1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 14 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 MGMT_OP_READ_EXT_INFO, 108 MGMT_OP_SET_APPEARANCE, 109 }; 110 111 static const u16 mgmt_events[] = { 112 MGMT_EV_CONTROLLER_ERROR, 113 MGMT_EV_INDEX_ADDED, 114 MGMT_EV_INDEX_REMOVED, 115 MGMT_EV_NEW_SETTINGS, 116 MGMT_EV_CLASS_OF_DEV_CHANGED, 117 MGMT_EV_LOCAL_NAME_CHANGED, 118 MGMT_EV_NEW_LINK_KEY, 119 MGMT_EV_NEW_LONG_TERM_KEY, 120 MGMT_EV_DEVICE_CONNECTED, 121 MGMT_EV_DEVICE_DISCONNECTED, 122 MGMT_EV_CONNECT_FAILED, 123 MGMT_EV_PIN_CODE_REQUEST, 124 MGMT_EV_USER_CONFIRM_REQUEST, 125 MGMT_EV_USER_PASSKEY_REQUEST, 126 MGMT_EV_AUTH_FAILED, 127 MGMT_EV_DEVICE_FOUND, 128 MGMT_EV_DISCOVERING, 129 MGMT_EV_DEVICE_BLOCKED, 130 MGMT_EV_DEVICE_UNBLOCKED, 131 MGMT_EV_DEVICE_UNPAIRED, 132 MGMT_EV_PASSKEY_NOTIFY, 133 MGMT_EV_NEW_IRK, 134 MGMT_EV_NEW_CSRK, 135 MGMT_EV_DEVICE_ADDED, 136 MGMT_EV_DEVICE_REMOVED, 137 MGMT_EV_NEW_CONN_PARAM, 138 MGMT_EV_UNCONF_INDEX_ADDED, 139 MGMT_EV_UNCONF_INDEX_REMOVED, 140 MGMT_EV_NEW_CONFIG_OPTIONS, 141 MGMT_EV_EXT_INDEX_ADDED, 142 MGMT_EV_EXT_INDEX_REMOVED, 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 144 MGMT_EV_ADVERTISING_ADDED, 145 MGMT_EV_ADVERTISING_REMOVED, 146 MGMT_EV_EXT_INFO_CHANGED, 147 }; 148 149 static const u16 mgmt_untrusted_commands[] = { 150 MGMT_OP_READ_INDEX_LIST, 151 MGMT_OP_READ_INFO, 152 MGMT_OP_READ_UNCONF_INDEX_LIST, 153 MGMT_OP_READ_CONFIG_INFO, 154 MGMT_OP_READ_EXT_INDEX_LIST, 155 MGMT_OP_READ_EXT_INFO, 156 }; 157 158 static const u16 mgmt_untrusted_events[] = { 159 MGMT_EV_INDEX_ADDED, 160 MGMT_EV_INDEX_REMOVED, 161 MGMT_EV_NEW_SETTINGS, 162 MGMT_EV_CLASS_OF_DEV_CHANGED, 163 MGMT_EV_LOCAL_NAME_CHANGED, 164 MGMT_EV_UNCONF_INDEX_ADDED, 165 MGMT_EV_UNCONF_INDEX_REMOVED, 166 MGMT_EV_NEW_CONFIG_OPTIONS, 167 MGMT_EV_EXT_INDEX_ADDED, 168 MGMT_EV_EXT_INDEX_REMOVED, 169 MGMT_EV_EXT_INFO_CHANGED, 170 }; 171 172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 173 174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 175 "\x00\x00\x00\x00\x00\x00\x00\x00" 176 177 /* HCI to MGMT error code conversion table */ 178 static u8 mgmt_status_table[] = { 179 MGMT_STATUS_SUCCESS, 180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 182 MGMT_STATUS_FAILED, /* Hardware Failure */ 183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 191 MGMT_STATUS_BUSY, /* Command Disallowed */ 192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 193 MGMT_STATUS_REJECTED, /* Rejected Security */ 194 MGMT_STATUS_REJECTED, /* Rejected Personal */ 195 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 202 MGMT_STATUS_BUSY, /* Repeated Attempts */ 203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 210 MGMT_STATUS_FAILED, /* Unspecified Error */ 211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 217 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 219 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 221 MGMT_STATUS_FAILED, /* Transaction Collision */ 222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 223 MGMT_STATUS_REJECTED, /* QoS Rejected */ 224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 225 MGMT_STATUS_REJECTED, /* Insufficient Security */ 226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 227 MGMT_STATUS_BUSY, /* Role Switch Pending */ 228 MGMT_STATUS_FAILED, /* Slot Violation */ 229 MGMT_STATUS_FAILED, /* Role Switch Failed */ 230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 232 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 234 MGMT_STATUS_BUSY, /* Controller Busy */ 235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 240 }; 241 242 static u8 mgmt_status(u8 hci_status) 243 { 244 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 245 return mgmt_status_table[hci_status]; 246 247 return MGMT_STATUS_FAILED; 248 } 249 250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 251 u16 len, int flag) 252 { 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 254 flag, NULL); 255 } 256 257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 258 u16 len, int flag, struct sock *skip_sk) 259 { 260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 261 flag, skip_sk); 262 } 263 264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 265 struct sock *skip_sk) 266 { 267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 268 HCI_SOCK_TRUSTED, skip_sk); 269 } 270 271 static u8 le_addr_type(u8 mgmt_addr_type) 272 { 273 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 274 return ADDR_LE_DEV_PUBLIC; 275 else 276 return ADDR_LE_DEV_RANDOM; 277 } 278 279 void mgmt_fill_version_info(void *ver) 280 { 281 struct mgmt_rp_read_version *rp = ver; 282 283 rp->version = MGMT_VERSION; 284 rp->revision = cpu_to_le16(MGMT_REVISION); 285 } 286 287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 288 u16 data_len) 289 { 290 struct mgmt_rp_read_version rp; 291 292 BT_DBG("sock %p", sk); 293 294 mgmt_fill_version_info(&rp); 295 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 297 &rp, sizeof(rp)); 298 } 299 300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 301 u16 data_len) 302 { 303 struct mgmt_rp_read_commands *rp; 304 u16 num_commands, num_events; 305 size_t rp_size; 306 int i, err; 307 308 BT_DBG("sock %p", sk); 309 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 311 num_commands = ARRAY_SIZE(mgmt_commands); 312 num_events = ARRAY_SIZE(mgmt_events); 313 } else { 314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 315 num_events = ARRAY_SIZE(mgmt_untrusted_events); 316 } 317 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 319 320 rp = kmalloc(rp_size, GFP_KERNEL); 321 if (!rp) 322 return -ENOMEM; 323 324 rp->num_commands = cpu_to_le16(num_commands); 325 rp->num_events = cpu_to_le16(num_events); 326 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 328 __le16 *opcode = rp->opcodes; 329 330 for (i = 0; i < num_commands; i++, opcode++) 331 put_unaligned_le16(mgmt_commands[i], opcode); 332 333 for (i = 0; i < num_events; i++, opcode++) 334 put_unaligned_le16(mgmt_events[i], opcode); 335 } else { 336 __le16 *opcode = rp->opcodes; 337 338 for (i = 0; i < num_commands; i++, opcode++) 339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 340 341 for (i = 0; i < num_events; i++, opcode++) 342 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 343 } 344 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 346 rp, rp_size); 347 kfree(rp); 348 349 return err; 350 } 351 352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 353 u16 data_len) 354 { 355 struct mgmt_rp_read_index_list *rp; 356 struct hci_dev *d; 357 size_t rp_len; 358 u16 count; 359 int err; 360 361 BT_DBG("sock %p", sk); 362 363 read_lock(&hci_dev_list_lock); 364 365 count = 0; 366 list_for_each_entry(d, &hci_dev_list, list) { 367 if (d->dev_type == HCI_PRIMARY && 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 369 count++; 370 } 371 372 rp_len = sizeof(*rp) + (2 * count); 373 rp = kmalloc(rp_len, GFP_ATOMIC); 374 if (!rp) { 375 read_unlock(&hci_dev_list_lock); 376 return -ENOMEM; 377 } 378 379 count = 0; 380 list_for_each_entry(d, &hci_dev_list, list) { 381 if (hci_dev_test_flag(d, HCI_SETUP) || 382 hci_dev_test_flag(d, HCI_CONFIG) || 383 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 384 continue; 385 386 /* Devices marked as raw-only are neither configured 387 * nor unconfigured controllers. 388 */ 389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 390 continue; 391 392 if (d->dev_type == HCI_PRIMARY && 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 394 rp->index[count++] = cpu_to_le16(d->id); 395 BT_DBG("Added hci%u", d->id); 396 } 397 } 398 399 rp->num_controllers = cpu_to_le16(count); 400 rp_len = sizeof(*rp) + (2 * count); 401 402 read_unlock(&hci_dev_list_lock); 403 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 405 0, rp, rp_len); 406 407 kfree(rp); 408 409 return err; 410 } 411 412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 413 void *data, u16 data_len) 414 { 415 struct mgmt_rp_read_unconf_index_list *rp; 416 struct hci_dev *d; 417 size_t rp_len; 418 u16 count; 419 int err; 420 421 BT_DBG("sock %p", sk); 422 423 read_lock(&hci_dev_list_lock); 424 425 count = 0; 426 list_for_each_entry(d, &hci_dev_list, list) { 427 if (d->dev_type == HCI_PRIMARY && 428 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 429 count++; 430 } 431 432 rp_len = sizeof(*rp) + (2 * count); 433 rp = kmalloc(rp_len, GFP_ATOMIC); 434 if (!rp) { 435 read_unlock(&hci_dev_list_lock); 436 return -ENOMEM; 437 } 438 439 count = 0; 440 list_for_each_entry(d, &hci_dev_list, list) { 441 if (hci_dev_test_flag(d, HCI_SETUP) || 442 hci_dev_test_flag(d, HCI_CONFIG) || 443 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 444 continue; 445 446 /* Devices marked as raw-only are neither configured 447 * nor unconfigured controllers. 448 */ 449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 450 continue; 451 452 if (d->dev_type == HCI_PRIMARY && 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 454 rp->index[count++] = cpu_to_le16(d->id); 455 BT_DBG("Added hci%u", d->id); 456 } 457 } 458 459 rp->num_controllers = cpu_to_le16(count); 460 rp_len = sizeof(*rp) + (2 * count); 461 462 read_unlock(&hci_dev_list_lock); 463 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 466 467 kfree(rp); 468 469 return err; 470 } 471 472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 473 void *data, u16 data_len) 474 { 475 struct mgmt_rp_read_ext_index_list *rp; 476 struct hci_dev *d; 477 u16 count; 478 int err; 479 480 BT_DBG("sock %p", sk); 481 482 read_lock(&hci_dev_list_lock); 483 484 count = 0; 485 list_for_each_entry(d, &hci_dev_list, list) { 486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 487 count++; 488 } 489 490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 491 if (!rp) { 492 read_unlock(&hci_dev_list_lock); 493 return -ENOMEM; 494 } 495 496 count = 0; 497 list_for_each_entry(d, &hci_dev_list, list) { 498 if (hci_dev_test_flag(d, HCI_SETUP) || 499 hci_dev_test_flag(d, HCI_CONFIG) || 500 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 501 continue; 502 503 /* Devices marked as raw-only are neither configured 504 * nor unconfigured controllers. 505 */ 506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 507 continue; 508 509 if (d->dev_type == HCI_PRIMARY) { 510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 511 rp->entry[count].type = 0x01; 512 else 513 rp->entry[count].type = 0x00; 514 } else if (d->dev_type == HCI_AMP) { 515 rp->entry[count].type = 0x02; 516 } else { 517 continue; 518 } 519 520 rp->entry[count].bus = d->bus; 521 rp->entry[count++].index = cpu_to_le16(d->id); 522 BT_DBG("Added hci%u", d->id); 523 } 524 525 rp->num_controllers = cpu_to_le16(count); 526 527 read_unlock(&hci_dev_list_lock); 528 529 /* If this command is called at least once, then all the 530 * default index and unconfigured index events are disabled 531 * and from now on only extended index events are used. 532 */ 533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 536 537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 539 struct_size(rp, entry, count)); 540 541 kfree(rp); 542 543 return err; 544 } 545 546 static bool is_configured(struct hci_dev *hdev) 547 { 548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 550 return false; 551 552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 554 !bacmp(&hdev->public_addr, BDADDR_ANY)) 555 return false; 556 557 return true; 558 } 559 560 static __le32 get_missing_options(struct hci_dev *hdev) 561 { 562 u32 options = 0; 563 564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 566 options |= MGMT_OPTION_EXTERNAL_CONFIG; 567 568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 570 !bacmp(&hdev->public_addr, BDADDR_ANY)) 571 options |= MGMT_OPTION_PUBLIC_ADDRESS; 572 573 return cpu_to_le32(options); 574 } 575 576 static int new_options(struct hci_dev *hdev, struct sock *skip) 577 { 578 __le32 options = get_missing_options(hdev); 579 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 582 } 583 584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 585 { 586 __le32 options = get_missing_options(hdev); 587 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 589 sizeof(options)); 590 } 591 592 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 593 void *data, u16 data_len) 594 { 595 struct mgmt_rp_read_config_info rp; 596 u32 options = 0; 597 598 BT_DBG("sock %p %s", sk, hdev->name); 599 600 hci_dev_lock(hdev); 601 602 memset(&rp, 0, sizeof(rp)); 603 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 604 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 606 options |= MGMT_OPTION_EXTERNAL_CONFIG; 607 608 if (hdev->set_bdaddr) 609 options |= MGMT_OPTION_PUBLIC_ADDRESS; 610 611 rp.supported_options = cpu_to_le32(options); 612 rp.missing_options = get_missing_options(hdev); 613 614 hci_dev_unlock(hdev); 615 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 617 &rp, sizeof(rp)); 618 } 619 620 static u32 get_supported_phys(struct hci_dev *hdev) 621 { 622 u32 supported_phys = 0; 623 624 if (lmp_bredr_capable(hdev)) { 625 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 626 627 if (hdev->features[0][0] & LMP_3SLOT) 628 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 629 630 if (hdev->features[0][0] & LMP_5SLOT) 631 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 632 633 if (lmp_edr_2m_capable(hdev)) { 634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 635 636 if (lmp_edr_3slot_capable(hdev)) 637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 638 639 if (lmp_edr_5slot_capable(hdev)) 640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 641 642 if (lmp_edr_3m_capable(hdev)) { 643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 644 645 if (lmp_edr_3slot_capable(hdev)) 646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 647 648 if (lmp_edr_5slot_capable(hdev)) 649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 650 } 651 } 652 } 653 654 if (lmp_le_capable(hdev)) { 655 supported_phys |= MGMT_PHY_LE_1M_TX; 656 supported_phys |= MGMT_PHY_LE_1M_RX; 657 658 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 659 supported_phys |= MGMT_PHY_LE_2M_TX; 660 supported_phys |= MGMT_PHY_LE_2M_RX; 661 } 662 663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 664 supported_phys |= MGMT_PHY_LE_CODED_TX; 665 supported_phys |= MGMT_PHY_LE_CODED_RX; 666 } 667 } 668 669 return supported_phys; 670 } 671 672 static u32 get_selected_phys(struct hci_dev *hdev) 673 { 674 u32 selected_phys = 0; 675 676 if (lmp_bredr_capable(hdev)) { 677 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 678 679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 680 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 681 682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 683 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 684 685 if (lmp_edr_2m_capable(hdev)) { 686 if (!(hdev->pkt_type & HCI_2DH1)) 687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 688 689 if (lmp_edr_3slot_capable(hdev) && 690 !(hdev->pkt_type & HCI_2DH3)) 691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 692 693 if (lmp_edr_5slot_capable(hdev) && 694 !(hdev->pkt_type & HCI_2DH5)) 695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 696 697 if (lmp_edr_3m_capable(hdev)) { 698 if (!(hdev->pkt_type & HCI_3DH1)) 699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 700 701 if (lmp_edr_3slot_capable(hdev) && 702 !(hdev->pkt_type & HCI_3DH3)) 703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 704 705 if (lmp_edr_5slot_capable(hdev) && 706 !(hdev->pkt_type & HCI_3DH5)) 707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 708 } 709 } 710 } 711 712 if (lmp_le_capable(hdev)) { 713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 714 selected_phys |= MGMT_PHY_LE_1M_TX; 715 716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 717 selected_phys |= MGMT_PHY_LE_1M_RX; 718 719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 720 selected_phys |= MGMT_PHY_LE_2M_TX; 721 722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 723 selected_phys |= MGMT_PHY_LE_2M_RX; 724 725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 726 selected_phys |= MGMT_PHY_LE_CODED_TX; 727 728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 729 selected_phys |= MGMT_PHY_LE_CODED_RX; 730 } 731 732 return selected_phys; 733 } 734 735 static u32 get_configurable_phys(struct hci_dev *hdev) 736 { 737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 739 } 740 741 static u32 get_supported_settings(struct hci_dev *hdev) 742 { 743 u32 settings = 0; 744 745 settings |= MGMT_SETTING_POWERED; 746 settings |= MGMT_SETTING_BONDABLE; 747 settings |= MGMT_SETTING_DEBUG_KEYS; 748 settings |= MGMT_SETTING_CONNECTABLE; 749 settings |= MGMT_SETTING_DISCOVERABLE; 750 751 if (lmp_bredr_capable(hdev)) { 752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 753 settings |= MGMT_SETTING_FAST_CONNECTABLE; 754 settings |= MGMT_SETTING_BREDR; 755 settings |= MGMT_SETTING_LINK_SECURITY; 756 757 if (lmp_ssp_capable(hdev)) { 758 settings |= MGMT_SETTING_SSP; 759 settings |= MGMT_SETTING_HS; 760 } 761 762 if (lmp_sc_capable(hdev)) 763 settings |= MGMT_SETTING_SECURE_CONN; 764 } 765 766 if (lmp_le_capable(hdev)) { 767 settings |= MGMT_SETTING_LE; 768 settings |= MGMT_SETTING_ADVERTISING; 769 settings |= MGMT_SETTING_SECURE_CONN; 770 settings |= MGMT_SETTING_PRIVACY; 771 settings |= MGMT_SETTING_STATIC_ADDRESS; 772 } 773 774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 775 hdev->set_bdaddr) 776 settings |= MGMT_SETTING_CONFIGURATION; 777 778 settings |= MGMT_SETTING_PHY_CONFIGURATION; 779 780 return settings; 781 } 782 783 static u32 get_current_settings(struct hci_dev *hdev) 784 { 785 u32 settings = 0; 786 787 if (hdev_is_powered(hdev)) 788 settings |= MGMT_SETTING_POWERED; 789 790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 791 settings |= MGMT_SETTING_CONNECTABLE; 792 793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 794 settings |= MGMT_SETTING_FAST_CONNECTABLE; 795 796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 797 settings |= MGMT_SETTING_DISCOVERABLE; 798 799 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 800 settings |= MGMT_SETTING_BONDABLE; 801 802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 803 settings |= MGMT_SETTING_BREDR; 804 805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 806 settings |= MGMT_SETTING_LE; 807 808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 809 settings |= MGMT_SETTING_LINK_SECURITY; 810 811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 812 settings |= MGMT_SETTING_SSP; 813 814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 815 settings |= MGMT_SETTING_HS; 816 817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 818 settings |= MGMT_SETTING_ADVERTISING; 819 820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 821 settings |= MGMT_SETTING_SECURE_CONN; 822 823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 824 settings |= MGMT_SETTING_DEBUG_KEYS; 825 826 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 827 settings |= MGMT_SETTING_PRIVACY; 828 829 /* The current setting for static address has two purposes. The 830 * first is to indicate if the static address will be used and 831 * the second is to indicate if it is actually set. 832 * 833 * This means if the static address is not configured, this flag 834 * will never be set. If the address is configured, then if the 835 * address is actually used decides if the flag is set or not. 836 * 837 * For single mode LE only controllers and dual-mode controllers 838 * with BR/EDR disabled, the existence of the static address will 839 * be evaluated. 