1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/mgmt.h> 33 #include <net/bluetooth/smp.h> 34 35 bool enable_hs; 36 37 #define MGMT_VERSION 1 38 #define MGMT_REVISION 3 39 40 static const u16 mgmt_commands[] = { 41 MGMT_OP_READ_INDEX_LIST, 42 MGMT_OP_READ_INFO, 43 MGMT_OP_SET_POWERED, 44 MGMT_OP_SET_DISCOVERABLE, 45 MGMT_OP_SET_CONNECTABLE, 46 MGMT_OP_SET_FAST_CONNECTABLE, 47 MGMT_OP_SET_PAIRABLE, 48 MGMT_OP_SET_LINK_SECURITY, 49 MGMT_OP_SET_SSP, 50 MGMT_OP_SET_HS, 51 MGMT_OP_SET_LE, 52 MGMT_OP_SET_DEV_CLASS, 53 MGMT_OP_SET_LOCAL_NAME, 54 MGMT_OP_ADD_UUID, 55 MGMT_OP_REMOVE_UUID, 56 MGMT_OP_LOAD_LINK_KEYS, 57 MGMT_OP_LOAD_LONG_TERM_KEYS, 58 MGMT_OP_DISCONNECT, 59 MGMT_OP_GET_CONNECTIONS, 60 MGMT_OP_PIN_CODE_REPLY, 61 MGMT_OP_PIN_CODE_NEG_REPLY, 62 MGMT_OP_SET_IO_CAPABILITY, 63 MGMT_OP_PAIR_DEVICE, 64 MGMT_OP_CANCEL_PAIR_DEVICE, 65 MGMT_OP_UNPAIR_DEVICE, 66 MGMT_OP_USER_CONFIRM_REPLY, 67 MGMT_OP_USER_CONFIRM_NEG_REPLY, 68 MGMT_OP_USER_PASSKEY_REPLY, 69 MGMT_OP_USER_PASSKEY_NEG_REPLY, 70 MGMT_OP_READ_LOCAL_OOB_DATA, 71 MGMT_OP_ADD_REMOTE_OOB_DATA, 72 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 73 MGMT_OP_START_DISCOVERY, 74 MGMT_OP_STOP_DISCOVERY, 75 MGMT_OP_CONFIRM_NAME, 76 MGMT_OP_BLOCK_DEVICE, 77 MGMT_OP_UNBLOCK_DEVICE, 78 MGMT_OP_SET_DEVICE_ID, 79 }; 80 81 static const u16 mgmt_events[] = { 82 MGMT_EV_CONTROLLER_ERROR, 83 MGMT_EV_INDEX_ADDED, 84 MGMT_EV_INDEX_REMOVED, 85 MGMT_EV_NEW_SETTINGS, 86 MGMT_EV_CLASS_OF_DEV_CHANGED, 87 MGMT_EV_LOCAL_NAME_CHANGED, 88 MGMT_EV_NEW_LINK_KEY, 89 MGMT_EV_NEW_LONG_TERM_KEY, 90 MGMT_EV_DEVICE_CONNECTED, 91 MGMT_EV_DEVICE_DISCONNECTED, 92 MGMT_EV_CONNECT_FAILED, 93 MGMT_EV_PIN_CODE_REQUEST, 94 MGMT_EV_USER_CONFIRM_REQUEST, 95 MGMT_EV_USER_PASSKEY_REQUEST, 96 MGMT_EV_AUTH_FAILED, 97 MGMT_EV_DEVICE_FOUND, 98 MGMT_EV_DISCOVERING, 99 MGMT_EV_DEVICE_BLOCKED, 100 MGMT_EV_DEVICE_UNBLOCKED, 101 MGMT_EV_DEVICE_UNPAIRED, 102 MGMT_EV_PASSKEY_NOTIFY, 103 }; 104 105 /* 106 * These LE scan and inquiry parameters were chosen according to LE General 107 * Discovery Procedure specification. 108 */ 109 #define LE_SCAN_TYPE 0x01 110 #define LE_SCAN_WIN 0x12 111 #define LE_SCAN_INT 0x12 112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 114 115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 117 118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 119 120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 122 123 struct pending_cmd { 124 struct list_head list; 125 u16 opcode; 126 int index; 127 void *param; 128 struct sock *sk; 129 void *user_data; 130 }; 131 132 /* HCI to MGMT error code conversion table */ 133 static u8 mgmt_status_table[] = { 134 MGMT_STATUS_SUCCESS, 135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 137 MGMT_STATUS_FAILED, /* Hardware Failure */ 138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 146 MGMT_STATUS_BUSY, /* Command Disallowed */ 147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 148 MGMT_STATUS_REJECTED, /* Rejected Security */ 149 MGMT_STATUS_REJECTED, /* Rejected Personal */ 150 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 157 MGMT_STATUS_BUSY, /* Repeated Attempts */ 158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 165 MGMT_STATUS_FAILED, /* Unspecified Error */ 166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 172 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 174 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 176 MGMT_STATUS_FAILED, /* Transaction Collision */ 177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 178 MGMT_STATUS_REJECTED, /* QoS Rejected */ 179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 180 MGMT_STATUS_REJECTED, /* Insufficient Security */ 181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 182 MGMT_STATUS_BUSY, /* Role Switch Pending */ 183 MGMT_STATUS_FAILED, /* Slot Violation */ 184 MGMT_STATUS_FAILED, /* Role Switch Failed */ 185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 187 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 189 MGMT_STATUS_BUSY, /* Controller Busy */ 190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 195 }; 196 197 bool mgmt_valid_hdev(struct hci_dev *hdev) 198 { 199 return hdev->dev_type == HCI_BREDR; 200 } 201 202 static u8 mgmt_status(u8 hci_status) 203 { 204 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 205 return mgmt_status_table[hci_status]; 206 207 return MGMT_STATUS_FAILED; 208 } 209 210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 211 { 212 struct sk_buff *skb; 213 struct mgmt_hdr *hdr; 214 struct mgmt_ev_cmd_status *ev; 215 int err; 216 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 218 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL); 220 if (!skb) 221 return -ENOMEM; 222 223 hdr = (void *) skb_put(skb, sizeof(*hdr)); 224 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS); 226 hdr->index = cpu_to_le16(index); 227 hdr->len = cpu_to_le16(sizeof(*ev)); 228 229 ev = (void *) skb_put(skb, sizeof(*ev)); 230 ev->status = status; 231 ev->opcode = cpu_to_le16(cmd); 232 233 err = sock_queue_rcv_skb(sk, skb); 234 if (err < 0) 235 kfree_skb(skb); 236 237 return err; 238 } 239 240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, 241 void *rp, size_t rp_len) 242 { 243 struct sk_buff *skb; 244 struct mgmt_hdr *hdr; 245 struct mgmt_ev_cmd_complete *ev; 246 int err; 247 248 BT_DBG("sock %p", sk); 249 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL); 251 if (!skb) 252 return -ENOMEM; 253 254 hdr = (void *) skb_put(skb, sizeof(*hdr)); 255 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE); 257 hdr->index = cpu_to_le16(index); 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 259 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 261 ev->opcode = cpu_to_le16(cmd); 262 ev->status = status; 263 264 if (rp) 265 memcpy(ev->data, rp, rp_len); 266 267 err = sock_queue_rcv_skb(sk, skb); 268 if (err < 0) 269 kfree_skb(skb); 270 271 return err; 272 } 273 274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 275 u16 data_len) 276 { 277 struct mgmt_rp_read_version rp; 278 279 BT_DBG("sock %p", sk); 280 281 rp.version = MGMT_VERSION; 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION); 283 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp, 285 sizeof(rp)); 286 } 287 288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 289 u16 data_len) 290 { 291 struct mgmt_rp_read_commands *rp; 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands); 293 const u16 num_events = ARRAY_SIZE(mgmt_events); 294 __le16 *opcode; 295 size_t rp_size; 296 int i, err; 297 298 BT_DBG("sock %p", sk); 299 300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 301 302 rp = kmalloc(rp_size, GFP_KERNEL); 303 if (!rp) 304 return -ENOMEM; 305 306 rp->num_commands = __constant_cpu_to_le16(num_commands); 307 rp->num_events = __constant_cpu_to_le16(num_events); 308 309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++) 310 put_unaligned_le16(mgmt_commands[i], opcode); 311 312 for (i = 0; i < num_events; i++, opcode++) 313 put_unaligned_le16(mgmt_events[i], opcode); 314 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp, 316 rp_size); 317 kfree(rp); 318 319 return err; 320 } 321 322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 323 u16 data_len) 324 { 325 struct mgmt_rp_read_index_list *rp; 326 struct hci_dev *d; 327 size_t rp_len; 328 u16 count; 329 int err; 330 331 BT_DBG("sock %p", sk); 332 333 read_lock(&hci_dev_list_lock); 334 335 count = 0; 336 list_for_each_entry(d, &hci_dev_list, list) { 337 if (!mgmt_valid_hdev(d)) 338 continue; 339 340 count++; 341 } 342 343 rp_len = sizeof(*rp) + (2 * count); 344 rp = kmalloc(rp_len, GFP_ATOMIC); 345 if (!rp) { 346 read_unlock(&hci_dev_list_lock); 347 return -ENOMEM; 348 } 349 350 count = 0; 351 list_for_each_entry(d, &hci_dev_list, list) { 352 if (test_bit(HCI_SETUP, &d->dev_flags)) 353 continue; 354 355 if (!mgmt_valid_hdev(d)) 356 continue; 357 358 rp->index[count++] = cpu_to_le16(d->id); 359 BT_DBG("Added hci%u", d->id); 360 } 361 362 rp->num_controllers = cpu_to_le16(count); 363 rp_len = sizeof(*rp) + (2 * count); 364 365 read_unlock(&hci_dev_list_lock); 366 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 368 rp_len); 369 370 kfree(rp); 371 372 return err; 373 } 374 375 static u32 get_supported_settings(struct hci_dev *hdev) 376 { 377 u32 settings = 0; 378 379 settings |= MGMT_SETTING_POWERED; 380 settings |= MGMT_SETTING_PAIRABLE; 381 382 if (lmp_ssp_capable(hdev)) 383 settings |= MGMT_SETTING_SSP; 384 385 if (lmp_bredr_capable(hdev)) { 386 settings |= MGMT_SETTING_CONNECTABLE; 387 settings |= MGMT_SETTING_FAST_CONNECTABLE; 388 settings |= MGMT_SETTING_DISCOVERABLE; 389 settings |= MGMT_SETTING_BREDR; 390 settings |= MGMT_SETTING_LINK_SECURITY; 391 } 392 393 if (enable_hs) 394 settings |= MGMT_SETTING_HS; 395 396 if (lmp_le_capable(hdev)) 397 settings |= MGMT_SETTING_LE; 398 399 return settings; 400 } 401 402 static u32 get_current_settings(struct hci_dev *hdev) 403 { 404 u32 settings = 0; 405 406 if (hdev_is_powered(hdev)) 407 settings |= MGMT_SETTING_POWERED; 408 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 410 settings |= MGMT_SETTING_CONNECTABLE; 411 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 413 settings |= MGMT_SETTING_DISCOVERABLE; 414 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 416 settings |= MGMT_SETTING_PAIRABLE; 417 418 if (lmp_bredr_capable(hdev)) 419 settings |= MGMT_SETTING_BREDR; 420 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 422 settings |= MGMT_SETTING_LE; 423 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 425 settings |= MGMT_SETTING_LINK_SECURITY; 426 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 428 settings |= MGMT_SETTING_SSP; 429 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 431 settings |= MGMT_SETTING_HS; 432 433 return settings; 434 } 435 436 #define PNP_INFO_SVCLASS_ID 0x1200 437 438 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 439 { 440 u8 *ptr = data, *uuids_start = NULL; 441 struct bt_uuid *uuid; 442 443 if (len < 4) 444 return ptr; 445 446 list_for_each_entry(uuid, &hdev->uuids, list) { 447 u16 uuid16; 448 449 if (uuid->size != 16) 450 continue; 451 452 uuid16 = get_unaligned_le16(&uuid->uuid[12]); 453 if (uuid16 < 0x1100) 454 continue; 455 456 if (uuid16 == PNP_INFO_SVCLASS_ID) 457 continue; 458 459 if (!uuids_start) { 460 uuids_start = ptr; 461 uuids_start[0] = 1; 462 uuids_start[1] = EIR_UUID16_ALL; 463 ptr += 2; 464 } 465 466 /* Stop if not enough space to put next UUID */ 467 if ((ptr - data) + sizeof(u16) > len) { 468 uuids_start[1] = EIR_UUID16_SOME; 469 break; 470 } 471 472 *ptr++ = (uuid16 & 0x00ff); 473 *ptr++ = (uuid16 & 0xff00) >> 8; 474 uuids_start[0] += sizeof(uuid16); 475 } 476 477 return ptr; 478 } 479 480 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 481 { 482 u8 *ptr = data, *uuids_start = NULL; 483 struct bt_uuid *uuid; 484 485 if (len < 6) 486 return ptr; 487 488 list_for_each_entry(uuid, &hdev->uuids, list) { 489 if (uuid->size != 32) 490 continue; 491 492 if (!uuids_start) { 493 uuids_start = ptr; 494 uuids_start[0] = 1; 495 uuids_start[1] = EIR_UUID32_ALL; 496 ptr += 2; 497 } 498 499 /* Stop if not enough space to put next UUID */ 500 if ((ptr - data) + sizeof(u32) > len) { 501 uuids_start[1] = EIR_UUID32_SOME; 502 break; 503 } 504 505 memcpy(ptr, &uuid->uuid[12], sizeof(u32)); 506 ptr += sizeof(u32); 507 uuids_start[0] += sizeof(u32); 508 } 509 510 return ptr; 511 } 512 513 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 514 { 515 u8 *ptr = data, *uuids_start = NULL; 516 struct bt_uuid *uuid; 517 518 if (len < 18) 519 return ptr; 520 521 list_for_each_entry(uuid, &hdev->uuids, list) { 522 if (uuid->size != 128) 523 continue; 524 525 if (!uuids_start) { 526 uuids_start = ptr; 527 uuids_start[0] = 1; 528 uuids_start[1] = EIR_UUID128_ALL; 529 ptr += 2; 530 } 531 532 /* Stop if not enough space to put next UUID */ 533 if ((ptr - data) + 16 > len) { 534 uuids_start[1] = EIR_UUID128_SOME; 535 break; 536 } 537 538 memcpy(ptr, uuid->uuid, 16); 539 ptr += 16; 540 uuids_start[0] += 16; 541 } 542 543 return ptr; 544 } 545 546 static void create_eir(struct hci_dev *hdev, u8 *data) 547 { 548 u8 *ptr = data; 549 size_t