1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 13 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 }; 108 109 static const u16 mgmt_events[] = { 110 MGMT_EV_CONTROLLER_ERROR, 111 MGMT_EV_INDEX_ADDED, 112 MGMT_EV_INDEX_REMOVED, 113 MGMT_EV_NEW_SETTINGS, 114 MGMT_EV_CLASS_OF_DEV_CHANGED, 115 MGMT_EV_LOCAL_NAME_CHANGED, 116 MGMT_EV_NEW_LINK_KEY, 117 MGMT_EV_NEW_LONG_TERM_KEY, 118 MGMT_EV_DEVICE_CONNECTED, 119 MGMT_EV_DEVICE_DISCONNECTED, 120 MGMT_EV_CONNECT_FAILED, 121 MGMT_EV_PIN_CODE_REQUEST, 122 MGMT_EV_USER_CONFIRM_REQUEST, 123 MGMT_EV_USER_PASSKEY_REQUEST, 124 MGMT_EV_AUTH_FAILED, 125 MGMT_EV_DEVICE_FOUND, 126 MGMT_EV_DISCOVERING, 127 MGMT_EV_DEVICE_BLOCKED, 128 MGMT_EV_DEVICE_UNBLOCKED, 129 MGMT_EV_DEVICE_UNPAIRED, 130 MGMT_EV_PASSKEY_NOTIFY, 131 MGMT_EV_NEW_IRK, 132 MGMT_EV_NEW_CSRK, 133 MGMT_EV_DEVICE_ADDED, 134 MGMT_EV_DEVICE_REMOVED, 135 MGMT_EV_NEW_CONN_PARAM, 136 MGMT_EV_UNCONF_INDEX_ADDED, 137 MGMT_EV_UNCONF_INDEX_REMOVED, 138 MGMT_EV_NEW_CONFIG_OPTIONS, 139 MGMT_EV_EXT_INDEX_ADDED, 140 MGMT_EV_EXT_INDEX_REMOVED, 141 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 142 MGMT_EV_ADVERTISING_ADDED, 143 MGMT_EV_ADVERTISING_REMOVED, 144 }; 145 146 static const u16 mgmt_untrusted_commands[] = { 147 MGMT_OP_READ_INDEX_LIST, 148 MGMT_OP_READ_INFO, 149 MGMT_OP_READ_UNCONF_INDEX_LIST, 150 MGMT_OP_READ_CONFIG_INFO, 151 MGMT_OP_READ_EXT_INDEX_LIST, 152 }; 153 154 static const u16 mgmt_untrusted_events[] = { 155 MGMT_EV_INDEX_ADDED, 156 MGMT_EV_INDEX_REMOVED, 157 MGMT_EV_NEW_SETTINGS, 158 MGMT_EV_CLASS_OF_DEV_CHANGED, 159 MGMT_EV_LOCAL_NAME_CHANGED, 160 MGMT_EV_UNCONF_INDEX_ADDED, 161 MGMT_EV_UNCONF_INDEX_REMOVED, 162 MGMT_EV_NEW_CONFIG_OPTIONS, 163 MGMT_EV_EXT_INDEX_ADDED, 164 MGMT_EV_EXT_INDEX_REMOVED, 165 }; 166 167 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 168 169 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 170 "\x00\x00\x00\x00\x00\x00\x00\x00" 171 172 /* HCI to MGMT error code conversion table */ 173 static u8 mgmt_status_table[] = { 174 MGMT_STATUS_SUCCESS, 175 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 176 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 177 MGMT_STATUS_FAILED, /* Hardware Failure */ 178 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 179 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 180 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 181 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 182 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 183 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 184 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 185 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 186 MGMT_STATUS_BUSY, /* Command Disallowed */ 187 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 188 MGMT_STATUS_REJECTED, /* Rejected Security */ 189 MGMT_STATUS_REJECTED, /* Rejected Personal */ 190 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 191 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 192 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 193 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 194 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 195 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 196 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 197 MGMT_STATUS_BUSY, /* Repeated Attempts */ 198 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 199 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 200 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 201 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 202 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 203 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 204 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 205 MGMT_STATUS_FAILED, /* Unspecified Error */ 206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 207 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 208 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 209 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 210 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 211 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 212 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 213 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 214 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 215 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 216 MGMT_STATUS_FAILED, /* Transaction Collision */ 217 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 218 MGMT_STATUS_REJECTED, /* QoS Rejected */ 219 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 220 MGMT_STATUS_REJECTED, /* Insufficient Security */ 221 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 222 MGMT_STATUS_BUSY, /* Role Switch Pending */ 223 MGMT_STATUS_FAILED, /* Slot Violation */ 224 MGMT_STATUS_FAILED, /* Role Switch Failed */ 225 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 226 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 227 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 228 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 229 MGMT_STATUS_BUSY, /* Controller Busy */ 230 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 231 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 232 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 233 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 234 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 235 }; 236 237 static u8 mgmt_status(u8 hci_status) 238 { 239 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 240 return mgmt_status_table[hci_status]; 241 242 return MGMT_STATUS_FAILED; 243 } 244 245 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 246 u16 len, int flag) 247 { 248 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 249 flag, NULL); 250 } 251 252 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 253 u16 len, int flag, struct sock *skip_sk) 254 { 255 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 256 flag, skip_sk); 257 } 258 259 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data, 260 u16 len, struct sock *skip_sk) 261 { 262 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 263 HCI_MGMT_GENERIC_EVENTS, skip_sk); 264 } 265 266 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 267 struct sock *skip_sk) 268 { 269 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 270 HCI_SOCK_TRUSTED, skip_sk); 271 } 272 273 static u8 le_addr_type(u8 mgmt_addr_type) 274 { 275 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 276 return ADDR_LE_DEV_PUBLIC; 277 else 278 return ADDR_LE_DEV_RANDOM; 279 } 280 281 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 282 u16 data_len) 283 { 284 struct mgmt_rp_read_version rp; 285 286 BT_DBG("sock %p", sk); 287 288 rp.version = MGMT_VERSION; 289 rp.revision = cpu_to_le16(MGMT_REVISION); 290 291 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 292 &rp, sizeof(rp)); 293 } 294 295 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 296 u16 data_len) 297 { 298 struct mgmt_rp_read_commands *rp; 299 u16 num_commands, num_events; 300 size_t rp_size; 301 int i, err; 302 303 BT_DBG("sock %p", sk); 304 305 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 306 num_commands = ARRAY_SIZE(mgmt_commands); 307 num_events = ARRAY_SIZE(mgmt_events); 308 } else { 309 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 310 num_events = ARRAY_SIZE(mgmt_untrusted_events); 311 } 312 313 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 314 315 rp = kmalloc(rp_size, GFP_KERNEL); 316 if (!rp) 317 return -ENOMEM; 318 319 rp->num_commands = cpu_to_le16(num_commands); 320 rp->num_events = cpu_to_le16(num_events); 321 322 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 323 __le16 *opcode = rp->opcodes; 324 325 for (i = 0; i < num_commands; i++, opcode++) 326 put_unaligned_le16(mgmt_commands[i], opcode); 327 328 for (i = 0; i < num_events; i++, opcode++) 329 put_unaligned_le16(mgmt_events[i], opcode); 330 } else { 331 __le16 *opcode = rp->opcodes; 332 333 for (i = 0; i < num_commands; i++, opcode++) 334 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 335 336 for (i = 0; i < num_events; i++, opcode++) 337 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 338 } 339 340 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 341 rp, rp_size); 342 kfree(rp); 343 344 return err; 345 } 346 347 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 348 u16 data_len) 349 { 350 struct mgmt_rp_read_index_list *rp; 351 struct hci_dev *d; 352 size_t rp_len; 353 u16 count; 354 int err; 355 356 BT_DBG("sock %p", sk); 357 358 read_lock(&hci_dev_list_lock); 359 360 count = 0; 361 list_for_each_entry(d, &hci_dev_list, list) { 362 if (d->dev_type == HCI_PRIMARY && 363 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 364 count++; 365 } 366 367 rp_len = sizeof(*rp) + (2 * count); 368 rp = kmalloc(rp_len, GFP_ATOMIC); 369 if (!rp) { 370 read_unlock(&hci_dev_list_lock); 371 return -ENOMEM; 372 } 373 374 count = 0; 375 list_for_each_entry(d, &hci_dev_list, list) { 376 if (hci_dev_test_flag(d, HCI_SETUP) || 377 hci_dev_test_flag(d, HCI_CONFIG) || 378 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 379 continue; 380 381 /* Devices marked as raw-only are neither configured 382 * nor unconfigured controllers. 383 */ 384 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 385 continue; 386 387 if (d->dev_type == HCI_PRIMARY && 388 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 389 rp->index[count++] = cpu_to_le16(d->id); 390 BT_DBG("Added hci%u", d->id); 391 } 392 } 393 394 rp->num_controllers = cpu_to_le16(count); 395 rp_len = sizeof(*rp) + (2 * count); 396 397 read_unlock(&hci_dev_list_lock); 398 399 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 400 0, rp, rp_len); 401 402 kfree(rp); 403 404 return err; 405 } 406 407 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 408 void *data, u16 data_len) 409 { 410 struct mgmt_rp_read_unconf_index_list *rp; 411 struct hci_dev *d; 412 size_t rp_len; 413 u16 count; 414 int err; 415 416 BT_DBG("sock %p", sk); 417 418 read_lock(&hci_dev_list_lock); 419 420 count = 0; 421 list_for_each_entry(d, &hci_dev_list, list) { 422 if (d->dev_type == HCI_PRIMARY && 423 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 424 count++; 425 } 426 427 rp_len = sizeof(*rp) + (2 * count); 428 rp = kmalloc(rp_len, GFP_ATOMIC); 429 if (!rp) { 430 read_unlock(&hci_dev_list_lock); 431 return -ENOMEM; 432 } 433 434 count = 0; 435 list_for_each_entry(d, &hci_dev_list, list) { 436 if (hci_dev_test_flag(d, HCI_SETUP) || 437 hci_dev_test_flag(d, HCI_CONFIG) || 438 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 439 continue; 440 441 /* Devices marked as raw-only are neither configured 442 * nor unconfigured controllers. 443 */ 444 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 445 continue; 446 447 if (d->dev_type == HCI_PRIMARY && 448 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 449 rp->index[count++] = cpu_to_le16(d->id); 450 BT_DBG("Added hci%u", d->id); 451 } 452 } 453 454 rp->num_controllers = cpu_to_le16(count); 455 rp_len = sizeof(*rp) + (2 * count); 456 457 read_unlock(&hci_dev_list_lock); 458 459 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 460 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 461 462 kfree(rp); 463 464 return err; 465 } 466 467 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 468 void *data, u16 data_len) 469 { 470 struct mgmt_rp_read_ext_index_list *rp; 471 struct hci_dev *d; 472 size_t rp_len; 473 u16 count; 474 int err; 475 476 BT_DBG("sock %p", sk); 477 478 read_lock(&hci_dev_list_lock); 479 480 count = 0; 481 list_for_each_entry(d, &hci_dev_list, list) { 482 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 483 count++; 484 } 485 486 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 487 rp = kmalloc(rp_len, GFP_ATOMIC); 488 if (!rp) { 489 read_unlock(&hci_dev_list_lock); 490 return -ENOMEM; 491 } 492 493 count = 0; 494 list_for_each_entry(d, &hci_dev_list, list) { 495 if (hci_dev_test_flag(d, HCI_SETUP) || 496 hci_dev_test_flag(d, HCI_CONFIG) || 497 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 498 continue; 499 500 /* Devices marked as raw-only are neither configured 501 * nor unconfigured controllers. 502 */ 503 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 504 continue; 505 506 if (d->dev_type == HCI_PRIMARY) { 507 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 508 rp->entry[count].type = 0x01; 509 else 510 rp->entry[count].type = 0x00; 511 } else if (d->dev_type == HCI_AMP) { 512 rp->entry[count].type = 0x02; 513 } else { 514 continue; 515 } 516 517 rp->entry[count].bus = d->bus; 518 rp->entry[count++].index = cpu_to_le16(d->id); 519 BT_DBG("Added hci%u", d->id); 520 } 521 522 rp->num_controllers = cpu_to_le16(count); 523 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 524 525 read_unlock(&hci_dev_list_lock); 526 527 /* If this command is called at least once, then all the 528 * default index and unconfigured index events are disabled 529 * and from now on only extended index events are used. 530 */ 531 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 532 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 533 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 534 535 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 536 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 537 538 kfree(rp); 539 540 return err; 541 } 542 543 static bool is_configured(struct hci_dev *hdev) 544 { 545 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 546 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 547 return false; 548 549 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 550 !bacmp(&hdev->public_addr, BDADDR_ANY)) 551 return false; 552 553 return true; 554 } 555 556 static __le32 get_missing_options(struct hci_dev *hdev) 557 { 558 u32 options = 0; 559 560 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 561 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 562 options |= MGMT_OPTION_EXTERNAL_CONFIG; 563 564 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 565 !bacmp(&hdev->public_addr, BDADDR_ANY)) 566 options |= MGMT_OPTION_PUBLIC_ADDRESS; 567 568 return cpu_to_le32(options); 569 } 570 571 static int new_options(struct hci_dev *hdev, struct sock *skip) 572 { 573 __le32 options = get_missing_options(hdev); 574 575 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 576 sizeof(options), skip); 577 } 578 579 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 580 { 581 __le32 options = get_missing_options(hdev); 582 583 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 584 sizeof(options)); 585 } 586 587 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 588 void *data, u16 data_len) 589 { 590 struct mgmt_rp_read_config_info rp; 591 u32 options = 0; 592 593 BT_DBG("sock %p %s", sk, hdev->name); 594 595 hci_dev_lock(hdev); 596 597 memset(&rp, 0, sizeof(rp)); 598 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 599 600 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 601 options |= MGMT_OPTION_EXTERNAL_CONFIG; 602 603 if (hdev->set_bdaddr) 604 options |= MGMT_OPTION_PUBLIC_ADDRESS; 605 606 rp.supported_options = cpu_to_le32(options); 607 rp.missing_options = get_missing_options(hdev); 608 609 hci_dev_unlock(hdev); 610 611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 612 &rp, sizeof(rp)); 613 } 614 615 static u32 get_supported_settings(struct hci_dev *hdev) 616 { 617 u32 settings = 0; 618 619 settings |= MGMT_SETTING_POWERED; 620 settings |= MGMT_SETTING_BONDABLE; 621 settings |= MGMT_SETTING_DEBUG_KEYS; 622 settings |= MGMT_SETTING_CONNECTABLE; 623 settings |= MGMT_SETTING_DISCOVERABLE; 624 625 if (lmp_bredr_capable(hdev)) { 626 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 627 settings |= MGMT_SETTING_FAST_CONNECTABLE; 628 settings |= MGMT_SETTING_BREDR; 629 settings |= MGMT_SETTING_LINK_SECURITY; 630 631 if (lmp_ssp_capable(hdev)) { 632 settings |= MGMT_SETTING_SSP; 633 settings |= MGMT_SETTING_HS; 634 } 635 636 if (lmp_sc_capable(hdev)) 637 settings |= MGMT_SETTING_SECURE_CONN; 638 } 639 640 if (lmp_le_capable(hdev)) { 641 settings |= MGMT_SETTING_LE; 642 settings |= MGMT_SETTING_ADVERTISING; 643 settings |= MGMT_SETTING_SECURE_CONN; 644 settings |= MGMT_SETTING_PRIVACY; 645 settings |= MGMT_SETTING_STATIC_ADDRESS; 646 } 647 648 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 649 hdev->set_bdaddr) 650 settings |= MGMT_SETTING_CONFIGURATION; 651 652 return settings; 653 } 654 655 static u32 get_current_settings(struct hci_dev *hdev) 656 { 657 u32 settings = 0; 658 659 if (hdev_is_powered(hdev)) 660 settings |= MGMT_SETTING_POWERED; 661 662 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 663 settings |= MGMT_SETTING_CONNECTABLE; 664 665 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 666 settings |= MGMT_SETTING_FAST_CONNECTABLE; 667 668 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 669 settings |= MGMT_SETTING_DISCOVERABLE; 670 671 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 672 settings |= MGMT_SETTING_BONDABLE; 673 674 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 675 settings |= MGMT_SETTING_BREDR; 676 677 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 678 settings |= MGMT_SETTING_LE; 679 680 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 681 settings |= MGMT_SETTING_LINK_SECURITY; 682 683 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 684 settings |= MGMT_SETTING_SSP; 685 686 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 687 settings |= MGMT_SETTING_HS; 688 689 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 690 settings |= MGMT_SETTING_ADVERTISING; 691 692 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 693 settings |= MGMT_SETTING_SECURE_CONN; 694 695 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 696 settings |= MGMT_SETTING_DEBUG_KEYS; 697 698 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 699 settings |= MGMT_SETTING_PRIVACY; 700 701 /* The current setting for static address has two purposes. The 702 * first is to indicate if the static address will be used and 703 * the second is to indicate if it is actually set. 704 * 705 * This means if the static address is not configured, this flag 706 * will never be set. If the address is configured, then if the 707 * address is actually used decides if the flag is set or not. 708 * 709 * For single mode LE only controllers and dual-mode controllers 710 * with BR/EDR disabled, the existence of the static address will 711 * be evaluated. 712 */ 713 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 714 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 715 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 716 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 717 settings |= MGMT_SETTING_STATIC_ADDRESS; 718 } 719 720 return settings; 721 } 722 723 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 724 { 725 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 726 } 727 728 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 729 struct hci_dev *hdev, 730 const void *data) 731 { 732 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 733 } 734 735 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 736 { 737 struct mgmt_pending_cmd *cmd; 738 739 /* If there's a pending mgmt command the flags will not yet have 740 * their final values, so check for this first. 741 */ 742 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 743 if (cmd) { 744 struct mgmt_mode *cp = cmd->param; 745 if (cp->val == 0x01) 746 return LE_AD_GENERAL; 747 else if (cp->val == 0x02) 748 return LE_AD_LIMITED; 749 } else { 750 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 751 return LE_AD_LIMITED; 752 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 753 return LE_AD_GENERAL; 754 } 755 756 return 0; 757 } 758 759 bool mgmt_get_connectable(struct hci_dev *hdev) 760 { 761 struct mgmt_pending_cmd *cmd; 762 763 /* If there's a pending mgmt command the flag will not yet have 764 * it's final value, so check for this first. 765 */ 766 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 767 if (cmd) { 768 struct mgmt_mode *cp = cmd->param; 769 770 return cp->val; 771 } 772 773 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 774 } 775 776 static void service_cache_off(struct work_struct *work) 777 { 778 struct hci_dev *hdev = container_of(work, struct hci_dev, 779 service_cache.work); 780 struct hci_request req; 781 782 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 783 return; 784 785 hci_req_init(&req, hdev); 786 787 hci_dev_lock(hdev); 788 789 __hci_req_update_eir(&req); 790 __hci_req_update_class(&req); 791 792 hci_dev_unlock(hdev); 793 794 hci_req_run(&req, NULL); 795 } 796 797 static void rpa_expired(struct work_struct *work) 798 { 799 struct hci_dev *hdev = container_of(work, struct hci_dev, 800 rpa_expired.work); 801 struct hci_request req; 802 803 BT_DBG(""); 804 805 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 806 807 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 808 return; 809 810 /* The generation of a new RPA and programming it into the 811 * controller happens in the hci_req_enable_advertising() 812 * function. 