840 */ 841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 844 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 845 settings |= MGMT_SETTING_STATIC_ADDRESS; 846 } 847 848 return settings; 849 } 850 851 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 852 { 853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 854 } 855 856 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 857 struct hci_dev *hdev, 858 const void *data) 859 { 860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 861 } 862 863 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 864 { 865 struct mgmt_pending_cmd *cmd; 866 867 /* If there's a pending mgmt command the flags will not yet have 868 * their final values, so check for this first. 869 */ 870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 871 if (cmd) { 872 struct mgmt_mode *cp = cmd->param; 873 if (cp->val == 0x01) 874 return LE_AD_GENERAL; 875 else if (cp->val == 0x02) 876 return LE_AD_LIMITED; 877 } else { 878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 879 return LE_AD_LIMITED; 880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 881 return LE_AD_GENERAL; 882 } 883 884 return 0; 885 } 886 887 bool mgmt_get_connectable(struct hci_dev *hdev) 888 { 889 struct mgmt_pending_cmd *cmd; 890 891 /* If there's a pending mgmt command the flag will not yet have 892 * it's final value, so check for this first. 893 */ 894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 895 if (cmd) { 896 struct mgmt_mode *cp = cmd->param; 897 898 return cp->val; 899 } 900 901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 902 } 903 904 static void service_cache_off(struct work_struct *work) 905 { 906 struct hci_dev *hdev = container_of(work, struct hci_dev, 907 service_cache.work); 908 struct hci_request req; 909 910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 911 return; 912 913 hci_req_init(&req, hdev); 914 915 hci_dev_lock(hdev); 916 917 __hci_req_update_eir(&req); 918 __hci_req_update_class(&req); 919 920 hci_dev_unlock(hdev); 921 922 hci_req_run(&req, NULL); 923 } 924 925 static void rpa_expired(struct work_struct *work) 926 { 927 struct hci_dev *hdev = container_of(work, struct hci_dev, 928 rpa_expired.work); 929 struct hci_request req; 930 931 BT_DBG(""); 932 933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 934 935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 936 return; 937 938 /* The generation of a new RPA and programming it into the 939 * controller happens in the hci_req_enable_advertising() 940 * function. 941 */ 942 hci_req_init(&req, hdev); 943 if (ext_adv_capable(hdev)) 944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance); 945 else 946 __hci_req_enable_advertising(&req); 947 hci_req_run(&req, NULL); 948 } 949 950 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 951 { 952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 953 return; 954 955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 957 958 /* Non-mgmt controlled devices get this bit set 959 * implicitly so that pairing works for them, however 960 * for mgmt we require user-space to explicitly enable 961 * it 962 */ 963 hci_dev_clear_flag(hdev, HCI_BONDABLE); 964 } 965 966 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 967 void *data, u16 data_len) 968 { 969 struct mgmt_rp_read_info rp; 970 971 BT_DBG("sock %p %s", sk, hdev->name); 972 973 hci_dev_lock(hdev); 974 975 memset(&rp, 0, sizeof(rp)); 976 977 bacpy(&rp.bdaddr, &hdev->bdaddr); 978 979 rp.version = hdev->hci_ver; 980 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 981 982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 983 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 984 985 memcpy(rp.dev_class, hdev->dev_class, 3); 986 987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 989 990 hci_dev_unlock(hdev); 991 992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 993 sizeof(rp)); 994 } 995 996 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 997 { 998 u16 eir_len = 0; 999 size_t name_len; 1000 1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1003 hdev->dev_class, 3); 1004 1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1007 hdev->appearance); 1008 1009 name_len = strlen(hdev->dev_name); 1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1011 hdev->dev_name, name_len); 1012 1013 name_len = strlen(hdev->short_name); 1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1015 hdev->short_name, name_len); 1016 1017 return eir_len; 1018 } 1019 1020 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1021 void *data, u16 data_len) 1022 { 1023 char buf[512]; 1024 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1025 u16 eir_len; 1026 1027 BT_DBG("sock %p %s", sk, hdev->name); 1028 1029 memset(&buf, 0, sizeof(buf)); 1030 1031 hci_dev_lock(hdev); 1032 1033 bacpy(&rp->bdaddr, &hdev->bdaddr); 1034 1035 rp->version = hdev->hci_ver; 1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1037 1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1040 1041 1042 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1043 rp->eir_len = cpu_to_le16(eir_len); 1044 1045 hci_dev_unlock(hdev); 1046 1047 /* If this command is called at least once, then the events 1048 * for class of device and local name changes are disabled 1049 * and only the new extended controller information event 1050 * is used. 1051 */ 1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1055 1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1057 sizeof(*rp) + eir_len); 1058 } 1059 1060 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1061 { 1062 char buf[512]; 1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1064 u16 eir_len; 1065 1066 memset(buf, 0, sizeof(buf)); 1067 1068 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1069 ev->eir_len = cpu_to_le16(eir_len); 1070 1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1072 sizeof(*ev) + eir_len, 1073 HCI_MGMT_EXT_INFO_EVENTS, skip); 1074 } 1075 1076 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1077 { 1078 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1079 1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1081 sizeof(settings)); 1082 } 1083 1084 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1085 { 1086 BT_DBG("%s status 0x%02x", hdev->name, status); 1087 1088 if (hci_conn_count(hdev) == 0) { 1089 cancel_delayed_work(&hdev->power_off); 1090 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1091 } 1092 } 1093 1094 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1095 { 1096 struct mgmt_ev_advertising_added ev; 1097 1098 ev.instance = instance; 1099 1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1101 } 1102 1103 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1104 u8 instance) 1105 { 1106 struct mgmt_ev_advertising_removed ev; 1107 1108 ev.instance = instance; 1109 1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1111 } 1112 1113 static void cancel_adv_timeout(struct hci_dev *hdev) 1114 { 1115 if (hdev->adv_instance_timeout) { 1116 hdev->adv_instance_timeout = 0; 1117 cancel_delayed_work(&hdev->adv_instance_expire); 1118 } 1119 } 1120 1121 static int clean_up_hci_state(struct hci_dev *hdev) 1122 { 1123 struct hci_request req; 1124 struct hci_conn *conn; 1125 bool discov_stopped; 1126 int err; 1127 1128 hci_req_init(&req, hdev); 1129 1130 if (test_bit(HCI_ISCAN, &hdev->flags) || 1131 test_bit(HCI_PSCAN, &hdev->flags)) { 1132 u8 scan = 0x00; 1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1134 } 1135 1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1137 1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1139 __hci_req_disable_advertising(&req); 1140 1141 discov_stopped = hci_req_stop_discovery(&req); 1142 1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1144 /* 0x15 == Terminated due to Power Off */ 1145 __hci_abort_conn(&req, conn, 0x15); 1146 } 1147 1148 err = hci_req_run(&req, clean_up_hci_complete); 1149 if (!err && discov_stopped) 1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1151 1152 return err; 1153 } 1154 1155 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1156 u16 len) 1157 { 1158 struct mgmt_mode *cp = data; 1159 struct mgmt_pending_cmd *cmd; 1160 int err; 1161 1162 BT_DBG("request for %s", hdev->name); 1163 1164 if (cp->val != 0x00 && cp->val != 0x01) 1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1166 MGMT_STATUS_INVALID_PARAMS); 1167 1168 hci_dev_lock(hdev); 1169 1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1172 MGMT_STATUS_BUSY); 1173 goto failed; 1174 } 1175 1176 if (!!cp->val == hdev_is_powered(hdev)) { 1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1178 goto failed; 1179 } 1180 1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1182 if (!cmd) { 1183 err = -ENOMEM; 1184 goto failed; 1185 } 1186 1187 if (cp->val) { 1188 queue_work(hdev->req_workqueue, &hdev->power_on); 1189 err = 0; 1190 } else { 1191 /* Disconnect connections, stop scans, etc */ 1192 err = clean_up_hci_state(hdev); 1193 if (!err) 1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1195 HCI_POWER_OFF_TIMEOUT); 1196 1197 /* ENODATA means there were no HCI commands queued */ 1198 if (err == -ENODATA) { 1199 cancel_delayed_work(&hdev->power_off); 1200 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1201 err = 0; 1202 } 1203 } 1204 1205 failed: 1206 hci_dev_unlock(hdev); 1207 return err; 1208 } 1209 1210 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1211 { 1212 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1213 1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1216 } 1217 1218 int mgmt_new_settings(struct hci_dev *hdev) 1219 { 1220 return new_settings(hdev, NULL); 1221 } 1222 1223 struct cmd_lookup { 1224 struct sock *sk; 1225 struct hci_dev *hdev; 1226 u8 mgmt_status; 1227 }; 1228 1229 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1230 { 1231 struct cmd_lookup *match = data; 1232 1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1234 1235 list_del(&cmd->list); 1236 1237 if (match->sk == NULL) { 1238 match->sk = cmd->sk; 1239 sock_hold(match->sk); 1240 } 1241 1242 mgmt_pending_free(cmd); 1243 } 1244 1245 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1246 { 1247 u8 *status = data; 1248 1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1250 mgmt_pending_remove(cmd); 1251 } 1252 1253 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1254 { 1255 if (cmd->cmd_complete) { 1256 u8 *status = data; 1257 1258 cmd->cmd_complete(cmd, *status); 1259 mgmt_pending_remove(cmd); 1260 1261 return; 1262 } 1263 1264 cmd_status_rsp(cmd, data); 1265 } 1266 1267 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1268 { 1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1270 cmd->param, cmd->param_len); 1271 } 1272 1273 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1274 { 1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1276 cmd->param, sizeof(struct mgmt_addr_info)); 1277 } 1278 1279 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1280 { 1281 if (!lmp_bredr_capable(hdev)) 1282 return MGMT_STATUS_NOT_SUPPORTED; 1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1284 return MGMT_STATUS_REJECTED; 1285 else 1286 return MGMT_STATUS_SUCCESS; 1287 } 1288 1289 static u8 mgmt_le_support(struct hci_dev *hdev) 1290 { 1291 if (!lmp_le_capable(hdev)) 1292 return MGMT_STATUS_NOT_SUPPORTED; 1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1294 return MGMT_STATUS_REJECTED; 1295 else 1296 return MGMT_STATUS_SUCCESS; 1297 } 1298 1299 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1300 { 1301 struct mgmt_pending_cmd *cmd; 1302 1303 BT_DBG("status 0x%02x", status); 1304 1305 hci_dev_lock(hdev); 1306 1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1308 if (!cmd) 1309 goto unlock; 1310 1311 if (status) { 1312 u8 mgmt_err = mgmt_status(status); 1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1315 goto remove_cmd; 1316 } 1317 1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1319 hdev->discov_timeout > 0) { 1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1322 } 1323 1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1325 new_settings(hdev, cmd->sk); 1326 1327 remove_cmd: 1328 mgmt_pending_remove(cmd); 1329 1330 unlock: 1331 hci_dev_unlock(hdev); 1332 } 1333 1334 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1335 u16 len) 1336 { 1337 struct mgmt_cp_set_discoverable *cp = data; 1338 struct mgmt_pending_cmd *cmd; 1339 u16 timeout; 1340 int err; 1341 1342 BT_DBG("request for %s", hdev->name); 1343 1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1347 MGMT_STATUS_REJECTED); 1348 1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1351 MGMT_STATUS_INVALID_PARAMS); 1352 1353 timeout = __le16_to_cpu(cp->timeout); 1354 1355 /* Disabling discoverable requires that no timeout is set, 1356 * and enabling limited discoverable requires a timeout. 1357 */ 1358 if ((cp->val == 0x00 && timeout > 0) || 1359 (cp->val == 0x02 && timeout == 0)) 1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1361 MGMT_STATUS_INVALID_PARAMS); 1362 1363 hci_dev_lock(hdev); 1364 1365 if (!hdev_is_powered(hdev) && timeout > 0) { 1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1367 MGMT_STATUS_NOT_POWERED); 1368 goto failed; 1369 } 1370 1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1374 MGMT_STATUS_BUSY); 1375 goto failed; 1376 } 1377 1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1380 MGMT_STATUS_REJECTED); 1381 goto failed; 1382 } 1383 1384 if (!hdev_is_powered(hdev)) { 1385 bool changed = false; 1386 1387 /* Setting limited discoverable when powered off is 1388 * not a valid operation since it requires a timeout 1389 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1390 */ 1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1393 changed = true; 1394 } 1395 1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1397 if (err < 0) 1398 goto failed; 1399 1400 if (changed) 1401 err = new_settings(hdev, sk); 1402 1403 goto failed; 1404 } 1405 1406 /* If the current mode is the same, then just update the timeout 1407 * value with the new value. And if only the timeout gets updated, 1408 * then no need for any HCI transactions. 1409 */ 1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1411 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1412 HCI_LIMITED_DISCOVERABLE)) { 1413 cancel_delayed_work(&hdev->discov_off); 1414 hdev->discov_timeout = timeout; 1415 1416 if (cp->val && hdev->discov_timeout > 0) { 1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1418 queue_delayed_work(hdev->req_workqueue, 1419 &hdev->discov_off, to); 1420 } 1421 1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1423 goto failed; 1424 } 1425 1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1427 if (!cmd) { 1428 err = -ENOMEM; 1429 goto failed; 1430 } 1431 1432 /* Cancel any potential discoverable timeout that might be 1433 * still active and store new timeout value. The arming of 1434 * the timeout happens in the complete handler. 