1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 #include "mgmt_config.h" 40 #include "msft.h" 41 42 #define MGMT_VERSION 1 43 #define MGMT_REVISION 19 44 45 static const u16 mgmt_commands[] = { 46 MGMT_OP_READ_INDEX_LIST, 47 MGMT_OP_READ_INFO, 48 MGMT_OP_SET_POWERED, 49 MGMT_OP_SET_DISCOVERABLE, 50 MGMT_OP_SET_CONNECTABLE, 51 MGMT_OP_SET_FAST_CONNECTABLE, 52 MGMT_OP_SET_BONDABLE, 53 MGMT_OP_SET_LINK_SECURITY, 54 MGMT_OP_SET_SSP, 55 MGMT_OP_SET_HS, 56 MGMT_OP_SET_LE, 57 MGMT_OP_SET_DEV_CLASS, 58 MGMT_OP_SET_LOCAL_NAME, 59 MGMT_OP_ADD_UUID, 60 MGMT_OP_REMOVE_UUID, 61 MGMT_OP_LOAD_LINK_KEYS, 62 MGMT_OP_LOAD_LONG_TERM_KEYS, 63 MGMT_OP_DISCONNECT, 64 MGMT_OP_GET_CONNECTIONS, 65 MGMT_OP_PIN_CODE_REPLY, 66 MGMT_OP_PIN_CODE_NEG_REPLY, 67 MGMT_OP_SET_IO_CAPABILITY, 68 MGMT_OP_PAIR_DEVICE, 69 MGMT_OP_CANCEL_PAIR_DEVICE, 70 MGMT_OP_UNPAIR_DEVICE, 71 MGMT_OP_USER_CONFIRM_REPLY, 72 MGMT_OP_USER_CONFIRM_NEG_REPLY, 73 MGMT_OP_USER_PASSKEY_REPLY, 74 MGMT_OP_USER_PASSKEY_NEG_REPLY, 75 MGMT_OP_READ_LOCAL_OOB_DATA, 76 MGMT_OP_ADD_REMOTE_OOB_DATA, 77 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 78 MGMT_OP_START_DISCOVERY, 79 MGMT_OP_STOP_DISCOVERY, 80 MGMT_OP_CONFIRM_NAME, 81 MGMT_OP_BLOCK_DEVICE, 82 MGMT_OP_UNBLOCK_DEVICE, 83 MGMT_OP_SET_DEVICE_ID, 84 MGMT_OP_SET_ADVERTISING, 85 MGMT_OP_SET_BREDR, 86 MGMT_OP_SET_STATIC_ADDRESS, 87 MGMT_OP_SET_SCAN_PARAMS, 88 MGMT_OP_SET_SECURE_CONN, 89 MGMT_OP_SET_DEBUG_KEYS, 90 MGMT_OP_SET_PRIVACY, 91 MGMT_OP_LOAD_IRKS, 92 MGMT_OP_GET_CONN_INFO, 93 MGMT_OP_GET_CLOCK_INFO, 94 MGMT_OP_ADD_DEVICE, 95 MGMT_OP_REMOVE_DEVICE, 96 MGMT_OP_LOAD_CONN_PARAM, 97 MGMT_OP_READ_UNCONF_INDEX_LIST, 98 MGMT_OP_READ_CONFIG_INFO, 99 MGMT_OP_SET_EXTERNAL_CONFIG, 100 MGMT_OP_SET_PUBLIC_ADDRESS, 101 MGMT_OP_START_SERVICE_DISCOVERY, 102 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 103 MGMT_OP_READ_EXT_INDEX_LIST, 104 MGMT_OP_READ_ADV_FEATURES, 105 MGMT_OP_ADD_ADVERTISING, 106 MGMT_OP_REMOVE_ADVERTISING, 107 MGMT_OP_GET_ADV_SIZE_INFO, 108 MGMT_OP_START_LIMITED_DISCOVERY, 109 MGMT_OP_READ_EXT_INFO, 110 MGMT_OP_SET_APPEARANCE, 111 MGMT_OP_SET_BLOCKED_KEYS, 112 MGMT_OP_SET_WIDEBAND_SPEECH, 113 MGMT_OP_READ_CONTROLLER_CAP, 114 MGMT_OP_READ_EXP_FEATURES_INFO, 115 MGMT_OP_SET_EXP_FEATURE, 116 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 117 MGMT_OP_SET_DEF_SYSTEM_CONFIG, 118 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 119 MGMT_OP_SET_DEF_RUNTIME_CONFIG, 120 MGMT_OP_GET_DEVICE_FLAGS, 121 MGMT_OP_SET_DEVICE_FLAGS, 122 MGMT_OP_READ_ADV_MONITOR_FEATURES, 123 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 124 MGMT_OP_REMOVE_ADV_MONITOR, 125 MGMT_OP_ADD_EXT_ADV_PARAMS, 126 MGMT_OP_ADD_EXT_ADV_DATA, 127 }; 128 129 static const u16 mgmt_events[] = { 130 MGMT_EV_CONTROLLER_ERROR, 131 MGMT_EV_INDEX_ADDED, 132 MGMT_EV_INDEX_REMOVED, 133 MGMT_EV_NEW_SETTINGS, 134 MGMT_EV_CLASS_OF_DEV_CHANGED, 135 MGMT_EV_LOCAL_NAME_CHANGED, 136 MGMT_EV_NEW_LINK_KEY, 137 MGMT_EV_NEW_LONG_TERM_KEY, 138 MGMT_EV_DEVICE_CONNECTED, 139 MGMT_EV_DEVICE_DISCONNECTED, 140 MGMT_EV_CONNECT_FAILED, 141 MGMT_EV_PIN_CODE_REQUEST, 142 MGMT_EV_USER_CONFIRM_REQUEST, 143 MGMT_EV_USER_PASSKEY_REQUEST, 144 MGMT_EV_AUTH_FAILED, 145 MGMT_EV_DEVICE_FOUND, 146 MGMT_EV_DISCOVERING, 147 MGMT_EV_DEVICE_BLOCKED, 148 MGMT_EV_DEVICE_UNBLOCKED, 149 MGMT_EV_DEVICE_UNPAIRED, 150 MGMT_EV_PASSKEY_NOTIFY, 151 MGMT_EV_NEW_IRK, 152 MGMT_EV_NEW_CSRK, 153 MGMT_EV_DEVICE_ADDED, 154 MGMT_EV_DEVICE_REMOVED, 155 MGMT_EV_NEW_CONN_PARAM, 156 MGMT_EV_UNCONF_INDEX_ADDED, 157 MGMT_EV_UNCONF_INDEX_REMOVED, 158 MGMT_EV_NEW_CONFIG_OPTIONS, 159 MGMT_EV_EXT_INDEX_ADDED, 160 MGMT_EV_EXT_INDEX_REMOVED, 161 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 162 MGMT_EV_ADVERTISING_ADDED, 163 MGMT_EV_ADVERTISING_REMOVED, 164 MGMT_EV_EXT_INFO_CHANGED, 165 MGMT_EV_PHY_CONFIGURATION_CHANGED, 166 MGMT_EV_EXP_FEATURE_CHANGED, 167 MGMT_EV_DEVICE_FLAGS_CHANGED, 168 MGMT_EV_CONTROLLER_SUSPEND, 169 MGMT_EV_CONTROLLER_RESUME, 170 }; 171 172 static const u16 mgmt_untrusted_commands[] = { 173 MGMT_OP_READ_INDEX_LIST, 174 MGMT_OP_READ_INFO, 175 MGMT_OP_READ_UNCONF_INDEX_LIST, 176 MGMT_OP_READ_CONFIG_INFO, 177 MGMT_OP_READ_EXT_INDEX_LIST, 178 MGMT_OP_READ_EXT_INFO, 179 MGMT_OP_READ_CONTROLLER_CAP, 180 MGMT_OP_READ_EXP_FEATURES_INFO, 181 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 182 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 183 }; 184 185 static const u16 mgmt_untrusted_events[] = { 186 MGMT_EV_INDEX_ADDED, 187 MGMT_EV_INDEX_REMOVED, 188 MGMT_EV_NEW_SETTINGS, 189 MGMT_EV_CLASS_OF_DEV_CHANGED, 190 MGMT_EV_LOCAL_NAME_CHANGED, 191 MGMT_EV_UNCONF_INDEX_ADDED, 192 MGMT_EV_UNCONF_INDEX_REMOVED, 193 MGMT_EV_NEW_CONFIG_OPTIONS, 194 MGMT_EV_EXT_INDEX_ADDED, 195 MGMT_EV_EXT_INDEX_REMOVED, 196 MGMT_EV_EXT_INFO_CHANGED, 197 MGMT_EV_EXP_FEATURE_CHANGED, 198 MGMT_EV_ADV_MONITOR_ADDED, 199 MGMT_EV_ADV_MONITOR_REMOVED, 200 }; 201 202 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 203 204 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 205 "\x00\x00\x00\x00\x00\x00\x00\x00" 206 207 /* HCI to MGMT error code conversion table */ 208 static const u8 mgmt_status_table[] = { 209 MGMT_STATUS_SUCCESS, 210 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 211 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 212 MGMT_STATUS_FAILED, /* Hardware Failure */ 213 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 214 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 215 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 216 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 217 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 218 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 219 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 220 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 221 MGMT_STATUS_BUSY, /* Command Disallowed */ 222 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 223 MGMT_STATUS_REJECTED, /* Rejected Security */ 224 MGMT_STATUS_REJECTED, /* Rejected Personal */ 225 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 226 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 227 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 228 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 229 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 230 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 231 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 232 MGMT_STATUS_BUSY, /* Repeated Attempts */ 233 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 234 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 235 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 236 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 237 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 238 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 239 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 240 MGMT_STATUS_FAILED, /* Unspecified Error */ 241 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 242 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 243 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 244 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 245 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 246 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 247 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 248 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 249 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 250 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 251 MGMT_STATUS_FAILED, /* Transaction Collision */ 252 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 253 MGMT_STATUS_REJECTED, /* QoS Rejected */ 254 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 255 MGMT_STATUS_REJECTED, /* Insufficient Security */ 256 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 257 MGMT_STATUS_BUSY, /* Role Switch Pending */ 258 MGMT_STATUS_FAILED, /* Slot Violation */ 259 MGMT_STATUS_FAILED, /* Role Switch Failed */ 260 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 261 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 262 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 263 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 264 MGMT_STATUS_BUSY, /* Controller Busy */ 265 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 266 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 267 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 268 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 269 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 270 }; 271 272 static u8 mgmt_status(u8 hci_status) 273 { 274 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 275 return mgmt_status_table[hci_status]; 276 277 return MGMT_STATUS_FAILED; 278 } 279 280 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 281 u16 len, int flag) 282 { 283 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 284 flag, NULL); 285 } 286 287 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 288 u16 len, int flag, struct sock *skip_sk) 289 { 290 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 291 flag, skip_sk); 292 } 293 294 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 295 struct sock *skip_sk) 296 { 297 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 298 HCI_SOCK_TRUSTED, skip_sk); 299 } 300 301 static u8 le_addr_type(u8 mgmt_addr_type) 302 { 303 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 304 return ADDR_LE_DEV_PUBLIC; 305 else 306 return ADDR_LE_DEV_RANDOM; 307 } 308 309 void mgmt_fill_version_info(void *ver) 310 { 311 struct mgmt_rp_read_version *rp = ver; 312 313 rp->version = MGMT_VERSION; 314 rp->revision = cpu_to_le16(MGMT_REVISION); 315 } 316 317 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 318 u16 data_len) 319 { 320 struct mgmt_rp_read_version rp; 321 322 bt_dev_dbg(hdev, "sock %p", sk); 323 324 mgmt_fill_version_info(&rp); 325 326 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 327 &rp, sizeof(rp)); 328 } 329 330 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 331 u16 data_len) 332 { 333 struct mgmt_rp_read_commands *rp; 334 u16 num_commands, num_events; 335 size_t rp_size; 336 int i, err; 337 338 bt_dev_dbg(hdev, "sock %p", sk); 339 340 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 341 num_commands = ARRAY_SIZE(mgmt_commands); 342 num_events = ARRAY_SIZE(mgmt_events); 343 } else { 344 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 345 num_events = ARRAY_SIZE(mgmt_untrusted_events); 346 } 347 348 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 349 350 rp = kmalloc(rp_size, GFP_KERNEL); 351 if (!rp) 352 return -ENOMEM; 353 354 rp->num_commands = cpu_to_le16(num_commands); 355 rp->num_events = cpu_to_le16(num_events); 356 357 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 358 __le16 *opcode = rp->opcodes; 359 360 for (i = 0; i < num_commands; i++, opcode++) 361 put_unaligned_le16(mgmt_commands[i], opcode); 362 363 for (i = 0; i < num_events; i++, opcode++) 364 put_unaligned_le16(mgmt_events[i], opcode); 365 } else { 366 __le16 *opcode = rp->opcodes; 367 368 for (i = 0; i < num_commands; i++, opcode++) 369 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 370 371 for (i = 0; i < num_events; i++, opcode++) 372 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 373 } 374 375 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 376 rp, rp_size); 377 kfree(rp); 378 379 return err; 380 } 381 382 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 383 u16 data_len) 384 { 385 struct mgmt_rp_read_index_list *rp; 386 struct hci_dev *d; 387 size_t rp_len; 388 u16 count; 389 int err; 390 391 bt_dev_dbg(hdev, "sock %p", sk); 392 393 read_lock(&hci_dev_list_lock); 394 395 count = 0; 396 list_for_each_entry(d, &hci_dev_list, list) { 397 if (d->dev_type == HCI_PRIMARY && 398 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 399 count++; 400 } 401 402 rp_len = sizeof(*rp) + (2 * count); 403 rp = kmalloc(rp_len, GFP_ATOMIC); 404 if (!rp) { 405 read_unlock(&hci_dev_list_lock); 406 return -ENOMEM; 407 } 408 409 count = 0; 410 list_for_each_entry(d, &hci_dev_list, list) { 411 if (hci_dev_test_flag(d, HCI_SETUP) || 412 hci_dev_test_flag(d, HCI_CONFIG) || 413 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 414 continue; 415 416 /* Devices marked as raw-only are neither configured 417 * nor unconfigured controllers. 418 */ 419 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 420 continue; 421 422 if (d->dev_type == HCI_PRIMARY && 423 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 424 rp->index[count++] = cpu_to_le16(d->id); 425 bt_dev_dbg(hdev, "Added hci%u", d->id); 426 } 427 } 428 429 rp->num_controllers = cpu_to_le16(count); 430 rp_len = sizeof(*rp) + (2 * count); 431 432 read_unlock(&hci_dev_list_lock); 433 434 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 435 0, rp, rp_len); 436 437 kfree(rp); 438 439 return err; 440 } 441 442 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 443 void *data, u16 data_len) 444 { 445 struct mgmt_rp_read_unconf_index_list *rp; 446 struct hci_dev *d; 447 size_t rp_len; 448 u16 count; 449 int err; 450 451 bt_dev_dbg(hdev, "sock %p", sk); 452 453 read_lock(&hci_dev_list_lock); 454 455 count = 0; 456 list_for_each_entry(d, &hci_dev_list, list) { 457 if (d->dev_type == HCI_PRIMARY && 458 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 459 count++; 460 } 461 462 rp_len = sizeof(*rp) + (2 * count); 463 rp = kmalloc(rp_len, GFP_ATOMIC); 464 if (!rp) { 465 read_unlock(&hci_dev_list_lock); 466 return -ENOMEM; 467 } 468 469 count = 0; 470 list_for_each_entry(d, &hci_dev_list, list) { 471 if (hci_dev_test_flag(d, HCI_SETUP) || 472 hci_dev_test_flag(d, HCI_CONFIG) || 473 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 474 continue; 475 476 /* Devices marked as raw-only are neither configured 477 * nor unconfigured controllers. 478 */ 479 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 480 continue; 481 482 if (d->dev_type == HCI_PRIMARY && 483 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 484 rp->index[count++] = cpu_to_le16(d->id); 485 bt_dev_dbg(hdev, "Added hci%u", d->id); 486 } 487 } 488 489 rp->num_controllers = cpu_to_le16(count); 490 rp_len = sizeof(*rp) + (2 * count); 491 492 read_unlock(&hci_dev_list_lock); 493 494 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 495 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 496 497 kfree(rp); 498 499 return err; 500 } 501 502 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 503 void *data, u16 data_len) 504 { 505 struct mgmt_rp_read_ext_index_list *rp; 506 struct hci_dev *d; 507 u16 count; 508 int err; 509 510 bt_dev_dbg(hdev, "sock %p", sk); 511 512 read_lock(&hci_dev_list_lock); 513 514 count = 0; 515 list_for_each_entry(d, &hci_dev_list, list) { 516 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 517 count++; 518 } 519 520 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 521 if (!rp) { 522 read_unlock(&hci_dev_list_lock); 523 return -ENOMEM; 524 } 525 526 count = 0; 527 list_for_each_entry(d, &hci_dev_list, list) { 528 if (hci_dev_test_flag(d, HCI_SETUP) || 529 hci_dev_test_flag(d, HCI_CONFIG) || 530 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 531 continue; 532 533 /* Devices marked as raw-only are neither configured 534 * nor unconfigured controllers. 535 */ 536 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 537 continue; 538 539 if (d->dev_type == HCI_PRIMARY) { 540 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 541 rp->entry[count].type = 0x01; 542 else 543 rp->entry[count].type = 0x00; 544 } else if (d->dev_type == HCI_AMP) { 545 rp->entry[count].type = 0x02; 546 } else { 547 continue; 548 } 549 550 rp->entry[count].bus = d->bus; 551 rp->entry[count++].index = cpu_to_le16(d->id); 552 bt_dev_dbg(hdev, "Added hci%u", d->id); 553 } 554 555 rp->num_controllers = cpu_to_le16(count); 556 557 read_unlock(&hci_dev_list_lock); 558 559 /* If this command is called at least once, then all the 560 * default index and unconfigured index events are disabled 561 * and from now on only extended index events are used. 562 */ 563 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 564 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 565 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 566 567 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 568 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 569 struct_size(rp, entry, count)); 570 571 kfree(rp); 572 573 return err; 574 } 575 576 static bool is_configured(struct hci_dev *hdev) 577 { 578 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 579 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 580 return false; 581 582 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 583 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 584 !bacmp(&hdev->public_addr, BDADDR_ANY)) 585 return false; 586 587 return true; 588 } 589 590 static __le32 get_missing_options(struct hci_dev *hdev) 591 { 592 u32 options = 0; 593 594 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 595 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 596 options |= MGMT_OPTION_EXTERNAL_CONFIG; 597 598 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 599 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 600 !bacmp(&hdev->public_addr, BDADDR_ANY)) 601 options |= MGMT_OPTION_PUBLIC_ADDRESS; 602 603 return cpu_to_le32(options); 604 } 605 606 static int new_options(struct hci_dev *hdev, struct sock *skip) 607 { 608 __le32 options = get_missing_options(hdev); 609 610 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 611 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 612 } 613 614 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 615 { 616 __le32 options = get_missing_options(hdev); 617 618 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 619 sizeof(options)); 620 } 621 622 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 623 void *data, u16 data_len) 624 { 625 struct mgmt_rp_read_config_info rp; 626 u32 options = 0; 627 628 bt_dev_dbg(hdev, "sock %p", sk); 629 630 hci_dev_lock(hdev); 631 632 memset(&rp, 0, sizeof(rp)); 633 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 634 635 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 636 options |= MGMT_OPTION_EXTERNAL_CONFIG; 637 638 if (hdev->set_bdaddr) 639 options |= MGMT_OPTION_PUBLIC_ADDRESS; 640 641 rp.supported_options = cpu_to_le32(options); 642 rp.missing_options = get_missing_options(hdev); 643 644 hci_dev_unlock(hdev); 645 646 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 647 &rp, sizeof(rp)); 648 } 649 650 static u32 get_supported_phys(struct hci_dev *hdev) 651 { 652 u32 supported_phys = 0; 653 654 if (lmp_bredr_capable(hdev)) { 655 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 656 657 if (hdev->features[0][0] & LMP_3SLOT) 658 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 659 660 if (hdev->features[0][0] & LMP_5SLOT) 661 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 662 663 if (lmp_edr_2m_capable(hdev)) { 664 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 665 666 if (lmp_edr_3slot_capable(hdev)) 667 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 668 669 if (lmp_edr_5slot_capable(hdev)) 670 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 671 672 if (lmp_edr_3m_capable(hdev)) { 673 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 674 675 if (lmp_edr_3slot_capable(hdev)) 676 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 677 678 if (lmp_edr_5slot_capable(hdev)) 679 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 680 } 681 } 682 } 683 684 if (lmp_le_capable(hdev)) { 685 supported_phys |= MGMT_PHY_LE_1M_TX; 686 supported_phys |= MGMT_PHY_LE_1M_RX; 687 688 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 689 supported_phys |= MGMT_PHY_LE_2M_TX; 690 supported_phys |= MGMT_PHY_LE_2M_RX; 691 } 692 693 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 694 supported_phys |= MGMT_PHY_LE_CODED_TX; 695 supported_phys |= MGMT_PHY_LE_CODED_RX; 696 } 697 } 698 699 return supported_phys; 700 } 701 702 static u32 get_selected_phys(struct hci_dev *hdev) 703 { 704 u32 selected_phys = 0; 705 706 if (lmp_bredr_capable(hdev)) { 707 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 708 709 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 710 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 711 712 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 713 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 714 715 if (lmp_edr_2m_capable(hdev)) { 716 if (!(hdev->pkt_type & HCI_2DH1)) 717 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 718 719 if (lmp_edr_3slot_capable(hdev) && 720 !(hdev->pkt_type & HCI_2DH3)) 721 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 722 723 if (lmp_edr_5slot_capable(hdev) && 724 !(hdev->pkt_type & HCI_2DH5)) 725 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 726 727 if (lmp_edr_3m_capable(hdev)) { 728 if (!(hdev->pkt_type & HCI_3DH1)) 729 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 730 731 if (lmp_edr_3slot_capable(hdev) && 732 !(hdev->pkt_type & HCI_3DH3)) 733 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 734 735 if (lmp_edr_5slot_capable(hdev) && 736 !(hdev->pkt_type & HCI_3DH5)) 737 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 738 } 739 } 740 } 741 742 if (lmp_le_capable(hdev)) { 743 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 744 selected_phys |= MGMT_PHY_LE_1M_TX; 745 746 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 747 selected_phys |= MGMT_PHY_LE_1M_RX; 748 749 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 750 selected_phys |= MGMT_PHY_LE_2M_TX; 751 752 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 753 selected_phys |= MGMT_PHY_LE_2M_RX; 754 755 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 756 selected_phys |= MGMT_PHY_LE_CODED_TX; 757 758 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 759 selected_phys |= MGMT_PHY_LE_CODED_RX; 760 } 761 762 return selected_phys; 763 } 764 765 static u32 get_configurable_phys(struct hci_dev *hdev) 766 { 767 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 768 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 769 } 770 771 static u32 get_supported_settings(struct hci_dev *hdev) 772 { 773 u32 settings = 0; 774 775 settings |= MGMT_SETTING_POWERED; 776 settings |= MGMT_SETTING_BONDABLE; 777 settings |= MGMT_SETTING_DEBUG_KEYS; 778 settings |= MGMT_SETTING_CONNECTABLE; 779 settings |= MGMT_SETTING_DISCOVERABLE; 780 781 if (lmp_bredr_capable(hdev)) { 782 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 783 settings |= MGMT_SETTING_FAST_CONNECTABLE; 784 settings |= MGMT_SETTING_BREDR; 785 settings |= MGMT_SETTING_LINK_SECURITY; 786 787 if (lmp_ssp_capable(hdev)) { 788 settings |= MGMT_SETTING_SSP; 789 if (IS_ENABLED(CONFIG_BT_HS)) 790 settings |= MGMT_SETTING_HS; 791 } 792 793 if (lmp_sc_capable(hdev)) 794 settings |= MGMT_SETTING_SECURE_CONN; 795 796 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 797 &hdev->quirks)) 798 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 799 } 800 801 if (lmp_le_capable(hdev)) { 802 settings |= MGMT_SETTING_LE; 803 settings |= MGMT_SETTING_SECURE_CONN; 804 settings |= MGMT_SETTING_PRIVACY; 805 settings |= MGMT_SETTING_STATIC_ADDRESS; 806 807 /* When the experimental feature for LL Privacy support is 808 * enabled, then advertising is no longer supported. 809 */ 810 if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 811 settings |= MGMT_SETTING_ADVERTISING; 812 } 813 814 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 815 hdev->set_bdaddr) 816 settings |= MGMT_SETTING_CONFIGURATION; 817 818 settings |= MGMT_SETTING_PHY_CONFIGURATION; 819 820 return settings; 821 } 822 823 static u32 get_current_settings(struct hci_dev *hdev) 824 { 825 u32 settings = 0; 826 827 if (hdev_is_powered(hdev)) 828 settings |= MGMT_SETTING_POWERED; 829 830 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 831 settings |= MGMT_SETTING_CONNECTABLE; 832 833 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 834 settings |= MGMT_SETTING_FAST_CONNECTABLE; 835 836 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 837 settings |= MGMT_SETTING_DISCOVERABLE; 838 839 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 840 settings |= MGMT_SETTING_BONDABLE; 841 842 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 843 settings |= MGMT_SETTING_BREDR; 844 845 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 846 settings |= MGMT_SETTING_LE; 847 848 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 849 settings |= MGMT_SETTING_LINK_SECURITY; 850 851 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 852 settings |= MGMT_SETTING_SSP; 853 854 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 855 settings |= MGMT_SETTING_HS; 856 857 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 858 settings |= MGMT_SETTING_ADVERTISING; 859 860 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 861 settings |= MGMT_SETTING_SECURE_CONN; 862 863 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 864 settings |= MGMT_SETTING_DEBUG_KEYS; 865 866 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 867 settings |= MGMT_SETTING_PRIVACY; 868 869 /* The current setting for static address has two purposes. The 870 * first is to indicate if the static address will be used and 871 * the second is to indicate if it is actually set. 872 * 873 * This means if the static address is not configured, this flag 874 * will never be set. If the address is configured, then if the 875 * address is actually used decides if the flag is set or not. 876 * 877 * For single mode LE only controllers and dual-mode controllers 878 * with BR/EDR disabled, the existence of the static address will 879 * be evaluated. 880 */ 881 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 882 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 883 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 884 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 885 settings |= MGMT_SETTING_STATIC_ADDRESS; 886 } 887 888 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED)) 889 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 890 891 return settings; 892 } 893 894 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 895 { 896 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 897 } 898 899 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 900 struct hci_dev *hdev, 901 const void *data) 902 { 903 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 904 } 905 906 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 907 { 908 struct mgmt_pending_cmd *cmd; 909 910 /* If there's a pending mgmt command the flags will not yet have 911 * their final values, so check for this first. 912 */ 913 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 914 if (cmd) { 915 struct mgmt_mode *cp = cmd->param; 916 if (cp->val == 0x01) 917 return LE_AD_GENERAL; 918 else if (cp->val == 0x02) 919 return LE_AD_LIMITED; 920 } else { 921 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 922 return LE_AD_LIMITED; 923 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 924 return LE_AD_GENERAL; 925 } 926 927 return 0; 928 } 929 930 bool mgmt_get_connectable(struct hci_dev *hdev) 931 { 932 struct mgmt_pending_cmd *cmd; 933 934 /* If there's a pending mgmt command the flag will not yet have 935 * it's final value, so check for this first. 936 */ 937 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 938 if (cmd) { 939 struct mgmt_mode *cp = cmd->param; 940 941 return cp->val; 942 } 943 944 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 945 } 946 947 static void service_cache_off(struct work_struct *work) 948 { 949 struct hci_dev *hdev = container_of(work, struct hci_dev, 950 service_cache.work); 951 struct hci_request req; 952 953 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 954 return; 955 956 hci_req_init(&req, hdev); 957 958 hci_dev_lock(hdev); 959 960 __hci_req_update_eir(&req); 961 __hci_req_update_class(&req); 962 963 hci_dev_unlock(hdev); 964 965 hci_req_run(&req, NULL); 966 } 967 968 static void rpa_expired(struct work_struct *work) 969 { 970 struct hci_dev *hdev = container_of(work, struct hci_dev, 971 rpa_expired.work); 972 struct hci_request req; 973 974 bt_dev_dbg(hdev, ""); 975 976 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 977 978 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 979 return; 980 981 /* The generation of a new RPA and programming it into the 982 * controller happens in the hci_req_enable_advertising() 983 * function. 