name_len; 550 551 name_len = strlen(hdev->dev_name); 552 553 if (name_len > 0) { 554 /* EIR Data type */ 555 if (name_len > 48) { 556 name_len = 48; 557 ptr[1] = EIR_NAME_SHORT; 558 } else 559 ptr[1] = EIR_NAME_COMPLETE; 560 561 /* EIR Data length */ 562 ptr[0] = name_len + 1; 563 564 memcpy(ptr + 2, hdev->dev_name, name_len); 565 566 ptr += (name_len + 2); 567 } 568 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) { 570 ptr[0] = 2; 571 ptr[1] = EIR_TX_POWER; 572 ptr[2] = (u8) hdev->inq_tx_power; 573 574 ptr += 3; 575 } 576 577 if (hdev->devid_source > 0) { 578 ptr[0] = 9; 579 ptr[1] = EIR_DEVICE_ID; 580 581 put_unaligned_le16(hdev->devid_source, ptr + 2); 582 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 583 put_unaligned_le16(hdev->devid_product, ptr + 6); 584 put_unaligned_le16(hdev->devid_version, ptr + 8); 585 586 ptr += 10; 587 } 588 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 592 } 593 594 static int update_eir(struct hci_dev *hdev) 595 { 596 struct hci_cp_write_eir cp; 597 598 if (!hdev_is_powered(hdev)) 599 return 0; 600 601 if (!lmp_ext_inq_capable(hdev)) 602 return 0; 603 604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 605 return 0; 606 607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 608 return 0; 609 610 memset(&cp, 0, sizeof(cp)); 611 612 create_eir(hdev, cp.data); 613 614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 615 return 0; 616 617 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 618 619 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 620 } 621 622 static u8 get_service_classes(struct hci_dev *hdev) 623 { 624 struct bt_uuid *uuid; 625 u8 val = 0; 626 627 list_for_each_entry(uuid, &hdev->uuids, list) 628 val |= uuid->svc_hint; 629 630 return val; 631 } 632 633 static int update_class(struct hci_dev *hdev) 634 { 635 u8 cod[3]; 636 int err; 637 638 BT_DBG("%s", hdev->name); 639 640 if (!hdev_is_powered(hdev)) 641 return 0; 642 643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 644 return 0; 645 646 cod[0] = hdev->minor_class; 647 cod[1] = hdev->major_class; 648 cod[2] = get_service_classes(hdev); 649 650 if (memcmp(cod, hdev->dev_class, 3) == 0) 651 return 0; 652 653 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 654 if (err == 0) 655 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 656 657 return err; 658 } 659 660 static void service_cache_off(struct work_struct *work) 661 { 662 struct hci_dev *hdev = container_of(work, struct hci_dev, 663 service_cache.work); 664 665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 666 return; 667 668 hci_dev_lock(hdev); 669 670 update_eir(hdev); 671 update_class(hdev); 672 673 hci_dev_unlock(hdev); 674 } 675 676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 677 { 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) 679 return; 680 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 682 683 /* Non-mgmt controlled devices get this bit set 684 * implicitly so that pairing works for them, however 685 * for mgmt we require user-space to explicitly enable 686 * it 687 */ 688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 689 } 690 691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 692 void *data, u16 data_len) 693 { 694 struct mgmt_rp_read_info rp; 695 696 BT_DBG("sock %p %s", sk, hdev->name); 697 698 hci_dev_lock(hdev); 699 700 memset(&rp, 0, sizeof(rp)); 701 702 bacpy(&rp.bdaddr, &hdev->bdaddr); 703 704 rp.version = hdev->hci_ver; 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 706 707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 708 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 709 710 memcpy(rp.dev_class, hdev->dev_class, 3); 711 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 714 715 hci_dev_unlock(hdev); 716 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 718 sizeof(rp)); 719 } 720 721 static void mgmt_pending_free(struct pending_cmd *cmd) 722 { 723 sock_put(cmd->sk); 724 kfree(cmd->param); 725 kfree(cmd); 726 } 727 728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 729 struct hci_dev *hdev, void *data, 730 u16 len) 731 { 732 struct pending_cmd *cmd; 733 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); 735 if (!cmd) 736 return NULL; 737 738 cmd->opcode = opcode; 739 cmd->index = hdev->id; 740 741 cmd->param = kmalloc(len, GFP_KERNEL); 742 if (!cmd->param) { 743 kfree(cmd); 744 return NULL; 745 } 746 747 if (data) 748 memcpy(cmd->param, data, len); 749 750 cmd->sk = sk; 751 sock_hold(sk); 752 753 list_add(&cmd->list, &hdev->mgmt_pending); 754 755 return cmd; 756 } 757 758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 759 void (*cb)(struct pending_cmd *cmd, 760 void *data), 761 void *data) 762 { 763 struct pending_cmd *cmd, *tmp; 764 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) { 766 if (opcode > 0 && cmd->opcode != opcode) 767 continue; 768 769 cb(cmd, data); 770 } 771 } 772 773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 774 { 775 struct pending_cmd *cmd; 776 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 778 if (cmd->opcode == opcode) 779 return cmd; 780 } 781 782 return NULL; 783 } 784 785 static void mgmt_pending_remove(struct pending_cmd *cmd) 786 { 787 list_del(&cmd->list); 788 mgmt_pending_free(cmd); 789 } 790 791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 792 { 793 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 794 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings, 796 sizeof(settings)); 797 } 798 799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 800 u16 len) 801 { 802 struct mgmt_mode *cp = data; 803 struct pending_cmd *cmd; 804 int err; 805 806 BT_DBG("request for %s", hdev->name); 807 808 if (cp->val != 0x00 && cp->val != 0x01) 809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 810 MGMT_STATUS_INVALID_PARAMS); 811 812 hci_dev_lock(hdev); 813 814 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 815 cancel_delayed_work(&hdev->power_off); 816 817 if (cp->val) { 818 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, 819 data, len); 820 err = mgmt_powered(hdev, 1); 821 goto failed; 822 } 823 } 824 825 if (!!cp->val == hdev_is_powered(hdev)) { 826 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 827 goto failed; 828 } 829 830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 831 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 832 MGMT_STATUS_BUSY); 833 goto failed; 834 } 835 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 837 if (!cmd) { 838 err = -ENOMEM; 839 goto failed; 840 } 841 842 if (cp->val) 843 queue_work(hdev->req_workqueue, &hdev->power_on); 844 else 845 queue_work(hdev->req_workqueue, &hdev->power_off.work); 846 847 err = 0; 848 849 failed: 850 hci_dev_unlock(hdev); 851 return err; 852 } 853 854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len, 855 struct sock *skip_sk) 856 { 857 struct sk_buff *skb; 858 struct mgmt_hdr *hdr; 859 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL); 861 if (!skb) 862 return -ENOMEM; 863 864 hdr = (void *) skb_put(skb, sizeof(*hdr)); 865 hdr->opcode = cpu_to_le16(event); 866 if (hdev) 867 hdr->index = cpu_to_le16(hdev->id); 868 else 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE); 870 hdr->len = cpu_to_le16(data_len); 871 872 if (data) 873 memcpy(skb_put(skb, data_len), data, data_len); 874 875 /* Time stamp */ 876 __net_timestamp(skb); 877 878 hci_send_to_control(skb, skip_sk); 879 kfree_skb(skb); 880 881 return 0; 882 } 883 884 static int new_settings(struct hci_dev *hdev, struct sock *skip) 885 { 886 __le32 ev; 887 888 ev = cpu_to_le32(get_current_settings(hdev)); 889 890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip); 891 } 892 893 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 894 u16 len) 895 { 896 struct mgmt_cp_set_discoverable *cp = data; 897 struct pending_cmd *cmd; 898 u16 timeout; 899 u8 scan; 900 int err; 901 902 BT_DBG("request for %s", hdev->name); 903 904 if (!lmp_bredr_capable(hdev)) 905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 906 MGMT_STATUS_NOT_SUPPORTED); 907 908 if (cp->val != 0x00 && cp->val != 0x01) 909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 910 MGMT_STATUS_INVALID_PARAMS); 911 912 timeout = __le16_to_cpu(cp->timeout); 913 if (!cp->val && timeout > 0) 914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 915 MGMT_STATUS_INVALID_PARAMS); 916 917 hci_dev_lock(hdev); 918 919 if (!hdev_is_powered(hdev) && timeout > 0) { 920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 921 MGMT_STATUS_NOT_POWERED); 922 goto failed; 923 } 924 925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 926 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 928 MGMT_STATUS_BUSY); 929 goto failed; 930 } 931 932 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) { 933 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 934 MGMT_STATUS_REJECTED); 935 goto failed; 936 } 937 938 if (!hdev_is_powered(hdev)) { 939 bool changed = false; 940 941 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 942 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 943 changed = true; 944 } 945 946 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 947 if (err < 0) 948 goto failed; 949 950 if (changed) 951 err = new_settings(hdev, sk); 952 953 goto failed; 954 } 955 956 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 957 if (hdev->discov_timeout > 0) { 958 cancel_delayed_work(&hdev->discov_off); 959 hdev->discov_timeout = 0; 960 } 961 962 if (cp->val && timeout > 0) { 963 hdev->discov_timeout = timeout; 964 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 965 msecs_to_jiffies(hdev->discov_timeout * 1000)); 966 } 967 968 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 969 goto failed; 970 } 971 972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 973 if (!cmd) { 974 err = -ENOMEM; 975 goto failed; 976 } 977 978 scan = SCAN_PAGE; 979 980 if (cp->val) 981 scan |= SCAN_INQUIRY; 982 else 983 cancel_delayed_work(&hdev->discov_off); 984 985 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 986 if (err < 0) 987 mgmt_pending_remove(cmd); 988 989 if (cp->val) 990 hdev->discov_timeout = timeout; 991 992 failed: 993 hci_dev_unlock(hdev); 994 return err; 995 } 996 997 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 998 u16 len) 999 { 1000 struct mgmt_mode *cp = data; 1001 struct pending_cmd *cmd; 1002 u8 scan; 1003 int err; 1004 1005 BT_DBG("request for %s", hdev->name); 1006 1007 if (!lmp_bredr_capable(hdev)) 1008 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1009 MGMT_STATUS_NOT_SUPPORTED); 1010 1011 if (cp->val != 0x00 && cp->val != 0x01) 1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1013 MGMT_STATUS_INVALID_PARAMS); 1014 1015 hci_dev_lock(hdev); 1016 1017 if (!hdev_is_powered(hdev)) { 1018 bool changed = false; 1019 1020 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 1021 changed = true; 1022 1023 if (cp->val) { 1024 set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1025 } else { 1026 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1027 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1028 } 1029 1030 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1031 if (err < 0) 1032 goto failed; 1033 1034 if (changed) 1035 err = new_settings(hdev, sk); 1036 1037 goto failed; 1038 } 1039 1040 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1041 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1042 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1043 MGMT_STATUS_BUSY); 1044 goto failed; 1045 } 1046 1047 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 1048 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1049 goto failed; 1050 } 1051 1052 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1053 if (!cmd) { 1054 err = -ENOMEM; 1055 goto failed; 1056 } 1057 1058 if (cp->val) { 1059 scan = SCAN_PAGE; 1060 } else { 1061 scan = 0; 1062 1063 if (test_bit(HCI_ISCAN, &hdev->flags) && 1064 hdev->discov_timeout > 0) 1065 cancel_delayed_work(&hdev->discov_off); 1066 } 1067 1068 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1069 if (err < 0) 1070 mgmt_pending_remove(cmd); 1071 1072 failed: 1073 hci_dev_unlock(hdev); 1074 return err; 1075 } 1076 1077 