1435 */ 1436 cancel_delayed_work(&hdev->discov_off); 1437 hdev->discov_timeout = timeout; 1438 1439 if (cp->val) 1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1441 else 1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1443 1444 /* Limited discoverable mode */ 1445 if (cp->val == 0x02) 1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1447 else 1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1449 1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1451 err = 0; 1452 1453 failed: 1454 hci_dev_unlock(hdev); 1455 return err; 1456 } 1457 1458 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1459 { 1460 struct mgmt_pending_cmd *cmd; 1461 1462 BT_DBG("status 0x%02x", status); 1463 1464 hci_dev_lock(hdev); 1465 1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1467 if (!cmd) 1468 goto unlock; 1469 1470 if (status) { 1471 u8 mgmt_err = mgmt_status(status); 1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1473 goto remove_cmd; 1474 } 1475 1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1477 new_settings(hdev, cmd->sk); 1478 1479 remove_cmd: 1480 mgmt_pending_remove(cmd); 1481 1482 unlock: 1483 hci_dev_unlock(hdev); 1484 } 1485 1486 static int set_connectable_update_settings(struct hci_dev *hdev, 1487 struct sock *sk, u8 val) 1488 { 1489 bool changed = false; 1490 int err; 1491 1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1493 changed = true; 1494 1495 if (val) { 1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1497 } else { 1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1500 } 1501 1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1503 if (err < 0) 1504 return err; 1505 1506 if (changed) { 1507 hci_req_update_scan(hdev); 1508 hci_update_background_scan(hdev); 1509 return new_settings(hdev, sk); 1510 } 1511 1512 return 0; 1513 } 1514 1515 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1516 u16 len) 1517 { 1518 struct mgmt_mode *cp = data; 1519 struct mgmt_pending_cmd *cmd; 1520 int err; 1521 1522 BT_DBG("request for %s", hdev->name); 1523 1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1527 MGMT_STATUS_REJECTED); 1528 1529 if (cp->val != 0x00 && cp->val != 0x01) 1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1531 MGMT_STATUS_INVALID_PARAMS); 1532 1533 hci_dev_lock(hdev); 1534 1535 if (!hdev_is_powered(hdev)) { 1536 err = set_connectable_update_settings(hdev, sk, cp->val); 1537 goto failed; 1538 } 1539 1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1543 MGMT_STATUS_BUSY); 1544 goto failed; 1545 } 1546 1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1548 if (!cmd) { 1549 err = -ENOMEM; 1550 goto failed; 1551 } 1552 1553 if (cp->val) { 1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1555 } else { 1556 if (hdev->discov_timeout > 0) 1557 cancel_delayed_work(&hdev->discov_off); 1558 1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1562 } 1563 1564 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1565 err = 0; 1566 1567 failed: 1568 hci_dev_unlock(hdev); 1569 return err; 1570 } 1571 1572 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1573 u16 len) 1574 { 1575 struct mgmt_mode *cp = data; 1576 bool changed; 1577 int err; 1578 1579 BT_DBG("request for %s", hdev->name); 1580 1581 if (cp->val != 0x00 && cp->val != 0x01) 1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1583 MGMT_STATUS_INVALID_PARAMS); 1584 1585 hci_dev_lock(hdev); 1586 1587 if (cp->val) 1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1589 else 1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1591 1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1593 if (err < 0) 1594 goto unlock; 1595 1596 if (changed) { 1597 /* In limited privacy mode the change of bondable mode 1598 * may affect the local advertising address. 1599 */ 1600 if (hdev_is_powered(hdev) && 1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1604 queue_work(hdev->req_workqueue, 1605 &hdev->discoverable_update); 1606 1607 err = new_settings(hdev, sk); 1608 } 1609 1610 unlock: 1611 hci_dev_unlock(hdev); 1612 return err; 1613 } 1614 1615 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1616 u16 len) 1617 { 1618 struct mgmt_mode *cp = data; 1619 struct mgmt_pending_cmd *cmd; 1620 u8 val, status; 1621 int err; 1622 1623 BT_DBG("request for %s", hdev->name); 1624 1625 status = mgmt_bredr_support(hdev); 1626 if (status) 1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1628 status); 1629 1630 if (cp->val != 0x00 && cp->val != 0x01) 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1632 MGMT_STATUS_INVALID_PARAMS); 1633 1634 hci_dev_lock(hdev); 1635 1636 if (!hdev_is_powered(hdev)) { 1637 bool changed = false; 1638 1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1641 changed = true; 1642 } 1643 1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1645 if (err < 0) 1646 goto failed; 1647 1648 if (changed) 1649 err = new_settings(hdev, sk); 1650 1651 goto failed; 1652 } 1653 1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1656 MGMT_STATUS_BUSY); 1657 goto failed; 1658 } 1659 1660 val = !!cp->val; 1661 1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1664 goto failed; 1665 } 1666 1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1668 if (!cmd) { 1669 err = -ENOMEM; 1670 goto failed; 1671 } 1672 1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1674 if (err < 0) { 1675 mgmt_pending_remove(cmd); 1676 goto failed; 1677 } 1678 1679 failed: 1680 hci_dev_unlock(hdev); 1681 return err; 1682 } 1683 1684 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1685 { 1686 struct mgmt_mode *cp = data; 1687 struct mgmt_pending_cmd *cmd; 1688 u8 status; 1689 int err; 1690 1691 BT_DBG("request for %s", hdev->name); 1692 1693 status = mgmt_bredr_support(hdev); 1694 if (status) 1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1696 1697 if (!lmp_ssp_capable(hdev)) 1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1699 MGMT_STATUS_NOT_SUPPORTED); 1700 1701 if (cp->val != 0x00 && cp->val != 0x01) 1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1703 MGMT_STATUS_INVALID_PARAMS); 1704 1705 hci_dev_lock(hdev); 1706 1707 if (!hdev_is_powered(hdev)) { 1708 bool changed; 1709 1710 if (cp->val) { 1711 changed = !hci_dev_test_and_set_flag(hdev, 1712 HCI_SSP_ENABLED); 1713 } else { 1714 changed = hci_dev_test_and_clear_flag(hdev, 1715 HCI_SSP_ENABLED); 1716 if (!changed) 1717 changed = hci_dev_test_and_clear_flag(hdev, 1718 HCI_HS_ENABLED); 1719 else 1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1721 } 1722 1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1724 if (err < 0) 1725 goto failed; 1726 1727 if (changed) 1728 err = new_settings(hdev, sk); 1729 1730 goto failed; 1731 } 1732 1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1735 MGMT_STATUS_BUSY); 1736 goto failed; 1737 } 1738 1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1741 goto failed; 1742 } 1743 1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1745 if (!cmd) { 1746 err = -ENOMEM; 1747 goto failed; 1748 } 1749 1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1752 sizeof(cp->val), &cp->val); 1753 1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1755 if (err < 0) { 1756 mgmt_pending_remove(cmd); 1757 goto failed; 1758 } 1759 1760 failed: 1761 hci_dev_unlock(hdev); 1762 return err; 1763 } 1764 1765 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1766 { 1767 struct mgmt_mode *cp = data; 1768 bool changed; 1769 u8 status; 1770 int err; 1771 1772 BT_DBG("request for %s", hdev->name); 1773 1774 status = mgmt_bredr_support(hdev); 1775 if (status) 1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1777 1778 if (!lmp_ssp_capable(hdev)) 1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1780 MGMT_STATUS_NOT_SUPPORTED); 1781 1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1784 MGMT_STATUS_REJECTED); 1785 1786 if (cp->val != 0x00 && cp->val != 0x01) 1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1788 MGMT_STATUS_INVALID_PARAMS); 1789 1790 hci_dev_lock(hdev); 1791 1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1794 MGMT_STATUS_BUSY); 1795 goto unlock; 1796 } 1797 1798 if (cp->val) { 1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1800 } else { 1801 if (hdev_is_powered(hdev)) { 1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1803 MGMT_STATUS_REJECTED); 1804 goto unlock; 1805 } 1806 1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1808 } 1809 1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1811 if (err < 0) 1812 goto unlock; 1813 1814 if (changed) 1815 err = new_settings(hdev, sk); 1816 1817 unlock: 1818 hci_dev_unlock(hdev); 1819 return err; 1820 } 1821 1822 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1823 { 1824 struct cmd_lookup match = { NULL, hdev }; 1825 1826 hci_dev_lock(hdev); 1827 1828 if (status) { 1829 u8 mgmt_err = mgmt_status(status); 1830 1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1832 &mgmt_err); 1833 goto unlock; 1834 } 1835 1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1837 1838 new_settings(hdev, match.sk); 1839 1840 if (match.sk) 1841 sock_put(match.sk); 1842 1843 /* Make sure the controller has a good default for 1844 * advertising data. Restrict the update to when LE 1845 * has actually been enabled. During power on, the 1846 * update in powered_update_hci will take care of it. 1847 */ 1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1849 struct hci_request req; 1850 hci_req_init(&req, hdev); 1851 if (ext_adv_capable(hdev)) { 1852 int err; 1853 1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00); 1855 if (!err) 1856 __hci_req_update_scan_rsp_data(&req, 0x00); 1857 } else { 1858 __hci_req_update_adv_data(&req, 0x00); 1859 __hci_req_update_scan_rsp_data(&req, 0x00); 1860 } 1861 hci_req_run(&req, NULL); 1862 hci_update_background_scan(hdev); 1863 } 1864 1865 unlock: 1866 hci_dev_unlock(hdev); 1867 } 1868 1869 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1870 { 1871 struct mgmt_mode *cp = data; 1872 struct hci_cp_write_le_host_supported hci_cp; 1873 struct mgmt_pending_cmd *cmd; 1874 struct hci_request req; 1875 int err; 1876 u8 val, enabled; 1877 1878 BT_DBG("request for %s", hdev->name); 1879 1880 if (!lmp_le_capable(hdev)) 1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1882 MGMT_STATUS_NOT_SUPPORTED); 1883 1884 if (cp->val != 0x00 && cp->val != 0x01) 1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1886 MGMT_STATUS_INVALID_PARAMS); 1887 1888 /* Bluetooth single mode LE only controllers or dual-mode 1889 * controllers configured as LE only devices, do not allow 1890 * switching LE off. These have either LE enabled explicitly 1891 * or BR/EDR has been previously switched off. 1892 * 1893 * When trying to enable an already enabled LE, then gracefully 1894 * send a positive response. Trying to disable it however will 1895 * result into rejection. 1896 */ 1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1898 if (cp->val == 0x01) 1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1900 1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1902 MGMT_STATUS_REJECTED); 1903 } 1904 1905 hci_dev_lock(hdev); 1906 1907 val = !!cp->val; 1908 enabled = lmp_host_le_capable(hdev); 1909 1910 if (!val) 1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1912 1913 if (!hdev_is_powered(hdev) || val == enabled) { 1914 bool changed = false; 1915 1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1918 changed = true; 1919 } 1920 1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1923 changed = true; 1924 } 1925 1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1927 if (err < 0) 1928 goto unlock; 1929 1930 if (changed) 1931 err = new_settings(hdev, sk); 1932 1933 goto unlock; 1934 } 1935 1936 if (pending_find(MGMT_OP_SET_LE, hdev) || 1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1939 MGMT_STATUS_BUSY); 1940 goto unlock; 1941 } 1942 1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1944 if (!cmd) { 1945 err = -ENOMEM; 1946 goto unlock; 1947 } 1948 1949 hci_req_init(&req, hdev); 1950 1951 memset(&hci_cp, 0, sizeof(hci_cp)); 1952 1953 if (val) { 1954 hci_cp.le = val; 1955 hci_cp.simul = 0x00; 1956 } else { 1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1958 __hci_req_disable_advertising(&req); 1959 1960 if (ext_adv_capable(hdev)) 1961 __hci_req_clear_ext_adv_sets(&req); 1962 } 1963 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1965 &hci_cp); 1966 1967 err = hci_req_run(&req, le_enable_complete); 1968 if (err < 0) 1969 mgmt_pending_remove(cmd); 1970 1971 unlock: 1972 hci_dev_unlock(hdev); 1973 return err; 1974 } 1975 1976 /* This is a helper function to test for pending mgmt commands that can 1977 * cause CoD or EIR HCI commands. We can only allow one such pending 1978 * mgmt command at a time since otherwise we cannot easily track what 1979 * the current values are, will be, and based on that calculate if a new 1980 * HCI command needs to be sent and if yes with what value. 1981 */ 1982 static bool pending_eir_or_class(struct hci_dev *hdev) 1983 { 1984 struct mgmt_pending_cmd *cmd; 1985 1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1987 switch (cmd->opcode) { 1988 case MGMT_OP_ADD_UUID: 1989 case MGMT_OP_REMOVE_UUID: 1990 case MGMT_OP_SET_DEV_CLASS: 1991 case MGMT_OP_SET_POWERED: 1992 return true; 1993 } 1994 } 1995 1996 return false; 1997 } 1998 1999 static const u8 bluetooth_base_uuid[] = { 2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2002 }; 2003 2004 static u8 get_uuid_size(const u8 *uuid) 2005 { 2006 u32 val; 2007 2008 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2009 return 128; 2010 2011 val = get_unaligned_le32(&uuid[12]); 2012 if (val > 0xffff) 2013 return 32; 2014 2015 return 16; 2016 } 2017 2018 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 2019 { 2020 struct mgmt_pending_cmd *cmd; 2021 2022 hci_dev_lock(hdev); 2023 2024 cmd = pending_find(mgmt_op, hdev); 2025 if (!cmd) 2026 goto unlock; 2027 2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2029 mgmt_status(status), hdev->dev_class, 3); 2030 2031 mgmt_pending_remove(cmd); 2032 2033 unlock: 2034 hci_dev_unlock(hdev); 2035 } 2036 2037 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2038 { 2039 BT_DBG("status 0x%02x", status); 2040 2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 2042 } 2043 2044 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2045 { 2046 struct mgmt_cp_add_uuid *cp = data; 2047 struct mgmt_pending_cmd *cmd; 2048 struct hci_request req; 2049 struct bt_uuid *uuid; 2050 int err; 2051 2052 BT_DBG("request for %s", hdev->name); 2053 2054 hci_dev_lock(hdev); 2055 2056 if (pending_eir_or_class(hdev)) { 2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2058 MGMT_STATUS_BUSY); 2059 goto failed; 2060 } 2061 2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2063 if (!uuid) { 2064 err = -ENOMEM; 2065 goto failed; 2066 } 2067 2068 memcpy(uuid->uuid, cp->uuid, 16); 2069 uuid->svc_hint = cp->svc_hint; 2070 uuid->size = get_uuid_size(cp->uuid); 2071 2072 list_add_tail(&uuid->list, &hdev->uuids); 2073 2074 hci_req_init(&req, hdev); 2075 2076 __hci_req_update_class(&req); 2077 __hci_req_update_eir(&req); 2078 2079 err = hci_req_run(&req, add_uuid_complete); 2080 if (err < 0) { 2081 if (err != -ENODATA) 2082 goto failed; 2083 2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 2085 hdev->dev_class, 3); 2086 goto failed; 2087 } 2088 2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2090 if (!cmd) { 2091 err = -ENOMEM; 2092 goto failed; 2093 } 2094 2095 err = 0; 2096 2097 failed: 2098 hci_dev_unlock(hdev); 2099 return err; 2100 } 2101 2102 static bool enable_service_cache(struct hci_dev *hdev) 2103 { 2104 if (!hdev_is_powered(hdev)) 2105 return false; 2106 2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2109 CACHE_TIMEOUT); 2110 return true; 2111 } 2112 2113 return false; 2114 } 2115 2116 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2117 { 2118 BT_DBG("status 0x%02x", status); 2119 2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 2121 } 2122 2123 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2124 u16 len) 2125 { 2126 struct mgmt_cp_remove_uuid *cp = data; 2127 struct mgmt_pending_cmd *cmd; 2128 struct bt_uuid *match, *tmp; 2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 2130 struct hci_request req; 2131 int err, found; 2132 2133 BT_DBG("request for %s", hdev->name); 2134 2135 hci_dev_lock(hdev); 2136 2137 if (pending_eir_or_class(hdev)) { 2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2139 MGMT_STATUS_BUSY); 2140 goto unlock; 2141 } 2142 2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2144 hci_uuids_clear(hdev); 2145 2146 if (enable_service_cache(hdev)) { 2147 err = mgmt_cmd_complete(sk, hdev->id, 2148 MGMT_OP_REMOVE_UUID, 2149 0, hdev->dev_class, 3); 2150 goto unlock; 2151 } 2152 2153 goto update_class; 2154 } 2155 2156 found = 0; 2157 2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2159 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2160 continue; 2161 2162 list_del(&match->list); 2163 kfree(match); 2164 found++; 2165 } 2166 2167 if (found == 0) { 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2169 MGMT_STATUS_INVALID_PARAMS); 2170 goto unlock; 2171 } 2172 2173 update_class: 2174 hci_req_init(&req, hdev); 2175 2176 __hci_req_update_class(&req); 2177 __hci_req_update_eir(&req); 2178 2179 err = hci_req_run(&req, remove_uuid_complete); 2180 if (err < 0) { 2181 if (err != -ENODATA) 2182 goto unlock; 2183 2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2185 hdev->dev_class, 3); 2186 goto unlock; 2187 } 2188 2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2190 if (!cmd) { 2191 err = -ENOMEM; 2192 goto unlock; 2193 } 2194 2195 err = 0; 2196 2197 unlock: 2198 hci_dev_unlock(hdev); 2199 return err; 2200 } 2201 2202 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2203 { 2204 BT_DBG("status 0x%02x", status); 2205 2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2207 } 2208 2209 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2210 u16 len) 2211 { 2212 struct mgmt_cp_set_dev_class *cp = data; 2213 struct mgmt_pending_cmd *cmd; 2214 struct hci_request req; 2215 int err; 2216 2217 BT_DBG("request for %s", hdev->name); 2218 2219 if (!lmp_bredr_capable(hdev)) 2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2221 MGMT_STATUS_NOT_SUPPORTED); 2222 2223 hci_dev_lock(hdev); 2224 2225 if (pending_eir_or_class(hdev)) { 2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2227 MGMT_STATUS_BUSY); 2228 goto unlock; 2229 } 2230 2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2233 MGMT_STATUS_INVALID_PARAMS); 2234 goto unlock; 2235 } 2236 2237 hdev->major_class = cp->major; 2238 hdev->minor_class = cp->minor; 2239 2240 if (!hdev_is_powered(hdev)) { 2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2242 hdev->dev_class, 3); 2243 goto unlock; 2244 } 2245 2246 hci_req_init(&req, hdev); 2247 2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2249 hci_dev_unlock(hdev); 2250 cancel_delayed_work_sync(&hdev->service_cache); 2251 hci_dev_lock(hdev); 2252 __hci_req_update_eir(&req); 2253 } 2254 2255 __hci_req_update_class(&req); 2256 2257 err = hci_req_run(&req, set_class_complete); 2258 if (err < 0) { 2259 if (err != -ENODATA) 2260 goto unlock; 2261 2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2263 hdev->dev_class, 3); 2264 goto unlock; 2265 } 2266 2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2268 if (!cmd) { 2269 err = -ENOMEM; 2270 goto unlock; 2271 } 2272 2273 err = 0; 2274 2275 unlock: 2276 hci_dev_unlock(hdev); 2277 return err; 2278 } 2279 2280 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2281 u16 len) 2282 { 2283 struct mgmt_cp_load_link_keys *cp = data; 2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2285 