) { 2482 err = -ENOMEM; 2483 goto unlock; 2484 } 2485 2486 i = 0; 2487 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2489 continue; 2490 bacpy(&rp->addr[i].bdaddr, &c->dst); 2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2492 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2493 continue; 2494 i++; 2495 } 2496 2497 rp->conn_count = cpu_to_le16(i); 2498 2499 /* Recalculate length in case of filtered SCO connections, etc */ 2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2501 2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2503 rp_len); 2504 2505 kfree(rp); 2506 2507 unlock: 2508 hci_dev_unlock(hdev); 2509 return err; 2510 } 2511 2512 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2513 struct mgmt_cp_pin_code_neg_reply *cp) 2514 { 2515 struct mgmt_pending_cmd *cmd; 2516 int err; 2517 2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2519 sizeof(*cp)); 2520 if (!cmd) 2521 return -ENOMEM; 2522 2523 cmd->cmd_complete = addr_cmd_complete; 2524 2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2527 if (err < 0) 2528 mgmt_pending_remove(cmd); 2529 2530 return err; 2531 } 2532 2533 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2534 u16 len) 2535 { 2536 struct hci_conn *conn; 2537 struct mgmt_cp_pin_code_reply *cp = data; 2538 struct hci_cp_pin_code_reply reply; 2539 struct mgmt_pending_cmd *cmd; 2540 int err; 2541 2542 BT_DBG(""); 2543 2544 hci_dev_lock(hdev); 2545 2546 if (!hdev_is_powered(hdev)) { 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2548 MGMT_STATUS_NOT_POWERED); 2549 goto failed; 2550 } 2551 2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2553 if (!conn) { 2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2555 MGMT_STATUS_NOT_CONNECTED); 2556 goto failed; 2557 } 2558 2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2560 struct mgmt_cp_pin_code_neg_reply ncp; 2561 2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2563 2564 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2565 2566 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2567 if (err >= 0) 2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2569 MGMT_STATUS_INVALID_PARAMS); 2570 2571 goto failed; 2572 } 2573 2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2575 if (!cmd) { 2576 err = -ENOMEM; 2577 goto failed; 2578 } 2579 2580 cmd->cmd_complete = addr_cmd_complete; 2581 2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2583 reply.pin_len = cp->pin_len; 2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2585 2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2587 if (err < 0) 2588 mgmt_pending_remove(cmd); 2589 2590 failed: 2591 hci_dev_unlock(hdev); 2592 return err; 2593 } 2594 2595 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2596 u16 len) 2597 { 2598 struct mgmt_cp_set_io_capability *cp = data; 2599 2600 BT_DBG(""); 2601 2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2604 MGMT_STATUS_INVALID_PARAMS); 2605 2606 hci_dev_lock(hdev); 2607 2608 hdev->io_capability = cp->io_capability; 2609 2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2611 hdev->io_capability); 2612 2613 hci_dev_unlock(hdev); 2614 2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2616 NULL, 0); 2617 } 2618 2619 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2620 { 2621 struct hci_dev *hdev = conn->hdev; 2622 struct mgmt_pending_cmd *cmd; 2623 2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2626 continue; 2627 2628 if (cmd->user_data != conn) 2629 continue; 2630 2631 return cmd; 2632 } 2633 2634 return NULL; 2635 } 2636 2637 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2638 { 2639 struct mgmt_rp_pair_device rp; 2640 struct hci_conn *conn = cmd->user_data; 2641 int err; 2642 2643 bacpy(&rp.addr.bdaddr, &conn->dst); 2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2645 2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2647 status, &rp, sizeof(rp)); 2648 2649 /* So we don't get further callbacks for this connection */ 2650 conn->connect_cfm_cb = NULL; 2651 conn->security_cfm_cb = NULL; 2652 conn->disconn_cfm_cb = NULL; 2653 2654 hci_conn_drop(conn); 2655 2656 /* The device is paired so there is no need to remove 2657 * its connection parameters anymore. 2658 */ 2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2660 2661 hci_conn_put(conn); 2662 2663 return err; 2664 } 2665 2666 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2667 { 2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2669 struct mgmt_pending_cmd *cmd; 2670 2671 cmd = find_pairing(conn); 2672 if (cmd) { 2673 cmd->cmd_complete(cmd, status); 2674 mgmt_pending_remove(cmd); 2675 } 2676 } 2677 2678 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2679 { 2680 struct mgmt_pending_cmd *cmd; 2681 2682 BT_DBG("status %u", status); 2683 2684 cmd = find_pairing(conn); 2685 if (!cmd) { 2686 BT_DBG("Unable to find a pending command"); 2687 return; 2688 } 2689 2690 cmd->cmd_complete(cmd, mgmt_status(status)); 2691 mgmt_pending_remove(cmd); 2692 } 2693 2694 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2695 { 2696 struct mgmt_pending_cmd *cmd; 2697 2698 BT_DBG("status %u", status); 2699 2700 if (!status) 2701 return; 2702 2703 cmd = find_pairing(conn); 2704 if (!cmd) { 2705 BT_DBG("Unable to find a pending command"); 2706 return; 2707 } 2708 2709 cmd->cmd_complete(cmd, mgmt_status(status)); 2710 mgmt_pending_remove(cmd); 2711 } 2712 2713 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2714 u16 len) 2715 { 2716 struct mgmt_cp_pair_device *cp = data; 2717 struct mgmt_rp_pair_device rp; 2718 struct mgmt_pending_cmd *cmd; 2719 u8 sec_level, auth_type; 2720 struct hci_conn *conn; 2721 int err; 2722 2723 BT_DBG(""); 2724 2725 memset(&rp, 0, sizeof(rp)); 2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2727 rp.addr.type = cp->addr.type; 2728 2729 if (!bdaddr_type_is_valid(cp->addr.type)) 2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2731 MGMT_STATUS_INVALID_PARAMS, 2732 &rp, sizeof(rp)); 2733 2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2736 MGMT_STATUS_INVALID_PARAMS, 2737 &rp, sizeof(rp)); 2738 2739 hci_dev_lock(hdev); 2740 2741 if (!hdev_is_powered(hdev)) { 2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2743 MGMT_STATUS_NOT_POWERED, &rp, 2744 sizeof(rp)); 2745 goto unlock; 2746 } 2747 2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2750 MGMT_STATUS_ALREADY_PAIRED, &rp, 2751 sizeof(rp)); 2752 goto unlock; 2753 } 2754 2755 sec_level = BT_SECURITY_MEDIUM; 2756 auth_type = HCI_AT_DEDICATED_BONDING; 2757 2758 if (cp->addr.type == BDADDR_BREDR) { 2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2760 auth_type); 2761 } else { 2762 u8 addr_type = le_addr_type(cp->addr.type); 2763 struct hci_conn_params *p; 2764 2765 /* When pairing a new device, it is expected to remember 2766 * this device for future connections. Adding the connection 2767 * parameter information ahead of time allows tracking 2768 * of the slave preferred values and will speed up any 2769 * further connection establishment. 2770 * 2771 * If connection parameters already exist, then they 2772 * will be kept and this function does nothing. 2773 */ 2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2775 2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2777 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2778 2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2780 addr_type, sec_level, 2781 HCI_LE_CONN_TIMEOUT); 2782 } 2783 2784 if (IS_ERR(conn)) { 2785 int status; 2786 2787 if (PTR_ERR(conn) == -EBUSY) 2788 status = MGMT_STATUS_BUSY; 2789 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2790 status = MGMT_STATUS_NOT_SUPPORTED; 2791 else if (PTR_ERR(conn) == -ECONNREFUSED) 2792 status = MGMT_STATUS_REJECTED; 2793 else 2794 status = MGMT_STATUS_CONNECT_FAILED; 2795 2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2797 status, &rp, sizeof(rp)); 2798 goto unlock; 2799 } 2800 2801 if (conn->connect_cfm_cb) { 2802 hci_conn_drop(conn); 2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2804 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2805 goto unlock; 2806 } 2807 2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2809 if (!cmd) { 2810 err = -ENOMEM; 2811 hci_conn_drop(conn); 2812 goto unlock; 2813 } 2814 2815 cmd->cmd_complete = pairing_complete; 2816 2817 /* For LE, just connecting isn't a proof that the pairing finished */ 2818 if (cp->addr.type == BDADDR_BREDR) { 2819 conn->connect_cfm_cb = pairing_complete_cb; 2820 conn->security_cfm_cb = pairing_complete_cb; 2821 conn->disconn_cfm_cb = pairing_complete_cb; 2822 } else { 2823 conn->connect_cfm_cb = le_pairing_complete_cb; 2824 conn->security_cfm_cb = le_pairing_complete_cb; 2825 conn->disconn_cfm_cb = le_pairing_complete_cb; 2826 } 2827 2828 conn->io_capability = cp->io_cap; 2829 cmd->user_data = hci_conn_get(conn); 2830 2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2832 hci_conn_security(conn, sec_level, auth_type, true)) { 2833 cmd->cmd_complete(cmd, 0); 2834 mgmt_pending_remove(cmd); 2835 } 2836 2837 err = 0; 2838 2839 unlock: 2840 hci_dev_unlock(hdev); 2841 return err; 2842 } 2843 2844 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2845 u16 len) 2846 { 2847 struct mgmt_addr_info *addr = data; 2848 struct mgmt_pending_cmd *cmd; 2849 struct hci_conn *conn; 2850 int err; 2851 2852 BT_DBG(""); 2853 2854 hci_dev_lock(hdev); 2855 2856 if (!hdev_is_powered(hdev)) { 2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2858 MGMT_STATUS_NOT_POWERED); 2859 goto unlock; 2860 } 2861 2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2863 if (!cmd) { 2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2865 MGMT_STATUS_INVALID_PARAMS); 2866 goto unlock; 2867 } 2868 2869 conn = cmd->user_data; 2870 2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2873 MGMT_STATUS_INVALID_PARAMS); 2874 goto unlock; 2875 } 2876 2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 2878 mgmt_pending_remove(cmd); 2879 2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 2881 addr, sizeof(*addr)); 2882 unlock: 2883 hci_dev_unlock(hdev); 2884 return err; 2885 } 2886 2887 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 2888 struct mgmt_addr_info *addr, u16 mgmt_op, 2889 u16 hci_op, __le32 passkey) 2890 { 2891 struct mgmt_pending_cmd *cmd; 2892 struct hci_conn *conn; 2893 int err; 2894 2895 hci_dev_lock(hdev); 2896 2897 if (!hdev_is_powered(hdev)) { 2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2899 MGMT_STATUS_NOT_POWERED, addr, 2900 sizeof(*addr)); 2901 goto done; 2902 } 2903 2904 if (addr->type == BDADDR_BREDR) 2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 2906 else 2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 2908 le_addr_type(addr->type)); 2909 2910 if (!conn) { 2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2912 MGMT_STATUS_NOT_CONNECTED, addr, 2913 sizeof(*addr)); 2914 goto done; 2915 } 2916 2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2919 if (!err) 2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2921 MGMT_STATUS_SUCCESS, addr, 2922 sizeof(*addr)); 2923 else 2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2925 MGMT_STATUS_FAILED, addr, 2926 sizeof(*addr)); 2927 2928 goto done; 2929 } 2930 2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 2932 if (!cmd) { 2933 err = -ENOMEM; 2934 goto done; 2935 } 2936 2937 cmd->cmd_complete = addr_cmd_complete; 2938 2939 /* Continue with pairing via HCI */ 2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2941 struct hci_cp_user_passkey_reply cp; 2942 2943 bacpy(&cp.bdaddr, &addr->bdaddr); 2944 cp.passkey = passkey; 2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2946 } else 2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 2948 &addr->bdaddr); 2949 2950 if (err < 0) 2951 mgmt_pending_remove(cmd); 2952 2953 done: 2954 hci_dev_unlock(hdev); 2955 return err; 2956 } 2957 2958 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2959 void *data, u16 len) 2960 { 2961 struct mgmt_cp_pin_code_neg_reply *cp = data; 2962 2963 BT_DBG(""); 2964 2965 return user_pairing_resp(sk, hdev, &cp->addr, 2966 MGMT_OP_PIN_CODE_NEG_REPLY, 2967 HCI_OP_PIN_CODE_NEG_REPLY, 0); 2968 } 2969 2970 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2971 u16 len) 2972 { 2973 struct mgmt_cp_user_confirm_reply *cp = data; 2974 2975 BT_DBG(""); 2976 2977 if (len != sizeof(*cp)) 2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2979 MGMT_STATUS_INVALID_PARAMS); 2980 2981 return user_pairing_resp(sk, hdev, &cp->addr, 2982 MGMT_OP_USER_CONFIRM_REPLY, 2983 HCI_OP_USER_CONFIRM_REPLY, 0); 2984 } 2985 2986 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2987 void *data, u16 len) 2988 { 2989 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2990 2991 BT_DBG(""); 2992 2993 return user_pairing_resp(sk, hdev, &cp->addr, 2994 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2996 } 2997 2998 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2999 u16 len) 3000 { 3001 struct mgmt_cp_user_passkey_reply *cp = data; 3002 3003 BT_DBG(""); 3004 3005 return user_pairing_resp(sk, hdev, &cp->addr, 3006 MGMT_OP_USER_PASSKEY_REPLY, 3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3008 } 3009 3010 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3011 void *data, u16 len) 3012 { 3013 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3014 3015 BT_DBG(""); 3016 3017 return user_pairing_resp(sk, hdev, &cp->addr, 3018 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3020 } 3021 3022 static void adv_expire(struct hci_dev *hdev, u32 flags) 3023 { 3024 struct adv_info *adv_instance; 3025 struct hci_request req; 3026 int err; 3027 3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3029 if (!adv_instance) 3030 return; 3031 3032 /* stop if current instance doesn't need to be changed */ 3033 if (!(adv_instance->flags & flags)) 3034 return; 3035 3036 cancel_adv_timeout(hdev); 3037 3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3039 if (!adv_instance) 3040 return; 3041 3042 hci_req_init(&req, hdev); 3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3044 true); 3045 if (err) 3046 return; 3047 3048 hci_req_run(&req, NULL); 3049 } 3050 3051 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3052 { 3053 struct mgmt_cp_set_local_name *cp; 3054 struct mgmt_pending_cmd *cmd; 3055 3056 BT_DBG("status 0x%02x", status); 3057 3058 hci_dev_lock(hdev); 3059 3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3061 if (!cmd) 3062 goto unlock; 3063 3064 cp = cmd->param; 3065 3066 if (status) { 3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3068 mgmt_status(status)); 3069 } else { 3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3071 cp, sizeof(*cp)); 3072 3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3075 } 3076 3077 mgmt_pending_remove(cmd); 3078 3079 unlock: 3080 hci_dev_unlock(hdev); 3081 } 3082 3083 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3084 u16 len) 3085 { 3086 struct mgmt_cp_set_local_name *cp = data; 3087 struct mgmt_pending_cmd *cmd; 3088 struct hci_request req; 3089 int err; 3090 3091 BT_DBG(""); 3092 3093 hci_dev_lock(hdev); 3094 3095 /* If the old values are the same as the new ones just return a 3096 * direct command complete event. 