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, 1078 u16 len) 1079 { 1080 struct mgmt_mode *cp = data; 1081 int err; 1082 1083 BT_DBG("request for %s", hdev->name); 1084 1085 if (cp->val != 0x00 && cp->val != 0x01) 1086 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE, 1087 MGMT_STATUS_INVALID_PARAMS); 1088 1089 hci_dev_lock(hdev); 1090 1091 if (cp->val) 1092 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1093 else 1094 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1095 1096 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1097 if (err < 0) 1098 goto failed; 1099 1100 err = new_settings(hdev, sk); 1101 1102 failed: 1103 hci_dev_unlock(hdev); 1104 return err; 1105 } 1106 1107 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1108 u16 len) 1109 { 1110 struct mgmt_mode *cp = data; 1111 struct pending_cmd *cmd; 1112 u8 val; 1113 int err; 1114 1115 BT_DBG("request for %s", hdev->name); 1116 1117 if (!lmp_bredr_capable(hdev)) 1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1119 MGMT_STATUS_NOT_SUPPORTED); 1120 1121 if (cp->val != 0x00 && cp->val != 0x01) 1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1123 MGMT_STATUS_INVALID_PARAMS); 1124 1125 hci_dev_lock(hdev); 1126 1127 if (!hdev_is_powered(hdev)) { 1128 bool changed = false; 1129 1130 if (!!cp->val != test_bit(HCI_LINK_SECURITY, 1131 &hdev->dev_flags)) { 1132 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 1133 changed = true; 1134 } 1135 1136 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1137 if (err < 0) 1138 goto failed; 1139 1140 if (changed) 1141 err = new_settings(hdev, sk); 1142 1143 goto failed; 1144 } 1145 1146 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1148 MGMT_STATUS_BUSY); 1149 goto failed; 1150 } 1151 1152 val = !!cp->val; 1153 1154 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1155 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1156 goto failed; 1157 } 1158 1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1160 if (!cmd) { 1161 err = -ENOMEM; 1162 goto failed; 1163 } 1164 1165 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1166 if (err < 0) { 1167 mgmt_pending_remove(cmd); 1168 goto failed; 1169 } 1170 1171 failed: 1172 hci_dev_unlock(hdev); 1173 return err; 1174 } 1175 1176 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1177 { 1178 struct mgmt_mode *cp = data; 1179 struct pending_cmd *cmd; 1180 u8 val; 1181 int err; 1182 1183 BT_DBG("request for %s", hdev->name); 1184 1185 if (!lmp_ssp_capable(hdev)) 1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1187 MGMT_STATUS_NOT_SUPPORTED); 1188 1189 if (cp->val != 0x00 && cp->val != 0x01) 1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1191 MGMT_STATUS_INVALID_PARAMS); 1192 1193 hci_dev_lock(hdev); 1194 1195 val = !!cp->val; 1196 1197 if (!hdev_is_powered(hdev)) { 1198 bool changed = false; 1199 1200 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1201 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 1202 changed = true; 1203 } 1204 1205 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1206 if (err < 0) 1207 goto failed; 1208 1209 if (changed) 1210 err = new_settings(hdev, sk); 1211 1212 goto failed; 1213 } 1214 1215 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) { 1216 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1217 MGMT_STATUS_BUSY); 1218 goto failed; 1219 } 1220 1221 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) { 1222 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1223 goto failed; 1224 } 1225 1226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1227 if (!cmd) { 1228 err = -ENOMEM; 1229 goto failed; 1230 } 1231 1232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val); 1233 if (err < 0) { 1234 mgmt_pending_remove(cmd); 1235 goto failed; 1236 } 1237 1238 failed: 1239 hci_dev_unlock(hdev); 1240 return err; 1241 } 1242 1243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1244 { 1245 struct mgmt_mode *cp = data; 1246 1247 BT_DBG("request for %s", hdev->name); 1248 1249 if (!enable_hs) 1250 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1251 MGMT_STATUS_NOT_SUPPORTED); 1252 1253 if (cp->val != 0x00 && cp->val != 0x01) 1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1255 MGMT_STATUS_INVALID_PARAMS); 1256 1257 if (cp->val) 1258 set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1259 else 1260 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1261 1262 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1263 } 1264 1265 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1266 { 1267 struct mgmt_mode *cp = data; 1268 struct hci_cp_write_le_host_supported hci_cp; 1269 struct pending_cmd *cmd; 1270 int err; 1271 u8 val, enabled; 1272 1273 BT_DBG("request for %s", hdev->name); 1274 1275 if (!lmp_le_capable(hdev)) 1276 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1277 MGMT_STATUS_NOT_SUPPORTED); 1278 1279 if (cp->val != 0x00 && cp->val != 0x01) 1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1281 MGMT_STATUS_INVALID_PARAMS); 1282 1283 hci_dev_lock(hdev); 1284 1285 val = !!cp->val; 1286 enabled = lmp_host_le_capable(hdev); 1287 1288 if (!hdev_is_powered(hdev) || val == enabled) { 1289 bool changed = false; 1290 1291 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1292 change_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1293 changed = true; 1294 } 1295 1296 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1297 if (err < 0) 1298 goto unlock; 1299 1300 if (changed) 1301 err = new_settings(hdev, sk); 1302 1303 goto unlock; 1304 } 1305 1306 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 1307 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1308 MGMT_STATUS_BUSY); 1309 goto unlock; 1310 } 1311 1312 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1313 if (!cmd) { 1314 err = -ENOMEM; 1315 goto unlock; 1316 } 1317 1318 memset(&hci_cp, 0, sizeof(hci_cp)); 1319 1320 if (val) { 1321 hci_cp.le = val; 1322 hci_cp.simul = lmp_le_br_capable(hdev); 1323 } 1324 1325 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1326 &hci_cp); 1327 if (err < 0) 1328 mgmt_pending_remove(cmd); 1329 1330 unlock: 1331 hci_dev_unlock(hdev); 1332 return err; 1333 } 1334 1335 static const u8 bluetooth_base_uuid[] = { 1336 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 1337 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1338 }; 1339 1340 static u8 get_uuid_size(const u8 *uuid) 1341 { 1342 u32 val; 1343 1344 if (memcmp(uuid, bluetooth_base_uuid, 12)) 1345 return 128; 1346 1347 val = get_unaligned_le32(&uuid[12]); 1348 if (val > 0xffff) 1349 return 32; 1350 1351 return 16; 1352 } 1353 1354 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1355 { 1356 struct mgmt_cp_add_uuid *cp = data; 1357 struct pending_cmd *cmd; 1358 struct bt_uuid *uuid; 1359 int err; 1360 1361 BT_DBG("request for %s", hdev->name); 1362 1363 hci_dev_lock(hdev); 1364 1365 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1367 MGMT_STATUS_BUSY); 1368 goto failed; 1369 } 1370 1371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 1372 if (!uuid) { 1373 err = -ENOMEM; 1374 goto failed; 1375 } 1376 1377 memcpy(uuid->uuid, cp->uuid, 16); 1378 uuid->svc_hint = cp->svc_hint; 1379 uuid->size = get_uuid_size(cp->uuid); 1380 1381 list_add_tail(&uuid->list, &hdev->uuids); 1382 1383 err = update_class(hdev); 1384 if (err < 0) 1385 goto failed; 1386 1387 err = update_eir(hdev); 1388 if (err < 0) 1389 goto failed; 1390 1391 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1392 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1393 hdev->dev_class, 3); 1394 goto failed; 1395 } 1396 1397 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1398 if (!cmd) 1399 err = -ENOMEM; 1400 1401 failed: 1402 hci_dev_unlock(hdev); 1403 return err; 1404 } 1405 1406 static bool enable_service_cache(struct hci_dev *hdev) 1407 { 1408 if (!hdev_is_powered(hdev)) 1409 return false; 1410 1411 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1412 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 1413 CACHE_TIMEOUT); 1414 return true; 1415 } 1416 1417 return false; 1418 } 1419 1420 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1421 u16 len) 1422 { 1423 struct mgmt_cp_remove_uuid *cp = data; 1424 struct pending_cmd *cmd; 1425 struct bt_uuid *match, *tmp; 1426 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1427 int err, found; 1428 1429 BT_DBG("request for %s", hdev->name); 1430 1431 hci_dev_lock(hdev); 1432 1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1435 MGMT_STATUS_BUSY); 1436 goto unlock; 1437 } 1438 1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1440 err = hci_uuids_clear(hdev); 1441 1442 if (enable_service_cache(hdev)) { 1443 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1444 0, hdev->dev_class, 3); 1445 goto unlock; 1446 } 1447 1448 goto update_class; 1449 } 1450 1451 found = 0; 1452 1453 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 1454 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1455 continue; 1456 1457 list_del(&match->list); 1458 kfree(match); 1459 found++; 1460 } 1461 1462 if (found == 0) { 1463 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1464 MGMT_STATUS_INVALID_PARAMS); 1465 goto unlock; 1466 } 1467 1468 update_class: 1469 err = update_class(hdev); 1470 if (err < 0) 1471 goto unlock; 1472 1473 err = update_eir(hdev); 1474 if (err < 0) 1475 goto unlock; 1476 1477 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1478 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 1479 hdev->dev_class, 3); 1480 goto unlock; 1481 } 1482 1483 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 1484 if (!cmd) 1485 err = -ENOMEM; 1486 1487 unlock: 1488 hci_dev_unlock(hdev); 1489 return err; 1490 } 1491 1492 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 1493 u16 len) 1494 { 1495 struct mgmt_cp_set_dev_class *cp = data; 1496 struct pending_cmd *cmd; 1497 int err; 1498 1499 BT_DBG("request for %s", hdev->name); 1500 1501 if (!lmp_bredr_capable(hdev)) 1502 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1503 MGMT_STATUS_NOT_SUPPORTED); 1504 1505 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) 1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1507 MGMT_STATUS_BUSY); 1508 1509 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) 1510 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1511 MGMT_STATUS_INVALID_PARAMS); 1512 1513 hci_dev_lock(hdev); 1514 1515 hdev->major_class = cp->major; 1516 hdev->minor_class = cp->minor; 1517 1518 if (!hdev_is_powered(hdev)) { 1519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1520 hdev->dev_class, 3); 1521 goto unlock; 1522 } 1523 1524 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1525 hci_dev_unlock(hdev); 1526 cancel_delayed_work_sync(&hdev->service_cache); 1527 hci_dev_lock(hdev); 1528 update_eir(hdev); 1529 } 1530 1531 err = update_class(hdev); 1532 if (err < 0) 1533 goto unlock; 1534 1535 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1537 hdev->dev_class, 3); 1538 goto unlock; 1539 } 1540 1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 1542 if (!cmd) 1543 err = -ENOMEM; 1544 1545 unlock: 1546 hci_dev_unlock(hdev); 1547 return err; 1548 } 1549 1550 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 1551 u16 len) 1552 { 1553 struct mgmt_cp_load_link_keys *cp = data; 1554 u16 key_count, expected_len; 1555 int i; 1556 1557 key_count = __le16_to_cpu(cp->key_count); 1558 1559 expected_len = sizeof(*cp) + key_count * 1560 sizeof(struct mgmt_link_key_info); 1561 if (expected_len != len) { 1562 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1563 len, expected_len); 1564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1565 MGMT_STATUS_INVALID_PARAMS); 1566 } 1567 1568 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 1569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1570 MGMT_STATUS_INVALID_PARAMS); 1571 1572 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 1573 key_count); 1574 1575 for (i = 0; i < key_count; i++) { 1576 struct mgmt_link_key_info *key = &cp->keys[i]; 1577 1578 if (key->addr.type != BDADDR_BREDR) 1579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1580 MGMT_STATUS_INVALID_PARAMS); 1581 } 1582 1583 hci_dev_lock(hdev); 1584 1585 