sizeof(struct mgmt_link_key_info)); 2286 u16 key_count, expected_len; 2287 bool changed; 2288 int i; 2289 2290 BT_DBG("request for %s", hdev->name); 2291 2292 if (!lmp_bredr_capable(hdev)) 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2294 MGMT_STATUS_NOT_SUPPORTED); 2295 2296 key_count = __le16_to_cpu(cp->key_count); 2297 if (key_count > max_key_count) { 2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2299 key_count); 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2301 MGMT_STATUS_INVALID_PARAMS); 2302 } 2303 2304 expected_len = sizeof(*cp) + key_count * 2305 sizeof(struct mgmt_link_key_info); 2306 if (expected_len != len) { 2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2308 expected_len, len); 2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2310 MGMT_STATUS_INVALID_PARAMS); 2311 } 2312 2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2315 MGMT_STATUS_INVALID_PARAMS); 2316 2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2318 key_count); 2319 2320 for (i = 0; i < key_count; i++) { 2321 struct mgmt_link_key_info *key = &cp->keys[i]; 2322 2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2324 return mgmt_cmd_status(sk, hdev->id, 2325 MGMT_OP_LOAD_LINK_KEYS, 2326 MGMT_STATUS_INVALID_PARAMS); 2327 } 2328 2329 hci_dev_lock(hdev); 2330 2331 hci_link_keys_clear(hdev); 2332 2333 if (cp->debug_keys) 2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2335 else 2336 changed = hci_dev_test_and_clear_flag(hdev, 2337 HCI_KEEP_DEBUG_KEYS); 2338 2339 if (changed) 2340 new_settings(hdev, NULL); 2341 2342 for (i = 0; i < key_count; i++) { 2343 struct mgmt_link_key_info *key = &cp->keys[i]; 2344 2345 /* Always ignore debug keys and require a new pairing if 2346 * the user wants to use them. 2347 */ 2348 if (key->type == HCI_LK_DEBUG_COMBINATION) 2349 continue; 2350 2351 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2352 key->type, key->pin_len, NULL); 2353 } 2354 2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2356 2357 hci_dev_unlock(hdev); 2358 2359 return 0; 2360 } 2361 2362 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2363 u8 addr_type, struct sock *skip_sk) 2364 { 2365 struct mgmt_ev_device_unpaired ev; 2366 2367 bacpy(&ev.addr.bdaddr, bdaddr); 2368 ev.addr.type = addr_type; 2369 2370 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2371 skip_sk); 2372 } 2373 2374 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2375 u16 len) 2376 { 2377 struct mgmt_cp_unpair_device *cp = data; 2378 struct mgmt_rp_unpair_device rp; 2379 struct hci_conn_params *params; 2380 struct mgmt_pending_cmd *cmd; 2381 struct hci_conn *conn; 2382 u8 addr_type; 2383 int err; 2384 2385 memset(&rp, 0, sizeof(rp)); 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2387 rp.addr.type = cp->addr.type; 2388 2389 if (!bdaddr_type_is_valid(cp->addr.type)) 2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2391 MGMT_STATUS_INVALID_PARAMS, 2392 &rp, sizeof(rp)); 2393 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2396 MGMT_STATUS_INVALID_PARAMS, 2397 &rp, sizeof(rp)); 2398 2399 hci_dev_lock(hdev); 2400 2401 if (!hdev_is_powered(hdev)) { 2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2403 MGMT_STATUS_NOT_POWERED, &rp, 2404 sizeof(rp)); 2405 goto unlock; 2406 } 2407 2408 if (cp->addr.type == BDADDR_BREDR) { 2409 /* If disconnection is requested, then look up the 2410 * connection. If the remote device is connected, it 2411 * will be later used to terminate the link. 2412 * 2413 * Setting it to NULL explicitly will cause no 2414 * termination of the link. 2415 */ 2416 if (cp->disconnect) 2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2418 &cp->addr.bdaddr); 2419 else 2420 conn = NULL; 2421 2422 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2423 if (err < 0) { 2424 err = mgmt_cmd_complete(sk, hdev->id, 2425 MGMT_OP_UNPAIR_DEVICE, 2426 MGMT_STATUS_NOT_PAIRED, &rp, 2427 sizeof(rp)); 2428 goto unlock; 2429 } 2430 2431 goto done; 2432 } 2433 2434 /* LE address type */ 2435 addr_type = le_addr_type(cp->addr.type); 2436 2437 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 2438 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 2439 if (err < 0) { 2440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2441 MGMT_STATUS_NOT_PAIRED, &rp, 2442 sizeof(rp)); 2443 goto unlock; 2444 } 2445 2446 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2447 if (!conn) { 2448 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2449 goto done; 2450 } 2451 2452 2453 /* Defer clearing up the connection parameters until closing to 2454 * give a chance of keeping them if a repairing happens. 2455 */ 2456 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2457 2458 /* Disable auto-connection parameters if present */ 2459 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2460 if (params) { 2461 if (params->explicit_connect) 2462 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2463 else 2464 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2465 } 2466 2467 /* If disconnection is not requested, then clear the connection 2468 * variable so that the link is not terminated. 2469 */ 2470 if (!cp->disconnect) 2471 conn = NULL; 2472 2473 done: 2474 /* If the connection variable is set, then termination of the 2475 * link is requested. 2476 */ 2477 if (!conn) { 2478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2479 &rp, sizeof(rp)); 2480 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2481 goto unlock; 2482 } 2483 2484 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2485 sizeof(*cp)); 2486 if (!cmd) { 2487 err = -ENOMEM; 2488 goto unlock; 2489 } 2490 2491 cmd->cmd_complete = addr_cmd_complete; 2492 2493 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2494 if (err < 0) 2495 mgmt_pending_remove(cmd); 2496 2497 unlock: 2498 hci_dev_unlock(hdev); 2499 return err; 2500 } 2501 2502 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2503 u16 len) 2504 { 2505 struct mgmt_cp_disconnect *cp = data; 2506 struct mgmt_rp_disconnect rp; 2507 struct mgmt_pending_cmd *cmd; 2508 struct hci_conn *conn; 2509 int err; 2510 2511 BT_DBG(""); 2512 2513 memset(&rp, 0, sizeof(rp)); 2514 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2515 rp.addr.type = cp->addr.type; 2516 2517 if (!bdaddr_type_is_valid(cp->addr.type)) 2518 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2519 MGMT_STATUS_INVALID_PARAMS, 2520 &rp, sizeof(rp)); 2521 2522 hci_dev_lock(hdev); 2523 2524 if (!test_bit(HCI_UP, &hdev->flags)) { 2525 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2526 MGMT_STATUS_NOT_POWERED, &rp, 2527 sizeof(rp)); 2528 goto failed; 2529 } 2530 2531 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2533 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2534 goto failed; 2535 } 2536 2537 if (cp->addr.type == BDADDR_BREDR) 2538 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2539 &cp->addr.bdaddr); 2540 else 2541 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2542 le_addr_type(cp->addr.type)); 2543 2544 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2546 MGMT_STATUS_NOT_CONNECTED, &rp, 2547 sizeof(rp)); 2548 goto failed; 2549 } 2550 2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2552 if (!cmd) { 2553 err = -ENOMEM; 2554 goto failed; 2555 } 2556 2557 cmd->cmd_complete = generic_cmd_complete; 2558 2559 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2560 if (err < 0) 2561 mgmt_pending_remove(cmd); 2562 2563 failed: 2564 hci_dev_unlock(hdev); 2565 return err; 2566 } 2567 2568 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2569 { 2570 switch (link_type) { 2571 case LE_LINK: 2572 switch (addr_type) { 2573 case ADDR_LE_DEV_PUBLIC: 2574 return BDADDR_LE_PUBLIC; 2575 2576 default: 2577 /* Fallback to LE Random address type */ 2578 return BDADDR_LE_RANDOM; 2579 } 2580 2581 default: 2582 /* Fallback to BR/EDR type */ 2583 return BDADDR_BREDR; 2584 } 2585 } 2586 2587 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2588 u16 data_len) 2589 { 2590 struct mgmt_rp_get_connections *rp; 2591 struct hci_conn *c; 2592 size_t rp_len; 2593 int err; 2594 u16 i; 2595 2596 BT_DBG(""); 2597 2598 hci_dev_lock(hdev); 2599 2600 if (!hdev_is_powered(hdev)) { 2601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2602 MGMT_STATUS_NOT_POWERED); 2603 goto unlock; 2604 } 2605 2606 i = 0; 2607 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2608 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2609 i++; 2610 } 2611 2612 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2613 rp = kmalloc(rp_len, GFP_KERNEL); 2614 if (!rp) { 2615 err = -ENOMEM; 2616 goto unlock; 2617 } 2618 2619 i = 0; 2620 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2621 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2622 continue; 2623 bacpy(&rp->addr[i].bdaddr, &c->dst); 2624 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2625 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2626 continue; 2627 i++; 2628 } 2629 2630 rp->conn_count = cpu_to_le16(i); 2631 2632 /* Recalculate length in case of filtered SCO connections, etc */ 2633 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2634 2635 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2636 rp_len); 2637 2638 kfree(rp); 2639 2640 unlock: 2641 hci_dev_unlock(hdev); 2642 return err; 2643 } 2644 2645 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2646 struct mgmt_cp_pin_code_neg_reply *cp) 2647 { 2648 struct mgmt_pending_cmd *cmd; 2649 int err; 2650 2651 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2652 sizeof(*cp)); 2653 if (!cmd) 2654 return -ENOMEM; 2655 2656 cmd->cmd_complete = addr_cmd_complete; 2657 2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2660 if (err < 0) 2661 mgmt_pending_remove(cmd); 2662 2663 return err; 2664 } 2665 2666 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2667 u16 len) 2668 { 2669 struct hci_conn *conn; 2670 struct mgmt_cp_pin_code_reply *cp = data; 2671 struct hci_cp_pin_code_reply reply; 2672 struct mgmt_pending_cmd *cmd; 2673 int err; 2674 2675 BT_DBG(""); 2676 2677 hci_dev_lock(hdev); 2678 2679 if (!hdev_is_powered(hdev)) { 2680 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2681 MGMT_STATUS_NOT_POWERED); 2682 goto failed; 2683 } 2684 2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2686 if (!conn) { 2687 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2688 MGMT_STATUS_NOT_CONNECTED); 2689 goto failed; 2690 } 2691 2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2693 struct mgmt_cp_pin_code_neg_reply ncp; 2694 2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2696 2697 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2698 2699 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2700 if (err >= 0) 2701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2702 MGMT_STATUS_INVALID_PARAMS); 2703 2704 goto failed; 2705 } 2706 2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2708 if (!cmd) { 2709 err = -ENOMEM; 2710 goto failed; 2711 } 2712 2713 cmd->cmd_complete = addr_cmd_complete; 2714 2715 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2716 reply.pin_len = cp->pin_len; 2717 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2718 2719 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2720 if (err < 0) 2721 mgmt_pending_remove(cmd); 2722 2723 failed: 2724 hci_dev_unlock(hdev); 2725 return err; 2726 } 2727 2728 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2729 u16 len) 2730 { 2731 struct mgmt_cp_set_io_capability *cp = data; 2732 2733 BT_DBG(""); 2734 2735 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2737 MGMT_STATUS_INVALID_PARAMS); 2738 2739 hci_dev_lock(hdev); 2740 2741 hdev->io_capability = cp->io_capability; 2742 2743 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2744 hdev->io_capability); 2745 2746 hci_dev_unlock(hdev); 2747 2748 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2749 NULL, 0); 2750 } 2751 2752 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2753 { 2754 struct hci_dev *hdev = conn->hdev; 2755 struct mgmt_pending_cmd *cmd; 2756 2757 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2758 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2759 continue; 2760 2761 if (cmd->user_data != conn) 2762 continue; 2763 2764 return cmd; 2765 } 2766 2767 return NULL; 2768 } 2769 2770 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2771 { 2772 struct mgmt_rp_pair_device rp; 2773 struct hci_conn *conn = cmd->user_data; 2774 int err; 2775 2776 bacpy(&rp.addr.bdaddr, &conn->dst); 2777 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2778 2779 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2780 status, &rp, sizeof(rp)); 2781 2782 /* So we don't get further callbacks for this connection */ 2783 conn->connect_cfm_cb = NULL; 2784 conn->security_cfm_cb = NULL; 2785 conn->disconn_cfm_cb = NULL; 2786 2787 hci_conn_drop(conn); 2788 2789 /* The device is paired so there is no need to remove 2790 * its connection parameters anymore. 2791 */ 2792 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2793 2794 hci_conn_put(conn); 2795 2796 return err; 2797 } 2798 2799 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2800 { 2801 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2802 struct mgmt_pending_cmd *cmd; 2803 2804 cmd = find_pairing(conn); 2805 if (cmd) { 2806 cmd->cmd_complete(cmd, status); 2807 mgmt_pending_remove(cmd); 2808 } 2809 } 2810 2811 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2812 { 2813 struct mgmt_pending_cmd *cmd; 2814 2815 BT_DBG("status %u", status); 2816 2817 cmd = find_pairing(conn); 2818 if (!cmd) { 2819 BT_DBG("Unable to find a pending command"); 2820 return; 2821 } 2822 2823 cmd->cmd_complete(cmd, mgmt_status(status)); 2824 mgmt_pending_remove(cmd); 2825 } 2826 2827 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2828 { 2829 struct mgmt_pending_cmd *cmd; 2830 2831 BT_DBG("status %u", status); 2832 2833 if (!status) 2834 return; 2835 2836 cmd = find_pairing(conn); 2837 if (!cmd) { 2838 BT_DBG("Unable to find a pending command"); 2839 return; 2840 } 2841 2842 cmd->cmd_complete(cmd, mgmt_status(status)); 2843 mgmt_pending_remove(cmd); 2844 } 2845 2846 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2847 u16 len) 2848 { 2849 struct mgmt_cp_pair_device *cp = data; 2850 struct mgmt_rp_pair_device rp; 2851 struct mgmt_pending_cmd *cmd; 2852 u8 sec_level, auth_type; 2853 struct hci_conn *conn; 2854 int err; 2855 2856 BT_DBG(""); 2857 2858 memset(&rp, 0, sizeof(rp)); 2859 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2860 rp.addr.type = cp->addr.type; 2861 2862 if (!bdaddr_type_is_valid(cp->addr.type)) 2863 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2864 MGMT_STATUS_INVALID_PARAMS, 2865 &rp, sizeof(rp)); 2866 2867 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2868 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2869 MGMT_STATUS_INVALID_PARAMS, 2870 &rp, sizeof(rp)); 2871 2872 hci_dev_lock(hdev); 2873 2874 if (!hdev_is_powered(hdev)) { 2875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2876 MGMT_STATUS_NOT_POWERED, &rp, 2877 sizeof(rp)); 2878 goto unlock; 2879 } 2880 2881 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2882 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2883 MGMT_STATUS_ALREADY_PAIRED, &rp, 2884 sizeof(rp)); 2885 goto unlock; 2886 } 2887 2888 sec_level = BT_SECURITY_MEDIUM; 2889 auth_type = HCI_AT_DEDICATED_BONDING; 2890 2891 if (cp->addr.type == BDADDR_BREDR) { 2892 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2893 auth_type); 2894 } else { 2895 u8 addr_type = le_addr_type(cp->addr.type); 2896 struct hci_conn_params *p; 2897 2898 /* When pairing a new device, it is expected to remember 2899 * this device for future connections. Adding the connection 2900 * parameter information ahead of time allows tracking 2901 * of the slave preferred values and will speed up any 2902 * further connection establishment. 2903 * 2904 * If connection parameters already exist, then they 2905 * will be kept and this function does nothing. 