813 */ 814 hci_req_init(&req, hdev); 815 __hci_req_enable_advertising(&req); 816 hci_req_run(&req, NULL); 817 } 818 819 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 820 { 821 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 822 return; 823 824 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 825 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 826 827 /* Non-mgmt controlled devices get this bit set 828 * implicitly so that pairing works for them, however 829 * for mgmt we require user-space to explicitly enable 830 * it 831 */ 832 hci_dev_clear_flag(hdev, HCI_BONDABLE); 833 } 834 835 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 836 void *data, u16 data_len) 837 { 838 struct mgmt_rp_read_info rp; 839 840 BT_DBG("sock %p %s", sk, hdev->name); 841 842 hci_dev_lock(hdev); 843 844 memset(&rp, 0, sizeof(rp)); 845 846 bacpy(&rp.bdaddr, &hdev->bdaddr); 847 848 rp.version = hdev->hci_ver; 849 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 850 851 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 852 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 853 854 memcpy(rp.dev_class, hdev->dev_class, 3); 855 856 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 857 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 858 859 hci_dev_unlock(hdev); 860 861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 862 sizeof(rp)); 863 } 864 865 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 866 { 867 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 868 869 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 870 sizeof(settings)); 871 } 872 873 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 874 { 875 BT_DBG("%s status 0x%02x", hdev->name, status); 876 877 if (hci_conn_count(hdev) == 0) { 878 cancel_delayed_work(&hdev->power_off); 879 queue_work(hdev->req_workqueue, &hdev->power_off.work); 880 } 881 } 882 883 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 884 { 885 struct mgmt_ev_advertising_added ev; 886 887 ev.instance = instance; 888 889 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 890 } 891 892 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 893 u8 instance) 894 { 895 struct mgmt_ev_advertising_removed ev; 896 897 ev.instance = instance; 898 899 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 900 } 901 902 static void cancel_adv_timeout(struct hci_dev *hdev) 903 { 904 if (hdev->adv_instance_timeout) { 905 hdev->adv_instance_timeout = 0; 906 cancel_delayed_work(&hdev->adv_instance_expire); 907 } 908 } 909 910 static int clean_up_hci_state(struct hci_dev *hdev) 911 { 912 struct hci_request req; 913 struct hci_conn *conn; 914 bool discov_stopped; 915 int err; 916 917 hci_req_init(&req, hdev); 918 919 if (test_bit(HCI_ISCAN, &hdev->flags) || 920 test_bit(HCI_PSCAN, &hdev->flags)) { 921 u8 scan = 0x00; 922 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 923 } 924 925 hci_req_clear_adv_instance(hdev, NULL, 0x00, false); 926 927 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 928 __hci_req_disable_advertising(&req); 929 930 discov_stopped = hci_req_stop_discovery(&req); 931 932 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 933 /* 0x15 == Terminated due to Power Off */ 934 __hci_abort_conn(&req, conn, 0x15); 935 } 936 937 err = hci_req_run(&req, clean_up_hci_complete); 938 if (!err && discov_stopped) 939 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 940 941 return err; 942 } 943 944 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 945 u16 len) 946 { 947 struct mgmt_mode *cp = data; 948 struct mgmt_pending_cmd *cmd; 949 int err; 950 951 BT_DBG("request for %s", hdev->name); 952 953 if (cp->val != 0x00 && cp->val != 0x01) 954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 955 MGMT_STATUS_INVALID_PARAMS); 956 957 hci_dev_lock(hdev); 958 959 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 960 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 961 MGMT_STATUS_BUSY); 962 goto failed; 963 } 964 965 if (!!cp->val == hdev_is_powered(hdev)) { 966 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 967 goto failed; 968 } 969 970 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 971 if (!cmd) { 972 err = -ENOMEM; 973 goto failed; 974 } 975 976 if (cp->val) { 977 queue_work(hdev->req_workqueue, &hdev->power_on); 978 err = 0; 979 } else { 980 /* Disconnect connections, stop scans, etc */ 981 err = clean_up_hci_state(hdev); 982 if (!err) 983 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 984 HCI_POWER_OFF_TIMEOUT); 985 986 /* ENODATA means there were no HCI commands queued */ 987 if (err == -ENODATA) { 988 cancel_delayed_work(&hdev->power_off); 989 queue_work(hdev->req_workqueue, &hdev->power_off.work); 990 err = 0; 991 } 992 } 993 994 failed: 995 hci_dev_unlock(hdev); 996 return err; 997 } 998 999 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1000 { 1001 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1002 1003 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1004 sizeof(ev), skip); 1005 } 1006 1007 int mgmt_new_settings(struct hci_dev *hdev) 1008 { 1009 return new_settings(hdev, NULL); 1010 } 1011 1012 struct cmd_lookup { 1013 struct sock *sk; 1014 struct hci_dev *hdev; 1015 u8 mgmt_status; 1016 }; 1017 1018 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1019 { 1020 struct cmd_lookup *match = data; 1021 1022 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1023 1024 list_del(&cmd->list); 1025 1026 if (match->sk == NULL) { 1027 match->sk = cmd->sk; 1028 sock_hold(match->sk); 1029 } 1030 1031 mgmt_pending_free(cmd); 1032 } 1033 1034 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1035 { 1036 u8 *status = data; 1037 1038 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1039 mgmt_pending_remove(cmd); 1040 } 1041 1042 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1043 { 1044 if (cmd->cmd_complete) { 1045 u8 *status = data; 1046 1047 cmd->cmd_complete(cmd, *status); 1048 mgmt_pending_remove(cmd); 1049 1050 return; 1051 } 1052 1053 cmd_status_rsp(cmd, data); 1054 } 1055 1056 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1057 { 1058 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1059 cmd->param, cmd->param_len); 1060 } 1061 1062 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1063 { 1064 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1065 cmd->param, sizeof(struct mgmt_addr_info)); 1066 } 1067 1068 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1069 { 1070 if (!lmp_bredr_capable(hdev)) 1071 return MGMT_STATUS_NOT_SUPPORTED; 1072 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1073 return MGMT_STATUS_REJECTED; 1074 else 1075 return MGMT_STATUS_SUCCESS; 1076 } 1077 1078 static u8 mgmt_le_support(struct hci_dev *hdev) 1079 { 1080 if (!lmp_le_capable(hdev)) 1081 return MGMT_STATUS_NOT_SUPPORTED; 1082 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1083 return MGMT_STATUS_REJECTED; 1084 else 1085 return MGMT_STATUS_SUCCESS; 1086 } 1087 1088 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1089 { 1090 struct mgmt_pending_cmd *cmd; 1091 1092 BT_DBG("status 0x%02x", status); 1093 1094 hci_dev_lock(hdev); 1095 1096 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1097 if (!cmd) 1098 goto unlock; 1099 1100 if (status) { 1101 u8 mgmt_err = mgmt_status(status); 1102 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1103 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1104 goto remove_cmd; 1105 } 1106 1107 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1108 hdev->discov_timeout > 0) { 1109 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1110 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1111 } 1112 1113 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1114 new_settings(hdev, cmd->sk); 1115 1116 remove_cmd: 1117 mgmt_pending_remove(cmd); 1118 1119 unlock: 1120 hci_dev_unlock(hdev); 1121 } 1122 1123 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1124 u16 len) 1125 { 1126 struct mgmt_cp_set_discoverable *cp = data; 1127 struct mgmt_pending_cmd *cmd; 1128 u16 timeout; 1129 int err; 1130 1131 BT_DBG("request for %s", hdev->name); 1132 1133 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1134 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1136 MGMT_STATUS_REJECTED); 1137 1138 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1140 MGMT_STATUS_INVALID_PARAMS); 1141 1142 timeout = __le16_to_cpu(cp->timeout); 1143 1144 /* Disabling discoverable requires that no timeout is set, 1145 * and enabling limited discoverable requires a timeout. 1146 */ 1147 if ((cp->val == 0x00 && timeout > 0) || 1148 (cp->val == 0x02 && timeout == 0)) 1149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1150 MGMT_STATUS_INVALID_PARAMS); 1151 1152 hci_dev_lock(hdev); 1153 1154 if (!hdev_is_powered(hdev) && timeout > 0) { 1155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1156 MGMT_STATUS_NOT_POWERED); 1157 goto failed; 1158 } 1159 1160 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1161 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1163 MGMT_STATUS_BUSY); 1164 goto failed; 1165 } 1166 1167 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1169 MGMT_STATUS_REJECTED); 1170 goto failed; 1171 } 1172 1173 if (!hdev_is_powered(hdev)) { 1174 bool changed = false; 1175 1176 /* Setting limited discoverable when powered off is 1177 * not a valid operation since it requires a timeout 1178 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1179 */ 1180 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1181 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1182 changed = true; 1183 } 1184 1185 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1186 if (err < 0) 1187 goto failed; 1188 1189 if (changed) 1190 err = new_settings(hdev, sk); 1191 1192 goto failed; 1193 } 1194 1195 /* If the current mode is the same, then just update the timeout 1196 * value with the new value. And if only the timeout gets updated, 1197 * then no need for any HCI transactions. 1198 */ 1199 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1200 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1201 HCI_LIMITED_DISCOVERABLE)) { 1202 cancel_delayed_work(&hdev->discov_off); 1203 hdev->discov_timeout = timeout; 1204 1205 if (cp->val && hdev->discov_timeout > 0) { 1206 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1207 queue_delayed_work(hdev->req_workqueue, 1208 &hdev->discov_off, to); 1209 } 1210 1211 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1212 goto failed; 1213 } 1214 1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1216 if (!cmd) { 1217 err = -ENOMEM; 1218 goto failed; 1219 } 1220 1221 /* Cancel any potential discoverable timeout that might be 1222 * still active and store new timeout value. The arming of 1223 * the timeout happens in the complete handler. 1224 */ 1225 cancel_delayed_work(&hdev->discov_off); 1226 hdev->discov_timeout = timeout; 1227 1228 if (cp->val) 1229 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1230 else 1231 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1232 1233 /* Limited discoverable mode */ 1234 if (cp->val == 0x02) 1235 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1236 else 1237 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1238 1239 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1240 err = 0; 1241 1242 failed: 1243 hci_dev_unlock(hdev); 1244 return err; 1245 } 1246 1247 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1248 { 1249 struct mgmt_pending_cmd *cmd; 1250 1251 BT_DBG("status 0x%02x", status); 1252 1253 hci_dev_lock(hdev); 1254 1255 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1256 if (!cmd) 1257 goto unlock; 1258 1259 if (status) { 1260 u8 mgmt_err = mgmt_status(status); 1261 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1262 goto remove_cmd; 1263 } 1264 1265 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1266 new_settings(hdev, cmd->sk); 1267 1268 remove_cmd: 1269 mgmt_pending_remove(cmd); 1270 1271 unlock: 1272 hci_dev_unlock(hdev); 1273 } 1274 1275 static int set_connectable_update_settings(struct hci_dev *hdev, 1276 struct sock *sk, u8 val) 1277 { 1278 bool changed = false; 1279 int err; 1280 1281 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1282 changed = true; 1283 1284 if (val) { 1285 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1286 } else { 1287 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1288 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1289 } 1290 1291 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1292 if (err < 0) 1293 return err; 1294 1295 if (changed) { 1296 hci_req_update_scan(hdev); 1297 hci_update_background_scan(hdev); 1298 return new_settings(hdev, sk); 1299 } 1300 1301 return 0; 1302 } 1303 1304 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1305 u16 len) 1306 { 1307 struct mgmt_mode *cp = data; 1308 struct mgmt_pending_cmd *cmd; 1309 int err; 1310 1311 BT_DBG("request for %s", hdev->name); 1312 1313 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1314 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1316 MGMT_STATUS_REJECTED); 1317 1318 if (cp->val != 0x00 && cp->val != 0x01) 1319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1320 MGMT_STATUS_INVALID_PARAMS); 1321 1322 hci_dev_lock(hdev); 1323 1324 if (!hdev_is_powered(hdev)) { 1325 err = set_connectable_update_settings(hdev, sk, cp->val); 1326 goto failed; 1327 } 1328 1329 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1330 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1331 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1332 MGMT_STATUS_BUSY); 1333 goto failed; 1334 } 1335 1336 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1337 if (!cmd) { 1338 err = -ENOMEM; 1339 goto failed; 1340 } 1341 1342 if (cp->val) { 1343 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1344 } else { 1345 if (hdev->discov_timeout > 0) 1346 cancel_delayed_work(&hdev->discov_off); 1347 1348 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1349 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1350 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1351 } 1352 1353 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1354 err = 0; 1355 1356 failed: 1357 hci_dev_unlock(hdev); 1358 return err; 1359 } 1360 1361 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1362 u16 len) 1363 { 1364 struct mgmt_mode *cp = data; 1365 bool changed; 1366 int err; 1367 1368 BT_DBG("request for %s", hdev->name); 1369 1370 if (cp->val != 0x00 && cp->val != 0x01) 1371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1372 MGMT_STATUS_INVALID_PARAMS); 1373 1374 hci_dev_lock(hdev); 1375 1376 if (cp->val) 1377 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1378 else 1379 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1380 1381 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1382 if (err < 0) 1383 goto unlock; 1384 1385 if (changed) { 1386 /* In limited privacy mode the change of bondable mode 1387 * may affect the local advertising address. 1388 */ 1389 if (hdev_is_powered(hdev) && 1390 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1391 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1392 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1393 queue_work(hdev->req_workqueue, 1394 &hdev->discoverable_update); 1395 1396 err = new_settings(hdev, sk); 1397 } 1398 1399 unlock: 1400 hci_dev_unlock(hdev); 1401 return err; 1402 } 1403 1404 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1405 u16 len) 1406 { 1407 struct mgmt_mode *cp = data; 1408 struct mgmt_pending_cmd *cmd; 1409 u8 val, status; 1410 int err; 1411 1412 BT_DBG("request for %s", hdev->name); 1413 1414 status = mgmt_bredr_support(hdev); 1415 if (status) 1416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1417 status); 1418 1419 if (cp->val != 0x00 && cp->val != 0x01) 1420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1421 MGMT_STATUS_INVALID_PARAMS); 1422 1423 hci_dev_lock(hdev); 1424 1425 if (!hdev_is_powered(hdev)) { 1426 bool changed = false; 1427 1428 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1429 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1430 changed = true; 1431 } 1432 1433 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1434 if (err < 0) 1435 goto failed; 1436 1437 if (changed) 1438 err = new_settings(hdev, sk); 1439 1440 goto failed; 1441 } 1442 1443 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1444 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1445 MGMT_STATUS_BUSY); 1446 goto failed; 1447 } 1448 1449 val = !!cp->val; 1450 1451 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1452 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1453 goto failed; 1454 } 1455 1456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1457 if (!cmd) { 1458 err = -ENOMEM; 1459 goto failed; 1460 } 1461 1462 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1463 if (err < 0) { 1464 mgmt_pending_remove(cmd); 1465 goto failed; 1466 } 1467 1468 failed: 1469 hci_dev_unlock(hdev); 1470 return err; 1471 } 1472 1473 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1474 { 1475 struct mgmt_mode *cp = data; 1476 struct mgmt_pending_cmd *cmd; 1477 u8 status; 1478 int err; 1479 1480 BT_DBG("request for %s", hdev->name); 1481 1482 status = mgmt_bredr_support(hdev); 1483 if (status) 1484 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1485 1486 if (!lmp_ssp_capable(hdev)) 1487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1488 MGMT_STATUS_NOT_SUPPORTED); 1489 1490 if (cp->val != 0x00 && cp->val != 0x01) 1491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1492 MGMT_STATUS_INVALID_PARAMS); 1493 1494 hci_dev_lock(hdev); 1495 1496 if (!hdev_is_powered(hdev)) { 1497 bool changed; 1498 1499 if (cp->val) { 1500 changed = !hci_dev_test_and_set_flag(hdev, 1501 HCI_SSP_ENABLED); 1502 } else { 1503 changed = hci_dev_test_and_clear_flag(hdev, 1504 HCI_SSP_ENABLED); 1505 if (!changed) 1506 changed = hci_dev_test_and_clear_flag(hdev, 1507 HCI_HS_ENABLED); 1508 else 1509 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1510 } 1511 1512 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1513 if (err < 0) 1514 goto failed; 1515 1516 if (changed) 1517 err = new_settings(hdev, sk); 1518 1519 goto failed; 1520 } 1521 1522 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1523 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1524 MGMT_STATUS_BUSY); 1525 goto failed; 1526 } 1527 1528 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1529 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1530 goto failed; 1531 } 1532 1533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1534 if (!cmd) { 1535 err = -ENOMEM; 1536 goto failed; 1537 } 1538 1539 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1540 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1541 sizeof(cp->val), &cp->val); 1542 1543 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1544 if (err < 0) { 1545 mgmt_pending_remove(cmd); 1546 goto failed; 1547 } 1548 1549 failed: 1550 hci_dev_unlock(hdev); 1551 return err; 1552 } 1553 1554 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1555 { 1556 struct mgmt_mode *cp = data; 1557 bool changed; 1558 u8 status; 1559 int err; 1560 1561 BT_DBG("request for %s", hdev->name); 1562 1563 status = mgmt_bredr_support(hdev); 1564 if (status) 1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1566 1567 if (!lmp_ssp_capable(hdev)) 1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1569 MGMT_STATUS_NOT_SUPPORTED); 1570 1571 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1573 MGMT_STATUS_REJECTED); 1574 1575 if (cp->val != 0x00 && cp->val != 0x01) 1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1577 MGMT_STATUS_INVALID_PARAMS); 1578 1579 hci_dev_lock(hdev); 1580 1581 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1583 MGMT_STATUS_BUSY); 1584 goto unlock; 1585 } 1586 1587 if (cp->val) { 1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1589 } else { 1590 if (hdev_is_powered(hdev)) { 1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1592 MGMT_STATUS_REJECTED); 1593 goto unlock; 1594 } 1595 1596 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1597 } 1598 1599 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1600 if (err < 0) 1601 goto unlock; 1602 1603 if (changed) 1604 err = new_settings(hdev, sk); 1605 1606 unlock: 1607 hci_dev_unlock(hdev); 1608 return err; 1609 } 1610 1611 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1612 { 1613 struct cmd_lookup match = { NULL, hdev }; 1614 1615 hci_dev_lock(hdev); 1616 1617 if (status) { 1618 u8 mgmt_err = mgmt_status(status); 1619 1620 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1621 &mgmt_err); 1622 goto unlock; 1623 } 1624 1625 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1626 1627 new_settings(hdev, match.sk); 1628 1629 if (match.sk) 1630 sock_put(match.sk); 1631 1632 /* Make sure the controller has a good default for 1633 * advertising data. Restrict the update to when LE 1634 * has actually been enabled. During power on, the 1635 * update in powered_update_hci will take care of it. 1636 */ 1637 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1638 struct hci_request req; 1639 1640 hci_req_init(&req, hdev); 1641 __hci_req_update_adv_data(&req, 0x00); 1642 __hci_req_update_scan_rsp_data(&req, 0x00); 1643 hci_req_run(&req, NULL); 1644 hci_update_background_scan(hdev); 1645 } 1646 1647 unlock: 1648 hci_dev_unlock(hdev); 1649 } 1650 1651 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1652 { 1653 struct mgmt_mode *cp = data; 1654 struct hci_cp_write_le_host_supported hci_cp; 1655 struct mgmt_pending_cmd *cmd; 1656 struct hci_request req; 1657 int err; 1658 u8 val, enabled; 1659 1660 BT_DBG("request for %s", hdev->name); 1661 1662 if (!lmp_le_capable(hdev)) 1663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1664 MGMT_STATUS_NOT_SUPPORTED); 1665 1666 if (cp->val != 0x00 && cp->val != 0x01) 1667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1668 MGMT_STATUS_INVALID_PARAMS); 1669 1670 /* Bluetooth single mode LE only controllers or dual-mode 1671 * controllers configured as LE only devices, do not allow 1672 * switching LE off. These have either LE enabled explicitly 1673 * or BR/EDR has been previously switched off. 1674 * 1675 * When trying to enable an already enabled LE, then gracefully 1676 * send a positive response. Trying to disable it however will 1677 * result into rejection. 1678 */ 1679 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1680 if (cp->val == 0x01) 1681 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1682 1683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1684 MGMT_STATUS_REJECTED); 1685 } 1686 1687 hci_dev_lock(hdev); 1688 1689 val = !!cp->val; 1690 enabled = lmp_host_le_capable(hdev); 1691 1692 if (!val) 1693 hci_req_clear_adv_instance(hdev, NULL, 0x00, true); 1694 1695 if (!hdev_is_powered(hdev) || val == enabled) { 1696 bool changed = false; 1697 1698 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1699 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1700 changed = true; 1701 } 1702 1703 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1704 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1705 changed = true; 1706 } 1707 1708 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1709 if (err < 0) 1710 goto unlock; 1711 1712 if (changed) 1713 err = new_settings(hdev, sk); 1714 1715 goto unlock; 1716 } 1717 1718 if (pending_find(MGMT_OP_SET_LE, hdev) || 1719 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1721 MGMT_STATUS_BUSY); 1722 goto unlock; 1723 } 1724 1725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1726 if (!cmd) { 1727 err = -ENOMEM; 1728 goto unlock; 1729 } 1730 1731 hci_req_init(&req, hdev); 1732 1733 memset(&hci_cp, 0, sizeof(hci_cp)); 1734 1735 if (val) { 1736 hci_cp.le = val; 1737 hci_cp.simul = 0x00; 1738 } else { 1739 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1740 __hci_req_disable_advertising(&req); 1741 } 1742 1743 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1744 &hci_cp); 1745 1746 err = hci_req_run(&req, le_enable_complete); 1747 if (err < 0) 1748 mgmt_pending_remove(cmd); 1749 1750 unlock: 1751 hci_dev_unlock(hdev); 1752 return err; 1753 } 1754 1755 /* This is a helper function to test for pending mgmt commands that can 1756 * cause CoD or EIR HCI commands. We can only allow one such pending 1757 * mgmt command at a time since otherwise we cannot easily track what 1758 * the current values are, will be, and based on that calculate if a new 1759 * HCI command needs to be sent and if yes with what value. 1760 */ 1761 static bool pending_eir_or_class(struct hci_dev *hdev) 1762 { 1763 struct mgmt_pending_cmd *cmd; 1764 1765 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1766 switch (cmd->opcode) { 1767 case MGMT_OP_ADD_UUID: 1768 case MGMT_OP_REMOVE_UUID: 1769 case MGMT_OP_SET_DEV_CLASS: 1770 case MGMT_OP_SET_POWERED: 1771 return true; 1772 } 1773 } 1774 1775 return false; 1776 } 1777 1778 static const u8 bluetooth_base_uuid[] = { 1779 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 1780 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1781 }; 1782 1783 static u8 get_uuid_size(const u8 *uuid) 1784 { 1785 u32 val; 1786 1787 if (memcmp(uuid, bluetooth_base_uuid, 12)) 1788 return 128; 1789 1790 val = get_unaligned_le32(&uuid[12]); 1791 if (val > 0xffff) 1792 return 32; 1793 1794 return 16; 1795 } 1796 1797 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 1798 { 1799 struct mgmt_pending_cmd *cmd; 1800 1801 hci_dev_lock(hdev); 1802 1803 cmd = pending_find(mgmt_op, hdev); 1804 if (!cmd) 1805 goto unlock; 1806 1807 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 1808 mgmt_status(status), hdev->dev_class, 3); 1809 1810 mgmt_pending_remove(cmd); 1811 1812 unlock: 1813 hci_dev_unlock(hdev); 1814 } 1815 1816 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1817 { 1818 BT_DBG("status 0x%02x", status); 1819 1820 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 1821 } 1822 1823 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1824 { 1825 struct mgmt_cp_add_uuid *cp = data; 1826 struct mgmt_pending_cmd *cmd; 1827 struct hci_request req; 1828 struct bt_uuid *uuid; 1829 int err; 1830 1831 BT_DBG("request for %s", hdev->name); 1832 1833 hci_dev_lock(hdev); 1834 1835 if (pending_eir_or_class(hdev)) { 1836 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1837 MGMT_STATUS_BUSY); 1838 goto failed; 1839 } 1840 1841 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 1842 if (!uuid) { 1843 err = -ENOMEM; 1844 goto failed; 1845 } 1846 1847 memcpy(uuid->uuid, cp->uuid, 16); 1848 uuid->svc_hint = cp->svc_hint; 1849 uuid->size = get_uuid_size(cp->uuid); 1850 1851 list_add_tail(&uuid->list, &hdev->uuids); 1852 1853 hci_req_init(&req, hdev); 1854 1855 __hci_req_update_class(&req); 1856 __hci_req_update_eir(&req); 1857 1858 err = hci_req_run(&req, add_uuid_complete); 1859 if (err < 0) { 1860 if (err != -ENODATA) 1861 goto failed; 1862 1863 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1864 hdev->dev_class, 3); 1865 goto failed; 1866 } 1867 1868 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1869 if (!cmd) { 1870 err = -ENOMEM; 1871 goto failed; 1872 } 1873 1874 err = 0; 1875 1876 failed: 1877 hci_dev_unlock(hdev); 1878 return err; 1879 } 1880 1881 static bool enable_service_cache(struct hci_dev *hdev) 1882 { 1883 if (!hdev_is_powered(hdev)) 1884 return false; 1885 1886 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 1887 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 1888 CACHE_TIMEOUT); 1889 return true; 1890 } 1891 1892 return false; 1893 } 1894 1895 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1896 { 1897 BT_DBG("status 0x%02x", status); 1898 1899 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 1900 } 1901 1902 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1903 u16 len) 1904 { 1905 struct mgmt_cp_remove_uuid *cp = data; 1906 struct mgmt_pending_cmd *cmd; 1907 struct bt_uuid *match, *tmp; 1908 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1909 struct hci_request req; 1910 int err, found; 1911 1912 BT_DBG("request for %s", hdev->name); 1913 1914 hci_dev_lock(hdev); 1915 1916 if (pending_eir_or_class(hdev)) { 1917 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1918 MGMT_STATUS_BUSY); 1919 goto unlock; 1920 } 1921 1922 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1923 hci_uuids_clear(hdev); 1924 1925 if (enable_service_cache(hdev)) { 1926 err = mgmt_cmd_complete(sk, hdev->id, 1927 MGMT_OP_REMOVE_UUID, 1928 0, hdev->dev_class, 3); 1929 goto unlock; 1930 } 1931 1932 goto update_class; 1933 } 1934 1935 found = 0; 1936 1937 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 1938 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1939 continue; 1940 1941 list_del(&match->list); 1942 kfree(match); 1943 found++; 1944 } 1945 1946 if (found == 0) { 1947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1948 MGMT_STATUS_INVALID_PARAMS); 1949 goto unlock; 1950 } 1951 1952 update_class: 1953 hci_req_init(&req, hdev); 1954 1955 __hci_req_update_class(&req); 1956 __hci_req_update_eir(&req); 1957 1958 err = hci_req_run(&req, remove_uuid_complete); 1959 if (err < 0) { 1960 if (err != -ENODATA) 1961 goto unlock; 1962 1963 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 1964 hdev->dev_class, 3); 1965 goto unlock; 1966 } 1967 1968 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 1969 if (!cmd) { 1970 err = -ENOMEM; 1971 goto unlock; 1972 } 1973 1974 err = 0; 1975 1976 unlock: 1977 hci_dev_unlock(hdev); 1978 return err; 1979 } 1980 1981 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1982 { 1983 BT_DBG("status 0x%02x", status); 1984 1985 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 1986 } 1987 1988 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 1989 u16 len) 1990 { 1991 struct mgmt_cp_set_dev_class *cp = data; 1992 struct mgmt_pending_cmd *cmd; 1993 struct hci_request req; 1994 int err; 1995 1996 BT_DBG("request for %s", hdev->name); 1997 1998 if (!lmp_bredr_capable(hdev)) 1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2000 MGMT_STATUS_NOT_SUPPORTED); 2001 2002 hci_dev_lock(hdev); 2003 2004 if (pending_eir_or_class(hdev)) { 2005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2006 MGMT_STATUS_BUSY); 2007 goto unlock; 2008 } 2009 2010 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2011 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2012 MGMT_STATUS_INVALID_PARAMS); 2013 goto unlock; 2014 } 2015 2016 hdev->major_class = cp->major; 2017 hdev->minor_class = cp->minor; 2018 2019 if (!hdev_is_powered(hdev)) { 2020 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2021 hdev->dev_class, 3); 2022 goto unlock; 2023 } 2024 2025 hci_req_init(&req, hdev); 2026 2027 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2028 hci_dev_unlock(hdev); 2029 cancel_delayed_work_sync(&hdev->service_cache); 2030 hci_dev_lock(hdev); 2031 __hci_req_update_eir(&req); 2032 } 2033 2034 __hci_req_update_class(&req); 2035 2036 err = hci_req_run(&req, set_class_complete); 2037 if (err < 0) { 2038 if (err != -ENODATA) 2039 goto unlock; 2040 2041 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2042 hdev->dev_class, 3); 2043 goto unlock; 2044 } 2045 2046 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2047 if (!cmd) { 2048 err = -ENOMEM; 2049 goto unlock; 2050 } 2051 2052 err = 0; 2053 2054 unlock: 2055 hci_dev_unlock(hdev); 2056 return err; 2057 } 2058 2059 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2060 u16 len) 2061 { 2062 struct mgmt_cp_load_link_keys *cp = data; 2063 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2064 sizeof(struct mgmt_link_key_info)); 2065 u16 key_count, expected_len; 2066 bool changed; 2067 int i; 2068 2069 BT_DBG("request for %s", hdev->name); 2070 2071 if (!lmp_bredr_capable(hdev)) 2072 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2073 MGMT_STATUS_NOT_SUPPORTED); 2074 2075 key_count = __le16_to_cpu(cp->key_count); 2076 if (key_count > max_key_count) { 2077 BT_ERR("load_link_keys: too big key_count value %u", 2078 key_count); 2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2080 MGMT_STATUS_INVALID_PARAMS); 2081 } 2082 2083 expected_len = sizeof(*cp) + key_count * 2084 sizeof(struct mgmt_link_key_info); 2085 if (expected_len != len) { 2086 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 2087 expected_len, len); 2088 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2089 MGMT_STATUS_INVALID_PARAMS); 2090 } 2091 2092 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2093 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2094 MGMT_STATUS_INVALID_PARAMS); 2095 2096 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2097 key_count); 2098 2099 for (i = 0; i < key_count; i++) { 2100 struct mgmt_link_key_info *key = &cp->keys[i]; 2101 2102 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2103 return mgmt_cmd_status(sk, hdev->id, 2104 MGMT_OP_LOAD_LINK_KEYS, 2105 MGMT_STATUS_INVALID_PARAMS); 2106 } 2107 2108 hci_dev_lock(hdev); 2109 2110 hci_link_keys_clear(hdev); 2111 2112 if (cp->debug_keys) 2113 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2114 else 2115 changed = hci_dev_test_and_clear_flag(hdev, 2116 HCI_KEEP_DEBUG_KEYS); 2117 2118 if (changed) 2119 new_settings(hdev, NULL); 2120 2121 for (i = 0; i < key_count; i++) { 2122 struct mgmt_link_key_info *key = &cp->keys[i]; 2123 2124 /* Always ignore debug keys and require a new pairing if 2125 * the user wants to use them. 2126 */ 2127 if (key->type == HCI_LK_DEBUG_COMBINATION) 2128 continue; 2129 2130 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2131 key->type, key->pin_len, NULL); 2132 } 2133 2134 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2135 2136 hci_dev_unlock(hdev); 2137 2138 return 0; 2139 } 2140 2141 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2142 u8 addr_type, struct sock *skip_sk) 2143 { 2144 struct mgmt_ev_device_unpaired ev; 2145 2146 bacpy(&ev.addr.bdaddr, bdaddr); 2147 ev.addr.type = addr_type; 2148 2149 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2150 skip_sk); 2151 } 2152 2153 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2154 u16 len) 2155 { 2156 struct mgmt_cp_unpair_device *cp = data; 2157 struct mgmt_rp_unpair_device rp; 2158 struct hci_conn_params *params; 2159 struct mgmt_pending_cmd *cmd; 2160 struct hci_conn *conn; 2161 u8 addr_type; 2162 int err; 2163 2164 memset(&rp, 0, sizeof(rp)); 2165 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2166 rp.addr.type = cp->addr.type; 2167 2168 if (!bdaddr_type_is_valid(cp->addr.type)) 2169 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2170 MGMT_STATUS_INVALID_PARAMS, 2171 &rp, sizeof(rp)); 2172 2173 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2175 MGMT_STATUS_INVALID_PARAMS, 2176 &rp, sizeof(rp)); 2177 2178 hci_dev_lock(hdev); 2179 2180 if (!hdev_is_powered(hdev)) { 2181 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2182 MGMT_STATUS_NOT_POWERED, &rp, 2183 sizeof(rp)); 2184 goto unlock; 2185 } 2186 2187 if (cp->addr.type == BDADDR_BREDR) { 2188 /* If disconnection is requested, then look up the 2189 * connection. If the remote device is connected, it 2190 * will be later used to terminate the link. 2191 * 2192 * Setting it to NULL explicitly will cause no 2193 * termination of the link. 2194 */ 2195 if (cp->disconnect) 2196 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2197 &cp->addr.bdaddr); 2198 else 2199 conn = NULL; 2200 2201 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2202 if (err < 0) { 2203 err = mgmt_cmd_complete(sk, hdev->id, 2204 MGMT_OP_UNPAIR_DEVICE, 2205 MGMT_STATUS_NOT_PAIRED, &rp, 2206 sizeof(rp)); 2207 goto unlock; 2208 } 2209 2210 goto done; 2211 } 2212 2213 /* LE address type */ 2214 addr_type = le_addr_type(cp->addr.type); 2215 2216 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2217 2218 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2219 if (err < 0) { 2220 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2221 MGMT_STATUS_NOT_PAIRED, &rp, 2222 sizeof(rp)); 2223 goto unlock; 2224 } 2225 2226 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2227 if (!conn) { 2228 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2229 goto done; 2230 } 2231 2232 /* Abort any ongoing SMP pairing */ 2233 smp_cancel_pairing(conn); 2234 2235 /* Defer clearing up the connection parameters until closing to 2236 * give a chance of keeping them if a repairing happens. 2237 */ 2238 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2239 2240 /* Disable auto-connection parameters if present */ 2241 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2242 if (params) { 2243 if (params->explicit_connect) 2244 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2245 else 2246 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2247 } 2248 2249 /* If disconnection is not requested, then clear the connection 2250 * variable so that the link is not terminated. 2251 */ 2252 if (!cp->disconnect) 2253 conn = NULL; 2254 2255 done: 2256 /* If the connection variable is set, then termination of the 2257 * link is requested. 2258 */ 2259 if (!conn) { 2260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2261 &rp, sizeof(rp)); 2262 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2263 goto unlock; 2264 } 2265 2266 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2267 sizeof(*cp)); 2268 if (!cmd) { 2269 err = -ENOMEM; 2270 goto unlock; 2271 } 2272 2273 cmd->cmd_complete = addr_cmd_complete; 2274 2275 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2276 if (err < 0) 2277 mgmt_pending_remove(cmd); 2278 2279 unlock: 2280 hci_dev_unlock(hdev); 2281 return err; 2282 } 2283 2284 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2285 u16 len) 2286 { 2287 struct mgmt_cp_disconnect *cp = data; 2288 struct mgmt_rp_disconnect rp; 2289 struct mgmt_pending_cmd *cmd; 2290 struct hci_conn *conn; 2291 int err; 2292 2293 BT_DBG(""); 2294 2295 memset(&rp, 0, sizeof(rp)); 2296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2297 rp.addr.type = cp->addr.type; 2298 2299 if (!bdaddr_type_is_valid(cp->addr.type)) 2300 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2301 MGMT_STATUS_INVALID_PARAMS, 2302 &rp, sizeof(rp)); 2303 2304 hci_dev_lock(hdev); 2305 2306 if (!test_bit(HCI_UP, &hdev->flags)) { 2307 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2308 MGMT_STATUS_NOT_POWERED, &rp, 2309 sizeof(rp)); 2310 goto failed; 2311 } 2312 2313 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2314 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2315 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2316 goto failed; 2317 } 2318 2319 if (cp->addr.type == BDADDR_BREDR) 2320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2321 &cp->addr.bdaddr); 2322 else 2323 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2324 le_addr_type(cp->addr.type)); 2325 2326 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2327 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2328 MGMT_STATUS_NOT_CONNECTED, &rp, 2329 sizeof(rp)); 2330 goto failed; 2331 } 2332 2333 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2334 if (!cmd) { 2335 err = -ENOMEM; 2336 goto failed; 2337 } 2338 2339 cmd->cmd_complete = generic_cmd_complete; 2340 2341 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2342 if (err < 0) 2343 mgmt_pending_remove(cmd); 2344 2345 failed: 2346 hci_dev_unlock(hdev); 2347 return err; 2348 } 2349 2350 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2351 { 2352 switch (link_type) { 2353 case LE_LINK: 2354 switch (addr_type) { 2355 case ADDR_LE_DEV_PUBLIC: 2356 return BDADDR_LE_PUBLIC; 2357 2358 default: 2359 /* Fallback to LE Random address type */ 2360 return BDADDR_LE_RANDOM; 2361 } 2362 2363 default: 2364 /* Fallback to BR/EDR type */ 2365 return BDADDR_BREDR; 2366 } 2367 } 2368 2369 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2370 u16 data_len) 2371 { 2372 struct mgmt_rp_get_connections *rp; 2373 struct hci_conn *c; 2374 size_t rp_len; 2375 int err; 2376 u16 i; 2377 2378 BT_DBG(""); 2379 2380 hci_dev_lock(hdev); 2381 2382 if (!hdev_is_powered(hdev)) { 2383 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2384 MGMT_STATUS_NOT_POWERED); 2385 goto unlock; 2386 } 2387 2388 i = 0; 2389 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2390 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2391 i++; 2392 } 2393 2394 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2395 rp = kmalloc(rp_len, GFP_KERNEL); 2396 if (!rp) { 2397 err = -ENOMEM; 2398 goto unlock; 2399 } 2400 2401 i = 0; 2402 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2403 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2404 continue; 2405 bacpy(&rp->addr[i].bdaddr, &c->dst); 2406 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2407 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2408 continue; 2409 i++; 2410 } 2411 2412 rp->conn_count = cpu_to_le16(i); 2413 2414 /* Recalculate length in case of filtered SCO connections, etc */ 2415 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2416 2417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2418 rp_len); 2419 2420 kfree(rp); 2421 2422 unlock: 2423 hci_dev_unlock(hdev); 2424 return err; 2425 } 2426 2427 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2428 struct mgmt_cp_pin_code_neg_reply *cp) 2429 { 2430 struct mgmt_pending_cmd *cmd; 2431 int err; 2432 2433 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2434 sizeof(*cp)); 2435 if (!cmd) 2436 return -ENOMEM; 2437 2438 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2439 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2440 if (err < 0) 2441 mgmt_pending_remove(cmd); 2442 2443 return err; 2444 } 2445 2446 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2447 u16 len) 2448 { 2449 struct hci_conn *conn; 2450 struct mgmt_cp_pin_code_reply *cp = data; 2451 struct hci_cp_pin_code_reply reply; 2452 struct mgmt_pending_cmd *cmd; 2453 int err; 2454 2455 BT_DBG(""); 2456 2457 hci_dev_lock(hdev); 2458 2459 if (!hdev_is_powered(hdev)) { 2460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2461 MGMT_STATUS_NOT_POWERED); 2462 goto failed; 2463 } 2464 2465 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2466 if (!conn) { 2467 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2468 MGMT_STATUS_NOT_CONNECTED); 2469 goto failed; 2470 } 2471 2472 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2473 struct mgmt_cp_pin_code_neg_reply ncp; 2474 2475 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2476 2477 BT_ERR("PIN code is not 16 bytes long"); 2478 2479 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2480 if (err >= 0) 2481 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2482 MGMT_STATUS_INVALID_PARAMS); 2483 2484 goto failed; 2485 } 2486 2487 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2488 if (!cmd) { 2489 err = -ENOMEM; 2490 goto failed; 2491 } 2492 2493 cmd->cmd_complete = addr_cmd_complete; 2494 2495 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2496 reply.pin_len = cp->pin_len; 2497 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2498 2499 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2500 if (err < 0) 2501 mgmt_pending_remove(cmd); 2502 2503 failed: 2504 hci_dev_unlock(hdev); 2505 return err; 2506 } 2507 2508 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2509 u16 len) 2510 { 2511 struct mgmt_cp_set_io_capability *cp = data; 2512 2513 BT_DBG(""); 2514 2515 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2516 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2517 MGMT_STATUS_INVALID_PARAMS, NULL, 0); 2518 2519 hci_dev_lock(hdev); 2520 2521 hdev->io_capability = cp->io_capability; 2522 2523 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2524 hdev->io_capability); 2525 2526 hci_dev_unlock(hdev); 2527 2528 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2529 NULL, 0); 2530 } 2531 2532 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2533 { 2534 struct hci_dev *hdev = conn->hdev; 2535 struct mgmt_pending_cmd *cmd; 2536 2537 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2538 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2539 continue; 2540 2541 if (cmd->user_data != conn) 2542 continue; 2543 2544 return cmd; 2545 } 2546 2547 return NULL; 2548 } 2549 2550 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2551 { 2552 struct mgmt_rp_pair_device rp; 2553 struct hci_conn *conn = cmd->user_data; 2554 int err; 2555 2556 bacpy(&rp.addr.bdaddr, &conn->dst); 2557 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2558 2559 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2560 status, &rp, sizeof(rp)); 2561 2562 /* So we don't get further callbacks for this connection */ 2563 conn->connect_cfm_cb = NULL; 2564 conn->security_cfm_cb = NULL; 2565 conn->disconn_cfm_cb = NULL; 2566 2567 hci_conn_drop(conn); 2568 2569 /* The device is paired so there is no need to remove 2570 * its connection parameters anymore. 2571 */ 2572 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2573 2574 hci_conn_put(conn); 2575 2576 return err; 2577 } 2578 2579 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2580 { 2581 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2582 struct mgmt_pending_cmd *cmd; 2583 2584 cmd = find_pairing(conn); 2585 if (cmd) { 2586 cmd->cmd_complete(cmd, status); 2587 mgmt_pending_remove(cmd); 2588 } 2589 } 2590 2591 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2592 { 2593 struct mgmt_pending_cmd *cmd; 2594 2595 BT_DBG("status %u", status); 2596 2597 cmd = find_pairing(conn); 2598 if (!cmd) { 2599 BT_DBG("Unable to find a pending command"); 2600 return; 2601 } 2602 2603 cmd->cmd_complete(cmd, mgmt_status(status)); 2604 mgmt_pending_remove(cmd); 2605 } 2606 2607 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2608 { 2609 struct mgmt_pending_cmd *cmd; 2610 2611 BT_DBG("status %u", status); 2612 2613 if (!status) 2614 return; 2615 2616 cmd = find_pairing(conn); 2617 if (!cmd) { 2618 BT_DBG("Unable to find a pending command"); 2619 return; 2620 } 2621 2622 cmd->cmd_complete(cmd, mgmt_status(status)); 2623 mgmt_pending_remove(cmd); 2624 } 2625 2626 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2627 u16 len) 2628 { 2629 struct mgmt_cp_pair_device *cp = data; 2630 struct mgmt_rp_pair_device rp; 2631 struct mgmt_pending_cmd *cmd; 2632 u8 sec_level, auth_type; 2633 struct hci_conn *conn; 2634 int err; 2635 2636 BT_DBG(""); 2637 2638 memset(&rp, 0, sizeof(rp)); 2639 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2640 rp.addr.type = cp->addr.type; 2641 2642 if (!bdaddr_type_is_valid(cp->addr.type)) 2643 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2644 MGMT_STATUS_INVALID_PARAMS, 2645 &rp, sizeof(rp)); 2646 2647 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2648 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2649 MGMT_STATUS_INVALID_PARAMS, 2650 &rp, sizeof(rp)); 2651 2652 hci_dev_lock(hdev); 2653 2654 if (!hdev_is_powered(hdev)) { 2655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2656 MGMT_STATUS_NOT_POWERED, &rp, 2657 sizeof(rp)); 2658 goto unlock; 2659 } 2660 2661 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2662 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2663 MGMT_STATUS_ALREADY_PAIRED, &rp, 2664 sizeof(rp)); 2665 goto unlock; 2666 } 2667 2668 sec_level = BT_SECURITY_MEDIUM; 2669 auth_type = HCI_AT_DEDICATED_BONDING; 2670 2671 if (cp->addr.type == BDADDR_BREDR) { 2672 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2673 auth_type); 2674 } else { 2675 u8 addr_type = le_addr_type(cp->addr.type); 2676 struct hci_conn_params *p; 2677 2678 /* When pairing a new device, it is expected to remember 2679 * this device for future connections. Adding the connection 2680 * parameter information ahead of time allows tracking 2681 * of the slave preferred values and will speed up any 2682 * further connection establishment. 2683 * 2684 * If connection parameters already exist, then they 2685 * will be kept and this function does nothing. 2686 */ 2687 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2688 2689 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2690 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2691 2692 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2693 addr_type, sec_level, 2694 HCI_LE_CONN_TIMEOUT); 2695 } 2696 2697 if (IS_ERR(conn)) { 2698 int status; 2699 2700 if (PTR_ERR(conn) == -EBUSY) 2701 status = MGMT_STATUS_BUSY; 2702 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2703 status = MGMT_STATUS_NOT_SUPPORTED; 2704 else if (PTR_ERR(conn) == -ECONNREFUSED) 2705 status = MGMT_STATUS_REJECTED; 2706 else 2707 status = MGMT_STATUS_CONNECT_FAILED; 2708 2709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2710 status, &rp, sizeof(rp)); 2711 goto unlock; 2712 } 2713 2714 if (conn->connect_cfm_cb) { 2715 hci_conn_drop(conn); 2716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2717 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2718 goto unlock; 2719 } 2720 2721 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2722 if (!cmd) { 2723 err = -ENOMEM; 2724 hci_conn_drop(conn); 2725 goto unlock; 2726 } 2727 2728 cmd->cmd_complete = pairing_complete; 2729 2730 /* For LE, just connecting isn't a proof that the pairing finished */ 2731 if (cp->addr.type == BDADDR_BREDR) { 2732 conn->connect_cfm_cb = pairing_complete_cb; 2733 conn->security_cfm_cb = pairing_complete_cb; 2734 conn->disconn_cfm_cb = pairing_complete_cb; 2735 } else { 2736 conn->connect_cfm_cb = le_pairing_complete_cb; 2737 conn->security_cfm_cb = le_pairing_complete_cb; 2738 conn->disconn_cfm_cb = le_pairing_complete_cb; 2739 } 2740 2741 conn->io_capability = cp->io_cap; 2742 cmd->user_data = hci_conn_get(conn); 2743 2744 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2745 hci_conn_security(conn, sec_level, auth_type, true)) { 2746 cmd->cmd_complete(cmd, 0); 2747 mgmt_pending_remove(cmd); 2748 } 2749 2750 err = 0; 2751 2752 unlock: 2753 hci_dev_unlock(hdev); 2754 return err; 2755 } 2756 2757 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2758 u16 len) 2759 { 2760 struct mgmt_addr_info *addr = data; 2761 struct mgmt_pending_cmd *cmd; 2762 struct hci_conn *conn; 2763 int err; 2764 2765 BT_DBG(""); 2766 2767 hci_dev_lock(hdev); 2768 2769 if (!hdev_is_powered(hdev)) { 2770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2771 MGMT_STATUS_NOT_POWERED); 2772 goto unlock; 2773 } 2774 2775 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2776 if (!cmd) { 2777 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2778 MGMT_STATUS_INVALID_PARAMS); 2779 goto unlock; 2780 } 2781 2782 conn = cmd->user_data; 2783 2784 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 2785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2786 MGMT_STATUS_INVALID_PARAMS); 2787 goto unlock; 2788 } 2789 2790 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 2791 mgmt_pending_remove(cmd); 2792 2793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 2794 addr, sizeof(*addr)); 2795 unlock: 2796 hci_dev_unlock(hdev); 2797 return err; 2798 } 2799 2800 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 2801 struct mgmt_addr_info *addr, u16 mgmt_op, 2802 u16 hci_op, __le32 passkey) 2803 { 2804 struct mgmt_pending_cmd *cmd; 2805 struct hci_conn *conn; 2806 int err; 2807 2808 hci_dev_lock(hdev); 2809 2810 if (!hdev_is_powered(hdev)) { 2811 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2812 MGMT_STATUS_NOT_POWERED, addr, 2813 sizeof(*addr)); 2814 goto done; 2815 } 2816 2817 if (addr->type == BDADDR_BREDR) 2818 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 2819 else 2820 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 2821 le_addr_type(addr->type)); 2822 2823 if (!conn) { 2824 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2825 MGMT_STATUS_NOT_CONNECTED, addr, 2826 sizeof(*addr)); 2827 goto done; 2828 } 2829 2830 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 2831 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2832 if (!err) 2833 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2834 MGMT_STATUS_SUCCESS, addr, 2835 sizeof(*addr)); 2836 else 2837 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2838 MGMT_STATUS_FAILED, addr, 2839 sizeof(*addr)); 2840 2841 goto done; 2842 } 2843 2844 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 2845 if (!cmd) { 2846 err = -ENOMEM; 2847 goto done; 2848 } 2849 2850 cmd->cmd_complete = addr_cmd_complete; 2851 2852 /* Continue with pairing via HCI */ 2853 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2854 struct hci_cp_user_passkey_reply cp; 2855 2856 bacpy(&cp.bdaddr, &addr->bdaddr); 2857 cp.passkey = passkey; 2858 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2859 } else 2860 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 2861 &addr->bdaddr); 2862 2863 if (err < 0) 2864 mgmt_pending_remove(cmd); 2865 2866 done: 2867 hci_dev_unlock(hdev); 2868 return err; 2869 } 2870 2871 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2872 void *data, u16 len) 2873 { 2874 struct mgmt_cp_pin_code_neg_reply *cp = data; 2875 2876 BT_DBG(""); 2877 2878 return user_pairing_resp(sk, hdev, &cp->addr, 2879 MGMT_OP_PIN_CODE_NEG_REPLY, 2880 HCI_OP_PIN_CODE_NEG_REPLY, 0); 2881 } 2882 2883 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2884 u16 len) 2885 { 2886 struct mgmt_cp_user_confirm_reply *cp = data; 2887 2888 BT_DBG(""); 2889 2890 if (len != sizeof(*cp)) 2891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2892 MGMT_STATUS_INVALID_PARAMS); 2893 2894 return user_pairing_resp(sk, hdev, &cp->addr, 2895 MGMT_OP_USER_CONFIRM_REPLY, 2896 HCI_OP_USER_CONFIRM_REPLY, 0); 2897 } 2898 2899 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2900 void *data, u16 len) 2901 { 2902 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2903 2904 BT_DBG(""); 2905 2906 return user_pairing_resp(sk, hdev, &cp->addr, 2907 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2908 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2909 } 2910 2911 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2912 u16 len) 2913 { 2914 struct mgmt_cp_user_passkey_reply *cp = data; 2915 2916 BT_DBG(""); 2917 2918 return user_pairing_resp(sk, hdev, &cp->addr, 2919 MGMT_OP_USER_PASSKEY_REPLY, 2920 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 2921 } 2922 2923 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 2924 void *data, u16 len) 2925 { 2926 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2927 2928 BT_DBG(""); 2929 2930 return user_pairing_resp(sk, hdev, &cp->addr, 2931 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2932 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2933 } 2934 2935 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2936 { 2937 struct mgmt_cp_set_local_name *cp; 2938 struct mgmt_pending_cmd *cmd; 2939 2940 BT_DBG("status 0x%02x", status); 2941 2942 hci_dev_lock(hdev); 2943 2944 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 2945 if (!cmd) 2946 goto unlock; 2947 2948 cp = cmd->param; 2949 2950 if (status) 2951 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 2952 mgmt_status(status)); 2953 else 2954 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2955 cp, sizeof(*cp)); 2956 2957 mgmt_pending_remove(cmd); 2958 2959 unlock: 2960 hci_dev_unlock(hdev); 2961 } 2962 2963 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 2964 u16 len) 2965 { 2966 struct mgmt_cp_set_local_name *cp = data; 2967 struct mgmt_pending_cmd *cmd; 2968 struct hci_request req; 2969 int err; 2970 2971 BT_DBG(""); 2972 2973 hci_dev_lock(hdev); 2974 2975 /* If the old values are the same as the new ones just return a 2976 * direct command complete event. 