984 */ 985 hci_req_init(&req, hdev); 986 if (ext_adv_capable(hdev)) 987 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance); 988 else 989 __hci_req_enable_advertising(&req); 990 hci_req_run(&req, NULL); 991 } 992 993 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 994 { 995 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 996 return; 997 998 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 999 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 1000 1001 /* Non-mgmt controlled devices get this bit set 1002 * implicitly so that pairing works for them, however 1003 * for mgmt we require user-space to explicitly enable 1004 * it 1005 */ 1006 hci_dev_clear_flag(hdev, HCI_BONDABLE); 1007 } 1008 1009 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1010 void *data, u16 data_len) 1011 { 1012 struct mgmt_rp_read_info rp; 1013 1014 bt_dev_dbg(hdev, "sock %p", sk); 1015 1016 hci_dev_lock(hdev); 1017 1018 memset(&rp, 0, sizeof(rp)); 1019 1020 bacpy(&rp.bdaddr, &hdev->bdaddr); 1021 1022 rp.version = hdev->hci_ver; 1023 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 1024 1025 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1026 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 1027 1028 memcpy(rp.dev_class, hdev->dev_class, 3); 1029 1030 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 1031 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 1032 1033 hci_dev_unlock(hdev); 1034 1035 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 1036 sizeof(rp)); 1037 } 1038 1039 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 1040 { 1041 u16 eir_len = 0; 1042 size_t name_len; 1043 1044 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1045 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1046 hdev->dev_class, 3); 1047 1048 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1049 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1050 hdev->appearance); 1051 1052 name_len = strlen(hdev->dev_name); 1053 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1054 hdev->dev_name, name_len); 1055 1056 name_len = strlen(hdev->short_name); 1057 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1058 hdev->short_name, name_len); 1059 1060 return eir_len; 1061 } 1062 1063 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1064 void *data, u16 data_len) 1065 { 1066 char buf[512]; 1067 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1068 u16 eir_len; 1069 1070 bt_dev_dbg(hdev, "sock %p", sk); 1071 1072 memset(&buf, 0, sizeof(buf)); 1073 1074 hci_dev_lock(hdev); 1075 1076 bacpy(&rp->bdaddr, &hdev->bdaddr); 1077 1078 rp->version = hdev->hci_ver; 1079 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1080 1081 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1082 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1083 1084 1085 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1086 rp->eir_len = cpu_to_le16(eir_len); 1087 1088 hci_dev_unlock(hdev); 1089 1090 /* If this command is called at least once, then the events 1091 * for class of device and local name changes are disabled 1092 * and only the new extended controller information event 1093 * is used. 1094 */ 1095 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1096 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1097 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1098 1099 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1100 sizeof(*rp) + eir_len); 1101 } 1102 1103 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1104 { 1105 char buf[512]; 1106 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1107 u16 eir_len; 1108 1109 memset(buf, 0, sizeof(buf)); 1110 1111 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1112 ev->eir_len = cpu_to_le16(eir_len); 1113 1114 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1115 sizeof(*ev) + eir_len, 1116 HCI_MGMT_EXT_INFO_EVENTS, skip); 1117 } 1118 1119 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1120 { 1121 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1122 1123 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1124 sizeof(settings)); 1125 } 1126 1127 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1128 { 1129 bt_dev_dbg(hdev, "status 0x%02x", status); 1130 1131 if (hci_conn_count(hdev) == 0) { 1132 cancel_delayed_work(&hdev->power_off); 1133 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1134 } 1135 } 1136 1137 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1138 { 1139 struct mgmt_ev_advertising_added ev; 1140 1141 ev.instance = instance; 1142 1143 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1144 } 1145 1146 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1147 u8 instance) 1148 { 1149 struct mgmt_ev_advertising_removed ev; 1150 1151 ev.instance = instance; 1152 1153 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1154 } 1155 1156 static void cancel_adv_timeout(struct hci_dev *hdev) 1157 { 1158 if (hdev->adv_instance_timeout) { 1159 hdev->adv_instance_timeout = 0; 1160 cancel_delayed_work(&hdev->adv_instance_expire); 1161 } 1162 } 1163 1164 static int clean_up_hci_state(struct hci_dev *hdev) 1165 { 1166 struct hci_request req; 1167 struct hci_conn *conn; 1168 bool discov_stopped; 1169 int err; 1170 1171 hci_req_init(&req, hdev); 1172 1173 if (test_bit(HCI_ISCAN, &hdev->flags) || 1174 test_bit(HCI_PSCAN, &hdev->flags)) { 1175 u8 scan = 0x00; 1176 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1177 } 1178 1179 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1180 1181 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1182 __hci_req_disable_advertising(&req); 1183 1184 discov_stopped = hci_req_stop_discovery(&req); 1185 1186 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1187 /* 0x15 == Terminated due to Power Off */ 1188 __hci_abort_conn(&req, conn, 0x15); 1189 } 1190 1191 err = hci_req_run(&req, clean_up_hci_complete); 1192 if (!err && discov_stopped) 1193 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1194 1195 return err; 1196 } 1197 1198 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1199 u16 len) 1200 { 1201 struct mgmt_mode *cp = data; 1202 struct mgmt_pending_cmd *cmd; 1203 int err; 1204 1205 bt_dev_dbg(hdev, "sock %p", sk); 1206 1207 if (cp->val != 0x00 && cp->val != 0x01) 1208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1209 MGMT_STATUS_INVALID_PARAMS); 1210 1211 hci_dev_lock(hdev); 1212 1213 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1214 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1215 MGMT_STATUS_BUSY); 1216 goto failed; 1217 } 1218 1219 if (!!cp->val == hdev_is_powered(hdev)) { 1220 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1221 goto failed; 1222 } 1223 1224 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1225 if (!cmd) { 1226 err = -ENOMEM; 1227 goto failed; 1228 } 1229 1230 if (cp->val) { 1231 queue_work(hdev->req_workqueue, &hdev->power_on); 1232 err = 0; 1233 } else { 1234 /* Disconnect connections, stop scans, etc */ 1235 err = clean_up_hci_state(hdev); 1236 if (!err) 1237 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1238 HCI_POWER_OFF_TIMEOUT); 1239 1240 /* ENODATA means there were no HCI commands queued */ 1241 if (err == -ENODATA) { 1242 cancel_delayed_work(&hdev->power_off); 1243 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1244 err = 0; 1245 } 1246 } 1247 1248 failed: 1249 hci_dev_unlock(hdev); 1250 return err; 1251 } 1252 1253 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1254 { 1255 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1256 1257 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1258 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1259 } 1260 1261 int mgmt_new_settings(struct hci_dev *hdev) 1262 { 1263 return new_settings(hdev, NULL); 1264 } 1265 1266 struct cmd_lookup { 1267 struct sock *sk; 1268 struct hci_dev *hdev; 1269 u8 mgmt_status; 1270 }; 1271 1272 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1273 { 1274 struct cmd_lookup *match = data; 1275 1276 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1277 1278 list_del(&cmd->list); 1279 1280 if (match->sk == NULL) { 1281 match->sk = cmd->sk; 1282 sock_hold(match->sk); 1283 } 1284 1285 mgmt_pending_free(cmd); 1286 } 1287 1288 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1289 { 1290 u8 *status = data; 1291 1292 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1293 mgmt_pending_remove(cmd); 1294 } 1295 1296 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1297 { 1298 if (cmd->cmd_complete) { 1299 u8 *status = data; 1300 1301 cmd->cmd_complete(cmd, *status); 1302 mgmt_pending_remove(cmd); 1303 1304 return; 1305 } 1306 1307 cmd_status_rsp(cmd, data); 1308 } 1309 1310 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1311 { 1312 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1313 cmd->param, cmd->param_len); 1314 } 1315 1316 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1317 { 1318 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1319 cmd->param, sizeof(struct mgmt_addr_info)); 1320 } 1321 1322 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1323 { 1324 if (!lmp_bredr_capable(hdev)) 1325 return MGMT_STATUS_NOT_SUPPORTED; 1326 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1327 return MGMT_STATUS_REJECTED; 1328 else 1329 return MGMT_STATUS_SUCCESS; 1330 } 1331 1332 static u8 mgmt_le_support(struct hci_dev *hdev) 1333 { 1334 if (!lmp_le_capable(hdev)) 1335 return MGMT_STATUS_NOT_SUPPORTED; 1336 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1337 return MGMT_STATUS_REJECTED; 1338 else 1339 return MGMT_STATUS_SUCCESS; 1340 } 1341 1342 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1343 { 1344 struct mgmt_pending_cmd *cmd; 1345 1346 bt_dev_dbg(hdev, "status 0x%02x", status); 1347 1348 hci_dev_lock(hdev); 1349 1350 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1351 if (!cmd) 1352 goto unlock; 1353 1354 if (status) { 1355 u8 mgmt_err = mgmt_status(status); 1356 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1357 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1358 goto remove_cmd; 1359 } 1360 1361 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1362 hdev->discov_timeout > 0) { 1363 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1364 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1365 } 1366 1367 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1368 new_settings(hdev, cmd->sk); 1369 1370 remove_cmd: 1371 mgmt_pending_remove(cmd); 1372 1373 unlock: 1374 hci_dev_unlock(hdev); 1375 } 1376 1377 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1378 u16 len) 1379 { 1380 struct mgmt_cp_set_discoverable *cp = data; 1381 struct mgmt_pending_cmd *cmd; 1382 u16 timeout; 1383 int err; 1384 1385 bt_dev_dbg(hdev, "sock %p", sk); 1386 1387 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1388 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1389 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1390 MGMT_STATUS_REJECTED); 1391 1392 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1394 MGMT_STATUS_INVALID_PARAMS); 1395 1396 timeout = __le16_to_cpu(cp->timeout); 1397 1398 /* Disabling discoverable requires that no timeout is set, 1399 * and enabling limited discoverable requires a timeout. 1400 */ 1401 if ((cp->val == 0x00 && timeout > 0) || 1402 (cp->val == 0x02 && timeout == 0)) 1403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1404 MGMT_STATUS_INVALID_PARAMS); 1405 1406 hci_dev_lock(hdev); 1407 1408 if (!hdev_is_powered(hdev) && timeout > 0) { 1409 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1410 MGMT_STATUS_NOT_POWERED); 1411 goto failed; 1412 } 1413 1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1417 MGMT_STATUS_BUSY); 1418 goto failed; 1419 } 1420 1421 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1422 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1423 MGMT_STATUS_REJECTED); 1424 goto failed; 1425 } 1426 1427 if (hdev->advertising_paused) { 1428 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1429 MGMT_STATUS_BUSY); 1430 goto failed; 1431 } 1432 1433 if (!hdev_is_powered(hdev)) { 1434 bool changed = false; 1435 1436 /* Setting limited discoverable when powered off is 1437 * not a valid operation since it requires a timeout 1438 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1439 */ 1440 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1441 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1442 changed = true; 1443 } 1444 1445 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1446 if (err < 0) 1447 goto failed; 1448 1449 if (changed) 1450 err = new_settings(hdev, sk); 1451 1452 goto failed; 1453 } 1454 1455 /* If the current mode is the same, then just update the timeout 1456 * value with the new value. And if only the timeout gets updated, 1457 * then no need for any HCI transactions. 1458 */ 1459 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1460 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1461 HCI_LIMITED_DISCOVERABLE)) { 1462 cancel_delayed_work(&hdev->discov_off); 1463 hdev->discov_timeout = timeout; 1464 1465 if (cp->val && hdev->discov_timeout > 0) { 1466 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1467 queue_delayed_work(hdev->req_workqueue, 1468 &hdev->discov_off, to); 1469 } 1470 1471 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1472 goto failed; 1473 } 1474 1475 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1476 if (!cmd) { 1477 err = -ENOMEM; 1478 goto failed; 1479 } 1480 1481 /* Cancel any potential discoverable timeout that might be 1482 * still active and store new timeout value. The arming of 1483 * the timeout happens in the complete handler. 1484 */ 1485 cancel_delayed_work(&hdev->discov_off); 1486 hdev->discov_timeout = timeout; 1487 1488 if (cp->val) 1489 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1490 else 1491 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1492 1493 /* Limited discoverable mode */ 1494 if (cp->val == 0x02) 1495 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1496 else 1497 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1498 1499 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1500 err = 0; 1501 1502 failed: 1503 hci_dev_unlock(hdev); 1504 return err; 1505 } 1506 1507 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1508 { 1509 struct mgmt_pending_cmd *cmd; 1510 1511 bt_dev_dbg(hdev, "status 0x%02x", status); 1512 1513 hci_dev_lock(hdev); 1514 1515 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1516 if (!cmd) 1517 goto unlock; 1518 1519 if (status) { 1520 u8 mgmt_err = mgmt_status(status); 1521 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1522 goto remove_cmd; 1523 } 1524 1525 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1526 new_settings(hdev, cmd->sk); 1527 1528 remove_cmd: 1529 mgmt_pending_remove(cmd); 1530 1531 unlock: 1532 hci_dev_unlock(hdev); 1533 } 1534 1535 static int set_connectable_update_settings(struct hci_dev *hdev, 1536 struct sock *sk, u8 val) 1537 { 1538 bool changed = false; 1539 int err; 1540 1541 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1542 changed = true; 1543 1544 if (val) { 1545 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1546 } else { 1547 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1548 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1549 } 1550 1551 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1552 if (err < 0) 1553 return err; 1554 1555 if (changed) { 1556 hci_req_update_scan(hdev); 1557 hci_update_background_scan(hdev); 1558 return new_settings(hdev, sk); 1559 } 1560 1561 return 0; 1562 } 1563 1564 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1565 u16 len) 1566 { 1567 struct mgmt_mode *cp = data; 1568 struct mgmt_pending_cmd *cmd; 1569 int err; 1570 1571 bt_dev_dbg(hdev, "sock %p", sk); 1572 1573 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1574 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1576 MGMT_STATUS_REJECTED); 1577 1578 if (cp->val != 0x00 && cp->val != 0x01) 1579 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1580 MGMT_STATUS_INVALID_PARAMS); 1581 1582 hci_dev_lock(hdev); 1583 1584 if (!hdev_is_powered(hdev)) { 1585 err = set_connectable_update_settings(hdev, sk, cp->val); 1586 goto failed; 1587 } 1588 1589 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1590 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1592 MGMT_STATUS_BUSY); 1593 goto failed; 1594 } 1595 1596 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1597 if (!cmd) { 1598 err = -ENOMEM; 1599 goto failed; 1600 } 1601 1602 if (cp->val) { 1603 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1604 } else { 1605 if (hdev->discov_timeout > 0) 1606 cancel_delayed_work(&hdev->discov_off); 1607 1608 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1609 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1610 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1611 } 1612 1613 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1614 err = 0; 1615 1616 failed: 1617 hci_dev_unlock(hdev); 1618 return err; 1619 } 1620 1621 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1622 u16 len) 1623 { 1624 struct mgmt_mode *cp = data; 1625 bool changed; 1626 int err; 1627 1628 bt_dev_dbg(hdev, "sock %p", sk); 1629 1630 if (cp->val != 0x00 && cp->val != 0x01) 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1632 MGMT_STATUS_INVALID_PARAMS); 1633 1634 hci_dev_lock(hdev); 1635 1636 if (cp->val) 1637 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1638 else 1639 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1640 1641 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1642 if (err < 0) 1643 goto unlock; 1644 1645 if (changed) { 1646 /* In limited privacy mode the change of bondable mode 1647 * may affect the local advertising address. 1648 */ 1649 if (hdev_is_powered(hdev) && 1650 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1651 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1652 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1653 queue_work(hdev->req_workqueue, 1654 &hdev->discoverable_update); 1655 1656 err = new_settings(hdev, sk); 1657 } 1658 1659 unlock: 1660 hci_dev_unlock(hdev); 1661 return err; 1662 } 1663 1664 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1665 u16 len) 1666 { 1667 struct mgmt_mode *cp = data; 1668 struct mgmt_pending_cmd *cmd; 1669 u8 val, status; 1670 int err; 1671 1672 bt_dev_dbg(hdev, "sock %p", sk); 1673 1674 status = mgmt_bredr_support(hdev); 1675 if (status) 1676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1677 status); 1678 1679 if (cp->val != 0x00 && cp->val != 0x01) 1680 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1681 MGMT_STATUS_INVALID_PARAMS); 1682 1683 hci_dev_lock(hdev); 1684 1685 if (!hdev_is_powered(hdev)) { 1686 bool changed = false; 1687 1688 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1689 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1690 changed = true; 1691 } 1692 1693 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1694 if (err < 0) 1695 goto failed; 1696 1697 if (changed) 1698 err = new_settings(hdev, sk); 1699 1700 goto failed; 1701 } 1702 1703 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1705 MGMT_STATUS_BUSY); 1706 goto failed; 1707 } 1708 1709 val = !!cp->val; 1710 1711 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1712 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1713 goto failed; 1714 } 1715 1716 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1717 if (!cmd) { 1718 err = -ENOMEM; 1719 goto failed; 1720 } 1721 1722 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1723 if (err < 0) { 1724 mgmt_pending_remove(cmd); 1725 goto failed; 1726 } 1727 1728 failed: 1729 hci_dev_unlock(hdev); 1730 return err; 1731 } 1732 1733 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1734 { 1735 struct mgmt_mode *cp = data; 1736 struct mgmt_pending_cmd *cmd; 1737 u8 status; 1738 int err; 1739 1740 bt_dev_dbg(hdev, "sock %p", sk); 1741 1742 status = mgmt_bredr_support(hdev); 1743 if (status) 1744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1745 1746 if (!lmp_ssp_capable(hdev)) 1747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1748 MGMT_STATUS_NOT_SUPPORTED); 1749 1750 if (cp->val != 0x00 && cp->val != 0x01) 1751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1752 MGMT_STATUS_INVALID_PARAMS); 1753 1754 hci_dev_lock(hdev); 1755 1756 if (!hdev_is_powered(hdev)) { 1757 bool changed; 1758 1759 if (cp->val) { 1760 changed = !hci_dev_test_and_set_flag(hdev, 1761 HCI_SSP_ENABLED); 1762 } else { 1763 changed = hci_dev_test_and_clear_flag(hdev, 1764 HCI_SSP_ENABLED); 1765 if (!changed) 1766 changed = hci_dev_test_and_clear_flag(hdev, 1767 HCI_HS_ENABLED); 1768 else 1769 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1770 } 1771 1772 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1773 if (err < 0) 1774 goto failed; 1775 1776 if (changed) 1777 err = new_settings(hdev, sk); 1778 1779 goto failed; 1780 } 1781 1782 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1784 MGMT_STATUS_BUSY); 1785 goto failed; 1786 } 1787 1788 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1789 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1790 goto failed; 1791 } 1792 1793 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1794 if (!cmd) { 1795 err = -ENOMEM; 1796 goto failed; 1797 } 1798 1799 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1800 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1801 sizeof(cp->val), &cp->val); 1802 1803 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1804 if (err < 0) { 1805 mgmt_pending_remove(cmd); 1806 goto failed; 1807 } 1808 1809 failed: 1810 hci_dev_unlock(hdev); 1811 return err; 1812 } 1813 1814 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1815 { 1816 struct mgmt_mode *cp = data; 1817 bool changed; 1818 u8 status; 1819 int err; 1820 1821 bt_dev_dbg(hdev, "sock %p", sk); 1822 1823 if (!IS_ENABLED(CONFIG_BT_HS)) 1824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1825 MGMT_STATUS_NOT_SUPPORTED); 1826 1827 status = mgmt_bredr_support(hdev); 1828 if (status) 1829 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1830 1831 if (!lmp_ssp_capable(hdev)) 1832 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1833 MGMT_STATUS_NOT_SUPPORTED); 1834 1835 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1836 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1837 MGMT_STATUS_REJECTED); 1838 1839 if (cp->val != 0x00 && cp->val != 0x01) 1840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1841 MGMT_STATUS_INVALID_PARAMS); 1842 1843 hci_dev_lock(hdev); 1844 1845 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1846 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1847 MGMT_STATUS_BUSY); 1848 goto unlock; 1849 } 1850 1851 if (cp->val) { 1852 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1853 } else { 1854 if (hdev_is_powered(hdev)) { 1855 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1856 MGMT_STATUS_REJECTED); 1857 goto unlock; 1858 } 1859 1860 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1861 } 1862 1863 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1864 if (err < 0) 1865 goto unlock; 1866 1867 if (changed) 1868 err = new_settings(hdev, sk); 1869 1870 unlock: 1871 hci_dev_unlock(hdev); 1872 return err; 1873 } 1874 1875 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1876 { 1877 struct cmd_lookup match = { NULL, hdev }; 1878 1879 hci_dev_lock(hdev); 1880 1881 if (status) { 1882 u8 mgmt_err = mgmt_status(status); 1883 1884 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1885 &mgmt_err); 1886 goto unlock; 1887 } 1888 1889 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1890 1891 new_settings(hdev, match.sk); 1892 1893 if (match.sk) 1894 sock_put(match.sk); 1895 1896 /* Make sure the controller has a good default for 1897 * advertising data. Restrict the update to when LE 1898 * has actually been enabled. During power on, the 1899 * update in powered_update_hci will take care of it. 1900 */ 1901 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1902 struct hci_request req; 1903 hci_req_init(&req, hdev); 1904 if (ext_adv_capable(hdev)) { 1905 int err; 1906 1907 err = __hci_req_setup_ext_adv_instance(&req, 0x00); 1908 if (!err) 1909 __hci_req_update_scan_rsp_data(&req, 0x00); 1910 } else { 1911 __hci_req_update_adv_data(&req, 0x00); 1912 __hci_req_update_scan_rsp_data(&req, 0x00); 1913 } 1914 hci_req_run(&req, NULL); 1915 hci_update_background_scan(hdev); 1916 } 1917 1918 unlock: 1919 hci_dev_unlock(hdev); 1920 } 1921 1922 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1923 { 1924 struct mgmt_mode *cp = data; 1925 struct hci_cp_write_le_host_supported hci_cp; 1926 struct mgmt_pending_cmd *cmd; 1927 struct hci_request req; 1928 int err; 1929 u8 val, enabled; 1930 1931 bt_dev_dbg(hdev, "sock %p", sk); 1932 1933 if (!lmp_le_capable(hdev)) 1934 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1935 MGMT_STATUS_NOT_SUPPORTED); 1936 1937 if (cp->val != 0x00 && cp->val != 0x01) 1938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1939 MGMT_STATUS_INVALID_PARAMS); 1940 1941 /* Bluetooth single mode LE only controllers or dual-mode 1942 * controllers configured as LE only devices, do not allow 1943 * switching LE off. These have either LE enabled explicitly 1944 * or BR/EDR has been previously switched off. 1945 * 1946 * When trying to enable an already enabled LE, then gracefully 1947 * send a positive response. Trying to disable it however will 1948 * result into rejection. 1949 */ 1950 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1951 if (cp->val == 0x01) 1952 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1953 1954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1955 MGMT_STATUS_REJECTED); 1956 } 1957 1958 hci_dev_lock(hdev); 1959 1960 val = !!cp->val; 1961 enabled = lmp_host_le_capable(hdev); 1962 1963 if (!val) 1964 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1965 1966 if (!hdev_is_powered(hdev) || val == enabled) { 1967 bool changed = false; 1968 1969 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1970 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1971 changed = true; 1972 } 1973 1974 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1975 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1976 changed = true; 1977 } 1978 1979 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1980 if (err < 0) 1981 goto unlock; 1982 1983 if (changed) 1984 err = new_settings(hdev, sk); 1985 1986 goto unlock; 1987 } 1988 1989 if (pending_find(MGMT_OP_SET_LE, hdev) || 1990 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1991 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1992 MGMT_STATUS_BUSY); 1993 goto unlock; 1994 } 1995 1996 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1997 if (!cmd) { 1998 err = -ENOMEM; 1999 goto unlock; 2000 } 2001 2002 hci_req_init(&req, hdev); 2003 2004 memset(&hci_cp, 0, sizeof(hci_cp)); 2005 2006 if (val) { 2007 hci_cp.le = val; 2008 hci_cp.simul = 0x00; 2009 } else { 2010 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2011 __hci_req_disable_advertising(&req); 2012 2013 if (ext_adv_capable(hdev)) 2014 __hci_req_clear_ext_adv_sets(&req); 2015 } 2016 2017 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 2018 &hci_cp); 2019 2020 err = hci_req_run(&req, le_enable_complete); 2021 if (err < 0) 2022 mgmt_pending_remove(cmd); 2023 2024 unlock: 2025 hci_dev_unlock(hdev); 2026 return err; 2027 } 2028 2029 /* This is a helper function to test for pending mgmt commands that can 2030 * cause CoD or EIR HCI commands. We can only allow one such pending 2031 * mgmt command at a time since otherwise we cannot easily track what 2032 * the current values are, will be, and based on that calculate if a new 2033 * HCI command needs to be sent and if yes with what value. 2034 */ 2035 static bool pending_eir_or_class(struct hci_dev *hdev) 2036 { 2037 struct mgmt_pending_cmd *cmd; 2038 2039 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2040 switch (cmd->opcode) { 2041 case MGMT_OP_ADD_UUID: 2042 case MGMT_OP_REMOVE_UUID: 2043 case MGMT_OP_SET_DEV_CLASS: 2044 case MGMT_OP_SET_POWERED: 2045 return true; 2046 } 2047 } 2048 2049 return false; 2050 } 2051 2052 static const u8 bluetooth_base_uuid[] = { 2053 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2054 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2055 }; 2056 2057 static u8 get_uuid_size(const u8 *uuid) 2058 { 2059 u32 val; 2060 2061 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2062 return 128; 2063 2064 val = get_unaligned_le32(&uuid[12]); 2065 if (val > 0xffff) 2066 return 32; 2067 2068 return 16; 2069 } 2070 2071 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 2072 { 2073 struct mgmt_pending_cmd *cmd; 2074 2075 hci_dev_lock(hdev); 2076 2077 cmd = pending_find(mgmt_op, hdev); 2078 if (!cmd) 2079 goto unlock; 2080 2081 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2082 mgmt_status(status), hdev->dev_class, 3); 2083 2084 mgmt_pending_remove(cmd); 2085 2086 unlock: 2087 hci_dev_unlock(hdev); 2088 } 2089 2090 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2091 { 2092 bt_dev_dbg(hdev, "status 0x%02x", status); 2093 2094 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 2095 } 2096 2097 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2098 { 2099 struct mgmt_cp_add_uuid *cp = data; 2100 struct mgmt_pending_cmd *cmd; 2101 struct hci_request req; 2102 struct bt_uuid *uuid; 2103 int err; 2104 2105 bt_dev_dbg(hdev, "sock %p", sk); 2106 2107 hci_dev_lock(hdev); 2108 2109 if (pending_eir_or_class(hdev)) { 2110 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2111 MGMT_STATUS_BUSY); 2112 goto failed; 2113 } 2114 2115 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2116 if (!uuid) { 2117 err = -ENOMEM; 2118 goto failed; 2119 } 2120 2121 memcpy(uuid->uuid, cp->uuid, 16); 2122 uuid->svc_hint = cp->svc_hint; 2123 uuid->size = get_uuid_size(cp->uuid); 2124 2125 list_add_tail(&uuid->list, &hdev->uuids); 2126 2127 hci_req_init(&req, hdev); 2128 2129 __hci_req_update_class(&req); 2130 __hci_req_update_eir(&req); 2131 2132 err = hci_req_run(&req, add_uuid_complete); 2133 if (err < 0) { 2134 if (err != -ENODATA) 2135 goto failed; 2136 2137 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 2138 hdev->dev_class, 3); 2139 goto failed; 2140 } 2141 2142 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2143 if (!cmd) { 2144 err = -ENOMEM; 2145 goto failed; 2146 } 2147 2148 err = 0; 2149 2150 failed: 2151 hci_dev_unlock(hdev); 2152 return err; 2153 } 2154 2155 static bool enable_service_cache(struct hci_dev *hdev) 2156 { 2157 if (!hdev_is_powered(hdev)) 2158 return false; 2159 2160 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2161 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2162 CACHE_TIMEOUT); 2163 return true; 2164 } 2165 2166 return false; 2167 } 2168 2169 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2170 { 2171 bt_dev_dbg(hdev, "status 0x%02x", status); 2172 2173 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 2174 } 2175 2176 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2177 u16 len) 2178 { 2179 struct mgmt_cp_remove_uuid *cp = data; 2180 struct mgmt_pending_cmd *cmd; 2181 struct bt_uuid *match, *tmp; 2182 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 2183 struct hci_request req; 2184 int err, found; 2185 2186 bt_dev_dbg(hdev, "sock %p", sk); 2187 2188 hci_dev_lock(hdev); 2189 2190 if (pending_eir_or_class(hdev)) { 2191 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2192 MGMT_STATUS_BUSY); 2193 goto unlock; 2194 } 2195 2196 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2197 hci_uuids_clear(hdev); 2198 2199 if (enable_service_cache(hdev)) { 2200 err = mgmt_cmd_complete(sk, hdev->id, 2201 MGMT_OP_REMOVE_UUID, 2202 0, hdev->dev_class, 3); 2203 goto unlock; 2204 } 2205 2206 goto update_class; 2207 } 2208 2209 found = 0; 2210 2211 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2212 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2213 continue; 2214 2215 list_del(&match->list); 2216 kfree(match); 2217 found++; 2218 } 2219 2220 if (found == 0) { 2221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2222 MGMT_STATUS_INVALID_PARAMS); 2223 goto unlock; 2224 } 2225 2226 update_class: 2227 hci_req_init(&req, hdev); 2228 2229 __hci_req_update_class(&req); 2230 __hci_req_update_eir(&req); 2231 2232 err = hci_req_run(&req, remove_uuid_complete); 2233 if (err < 0) { 2234 if (err != -ENODATA) 2235 goto unlock; 2236 2237 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2238 hdev->dev_class, 3); 2239 goto unlock; 2240 } 2241 2242 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2243 if (!cmd) { 2244 err = -ENOMEM; 2245 goto unlock; 2246 } 2247 2248 err = 0; 2249 2250 unlock: 2251 hci_dev_unlock(hdev); 2252 return err; 2253 } 2254 2255 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2256 { 2257 bt_dev_dbg(hdev, "status 0x%02x", status); 2258 2259 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2260 } 2261 2262 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2263 u16 len) 2264 { 2265 struct mgmt_cp_set_dev_class *cp = data; 2266 struct mgmt_pending_cmd *cmd; 2267 struct hci_request req; 2268 int err; 2269 2270 bt_dev_dbg(hdev, "sock %p", sk); 2271 2272 if (!lmp_bredr_capable(hdev)) 2273 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2274 MGMT_STATUS_NOT_SUPPORTED); 2275 2276 hci_dev_lock(hdev); 2277 2278 if (pending_eir_or_class(hdev)) { 2279 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2280 MGMT_STATUS_BUSY); 2281 goto unlock; 2282 } 2283 2284 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2285 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2286 MGMT_STATUS_INVALID_PARAMS); 2287 goto unlock; 2288 } 2289 2290 hdev->major_class = cp->major; 2291 hdev->minor_class = cp->minor; 2292 2293 if (!hdev_is_powered(hdev)) { 2294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2295 hdev->dev_class, 3); 2296 goto unlock; 2297 } 2298 2299 hci_req_init(&req, hdev); 2300 2301 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2302 hci_dev_unlock(hdev); 2303 cancel_delayed_work_sync(&hdev->service_cache); 2304 hci_dev_lock(hdev); 2305 __hci_req_update_eir(&req); 2306 } 2307 2308 __hci_req_update_class(&req); 2309 2310 err = hci_req_run(&req, set_class_complete); 2311 if (err < 0) { 2312 if (err != -ENODATA) 2313 goto unlock; 2314 2315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2316 hdev->dev_class, 3); 2317 goto unlock; 2318 } 2319 2320 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2321 if (!cmd) { 2322 err = -ENOMEM; 2323 goto unlock; 2324 } 2325 2326 err = 0; 2327 2328 unlock: 2329 hci_dev_unlock(hdev); 2330 return err; 2331 } 2332 2333 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2334 u16 len) 2335 { 2336 struct mgmt_cp_load_link_keys *cp = data; 2337 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2338 sizeof(struct mgmt_link_key_info)); 2339 u16 key_count, expected_len; 2340 bool changed; 2341 int i; 2342 2343 bt_dev_dbg(hdev, "sock %p", sk); 2344 2345 if (!lmp_bredr_capable(hdev)) 2346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2347 MGMT_STATUS_NOT_SUPPORTED); 2348 2349 key_count = __le16_to_cpu(cp->key_count); 2350 if (key_count > max_key_count) { 2351 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2352 key_count); 2353 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2354 MGMT_STATUS_INVALID_PARAMS); 2355 } 2356 2357 expected_len = struct_size(cp, keys, key_count); 2358 if (expected_len != len) { 2359 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2360 expected_len, len); 2361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2362 MGMT_STATUS_INVALID_PARAMS); 2363 } 2364 2365 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2366 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2367 MGMT_STATUS_INVALID_PARAMS); 2368 2369 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys, 2370 key_count); 2371 2372 for (i = 0; i < key_count; i++) { 2373 struct mgmt_link_key_info *key = &cp->keys[i]; 2374 2375 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2376 return mgmt_cmd_status(sk, hdev->id, 2377 MGMT_OP_LOAD_LINK_KEYS, 2378 MGMT_STATUS_INVALID_PARAMS); 2379 } 2380 2381 hci_dev_lock(hdev); 2382 2383 hci_link_keys_clear(hdev); 2384 2385 if (cp->debug_keys) 2386 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2387 else 2388 changed = hci_dev_test_and_clear_flag(hdev, 2389 HCI_KEEP_DEBUG_KEYS); 2390 2391 if (changed) 2392 new_settings(hdev, NULL); 2393 2394 for (i = 0; i < key_count; i++) { 2395 struct mgmt_link_key_info *key = &cp->keys[i]; 2396 2397 if (hci_is_blocked_key(hdev, 2398 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2399 key->val)) { 2400 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2401 &key->addr.bdaddr); 2402 continue; 2403 } 2404 2405 /* Always ignore debug keys and require a new pairing if 2406 * the user wants to use them. 2407 */ 2408 if (key->type == HCI_LK_DEBUG_COMBINATION) 2409 continue; 2410 2411 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2412 key->type, key->pin_len, NULL); 2413 } 2414 2415 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2416 2417 hci_dev_unlock(hdev); 2418 2419 return 0; 2420 } 2421 2422 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2423 u8 addr_type, struct sock *skip_sk) 2424 { 2425 struct mgmt_ev_device_unpaired ev; 2426 2427 bacpy(&ev.addr.bdaddr, bdaddr); 2428 ev.addr.type = addr_type; 2429 2430 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2431 skip_sk); 2432 } 2433 2434 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2435 u16 len) 2436 { 2437 struct mgmt_cp_unpair_device *cp = data; 2438 struct mgmt_rp_unpair_device rp; 2439 struct hci_conn_params *params; 2440 struct mgmt_pending_cmd *cmd; 2441 struct hci_conn *conn; 2442 u8 addr_type; 2443 int err; 2444 2445 memset(&rp, 0, sizeof(rp)); 2446 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2447 rp.addr.type = cp->addr.type; 2448 2449 if (!bdaddr_type_is_valid(cp->addr.type)) 2450 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2451 MGMT_STATUS_INVALID_PARAMS, 2452 &rp, sizeof(rp)); 2453 2454 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2455 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2456 MGMT_STATUS_INVALID_PARAMS, 2457 &rp, sizeof(rp)); 2458 2459 hci_dev_lock(hdev); 2460 2461 if (!hdev_is_powered(hdev)) { 2462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2463 MGMT_STATUS_NOT_POWERED, &rp, 2464 sizeof(rp)); 2465 goto unlock; 2466 } 2467 2468 if (cp->addr.type == BDADDR_BREDR) { 2469 /* If disconnection is requested, then look up the 2470 * connection. If the remote device is connected, it 2471 * will be later used to terminate the link. 2472 * 2473 * Setting it to NULL explicitly will cause no 2474 * termination of the link. 2475 */ 2476 if (cp->disconnect) 2477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2478 &cp->addr.bdaddr); 2479 else 2480 conn = NULL; 2481 2482 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2483 if (err < 0) { 2484 err = mgmt_cmd_complete(sk, hdev->id, 2485 MGMT_OP_UNPAIR_DEVICE, 2486 MGMT_STATUS_NOT_PAIRED, &rp, 2487 sizeof(rp)); 2488 goto unlock; 2489 } 2490 2491 goto done; 2492 } 2493 2494 /* LE address type */ 2495 addr_type = le_addr_type(cp->addr.type); 2496 2497 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 2498 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 2499 if (err < 0) { 2500 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2501 MGMT_STATUS_NOT_PAIRED, &rp, 2502 sizeof(rp)); 2503 goto unlock; 2504 } 2505 2506 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2507 if (!conn) { 2508 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2509 goto done; 2510 } 2511 2512 2513 /* Defer clearing up the connection parameters until closing to 2514 * give a chance of keeping them if a repairing happens. 