2906 */ 2907 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2908 2909 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2910 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2911 2912 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2913 addr_type, sec_level, 2914 HCI_LE_CONN_TIMEOUT); 2915 } 2916 2917 if (IS_ERR(conn)) { 2918 int status; 2919 2920 if (PTR_ERR(conn) == -EBUSY) 2921 status = MGMT_STATUS_BUSY; 2922 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2923 status = MGMT_STATUS_NOT_SUPPORTED; 2924 else if (PTR_ERR(conn) == -ECONNREFUSED) 2925 status = MGMT_STATUS_REJECTED; 2926 else 2927 status = MGMT_STATUS_CONNECT_FAILED; 2928 2929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2930 status, &rp, sizeof(rp)); 2931 goto unlock; 2932 } 2933 2934 if (conn->connect_cfm_cb) { 2935 hci_conn_drop(conn); 2936 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2937 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2938 goto unlock; 2939 } 2940 2941 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2942 if (!cmd) { 2943 err = -ENOMEM; 2944 hci_conn_drop(conn); 2945 goto unlock; 2946 } 2947 2948 cmd->cmd_complete = pairing_complete; 2949 2950 /* For LE, just connecting isn't a proof that the pairing finished */ 2951 if (cp->addr.type == BDADDR_BREDR) { 2952 conn->connect_cfm_cb = pairing_complete_cb; 2953 conn->security_cfm_cb = pairing_complete_cb; 2954 conn->disconn_cfm_cb = pairing_complete_cb; 2955 } else { 2956 conn->connect_cfm_cb = le_pairing_complete_cb; 2957 conn->security_cfm_cb = le_pairing_complete_cb; 2958 conn->disconn_cfm_cb = le_pairing_complete_cb; 2959 } 2960 2961 conn->io_capability = cp->io_cap; 2962 cmd->user_data = hci_conn_get(conn); 2963 2964 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2965 hci_conn_security(conn, sec_level, auth_type, true)) { 2966 cmd->cmd_complete(cmd, 0); 2967 mgmt_pending_remove(cmd); 2968 } 2969 2970 err = 0; 2971 2972 unlock: 2973 hci_dev_unlock(hdev); 2974 return err; 2975 } 2976 2977 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2978 u16 len) 2979 { 2980 struct mgmt_addr_info *addr = data; 2981 struct mgmt_pending_cmd *cmd; 2982 struct hci_conn *conn; 2983 int err; 2984 2985 BT_DBG(""); 2986 2987 hci_dev_lock(hdev); 2988 2989 if (!hdev_is_powered(hdev)) { 2990 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2991 MGMT_STATUS_NOT_POWERED); 2992 goto unlock; 2993 } 2994 2995 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2996 if (!cmd) { 2997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2998 MGMT_STATUS_INVALID_PARAMS); 2999 goto unlock; 3000 } 3001 3002 conn = cmd->user_data; 3003 3004 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3006 MGMT_STATUS_INVALID_PARAMS); 3007 goto unlock; 3008 } 3009 3010 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3011 mgmt_pending_remove(cmd); 3012 3013 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3014 addr, sizeof(*addr)); 3015 unlock: 3016 hci_dev_unlock(hdev); 3017 return err; 3018 } 3019 3020 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3021 struct mgmt_addr_info *addr, u16 mgmt_op, 3022 u16 hci_op, __le32 passkey) 3023 { 3024 struct mgmt_pending_cmd *cmd; 3025 struct hci_conn *conn; 3026 int err; 3027 3028 hci_dev_lock(hdev); 3029 3030 if (!hdev_is_powered(hdev)) { 3031 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3032 MGMT_STATUS_NOT_POWERED, addr, 3033 sizeof(*addr)); 3034 goto done; 3035 } 3036 3037 if (addr->type == BDADDR_BREDR) 3038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3039 else 3040 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3041 le_addr_type(addr->type)); 3042 3043 if (!conn) { 3044 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3045 MGMT_STATUS_NOT_CONNECTED, addr, 3046 sizeof(*addr)); 3047 goto done; 3048 } 3049 3050 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3051 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3052 if (!err) 3053 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3054 MGMT_STATUS_SUCCESS, addr, 3055 sizeof(*addr)); 3056 else 3057 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3058 MGMT_STATUS_FAILED, addr, 3059 sizeof(*addr)); 3060 3061 goto done; 3062 } 3063 3064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3065 if (!cmd) { 3066 err = -ENOMEM; 3067 goto done; 3068 } 3069 3070 cmd->cmd_complete = addr_cmd_complete; 3071 3072 /* Continue with pairing via HCI */ 3073 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3074 struct hci_cp_user_passkey_reply cp; 3075 3076 bacpy(&cp.bdaddr, &addr->bdaddr); 3077 cp.passkey = passkey; 3078 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3079 } else 3080 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3081 &addr->bdaddr); 3082 3083 if (err < 0) 3084 mgmt_pending_remove(cmd); 3085 3086 done: 3087 hci_dev_unlock(hdev); 3088 return err; 3089 } 3090 3091 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3092 void *data, u16 len) 3093 { 3094 struct mgmt_cp_pin_code_neg_reply *cp = data; 3095 3096 BT_DBG(""); 3097 3098 return user_pairing_resp(sk, hdev, &cp->addr, 3099 MGMT_OP_PIN_CODE_NEG_REPLY, 3100 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3101 } 3102 3103 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3104 u16 len) 3105 { 3106 struct mgmt_cp_user_confirm_reply *cp = data; 3107 3108 BT_DBG(""); 3109 3110 if (len != sizeof(*cp)) 3111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3112 MGMT_STATUS_INVALID_PARAMS); 3113 3114 return user_pairing_resp(sk, hdev, &cp->addr, 3115 MGMT_OP_USER_CONFIRM_REPLY, 3116 HCI_OP_USER_CONFIRM_REPLY, 0); 3117 } 3118 3119 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3120 void *data, u16 len) 3121 { 3122 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3123 3124 BT_DBG(""); 3125 3126 return user_pairing_resp(sk, hdev, &cp->addr, 3127 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3128 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3129 } 3130 3131 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3132 u16 len) 3133 { 3134 struct mgmt_cp_user_passkey_reply *cp = data; 3135 3136 BT_DBG(""); 3137 3138 return user_pairing_resp(sk, hdev, &cp->addr, 3139 MGMT_OP_USER_PASSKEY_REPLY, 3140 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3141 } 3142 3143 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3144 void *data, u16 len) 3145 { 3146 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3147 3148 BT_DBG(""); 3149 3150 return user_pairing_resp(sk, hdev, &cp->addr, 3151 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3152 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3153 } 3154 3155 static void adv_expire(struct hci_dev *hdev, u32 flags) 3156 { 3157 struct adv_info *adv_instance; 3158 struct hci_request req; 3159 int err; 3160 3161 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3162 if (!adv_instance) 3163 return; 3164 3165 /* stop if current instance doesn't need to be changed */ 3166 if (!(adv_instance->flags & flags)) 3167 return; 3168 3169 cancel_adv_timeout(hdev); 3170 3171 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3172 if (!adv_instance) 3173 return; 3174 3175 hci_req_init(&req, hdev); 3176 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3177 true); 3178 if (err) 3179 return; 3180 3181 hci_req_run(&req, NULL); 3182 } 3183 3184 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3185 { 3186 struct mgmt_cp_set_local_name *cp; 3187 struct mgmt_pending_cmd *cmd; 3188 3189 BT_DBG("status 0x%02x", status); 3190 3191 hci_dev_lock(hdev); 3192 3193 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3194 if (!cmd) 3195 goto unlock; 3196 3197 cp = cmd->param; 3198 3199 if (status) { 3200 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3201 mgmt_status(status)); 3202 } else { 3203 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3204 cp, sizeof(*cp)); 3205 3206 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3207 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3208 } 3209 3210 mgmt_pending_remove(cmd); 3211 3212 unlock: 3213 hci_dev_unlock(hdev); 3214 } 3215 3216 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3217 u16 len) 3218 { 3219 struct mgmt_cp_set_local_name *cp = data; 3220 struct mgmt_pending_cmd *cmd; 3221 struct hci_request req; 3222 int err; 3223 3224 BT_DBG(""); 3225 3226 hci_dev_lock(hdev); 3227 3228 /* If the old values are the same as the new ones just return a 3229 * direct command complete event. 3230 */ 3231 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3232 !memcmp(hdev->short_name, cp->short_name, 3233 sizeof(hdev->short_name))) { 3234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3235 data, len); 3236 goto failed; 3237 } 3238 3239 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3240 3241 if (!hdev_is_powered(hdev)) { 3242 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3243 3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3245 data, len); 3246 if (err < 0) 3247 goto failed; 3248 3249 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3250 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3251 ext_info_changed(hdev, sk); 3252 3253 goto failed; 3254 } 3255 3256 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3257 if (!cmd) { 3258 err = -ENOMEM; 3259 goto failed; 3260 } 3261 3262 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3263 3264 hci_req_init(&req, hdev); 3265 3266 if (lmp_bredr_capable(hdev)) { 3267 __hci_req_update_name(&req); 3268 __hci_req_update_eir(&req); 3269 } 3270 3271 /* The name is stored in the scan response data and so 3272 * no need to udpate the advertising data here. 3273 */ 3274 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3275 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3276 3277 err = hci_req_run(&req, set_name_complete); 3278 if (err < 0) 3279 mgmt_pending_remove(cmd); 3280 3281 failed: 3282 hci_dev_unlock(hdev); 3283 return err; 3284 } 3285 3286 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3287 u16 len) 3288 { 3289 struct mgmt_cp_set_appearance *cp = data; 3290 u16 apperance; 3291 int err; 3292 3293 BT_DBG(""); 3294 3295 if (!lmp_le_capable(hdev)) 3296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3297 MGMT_STATUS_NOT_SUPPORTED); 3298 3299 apperance = le16_to_cpu(cp->appearance); 3300 3301 hci_dev_lock(hdev); 3302 3303 if (hdev->appearance != apperance) { 3304 hdev->appearance = apperance; 3305 3306 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3307 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3308 3309 ext_info_changed(hdev, sk); 3310 } 3311 3312 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3313 0); 3314 3315 hci_dev_unlock(hdev); 3316 3317 return err; 3318 } 3319 3320 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3321 void *data, u16 len) 3322 { 3323 struct mgmt_rp_get_phy_confguration rp; 3324 3325 BT_DBG("sock %p %s", sk, hdev->name); 3326 3327 hci_dev_lock(hdev); 3328 3329 memset(&rp, 0, sizeof(rp)); 3330 3331 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3332 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3333 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3334 3335 hci_dev_unlock(hdev); 3336 3337 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3338 &rp, sizeof(rp)); 3339 } 3340 3341 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3342 { 3343 struct mgmt_ev_phy_configuration_changed ev; 3344 3345 memset(&ev, 0, sizeof(ev)); 3346 3347 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3348 3349 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3350 sizeof(ev), skip); 3351 } 3352 3353 static void set_default_phy_complete(struct hci_dev *hdev, u8 status, 3354 u16 opcode, struct sk_buff *skb) 3355 { 3356 struct mgmt_pending_cmd *cmd; 3357 3358 BT_DBG("status 0x%02x", status); 3359 3360 hci_dev_lock(hdev); 3361 3362 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev); 3363 if (!cmd) 3364 goto unlock; 3365 3366 if (status) { 3367 mgmt_cmd_status(cmd->sk, hdev->id, 3368 MGMT_OP_SET_PHY_CONFIGURATION, 3369 mgmt_status(status)); 3370 } else { 3371 mgmt_cmd_complete(cmd->sk, hdev->id, 3372 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3373 NULL, 0); 3374 3375 mgmt_phy_configuration_changed(hdev, cmd->sk); 3376 } 3377 3378 mgmt_pending_remove(cmd); 3379 3380 unlock: 3381 hci_dev_unlock(hdev); 3382 } 3383 3384 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3385 void *data, u16 len) 3386 { 3387 struct mgmt_cp_set_phy_confguration *cp = data; 3388 struct hci_cp_le_set_default_phy cp_phy; 3389 struct mgmt_pending_cmd *cmd; 3390 struct hci_request req; 3391 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 3392 u16 pkt_type = (HCI_DH1 | HCI_DM1); 3393 bool changed = false; 3394 int err; 3395 3396 BT_DBG("sock %p %s", sk, hdev->name); 3397 3398 configurable_phys = get_configurable_phys(hdev); 3399 supported_phys = get_supported_phys(hdev); 3400 selected_phys = __le32_to_cpu(cp->selected_phys); 3401 3402 if (selected_phys & ~supported_phys) 3403 return mgmt_cmd_status(sk, hdev->id, 3404 MGMT_OP_SET_PHY_CONFIGURATION, 3405 MGMT_STATUS_INVALID_PARAMS); 3406 3407 unconfigure_phys = supported_phys & ~configurable_phys; 3408 3409 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 3410 return mgmt_cmd_status(sk, hdev->id, 3411 MGMT_OP_SET_PHY_CONFIGURATION, 3412 MGMT_STATUS_INVALID_PARAMS); 3413 3414 if (selected_phys == get_selected_phys(hdev)) 3415 return mgmt_cmd_complete(sk, hdev->id, 3416 MGMT_OP_SET_PHY_CONFIGURATION, 3417 0, NULL, 0); 3418 3419 hci_dev_lock(hdev); 3420 3421 if (!hdev_is_powered(hdev)) { 3422 err = mgmt_cmd_status(sk, hdev->id, 3423 MGMT_OP_SET_PHY_CONFIGURATION, 3424 MGMT_STATUS_REJECTED); 3425 goto unlock; 3426 } 3427 3428 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 3429 err = mgmt_cmd_status(sk, hdev->id, 3430 MGMT_OP_SET_PHY_CONFIGURATION, 3431 MGMT_STATUS_BUSY); 3432 goto unlock; 3433 } 3434 3435 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 3436 pkt_type |= (HCI_DH3 | HCI_DM3); 3437 else 3438 pkt_type &= ~(HCI_DH3 | HCI_DM3); 3439 3440 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 3441 pkt_type |= (HCI_DH5 | HCI_DM5); 3442 else 3443 pkt_type &= ~(HCI_DH5 | HCI_DM5); 3444 3445 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 3446 pkt_type &= ~HCI_2DH1; 3447 else 3448 pkt_type |= HCI_2DH1; 3449 3450 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 3451 pkt_type &= ~HCI_2DH3; 3452 else 3453 pkt_type |= HCI_2DH3; 3454 3455 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 3456 pkt_type &= ~HCI_2DH5; 3457 else 3458 pkt_type |= HCI_2DH5; 3459 3460 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 3461 pkt_type &= ~HCI_3DH1; 3462 else 3463 pkt_type |= HCI_3DH1; 3464 3465 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 3466 pkt_type &= ~HCI_3DH3; 3467 else 3468 pkt_type |= HCI_3DH3; 3469 3470 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 3471 pkt_type &= ~HCI_3DH5; 3472 else 3473 pkt_type |= HCI_3DH5; 3474 3475 if (pkt_type != hdev->pkt_type) { 3476 hdev->pkt_type = pkt_type; 3477 changed = true; 3478 } 3479 3480 if ((selected_phys & MGMT_PHY_LE_MASK) == 3481 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 3482 if (changed) 3483 mgmt_phy_configuration_changed(hdev, sk); 3484 3485 err = mgmt_cmd_complete(sk, hdev->id, 3486 MGMT_OP_SET_PHY_CONFIGURATION, 3487 0, NULL, 0); 3488 3489 goto unlock; 3490 } 3491 3492 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 3493 len); 3494 if (!cmd) { 3495 err = -ENOMEM; 3496 goto unlock; 3497 } 3498 3499 hci_req_init(&req, hdev); 3500 3501 memset(&cp_phy, 0, sizeof(cp_phy)); 3502 3503 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 3504 cp_phy.all_phys |= 0x01; 3505 3506 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 3507 cp_phy.all_phys |= 0x02; 3508 3509 if (selected_phys & MGMT_PHY_LE_1M_TX) 3510 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 3511 3512 if (selected_phys & MGMT_PHY_LE_2M_TX) 3513 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 3514 3515 if (selected_phys & MGMT_PHY_LE_CODED_TX) 3516 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 3517 3518 if (selected_phys & MGMT_PHY_LE_1M_RX) 3519 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 3520 3521 if (selected_phys & MGMT_PHY_LE_2M_RX) 3522 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 3523 3524 if (selected_phys & MGMT_PHY_LE_CODED_RX) 3525 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 3526 3527 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy); 3528 3529 err = hci_req_run_skb(&req, set_default_phy_complete); 3530 if (err < 0) 3531 mgmt_pending_remove(cmd); 3532 3533 unlock: 3534 hci_dev_unlock(hdev); 3535 3536 return err; 3537 } 3538 3539 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3540 u16 opcode, struct sk_buff *skb) 3541 { 3542 struct mgmt_rp_read_local_oob_data mgmt_rp; 3543 size_t rp_size = sizeof(mgmt_rp); 3544 struct mgmt_pending_cmd *cmd; 3545 3546 BT_DBG("%s status %u", hdev->name, status); 3547 3548 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3549 if (!cmd) 3550 return; 3551 3552 if (status || !skb) { 3553 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3554 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3555 goto remove; 3556 } 3557 3558 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3559 3560 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3561 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3562 3563 if (skb->len < sizeof(*rp)) { 3564 mgmt_cmd_status(cmd->sk, hdev->id, 3565 MGMT_OP_READ_LOCAL_OOB_DATA, 3566 MGMT_STATUS_FAILED); 3567 goto remove; 3568 } 3569 3570 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3571 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3572 3573 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3574 } else { 3575 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3576 3577 if (skb->len < sizeof(*rp)) { 3578 mgmt_cmd_status(cmd->sk, hdev->id, 3579 MGMT_OP_READ_LOCAL_OOB_DATA, 3580 MGMT_STATUS_FAILED); 3581 goto remove; 3582 } 3583 3584 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3585 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3586 3587 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3588 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3589 } 3590 3591 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3592 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3593 3594 remove: 3595 mgmt_pending_remove(cmd); 3596 } 3597 3598 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3599 void *data, u16 data_len) 3600 { 3601 struct mgmt_pending_cmd *cmd; 3602 struct hci_request req; 3603 int err; 3604 3605 BT_DBG("%s", hdev->name); 3606 3607 hci_dev_lock(hdev); 3608 3609 if (!hdev_is_powered(hdev)) { 3610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3611 MGMT_STATUS_NOT_POWERED); 3612 goto unlock; 3613 } 3614 3615 if (!lmp_ssp_capable(hdev)) { 3616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3617 MGMT_STATUS_NOT_SUPPORTED); 3618 goto unlock; 3619 } 3620 3621 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3622 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3623 MGMT_STATUS_BUSY); 3624 goto unlock; 3625 } 3626 3627 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3628 if (!cmd) { 3629 err = -ENOMEM; 3630 goto unlock; 3631 } 3632 3633 hci_req_init(&req, hdev); 3634 3635 if (bredr_sc_enabled(hdev)) 3636 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3637 else 3638 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3639 3640 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3641 if (err < 0) 3642 mgmt_pending_remove(cmd); 3643 3644 unlock: 3645 hci_dev_unlock(hdev); 3646 return err; 3647 } 3648 3649 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3650 void *data, u16 len) 3651 { 3652 struct mgmt_addr_info *addr = data; 3653 int err; 3654 3655 BT_DBG("%s ", hdev->name); 3656 3657 if (!bdaddr_type_is_valid(addr->type)) 3658 return mgmt_cmd_complete(sk, hdev->id, 3659 MGMT_OP_ADD_REMOTE_OOB_DATA, 3660 MGMT_STATUS_INVALID_PARAMS, 3661 addr, sizeof(*addr)); 3662 3663 hci_dev_lock(hdev); 3664 3665 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3666 struct mgmt_cp_add_remote_oob_data *cp = data; 3667 u8 status; 3668 3669 if (cp->addr.type != BDADDR_BREDR) { 3670 err = mgmt_cmd_complete(sk, hdev->id, 3671 MGMT_OP_ADD_REMOTE_OOB_DATA, 3672 MGMT_STATUS_INVALID_PARAMS, 3673 &cp->addr, sizeof(cp->addr)); 3674 goto unlock; 3675 } 3676 3677 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3678 cp->addr.type, cp->hash, 3679 cp->rand, NULL, NULL); 3680 if (err < 0) 3681 status = MGMT_STATUS_FAILED; 3682 else 3683 status = MGMT_STATUS_SUCCESS; 3684 3685 err = mgmt_cmd_complete(sk, hdev->id, 3686 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3687 &cp->addr, sizeof(cp->addr)); 3688 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3689 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3690 u8 *rand192, *hash192, *rand256, *hash256; 3691 u8 status; 3692 3693 if (bdaddr_type_is_le(cp->addr.type)) { 3694 /* Enforce zero-valued 192-bit parameters as 3695 * long as legacy SMP OOB isn't implemented. 