2977 */ 2978 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 2979 !memcmp(hdev->short_name, cp->short_name, 2980 sizeof(hdev->short_name))) { 2981 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2982 data, len); 2983 goto failed; 2984 } 2985 2986 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 2987 2988 if (!hdev_is_powered(hdev)) { 2989 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 2990 2991 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2992 data, len); 2993 if (err < 0) 2994 goto failed; 2995 2996 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, 2997 data, len, sk); 2998 2999 goto failed; 3000 } 3001 3002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3003 if (!cmd) { 3004 err = -ENOMEM; 3005 goto failed; 3006 } 3007 3008 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3009 3010 hci_req_init(&req, hdev); 3011 3012 if (lmp_bredr_capable(hdev)) { 3013 __hci_req_update_name(&req); 3014 __hci_req_update_eir(&req); 3015 } 3016 3017 /* The name is stored in the scan response data and so 3018 * no need to udpate the advertising data here. 3019 */ 3020 if (lmp_le_capable(hdev)) 3021 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3022 3023 err = hci_req_run(&req, set_name_complete); 3024 if (err < 0) 3025 mgmt_pending_remove(cmd); 3026 3027 failed: 3028 hci_dev_unlock(hdev); 3029 return err; 3030 } 3031 3032 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3033 u16 opcode, struct sk_buff *skb) 3034 { 3035 struct mgmt_rp_read_local_oob_data mgmt_rp; 3036 size_t rp_size = sizeof(mgmt_rp); 3037 struct mgmt_pending_cmd *cmd; 3038 3039 BT_DBG("%s status %u", hdev->name, status); 3040 3041 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3042 if (!cmd) 3043 return; 3044 3045 if (status || !skb) { 3046 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3047 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3048 goto remove; 3049 } 3050 3051 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3052 3053 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3054 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3055 3056 if (skb->len < sizeof(*rp)) { 3057 mgmt_cmd_status(cmd->sk, hdev->id, 3058 MGMT_OP_READ_LOCAL_OOB_DATA, 3059 MGMT_STATUS_FAILED); 3060 goto remove; 3061 } 3062 3063 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3064 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3065 3066 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3067 } else { 3068 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3069 3070 if (skb->len < sizeof(*rp)) { 3071 mgmt_cmd_status(cmd->sk, hdev->id, 3072 MGMT_OP_READ_LOCAL_OOB_DATA, 3073 MGMT_STATUS_FAILED); 3074 goto remove; 3075 } 3076 3077 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3078 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3079 3080 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3081 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3082 } 3083 3084 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3085 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3086 3087 remove: 3088 mgmt_pending_remove(cmd); 3089 } 3090 3091 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3092 void *data, u16 data_len) 3093 { 3094 struct mgmt_pending_cmd *cmd; 3095 struct hci_request req; 3096 int err; 3097 3098 BT_DBG("%s", hdev->name); 3099 3100 hci_dev_lock(hdev); 3101 3102 if (!hdev_is_powered(hdev)) { 3103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3104 MGMT_STATUS_NOT_POWERED); 3105 goto unlock; 3106 } 3107 3108 if (!lmp_ssp_capable(hdev)) { 3109 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3110 MGMT_STATUS_NOT_SUPPORTED); 3111 goto unlock; 3112 } 3113 3114 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3115 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3116 MGMT_STATUS_BUSY); 3117 goto unlock; 3118 } 3119 3120 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3121 if (!cmd) { 3122 err = -ENOMEM; 3123 goto unlock; 3124 } 3125 3126 hci_req_init(&req, hdev); 3127 3128 if (bredr_sc_enabled(hdev)) 3129 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3130 else 3131 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3132 3133 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3134 if (err < 0) 3135 mgmt_pending_remove(cmd); 3136 3137 unlock: 3138 hci_dev_unlock(hdev); 3139 return err; 3140 } 3141 3142 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3143 void *data, u16 len) 3144 { 3145 struct mgmt_addr_info *addr = data; 3146 int err; 3147 3148 BT_DBG("%s ", hdev->name); 3149 3150 if (!bdaddr_type_is_valid(addr->type)) 3151 return mgmt_cmd_complete(sk, hdev->id, 3152 MGMT_OP_ADD_REMOTE_OOB_DATA, 3153 MGMT_STATUS_INVALID_PARAMS, 3154 addr, sizeof(*addr)); 3155 3156 hci_dev_lock(hdev); 3157 3158 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3159 struct mgmt_cp_add_remote_oob_data *cp = data; 3160 u8 status; 3161 3162 if (cp->addr.type != BDADDR_BREDR) { 3163 err = mgmt_cmd_complete(sk, hdev->id, 3164 MGMT_OP_ADD_REMOTE_OOB_DATA, 3165 MGMT_STATUS_INVALID_PARAMS, 3166 &cp->addr, sizeof(cp->addr)); 3167 goto unlock; 3168 } 3169 3170 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3171 cp->addr.type, cp->hash, 3172 cp->rand, NULL, NULL); 3173 if (err < 0) 3174 status = MGMT_STATUS_FAILED; 3175 else 3176 status = MGMT_STATUS_SUCCESS; 3177 3178 err = mgmt_cmd_complete(sk, hdev->id, 3179 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3180 &cp->addr, sizeof(cp->addr)); 3181 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3182 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3183 u8 *rand192, *hash192, *rand256, *hash256; 3184 u8 status; 3185 3186 if (bdaddr_type_is_le(cp->addr.type)) { 3187 /* Enforce zero-valued 192-bit parameters as 3188 * long as legacy SMP OOB isn't implemented. 3189 */ 3190 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3191 memcmp(cp->hash192, ZERO_KEY, 16)) { 3192 err = mgmt_cmd_complete(sk, hdev->id, 3193 MGMT_OP_ADD_REMOTE_OOB_DATA, 3194 MGMT_STATUS_INVALID_PARAMS, 3195 addr, sizeof(*addr)); 3196 goto unlock; 3197 } 3198 3199 rand192 = NULL; 3200 hash192 = NULL; 3201 } else { 3202 /* In case one of the P-192 values is set to zero, 3203 * then just disable OOB data for P-192. 3204 */ 3205 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3206 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3207 rand192 = NULL; 3208 hash192 = NULL; 3209 } else { 3210 rand192 = cp->rand192; 3211 hash192 = cp->hash192; 3212 } 3213 } 3214 3215 /* In case one of the P-256 values is set to zero, then just 3216 * disable OOB data for P-256. 3217 */ 3218 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3219 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3220 rand256 = NULL; 3221 hash256 = NULL; 3222 } else { 3223 rand256 = cp->rand256; 3224 hash256 = cp->hash256; 3225 } 3226 3227 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3228 cp->addr.type, hash192, rand192, 3229 hash256, rand256); 3230 if (err < 0) 3231 status = MGMT_STATUS_FAILED; 3232 else 3233 status = MGMT_STATUS_SUCCESS; 3234 3235 err = mgmt_cmd_complete(sk, hdev->id, 3236 MGMT_OP_ADD_REMOTE_OOB_DATA, 3237 status, &cp->addr, sizeof(cp->addr)); 3238 } else { 3239 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len); 3240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3241 MGMT_STATUS_INVALID_PARAMS); 3242 } 3243 3244 unlock: 3245 hci_dev_unlock(hdev); 3246 return err; 3247 } 3248 3249 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3250 void *data, u16 len) 3251 { 3252 struct mgmt_cp_remove_remote_oob_data *cp = data; 3253 u8 status; 3254 int err; 3255 3256 BT_DBG("%s", hdev->name); 3257 3258 if (cp->addr.type != BDADDR_BREDR) 3259 return mgmt_cmd_complete(sk, hdev->id, 3260 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3261 MGMT_STATUS_INVALID_PARAMS, 3262 &cp->addr, sizeof(cp->addr)); 3263 3264 hci_dev_lock(hdev); 3265 3266 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3267 hci_remote_oob_data_clear(hdev); 3268 status = MGMT_STATUS_SUCCESS; 3269 goto done; 3270 } 3271 3272 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3273 if (err < 0) 3274 status = MGMT_STATUS_INVALID_PARAMS; 3275 else 3276 status = MGMT_STATUS_SUCCESS; 3277 3278 done: 3279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3280 status, &cp->addr, sizeof(cp->addr)); 3281 3282 hci_dev_unlock(hdev); 3283 return err; 3284 } 3285 3286 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3287 { 3288 struct mgmt_pending_cmd *cmd; 3289 3290 BT_DBG("status %d", status); 3291 3292 hci_dev_lock(hdev); 3293 3294 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3295 if (!cmd) 3296 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3297 3298 if (!cmd) 3299 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3300 3301 if (cmd) { 3302 cmd->cmd_complete(cmd, mgmt_status(status)); 3303 mgmt_pending_remove(cmd); 3304 } 3305 3306 hci_dev_unlock(hdev); 3307 } 3308 3309 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3310 uint8_t *mgmt_status) 3311 { 3312 switch (type) { 3313 case DISCOV_TYPE_LE: 3314 *mgmt_status = mgmt_le_support(hdev); 3315 if (*mgmt_status) 3316 return false; 3317 break; 3318 case DISCOV_TYPE_INTERLEAVED: 3319 *mgmt_status = mgmt_le_support(hdev); 3320 if (*mgmt_status) 3321 return false; 3322 /* Intentional fall-through */ 3323 case DISCOV_TYPE_BREDR: 3324 *mgmt_status = mgmt_bredr_support(hdev); 3325 if (*mgmt_status) 3326 return false; 3327 break; 3328 default: 3329 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3330 return false; 3331 } 3332 3333 return true; 3334 } 3335 3336 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3337 u16 op, void *data, u16 len) 3338 { 3339 struct mgmt_cp_start_discovery *cp = data; 3340 struct mgmt_pending_cmd *cmd; 3341 u8 status; 3342 int err; 3343 3344 BT_DBG("%s", hdev->name); 3345 3346 hci_dev_lock(hdev); 3347 3348 if (!hdev_is_powered(hdev)) { 3349 err = mgmt_cmd_complete(sk, hdev->id, op, 3350 MGMT_STATUS_NOT_POWERED, 3351 &cp->type, sizeof(cp->type)); 3352 goto failed; 3353 } 3354 3355 if (hdev->discovery.state != DISCOVERY_STOPPED || 3356 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3357 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3358 &cp->type, sizeof(cp->type)); 3359 goto failed; 3360 } 3361 3362 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3363 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3364 &cp->type, sizeof(cp->type)); 3365 goto failed; 3366 } 3367 3368 /* Clear the discovery filter first to free any previously 3369 * allocated memory for the UUID list. 3370 */ 3371 hci_discovery_filter_clear(hdev); 3372 3373 hdev->discovery.type = cp->type; 3374 hdev->discovery.report_invalid_rssi = false; 3375 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3376 hdev->discovery.limited = true; 3377 else 3378 hdev->discovery.limited = false; 3379 3380 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3381 if (!cmd) { 3382 err = -ENOMEM; 3383 goto failed; 3384 } 3385 3386 cmd->cmd_complete = generic_cmd_complete; 3387 3388 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3389 queue_work(hdev->req_workqueue, &hdev->discov_update); 3390 err = 0; 3391 3392 failed: 3393 hci_dev_unlock(hdev); 3394 return err; 3395 } 3396 3397 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3398 void *data, u16 len) 3399 { 3400 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3401 data, len); 3402 } 3403 3404 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3405 void *data, u16 len) 3406 { 3407 return start_discovery_internal(sk, hdev, 3408 MGMT_OP_START_LIMITED_DISCOVERY, 3409 data, len); 3410 } 3411 3412 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3413 u8 status) 3414 { 3415 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3416 cmd->param, 1); 3417 } 3418 3419 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3420 void *data, u16 len) 3421 { 3422 struct mgmt_cp_start_service_discovery *cp = data; 3423 struct mgmt_pending_cmd *cmd; 3424 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3425 u16 uuid_count, expected_len; 3426 u8 status; 3427 int err; 3428 3429 BT_DBG("%s", hdev->name); 3430 3431 hci_dev_lock(hdev); 3432 3433 if (!hdev_is_powered(hdev)) { 3434 err = mgmt_cmd_complete(sk, hdev->id, 3435 MGMT_OP_START_SERVICE_DISCOVERY, 3436 MGMT_STATUS_NOT_POWERED, 3437 &cp->type, sizeof(cp->type)); 3438 goto failed; 3439 } 3440 3441 if (hdev->discovery.state != DISCOVERY_STOPPED || 3442 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3443 err = mgmt_cmd_complete(sk, hdev->id, 3444 MGMT_OP_START_SERVICE_DISCOVERY, 3445 MGMT_STATUS_BUSY, &cp->type, 3446 sizeof(cp->type)); 3447 goto failed; 3448 } 3449 3450 uuid_count = __le16_to_cpu(cp->uuid_count); 3451 if (uuid_count > max_uuid_count) { 3452 BT_ERR("service_discovery: too big uuid_count value %u", 3453 uuid_count); 3454 err = mgmt_cmd_complete(sk, hdev->id, 3455 MGMT_OP_START_SERVICE_DISCOVERY, 3456 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3457 sizeof(cp->type)); 3458 goto failed; 3459 } 3460 3461 expected_len = sizeof(*cp) + uuid_count * 16; 3462 if (expected_len != len) { 3463 BT_ERR("service_discovery: expected %u bytes, got %u bytes", 3464 expected_len, len); 3465 err = mgmt_cmd_complete(sk, hdev->id, 3466 MGMT_OP_START_SERVICE_DISCOVERY, 3467 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3468 sizeof(cp->type)); 3469 goto failed; 3470 } 3471 3472 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3473 err = mgmt_cmd_complete(sk, hdev->id, 3474 MGMT_OP_START_SERVICE_DISCOVERY, 3475 status, &cp->type, sizeof(cp->type)); 3476 goto failed; 3477 } 3478 3479 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3480 hdev, data, len); 3481 if (!cmd) { 3482 err = -ENOMEM; 3483 goto failed; 3484 } 3485 3486 cmd->cmd_complete = service_discovery_cmd_complete; 3487 3488 /* Clear the discovery filter first to free any previously 3489 * allocated memory for the UUID list. 3490 */ 3491 hci_discovery_filter_clear(hdev); 3492 3493 hdev->discovery.result_filtering = true; 3494 hdev->discovery.type = cp->type; 3495 hdev->discovery.rssi = cp->rssi; 3496 hdev->discovery.uuid_count = uuid_count; 3497 3498 if (uuid_count > 0) { 3499 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 3500 GFP_KERNEL); 3501 if (!hdev->discovery.uuids) { 3502 err = mgmt_cmd_complete(sk, hdev->id, 3503 MGMT_OP_START_SERVICE_DISCOVERY, 3504 MGMT_STATUS_FAILED, 3505 &cp->type, sizeof(cp->type)); 3506 mgmt_pending_remove(cmd); 3507 goto failed; 3508 } 3509 } 3510 3511 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3512 queue_work(hdev->req_workqueue, &hdev->discov_update); 3513 err = 0; 3514 3515 failed: 3516 hci_dev_unlock(hdev); 3517 return err; 3518 } 3519 3520 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 3521 { 3522 struct mgmt_pending_cmd *cmd; 3523 3524 BT_DBG("status %d", status); 3525 3526 hci_dev_lock(hdev); 3527 3528 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3529 if (cmd) { 3530 cmd->cmd_complete(cmd, mgmt_status(status)); 3531 mgmt_pending_remove(cmd); 3532 } 3533 3534 hci_dev_unlock(hdev); 3535 } 3536 3537 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 3538 u16 len) 3539 { 3540 struct mgmt_cp_stop_discovery *mgmt_cp = data; 3541 struct mgmt_pending_cmd *cmd; 3542 int err; 3543 3544 BT_DBG("%s", hdev->name); 3545 3546 hci_dev_lock(hdev); 3547 3548 if (!hci_discovery_active(hdev)) { 3549 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3550 MGMT_STATUS_REJECTED, &mgmt_cp->type, 3551 sizeof(mgmt_cp->type)); 3552 goto unlock; 3553 } 3554 3555 if (hdev->discovery.type != mgmt_cp->type) { 3556 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3557 MGMT_STATUS_INVALID_PARAMS, 3558 &mgmt_cp->type, sizeof(mgmt_cp->type)); 3559 goto unlock; 3560 } 3561 3562 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 3563 if (!cmd) { 3564 err = -ENOMEM; 3565 goto unlock; 3566 } 3567 3568 cmd->cmd_complete = generic_cmd_complete; 3569 3570 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 3571 queue_work(hdev->req_workqueue, &hdev->discov_update); 3572 err = 0; 3573 3574 unlock: 3575 hci_dev_unlock(hdev); 3576 return err; 3577 } 3578 3579 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 3580 u16 len) 3581 { 3582 struct mgmt_cp_confirm_name *cp = data; 3583 struct inquiry_entry *e; 3584 int err; 3585 3586 BT_DBG("%s", hdev->name); 3587 3588 hci_dev_lock(hdev); 3589 3590 if (!hci_discovery_active(hdev)) { 3591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3592 MGMT_STATUS_FAILED, &cp->addr, 3593 sizeof(cp->addr)); 3594 goto failed; 3595 } 3596 3597 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 3598 if (!e) { 3599 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3600 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 3601 sizeof(cp->addr)); 3602 goto failed; 3603 } 3604 3605 if (cp->name_known) { 3606 e->name_state = NAME_KNOWN; 3607 list_del(&e->list); 3608 } else { 3609 e->name_state = NAME_NEEDED; 3610 hci_inquiry_cache_update_resolve(hdev, e); 3611 } 3612 3613 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 3614 &cp->addr, sizeof(cp->addr)); 3615 3616 failed: 3617 hci_dev_unlock(hdev); 3618 return err; 3619 } 3620 3621 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 3622 u16 len) 3623 { 3624 struct mgmt_cp_block_device *cp = data; 3625 u8 status; 3626 int err; 3627 3628 BT_DBG("%s", hdev->name); 3629 3630 if (!bdaddr_type_is_valid(cp->addr.type)) 3631 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 3632 MGMT_STATUS_INVALID_PARAMS, 3633 &cp->addr, sizeof(cp->addr)); 3634 3635 hci_dev_lock(hdev); 3636 3637 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 3638 cp->addr.type); 3639 if (err < 0) { 3640 status = MGMT_STATUS_FAILED; 3641 goto done; 3642 } 3643 3644 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3645 sk); 3646 status = MGMT_STATUS_SUCCESS; 3647 3648 done: 3649 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 3650 &cp->addr, sizeof(cp->addr)); 3651 3652 hci_dev_unlock(hdev); 3653 3654 return err; 3655 } 3656 3657 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 3658 u16 len) 3659 { 3660 struct mgmt_cp_unblock_device *cp = data; 3661 u8 status; 3662 int err; 3663 3664 BT_DBG("%s", hdev->name); 3665 3666 if (!bdaddr_type_is_valid(cp->addr.type)) 3667 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 3668 MGMT_STATUS_INVALID_PARAMS, 3669 &cp->addr, sizeof(cp->addr)); 3670 3671 hci_dev_lock(hdev); 3672 3673 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 3674 cp->addr.type); 3675 if (err < 0) { 3676 status = MGMT_STATUS_INVALID_PARAMS; 3677 goto done; 3678 } 3679 3680 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3681 sk); 3682 status = MGMT_STATUS_SUCCESS; 3683 3684 done: 3685 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 3686 &cp->addr, sizeof(cp->addr)); 3687 3688 hci_dev_unlock(hdev); 3689 3690 return err; 3691 } 3692 3693 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 3694 u16 len) 3695 { 3696 struct mgmt_cp_set_device_id *cp = data; 3697 struct hci_request req; 3698 int err; 3699 __u16 source; 3700 3701 BT_DBG("%s", hdev->name); 3702 3703 source = __le16_to_cpu(cp->source); 3704 3705 if (source > 0x0002) 3706 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 3707 MGMT_STATUS_INVALID_PARAMS); 3708 3709 hci_dev_lock(hdev); 3710 3711 hdev->devid_source = source; 3712 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 3713 hdev->devid_product = __le16_to_cpu(cp->product); 3714 hdev->devid_version = __le16_to_cpu(cp->version); 3715 3716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 3717 NULL, 0); 3718 3719 hci_req_init(&req, hdev); 3720 __hci_req_update_eir(&req); 3721 hci_req_run(&req, NULL); 3722 3723 hci_dev_unlock(hdev); 3724 3725 return err; 3726 } 3727 3728 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 3729 u16 opcode) 3730 { 3731 BT_DBG("status %d", status); 3732 } 3733 3734 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 3735 u16 opcode) 3736 { 3737 struct cmd_lookup match = { NULL, hdev }; 3738 struct hci_request req; 3739 u8 instance; 3740 struct adv_info *adv_instance; 3741 int err; 3742 3743 hci_dev_lock(hdev); 3744 3745 if (status) { 3746 u8 mgmt_err = mgmt_status(status); 3747 3748 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3749 cmd_status_rsp, &mgmt_err); 3750 goto unlock; 3751 } 3752 3753 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3754 hci_dev_set_flag(hdev, HCI_ADVERTISING); 3755 else 3756 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 3757 3758 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3759 &match); 3760 3761 new_settings(hdev, match.sk); 3762 3763 if (match.sk) 3764 sock_put(match.sk); 3765 3766 /* If "Set Advertising" was just disabled and instance advertising was 3767 * set up earlier, then re-enable multi-instance advertising. 3768 */ 3769 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 3770 list_empty(&hdev->adv_instances)) 3771 goto unlock; 3772 3773 instance = hdev->cur_adv_instance; 3774 if (!instance) { 3775 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 3776 struct adv_info, list); 3777 if (!adv_instance) 3778 goto unlock; 3779 3780 instance = adv_instance->instance; 3781 } 3782 3783 hci_req_init(&req, hdev); 3784 3785 err = __hci_req_schedule_adv_instance(&req, instance, true); 3786 3787 if (!err) 3788 err = hci_req_run(&req, enable_advertising_instance); 3789 3790 if (err) 3791 BT_ERR("Failed to re-configure advertising"); 3792 3793 unlock: 3794 hci_dev_unlock(hdev); 3795 } 3796 3797 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 3798 u16 len) 3799 { 3800 struct mgmt_mode *cp = data; 3801 struct mgmt_pending_cmd *cmd; 3802 struct hci_request req; 3803 u8 val, status; 3804 int err; 3805 3806 BT_DBG("request for %s", hdev->name); 3807 3808 status = mgmt_le_support(hdev); 3809 if (status) 3810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3811 status); 3812 3813 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 3814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3815 MGMT_STATUS_INVALID_PARAMS); 3816 3817 hci_dev_lock(hdev); 3818 3819 val = !!cp->val; 3820 3821 /* The following conditions are ones which mean that we should 3822 * not do any HCI communication but directly send a mgmt 3823 * response to user space (after toggling the flag if 3824 * necessary). 