hci_link_keys_clear(hdev); 1586 1587 set_bit(HCI_LINK_KEYS, &hdev->dev_flags); 1588 1589 if (cp->debug_keys) 1590 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1591 else 1592 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1593 1594 for (i = 0; i < key_count; i++) { 1595 struct mgmt_link_key_info *key = &cp->keys[i]; 1596 1597 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val, 1598 key->type, key->pin_len); 1599 } 1600 1601 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 1602 1603 hci_dev_unlock(hdev); 1604 1605 return 0; 1606 } 1607 1608 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 1609 u8 addr_type, struct sock *skip_sk) 1610 { 1611 struct mgmt_ev_device_unpaired ev; 1612 1613 bacpy(&ev.addr.bdaddr, bdaddr); 1614 ev.addr.type = addr_type; 1615 1616 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 1617 skip_sk); 1618 } 1619 1620 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1621 u16 len) 1622 { 1623 struct mgmt_cp_unpair_device *cp = data; 1624 struct mgmt_rp_unpair_device rp; 1625 struct hci_cp_disconnect dc; 1626 struct pending_cmd *cmd; 1627 struct hci_conn *conn; 1628 int err; 1629 1630 memset(&rp, 0, sizeof(rp)); 1631 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1632 rp.addr.type = cp->addr.type; 1633 1634 if (!bdaddr_type_is_valid(cp->addr.type)) 1635 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1636 MGMT_STATUS_INVALID_PARAMS, 1637 &rp, sizeof(rp)); 1638 1639 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 1640 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1641 MGMT_STATUS_INVALID_PARAMS, 1642 &rp, sizeof(rp)); 1643 1644 hci_dev_lock(hdev); 1645 1646 if (!hdev_is_powered(hdev)) { 1647 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1648 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 1649 goto unlock; 1650 } 1651 1652 if (cp->addr.type == BDADDR_BREDR) 1653 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 1654 else 1655 err = hci_remove_ltk(hdev, &cp->addr.bdaddr); 1656 1657 if (err < 0) { 1658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1659 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp)); 1660 goto unlock; 1661 } 1662 1663 if (cp->disconnect) { 1664 if (cp->addr.type == BDADDR_BREDR) 1665 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 1666 &cp->addr.bdaddr); 1667 else 1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, 1669 &cp->addr.bdaddr); 1670 } else { 1671 conn = NULL; 1672 } 1673 1674 if (!conn) { 1675 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 1676 &rp, sizeof(rp)); 1677 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 1678 goto unlock; 1679 } 1680 1681 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 1682 sizeof(*cp)); 1683 if (!cmd) { 1684 err = -ENOMEM; 1685 goto unlock; 1686 } 1687 1688 dc.handle = cpu_to_le16(conn->handle); 1689 dc.reason = 0x13; /* Remote User Terminated Connection */ 1690 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1691 if (err < 0) 1692 mgmt_pending_remove(cmd); 1693 1694 unlock: 1695 hci_dev_unlock(hdev); 1696 return err; 1697 } 1698 1699 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 1700 u16 len) 1701 { 1702 struct mgmt_cp_disconnect *cp = data; 1703 struct mgmt_rp_disconnect rp; 1704 struct hci_cp_disconnect dc; 1705 struct pending_cmd *cmd; 1706 struct hci_conn *conn; 1707 int err; 1708 1709 BT_DBG(""); 1710 1711 memset(&rp, 0, sizeof(rp)); 1712 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1713 rp.addr.type = cp->addr.type; 1714 1715 if (!bdaddr_type_is_valid(cp->addr.type)) 1716 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 1717 MGMT_STATUS_INVALID_PARAMS, 1718 &rp, sizeof(rp)); 1719 1720 hci_dev_lock(hdev); 1721 1722 if (!test_bit(HCI_UP, &hdev->flags)) { 1723 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 1724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 1725 goto failed; 1726 } 1727 1728 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1729 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 1730 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 1731 goto failed; 1732 } 1733 1734 if (cp->addr.type == BDADDR_BREDR) 1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 1736 &cp->addr.bdaddr); 1737 else 1738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 1739 1740 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 1741 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 1742 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp)); 1743 goto failed; 1744 } 1745 1746 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1747 if (!cmd) { 1748 err = -ENOMEM; 1749 goto failed; 1750 } 1751 1752 dc.handle = cpu_to_le16(conn->handle); 1753 dc.reason = HCI_ERROR_REMOTE_USER_TERM; 1754 1755 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1756 if (err < 0) 1757 mgmt_pending_remove(cmd); 1758 1759 failed: 1760 hci_dev_unlock(hdev); 1761 return err; 1762 } 1763 1764 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 1765 { 1766 switch (link_type) { 1767 case LE_LINK: 1768 switch (addr_type) { 1769 case ADDR_LE_DEV_PUBLIC: 1770 return BDADDR_LE_PUBLIC; 1771 1772 default: 1773 /* Fallback to LE Random address type */ 1774 return BDADDR_LE_RANDOM; 1775 } 1776 1777 default: 1778 /* Fallback to BR/EDR type */ 1779 return BDADDR_BREDR; 1780 } 1781 } 1782 1783 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 1784 u16 data_len) 1785 { 1786 struct mgmt_rp_get_connections *rp; 1787 struct hci_conn *c; 1788 size_t rp_len; 1789 int err; 1790 u16 i; 1791 1792 BT_DBG(""); 1793 1794 hci_dev_lock(hdev); 1795 1796 if (!hdev_is_powered(hdev)) { 1797 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 1798 MGMT_STATUS_NOT_POWERED); 1799 goto unlock; 1800 } 1801 1802 i = 0; 1803 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1804 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1805 i++; 1806 } 1807 1808 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1809 rp = kmalloc(rp_len, GFP_KERNEL); 1810 if (!rp) { 1811 err = -ENOMEM; 1812 goto unlock; 1813 } 1814 1815 i = 0; 1816 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1817 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1818 continue; 1819 bacpy(&rp->addr[i].bdaddr, &c->dst); 1820 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 1821 if (c->type == SCO_LINK || c->type == ESCO_LINK) 1822 continue; 1823 i++; 1824 } 1825 1826 rp->conn_count = cpu_to_le16(i); 1827 1828 /* Recalculate length in case of filtered SCO connections, etc */ 1829 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1830 1831 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 1832 rp_len); 1833 1834 kfree(rp); 1835 1836 unlock: 1837 hci_dev_unlock(hdev); 1838 return err; 1839 } 1840 1841 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 1842 struct mgmt_cp_pin_code_neg_reply *cp) 1843 { 1844 struct pending_cmd *cmd; 1845 int err; 1846 1847 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1848 sizeof(*cp)); 1849 if (!cmd) 1850 return -ENOMEM; 1851 1852 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 1853 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 1854 if (err < 0) 1855 mgmt_pending_remove(cmd); 1856 1857 return err; 1858 } 1859 1860 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 1861 u16 len) 1862 { 1863 struct hci_conn *conn; 1864 struct mgmt_cp_pin_code_reply *cp = data; 1865 struct hci_cp_pin_code_reply reply; 1866 struct pending_cmd *cmd; 1867 int err; 1868 1869 BT_DBG(""); 1870 1871 hci_dev_lock(hdev); 1872 1873 if (!hdev_is_powered(hdev)) { 1874 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1875 MGMT_STATUS_NOT_POWERED); 1876 goto failed; 1877 } 1878 1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1880 if (!conn) { 1881 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1882 MGMT_STATUS_NOT_CONNECTED); 1883 goto failed; 1884 } 1885 1886 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1887 struct mgmt_cp_pin_code_neg_reply ncp; 1888 1889 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 1890 1891 BT_ERR("PIN code is not 16 bytes long"); 1892 1893 err = send_pin_code_neg_reply(sk, hdev, &ncp); 1894 if (err >= 0) 1895 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1896 MGMT_STATUS_INVALID_PARAMS); 1897 1898 goto failed; 1899 } 1900 1901 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1902 if (!cmd) { 1903 err = -ENOMEM; 1904 goto failed; 1905 } 1906 1907 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 1908 reply.pin_len = cp->pin_len; 1909 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1910 1911 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1912 if (err < 0) 1913 mgmt_pending_remove(cmd); 1914 1915 failed: 1916 hci_dev_unlock(hdev); 1917 return err; 1918 } 1919 1920 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 1921 u16 len) 1922 { 1923 struct mgmt_cp_set_io_capability *cp = data; 1924 1925 BT_DBG(""); 1926 1927 hci_dev_lock(hdev); 1928 1929 hdev->io_capability = cp->io_capability; 1930 1931 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1932 hdev->io_capability); 1933 1934 hci_dev_unlock(hdev); 1935 1936 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 1937 0); 1938 } 1939 1940 static struct pending_cmd *find_pairing(struct hci_conn *conn) 1941 { 1942 struct hci_dev *hdev = conn->hdev; 1943 struct pending_cmd *cmd; 1944 1945 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1946 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1947 continue; 1948 1949 if (cmd->user_data != conn) 1950 continue; 1951 1952 return cmd; 1953 } 1954 1955 return NULL; 1956 } 1957 1958 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1959 { 1960 struct mgmt_rp_pair_device rp; 1961 struct hci_conn *conn = cmd->user_data; 1962 1963 bacpy(&rp.addr.bdaddr, &conn->dst); 1964 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 1965 1966 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status, 1967 &rp, sizeof(rp)); 1968 1969 /* So we don't get further callbacks for this connection */ 1970 conn->connect_cfm_cb = NULL; 1971 conn->security_cfm_cb = NULL; 1972 conn->disconn_cfm_cb = NULL; 1973 1974 hci_conn_put(conn); 1975 1976 mgmt_pending_remove(cmd); 1977 } 1978 1979 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1980 { 1981 struct pending_cmd *cmd; 1982 1983 BT_DBG("status %u", status); 1984 1985 cmd = find_pairing(conn); 1986 if (!cmd) 1987 BT_DBG("Unable to find a pending command"); 1988 else 1989 pairing_complete(cmd, mgmt_status(status)); 1990 } 1991 1992 static void le_connect_complete_cb(struct hci_conn *conn, u8 status) 1993 { 1994 struct pending_cmd *cmd; 1995 1996 BT_DBG("status %u", status); 1997 1998 if (!status) 1999 return; 2000 2001 cmd = find_pairing(conn); 2002 if (!cmd) 2003 BT_DBG("Unable to find a pending command"); 2004 else 2005 pairing_complete(cmd, mgmt_status(status)); 2006 } 2007 2008 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2009 u16 len) 2010 { 2011 struct mgmt_cp_pair_device *cp = data; 2012 struct mgmt_rp_pair_device rp; 2013 struct pending_cmd *cmd; 2014 u8 sec_level, auth_type; 2015 struct hci_conn *conn; 2016 int err; 2017 2018 BT_DBG(""); 2019 2020 memset(&rp, 0, sizeof(rp)); 2021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2022 rp.addr.type = cp->addr.type; 2023 2024 if (!bdaddr_type_is_valid(cp->addr.type)) 2025 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2026 MGMT_STATUS_INVALID_PARAMS, 2027 &rp, sizeof(rp)); 2028 2029 hci_dev_lock(hdev); 2030 2031 if (!hdev_is_powered(hdev)) { 2032 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2033 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 2034 goto unlock; 2035 } 2036 2037 sec_level = BT_SECURITY_MEDIUM; 2038 if (cp->io_cap == 0x03) 2039 auth_type = HCI_AT_DEDICATED_BONDING; 2040 else 2041 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 2042 2043 if (cp->addr.type == BDADDR_BREDR) 2044 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, 2045 cp->addr.type, sec_level, auth_type); 2046 else 2047 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, 2048 cp->addr.type, sec_level, auth_type); 2049 2050 if (IS_ERR(conn)) { 2051 int status; 2052 2053 if (PTR_ERR(conn) == -EBUSY) 2054 status = MGMT_STATUS_BUSY; 2055 else 2056 status = MGMT_STATUS_CONNECT_FAILED; 