3097 */ 3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3099 !memcmp(hdev->short_name, cp->short_name, 3100 sizeof(hdev->short_name))) { 3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3102 data, len); 3103 goto failed; 3104 } 3105 3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3107 3108 if (!hdev_is_powered(hdev)) { 3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3110 3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3112 data, len); 3113 if (err < 0) 3114 goto failed; 3115 3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3118 ext_info_changed(hdev, sk); 3119 3120 goto failed; 3121 } 3122 3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3124 if (!cmd) { 3125 err = -ENOMEM; 3126 goto failed; 3127 } 3128 3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3130 3131 hci_req_init(&req, hdev); 3132 3133 if (lmp_bredr_capable(hdev)) { 3134 __hci_req_update_name(&req); 3135 __hci_req_update_eir(&req); 3136 } 3137 3138 /* The name is stored in the scan response data and so 3139 * no need to udpate the advertising data here. 3140 */ 3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3143 3144 err = hci_req_run(&req, set_name_complete); 3145 if (err < 0) 3146 mgmt_pending_remove(cmd); 3147 3148 failed: 3149 hci_dev_unlock(hdev); 3150 return err; 3151 } 3152 3153 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3154 u16 len) 3155 { 3156 struct mgmt_cp_set_appearance *cp = data; 3157 u16 apperance; 3158 int err; 3159 3160 BT_DBG(""); 3161 3162 if (!lmp_le_capable(hdev)) 3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3164 MGMT_STATUS_NOT_SUPPORTED); 3165 3166 apperance = le16_to_cpu(cp->appearance); 3167 3168 hci_dev_lock(hdev); 3169 3170 if (hdev->appearance != apperance) { 3171 hdev->appearance = apperance; 3172 3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3175 3176 ext_info_changed(hdev, sk); 3177 } 3178 3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3180 0); 3181 3182 hci_dev_unlock(hdev); 3183 3184 return err; 3185 } 3186 3187 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3188 u16 opcode, struct sk_buff *skb) 3189 { 3190 struct mgmt_rp_read_local_oob_data mgmt_rp; 3191 size_t rp_size = sizeof(mgmt_rp); 3192 struct mgmt_pending_cmd *cmd; 3193 3194 BT_DBG("%s status %u", hdev->name, status); 3195 3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3197 if (!cmd) 3198 return; 3199 3200 if (status || !skb) { 3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3203 goto remove; 3204 } 3205 3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3207 3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3210 3211 if (skb->len < sizeof(*rp)) { 3212 mgmt_cmd_status(cmd->sk, hdev->id, 3213 MGMT_OP_READ_LOCAL_OOB_DATA, 3214 MGMT_STATUS_FAILED); 3215 goto remove; 3216 } 3217 3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3220 3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3222 } else { 3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3224 3225 if (skb->len < sizeof(*rp)) { 3226 mgmt_cmd_status(cmd->sk, hdev->id, 3227 MGMT_OP_READ_LOCAL_OOB_DATA, 3228 MGMT_STATUS_FAILED); 3229 goto remove; 3230 } 3231 3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3234 3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3237 } 3238 3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3241 3242 remove: 3243 mgmt_pending_remove(cmd); 3244 } 3245 3246 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3247 void *data, u16 data_len) 3248 { 3249 struct mgmt_pending_cmd *cmd; 3250 struct hci_request req; 3251 int err; 3252 3253 BT_DBG("%s", hdev->name); 3254 3255 hci_dev_lock(hdev); 3256 3257 if (!hdev_is_powered(hdev)) { 3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3259 MGMT_STATUS_NOT_POWERED); 3260 goto unlock; 3261 } 3262 3263 if (!lmp_ssp_capable(hdev)) { 3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3265 MGMT_STATUS_NOT_SUPPORTED); 3266 goto unlock; 3267 } 3268 3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3271 MGMT_STATUS_BUSY); 3272 goto unlock; 3273 } 3274 3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3276 if (!cmd) { 3277 err = -ENOMEM; 3278 goto unlock; 3279 } 3280 3281 hci_req_init(&req, hdev); 3282 3283 if (bredr_sc_enabled(hdev)) 3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3285 else 3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3287 3288 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3289 if (err < 0) 3290 mgmt_pending_remove(cmd); 3291 3292 unlock: 3293 hci_dev_unlock(hdev); 3294 return err; 3295 } 3296 3297 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3298 void *data, u16 len) 3299 { 3300 struct mgmt_addr_info *addr = data; 3301 int err; 3302 3303 BT_DBG("%s ", hdev->name); 3304 3305 if (!bdaddr_type_is_valid(addr->type)) 3306 return mgmt_cmd_complete(sk, hdev->id, 3307 MGMT_OP_ADD_REMOTE_OOB_DATA, 3308 MGMT_STATUS_INVALID_PARAMS, 3309 addr, sizeof(*addr)); 3310 3311 hci_dev_lock(hdev); 3312 3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3314 struct mgmt_cp_add_remote_oob_data *cp = data; 3315 u8 status; 3316 3317 if (cp->addr.type != BDADDR_BREDR) { 3318 err = mgmt_cmd_complete(sk, hdev->id, 3319 MGMT_OP_ADD_REMOTE_OOB_DATA, 3320 MGMT_STATUS_INVALID_PARAMS, 3321 &cp->addr, sizeof(cp->addr)); 3322 goto unlock; 3323 } 3324 3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3326 cp->addr.type, cp->hash, 3327 cp->rand, NULL, NULL); 3328 if (err < 0) 3329 status = MGMT_STATUS_FAILED; 3330 else 3331 status = MGMT_STATUS_SUCCESS; 3332 3333 err = mgmt_cmd_complete(sk, hdev->id, 3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3335 &cp->addr, sizeof(cp->addr)); 3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3338 u8 *rand192, *hash192, *rand256, *hash256; 3339 u8 status; 3340 3341 if (bdaddr_type_is_le(cp->addr.type)) { 3342 /* Enforce zero-valued 192-bit parameters as 3343 * long as legacy SMP OOB isn't implemented. 3344 */ 3345 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3346 memcmp(cp->hash192, ZERO_KEY, 16)) { 3347 err = mgmt_cmd_complete(sk, hdev->id, 3348 MGMT_OP_ADD_REMOTE_OOB_DATA, 3349 MGMT_STATUS_INVALID_PARAMS, 3350 addr, sizeof(*addr)); 3351 goto unlock; 3352 } 3353 3354 rand192 = NULL; 3355 hash192 = NULL; 3356 } else { 3357 /* In case one of the P-192 values is set to zero, 3358 * then just disable OOB data for P-192. 3359 */ 3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3361 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3362 rand192 = NULL; 3363 hash192 = NULL; 3364 } else { 3365 rand192 = cp->rand192; 3366 hash192 = cp->hash192; 3367 } 3368 } 3369 3370 /* In case one of the P-256 values is set to zero, then just 3371 * disable OOB data for P-256. 3372 */ 3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3374 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3375 rand256 = NULL; 3376 hash256 = NULL; 3377 } else { 3378 rand256 = cp->rand256; 3379 hash256 = cp->hash256; 3380 } 3381 3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3383 cp->addr.type, hash192, rand192, 3384 hash256, rand256); 3385 if (err < 0) 3386 status = MGMT_STATUS_FAILED; 3387 else 3388 status = MGMT_STATUS_SUCCESS; 3389 3390 err = mgmt_cmd_complete(sk, hdev->id, 3391 MGMT_OP_ADD_REMOTE_OOB_DATA, 3392 status, &cp->addr, sizeof(cp->addr)); 3393 } else { 3394 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 3395 len); 3396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3397 MGMT_STATUS_INVALID_PARAMS); 3398 } 3399 3400 unlock: 3401 hci_dev_unlock(hdev); 3402 return err; 3403 } 3404 3405 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3406 void *data, u16 len) 3407 { 3408 struct mgmt_cp_remove_remote_oob_data *cp = data; 3409 u8 status; 3410 int err; 3411 3412 BT_DBG("%s", hdev->name); 3413 3414 if (cp->addr.type != BDADDR_BREDR) 3415 return mgmt_cmd_complete(sk, hdev->id, 3416 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3417 MGMT_STATUS_INVALID_PARAMS, 3418 &cp->addr, sizeof(cp->addr)); 3419 3420 hci_dev_lock(hdev); 3421 3422 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3423 hci_remote_oob_data_clear(hdev); 3424 status = MGMT_STATUS_SUCCESS; 3425 goto done; 3426 } 3427 3428 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3429 if (err < 0) 3430 status = MGMT_STATUS_INVALID_PARAMS; 3431 else 3432 status = MGMT_STATUS_SUCCESS; 3433 3434 done: 3435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3436 status, &cp->addr, sizeof(cp->addr)); 3437 3438 hci_dev_unlock(hdev); 3439 return err; 3440 } 3441 3442 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3443 { 3444 struct mgmt_pending_cmd *cmd; 3445 3446 BT_DBG("status %d", status); 3447 3448 hci_dev_lock(hdev); 3449 3450 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3451 if (!cmd) 3452 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3453 3454 if (!cmd) 3455 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3456 3457 if (cmd) { 3458 cmd->cmd_complete(cmd, mgmt_status(status)); 3459 mgmt_pending_remove(cmd); 3460 } 3461 3462 hci_dev_unlock(hdev); 3463 } 3464 3465 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3466 uint8_t *mgmt_status) 3467 { 3468 switch (type) { 3469 case DISCOV_TYPE_LE: 3470 *mgmt_status = mgmt_le_support(hdev); 3471 if (*mgmt_status) 3472 return false; 3473 break; 3474 case DISCOV_TYPE_INTERLEAVED: 3475 *mgmt_status = mgmt_le_support(hdev); 3476 if (*mgmt_status) 3477 return false; 3478 /* Intentional fall-through */ 3479 case DISCOV_TYPE_BREDR: 3480 *mgmt_status = mgmt_bredr_support(hdev); 3481 if (*mgmt_status) 3482 return false; 3483 break; 3484 default: 3485 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3486 return false; 3487 } 3488 3489 return true; 3490 } 3491 3492 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3493 u16 op, void *data, u16 len) 3494 { 3495 struct mgmt_cp_start_discovery *cp = data; 3496 struct mgmt_pending_cmd *cmd; 3497 u8 status; 3498 int err; 3499 3500 BT_DBG("%s", hdev->name); 3501 3502 hci_dev_lock(hdev); 3503 3504 if (!hdev_is_powered(hdev)) { 3505 err = mgmt_cmd_complete(sk, hdev->id, op, 3506 MGMT_STATUS_NOT_POWERED, 3507 &cp->type, sizeof(cp->type)); 3508 goto failed; 3509 } 3510 3511 if (hdev->discovery.state != DISCOVERY_STOPPED || 3512 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3513 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3514 &cp->type, sizeof(cp->type)); 3515 goto failed; 3516 } 3517 3518 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3519 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3520 &cp->type, sizeof(cp->type)); 3521 goto failed; 3522 } 3523 3524 /* Clear the discovery filter first to free any previously 3525 * allocated memory for the UUID list. 3526 */ 3527 hci_discovery_filter_clear(hdev); 3528 3529 hdev->discovery.type = cp->type; 3530 hdev->discovery.report_invalid_rssi = false; 3531 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3532 hdev->discovery.limited = true; 3533 else 3534 hdev->discovery.limited = false; 3535 3536 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3537 if (!cmd) { 3538 err = -ENOMEM; 3539 goto failed; 3540 } 3541 3542 cmd->cmd_complete = generic_cmd_complete; 3543 3544 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3545 queue_work(hdev->req_workqueue, &hdev->discov_update); 3546 err = 0; 3547 3548 failed: 3549 hci_dev_unlock(hdev); 3550 return err; 3551 } 3552 3553 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3554 void *data, u16 len) 3555 { 3556 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3557 data, len); 3558 } 3559 3560 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3561 void *data, u16 len) 3562 { 3563 return start_discovery_internal(sk, hdev, 3564 MGMT_OP_START_LIMITED_DISCOVERY, 3565 data, len); 3566 } 3567 3568 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3569 u8 status) 3570 { 3571 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3572 cmd->param, 1); 3573 } 3574 3575 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3576 void *data, u16 len) 3577 { 3578 struct mgmt_cp_start_service_discovery *cp = data; 3579 struct mgmt_pending_cmd *cmd; 3580 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3581 u16 uuid_count, expected_len; 3582 u8 status; 3583 int err; 3584 3585 BT_DBG("%s", hdev->name); 3586 3587 hci_dev_lock(hdev); 3588 3589 if (!hdev_is_powered(hdev)) { 3590 err = mgmt_cmd_complete(sk, hdev->id, 3591 MGMT_OP_START_SERVICE_DISCOVERY, 3592 MGMT_STATUS_NOT_POWERED, 3593 &cp->type, sizeof(cp->type)); 3594 goto failed; 3595 } 3596 3597 if (hdev->discovery.state != DISCOVERY_STOPPED || 3598 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3599 err = mgmt_cmd_complete(sk, hdev->id, 3600 MGMT_OP_START_SERVICE_DISCOVERY, 3601 MGMT_STATUS_BUSY, &cp->type, 3602 sizeof(cp->type)); 3603 goto failed; 3604 } 3605 3606 uuid_count = __le16_to_cpu(cp->uuid_count); 3607 if (uuid_count > max_uuid_count) { 3608 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 3609 uuid_count); 3610 err = mgmt_cmd_complete(sk, hdev->id, 3611 MGMT_OP_START_SERVICE_DISCOVERY, 3612 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3613 sizeof(cp->type)); 3614 goto failed; 3615 } 3616 3617 expected_len = sizeof(*cp) + uuid_count * 16; 3618 if (expected_len != len) { 3619 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 3620 expected_len, len); 3621 err = mgmt_cmd_complete(sk, hdev->id, 3622 MGMT_OP_START_SERVICE_DISCOVERY, 3623 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3624 sizeof(cp->type)); 3625 goto failed; 3626 } 3627 3628 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3629 err = mgmt_cmd_complete(sk, hdev->id, 3630 MGMT_OP_START_SERVICE_DISCOVERY, 3631 status, &cp->type, sizeof(cp->type)); 3632 goto failed; 3633 } 3634 3635 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3636 hdev, data, len); 3637 if (!cmd) { 3638 err = -ENOMEM; 3639 goto failed; 3640 } 3641 3642 cmd->cmd_complete = service_discovery_cmd_complete; 3643 3644 /* Clear the discovery filter first to free any previously 3645 * allocated memory for the UUID list. 3646 */ 3647 hci_discovery_filter_clear(hdev); 3648 3649 hdev->discovery.result_filtering = true; 3650 hdev->discovery.type = cp->type; 3651 hdev->discovery.rssi = cp->rssi; 3652 hdev->discovery.uuid_count = uuid_count; 3653 3654 if (uuid_count > 0) { 3655 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 3656 GFP_KERNEL); 3657 if (!hdev->discovery.uuids) { 3658 err = mgmt_cmd_complete(sk, hdev->id, 3659 MGMT_OP_START_SERVICE_DISCOVERY, 3660 MGMT_STATUS_FAILED, 3661 &cp->type, sizeof(cp->type)); 3662 mgmt_pending_remove(cmd); 3663 goto failed; 3664 } 3665 } 3666 3667 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3668 queue_work(hdev->req_workqueue, &hdev->discov_update); 3669 err = 0; 3670 3671 failed: 3672 hci_dev_unlock(hdev); 3673 return err; 3674 } 3675 3676 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 3677 { 3678 struct mgmt_pending_cmd *cmd; 3679 3680 BT_DBG("status %d", status); 3681 3682 hci_dev_lock(hdev); 3683 3684 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3685 if (cmd) { 3686 cmd->cmd_complete(cmd, mgmt_status(status)); 3687 mgmt_pending_remove(cmd); 3688 } 3689 3690 hci_dev_unlock(hdev); 3691 } 3692 3693 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 3694 u16 len) 3695 { 3696 struct mgmt_cp_stop_discovery *mgmt_cp = data; 3697 struct mgmt_pending_cmd *cmd; 3698 int err; 3699 3700 BT_DBG("%s", hdev->name); 3701 3702 hci_dev_lock(hdev); 3703 3704 if (!hci_discovery_active(hdev)) { 3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3706 MGMT_STATUS_REJECTED, &mgmt_cp->type, 3707 sizeof(mgmt_cp->type)); 3708 goto unlock; 3709 } 3710 3711 if (hdev->discovery.type != mgmt_cp->type) { 3712 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3713 MGMT_STATUS_INVALID_PARAMS, 3714 &mgmt_cp->type, sizeof(mgmt_cp->type)); 3715 goto unlock; 3716 } 3717 3718 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 3719 if (!cmd) { 3720 err = -ENOMEM; 3721 goto unlock; 3722 } 3723 3724 cmd->cmd_complete = generic_cmd_complete; 3725 3726 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 3727 queue_work(hdev->req_workqueue, &hdev->discov_update); 3728 err = 0; 3729 3730 unlock: 3731 hci_dev_unlock(hdev); 3732 return err; 3733 } 3734 3735 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 3736 u16 len) 3737 { 3738 struct mgmt_cp_confirm_name *cp = data; 3739 struct inquiry_entry *e; 3740 int err; 3741 3742 BT_DBG("%s", hdev->name); 3743 3744 hci_dev_lock(hdev); 3745 3746 if (!hci_discovery_active(hdev)) { 3747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3748 MGMT_STATUS_FAILED, &cp->addr, 3749 sizeof(cp->addr)); 3750 goto failed; 3751 } 3752 3753 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 3754 if (!e) { 3755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3756 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 3757 sizeof(cp->addr)); 3758 goto failed; 3759 } 3760 3761 if (cp->name_known) { 3762 e->name_state = NAME_KNOWN; 3763 list_del(&e->list); 3764 } else { 3765 e->name_state = NAME_NEEDED; 3766 hci_inquiry_cache_update_resolve(hdev, e); 3767 } 3768 3769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 3770 &cp->addr, sizeof(cp->addr)); 3771 3772 failed: 3773 hci_dev_unlock(hdev); 3774 return err; 3775 } 3776 3777 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 3778 u16 len) 3779 { 3780 struct mgmt_cp_block_device *cp = data; 3781 u8 status; 3782 int err; 3783 3784 BT_DBG("%s", hdev->name); 3785 3786 if (!bdaddr_type_is_valid(cp->addr.type)) 3787 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 3788 MGMT_STATUS_INVALID_PARAMS, 3789 &cp->addr, sizeof(cp->addr)); 3790 3791 hci_dev_lock(hdev); 3792 3793 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 3794 cp->addr.type); 3795 if (err < 0) { 3796 status = MGMT_STATUS_FAILED; 3797 goto done; 3798 } 3799 3800 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3801 sk); 3802 status = MGMT_STATUS_SUCCESS; 3803 3804 done: 3805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 3806 &cp->addr, sizeof(cp->addr)); 3807 3808 hci_dev_unlock(hdev); 3809 3810 return err; 3811 } 3812 3813 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 3814 u16 len) 3815 { 3816 struct mgmt_cp_unblock_device *cp = data; 3817 u8 status; 3818 int err; 3819 3820 BT_DBG("%s", hdev->name); 3821 3822 if (!bdaddr_type_is_valid(cp->addr.type)) 3823 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 3824 MGMT_STATUS_INVALID_PARAMS, 3825 &cp->addr, sizeof(cp->addr)); 3826 3827 hci_dev_lock(hdev); 3828 3829 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 3830 cp->addr.type); 3831 if (err < 0) { 3832 status = MGMT_STATUS_INVALID_PARAMS; 3833 goto done; 3834 } 3835 3836 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3837 sk); 3838 status = MGMT_STATUS_SUCCESS; 3839 3840 done: 3841 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 3842 &cp->addr, sizeof(cp->addr)); 3843 3844 hci_dev_unlock(hdev); 3845 3846 return err; 3847 } 3848 3849 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 3850 u16 len) 3851 { 3852 struct mgmt_cp_set_device_id *cp = data; 3853 struct hci_request req; 3854 int err; 3855 __u16 source; 3856 3857 BT_DBG("%s", hdev->name); 3858 3859 source = __le16_to_cpu(cp->source); 3860 3861 if (source > 0x0002) 3862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 3863 MGMT_STATUS_INVALID_PARAMS); 3864 3865 hci_dev_lock(hdev); 3866 3867 hdev->devid_source = source; 3868 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 3869 hdev->devid_product = __le16_to_cpu(cp->product); 3870 hdev->devid_version = __le16_to_cpu(cp->version); 3871 3872 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 3873 NULL, 0); 3874 3875 hci_req_init(&req, hdev); 3876 __hci_req_update_eir(&req); 3877 hci_req_run(&req, NULL); 3878 3879 hci_dev_unlock(hdev); 3880 3881 return err; 3882 } 3883 3884 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 3885 u16 opcode) 3886 { 3887 BT_DBG("status %d", status); 3888 } 3889 3890 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 3891 u16 opcode) 3892 { 3893 struct cmd_lookup match = { NULL, hdev }; 3894 struct hci_request req; 3895 u8 instance; 3896 struct adv_info *adv_instance; 3897 int err; 3898 3899 hci_dev_lock(hdev); 3900 3901 if (status) { 3902 u8 mgmt_err = mgmt_status(status); 3903 3904 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3905 cmd_status_rsp, &mgmt_err); 3906 goto unlock; 3907 } 3908 3909 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3910 hci_dev_set_flag(hdev, HCI_ADVERTISING); 3911 else 3912 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 3913 3914 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3915 &match); 3916 3917 new_settings(hdev, match.sk); 3918 3919 if (match.sk) 3920 sock_put(match.sk); 3921 3922 /* If "Set Advertising" was just disabled and instance advertising was 3923 * set up earlier, then re-enable multi-instance advertising. 