3825 */ 3826 if (!hdev_is_powered(hdev) || 3827 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 3828 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 3829 hci_conn_num(hdev, LE_LINK) > 0 || 3830 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3831 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 3832 bool changed; 3833 3834 if (cp->val) { 3835 hdev->cur_adv_instance = 0x00; 3836 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 3837 if (cp->val == 0x02) 3838 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3839 else 3840 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3841 } else { 3842 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 3843 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3844 } 3845 3846 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 3847 if (err < 0) 3848 goto unlock; 3849 3850 if (changed) 3851 err = new_settings(hdev, sk); 3852 3853 goto unlock; 3854 } 3855 3856 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 3857 pending_find(MGMT_OP_SET_LE, hdev)) { 3858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3859 MGMT_STATUS_BUSY); 3860 goto unlock; 3861 } 3862 3863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 3864 if (!cmd) { 3865 err = -ENOMEM; 3866 goto unlock; 3867 } 3868 3869 hci_req_init(&req, hdev); 3870 3871 if (cp->val == 0x02) 3872 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3873 else 3874 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3875 3876 cancel_adv_timeout(hdev); 3877 3878 if (val) { 3879 /* Switch to instance "0" for the Set Advertising setting. 3880 * We cannot use update_[adv|scan_rsp]_data() here as the 3881 * HCI_ADVERTISING flag is not yet set. 3882 */ 3883 hdev->cur_adv_instance = 0x00; 3884 __hci_req_update_adv_data(&req, 0x00); 3885 __hci_req_update_scan_rsp_data(&req, 0x00); 3886 __hci_req_enable_advertising(&req); 3887 } else { 3888 __hci_req_disable_advertising(&req); 3889 } 3890 3891 err = hci_req_run(&req, set_advertising_complete); 3892 if (err < 0) 3893 mgmt_pending_remove(cmd); 3894 3895 unlock: 3896 hci_dev_unlock(hdev); 3897 return err; 3898 } 3899 3900 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 3901 void *data, u16 len) 3902 { 3903 struct mgmt_cp_set_static_address *cp = data; 3904 int err; 3905 3906 BT_DBG("%s", hdev->name); 3907 3908 if (!lmp_le_capable(hdev)) 3909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3910 MGMT_STATUS_NOT_SUPPORTED); 3911 3912 if (hdev_is_powered(hdev)) 3913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3914 MGMT_STATUS_REJECTED); 3915 3916 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 3917 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 3918 return mgmt_cmd_status(sk, hdev->id, 3919 MGMT_OP_SET_STATIC_ADDRESS, 3920 MGMT_STATUS_INVALID_PARAMS); 3921 3922 /* Two most significant bits shall be set */ 3923 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 3924 return mgmt_cmd_status(sk, hdev->id, 3925 MGMT_OP_SET_STATIC_ADDRESS, 3926 MGMT_STATUS_INVALID_PARAMS); 3927 } 3928 3929 hci_dev_lock(hdev); 3930 3931 bacpy(&hdev->static_addr, &cp->bdaddr); 3932 3933 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 3934 if (err < 0) 3935 goto unlock; 3936 3937 err = new_settings(hdev, sk); 3938 3939 unlock: 3940 hci_dev_unlock(hdev); 3941 return err; 3942 } 3943 3944 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 3945 void *data, u16 len) 3946 { 3947 struct mgmt_cp_set_scan_params *cp = data; 3948 __u16 interval, window; 3949 int err; 3950 3951 BT_DBG("%s", hdev->name); 3952 3953 if (!lmp_le_capable(hdev)) 3954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3955 MGMT_STATUS_NOT_SUPPORTED); 3956 3957 interval = __le16_to_cpu(cp->interval); 3958 3959 if (interval < 0x0004 || interval > 0x4000) 3960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3961 MGMT_STATUS_INVALID_PARAMS); 3962 3963 window = __le16_to_cpu(cp->window); 3964 3965 if (window < 0x0004 || window > 0x4000) 3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3967 MGMT_STATUS_INVALID_PARAMS); 3968 3969 if (window > interval) 3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3971 MGMT_STATUS_INVALID_PARAMS); 3972 3973 hci_dev_lock(hdev); 3974 3975 hdev->le_scan_interval = interval; 3976 hdev->le_scan_window = window; 3977 3978 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 3979 NULL, 0); 3980 3981 /* If background scan is running, restart it so new parameters are 3982 * loaded. 3983 */ 3984 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3985 hdev->discovery.state == DISCOVERY_STOPPED) { 3986 struct hci_request req; 3987 3988 hci_req_init(&req, hdev); 3989 3990 hci_req_add_le_scan_disable(&req); 3991 hci_req_add_le_passive_scan(&req); 3992 3993 hci_req_run(&req, NULL); 3994 } 3995 3996 hci_dev_unlock(hdev); 3997 3998 return err; 3999 } 4000 4001 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4002 u16 opcode) 4003 { 4004 struct mgmt_pending_cmd *cmd; 4005 4006 BT_DBG("status 0x%02x", status); 4007 4008 hci_dev_lock(hdev); 4009 4010 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4011 if (!cmd) 4012 goto unlock; 4013 4014 if (status) { 4015 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4016 mgmt_status(status)); 4017 } else { 4018 struct mgmt_mode *cp = cmd->param; 4019 4020 if (cp->val) 4021 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4022 else 4023 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4024 4025 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4026 new_settings(hdev, cmd->sk); 4027 } 4028 4029 mgmt_pending_remove(cmd); 4030 4031 unlock: 4032 hci_dev_unlock(hdev); 4033 } 4034 4035 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4036 void *data, u16 len) 4037 { 4038 struct mgmt_mode *cp = data; 4039 struct mgmt_pending_cmd *cmd; 4040 struct hci_request req; 4041 int err; 4042 4043 BT_DBG("%s", hdev->name); 4044 4045 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4046 hdev->hci_ver < BLUETOOTH_VER_1_2) 4047 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4048 MGMT_STATUS_NOT_SUPPORTED); 4049 4050 if (cp->val != 0x00 && cp->val != 0x01) 4051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4052 MGMT_STATUS_INVALID_PARAMS); 4053 4054 hci_dev_lock(hdev); 4055 4056 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4058 MGMT_STATUS_BUSY); 4059 goto unlock; 4060 } 4061 4062 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4063 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4064 hdev); 4065 goto unlock; 4066 } 4067 4068 if (!hdev_is_powered(hdev)) { 4069 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4070 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4071 hdev); 4072 new_settings(hdev, sk); 4073 goto unlock; 4074 } 4075 4076 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4077 data, len); 4078 if (!cmd) { 4079 err = -ENOMEM; 4080 goto unlock; 4081 } 4082 4083 hci_req_init(&req, hdev); 4084 4085 __hci_req_write_fast_connectable(&req, cp->val); 4086 4087 err = hci_req_run(&req, fast_connectable_complete); 4088 if (err < 0) { 4089 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4090 MGMT_STATUS_FAILED); 4091 mgmt_pending_remove(cmd); 4092 } 4093 4094 unlock: 4095 hci_dev_unlock(hdev); 4096 4097 return err; 4098 } 4099 4100 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4101 { 4102 struct mgmt_pending_cmd *cmd; 4103 4104 BT_DBG("status 0x%02x", status); 4105 4106 hci_dev_lock(hdev); 4107 4108 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4109 if (!cmd) 4110 goto unlock; 4111 4112 if (status) { 4113 u8 mgmt_err = mgmt_status(status); 4114 4115 /* We need to restore the flag if related HCI commands 4116 * failed. 4117 */ 4118 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4119 4120 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4121 } else { 4122 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4123 new_settings(hdev, cmd->sk); 4124 } 4125 4126 mgmt_pending_remove(cmd); 4127 4128 unlock: 4129 hci_dev_unlock(hdev); 4130 } 4131 4132 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4133 { 4134 struct mgmt_mode *cp = data; 4135 struct mgmt_pending_cmd *cmd; 4136 struct hci_request req; 4137 int err; 4138 4139 BT_DBG("request for %s", hdev->name); 4140 4141 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4142 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4143 MGMT_STATUS_NOT_SUPPORTED); 4144 4145 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4147 MGMT_STATUS_REJECTED); 4148 4149 if (cp->val != 0x00 && cp->val != 0x01) 4150 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4151 MGMT_STATUS_INVALID_PARAMS); 4152 4153 hci_dev_lock(hdev); 4154 4155 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4156 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4157 goto unlock; 4158 } 4159 4160 if (!hdev_is_powered(hdev)) { 4161 if (!cp->val) { 4162 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4163 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4164 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4165 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4166 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4167 } 4168 4169 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4170 4171 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4172 if (err < 0) 4173 goto unlock; 4174 4175 err = new_settings(hdev, sk); 4176 goto unlock; 4177 } 4178 4179 /* Reject disabling when powered on */ 4180 if (!cp->val) { 4181 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4182 MGMT_STATUS_REJECTED); 4183 goto unlock; 4184 } else { 4185 /* When configuring a dual-mode controller to operate 4186 * with LE only and using a static address, then switching 4187 * BR/EDR back on is not allowed. 4188 * 4189 * Dual-mode controllers shall operate with the public 4190 * address as its identity address for BR/EDR and LE. So 4191 * reject the attempt to create an invalid configuration. 4192 * 4193 * The same restrictions applies when secure connections 4194 * has been enabled. For BR/EDR this is a controller feature 4195 * while for LE it is a host stack feature. This means that 4196 * switching BR/EDR back on when secure connections has been 4197 * enabled is not a supported transaction. 4198 */ 4199 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4200 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4201 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4203 MGMT_STATUS_REJECTED); 4204 goto unlock; 4205 } 4206 } 4207 4208 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4210 MGMT_STATUS_BUSY); 4211 goto unlock; 4212 } 4213 4214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4215 if (!cmd) { 4216 err = -ENOMEM; 4217 goto unlock; 4218 } 4219 4220 /* We need to flip the bit already here so that 4221 * hci_req_update_adv_data generates the correct flags. 4222 */ 4223 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4224 4225 hci_req_init(&req, hdev); 4226 4227 __hci_req_write_fast_connectable(&req, false); 4228 __hci_req_update_scan(&req); 4229 4230 /* Since only the advertising data flags will change, there 4231 * is no need to update the scan response data. 4232 */ 4233 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4234 4235 err = hci_req_run(&req, set_bredr_complete); 4236 if (err < 0) 4237 mgmt_pending_remove(cmd); 4238 4239 unlock: 4240 hci_dev_unlock(hdev); 4241 return err; 4242 } 4243 4244 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4245 { 4246 struct mgmt_pending_cmd *cmd; 4247 struct mgmt_mode *cp; 4248 4249 BT_DBG("%s status %u", hdev->name, status); 4250 4251 hci_dev_lock(hdev); 4252 4253 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4254 if (!cmd) 4255 goto unlock; 4256 4257 if (status) { 4258 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4259 mgmt_status(status)); 4260 goto remove; 4261 } 4262 4263 cp = cmd->param; 4264 4265 switch (cp->val) { 4266 case 0x00: 4267 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4268 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4269 break; 4270 case 0x01: 4271 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4272 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4273 break; 4274 case 0x02: 4275 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4276 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4277 break; 4278 } 4279 4280 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4281 new_settings(hdev, cmd->sk); 4282 4283 remove: 4284 mgmt_pending_remove(cmd); 4285 unlock: 4286 hci_dev_unlock(hdev); 4287 } 4288 4289 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4290 void *data, u16 len) 4291 { 4292 struct mgmt_mode *cp = data; 4293 struct mgmt_pending_cmd *cmd; 4294 struct hci_request req; 4295 u8 val; 4296 int err; 4297 4298 BT_DBG("request for %s", hdev->name); 4299 4300 if (!lmp_sc_capable(hdev) && 4301 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4303 MGMT_STATUS_NOT_SUPPORTED); 4304 4305 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4306 lmp_sc_capable(hdev) && 4307 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4309 MGMT_STATUS_REJECTED); 4310 4311 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4313 MGMT_STATUS_INVALID_PARAMS); 4314 4315 hci_dev_lock(hdev); 4316 4317 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4318 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4319 bool changed; 4320 4321 if (cp->val) { 4322 changed = !hci_dev_test_and_set_flag(hdev, 4323 HCI_SC_ENABLED); 4324 if (cp->val == 0x02) 4325 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4326 else 4327 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4328 } else { 4329 changed = hci_dev_test_and_clear_flag(hdev, 4330 HCI_SC_ENABLED); 4331 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4332 } 4333 4334 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4335 if (err < 0) 4336 goto failed; 4337 4338 if (changed) 4339 err = new_settings(hdev, sk); 4340 4341 goto failed; 4342 } 4343 4344 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4345 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4346 MGMT_STATUS_BUSY); 4347 goto failed; 4348 } 4349 4350 val = !!cp->val; 4351 4352 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4353 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4354 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4355 goto failed; 4356 } 4357 4358 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4359 if (!cmd) { 4360 err = -ENOMEM; 4361 goto failed; 4362 } 4363 4364 hci_req_init(&req, hdev); 4365 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4366 err = hci_req_run(&req, sc_enable_complete); 4367 if (err < 0) { 4368 mgmt_pending_remove(cmd); 4369 goto failed; 4370 } 4371 4372 failed: 4373 hci_dev_unlock(hdev); 4374 return err; 4375 } 4376 4377 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4378 void *data, u16 len) 4379 { 4380 struct mgmt_mode *cp = data; 4381 bool changed, use_changed; 4382 int err; 4383 4384 BT_DBG("request for %s", hdev->name); 4385 4386 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4387 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4388 MGMT_STATUS_INVALID_PARAMS); 4389 4390 hci_dev_lock(hdev); 4391 4392 if (cp->val) 4393 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4394 else 4395 changed = hci_dev_test_and_clear_flag(hdev, 4396 HCI_KEEP_DEBUG_KEYS); 4397 4398 if (cp->val == 0x02) 4399 use_changed = !hci_dev_test_and_set_flag(hdev, 4400 HCI_USE_DEBUG_KEYS); 4401 else 4402 use_changed = hci_dev_test_and_clear_flag(hdev, 4403 HCI_USE_DEBUG_KEYS); 4404 4405 if (hdev_is_powered(hdev) && use_changed && 4406 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4407 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4408 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4409 sizeof(mode), &mode); 4410 } 4411 4412 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4413 if (err < 0) 4414 goto unlock; 4415 4416 if (changed) 4417 err = new_settings(hdev, sk); 4418 4419 unlock: 4420 hci_dev_unlock(hdev); 4421 return err; 4422 } 4423 4424 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4425 u16 len) 4426 { 4427 struct mgmt_cp_set_privacy *cp = cp_data; 4428 bool changed; 4429 int err; 4430 4431 BT_DBG("request for %s", hdev->name); 4432 4433 if (!lmp_le_capable(hdev)) 4434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4435 MGMT_STATUS_NOT_SUPPORTED); 4436 4437 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 4438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4439 MGMT_STATUS_INVALID_PARAMS); 4440 4441 if (hdev_is_powered(hdev)) 4442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4443 MGMT_STATUS_REJECTED); 4444 4445 hci_dev_lock(hdev); 4446 4447 /* If user space supports this command it is also expected to 4448 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4449 */ 4450 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4451 4452 if (cp->privacy) { 4453 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4454 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4455 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4456 if (cp->privacy == 0x02) 4457 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4458 else 4459 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4460 } else { 4461 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4462 memset(hdev->irk, 0, sizeof(hdev->irk)); 4463 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4464 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4465 } 4466 4467 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4468 if (err < 0) 4469 goto unlock; 4470 4471 if (changed) 4472 err = new_settings(hdev, sk); 4473 4474 unlock: 4475 hci_dev_unlock(hdev); 4476 return err; 4477 } 4478 4479 static bool irk_is_valid(struct mgmt_irk_info *irk) 4480 { 4481 switch (irk->addr.type) { 4482 case BDADDR_LE_PUBLIC: 4483 return true; 4484 4485 case BDADDR_LE_RANDOM: 4486 /* Two most significant bits shall be set */ 4487 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4488 return false; 4489 return true; 4490 } 4491 4492 return false; 4493 } 4494 4495 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4496 u16 len) 4497 { 4498 struct mgmt_cp_load_irks *cp = cp_data; 4499 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 4500 sizeof(struct mgmt_irk_info)); 4501 u16 irk_count, expected_len; 4502 int i, err; 4503 4504 BT_DBG("request for %s", hdev->name); 4505 4506 if (!lmp_le_capable(hdev)) 4507 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4508 MGMT_STATUS_NOT_SUPPORTED); 4509 4510 irk_count = __le16_to_cpu(cp->irk_count); 4511 if (irk_count > max_irk_count) { 4512 BT_ERR("load_irks: too big irk_count value %u", irk_count); 4513 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4514 MGMT_STATUS_INVALID_PARAMS); 4515 } 4516 4517 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 4518 if (expected_len != len) { 4519 BT_ERR("load_irks: expected %u bytes, got %u bytes", 4520 expected_len, len); 4521 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4522 MGMT_STATUS_INVALID_PARAMS); 4523 } 4524 4525 BT_DBG("%s irk_count %u", hdev->name, irk_count); 4526 4527 for (i = 0; i < irk_count; i++) { 4528 struct mgmt_irk_info *key = &cp->irks[i]; 4529 4530 if (!irk_is_valid(key)) 4531 return mgmt_cmd_status(sk, hdev->id, 4532 MGMT_OP_LOAD_IRKS, 4533 MGMT_STATUS_INVALID_PARAMS); 4534 } 4535 4536 hci_dev_lock(hdev); 4537 4538 hci_smp_irks_clear(hdev); 4539 4540 for (i = 0; i < irk_count; i++) { 4541 struct mgmt_irk_info *irk = &cp->irks[i]; 4542 4543 hci_add_irk(hdev, &irk->addr.bdaddr, 4544 le_addr_type(irk->addr.type), irk->val, 4545 BDADDR_ANY); 4546 } 4547 4548 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4549 4550 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 4551 4552 hci_dev_unlock(hdev); 4553 4554 return err; 4555 } 4556 4557 static bool ltk_is_valid(struct mgmt_ltk_info *key) 4558 { 4559 if (key->master != 0x00 && key->master != 0x01) 4560 return false; 4561 4562 switch (key->addr.type) { 4563 case BDADDR_LE_PUBLIC: 4564 return true; 4565 4566 case BDADDR_LE_RANDOM: 4567 /* Two most significant bits shall be set */ 4568 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4569 return false; 4570 return true; 4571 } 4572 4573 return false; 4574 } 4575 4576 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 4577 void *cp_data, u16 len) 4578 { 4579 struct mgmt_cp_load_long_term_keys *cp = cp_data; 4580 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 4581 sizeof(struct mgmt_ltk_info)); 4582 u16 key_count, expected_len; 4583 int i, err; 4584 4585 BT_DBG("request for %s", hdev->name); 4586 4587 if (!lmp_le_capable(hdev)) 4588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4589 MGMT_STATUS_NOT_SUPPORTED); 4590 4591 key_count = __le16_to_cpu(cp->key_count); 4592 if (key_count > max_key_count) { 4593 BT_ERR("load_ltks: too big key_count value %u", key_count); 4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4595 MGMT_STATUS_INVALID_PARAMS); 4596 } 4597 4598 expected_len = sizeof(*cp) + key_count * 4599 sizeof(struct mgmt_ltk_info); 4600 if (expected_len != len) { 4601 BT_ERR("load_keys: expected %u bytes, got %u bytes", 4602 expected_len, len); 4603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4604 MGMT_STATUS_INVALID_PARAMS); 4605 } 4606 4607 BT_DBG("%s key_count %u", hdev->name, key_count); 4608 4609 for (i = 0; i < key_count; i++) { 4610 struct mgmt_ltk_info *key = &cp->keys[i]; 4611 4612 if (!ltk_is_valid(key)) 4613 return mgmt_cmd_status(sk, hdev->id, 4614 MGMT_OP_LOAD_LONG_TERM_KEYS, 4615 MGMT_STATUS_INVALID_PARAMS); 4616 } 4617 4618 hci_dev_lock(hdev); 4619 4620 hci_smp_ltks_clear(hdev); 4621 4622 for (i = 0; i < key_count; i++) { 4623 struct mgmt_ltk_info *key = &cp->keys[i]; 4624 u8 type, authenticated; 4625 4626 switch (key->type) { 4627 case MGMT_LTK_UNAUTHENTICATED: 4628 authenticated = 0x00; 4629 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4630 break; 4631 case MGMT_LTK_AUTHENTICATED: 4632 authenticated = 0x01; 4633 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4634 break; 4635 case MGMT_LTK_P256_UNAUTH: 4636 authenticated = 0x00; 4637 type = SMP_LTK_P256; 4638 break; 4639 case MGMT_LTK_P256_AUTH: 4640 authenticated = 0x01; 4641 type = SMP_LTK_P256; 4642 break; 4643 case MGMT_LTK_P256_DEBUG: 4644 authenticated = 0x00; 4645 type = SMP_LTK_P256_DEBUG; 4646 default: 4647 continue; 4648 } 4649 4650 hci_add_ltk(hdev, &key->addr.bdaddr, 4651 le_addr_type(key->addr.type), type, authenticated, 4652 key->val, key->enc_size, key->ediv, key->rand); 4653 } 4654 4655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 4656 NULL, 0); 4657 4658 hci_dev_unlock(hdev); 4659 4660 return err; 4661 } 4662 4663 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4664 { 4665 struct hci_conn *conn = cmd->user_data; 4666 struct mgmt_rp_get_conn_info rp; 4667 int err; 4668 4669 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 4670 4671 if (status == MGMT_STATUS_SUCCESS) { 4672 rp.rssi = conn->rssi; 4673 rp.tx_power = conn->tx_power; 4674 rp.max_tx_power = conn->max_tx_power; 4675 } else { 4676 rp.rssi = HCI_RSSI_INVALID; 4677 rp.tx_power = HCI_TX_POWER_INVALID; 4678 rp.max_tx_power = HCI_TX_POWER_INVALID; 4679 } 4680 4681 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4682 status, &rp, sizeof(rp)); 4683 4684 hci_conn_drop(conn); 4685 hci_conn_put(conn); 4686 4687 return err; 4688 } 4689 4690 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 4691 u16 opcode) 4692 { 4693 struct hci_cp_read_rssi *cp; 4694 struct mgmt_pending_cmd *cmd; 4695 struct hci_conn *conn; 4696 u16 handle; 4697 u8 status; 4698 4699 BT_DBG("status 0x%02x", hci_status); 4700 4701 hci_dev_lock(hdev); 4702 4703 /* Commands sent in request are either Read RSSI or Read Transmit Power 4704 * Level so we check which one was last sent to retrieve connection 4705 * handle. Both commands have handle as first parameter so it's safe to 4706 * cast data on the same command struct. 4707 * 4708 * First command sent is always Read RSSI and we fail only if it fails. 4709 * In other case we simply override error to indicate success as we 4710 * already remembered if TX power value is actually valid. 