2057 2058 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2059 status, &rp, 2060 sizeof(rp)); 2061 goto unlock; 2062 } 2063 2064 if (conn->connect_cfm_cb) { 2065 hci_conn_put(conn); 2066 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2067 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2068 goto unlock; 2069 } 2070 2071 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2072 if (!cmd) { 2073 err = -ENOMEM; 2074 hci_conn_put(conn); 2075 goto unlock; 2076 } 2077 2078 /* For LE, just connecting isn't a proof that the pairing finished */ 2079 if (cp->addr.type == BDADDR_BREDR) 2080 conn->connect_cfm_cb = pairing_complete_cb; 2081 else 2082 conn->connect_cfm_cb = le_connect_complete_cb; 2083 2084 conn->security_cfm_cb = pairing_complete_cb; 2085 conn->disconn_cfm_cb = pairing_complete_cb; 2086 conn->io_capability = cp->io_cap; 2087 cmd->user_data = conn; 2088 2089 if (conn->state == BT_CONNECTED && 2090 hci_conn_security(conn, sec_level, auth_type)) 2091 pairing_complete(cmd, 0); 2092 2093 err = 0; 2094 2095 unlock: 2096 hci_dev_unlock(hdev); 2097 return err; 2098 } 2099 2100 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2101 u16 len) 2102 { 2103 struct mgmt_addr_info *addr = data; 2104 struct pending_cmd *cmd; 2105 struct hci_conn *conn; 2106 int err; 2107 2108 BT_DBG(""); 2109 2110 hci_dev_lock(hdev); 2111 2112 if (!hdev_is_powered(hdev)) { 2113 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2114 MGMT_STATUS_NOT_POWERED); 2115 goto unlock; 2116 } 2117 2118 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2119 if (!cmd) { 2120 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2121 MGMT_STATUS_INVALID_PARAMS); 2122 goto unlock; 2123 } 2124 2125 conn = cmd->user_data; 2126 2127 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 2128 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2129 MGMT_STATUS_INVALID_PARAMS); 2130 goto unlock; 2131 } 2132 2133 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 2134 2135 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 2136 addr, sizeof(*addr)); 2137 unlock: 2138 hci_dev_unlock(hdev); 2139 return err; 2140 } 2141 2142 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 2143 bdaddr_t *bdaddr, u8 type, u16 mgmt_op, 2144 u16 hci_op, __le32 passkey) 2145 { 2146 struct pending_cmd *cmd; 2147 struct hci_conn *conn; 2148 int err; 2149 2150 hci_dev_lock(hdev); 2151 2152 if (!hdev_is_powered(hdev)) { 2153 err = cmd_status(sk, hdev->id, mgmt_op, 2154 MGMT_STATUS_NOT_POWERED); 2155 goto done; 2156 } 2157 2158 if (type == BDADDR_BREDR) 2159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 2160 else 2161 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 2162 2163 if (!conn) { 2164 err = cmd_status(sk, hdev->id, mgmt_op, 2165 MGMT_STATUS_NOT_CONNECTED); 2166 goto done; 2167 } 2168 2169 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) { 2170 /* Continue with pairing via SMP */ 2171 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2172 2173 if (!err) 2174 err = cmd_status(sk, hdev->id, mgmt_op, 2175 MGMT_STATUS_SUCCESS); 2176 else 2177 err = cmd_status(sk, hdev->id, mgmt_op, 2178 MGMT_STATUS_FAILED); 2179 2180 goto done; 2181 } 2182 2183 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 2184 if (!cmd) { 2185 err = -ENOMEM; 2186 goto done; 2187 } 2188 2189 /* Continue with pairing via HCI */ 2190 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2191 struct hci_cp_user_passkey_reply cp; 2192 2193 bacpy(&cp.bdaddr, bdaddr); 2194 cp.passkey = passkey; 2195 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2196 } else 2197 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 2198 2199 if (err < 0) 2200 mgmt_pending_remove(cmd); 2201 2202 done: 2203 hci_dev_unlock(hdev); 2204 return err; 2205 } 2206 2207 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2208 void *data, u16 len) 2209 { 2210 struct mgmt_cp_pin_code_neg_reply *cp = data; 2211 2212 BT_DBG(""); 2213 2214 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2215 MGMT_OP_PIN_CODE_NEG_REPLY, 2216 HCI_OP_PIN_CODE_NEG_REPLY, 0); 2217 } 2218 2219 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2220 u16 len) 2221 { 2222 struct mgmt_cp_user_confirm_reply *cp = data; 2223 2224 BT_DBG(""); 2225 2226 if (len != sizeof(*cp)) 2227 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2228 MGMT_STATUS_INVALID_PARAMS); 2229 2230 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2231 MGMT_OP_USER_CONFIRM_REPLY, 2232 HCI_OP_USER_CONFIRM_REPLY, 0); 2233 } 2234 2235 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2236 void *data, u16 len) 2237 { 2238 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2239 2240 BT_DBG(""); 2241 2242 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2243 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2244 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2245 } 2246 2247 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2248 u16 len) 2249 { 2250 struct mgmt_cp_user_passkey_reply *cp = data; 2251 2252 BT_DBG(""); 2253 2254 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2255 MGMT_OP_USER_PASSKEY_REPLY, 2256 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 2257 } 2258 2259 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 2260 void *data, u16 len) 2261 { 2262 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2263 2264 BT_DBG(""); 2265 2266 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2267 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2268 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2269 } 2270 2271 static int update_name(struct hci_dev *hdev, const char *name) 2272 { 2273 struct hci_cp_write_local_name cp; 2274 2275 memcpy(cp.name, name, sizeof(cp.name)); 2276 2277 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 2278 } 2279 2280 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 2281 u16 len) 2282 { 2283 struct mgmt_cp_set_local_name *cp = data; 2284 struct pending_cmd *cmd; 2285 int err; 2286 2287 BT_DBG(""); 2288 2289 hci_dev_lock(hdev); 2290 2291 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 2292 2293 if (!hdev_is_powered(hdev)) { 2294 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 2295 2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2297 data, len); 2298 if (err < 0) 2299 goto failed; 2300 2301 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len, 2302 sk); 2303 2304 goto failed; 2305 } 2306 2307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 2308 if (!cmd) { 2309 err = -ENOMEM; 2310 goto failed; 2311 } 2312 2313 err = update_name(hdev, cp->name); 2314 if (err < 0) 2315 mgmt_pending_remove(cmd); 2316 2317 failed: 2318 hci_dev_unlock(hdev); 2319 return err; 2320 } 2321 2322 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 2323 void *data, u16 data_len) 2324 { 2325 struct pending_cmd *cmd; 2326 int err; 2327 2328 BT_DBG("%s", hdev->name); 2329 2330 hci_dev_lock(hdev); 2331 2332 if (!hdev_is_powered(hdev)) { 2333 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2334 MGMT_STATUS_NOT_POWERED); 2335 goto unlock; 2336 } 2337 2338 if (!lmp_ssp_capable(hdev)) { 2339 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2340 MGMT_STATUS_NOT_SUPPORTED); 2341 goto unlock; 2342 } 2343 2344 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 2345 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2346 MGMT_STATUS_BUSY); 2347 goto unlock; 2348 } 2349 2350 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 2351 if (!cmd) { 2352 err = -ENOMEM; 2353 goto unlock; 2354 } 2355 2356 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 2357 if (err < 0) 2358 mgmt_pending_remove(cmd); 2359 2360 unlock: 2361 hci_dev_unlock(hdev); 2362 return err; 2363 } 2364 2365 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2366 void *data, u16 len) 2367 { 2368 struct mgmt_cp_add_remote_oob_data *cp = data; 2369 u8 status; 2370 int err; 2371 2372 BT_DBG("%s ", hdev->name); 2373 2374 hci_dev_lock(hdev); 2375 2376 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash, 2377 cp->randomizer); 2378 if (err < 0) 2379 status = MGMT_STATUS_FAILED; 2380 else 2381 status = MGMT_STATUS_SUCCESS; 2382 2383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status, 2384 &cp->addr, sizeof(cp->addr)); 2385 2386 hci_dev_unlock(hdev); 2387 return err; 2388 } 2389 2390 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2391 void *data, u16 len) 2392 { 2393 struct mgmt_cp_remove_remote_oob_data *cp = data; 2394 u8 status; 2395 int err; 2396 2397 BT_DBG("%s", hdev->name); 2398 2399 hci_dev_lock(hdev); 2400 2401 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 2402 if (err < 0) 2403 status = MGMT_STATUS_INVALID_PARAMS; 2404 else 2405 status = MGMT_STATUS_SUCCESS; 2406 2407 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2408 status, &cp->addr, sizeof(cp->addr)); 2409 2410 hci_dev_unlock(hdev); 2411 return err; 2412 } 2413 2414 int mgmt_interleaved_discovery(struct hci_dev *hdev) 2415 { 2416 int err; 2417 2418 BT_DBG("%s", hdev->name); 2419 2420 hci_dev_lock(hdev); 2421 2422 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE); 2423 if (err < 0) 2424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2425 2426 hci_dev_unlock(hdev); 2427 2428 return err; 2429 } 2430 2431 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 2432 void *data, u16 len) 2433 { 2434 struct mgmt_cp_start_discovery *cp = data; 2435 struct pending_cmd *cmd; 2436 int err; 2437 2438 BT_DBG("%s", hdev->name); 2439 2440 hci_dev_lock(hdev); 2441 2442 if (!hdev_is_powered(hdev)) { 2443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2444 MGMT_STATUS_NOT_POWERED); 2445 goto failed; 2446 } 2447 2448 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) { 2449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2450 MGMT_STATUS_BUSY); 2451 goto failed; 2452 } 2453 2454 if (hdev->discovery.state != DISCOVERY_STOPPED) { 2455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2456 MGMT_STATUS_BUSY); 2457 goto failed; 2458 } 2459 2460 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 2461 if (!cmd) { 2462 err = -ENOMEM; 2463 goto failed; 2464 } 2465 2466 hdev->discovery.type = cp->type; 2467 2468 switch (hdev->discovery.type) { 2469 case DISCOV_TYPE_BREDR: 2470 if (!lmp_bredr_capable(hdev)) { 2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2472 MGMT_STATUS_NOT_SUPPORTED); 2473 mgmt_pending_remove(cmd); 2474 goto failed; 2475 } 2476 2477 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2478 break; 2479 2480 case DISCOV_TYPE_LE: 2481 if (!lmp_host_le_capable(hdev)) { 2482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2483 MGMT_STATUS_NOT_SUPPORTED); 2484 mgmt_pending_remove(cmd); 2485 goto failed; 2486 } 2487 2488 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2489 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2490 break; 2491 2492 case DISCOV_TYPE_INTERLEAVED: 2493 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) { 2494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2495 MGMT_STATUS_NOT_SUPPORTED); 2496 mgmt_pending_remove(cmd); 2497 goto failed; 2498 } 2499 2500 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN, 2501 LE_SCAN_TIMEOUT_BREDR_LE); 2502 break; 2503 2504 default: 2505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2506 MGMT_STATUS_INVALID_PARAMS); 2507 mgmt_pending_remove(cmd); 2508 goto failed; 2509 } 2510 2511 if (err < 0) 2512 mgmt_pending_remove(cmd); 2513 else 2514 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 2515 2516 failed: 2517 hci_dev_unlock(hdev); 2518 return err; 2519 } 2520 2521 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 2522 u16 len) 2523 { 2524 struct mgmt_cp_stop_discovery *mgmt_cp = data; 2525 struct pending_cmd *cmd; 2526 struct hci_cp_remote_name_req_cancel cp; 2527 struct inquiry_entry *e; 2528 int err; 2529 2530 BT_DBG("%s", hdev->name); 2531 2532 hci_dev_lock(hdev); 2533 2534 if (!hci_discovery_active(hdev)) { 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2536 MGMT_STATUS_REJECTED, &mgmt_cp->type, 2537 sizeof(mgmt_cp->type)); 2538 goto unlock; 2539 } 2540 2541 if (hdev->discovery.type != mgmt_cp->type) { 2542 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2543 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type, 