2515 */ 2516 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2517 2518 /* Disable auto-connection parameters if present */ 2519 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2520 if (params) { 2521 if (params->explicit_connect) 2522 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2523 else 2524 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2525 } 2526 2527 /* If disconnection is not requested, then clear the connection 2528 * variable so that the link is not terminated. 2529 */ 2530 if (!cp->disconnect) 2531 conn = NULL; 2532 2533 done: 2534 /* If the connection variable is set, then termination of the 2535 * link is requested. 2536 */ 2537 if (!conn) { 2538 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2539 &rp, sizeof(rp)); 2540 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2541 goto unlock; 2542 } 2543 2544 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2545 sizeof(*cp)); 2546 if (!cmd) { 2547 err = -ENOMEM; 2548 goto unlock; 2549 } 2550 2551 cmd->cmd_complete = addr_cmd_complete; 2552 2553 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2554 if (err < 0) 2555 mgmt_pending_remove(cmd); 2556 2557 unlock: 2558 hci_dev_unlock(hdev); 2559 return err; 2560 } 2561 2562 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2563 u16 len) 2564 { 2565 struct mgmt_cp_disconnect *cp = data; 2566 struct mgmt_rp_disconnect rp; 2567 struct mgmt_pending_cmd *cmd; 2568 struct hci_conn *conn; 2569 int err; 2570 2571 bt_dev_dbg(hdev, "sock %p", sk); 2572 2573 memset(&rp, 0, sizeof(rp)); 2574 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2575 rp.addr.type = cp->addr.type; 2576 2577 if (!bdaddr_type_is_valid(cp->addr.type)) 2578 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2579 MGMT_STATUS_INVALID_PARAMS, 2580 &rp, sizeof(rp)); 2581 2582 hci_dev_lock(hdev); 2583 2584 if (!test_bit(HCI_UP, &hdev->flags)) { 2585 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2586 MGMT_STATUS_NOT_POWERED, &rp, 2587 sizeof(rp)); 2588 goto failed; 2589 } 2590 2591 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2592 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2593 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2594 goto failed; 2595 } 2596 2597 if (cp->addr.type == BDADDR_BREDR) 2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2599 &cp->addr.bdaddr); 2600 else 2601 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2602 le_addr_type(cp->addr.type)); 2603 2604 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2605 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2606 MGMT_STATUS_NOT_CONNECTED, &rp, 2607 sizeof(rp)); 2608 goto failed; 2609 } 2610 2611 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2612 if (!cmd) { 2613 err = -ENOMEM; 2614 goto failed; 2615 } 2616 2617 cmd->cmd_complete = generic_cmd_complete; 2618 2619 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2620 if (err < 0) 2621 mgmt_pending_remove(cmd); 2622 2623 failed: 2624 hci_dev_unlock(hdev); 2625 return err; 2626 } 2627 2628 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2629 { 2630 switch (link_type) { 2631 case LE_LINK: 2632 switch (addr_type) { 2633 case ADDR_LE_DEV_PUBLIC: 2634 return BDADDR_LE_PUBLIC; 2635 2636 default: 2637 /* Fallback to LE Random address type */ 2638 return BDADDR_LE_RANDOM; 2639 } 2640 2641 default: 2642 /* Fallback to BR/EDR type */ 2643 return BDADDR_BREDR; 2644 } 2645 } 2646 2647 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2648 u16 data_len) 2649 { 2650 struct mgmt_rp_get_connections *rp; 2651 struct hci_conn *c; 2652 int err; 2653 u16 i; 2654 2655 bt_dev_dbg(hdev, "sock %p", sk); 2656 2657 hci_dev_lock(hdev); 2658 2659 if (!hdev_is_powered(hdev)) { 2660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2661 MGMT_STATUS_NOT_POWERED); 2662 goto unlock; 2663 } 2664 2665 i = 0; 2666 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2667 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2668 i++; 2669 } 2670 2671 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 2672 if (!rp) { 2673 err = -ENOMEM; 2674 goto unlock; 2675 } 2676 2677 i = 0; 2678 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2679 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2680 continue; 2681 bacpy(&rp->addr[i].bdaddr, &c->dst); 2682 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2683 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2684 continue; 2685 i++; 2686 } 2687 2688 rp->conn_count = cpu_to_le16(i); 2689 2690 /* Recalculate length in case of filtered SCO connections, etc */ 2691 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2692 struct_size(rp, addr, i)); 2693 2694 kfree(rp); 2695 2696 unlock: 2697 hci_dev_unlock(hdev); 2698 return err; 2699 } 2700 2701 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2702 struct mgmt_cp_pin_code_neg_reply *cp) 2703 { 2704 struct mgmt_pending_cmd *cmd; 2705 int err; 2706 2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2708 sizeof(*cp)); 2709 if (!cmd) 2710 return -ENOMEM; 2711 2712 cmd->cmd_complete = addr_cmd_complete; 2713 2714 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2715 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2716 if (err < 0) 2717 mgmt_pending_remove(cmd); 2718 2719 return err; 2720 } 2721 2722 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2723 u16 len) 2724 { 2725 struct hci_conn *conn; 2726 struct mgmt_cp_pin_code_reply *cp = data; 2727 struct hci_cp_pin_code_reply reply; 2728 struct mgmt_pending_cmd *cmd; 2729 int err; 2730 2731 bt_dev_dbg(hdev, "sock %p", sk); 2732 2733 hci_dev_lock(hdev); 2734 2735 if (!hdev_is_powered(hdev)) { 2736 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2737 MGMT_STATUS_NOT_POWERED); 2738 goto failed; 2739 } 2740 2741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2742 if (!conn) { 2743 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2744 MGMT_STATUS_NOT_CONNECTED); 2745 goto failed; 2746 } 2747 2748 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2749 struct mgmt_cp_pin_code_neg_reply ncp; 2750 2751 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2752 2753 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2754 2755 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2756 if (err >= 0) 2757 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2758 MGMT_STATUS_INVALID_PARAMS); 2759 2760 goto failed; 2761 } 2762 2763 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2764 if (!cmd) { 2765 err = -ENOMEM; 2766 goto failed; 2767 } 2768 2769 cmd->cmd_complete = addr_cmd_complete; 2770 2771 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2772 reply.pin_len = cp->pin_len; 2773 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2774 2775 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2776 if (err < 0) 2777 mgmt_pending_remove(cmd); 2778 2779 failed: 2780 hci_dev_unlock(hdev); 2781 return err; 2782 } 2783 2784 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2785 u16 len) 2786 { 2787 struct mgmt_cp_set_io_capability *cp = data; 2788 2789 bt_dev_dbg(hdev, "sock %p", sk); 2790 2791 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2793 MGMT_STATUS_INVALID_PARAMS); 2794 2795 hci_dev_lock(hdev); 2796 2797 hdev->io_capability = cp->io_capability; 2798 2799 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability); 2800 2801 hci_dev_unlock(hdev); 2802 2803 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2804 NULL, 0); 2805 } 2806 2807 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2808 { 2809 struct hci_dev *hdev = conn->hdev; 2810 struct mgmt_pending_cmd *cmd; 2811 2812 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2813 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2814 continue; 2815 2816 if (cmd->user_data != conn) 2817 continue; 2818 2819 return cmd; 2820 } 2821 2822 return NULL; 2823 } 2824 2825 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2826 { 2827 struct mgmt_rp_pair_device rp; 2828 struct hci_conn *conn = cmd->user_data; 2829 int err; 2830 2831 bacpy(&rp.addr.bdaddr, &conn->dst); 2832 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2833 2834 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2835 status, &rp, sizeof(rp)); 2836 2837 /* So we don't get further callbacks for this connection */ 2838 conn->connect_cfm_cb = NULL; 2839 conn->security_cfm_cb = NULL; 2840 conn->disconn_cfm_cb = NULL; 2841 2842 hci_conn_drop(conn); 2843 2844 /* The device is paired so there is no need to remove 2845 * its connection parameters anymore. 2846 */ 2847 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2848 2849 hci_conn_put(conn); 2850 2851 return err; 2852 } 2853 2854 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2855 { 2856 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2857 struct mgmt_pending_cmd *cmd; 2858 2859 cmd = find_pairing(conn); 2860 if (cmd) { 2861 cmd->cmd_complete(cmd, status); 2862 mgmt_pending_remove(cmd); 2863 } 2864 } 2865 2866 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2867 { 2868 struct mgmt_pending_cmd *cmd; 2869 2870 BT_DBG("status %u", status); 2871 2872 cmd = find_pairing(conn); 2873 if (!cmd) { 2874 BT_DBG("Unable to find a pending command"); 2875 return; 2876 } 2877 2878 cmd->cmd_complete(cmd, mgmt_status(status)); 2879 mgmt_pending_remove(cmd); 2880 } 2881 2882 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2883 { 2884 struct mgmt_pending_cmd *cmd; 2885 2886 BT_DBG("status %u", status); 2887 2888 if (!status) 2889 return; 2890 2891 cmd = find_pairing(conn); 2892 if (!cmd) { 2893 BT_DBG("Unable to find a pending command"); 2894 return; 2895 } 2896 2897 cmd->cmd_complete(cmd, mgmt_status(status)); 2898 mgmt_pending_remove(cmd); 2899 } 2900 2901 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2902 u16 len) 2903 { 2904 struct mgmt_cp_pair_device *cp = data; 2905 struct mgmt_rp_pair_device rp; 2906 struct mgmt_pending_cmd *cmd; 2907 u8 sec_level, auth_type; 2908 struct hci_conn *conn; 2909 int err; 2910 2911 bt_dev_dbg(hdev, "sock %p", sk); 2912 2913 memset(&rp, 0, sizeof(rp)); 2914 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2915 rp.addr.type = cp->addr.type; 2916 2917 if (!bdaddr_type_is_valid(cp->addr.type)) 2918 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2919 MGMT_STATUS_INVALID_PARAMS, 2920 &rp, sizeof(rp)); 2921 2922 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2923 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2924 MGMT_STATUS_INVALID_PARAMS, 2925 &rp, sizeof(rp)); 2926 2927 hci_dev_lock(hdev); 2928 2929 if (!hdev_is_powered(hdev)) { 2930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2931 MGMT_STATUS_NOT_POWERED, &rp, 2932 sizeof(rp)); 2933 goto unlock; 2934 } 2935 2936 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2937 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2938 MGMT_STATUS_ALREADY_PAIRED, &rp, 2939 sizeof(rp)); 2940 goto unlock; 2941 } 2942 2943 sec_level = BT_SECURITY_MEDIUM; 2944 auth_type = HCI_AT_DEDICATED_BONDING; 2945 2946 if (cp->addr.type == BDADDR_BREDR) { 2947 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2948 auth_type, CONN_REASON_PAIR_DEVICE); 2949 } else { 2950 u8 addr_type = le_addr_type(cp->addr.type); 2951 struct hci_conn_params *p; 2952 2953 /* When pairing a new device, it is expected to remember 2954 * this device for future connections. Adding the connection 2955 * parameter information ahead of time allows tracking 2956 * of the slave preferred values and will speed up any 2957 * further connection establishment. 2958 * 2959 * If connection parameters already exist, then they 2960 * will be kept and this function does nothing. 2961 */ 2962 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2963 2964 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2965 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2966 2967 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 2968 sec_level, HCI_LE_CONN_TIMEOUT, 2969 CONN_REASON_PAIR_DEVICE); 2970 } 2971 2972 if (IS_ERR(conn)) { 2973 int status; 2974 2975 if (PTR_ERR(conn) == -EBUSY) 2976 status = MGMT_STATUS_BUSY; 2977 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2978 status = MGMT_STATUS_NOT_SUPPORTED; 2979 else if (PTR_ERR(conn) == -ECONNREFUSED) 2980 status = MGMT_STATUS_REJECTED; 2981 else 2982 status = MGMT_STATUS_CONNECT_FAILED; 2983 2984 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2985 status, &rp, sizeof(rp)); 2986 goto unlock; 2987 } 2988 2989 if (conn->connect_cfm_cb) { 2990 hci_conn_drop(conn); 2991 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2992 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2993 goto unlock; 2994 } 2995 2996 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2997 if (!cmd) { 2998 err = -ENOMEM; 2999 hci_conn_drop(conn); 3000 goto unlock; 3001 } 3002 3003 cmd->cmd_complete = pairing_complete; 3004 3005 /* For LE, just connecting isn't a proof that the pairing finished */ 3006 if (cp->addr.type == BDADDR_BREDR) { 3007 conn->connect_cfm_cb = pairing_complete_cb; 3008 conn->security_cfm_cb = pairing_complete_cb; 3009 conn->disconn_cfm_cb = pairing_complete_cb; 3010 } else { 3011 conn->connect_cfm_cb = le_pairing_complete_cb; 3012 conn->security_cfm_cb = le_pairing_complete_cb; 3013 conn->disconn_cfm_cb = le_pairing_complete_cb; 3014 } 3015 3016 conn->io_capability = cp->io_cap; 3017 cmd->user_data = hci_conn_get(conn); 3018 3019 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3020 hci_conn_security(conn, sec_level, auth_type, true)) { 3021 cmd->cmd_complete(cmd, 0); 3022 mgmt_pending_remove(cmd); 3023 } 3024 3025 err = 0; 3026 3027 unlock: 3028 hci_dev_unlock(hdev); 3029 return err; 3030 } 3031 3032 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3033 u16 len) 3034 { 3035 struct mgmt_addr_info *addr = data; 3036 struct mgmt_pending_cmd *cmd; 3037 struct hci_conn *conn; 3038 int err; 3039 3040 bt_dev_dbg(hdev, "sock %p", sk); 3041 3042 hci_dev_lock(hdev); 3043 3044 if (!hdev_is_powered(hdev)) { 3045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3046 MGMT_STATUS_NOT_POWERED); 3047 goto unlock; 3048 } 3049 3050 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3051 if (!cmd) { 3052 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3053 MGMT_STATUS_INVALID_PARAMS); 3054 goto unlock; 3055 } 3056 3057 conn = cmd->user_data; 3058 3059 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3060 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3061 MGMT_STATUS_INVALID_PARAMS); 3062 goto unlock; 3063 } 3064 3065 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3066 mgmt_pending_remove(cmd); 3067 3068 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3069 addr, sizeof(*addr)); 3070 3071 /* Since user doesn't want to proceed with the connection, abort any 3072 * ongoing pairing and then terminate the link if it was created 3073 * because of the pair device action. 3074 */ 3075 if (addr->type == BDADDR_BREDR) 3076 hci_remove_link_key(hdev, &addr->bdaddr); 3077 else 3078 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3079 le_addr_type(addr->type)); 3080 3081 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3082 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 3083 3084 unlock: 3085 hci_dev_unlock(hdev); 3086 return err; 3087 } 3088 3089 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3090 struct mgmt_addr_info *addr, u16 mgmt_op, 3091 u16 hci_op, __le32 passkey) 3092 { 3093 struct mgmt_pending_cmd *cmd; 3094 struct hci_conn *conn; 3095 int err; 3096 3097 hci_dev_lock(hdev); 3098 3099 if (!hdev_is_powered(hdev)) { 3100 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3101 MGMT_STATUS_NOT_POWERED, addr, 3102 sizeof(*addr)); 3103 goto done; 3104 } 3105 3106 if (addr->type == BDADDR_BREDR) 3107 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3108 else 3109 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3110 le_addr_type(addr->type)); 3111 3112 if (!conn) { 3113 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3114 MGMT_STATUS_NOT_CONNECTED, addr, 3115 sizeof(*addr)); 3116 goto done; 3117 } 3118 3119 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3120 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3121 if (!err) 3122 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3123 MGMT_STATUS_SUCCESS, addr, 3124 sizeof(*addr)); 3125 else 3126 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3127 MGMT_STATUS_FAILED, addr, 3128 sizeof(*addr)); 3129 3130 goto done; 3131 } 3132 3133 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3134 if (!cmd) { 3135 err = -ENOMEM; 3136 goto done; 3137 } 3138 3139 cmd->cmd_complete = addr_cmd_complete; 3140 3141 /* Continue with pairing via HCI */ 3142 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3143 struct hci_cp_user_passkey_reply cp; 3144 3145 bacpy(&cp.bdaddr, &addr->bdaddr); 3146 cp.passkey = passkey; 3147 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3148 } else 3149 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3150 &addr->bdaddr); 3151 3152 if (err < 0) 3153 mgmt_pending_remove(cmd); 3154 3155 done: 3156 hci_dev_unlock(hdev); 3157 return err; 3158 } 3159 3160 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3161 void *data, u16 len) 3162 { 3163 struct mgmt_cp_pin_code_neg_reply *cp = data; 3164 3165 bt_dev_dbg(hdev, "sock %p", sk); 3166 3167 return user_pairing_resp(sk, hdev, &cp->addr, 3168 MGMT_OP_PIN_CODE_NEG_REPLY, 3169 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3170 } 3171 3172 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3173 u16 len) 3174 { 3175 struct mgmt_cp_user_confirm_reply *cp = data; 3176 3177 bt_dev_dbg(hdev, "sock %p", sk); 3178 3179 if (len != sizeof(*cp)) 3180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3181 MGMT_STATUS_INVALID_PARAMS); 3182 3183 return user_pairing_resp(sk, hdev, &cp->addr, 3184 MGMT_OP_USER_CONFIRM_REPLY, 3185 HCI_OP_USER_CONFIRM_REPLY, 0); 3186 } 3187 3188 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3189 void *data, u16 len) 3190 { 3191 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3192 3193 bt_dev_dbg(hdev, "sock %p", sk); 3194 3195 return user_pairing_resp(sk, hdev, &cp->addr, 3196 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3197 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3198 } 3199 3200 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3201 u16 len) 3202 { 3203 struct mgmt_cp_user_passkey_reply *cp = data; 3204 3205 bt_dev_dbg(hdev, "sock %p", sk); 3206 3207 return user_pairing_resp(sk, hdev, &cp->addr, 3208 MGMT_OP_USER_PASSKEY_REPLY, 3209 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3210 } 3211 3212 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3213 void *data, u16 len) 3214 { 3215 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3216 3217 bt_dev_dbg(hdev, "sock %p", sk); 3218 3219 return user_pairing_resp(sk, hdev, &cp->addr, 3220 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3221 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3222 } 3223 3224 static void adv_expire(struct hci_dev *hdev, u32 flags) 3225 { 3226 struct adv_info *adv_instance; 3227 struct hci_request req; 3228 int err; 3229 3230 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3231 if (!adv_instance) 3232 return; 3233 3234 /* stop if current instance doesn't need to be changed */ 3235 if (!(adv_instance->flags & flags)) 3236 return; 3237 3238 cancel_adv_timeout(hdev); 3239 3240 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3241 if (!adv_instance) 3242 return; 3243 3244 hci_req_init(&req, hdev); 3245 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3246 true); 3247 if (err) 3248 return; 3249 3250 hci_req_run(&req, NULL); 3251 } 3252 3253 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3254 { 3255 struct mgmt_cp_set_local_name *cp; 3256 struct mgmt_pending_cmd *cmd; 3257 3258 bt_dev_dbg(hdev, "status 0x%02x", status); 3259 3260 hci_dev_lock(hdev); 3261 3262 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3263 if (!cmd) 3264 goto unlock; 3265 3266 cp = cmd->param; 3267 3268 if (status) { 3269 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3270 mgmt_status(status)); 3271 } else { 3272 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3273 cp, sizeof(*cp)); 3274 3275 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3276 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3277 } 3278 3279 mgmt_pending_remove(cmd); 3280 3281 unlock: 3282 hci_dev_unlock(hdev); 3283 } 3284 3285 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3286 u16 len) 3287 { 3288 struct mgmt_cp_set_local_name *cp = data; 3289 struct mgmt_pending_cmd *cmd; 3290 struct hci_request req; 3291 int err; 3292 3293 bt_dev_dbg(hdev, "sock %p", sk); 3294 3295 hci_dev_lock(hdev); 3296 3297 /* If the old values are the same as the new ones just return a 3298 * direct command complete event. 3299 */ 3300 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3301 !memcmp(hdev->short_name, cp->short_name, 3302 sizeof(hdev->short_name))) { 3303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3304 data, len); 3305 goto failed; 3306 } 3307 3308 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3309 3310 if (!hdev_is_powered(hdev)) { 3311 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3312 3313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3314 data, len); 3315 if (err < 0) 3316 goto failed; 3317 3318 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3319 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3320 ext_info_changed(hdev, sk); 3321 3322 goto failed; 3323 } 3324 3325 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3326 if (!cmd) { 3327 err = -ENOMEM; 3328 goto failed; 3329 } 3330 3331 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3332 3333 hci_req_init(&req, hdev); 3334 3335 if (lmp_bredr_capable(hdev)) { 3336 __hci_req_update_name(&req); 3337 __hci_req_update_eir(&req); 3338 } 3339 3340 /* The name is stored in the scan response data and so 3341 * no need to udpate the advertising data here. 3342 */ 3343 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3344 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3345 3346 err = hci_req_run(&req, set_name_complete); 3347 if (err < 0) 3348 mgmt_pending_remove(cmd); 3349 3350 failed: 3351 hci_dev_unlock(hdev); 3352 return err; 3353 } 3354 3355 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3356 u16 len) 3357 { 3358 struct mgmt_cp_set_appearance *cp = data; 3359 u16 appearance; 3360 int err; 3361 3362 bt_dev_dbg(hdev, "sock %p", sk); 3363 3364 if (!lmp_le_capable(hdev)) 3365 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3366 MGMT_STATUS_NOT_SUPPORTED); 3367 3368 appearance = le16_to_cpu(cp->appearance); 3369 3370 hci_dev_lock(hdev); 3371 3372 if (hdev->appearance != appearance) { 3373 hdev->appearance = appearance; 3374 3375 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3376 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3377 3378 ext_info_changed(hdev, sk); 3379 } 3380 3381 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3382 0); 3383 3384 hci_dev_unlock(hdev); 3385 3386 return err; 3387 } 3388 3389 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3390 void *data, u16 len) 3391 { 3392 struct mgmt_rp_get_phy_configuration rp; 3393 3394 bt_dev_dbg(hdev, "sock %p", sk); 3395 3396 hci_dev_lock(hdev); 3397 3398 memset(&rp, 0, sizeof(rp)); 3399 3400 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3401 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3402 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3403 3404 hci_dev_unlock(hdev); 3405 3406 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3407 &rp, sizeof(rp)); 3408 } 3409 3410 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3411 { 3412 struct mgmt_ev_phy_configuration_changed ev; 3413 3414 memset(&ev, 0, sizeof(ev)); 3415 3416 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3417 3418 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3419 sizeof(ev), skip); 3420 } 3421 3422 static void set_default_phy_complete(struct hci_dev *hdev, u8 status, 3423 u16 opcode, struct sk_buff *skb) 3424 { 3425 struct mgmt_pending_cmd *cmd; 3426 3427 bt_dev_dbg(hdev, "status 0x%02x", status); 3428 3429 hci_dev_lock(hdev); 3430 3431 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev); 3432 if (!cmd) 3433 goto unlock; 3434 3435 if (status) { 3436 mgmt_cmd_status(cmd->sk, hdev->id, 3437 MGMT_OP_SET_PHY_CONFIGURATION, 3438 mgmt_status(status)); 3439 } else { 3440 mgmt_cmd_complete(cmd->sk, hdev->id, 3441 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3442 NULL, 0); 3443 3444 mgmt_phy_configuration_changed(hdev, cmd->sk); 3445 } 3446 3447 mgmt_pending_remove(cmd); 3448 3449 unlock: 3450 hci_dev_unlock(hdev); 3451 } 3452 3453 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3454 void *data, u16 len) 3455 { 3456 struct mgmt_cp_set_phy_configuration *cp = data; 3457 struct hci_cp_le_set_default_phy cp_phy; 3458 struct mgmt_pending_cmd *cmd; 3459 struct hci_request req; 3460 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 3461 u16 pkt_type = (HCI_DH1 | HCI_DM1); 3462 bool changed = false; 3463 int err; 3464 3465 bt_dev_dbg(hdev, "sock %p", sk); 3466 3467 configurable_phys = get_configurable_phys(hdev); 3468 supported_phys = get_supported_phys(hdev); 3469 selected_phys = __le32_to_cpu(cp->selected_phys); 3470 3471 if (selected_phys & ~supported_phys) 3472 return mgmt_cmd_status(sk, hdev->id, 3473 MGMT_OP_SET_PHY_CONFIGURATION, 3474 MGMT_STATUS_INVALID_PARAMS); 3475 3476 unconfigure_phys = supported_phys & ~configurable_phys; 3477 3478 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 3479 return mgmt_cmd_status(sk, hdev->id, 3480 MGMT_OP_SET_PHY_CONFIGURATION, 3481 MGMT_STATUS_INVALID_PARAMS); 3482 3483 if (selected_phys == get_selected_phys(hdev)) 3484 return mgmt_cmd_complete(sk, hdev->id, 3485 MGMT_OP_SET_PHY_CONFIGURATION, 3486 0, NULL, 0); 3487 3488 hci_dev_lock(hdev); 3489 3490 if (!hdev_is_powered(hdev)) { 3491 err = mgmt_cmd_status(sk, hdev->id, 3492 MGMT_OP_SET_PHY_CONFIGURATION, 3493 MGMT_STATUS_REJECTED); 3494 goto unlock; 3495 } 3496 3497 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 3498 err = mgmt_cmd_status(sk, hdev->id, 3499 MGMT_OP_SET_PHY_CONFIGURATION, 3500 MGMT_STATUS_BUSY); 3501 goto unlock; 3502 } 3503 3504 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 3505 pkt_type |= (HCI_DH3 | HCI_DM3); 3506 else 3507 pkt_type &= ~(HCI_DH3 | HCI_DM3); 3508 3509 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 3510 pkt_type |= (HCI_DH5 | HCI_DM5); 3511 else 3512 pkt_type &= ~(HCI_DH5 | HCI_DM5); 3513 3514 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 3515 pkt_type &= ~HCI_2DH1; 3516 else 3517 pkt_type |= HCI_2DH1; 3518 3519 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 3520 pkt_type &= ~HCI_2DH3; 3521 else 3522 pkt_type |= HCI_2DH3; 3523 3524 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 3525 pkt_type &= ~HCI_2DH5; 3526 else 3527 pkt_type |= HCI_2DH5; 3528 3529 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 3530 pkt_type &= ~HCI_3DH1; 3531 else 3532 pkt_type |= HCI_3DH1; 3533 3534 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 3535 pkt_type &= ~HCI_3DH3; 3536 else 3537 pkt_type |= HCI_3DH3; 3538 3539 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 3540 pkt_type &= ~HCI_3DH5; 3541 else 3542 pkt_type |= HCI_3DH5; 3543 3544 if (pkt_type != hdev->pkt_type) { 3545 hdev->pkt_type = pkt_type; 3546 changed = true; 3547 } 3548 3549 if ((selected_phys & MGMT_PHY_LE_MASK) == 3550 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 3551 if (changed) 3552 mgmt_phy_configuration_changed(hdev, sk); 3553 3554 err = mgmt_cmd_complete(sk, hdev->id, 3555 MGMT_OP_SET_PHY_CONFIGURATION, 3556 0, NULL, 0); 3557 3558 goto unlock; 3559 } 3560 3561 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 3562 len); 3563 if (!cmd) { 3564 err = -ENOMEM; 3565 goto unlock; 3566 } 3567 3568 hci_req_init(&req, hdev); 3569 3570 memset(&cp_phy, 0, sizeof(cp_phy)); 3571 3572 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 3573 cp_phy.all_phys |= 0x01; 3574 3575 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 3576 cp_phy.all_phys |= 0x02; 3577 3578 if (selected_phys & MGMT_PHY_LE_1M_TX) 3579 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 3580 3581 if (selected_phys & MGMT_PHY_LE_2M_TX) 3582 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 3583 3584 if (selected_phys & MGMT_PHY_LE_CODED_TX) 3585 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 3586 3587 if (selected_phys & MGMT_PHY_LE_1M_RX) 3588 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 3589 3590 if (selected_phys & MGMT_PHY_LE_2M_RX) 3591 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 3592 3593 if (selected_phys & MGMT_PHY_LE_CODED_RX) 3594 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 3595 3596 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy); 3597 3598 err = hci_req_run_skb(&req, set_default_phy_complete); 3599 if (err < 0) 3600 mgmt_pending_remove(cmd); 3601 3602 unlock: 3603 hci_dev_unlock(hdev); 3604 3605 return err; 3606 } 3607 3608 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 3609 u16 len) 3610 { 3611 int err = MGMT_STATUS_SUCCESS; 3612 struct mgmt_cp_set_blocked_keys *keys = data; 3613 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 3614 sizeof(struct mgmt_blocked_key_info)); 3615 u16 key_count, expected_len; 3616 int i; 3617 3618 bt_dev_dbg(hdev, "sock %p", sk); 3619 3620 key_count = __le16_to_cpu(keys->key_count); 3621 if (key_count > max_key_count) { 3622 bt_dev_err(hdev, "too big key_count value %u", key_count); 3623 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3624 MGMT_STATUS_INVALID_PARAMS); 3625 } 3626 3627 expected_len = struct_size(keys, keys, key_count); 3628 if (expected_len != len) { 3629 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 3630 expected_len, len); 3631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3632 MGMT_STATUS_INVALID_PARAMS); 3633 } 3634 3635 hci_dev_lock(hdev); 3636 3637 hci_blocked_keys_clear(hdev); 3638 3639 for (i = 0; i < keys->key_count; ++i) { 3640 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 3641 3642 if (!b) { 3643 err = MGMT_STATUS_NO_RESOURCES; 3644 break; 3645 } 3646 3647 b->type = keys->keys[i].type; 3648 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 3649 list_add_rcu(&b->list, &hdev->blocked_keys); 3650 } 3651 hci_dev_unlock(hdev); 3652 3653 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3654 err, NULL, 0); 3655 } 3656 3657 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, 3658 void *data, u16 len) 3659 { 3660 struct mgmt_mode *cp = data; 3661 int err; 3662 bool changed = false; 3663 3664 bt_dev_dbg(hdev, "sock %p", sk); 3665 3666 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks)) 3667 return mgmt_cmd_status(sk, hdev->id, 3668 MGMT_OP_SET_WIDEBAND_SPEECH, 3669 MGMT_STATUS_NOT_SUPPORTED); 3670 3671 if (cp->val != 0x00 && cp->val != 0x01) 3672 return mgmt_cmd_status(sk, hdev->id, 3673 MGMT_OP_SET_WIDEBAND_SPEECH, 3674 MGMT_STATUS_INVALID_PARAMS); 3675 3676 hci_dev_lock(hdev); 3677 3678 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) { 3679 err = mgmt_cmd_status(sk, hdev->id, 3680 MGMT_OP_SET_WIDEBAND_SPEECH, 3681 MGMT_STATUS_BUSY); 3682 goto unlock; 3683 } 3684 3685 if (hdev_is_powered(hdev) && 3686 !!cp->val != hci_dev_test_flag(hdev, 3687 HCI_WIDEBAND_SPEECH_ENABLED)) { 3688 err = mgmt_cmd_status(sk, hdev->id, 3689 MGMT_OP_SET_WIDEBAND_SPEECH, 3690 MGMT_STATUS_REJECTED); 3691 goto unlock; 3692 } 3693 3694 if (cp->val) 3695 changed = !hci_dev_test_and_set_flag(hdev, 3696 HCI_WIDEBAND_SPEECH_ENABLED); 3697 else 3698 changed = hci_dev_test_and_clear_flag(hdev, 3699 HCI_WIDEBAND_SPEECH_ENABLED); 3700 3701 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev); 3702 if (err < 0) 3703 goto unlock; 3704 3705 if (changed) 3706 err = new_settings(hdev, sk); 3707 3708 unlock: 3709 hci_dev_unlock(hdev); 3710 return err; 3711 } 3712 3713 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev, 3714 void *data, u16 data_len) 3715 { 3716 char buf[20]; 3717 struct mgmt_rp_read_controller_cap *rp = (void *)buf; 3718 u16 cap_len = 0; 3719 u8 flags = 0; 3720 u8 tx_power_range[2]; 3721 3722 bt_dev_dbg(hdev, "sock %p", sk); 3723 3724 memset(&buf, 0, sizeof(buf)); 3725 3726 hci_dev_lock(hdev); 3727 3728 /* When the Read Simple Pairing Options command is supported, then 3729 * the remote public key validation is supported. 