4711 */ 4712 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4713 if (!cp) { 4714 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4715 status = MGMT_STATUS_SUCCESS; 4716 } else { 4717 status = mgmt_status(hci_status); 4718 } 4719 4720 if (!cp) { 4721 BT_ERR("invalid sent_cmd in conn_info response"); 4722 goto unlock; 4723 } 4724 4725 handle = __le16_to_cpu(cp->handle); 4726 conn = hci_conn_hash_lookup_handle(hdev, handle); 4727 if (!conn) { 4728 BT_ERR("unknown handle (%d) in conn_info response", handle); 4729 goto unlock; 4730 } 4731 4732 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 4733 if (!cmd) 4734 goto unlock; 4735 4736 cmd->cmd_complete(cmd, status); 4737 mgmt_pending_remove(cmd); 4738 4739 unlock: 4740 hci_dev_unlock(hdev); 4741 } 4742 4743 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4744 u16 len) 4745 { 4746 struct mgmt_cp_get_conn_info *cp = data; 4747 struct mgmt_rp_get_conn_info rp; 4748 struct hci_conn *conn; 4749 unsigned long conn_info_age; 4750 int err = 0; 4751 4752 BT_DBG("%s", hdev->name); 4753 4754 memset(&rp, 0, sizeof(rp)); 4755 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4756 rp.addr.type = cp->addr.type; 4757 4758 if (!bdaddr_type_is_valid(cp->addr.type)) 4759 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4760 MGMT_STATUS_INVALID_PARAMS, 4761 &rp, sizeof(rp)); 4762 4763 hci_dev_lock(hdev); 4764 4765 if (!hdev_is_powered(hdev)) { 4766 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4767 MGMT_STATUS_NOT_POWERED, &rp, 4768 sizeof(rp)); 4769 goto unlock; 4770 } 4771 4772 if (cp->addr.type == BDADDR_BREDR) 4773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4774 &cp->addr.bdaddr); 4775 else 4776 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4777 4778 if (!conn || conn->state != BT_CONNECTED) { 4779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4780 MGMT_STATUS_NOT_CONNECTED, &rp, 4781 sizeof(rp)); 4782 goto unlock; 4783 } 4784 4785 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 4786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4787 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 4788 goto unlock; 4789 } 4790 4791 /* To avoid client trying to guess when to poll again for information we 4792 * calculate conn info age as random value between min/max set in hdev. 4793 */ 4794 conn_info_age = hdev->conn_info_min_age + 4795 prandom_u32_max(hdev->conn_info_max_age - 4796 hdev->conn_info_min_age); 4797 4798 /* Query controller to refresh cached values if they are too old or were 4799 * never read. 4800 */ 4801 if (time_after(jiffies, conn->conn_info_timestamp + 4802 msecs_to_jiffies(conn_info_age)) || 4803 !conn->conn_info_timestamp) { 4804 struct hci_request req; 4805 struct hci_cp_read_tx_power req_txp_cp; 4806 struct hci_cp_read_rssi req_rssi_cp; 4807 struct mgmt_pending_cmd *cmd; 4808 4809 hci_req_init(&req, hdev); 4810 req_rssi_cp.handle = cpu_to_le16(conn->handle); 4811 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4812 &req_rssi_cp); 4813 4814 /* For LE links TX power does not change thus we don't need to 4815 * query for it once value is known. 4816 */ 4817 if (!bdaddr_type_is_le(cp->addr.type) || 4818 conn->tx_power == HCI_TX_POWER_INVALID) { 4819 req_txp_cp.handle = cpu_to_le16(conn->handle); 4820 req_txp_cp.type = 0x00; 4821 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4822 sizeof(req_txp_cp), &req_txp_cp); 4823 } 4824 4825 /* Max TX power needs to be read only once per connection */ 4826 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4827 req_txp_cp.handle = cpu_to_le16(conn->handle); 4828 req_txp_cp.type = 0x01; 4829 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4830 sizeof(req_txp_cp), &req_txp_cp); 4831 } 4832 4833 err = hci_req_run(&req, conn_info_refresh_complete); 4834 if (err < 0) 4835 goto unlock; 4836 4837 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4838 data, len); 4839 if (!cmd) { 4840 err = -ENOMEM; 4841 goto unlock; 4842 } 4843 4844 hci_conn_hold(conn); 4845 cmd->user_data = hci_conn_get(conn); 4846 cmd->cmd_complete = conn_info_cmd_complete; 4847 4848 conn->conn_info_timestamp = jiffies; 4849 } else { 4850 /* Cache is valid, just reply with values cached in hci_conn */ 4851 rp.rssi = conn->rssi; 4852 rp.tx_power = conn->tx_power; 4853 rp.max_tx_power = conn->max_tx_power; 4854 4855 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4856 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4857 } 4858 4859 unlock: 4860 hci_dev_unlock(hdev); 4861 return err; 4862 } 4863 4864 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4865 { 4866 struct hci_conn *conn = cmd->user_data; 4867 struct mgmt_rp_get_clock_info rp; 4868 struct hci_dev *hdev; 4869 int err; 4870 4871 memset(&rp, 0, sizeof(rp)); 4872 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr)); 4873 4874 if (status) 4875 goto complete; 4876 4877 hdev = hci_dev_get(cmd->index); 4878 if (hdev) { 4879 rp.local_clock = cpu_to_le32(hdev->clock); 4880 hci_dev_put(hdev); 4881 } 4882 4883 if (conn) { 4884 rp.piconet_clock = cpu_to_le32(conn->clock); 4885 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 4886 } 4887 4888 complete: 4889 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 4890 sizeof(rp)); 4891 4892 if (conn) { 4893 hci_conn_drop(conn); 4894 hci_conn_put(conn); 4895 } 4896 4897 return err; 4898 } 4899 4900 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4901 { 4902 struct hci_cp_read_clock *hci_cp; 4903 struct mgmt_pending_cmd *cmd; 4904 struct hci_conn *conn; 4905 4906 BT_DBG("%s status %u", hdev->name, status); 4907 4908 hci_dev_lock(hdev); 4909 4910 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 4911 if (!hci_cp) 4912 goto unlock; 4913 4914 if (hci_cp->which) { 4915 u16 handle = __le16_to_cpu(hci_cp->handle); 4916 conn = hci_conn_hash_lookup_handle(hdev, handle); 4917 } else { 4918 conn = NULL; 4919 } 4920 4921 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 4922 if (!cmd) 4923 goto unlock; 4924 4925 cmd->cmd_complete(cmd, mgmt_status(status)); 4926 mgmt_pending_remove(cmd); 4927 4928 unlock: 4929 hci_dev_unlock(hdev); 4930 } 4931 4932 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 4933 u16 len) 4934 { 4935 struct mgmt_cp_get_clock_info *cp = data; 4936 struct mgmt_rp_get_clock_info rp; 4937 struct hci_cp_read_clock hci_cp; 4938 struct mgmt_pending_cmd *cmd; 4939 struct hci_request req; 4940 struct hci_conn *conn; 4941 int err; 4942 4943 BT_DBG("%s", hdev->name); 4944 4945 memset(&rp, 0, sizeof(rp)); 4946 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4947 rp.addr.type = cp->addr.type; 4948 4949 if (cp->addr.type != BDADDR_BREDR) 4950 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4951 MGMT_STATUS_INVALID_PARAMS, 4952 &rp, sizeof(rp)); 4953 4954 hci_dev_lock(hdev); 4955 4956 if (!hdev_is_powered(hdev)) { 4957 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4958 MGMT_STATUS_NOT_POWERED, &rp, 4959 sizeof(rp)); 4960 goto unlock; 4961 } 4962 4963 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 4964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4965 &cp->addr.bdaddr); 4966 if (!conn || conn->state != BT_CONNECTED) { 4967 err = mgmt_cmd_complete(sk, hdev->id, 4968 MGMT_OP_GET_CLOCK_INFO, 4969 MGMT_STATUS_NOT_CONNECTED, 4970 &rp, sizeof(rp)); 4971 goto unlock; 4972 } 4973 } else { 4974 conn = NULL; 4975 } 4976 4977 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 4978 if (!cmd) { 4979 err = -ENOMEM; 4980 goto unlock; 4981 } 4982 4983 cmd->cmd_complete = clock_info_cmd_complete; 4984 4985 hci_req_init(&req, hdev); 4986 4987 memset(&hci_cp, 0, sizeof(hci_cp)); 4988 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4989 4990 if (conn) { 4991 hci_conn_hold(conn); 4992 cmd->user_data = hci_conn_get(conn); 4993 4994 hci_cp.handle = cpu_to_le16(conn->handle); 4995 hci_cp.which = 0x01; /* Piconet clock */ 4996 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4997 } 4998 4999 err = hci_req_run(&req, get_clock_info_complete); 5000 if (err < 0) 5001 mgmt_pending_remove(cmd); 5002 5003 unlock: 5004 hci_dev_unlock(hdev); 5005 return err; 5006 } 5007 5008 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5009 { 5010 struct hci_conn *conn; 5011 5012 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5013 if (!conn) 5014 return false; 5015 5016 if (conn->dst_type != type) 5017 return false; 5018 5019 if (conn->state != BT_CONNECTED) 5020 return false; 5021 5022 return true; 5023 } 5024 5025 /* This function requires the caller holds hdev->lock */ 5026 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5027 u8 addr_type, u8 auto_connect) 5028 { 5029 struct hci_conn_params *params; 5030 5031 params = hci_conn_params_add(hdev, addr, addr_type); 5032 if (!params) 5033 return -EIO; 5034 5035 if (params->auto_connect == auto_connect) 5036 return 0; 5037 5038 list_del_init(¶ms->action); 5039 5040 switch (auto_connect) { 5041 case HCI_AUTO_CONN_DISABLED: 5042 case HCI_AUTO_CONN_LINK_LOSS: 5043 /* If auto connect is being disabled when we're trying to 5044 * connect to device, keep connecting. 5045 */ 5046 if (params->explicit_connect) 5047 list_add(¶ms->action, &hdev->pend_le_conns); 5048 break; 5049 case HCI_AUTO_CONN_REPORT: 5050 if (params->explicit_connect) 5051 list_add(¶ms->action, &hdev->pend_le_conns); 5052 else 5053 list_add(¶ms->action, &hdev->pend_le_reports); 5054 break; 5055 case HCI_AUTO_CONN_DIRECT: 5056 case HCI_AUTO_CONN_ALWAYS: 5057 if (!is_connected(hdev, addr, addr_type)) 5058 list_add(¶ms->action, &hdev->pend_le_conns); 5059 break; 5060 } 5061 5062 params->auto_connect = auto_connect; 5063 5064 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5065 auto_connect); 5066 5067 return 0; 5068 } 5069 5070 static void device_added(struct sock *sk, struct hci_dev *hdev, 5071 bdaddr_t *bdaddr, u8 type, u8 action) 5072 { 5073 struct mgmt_ev_device_added ev; 5074 5075 bacpy(&ev.addr.bdaddr, bdaddr); 5076 ev.addr.type = type; 5077 ev.action = action; 5078 5079 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5080 } 5081 5082 static int add_device(struct sock *sk, struct hci_dev *hdev, 5083 void *data, u16 len) 5084 { 5085 struct mgmt_cp_add_device *cp = data; 5086 u8 auto_conn, addr_type; 5087 int err; 5088 5089 BT_DBG("%s", hdev->name); 5090 5091 if (!bdaddr_type_is_valid(cp->addr.type) || 5092 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5093 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5094 MGMT_STATUS_INVALID_PARAMS, 5095 &cp->addr, sizeof(cp->addr)); 5096 5097 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5098 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5099 MGMT_STATUS_INVALID_PARAMS, 5100 &cp->addr, sizeof(cp->addr)); 5101 5102 hci_dev_lock(hdev); 5103 5104 if (cp->addr.type == BDADDR_BREDR) { 5105 /* Only incoming connections action is supported for now */ 5106 if (cp->action != 0x01) { 5107 err = mgmt_cmd_complete(sk, hdev->id, 5108 MGMT_OP_ADD_DEVICE, 5109 MGMT_STATUS_INVALID_PARAMS, 5110 &cp->addr, sizeof(cp->addr)); 5111 goto unlock; 5112 } 5113 5114 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5115 cp->addr.type); 5116 if (err) 5117 goto unlock; 5118 5119 hci_req_update_scan(hdev); 5120 5121 goto added; 5122 } 5123 5124 addr_type = le_addr_type(cp->addr.type); 5125 5126 if (cp->action == 0x02) 5127 auto_conn = HCI_AUTO_CONN_ALWAYS; 5128 else if (cp->action == 0x01) 5129 auto_conn = HCI_AUTO_CONN_DIRECT; 5130 else 5131 auto_conn = HCI_AUTO_CONN_REPORT; 5132 5133 /* Kernel internally uses conn_params with resolvable private 5134 * address, but Add Device allows only identity addresses. 5135 * Make sure it is enforced before calling 5136 * hci_conn_params_lookup. 5137 */ 5138 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5139 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5140 MGMT_STATUS_INVALID_PARAMS, 5141 &cp->addr, sizeof(cp->addr)); 5142 goto unlock; 5143 } 5144 5145 /* If the connection parameters don't exist for this device, 5146 * they will be created and configured with defaults. 5147 */ 5148 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5149 auto_conn) < 0) { 5150 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5151 MGMT_STATUS_FAILED, &cp->addr, 5152 sizeof(cp->addr)); 5153 goto unlock; 5154 } 5155 5156 hci_update_background_scan(hdev); 5157 5158 added: 5159 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5160 5161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5162 MGMT_STATUS_SUCCESS, &cp->addr, 5163 sizeof(cp->addr)); 5164 5165 unlock: 5166 hci_dev_unlock(hdev); 5167 return err; 5168 } 5169 5170 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5171 bdaddr_t *bdaddr, u8 type) 5172 { 5173 struct mgmt_ev_device_removed ev; 5174 5175 bacpy(&ev.addr.bdaddr, bdaddr); 5176 ev.addr.type = type; 5177 5178 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5179 } 5180 5181 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5182 void *data, u16 len) 5183 { 5184 struct mgmt_cp_remove_device *cp = data; 5185 int err; 5186 5187 BT_DBG("%s", hdev->name); 5188 5189 hci_dev_lock(hdev); 5190 5191 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5192 struct hci_conn_params *params; 5193 u8 addr_type; 5194 5195 if (!bdaddr_type_is_valid(cp->addr.type)) { 5196 err = mgmt_cmd_complete(sk, hdev->id, 5197 MGMT_OP_REMOVE_DEVICE, 5198 MGMT_STATUS_INVALID_PARAMS, 5199 &cp->addr, sizeof(cp->addr)); 5200 goto unlock; 5201 } 5202 5203 if (cp->addr.type == BDADDR_BREDR) { 5204 err = hci_bdaddr_list_del(&hdev->whitelist, 5205 &cp->addr.bdaddr, 5206 cp->addr.type); 5207 if (err) { 5208 err = mgmt_cmd_complete(sk, hdev->id, 5209 MGMT_OP_REMOVE_DEVICE, 5210 MGMT_STATUS_INVALID_PARAMS, 5211 &cp->addr, 5212 sizeof(cp->addr)); 5213 goto unlock; 5214 } 5215 5216 hci_req_update_scan(hdev); 5217 5218 device_removed(sk, hdev, &cp->addr.bdaddr, 5219 cp->addr.type); 5220 goto complete; 5221 } 5222 5223 addr_type = le_addr_type(cp->addr.type); 5224 5225 /* Kernel internally uses conn_params with resolvable private 5226 * address, but Remove Device allows only identity addresses. 5227 * Make sure it is enforced before calling 5228 * hci_conn_params_lookup. 5229 */ 5230 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5231 err = mgmt_cmd_complete(sk, hdev->id, 5232 MGMT_OP_REMOVE_DEVICE, 5233 MGMT_STATUS_INVALID_PARAMS, 5234 &cp->addr, sizeof(cp->addr)); 5235 goto unlock; 5236 } 5237 5238 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5239 addr_type); 5240 if (!params) { 5241 err = mgmt_cmd_complete(sk, hdev->id, 5242 MGMT_OP_REMOVE_DEVICE, 5243 MGMT_STATUS_INVALID_PARAMS, 5244 &cp->addr, sizeof(cp->addr)); 5245 goto unlock; 5246 } 5247 5248 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5249 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5250 err = mgmt_cmd_complete(sk, hdev->id, 5251 MGMT_OP_REMOVE_DEVICE, 5252 MGMT_STATUS_INVALID_PARAMS, 5253 &cp->addr, sizeof(cp->addr)); 5254 goto unlock; 5255 } 5256 5257 list_del(¶ms->action); 5258 list_del(¶ms->list); 5259 kfree(params); 5260 hci_update_background_scan(hdev); 5261 5262 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5263 } else { 5264 struct hci_conn_params *p, *tmp; 5265 struct bdaddr_list *b, *btmp; 5266 5267 if (cp->addr.type) { 5268 err = mgmt_cmd_complete(sk, hdev->id, 5269 MGMT_OP_REMOVE_DEVICE, 5270 MGMT_STATUS_INVALID_PARAMS, 5271 &cp->addr, sizeof(cp->addr)); 5272 goto unlock; 5273 } 5274 5275 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5276 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5277 list_del(&b->list); 5278 kfree(b); 5279 } 5280 5281 hci_req_update_scan(hdev); 5282 5283 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5284 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5285 continue; 5286 device_removed(sk, hdev, &p->addr, p->addr_type); 5287 if (p->explicit_connect) { 5288 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5289 continue; 5290 } 5291 list_del(&p->action); 5292 list_del(&p->list); 5293 kfree(p); 5294 } 5295 5296 BT_DBG("All LE connection parameters were removed"); 5297 5298 hci_update_background_scan(hdev); 5299 } 5300 5301 complete: 5302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5303 MGMT_STATUS_SUCCESS, &cp->addr, 5304 sizeof(cp->addr)); 5305 unlock: 5306 hci_dev_unlock(hdev); 5307 return err; 5308 } 5309 5310 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5311 u16 len) 5312 { 5313 struct mgmt_cp_load_conn_param *cp = data; 5314 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5315 sizeof(struct mgmt_conn_param)); 5316 u16 param_count, expected_len; 5317 int i; 5318 5319 if (!lmp_le_capable(hdev)) 5320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5321 MGMT_STATUS_NOT_SUPPORTED); 5322 5323 param_count = __le16_to_cpu(cp->param_count); 5324 if (param_count > max_param_count) { 5325 BT_ERR("load_conn_param: too big param_count value %u", 5326 param_count); 5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5328 MGMT_STATUS_INVALID_PARAMS); 5329 } 5330 5331 expected_len = sizeof(*cp) + param_count * 5332 sizeof(struct mgmt_conn_param); 5333 if (expected_len != len) { 5334 BT_ERR("load_conn_param: expected %u bytes, got %u bytes", 5335 expected_len, len); 5336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5337 MGMT_STATUS_INVALID_PARAMS); 5338 } 5339 5340 BT_DBG("%s param_count %u", hdev->name, param_count); 5341 5342 hci_dev_lock(hdev); 5343 5344 hci_conn_params_clear_disabled(hdev); 5345 5346 for (i = 0; i < param_count; i++) { 5347 struct mgmt_conn_param *param = &cp->params[i]; 5348 struct hci_conn_params *hci_param; 5349 u16 min, max, latency, timeout; 5350 u8 addr_type; 5351 5352 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5353 param->addr.type); 5354 5355 if (param->addr.type == BDADDR_LE_PUBLIC) { 5356 addr_type = ADDR_LE_DEV_PUBLIC; 5357 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5358 addr_type = ADDR_LE_DEV_RANDOM; 5359 } else { 5360 BT_ERR("Ignoring invalid connection parameters"); 5361 continue; 5362 } 5363 5364 min = le16_to_cpu(param->min_interval); 5365 max = le16_to_cpu(param->max_interval); 5366 latency = le16_to_cpu(param->latency); 5367 timeout = le16_to_cpu(param->timeout); 5368 5369 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5370 min, max, latency, timeout); 5371 5372 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5373 BT_ERR("Ignoring invalid connection parameters"); 5374 continue; 5375 } 5376 5377 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5378 addr_type); 5379 if (!hci_param) { 5380 BT_ERR("Failed to add connection parameters"); 5381 continue; 5382 } 5383 5384 hci_param->conn_min_interval = min; 5385 hci_param->conn_max_interval = max; 5386 hci_param->conn_latency = latency; 5387 hci_param->supervision_timeout = timeout; 5388 } 5389 5390 hci_dev_unlock(hdev); 5391 5392 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5393 NULL, 0); 5394 } 5395 5396 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5397 void *data, u16 len) 5398 { 5399 struct mgmt_cp_set_external_config *cp = data; 5400 bool changed; 5401 int err; 5402 5403 BT_DBG("%s", hdev->name); 5404 5405 if (hdev_is_powered(hdev)) 5406 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5407 MGMT_STATUS_REJECTED); 5408 5409 if (cp->config != 0x00 && cp->config != 0x01) 5410 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5411 MGMT_STATUS_INVALID_PARAMS); 5412 5413 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5415 MGMT_STATUS_NOT_SUPPORTED); 5416 5417 hci_dev_lock(hdev); 5418 5419 if (cp->config) 5420 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5421 else 5422 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5423 5424 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5425 if (err < 0) 5426 goto unlock; 5427 5428 if (!changed) 5429 goto unlock; 5430 5431 err = new_options(hdev, sk); 5432 5433 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5434 mgmt_index_removed(hdev); 5435 5436 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5437 hci_dev_set_flag(hdev, HCI_CONFIG); 5438 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5439 5440 queue_work(hdev->req_workqueue, &hdev->power_on); 5441 } else { 5442 set_bit(HCI_RAW, &hdev->flags); 5443 mgmt_index_added(hdev); 5444 } 5445 } 5446 5447 unlock: 5448 hci_dev_unlock(hdev); 5449 return err; 5450 } 5451 5452 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5453 void *data, u16 len) 5454 { 5455 struct mgmt_cp_set_public_address *cp = data; 5456 bool changed; 5457 int err; 5458 5459 BT_DBG("%s", hdev->name); 5460 5461 if (hdev_is_powered(hdev)) 5462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5463 MGMT_STATUS_REJECTED); 5464 5465 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5467 MGMT_STATUS_INVALID_PARAMS); 5468 5469 if (!hdev->set_bdaddr) 5470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5471 MGMT_STATUS_NOT_SUPPORTED); 5472 5473 hci_dev_lock(hdev); 5474 5475 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5476 bacpy(&hdev->public_addr, &cp->bdaddr); 5477 5478 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 5479 if (err < 0) 5480 goto unlock; 5481 5482 if (!changed) 5483 goto unlock; 5484 5485 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 5486 err = new_options(hdev, sk); 5487 5488 if (is_configured(hdev)) { 5489 mgmt_index_removed(hdev); 5490 5491 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 5492 5493 hci_dev_set_flag(hdev, HCI_CONFIG); 5494 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5495 5496 queue_work(hdev->req_workqueue, &hdev->power_on); 5497 } 5498 5499 unlock: 5500 hci_dev_unlock(hdev); 5501 return err; 5502 } 5503 5504 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, 5505 u8 data_len) 5506 { 5507 eir[eir_len++] = sizeof(type) + data_len; 5508 eir[eir_len++] = type; 5509 memcpy(&eir[eir_len], data, data_len); 5510 eir_len += data_len; 5511 5512 return eir_len; 5513 } 5514 5515 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 5516 u16 opcode, struct sk_buff *skb) 5517 { 5518 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 5519 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 5520 u8 *h192, *r192, *h256, *r256; 5521 struct mgmt_pending_cmd *cmd; 5522 u16 eir_len; 5523 int err; 5524 5525 BT_DBG("%s status %u", hdev->name, status); 5526 5527 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 5528 if (!cmd) 5529 return; 5530 5531 mgmt_cp = cmd->param; 5532 5533 if (status) { 5534 status = mgmt_status(status); 5535 eir_len = 0; 5536 5537 h192 = NULL; 5538 r192 = NULL; 5539 h256 = NULL; 5540 r256 = NULL; 5541 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 5542 struct hci_rp_read_local_oob_data *rp; 5543 5544 if (skb->len != sizeof(*rp)) { 5545 status = MGMT_STATUS_FAILED; 5546 eir_len = 0; 5547 } else { 5548 status = MGMT_STATUS_SUCCESS; 5549 rp = (void *)skb->data; 5550 5551 eir_len = 5 + 18 + 18; 5552 h192 = rp->hash; 5553 r192 = rp->rand; 5554 h256 = NULL; 5555 r256 = NULL; 5556 } 5557 } else { 5558 struct hci_rp_read_local_oob_ext_data *rp; 5559 5560 if (skb->len != sizeof(*rp)) { 5561 status = MGMT_STATUS_FAILED; 5562 eir_len = 0; 5563 } else { 5564 status = MGMT_STATUS_SUCCESS; 5565 rp = (void *)skb->data; 5566 5567 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 5568 eir_len = 5 + 18 + 18; 5569 h192 = NULL; 5570 r192 = NULL; 5571 } else { 5572 eir_len = 5 + 18 + 18 + 18 + 18; 5573 h192 = rp->hash192; 5574 r192 = rp->rand192; 5575 } 5576 5577 h256 = rp->hash256; 5578 r256 = rp->rand256; 5579 } 5580 } 5581 5582 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 5583 if (!mgmt_rp) 5584 goto done; 5585 5586 if (status) 5587 goto send_rsp; 5588 5589 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 5590 hdev->dev_class, 3); 5591 5592 if (h192 && r192) { 5593 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5594 EIR_SSP_HASH_C192, h192, 16); 5595 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5596 EIR_SSP_RAND_R192, r192, 16); 5597 } 5598 5599 if (h256 && r256) { 5600 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5601 EIR_SSP_HASH_C256, h256, 16); 5602 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5603 EIR_SSP_RAND_R256, r256, 16); 5604 } 5605 5606 send_rsp: 5607 mgmt_rp->type = mgmt_cp->type; 5608 mgmt_rp->eir_len = cpu_to_le16(eir_len); 5609 5610 err = mgmt_cmd_complete(cmd->sk, hdev->id, 5611 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 5612 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 5613 if (err < 0 || status) 5614 goto done; 5615 5616 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 5617 5618 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5619 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 5620 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 5621 done: 5622 kfree(mgmt_rp); 5623 mgmt_pending_remove(cmd); 5624 } 5625 5626 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 5627 struct mgmt_cp_read_local_oob_ext_data *cp) 5628 { 5629 struct mgmt_pending_cmd *cmd; 5630 struct hci_request req; 5631 int err; 5632 5633 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 5634 cp, sizeof(*cp)); 5635 if (!cmd) 5636 return -ENOMEM; 5637 5638 hci_req_init(&req, hdev); 5639 5640 if (bredr_sc_enabled(hdev)) 5641 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 5642 else 5643 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 5644 5645 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 5646 if (err < 0) { 5647 mgmt_pending_remove(cmd); 5648 return err; 5649 } 5650 5651 return 0; 5652 } 5653 5654 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 5655 void *data, u16 data_len) 5656 { 5657 struct mgmt_cp_read_local_oob_ext_data *cp = data; 5658 struct mgmt_rp_read_local_oob_ext_data *rp; 5659 size_t rp_len; 5660 u16 eir_len; 5661 u8 status, flags, role, addr[7], hash[16], rand[16]; 5662 int err; 5663 5664 BT_DBG("%s", hdev->name); 5665 5666 if (hdev_is_powered(hdev)) { 5667 switch (cp->type) { 5668 case BIT(BDADDR_BREDR): 5669 status = mgmt_bredr_support(hdev); 5670 if (status) 5671 eir_len = 0; 5672 else 5673 eir_len = 5; 5674 break; 5675 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5676 status = mgmt_le_support(hdev); 5677 if (status) 5678 eir_len = 0; 5679 else 5680 eir_len = 9 + 3 + 18 + 18 + 3; 5681 break; 5682 default: 5683 status = MGMT_STATUS_INVALID_PARAMS; 5684 eir_len = 0; 5685 break; 5686 } 5687 } else { 5688 status = MGMT_STATUS_NOT_POWERED; 5689 eir_len = 0; 5690 } 5691 5692 rp_len = sizeof(*rp) + eir_len; 5693 rp = kmalloc(rp_len, GFP_ATOMIC); 5694 if (!rp) 5695 return -ENOMEM; 5696 5697 if (status) 5698 goto complete; 5699 5700 hci_dev_lock(hdev); 5701 5702 eir_len = 0; 5703 switch (cp->type) { 5704 case BIT(BDADDR_BREDR): 5705 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 5706 err = read_local_ssp_oob_req(hdev, sk, cp); 5707 hci_dev_unlock(hdev); 5708 if (!err) 5709 goto done; 5710 5711 status = MGMT_STATUS_FAILED; 5712 goto complete; 5713 } else { 5714 eir_len = eir_append_data(rp->eir, eir_len, 5715 EIR_CLASS_OF_DEV, 5716 hdev->dev_class, 3); 5717 } 5718 break; 5719 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5720 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 5721 smp_generate_oob(hdev, hash, rand) < 0) { 5722 hci_dev_unlock(hdev); 5723 status = MGMT_STATUS_FAILED; 5724 goto complete; 5725 } 5726 5727 /* This should return the active RPA, but since the RPA 5728 * is only programmed on demand, it is really hard to fill 5729 * this in at the moment. For now disallow retrieving 5730 * local out-of-band data when privacy is in use. 5731 * 5732 * Returning the identity address will not help here since 5733 * pairing happens before the identity resolving key is 5734 * known and thus the connection establishment happens 5735 * based on the RPA and not the identity address. 