2544 sizeof(mgmt_cp->type)); 2545 goto unlock; 2546 } 2547 2548 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 2549 if (!cmd) { 2550 err = -ENOMEM; 2551 goto unlock; 2552 } 2553 2554 switch (hdev->discovery.state) { 2555 case DISCOVERY_FINDING: 2556 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2557 err = hci_cancel_inquiry(hdev); 2558 else 2559 err = hci_cancel_le_scan(hdev); 2560 2561 break; 2562 2563 case DISCOVERY_RESOLVING: 2564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 2565 NAME_PENDING); 2566 if (!e) { 2567 mgmt_pending_remove(cmd); 2568 err = cmd_complete(sk, hdev->id, 2569 MGMT_OP_STOP_DISCOVERY, 0, 2570 &mgmt_cp->type, 2571 sizeof(mgmt_cp->type)); 2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2573 goto unlock; 2574 } 2575 2576 bacpy(&cp.bdaddr, &e->data.bdaddr); 2577 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 2578 sizeof(cp), &cp); 2579 2580 break; 2581 2582 default: 2583 BT_DBG("unknown discovery state %u", hdev->discovery.state); 2584 err = -EFAULT; 2585 } 2586 2587 if (err < 0) 2588 mgmt_pending_remove(cmd); 2589 else 2590 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2591 2592 unlock: 2593 hci_dev_unlock(hdev); 2594 return err; 2595 } 2596 2597 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 2598 u16 len) 2599 { 2600 struct mgmt_cp_confirm_name *cp = data; 2601 struct inquiry_entry *e; 2602 int err; 2603 2604 BT_DBG("%s", hdev->name); 2605 2606 hci_dev_lock(hdev); 2607 2608 if (!hci_discovery_active(hdev)) { 2609 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2610 MGMT_STATUS_FAILED); 2611 goto failed; 2612 } 2613 2614 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 2615 if (!e) { 2616 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2617 MGMT_STATUS_INVALID_PARAMS); 2618 goto failed; 2619 } 2620 2621 if (cp->name_known) { 2622 e->name_state = NAME_KNOWN; 2623 list_del(&e->list); 2624 } else { 2625 e->name_state = NAME_NEEDED; 2626 hci_inquiry_cache_update_resolve(hdev, e); 2627 } 2628 2629 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr, 2630 sizeof(cp->addr)); 2631 2632 failed: 2633 hci_dev_unlock(hdev); 2634 return err; 2635 } 2636 2637 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 2638 u16 len) 2639 { 2640 struct mgmt_cp_block_device *cp = data; 2641 u8 status; 2642 int err; 2643 2644 BT_DBG("%s", hdev->name); 2645 2646 if (!bdaddr_type_is_valid(cp->addr.type)) 2647 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 2648 MGMT_STATUS_INVALID_PARAMS, 2649 &cp->addr, sizeof(cp->addr)); 2650 2651 hci_dev_lock(hdev); 2652 2653 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type); 2654 if (err < 0) 2655 status = MGMT_STATUS_FAILED; 2656 else 2657 status = MGMT_STATUS_SUCCESS; 2658 2659 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 2660 &cp->addr, sizeof(cp->addr)); 2661 2662 hci_dev_unlock(hdev); 2663 2664 return err; 2665 } 2666 2667 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 2668 u16 len) 2669 { 2670 struct mgmt_cp_unblock_device *cp = data; 2671 u8 status; 2672 int err; 2673 2674 BT_DBG("%s", hdev->name); 2675 2676 if (!bdaddr_type_is_valid(cp->addr.type)) 2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 2678 MGMT_STATUS_INVALID_PARAMS, 2679 &cp->addr, sizeof(cp->addr)); 2680 2681 hci_dev_lock(hdev); 2682 2683 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type); 2684 if (err < 0) 2685 status = MGMT_STATUS_INVALID_PARAMS; 2686 else 2687 status = MGMT_STATUS_SUCCESS; 2688 2689 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 2690 &cp->addr, sizeof(cp->addr)); 2691 2692 hci_dev_unlock(hdev); 2693 2694 return err; 2695 } 2696 2697 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 2698 u16 len) 2699 { 2700 struct mgmt_cp_set_device_id *cp = data; 2701 int err; 2702 __u16 source; 2703 2704 BT_DBG("%s", hdev->name); 2705 2706 source = __le16_to_cpu(cp->source); 2707 2708 if (source > 0x0002) 2709 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 2710 MGMT_STATUS_INVALID_PARAMS); 2711 2712 hci_dev_lock(hdev); 2713 2714 hdev->devid_source = source; 2715 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 2716 hdev->devid_product = __le16_to_cpu(cp->product); 2717 hdev->devid_version = __le16_to_cpu(cp->version); 2718 2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0); 2720 2721 update_eir(hdev); 2722 2723 hci_dev_unlock(hdev); 2724 2725 return err; 2726 } 2727 2728 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 2729 void *data, u16 len) 2730 { 2731 struct mgmt_mode *cp = data; 2732 struct hci_cp_write_page_scan_activity acp; 2733 u8 type; 2734 int err; 2735 2736 BT_DBG("%s", hdev->name); 2737 2738 if (!lmp_bredr_capable(hdev)) 2739 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2740 MGMT_STATUS_NOT_SUPPORTED); 2741 2742 if (cp->val != 0x00 && cp->val != 0x01) 2743 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2744 MGMT_STATUS_INVALID_PARAMS); 2745 2746 if (!hdev_is_powered(hdev)) 2747 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2748 MGMT_STATUS_NOT_POWERED); 2749 2750 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2752 MGMT_STATUS_REJECTED); 2753 2754 hci_dev_lock(hdev); 2755 2756 if (cp->val) { 2757 type = PAGE_SCAN_TYPE_INTERLACED; 2758 2759 /* 160 msec page scan interval */ 2760 acp.interval = __constant_cpu_to_le16(0x0100); 2761 } else { 2762 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2763 2764 /* default 1.28 sec page scan */ 2765 acp.interval = __constant_cpu_to_le16(0x0800); 2766 } 2767 2768 /* default 11.25 msec page scan window */ 2769 acp.window = __constant_cpu_to_le16(0x0012); 2770 2771 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp), 2772 &acp); 2773 if (err < 0) { 2774 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2775 MGMT_STATUS_FAILED); 2776 goto done; 2777 } 2778 2779 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2780 if (err < 0) { 2781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2782 MGMT_STATUS_FAILED); 2783 goto done; 2784 } 2785 2786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0, 2787 NULL, 0); 2788 done: 2789 hci_dev_unlock(hdev); 2790 return err; 2791 } 2792 2793 static bool ltk_is_valid(struct mgmt_ltk_info *key) 2794 { 2795 if (key->authenticated != 0x00 && key->authenticated != 0x01) 2796 return false; 2797 if (key->master != 0x00 && key->master != 0x01) 2798 return false; 2799 if (!bdaddr_type_is_le(key->addr.type)) 2800 return false; 2801 return true; 2802 } 2803 2804 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 2805 void *cp_data, u16 len) 2806 { 2807 struct mgmt_cp_load_long_term_keys *cp = cp_data; 2808 u16 key_count, expected_len; 2809 int i, err; 2810 2811 key_count = __le16_to_cpu(cp->key_count); 2812 2813 expected_len = sizeof(*cp) + key_count * 2814 sizeof(struct mgmt_ltk_info); 2815 if (expected_len != len) { 2816 BT_ERR("load_keys: expected %u bytes, got %u bytes", 2817 len, expected_len); 2818 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 2819 MGMT_STATUS_INVALID_PARAMS); 2820 } 2821 2822 BT_DBG("%s key_count %u", hdev->name, key_count); 2823 2824 for (i = 0; i < key_count; i++) { 2825 struct mgmt_ltk_info *key = &cp->keys[i]; 2826 2827 if (!ltk_is_valid(key)) 2828 return cmd_status(sk, hdev->id, 2829 MGMT_OP_LOAD_LONG_TERM_KEYS, 2830 MGMT_STATUS_INVALID_PARAMS); 2831 } 2832 2833 hci_dev_lock(hdev); 2834 2835 hci_smp_ltks_clear(hdev); 2836 2837 for (i = 0; i < key_count; i++) { 2838 struct mgmt_ltk_info *key = &cp->keys[i]; 2839 u8 type; 2840 2841 if (key->master) 2842 type = HCI_SMP_LTK; 2843 else 2844 type = HCI_SMP_LTK_SLAVE; 2845 2846 hci_add_ltk(hdev, &key->addr.bdaddr, 2847 bdaddr_to_le(key->addr.type), 2848 type, 0, key->authenticated, key->val, 2849 key->enc_size, key->ediv, key->rand); 2850 } 2851 2852 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 2853 NULL, 0); 2854 2855 hci_dev_unlock(hdev); 2856 2857 return err; 2858 } 2859 2860 static const struct mgmt_handler { 2861 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data, 2862 u16 data_len); 2863 bool var_len; 2864 size_t data_len; 2865 } mgmt_handlers[] = { 2866 { NULL }, /* 0x0000 (no command) */ 2867 { read_version, false, MGMT_READ_VERSION_SIZE }, 2868 { read_commands, false, MGMT_READ_COMMANDS_SIZE }, 2869 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE }, 2870 { read_controller_info, false, MGMT_READ_INFO_SIZE }, 2871 { set_powered, false, MGMT_SETTING_SIZE }, 2872 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, 2873 { set_connectable, false, MGMT_SETTING_SIZE }, 2874 { set_fast_connectable, false, MGMT_SETTING_SIZE }, 2875 { set_pairable, false, MGMT_SETTING_SIZE }, 2876 { set_link_security, false, MGMT_SETTING_SIZE }, 2877 { set_ssp, false, MGMT_SETTING_SIZE }, 2878 { set_hs, false, MGMT_SETTING_SIZE }, 2879 { set_le, false, MGMT_SETTING_SIZE }, 2880 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE }, 2881 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE }, 2882 { add_uuid, false, MGMT_ADD_UUID_SIZE }, 2883 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE }, 2884 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE }, 2885 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE }, 2886 { disconnect, false, MGMT_DISCONNECT_SIZE }, 2887 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE }, 2888 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE }, 2889 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 2890 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE }, 2891 { pair_device, false, MGMT_PAIR_DEVICE_SIZE }, 2892 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 2893 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE }, 2894 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE }, 2895 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 2896 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, 2897 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 2898 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 2899 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, 2900 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 2901 { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, 2902 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, 2903 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE }, 2904 { block_device, false, MGMT_BLOCK_DEVICE_SIZE }, 2905 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE }, 2906 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE }, 2907 }; 2908 2909 2910 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2911 { 2912 void *buf; 2913 u8 *cp; 2914 struct mgmt_hdr *hdr; 2915 u16 opcode, index, len; 2916 struct hci_dev *hdev = NULL; 2917 const struct mgmt_handler *handler; 2918 int err; 2919 2920 BT_DBG("got %zu bytes", msglen); 2921 2922 if (msglen < sizeof(*hdr)) 2923 return -EINVAL; 2924 2925 buf = kmalloc(msglen, GFP_KERNEL); 2926 if (!buf) 2927 return -ENOMEM; 2928 2929 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2930 err = -EFAULT; 2931 goto done; 2932 } 2933 2934 hdr = buf; 2935 opcode = __le16_to_cpu(hdr->opcode); 2936 index = __le16_to_cpu(hdr->index); 2937 len = __le16_to_cpu(hdr->len); 2938 2939 if (len != msglen - sizeof(*hdr)) { 2940 err = -EINVAL; 2941 goto done; 2942 } 2943 2944 if (index != MGMT_INDEX_NONE) { 2945 hdev = hci_dev_get(index); 2946 if (!hdev) { 2947 err = cmd_status(sk, index, opcode, 2948 MGMT_STATUS_INVALID_INDEX); 2949 goto done; 2950 } 2951 } 2952 2953 if (opcode >= ARRAY_SIZE(mgmt_handlers) || 2954 mgmt_handlers[opcode].func == NULL) { 2955 BT_DBG("Unknown op %u", opcode); 2956 err = cmd_status(sk, index, opcode, 2957 MGMT_STATUS_UNKNOWN_COMMAND); 2958 goto done; 2959 } 2960 2961 if ((hdev && opcode < MGMT_OP_READ_INFO) || 2962 (!hdev && opcode >= MGMT_OP_READ_INFO)) { 2963 err = cmd_status(sk, index, opcode, 2964 MGMT_STATUS_INVALID_INDEX); 2965 goto done; 2966 } 2967 2968 handler = &mgmt_handlers[opcode]; 2969 2970 if ((handler->var_len && len < handler->data_len) || 2971 (!handler->var_len && len != handler->data_len)) { 2972 err = cmd_status(sk, index, opcode, 2973 MGMT_STATUS_INVALID_PARAMS); 2974 goto done; 2975 } 2976 2977 if (hdev) 2978 mgmt_init_hdev(sk, hdev); 2979 2980 cp = buf + sizeof(*hdr); 2981 