3730 */ 3731 if (hdev->commands[41] & 0x08) 3732 flags |= 0x01; /* Remote public key validation (BR/EDR) */ 3733 3734 flags |= 0x02; /* Remote public key validation (LE) */ 3735 3736 /* When the Read Encryption Key Size command is supported, then the 3737 * encryption key size is enforced. 3738 */ 3739 if (hdev->commands[20] & 0x10) 3740 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ 3741 3742 flags |= 0x08; /* Encryption key size enforcement (LE) */ 3743 3744 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS, 3745 &flags, 1); 3746 3747 /* When the Read Simple Pairing Options command is supported, then 3748 * also max encryption key size information is provided. 3749 */ 3750 if (hdev->commands[41] & 0x08) 3751 cap_len = eir_append_le16(rp->cap, cap_len, 3752 MGMT_CAP_MAX_ENC_KEY_SIZE, 3753 hdev->max_enc_key_size); 3754 3755 cap_len = eir_append_le16(rp->cap, cap_len, 3756 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE, 3757 SMP_MAX_ENC_KEY_SIZE); 3758 3759 /* Append the min/max LE tx power parameters if we were able to fetch 3760 * it from the controller 3761 */ 3762 if (hdev->commands[38] & 0x80) { 3763 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1); 3764 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1); 3765 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR, 3766 tx_power_range, 2); 3767 } 3768 3769 rp->cap_len = cpu_to_le16(cap_len); 3770 3771 hci_dev_unlock(hdev); 3772 3773 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0, 3774 rp, sizeof(*rp) + cap_len); 3775 } 3776 3777 #ifdef CONFIG_BT_FEATURE_DEBUG 3778 /* d4992530-b9ec-469f-ab01-6c481c47da1c */ 3779 static const u8 debug_uuid[16] = { 3780 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab, 3781 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4, 3782 }; 3783 #endif 3784 3785 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 3786 static const u8 simult_central_periph_uuid[16] = { 3787 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 3788 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 3789 }; 3790 3791 /* 15c0a148-c273-11ea-b3de-0242ac130004 */ 3792 static const u8 rpa_resolution_uuid[16] = { 3793 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 3794 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 3795 }; 3796 3797 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 3798 void *data, u16 data_len) 3799 { 3800 char buf[62]; /* Enough space for 3 features */ 3801 struct mgmt_rp_read_exp_features_info *rp = (void *)buf; 3802 u16 idx = 0; 3803 u32 flags; 3804 3805 bt_dev_dbg(hdev, "sock %p", sk); 3806 3807 memset(&buf, 0, sizeof(buf)); 3808 3809 #ifdef CONFIG_BT_FEATURE_DEBUG 3810 if (!hdev) { 3811 flags = bt_dbg_get() ? BIT(0) : 0; 3812 3813 memcpy(rp->features[idx].uuid, debug_uuid, 16); 3814 rp->features[idx].flags = cpu_to_le32(flags); 3815 idx++; 3816 } 3817 #endif 3818 3819 if (hdev) { 3820 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) && 3821 (hdev->le_states[4] & 0x08) && /* Central */ 3822 (hdev->le_states[4] & 0x40) && /* Peripheral */ 3823 (hdev->le_states[3] & 0x10)) /* Simultaneous */ 3824 flags = BIT(0); 3825 else 3826 flags = 0; 3827 3828 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16); 3829 rp->features[idx].flags = cpu_to_le32(flags); 3830 idx++; 3831 } 3832 3833 if (hdev && use_ll_privacy(hdev)) { 3834 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 3835 flags = BIT(0) | BIT(1); 3836 else 3837 flags = BIT(1); 3838 3839 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 3840 rp->features[idx].flags = cpu_to_le32(flags); 3841 idx++; 3842 } 3843 3844 rp->feature_count = cpu_to_le16(idx); 3845 3846 /* After reading the experimental features information, enable 3847 * the events to update client on any future change. 3848 */ 3849 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 3850 3851 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 3852 MGMT_OP_READ_EXP_FEATURES_INFO, 3853 0, rp, sizeof(*rp) + (20 * idx)); 3854 } 3855 3856 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 3857 struct sock *skip) 3858 { 3859 struct mgmt_ev_exp_feature_changed ev; 3860 3861 memset(&ev, 0, sizeof(ev)); 3862 memcpy(ev.uuid, rpa_resolution_uuid, 16); 3863 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 3864 3865 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 3866 &ev, sizeof(ev), 3867 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 3868 3869 } 3870 3871 #ifdef CONFIG_BT_FEATURE_DEBUG 3872 static int exp_debug_feature_changed(bool enabled, struct sock *skip) 3873 { 3874 struct mgmt_ev_exp_feature_changed ev; 3875 3876 memset(&ev, 0, sizeof(ev)); 3877 memcpy(ev.uuid, debug_uuid, 16); 3878 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0); 3879 3880 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL, 3881 &ev, sizeof(ev), 3882 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 3883 } 3884 #endif 3885 3886 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev, 3887 void *data, u16 data_len) 3888 { 3889 struct mgmt_cp_set_exp_feature *cp = data; 3890 struct mgmt_rp_set_exp_feature rp; 3891 3892 bt_dev_dbg(hdev, "sock %p", sk); 3893 3894 if (!memcmp(cp->uuid, ZERO_KEY, 16)) { 3895 memset(rp.uuid, 0, 16); 3896 rp.flags = cpu_to_le32(0); 3897 3898 #ifdef CONFIG_BT_FEATURE_DEBUG 3899 if (!hdev) { 3900 bool changed = bt_dbg_get(); 3901 3902 bt_dbg_set(false); 3903 3904 if (changed) 3905 exp_debug_feature_changed(false, sk); 3906 } 3907 #endif 3908 3909 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 3910 bool changed = hci_dev_test_flag(hdev, 3911 HCI_ENABLE_LL_PRIVACY); 3912 3913 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY); 3914 3915 if (changed) 3916 exp_ll_privacy_feature_changed(false, hdev, sk); 3917 } 3918 3919 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 3920 3921 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 3922 MGMT_OP_SET_EXP_FEATURE, 0, 3923 &rp, sizeof(rp)); 3924 } 3925 3926 #ifdef CONFIG_BT_FEATURE_DEBUG 3927 if (!memcmp(cp->uuid, debug_uuid, 16)) { 3928 bool val, changed; 3929 int err; 3930 3931 /* Command requires to use the non-controller index */ 3932 if (hdev) 3933 return mgmt_cmd_status(sk, hdev->id, 3934 MGMT_OP_SET_EXP_FEATURE, 3935 MGMT_STATUS_INVALID_INDEX); 3936 3937 /* Parameters are limited to a single octet */ 3938 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 3939 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 3940 MGMT_OP_SET_EXP_FEATURE, 3941 MGMT_STATUS_INVALID_PARAMS); 3942 3943 /* Only boolean on/off is supported */ 3944 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 3945 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 3946 MGMT_OP_SET_EXP_FEATURE, 3947 MGMT_STATUS_INVALID_PARAMS); 3948 3949 val = !!cp->param[0]; 3950 changed = val ? !bt_dbg_get() : bt_dbg_get(); 3951 bt_dbg_set(val); 3952 3953 memcpy(rp.uuid, debug_uuid, 16); 3954 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 3955 3956 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 3957 3958 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 3959 MGMT_OP_SET_EXP_FEATURE, 0, 3960 &rp, sizeof(rp)); 3961 3962 if (changed) 3963 exp_debug_feature_changed(val, sk); 3964 3965 return err; 3966 } 3967 #endif 3968 3969 if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) { 3970 bool val, changed; 3971 int err; 3972 u32 flags; 3973 3974 /* Command requires to use the controller index */ 3975 if (!hdev) 3976 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 3977 MGMT_OP_SET_EXP_FEATURE, 3978 MGMT_STATUS_INVALID_INDEX); 3979 3980 /* Changes can only be made when controller is powered down */ 3981 if (hdev_is_powered(hdev)) 3982 return mgmt_cmd_status(sk, hdev->id, 3983 MGMT_OP_SET_EXP_FEATURE, 3984 MGMT_STATUS_NOT_POWERED); 3985 3986 /* Parameters are limited to a single octet */ 3987 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 3988 return mgmt_cmd_status(sk, hdev->id, 3989 MGMT_OP_SET_EXP_FEATURE, 3990 MGMT_STATUS_INVALID_PARAMS); 3991 3992 /* Only boolean on/off is supported */ 3993 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 3994 return mgmt_cmd_status(sk, hdev->id, 3995 MGMT_OP_SET_EXP_FEATURE, 3996 MGMT_STATUS_INVALID_PARAMS); 3997 3998 val = !!cp->param[0]; 3999 4000 if (val) { 4001 changed = !hci_dev_test_flag(hdev, 4002 HCI_ENABLE_LL_PRIVACY); 4003 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY); 4004 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4005 4006 /* Enable LL privacy + supported settings changed */ 4007 flags = BIT(0) | BIT(1); 4008 } else { 4009 changed = hci_dev_test_flag(hdev, 4010 HCI_ENABLE_LL_PRIVACY); 4011 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY); 4012 4013 /* Disable LL privacy + supported settings changed */ 4014 flags = BIT(1); 4015 } 4016 4017 memcpy(rp.uuid, rpa_resolution_uuid, 16); 4018 rp.flags = cpu_to_le32(flags); 4019 4020 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4021 4022 err = mgmt_cmd_complete(sk, hdev->id, 4023 MGMT_OP_SET_EXP_FEATURE, 0, 4024 &rp, sizeof(rp)); 4025 4026 if (changed) 4027 exp_ll_privacy_feature_changed(val, hdev, sk); 4028 4029 return err; 4030 } 4031 4032 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4033 MGMT_OP_SET_EXP_FEATURE, 4034 MGMT_STATUS_NOT_SUPPORTED); 4035 } 4036 4037 #define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1) 4038 4039 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 4040 u16 data_len) 4041 { 4042 struct mgmt_cp_get_device_flags *cp = data; 4043 struct mgmt_rp_get_device_flags rp; 4044 struct bdaddr_list_with_flags *br_params; 4045 struct hci_conn_params *params; 4046 u32 supported_flags = SUPPORTED_DEVICE_FLAGS(); 4047 u32 current_flags = 0; 4048 u8 status = MGMT_STATUS_INVALID_PARAMS; 4049 4050 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 4051 &cp->addr.bdaddr, cp->addr.type); 4052 4053 hci_dev_lock(hdev); 4054 4055 if (cp->addr.type == BDADDR_BREDR) { 4056 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, 4057 &cp->addr.bdaddr, 4058 cp->addr.type); 4059 if (!br_params) 4060 goto done; 4061 4062 current_flags = br_params->current_flags; 4063 } else { 4064 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 4065 le_addr_type(cp->addr.type)); 4066 4067 if (!params) 4068 goto done; 4069 4070 current_flags = params->current_flags; 4071 } 4072 4073 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4074 rp.addr.type = cp->addr.type; 4075 rp.supported_flags = cpu_to_le32(supported_flags); 4076 rp.current_flags = cpu_to_le32(current_flags); 4077 4078 status = MGMT_STATUS_SUCCESS; 4079 4080 done: 4081 hci_dev_unlock(hdev); 4082 4083 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 4084 &rp, sizeof(rp)); 4085 } 4086 4087 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 4088 bdaddr_t *bdaddr, u8 bdaddr_type, 4089 u32 supported_flags, u32 current_flags) 4090 { 4091 struct mgmt_ev_device_flags_changed ev; 4092 4093 bacpy(&ev.addr.bdaddr, bdaddr); 4094 ev.addr.type = bdaddr_type; 4095 ev.supported_flags = cpu_to_le32(supported_flags); 4096 ev.current_flags = cpu_to_le32(current_flags); 4097 4098 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 4099 } 4100 4101 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 4102 u16 len) 4103 { 4104 struct mgmt_cp_set_device_flags *cp = data; 4105 struct bdaddr_list_with_flags *br_params; 4106 struct hci_conn_params *params; 4107 u8 status = MGMT_STATUS_INVALID_PARAMS; 4108 u32 supported_flags = SUPPORTED_DEVICE_FLAGS(); 4109 u32 current_flags = __le32_to_cpu(cp->current_flags); 4110 4111 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 4112 &cp->addr.bdaddr, cp->addr.type, 4113 __le32_to_cpu(current_flags)); 4114 4115 if ((supported_flags | current_flags) != supported_flags) { 4116 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 4117 current_flags, supported_flags); 4118 goto done; 4119 } 4120 4121 hci_dev_lock(hdev); 4122 4123 if (cp->addr.type == BDADDR_BREDR) { 4124 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, 4125 &cp->addr.bdaddr, 4126 cp->addr.type); 4127 4128 if (br_params) { 4129 br_params->current_flags = current_flags; 4130 status = MGMT_STATUS_SUCCESS; 4131 } else { 4132 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 4133 &cp->addr.bdaddr, cp->addr.type); 4134 } 4135 } else { 4136 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 4137 le_addr_type(cp->addr.type)); 4138 if (params) { 4139 params->current_flags = current_flags; 4140 status = MGMT_STATUS_SUCCESS; 4141 } else { 4142 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 4143 &cp->addr.bdaddr, 4144 le_addr_type(cp->addr.type)); 4145 } 4146 } 4147 4148 done: 4149 hci_dev_unlock(hdev); 4150 4151 if (status == MGMT_STATUS_SUCCESS) 4152 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 4153 supported_flags, current_flags); 4154 4155 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 4156 &cp->addr, sizeof(cp->addr)); 4157 } 4158 4159 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 4160 u16 handle) 4161 { 4162 struct mgmt_ev_adv_monitor_added ev; 4163 4164 ev.monitor_handle = cpu_to_le16(handle); 4165 4166 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 4167 } 4168 4169 static void mgmt_adv_monitor_removed(struct sock *sk, struct hci_dev *hdev, 4170 u16 handle) 4171 { 4172 struct mgmt_ev_adv_monitor_added ev; 4173 4174 ev.monitor_handle = cpu_to_le16(handle); 4175 4176 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk); 4177 } 4178 4179 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 4180 void *data, u16 len) 4181 { 4182 struct adv_monitor *monitor = NULL; 4183 struct mgmt_rp_read_adv_monitor_features *rp = NULL; 4184 int handle, err; 4185 size_t rp_size = 0; 4186 __u32 supported = 0; 4187 __u16 num_handles = 0; 4188 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 4189 4190 BT_DBG("request for %s", hdev->name); 4191 4192 hci_dev_lock(hdev); 4193 4194 if (msft_get_features(hdev) & MSFT_FEATURE_MASK_LE_ADV_MONITOR) 4195 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 4196 4197 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) { 4198 handles[num_handles++] = monitor->handle; 4199 } 4200 4201 hci_dev_unlock(hdev); 4202 4203 rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 4204 rp = kmalloc(rp_size, GFP_KERNEL); 4205 if (!rp) 4206 return -ENOMEM; 4207 4208 /* Once controller-based monitoring is in place, the enabled_features 4209 * should reflect the use. 4210 */ 4211 rp->supported_features = cpu_to_le32(supported); 4212 rp->enabled_features = 0; 4213 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 4214 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 4215 rp->num_handles = cpu_to_le16(num_handles); 4216 if (num_handles) 4217 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 4218 4219 err = mgmt_cmd_complete(sk, hdev->id, 4220 MGMT_OP_READ_ADV_MONITOR_FEATURES, 4221 MGMT_STATUS_SUCCESS, rp, rp_size); 4222 4223 kfree(rp); 4224 4225 return err; 4226 } 4227 4228 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 4229 void *data, u16 len) 4230 { 4231 struct mgmt_cp_add_adv_patterns_monitor *cp = data; 4232 struct mgmt_rp_add_adv_patterns_monitor rp; 4233 struct adv_monitor *m = NULL; 4234 struct adv_pattern *p = NULL; 4235 unsigned int mp_cnt = 0, prev_adv_monitors_cnt; 4236 __u8 cp_ofst = 0, cp_len = 0; 4237 int err, i; 4238 4239 BT_DBG("request for %s", hdev->name); 4240 4241 if (len <= sizeof(*cp) || cp->pattern_count == 0) { 4242 err = mgmt_cmd_status(sk, hdev->id, 4243 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4244 MGMT_STATUS_INVALID_PARAMS); 4245 goto failed; 4246 } 4247 4248 m = kmalloc(sizeof(*m), GFP_KERNEL); 4249 if (!m) { 4250 err = -ENOMEM; 4251 goto failed; 4252 } 4253 4254 INIT_LIST_HEAD(&m->patterns); 4255 m->active = false; 4256 4257 for (i = 0; i < cp->pattern_count; i++) { 4258 if (++mp_cnt > HCI_MAX_ADV_MONITOR_NUM_PATTERNS) { 4259 err = mgmt_cmd_status(sk, hdev->id, 4260 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4261 MGMT_STATUS_INVALID_PARAMS); 4262 goto failed; 4263 } 4264 4265 cp_ofst = cp->patterns[i].offset; 4266 cp_len = cp->patterns[i].length; 4267 if (cp_ofst >= HCI_MAX_AD_LENGTH || 4268 cp_len > HCI_MAX_AD_LENGTH || 4269 (cp_ofst + cp_len) > HCI_MAX_AD_LENGTH) { 4270 err = mgmt_cmd_status(sk, hdev->id, 4271 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4272 MGMT_STATUS_INVALID_PARAMS); 4273 goto failed; 4274 } 4275 4276 p = kmalloc(sizeof(*p), GFP_KERNEL); 4277 if (!p) { 4278 err = -ENOMEM; 4279 goto failed; 4280 } 4281 4282 p->ad_type = cp->patterns[i].ad_type; 4283 p->offset = cp->patterns[i].offset; 4284 p->length = cp->patterns[i].length; 4285 memcpy(p->value, cp->patterns[i].value, p->length); 4286 4287 INIT_LIST_HEAD(&p->list); 4288 list_add(&p->list, &m->patterns); 4289 } 4290 4291 if (mp_cnt != cp->pattern_count) { 4292 err = mgmt_cmd_status(sk, hdev->id, 4293 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4294 MGMT_STATUS_INVALID_PARAMS); 4295 goto failed; 4296 } 4297 4298 hci_dev_lock(hdev); 4299 4300 prev_adv_monitors_cnt = hdev->adv_monitors_cnt; 4301 4302 err = hci_add_adv_monitor(hdev, m); 4303 if (err) { 4304 if (err == -ENOSPC) { 4305 mgmt_cmd_status(sk, hdev->id, 4306 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4307 MGMT_STATUS_NO_RESOURCES); 4308 } 4309 goto unlock; 4310 } 4311 4312 if (hdev->adv_monitors_cnt > prev_adv_monitors_cnt) 4313 mgmt_adv_monitor_added(sk, hdev, m->handle); 4314 4315 hci_dev_unlock(hdev); 4316 4317 rp.monitor_handle = cpu_to_le16(m->handle); 4318 4319 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4320 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4321 4322 unlock: 4323 hci_dev_unlock(hdev); 4324 4325 failed: 4326 hci_free_adv_monitor(m); 4327 return err; 4328 } 4329 4330 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 4331 void *data, u16 len) 4332 { 4333 struct mgmt_cp_remove_adv_monitor *cp = data; 4334 struct mgmt_rp_remove_adv_monitor rp; 4335 unsigned int prev_adv_monitors_cnt; 4336 u16 handle; 4337 int err; 4338 4339 BT_DBG("request for %s", hdev->name); 4340 4341 hci_dev_lock(hdev); 4342 4343 handle = __le16_to_cpu(cp->monitor_handle); 4344 prev_adv_monitors_cnt = hdev->adv_monitors_cnt; 4345 4346 err = hci_remove_adv_monitor(hdev, handle); 4347 if (err == -ENOENT) { 4348 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 4349 MGMT_STATUS_INVALID_INDEX); 4350 goto unlock; 4351 } 4352 4353 if (hdev->adv_monitors_cnt < prev_adv_monitors_cnt) 4354 mgmt_adv_monitor_removed(sk, hdev, handle); 4355 4356 hci_dev_unlock(hdev); 4357 4358 rp.monitor_handle = cp->monitor_handle; 4359 4360 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 4361 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4362 4363 unlock: 4364 hci_dev_unlock(hdev); 4365 return err; 4366 } 4367 4368 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 4369 u16 opcode, struct sk_buff *skb) 4370 { 4371 struct mgmt_rp_read_local_oob_data mgmt_rp; 4372 size_t rp_size = sizeof(mgmt_rp); 4373 struct mgmt_pending_cmd *cmd; 4374 4375 bt_dev_dbg(hdev, "status %u", status); 4376 4377 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 4378 if (!cmd) 4379 return; 4380 4381 if (status || !skb) { 4382 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 4383 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 4384 goto remove; 4385 } 4386 4387 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 4388 4389 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 4390 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 4391 4392 if (skb->len < sizeof(*rp)) { 4393 mgmt_cmd_status(cmd->sk, hdev->id, 4394 MGMT_OP_READ_LOCAL_OOB_DATA, 4395 MGMT_STATUS_FAILED); 4396 goto remove; 4397 } 4398 4399 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 4400 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 4401 4402 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 4403 } else { 4404 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 4405 4406 if (skb->len < sizeof(*rp)) { 4407 mgmt_cmd_status(cmd->sk, hdev->id, 4408 MGMT_OP_READ_LOCAL_OOB_DATA, 4409 MGMT_STATUS_FAILED); 4410 goto remove; 4411 } 4412 4413 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 4414 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 4415 4416 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 4417 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 4418 } 4419 4420 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 4421 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 4422 4423 remove: 4424 mgmt_pending_remove(cmd); 4425 } 4426 4427 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 4428 void *data, u16 data_len) 4429 { 4430 struct mgmt_pending_cmd *cmd; 4431 struct hci_request req; 4432 int err; 4433 4434 bt_dev_dbg(hdev, "sock %p", sk); 4435 4436 hci_dev_lock(hdev); 4437 4438 if (!hdev_is_powered(hdev)) { 4439 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 4440 MGMT_STATUS_NOT_POWERED); 4441 goto unlock; 4442 } 4443 4444 if (!lmp_ssp_capable(hdev)) { 4445 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 4446 MGMT_STATUS_NOT_SUPPORTED); 4447 goto unlock; 4448 } 4449 4450 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 4451 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 4452 MGMT_STATUS_BUSY); 4453 goto unlock; 4454 } 4455 4456 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 4457 if (!cmd) { 4458 err = -ENOMEM; 4459 goto unlock; 4460 } 4461 4462 hci_req_init(&req, hdev); 4463 4464 if (bredr_sc_enabled(hdev)) 4465 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 4466 else 4467 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 4468 4469 err = hci_req_run_skb(&req, read_local_oob_data_complete); 4470 if (err < 0) 4471 mgmt_pending_remove(cmd); 4472 4473 unlock: 4474 hci_dev_unlock(hdev); 4475 return err; 4476 } 4477 4478 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 4479 void *data, u16 len) 4480 { 4481 struct mgmt_addr_info *addr = data; 4482 int err; 4483 4484 bt_dev_dbg(hdev, "sock %p", sk); 4485 4486 if (!bdaddr_type_is_valid(addr->type)) 4487 return mgmt_cmd_complete(sk, hdev->id, 4488 MGMT_OP_ADD_REMOTE_OOB_DATA, 4489 MGMT_STATUS_INVALID_PARAMS, 4490 addr, sizeof(*addr)); 4491 4492 hci_dev_lock(hdev); 4493 4494 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 4495 struct mgmt_cp_add_remote_oob_data *cp = data; 4496 u8 status; 4497 4498 if (cp->addr.type != BDADDR_BREDR) { 4499 err = mgmt_cmd_complete(sk, hdev->id, 4500 MGMT_OP_ADD_REMOTE_OOB_DATA, 4501 MGMT_STATUS_INVALID_PARAMS, 4502 &cp->addr, sizeof(cp->addr)); 4503 goto unlock; 4504 } 4505 4506 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 4507 cp->addr.type, cp->hash, 4508 cp->rand, NULL, NULL); 4509 if (err < 0) 4510 status = MGMT_STATUS_FAILED; 4511 else 4512 status = MGMT_STATUS_SUCCESS; 4513 4514 err = mgmt_cmd_complete(sk, hdev->id, 4515 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 4516 &cp->addr, sizeof(cp->addr)); 4517 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 4518 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 4519 u8 *rand192, *hash192, *rand256, *hash256; 4520 u8 status; 4521 4522 if (bdaddr_type_is_le(cp->addr.type)) { 4523 /* Enforce zero-valued 192-bit parameters as 4524 * long as legacy SMP OOB isn't implemented. 4525 */ 4526 if (memcmp(cp->rand192, ZERO_KEY, 16) || 4527 memcmp(cp->hash192, ZERO_KEY, 16)) { 4528 err = mgmt_cmd_complete(sk, hdev->id, 4529 MGMT_OP_ADD_REMOTE_OOB_DATA, 4530 MGMT_STATUS_INVALID_PARAMS, 4531 addr, sizeof(*addr)); 4532 goto unlock; 4533 } 4534 4535 rand192 = NULL; 4536 hash192 = NULL; 4537 } else { 4538 /* In case one of the P-192 values is set to zero, 4539 * then just disable OOB data for P-192. 4540 */ 4541 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 4542 !memcmp(cp->hash192, ZERO_KEY, 16)) { 4543 rand192 = NULL; 4544 hash192 = NULL; 4545 } else { 4546 rand192 = cp->rand192; 4547 hash192 = cp->hash192; 4548 } 4549 } 4550 4551 /* In case one of the P-256 values is set to zero, then just 4552 * disable OOB data for P-256. 4553 */ 4554 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 4555 !memcmp(cp->hash256, ZERO_KEY, 16)) { 4556 rand256 = NULL; 4557 hash256 = NULL; 4558 } else { 4559 rand256 = cp->rand256; 4560 hash256 = cp->hash256; 4561 } 4562 4563 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 4564 cp->addr.type, hash192, rand192, 4565 hash256, rand256); 4566 if (err < 0) 4567 status = MGMT_STATUS_FAILED; 4568 else 4569 status = MGMT_STATUS_SUCCESS; 4570 4571 err = mgmt_cmd_complete(sk, hdev->id, 4572 MGMT_OP_ADD_REMOTE_OOB_DATA, 4573 status, &cp->addr, sizeof(cp->addr)); 4574 } else { 4575 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 4576 len); 4577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 4578 MGMT_STATUS_INVALID_PARAMS); 4579 } 4580 4581 unlock: 4582 hci_dev_unlock(hdev); 4583 return err; 4584 } 4585 4586 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 4587 void *data, u16 len) 4588 { 4589 struct mgmt_cp_remove_remote_oob_data *cp = data; 4590 u8 status; 4591 int err; 4592 4593 bt_dev_dbg(hdev, "sock %p", sk); 4594 4595 if (cp->addr.type != BDADDR_BREDR) 4596 return mgmt_cmd_complete(sk, hdev->id, 4597 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 4598 MGMT_STATUS_INVALID_PARAMS, 4599 &cp->addr, sizeof(cp->addr)); 4600 4601 hci_dev_lock(hdev); 4602 4603 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 4604 hci_remote_oob_data_clear(hdev); 4605 status = MGMT_STATUS_SUCCESS; 4606 goto done; 4607 } 4608 4609 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 4610 if (err < 0) 4611 status = MGMT_STATUS_INVALID_PARAMS; 4612 else 4613 status = MGMT_STATUS_SUCCESS; 4614 4615 done: 4616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 4617 status, &cp->addr, sizeof(cp->addr)); 4618 4619 hci_dev_unlock(hdev); 4620 return err; 4621 } 4622 4623 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 4624 { 4625 struct mgmt_pending_cmd *cmd; 4626 4627 bt_dev_dbg(hdev, "status %d", status); 4628 4629 hci_dev_lock(hdev); 4630 4631 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 4632 if (!cmd) 4633 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 4634 4635 if (!cmd) 4636 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 4637 4638 if (cmd) { 4639 cmd->cmd_complete(cmd, mgmt_status(status)); 4640 mgmt_pending_remove(cmd); 4641 } 4642 4643 hci_dev_unlock(hdev); 4644 4645 /* Handle suspend notifier */ 4646 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY, 4647 hdev->suspend_tasks)) { 4648 bt_dev_dbg(hdev, "Unpaused discovery"); 4649 wake_up(&hdev->suspend_wait_q); 4650 } 4651 } 4652 4653 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 4654 uint8_t *mgmt_status) 4655 { 4656 switch (type) { 4657 case DISCOV_TYPE_LE: 4658 *mgmt_status = mgmt_le_support(hdev); 4659 if (*mgmt_status) 4660 return false; 4661 break; 4662 case DISCOV_TYPE_INTERLEAVED: 4663 *mgmt_status = mgmt_le_support(hdev); 4664 if (*mgmt_status) 4665 return false; 4666 fallthrough; 4667 case DISCOV_TYPE_BREDR: 4668 *mgmt_status = mgmt_bredr_support(hdev); 4669 if (*mgmt_status) 4670 return false; 4671 break; 4672 default: 4673 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 4674 return false; 4675 } 4676 4677 return true; 4678 } 4679 4680 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 4681 u16 op, void *data, u16 len) 4682 { 4683 struct mgmt_cp_start_discovery *cp = data; 4684 struct mgmt_pending_cmd *cmd; 4685 u8 status; 4686 int err; 4687 4688 bt_dev_dbg(hdev, "sock %p", sk); 4689 4690 hci_dev_lock(hdev); 4691 4692 if (!hdev_is_powered(hdev)) { 4693 err = mgmt_cmd_complete(sk, hdev->id, op, 4694 MGMT_STATUS_NOT_POWERED, 4695 &cp->type, sizeof(cp->type)); 4696 goto failed; 4697 } 4698 4699 if (hdev->discovery.state != DISCOVERY_STOPPED || 4700 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 4701 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 4702 &cp->type, sizeof(cp->type)); 4703 goto failed; 4704 } 4705 4706 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 4707 err = mgmt_cmd_complete(sk, hdev->id, op, status, 4708 &cp->type, sizeof(cp->type)); 4709 goto failed; 4710 } 4711 4712 /* Can't start discovery when it is paused */ 4713 if (hdev->discovery_paused) { 4714 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 4715 &cp->type, sizeof(cp->type)); 4716 goto failed; 4717 } 4718 4719 /* Clear the discovery filter first to free any previously 4720 * allocated memory for the UUID list. 4721 */ 4722 hci_discovery_filter_clear(hdev); 4723 4724 hdev->discovery.type = cp->type; 4725 hdev->discovery.report_invalid_rssi = false; 4726 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 4727 hdev->discovery.limited = true; 4728 else 4729 hdev->discovery.limited = false; 4730 4731 cmd = mgmt_pending_add(sk, op, hdev, data, len); 4732 if (!cmd) { 4733 err = -ENOMEM; 4734 goto failed; 4735 } 4736 4737 cmd->cmd_complete = generic_cmd_complete; 4738 4739 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4740 queue_work(hdev->req_workqueue, &hdev->discov_update); 