5736 */ 5737 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 5738 hci_dev_unlock(hdev); 5739 status = MGMT_STATUS_REJECTED; 5740 goto complete; 5741 } 5742 5743 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 5744 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 5745 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5746 bacmp(&hdev->static_addr, BDADDR_ANY))) { 5747 memcpy(addr, &hdev->static_addr, 6); 5748 addr[6] = 0x01; 5749 } else { 5750 memcpy(addr, &hdev->bdaddr, 6); 5751 addr[6] = 0x00; 5752 } 5753 5754 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 5755 addr, sizeof(addr)); 5756 5757 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 5758 role = 0x02; 5759 else 5760 role = 0x01; 5761 5762 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 5763 &role, sizeof(role)); 5764 5765 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 5766 eir_len = eir_append_data(rp->eir, eir_len, 5767 EIR_LE_SC_CONFIRM, 5768 hash, sizeof(hash)); 5769 5770 eir_len = eir_append_data(rp->eir, eir_len, 5771 EIR_LE_SC_RANDOM, 5772 rand, sizeof(rand)); 5773 } 5774 5775 flags = mgmt_get_adv_discov_flags(hdev); 5776 5777 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 5778 flags |= LE_AD_NO_BREDR; 5779 5780 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 5781 &flags, sizeof(flags)); 5782 break; 5783 } 5784 5785 hci_dev_unlock(hdev); 5786 5787 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 5788 5789 status = MGMT_STATUS_SUCCESS; 5790 5791 complete: 5792 rp->type = cp->type; 5793 rp->eir_len = cpu_to_le16(eir_len); 5794 5795 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 5796 status, rp, sizeof(*rp) + eir_len); 5797 if (err < 0 || status) 5798 goto done; 5799 5800 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5801 rp, sizeof(*rp) + eir_len, 5802 HCI_MGMT_OOB_DATA_EVENTS, sk); 5803 5804 done: 5805 kfree(rp); 5806 5807 return err; 5808 } 5809 5810 static u32 get_supported_adv_flags(struct hci_dev *hdev) 5811 { 5812 u32 flags = 0; 5813 5814 flags |= MGMT_ADV_FLAG_CONNECTABLE; 5815 flags |= MGMT_ADV_FLAG_DISCOV; 5816 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 5817 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 5818 5819 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) 5820 flags |= MGMT_ADV_FLAG_TX_POWER; 5821 5822 return flags; 5823 } 5824 5825 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 5826 void *data, u16 data_len) 5827 { 5828 struct mgmt_rp_read_adv_features *rp; 5829 size_t rp_len; 5830 int err; 5831 struct adv_info *adv_instance; 5832 u32 supported_flags; 5833 u8 *instance; 5834 5835 BT_DBG("%s", hdev->name); 5836 5837 if (!lmp_le_capable(hdev)) 5838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5839 MGMT_STATUS_REJECTED); 5840 5841 hci_dev_lock(hdev); 5842 5843 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 5844 rp = kmalloc(rp_len, GFP_ATOMIC); 5845 if (!rp) { 5846 hci_dev_unlock(hdev); 5847 return -ENOMEM; 5848 } 5849 5850 supported_flags = get_supported_adv_flags(hdev); 5851 5852 rp->supported_flags = cpu_to_le32(supported_flags); 5853 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 5854 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 5855 rp->max_instances = HCI_MAX_ADV_INSTANCES; 5856 rp->num_instances = hdev->adv_instance_cnt; 5857 5858 instance = rp->instance; 5859 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 5860 *instance = adv_instance->instance; 5861 instance++; 5862 } 5863 5864 hci_dev_unlock(hdev); 5865 5866 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5867 MGMT_STATUS_SUCCESS, rp, rp_len); 5868 5869 kfree(rp); 5870 5871 return err; 5872 } 5873 5874 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 5875 u8 len, bool is_adv_data) 5876 { 5877 u8 max_len = HCI_MAX_AD_LENGTH; 5878 int i, cur_len; 5879 bool flags_managed = false; 5880 bool tx_power_managed = false; 5881 5882 if (is_adv_data) { 5883 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 5884 MGMT_ADV_FLAG_LIMITED_DISCOV | 5885 MGMT_ADV_FLAG_MANAGED_FLAGS)) { 5886 flags_managed = true; 5887 max_len -= 3; 5888 } 5889 5890 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) { 5891 tx_power_managed = true; 5892 max_len -= 3; 5893 } 5894 } 5895 5896 if (len > max_len) 5897 return false; 5898 5899 /* Make sure that the data is correctly formatted. */ 5900 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 5901 cur_len = data[i]; 5902 5903 if (flags_managed && data[i + 1] == EIR_FLAGS) 5904 return false; 5905 5906 if (tx_power_managed && data[i + 1] == EIR_TX_POWER) 5907 return false; 5908 5909 /* If the current field length would exceed the total data 5910 * length, then it's invalid. 5911 */ 5912 if (i + cur_len >= len) 5913 return false; 5914 } 5915 5916 return true; 5917 } 5918 5919 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 5920 u16 opcode) 5921 { 5922 struct mgmt_pending_cmd *cmd; 5923 struct mgmt_cp_add_advertising *cp; 5924 struct mgmt_rp_add_advertising rp; 5925 struct adv_info *adv_instance, *n; 5926 u8 instance; 5927 5928 BT_DBG("status %d", status); 5929 5930 hci_dev_lock(hdev); 5931 5932 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 5933 5934 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 5935 if (!adv_instance->pending) 5936 continue; 5937 5938 if (!status) { 5939 adv_instance->pending = false; 5940 continue; 5941 } 5942 5943 instance = adv_instance->instance; 5944 5945 if (hdev->cur_adv_instance == instance) 5946 cancel_adv_timeout(hdev); 5947 5948 hci_remove_adv_instance(hdev, instance); 5949 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 5950 } 5951 5952 if (!cmd) 5953 goto unlock; 5954 5955 cp = cmd->param; 5956 rp.instance = cp->instance; 5957 5958 if (status) 5959 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 5960 mgmt_status(status)); 5961 else 5962 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5963 mgmt_status(status), &rp, sizeof(rp)); 5964 5965 mgmt_pending_remove(cmd); 5966 5967 unlock: 5968 hci_dev_unlock(hdev); 5969 } 5970 5971 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 5972 void *data, u16 data_len) 5973 { 5974 struct mgmt_cp_add_advertising *cp = data; 5975 struct mgmt_rp_add_advertising rp; 5976 u32 flags; 5977 u32 supported_flags; 5978 u8 status; 5979 u16 timeout, duration; 5980 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 5981 u8 schedule_instance = 0; 5982 struct adv_info *next_instance; 5983 int err; 5984 struct mgmt_pending_cmd *cmd; 5985 struct hci_request req; 5986 5987 BT_DBG("%s", hdev->name); 5988 5989 status = mgmt_le_support(hdev); 5990 if (status) 5991 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5992 status); 5993 5994 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 5995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5996 MGMT_STATUS_INVALID_PARAMS); 5997 5998 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 5999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6000 MGMT_STATUS_INVALID_PARAMS); 6001 6002 flags = __le32_to_cpu(cp->flags); 6003 timeout = __le16_to_cpu(cp->timeout); 6004 duration = __le16_to_cpu(cp->duration); 6005 6006 /* The current implementation only supports a subset of the specified 6007 * flags. 6008 */ 6009 supported_flags = get_supported_adv_flags(hdev); 6010 if (flags & ~supported_flags) 6011 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6012 MGMT_STATUS_INVALID_PARAMS); 6013 6014 hci_dev_lock(hdev); 6015 6016 if (timeout && !hdev_is_powered(hdev)) { 6017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6018 MGMT_STATUS_REJECTED); 6019 goto unlock; 6020 } 6021 6022 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6023 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6024 pending_find(MGMT_OP_SET_LE, hdev)) { 6025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6026 MGMT_STATUS_BUSY); 6027 goto unlock; 6028 } 6029 6030 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6031 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6032 cp->scan_rsp_len, false)) { 6033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6034 MGMT_STATUS_INVALID_PARAMS); 6035 goto unlock; 6036 } 6037 6038 err = hci_add_adv_instance(hdev, cp->instance, flags, 6039 cp->adv_data_len, cp->data, 6040 cp->scan_rsp_len, 6041 cp->data + cp->adv_data_len, 6042 timeout, duration); 6043 if (err < 0) { 6044 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6045 MGMT_STATUS_FAILED); 6046 goto unlock; 6047 } 6048 6049 /* Only trigger an advertising added event if a new instance was 6050 * actually added. 6051 */ 6052 if (hdev->adv_instance_cnt > prev_instance_cnt) 6053 mgmt_advertising_added(sk, hdev, cp->instance); 6054 6055 if (hdev->cur_adv_instance == cp->instance) { 6056 /* If the currently advertised instance is being changed then 6057 * cancel the current advertising and schedule the next 6058 * instance. If there is only one instance then the overridden 6059 * advertising data will be visible right away. 6060 */ 6061 cancel_adv_timeout(hdev); 6062 6063 next_instance = hci_get_next_instance(hdev, cp->instance); 6064 if (next_instance) 6065 schedule_instance = next_instance->instance; 6066 } else if (!hdev->adv_instance_timeout) { 6067 /* Immediately advertise the new instance if no other 6068 * instance is currently being advertised. 6069 */ 6070 schedule_instance = cp->instance; 6071 } 6072 6073 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6074 * there is no instance to be advertised then we have no HCI 6075 * communication to make. Simply return. 6076 */ 6077 if (!hdev_is_powered(hdev) || 6078 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6079 !schedule_instance) { 6080 rp.instance = cp->instance; 6081 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6082 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6083 goto unlock; 6084 } 6085 6086 /* We're good to go, update advertising data, parameters, and start 6087 * advertising. 6088 */ 6089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6090 data_len); 6091 if (!cmd) { 6092 err = -ENOMEM; 6093 goto unlock; 6094 } 6095 6096 hci_req_init(&req, hdev); 6097 6098 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6099 6100 if (!err) 6101 err = hci_req_run(&req, add_advertising_complete); 6102 6103 if (err < 0) 6104 mgmt_pending_remove(cmd); 6105 6106 unlock: 6107 hci_dev_unlock(hdev); 6108 6109 return err; 6110 } 6111 6112 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6113 u16 opcode) 6114 { 6115 struct mgmt_pending_cmd *cmd; 6116 struct mgmt_cp_remove_advertising *cp; 6117 struct mgmt_rp_remove_advertising rp; 6118 6119 BT_DBG("status %d", status); 6120 6121 hci_dev_lock(hdev); 6122 6123 /* A failure status here only means that we failed to disable 6124 * advertising. Otherwise, the advertising instance has been removed, 6125 * so report success. 6126 */ 6127 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6128 if (!cmd) 6129 goto unlock; 6130 6131 cp = cmd->param; 6132 rp.instance = cp->instance; 6133 6134 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6135 &rp, sizeof(rp)); 6136 mgmt_pending_remove(cmd); 6137 6138 unlock: 6139 hci_dev_unlock(hdev); 6140 } 6141 6142 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6143 void *data, u16 data_len) 6144 { 6145 struct mgmt_cp_remove_advertising *cp = data; 6146 struct mgmt_rp_remove_advertising rp; 6147 struct mgmt_pending_cmd *cmd; 6148 struct hci_request req; 6149 int err; 6150 6151 BT_DBG("%s", hdev->name); 6152 6153 hci_dev_lock(hdev); 6154 6155 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6156 err = mgmt_cmd_status(sk, hdev->id, 6157 MGMT_OP_REMOVE_ADVERTISING, 6158 MGMT_STATUS_INVALID_PARAMS); 6159 goto unlock; 6160 } 6161 6162 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6163 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6164 pending_find(MGMT_OP_SET_LE, hdev)) { 6165 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6166 MGMT_STATUS_BUSY); 6167 goto unlock; 6168 } 6169 6170 if (list_empty(&hdev->adv_instances)) { 6171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6172 MGMT_STATUS_INVALID_PARAMS); 6173 goto unlock; 6174 } 6175 6176 hci_req_init(&req, hdev); 6177 6178 hci_req_clear_adv_instance(hdev, &req, cp->instance, true); 6179 6180 if (list_empty(&hdev->adv_instances)) 6181 __hci_req_disable_advertising(&req); 6182 6183 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6184 * flag is set or the device isn't powered then we have no HCI 6185 * communication to make. Simply return. 6186 */ 6187 if (skb_queue_empty(&req.cmd_q) || 6188 !hdev_is_powered(hdev) || 6189 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6190 rp.instance = cp->instance; 6191 err = mgmt_cmd_complete(sk, hdev->id, 6192 MGMT_OP_REMOVE_ADVERTISING, 6193 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6194 goto unlock; 6195 } 6196 6197 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6198 data_len); 6199 if (!cmd) { 6200 err = -ENOMEM; 6201 goto unlock; 6202 } 6203 6204 err = hci_req_run(&req, remove_advertising_complete); 6205 if (err < 0) 6206 mgmt_pending_remove(cmd); 6207 6208 unlock: 6209 hci_dev_unlock(hdev); 6210 6211 return err; 6212 } 6213 6214 static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data) 6215 { 6216 u8 max_len = HCI_MAX_AD_LENGTH; 6217 6218 if (is_adv_data) { 6219 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6220 MGMT_ADV_FLAG_LIMITED_DISCOV | 6221 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6222 max_len -= 3; 6223 6224 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6225 max_len -= 3; 6226 } 6227 6228 return max_len; 6229 } 6230 6231 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6232 void *data, u16 data_len) 6233 { 6234 struct mgmt_cp_get_adv_size_info *cp = data; 6235 struct mgmt_rp_get_adv_size_info rp; 6236 u32 flags, supported_flags; 6237 int err; 6238 6239 BT_DBG("%s", hdev->name); 6240 6241 if (!lmp_le_capable(hdev)) 6242 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6243 MGMT_STATUS_REJECTED); 6244 6245 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6247 MGMT_STATUS_INVALID_PARAMS); 6248 6249 flags = __le32_to_cpu(cp->flags); 6250 6251 /* The current implementation only supports a subset of the specified 6252 * flags. 6253 */ 6254 supported_flags = get_supported_adv_flags(hdev); 6255 if (flags & ~supported_flags) 6256 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6257 MGMT_STATUS_INVALID_PARAMS); 6258 6259 rp.instance = cp->instance; 6260 rp.flags = cp->flags; 6261 rp.max_adv_data_len = tlv_data_max_len(flags, true); 6262 rp.max_scan_rsp_len = tlv_data_max_len(flags, false); 6263 6264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6265 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6266 6267 return err; 6268 } 6269 6270 static const struct hci_mgmt_handler mgmt_handlers[] = { 6271 { NULL }, /* 0x0000 (no command) */ 6272 { read_version, MGMT_READ_VERSION_SIZE, 6273 HCI_MGMT_NO_HDEV | 6274 HCI_MGMT_UNTRUSTED }, 6275 { read_commands, MGMT_READ_COMMANDS_SIZE, 6276 HCI_MGMT_NO_HDEV | 6277 HCI_MGMT_UNTRUSTED }, 6278 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6279 HCI_MGMT_NO_HDEV | 6280 HCI_MGMT_UNTRUSTED }, 6281 { read_controller_info, MGMT_READ_INFO_SIZE, 6282 HCI_MGMT_UNTRUSTED }, 6283 { set_powered, MGMT_SETTING_SIZE }, 6284 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6285 { set_connectable, MGMT_SETTING_SIZE }, 6286 { set_fast_connectable, MGMT_SETTING_SIZE }, 6287 { set_bondable, MGMT_SETTING_SIZE }, 6288 { set_link_security, MGMT_SETTING_SIZE }, 6289 { set_ssp, MGMT_SETTING_SIZE }, 6290 { set_hs, MGMT_SETTING_SIZE }, 6291 { set_le, MGMT_SETTING_SIZE }, 6292 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6293 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6294 { add_uuid, MGMT_ADD_UUID_SIZE }, 6295 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6296 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6297 HCI_MGMT_VAR_LEN }, 6298 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6299 HCI_MGMT_VAR_LEN }, 6300 { disconnect, MGMT_DISCONNECT_SIZE }, 6301 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6302 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6303 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6304 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6305 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6306 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6307 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6308 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6309 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6310 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6311 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6312 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6313 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6314 HCI_MGMT_VAR_LEN }, 6315 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6316 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6317 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6318 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6319 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6320 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6321 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6322 { set_advertising, MGMT_SETTING_SIZE }, 6323 { set_bredr, MGMT_SETTING_SIZE }, 6324 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6325 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6326 { set_secure_conn, MGMT_SETTING_SIZE }, 6327 { set_debug_keys, MGMT_SETTING_SIZE }, 6328 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6329 { load_irks, MGMT_LOAD_IRKS_SIZE, 6330 HCI_MGMT_VAR_LEN }, 6331 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6332 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6333 { add_device, MGMT_ADD_DEVICE_SIZE }, 6334 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6335 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6336 HCI_MGMT_VAR_LEN }, 6337 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6338 HCI_MGMT_NO_HDEV | 6339 HCI_MGMT_UNTRUSTED }, 6340 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6341 HCI_MGMT_UNCONFIGURED | 6342 HCI_MGMT_UNTRUSTED }, 6343 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6344 HCI_MGMT_UNCONFIGURED }, 6345 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6346 HCI_MGMT_UNCONFIGURED }, 6347 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6348 HCI_MGMT_VAR_LEN }, 6349 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6350 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6351 HCI_MGMT_NO_HDEV | 6352 HCI_MGMT_UNTRUSTED }, 6353 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6354 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6355 HCI_MGMT_VAR_LEN }, 6356 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6357 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6358 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6359 }; 6360 6361 void mgmt_index_added(struct hci_dev *hdev) 6362 { 6363 struct mgmt_ev_ext_index ev; 6364 6365 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6366 return; 6367 6368 switch (hdev->dev_type) { 6369 case HCI_PRIMARY: 6370 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6371 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6372 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6373 ev.type = 0x01; 6374 } else { 6375 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6376 HCI_MGMT_INDEX_EVENTS); 6377 ev.type = 0x00; 6378 } 6379 break; 6380 case HCI_AMP: 6381 ev.type = 0x02; 6382 break; 6383 default: 6384 return; 6385 } 6386 6387 ev.bus = hdev->bus; 6388 6389 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6390 HCI_MGMT_EXT_INDEX_EVENTS); 6391 } 6392 6393 void mgmt_index_removed(struct hci_dev *hdev) 6394 { 6395 struct mgmt_ev_ext_index ev; 6396 u8 status = MGMT_STATUS_INVALID_INDEX; 6397 6398 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6399 return; 6400 6401 switch (hdev->dev_type) { 6402 case HCI_PRIMARY: 6403 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6404 6405 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6406 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6407 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6408 ev.type = 0x01; 6409 } else { 6410 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6411 HCI_MGMT_INDEX_EVENTS); 6412 ev.type = 0x00; 6413 } 6414 break; 6415 case HCI_AMP: 6416 ev.type = 0x02; 6417 break; 6418 default: 6419 return; 6420 } 6421 6422 ev.bus = hdev->bus; 6423 6424 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6425 HCI_MGMT_EXT_INDEX_EVENTS); 6426 } 6427 6428 /* This function requires the caller holds hdev->lock */ 6429 static void restart_le_actions(struct hci_dev *hdev) 6430 { 6431 struct hci_conn_params *p; 6432 6433 list_for_each_entry(p, &hdev->le_conn_params, list) { 6434 /* Needed for AUTO_OFF case where might not "really" 6435 * have been powered off. 6436 */ 6437 list_del_init(&p->action); 6438 6439 switch (p->auto_connect) { 6440 case HCI_AUTO_CONN_DIRECT: 6441 case HCI_AUTO_CONN_ALWAYS: 6442 list_add(&p->action, &hdev->pend_le_conns); 6443 break; 6444 case HCI_AUTO_CONN_REPORT: 6445 list_add(&p->action, &hdev->pend_le_reports); 6446 break; 6447 default: 6448 break; 6449 } 6450 } 6451 } 6452 6453 void mgmt_power_on(struct hci_dev *hdev, int err) 6454 { 6455 struct cmd_lookup match = { NULL, hdev }; 6456 6457 BT_DBG("err %d", err); 6458 6459 hci_dev_lock(hdev); 6460 6461 if (!err) { 6462 restart_le_actions(hdev); 6463 hci_update_background_scan(hdev); 6464 } 6465 6466 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6467 6468 new_settings(hdev, match.sk); 6469 6470 if (match.sk) 6471 sock_put(match.sk); 6472 6473 hci_dev_unlock(hdev); 6474 } 6475 6476 void __mgmt_power_off(struct hci_dev *hdev) 6477 { 6478 struct cmd_lookup match = { NULL, hdev }; 6479 u8 status, zero_cod[] = { 0, 0, 0 }; 6480 6481 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6482 6483 /* If the power off is because of hdev unregistration let 6484 * use the appropriate INVALID_INDEX status. Otherwise use 6485 * NOT_POWERED. We cover both scenarios here since later in 6486 * mgmt_index_removed() any hci_conn callbacks will have already 6487 * been triggered, potentially causing misleading DISCONNECTED 6488 * status responses. 