2982 err = handler->func(sk, hdev, cp, len); 2983 if (err < 0) 2984 goto done; 2985 2986 err = msglen; 2987 2988 done: 2989 if (hdev) 2990 hci_dev_put(hdev); 2991 2992 kfree(buf); 2993 return err; 2994 } 2995 2996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2997 { 2998 u8 *status = data; 2999 3000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 3001 mgmt_pending_remove(cmd); 3002 } 3003 3004 int mgmt_index_added(struct hci_dev *hdev) 3005 { 3006 if (!mgmt_valid_hdev(hdev)) 3007 return -ENOTSUPP; 3008 3009 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 3010 } 3011 3012 int mgmt_index_removed(struct hci_dev *hdev) 3013 { 3014 u8 status = MGMT_STATUS_INVALID_INDEX; 3015 3016 if (!mgmt_valid_hdev(hdev)) 3017 return -ENOTSUPP; 3018 3019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 3020 3021 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 3022 } 3023 3024 struct cmd_lookup { 3025 struct sock *sk; 3026 struct hci_dev *hdev; 3027 u8 mgmt_status; 3028 }; 3029 3030 static void settings_rsp(struct pending_cmd *cmd, void *data) 3031 { 3032 struct cmd_lookup *match = data; 3033 3034 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 3035 3036 list_del(&cmd->list); 3037 3038 if (match->sk == NULL) { 3039 match->sk = cmd->sk; 3040 sock_hold(match->sk); 3041 } 3042 3043 mgmt_pending_free(cmd); 3044 } 3045 3046 static int set_bredr_scan(struct hci_dev *hdev) 3047 { 3048 u8 scan = 0; 3049 3050 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 3051 scan |= SCAN_PAGE; 3052 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 3053 scan |= SCAN_INQUIRY; 3054 3055 if (!scan) 3056 return 0; 3057 3058 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 3059 } 3060 3061 int mgmt_powered(struct hci_dev *hdev, u8 powered) 3062 { 3063 struct cmd_lookup match = { NULL, hdev }; 3064 int err; 3065 3066 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 3067 return 0; 3068 3069 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 3070 3071 if (powered) { 3072 u8 link_sec; 3073 3074 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) && 3075 !lmp_host_ssp_capable(hdev)) { 3076 u8 ssp = 1; 3077 3078 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp); 3079 } 3080 3081 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 3082 struct hci_cp_write_le_host_supported cp; 3083 3084 cp.le = 1; 3085 cp.simul = lmp_le_br_capable(hdev); 3086 3087 /* Check first if we already have the right 3088 * host state (host features set) 3089 */ 3090 if (cp.le != lmp_host_le_capable(hdev) || 3091 cp.simul != lmp_host_le_br_capable(hdev)) 3092 hci_send_cmd(hdev, 3093 HCI_OP_WRITE_LE_HOST_SUPPORTED, 3094 sizeof(cp), &cp); 3095 } 3096 3097 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 3098 if (link_sec != test_bit(HCI_AUTH, &hdev->flags)) 3099 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 3100 sizeof(link_sec), &link_sec); 3101 3102 if (lmp_bredr_capable(hdev)) { 3103 set_bredr_scan(hdev); 3104 update_class(hdev); 3105 update_name(hdev, hdev->dev_name); 3106 update_eir(hdev); 3107 } 3108 } else { 3109 u8 status = MGMT_STATUS_NOT_POWERED; 3110 u8 zero_cod[] = { 0, 0, 0 }; 3111 3112 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 3113 3114 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 3115 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 3116 zero_cod, sizeof(zero_cod), NULL); 3117 } 3118 3119 err = new_settings(hdev, match.sk); 3120 3121 if (match.sk) 3122 sock_put(match.sk); 3123 3124 return err; 3125 } 3126 3127 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 3128 { 3129 struct cmd_lookup match = { NULL, hdev }; 3130 bool changed = false; 3131 int err = 0; 3132 3133 if (discoverable) { 3134 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 3135 changed = true; 3136 } else { 3137 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 3138 changed = true; 3139 } 3140 3141 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, 3142 &match); 3143 3144 if (changed) 3145 err = new_settings(hdev, match.sk); 3146 3147 if (match.sk) 3148 sock_put(match.sk); 3149 3150 return err; 3151 } 3152 3153 int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 3154 { 3155 struct cmd_lookup match = { NULL, hdev }; 3156 bool changed = false; 3157 int err = 0; 3158 3159 if (connectable) { 3160 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 3161 changed = true; 3162 } else { 3163 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 3164 changed = true; 3165 } 3166 3167 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 3168 &match); 3169 3170 if (changed) 3171 err = new_settings(hdev, match.sk); 3172 3173 if (match.sk) 3174 sock_put(match.sk); 3175 3176 return err; 3177 } 3178 3179 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 3180 { 3181 u8 mgmt_err = mgmt_status(status); 3182 3183 if (scan & SCAN_PAGE) 3184 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 3185 cmd_status_rsp, &mgmt_err); 3186 3187 if (scan & SCAN_INQUIRY) 3188 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 3189 cmd_status_rsp, &mgmt_err); 3190 3191 return 0; 3192 } 3193 3194 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 3195 bool persistent) 3196 { 3197 struct mgmt_ev_new_link_key ev; 3198 3199 memset(&ev, 0, sizeof(ev)); 3200 3201 ev.store_hint = persistent; 3202 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 3203 ev.key.addr.type = BDADDR_BREDR; 3204 ev.key.type = key->type; 3205 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 3206 ev.key.pin_len = key->pin_len; 3207 3208 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 3209 } 3210 3211 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent) 3212 { 3213 struct mgmt_ev_new_long_term_key ev; 3214 3215 memset(&ev, 0, sizeof(ev)); 3216 3217 ev.store_hint = persistent; 3218 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 3219 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 3220 ev.key.authenticated = key->authenticated; 3221 ev.key.enc_size = key->enc_size; 3222 ev.key.ediv = key->ediv; 3223 3224 if (key->type == HCI_SMP_LTK) 3225 ev.key.master = 1; 3226 3227 memcpy(ev.key.rand, key->rand, sizeof(key->rand)); 3228 memcpy(ev.key.val, key->val, sizeof(key->val)); 3229 3230 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), 3231 NULL); 3232 } 3233 3234 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3235 u8 addr_type, u32 flags, u8 *name, u8 name_len, 3236 u8 *dev_class) 3237 { 3238 char buf[512]; 3239 struct mgmt_ev_device_connected *ev = (void *) buf; 3240 u16 eir_len = 0; 3241 3242 bacpy(&ev->addr.bdaddr, bdaddr); 3243 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3244 3245 ev->flags = __cpu_to_le32(flags); 3246 3247 if (name_len > 0) 3248 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 3249 name, name_len); 3250 3251 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 3252 eir_len = eir_append_data(ev->eir, eir_len, 3253 EIR_CLASS_OF_DEV, dev_class, 3); 3254 3255 ev->eir_len = cpu_to_le16(eir_len); 3256 3257 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 3258 sizeof(*ev) + eir_len, NULL); 3259 } 3260 3261 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 3262 { 3263 struct mgmt_cp_disconnect *cp = cmd->param; 3264 struct sock **sk = data; 3265 struct mgmt_rp_disconnect rp; 3266 3267 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3268 rp.addr.type = cp->addr.type; 3269 3270 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp, 3271 sizeof(rp)); 3272 3273 *sk = cmd->sk; 3274 sock_hold(*sk); 3275 3276 mgmt_pending_remove(cmd); 3277 } 3278 3279 static void unpair_device_rsp(struct pending_cmd *cmd, void *data) 3280 { 3281 struct hci_dev *hdev = data; 3282 struct mgmt_cp_unpair_device *cp = cmd->param; 3283 struct mgmt_rp_unpair_device rp; 3284 3285 memset(&rp, 0, sizeof(rp)); 3286 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3287 rp.addr.type = cp->addr.type; 3288 3289 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 3290 3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 3292 3293 mgmt_pending_remove(cmd); 3294 } 3295 3296 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 3297 u8 link_type, u8 addr_type, u8 reason) 3298 { 3299 struct mgmt_ev_device_disconnected ev; 3300 struct sock *sk = NULL; 3301 int err; 3302 3303 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 3304 3305 bacpy(&ev.addr.bdaddr, bdaddr); 3306 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3307 ev.reason = reason; 3308 3309 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 3310 sk); 3311 3312 if (sk) 3313 sock_put(sk); 3314 3315 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3316 hdev); 3317 3318 return err; 3319 } 3320 3321 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 3322 u8 link_type, u8 addr_type, u8 status) 3323 { 3324 struct mgmt_rp_disconnect rp; 3325 struct pending_cmd *cmd; 3326 int err; 3327 3328 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3329 hdev); 3330 3331 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3332 if (!cmd) 3333 return -ENOENT; 3334 3335 bacpy(&rp.addr.bdaddr, bdaddr); 3336 rp.addr.type = link_to_bdaddr(link_type, addr_type); 3337 3338 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 3339 mgmt_status(status), &rp, sizeof(rp)); 3340 3341 mgmt_pending_remove(cmd); 3342 3343 return err; 3344 } 3345 3346 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3347 u8 addr_type, u8 status) 3348 { 3349 struct mgmt_ev_connect_failed ev; 3350 3351 bacpy(&ev.addr.bdaddr, bdaddr); 3352 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3353 ev.status = mgmt_status(status); 3354 3355 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 3356 } 3357 3358 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 3359 { 3360 struct mgmt_ev_pin_code_request ev; 3361 3362 bacpy(&ev.addr.bdaddr, bdaddr); 3363 ev.addr.type = BDADDR_BREDR; 3364 ev.secure = secure; 3365 3366 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 3367 NULL); 3368 } 3369 3370 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3371 u8 status) 3372 { 3373 struct pending_cmd *cmd; 3374 struct mgmt_rp_pin_code_reply rp; 3375 int err; 3376 3377 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 3378 if (!cmd) 3379 return -ENOENT; 3380 3381 bacpy(&rp.addr.bdaddr, bdaddr); 3382 rp.addr.type = BDADDR_BREDR; 3383 3384 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3385 mgmt_status(status), &rp, sizeof(rp)); 3386 3387 mgmt_pending_remove(cmd); 3388 3389 return err; 3390 } 3391 3392 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3393 u8 status) 3394 { 3395 struct pending_cmd *cmd; 3396 struct mgmt_rp_pin_code_reply rp; 3397 int err; 3398 3399 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 3400 if (!cmd) 3401 return -ENOENT; 3402 3403 bacpy(&rp.addr.bdaddr, bdaddr); 3404 rp.addr.type = BDADDR_BREDR; 3405 3406 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 3407 mgmt_status(status), &rp, sizeof(rp)); 3408 3409 mgmt_pending_remove(cmd); 3410 3411 return err; 3412 } 3413 3414 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3415 u8 link_type, u8 addr_type, __le32 value, 3416 u8 confirm_hint) 3417 { 3418 struct mgmt_ev_user_confirm_request ev; 3419 3420 BT_DBG("%s", hdev->name); 3421 3422 bacpy(&ev.addr.bdaddr, bdaddr); 3423 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3424 ev.confirm_hint = confirm_hint; 3425 ev.value = value; 3426 3427 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 3428 NULL); 3429 } 3430 3431 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3432 u8 link_type, u8 addr_type) 3433 { 3434 struct mgmt_ev_user_passkey_request ev; 3435 3436 BT_DBG("%s", hdev->name); 3437 3438 bacpy(&ev.addr.bdaddr, bdaddr); 3439 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3440 3441 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 3442 NULL); 3443 } 3444 3445 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3446 u8 link_type, u8 addr_type, u8 status, 3447 u8 opcode) 3448 { 3449 struct pending_cmd *cmd; 3450 struct mgmt_rp_user_confirm_reply rp; 3451 int err; 3452 3453 cmd = mgmt_pending_find(opcode, hdev); 3454 if (!cmd) 3455 return -ENOENT; 3456 3457 bacpy(&rp.addr.bdaddr, bdaddr); 3458 rp.addr.type = link_to_bdaddr(link_type, addr_type); 