4741 err = 0; 4742 4743 failed: 4744 hci_dev_unlock(hdev); 4745 return err; 4746 } 4747 4748 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 4749 void *data, u16 len) 4750 { 4751 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 4752 data, len); 4753 } 4754 4755 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 4756 void *data, u16 len) 4757 { 4758 return start_discovery_internal(sk, hdev, 4759 MGMT_OP_START_LIMITED_DISCOVERY, 4760 data, len); 4761 } 4762 4763 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 4764 u8 status) 4765 { 4766 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 4767 cmd->param, 1); 4768 } 4769 4770 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 4771 void *data, u16 len) 4772 { 4773 struct mgmt_cp_start_service_discovery *cp = data; 4774 struct mgmt_pending_cmd *cmd; 4775 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 4776 u16 uuid_count, expected_len; 4777 u8 status; 4778 int err; 4779 4780 bt_dev_dbg(hdev, "sock %p", sk); 4781 4782 hci_dev_lock(hdev); 4783 4784 if (!hdev_is_powered(hdev)) { 4785 err = mgmt_cmd_complete(sk, hdev->id, 4786 MGMT_OP_START_SERVICE_DISCOVERY, 4787 MGMT_STATUS_NOT_POWERED, 4788 &cp->type, sizeof(cp->type)); 4789 goto failed; 4790 } 4791 4792 if (hdev->discovery.state != DISCOVERY_STOPPED || 4793 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 4794 err = mgmt_cmd_complete(sk, hdev->id, 4795 MGMT_OP_START_SERVICE_DISCOVERY, 4796 MGMT_STATUS_BUSY, &cp->type, 4797 sizeof(cp->type)); 4798 goto failed; 4799 } 4800 4801 uuid_count = __le16_to_cpu(cp->uuid_count); 4802 if (uuid_count > max_uuid_count) { 4803 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 4804 uuid_count); 4805 err = mgmt_cmd_complete(sk, hdev->id, 4806 MGMT_OP_START_SERVICE_DISCOVERY, 4807 MGMT_STATUS_INVALID_PARAMS, &cp->type, 4808 sizeof(cp->type)); 4809 goto failed; 4810 } 4811 4812 expected_len = sizeof(*cp) + uuid_count * 16; 4813 if (expected_len != len) { 4814 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 4815 expected_len, len); 4816 err = mgmt_cmd_complete(sk, hdev->id, 4817 MGMT_OP_START_SERVICE_DISCOVERY, 4818 MGMT_STATUS_INVALID_PARAMS, &cp->type, 4819 sizeof(cp->type)); 4820 goto failed; 4821 } 4822 4823 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 4824 err = mgmt_cmd_complete(sk, hdev->id, 4825 MGMT_OP_START_SERVICE_DISCOVERY, 4826 status, &cp->type, sizeof(cp->type)); 4827 goto failed; 4828 } 4829 4830 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 4831 hdev, data, len); 4832 if (!cmd) { 4833 err = -ENOMEM; 4834 goto failed; 4835 } 4836 4837 cmd->cmd_complete = service_discovery_cmd_complete; 4838 4839 /* Clear the discovery filter first to free any previously 4840 * allocated memory for the UUID list. 4841 */ 4842 hci_discovery_filter_clear(hdev); 4843 4844 hdev->discovery.result_filtering = true; 4845 hdev->discovery.type = cp->type; 4846 hdev->discovery.rssi = cp->rssi; 4847 hdev->discovery.uuid_count = uuid_count; 4848 4849 if (uuid_count > 0) { 4850 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 4851 GFP_KERNEL); 4852 if (!hdev->discovery.uuids) { 4853 err = mgmt_cmd_complete(sk, hdev->id, 4854 MGMT_OP_START_SERVICE_DISCOVERY, 4855 MGMT_STATUS_FAILED, 4856 &cp->type, sizeof(cp->type)); 4857 mgmt_pending_remove(cmd); 4858 goto failed; 4859 } 4860 } 4861 4862 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4863 queue_work(hdev->req_workqueue, &hdev->discov_update); 4864 err = 0; 4865 4866 failed: 4867 hci_dev_unlock(hdev); 4868 return err; 4869 } 4870 4871 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 4872 { 4873 struct mgmt_pending_cmd *cmd; 4874 4875 bt_dev_dbg(hdev, "status %d", status); 4876 4877 hci_dev_lock(hdev); 4878 4879 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 4880 if (cmd) { 4881 cmd->cmd_complete(cmd, mgmt_status(status)); 4882 mgmt_pending_remove(cmd); 4883 } 4884 4885 hci_dev_unlock(hdev); 4886 4887 /* Handle suspend notifier */ 4888 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) { 4889 bt_dev_dbg(hdev, "Paused discovery"); 4890 wake_up(&hdev->suspend_wait_q); 4891 } 4892 } 4893 4894 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 4895 u16 len) 4896 { 4897 struct mgmt_cp_stop_discovery *mgmt_cp = data; 4898 struct mgmt_pending_cmd *cmd; 4899 int err; 4900 4901 bt_dev_dbg(hdev, "sock %p", sk); 4902 4903 hci_dev_lock(hdev); 4904 4905 if (!hci_discovery_active(hdev)) { 4906 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4907 MGMT_STATUS_REJECTED, &mgmt_cp->type, 4908 sizeof(mgmt_cp->type)); 4909 goto unlock; 4910 } 4911 4912 if (hdev->discovery.type != mgmt_cp->type) { 4913 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4914 MGMT_STATUS_INVALID_PARAMS, 4915 &mgmt_cp->type, sizeof(mgmt_cp->type)); 4916 goto unlock; 4917 } 4918 4919 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 4920 if (!cmd) { 4921 err = -ENOMEM; 4922 goto unlock; 4923 } 4924 4925 cmd->cmd_complete = generic_cmd_complete; 4926 4927 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 4928 queue_work(hdev->req_workqueue, &hdev->discov_update); 4929 err = 0; 4930 4931 unlock: 4932 hci_dev_unlock(hdev); 4933 return err; 4934 } 4935 4936 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 4937 u16 len) 4938 { 4939 struct mgmt_cp_confirm_name *cp = data; 4940 struct inquiry_entry *e; 4941 int err; 4942 4943 bt_dev_dbg(hdev, "sock %p", sk); 4944 4945 hci_dev_lock(hdev); 4946 4947 if (!hci_discovery_active(hdev)) { 4948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4949 MGMT_STATUS_FAILED, &cp->addr, 4950 sizeof(cp->addr)); 4951 goto failed; 4952 } 4953 4954 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 4955 if (!e) { 4956 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4957 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 4958 sizeof(cp->addr)); 4959 goto failed; 4960 } 4961 4962 if (cp->name_known) { 4963 e->name_state = NAME_KNOWN; 4964 list_del(&e->list); 4965 } else { 4966 e->name_state = NAME_NEEDED; 4967 hci_inquiry_cache_update_resolve(hdev, e); 4968 } 4969 4970 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 4971 &cp->addr, sizeof(cp->addr)); 4972 4973 failed: 4974 hci_dev_unlock(hdev); 4975 return err; 4976 } 4977 4978 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 4979 u16 len) 4980 { 4981 struct mgmt_cp_block_device *cp = data; 4982 u8 status; 4983 int err; 4984 4985 bt_dev_dbg(hdev, "sock %p", sk); 4986 4987 if (!bdaddr_type_is_valid(cp->addr.type)) 4988 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 4989 MGMT_STATUS_INVALID_PARAMS, 4990 &cp->addr, sizeof(cp->addr)); 4991 4992 hci_dev_lock(hdev); 4993 4994 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 4995 cp->addr.type); 4996 if (err < 0) { 4997 status = MGMT_STATUS_FAILED; 4998 goto done; 4999 } 5000 5001 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 5002 sk); 5003 status = MGMT_STATUS_SUCCESS; 5004 5005 done: 5006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 5007 &cp->addr, sizeof(cp->addr)); 5008 5009 hci_dev_unlock(hdev); 5010 5011 return err; 5012 } 5013 5014 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 5015 u16 len) 5016 { 5017 struct mgmt_cp_unblock_device *cp = data; 5018 u8 status; 5019 int err; 5020 5021 bt_dev_dbg(hdev, "sock %p", sk); 5022 5023 if (!bdaddr_type_is_valid(cp->addr.type)) 5024 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 5025 MGMT_STATUS_INVALID_PARAMS, 5026 &cp->addr, sizeof(cp->addr)); 5027 5028 hci_dev_lock(hdev); 5029 5030 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 5031 cp->addr.type); 5032 if (err < 0) { 5033 status = MGMT_STATUS_INVALID_PARAMS; 5034 goto done; 5035 } 5036 5037 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 5038 sk); 5039 status = MGMT_STATUS_SUCCESS; 5040 5041 done: 5042 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 5043 &cp->addr, sizeof(cp->addr)); 5044 5045 hci_dev_unlock(hdev); 5046 5047 return err; 5048 } 5049 5050 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 5051 u16 len) 5052 { 5053 struct mgmt_cp_set_device_id *cp = data; 5054 struct hci_request req; 5055 int err; 5056 __u16 source; 5057 5058 bt_dev_dbg(hdev, "sock %p", sk); 5059 5060 source = __le16_to_cpu(cp->source); 5061 5062 if (source > 0x0002) 5063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 5064 MGMT_STATUS_INVALID_PARAMS); 5065 5066 hci_dev_lock(hdev); 5067 5068 hdev->devid_source = source; 5069 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 5070 hdev->devid_product = __le16_to_cpu(cp->product); 5071 hdev->devid_version = __le16_to_cpu(cp->version); 5072 5073 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 5074 NULL, 0); 5075 5076 hci_req_init(&req, hdev); 5077 __hci_req_update_eir(&req); 5078 hci_req_run(&req, NULL); 5079 5080 hci_dev_unlock(hdev); 5081 5082 return err; 5083 } 5084 5085 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 5086 u16 opcode) 5087 { 5088 bt_dev_dbg(hdev, "status %d", status); 5089 } 5090 5091 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 5092 u16 opcode) 5093 { 5094 struct cmd_lookup match = { NULL, hdev }; 5095 struct hci_request req; 5096 u8 instance; 5097 struct adv_info *adv_instance; 5098 int err; 5099 5100 hci_dev_lock(hdev); 5101 5102 if (status) { 5103 u8 mgmt_err = mgmt_status(status); 5104 5105 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 5106 cmd_status_rsp, &mgmt_err); 5107 goto unlock; 5108 } 5109 5110 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 5111 hci_dev_set_flag(hdev, HCI_ADVERTISING); 5112 else 5113 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 5114 5115 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 5116 &match); 5117 5118 new_settings(hdev, match.sk); 5119 5120 if (match.sk) 5121 sock_put(match.sk); 5122 5123 /* Handle suspend notifier */ 5124 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING, 5125 hdev->suspend_tasks)) { 5126 bt_dev_dbg(hdev, "Paused advertising"); 5127 wake_up(&hdev->suspend_wait_q); 5128 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING, 5129 hdev->suspend_tasks)) { 5130 bt_dev_dbg(hdev, "Unpaused advertising"); 5131 wake_up(&hdev->suspend_wait_q); 5132 } 5133 5134 /* If "Set Advertising" was just disabled and instance advertising was 5135 * set up earlier, then re-enable multi-instance advertising. 5136 */ 5137 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 5138 list_empty(&hdev->adv_instances)) 5139 goto unlock; 5140 5141 instance = hdev->cur_adv_instance; 5142 if (!instance) { 5143 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 5144 struct adv_info, list); 5145 if (!adv_instance) 5146 goto unlock; 5147 5148 instance = adv_instance->instance; 5149 } 5150 5151 hci_req_init(&req, hdev); 5152 5153 err = __hci_req_schedule_adv_instance(&req, instance, true); 5154 5155 if (!err) 5156 err = hci_req_run(&req, enable_advertising_instance); 5157 5158 if (err) 5159 bt_dev_err(hdev, "failed to re-configure advertising"); 5160 5161 unlock: 5162 hci_dev_unlock(hdev); 5163 } 5164 5165 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 5166 u16 len) 5167 { 5168 struct mgmt_mode *cp = data; 5169 struct mgmt_pending_cmd *cmd; 5170 struct hci_request req; 5171 u8 val, status; 5172 int err; 5173 5174 bt_dev_dbg(hdev, "sock %p", sk); 5175 5176 status = mgmt_le_support(hdev); 5177 if (status) 5178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5179 status); 5180 5181 /* Enabling the experimental LL Privay support disables support for 5182 * advertising. 5183 */ 5184 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 5185 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5186 MGMT_STATUS_NOT_SUPPORTED); 5187 5188 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 5189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5190 MGMT_STATUS_INVALID_PARAMS); 5191 5192 if (hdev->advertising_paused) 5193 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5194 MGMT_STATUS_BUSY); 5195 5196 hci_dev_lock(hdev); 5197 5198 val = !!cp->val; 5199 5200 /* The following conditions are ones which mean that we should 5201 * not do any HCI communication but directly send a mgmt 5202 * response to user space (after toggling the flag if 5203 * necessary). 5204 */ 5205 if (!hdev_is_powered(hdev) || 5206 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 5207 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 5208 hci_conn_num(hdev, LE_LINK) > 0 || 5209 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 5210 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 5211 bool changed; 5212 5213 if (cp->val) { 5214 hdev->cur_adv_instance = 0x00; 5215 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 5216 if (cp->val == 0x02) 5217 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5218 else 5219 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5220 } else { 5221 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 5222 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5223 } 5224 5225 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 5226 if (err < 0) 5227 goto unlock; 5228 5229 if (changed) 5230 err = new_settings(hdev, sk); 5231 5232 goto unlock; 5233 } 5234 5235 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 5236 pending_find(MGMT_OP_SET_LE, hdev)) { 5237 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5238 MGMT_STATUS_BUSY); 5239 goto unlock; 5240 } 5241 5242 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 5243 if (!cmd) { 5244 err = -ENOMEM; 5245 goto unlock; 5246 } 5247 5248 hci_req_init(&req, hdev); 5249 5250 if (cp->val == 0x02) 5251 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5252 else 5253 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5254 5255 cancel_adv_timeout(hdev); 5256 5257 if (val) { 5258 /* Switch to instance "0" for the Set Advertising setting. 5259 * We cannot use update_[adv|scan_rsp]_data() here as the 5260 * HCI_ADVERTISING flag is not yet set. 5261 */ 5262 hdev->cur_adv_instance = 0x00; 5263 5264 if (ext_adv_capable(hdev)) { 5265 __hci_req_start_ext_adv(&req, 0x00); 5266 } else { 5267 __hci_req_update_adv_data(&req, 0x00); 5268 __hci_req_update_scan_rsp_data(&req, 0x00); 5269 __hci_req_enable_advertising(&req); 5270 } 5271 } else { 5272 __hci_req_disable_advertising(&req); 5273 } 5274 5275 err = hci_req_run(&req, set_advertising_complete); 5276 if (err < 0) 5277 mgmt_pending_remove(cmd); 5278 5279 unlock: 5280 hci_dev_unlock(hdev); 5281 return err; 5282 } 5283 5284 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 5285 void *data, u16 len) 5286 { 5287 struct mgmt_cp_set_static_address *cp = data; 5288 int err; 5289 5290 bt_dev_dbg(hdev, "sock %p", sk); 5291 5292 if (!lmp_le_capable(hdev)) 5293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 5294 MGMT_STATUS_NOT_SUPPORTED); 5295 5296 if (hdev_is_powered(hdev)) 5297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 5298 MGMT_STATUS_REJECTED); 5299 5300 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 5301 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 5302 return mgmt_cmd_status(sk, hdev->id, 5303 MGMT_OP_SET_STATIC_ADDRESS, 5304 MGMT_STATUS_INVALID_PARAMS); 5305 5306 /* Two most significant bits shall be set */ 5307 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 5308 return mgmt_cmd_status(sk, hdev->id, 5309 MGMT_OP_SET_STATIC_ADDRESS, 5310 MGMT_STATUS_INVALID_PARAMS); 5311 } 5312 5313 hci_dev_lock(hdev); 5314 5315 bacpy(&hdev->static_addr, &cp->bdaddr); 5316 5317 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 5318 if (err < 0) 5319 goto unlock; 5320 5321 err = new_settings(hdev, sk); 5322 5323 unlock: 5324 hci_dev_unlock(hdev); 5325 return err; 5326 } 5327 5328 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 5329 void *data, u16 len) 5330 { 5331 struct mgmt_cp_set_scan_params *cp = data; 5332 __u16 interval, window; 5333 int err; 5334 5335 bt_dev_dbg(hdev, "sock %p", sk); 5336 5337 if (!lmp_le_capable(hdev)) 5338 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5339 MGMT_STATUS_NOT_SUPPORTED); 5340 5341 interval = __le16_to_cpu(cp->interval); 5342 5343 if (interval < 0x0004 || interval > 0x4000) 5344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5345 MGMT_STATUS_INVALID_PARAMS); 5346 5347 window = __le16_to_cpu(cp->window); 5348 5349 if (window < 0x0004 || window > 0x4000) 5350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5351 MGMT_STATUS_INVALID_PARAMS); 5352 5353 if (window > interval) 5354 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5355 MGMT_STATUS_INVALID_PARAMS); 5356 5357 hci_dev_lock(hdev); 5358 5359 hdev->le_scan_interval = interval; 5360 hdev->le_scan_window = window; 5361 5362 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 5363 NULL, 0); 5364 5365 /* If background scan is running, restart it so new parameters are 5366 * loaded. 5367 */ 5368 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 5369 hdev->discovery.state == DISCOVERY_STOPPED) { 5370 struct hci_request req; 5371 5372 hci_req_init(&req, hdev); 5373 5374 hci_req_add_le_scan_disable(&req, false); 5375 hci_req_add_le_passive_scan(&req); 5376 5377 hci_req_run(&req, NULL); 5378 } 5379 5380 hci_dev_unlock(hdev); 5381 5382 return err; 5383 } 5384 5385 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 5386 u16 opcode) 5387 { 5388 struct mgmt_pending_cmd *cmd; 5389 5390 bt_dev_dbg(hdev, "status 0x%02x", status); 5391 5392 hci_dev_lock(hdev); 5393 5394 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 5395 if (!cmd) 5396 goto unlock; 5397 5398 if (status) { 5399 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 5400 mgmt_status(status)); 5401 } else { 5402 struct mgmt_mode *cp = cmd->param; 5403 5404 if (cp->val) 5405 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 5406 else 5407 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 5408 5409 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 5410 new_settings(hdev, cmd->sk); 5411 } 5412 5413 mgmt_pending_remove(cmd); 5414 5415 unlock: 5416 hci_dev_unlock(hdev); 5417 } 5418 5419 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 5420 void *data, u16 len) 5421 { 5422 struct mgmt_mode *cp = data; 5423 struct mgmt_pending_cmd *cmd; 5424 struct hci_request req; 5425 int err; 5426 5427 bt_dev_dbg(hdev, "sock %p", sk); 5428 5429 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 5430 hdev->hci_ver < BLUETOOTH_VER_1_2) 5431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 5432 MGMT_STATUS_NOT_SUPPORTED); 5433 5434 if (cp->val != 0x00 && cp->val != 0x01) 5435 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 5436 MGMT_STATUS_INVALID_PARAMS); 5437 5438 hci_dev_lock(hdev); 5439 5440 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 5441 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 5442 MGMT_STATUS_BUSY); 5443 goto unlock; 5444 } 5445 5446 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 5447 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 5448 hdev); 5449 goto unlock; 5450 } 5451 5452 if (!hdev_is_powered(hdev)) { 5453 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 5454 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 5455 hdev); 5456 new_settings(hdev, sk); 5457 goto unlock; 5458 } 5459 5460 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 5461 data, len); 5462 if (!cmd) { 5463 err = -ENOMEM; 5464 goto unlock; 5465 } 5466 5467 hci_req_init(&req, hdev); 5468 5469 __hci_req_write_fast_connectable(&req, cp->val); 5470 5471 err = hci_req_run(&req, fast_connectable_complete); 5472 if (err < 0) { 5473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 5474 MGMT_STATUS_FAILED); 5475 mgmt_pending_remove(cmd); 5476 } 5477 5478 unlock: 5479 hci_dev_unlock(hdev); 5480 5481 return err; 5482 } 5483 5484 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5485 { 5486 struct mgmt_pending_cmd *cmd; 5487 5488 bt_dev_dbg(hdev, "status 0x%02x", status); 5489 5490 hci_dev_lock(hdev); 5491 5492 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 5493 if (!cmd) 5494 goto unlock; 5495 5496 if (status) { 5497 u8 mgmt_err = mgmt_status(status); 5498 5499 /* We need to restore the flag if related HCI commands 5500 * failed. 5501 */ 5502 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 5503 5504 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 5505 } else { 5506 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 5507 new_settings(hdev, cmd->sk); 5508 } 5509 5510 mgmt_pending_remove(cmd); 5511 5512 unlock: 5513 hci_dev_unlock(hdev); 5514 } 5515 5516 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 5517 { 5518 struct mgmt_mode *cp = data; 5519 struct mgmt_pending_cmd *cmd; 5520 struct hci_request req; 5521 int err; 5522 5523 bt_dev_dbg(hdev, "sock %p", sk); 5524 5525 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 5526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5527 MGMT_STATUS_NOT_SUPPORTED); 5528 5529 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 5530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5531 MGMT_STATUS_REJECTED); 5532 5533 if (cp->val != 0x00 && cp->val != 0x01) 5534 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5535 MGMT_STATUS_INVALID_PARAMS); 5536 5537 hci_dev_lock(hdev); 5538 5539 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 5540 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 5541 goto unlock; 5542 } 5543 5544 if (!hdev_is_powered(hdev)) { 5545 if (!cp->val) { 5546 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 5547 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 5548 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 5549 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 5550 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 5551 } 5552 5553 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 5554 5555 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 5556 if (err < 0) 5557 goto unlock; 5558 5559 err = new_settings(hdev, sk); 5560 goto unlock; 5561 } 5562 5563 /* Reject disabling when powered on */ 5564 if (!cp->val) { 5565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5566 MGMT_STATUS_REJECTED); 5567 goto unlock; 5568 } else { 5569 /* When configuring a dual-mode controller to operate 5570 * with LE only and using a static address, then switching 5571 * BR/EDR back on is not allowed. 5572 * 5573 * Dual-mode controllers shall operate with the public 5574 * address as its identity address for BR/EDR and LE. So 5575 * reject the attempt to create an invalid configuration. 5576 * 5577 * The same restrictions applies when secure connections 5578 * has been enabled. For BR/EDR this is a controller feature 5579 * while for LE it is a host stack feature. This means that 5580 * switching BR/EDR back on when secure connections has been 5581 * enabled is not a supported transaction. 5582 */ 5583 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5584 (bacmp(&hdev->static_addr, BDADDR_ANY) || 5585 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 5586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5587 MGMT_STATUS_REJECTED); 5588 goto unlock; 5589 } 5590 } 5591 5592 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 5593 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 5594 MGMT_STATUS_BUSY); 5595 goto unlock; 5596 } 5597 5598 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 5599 if (!cmd) { 5600 err = -ENOMEM; 5601 goto unlock; 5602 } 5603 5604 /* We need to flip the bit already here so that 5605 * hci_req_update_adv_data generates the correct flags. 5606 */ 5607 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 5608 5609 hci_req_init(&req, hdev); 5610 5611 __hci_req_write_fast_connectable(&req, false); 5612 __hci_req_update_scan(&req); 5613 5614 /* Since only the advertising data flags will change, there 5615 * is no need to update the scan response data. 5616 */ 5617 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 5618 5619 err = hci_req_run(&req, set_bredr_complete); 5620 if (err < 0) 5621 mgmt_pending_remove(cmd); 5622 5623 unlock: 5624 hci_dev_unlock(hdev); 5625 return err; 5626 } 5627 5628 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5629 { 5630 struct mgmt_pending_cmd *cmd; 5631 struct mgmt_mode *cp; 5632 5633 bt_dev_dbg(hdev, "status %u", status); 5634 5635 hci_dev_lock(hdev); 5636 5637 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 5638 if (!cmd) 5639 goto unlock; 5640 5641 if (status) { 5642 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 5643 mgmt_status(status)); 5644 goto remove; 5645 } 5646 5647 cp = cmd->param; 5648 5649 switch (cp->val) { 5650 case 0x00: 5651 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 5652 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 5653 break; 5654 case 0x01: 5655 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 5656 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 5657 break; 5658 case 0x02: 5659 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 5660 hci_dev_set_flag(hdev, HCI_SC_ONLY); 5661 break; 5662 } 5663 5664 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 5665 new_settings(hdev, cmd->sk); 5666 5667 remove: 5668 mgmt_pending_remove(cmd); 5669 unlock: 5670 hci_dev_unlock(hdev); 5671 } 5672 5673 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 5674 void *data, u16 len) 5675 { 5676 struct mgmt_mode *cp = data; 5677 struct mgmt_pending_cmd *cmd; 5678 struct hci_request req; 5679 u8 val; 5680 int err; 5681 5682 bt_dev_dbg(hdev, "sock %p", sk); 5683 5684 if (!lmp_sc_capable(hdev) && 5685 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 5686 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 5687 MGMT_STATUS_NOT_SUPPORTED); 5688 5689 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5690 lmp_sc_capable(hdev) && 5691 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 5692 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 5693 MGMT_STATUS_REJECTED); 5694 5695 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 5696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 5697 MGMT_STATUS_INVALID_PARAMS); 5698 5699 hci_dev_lock(hdev); 5700 5701 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 5702 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 5703 bool changed; 5704 5705 if (cp->val) { 5706 changed = !hci_dev_test_and_set_flag(hdev, 5707 HCI_SC_ENABLED); 5708 if (cp->val == 0x02) 5709 hci_dev_set_flag(hdev, HCI_SC_ONLY); 5710 else 5711 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 5712 } else { 5713 changed = hci_dev_test_and_clear_flag(hdev, 5714 HCI_SC_ENABLED); 5715 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 5716 } 5717 5718 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 5719 if (err < 0) 5720 goto failed; 5721 5722 if (changed) 5723 err = new_settings(hdev, sk); 5724 5725 goto failed; 5726 } 5727 5728 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 5729 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 5730 MGMT_STATUS_BUSY); 5731 goto failed; 5732 } 5733 5734 val = !!cp->val; 5735 5736 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 5737 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 5738 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 5739 goto failed; 5740 } 5741 5742 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 5743 if (!cmd) { 5744 err = -ENOMEM; 5745 goto failed; 5746 } 5747 5748 hci_req_init(&req, hdev); 5749 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 5750 err = hci_req_run(&req, sc_enable_complete); 5751 if (err < 0) { 5752 mgmt_pending_remove(cmd); 5753 goto failed; 5754 } 5755 5756 failed: 5757 hci_dev_unlock(hdev); 5758 return err; 5759 } 5760 5761 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 5762 void *data, u16 len) 5763 { 5764 struct mgmt_mode *cp = data; 5765 bool changed, use_changed; 5766 int err; 5767 5768 bt_dev_dbg(hdev, "sock %p", sk); 5769 5770 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 5771 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 5772 MGMT_STATUS_INVALID_PARAMS); 5773 5774 hci_dev_lock(hdev); 5775 5776 if (cp->val) 5777 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 5778 else 5779 changed = hci_dev_test_and_clear_flag(hdev, 5780 HCI_KEEP_DEBUG_KEYS); 5781 5782 if (cp->val == 0x02) 5783 use_changed = !hci_dev_test_and_set_flag(hdev, 5784 HCI_USE_DEBUG_KEYS); 5785 else 5786 use_changed = hci_dev_test_and_clear_flag(hdev, 5787 HCI_USE_DEBUG_KEYS); 5788 5789 if (hdev_is_powered(hdev) && use_changed && 5790 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 5791 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 5792 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 5793 sizeof(mode), &mode); 5794 } 5795 5796 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 5797 if (err < 0) 5798 goto unlock; 5799 5800 if (changed) 5801 err = new_settings(hdev, sk); 5802 5803 unlock: 5804 hci_dev_unlock(hdev); 5805 return err; 5806 } 5807 5808 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 5809 u16 len) 5810 { 5811 struct mgmt_cp_set_privacy *cp = cp_data; 5812 bool changed; 5813 int err; 5814 5815 bt_dev_dbg(hdev, "sock %p", sk); 5816 5817 if (!lmp_le_capable(hdev)) 5818 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5819 MGMT_STATUS_NOT_SUPPORTED); 5820 5821 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 5822 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5823 MGMT_STATUS_INVALID_PARAMS); 5824 5825 if (hdev_is_powered(hdev)) 5826 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5827 MGMT_STATUS_REJECTED); 5828 5829 hci_dev_lock(hdev); 5830 5831 /* If user space supports this command it is also expected to 5832 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 5833 */ 5834 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5835 5836 if (cp->privacy) { 5837 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 5838 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 5839 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 5840 hci_adv_instances_set_rpa_expired(hdev, true); 5841 if (cp->privacy == 0x02) 5842 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 5843 else 5844 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 5845 } else { 5846 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 5847 memset(hdev->irk, 0, sizeof(hdev->irk)); 5848 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 5849 hci_adv_instances_set_rpa_expired(hdev, false); 5850 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 5851 } 5852 5853 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 5854 if (err < 0) 5855 goto unlock; 5856 5857 if (changed) 5858 err = new_settings(hdev, sk); 5859 5860 unlock: 5861 hci_dev_unlock(hdev); 5862 return err; 5863 } 5864 5865 static bool irk_is_valid(struct mgmt_irk_info *irk) 5866 { 5867 switch (irk->addr.type) { 5868 case BDADDR_LE_PUBLIC: 5869 return true; 5870 5871 case BDADDR_LE_RANDOM: 5872 /* Two most significant bits shall be set */ 5873 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5874 return false; 5875 return true; 5876 } 5877 5878 return false; 5879 } 5880 5881 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 5882 u16 len) 5883 { 5884 struct mgmt_cp_load_irks *cp = cp_data; 5885 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 5886 sizeof(struct mgmt_irk_info)); 5887 u16 irk_count, expected_len; 5888 int i, err; 5889 5890 bt_dev_dbg(hdev, "sock %p", sk); 5891 5892 if (!lmp_le_capable(hdev)) 5893 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5894 MGMT_STATUS_NOT_SUPPORTED); 5895 5896 irk_count = __le16_to_cpu(cp->irk_count); 5897 if (irk_count > max_irk_count) { 5898 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 5899 irk_count); 5900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5901 MGMT_STATUS_INVALID_PARAMS); 5902 } 5903 5904 expected_len = struct_size(cp, irks, irk_count); 5905 if (expected_len != len) { 5906 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 5907 expected_len, len); 5908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5909 MGMT_STATUS_INVALID_PARAMS); 5910 } 5911 5912 bt_dev_dbg(hdev, "irk_count %u", irk_count); 5913 5914 for (i = 0; i < irk_count; i++) { 5915 struct mgmt_irk_info *key = &cp->irks[i]; 5916 5917 if (!irk_is_valid(key)) 5918 return mgmt_cmd_status(sk, hdev->id, 5919 MGMT_OP_LOAD_IRKS, 5920 MGMT_STATUS_INVALID_PARAMS); 5921 } 5922 5923 hci_dev_lock(hdev); 5924 5925 hci_smp_irks_clear(hdev); 5926 5927 for (i = 0; i < irk_count; i++) { 5928 struct mgmt_irk_info *irk = &cp->irks[i]; 5929 5930 if (hci_is_blocked_key(hdev, 5931 HCI_BLOCKED_KEY_TYPE_IRK, 5932 irk->val)) { 5933 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 5934 &irk->addr.bdaddr); 5935 continue; 5936 } 5937 5938 hci_add_irk(hdev, &irk->addr.bdaddr, 5939 le_addr_type(irk->addr.type), irk->val, 5940 BDADDR_ANY); 5941 } 5942 5943 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5944 5945 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 5946 5947 hci_dev_unlock(hdev); 5948 5949 return err; 5950 } 5951 5952 static bool ltk_is_valid(struct mgmt_ltk_info *key) 5953 { 5954 if (key->master != 0x00 && key->master != 0x01) 5955 return false; 5956 5957 switch (key->addr.type) { 5958 case BDADDR_LE_PUBLIC: 5959 return true; 5960 5961 case BDADDR_LE_RANDOM: 5962 /* Two most significant bits shall be set */ 5963 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5964 return false; 5965 return true; 5966 } 5967 5968 return false; 5969 } 5970 5971 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 5972 void *cp_data, u16 len) 5973 { 5974 struct mgmt_cp_load_long_term_keys *cp = cp_data; 5975 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 5976 sizeof(struct mgmt_ltk_info)); 5977 u16 key_count, expected_len; 5978 int i, err; 5979 5980 bt_dev_dbg(hdev, "sock %p", sk); 5981 5982 if (!lmp_le_capable(hdev)) 5983 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5984 MGMT_STATUS_NOT_SUPPORTED); 5985 5986 key_count = __le16_to_cpu(cp->key_count); 5987 if (key_count > max_key_count) { 5988 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 5989 key_count); 5990 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5991 MGMT_STATUS_INVALID_PARAMS); 5992 } 5993 5994 expected_len = struct_size(cp, keys, key_count); 5995 if (expected_len != len) { 5996 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 5997 expected_len, len); 5998 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5999 MGMT_STATUS_INVALID_PARAMS); 6000 } 6001 6002 bt_dev_dbg(hdev, "key_count %u", key_count); 6003 6004 for (i = 0; i < key_count; i++) { 6005 struct mgmt_ltk_info *key = &cp->keys[i]; 6006 6007 if (!ltk_is_valid(key)) 6008 return mgmt_cmd_status(sk, hdev->id, 6009 MGMT_OP_LOAD_LONG_TERM_KEYS, 6010 MGMT_STATUS_INVALID_PARAMS); 6011 } 6012 6013 hci_dev_lock(hdev); 6014 6015 hci_smp_ltks_clear(hdev); 6016 6017 for (i = 0; i < key_count; i++) { 6018 struct mgmt_ltk_info *key = &cp->keys[i]; 6019 u8 type, authenticated; 6020 6021 if (hci_is_blocked_key(hdev, 6022 HCI_BLOCKED_KEY_TYPE_LTK, 6023 key->val)) { 6024 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 6025 &key->addr.bdaddr); 6026 continue; 6027 } 6028 6029 switch (key->type) { 6030 case MGMT_LTK_UNAUTHENTICATED: 6031 authenticated = 0x00; 6032 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 6033 break; 6034 case MGMT_LTK_AUTHENTICATED: 6035 authenticated = 0x01; 6036 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 6037 break; 6038 case MGMT_LTK_P256_UNAUTH: 6039 authenticated = 0x00; 6040 type = SMP_LTK_P256; 6041 break; 6042 case MGMT_LTK_P256_AUTH: 6043 authenticated = 0x01; 6044 type = SMP_LTK_P256; 6045 break; 6046 case MGMT_LTK_P256_DEBUG: 6047 authenticated = 0x00; 6048 type = SMP_LTK_P256_DEBUG; 6049 fallthrough; 6050 default: 6051 continue; 6052 } 6053 6054 hci_add_ltk(hdev, &key->addr.bdaddr, 6055 le_addr_type(key->addr.type), type, authenticated, 6056 key->val, key->enc_size, key->ediv, key->rand); 6057 } 6058 6059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 6060 NULL, 0); 6061 6062 hci_dev_unlock(hdev); 6063 6064 return err; 6065 } 6066 6067 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 6068 { 6069 struct hci_conn *conn = cmd->user_data; 6070 struct mgmt_rp_get_conn_info rp; 6071 int err; 6072 6073 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 6074 6075 if (status == MGMT_STATUS_SUCCESS) { 6076 rp.rssi = conn->rssi; 6077 rp.tx_power = conn->tx_power; 6078 rp.max_tx_power = conn->max_tx_power; 6079 } else { 6080 rp.rssi = HCI_RSSI_INVALID; 6081 rp.tx_power = HCI_TX_POWER_INVALID; 6082 rp.max_tx_power = HCI_TX_POWER_INVALID; 6083 } 6084 6085 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 6086 status, &rp, sizeof(rp)); 6087 6088 hci_conn_drop(conn); 6089 hci_conn_put(conn); 6090 6091 return err; 6092 } 6093 6094 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 6095 u16 opcode) 6096 { 6097 struct hci_cp_read_rssi *cp; 6098 struct mgmt_pending_cmd *cmd; 6099 struct hci_conn *conn; 6100 u16 handle; 6101 u8 status; 6102 6103 bt_dev_dbg(hdev, "status 0x%02x", hci_status); 6104 6105 hci_dev_lock(hdev); 6106 6107 /* Commands sent in request are either Read RSSI or Read Transmit Power 6108 * Level so we check which one was last sent to retrieve connection 6109 * handle. Both commands have handle as first parameter so it's safe to 6110 * cast data on the same command struct. 