3924 */ 3925 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 3926 list_empty(&hdev->adv_instances)) 3927 goto unlock; 3928 3929 instance = hdev->cur_adv_instance; 3930 if (!instance) { 3931 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 3932 struct adv_info, list); 3933 if (!adv_instance) 3934 goto unlock; 3935 3936 instance = adv_instance->instance; 3937 } 3938 3939 hci_req_init(&req, hdev); 3940 3941 err = __hci_req_schedule_adv_instance(&req, instance, true); 3942 3943 if (!err) 3944 err = hci_req_run(&req, enable_advertising_instance); 3945 3946 if (err) 3947 bt_dev_err(hdev, "failed to re-configure advertising"); 3948 3949 unlock: 3950 hci_dev_unlock(hdev); 3951 } 3952 3953 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 3954 u16 len) 3955 { 3956 struct mgmt_mode *cp = data; 3957 struct mgmt_pending_cmd *cmd; 3958 struct hci_request req; 3959 u8 val, status; 3960 int err; 3961 3962 BT_DBG("request for %s", hdev->name); 3963 3964 status = mgmt_le_support(hdev); 3965 if (status) 3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3967 status); 3968 3969 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3971 MGMT_STATUS_INVALID_PARAMS); 3972 3973 hci_dev_lock(hdev); 3974 3975 val = !!cp->val; 3976 3977 /* The following conditions are ones which mean that we should 3978 * not do any HCI communication but directly send a mgmt 3979 * response to user space (after toggling the flag if 3980 * necessary). 3981 */ 3982 if (!hdev_is_powered(hdev) || 3983 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 3984 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 3985 hci_conn_num(hdev, LE_LINK) > 0 || 3986 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3987 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 3988 bool changed; 3989 3990 if (cp->val) { 3991 hdev->cur_adv_instance = 0x00; 3992 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 3993 if (cp->val == 0x02) 3994 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3995 else 3996 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3997 } else { 3998 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 3999 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4000 } 4001 4002 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 4003 if (err < 0) 4004 goto unlock; 4005 4006 if (changed) 4007 err = new_settings(hdev, sk); 4008 4009 goto unlock; 4010 } 4011 4012 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 4013 pending_find(MGMT_OP_SET_LE, hdev)) { 4014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4015 MGMT_STATUS_BUSY); 4016 goto unlock; 4017 } 4018 4019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 4020 if (!cmd) { 4021 err = -ENOMEM; 4022 goto unlock; 4023 } 4024 4025 hci_req_init(&req, hdev); 4026 4027 if (cp->val == 0x02) 4028 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4029 else 4030 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4031 4032 cancel_adv_timeout(hdev); 4033 4034 if (val) { 4035 /* Switch to instance "0" for the Set Advertising setting. 4036 * We cannot use update_[adv|scan_rsp]_data() here as the 4037 * HCI_ADVERTISING flag is not yet set. 4038 */ 4039 hdev->cur_adv_instance = 0x00; 4040 __hci_req_update_adv_data(&req, 0x00); 4041 __hci_req_update_scan_rsp_data(&req, 0x00); 4042 __hci_req_enable_advertising(&req); 4043 } else { 4044 __hci_req_disable_advertising(&req); 4045 } 4046 4047 err = hci_req_run(&req, set_advertising_complete); 4048 if (err < 0) 4049 mgmt_pending_remove(cmd); 4050 4051 unlock: 4052 hci_dev_unlock(hdev); 4053 return err; 4054 } 4055 4056 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 4057 void *data, u16 len) 4058 { 4059 struct mgmt_cp_set_static_address *cp = data; 4060 int err; 4061 4062 BT_DBG("%s", hdev->name); 4063 4064 if (!lmp_le_capable(hdev)) 4065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4066 MGMT_STATUS_NOT_SUPPORTED); 4067 4068 if (hdev_is_powered(hdev)) 4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4070 MGMT_STATUS_REJECTED); 4071 4072 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 4073 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 4074 return mgmt_cmd_status(sk, hdev->id, 4075 MGMT_OP_SET_STATIC_ADDRESS, 4076 MGMT_STATUS_INVALID_PARAMS); 4077 4078 /* Two most significant bits shall be set */ 4079 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 4080 return mgmt_cmd_status(sk, hdev->id, 4081 MGMT_OP_SET_STATIC_ADDRESS, 4082 MGMT_STATUS_INVALID_PARAMS); 4083 } 4084 4085 hci_dev_lock(hdev); 4086 4087 bacpy(&hdev->static_addr, &cp->bdaddr); 4088 4089 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 4090 if (err < 0) 4091 goto unlock; 4092 4093 err = new_settings(hdev, sk); 4094 4095 unlock: 4096 hci_dev_unlock(hdev); 4097 return err; 4098 } 4099 4100 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4101 void *data, u16 len) 4102 { 4103 struct mgmt_cp_set_scan_params *cp = data; 4104 __u16 interval, window; 4105 int err; 4106 4107 BT_DBG("%s", hdev->name); 4108 4109 if (!lmp_le_capable(hdev)) 4110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4111 MGMT_STATUS_NOT_SUPPORTED); 4112 4113 interval = __le16_to_cpu(cp->interval); 4114 4115 if (interval < 0x0004 || interval > 0x4000) 4116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4117 MGMT_STATUS_INVALID_PARAMS); 4118 4119 window = __le16_to_cpu(cp->window); 4120 4121 if (window < 0x0004 || window > 0x4000) 4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4123 MGMT_STATUS_INVALID_PARAMS); 4124 4125 if (window > interval) 4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4127 MGMT_STATUS_INVALID_PARAMS); 4128 4129 hci_dev_lock(hdev); 4130 4131 hdev->le_scan_interval = interval; 4132 hdev->le_scan_window = window; 4133 4134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 4135 NULL, 0); 4136 4137 /* If background scan is running, restart it so new parameters are 4138 * loaded. 4139 */ 4140 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4141 hdev->discovery.state == DISCOVERY_STOPPED) { 4142 struct hci_request req; 4143 4144 hci_req_init(&req, hdev); 4145 4146 hci_req_add_le_scan_disable(&req); 4147 hci_req_add_le_passive_scan(&req); 4148 4149 hci_req_run(&req, NULL); 4150 } 4151 4152 hci_dev_unlock(hdev); 4153 4154 return err; 4155 } 4156 4157 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4158 u16 opcode) 4159 { 4160 struct mgmt_pending_cmd *cmd; 4161 4162 BT_DBG("status 0x%02x", status); 4163 4164 hci_dev_lock(hdev); 4165 4166 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4167 if (!cmd) 4168 goto unlock; 4169 4170 if (status) { 4171 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4172 mgmt_status(status)); 4173 } else { 4174 struct mgmt_mode *cp = cmd->param; 4175 4176 if (cp->val) 4177 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4178 else 4179 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4180 4181 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4182 new_settings(hdev, cmd->sk); 4183 } 4184 4185 mgmt_pending_remove(cmd); 4186 4187 unlock: 4188 hci_dev_unlock(hdev); 4189 } 4190 4191 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4192 void *data, u16 len) 4193 { 4194 struct mgmt_mode *cp = data; 4195 struct mgmt_pending_cmd *cmd; 4196 struct hci_request req; 4197 int err; 4198 4199 BT_DBG("%s", hdev->name); 4200 4201 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4202 hdev->hci_ver < BLUETOOTH_VER_1_2) 4203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4204 MGMT_STATUS_NOT_SUPPORTED); 4205 4206 if (cp->val != 0x00 && cp->val != 0x01) 4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4208 MGMT_STATUS_INVALID_PARAMS); 4209 4210 hci_dev_lock(hdev); 4211 4212 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4214 MGMT_STATUS_BUSY); 4215 goto unlock; 4216 } 4217 4218 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4219 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4220 hdev); 4221 goto unlock; 4222 } 4223 4224 if (!hdev_is_powered(hdev)) { 4225 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4226 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4227 hdev); 4228 new_settings(hdev, sk); 4229 goto unlock; 4230 } 4231 4232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4233 data, len); 4234 if (!cmd) { 4235 err = -ENOMEM; 4236 goto unlock; 4237 } 4238 4239 hci_req_init(&req, hdev); 4240 4241 __hci_req_write_fast_connectable(&req, cp->val); 4242 4243 err = hci_req_run(&req, fast_connectable_complete); 4244 if (err < 0) { 4245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4246 MGMT_STATUS_FAILED); 4247 mgmt_pending_remove(cmd); 4248 } 4249 4250 unlock: 4251 hci_dev_unlock(hdev); 4252 4253 return err; 4254 } 4255 4256 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4257 { 4258 struct mgmt_pending_cmd *cmd; 4259 4260 BT_DBG("status 0x%02x", status); 4261 4262 hci_dev_lock(hdev); 4263 4264 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4265 if (!cmd) 4266 goto unlock; 4267 4268 if (status) { 4269 u8 mgmt_err = mgmt_status(status); 4270 4271 /* We need to restore the flag if related HCI commands 4272 * failed. 4273 */ 4274 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4275 4276 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4277 } else { 4278 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4279 new_settings(hdev, cmd->sk); 4280 } 4281 4282 mgmt_pending_remove(cmd); 4283 4284 unlock: 4285 hci_dev_unlock(hdev); 4286 } 4287 4288 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4289 { 4290 struct mgmt_mode *cp = data; 4291 struct mgmt_pending_cmd *cmd; 4292 struct hci_request req; 4293 int err; 4294 4295 BT_DBG("request for %s", hdev->name); 4296 4297 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4299 MGMT_STATUS_NOT_SUPPORTED); 4300 4301 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4303 MGMT_STATUS_REJECTED); 4304 4305 if (cp->val != 0x00 && cp->val != 0x01) 4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4307 MGMT_STATUS_INVALID_PARAMS); 4308 4309 hci_dev_lock(hdev); 4310 4311 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4312 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4313 goto unlock; 4314 } 4315 4316 if (!hdev_is_powered(hdev)) { 4317 if (!cp->val) { 4318 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4319 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4320 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4321 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4322 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4323 } 4324 4325 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4326 4327 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4328 if (err < 0) 4329 goto unlock; 4330 4331 err = new_settings(hdev, sk); 4332 goto unlock; 4333 } 4334 4335 /* Reject disabling when powered on */ 4336 if (!cp->val) { 4337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4338 MGMT_STATUS_REJECTED); 4339 goto unlock; 4340 } else { 4341 /* When configuring a dual-mode controller to operate 4342 * with LE only and using a static address, then switching 4343 * BR/EDR back on is not allowed. 4344 * 4345 * Dual-mode controllers shall operate with the public 4346 * address as its identity address for BR/EDR and LE. So 4347 * reject the attempt to create an invalid configuration. 4348 * 4349 * The same restrictions applies when secure connections 4350 * has been enabled. For BR/EDR this is a controller feature 4351 * while for LE it is a host stack feature. This means that 4352 * switching BR/EDR back on when secure connections has been 4353 * enabled is not a supported transaction. 4354 */ 4355 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4356 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4357 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4359 MGMT_STATUS_REJECTED); 4360 goto unlock; 4361 } 4362 } 4363 4364 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4366 MGMT_STATUS_BUSY); 4367 goto unlock; 4368 } 4369 4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4371 if (!cmd) { 4372 err = -ENOMEM; 4373 goto unlock; 4374 } 4375 4376 /* We need to flip the bit already here so that 4377 * hci_req_update_adv_data generates the correct flags. 4378 */ 4379 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4380 4381 hci_req_init(&req, hdev); 4382 4383 __hci_req_write_fast_connectable(&req, false); 4384 __hci_req_update_scan(&req); 4385 4386 /* Since only the advertising data flags will change, there 4387 * is no need to update the scan response data. 4388 */ 4389 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4390 4391 err = hci_req_run(&req, set_bredr_complete); 4392 if (err < 0) 4393 mgmt_pending_remove(cmd); 4394 4395 unlock: 4396 hci_dev_unlock(hdev); 4397 return err; 4398 } 4399 4400 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4401 { 4402 struct mgmt_pending_cmd *cmd; 4403 struct mgmt_mode *cp; 4404 4405 BT_DBG("%s status %u", hdev->name, status); 4406 4407 hci_dev_lock(hdev); 4408 4409 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4410 if (!cmd) 4411 goto unlock; 4412 4413 if (status) { 4414 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4415 mgmt_status(status)); 4416 goto remove; 4417 } 4418 4419 cp = cmd->param; 4420 4421 switch (cp->val) { 4422 case 0x00: 4423 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4424 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4425 break; 4426 case 0x01: 4427 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4429 break; 4430 case 0x02: 4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4432 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4433 break; 4434 } 4435 4436 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4437 new_settings(hdev, cmd->sk); 4438 4439 remove: 4440 mgmt_pending_remove(cmd); 4441 unlock: 4442 hci_dev_unlock(hdev); 4443 } 4444 4445 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4446 void *data, u16 len) 4447 { 4448 struct mgmt_mode *cp = data; 4449 struct mgmt_pending_cmd *cmd; 4450 struct hci_request req; 4451 u8 val; 4452 int err; 4453 4454 BT_DBG("request for %s", hdev->name); 4455 4456 if (!lmp_sc_capable(hdev) && 4457 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4459 MGMT_STATUS_NOT_SUPPORTED); 4460 4461 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4462 lmp_sc_capable(hdev) && 4463 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4464 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4465 MGMT_STATUS_REJECTED); 4466 4467 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4469 MGMT_STATUS_INVALID_PARAMS); 4470 4471 hci_dev_lock(hdev); 4472 4473 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4474 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4475 bool changed; 4476 4477 if (cp->val) { 4478 changed = !hci_dev_test_and_set_flag(hdev, 4479 HCI_SC_ENABLED); 4480 if (cp->val == 0x02) 4481 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4482 else 4483 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4484 } else { 4485 changed = hci_dev_test_and_clear_flag(hdev, 4486 HCI_SC_ENABLED); 4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4488 } 4489 4490 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4491 if (err < 0) 4492 goto failed; 4493 4494 if (changed) 4495 err = new_settings(hdev, sk); 4496 4497 goto failed; 4498 } 4499 4500 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4502 MGMT_STATUS_BUSY); 4503 goto failed; 4504 } 4505 4506 val = !!cp->val; 4507 