3696 */ 3697 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3698 memcmp(cp->hash192, ZERO_KEY, 16)) { 3699 err = mgmt_cmd_complete(sk, hdev->id, 3700 MGMT_OP_ADD_REMOTE_OOB_DATA, 3701 MGMT_STATUS_INVALID_PARAMS, 3702 addr, sizeof(*addr)); 3703 goto unlock; 3704 } 3705 3706 rand192 = NULL; 3707 hash192 = NULL; 3708 } else { 3709 /* In case one of the P-192 values is set to zero, 3710 * then just disable OOB data for P-192. 3711 */ 3712 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3713 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3714 rand192 = NULL; 3715 hash192 = NULL; 3716 } else { 3717 rand192 = cp->rand192; 3718 hash192 = cp->hash192; 3719 } 3720 } 3721 3722 /* In case one of the P-256 values is set to zero, then just 3723 * disable OOB data for P-256. 3724 */ 3725 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3726 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3727 rand256 = NULL; 3728 hash256 = NULL; 3729 } else { 3730 rand256 = cp->rand256; 3731 hash256 = cp->hash256; 3732 } 3733 3734 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3735 cp->addr.type, hash192, rand192, 3736 hash256, rand256); 3737 if (err < 0) 3738 status = MGMT_STATUS_FAILED; 3739 else 3740 status = MGMT_STATUS_SUCCESS; 3741 3742 err = mgmt_cmd_complete(sk, hdev->id, 3743 MGMT_OP_ADD_REMOTE_OOB_DATA, 3744 status, &cp->addr, sizeof(cp->addr)); 3745 } else { 3746 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 3747 len); 3748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3749 MGMT_STATUS_INVALID_PARAMS); 3750 } 3751 3752 unlock: 3753 hci_dev_unlock(hdev); 3754 return err; 3755 } 3756 3757 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3758 void *data, u16 len) 3759 { 3760 struct mgmt_cp_remove_remote_oob_data *cp = data; 3761 u8 status; 3762 int err; 3763 3764 BT_DBG("%s", hdev->name); 3765 3766 if (cp->addr.type != BDADDR_BREDR) 3767 return mgmt_cmd_complete(sk, hdev->id, 3768 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3769 MGMT_STATUS_INVALID_PARAMS, 3770 &cp->addr, sizeof(cp->addr)); 3771 3772 hci_dev_lock(hdev); 3773 3774 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3775 hci_remote_oob_data_clear(hdev); 3776 status = MGMT_STATUS_SUCCESS; 3777 goto done; 3778 } 3779 3780 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3781 if (err < 0) 3782 status = MGMT_STATUS_INVALID_PARAMS; 3783 else 3784 status = MGMT_STATUS_SUCCESS; 3785 3786 done: 3787 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3788 status, &cp->addr, sizeof(cp->addr)); 3789 3790 hci_dev_unlock(hdev); 3791 return err; 3792 } 3793 3794 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3795 { 3796 struct mgmt_pending_cmd *cmd; 3797 3798 BT_DBG("status %d", status); 3799 3800 hci_dev_lock(hdev); 3801 3802 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3803 if (!cmd) 3804 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3805 3806 if (!cmd) 3807 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3808 3809 if (cmd) { 3810 cmd->cmd_complete(cmd, mgmt_status(status)); 3811 mgmt_pending_remove(cmd); 3812 } 3813 3814 hci_dev_unlock(hdev); 3815 } 3816 3817 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3818 uint8_t *mgmt_status) 3819 { 3820 switch (type) { 3821 case DISCOV_TYPE_LE: 3822 *mgmt_status = mgmt_le_support(hdev); 3823 if (*mgmt_status) 3824 return false; 3825 break; 3826 case DISCOV_TYPE_INTERLEAVED: 3827 *mgmt_status = mgmt_le_support(hdev); 3828 if (*mgmt_status) 3829 return false; 3830 /* Intentional fall-through */ 3831 case DISCOV_TYPE_BREDR: 3832 *mgmt_status = mgmt_bredr_support(hdev); 3833 if (*mgmt_status) 3834 return false; 3835 break; 3836 default: 3837 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3838 return false; 3839 } 3840 3841 return true; 3842 } 3843 3844 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3845 u16 op, void *data, u16 len) 3846 { 3847 struct mgmt_cp_start_discovery *cp = data; 3848 struct mgmt_pending_cmd *cmd; 3849 u8 status; 3850 int err; 3851 3852 BT_DBG("%s", hdev->name); 3853 3854 hci_dev_lock(hdev); 3855 3856 if (!hdev_is_powered(hdev)) { 3857 err = mgmt_cmd_complete(sk, hdev->id, op, 3858 MGMT_STATUS_NOT_POWERED, 3859 &cp->type, sizeof(cp->type)); 3860 goto failed; 3861 } 3862 3863 if (hdev->discovery.state != DISCOVERY_STOPPED || 3864 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3865 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3866 &cp->type, sizeof(cp->type)); 3867 goto failed; 3868 } 3869 3870 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3871 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3872 &cp->type, sizeof(cp->type)); 3873 goto failed; 3874 } 3875 3876 /* Clear the discovery filter first to free any previously 3877 * allocated memory for the UUID list. 3878 */ 3879 hci_discovery_filter_clear(hdev); 3880 3881 hdev->discovery.type = cp->type; 3882 hdev->discovery.report_invalid_rssi = false; 3883 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3884 hdev->discovery.limited = true; 3885 else 3886 hdev->discovery.limited = false; 3887 3888 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3889 if (!cmd) { 3890 err = -ENOMEM; 3891 goto failed; 3892 } 3893 3894 cmd->cmd_complete = generic_cmd_complete; 3895 3896 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3897 queue_work(hdev->req_workqueue, &hdev->discov_update); 3898 err = 0; 3899 3900 failed: 3901 hci_dev_unlock(hdev); 3902 return err; 3903 } 3904 3905 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3906 void *data, u16 len) 3907 { 3908 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3909 data, len); 3910 } 3911 3912 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3913 void *data, u16 len) 3914 { 3915 return start_discovery_internal(sk, hdev, 3916 MGMT_OP_START_LIMITED_DISCOVERY, 3917 data, len); 3918 } 3919 3920 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3921 u8 status) 3922 { 3923 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3924 cmd->param, 1); 3925 } 3926 3927 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3928 void *data, u16 len) 3929 { 3930 struct mgmt_cp_start_service_discovery *cp = data; 3931 struct mgmt_pending_cmd *cmd; 3932 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3933 u16 uuid_count, expected_len; 3934 u8 status; 3935 int err; 3936 3937 BT_DBG("%s", hdev->name); 3938 3939 hci_dev_lock(hdev); 3940 3941 if (!hdev_is_powered(hdev)) { 3942 err = mgmt_cmd_complete(sk, hdev->id, 3943 MGMT_OP_START_SERVICE_DISCOVERY, 3944 MGMT_STATUS_NOT_POWERED, 3945 &cp->type, sizeof(cp->type)); 3946 goto failed; 3947 } 3948 3949 if (hdev->discovery.state != DISCOVERY_STOPPED || 3950 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3951 err = mgmt_cmd_complete(sk, hdev->id, 3952 MGMT_OP_START_SERVICE_DISCOVERY, 3953 MGMT_STATUS_BUSY, &cp->type, 3954 sizeof(cp->type)); 3955 goto failed; 3956 } 3957 3958 uuid_count = __le16_to_cpu(cp->uuid_count); 3959 if (uuid_count > max_uuid_count) { 3960 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 3961 uuid_count); 3962 err = mgmt_cmd_complete(sk, hdev->id, 3963 MGMT_OP_START_SERVICE_DISCOVERY, 3964 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3965 sizeof(cp->type)); 3966 goto failed; 3967 } 3968 3969 expected_len = sizeof(*cp) + uuid_count * 16; 3970 if (expected_len != len) { 3971 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 3972 expected_len, len); 3973 err = mgmt_cmd_complete(sk, hdev->id, 3974 MGMT_OP_START_SERVICE_DISCOVERY, 3975 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3976 sizeof(cp->type)); 3977 goto failed; 3978 } 3979 3980 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3981 err = mgmt_cmd_complete(sk, hdev->id, 3982 MGMT_OP_START_SERVICE_DISCOVERY, 3983 status, &cp->type, sizeof(cp->type)); 3984 goto failed; 3985 } 3986 3987 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3988 hdev, data, len); 3989 if (!cmd) { 3990 err = -ENOMEM; 3991 goto failed; 3992 } 3993 3994 cmd->cmd_complete = service_discovery_cmd_complete; 3995 3996 /* Clear the discovery filter first to free any previously 3997 * allocated memory for the UUID list. 3998 */ 3999 hci_discovery_filter_clear(hdev); 4000 4001 hdev->discovery.result_filtering = true; 4002 hdev->discovery.type = cp->type; 4003 hdev->discovery.rssi = cp->rssi; 4004 hdev->discovery.uuid_count = uuid_count; 4005 4006 if (uuid_count > 0) { 4007 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 4008 GFP_KERNEL); 4009 if (!hdev->discovery.uuids) { 4010 err = mgmt_cmd_complete(sk, hdev->id, 4011 MGMT_OP_START_SERVICE_DISCOVERY, 4012 MGMT_STATUS_FAILED, 4013 &cp->type, sizeof(cp->type)); 4014 mgmt_pending_remove(cmd); 4015 goto failed; 4016 } 4017 } 4018 4019 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4020 queue_work(hdev->req_workqueue, &hdev->discov_update); 4021 err = 0; 4022 4023 failed: 4024 hci_dev_unlock(hdev); 4025 return err; 4026 } 4027 4028 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 4029 { 4030 struct mgmt_pending_cmd *cmd; 4031 4032 BT_DBG("status %d", status); 4033 4034 hci_dev_lock(hdev); 4035 4036 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 4037 if (cmd) { 4038 cmd->cmd_complete(cmd, mgmt_status(status)); 4039 mgmt_pending_remove(cmd); 4040 } 4041 4042 hci_dev_unlock(hdev); 4043 } 4044 4045 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 4046 u16 len) 4047 { 4048 struct mgmt_cp_stop_discovery *mgmt_cp = data; 4049 struct mgmt_pending_cmd *cmd; 4050 int err; 4051 4052 BT_DBG("%s", hdev->name); 4053 4054 hci_dev_lock(hdev); 4055 4056 if (!hci_discovery_active(hdev)) { 4057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4058 MGMT_STATUS_REJECTED, &mgmt_cp->type, 4059 sizeof(mgmt_cp->type)); 4060 goto unlock; 4061 } 4062 4063 if (hdev->discovery.type != mgmt_cp->type) { 4064 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4065 MGMT_STATUS_INVALID_PARAMS, 4066 &mgmt_cp->type, sizeof(mgmt_cp->type)); 4067 goto unlock; 4068 } 4069 4070 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 4071 if (!cmd) { 4072 err = -ENOMEM; 4073 goto unlock; 4074 } 4075 4076 cmd->cmd_complete = generic_cmd_complete; 4077 4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 4079 queue_work(hdev->req_workqueue, &hdev->discov_update); 4080 err = 0; 4081 4082 unlock: 4083 hci_dev_unlock(hdev); 4084 return err; 4085 } 4086 4087 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 4088 u16 len) 4089 { 4090 struct mgmt_cp_confirm_name *cp = data; 4091 struct inquiry_entry *e; 4092 int err; 4093 4094 BT_DBG("%s", hdev->name); 4095 4096 hci_dev_lock(hdev); 4097 4098 if (!hci_discovery_active(hdev)) { 4099 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4100 MGMT_STATUS_FAILED, &cp->addr, 4101 sizeof(cp->addr)); 4102 goto failed; 4103 } 4104 4105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 4106 if (!e) { 4107 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4108 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 4109 sizeof(cp->addr)); 4110 goto failed; 4111 } 4112 4113 if (cp->name_known) { 4114 e->name_state = NAME_KNOWN; 4115 list_del(&e->list); 4116 } else { 4117 e->name_state = NAME_NEEDED; 4118 hci_inquiry_cache_update_resolve(hdev, e); 4119 } 4120 4121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 4122 &cp->addr, sizeof(cp->addr)); 4123 4124 failed: 4125 hci_dev_unlock(hdev); 4126 return err; 4127 } 4128 4129 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 4130 u16 len) 4131 { 4132 struct mgmt_cp_block_device *cp = data; 4133 u8 status; 4134 int err; 4135 4136 BT_DBG("%s", hdev->name); 4137 4138 if (!bdaddr_type_is_valid(cp->addr.type)) 4139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 4140 MGMT_STATUS_INVALID_PARAMS, 4141 &cp->addr, sizeof(cp->addr)); 4142 4143 hci_dev_lock(hdev); 4144 4145 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 4146 cp->addr.type); 4147 if (err < 0) { 4148 status = MGMT_STATUS_FAILED; 4149 goto done; 4150 } 4151 4152 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4153 sk); 4154 status = MGMT_STATUS_SUCCESS; 4155 4156 done: 4157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 4158 &cp->addr, sizeof(cp->addr)); 4159 4160 hci_dev_unlock(hdev); 4161 4162 return err; 4163 } 4164 4165 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 4166 u16 len) 4167 { 4168 struct mgmt_cp_unblock_device *cp = data; 4169 u8 status; 4170 int err; 4171 4172 BT_DBG("%s", hdev->name); 4173 4174 if (!bdaddr_type_is_valid(cp->addr.type)) 4175 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 4176 MGMT_STATUS_INVALID_PARAMS, 4177 &cp->addr, sizeof(cp->addr)); 4178 4179 hci_dev_lock(hdev); 4180 4181 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 4182 cp->addr.type); 4183 if (err < 0) { 4184 status = MGMT_STATUS_INVALID_PARAMS; 4185 goto done; 4186 } 4187 4188 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4189 sk); 4190 status = MGMT_STATUS_SUCCESS; 4191 4192 done: 4193 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 4194 &cp->addr, sizeof(cp->addr)); 4195 4196 hci_dev_unlock(hdev); 4197 4198 return err; 4199 } 4200 4201 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 4202 u16 len) 4203 { 4204 struct mgmt_cp_set_device_id *cp = data; 4205 struct hci_request req; 4206 int err; 4207 __u16 source; 4208 4209 BT_DBG("%s", hdev->name); 4210 4211 source = __le16_to_cpu(cp->source); 4212 4213 if (source > 0x0002) 4214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 4215 MGMT_STATUS_INVALID_PARAMS); 4216 4217 hci_dev_lock(hdev); 4218 4219 hdev->devid_source = source; 4220 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 4221 hdev->devid_product = __le16_to_cpu(cp->product); 4222 hdev->devid_version = __le16_to_cpu(cp->version); 4223 4224 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 4225 NULL, 0); 4226 4227 hci_req_init(&req, hdev); 4228 __hci_req_update_eir(&req); 4229 hci_req_run(&req, NULL); 4230 4231 hci_dev_unlock(hdev); 4232 4233 return err; 4234 } 4235 4236 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 4237 u16 opcode) 4238 { 4239 BT_DBG("status %d", status); 4240 } 4241 4242 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 4243 u16 opcode) 4244 { 4245 struct cmd_lookup match = { NULL, hdev }; 4246 struct hci_request req; 4247 u8 instance; 4248 struct adv_info *adv_instance; 4249 int err; 4250 4251 hci_dev_lock(hdev); 4252 4253 if (status) { 4254 u8 mgmt_err = mgmt_status(status); 4255 4256 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 4257 cmd_status_rsp, &mgmt_err); 4258 goto unlock; 4259 } 4260 4261 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 4262 hci_dev_set_flag(hdev, HCI_ADVERTISING); 4263 else 4264 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4265 4266 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 4267 &match); 4268 4269 new_settings(hdev, match.sk); 4270 4271 if (match.sk) 4272 sock_put(match.sk); 4273 4274 /* If "Set Advertising" was just disabled and instance advertising was 4275 * set up earlier, then re-enable multi-instance advertising. 4276 */ 4277 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 4278 list_empty(&hdev->adv_instances)) 4279 goto unlock; 4280 4281 instance = hdev->cur_adv_instance; 4282 if (!instance) { 4283 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 4284 struct adv_info, list); 4285 if (!adv_instance) 4286 goto unlock; 4287 4288 instance = adv_instance->instance; 4289 } 4290 4291 hci_req_init(&req, hdev); 4292 4293 err = __hci_req_schedule_adv_instance(&req, instance, true); 4294 4295 if (!err) 4296 err = hci_req_run(&req, enable_advertising_instance); 4297 4298 if (err) 4299 bt_dev_err(hdev, "failed to re-configure advertising"); 4300 4301 unlock: 4302 hci_dev_unlock(hdev); 4303 } 4304 4305 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 4306 u16 len) 4307 { 4308 struct mgmt_mode *cp = data; 4309 struct mgmt_pending_cmd *cmd; 4310 struct hci_request req; 4311 u8 val, status; 4312 int err; 4313 4314 BT_DBG("request for %s", hdev->name); 4315 4316 status = mgmt_le_support(hdev); 4317 if (status) 4318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4319 status); 4320 4321 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4323 MGMT_STATUS_INVALID_PARAMS); 4324 4325 hci_dev_lock(hdev); 4326 4327 val = !!cp->val; 4328 4329 /* The following conditions are ones which mean that we should 4330 * not do any HCI communication but directly send a mgmt 4331 * response to user space (after toggling the flag if 4332 * necessary). 4333 */ 4334 if (!hdev_is_powered(hdev) || 4335 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 4336 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 4337 hci_conn_num(hdev, LE_LINK) > 0 || 4338 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4339 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 4340 bool changed; 4341 4342 if (cp->val) { 4343 hdev->cur_adv_instance = 0x00; 4344 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 4345 if (cp->val == 0x02) 4346 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4347 else 4348 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4349 } else { 4350 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 4351 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4352 } 4353 4354 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 4355 if (err < 0) 4356 goto unlock; 4357 4358 if (changed) 4359 err = new_settings(hdev, sk); 4360 4361 goto unlock; 4362 } 4363 4364 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 4365 pending_find(MGMT_OP_SET_LE, hdev)) { 4366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4367 MGMT_STATUS_BUSY); 4368 goto unlock; 4369 } 4370 4371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 4372 if (!cmd) { 4373 err = -ENOMEM; 4374 goto unlock; 4375 } 4376 4377 hci_req_init(&req, hdev); 4378 4379 if (cp->val == 0x02) 4380 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4381 else 4382 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4383 4384 cancel_adv_timeout(hdev); 4385 4386 if (val) { 4387 /* Switch to instance "0" for the Set Advertising setting. 