6111 * 6112 * First command sent is always Read RSSI and we fail only if it fails. 6113 * In other case we simply override error to indicate success as we 6114 * already remembered if TX power value is actually valid. 6115 */ 6116 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 6117 if (!cp) { 6118 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 6119 status = MGMT_STATUS_SUCCESS; 6120 } else { 6121 status = mgmt_status(hci_status); 6122 } 6123 6124 if (!cp) { 6125 bt_dev_err(hdev, "invalid sent_cmd in conn_info response"); 6126 goto unlock; 6127 } 6128 6129 handle = __le16_to_cpu(cp->handle); 6130 conn = hci_conn_hash_lookup_handle(hdev, handle); 6131 if (!conn) { 6132 bt_dev_err(hdev, "unknown handle (%d) in conn_info response", 6133 handle); 6134 goto unlock; 6135 } 6136 6137 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 6138 if (!cmd) 6139 goto unlock; 6140 6141 cmd->cmd_complete(cmd, status); 6142 mgmt_pending_remove(cmd); 6143 6144 unlock: 6145 hci_dev_unlock(hdev); 6146 } 6147 6148 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 6149 u16 len) 6150 { 6151 struct mgmt_cp_get_conn_info *cp = data; 6152 struct mgmt_rp_get_conn_info rp; 6153 struct hci_conn *conn; 6154 unsigned long conn_info_age; 6155 int err = 0; 6156 6157 bt_dev_dbg(hdev, "sock %p", sk); 6158 6159 memset(&rp, 0, sizeof(rp)); 6160 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6161 rp.addr.type = cp->addr.type; 6162 6163 if (!bdaddr_type_is_valid(cp->addr.type)) 6164 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6165 MGMT_STATUS_INVALID_PARAMS, 6166 &rp, sizeof(rp)); 6167 6168 hci_dev_lock(hdev); 6169 6170 if (!hdev_is_powered(hdev)) { 6171 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6172 MGMT_STATUS_NOT_POWERED, &rp, 6173 sizeof(rp)); 6174 goto unlock; 6175 } 6176 6177 if (cp->addr.type == BDADDR_BREDR) 6178 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6179 &cp->addr.bdaddr); 6180 else 6181 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 6182 6183 if (!conn || conn->state != BT_CONNECTED) { 6184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6185 MGMT_STATUS_NOT_CONNECTED, &rp, 6186 sizeof(rp)); 6187 goto unlock; 6188 } 6189 6190 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 6191 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6192 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 6193 goto unlock; 6194 } 6195 6196 /* To avoid client trying to guess when to poll again for information we 6197 * calculate conn info age as random value between min/max set in hdev. 6198 */ 6199 conn_info_age = hdev->conn_info_min_age + 6200 prandom_u32_max(hdev->conn_info_max_age - 6201 hdev->conn_info_min_age); 6202 6203 /* Query controller to refresh cached values if they are too old or were 6204 * never read. 6205 */ 6206 if (time_after(jiffies, conn->conn_info_timestamp + 6207 msecs_to_jiffies(conn_info_age)) || 6208 !conn->conn_info_timestamp) { 6209 struct hci_request req; 6210 struct hci_cp_read_tx_power req_txp_cp; 6211 struct hci_cp_read_rssi req_rssi_cp; 6212 struct mgmt_pending_cmd *cmd; 6213 6214 hci_req_init(&req, hdev); 6215 req_rssi_cp.handle = cpu_to_le16(conn->handle); 6216 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 6217 &req_rssi_cp); 6218 6219 /* For LE links TX power does not change thus we don't need to 6220 * query for it once value is known. 6221 */ 6222 if (!bdaddr_type_is_le(cp->addr.type) || 6223 conn->tx_power == HCI_TX_POWER_INVALID) { 6224 req_txp_cp.handle = cpu_to_le16(conn->handle); 6225 req_txp_cp.type = 0x00; 6226 hci_req_add(&req, HCI_OP_READ_TX_POWER, 6227 sizeof(req_txp_cp), &req_txp_cp); 6228 } 6229 6230 /* Max TX power needs to be read only once per connection */ 6231 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 6232 req_txp_cp.handle = cpu_to_le16(conn->handle); 6233 req_txp_cp.type = 0x01; 6234 hci_req_add(&req, HCI_OP_READ_TX_POWER, 6235 sizeof(req_txp_cp), &req_txp_cp); 6236 } 6237 6238 err = hci_req_run(&req, conn_info_refresh_complete); 6239 if (err < 0) 6240 goto unlock; 6241 6242 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 6243 data, len); 6244 if (!cmd) { 6245 err = -ENOMEM; 6246 goto unlock; 6247 } 6248 6249 hci_conn_hold(conn); 6250 cmd->user_data = hci_conn_get(conn); 6251 cmd->cmd_complete = conn_info_cmd_complete; 6252 6253 conn->conn_info_timestamp = jiffies; 6254 } else { 6255 /* Cache is valid, just reply with values cached in hci_conn */ 6256 rp.rssi = conn->rssi; 6257 rp.tx_power = conn->tx_power; 6258 rp.max_tx_power = conn->max_tx_power; 6259 6260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6261 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6262 } 6263 6264 unlock: 6265 hci_dev_unlock(hdev); 6266 return err; 6267 } 6268 6269 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 6270 { 6271 struct hci_conn *conn = cmd->user_data; 6272 struct mgmt_rp_get_clock_info rp; 6273 struct hci_dev *hdev; 6274 int err; 6275 6276 memset(&rp, 0, sizeof(rp)); 6277 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 6278 6279 if (status) 6280 goto complete; 6281 6282 hdev = hci_dev_get(cmd->index); 6283 if (hdev) { 6284 rp.local_clock = cpu_to_le32(hdev->clock); 6285 hci_dev_put(hdev); 6286 } 6287 6288 if (conn) { 6289 rp.piconet_clock = cpu_to_le32(conn->clock); 6290 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 6291 } 6292 6293 complete: 6294 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 6295 sizeof(rp)); 6296 6297 if (conn) { 6298 hci_conn_drop(conn); 6299 hci_conn_put(conn); 6300 } 6301 6302 return err; 6303 } 6304 6305 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 6306 { 6307 struct hci_cp_read_clock *hci_cp; 6308 struct mgmt_pending_cmd *cmd; 6309 struct hci_conn *conn; 6310 6311 bt_dev_dbg(hdev, "status %u", status); 6312 6313 hci_dev_lock(hdev); 6314 6315 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 6316 if (!hci_cp) 6317 goto unlock; 6318 6319 if (hci_cp->which) { 6320 u16 handle = __le16_to_cpu(hci_cp->handle); 6321 conn = hci_conn_hash_lookup_handle(hdev, handle); 6322 } else { 6323 conn = NULL; 6324 } 6325 6326 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 6327 if (!cmd) 6328 goto unlock; 6329 6330 cmd->cmd_complete(cmd, mgmt_status(status)); 6331 mgmt_pending_remove(cmd); 6332 6333 unlock: 6334 hci_dev_unlock(hdev); 6335 } 6336 6337 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 6338 u16 len) 6339 { 6340 struct mgmt_cp_get_clock_info *cp = data; 6341 struct mgmt_rp_get_clock_info rp; 6342 struct hci_cp_read_clock hci_cp; 6343 struct mgmt_pending_cmd *cmd; 6344 struct hci_request req; 6345 struct hci_conn *conn; 6346 int err; 6347 6348 bt_dev_dbg(hdev, "sock %p", sk); 6349 6350 memset(&rp, 0, sizeof(rp)); 6351 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6352 rp.addr.type = cp->addr.type; 6353 6354 if (cp->addr.type != BDADDR_BREDR) 6355 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 6356 MGMT_STATUS_INVALID_PARAMS, 6357 &rp, sizeof(rp)); 6358 6359 hci_dev_lock(hdev); 6360 6361 if (!hdev_is_powered(hdev)) { 6362 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 6363 MGMT_STATUS_NOT_POWERED, &rp, 6364 sizeof(rp)); 6365 goto unlock; 6366 } 6367 6368 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 6369 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6370 &cp->addr.bdaddr); 6371 if (!conn || conn->state != BT_CONNECTED) { 6372 err = mgmt_cmd_complete(sk, hdev->id, 6373 MGMT_OP_GET_CLOCK_INFO, 6374 MGMT_STATUS_NOT_CONNECTED, 6375 &rp, sizeof(rp)); 6376 goto unlock; 6377 } 6378 } else { 6379 conn = NULL; 6380 } 6381 6382 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 6383 if (!cmd) { 6384 err = -ENOMEM; 6385 goto unlock; 6386 } 6387 6388 cmd->cmd_complete = clock_info_cmd_complete; 6389 6390 hci_req_init(&req, hdev); 6391 6392 memset(&hci_cp, 0, sizeof(hci_cp)); 6393 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 6394 6395 if (conn) { 6396 hci_conn_hold(conn); 6397 cmd->user_data = hci_conn_get(conn); 6398 6399 hci_cp.handle = cpu_to_le16(conn->handle); 6400 hci_cp.which = 0x01; /* Piconet clock */ 6401 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 6402 } 6403 6404 err = hci_req_run(&req, get_clock_info_complete); 6405 if (err < 0) 6406 mgmt_pending_remove(cmd); 6407 6408 unlock: 6409 hci_dev_unlock(hdev); 6410 return err; 6411 } 6412 6413 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 6414 { 6415 struct hci_conn *conn; 6416 6417 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 6418 if (!conn) 6419 return false; 6420 6421 if (conn->dst_type != type) 6422 return false; 6423 6424 if (conn->state != BT_CONNECTED) 6425 return false; 6426 6427 return true; 6428 } 6429 6430 /* This function requires the caller holds hdev->lock */ 6431 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 6432 u8 addr_type, u8 auto_connect) 6433 { 6434 struct hci_conn_params *params; 6435 6436 params = hci_conn_params_add(hdev, addr, addr_type); 6437 if (!params) 6438 return -EIO; 6439 6440 if (params->auto_connect == auto_connect) 6441 return 0; 6442 6443 list_del_init(¶ms->action); 6444 6445 switch (auto_connect) { 6446 case HCI_AUTO_CONN_DISABLED: 6447 case HCI_AUTO_CONN_LINK_LOSS: 6448 /* If auto connect is being disabled when we're trying to 6449 * connect to device, keep connecting. 6450 */ 6451 if (params->explicit_connect) 6452 list_add(¶ms->action, &hdev->pend_le_conns); 6453 break; 6454 case HCI_AUTO_CONN_REPORT: 6455 if (params->explicit_connect) 6456 list_add(¶ms->action, &hdev->pend_le_conns); 6457 else 6458 list_add(¶ms->action, &hdev->pend_le_reports); 6459 break; 6460 case HCI_AUTO_CONN_DIRECT: 6461 case HCI_AUTO_CONN_ALWAYS: 6462 if (!is_connected(hdev, addr, addr_type)) 6463 list_add(¶ms->action, &hdev->pend_le_conns); 6464 break; 6465 } 6466 6467 params->auto_connect = auto_connect; 6468 6469 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 6470 addr, addr_type, auto_connect); 6471 6472 return 0; 6473 } 6474 6475 static void device_added(struct sock *sk, struct hci_dev *hdev, 6476 bdaddr_t *bdaddr, u8 type, u8 action) 6477 { 6478 struct mgmt_ev_device_added ev; 6479 6480 bacpy(&ev.addr.bdaddr, bdaddr); 6481 ev.addr.type = type; 6482 ev.action = action; 6483 6484 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 6485 } 6486 6487 static int add_device(struct sock *sk, struct hci_dev *hdev, 6488 void *data, u16 len) 6489 { 6490 struct mgmt_cp_add_device *cp = data; 6491 u8 auto_conn, addr_type; 6492 struct hci_conn_params *params; 6493 int err; 6494 u32 current_flags = 0; 6495 6496 bt_dev_dbg(hdev, "sock %p", sk); 6497 6498 if (!bdaddr_type_is_valid(cp->addr.type) || 6499 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 6500 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6501 MGMT_STATUS_INVALID_PARAMS, 6502 &cp->addr, sizeof(cp->addr)); 6503 6504 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 6505 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6506 MGMT_STATUS_INVALID_PARAMS, 6507 &cp->addr, sizeof(cp->addr)); 6508 6509 hci_dev_lock(hdev); 6510 6511 if (cp->addr.type == BDADDR_BREDR) { 6512 /* Only incoming connections action is supported for now */ 6513 if (cp->action != 0x01) { 6514 err = mgmt_cmd_complete(sk, hdev->id, 6515 MGMT_OP_ADD_DEVICE, 6516 MGMT_STATUS_INVALID_PARAMS, 6517 &cp->addr, sizeof(cp->addr)); 6518 goto unlock; 6519 } 6520 6521 err = hci_bdaddr_list_add_with_flags(&hdev->whitelist, 6522 &cp->addr.bdaddr, 6523 cp->addr.type, 0); 6524 if (err) 6525 goto unlock; 6526 6527 hci_req_update_scan(hdev); 6528 6529 goto added; 6530 } 6531 6532 addr_type = le_addr_type(cp->addr.type); 6533 6534 if (cp->action == 0x02) 6535 auto_conn = HCI_AUTO_CONN_ALWAYS; 6536 else if (cp->action == 0x01) 6537 auto_conn = HCI_AUTO_CONN_DIRECT; 6538 else 6539 auto_conn = HCI_AUTO_CONN_REPORT; 6540 6541 /* Kernel internally uses conn_params with resolvable private 6542 * address, but Add Device allows only identity addresses. 6543 * Make sure it is enforced before calling 6544 * hci_conn_params_lookup. 6545 */ 6546 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 6547 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6548 MGMT_STATUS_INVALID_PARAMS, 6549 &cp->addr, sizeof(cp->addr)); 6550 goto unlock; 6551 } 6552 6553 /* If the connection parameters don't exist for this device, 6554 * they will be created and configured with defaults. 6555 */ 6556 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 6557 auto_conn) < 0) { 6558 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6559 MGMT_STATUS_FAILED, &cp->addr, 6560 sizeof(cp->addr)); 6561 goto unlock; 6562 } else { 6563 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 6564 addr_type); 6565 if (params) 6566 current_flags = params->current_flags; 6567 } 6568 6569 hci_update_background_scan(hdev); 6570 6571 added: 6572 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 6573 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 6574 SUPPORTED_DEVICE_FLAGS(), current_flags); 6575 6576 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6577 MGMT_STATUS_SUCCESS, &cp->addr, 6578 sizeof(cp->addr)); 6579 6580 unlock: 6581 hci_dev_unlock(hdev); 6582 return err; 6583 } 6584 6585 static void device_removed(struct sock *sk, struct hci_dev *hdev, 6586 bdaddr_t *bdaddr, u8 type) 6587 { 6588 struct mgmt_ev_device_removed ev; 6589 6590 bacpy(&ev.addr.bdaddr, bdaddr); 6591 ev.addr.type = type; 6592 6593 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 6594 } 6595 6596 static int remove_device(struct sock *sk, struct hci_dev *hdev, 6597 void *data, u16 len) 6598 { 6599 struct mgmt_cp_remove_device *cp = data; 6600 int err; 6601 6602 bt_dev_dbg(hdev, "sock %p", sk); 6603 6604 hci_dev_lock(hdev); 6605 6606 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 6607 struct hci_conn_params *params; 6608 u8 addr_type; 6609 6610 if (!bdaddr_type_is_valid(cp->addr.type)) { 6611 err = mgmt_cmd_complete(sk, hdev->id, 6612 MGMT_OP_REMOVE_DEVICE, 6613 MGMT_STATUS_INVALID_PARAMS, 6614 &cp->addr, sizeof(cp->addr)); 6615 goto unlock; 6616 } 6617 6618 if (cp->addr.type == BDADDR_BREDR) { 6619 err = hci_bdaddr_list_del(&hdev->whitelist, 6620 &cp->addr.bdaddr, 6621 cp->addr.type); 6622 if (err) { 6623 err = mgmt_cmd_complete(sk, hdev->id, 6624 MGMT_OP_REMOVE_DEVICE, 6625 MGMT_STATUS_INVALID_PARAMS, 6626 &cp->addr, 6627 sizeof(cp->addr)); 6628 goto unlock; 6629 } 6630 6631 hci_req_update_scan(hdev); 6632 6633 device_removed(sk, hdev, &cp->addr.bdaddr, 6634 cp->addr.type); 6635 goto complete; 6636 } 6637 6638 addr_type = le_addr_type(cp->addr.type); 6639 6640 /* Kernel internally uses conn_params with resolvable private 6641 * address, but Remove Device allows only identity addresses. 6642 * Make sure it is enforced before calling 6643 * hci_conn_params_lookup. 6644 */ 6645 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 6646 err = mgmt_cmd_complete(sk, hdev->id, 6647 MGMT_OP_REMOVE_DEVICE, 6648 MGMT_STATUS_INVALID_PARAMS, 6649 &cp->addr, sizeof(cp->addr)); 6650 goto unlock; 6651 } 6652 6653 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 6654 addr_type); 6655 if (!params) { 6656 err = mgmt_cmd_complete(sk, hdev->id, 6657 MGMT_OP_REMOVE_DEVICE, 6658 MGMT_STATUS_INVALID_PARAMS, 6659 &cp->addr, sizeof(cp->addr)); 6660 goto unlock; 6661 } 6662 6663 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 6664 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 6665 err = mgmt_cmd_complete(sk, hdev->id, 6666 MGMT_OP_REMOVE_DEVICE, 6667 MGMT_STATUS_INVALID_PARAMS, 6668 &cp->addr, sizeof(cp->addr)); 6669 goto unlock; 6670 } 6671 6672 list_del(¶ms->action); 6673 list_del(¶ms->list); 6674 kfree(params); 6675 hci_update_background_scan(hdev); 6676 6677 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 6678 } else { 6679 struct hci_conn_params *p, *tmp; 6680 struct bdaddr_list *b, *btmp; 6681 6682 if (cp->addr.type) { 6683 err = mgmt_cmd_complete(sk, hdev->id, 6684 MGMT_OP_REMOVE_DEVICE, 6685 MGMT_STATUS_INVALID_PARAMS, 6686 &cp->addr, sizeof(cp->addr)); 6687 goto unlock; 6688 } 6689 6690 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 6691 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 6692 list_del(&b->list); 6693 kfree(b); 6694 } 6695 6696 hci_req_update_scan(hdev); 6697 6698 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 6699 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 6700 continue; 6701 device_removed(sk, hdev, &p->addr, p->addr_type); 6702 if (p->explicit_connect) { 6703 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 6704 continue; 6705 } 6706 list_del(&p->action); 6707 list_del(&p->list); 6708 kfree(p); 6709 } 6710 6711 bt_dev_dbg(hdev, "All LE connection parameters were removed"); 6712 6713 hci_update_background_scan(hdev); 6714 } 6715 6716 complete: 6717 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 6718 MGMT_STATUS_SUCCESS, &cp->addr, 6719 sizeof(cp->addr)); 6720 unlock: 6721 hci_dev_unlock(hdev); 6722 return err; 6723 } 6724 6725 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 6726 u16 len) 6727 { 6728 struct mgmt_cp_load_conn_param *cp = data; 6729 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 6730 sizeof(struct mgmt_conn_param)); 6731 u16 param_count, expected_len; 6732 int i; 6733 6734 if (!lmp_le_capable(hdev)) 6735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 6736 MGMT_STATUS_NOT_SUPPORTED); 6737 6738 param_count = __le16_to_cpu(cp->param_count); 6739 if (param_count > max_param_count) { 6740 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 6741 param_count); 6742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 6743 MGMT_STATUS_INVALID_PARAMS); 6744 } 6745 6746 expected_len = struct_size(cp, params, param_count); 6747 if (expected_len != len) { 6748 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 6749 expected_len, len); 6750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 6751 MGMT_STATUS_INVALID_PARAMS); 6752 } 6753 6754 bt_dev_dbg(hdev, "param_count %u", param_count); 6755 6756 hci_dev_lock(hdev); 6757 6758 hci_conn_params_clear_disabled(hdev); 6759 6760 for (i = 0; i < param_count; i++) { 6761 struct mgmt_conn_param *param = &cp->params[i]; 6762 struct hci_conn_params *hci_param; 6763 u16 min, max, latency, timeout; 6764 u8 addr_type; 6765 6766 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr, 6767 param->addr.type); 6768 6769 if (param->addr.type == BDADDR_LE_PUBLIC) { 6770 addr_type = ADDR_LE_DEV_PUBLIC; 6771 } else if (param->addr.type == BDADDR_LE_RANDOM) { 6772 addr_type = ADDR_LE_DEV_RANDOM; 6773 } else { 6774 bt_dev_err(hdev, "ignoring invalid connection parameters"); 6775 continue; 6776 } 6777 6778 min = le16_to_cpu(param->min_interval); 6779 max = le16_to_cpu(param->max_interval); 6780 latency = le16_to_cpu(param->latency); 6781 timeout = le16_to_cpu(param->timeout); 6782 6783 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 6784 min, max, latency, timeout); 6785 6786 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 6787 bt_dev_err(hdev, "ignoring invalid connection parameters"); 6788 continue; 6789 } 6790 6791 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 6792 addr_type); 6793 if (!hci_param) { 6794 bt_dev_err(hdev, "failed to add connection parameters"); 6795 continue; 6796 } 6797 6798 hci_param->conn_min_interval = min; 6799 hci_param->conn_max_interval = max; 6800 hci_param->conn_latency = latency; 6801 hci_param->supervision_timeout = timeout; 6802 } 6803 6804 hci_dev_unlock(hdev); 6805 6806 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 6807 NULL, 0); 6808 } 6809 6810 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 6811 void *data, u16 len) 6812 { 6813 struct mgmt_cp_set_external_config *cp = data; 6814 bool changed; 6815 int err; 6816 6817 bt_dev_dbg(hdev, "sock %p", sk); 6818 6819 if (hdev_is_powered(hdev)) 6820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 6821 MGMT_STATUS_REJECTED); 6822 6823 if (cp->config != 0x00 && cp->config != 0x01) 6824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 6825 MGMT_STATUS_INVALID_PARAMS); 6826 6827 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 6828 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 6829 MGMT_STATUS_NOT_SUPPORTED); 6830 6831 hci_dev_lock(hdev); 6832 6833 if (cp->config) 6834 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 6835 else 6836 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 6837 6838 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 6839 if (err < 0) 6840 goto unlock; 6841 6842 if (!changed) 6843 goto unlock; 6844 6845 err = new_options(hdev, sk); 6846 6847 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 6848 mgmt_index_removed(hdev); 6849 6850 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 6851 hci_dev_set_flag(hdev, HCI_CONFIG); 6852 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6853 6854 queue_work(hdev->req_workqueue, &hdev->power_on); 6855 } else { 6856 set_bit(HCI_RAW, &hdev->flags); 6857 mgmt_index_added(hdev); 6858 } 6859 } 6860 6861 unlock: 6862 hci_dev_unlock(hdev); 6863 return err; 6864 } 6865 6866 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 6867 void *data, u16 len) 6868 { 6869 struct mgmt_cp_set_public_address *cp = data; 6870 bool changed; 6871 int err; 6872 6873 bt_dev_dbg(hdev, "sock %p", sk); 6874 6875 if (hdev_is_powered(hdev)) 6876 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6877 MGMT_STATUS_REJECTED); 6878 6879 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 6880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6881 MGMT_STATUS_INVALID_PARAMS); 6882 6883 if (!hdev->set_bdaddr) 6884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6885 MGMT_STATUS_NOT_SUPPORTED); 6886 6887 hci_dev_lock(hdev); 6888 6889 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 6890 bacpy(&hdev->public_addr, &cp->bdaddr); 6891 6892 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 6893 if (err < 0) 6894 goto unlock; 6895 6896 if (!changed) 6897 goto unlock; 6898 6899 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 6900 err = new_options(hdev, sk); 6901 6902 if (is_configured(hdev)) { 6903 mgmt_index_removed(hdev); 6904 6905 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 6906 6907 hci_dev_set_flag(hdev, HCI_CONFIG); 6908 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6909 6910 queue_work(hdev->req_workqueue, &hdev->power_on); 6911 } 6912 6913 unlock: 6914 hci_dev_unlock(hdev); 6915 return err; 6916 } 6917 6918 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 6919 u16 opcode, struct sk_buff *skb) 6920 { 6921 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 6922 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 6923 u8 *h192, *r192, *h256, *r256; 6924 struct mgmt_pending_cmd *cmd; 6925 u16 eir_len; 6926 int err; 6927 6928 bt_dev_dbg(hdev, "status %u", status); 6929 6930 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 6931 if (!cmd) 6932 return; 6933 6934 mgmt_cp = cmd->param; 6935 6936 if (status) { 6937 status = mgmt_status(status); 6938 eir_len = 0; 6939 6940 h192 = NULL; 6941 r192 = NULL; 6942 h256 = NULL; 6943 r256 = NULL; 6944 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 6945 struct hci_rp_read_local_oob_data *rp; 6946 6947 if (skb->len != sizeof(*rp)) { 6948 status = MGMT_STATUS_FAILED; 6949 eir_len = 0; 6950 } else { 6951 status = MGMT_STATUS_SUCCESS; 6952 rp = (void *)skb->data; 6953 6954 eir_len = 5 + 18 + 18; 6955 h192 = rp->hash; 6956 r192 = rp->rand; 6957 h256 = NULL; 6958 r256 = NULL; 6959 } 6960 } else { 6961 struct hci_rp_read_local_oob_ext_data *rp; 6962 6963 if (skb->len != sizeof(*rp)) { 6964 status = MGMT_STATUS_FAILED; 6965 eir_len = 0; 6966 } else { 6967 status = MGMT_STATUS_SUCCESS; 6968 rp = (void *)skb->data; 6969 6970 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6971 eir_len = 5 + 18 + 18; 6972 h192 = NULL; 6973 r192 = NULL; 6974 } else { 6975 eir_len = 5 + 18 + 18 + 18 + 18; 6976 h192 = rp->hash192; 6977 r192 = rp->rand192; 6978 } 6979 6980 h256 = rp->hash256; 6981 r256 = rp->rand256; 6982 } 6983 } 6984 6985 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 6986 if (!mgmt_rp) 6987 goto done; 6988 6989 if (status) 6990 goto send_rsp; 6991 6992 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 6993 hdev->dev_class, 3); 6994 6995 if (h192 && r192) { 6996 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6997 EIR_SSP_HASH_C192, h192, 16); 6998 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6999 EIR_SSP_RAND_R192, r192, 16); 7000 } 7001 7002 if (h256 && r256) { 7003 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7004 EIR_SSP_HASH_C256, h256, 16); 7005 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7006 EIR_SSP_RAND_R256, r256, 16); 7007 } 7008 7009 send_rsp: 7010 mgmt_rp->type = mgmt_cp->type; 7011 mgmt_rp->eir_len = cpu_to_le16(eir_len); 7012 7013 err = mgmt_cmd_complete(cmd->sk, hdev->id, 7014 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 7015 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 7016 if (err < 0 || status) 7017 goto done; 7018 7019 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 7020 7021 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 7022 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 7023 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 7024 done: 7025 kfree(mgmt_rp); 7026 mgmt_pending_remove(cmd); 7027 } 7028 7029 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 7030 struct mgmt_cp_read_local_oob_ext_data *cp) 7031 { 7032 struct mgmt_pending_cmd *cmd; 7033 struct hci_request req; 7034 int err; 7035 7036 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 7037 cp, sizeof(*cp)); 7038 if (!cmd) 7039 return -ENOMEM; 7040 7041 hci_req_init(&req, hdev); 7042 7043 if (bredr_sc_enabled(hdev)) 7044 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 7045 else 7046 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 7047 7048 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 7049 if (err < 0) { 7050 mgmt_pending_remove(cmd); 7051 return err; 7052 } 7053 7054 return 0; 7055 } 7056 7057 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 7058 void *data, u16 data_len) 7059 { 7060 struct mgmt_cp_read_local_oob_ext_data *cp = data; 7061 struct mgmt_rp_read_local_oob_ext_data *rp; 7062 size_t rp_len; 7063 u16 eir_len; 7064 u8 status, flags, role, addr[7], hash[16], rand[16]; 7065 int err; 7066 7067 bt_dev_dbg(hdev, "sock %p", sk); 7068 7069 if (hdev_is_powered(hdev)) { 7070 switch (cp->type) { 7071 case BIT(BDADDR_BREDR): 7072 status = mgmt_bredr_support(hdev); 7073 if (status) 7074 eir_len = 0; 7075 else 7076 eir_len = 5; 7077 break; 7078 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 7079 status = mgmt_le_support(hdev); 7080 if (status) 7081 eir_len = 0; 7082 else 7083 eir_len = 9 + 3 + 18 + 18 + 3; 7084 break; 7085 default: 7086 status = MGMT_STATUS_INVALID_PARAMS; 7087 eir_len = 0; 7088 break; 7089 } 7090 } else { 7091 status = MGMT_STATUS_NOT_POWERED; 7092 eir_len = 0; 7093 } 7094 7095 rp_len = sizeof(*rp) + eir_len; 7096 rp = kmalloc(rp_len, GFP_ATOMIC); 7097 if (!rp) 7098 return -ENOMEM; 7099 7100 if (status) 7101 goto complete; 7102 7103 hci_dev_lock(hdev); 7104 7105 eir_len = 0; 7106 switch (cp->type) { 7107 case BIT(BDADDR_BREDR): 7108 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7109 err = read_local_ssp_oob_req(hdev, sk, cp); 7110 hci_dev_unlock(hdev); 7111 if (!err) 7112 goto done; 7113 7114 status = MGMT_STATUS_FAILED; 7115 goto complete; 7116 } else { 7117 eir_len = eir_append_data(rp->eir, eir_len, 7118 EIR_CLASS_OF_DEV, 7119 hdev->dev_class, 3); 7120 } 7121 break; 7122 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 7123 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 7124 smp_generate_oob(hdev, hash, rand) < 0) { 7125 hci_dev_unlock(hdev); 7126 status = MGMT_STATUS_FAILED; 7127 goto complete; 7128 } 7129 7130 /* This should return the active RPA, but since the RPA 7131 * is only programmed on demand, it is really hard to fill 7132 * this in at the moment. For now disallow retrieving 7133 * local out-of-band data when privacy is in use. 7134 * 7135 * Returning the identity address will not help here since 7136 * pairing happens before the identity resolving key is 7137 * known and thus the connection establishment happens 7138 * based on the RPA and not the identity address. 