4508 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4509 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4510 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4511 goto failed; 4512 } 4513 4514 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4515 if (!cmd) { 4516 err = -ENOMEM; 4517 goto failed; 4518 } 4519 4520 hci_req_init(&req, hdev); 4521 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4522 err = hci_req_run(&req, sc_enable_complete); 4523 if (err < 0) { 4524 mgmt_pending_remove(cmd); 4525 goto failed; 4526 } 4527 4528 failed: 4529 hci_dev_unlock(hdev); 4530 return err; 4531 } 4532 4533 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4534 void *data, u16 len) 4535 { 4536 struct mgmt_mode *cp = data; 4537 bool changed, use_changed; 4538 int err; 4539 4540 BT_DBG("request for %s", hdev->name); 4541 4542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4543 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4544 MGMT_STATUS_INVALID_PARAMS); 4545 4546 hci_dev_lock(hdev); 4547 4548 if (cp->val) 4549 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4550 else 4551 changed = hci_dev_test_and_clear_flag(hdev, 4552 HCI_KEEP_DEBUG_KEYS); 4553 4554 if (cp->val == 0x02) 4555 use_changed = !hci_dev_test_and_set_flag(hdev, 4556 HCI_USE_DEBUG_KEYS); 4557 else 4558 use_changed = hci_dev_test_and_clear_flag(hdev, 4559 HCI_USE_DEBUG_KEYS); 4560 4561 if (hdev_is_powered(hdev) && use_changed && 4562 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4563 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4565 sizeof(mode), &mode); 4566 } 4567 4568 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4569 if (err < 0) 4570 goto unlock; 4571 4572 if (changed) 4573 err = new_settings(hdev, sk); 4574 4575 unlock: 4576 hci_dev_unlock(hdev); 4577 return err; 4578 } 4579 4580 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4581 u16 len) 4582 { 4583 struct mgmt_cp_set_privacy *cp = cp_data; 4584 bool changed; 4585 int err; 4586 4587 BT_DBG("request for %s", hdev->name); 4588 4589 if (!lmp_le_capable(hdev)) 4590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4591 MGMT_STATUS_NOT_SUPPORTED); 4592 4593 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4595 MGMT_STATUS_INVALID_PARAMS); 4596 4597 if (hdev_is_powered(hdev)) 4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4599 MGMT_STATUS_REJECTED); 4600 4601 hci_dev_lock(hdev); 4602 4603 /* If user space supports this command it is also expected to 4604 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4605 */ 4606 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4607 4608 if (cp->privacy) { 4609 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4610 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4611 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4612 if (cp->privacy == 0x02) 4613 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4614 else 4615 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4616 } else { 4617 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4618 memset(hdev->irk, 0, sizeof(hdev->irk)); 4619 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4620 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4621 } 4622 4623 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4624 if (err < 0) 4625 goto unlock; 4626 4627 if (changed) 4628 err = new_settings(hdev, sk); 4629 4630 unlock: 4631 hci_dev_unlock(hdev); 4632 return err; 4633 } 4634 4635 static bool irk_is_valid(struct mgmt_irk_info *irk) 4636 { 4637 switch (irk->addr.type) { 4638 case BDADDR_LE_PUBLIC: 4639 return true; 4640 4641 case BDADDR_LE_RANDOM: 4642 /* Two most significant bits shall be set */ 4643 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4644 return false; 4645 return true; 4646 } 4647 4648 return false; 4649 } 4650 4651 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4652 u16 len) 4653 { 4654 struct mgmt_cp_load_irks *cp = cp_data; 4655 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 4656 sizeof(struct mgmt_irk_info)); 4657 u16 irk_count, expected_len; 4658 int i, err; 4659 4660 BT_DBG("request for %s", hdev->name); 4661 4662 if (!lmp_le_capable(hdev)) 4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4664 MGMT_STATUS_NOT_SUPPORTED); 4665 4666 irk_count = __le16_to_cpu(cp->irk_count); 4667 if (irk_count > max_irk_count) { 4668 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 4669 irk_count); 4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4671 MGMT_STATUS_INVALID_PARAMS); 4672 } 4673 4674 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 4675 if (expected_len != len) { 4676 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 4677 expected_len, len); 4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4679 MGMT_STATUS_INVALID_PARAMS); 4680 } 4681 4682 BT_DBG("%s irk_count %u", hdev->name, irk_count); 4683 4684 for (i = 0; i < irk_count; i++) { 4685 struct mgmt_irk_info *key = &cp->irks[i]; 4686 4687 if (!irk_is_valid(key)) 4688 return mgmt_cmd_status(sk, hdev->id, 4689 MGMT_OP_LOAD_IRKS, 4690 MGMT_STATUS_INVALID_PARAMS); 4691 } 4692 4693 hci_dev_lock(hdev); 4694 4695 hci_smp_irks_clear(hdev); 4696 4697 for (i = 0; i < irk_count; i++) { 4698 struct mgmt_irk_info *irk = &cp->irks[i]; 4699 4700 hci_add_irk(hdev, &irk->addr.bdaddr, 4701 le_addr_type(irk->addr.type), irk->val, 4702 BDADDR_ANY); 4703 } 4704 4705 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4706 4707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 4708 4709 hci_dev_unlock(hdev); 4710 4711 return err; 4712 } 4713 4714 static bool ltk_is_valid(struct mgmt_ltk_info *key) 4715 { 4716 if (key->master != 0x00 && key->master != 0x01) 4717 return false; 4718 4719 switch (key->addr.type) { 4720 case BDADDR_LE_PUBLIC: 4721 return true; 4722 4723 case BDADDR_LE_RANDOM: 4724 /* Two most significant bits shall be set */ 4725 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4726 return false; 4727 return true; 4728 } 4729 4730 return false; 4731 } 4732 4733 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 4734 void *cp_data, u16 len) 4735 { 4736 struct mgmt_cp_load_long_term_keys *cp = cp_data; 4737 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 4738 sizeof(struct mgmt_ltk_info)); 4739 u16 key_count, expected_len; 4740 int i, err; 4741 4742 BT_DBG("request for %s", hdev->name); 4743 4744 if (!lmp_le_capable(hdev)) 4745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4746 MGMT_STATUS_NOT_SUPPORTED); 4747 4748 key_count = __le16_to_cpu(cp->key_count); 4749 if (key_count > max_key_count) { 4750 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 4751 key_count); 4752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4753 MGMT_STATUS_INVALID_PARAMS); 4754 } 4755 4756 expected_len = sizeof(*cp) + key_count * 4757 sizeof(struct mgmt_ltk_info); 4758 if (expected_len != len) { 4759 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 4760 expected_len, len); 4761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4762 MGMT_STATUS_INVALID_PARAMS); 4763 } 4764 4765 BT_DBG("%s key_count %u", hdev->name, key_count); 4766 4767 for (i = 0; i < key_count; i++) { 4768 struct mgmt_ltk_info *key = &cp->keys[i]; 4769 4770 if (!ltk_is_valid(key)) 4771 return mgmt_cmd_status(sk, hdev->id, 4772 MGMT_OP_LOAD_LONG_TERM_KEYS, 4773 MGMT_STATUS_INVALID_PARAMS); 4774 } 4775 4776 hci_dev_lock(hdev); 4777 4778 hci_smp_ltks_clear(hdev); 4779 4780 for (i = 0; i < key_count; i++) { 4781 struct mgmt_ltk_info *key = &cp->keys[i]; 4782 u8 type, authenticated; 4783 4784 switch (key->type) { 4785 case MGMT_LTK_UNAUTHENTICATED: 4786 authenticated = 0x00; 4787 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4788 break; 4789 case MGMT_LTK_AUTHENTICATED: 4790 authenticated = 0x01; 4791 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4792 break; 4793 case MGMT_LTK_P256_UNAUTH: 4794 authenticated = 0x00; 4795 type = SMP_LTK_P256; 4796 break; 4797 case MGMT_LTK_P256_AUTH: 4798 authenticated = 0x01; 4799 type = SMP_LTK_P256; 4800 break; 4801 case MGMT_LTK_P256_DEBUG: 4802 authenticated = 0x00; 4803 type = SMP_LTK_P256_DEBUG; 4804 /* fall through */ 4805 default: 4806 continue; 4807 } 4808 4809 hci_add_ltk(hdev, &key->addr.bdaddr, 4810 le_addr_type(key->addr.type), type, authenticated, 4811 key->val, key->enc_size, key->ediv, key->rand); 4812 } 4813 4814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 4815 NULL, 0); 4816 4817 hci_dev_unlock(hdev); 4818 4819 return err; 4820 } 4821 4822 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4823 { 4824 struct hci_conn *conn = cmd->user_data; 4825 struct mgmt_rp_get_conn_info rp; 4826 int err; 4827 4828 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 4829 4830 if (status == MGMT_STATUS_SUCCESS) { 4831 rp.rssi = conn->rssi; 4832 rp.tx_power = conn->tx_power; 4833 rp.max_tx_power = conn->max_tx_power; 4834 } else { 4835 rp.rssi = HCI_RSSI_INVALID; 4836 rp.tx_power = HCI_TX_POWER_INVALID; 4837 rp.max_tx_power = HCI_TX_POWER_INVALID; 4838 } 4839 4840 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4841 status, &rp, sizeof(rp)); 4842 4843 hci_conn_drop(conn); 4844 hci_conn_put(conn); 4845 4846 return err; 4847 } 4848 4849 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 4850 u16 opcode) 4851 { 4852 struct hci_cp_read_rssi *cp; 4853 struct mgmt_pending_cmd *cmd; 4854 struct hci_conn *conn; 4855 u16 handle; 4856 u8 status; 4857 4858 BT_DBG("status 0x%02x", hci_status); 4859 4860 hci_dev_lock(hdev); 4861 4862 /* Commands sent in request are either Read RSSI or Read Transmit Power 4863 * Level so we check which one was last sent to retrieve connection 4864 * handle. Both commands have handle as first parameter so it's safe to 4865 * cast data on the same command struct. 4866 * 4867 * First command sent is always Read RSSI and we fail only if it fails. 4868 * In other case we simply override error to indicate success as we 4869 * already remembered if TX power value is actually valid. 4870 */ 4871 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4872 if (!cp) { 4873 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4874 status = MGMT_STATUS_SUCCESS; 4875 } else { 4876 status = mgmt_status(hci_status); 4877 } 4878 4879 if (!cp) { 4880 bt_dev_err(hdev, "invalid sent_cmd in conn_info response"); 4881 goto unlock; 4882 } 4883 4884 handle = __le16_to_cpu(cp->handle); 4885 conn = hci_conn_hash_lookup_handle(hdev, handle); 4886 if (!conn) { 4887 bt_dev_err(hdev, "unknown handle (%d) in conn_info response", 4888 handle); 4889 goto unlock; 4890 } 4891 4892 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 4893 if (!cmd) 4894 goto unlock; 4895 4896 cmd->cmd_complete(cmd, status); 4897 mgmt_pending_remove(cmd); 4898 4899 unlock: 4900 hci_dev_unlock(hdev); 4901 } 4902 4903 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4904 u16 len) 4905 { 4906 struct mgmt_cp_get_conn_info *cp = data; 4907 struct mgmt_rp_get_conn_info rp; 4908 struct hci_conn *conn; 4909 unsigned long conn_info_age; 4910 int err = 0; 4911 4912 BT_DBG("%s", hdev->name); 4913 4914 memset(&rp, 0, sizeof(rp)); 4915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4916 rp.addr.type = cp->addr.type; 4917 4918 if (!bdaddr_type_is_valid(cp->addr.type)) 4919 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4920 MGMT_STATUS_INVALID_PARAMS, 4921 &rp, sizeof(rp)); 4922 4923 hci_dev_lock(hdev); 4924 4925 if (!hdev_is_powered(hdev)) { 4926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4927 MGMT_STATUS_NOT_POWERED, &rp, 4928 sizeof(rp)); 4929 goto unlock; 4930 } 4931 4932 if (cp->addr.type == BDADDR_BREDR) 4933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4934 &cp->addr.bdaddr); 4935 else 4936 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4937 4938 if (!conn || conn->state != BT_CONNECTED) { 4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4940 MGMT_STATUS_NOT_CONNECTED, &rp, 4941 sizeof(rp)); 4942 goto unlock; 4943 } 4944 4945 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 4946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4947 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 4948 goto unlock; 4949 } 4950 4951 /* To avoid client trying to guess when to poll again for information we 4952 * calculate conn info age as random value between min/max set in hdev. 4953 */ 4954 conn_info_age = hdev->conn_info_min_age + 4955 prandom_u32_max(hdev->conn_info_max_age - 4956 hdev->conn_info_min_age); 4957 4958 /* Query controller to refresh cached values if they are too old or were 4959 * never read. 4960 */ 4961 if (time_after(jiffies, conn->conn_info_timestamp + 4962 msecs_to_jiffies(conn_info_age)) || 4963 !conn->conn_info_timestamp) { 4964 struct hci_request req; 4965 struct hci_cp_read_tx_power req_txp_cp; 4966 struct hci_cp_read_rssi req_rssi_cp; 4967 struct mgmt_pending_cmd *cmd; 4968 4969 hci_req_init(&req, hdev); 4970 req_rssi_cp.handle = cpu_to_le16(conn->handle); 4971 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4972 &req_rssi_cp); 4973 4974 /* For LE links TX power does not change thus we don't need to 4975 * query for it once value is known. 4976 */ 4977 if (!bdaddr_type_is_le(cp->addr.type) || 4978 conn->tx_power == HCI_TX_POWER_INVALID) { 4979 req_txp_cp.handle = cpu_to_le16(conn->handle); 4980 req_txp_cp.type = 0x00; 4981 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4982 sizeof(req_txp_cp), &req_txp_cp); 4983 } 4984 4985 /* Max TX power needs to be read only once per connection */ 4986 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4987 req_txp_cp.handle = cpu_to_le16(conn->handle); 4988 req_txp_cp.type = 0x01; 4989 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4990 sizeof(req_txp_cp), &req_txp_cp); 4991 } 4992 4993 err = hci_req_run(&req, conn_info_refresh_complete); 4994 if (err < 0) 4995 goto unlock; 4996 4997 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4998 data, len); 4999 if (!cmd) { 5000 err = -ENOMEM; 5001 goto unlock; 5002 } 5003 5004 hci_conn_hold(conn); 5005 cmd->user_data = hci_conn_get(conn); 5006 cmd->cmd_complete = conn_info_cmd_complete; 5007 5008 conn->conn_info_timestamp = jiffies; 5009 } else { 5010 /* Cache is valid, just reply with values cached in hci_conn */ 5011 rp.rssi = conn->rssi; 5012 rp.tx_power = conn->tx_power; 5013 rp.max_tx_power = conn->max_tx_power; 5014 5015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5016 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 5017 } 5018 5019 unlock: 5020 hci_dev_unlock(hdev); 5021 return err; 5022 } 5023 5024 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5025 { 5026 struct hci_conn *conn = cmd->user_data; 5027 struct mgmt_rp_get_clock_info rp; 5028 struct hci_dev *hdev; 5029 int err; 5030 5031 memset(&rp, 0, sizeof(rp)); 5032 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5033 5034 if (status) 5035 goto complete; 5036 5037 hdev = hci_dev_get(cmd->index); 5038 if (hdev) { 5039 rp.local_clock = cpu_to_le32(hdev->clock); 5040 hci_dev_put(hdev); 5041 } 5042 5043 if (conn) { 5044 rp.piconet_clock = cpu_to_le32(conn->clock); 5045 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 5046 } 5047 5048 complete: 5049 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 5050 sizeof(rp)); 5051 5052 if (conn) { 5053 hci_conn_drop(conn); 5054 hci_conn_put(conn); 5055 } 5056 5057 return err; 5058 } 5059 5060 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5061 { 5062 struct hci_cp_read_clock *hci_cp; 5063 struct mgmt_pending_cmd *cmd; 5064 struct hci_conn *conn; 5065 5066 BT_DBG("%s status %u", hdev->name, status); 5067 5068 hci_dev_lock(hdev); 5069 5070 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 5071 if (!hci_cp) 5072 goto unlock; 5073 5074 if (hci_cp->which) { 5075 u16 handle = __le16_to_cpu(hci_cp->handle); 5076 conn = hci_conn_hash_lookup_handle(hdev, handle); 5077 } else { 5078 conn = NULL; 5079 } 5080 5081 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 5082 if (!cmd) 5083 goto unlock; 5084 5085 cmd->cmd_complete(cmd, mgmt_status(status)); 5086 mgmt_pending_remove(cmd); 5087 5088 unlock: 5089 hci_dev_unlock(hdev); 5090 } 5091 5092 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 5093 u16 len) 5094 { 5095 struct mgmt_cp_get_clock_info *cp = data; 5096 struct mgmt_rp_get_clock_info rp; 5097 struct hci_cp_read_clock hci_cp; 5098 struct mgmt_pending_cmd *cmd; 5099 struct hci_request req; 5100 struct hci_conn *conn; 5101 int err; 5102 5103 BT_DBG("%s", hdev->name); 5104 5105 memset(&rp, 0, sizeof(rp)); 5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5107 rp.addr.type = cp->addr.type; 5108 5109 if (cp->addr.type != BDADDR_BREDR) 5110 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5111 MGMT_STATUS_INVALID_PARAMS, 5112 &rp, sizeof(rp)); 5113 5114 hci_dev_lock(hdev); 5115 5116 if (!hdev_is_powered(hdev)) { 5117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5118 MGMT_STATUS_NOT_POWERED, &rp, 5119 sizeof(rp)); 5120 goto unlock; 5121 } 5122 5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5125 &cp->addr.bdaddr); 5126 if (!conn || conn->state != BT_CONNECTED) { 5127 err = mgmt_cmd_complete(sk, hdev->id, 5128 MGMT_OP_GET_CLOCK_INFO, 5129 MGMT_STATUS_NOT_CONNECTED, 5130 &rp, sizeof(rp)); 5131 goto unlock; 5132 } 5133 } else { 5134 conn = NULL; 5135 } 5136 5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 5138 if (!cmd) { 5139 err = -ENOMEM; 5140 goto unlock; 5141 } 5142 5143 cmd->cmd_complete = clock_info_cmd_complete; 5144 5145 hci_req_init(&req, hdev); 5146 5147 memset(&hci_cp, 0, sizeof(hci_cp)); 5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5149 5150 if (conn) { 5151 hci_conn_hold(conn); 5152 cmd->user_data = hci_conn_get(conn); 5153 5154 hci_cp.handle = cpu_to_le16(conn->handle); 5155 hci_cp.which = 0x01; /* Piconet clock */ 5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5157 } 5158 5159 err = hci_req_run(&req, get_clock_info_complete); 5160 if (err < 0) 5161 mgmt_pending_remove(cmd); 5162 5163 unlock: 5164 hci_dev_unlock(hdev); 5165 return err; 5166 } 5167 5168 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5169 { 5170 struct hci_conn *conn; 5171 5172 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5173 if (!conn) 5174 return false; 5175 5176 if (conn->dst_type != type) 5177 return false; 5178 5179 if (conn->state != BT_CONNECTED) 5180 return false; 5181 5182 return true; 5183 } 5184 5185 /* This function requires the caller holds hdev->lock */ 5186 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5187 u8 addr_type, u8 auto_connect) 5188 { 5189 struct hci_conn_params *params; 5190 5191 params = hci_conn_params_add(hdev, addr, addr_type); 5192 if (!params) 5193 return -EIO; 5194 5195 if (params->auto_connect == auto_connect) 5196 return 0; 5197 5198 list_del_init(¶ms->action); 5199 5200 switch (auto_connect) { 5201 case HCI_AUTO_CONN_DISABLED: 5202 case HCI_AUTO_CONN_LINK_LOSS: 5203 /* If auto connect is being disabled when we're trying to 5204 * connect to device, keep connecting. 