3459 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status), 3460 &rp, sizeof(rp)); 3461 3462 mgmt_pending_remove(cmd); 3463 3464 return err; 3465 } 3466 3467 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3468 u8 link_type, u8 addr_type, u8 status) 3469 { 3470 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3471 status, MGMT_OP_USER_CONFIRM_REPLY); 3472 } 3473 3474 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3475 u8 link_type, u8 addr_type, u8 status) 3476 { 3477 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3478 status, 3479 MGMT_OP_USER_CONFIRM_NEG_REPLY); 3480 } 3481 3482 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3483 u8 link_type, u8 addr_type, u8 status) 3484 { 3485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3486 status, MGMT_OP_USER_PASSKEY_REPLY); 3487 } 3488 3489 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3490 u8 link_type, u8 addr_type, u8 status) 3491 { 3492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3493 status, 3494 MGMT_OP_USER_PASSKEY_NEG_REPLY); 3495 } 3496 3497 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 3498 u8 link_type, u8 addr_type, u32 passkey, 3499 u8 entered) 3500 { 3501 struct mgmt_ev_passkey_notify ev; 3502 3503 BT_DBG("%s", hdev->name); 3504 3505 bacpy(&ev.addr.bdaddr, bdaddr); 3506 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3507 ev.passkey = __cpu_to_le32(passkey); 3508 ev.entered = entered; 3509 3510 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 3511 } 3512 3513 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3514 u8 addr_type, u8 status) 3515 { 3516 struct mgmt_ev_auth_failed ev; 3517 3518 bacpy(&ev.addr.bdaddr, bdaddr); 3519 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3520 ev.status = mgmt_status(status); 3521 3522 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 3523 } 3524 3525 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 3526 { 3527 struct cmd_lookup match = { NULL, hdev }; 3528 bool changed = false; 3529 int err = 0; 3530 3531 if (status) { 3532 u8 mgmt_err = mgmt_status(status); 3533 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 3534 cmd_status_rsp, &mgmt_err); 3535 return 0; 3536 } 3537 3538 if (test_bit(HCI_AUTH, &hdev->flags)) { 3539 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3540 changed = true; 3541 } else { 3542 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3543 changed = true; 3544 } 3545 3546 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 3547 &match); 3548 3549 if (changed) 3550 err = new_settings(hdev, match.sk); 3551 3552 if (match.sk) 3553 sock_put(match.sk); 3554 3555 return err; 3556 } 3557 3558 static int clear_eir(struct hci_dev *hdev) 3559 { 3560 struct hci_cp_write_eir cp; 3561 3562 if (!lmp_ext_inq_capable(hdev)) 3563 return 0; 3564 3565 memset(hdev->eir, 0, sizeof(hdev->eir)); 3566 3567 memset(&cp, 0, sizeof(cp)); 3568 3569 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 3570 } 3571 3572 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3573 { 3574 struct cmd_lookup match = { NULL, hdev }; 3575 bool changed = false; 3576 int err = 0; 3577 3578 if (status) { 3579 u8 mgmt_err = mgmt_status(status); 3580 3581 if (enable && test_and_clear_bit(HCI_SSP_ENABLED, 3582 &hdev->dev_flags)) 3583 err = new_settings(hdev, NULL); 3584 3585 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 3586 &mgmt_err); 3587 3588 return err; 3589 } 3590 3591 if (enable) { 3592 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3593 changed = true; 3594 } else { 3595 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3596 changed = true; 3597 } 3598 3599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 3600 3601 if (changed) 3602 err = new_settings(hdev, match.sk); 3603 3604 if (match.sk) 3605 sock_put(match.sk); 3606 3607 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3608 update_eir(hdev); 3609 else 3610 clear_eir(hdev); 3611 3612 return err; 3613 } 3614 3615 static void class_rsp(struct pending_cmd *cmd, void *data) 3616 { 3617 struct cmd_lookup *match = data; 3618 3619 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status, 3620 match->hdev->dev_class, 3); 3621 3622 list_del(&cmd->list); 3623 3624 if (match->sk == NULL) { 3625 match->sk = cmd->sk; 3626 sock_hold(match->sk); 3627 } 3628 3629 mgmt_pending_free(cmd); 3630 } 3631 3632 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 3633 u8 status) 3634 { 3635 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 3636 int err = 0; 3637 3638 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 3639 3640 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match); 3641 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match); 3642 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match); 3643 3644 if (!status) 3645 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3646 3, NULL); 3647 3648 if (match.sk) 3649 sock_put(match.sk); 3650 3651 return err; 3652 } 3653 3654 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 3655 { 3656 struct pending_cmd *cmd; 3657 struct mgmt_cp_set_local_name ev; 3658 bool changed = false; 3659 int err = 0; 3660 3661 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) { 3662 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 3663 changed = true; 3664 } 3665 3666 memset(&ev, 0, sizeof(ev)); 3667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 3669 3670 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3671 if (!cmd) 3672 goto send_event; 3673 3674 /* Always assume that either the short or the complete name has 3675 * changed if there was a pending mgmt command */ 3676 changed = true; 3677 3678 if (status) { 3679 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3680 mgmt_status(status)); 3681 goto failed; 3682 } 3683 3684 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev, 3685 sizeof(ev)); 3686 if (err < 0) 3687 goto failed; 3688 3689 send_event: 3690 if (changed) 3691 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, 3692 sizeof(ev), cmd ? cmd->sk : NULL); 3693 3694 /* EIR is taken care of separately when powering on the 3695 * adapter so only update them here if this is a name change 3696 * unrelated to power on. 3697 */ 3698 if (!test_bit(HCI_INIT, &hdev->flags)) 3699 update_eir(hdev); 3700 3701 failed: 3702 if (cmd) 3703 mgmt_pending_remove(cmd); 3704 return err; 3705 } 3706 3707 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 3708 u8 *randomizer, u8 status) 3709 { 3710 struct pending_cmd *cmd; 3711 int err; 3712 3713 BT_DBG("%s status %u", hdev->name, status); 3714 3715 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3716 if (!cmd) 3717 return -ENOENT; 3718 3719 if (status) { 3720 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3721 mgmt_status(status)); 3722 } else { 3723 struct mgmt_rp_read_local_oob_data rp; 3724 3725 memcpy(rp.hash, hash, sizeof(rp.hash)); 3726 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 3727 3728 err = cmd_complete(cmd->sk, hdev->id, 3729 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp, 3730 sizeof(rp)); 3731 } 3732 3733 mgmt_pending_remove(cmd); 3734 3735 return err; 3736 } 3737 3738 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3739 { 3740 struct cmd_lookup match = { NULL, hdev }; 3741 bool changed = false; 3742 int err = 0; 3743 3744 if (status) { 3745 u8 mgmt_err = mgmt_status(status); 3746 3747 if (enable && test_and_clear_bit(HCI_LE_ENABLED, 3748 &hdev->dev_flags)) 3749 err = new_settings(hdev, NULL); 3750 3751 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 3752 &mgmt_err); 3753 3754 return err; 3755 } 3756 3757 if (enable) { 3758 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3759 changed = true; 3760 } else { 3761 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3762 changed = true; 3763 } 3764 3765 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 3766 3767 if (changed) 3768 err = new_settings(hdev, match.sk); 3769 3770 if (match.sk) 3771 sock_put(match.sk); 3772 3773 return err; 3774 } 3775 3776 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3777 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 3778 ssp, u8 *eir, u16 eir_len) 3779 { 3780 char buf[512]; 3781 struct mgmt_ev_device_found *ev = (void *) buf; 3782 size_t ev_size; 3783 3784 /* Leave 5 bytes for a potential CoD field */ 3785 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 3786 return -EINVAL; 3787 3788 memset(buf, 0, sizeof(buf)); 3789 3790 bacpy(&ev->addr.bdaddr, bdaddr); 3791 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3792 ev->rssi = rssi; 3793 if (cfm_name) 3794 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME); 3795 if (!ssp) 3796 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING); 3797 3798 if (eir_len > 0) 3799 memcpy(ev->eir, eir, eir_len); 3800 3801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 3802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 3803 dev_class, 3); 3804 3805 ev->eir_len = cpu_to_le16(eir_len); 3806 ev_size = sizeof(*ev) + eir_len; 3807 3808 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3809 } 3810 3811 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3812 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 3813 { 3814 struct mgmt_ev_device_found *ev; 3815 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 3816 u16 eir_len; 3817 3818 ev = (struct mgmt_ev_device_found *) buf; 3819 3820 memset(buf, 0, sizeof(buf)); 3821 3822 bacpy(&ev->addr.bdaddr, bdaddr); 3823 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3824 ev->rssi = rssi; 3825 3826 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 3827 name_len); 3828 3829 ev->eir_len = cpu_to_le16(eir_len); 3830 3831 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, 3832 sizeof(*ev) + eir_len, NULL); 3833 } 3834 3835 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3836 { 3837 struct pending_cmd *cmd; 3838 u8 type; 3839 int err; 3840 3841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3842 3843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3844 if (!cmd) 3845 return -ENOENT; 3846 3847 type = hdev->discovery.type; 3848 3849 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3850 &type, sizeof(type)); 3851 mgmt_pending_remove(cmd); 3852 3853 return err; 3854 } 3855 3856 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 3857 { 3858 struct pending_cmd *cmd; 3859 int err; 3860 3861 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3862 if (!cmd) 3863 return -ENOENT; 3864 3865 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3866 &hdev->discovery.type, sizeof(hdev->discovery.type)); 3867 mgmt_pending_remove(cmd); 3868 3869 return err; 3870 } 3871 3872 int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 3873 { 3874 struct mgmt_ev_discovering ev; 3875 struct pending_cmd *cmd; 3876 3877 BT_DBG("%s discovering %u", hdev->name, discovering); 3878 3879 if (discovering) 3880 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3881 else 3882 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3883 3884 if (cmd != NULL) { 3885 u8 type = hdev->discovery.type; 3886 3887 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type, 3888 sizeof(type)); 3889 mgmt_pending_remove(cmd); 3890 } 3891 3892 memset(&ev, 0, sizeof(ev)); 3893 ev.type = hdev->discovery.type; 3894 ev.discovering = discovering; 3895 3896 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 3897 } 3898 3899 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3900 { 3901 struct pending_cmd *cmd; 3902 struct mgmt_ev_device_blocked ev; 3903 3904 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 3905 3906 bacpy(&ev.addr.bdaddr, bdaddr); 3907 ev.addr.type = type; 3908 3909 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 3910 cmd ? cmd->sk : NULL); 3911 } 3912 3913 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3914 { 3915 struct pending_cmd *cmd; 3916 struct mgmt_ev_device_unblocked ev; 3917 3918 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 3919 3920 bacpy(&ev.addr.bdaddr, bdaddr); 3921 ev.addr.type = type; 3922 3923 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 3924 cmd ? cmd->sk : NULL); 3925 } 3926 3927 module_param(enable_hs, bool, 0644); 3928 MODULE_PARM_DESC(enable_hs, "Enable High Speed support"); 3929