7139 */ 7140 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 7141 hci_dev_unlock(hdev); 7142 status = MGMT_STATUS_REJECTED; 7143 goto complete; 7144 } 7145 7146 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 7147 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 7148 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 7149 bacmp(&hdev->static_addr, BDADDR_ANY))) { 7150 memcpy(addr, &hdev->static_addr, 6); 7151 addr[6] = 0x01; 7152 } else { 7153 memcpy(addr, &hdev->bdaddr, 6); 7154 addr[6] = 0x00; 7155 } 7156 7157 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 7158 addr, sizeof(addr)); 7159 7160 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 7161 role = 0x02; 7162 else 7163 role = 0x01; 7164 7165 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 7166 &role, sizeof(role)); 7167 7168 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 7169 eir_len = eir_append_data(rp->eir, eir_len, 7170 EIR_LE_SC_CONFIRM, 7171 hash, sizeof(hash)); 7172 7173 eir_len = eir_append_data(rp->eir, eir_len, 7174 EIR_LE_SC_RANDOM, 7175 rand, sizeof(rand)); 7176 } 7177 7178 flags = mgmt_get_adv_discov_flags(hdev); 7179 7180 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 7181 flags |= LE_AD_NO_BREDR; 7182 7183 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 7184 &flags, sizeof(flags)); 7185 break; 7186 } 7187 7188 hci_dev_unlock(hdev); 7189 7190 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 7191 7192 status = MGMT_STATUS_SUCCESS; 7193 7194 complete: 7195 rp->type = cp->type; 7196 rp->eir_len = cpu_to_le16(eir_len); 7197 7198 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 7199 status, rp, sizeof(*rp) + eir_len); 7200 if (err < 0 || status) 7201 goto done; 7202 7203 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 7204 rp, sizeof(*rp) + eir_len, 7205 HCI_MGMT_OOB_DATA_EVENTS, sk); 7206 7207 done: 7208 kfree(rp); 7209 7210 return err; 7211 } 7212 7213 static u32 get_supported_adv_flags(struct hci_dev *hdev) 7214 { 7215 u32 flags = 0; 7216 7217 flags |= MGMT_ADV_FLAG_CONNECTABLE; 7218 flags |= MGMT_ADV_FLAG_DISCOV; 7219 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 7220 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 7221 flags |= MGMT_ADV_FLAG_APPEARANCE; 7222 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 7223 flags |= MGMT_ADV_PARAM_DURATION; 7224 flags |= MGMT_ADV_PARAM_TIMEOUT; 7225 flags |= MGMT_ADV_PARAM_INTERVALS; 7226 flags |= MGMT_ADV_PARAM_TX_POWER; 7227 7228 /* In extended adv TX_POWER returned from Set Adv Param 7229 * will be always valid. 7230 */ 7231 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) || 7232 ext_adv_capable(hdev)) 7233 flags |= MGMT_ADV_FLAG_TX_POWER; 7234 7235 if (ext_adv_capable(hdev)) { 7236 flags |= MGMT_ADV_FLAG_SEC_1M; 7237 flags |= MGMT_ADV_FLAG_HW_OFFLOAD; 7238 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER; 7239 7240 if (hdev->le_features[1] & HCI_LE_PHY_2M) 7241 flags |= MGMT_ADV_FLAG_SEC_2M; 7242 7243 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 7244 flags |= MGMT_ADV_FLAG_SEC_CODED; 7245 } 7246 7247 return flags; 7248 } 7249 7250 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 7251 void *data, u16 data_len) 7252 { 7253 struct mgmt_rp_read_adv_features *rp; 7254 size_t rp_len; 7255 int err; 7256 struct adv_info *adv_instance; 7257 u32 supported_flags; 7258 u8 *instance; 7259 7260 bt_dev_dbg(hdev, "sock %p", sk); 7261 7262 if (!lmp_le_capable(hdev)) 7263 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 7264 MGMT_STATUS_REJECTED); 7265 7266 /* Enabling the experimental LL Privay support disables support for 7267 * advertising. 7268 */ 7269 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 7270 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 7271 MGMT_STATUS_NOT_SUPPORTED); 7272 7273 hci_dev_lock(hdev); 7274 7275 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 7276 rp = kmalloc(rp_len, GFP_ATOMIC); 7277 if (!rp) { 7278 hci_dev_unlock(hdev); 7279 return -ENOMEM; 7280 } 7281 7282 supported_flags = get_supported_adv_flags(hdev); 7283 7284 rp->supported_flags = cpu_to_le32(supported_flags); 7285 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 7286 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 7287 rp->max_instances = hdev->le_num_of_adv_sets; 7288 rp->num_instances = hdev->adv_instance_cnt; 7289 7290 instance = rp->instance; 7291 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 7292 *instance = adv_instance->instance; 7293 instance++; 7294 } 7295 7296 hci_dev_unlock(hdev); 7297 7298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 7299 MGMT_STATUS_SUCCESS, rp, rp_len); 7300 7301 kfree(rp); 7302 7303 return err; 7304 } 7305 7306 static u8 calculate_name_len(struct hci_dev *hdev) 7307 { 7308 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 7309 7310 return append_local_name(hdev, buf, 0); 7311 } 7312 7313 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 7314 bool is_adv_data) 7315 { 7316 u8 max_len = HCI_MAX_AD_LENGTH; 7317 7318 if (is_adv_data) { 7319 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 7320 MGMT_ADV_FLAG_LIMITED_DISCOV | 7321 MGMT_ADV_FLAG_MANAGED_FLAGS)) 7322 max_len -= 3; 7323 7324 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 7325 max_len -= 3; 7326 } else { 7327 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 7328 max_len -= calculate_name_len(hdev); 7329 7330 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 7331 max_len -= 4; 7332 } 7333 7334 return max_len; 7335 } 7336 7337 static bool flags_managed(u32 adv_flags) 7338 { 7339 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 7340 MGMT_ADV_FLAG_LIMITED_DISCOV | 7341 MGMT_ADV_FLAG_MANAGED_FLAGS); 7342 } 7343 7344 static bool tx_power_managed(u32 adv_flags) 7345 { 7346 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 7347 } 7348 7349 static bool name_managed(u32 adv_flags) 7350 { 7351 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 7352 } 7353 7354 static bool appearance_managed(u32 adv_flags) 7355 { 7356 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 7357 } 7358 7359 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 7360 u8 len, bool is_adv_data) 7361 { 7362 int i, cur_len; 7363 u8 max_len; 7364 7365 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 7366 7367 if (len > max_len) 7368 return false; 7369 7370 /* Make sure that the data is correctly formatted. */ 7371 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 7372 cur_len = data[i]; 7373 7374 if (data[i + 1] == EIR_FLAGS && 7375 (!is_adv_data || flags_managed(adv_flags))) 7376 return false; 7377 7378 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 7379 return false; 7380 7381 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 7382 return false; 7383 7384 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 7385 return false; 7386 7387 if (data[i + 1] == EIR_APPEARANCE && 7388 appearance_managed(adv_flags)) 7389 return false; 7390 7391 /* If the current field length would exceed the total data 7392 * length, then it's invalid. 7393 */ 7394 if (i + cur_len >= len) 7395 return false; 7396 } 7397 7398 return true; 7399 } 7400 7401 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags) 7402 { 7403 u32 supported_flags, phy_flags; 7404 7405 /* The current implementation only supports a subset of the specified 7406 * flags. Also need to check mutual exclusiveness of sec flags. 7407 */ 7408 supported_flags = get_supported_adv_flags(hdev); 7409 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK; 7410 if (adv_flags & ~supported_flags || 7411 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 7412 return false; 7413 7414 return true; 7415 } 7416 7417 static bool adv_busy(struct hci_dev *hdev) 7418 { 7419 return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 7420 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 7421 pending_find(MGMT_OP_SET_LE, hdev) || 7422 pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) || 7423 pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev)); 7424 } 7425 7426 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 7427 u16 opcode) 7428 { 7429 struct mgmt_pending_cmd *cmd; 7430 struct mgmt_cp_add_advertising *cp; 7431 struct mgmt_rp_add_advertising rp; 7432 struct adv_info *adv_instance, *n; 7433 u8 instance; 7434 7435 bt_dev_dbg(hdev, "status %d", status); 7436 7437 hci_dev_lock(hdev); 7438 7439 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 7440 if (!cmd) 7441 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev); 7442 7443 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 7444 if (!adv_instance->pending) 7445 continue; 7446 7447 if (!status) { 7448 adv_instance->pending = false; 7449 continue; 7450 } 7451 7452 instance = adv_instance->instance; 7453 7454 if (hdev->cur_adv_instance == instance) 7455 cancel_adv_timeout(hdev); 7456 7457 hci_remove_adv_instance(hdev, instance); 7458 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 7459 } 7460 7461 if (!cmd) 7462 goto unlock; 7463 7464 cp = cmd->param; 7465 rp.instance = cp->instance; 7466 7467 if (status) 7468 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 7469 mgmt_status(status)); 7470 else 7471 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 7472 mgmt_status(status), &rp, sizeof(rp)); 7473 7474 mgmt_pending_remove(cmd); 7475 7476 unlock: 7477 hci_dev_unlock(hdev); 7478 } 7479 7480 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 7481 void *data, u16 data_len) 7482 { 7483 struct mgmt_cp_add_advertising *cp = data; 7484 struct mgmt_rp_add_advertising rp; 7485 u32 flags; 7486 u8 status; 7487 u16 timeout, duration; 7488 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 7489 u8 schedule_instance = 0; 7490 struct adv_info *next_instance; 7491 int err; 7492 struct mgmt_pending_cmd *cmd; 7493 struct hci_request req; 7494 7495 bt_dev_dbg(hdev, "sock %p", sk); 7496 7497 status = mgmt_le_support(hdev); 7498 if (status) 7499 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7500 status); 7501 7502 /* Enabling the experimental LL Privay support disables support for 7503 * advertising. 7504 */ 7505 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 7506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 7507 MGMT_STATUS_NOT_SUPPORTED); 7508 7509 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 7510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7511 MGMT_STATUS_INVALID_PARAMS); 7512 7513 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 7514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7515 MGMT_STATUS_INVALID_PARAMS); 7516 7517 flags = __le32_to_cpu(cp->flags); 7518 timeout = __le16_to_cpu(cp->timeout); 7519 duration = __le16_to_cpu(cp->duration); 7520 7521 if (!requested_adv_flags_are_valid(hdev, flags)) 7522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7523 MGMT_STATUS_INVALID_PARAMS); 7524 7525 hci_dev_lock(hdev); 7526 7527 if (timeout && !hdev_is_powered(hdev)) { 7528 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7529 MGMT_STATUS_REJECTED); 7530 goto unlock; 7531 } 7532 7533 if (adv_busy(hdev)) { 7534 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7535 MGMT_STATUS_BUSY); 7536 goto unlock; 7537 } 7538 7539 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 7540 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 7541 cp->scan_rsp_len, false)) { 7542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7543 MGMT_STATUS_INVALID_PARAMS); 7544 goto unlock; 7545 } 7546 7547 err = hci_add_adv_instance(hdev, cp->instance, flags, 7548 cp->adv_data_len, cp->data, 7549 cp->scan_rsp_len, 7550 cp->data + cp->adv_data_len, 7551 timeout, duration, 7552 HCI_ADV_TX_POWER_NO_PREFERENCE, 7553 hdev->le_adv_min_interval, 7554 hdev->le_adv_max_interval); 7555 if (err < 0) { 7556 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7557 MGMT_STATUS_FAILED); 7558 goto unlock; 7559 } 7560 7561 /* Only trigger an advertising added event if a new instance was 7562 * actually added. 7563 */ 7564 if (hdev->adv_instance_cnt > prev_instance_cnt) 7565 mgmt_advertising_added(sk, hdev, cp->instance); 7566 7567 if (hdev->cur_adv_instance == cp->instance) { 7568 /* If the currently advertised instance is being changed then 7569 * cancel the current advertising and schedule the next 7570 * instance. If there is only one instance then the overridden 7571 * advertising data will be visible right away. 7572 */ 7573 cancel_adv_timeout(hdev); 7574 7575 next_instance = hci_get_next_instance(hdev, cp->instance); 7576 if (next_instance) 7577 schedule_instance = next_instance->instance; 7578 } else if (!hdev->adv_instance_timeout) { 7579 /* Immediately advertise the new instance if no other 7580 * instance is currently being advertised. 7581 */ 7582 schedule_instance = cp->instance; 7583 } 7584 7585 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 7586 * there is no instance to be advertised then we have no HCI 7587 * communication to make. Simply return. 7588 */ 7589 if (!hdev_is_powered(hdev) || 7590 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 7591 !schedule_instance) { 7592 rp.instance = cp->instance; 7593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7594 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 7595 goto unlock; 7596 } 7597 7598 /* We're good to go, update advertising data, parameters, and start 7599 * advertising. 7600 */ 7601 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 7602 data_len); 7603 if (!cmd) { 7604 err = -ENOMEM; 7605 goto unlock; 7606 } 7607 7608 hci_req_init(&req, hdev); 7609 7610 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 7611 7612 if (!err) 7613 err = hci_req_run(&req, add_advertising_complete); 7614 7615 if (err < 0) { 7616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7617 MGMT_STATUS_FAILED); 7618 mgmt_pending_remove(cmd); 7619 } 7620 7621 unlock: 7622 hci_dev_unlock(hdev); 7623 7624 return err; 7625 } 7626 7627 static void add_ext_adv_params_complete(struct hci_dev *hdev, u8 status, 7628 u16 opcode) 7629 { 7630 struct mgmt_pending_cmd *cmd; 7631 struct mgmt_cp_add_ext_adv_params *cp; 7632 struct mgmt_rp_add_ext_adv_params rp; 7633 struct adv_info *adv_instance; 7634 u32 flags; 7635 7636 BT_DBG("%s", hdev->name); 7637 7638 hci_dev_lock(hdev); 7639 7640 cmd = pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev); 7641 if (!cmd) 7642 goto unlock; 7643 7644 cp = cmd->param; 7645 adv_instance = hci_find_adv_instance(hdev, cp->instance); 7646 if (!adv_instance) 7647 goto unlock; 7648 7649 rp.instance = cp->instance; 7650 rp.tx_power = adv_instance->tx_power; 7651 7652 /* While we're at it, inform userspace of the available space for this 7653 * advertisement, given the flags that will be used. 7654 */ 7655 flags = __le32_to_cpu(cp->flags); 7656 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 7657 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 7658 7659 if (status) { 7660 /* If this advertisement was previously advertising and we 7661 * failed to update it, we signal that it has been removed and 7662 * delete its structure 7663 */ 7664 if (!adv_instance->pending) 7665 mgmt_advertising_removed(cmd->sk, hdev, cp->instance); 7666 7667 hci_remove_adv_instance(hdev, cp->instance); 7668 7669 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 7670 mgmt_status(status)); 7671 7672 } else { 7673 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 7674 mgmt_status(status), &rp, sizeof(rp)); 7675 } 7676 7677 unlock: 7678 if (cmd) 7679 mgmt_pending_remove(cmd); 7680 7681 hci_dev_unlock(hdev); 7682 } 7683 7684 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev, 7685 void *data, u16 data_len) 7686 { 7687 struct mgmt_cp_add_ext_adv_params *cp = data; 7688 struct mgmt_rp_add_ext_adv_params rp; 7689 struct mgmt_pending_cmd *cmd = NULL; 7690 struct adv_info *adv_instance; 7691 struct hci_request req; 7692 u32 flags, min_interval, max_interval; 7693 u16 timeout, duration; 7694 u8 status; 7695 s8 tx_power; 7696 int err; 7697 7698 BT_DBG("%s", hdev->name); 7699 7700 status = mgmt_le_support(hdev); 7701 if (status) 7702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7703 status); 7704 7705 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 7706 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7707 MGMT_STATUS_INVALID_PARAMS); 7708 7709 /* The purpose of breaking add_advertising into two separate MGMT calls 7710 * for params and data is to allow more parameters to be added to this 7711 * structure in the future. For this reason, we verify that we have the 7712 * bare minimum structure we know of when the interface was defined. Any 7713 * extra parameters we don't know about will be ignored in this request. 7714 */ 7715 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE) 7716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7717 MGMT_STATUS_INVALID_PARAMS); 7718 7719 flags = __le32_to_cpu(cp->flags); 7720 7721 if (!requested_adv_flags_are_valid(hdev, flags)) 7722 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7723 MGMT_STATUS_INVALID_PARAMS); 7724 7725 hci_dev_lock(hdev); 7726 7727 /* In new interface, we require that we are powered to register */ 7728 if (!hdev_is_powered(hdev)) { 7729 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7730 MGMT_STATUS_REJECTED); 7731 goto unlock; 7732 } 7733 7734 if (adv_busy(hdev)) { 7735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7736 MGMT_STATUS_BUSY); 7737 goto unlock; 7738 } 7739 7740 /* Parse defined parameters from request, use defaults otherwise */ 7741 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ? 7742 __le16_to_cpu(cp->timeout) : 0; 7743 7744 duration = (flags & MGMT_ADV_PARAM_DURATION) ? 7745 __le16_to_cpu(cp->duration) : 7746 hdev->def_multi_adv_rotation_duration; 7747 7748 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 7749 __le32_to_cpu(cp->min_interval) : 7750 hdev->le_adv_min_interval; 7751 7752 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 7753 __le32_to_cpu(cp->max_interval) : 7754 hdev->le_adv_max_interval; 7755 7756 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ? 7757 cp->tx_power : 7758 HCI_ADV_TX_POWER_NO_PREFERENCE; 7759 7760 /* Create advertising instance with no advertising or response data */ 7761 err = hci_add_adv_instance(hdev, cp->instance, flags, 7762 0, NULL, 0, NULL, timeout, duration, 7763 tx_power, min_interval, max_interval); 7764 7765 if (err < 0) { 7766 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 7767 MGMT_STATUS_FAILED); 7768 goto unlock; 7769 } 7770 7771 hdev->cur_adv_instance = cp->instance; 7772 /* Submit request for advertising params if ext adv available */ 7773 if (ext_adv_capable(hdev)) { 7774 hci_req_init(&req, hdev); 7775 adv_instance = hci_find_adv_instance(hdev, cp->instance); 7776 7777 /* Updating parameters of an active instance will return a 7778 * Command Disallowed error, so we must first disable the 7779 * instance if it is active. 7780 */ 7781 if (!adv_instance->pending) 7782 __hci_req_disable_ext_adv_instance(&req, cp->instance); 7783 7784 __hci_req_setup_ext_adv_instance(&req, cp->instance); 7785 7786 err = hci_req_run(&req, add_ext_adv_params_complete); 7787 7788 if (!err) 7789 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, 7790 hdev, data, data_len); 7791 if (!cmd) { 7792 err = -ENOMEM; 7793 hci_remove_adv_instance(hdev, cp->instance); 7794 goto unlock; 7795 } 7796 7797 } else { 7798 rp.instance = cp->instance; 7799 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 7800 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 7801 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 7802 err = mgmt_cmd_complete(sk, hdev->id, 7803 MGMT_OP_ADD_EXT_ADV_PARAMS, 7804 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 7805 } 7806 7807 unlock: 7808 hci_dev_unlock(hdev); 7809 7810 return err; 7811 } 7812 7813 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data, 7814 u16 data_len) 7815 { 7816 struct mgmt_cp_add_ext_adv_data *cp = data; 7817 struct mgmt_rp_add_ext_adv_data rp; 7818 u8 schedule_instance = 0; 7819 struct adv_info *next_instance; 7820 struct adv_info *adv_instance; 7821 int err = 0; 7822 struct mgmt_pending_cmd *cmd; 7823 struct hci_request req; 7824 7825 BT_DBG("%s", hdev->name); 7826 7827 hci_dev_lock(hdev); 7828 7829 adv_instance = hci_find_adv_instance(hdev, cp->instance); 7830 7831 if (!adv_instance) { 7832 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 7833 MGMT_STATUS_INVALID_PARAMS); 7834 goto unlock; 7835 } 7836 7837 /* In new interface, we require that we are powered to register */ 7838 if (!hdev_is_powered(hdev)) { 7839 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 7840 MGMT_STATUS_REJECTED); 7841 goto clear_new_instance; 7842 } 7843 7844 if (adv_busy(hdev)) { 7845 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 7846 MGMT_STATUS_BUSY); 7847 goto clear_new_instance; 7848 } 7849 7850 /* Validate new data */ 7851 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data, 7852 cp->adv_data_len, true) || 7853 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data + 7854 cp->adv_data_len, cp->scan_rsp_len, false)) { 7855 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 7856 MGMT_STATUS_INVALID_PARAMS); 7857 goto clear_new_instance; 7858 } 7859 7860 /* Set the data in the advertising instance */ 7861 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len, 7862 cp->data, cp->scan_rsp_len, 7863 cp->data + cp->adv_data_len); 7864 7865 /* We're good to go, update advertising data, parameters, and start 7866 * advertising. 7867 */ 7868 7869 hci_req_init(&req, hdev); 7870 7871 hci_req_add(&req, HCI_OP_READ_LOCAL_NAME, 0, NULL); 7872 7873 if (ext_adv_capable(hdev)) { 7874 __hci_req_update_adv_data(&req, cp->instance); 7875 __hci_req_update_scan_rsp_data(&req, cp->instance); 7876 __hci_req_enable_ext_advertising(&req, cp->instance); 7877 7878 } else { 7879 /* If using software rotation, determine next instance to use */ 7880 7881 if (hdev->cur_adv_instance == cp->instance) { 7882 /* If the currently advertised instance is being changed 7883 * then cancel the current advertising and schedule the 7884 * next instance. If there is only one instance then the 7885 * overridden advertising data will be visible right 7886 * away 7887 */ 7888 cancel_adv_timeout(hdev); 7889 7890 next_instance = hci_get_next_instance(hdev, 7891 cp->instance); 7892 if (next_instance) 7893 schedule_instance = next_instance->instance; 7894 } else if (!hdev->adv_instance_timeout) { 7895 /* Immediately advertise the new instance if no other 7896 * instance is currently being advertised. 7897 */ 7898 schedule_instance = cp->instance; 7899 } 7900 7901 /* If the HCI_ADVERTISING flag is set or there is no instance to 7902 * be advertised then we have no HCI communication to make. 7903 * Simply return. 7904 */ 7905 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 7906 !schedule_instance) { 7907 if (adv_instance->pending) { 7908 mgmt_advertising_added(sk, hdev, cp->instance); 7909 adv_instance->pending = false; 7910 } 7911 rp.instance = cp->instance; 7912 err = mgmt_cmd_complete(sk, hdev->id, 7913 MGMT_OP_ADD_EXT_ADV_DATA, 7914 MGMT_STATUS_SUCCESS, &rp, 7915 sizeof(rp)); 7916 goto unlock; 7917 } 7918 7919 err = __hci_req_schedule_adv_instance(&req, schedule_instance, 7920 true); 7921 } 7922 7923 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data, 7924 data_len); 7925 if (!cmd) { 7926 err = -ENOMEM; 7927 goto clear_new_instance; 7928 } 7929 7930 if (!err) 7931 err = hci_req_run(&req, add_advertising_complete); 7932 7933 if (err < 0) { 7934 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 7935 MGMT_STATUS_FAILED); 7936 mgmt_pending_remove(cmd); 7937 goto clear_new_instance; 7938 } 7939 7940 /* We were successful in updating data, so trigger advertising_added 7941 * event if this is an instance that wasn't previously advertising. If 7942 * a failure occurs in the requests we initiated, we will remove the 7943 * instance again in add_advertising_complete 7944 */ 7945 if (adv_instance->pending) 7946 mgmt_advertising_added(sk, hdev, cp->instance); 7947 7948 goto unlock; 7949 7950 clear_new_instance: 7951 hci_remove_adv_instance(hdev, cp->instance); 7952 7953 unlock: 7954 hci_dev_unlock(hdev); 7955 7956 return err; 7957 } 7958 7959 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 7960 u16 opcode) 7961 { 7962 struct mgmt_pending_cmd *cmd; 7963 struct mgmt_cp_remove_advertising *cp; 7964 struct mgmt_rp_remove_advertising rp; 7965 7966 bt_dev_dbg(hdev, "status %d", status); 7967 7968 hci_dev_lock(hdev); 7969 7970 /* A failure status here only means that we failed to disable 7971 * advertising. Otherwise, the advertising instance has been removed, 7972 * so report success. 7973 */ 7974 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 7975 if (!cmd) 7976 goto unlock; 7977 7978 cp = cmd->param; 7979 rp.instance = cp->instance; 7980 7981 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 7982 &rp, sizeof(rp)); 7983 mgmt_pending_remove(cmd); 7984 7985 unlock: 7986 hci_dev_unlock(hdev); 7987 } 7988 7989 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 7990 void *data, u16 data_len) 7991 { 7992 struct mgmt_cp_remove_advertising *cp = data; 7993 struct mgmt_rp_remove_advertising rp; 7994 struct mgmt_pending_cmd *cmd; 7995 struct hci_request req; 7996 int err; 7997 7998 bt_dev_dbg(hdev, "sock %p", sk); 7999 8000 /* Enabling the experimental LL Privay support disables support for 8001 * advertising. 8002 */ 8003 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 8004 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 8005 MGMT_STATUS_NOT_SUPPORTED); 8006 8007 hci_dev_lock(hdev); 8008 8009 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 8010 err = mgmt_cmd_status(sk, hdev->id, 8011 MGMT_OP_REMOVE_ADVERTISING, 8012 MGMT_STATUS_INVALID_PARAMS); 8013 goto unlock; 8014 } 8015 8016 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 8017 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 8018 pending_find(MGMT_OP_SET_LE, hdev)) { 8019 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 8020 MGMT_STATUS_BUSY); 8021 goto unlock; 8022 } 8023 8024 if (list_empty(&hdev->adv_instances)) { 8025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 8026 MGMT_STATUS_INVALID_PARAMS); 8027 goto unlock; 8028 } 8029 8030 hci_req_init(&req, hdev); 8031 8032 /* If we use extended advertising, instance is disabled and removed */ 8033 if (ext_adv_capable(hdev)) { 8034 __hci_req_disable_ext_adv_instance(&req, cp->instance); 8035 __hci_req_remove_ext_adv_instance(&req, cp->instance); 8036 } 8037 8038 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 8039 8040 if (list_empty(&hdev->adv_instances)) 8041 __hci_req_disable_advertising(&req); 8042 8043 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 8044 * flag is set or the device isn't powered then we have no HCI 8045 * communication to make. Simply return. 8046 */ 8047 if (skb_queue_empty(&req.cmd_q) || 8048 !hdev_is_powered(hdev) || 8049 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 8050 hci_req_purge(&req); 8051 rp.instance = cp->instance; 8052 err = mgmt_cmd_complete(sk, hdev->id, 8053 MGMT_OP_REMOVE_ADVERTISING, 8054 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8055 goto unlock; 8056 } 8057 8058 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 8059 data_len); 8060 if (!cmd) { 8061 err = -ENOMEM; 8062 goto unlock; 8063 } 8064 8065 err = hci_req_run(&req, remove_advertising_complete); 8066 if (err < 0) 8067 mgmt_pending_remove(cmd); 8068 8069 unlock: 8070 hci_dev_unlock(hdev); 8071 8072 return err; 8073 } 8074 8075 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 8076 void *data, u16 data_len) 8077 { 8078 struct mgmt_cp_get_adv_size_info *cp = data; 8079 struct mgmt_rp_get_adv_size_info rp; 8080 u32 flags, supported_flags; 8081 int err; 8082 8083 bt_dev_dbg(hdev, "sock %p", sk); 8084 8085 if (!lmp_le_capable(hdev)) 8086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8087 MGMT_STATUS_REJECTED); 8088 8089 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8091 MGMT_STATUS_INVALID_PARAMS); 8092 8093 flags = __le32_to_cpu(cp->flags); 8094 8095 /* The current implementation only supports a subset of the specified 8096 * flags. 