5205 */ 5206 if (params->explicit_connect) 5207 list_add(¶ms->action, &hdev->pend_le_conns); 5208 break; 5209 case HCI_AUTO_CONN_REPORT: 5210 if (params->explicit_connect) 5211 list_add(¶ms->action, &hdev->pend_le_conns); 5212 else 5213 list_add(¶ms->action, &hdev->pend_le_reports); 5214 break; 5215 case HCI_AUTO_CONN_DIRECT: 5216 case HCI_AUTO_CONN_ALWAYS: 5217 if (!is_connected(hdev, addr, addr_type)) 5218 list_add(¶ms->action, &hdev->pend_le_conns); 5219 break; 5220 } 5221 5222 params->auto_connect = auto_connect; 5223 5224 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5225 auto_connect); 5226 5227 return 0; 5228 } 5229 5230 static void device_added(struct sock *sk, struct hci_dev *hdev, 5231 bdaddr_t *bdaddr, u8 type, u8 action) 5232 { 5233 struct mgmt_ev_device_added ev; 5234 5235 bacpy(&ev.addr.bdaddr, bdaddr); 5236 ev.addr.type = type; 5237 ev.action = action; 5238 5239 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5240 } 5241 5242 static int add_device(struct sock *sk, struct hci_dev *hdev, 5243 void *data, u16 len) 5244 { 5245 struct mgmt_cp_add_device *cp = data; 5246 u8 auto_conn, addr_type; 5247 int err; 5248 5249 BT_DBG("%s", hdev->name); 5250 5251 if (!bdaddr_type_is_valid(cp->addr.type) || 5252 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5254 MGMT_STATUS_INVALID_PARAMS, 5255 &cp->addr, sizeof(cp->addr)); 5256 5257 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5259 MGMT_STATUS_INVALID_PARAMS, 5260 &cp->addr, sizeof(cp->addr)); 5261 5262 hci_dev_lock(hdev); 5263 5264 if (cp->addr.type == BDADDR_BREDR) { 5265 /* Only incoming connections action is supported for now */ 5266 if (cp->action != 0x01) { 5267 err = mgmt_cmd_complete(sk, hdev->id, 5268 MGMT_OP_ADD_DEVICE, 5269 MGMT_STATUS_INVALID_PARAMS, 5270 &cp->addr, sizeof(cp->addr)); 5271 goto unlock; 5272 } 5273 5274 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5275 cp->addr.type); 5276 if (err) 5277 goto unlock; 5278 5279 hci_req_update_scan(hdev); 5280 5281 goto added; 5282 } 5283 5284 addr_type = le_addr_type(cp->addr.type); 5285 5286 if (cp->action == 0x02) 5287 auto_conn = HCI_AUTO_CONN_ALWAYS; 5288 else if (cp->action == 0x01) 5289 auto_conn = HCI_AUTO_CONN_DIRECT; 5290 else 5291 auto_conn = HCI_AUTO_CONN_REPORT; 5292 5293 /* Kernel internally uses conn_params with resolvable private 5294 * address, but Add Device allows only identity addresses. 5295 * Make sure it is enforced before calling 5296 * hci_conn_params_lookup. 5297 */ 5298 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5300 MGMT_STATUS_INVALID_PARAMS, 5301 &cp->addr, sizeof(cp->addr)); 5302 goto unlock; 5303 } 5304 5305 /* If the connection parameters don't exist for this device, 5306 * they will be created and configured with defaults. 5307 */ 5308 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5309 auto_conn) < 0) { 5310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5311 MGMT_STATUS_FAILED, &cp->addr, 5312 sizeof(cp->addr)); 5313 goto unlock; 5314 } 5315 5316 hci_update_background_scan(hdev); 5317 5318 added: 5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5320 5321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5322 MGMT_STATUS_SUCCESS, &cp->addr, 5323 sizeof(cp->addr)); 5324 5325 unlock: 5326 hci_dev_unlock(hdev); 5327 return err; 5328 } 5329 5330 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5331 bdaddr_t *bdaddr, u8 type) 5332 { 5333 struct mgmt_ev_device_removed ev; 5334 5335 bacpy(&ev.addr.bdaddr, bdaddr); 5336 ev.addr.type = type; 5337 5338 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5339 } 5340 5341 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5342 void *data, u16 len) 5343 { 5344 struct mgmt_cp_remove_device *cp = data; 5345 int err; 5346 5347 BT_DBG("%s", hdev->name); 5348 5349 hci_dev_lock(hdev); 5350 5351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5352 struct hci_conn_params *params; 5353 u8 addr_type; 5354 5355 if (!bdaddr_type_is_valid(cp->addr.type)) { 5356 err = mgmt_cmd_complete(sk, hdev->id, 5357 MGMT_OP_REMOVE_DEVICE, 5358 MGMT_STATUS_INVALID_PARAMS, 5359 &cp->addr, sizeof(cp->addr)); 5360 goto unlock; 5361 } 5362 5363 if (cp->addr.type == BDADDR_BREDR) { 5364 err = hci_bdaddr_list_del(&hdev->whitelist, 5365 &cp->addr.bdaddr, 5366 cp->addr.type); 5367 if (err) { 5368 err = mgmt_cmd_complete(sk, hdev->id, 5369 MGMT_OP_REMOVE_DEVICE, 5370 MGMT_STATUS_INVALID_PARAMS, 5371 &cp->addr, 5372 sizeof(cp->addr)); 5373 goto unlock; 5374 } 5375 5376 hci_req_update_scan(hdev); 5377 5378 device_removed(sk, hdev, &cp->addr.bdaddr, 5379 cp->addr.type); 5380 goto complete; 5381 } 5382 5383 addr_type = le_addr_type(cp->addr.type); 5384 5385 /* Kernel internally uses conn_params with resolvable private 5386 * address, but Remove Device allows only identity addresses. 5387 * Make sure it is enforced before calling 5388 * hci_conn_params_lookup. 5389 */ 5390 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5391 err = mgmt_cmd_complete(sk, hdev->id, 5392 MGMT_OP_REMOVE_DEVICE, 5393 MGMT_STATUS_INVALID_PARAMS, 5394 &cp->addr, sizeof(cp->addr)); 5395 goto unlock; 5396 } 5397 5398 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5399 addr_type); 5400 if (!params) { 5401 err = mgmt_cmd_complete(sk, hdev->id, 5402 MGMT_OP_REMOVE_DEVICE, 5403 MGMT_STATUS_INVALID_PARAMS, 5404 &cp->addr, sizeof(cp->addr)); 5405 goto unlock; 5406 } 5407 5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5409 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5410 err = mgmt_cmd_complete(sk, hdev->id, 5411 MGMT_OP_REMOVE_DEVICE, 5412 MGMT_STATUS_INVALID_PARAMS, 5413 &cp->addr, sizeof(cp->addr)); 5414 goto unlock; 5415 } 5416 5417 list_del(¶ms->action); 5418 list_del(¶ms->list); 5419 kfree(params); 5420 hci_update_background_scan(hdev); 5421 5422 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5423 } else { 5424 struct hci_conn_params *p, *tmp; 5425 struct bdaddr_list *b, *btmp; 5426 5427 if (cp->addr.type) { 5428 err = mgmt_cmd_complete(sk, hdev->id, 5429 MGMT_OP_REMOVE_DEVICE, 5430 MGMT_STATUS_INVALID_PARAMS, 5431 &cp->addr, sizeof(cp->addr)); 5432 goto unlock; 5433 } 5434 5435 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5436 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5437 list_del(&b->list); 5438 kfree(b); 5439 } 5440 5441 hci_req_update_scan(hdev); 5442 5443 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5444 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5445 continue; 5446 device_removed(sk, hdev, &p->addr, p->addr_type); 5447 if (p->explicit_connect) { 5448 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5449 continue; 5450 } 5451 list_del(&p->action); 5452 list_del(&p->list); 5453 kfree(p); 5454 } 5455 5456 BT_DBG("All LE connection parameters were removed"); 5457 5458 hci_update_background_scan(hdev); 5459 } 5460 5461 complete: 5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5463 MGMT_STATUS_SUCCESS, &cp->addr, 5464 sizeof(cp->addr)); 5465 unlock: 5466 hci_dev_unlock(hdev); 5467 return err; 5468 } 5469 5470 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5471 u16 len) 5472 { 5473 struct mgmt_cp_load_conn_param *cp = data; 5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5475 sizeof(struct mgmt_conn_param)); 5476 u16 param_count, expected_len; 5477 int i; 5478 5479 if (!lmp_le_capable(hdev)) 5480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5481 MGMT_STATUS_NOT_SUPPORTED); 5482 5483 param_count = __le16_to_cpu(cp->param_count); 5484 if (param_count > max_param_count) { 5485 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 5486 param_count); 5487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5488 MGMT_STATUS_INVALID_PARAMS); 5489 } 5490 5491 expected_len = sizeof(*cp) + param_count * 5492 sizeof(struct mgmt_conn_param); 5493 if (expected_len != len) { 5494 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 5495 expected_len, len); 5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5497 MGMT_STATUS_INVALID_PARAMS); 5498 } 5499 5500 BT_DBG("%s param_count %u", hdev->name, param_count); 5501 5502 hci_dev_lock(hdev); 5503 5504 hci_conn_params_clear_disabled(hdev); 5505 5506 for (i = 0; i < param_count; i++) { 5507 struct mgmt_conn_param *param = &cp->params[i]; 5508 struct hci_conn_params *hci_param; 5509 u16 min, max, latency, timeout; 5510 u8 addr_type; 5511 5512 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5513 param->addr.type); 5514 5515 if (param->addr.type == BDADDR_LE_PUBLIC) { 5516 addr_type = ADDR_LE_DEV_PUBLIC; 5517 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5518 addr_type = ADDR_LE_DEV_RANDOM; 5519 } else { 5520 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5521 continue; 5522 } 5523 5524 min = le16_to_cpu(param->min_interval); 5525 max = le16_to_cpu(param->max_interval); 5526 latency = le16_to_cpu(param->latency); 5527 timeout = le16_to_cpu(param->timeout); 5528 5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5530 min, max, latency, timeout); 5531 5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5533 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5534 continue; 5535 } 5536 5537 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5538 addr_type); 5539 if (!hci_param) { 5540 bt_dev_err(hdev, "failed to add connection parameters"); 5541 continue; 5542 } 5543 5544 hci_param->conn_min_interval = min; 5545 hci_param->conn_max_interval = max; 5546 hci_param->conn_latency = latency; 5547 hci_param->supervision_timeout = timeout; 5548 } 5549 5550 hci_dev_unlock(hdev); 5551 5552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5553 NULL, 0); 5554 } 5555 5556 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5557 void *data, u16 len) 5558 { 5559 struct mgmt_cp_set_external_config *cp = data; 5560 bool changed; 5561 int err; 5562 5563 BT_DBG("%s", hdev->name); 5564 5565 if (hdev_is_powered(hdev)) 5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5567 MGMT_STATUS_REJECTED); 5568 5569 if (cp->config != 0x00 && cp->config != 0x01) 5570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5571 MGMT_STATUS_INVALID_PARAMS); 5572 5573 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5575 MGMT_STATUS_NOT_SUPPORTED); 5576 5577 hci_dev_lock(hdev); 5578 5579 if (cp->config) 5580 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5581 else 5582 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5583 5584 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5585 if (err < 0) 5586 goto unlock; 5587 5588 if (!changed) 5589 goto unlock; 5590 5591 err = new_options(hdev, sk); 5592 5593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5594 mgmt_index_removed(hdev); 5595 5596 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5597 hci_dev_set_flag(hdev, HCI_CONFIG); 5598 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5599 5600 queue_work(hdev->req_workqueue, &hdev->power_on); 5601 } else { 5602 set_bit(HCI_RAW, &hdev->flags); 5603 mgmt_index_added(hdev); 5604 } 5605 } 5606 5607 unlock: 5608 hci_dev_unlock(hdev); 5609 return err; 5610 } 5611 5612 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5613 void *data, u16 len) 5614 { 5615 struct mgmt_cp_set_public_address *cp = data; 5616 bool changed; 5617 int err; 5618 5619 BT_DBG("%s", hdev->name); 5620 5621 if (hdev_is_powered(hdev)) 5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5623 MGMT_STATUS_REJECTED); 5624 5625 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5627 MGMT_STATUS_INVALID_PARAMS); 5628 5629 if (!hdev->set_bdaddr) 5630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5631 MGMT_STATUS_NOT_SUPPORTED); 5632 5633 hci_dev_lock(hdev); 5634 5635 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5636 bacpy(&hdev->public_addr, &cp->bdaddr); 5637 5638 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 5639 if (err < 0) 5640 goto unlock; 5641 5642 if (!changed) 5643 goto unlock; 5644 5645 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 5646 err = new_options(hdev, sk); 5647 5648 if (is_configured(hdev)) { 5649 mgmt_index_removed(hdev); 5650 5651 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 5652 5653 hci_dev_set_flag(hdev, HCI_CONFIG); 5654 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5655 5656 queue_work(hdev->req_workqueue, &hdev->power_on); 5657 } 5658 5659 unlock: 5660 hci_dev_unlock(hdev); 5661 return err; 5662 } 5663 5664 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 5665 u16 opcode, struct sk_buff *skb) 5666 { 5667 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 5668 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 5669 u8 *h192, *r192, *h256, *r256; 5670 struct mgmt_pending_cmd *cmd; 5671 u16 eir_len; 5672 int err; 5673 5674 BT_DBG("%s status %u", hdev->name, status); 5675 5676 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 5677 if (!cmd) 5678 return; 5679 5680 mgmt_cp = cmd->param; 5681 5682 if (status) { 5683 status = mgmt_status(status); 5684 eir_len = 0; 5685 5686 h192 = NULL; 5687 r192 = NULL; 5688 h256 = NULL; 5689 r256 = NULL; 5690 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 5691 struct hci_rp_read_local_oob_data *rp; 5692 5693 if (skb->len != sizeof(*rp)) { 5694 status = MGMT_STATUS_FAILED; 5695 eir_len = 0; 5696 } else { 5697 status = MGMT_STATUS_SUCCESS; 5698 rp = (void *)skb->data; 5699 5700 eir_len = 5 + 18 + 18; 5701 h192 = rp->hash; 5702 r192 = rp->rand; 5703 h256 = NULL; 5704 r256 = NULL; 5705 } 5706 } else { 5707 struct hci_rp_read_local_oob_ext_data *rp; 5708 5709 if (skb->len != sizeof(*rp)) { 5710 status = MGMT_STATUS_FAILED; 5711 eir_len = 0; 5712 } else { 5713 status = MGMT_STATUS_SUCCESS; 5714 rp = (void *)skb->data; 5715 5716 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 5717 eir_len = 5 + 18 + 18; 5718 h192 = NULL; 5719 r192 = NULL; 5720 } else { 5721 eir_len = 5 + 18 + 18 + 18 + 18; 5722 h192 = rp->hash192; 5723 r192 = rp->rand192; 5724 } 5725 5726 h256 = rp->hash256; 5727 r256 = rp->rand256; 5728 } 5729 } 5730 5731 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 5732 if (!mgmt_rp) 5733 goto done; 5734 5735 if (status) 5736 goto send_rsp; 5737 5738 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 5739 hdev->dev_class, 3); 5740 5741 if (h192 && r192) { 5742 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5743 EIR_SSP_HASH_C192, h192, 16); 5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5745 EIR_SSP_RAND_R192, r192, 16); 5746 } 5747 5748 if (h256 && r256) { 5749 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5750 EIR_SSP_HASH_C256, h256, 16); 5751 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5752 EIR_SSP_RAND_R256, r256, 16); 5753 } 5754 5755 send_rsp: 5756 mgmt_rp->type = mgmt_cp->type; 5757 mgmt_rp->eir_len = cpu_to_le16(eir_len); 5758 5759 err = mgmt_cmd_complete(cmd->sk, hdev->id, 5760 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 5761 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 5762 if (err < 0 || status) 5763 goto done; 5764 5765 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 5766 5767 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5768 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 5769 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 5770 done: 5771 kfree(mgmt_rp); 5772 mgmt_pending_remove(cmd); 5773 } 5774 5775 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 5776 struct mgmt_cp_read_local_oob_ext_data *cp) 5777 { 5778 struct mgmt_pending_cmd *cmd; 5779 struct hci_request req; 5780 int err; 5781 5782 