6489 */ 6490 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 6491 status = MGMT_STATUS_INVALID_INDEX; 6492 else 6493 status = MGMT_STATUS_NOT_POWERED; 6494 6495 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6496 6497 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 6498 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6499 zero_cod, sizeof(zero_cod), NULL); 6500 6501 new_settings(hdev, match.sk); 6502 6503 if (match.sk) 6504 sock_put(match.sk); 6505 } 6506 6507 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 6508 { 6509 struct mgmt_pending_cmd *cmd; 6510 u8 status; 6511 6512 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6513 if (!cmd) 6514 return; 6515 6516 if (err == -ERFKILL) 6517 status = MGMT_STATUS_RFKILLED; 6518 else 6519 status = MGMT_STATUS_FAILED; 6520 6521 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 6522 6523 mgmt_pending_remove(cmd); 6524 } 6525 6526 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 6527 bool persistent) 6528 { 6529 struct mgmt_ev_new_link_key ev; 6530 6531 memset(&ev, 0, sizeof(ev)); 6532 6533 ev.store_hint = persistent; 6534 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6535 ev.key.addr.type = BDADDR_BREDR; 6536 ev.key.type = key->type; 6537 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 6538 ev.key.pin_len = key->pin_len; 6539 6540 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 6541 } 6542 6543 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 6544 { 6545 switch (ltk->type) { 6546 case SMP_LTK: 6547 case SMP_LTK_SLAVE: 6548 if (ltk->authenticated) 6549 return MGMT_LTK_AUTHENTICATED; 6550 return MGMT_LTK_UNAUTHENTICATED; 6551 case SMP_LTK_P256: 6552 if (ltk->authenticated) 6553 return MGMT_LTK_P256_AUTH; 6554 return MGMT_LTK_P256_UNAUTH; 6555 case SMP_LTK_P256_DEBUG: 6556 return MGMT_LTK_P256_DEBUG; 6557 } 6558 6559 return MGMT_LTK_UNAUTHENTICATED; 6560 } 6561 6562 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 6563 { 6564 struct mgmt_ev_new_long_term_key ev; 6565 6566 memset(&ev, 0, sizeof(ev)); 6567 6568 /* Devices using resolvable or non-resolvable random addresses 6569 * without providing an identity resolving key don't require 6570 * to store long term keys. Their addresses will change the 6571 * next time around. 6572 * 6573 * Only when a remote device provides an identity address 6574 * make sure the long term key is stored. If the remote 6575 * identity is known, the long term keys are internally 6576 * mapped to the identity address. So allow static random 6577 * and public addresses here. 6578 */ 6579 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 6580 (key->bdaddr.b[5] & 0xc0) != 0xc0) 6581 ev.store_hint = 0x00; 6582 else 6583 ev.store_hint = persistent; 6584 6585 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6586 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 6587 ev.key.type = mgmt_ltk_type(key); 6588 ev.key.enc_size = key->enc_size; 6589 ev.key.ediv = key->ediv; 6590 ev.key.rand = key->rand; 6591 6592 if (key->type == SMP_LTK) 6593 ev.key.master = 1; 6594 6595 /* Make sure we copy only the significant bytes based on the 6596 * encryption key size, and set the rest of the value to zeroes. 6597 */ 6598 memcpy(ev.key.val, key->val, key->enc_size); 6599 memset(ev.key.val + key->enc_size, 0, 6600 sizeof(ev.key.val) - key->enc_size); 6601 6602 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 6603 } 6604 6605 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 6606 { 6607 struct mgmt_ev_new_irk ev; 6608 6609 memset(&ev, 0, sizeof(ev)); 6610 6611 ev.store_hint = persistent; 6612 6613 bacpy(&ev.rpa, &irk->rpa); 6614 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 6615 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 6616 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 6617 6618 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 6619 } 6620 6621 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 6622 bool persistent) 6623 { 6624 struct mgmt_ev_new_csrk ev; 6625 6626 memset(&ev, 0, sizeof(ev)); 6627 6628 /* Devices using resolvable or non-resolvable random addresses 6629 * without providing an identity resolving key don't require 6630 * to store signature resolving keys. Their addresses will change 6631 * the next time around. 6632 * 6633 * Only when a remote device provides an identity address 6634 * make sure the signature resolving key is stored. So allow 6635 * static random and public addresses here. 6636 */ 6637 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 6638 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 6639 ev.store_hint = 0x00; 6640 else 6641 ev.store_hint = persistent; 6642 6643 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 6644 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 6645 ev.key.type = csrk->type; 6646 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 6647 6648 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 6649 } 6650 6651 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 6652 u8 bdaddr_type, u8 store_hint, u16 min_interval, 6653 u16 max_interval, u16 latency, u16 timeout) 6654 { 6655 struct mgmt_ev_new_conn_param ev; 6656 6657 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 6658 return; 6659 6660 memset(&ev, 0, sizeof(ev)); 6661 bacpy(&ev.addr.bdaddr, bdaddr); 6662 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 6663 ev.store_hint = store_hint; 6664 ev.min_interval = cpu_to_le16(min_interval); 6665 ev.max_interval = cpu_to_le16(max_interval); 6666 ev.latency = cpu_to_le16(latency); 6667 ev.timeout = cpu_to_le16(timeout); 6668 6669 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 6670 } 6671 6672 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 6673 u32 flags, u8 *name, u8 name_len) 6674 { 6675 char buf[512]; 6676 struct mgmt_ev_device_connected *ev = (void *) buf; 6677 u16 eir_len = 0; 6678 6679 bacpy(&ev->addr.bdaddr, &conn->dst); 6680 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6681 6682 ev->flags = __cpu_to_le32(flags); 6683 6684 /* We must ensure that the EIR Data fields are ordered and 6685 * unique. Keep it simple for now and avoid the problem by not 6686 * adding any BR/EDR data to the LE adv. 6687 */ 6688 if (conn->le_adv_data_len > 0) { 6689 memcpy(&ev->eir[eir_len], 6690 conn->le_adv_data, conn->le_adv_data_len); 6691 eir_len = conn->le_adv_data_len; 6692 } else { 6693 if (name_len > 0) 6694 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 6695 name, name_len); 6696 6697 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 6698 eir_len = eir_append_data(ev->eir, eir_len, 6699 EIR_CLASS_OF_DEV, 6700 conn->dev_class, 3); 6701 } 6702 6703 ev->eir_len = cpu_to_le16(eir_len); 6704 6705 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 6706 sizeof(*ev) + eir_len, NULL); 6707 } 6708 6709 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 6710 { 6711 struct sock **sk = data; 6712 6713 cmd->cmd_complete(cmd, 0); 6714 6715 *sk = cmd->sk; 6716 sock_hold(*sk); 6717 6718 mgmt_pending_remove(cmd); 6719 } 6720 6721 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 6722 { 6723 struct hci_dev *hdev = data; 6724 struct mgmt_cp_unpair_device *cp = cmd->param; 6725 6726 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 6727 6728 cmd->cmd_complete(cmd, 0); 6729 mgmt_pending_remove(cmd); 6730 } 6731 6732 bool mgmt_powering_down(struct hci_dev *hdev) 6733 { 6734 struct mgmt_pending_cmd *cmd; 6735 struct mgmt_mode *cp; 6736 6737 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6738 if (!cmd) 6739 return false; 6740 6741 cp = cmd->param; 6742 if (!cp->val) 6743 return true; 6744 6745 return false; 6746 } 6747 6748 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 6749 u8 link_type, u8 addr_type, u8 reason, 6750 bool mgmt_connected) 6751 { 6752 struct mgmt_ev_device_disconnected ev; 6753 struct sock *sk = NULL; 6754 6755 /* The connection is still in hci_conn_hash so test for 1 6756 * instead of 0 to know if this is the last one. 6757 */ 6758 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6759 cancel_delayed_work(&hdev->power_off); 6760 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6761 } 6762 6763 if (!mgmt_connected) 6764 return; 6765 6766 if (link_type != ACL_LINK && link_type != LE_LINK) 6767 return; 6768 6769 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 6770 6771 bacpy(&ev.addr.bdaddr, bdaddr); 6772 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6773 ev.reason = reason; 6774 6775 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 6776 6777 if (sk) 6778 sock_put(sk); 6779 6780 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6781 hdev); 6782 } 6783 6784 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 6785 u8 link_type, u8 addr_type, u8 status) 6786 { 6787 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 6788 struct mgmt_cp_disconnect *cp; 6789 struct mgmt_pending_cmd *cmd; 6790 6791 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6792 hdev); 6793 6794 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 6795 if (!cmd) 6796 return; 6797 6798 cp = cmd->param; 6799 6800 if (bacmp(bdaddr, &cp->addr.bdaddr)) 6801 return; 6802 6803 if (cp->addr.type != bdaddr_type) 6804 return; 6805 6806 cmd->cmd_complete(cmd, mgmt_status(status)); 6807 mgmt_pending_remove(cmd); 6808 } 6809 6810 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6811 u8 addr_type, u8 status) 6812 { 6813 struct mgmt_ev_connect_failed ev; 6814 6815 /* The connection is still in hci_conn_hash so test for 1 6816 * instead of 0 to know if this is the last one. 6817 */ 6818 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6819 cancel_delayed_work(&hdev->power_off); 6820 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6821 } 6822 6823 bacpy(&ev.addr.bdaddr, bdaddr); 6824 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6825 ev.status = mgmt_status(status); 6826 6827 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 6828 } 6829 6830 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 6831 { 6832 struct mgmt_ev_pin_code_request ev; 6833 6834 bacpy(&ev.addr.bdaddr, bdaddr); 6835 ev.addr.type = BDADDR_BREDR; 6836 ev.secure = secure; 6837 6838 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 6839 } 6840 6841 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6842 u8 status) 6843 { 6844 struct mgmt_pending_cmd *cmd; 6845 6846 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 6847 if (!cmd) 6848 return; 6849 6850 cmd->cmd_complete(cmd, mgmt_status(status)); 6851 mgmt_pending_remove(cmd); 6852 } 6853 6854 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6855 u8 status) 6856 { 6857 struct mgmt_pending_cmd *cmd; 6858 6859 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 6860 if (!cmd) 6861 return; 6862 6863 cmd->cmd_complete(cmd, mgmt_status(status)); 6864 mgmt_pending_remove(cmd); 6865 } 6866 6867 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6868 u8 link_type, u8 addr_type, u32 value, 6869 u8 confirm_hint) 6870 { 6871 struct mgmt_ev_user_confirm_request ev; 6872 6873 BT_DBG("%s", hdev->name); 6874 6875 bacpy(&ev.addr.bdaddr, bdaddr); 6876 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6877 ev.confirm_hint = confirm_hint; 6878 ev.value = cpu_to_le32(value); 6879 6880 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 6881 NULL); 6882 } 6883 6884 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6885 u8 link_type, u8 addr_type) 6886 { 6887 struct mgmt_ev_user_passkey_request ev; 6888 6889 BT_DBG("%s", hdev->name); 6890 6891 bacpy(&ev.addr.bdaddr, bdaddr); 6892 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6893 6894 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 6895 NULL); 6896 } 6897 6898 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6899 u8 link_type, u8 addr_type, u8 status, 6900 u8 opcode) 6901 { 6902 struct mgmt_pending_cmd *cmd; 6903 6904 cmd = pending_find(opcode, hdev); 6905 if (!cmd) 6906 return -ENOENT; 6907 6908 cmd->cmd_complete(cmd, mgmt_status(status)); 6909 mgmt_pending_remove(cmd); 6910 6911 return 0; 6912 } 6913 6914 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6915 u8 link_type, u8 addr_type, u8 status) 6916 { 6917 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6918 status, MGMT_OP_USER_CONFIRM_REPLY); 6919 } 6920 6921 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6922 u8 link_type, u8 addr_type, u8 status) 6923 { 6924 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6925 status, 6926 MGMT_OP_USER_CONFIRM_NEG_REPLY); 6927 } 6928 6929 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6930 u8 link_type, u8 addr_type, u8 status) 6931 { 6932 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6933 status, MGMT_OP_USER_PASSKEY_REPLY); 6934 } 6935 6936 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6937 u8 link_type, u8 addr_type, u8 status) 6938 { 6939 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6940 status, 6941 MGMT_OP_USER_PASSKEY_NEG_REPLY); 6942 } 6943 6944 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 6945 u8 link_type, u8 addr_type, u32 passkey, 6946 u8 entered) 6947 { 6948 struct mgmt_ev_passkey_notify ev; 6949 6950 BT_DBG("%s", hdev->name); 6951 6952 bacpy(&ev.addr.bdaddr, bdaddr); 6953 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6954 ev.passkey = __cpu_to_le32(passkey); 6955 ev.entered = entered; 6956 6957 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 6958 } 6959 6960 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 6961 { 6962 struct mgmt_ev_auth_failed ev; 6963 struct mgmt_pending_cmd *cmd; 6964 u8 status = mgmt_status(hci_status); 6965 6966 bacpy(&ev.addr.bdaddr, &conn->dst); 6967 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6968 ev.status = status; 6969 6970 cmd = find_pairing(conn); 6971 6972 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 6973 cmd ? cmd->sk : NULL); 6974 6975 if (cmd) { 6976 cmd->cmd_complete(cmd, status); 6977 mgmt_pending_remove(cmd); 6978 } 6979 } 6980 6981 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 6982 { 6983 struct cmd_lookup match = { NULL, hdev }; 6984 bool changed; 6985 6986 if (status) { 6987 u8 mgmt_err = mgmt_status(status); 6988 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 6989 cmd_status_rsp, &mgmt_err); 6990 return; 6991 } 6992 6993 if (test_bit(HCI_AUTH, &hdev->flags)) 6994 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 6995 else 6996 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 6997 6998 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 6999 &match); 7000 7001 if (changed) 7002 new_settings(hdev, match.sk); 7003 7004 if (match.sk) 7005 sock_put(match.sk); 7006 } 7007 7008 static void clear_eir(struct hci_request *req) 7009 { 7010 struct hci_dev *hdev = req->hdev; 7011 struct hci_cp_write_eir cp; 7012 7013 if (!lmp_ext_inq_capable(hdev)) 7014 return; 7015 7016 memset(hdev->eir, 0, sizeof(hdev->eir)); 7017 7018 memset(&cp, 0, sizeof(cp)); 7019 7020 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7021 } 7022 7023 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7024 { 7025 struct cmd_lookup match = { NULL, hdev }; 7026 struct hci_request req; 7027 bool changed = false; 7028 7029 if (status) { 7030 u8 mgmt_err = mgmt_status(status); 7031 7032 if (enable && hci_dev_test_and_clear_flag(hdev, 7033 HCI_SSP_ENABLED)) { 7034 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7035 new_settings(hdev, NULL); 7036 } 7037 7038 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7039 &mgmt_err); 7040 return; 7041 } 7042 7043 if (enable) { 7044 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7045 } else { 7046 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7047 if (!changed) 7048 changed = hci_dev_test_and_clear_flag(hdev, 7049 HCI_HS_ENABLED); 7050 else 7051 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7052 } 7053 7054 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7055 7056 if (changed) 7057 new_settings(hdev, match.sk); 7058 7059 if (match.sk) 7060 sock_put(match.sk); 7061 7062 hci_req_init(&req, hdev); 7063 7064 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7065 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7066 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7067 sizeof(enable), &enable); 7068 __hci_req_update_eir(&req); 7069 } else { 7070 clear_eir(&req); 7071 } 7072 7073 hci_req_run(&req, NULL); 7074 } 7075 7076 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7077 { 7078 struct cmd_lookup *match = data; 7079 7080 if (match->sk == NULL) { 7081 match->sk = cmd->sk; 7082 sock_hold(match->sk); 7083 } 7084 } 7085 7086 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7087 u8 status) 7088 { 7089 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7090 7091 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7092 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7093 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7094 7095 if (!status) 7096 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 7097 dev_class, 3, NULL); 7098 7099 if (match.sk) 7100 sock_put(match.sk); 7101 } 7102 7103 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7104 { 7105 struct mgmt_cp_set_local_name ev; 7106 struct mgmt_pending_cmd *cmd; 7107 7108 if (status) 7109 return; 7110 7111 memset(&ev, 0, sizeof(ev)); 7112 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7113 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7114 7115 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7116 if (!cmd) { 7117 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7118 7119 /* If this is a HCI command related to powering on the 7120 * HCI dev don't send any mgmt signals. 7121 */ 7122 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7123 return; 7124 } 7125 7126 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7127 cmd ? cmd->sk : NULL); 7128 } 7129 7130 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7131 { 7132 int i; 7133 7134 for (i = 0; i < uuid_count; i++) { 7135 if (!memcmp(uuid, uuids[i], 16)) 7136 return true; 7137 } 7138 7139 return false; 7140 } 7141 7142 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7143 { 7144 u16 parsed = 0; 7145 7146 while (parsed < eir_len) { 7147 u8 field_len = eir[0]; 7148 u8 uuid[16]; 7149 int i; 7150 7151 if (field_len == 0) 7152 break; 7153 7154 if (eir_len - parsed < field_len + 1) 7155 break; 7156 7157 switch (eir[1]) { 7158 case EIR_UUID16_ALL: 7159 case EIR_UUID16_SOME: 7160 for (i = 0; i + 3 <= field_len; i += 2) { 7161 memcpy(uuid, bluetooth_base_uuid, 16); 7162 uuid[13] = eir[i + 3]; 7163 uuid[12] = eir[i + 2]; 7164 if (has_uuid(uuid, uuid_count, uuids)) 7165 return true; 7166 } 7167 break; 7168 case EIR_UUID32_ALL: 7169 case EIR_UUID32_SOME: 7170 for (i = 0; i + 5 <= field_len; i += 4) { 7171 memcpy(uuid, bluetooth_base_uuid, 16); 7172 uuid[15] = eir[i + 5]; 7173 uuid[14] = eir[i + 4]; 7174 uuid[13] = eir[i + 3]; 7175 uuid[12] = eir[i + 2]; 7176 if (has_uuid(uuid, uuid_count, uuids)) 7177 return true; 7178 } 7179 break; 7180 case EIR_UUID128_ALL: 7181 case EIR_UUID128_SOME: 7182 for (i = 0; i + 17 <= field_len; i += 16) { 7183 memcpy(uuid, eir + i + 2, 16); 7184 if (has_uuid(uuid, uuid_count, uuids)) 7185 return true; 7186 } 7187 break; 7188 } 7189 7190 parsed += field_len + 1; 7191 eir += field_len + 1; 7192 } 7193 7194 return false; 7195 } 7196 7197 static void restart_le_scan(struct hci_dev *hdev) 7198 { 7199 /* If controller is not scanning we are done. */ 7200 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7201 return; 7202 7203 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7204 hdev->discovery.scan_start + 7205 hdev->discovery.scan_duration)) 7206 return; 7207 7208 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7209 DISCOV_LE_RESTART_DELAY); 7210 } 7211 7212 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7213 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7214 { 7215 /* If a RSSI threshold has been specified, and 7216 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7217 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7218 * is set, let it through for further processing, as we might need to 7219 * restart the scan. 7220 * 7221 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7222 * the results are also dropped. 7223 */ 7224 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7225 (rssi == HCI_RSSI_INVALID || 7226 (rssi < hdev->discovery.rssi && 7227 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7228 return false; 7229 7230 if (hdev->discovery.uuid_count != 0) { 7231 /* If a list of UUIDs is provided in filter, results with no 7232 * matching UUID should be dropped. 7233 */ 7234 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7235 hdev->discovery.uuids) && 7236 !eir_has_uuids(scan_rsp, scan_rsp_len, 7237 hdev->discovery.uuid_count, 7238 hdev->discovery.uuids)) 7239 return false; 7240 } 7241 7242 /* If duplicate filtering does not report RSSI changes, then restart 7243 * scanning to ensure updated result with updated RSSI values. 7244 */ 7245 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7246 restart_le_scan(hdev); 7247 7248 /* Validate RSSI value against the RSSI threshold once more. */ 7249 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7250 rssi < hdev->discovery.rssi) 7251 return false; 7252 } 7253 7254 return true; 7255 } 7256 7257 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7258 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7259 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7260 { 7261 char buf[512]; 7262 struct mgmt_ev_device_found *ev = (void *)buf; 7263 size_t ev_size; 7264 7265 /* Don't send events for a non-kernel initiated discovery. With 7266 * LE one exception is if we have pend_le_reports > 0 in which 7267 * case we're doing passive scanning and want these events. 7268 */ 7269 if (!hci_discovery_active(hdev)) { 7270 if (link_type == ACL_LINK) 7271 return; 7272 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7273 return; 7274 } 7275 7276 if (hdev->discovery.result_filtering) { 7277 /* We are using service discovery */ 7278 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7279 scan_rsp_len)) 7280 return; 7281 } 7282 7283 if (hdev->discovery.limited) { 7284 /* Check for limited discoverable bit */ 7285 if (dev_class) { 7286 if (!(dev_class[1] & 0x20)) 7287 return; 7288 } else { 7289 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7290 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7291 return; 7292 } 7293 } 7294 7295 /* Make sure that the buffer is big enough. The 5 extra bytes 7296 * are for the potential CoD field. 7297 */ 7298 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7299 return; 7300 7301 memset(buf, 0, sizeof(buf)); 7302 7303 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7304 * RSSI value was reported as 0 when not available. This behavior 7305 * is kept when using device discovery. This is required for full 7306 * backwards compatibility with the API. 7307 * 7308 * However when using service discovery, the value 127 will be 7309 * returned when the RSSI is not available. 7310 */ 7311 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7312 link_type == ACL_LINK) 7313 rssi = 0; 7314 7315 bacpy(&ev->addr.bdaddr, bdaddr); 7316 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7317 ev->rssi = rssi; 7318 ev->flags = cpu_to_le32(flags); 7319 7320 if (eir_len > 0) 7321 /* Copy EIR or advertising data into event */ 7322 memcpy(ev->eir, eir, eir_len); 7323 7324 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7325 NULL)) 7326 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7327 dev_class, 3); 7328 7329 if (scan_rsp_len > 0) 7330 /* Append scan response data to event */ 7331 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7332 7333 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7334 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7335 7336 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7337 } 7338 7339 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7340 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7341 { 7342 struct mgmt_ev_device_found *ev; 7343 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7344 u16 eir_len; 7345 7346 ev = (struct mgmt_ev_device_found *) buf; 7347 7348 memset(buf, 0, sizeof(buf)); 7349 7350 bacpy(&ev->addr.bdaddr, bdaddr); 7351 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7352 ev->rssi = rssi; 7353 7354 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7355 name_len); 7356 7357 ev->eir_len = cpu_to_le16(eir_len); 7358 7359 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7360 } 7361 7362 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7363 { 7364 struct mgmt_ev_discovering ev; 7365 7366 BT_DBG("%s discovering %u", hdev->name, discovering); 7367 7368 memset(&ev, 0, sizeof(ev)); 7369 ev.type = hdev->discovery.type; 7370 ev.discovering = discovering; 7371 7372 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7373 } 7374 7375 static struct hci_mgmt_chan chan = { 7376 .channel = HCI_CHANNEL_CONTROL, 7377 .handler_count = ARRAY_SIZE(mgmt_handlers), 7378 .handlers = mgmt_handlers, 7379 .hdev_init = mgmt_init_hdev, 7380 }; 7381 7382 int mgmt_init(void) 7383 { 7384 return hci_mgmt_chan_register(&chan); 7385 } 7386 7387 void mgmt_exit(void) 7388 { 7389 hci_mgmt_chan_unregister(&chan); 7390 } 7391