8097 */ 8098 supported_flags = get_supported_adv_flags(hdev); 8099 if (flags & ~supported_flags) 8100 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8101 MGMT_STATUS_INVALID_PARAMS); 8102 8103 rp.instance = cp->instance; 8104 rp.flags = cp->flags; 8105 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8106 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8107 8108 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8109 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8110 8111 return err; 8112 } 8113 8114 static const struct hci_mgmt_handler mgmt_handlers[] = { 8115 { NULL }, /* 0x0000 (no command) */ 8116 { read_version, MGMT_READ_VERSION_SIZE, 8117 HCI_MGMT_NO_HDEV | 8118 HCI_MGMT_UNTRUSTED }, 8119 { read_commands, MGMT_READ_COMMANDS_SIZE, 8120 HCI_MGMT_NO_HDEV | 8121 HCI_MGMT_UNTRUSTED }, 8122 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 8123 HCI_MGMT_NO_HDEV | 8124 HCI_MGMT_UNTRUSTED }, 8125 { read_controller_info, MGMT_READ_INFO_SIZE, 8126 HCI_MGMT_UNTRUSTED }, 8127 { set_powered, MGMT_SETTING_SIZE }, 8128 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 8129 { set_connectable, MGMT_SETTING_SIZE }, 8130 { set_fast_connectable, MGMT_SETTING_SIZE }, 8131 { set_bondable, MGMT_SETTING_SIZE }, 8132 { set_link_security, MGMT_SETTING_SIZE }, 8133 { set_ssp, MGMT_SETTING_SIZE }, 8134 { set_hs, MGMT_SETTING_SIZE }, 8135 { set_le, MGMT_SETTING_SIZE }, 8136 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 8137 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 8138 { add_uuid, MGMT_ADD_UUID_SIZE }, 8139 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 8140 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 8141 HCI_MGMT_VAR_LEN }, 8142 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 8143 HCI_MGMT_VAR_LEN }, 8144 { disconnect, MGMT_DISCONNECT_SIZE }, 8145 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 8146 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 8147 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 8148 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 8149 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 8150 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 8151 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 8152 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 8153 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 8154 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 8155 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 8156 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 8157 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 8158 HCI_MGMT_VAR_LEN }, 8159 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 8160 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 8161 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 8162 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 8163 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 8164 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 8165 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 8166 { set_advertising, MGMT_SETTING_SIZE }, 8167 { set_bredr, MGMT_SETTING_SIZE }, 8168 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 8169 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 8170 { set_secure_conn, MGMT_SETTING_SIZE }, 8171 { set_debug_keys, MGMT_SETTING_SIZE }, 8172 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 8173 { load_irks, MGMT_LOAD_IRKS_SIZE, 8174 HCI_MGMT_VAR_LEN }, 8175 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 8176 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 8177 { add_device, MGMT_ADD_DEVICE_SIZE }, 8178 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 8179 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 8180 HCI_MGMT_VAR_LEN }, 8181 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 8182 HCI_MGMT_NO_HDEV | 8183 HCI_MGMT_UNTRUSTED }, 8184 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 8185 HCI_MGMT_UNCONFIGURED | 8186 HCI_MGMT_UNTRUSTED }, 8187 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 8188 HCI_MGMT_UNCONFIGURED }, 8189 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 8190 HCI_MGMT_UNCONFIGURED }, 8191 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 8192 HCI_MGMT_VAR_LEN }, 8193 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 8194 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 8195 HCI_MGMT_NO_HDEV | 8196 HCI_MGMT_UNTRUSTED }, 8197 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 8198 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 8199 HCI_MGMT_VAR_LEN }, 8200 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 8201 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 8202 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 8203 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 8204 HCI_MGMT_UNTRUSTED }, 8205 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 8206 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 8207 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 8208 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 8209 HCI_MGMT_VAR_LEN }, 8210 { set_wideband_speech, MGMT_SETTING_SIZE }, 8211 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE, 8212 HCI_MGMT_UNTRUSTED }, 8213 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE, 8214 HCI_MGMT_UNTRUSTED | 8215 HCI_MGMT_HDEV_OPTIONAL }, 8216 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 8217 HCI_MGMT_VAR_LEN | 8218 HCI_MGMT_HDEV_OPTIONAL }, 8219 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 8220 HCI_MGMT_UNTRUSTED }, 8221 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 8222 HCI_MGMT_VAR_LEN }, 8223 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 8224 HCI_MGMT_UNTRUSTED }, 8225 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 8226 HCI_MGMT_VAR_LEN }, 8227 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 8228 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 8229 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 8230 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 8231 HCI_MGMT_VAR_LEN }, 8232 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 8233 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE, 8234 HCI_MGMT_VAR_LEN }, 8235 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE, 8236 HCI_MGMT_VAR_LEN }, 8237 }; 8238 8239 void mgmt_index_added(struct hci_dev *hdev) 8240 { 8241 struct mgmt_ev_ext_index ev; 8242 8243 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 8244 return; 8245 8246 switch (hdev->dev_type) { 8247 case HCI_PRIMARY: 8248 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 8249 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 8250 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 8251 ev.type = 0x01; 8252 } else { 8253 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 8254 HCI_MGMT_INDEX_EVENTS); 8255 ev.type = 0x00; 8256 } 8257 break; 8258 case HCI_AMP: 8259 ev.type = 0x02; 8260 break; 8261 default: 8262 return; 8263 } 8264 8265 ev.bus = hdev->bus; 8266 8267 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 8268 HCI_MGMT_EXT_INDEX_EVENTS); 8269 } 8270 8271 void mgmt_index_removed(struct hci_dev *hdev) 8272 { 8273 struct mgmt_ev_ext_index ev; 8274 u8 status = MGMT_STATUS_INVALID_INDEX; 8275 8276 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 8277 return; 8278 8279 switch (hdev->dev_type) { 8280 case HCI_PRIMARY: 8281 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 8282 8283 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 8284 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 8285 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 8286 ev.type = 0x01; 8287 } else { 8288 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 8289 HCI_MGMT_INDEX_EVENTS); 8290 ev.type = 0x00; 8291 } 8292 break; 8293 case HCI_AMP: 8294 ev.type = 0x02; 8295 break; 8296 default: 8297 return; 8298 } 8299 8300 ev.bus = hdev->bus; 8301 8302 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 8303 HCI_MGMT_EXT_INDEX_EVENTS); 8304 } 8305 8306 /* This function requires the caller holds hdev->lock */ 8307 static void restart_le_actions(struct hci_dev *hdev) 8308 { 8309 struct hci_conn_params *p; 8310 8311 list_for_each_entry(p, &hdev->le_conn_params, list) { 8312 /* Needed for AUTO_OFF case where might not "really" 8313 * have been powered off. 8314 */ 8315 list_del_init(&p->action); 8316 8317 switch (p->auto_connect) { 8318 case HCI_AUTO_CONN_DIRECT: 8319 case HCI_AUTO_CONN_ALWAYS: 8320 list_add(&p->action, &hdev->pend_le_conns); 8321 break; 8322 case HCI_AUTO_CONN_REPORT: 8323 list_add(&p->action, &hdev->pend_le_reports); 8324 break; 8325 default: 8326 break; 8327 } 8328 } 8329 } 8330 8331 void mgmt_power_on(struct hci_dev *hdev, int err) 8332 { 8333 struct cmd_lookup match = { NULL, hdev }; 8334 8335 bt_dev_dbg(hdev, "err %d", err); 8336 8337 hci_dev_lock(hdev); 8338 8339 if (!err) { 8340 restart_le_actions(hdev); 8341 hci_update_background_scan(hdev); 8342 } 8343 8344 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 8345 8346 new_settings(hdev, match.sk); 8347 8348 if (match.sk) 8349 sock_put(match.sk); 8350 8351 hci_dev_unlock(hdev); 8352 } 8353 8354 void __mgmt_power_off(struct hci_dev *hdev) 8355 { 8356 struct cmd_lookup match = { NULL, hdev }; 8357 u8 status, zero_cod[] = { 0, 0, 0 }; 8358 8359 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 8360 8361 /* If the power off is because of hdev unregistration let 8362 * use the appropriate INVALID_INDEX status. Otherwise use 8363 * NOT_POWERED. We cover both scenarios here since later in 8364 * mgmt_index_removed() any hci_conn callbacks will have already 8365 * been triggered, potentially causing misleading DISCONNECTED 8366 * status responses. 8367 */ 8368 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 8369 status = MGMT_STATUS_INVALID_INDEX; 8370 else 8371 status = MGMT_STATUS_NOT_POWERED; 8372 8373 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 8374 8375 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 8376 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 8377 zero_cod, sizeof(zero_cod), 8378 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 8379 ext_info_changed(hdev, NULL); 8380 } 8381 8382 new_settings(hdev, match.sk); 8383 8384 if (match.sk) 8385 sock_put(match.sk); 8386 } 8387 8388 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 8389 { 8390 struct mgmt_pending_cmd *cmd; 8391 u8 status; 8392 8393 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 8394 if (!cmd) 8395 return; 8396 8397 if (err == -ERFKILL) 8398 status = MGMT_STATUS_RFKILLED; 8399 else 8400 status = MGMT_STATUS_FAILED; 8401 8402 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 8403 8404 mgmt_pending_remove(cmd); 8405 } 8406 8407 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 8408 bool persistent) 8409 { 8410 struct mgmt_ev_new_link_key ev; 8411 8412 memset(&ev, 0, sizeof(ev)); 8413 8414 ev.store_hint = persistent; 8415 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 8416 ev.key.addr.type = BDADDR_BREDR; 8417 ev.key.type = key->type; 8418 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 8419 ev.key.pin_len = key->pin_len; 8420 8421 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 8422 } 8423 8424 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 8425 { 8426 switch (ltk->type) { 8427 case SMP_LTK: 8428 case SMP_LTK_SLAVE: 8429 if (ltk->authenticated) 8430 return MGMT_LTK_AUTHENTICATED; 8431 return MGMT_LTK_UNAUTHENTICATED; 8432 case SMP_LTK_P256: 8433 if (ltk->authenticated) 8434 return MGMT_LTK_P256_AUTH; 8435 return MGMT_LTK_P256_UNAUTH; 8436 case SMP_LTK_P256_DEBUG: 8437 return MGMT_LTK_P256_DEBUG; 8438 } 8439 8440 return MGMT_LTK_UNAUTHENTICATED; 8441 } 8442 8443 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 8444 { 8445 struct mgmt_ev_new_long_term_key ev; 8446 8447 memset(&ev, 0, sizeof(ev)); 8448 8449 /* Devices using resolvable or non-resolvable random addresses 8450 * without providing an identity resolving key don't require 8451 * to store long term keys. Their addresses will change the 8452 * next time around. 8453 * 8454 * Only when a remote device provides an identity address 8455 * make sure the long term key is stored. If the remote 8456 * identity is known, the long term keys are internally 8457 * mapped to the identity address. So allow static random 8458 * and public addresses here. 8459 */ 8460 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 8461 (key->bdaddr.b[5] & 0xc0) != 0xc0) 8462 ev.store_hint = 0x00; 8463 else 8464 ev.store_hint = persistent; 8465 8466 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 8467 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 8468 ev.key.type = mgmt_ltk_type(key); 8469 ev.key.enc_size = key->enc_size; 8470 ev.key.ediv = key->ediv; 8471 ev.key.rand = key->rand; 8472 8473 if (key->type == SMP_LTK) 8474 ev.key.master = 1; 8475 8476 /* Make sure we copy only the significant bytes based on the 8477 * encryption key size, and set the rest of the value to zeroes. 8478 */ 8479 memcpy(ev.key.val, key->val, key->enc_size); 8480 memset(ev.key.val + key->enc_size, 0, 8481 sizeof(ev.key.val) - key->enc_size); 8482 8483 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 8484 } 8485 8486 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 8487 { 8488 struct mgmt_ev_new_irk ev; 8489 8490 memset(&ev, 0, sizeof(ev)); 8491 8492 ev.store_hint = persistent; 8493 8494 bacpy(&ev.rpa, &irk->rpa); 8495 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 8496 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 8497 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 8498 8499 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 8500 } 8501 8502 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 8503 bool persistent) 8504 { 8505 struct mgmt_ev_new_csrk ev; 8506 8507 memset(&ev, 0, sizeof(ev)); 8508 8509 /* Devices using resolvable or non-resolvable random addresses 8510 * without providing an identity resolving key don't require 8511 * to store signature resolving keys. Their addresses will change 8512 * the next time around. 8513 * 8514 * Only when a remote device provides an identity address 8515 * make sure the signature resolving key is stored. So allow 8516 * static random and public addresses here. 8517 */ 8518 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 8519 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 8520 ev.store_hint = 0x00; 8521 else 8522 ev.store_hint = persistent; 8523 8524 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 8525 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 8526 ev.key.type = csrk->type; 8527 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 8528 8529 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 8530 } 8531 8532 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 8533 u8 bdaddr_type, u8 store_hint, u16 min_interval, 8534 u16 max_interval, u16 latency, u16 timeout) 8535 { 8536 struct mgmt_ev_new_conn_param ev; 8537 8538 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 8539 return; 8540 8541 memset(&ev, 0, sizeof(ev)); 8542 bacpy(&ev.addr.bdaddr, bdaddr); 8543 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 8544 ev.store_hint = store_hint; 8545 ev.min_interval = cpu_to_le16(min_interval); 8546 ev.max_interval = cpu_to_le16(max_interval); 8547 ev.latency = cpu_to_le16(latency); 8548 ev.timeout = cpu_to_le16(timeout); 8549 8550 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 8551 } 8552 8553 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 8554 u32 flags, u8 *name, u8 name_len) 8555 { 8556 char buf[512]; 8557 struct mgmt_ev_device_connected *ev = (void *) buf; 8558 u16 eir_len = 0; 8559 8560 bacpy(&ev->addr.bdaddr, &conn->dst); 8561 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 8562 8563 ev->flags = __cpu_to_le32(flags); 8564 8565 /* We must ensure that the EIR Data fields are ordered and 8566 * unique. Keep it simple for now and avoid the problem by not 8567 * adding any BR/EDR data to the LE adv. 8568 */ 8569 if (conn->le_adv_data_len > 0) { 8570 memcpy(&ev->eir[eir_len], 8571 conn->le_adv_data, conn->le_adv_data_len); 8572 eir_len = conn->le_adv_data_len; 8573 } else { 8574 if (name_len > 0) 8575 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 8576 name, name_len); 8577 8578 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 8579 eir_len = eir_append_data(ev->eir, eir_len, 8580 EIR_CLASS_OF_DEV, 8581 conn->dev_class, 3); 8582 } 8583 8584 ev->eir_len = cpu_to_le16(eir_len); 8585 8586 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 8587 sizeof(*ev) + eir_len, NULL); 8588 } 8589 8590 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 8591 { 8592 struct sock **sk = data; 8593 8594 cmd->cmd_complete(cmd, 0); 8595 8596 *sk = cmd->sk; 8597 sock_hold(*sk); 8598 8599 mgmt_pending_remove(cmd); 8600 } 8601 8602 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 8603 { 8604 struct hci_dev *hdev = data; 8605 struct mgmt_cp_unpair_device *cp = cmd->param; 8606 8607 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 8608 8609 cmd->cmd_complete(cmd, 0); 8610 mgmt_pending_remove(cmd); 8611 } 8612 8613 bool mgmt_powering_down(struct hci_dev *hdev) 8614 { 8615 struct mgmt_pending_cmd *cmd; 8616 struct mgmt_mode *cp; 8617 8618 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 8619 if (!cmd) 8620 return false; 8621 8622 cp = cmd->param; 8623 if (!cp->val) 8624 return true; 8625 8626 return false; 8627 } 8628 8629 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 8630 u8 link_type, u8 addr_type, u8 reason, 8631 bool mgmt_connected) 8632 { 8633 struct mgmt_ev_device_disconnected ev; 8634 struct sock *sk = NULL; 8635 8636 /* The connection is still in hci_conn_hash so test for 1 8637 * instead of 0 to know if this is the last one. 8638 */ 8639 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 8640 cancel_delayed_work(&hdev->power_off); 8641 queue_work(hdev->req_workqueue, &hdev->power_off.work); 8642 } 8643 8644 if (!mgmt_connected) 8645 return; 8646 8647 if (link_type != ACL_LINK && link_type != LE_LINK) 8648 return; 8649 8650 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 8651 8652 bacpy(&ev.addr.bdaddr, bdaddr); 8653 ev.addr.type = link_to_bdaddr(link_type, addr_type); 8654 ev.reason = reason; 8655 8656 /* Report disconnects due to suspend */ 8657 if (hdev->suspended) 8658 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND; 8659 8660 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 8661 8662 if (sk) 8663 sock_put(sk); 8664 8665 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 8666 hdev); 8667 } 8668 8669 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 8670 u8 link_type, u8 addr_type, u8 status) 8671 { 8672 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 8673 struct mgmt_cp_disconnect *cp; 8674 struct mgmt_pending_cmd *cmd; 8675 8676 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 8677 hdev); 8678 8679 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 8680 if (!cmd) 8681 return; 8682 8683 cp = cmd->param; 8684 8685 if (bacmp(bdaddr, &cp->addr.bdaddr)) 8686 return; 8687 8688 if (cp->addr.type != bdaddr_type) 8689 return; 8690 8691 cmd->cmd_complete(cmd, mgmt_status(status)); 8692 mgmt_pending_remove(cmd); 8693 } 8694 8695 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 8696 u8 addr_type, u8 status) 8697 { 8698 struct mgmt_ev_connect_failed ev; 8699 8700 /* The connection is still in hci_conn_hash so test for 1 8701 * instead of 0 to know if this is the last one. 8702 */ 8703 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 8704 cancel_delayed_work(&hdev->power_off); 8705 queue_work(hdev->req_workqueue, &hdev->power_off.work); 8706 } 8707 8708 bacpy(&ev.addr.bdaddr, bdaddr); 8709 ev.addr.type = link_to_bdaddr(link_type, addr_type); 8710 ev.status = mgmt_status(status); 8711 8712 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 8713 } 8714 8715 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 8716 { 8717 struct mgmt_ev_pin_code_request ev; 8718 8719 bacpy(&ev.addr.bdaddr, bdaddr); 8720 ev.addr.type = BDADDR_BREDR; 8721 ev.secure = secure; 8722 8723 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 8724 } 8725 8726 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8727 u8 status) 8728 { 8729 struct mgmt_pending_cmd *cmd; 8730 8731 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 8732 if (!cmd) 8733 return; 8734 8735 cmd->cmd_complete(cmd, mgmt_status(status)); 8736 mgmt_pending_remove(cmd); 8737 } 8738 8739 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8740 u8 status) 8741 { 8742 struct mgmt_pending_cmd *cmd; 8743 8744 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 8745 if (!cmd) 8746 return; 8747 8748 cmd->cmd_complete(cmd, mgmt_status(status)); 8749 mgmt_pending_remove(cmd); 8750 } 8751 8752 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 8753 u8 link_type, u8 addr_type, u32 value, 8754 u8 confirm_hint) 8755 { 8756 struct mgmt_ev_user_confirm_request ev; 8757 8758 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 8759 8760 bacpy(&ev.addr.bdaddr, bdaddr); 8761 ev.addr.type = link_to_bdaddr(link_type, addr_type); 8762 ev.confirm_hint = confirm_hint; 8763 ev.value = cpu_to_le32(value); 8764 8765 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 8766 NULL); 8767 } 8768 8769 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 8770 u8 link_type, u8 addr_type) 8771 { 8772 struct mgmt_ev_user_passkey_request ev; 8773 8774 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 8775 8776 bacpy(&ev.addr.bdaddr, bdaddr); 8777 ev.addr.type = link_to_bdaddr(link_type, addr_type); 8778 8779 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 8780 NULL); 8781 } 8782 8783 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8784 u8 link_type, u8 addr_type, u8 status, 8785 u8 opcode) 8786 { 8787 struct mgmt_pending_cmd *cmd; 8788 8789 cmd = pending_find(opcode, hdev); 8790 if (!cmd) 8791 return -ENOENT; 8792 8793 cmd->cmd_complete(cmd, mgmt_status(status)); 8794 mgmt_pending_remove(cmd); 8795 8796 return 0; 8797 } 8798 8799 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8800 u8 link_type, u8 addr_type, u8 status) 8801 { 8802 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 8803 status, MGMT_OP_USER_CONFIRM_REPLY); 8804 } 8805 8806 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8807 u8 link_type, u8 addr_type, u8 status) 8808 { 8809 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 8810 status, 8811 MGMT_OP_USER_CONFIRM_NEG_REPLY); 8812 } 8813 8814 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8815 u8 link_type, u8 addr_type, u8 status) 8816 { 8817 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 8818 status, MGMT_OP_USER_PASSKEY_REPLY); 8819 } 8820 8821 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 8822 u8 link_type, u8 addr_type, u8 status) 8823 { 8824 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 8825 status, 8826 MGMT_OP_USER_PASSKEY_NEG_REPLY); 8827 } 8828 8829 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 8830 u8 link_type, u8 addr_type, u32 passkey, 8831 u8 entered) 8832 { 8833 struct mgmt_ev_passkey_notify ev; 8834 8835 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 8836 8837 bacpy(&ev.addr.bdaddr, bdaddr); 8838 ev.addr.type = link_to_bdaddr(link_type, addr_type); 8839 ev.passkey = __cpu_to_le32(passkey); 8840 ev.entered = entered; 8841 8842 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 8843 } 8844 8845 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 8846 { 8847 struct mgmt_ev_auth_failed ev; 8848 struct mgmt_pending_cmd *cmd; 8849 u8 status = mgmt_status(hci_status); 8850 8851 bacpy(&ev.addr.bdaddr, &conn->dst); 8852 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 8853 ev.status = status; 8854 8855 cmd = find_pairing(conn); 8856 8857 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 8858 cmd ? cmd->sk : NULL); 8859 8860 if (cmd) { 8861 cmd->cmd_complete(cmd, status); 8862 mgmt_pending_remove(cmd); 8863 } 8864 } 8865 8866 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 8867 { 8868 struct cmd_lookup match = { NULL, hdev }; 8869 bool changed; 8870 8871 if (status) { 8872 u8 mgmt_err = mgmt_status(status); 8873 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 8874 cmd_status_rsp, &mgmt_err); 8875 return; 8876 } 8877 8878 if (test_bit(HCI_AUTH, &hdev->flags)) 8879 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 8880 else 8881 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 8882 8883 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 8884 &match); 8885 8886 if (changed) 8887 new_settings(hdev, match.sk); 8888 8889 if (match.sk) 8890 sock_put(match.sk); 8891 } 8892 8893 static void clear_eir(struct hci_request *req) 8894 { 8895 struct hci_dev *hdev = req->hdev; 8896 struct hci_cp_write_eir cp; 8897 8898 if (!lmp_ext_inq_capable(hdev)) 8899 return; 8900 8901 memset(hdev->eir, 0, sizeof(hdev->eir)); 8902 8903 memset(&cp, 0, sizeof(cp)); 8904 8905 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 8906 } 8907 8908 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 8909 { 8910 struct cmd_lookup match = { NULL, hdev }; 8911 struct hci_request req; 8912 bool changed = false; 8913 8914 if (status) { 8915 u8 mgmt_err = mgmt_status(status); 8916 8917 if (enable && hci_dev_test_and_clear_flag(hdev, 8918 HCI_SSP_ENABLED)) { 8919 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 8920 new_settings(hdev, NULL); 8921 } 8922 8923 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 8924 &mgmt_err); 8925 return; 8926 } 8927 8928 if (enable) { 8929 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 8930 } else { 8931 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 8932 if (!changed) 8933 changed = hci_dev_test_and_clear_flag(hdev, 8934 HCI_HS_ENABLED); 8935 else 8936 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 8937 } 8938 8939 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 8940 8941 if (changed) 8942 new_settings(hdev, match.sk); 8943 8944 if (match.sk) 8945 sock_put(match.sk); 8946 8947 hci_req_init(&req, hdev); 8948 8949 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 8950 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 8951 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 8952 sizeof(enable), &enable); 8953 __hci_req_update_eir(&req); 8954 } else { 8955 clear_eir(&req); 8956 } 8957 8958 hci_req_run(&req, NULL); 8959 } 8960 8961 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 8962 { 8963 struct cmd_lookup *match = data; 8964 8965 if (match->sk == NULL) { 8966 match->sk = cmd->sk; 8967 sock_hold(match->sk); 8968 } 8969 } 8970 8971 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 8972 u8 status) 8973 { 8974 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 8975 8976 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 8977 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 8978 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 8979 8980 if (!status) { 8981 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 8982 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 8983 ext_info_changed(hdev, NULL); 8984 } 8985 8986 if (match.sk) 8987 sock_put(match.sk); 8988 } 8989 8990 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 8991 { 8992 struct mgmt_cp_set_local_name ev; 8993 struct mgmt_pending_cmd *cmd; 8994 8995 if (status) 8996 return; 8997 8998 memset(&ev, 0, sizeof(ev)); 8999 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 9000 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 9001 9002 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 9003 if (!cmd) { 9004 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 9005 9006 /* If this is a HCI command related to powering on the 9007 * HCI dev don't send any mgmt signals. 9008 */ 9009 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 9010 return; 9011 } 9012 9013 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 9014 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 9015 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 9016 } 9017 9018 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 9019 { 9020 int i; 9021 9022 for (i = 0; i < uuid_count; i++) { 9023 if (!memcmp(uuid, uuids[i], 16)) 9024 return true; 9025 } 9026 9027 return false; 9028 } 9029 9030 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 9031 { 9032 u16 parsed = 0; 9033 9034 while (parsed < eir_len) { 9035 u8 field_len = eir[0]; 9036 u8 uuid[16]; 9037 int i; 9038 9039 if (field_len == 0) 9040 break; 9041 9042 if (eir_len - parsed < field_len + 1) 9043 break; 9044 9045 switch (eir[1]) { 9046 case EIR_UUID16_ALL: 9047 case EIR_UUID16_SOME: 9048 for (i = 0; i + 3 <= field_len; i += 2) { 9049 memcpy(uuid, bluetooth_base_uuid, 16); 9050 uuid[13] = eir[i + 3]; 9051 uuid[12] = eir[i + 2]; 9052 if (has_uuid(uuid, uuid_count, uuids)) 9053 return true; 9054 } 9055 break; 9056 case EIR_UUID32_ALL: 9057 case EIR_UUID32_SOME: 9058 for (i = 0; i + 5 <= field_len; i += 4) { 9059 memcpy(uuid, bluetooth_base_uuid, 16); 9060 uuid[15] = eir[i + 5]; 9061 uuid[14] = eir[i + 4]; 9062 uuid[13] = eir[i + 3]; 9063 uuid[12] = eir[i + 2]; 9064 if (has_uuid(uuid, uuid_count, uuids)) 9065 return true; 9066 } 9067 break; 9068 case EIR_UUID128_ALL: 9069 case EIR_UUID128_SOME: 9070 for (i = 0; i + 17 <= field_len; i += 16) { 9071 memcpy(uuid, eir + i + 2, 16); 9072 if (has_uuid(uuid, uuid_count, uuids)) 9073 return true; 9074 } 9075 break; 9076 } 9077 9078 parsed += field_len + 1; 9079 eir += field_len + 1; 9080 } 9081 9082 return false; 9083 } 9084 9085 static void restart_le_scan(struct hci_dev *hdev) 9086 { 9087 /* If controller is not scanning we are done. */ 9088 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 9089 return; 9090 9091 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 9092 hdev->discovery.scan_start + 9093 hdev->discovery.scan_duration)) 9094 return; 9095 9096 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 9097 DISCOV_LE_RESTART_DELAY); 9098 } 9099 9100 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 9101 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 9102 { 9103 /* If a RSSI threshold has been specified, and 9104 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 9105 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 9106 * is set, let it through for further processing, as we might need to 9107 * restart the scan. 9108 * 9109 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 9110 * the results are also dropped. 9111 */ 9112 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 9113 (rssi == HCI_RSSI_INVALID || 9114 (rssi < hdev->discovery.rssi && 9115 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 9116 return false; 9117 9118 if (hdev->discovery.uuid_count != 0) { 9119 /* If a list of UUIDs is provided in filter, results with no 9120 * matching UUID should be dropped. 9121 */ 9122 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 9123 hdev->discovery.uuids) && 9124 !eir_has_uuids(scan_rsp, scan_rsp_len, 9125 hdev->discovery.uuid_count, 9126 hdev->discovery.uuids)) 9127 return false; 9128 } 9129 9130 /* If duplicate filtering does not report RSSI changes, then restart 9131 * scanning to ensure updated result with updated RSSI values. 9132 */ 9133 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 9134 restart_le_scan(hdev); 9135 9136 /* Validate RSSI value against the RSSI threshold once more. */ 9137 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 9138 rssi < hdev->discovery.rssi) 9139 return false; 9140 } 9141 9142 return true; 9143 } 9144 9145 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9146 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 9147 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 9148 { 9149 char buf[512]; 9150 struct mgmt_ev_device_found *ev = (void *)buf; 9151 size_t ev_size; 9152 9153 /* Don't send events for a non-kernel initiated discovery. With 9154 * LE one exception is if we have pend_le_reports > 0 in which 9155 * case we're doing passive scanning and want these events. 9156 */ 9157 if (!hci_discovery_active(hdev)) { 9158 if (link_type == ACL_LINK) 9159 return; 9160 if (link_type == LE_LINK && 9161 list_empty(&hdev->pend_le_reports) && 9162 !hci_is_adv_monitoring(hdev)) { 9163 return; 9164 } 9165 } 9166 9167 if (hdev->discovery.result_filtering) { 9168 /* We are using service discovery */ 9169 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 9170 scan_rsp_len)) 9171 return; 9172 } 9173 9174 if (hdev->discovery.limited) { 9175 /* Check for limited discoverable bit */ 9176 if (dev_class) { 9177 if (!(dev_class[1] & 0x20)) 9178 return; 9179 } else { 9180 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 9181 if (!flags || !(flags[0] & LE_AD_LIMITED)) 9182 return; 9183 } 9184 } 9185 9186 /* Make sure that the buffer is big enough. The 5 extra bytes 9187 * are for the potential CoD field. 9188 */ 9189 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 9190 return; 9191 9192 memset(buf, 0, sizeof(buf)); 9193 9194 /* In case of device discovery with BR/EDR devices (pre 1.2), the 9195 * RSSI value was reported as 0 when not available. This behavior 9196 * is kept when using device discovery. This is required for full 9197 * backwards compatibility with the API. 9198 * 9199 * However when using service discovery, the value 127 will be 9200 * returned when the RSSI is not available. 9201 */ 9202 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 9203 link_type == ACL_LINK) 9204 rssi = 0; 9205 9206 bacpy(&ev->addr.bdaddr, bdaddr); 9207 ev->addr.type = link_to_bdaddr(link_type, addr_type); 9208 ev->rssi = rssi; 9209 ev->flags = cpu_to_le32(flags); 9210 9211 if (eir_len > 0) 9212 /* Copy EIR or advertising data into event */ 9213 memcpy(ev->eir, eir, eir_len); 9214 9215 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 9216 NULL)) 9217 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 9218 dev_class, 3); 9219 9220 if (scan_rsp_len > 0) 9221 /* Append scan response data to event */ 9222 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 9223 9224 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 9225 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 9226 9227 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 9228 } 9229 9230 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9231 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 9232 { 9233 struct mgmt_ev_device_found *ev; 9234 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 9235 u16 eir_len; 9236 9237 ev = (struct mgmt_ev_device_found *) buf; 9238 9239 memset(buf, 0, sizeof(buf)); 9240 9241 bacpy(&ev->addr.bdaddr, bdaddr); 9242 ev->addr.type = link_to_bdaddr(link_type, addr_type); 9243 ev->rssi = rssi; 9244 9245 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 9246 name_len); 9247 9248 ev->eir_len = cpu_to_le16(eir_len); 9249 9250 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 9251 } 9252 9253 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 9254 { 9255 struct mgmt_ev_discovering ev; 9256 9257 bt_dev_dbg(hdev, "discovering %u", discovering); 9258 9259 memset(&ev, 0, sizeof(ev)); 9260 ev.type = hdev->discovery.type; 9261 ev.discovering = discovering; 9262 9263 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 9264 } 9265 9266 void mgmt_suspending(struct hci_dev *hdev, u8 state) 9267 { 9268 struct mgmt_ev_controller_suspend ev; 9269 9270 ev.suspend_state = state; 9271 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL); 9272 } 9273 9274 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr, 9275 u8 addr_type) 9276 { 9277 struct mgmt_ev_controller_resume ev; 9278 9279 ev.wake_reason = reason; 9280 if (bdaddr) { 9281 bacpy(&ev.addr.bdaddr, bdaddr); 9282 ev.addr.type = addr_type; 9283 } else { 9284 memset(&ev.addr, 0, sizeof(ev.addr)); 9285 } 9286 9287 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL); 9288 } 9289 9290 static struct hci_mgmt_chan chan = { 9291 .channel = HCI_CHANNEL_CONTROL, 9292 .handler_count = ARRAY_SIZE(mgmt_handlers), 9293 .handlers = mgmt_handlers, 9294 .hdev_init = mgmt_init_hdev, 9295 }; 9296 9297 int mgmt_init(void) 9298 { 9299 return hci_mgmt_chan_register(&chan); 9300 } 9301 9302 void mgmt_exit(void) 9303 { 9304 hci_mgmt_chan_unregister(&chan); 9305 } 9306