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 5783 cp, sizeof(*cp)); 5784 if (!cmd) 5785 return -ENOMEM; 5786 5787 hci_req_init(&req, hdev); 5788 5789 if (bredr_sc_enabled(hdev)) 5790 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 5791 else 5792 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 5793 5794 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 5795 if (err < 0) { 5796 mgmt_pending_remove(cmd); 5797 return err; 5798 } 5799 5800 return 0; 5801 } 5802 5803 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 5804 void *data, u16 data_len) 5805 { 5806 struct mgmt_cp_read_local_oob_ext_data *cp = data; 5807 struct mgmt_rp_read_local_oob_ext_data *rp; 5808 size_t rp_len; 5809 u16 eir_len; 5810 u8 status, flags, role, addr[7], hash[16], rand[16]; 5811 int err; 5812 5813 BT_DBG("%s", hdev->name); 5814 5815 if (hdev_is_powered(hdev)) { 5816 switch (cp->type) { 5817 case BIT(BDADDR_BREDR): 5818 status = mgmt_bredr_support(hdev); 5819 if (status) 5820 eir_len = 0; 5821 else 5822 eir_len = 5; 5823 break; 5824 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5825 status = mgmt_le_support(hdev); 5826 if (status) 5827 eir_len = 0; 5828 else 5829 eir_len = 9 + 3 + 18 + 18 + 3; 5830 break; 5831 default: 5832 status = MGMT_STATUS_INVALID_PARAMS; 5833 eir_len = 0; 5834 break; 5835 } 5836 } else { 5837 status = MGMT_STATUS_NOT_POWERED; 5838 eir_len = 0; 5839 } 5840 5841 rp_len = sizeof(*rp) + eir_len; 5842 rp = kmalloc(rp_len, GFP_ATOMIC); 5843 if (!rp) 5844 return -ENOMEM; 5845 5846 if (status) 5847 goto complete; 5848 5849 hci_dev_lock(hdev); 5850 5851 eir_len = 0; 5852 switch (cp->type) { 5853 case BIT(BDADDR_BREDR): 5854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 5855 err = read_local_ssp_oob_req(hdev, sk, cp); 5856 hci_dev_unlock(hdev); 5857 if (!err) 5858 goto done; 5859 5860 status = MGMT_STATUS_FAILED; 5861 goto complete; 5862 } else { 5863 eir_len = eir_append_data(rp->eir, eir_len, 5864 EIR_CLASS_OF_DEV, 5865 hdev->dev_class, 3); 5866 } 5867 break; 5868 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 5870 smp_generate_oob(hdev, hash, rand) < 0) { 5871 hci_dev_unlock(hdev); 5872 status = MGMT_STATUS_FAILED; 5873 goto complete; 5874 } 5875 5876 /* This should return the active RPA, but since the RPA 5877 * is only programmed on demand, it is really hard to fill 5878 * this in at the moment. For now disallow retrieving 5879 * local out-of-band data when privacy is in use. 5880 * 5881 * Returning the identity address will not help here since 5882 * pairing happens before the identity resolving key is 5883 * known and thus the connection establishment happens 5884 * based on the RPA and not the identity address. 5885 */ 5886 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 5887 hci_dev_unlock(hdev); 5888 status = MGMT_STATUS_REJECTED; 5889 goto complete; 5890 } 5891 5892 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 5893 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 5894 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5895 bacmp(&hdev->static_addr, BDADDR_ANY))) { 5896 memcpy(addr, &hdev->static_addr, 6); 5897 addr[6] = 0x01; 5898 } else { 5899 memcpy(addr, &hdev->bdaddr, 6); 5900 addr[6] = 0x00; 5901 } 5902 5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 5904 addr, sizeof(addr)); 5905 5906 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 5907 role = 0x02; 5908 else 5909 role = 0x01; 5910 5911 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 5912 &role, sizeof(role)); 5913 5914 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 5915 eir_len = eir_append_data(rp->eir, eir_len, 5916 EIR_LE_SC_CONFIRM, 5917 hash, sizeof(hash)); 5918 5919 eir_len = eir_append_data(rp->eir, eir_len, 5920 EIR_LE_SC_RANDOM, 5921 rand, sizeof(rand)); 5922 } 5923 5924 flags = mgmt_get_adv_discov_flags(hdev); 5925 5926 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 5927 flags |= LE_AD_NO_BREDR; 5928 5929 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 5930 &flags, sizeof(flags)); 5931 break; 5932 } 5933 5934 hci_dev_unlock(hdev); 5935 5936 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 5937 5938 status = MGMT_STATUS_SUCCESS; 5939 5940 complete: 5941 rp->type = cp->type; 5942 rp->eir_len = cpu_to_le16(eir_len); 5943 5944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 5945 status, rp, sizeof(*rp) + eir_len); 5946 if (err < 0 || status) 5947 goto done; 5948 5949 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5950 rp, sizeof(*rp) + eir_len, 5951 HCI_MGMT_OOB_DATA_EVENTS, sk); 5952 5953 done: 5954 kfree(rp); 5955 5956 return err; 5957 } 5958 5959 static u32 get_supported_adv_flags(struct hci_dev *hdev) 5960 { 5961 u32 flags = 0; 5962 5963 flags |= MGMT_ADV_FLAG_CONNECTABLE; 5964 flags |= MGMT_ADV_FLAG_DISCOV; 5965 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 5966 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 5967 flags |= MGMT_ADV_FLAG_APPEARANCE; 5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 5969 5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) 5971 flags |= MGMT_ADV_FLAG_TX_POWER; 5972 5973 return flags; 5974 } 5975 5976 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 5977 void *data, u16 data_len) 5978 { 5979 struct mgmt_rp_read_adv_features *rp; 5980 size_t rp_len; 5981 int err; 5982 struct adv_info *adv_instance; 5983 u32 supported_flags; 5984 u8 *instance; 5985 5986 BT_DBG("%s", hdev->name); 5987 5988 if (!lmp_le_capable(hdev)) 5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5990 MGMT_STATUS_REJECTED); 5991 5992 hci_dev_lock(hdev); 5993 5994 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 5995 rp = kmalloc(rp_len, GFP_ATOMIC); 5996 if (!rp) { 5997 hci_dev_unlock(hdev); 5998 return -ENOMEM; 5999 } 6000 6001 supported_flags = get_supported_adv_flags(hdev); 6002 6003 rp->supported_flags = cpu_to_le32(supported_flags); 6004 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 6005 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 6006 rp->max_instances = HCI_MAX_ADV_INSTANCES; 6007 rp->num_instances = hdev->adv_instance_cnt; 6008 6009 instance = rp->instance; 6010 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 6011 *instance = adv_instance->instance; 6012 instance++; 6013 } 6014 6015 hci_dev_unlock(hdev); 6016 6017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6018 MGMT_STATUS_SUCCESS, rp, rp_len); 6019 6020 kfree(rp); 6021 6022 return err; 6023 } 6024 6025 static u8 calculate_name_len(struct hci_dev *hdev) 6026 { 6027 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 6028 6029 return append_local_name(hdev, buf, 0); 6030 } 6031 6032 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 6033 bool is_adv_data) 6034 { 6035 u8 max_len = HCI_MAX_AD_LENGTH; 6036 6037 if (is_adv_data) { 6038 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6039 MGMT_ADV_FLAG_LIMITED_DISCOV | 6040 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6041 max_len -= 3; 6042 6043 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6044 max_len -= 3; 6045 } else { 6046 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 6047 max_len -= calculate_name_len(hdev); 6048 6049 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 6050 max_len -= 4; 6051 } 6052 6053 return max_len; 6054 } 6055 6056 static bool flags_managed(u32 adv_flags) 6057 { 6058 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 6059 MGMT_ADV_FLAG_LIMITED_DISCOV | 6060 MGMT_ADV_FLAG_MANAGED_FLAGS); 6061 } 6062 6063 static bool tx_power_managed(u32 adv_flags) 6064 { 6065 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 6066 } 6067 6068 static bool name_managed(u32 adv_flags) 6069 { 6070 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 6071 } 6072 6073 static bool appearance_managed(u32 adv_flags) 6074 { 6075 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 6076 } 6077 6078 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 6079 u8 len, bool is_adv_data) 6080 { 6081 int i, cur_len; 6082 u8 max_len; 6083 6084 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 6085 6086 if (len > max_len) 6087 return false; 6088 6089 /* Make sure that the data is correctly formatted. */ 6090 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 6091 cur_len = data[i]; 6092 6093 if (data[i + 1] == EIR_FLAGS && 6094 (!is_adv_data || flags_managed(adv_flags))) 6095 return false; 6096 6097 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 6098 return false; 6099 6100 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 6101 return false; 6102 6103 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 6104 return false; 6105 6106 if (data[i + 1] == EIR_APPEARANCE && 6107 appearance_managed(adv_flags)) 6108 return false; 6109 6110 /* If the current field length would exceed the total data 6111 * length, then it's invalid. 6112 */ 6113 if (i + cur_len >= len) 6114 return false; 6115 } 6116 6117 return true; 6118 } 6119 6120 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 6121 u16 opcode) 6122 { 6123 struct mgmt_pending_cmd *cmd; 6124 struct mgmt_cp_add_advertising *cp; 6125 struct mgmt_rp_add_advertising rp; 6126 struct adv_info *adv_instance, *n; 6127 u8 instance; 6128 6129 BT_DBG("status %d", status); 6130 6131 hci_dev_lock(hdev); 6132 6133 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 6134 6135 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 6136 if (!adv_instance->pending) 6137 continue; 6138 6139 if (!status) { 6140 adv_instance->pending = false; 6141 continue; 6142 } 6143 6144 instance = adv_instance->instance; 6145 6146 if (hdev->cur_adv_instance == instance) 6147 cancel_adv_timeout(hdev); 6148 6149 hci_remove_adv_instance(hdev, instance); 6150 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 6151 } 6152 6153 if (!cmd) 6154 goto unlock; 6155 6156 cp = cmd->param; 6157 rp.instance = cp->instance; 6158 6159 if (status) 6160 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 6161 mgmt_status(status)); 6162 else 6163 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 6164 mgmt_status(status), &rp, sizeof(rp)); 6165 6166 mgmt_pending_remove(cmd); 6167 6168 unlock: 6169 hci_dev_unlock(hdev); 6170 } 6171 6172 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 6173 void *data, u16 data_len) 6174 { 6175 struct mgmt_cp_add_advertising *cp = data; 6176 struct mgmt_rp_add_advertising rp; 6177 u32 flags; 6178 u32 supported_flags; 6179 u8 status; 6180 u16 timeout, duration; 6181 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6182 u8 schedule_instance = 0; 6183 struct adv_info *next_instance; 6184 int err; 6185 struct mgmt_pending_cmd *cmd; 6186 struct hci_request req; 6187 6188 BT_DBG("%s", hdev->name); 6189 6190 status = mgmt_le_support(hdev); 6191 if (status) 6192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6193 status); 6194 6195 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6197 MGMT_STATUS_INVALID_PARAMS); 6198 6199 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6201 MGMT_STATUS_INVALID_PARAMS); 6202 6203 flags = __le32_to_cpu(cp->flags); 6204 timeout = __le16_to_cpu(cp->timeout); 6205 duration = __le16_to_cpu(cp->duration); 6206 6207 /* The current implementation only supports a subset of the specified 6208 * flags. 6209 */ 6210 supported_flags = get_supported_adv_flags(hdev); 6211 if (flags & ~supported_flags) 6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6213 MGMT_STATUS_INVALID_PARAMS); 6214 6215 hci_dev_lock(hdev); 6216 6217 if (timeout && !hdev_is_powered(hdev)) { 6218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6219 MGMT_STATUS_REJECTED); 6220 goto unlock; 6221 } 6222 6223 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6224 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6225 pending_find(MGMT_OP_SET_LE, hdev)) { 6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6227 MGMT_STATUS_BUSY); 6228 goto unlock; 6229 } 6230 6231 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6232 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6233 cp->scan_rsp_len, false)) { 6234 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6235 MGMT_STATUS_INVALID_PARAMS); 6236 goto unlock; 6237 } 6238 6239 err = hci_add_adv_instance(hdev, cp->instance, flags, 6240 cp->adv_data_len, cp->data, 6241 cp->scan_rsp_len, 6242 cp->data + cp->adv_data_len, 6243 timeout, duration); 6244 if (err < 0) { 6245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6246 MGMT_STATUS_FAILED); 6247 goto unlock; 6248 } 6249 6250 /* Only trigger an advertising added event if a new instance was 6251 * actually added. 6252 */ 6253 if (hdev->adv_instance_cnt > prev_instance_cnt) 6254 mgmt_advertising_added(sk, hdev, cp->instance); 6255 6256 if (hdev->cur_adv_instance == cp->instance) { 6257 /* If the currently advertised instance is being changed then 6258 * cancel the current advertising and schedule the next 6259 * instance. If there is only one instance then the overridden 6260 * advertising data will be visible right away. 6261 */ 6262 cancel_adv_timeout(hdev); 6263 6264 next_instance = hci_get_next_instance(hdev, cp->instance); 6265 if (next_instance) 6266 schedule_instance = next_instance->instance; 6267 } else if (!hdev->adv_instance_timeout) { 6268 /* Immediately advertise the new instance if no other 6269 * instance is currently being advertised. 6270 */ 6271 schedule_instance = cp->instance; 6272 } 6273 6274 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6275 * there is no instance to be advertised then we have no HCI 6276 * communication to make. Simply return. 6277 */ 6278 if (!hdev_is_powered(hdev) || 6279 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6280 !schedule_instance) { 6281 rp.instance = cp->instance; 6282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6283 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6284 goto unlock; 6285 } 6286 6287 /* We're good to go, update advertising data, parameters, and start 6288 * advertising. 6289 */ 6290 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6291 data_len); 6292 if (!cmd) { 6293 err = -ENOMEM; 6294 goto unlock; 6295 } 6296 6297 hci_req_init(&req, hdev); 6298 6299 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6300 6301 if (!err) 6302 err = hci_req_run(&req, add_advertising_complete); 6303 6304 if (err < 0) 6305 mgmt_pending_remove(cmd); 6306 6307 unlock: 6308 hci_dev_unlock(hdev); 6309 6310 return err; 6311 } 6312 6313 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6314 u16 opcode) 6315 { 6316 struct mgmt_pending_cmd *cmd; 6317 struct mgmt_cp_remove_advertising *cp; 6318 struct mgmt_rp_remove_advertising rp; 6319 6320 BT_DBG("status %d", status); 6321 6322 hci_dev_lock(hdev); 6323 6324 /* A failure status here only means that we failed to disable 6325 * advertising. Otherwise, the advertising instance has been removed, 6326 * so report success. 6327 */ 6328 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6329 if (!cmd) 6330 goto unlock; 6331 6332 cp = cmd->param; 6333 rp.instance = cp->instance; 6334 6335 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6336 &rp, sizeof(rp)); 6337 mgmt_pending_remove(cmd); 6338 6339 unlock: 6340 hci_dev_unlock(hdev); 6341 } 6342 6343 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6344 void *data, u16 data_len) 6345 { 6346 struct mgmt_cp_remove_advertising *cp = data; 6347 struct mgmt_rp_remove_advertising rp; 6348 struct mgmt_pending_cmd *cmd; 6349 struct hci_request req; 6350 int err; 6351 6352 BT_DBG("%s", hdev->name); 6353 6354 hci_dev_lock(hdev); 6355 6356 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6357 err = mgmt_cmd_status(sk, hdev->id, 6358 MGMT_OP_REMOVE_ADVERTISING, 6359 MGMT_STATUS_INVALID_PARAMS); 6360 goto unlock; 6361 } 6362 6363 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6364 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6365 pending_find(MGMT_OP_SET_LE, hdev)) { 6366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6367 MGMT_STATUS_BUSY); 6368 goto unlock; 6369 } 6370 6371 if (list_empty(&hdev->adv_instances)) { 6372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6373 MGMT_STATUS_INVALID_PARAMS); 6374 goto unlock; 6375 } 6376 6377 hci_req_init(&req, hdev); 6378 6379 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 6380 6381 if (list_empty(&hdev->adv_instances)) 6382 __hci_req_disable_advertising(&req); 6383 6384 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6385 * flag is set or the device isn't powered then we have no HCI 6386 * communication to make. Simply return. 6387 */ 6388 if (skb_queue_empty(&req.cmd_q) || 6389 !hdev_is_powered(hdev) || 6390 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6391 hci_req_purge(&req); 6392 rp.instance = cp->instance; 6393 err = mgmt_cmd_complete(sk, hdev->id, 6394 MGMT_OP_REMOVE_ADVERTISING, 6395 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6396 goto unlock; 6397 } 6398 6399 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6400 data_len); 6401 if (!cmd) { 6402 err = -ENOMEM; 6403 goto unlock; 6404 } 6405 6406 err = hci_req_run(&req, remove_advertising_complete); 6407 if (err < 0) 6408 mgmt_pending_remove(cmd); 6409 6410 unlock: 6411 hci_dev_unlock(hdev); 6412 6413 return err; 6414 } 6415 6416 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6417 void *data, u16 data_len) 6418 { 6419 struct mgmt_cp_get_adv_size_info *cp = data; 6420 struct mgmt_rp_get_adv_size_info rp; 6421 u32 flags, supported_flags; 6422 int err; 6423 6424 BT_DBG("%s", hdev->name); 6425 6426 if (!lmp_le_capable(hdev)) 6427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6428 MGMT_STATUS_REJECTED); 6429 6430 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6432 MGMT_STATUS_INVALID_PARAMS); 6433 6434 flags = __le32_to_cpu(cp->flags); 6435 6436 /* The current implementation only supports a subset of the specified 6437 * flags. 6438 */ 6439 supported_flags = get_supported_adv_flags(hdev); 6440 if (flags & ~supported_flags) 6441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6442 MGMT_STATUS_INVALID_PARAMS); 6443 6444 rp.instance = cp->instance; 6445 rp.flags = cp->flags; 6446 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 6447 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 6448 6449 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6450 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6451 6452 return err; 6453 } 6454 6455 static const struct hci_mgmt_handler mgmt_handlers[] = { 6456 { NULL }, /* 0x0000 (no command) */ 6457 { read_version, MGMT_READ_VERSION_SIZE, 6458 HCI_MGMT_NO_HDEV | 6459 HCI_MGMT_UNTRUSTED }, 6460 { read_commands, MGMT_READ_COMMANDS_SIZE, 6461 HCI_MGMT_NO_HDEV | 6462 HCI_MGMT_UNTRUSTED }, 6463 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6464 HCI_MGMT_NO_HDEV | 6465 HCI_MGMT_UNTRUSTED }, 6466 { read_controller_info, MGMT_READ_INFO_SIZE, 6467 HCI_MGMT_UNTRUSTED }, 6468 { set_powered, MGMT_SETTING_SIZE }, 6469 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6470 { set_connectable, MGMT_SETTING_SIZE }, 6471 { set_fast_connectable, MGMT_SETTING_SIZE }, 6472 { set_bondable, MGMT_SETTING_SIZE }, 6473 { set_link_security, MGMT_SETTING_SIZE }, 6474 { set_ssp, MGMT_SETTING_SIZE }, 6475 { set_hs, MGMT_SETTING_SIZE }, 6476 { set_le, MGMT_SETTING_SIZE }, 6477 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6478 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6479 { add_uuid, MGMT_ADD_UUID_SIZE }, 6480 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6481 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6482 HCI_MGMT_VAR_LEN }, 6483 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6484 HCI_MGMT_VAR_LEN }, 6485 { disconnect, MGMT_DISCONNECT_SIZE }, 6486 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6487 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6488 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6489 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6490 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6491 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6492 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6493 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6494 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6495 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6496 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6497 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6498 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6499 HCI_MGMT_VAR_LEN }, 6500 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6501 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6502 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6503 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6504 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6505 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6506 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6507 { set_advertising, MGMT_SETTING_SIZE }, 6508 { set_bredr, MGMT_SETTING_SIZE }, 6509 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6510 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6511 { set_secure_conn, MGMT_SETTING_SIZE }, 6512 { set_debug_keys, MGMT_SETTING_SIZE }, 6513 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6514 { load_irks, MGMT_LOAD_IRKS_SIZE, 6515 HCI_MGMT_VAR_LEN }, 6516 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6517 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6518 { add_device, MGMT_ADD_DEVICE_SIZE }, 6519 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6520 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6521 HCI_MGMT_VAR_LEN }, 6522 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6523 HCI_MGMT_NO_HDEV | 6524 HCI_MGMT_UNTRUSTED }, 6525 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6526 HCI_MGMT_UNCONFIGURED | 6527 HCI_MGMT_UNTRUSTED }, 6528 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6529 HCI_MGMT_UNCONFIGURED }, 6530 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6531 HCI_MGMT_UNCONFIGURED }, 6532 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6533 HCI_MGMT_VAR_LEN }, 6534 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6535 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6536 HCI_MGMT_NO_HDEV | 6537 HCI_MGMT_UNTRUSTED }, 6538 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6539 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6540 HCI_MGMT_VAR_LEN }, 6541 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6542 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6543 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6544 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6545 HCI_MGMT_UNTRUSTED }, 6546 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6547 }; 6548 6549 void mgmt_index_added(struct hci_dev *hdev) 6550 { 6551 struct mgmt_ev_ext_index ev; 6552 6553 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6554 return; 6555 6556 switch (hdev->dev_type) { 6557 case HCI_PRIMARY: 6558 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6559 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6560 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6561 ev.type = 0x01; 6562 } else { 6563 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6564 HCI_MGMT_INDEX_EVENTS); 6565 ev.type = 0x00; 6566 } 6567 break; 6568 case HCI_AMP: 6569 ev.type = 0x02; 6570 break; 6571 default: 6572 return; 6573 } 6574 6575 ev.bus = hdev->bus; 6576 6577 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6578 HCI_MGMT_EXT_INDEX_EVENTS); 6579 } 6580 6581 void mgmt_index_removed(struct hci_dev *hdev) 6582 { 6583 struct mgmt_ev_ext_index ev; 6584 u8 status = MGMT_STATUS_INVALID_INDEX; 6585 6586 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6587 return; 6588 6589 switch (hdev->dev_type) { 6590 case HCI_PRIMARY: 6591 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6592 6593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6594 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6595 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6596 ev.type = 0x01; 6597 } else { 6598 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6599 HCI_MGMT_INDEX_EVENTS); 6600 ev.type = 0x00; 6601 } 6602 break; 6603 case HCI_AMP: 6604 ev.type = 0x02; 6605 break; 6606 default: 6607 return; 6608 } 6609 6610 ev.bus = hdev->bus; 6611 6612 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6613 HCI_MGMT_EXT_INDEX_EVENTS); 6614 } 6615 6616 /* This function requires the caller holds hdev->lock */ 6617 static void restart_le_actions(struct hci_dev *hdev) 6618 { 6619 struct hci_conn_params *p; 6620 6621 list_for_each_entry(p, &hdev->le_conn_params, list) { 6622 /* Needed for AUTO_OFF case where might not "really" 6623 * have been powered off. 6624 */ 6625 list_del_init(&p->action); 6626 6627 switch (p->auto_connect) { 6628 case HCI_AUTO_CONN_DIRECT: 6629 case HCI_AUTO_CONN_ALWAYS: 6630 list_add(&p->action, &hdev->pend_le_conns); 6631 break; 6632 case HCI_AUTO_CONN_REPORT: 6633 list_add(&p->action, &hdev->pend_le_reports); 6634 break; 6635 default: 6636 break; 6637 } 6638 } 6639 } 6640 6641 void mgmt_power_on(struct hci_dev *hdev, int err) 6642 { 6643 struct cmd_lookup match = { NULL, hdev }; 6644 6645 BT_DBG("err %d", err); 6646 6647 hci_dev_lock(hdev); 6648 6649 if (!err) { 6650 restart_le_actions(hdev); 6651 hci_update_background_scan(hdev); 6652 } 6653 6654 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6655 6656 new_settings(hdev, match.sk); 6657 6658 if (match.sk) 6659 sock_put(match.sk); 6660 6661 hci_dev_unlock(hdev); 6662 } 6663 6664 void __mgmt_power_off(struct hci_dev *hdev) 6665 { 6666 struct cmd_lookup match = { NULL, hdev }; 6667 u8 status, zero_cod[] = { 0, 0, 0 }; 6668 6669 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6670 6671 /* If the power off is because of hdev unregistration let 6672 * use the appropriate INVALID_INDEX status. Otherwise use 6673 * NOT_POWERED. We cover both scenarios here since later in 6674 * mgmt_index_removed() any hci_conn callbacks will have already 6675 * been triggered, potentially causing misleading DISCONNECTED 6676 * status responses. 6677 */ 6678 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 6679 status = MGMT_STATUS_INVALID_INDEX; 6680 else 6681 status = MGMT_STATUS_NOT_POWERED; 6682 6683 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6684 6685 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 6686 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6687 zero_cod, sizeof(zero_cod), 6688 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 6689 ext_info_changed(hdev, NULL); 6690 } 6691 6692 new_settings(hdev, match.sk); 6693 6694 if (match.sk) 6695 sock_put(match.sk); 6696 } 6697 6698 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 6699 { 6700 struct mgmt_pending_cmd *cmd; 6701 u8 status; 6702 6703 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6704 if (!cmd) 6705 return; 6706 6707 if (err == -ERFKILL) 6708 status = MGMT_STATUS_RFKILLED; 6709 else 6710 status = MGMT_STATUS_FAILED; 6711 6712 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 6713 6714 mgmt_pending_remove(cmd); 6715 } 6716 6717 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 6718 bool persistent) 6719 { 6720 struct mgmt_ev_new_link_key ev; 6721 6722 memset(&ev, 0, sizeof(ev)); 6723 6724 ev.store_hint = persistent; 6725 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6726 ev.key.addr.type = BDADDR_BREDR; 6727 ev.key.type = key->type; 6728 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 6729 ev.key.pin_len = key->pin_len; 6730 6731 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 6732 } 6733 6734 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 6735 { 6736 switch (ltk->type) { 6737 case SMP_LTK: 6738 case SMP_LTK_SLAVE: 6739 if (ltk->authenticated) 6740 return MGMT_LTK_AUTHENTICATED; 6741 return MGMT_LTK_UNAUTHENTICATED; 6742 case SMP_LTK_P256: 6743 if (ltk->authenticated) 6744 return MGMT_LTK_P256_AUTH; 6745 return MGMT_LTK_P256_UNAUTH; 6746 case SMP_LTK_P256_DEBUG: 6747 return MGMT_LTK_P256_DEBUG; 6748 } 6749 6750 return MGMT_LTK_UNAUTHENTICATED; 6751 } 6752 6753 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 6754 { 6755 struct mgmt_ev_new_long_term_key ev; 6756 6757 memset(&ev, 0, sizeof(ev)); 6758 6759 /* Devices using resolvable or non-resolvable random addresses 6760 * without providing an identity resolving key don't require 6761 * to store long term keys. Their addresses will change the 6762 * next time around. 6763 * 6764 * Only when a remote device provides an identity address 6765 * make sure the long term key is stored. If the remote 6766 * identity is known, the long term keys are internally 6767 * mapped to the identity address. So allow static random 6768 * and public addresses here. 6769 */ 6770 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 6771 (key->bdaddr.b[5] & 0xc0) != 0xc0) 6772 ev.store_hint = 0x00; 6773 else 6774 ev.store_hint = persistent; 6775 6776 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6777 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 6778 ev.key.type = mgmt_ltk_type(key); 6779 ev.key.enc_size = key->enc_size; 6780 ev.key.ediv = key->ediv; 6781 ev.key.rand = key->rand; 6782 6783 if (key->type == SMP_LTK) 6784 ev.key.master = 1; 6785 6786 /* Make sure we copy only the significant bytes based on the 6787 * encryption key size, and set the rest of the value to zeroes. 6788 */ 6789 memcpy(ev.key.val, key->val, key->enc_size); 6790 memset(ev.key.val + key->enc_size, 0, 6791 sizeof(ev.key.val) - key->enc_size); 6792 6793 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 6794 } 6795 6796 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 6797 { 6798 struct mgmt_ev_new_irk ev; 6799 6800 memset(&ev, 0, sizeof(ev)); 6801 6802 ev.store_hint = persistent; 6803 6804 bacpy(&ev.rpa, &irk->rpa); 6805 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 6806 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 6807 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 6808 6809 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 6810 } 6811 6812 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 6813 bool persistent) 6814 { 6815 struct mgmt_ev_new_csrk ev; 6816 6817 memset(&ev, 0, sizeof(ev)); 6818 6819 /* Devices using resolvable or non-resolvable random addresses 6820 * without providing an identity resolving key don't require 6821 * to store signature resolving keys. Their addresses will change 6822 * the next time around. 6823 * 6824 * Only when a remote device provides an identity address 6825 * make sure the signature resolving key is stored. So allow 6826 * static random and public addresses here. 6827 */ 6828 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 6829 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 6830 ev.store_hint = 0x00; 6831 else 6832 ev.store_hint = persistent; 6833 6834 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 6835 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 6836 ev.key.type = csrk->type; 6837 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 6838 6839 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 6840 } 6841 6842 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 6843 u8 bdaddr_type, u8 store_hint, u16 min_interval, 6844 u16 max_interval, u16 latency, u16 timeout) 6845 { 6846 struct mgmt_ev_new_conn_param ev; 6847 6848 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 6849 return; 6850 6851 memset(&ev, 0, sizeof(ev)); 6852 bacpy(&ev.addr.bdaddr, bdaddr); 6853 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 6854 ev.store_hint = store_hint; 6855 ev.min_interval = cpu_to_le16(min_interval); 6856 ev.max_interval = cpu_to_le16(max_interval); 6857 ev.latency = cpu_to_le16(latency); 6858 ev.timeout = cpu_to_le16(timeout); 6859 6860 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 6861 } 6862 6863 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 6864 u32 flags, u8 *name, u8 name_len) 6865 { 6866 char buf[512]; 6867 struct mgmt_ev_device_connected *ev = (void *) buf; 6868 u16 eir_len = 0; 6869 6870 bacpy(&ev->addr.bdaddr, &conn->dst); 6871 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6872 6873 ev->flags = __cpu_to_le32(flags); 6874 6875 /* We must ensure that the EIR Data fields are ordered and 6876 * unique. Keep it simple for now and avoid the problem by not 6877 * adding any BR/EDR data to the LE adv. 6878 */ 6879 if (conn->le_adv_data_len > 0) { 6880 memcpy(&ev->eir[eir_len], 6881 conn->le_adv_data, conn->le_adv_data_len); 6882 eir_len = conn->le_adv_data_len; 6883 } else { 6884 if (name_len > 0) 6885 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 6886 name, name_len); 6887 6888 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 6889 eir_len = eir_append_data(ev->eir, eir_len, 6890 EIR_CLASS_OF_DEV, 6891 conn->dev_class, 3); 6892 } 6893 6894 ev->eir_len = cpu_to_le16(eir_len); 6895 6896 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 6897 sizeof(*ev) + eir_len, NULL); 6898 } 6899 6900 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 6901 { 6902 struct sock **sk = data; 6903 6904 cmd->cmd_complete(cmd, 0); 6905 6906 *sk = cmd->sk; 6907 sock_hold(*sk); 6908 6909 mgmt_pending_remove(cmd); 6910 } 6911 6912 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 6913 { 6914 struct hci_dev *hdev = data; 6915 struct mgmt_cp_unpair_device *cp = cmd->param; 6916 6917 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 6918 6919 cmd->cmd_complete(cmd, 0); 6920 mgmt_pending_remove(cmd); 6921 } 6922 6923 bool mgmt_powering_down(struct hci_dev *hdev) 6924 { 6925 struct mgmt_pending_cmd *cmd; 6926 struct mgmt_mode *cp; 6927 6928 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6929 if (!cmd) 6930 return false; 6931 6932 cp = cmd->param; 6933 if (!cp->val) 6934 return true; 6935 6936 return false; 6937 } 6938 6939 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 6940 u8 link_type, u8 addr_type, u8 reason, 6941 bool mgmt_connected) 6942 { 6943 struct mgmt_ev_device_disconnected ev; 6944 struct sock *sk = NULL; 6945 6946 /* The connection is still in hci_conn_hash so test for 1 6947 * instead of 0 to know if this is the last one. 6948 */ 6949 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6950 cancel_delayed_work(&hdev->power_off); 6951 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6952 } 6953 6954 if (!mgmt_connected) 6955 return; 6956 6957 if (link_type != ACL_LINK && link_type != LE_LINK) 6958 return; 6959 6960 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 6961 6962 bacpy(&ev.addr.bdaddr, bdaddr); 6963 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6964 ev.reason = reason; 6965 6966 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 6967 6968 if (sk) 6969 sock_put(sk); 6970 6971 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6972 hdev); 6973 } 6974 6975 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 6976 u8 link_type, u8 addr_type, u8 status) 6977 { 6978 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 6979 struct mgmt_cp_disconnect *cp; 6980 struct mgmt_pending_cmd *cmd; 6981 6982 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6983 hdev); 6984 6985 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 6986 if (!cmd) 6987 return; 6988 6989 cp = cmd->param; 6990 6991 if (bacmp(bdaddr, &cp->addr.bdaddr)) 6992 return; 6993 6994 if (cp->addr.type != bdaddr_type) 6995 return; 6996 6997 cmd->cmd_complete(cmd, mgmt_status(status)); 6998 mgmt_pending_remove(cmd); 6999 } 7000 7001 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7002 u8 addr_type, u8 status) 7003 { 7004 struct mgmt_ev_connect_failed ev; 7005 7006 /* The connection is still in hci_conn_hash so test for 1 7007 * instead of 0 to know if this is the last one. 7008 */ 7009 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7010 cancel_delayed_work(&hdev->power_off); 7011 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7012 } 7013 7014 bacpy(&ev.addr.bdaddr, bdaddr); 7015 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7016 ev.status = mgmt_status(status); 7017 7018 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 7019 } 7020 7021 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 7022 { 7023 struct mgmt_ev_pin_code_request ev; 7024 7025 bacpy(&ev.addr.bdaddr, bdaddr); 7026 ev.addr.type = BDADDR_BREDR; 7027 ev.secure = secure; 7028 7029 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 7030 } 7031 7032 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7033 u8 status) 7034 { 7035 struct mgmt_pending_cmd *cmd; 7036 7037 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 7038 if (!cmd) 7039 return; 7040 7041 cmd->cmd_complete(cmd, mgmt_status(status)); 7042 mgmt_pending_remove(cmd); 7043 } 7044 7045 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7046 u8 status) 7047 { 7048 struct mgmt_pending_cmd *cmd; 7049 7050 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 7051 if (!cmd) 7052 return; 7053 7054 cmd->cmd_complete(cmd, mgmt_status(status)); 7055 mgmt_pending_remove(cmd); 7056 } 7057 7058 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7059 u8 link_type, u8 addr_type, u32 value, 7060 u8 confirm_hint) 7061 { 7062 struct mgmt_ev_user_confirm_request ev; 7063 7064 BT_DBG("%s", hdev->name); 7065 7066 bacpy(&ev.addr.bdaddr, bdaddr); 7067 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7068 ev.confirm_hint = confirm_hint; 7069 ev.value = cpu_to_le32(value); 7070 7071 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 7072 NULL); 7073 } 7074 7075 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7076 u8 link_type, u8 addr_type) 7077 { 7078 struct mgmt_ev_user_passkey_request ev; 7079 7080 BT_DBG("%s", hdev->name); 7081 7082 bacpy(&ev.addr.bdaddr, bdaddr); 7083 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7084 7085 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 7086 NULL); 7087 } 7088 7089 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7090 u8 link_type, u8 addr_type, u8 status, 7091 u8 opcode) 7092 { 7093 struct mgmt_pending_cmd *cmd; 7094 7095 cmd = pending_find(opcode, hdev); 7096 if (!cmd) 7097 return -ENOENT; 7098 7099 cmd->cmd_complete(cmd, mgmt_status(status)); 7100 mgmt_pending_remove(cmd); 7101 7102 return 0; 7103 } 7104 7105 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7106 u8 link_type, u8 addr_type, u8 status) 7107 { 7108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7109 status, MGMT_OP_USER_CONFIRM_REPLY); 7110 } 7111 7112 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7113 u8 link_type, u8 addr_type, u8 status) 7114 { 7115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7116 status, 7117 MGMT_OP_USER_CONFIRM_NEG_REPLY); 7118 } 7119 7120 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7121 u8 link_type, u8 addr_type, u8 status) 7122 { 7123 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7124 status, MGMT_OP_USER_PASSKEY_REPLY); 7125 } 7126 7127 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7128 u8 link_type, u8 addr_type, u8 status) 7129 { 7130 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7131 status, 7132 MGMT_OP_USER_PASSKEY_NEG_REPLY); 7133 } 7134 7135 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 7136 u8 link_type, u8 addr_type, u32 passkey, 7137 u8 entered) 7138 { 7139 struct mgmt_ev_passkey_notify ev; 7140 7141 BT_DBG("%s", hdev->name); 7142 7143 bacpy(&ev.addr.bdaddr, bdaddr); 7144 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7145 ev.passkey = __cpu_to_le32(passkey); 7146 ev.entered = entered; 7147 7148 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 7149 } 7150 7151 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 7152 { 7153 struct mgmt_ev_auth_failed ev; 7154 struct mgmt_pending_cmd *cmd; 7155 u8 status = mgmt_status(hci_status); 7156 7157 bacpy(&ev.addr.bdaddr, &conn->dst); 7158 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7159 ev.status = status; 7160 7161 cmd = find_pairing(conn); 7162 7163 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 7164 cmd ? cmd->sk : NULL); 7165 7166 if (cmd) { 7167 cmd->cmd_complete(cmd, status); 7168 mgmt_pending_remove(cmd); 7169 } 7170 } 7171 7172 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 7173 { 7174 struct cmd_lookup match = { NULL, hdev }; 7175 bool changed; 7176 7177 if (status) { 7178 u8 mgmt_err = mgmt_status(status); 7179 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 7180 cmd_status_rsp, &mgmt_err); 7181 return; 7182 } 7183 7184 if (test_bit(HCI_AUTH, &hdev->flags)) 7185 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 7186 else 7187 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 7188 7189 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 7190 &match); 7191 7192 if (changed) 7193 new_settings(hdev, match.sk); 7194 7195 if (match.sk) 7196 sock_put(match.sk); 7197 } 7198 7199 static void clear_eir(struct hci_request *req) 7200 { 7201 struct hci_dev *hdev = req->hdev; 7202 struct hci_cp_write_eir cp; 7203 7204 if (!lmp_ext_inq_capable(hdev)) 7205 return; 7206 7207 memset(hdev->eir, 0, sizeof(hdev->eir)); 7208 7209 memset(&cp, 0, sizeof(cp)); 7210 7211 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7212 } 7213 7214 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7215 { 7216 struct cmd_lookup match = { NULL, hdev }; 7217 struct hci_request req; 7218 bool changed = false; 7219 7220 if (status) { 7221 u8 mgmt_err = mgmt_status(status); 7222 7223 if (enable && hci_dev_test_and_clear_flag(hdev, 7224 HCI_SSP_ENABLED)) { 7225 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7226 new_settings(hdev, NULL); 7227 } 7228 7229 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7230 &mgmt_err); 7231 return; 7232 } 7233 7234 if (enable) { 7235 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7236 } else { 7237 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7238 if (!changed) 7239 changed = hci_dev_test_and_clear_flag(hdev, 7240 HCI_HS_ENABLED); 7241 else 7242 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7243 } 7244 7245 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7246 7247 if (changed) 7248 new_settings(hdev, match.sk); 7249 7250 if (match.sk) 7251 sock_put(match.sk); 7252 7253 hci_req_init(&req, hdev); 7254 7255 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7256 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7257 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7258 sizeof(enable), &enable); 7259 __hci_req_update_eir(&req); 7260 } else { 7261 clear_eir(&req); 7262 } 7263 7264 hci_req_run(&req, NULL); 7265 } 7266 7267 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7268 { 7269 struct cmd_lookup *match = data; 7270 7271 if (match->sk == NULL) { 7272 match->sk = cmd->sk; 7273 sock_hold(match->sk); 7274 } 7275 } 7276 7277 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7278 u8 status) 7279 { 7280 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7281 7282 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7283 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7284 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7285 7286 if (!status) { 7287 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 7288 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7289 ext_info_changed(hdev, NULL); 7290 } 7291 7292 if (match.sk) 7293 sock_put(match.sk); 7294 } 7295 7296 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7297 { 7298 struct mgmt_cp_set_local_name ev; 7299 struct mgmt_pending_cmd *cmd; 7300 7301 if (status) 7302 return; 7303 7304 memset(&ev, 0, sizeof(ev)); 7305 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7306 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7307 7308 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7309 if (!cmd) { 7310 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7311 7312 /* If this is a HCI command related to powering on the 7313 * HCI dev don't send any mgmt signals. 7314 */ 7315 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7316 return; 7317 } 7318 7319 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7320 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 7321 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 7322 } 7323 7324 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7325 { 7326 int i; 7327 7328 for (i = 0; i < uuid_count; i++) { 7329 if (!memcmp(uuid, uuids[i], 16)) 7330 return true; 7331 } 7332 7333 return false; 7334 } 7335 7336 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7337 { 7338 u16 parsed = 0; 7339 7340 while (parsed < eir_len) { 7341 u8 field_len = eir[0]; 7342 u8 uuid[16]; 7343 int i; 7344 7345 if (field_len == 0) 7346 break; 7347 7348 if (eir_len - parsed < field_len + 1) 7349 break; 7350 7351 switch (eir[1]) { 7352 case EIR_UUID16_ALL: 7353 case EIR_UUID16_SOME: 7354 for (i = 0; i + 3 <= field_len; i += 2) { 7355 memcpy(uuid, bluetooth_base_uuid, 16); 7356 uuid[13] = eir[i + 3]; 7357 uuid[12] = eir[i + 2]; 7358 if (has_uuid(uuid, uuid_count, uuids)) 7359 return true; 7360 } 7361 break; 7362 case EIR_UUID32_ALL: 7363 case EIR_UUID32_SOME: 7364 for (i = 0; i + 5 <= field_len; i += 4) { 7365 memcpy(uuid, bluetooth_base_uuid, 16); 7366 uuid[15] = eir[i + 5]; 7367 uuid[14] = eir[i + 4]; 7368 uuid[13] = eir[i + 3]; 7369 uuid[12] = eir[i + 2]; 7370 if (has_uuid(uuid, uuid_count, uuids)) 7371 return true; 7372 } 7373 break; 7374 case EIR_UUID128_ALL: 7375 case EIR_UUID128_SOME: 7376 for (i = 0; i + 17 <= field_len; i += 16) { 7377 memcpy(uuid, eir + i + 2, 16); 7378 if (has_uuid(uuid, uuid_count, uuids)) 7379 return true; 7380 } 7381 break; 7382 } 7383 7384 parsed += field_len + 1; 7385 eir += field_len + 1; 7386 } 7387 7388 return false; 7389 } 7390 7391 static void restart_le_scan(struct hci_dev *hdev) 7392 { 7393 /* If controller is not scanning we are done. */ 7394 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7395 return; 7396 7397 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7398 hdev->discovery.scan_start + 7399 hdev->discovery.scan_duration)) 7400 return; 7401 7402 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7403 DISCOV_LE_RESTART_DELAY); 7404 } 7405 7406 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7407 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7408 { 7409 /* If a RSSI threshold has been specified, and 7410 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7411 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7412 * is set, let it through for further processing, as we might need to 7413 * restart the scan. 7414 * 7415 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7416 * the results are also dropped. 7417 */ 7418 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7419 (rssi == HCI_RSSI_INVALID || 7420 (rssi < hdev->discovery.rssi && 7421 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7422 return false; 7423 7424 if (hdev->discovery.uuid_count != 0) { 7425 /* If a list of UUIDs is provided in filter, results with no 7426 * matching UUID should be dropped. 7427 */ 7428 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7429 hdev->discovery.uuids) && 7430 !eir_has_uuids(scan_rsp, scan_rsp_len, 7431 hdev->discovery.uuid_count, 7432 hdev->discovery.uuids)) 7433 return false; 7434 } 7435 7436 /* If duplicate filtering does not report RSSI changes, then restart 7437 * scanning to ensure updated result with updated RSSI values. 7438 */ 7439 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7440 restart_le_scan(hdev); 7441 7442 /* Validate RSSI value against the RSSI threshold once more. */ 7443 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7444 rssi < hdev->discovery.rssi) 7445 return false; 7446 } 7447 7448 return true; 7449 } 7450 7451 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7452 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7453 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7454 { 7455 char buf[512]; 7456 struct mgmt_ev_device_found *ev = (void *)buf; 7457 size_t ev_size; 7458 7459 /* Don't send events for a non-kernel initiated discovery. With 7460 * LE one exception is if we have pend_le_reports > 0 in which 7461 * case we're doing passive scanning and want these events. 7462 */ 7463 if (!hci_discovery_active(hdev)) { 7464 if (link_type == ACL_LINK) 7465 return; 7466 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7467 return; 7468 } 7469 7470 if (hdev->discovery.result_filtering) { 7471 /* We are using service discovery */ 7472 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7473 scan_rsp_len)) 7474 return; 7475 } 7476 7477 if (hdev->discovery.limited) { 7478 /* Check for limited discoverable bit */ 7479 if (dev_class) { 7480 if (!(dev_class[1] & 0x20)) 7481 return; 7482 } else { 7483 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7484 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7485 return; 7486 } 7487 } 7488 7489 /* Make sure that the buffer is big enough. The 5 extra bytes 7490 * are for the potential CoD field. 7491 */ 7492 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7493 return; 7494 7495 memset(buf, 0, sizeof(buf)); 7496 7497 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7498 * RSSI value was reported as 0 when not available. This behavior 7499 * is kept when using device discovery. This is required for full 7500 * backwards compatibility with the API. 7501 * 7502 * However when using service discovery, the value 127 will be 7503 * returned when the RSSI is not available. 7504 */ 7505 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7506 link_type == ACL_LINK) 7507 rssi = 0; 7508 7509 bacpy(&ev->addr.bdaddr, bdaddr); 7510 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7511 ev->rssi = rssi; 7512 ev->flags = cpu_to_le32(flags); 7513 7514 if (eir_len > 0) 7515 /* Copy EIR or advertising data into event */ 7516 memcpy(ev->eir, eir, eir_len); 7517 7518 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7519 NULL)) 7520 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7521 dev_class, 3); 7522 7523 if (scan_rsp_len > 0) 7524 /* Append scan response data to event */ 7525 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7526 7527 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7528 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7529 7530 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7531 } 7532 7533 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7534 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7535 { 7536 struct mgmt_ev_device_found *ev; 7537 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7538 u16 eir_len; 7539 7540 ev = (struct mgmt_ev_device_found *) buf; 7541 7542 memset(buf, 0, sizeof(buf)); 7543 7544 bacpy(&ev->addr.bdaddr, bdaddr); 7545 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7546 ev->rssi = rssi; 7547 7548 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7549 name_len); 7550 7551 ev->eir_len = cpu_to_le16(eir_len); 7552 7553 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7554 } 7555 7556 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7557 { 7558 struct mgmt_ev_discovering ev; 7559 7560 BT_DBG("%s discovering %u", hdev->name, discovering); 7561 7562 memset(&ev, 0, sizeof(ev)); 7563 ev.type = hdev->discovery.type; 7564 ev.discovering = discovering; 7565 7566 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7567 } 7568 7569 static struct hci_mgmt_chan chan = { 7570 .channel = HCI_CHANNEL_CONTROL, 7571 .handler_count = ARRAY_SIZE(mgmt_handlers), 7572 .handlers = mgmt_handlers, 7573 .hdev_init = mgmt_init_hdev, 7574 }; 7575 7576 int mgmt_init(void) 7577 { 7578 return hci_mgmt_chan_register(&chan); 7579 } 7580 7581 void mgmt_exit(void) 7582 { 7583 hci_mgmt_chan_unregister(&chan); 7584 } 7585