4388 * We cannot use update_[adv|scan_rsp]_data() here as the 4389 * HCI_ADVERTISING flag is not yet set. 4390 */ 4391 hdev->cur_adv_instance = 0x00; 4392 4393 if (ext_adv_capable(hdev)) { 4394 __hci_req_start_ext_adv(&req, 0x00); 4395 } else { 4396 __hci_req_update_adv_data(&req, 0x00); 4397 __hci_req_update_scan_rsp_data(&req, 0x00); 4398 __hci_req_enable_advertising(&req); 4399 } 4400 } else { 4401 __hci_req_disable_advertising(&req); 4402 } 4403 4404 err = hci_req_run(&req, set_advertising_complete); 4405 if (err < 0) 4406 mgmt_pending_remove(cmd); 4407 4408 unlock: 4409 hci_dev_unlock(hdev); 4410 return err; 4411 } 4412 4413 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 4414 void *data, u16 len) 4415 { 4416 struct mgmt_cp_set_static_address *cp = data; 4417 int err; 4418 4419 BT_DBG("%s", hdev->name); 4420 4421 if (!lmp_le_capable(hdev)) 4422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4423 MGMT_STATUS_NOT_SUPPORTED); 4424 4425 if (hdev_is_powered(hdev)) 4426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4427 MGMT_STATUS_REJECTED); 4428 4429 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 4430 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 4431 return mgmt_cmd_status(sk, hdev->id, 4432 MGMT_OP_SET_STATIC_ADDRESS, 4433 MGMT_STATUS_INVALID_PARAMS); 4434 4435 /* Two most significant bits shall be set */ 4436 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 4437 return mgmt_cmd_status(sk, hdev->id, 4438 MGMT_OP_SET_STATIC_ADDRESS, 4439 MGMT_STATUS_INVALID_PARAMS); 4440 } 4441 4442 hci_dev_lock(hdev); 4443 4444 bacpy(&hdev->static_addr, &cp->bdaddr); 4445 4446 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 4447 if (err < 0) 4448 goto unlock; 4449 4450 err = new_settings(hdev, sk); 4451 4452 unlock: 4453 hci_dev_unlock(hdev); 4454 return err; 4455 } 4456 4457 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4458 void *data, u16 len) 4459 { 4460 struct mgmt_cp_set_scan_params *cp = data; 4461 __u16 interval, window; 4462 int err; 4463 4464 BT_DBG("%s", hdev->name); 4465 4466 if (!lmp_le_capable(hdev)) 4467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4468 MGMT_STATUS_NOT_SUPPORTED); 4469 4470 interval = __le16_to_cpu(cp->interval); 4471 4472 if (interval < 0x0004 || interval > 0x4000) 4473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4474 MGMT_STATUS_INVALID_PARAMS); 4475 4476 window = __le16_to_cpu(cp->window); 4477 4478 if (window < 0x0004 || window > 0x4000) 4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4480 MGMT_STATUS_INVALID_PARAMS); 4481 4482 if (window > interval) 4483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4484 MGMT_STATUS_INVALID_PARAMS); 4485 4486 hci_dev_lock(hdev); 4487 4488 hdev->le_scan_interval = interval; 4489 hdev->le_scan_window = window; 4490 4491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 4492 NULL, 0); 4493 4494 /* If background scan is running, restart it so new parameters are 4495 * loaded. 4496 */ 4497 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4498 hdev->discovery.state == DISCOVERY_STOPPED) { 4499 struct hci_request req; 4500 4501 hci_req_init(&req, hdev); 4502 4503 hci_req_add_le_scan_disable(&req); 4504 hci_req_add_le_passive_scan(&req); 4505 4506 hci_req_run(&req, NULL); 4507 } 4508 4509 hci_dev_unlock(hdev); 4510 4511 return err; 4512 } 4513 4514 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4515 u16 opcode) 4516 { 4517 struct mgmt_pending_cmd *cmd; 4518 4519 BT_DBG("status 0x%02x", status); 4520 4521 hci_dev_lock(hdev); 4522 4523 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4524 if (!cmd) 4525 goto unlock; 4526 4527 if (status) { 4528 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4529 mgmt_status(status)); 4530 } else { 4531 struct mgmt_mode *cp = cmd->param; 4532 4533 if (cp->val) 4534 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4535 else 4536 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4537 4538 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4539 new_settings(hdev, cmd->sk); 4540 } 4541 4542 mgmt_pending_remove(cmd); 4543 4544 unlock: 4545 hci_dev_unlock(hdev); 4546 } 4547 4548 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4549 void *data, u16 len) 4550 { 4551 struct mgmt_mode *cp = data; 4552 struct mgmt_pending_cmd *cmd; 4553 struct hci_request req; 4554 int err; 4555 4556 BT_DBG("%s", hdev->name); 4557 4558 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4559 hdev->hci_ver < BLUETOOTH_VER_1_2) 4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4561 MGMT_STATUS_NOT_SUPPORTED); 4562 4563 if (cp->val != 0x00 && cp->val != 0x01) 4564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4565 MGMT_STATUS_INVALID_PARAMS); 4566 4567 hci_dev_lock(hdev); 4568 4569 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4571 MGMT_STATUS_BUSY); 4572 goto unlock; 4573 } 4574 4575 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4576 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4577 hdev); 4578 goto unlock; 4579 } 4580 4581 if (!hdev_is_powered(hdev)) { 4582 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4583 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4584 hdev); 4585 new_settings(hdev, sk); 4586 goto unlock; 4587 } 4588 4589 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4590 data, len); 4591 if (!cmd) { 4592 err = -ENOMEM; 4593 goto unlock; 4594 } 4595 4596 hci_req_init(&req, hdev); 4597 4598 __hci_req_write_fast_connectable(&req, cp->val); 4599 4600 err = hci_req_run(&req, fast_connectable_complete); 4601 if (err < 0) { 4602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4603 MGMT_STATUS_FAILED); 4604 mgmt_pending_remove(cmd); 4605 } 4606 4607 unlock: 4608 hci_dev_unlock(hdev); 4609 4610 return err; 4611 } 4612 4613 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4614 { 4615 struct mgmt_pending_cmd *cmd; 4616 4617 BT_DBG("status 0x%02x", status); 4618 4619 hci_dev_lock(hdev); 4620 4621 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4622 if (!cmd) 4623 goto unlock; 4624 4625 if (status) { 4626 u8 mgmt_err = mgmt_status(status); 4627 4628 /* We need to restore the flag if related HCI commands 4629 * failed. 4630 */ 4631 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4632 4633 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4634 } else { 4635 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4636 new_settings(hdev, cmd->sk); 4637 } 4638 4639 mgmt_pending_remove(cmd); 4640 4641 unlock: 4642 hci_dev_unlock(hdev); 4643 } 4644 4645 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4646 { 4647 struct mgmt_mode *cp = data; 4648 struct mgmt_pending_cmd *cmd; 4649 struct hci_request req; 4650 int err; 4651 4652 BT_DBG("request for %s", hdev->name); 4653 4654 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4656 MGMT_STATUS_NOT_SUPPORTED); 4657 4658 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4659 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4660 MGMT_STATUS_REJECTED); 4661 4662 if (cp->val != 0x00 && cp->val != 0x01) 4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4664 MGMT_STATUS_INVALID_PARAMS); 4665 4666 hci_dev_lock(hdev); 4667 4668 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4669 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4670 goto unlock; 4671 } 4672 4673 if (!hdev_is_powered(hdev)) { 4674 if (!cp->val) { 4675 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4676 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4677 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4678 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4679 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4680 } 4681 4682 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4683 4684 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4685 if (err < 0) 4686 goto unlock; 4687 4688 err = new_settings(hdev, sk); 4689 goto unlock; 4690 } 4691 4692 /* Reject disabling when powered on */ 4693 if (!cp->val) { 4694 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4695 MGMT_STATUS_REJECTED); 4696 goto unlock; 4697 } else { 4698 /* When configuring a dual-mode controller to operate 4699 * with LE only and using a static address, then switching 4700 * BR/EDR back on is not allowed. 4701 * 4702 * Dual-mode controllers shall operate with the public 4703 * address as its identity address for BR/EDR and LE. So 4704 * reject the attempt to create an invalid configuration. 4705 * 4706 * The same restrictions applies when secure connections 4707 * has been enabled. For BR/EDR this is a controller feature 4708 * while for LE it is a host stack feature. This means that 4709 * switching BR/EDR back on when secure connections has been 4710 * enabled is not a supported transaction. 4711 */ 4712 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4713 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4714 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4715 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4716 MGMT_STATUS_REJECTED); 4717 goto unlock; 4718 } 4719 } 4720 4721 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4722 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4723 MGMT_STATUS_BUSY); 4724 goto unlock; 4725 } 4726 4727 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4728 if (!cmd) { 4729 err = -ENOMEM; 4730 goto unlock; 4731 } 4732 4733 /* We need to flip the bit already here so that 4734 * hci_req_update_adv_data generates the correct flags. 4735 */ 4736 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4737 4738 hci_req_init(&req, hdev); 4739 4740 __hci_req_write_fast_connectable(&req, false); 4741 __hci_req_update_scan(&req); 4742 4743 /* Since only the advertising data flags will change, there 4744 * is no need to update the scan response data. 4745 */ 4746 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4747 4748 err = hci_req_run(&req, set_bredr_complete); 4749 if (err < 0) 4750 mgmt_pending_remove(cmd); 4751 4752 unlock: 4753 hci_dev_unlock(hdev); 4754 return err; 4755 } 4756 4757 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4758 { 4759 struct mgmt_pending_cmd *cmd; 4760 struct mgmt_mode *cp; 4761 4762 BT_DBG("%s status %u", hdev->name, status); 4763 4764 hci_dev_lock(hdev); 4765 4766 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4767 if (!cmd) 4768 goto unlock; 4769 4770 if (status) { 4771 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4772 mgmt_status(status)); 4773 goto remove; 4774 } 4775 4776 cp = cmd->param; 4777 4778 switch (cp->val) { 4779 case 0x00: 4780 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4781 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4782 break; 4783 case 0x01: 4784 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4785 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4786 break; 4787 case 0x02: 4788 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4789 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4790 break; 4791 } 4792 4793 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4794 new_settings(hdev, cmd->sk); 4795 4796 remove: 4797 mgmt_pending_remove(cmd); 4798 unlock: 4799 hci_dev_unlock(hdev); 4800 } 4801 4802 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4803 void *data, u16 len) 4804 { 4805 struct mgmt_mode *cp = data; 4806 struct mgmt_pending_cmd *cmd; 4807 struct hci_request req; 4808 u8 val; 4809 int err; 4810 4811 BT_DBG("request for %s", hdev->name); 4812 4813 if (!lmp_sc_capable(hdev) && 4814 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4815 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4816 MGMT_STATUS_NOT_SUPPORTED); 4817 4818 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4819 lmp_sc_capable(hdev) && 4820 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4821 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4822 MGMT_STATUS_REJECTED); 4823 4824 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4825 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4826 MGMT_STATUS_INVALID_PARAMS); 4827 4828 hci_dev_lock(hdev); 4829 4830 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4831 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4832 bool changed; 4833 4834 if (cp->val) { 4835 changed = !hci_dev_test_and_set_flag(hdev, 4836 HCI_SC_ENABLED); 4837 if (cp->val == 0x02) 4838 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4839 else 4840 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4841 } else { 4842 changed = hci_dev_test_and_clear_flag(hdev, 4843 HCI_SC_ENABLED); 4844 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4845 } 4846 4847 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4848 if (err < 0) 4849 goto failed; 4850 4851 if (changed) 4852 err = new_settings(hdev, sk); 4853 4854 goto failed; 4855 } 4856 4857 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4859 MGMT_STATUS_BUSY); 4860 goto failed; 4861 } 4862 4863 val = !!cp->val; 4864 4865 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4866 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4867 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4868 goto failed; 4869 } 4870 4871 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4872 if (!cmd) { 4873 err = -ENOMEM; 4874 goto failed; 4875 } 4876 4877 hci_req_init(&req, hdev); 4878 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4879 err = hci_req_run(&req, sc_enable_complete); 4880 if (err < 0) { 4881 mgmt_pending_remove(cmd); 4882 goto failed; 4883 } 4884 4885 failed: 4886 hci_dev_unlock(hdev); 4887 return err; 4888 } 4889 4890 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4891 void *data, u16 len) 4892 { 4893 struct mgmt_mode *cp = data; 4894 bool changed, use_changed; 4895 int err; 4896 4897 BT_DBG("request for %s", hdev->name); 4898 4899 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4901 MGMT_STATUS_INVALID_PARAMS); 4902 4903 hci_dev_lock(hdev); 4904 4905 if (cp->val) 4906 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4907 else 4908 changed = hci_dev_test_and_clear_flag(hdev, 4909 HCI_KEEP_DEBUG_KEYS); 4910 4911 if (cp->val == 0x02) 4912 use_changed = !hci_dev_test_and_set_flag(hdev, 4913 HCI_USE_DEBUG_KEYS); 4914 else 4915 use_changed = hci_dev_test_and_clear_flag(hdev, 4916 HCI_USE_DEBUG_KEYS); 4917 4918 if (hdev_is_powered(hdev) && use_changed && 4919 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4920 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4921 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4922 sizeof(mode), &mode); 4923 } 4924 4925 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4926 if (err < 0) 4927 goto unlock; 4928 4929 if (changed) 4930 err = new_settings(hdev, sk); 4931 4932 unlock: 4933 hci_dev_unlock(hdev); 4934 return err; 4935 } 4936 4937 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4938 u16 len) 4939 { 4940 struct mgmt_cp_set_privacy *cp = cp_data; 4941 bool changed; 4942 int err; 4943 4944 BT_DBG("request for %s", hdev->name); 4945 4946 if (!lmp_le_capable(hdev)) 4947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4948 MGMT_STATUS_NOT_SUPPORTED); 4949 4950 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 4951 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4952 MGMT_STATUS_INVALID_PARAMS); 4953 4954 if (hdev_is_powered(hdev)) 4955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4956 MGMT_STATUS_REJECTED); 4957 4958 hci_dev_lock(hdev); 4959 4960 /* If user space supports this command it is also expected to 4961 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4962 */ 4963 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4964 4965 if (cp->privacy) { 4966 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4967 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4968 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4969 hci_adv_instances_set_rpa_expired(hdev, true); 4970 if (cp->privacy == 0x02) 4971 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4972 else 4973 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4974 } else { 4975 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4976 memset(hdev->irk, 0, sizeof(hdev->irk)); 4977 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4978 hci_adv_instances_set_rpa_expired(hdev, false); 4979 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4980 } 4981 4982 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4983 if (err < 0) 4984 goto unlock; 4985 4986 if (changed) 4987 err = new_settings(hdev, sk); 4988 4989 unlock: 4990 hci_dev_unlock(hdev); 4991 return err; 4992 } 4993 4994 static bool irk_is_valid(struct mgmt_irk_info *irk) 4995 { 4996 switch (irk->addr.type) { 4997 case BDADDR_LE_PUBLIC: 4998 return true; 4999 5000 case BDADDR_LE_RANDOM: 5001 /* Two most significant bits shall be set */ 5002 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5003 return false; 5004 return true; 5005 } 5006 5007 return false; 5008 } 5009 5010 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 5011 u16 len) 5012 { 5013 struct mgmt_cp_load_irks *cp = cp_data; 5014 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 5015 sizeof(struct mgmt_irk_info)); 5016 u16 irk_count, expected_len; 5017 int i, err; 5018 5019 BT_DBG("request for %s", hdev->name); 5020 5021 if (!lmp_le_capable(hdev)) 5022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5023 MGMT_STATUS_NOT_SUPPORTED); 5024 5025 irk_count = __le16_to_cpu(cp->irk_count); 5026 if (irk_count > max_irk_count) { 5027 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 5028 irk_count); 5029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5030 MGMT_STATUS_INVALID_PARAMS); 5031 } 5032 5033 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 5034 if (expected_len != len) { 5035 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 5036 expected_len, len); 5037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5038 MGMT_STATUS_INVALID_PARAMS); 5039 } 5040 5041 BT_DBG("%s irk_count %u", hdev->name, irk_count); 5042 5043 for (i = 0; i < irk_count; i++) { 5044 struct mgmt_irk_info *key = &cp->irks[i]; 5045 5046 if (!irk_is_valid(key)) 5047 return mgmt_cmd_status(sk, hdev->id, 5048 MGMT_OP_LOAD_IRKS, 5049 MGMT_STATUS_INVALID_PARAMS); 5050 } 5051 5052 hci_dev_lock(hdev); 5053 5054 hci_smp_irks_clear(hdev); 5055 5056 for (i = 0; i < irk_count; i++) { 5057 struct mgmt_irk_info *irk = &cp->irks[i]; 5058 5059 hci_add_irk(hdev, &irk->addr.bdaddr, 5060 le_addr_type(irk->addr.type), irk->val, 5061 BDADDR_ANY); 5062 } 5063 5064 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5065 5066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 5067 5068 hci_dev_unlock(hdev); 5069 5070 return err; 5071 } 5072 5073 static bool ltk_is_valid(struct mgmt_ltk_info *key) 5074 { 5075 if (key->master != 0x00 && key->master != 0x01) 5076 return false; 5077 5078 switch (key->addr.type) { 5079 case BDADDR_LE_PUBLIC: 5080 return true; 5081 5082 case BDADDR_LE_RANDOM: 5083 /* Two most significant bits shall be set */ 5084 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5085 return false; 5086 return true; 5087 } 5088 5089 return false; 5090 } 5091 5092 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 5093 void *cp_data, u16 len) 5094 { 5095 struct mgmt_cp_load_long_term_keys *cp = cp_data; 5096 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 5097 sizeof(struct mgmt_ltk_info)); 5098 u16 key_count, expected_len; 5099 int i, err; 5100 5101 BT_DBG("request for %s", hdev->name); 5102 5103 if (!lmp_le_capable(hdev)) 5104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5105 MGMT_STATUS_NOT_SUPPORTED); 5106 5107 key_count = __le16_to_cpu(cp->key_count); 5108 if (key_count > max_key_count) { 5109 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 5110 key_count); 5111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5112 MGMT_STATUS_INVALID_PARAMS); 5113 } 5114 5115 expected_len = sizeof(*cp) + key_count * 5116 sizeof(struct mgmt_ltk_info); 5117 if (expected_len != len) { 5118 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 5119 expected_len, len); 5120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5121 MGMT_STATUS_INVALID_PARAMS); 5122 } 5123 5124 BT_DBG("%s key_count %u", hdev->name, key_count); 5125 5126 for (i = 0; i < key_count; i++) { 5127 struct mgmt_ltk_info *key = &cp->keys[i]; 5128 5129 if (!ltk_is_valid(key)) 5130 return mgmt_cmd_status(sk, hdev->id, 5131 MGMT_OP_LOAD_LONG_TERM_KEYS, 5132 MGMT_STATUS_INVALID_PARAMS); 5133 } 5134 5135 hci_dev_lock(hdev); 5136 5137 hci_smp_ltks_clear(hdev); 5138 5139 for (i = 0; i < key_count; i++) { 5140 struct mgmt_ltk_info *key = &cp->keys[i]; 5141 u8 type, authenticated; 5142 5143 switch (key->type) { 5144 case MGMT_LTK_UNAUTHENTICATED: 5145 authenticated = 0x00; 5146 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5147 break; 5148 case MGMT_LTK_AUTHENTICATED: 5149 authenticated = 0x01; 5150 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5151 break; 5152 case MGMT_LTK_P256_UNAUTH: 5153 authenticated = 0x00; 5154 type = SMP_LTK_P256; 5155 break; 5156 case MGMT_LTK_P256_AUTH: 5157 authenticated = 0x01; 5158 type = SMP_LTK_P256; 5159 break; 5160 case MGMT_LTK_P256_DEBUG: 5161 authenticated = 0x00; 5162 type = SMP_LTK_P256_DEBUG; 5163 /* fall through */ 5164 default: 5165 continue; 5166 } 5167 5168 hci_add_ltk(hdev, &key->addr.bdaddr, 5169 le_addr_type(key->addr.type), type, authenticated, 5170 key->val, key->enc_size, key->ediv, key->rand); 5171 } 5172 5173 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 5174 NULL, 0); 5175 5176 hci_dev_unlock(hdev); 5177 5178 return err; 5179 } 5180 5181 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5182 { 5183 struct hci_conn *conn = cmd->user_data; 5184 struct mgmt_rp_get_conn_info rp; 5185 int err; 5186 5187 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5188 5189 if (status == MGMT_STATUS_SUCCESS) { 5190 rp.rssi = conn->rssi; 5191 rp.tx_power = conn->tx_power; 5192 rp.max_tx_power = conn->max_tx_power; 5193 } else { 5194 rp.rssi = HCI_RSSI_INVALID; 5195 rp.tx_power = HCI_TX_POWER_INVALID; 5196 rp.max_tx_power = HCI_TX_POWER_INVALID; 5197 } 5198 5199 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 5200 status, &rp, sizeof(rp)); 5201 5202 hci_conn_drop(conn); 5203 hci_conn_put(conn); 5204 5205 return err; 5206 } 5207 5208 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 5209 u16 opcode) 5210 { 5211 struct hci_cp_read_rssi *cp; 5212 struct mgmt_pending_cmd *cmd; 5213 struct hci_conn *conn; 5214 u16 handle; 5215 u8 status; 5216 5217 BT_DBG("status 0x%02x", hci_status); 5218 5219 hci_dev_lock(hdev); 5220 5221 /* Commands sent in request are either Read RSSI or Read Transmit Power 5222 * Level so we check which one was last sent to retrieve connection 5223 * handle. Both commands have handle as first parameter so it's safe to 5224 * cast data on the same command struct. 5225 * 5226 * First command sent is always Read RSSI and we fail only if it fails. 5227 * In other case we simply override error to indicate success as we 5228 * already remembered if TX power value is actually valid. 5229 */ 5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 5231 if (!cp) { 5232 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 5233 status = MGMT_STATUS_SUCCESS; 5234 } else { 5235 status = mgmt_status(hci_status); 5236 } 5237 5238 if (!cp) { 5239 bt_dev_err(hdev, "invalid sent_cmd in conn_info response"); 5240 goto unlock; 5241 } 5242 5243 handle = __le16_to_cpu(cp->handle); 5244 conn = hci_conn_hash_lookup_handle(hdev, handle); 5245 if (!conn) { 5246 bt_dev_err(hdev, "unknown handle (%d) in conn_info response", 5247 handle); 5248 goto unlock; 5249 } 5250 5251 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 5252 if (!cmd) 5253 goto unlock; 5254 5255 cmd->cmd_complete(cmd, status); 5256 mgmt_pending_remove(cmd); 5257 5258 unlock: 5259 hci_dev_unlock(hdev); 5260 } 5261 5262 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 5263 u16 len) 5264 { 5265 struct mgmt_cp_get_conn_info *cp = data; 5266 struct mgmt_rp_get_conn_info rp; 5267 struct hci_conn *conn; 5268 unsigned long conn_info_age; 5269 int err = 0; 5270 5271 BT_DBG("%s", hdev->name); 5272 5273 memset(&rp, 0, sizeof(rp)); 5274 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5275 rp.addr.type = cp->addr.type; 5276 5277 if (!bdaddr_type_is_valid(cp->addr.type)) 5278 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5279 MGMT_STATUS_INVALID_PARAMS, 5280 &rp, sizeof(rp)); 5281 5282 hci_dev_lock(hdev); 5283 5284 if (!hdev_is_powered(hdev)) { 5285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5286 MGMT_STATUS_NOT_POWERED, &rp, 5287 sizeof(rp)); 5288 goto unlock; 5289 } 5290 5291 if (cp->addr.type == BDADDR_BREDR) 5292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5293 &cp->addr.bdaddr); 5294 else 5295 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 5296 5297 if (!conn || conn->state != BT_CONNECTED) { 5298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5299 MGMT_STATUS_NOT_CONNECTED, &rp, 5300 sizeof(rp)); 5301 goto unlock; 5302 } 5303 5304 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5306 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 5307 goto unlock; 5308 } 5309 5310 /* To avoid client trying to guess when to poll again for information we 5311 * calculate conn info age as random value between min/max set in hdev. 5312 */ 5313 conn_info_age = hdev->conn_info_min_age + 5314 prandom_u32_max(hdev->conn_info_max_age - 5315 hdev->conn_info_min_age); 5316 5317 /* Query controller to refresh cached values if they are too old or were 5318 * never read. 5319 */ 5320 if (time_after(jiffies, conn->conn_info_timestamp + 5321 msecs_to_jiffies(conn_info_age)) || 5322 !conn->conn_info_timestamp) { 5323 struct hci_request req; 5324 struct hci_cp_read_tx_power req_txp_cp; 5325 struct hci_cp_read_rssi req_rssi_cp; 5326 struct mgmt_pending_cmd *cmd; 5327 5328 hci_req_init(&req, hdev); 5329 req_rssi_cp.handle = cpu_to_le16(conn->handle); 5330 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 5331 &req_rssi_cp); 5332 5333 /* For LE links TX power does not change thus we don't need to 5334 * query for it once value is known. 5335 */ 5336 if (!bdaddr_type_is_le(cp->addr.type) || 5337 conn->tx_power == HCI_TX_POWER_INVALID) { 5338 req_txp_cp.handle = cpu_to_le16(conn->handle); 5339 req_txp_cp.type = 0x00; 5340 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5341 sizeof(req_txp_cp), &req_txp_cp); 5342 } 5343 5344 /* Max TX power needs to be read only once per connection */ 5345 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 5346 req_txp_cp.handle = cpu_to_le16(conn->handle); 5347 req_txp_cp.type = 0x01; 5348 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5349 sizeof(req_txp_cp), &req_txp_cp); 5350 } 5351 5352 err = hci_req_run(&req, conn_info_refresh_complete); 5353 if (err < 0) 5354 goto unlock; 5355 5356 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 5357 data, len); 5358 if (!cmd) { 5359 err = -ENOMEM; 5360 goto unlock; 5361 } 5362 5363 hci_conn_hold(conn); 5364 cmd->user_data = hci_conn_get(conn); 5365 cmd->cmd_complete = conn_info_cmd_complete; 5366 5367 conn->conn_info_timestamp = jiffies; 5368 } else { 5369 /* Cache is valid, just reply with values cached in hci_conn */ 5370 rp.rssi = conn->rssi; 5371 rp.tx_power = conn->tx_power; 5372 rp.max_tx_power = conn->max_tx_power; 5373 5374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5375 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 5376 } 5377 5378 unlock: 5379 hci_dev_unlock(hdev); 5380 return err; 5381 } 5382 5383 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5384 { 5385 struct hci_conn *conn = cmd->user_data; 5386 struct mgmt_rp_get_clock_info rp; 5387 struct hci_dev *hdev; 5388 int err; 5389 5390 memset(&rp, 0, sizeof(rp)); 5391 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5392 5393 if (status) 5394 goto complete; 5395 5396 hdev = hci_dev_get(cmd->index); 5397 if (hdev) { 5398 rp.local_clock = cpu_to_le32(hdev->clock); 5399 hci_dev_put(hdev); 5400 } 5401 5402 if (conn) { 5403 rp.piconet_clock = cpu_to_le32(conn->clock); 5404 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 5405 } 5406 5407 complete: 5408 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 5409 sizeof(rp)); 5410 5411 if (conn) { 5412 hci_conn_drop(conn); 5413 hci_conn_put(conn); 5414 } 5415 5416 return err; 5417 } 5418 5419 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5420 { 5421 struct hci_cp_read_clock *hci_cp; 5422 struct mgmt_pending_cmd *cmd; 5423 struct hci_conn *conn; 5424 5425 BT_DBG("%s status %u", hdev->name, status); 5426 5427 hci_dev_lock(hdev); 5428 5429 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 5430 if (!hci_cp) 5431 goto unlock; 5432 5433 if (hci_cp->which) { 5434 u16 handle = __le16_to_cpu(hci_cp->handle); 5435 conn = hci_conn_hash_lookup_handle(hdev, handle); 5436 } else { 5437 conn = NULL; 5438 } 5439 5440 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 5441 if (!cmd) 5442 goto unlock; 5443 5444 cmd->cmd_complete(cmd, mgmt_status(status)); 5445 mgmt_pending_remove(cmd); 5446 5447 unlock: 5448 hci_dev_unlock(hdev); 5449 } 5450 5451 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 5452 u16 len) 5453 { 5454 struct mgmt_cp_get_clock_info *cp = data; 5455 struct mgmt_rp_get_clock_info rp; 5456 struct hci_cp_read_clock hci_cp; 5457 struct mgmt_pending_cmd *cmd; 5458 struct hci_request req; 5459 struct hci_conn *conn; 5460 int err; 5461 5462 BT_DBG("%s", hdev->name); 5463 5464 memset(&rp, 0, sizeof(rp)); 5465 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5466 rp.addr.type = cp->addr.type; 5467 5468 if (cp->addr.type != BDADDR_BREDR) 5469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5470 MGMT_STATUS_INVALID_PARAMS, 5471 &rp, sizeof(rp)); 5472 5473 hci_dev_lock(hdev); 5474 5475 if (!hdev_is_powered(hdev)) { 5476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5477 MGMT_STATUS_NOT_POWERED, &rp, 5478 sizeof(rp)); 5479 goto unlock; 5480 } 5481 5482 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5483 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5484 &cp->addr.bdaddr); 5485 if (!conn || conn->state != BT_CONNECTED) { 5486 err = mgmt_cmd_complete(sk, hdev->id, 5487 MGMT_OP_GET_CLOCK_INFO, 5488 MGMT_STATUS_NOT_CONNECTED, 5489 &rp, sizeof(rp)); 5490 goto unlock; 5491 } 5492 } else { 5493 conn = NULL; 5494 } 5495 5496 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 5497 if (!cmd) { 5498 err = -ENOMEM; 5499 goto unlock; 5500 } 5501 5502 cmd->cmd_complete = clock_info_cmd_complete; 5503 5504 hci_req_init(&req, hdev); 5505 5506 memset(&hci_cp, 0, sizeof(hci_cp)); 5507 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5508 5509 if (conn) { 5510 hci_conn_hold(conn); 5511 cmd->user_data = hci_conn_get(conn); 5512 5513 hci_cp.handle = cpu_to_le16(conn->handle); 5514 hci_cp.which = 0x01; /* Piconet clock */ 5515 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5516 } 5517 5518 err = hci_req_run(&req, get_clock_info_complete); 5519 if (err < 0) 5520 mgmt_pending_remove(cmd); 5521 5522 unlock: 5523 hci_dev_unlock(hdev); 5524 return err; 5525 } 5526 5527 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5528 { 5529 struct hci_conn *conn; 5530 5531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5532 if (!conn) 5533 return false; 5534 5535 if (conn->dst_type != type) 5536 return false; 5537 5538 if (conn->state != BT_CONNECTED) 5539 return false; 5540 5541 return true; 5542 } 5543 5544 /* This function requires the caller holds hdev->lock */ 5545 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5546 u8 addr_type, u8 auto_connect) 5547 { 5548 struct hci_conn_params *params; 5549 5550 params = hci_conn_params_add(hdev, addr, addr_type); 5551 if (!params) 5552 return -EIO; 5553 5554 if (params->auto_connect == auto_connect) 5555 return 0; 5556 5557 list_del_init(¶ms->action); 5558 5559 switch (auto_connect) { 5560 case HCI_AUTO_CONN_DISABLED: 5561 case HCI_AUTO_CONN_LINK_LOSS: 5562 /* If auto connect is being disabled when we're trying to 5563 * connect to device, keep connecting. 5564 */ 5565 if (params->explicit_connect) 5566 list_add(¶ms->action, &hdev->pend_le_conns); 5567 break; 5568 case HCI_AUTO_CONN_REPORT: 5569 if (params->explicit_connect) 5570 list_add(¶ms->action, &hdev->pend_le_conns); 5571 else 5572 list_add(¶ms->action, &hdev->pend_le_reports); 5573 break; 5574 case HCI_AUTO_CONN_DIRECT: 5575 case HCI_AUTO_CONN_ALWAYS: 5576 if (!is_connected(hdev, addr, addr_type)) 5577 list_add(¶ms->action, &hdev->pend_le_conns); 5578 break; 5579 } 5580 5581 params->auto_connect = auto_connect; 5582 5583 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5584 auto_connect); 5585 5586 return 0; 5587 } 5588 5589 static void device_added(struct sock *sk, struct hci_dev *hdev, 5590 bdaddr_t *bdaddr, u8 type, u8 action) 5591 { 5592 struct mgmt_ev_device_added ev; 5593 5594 bacpy(&ev.addr.bdaddr, bdaddr); 5595 ev.addr.type = type; 5596 ev.action = action; 5597 5598 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5599 } 5600 5601 static int add_device(struct sock *sk, struct hci_dev *hdev, 5602 void *data, u16 len) 5603 { 5604 struct mgmt_cp_add_device *cp = data; 5605 u8 auto_conn, addr_type; 5606 int err; 5607 5608 BT_DBG("%s", hdev->name); 5609 5610 if (!bdaddr_type_is_valid(cp->addr.type) || 5611 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5612 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5613 MGMT_STATUS_INVALID_PARAMS, 5614 &cp->addr, sizeof(cp->addr)); 5615 5616 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5617 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5618 MGMT_STATUS_INVALID_PARAMS, 5619 &cp->addr, sizeof(cp->addr)); 5620 5621 hci_dev_lock(hdev); 5622 5623 if (cp->addr.type == BDADDR_BREDR) { 5624 /* Only incoming connections action is supported for now */ 5625 if (cp->action != 0x01) { 5626 err = mgmt_cmd_complete(sk, hdev->id, 5627 MGMT_OP_ADD_DEVICE, 5628 MGMT_STATUS_INVALID_PARAMS, 5629 &cp->addr, sizeof(cp->addr)); 5630 goto unlock; 5631 } 5632 5633 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5634 cp->addr.type); 5635 if (err) 5636 goto unlock; 5637 5638 hci_req_update_scan(hdev); 5639 5640 goto added; 5641 } 5642 5643 addr_type = le_addr_type(cp->addr.type); 5644 5645 if (cp->action == 0x02) 5646 auto_conn = HCI_AUTO_CONN_ALWAYS; 5647 else if (cp->action == 0x01) 5648 auto_conn = HCI_AUTO_CONN_DIRECT; 5649 else 5650 auto_conn = HCI_AUTO_CONN_REPORT; 5651 5652 /* Kernel internally uses conn_params with resolvable private 5653 * address, but Add Device allows only identity addresses. 5654 * Make sure it is enforced before calling 5655 * hci_conn_params_lookup. 5656 */ 5657 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5658 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5659 MGMT_STATUS_INVALID_PARAMS, 5660 &cp->addr, sizeof(cp->addr)); 5661 goto unlock; 5662 } 5663 5664 /* If the connection parameters don't exist for this device, 5665 * they will be created and configured with defaults. 5666 */ 5667 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5668 auto_conn) < 0) { 5669 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5670 MGMT_STATUS_FAILED, &cp->addr, 5671 sizeof(cp->addr)); 5672 goto unlock; 5673 } 5674 5675 hci_update_background_scan(hdev); 5676 5677 added: 5678 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5679 5680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5681 MGMT_STATUS_SUCCESS, &cp->addr, 5682 sizeof(cp->addr)); 5683 5684 unlock: 5685 hci_dev_unlock(hdev); 5686 return err; 5687 } 5688 5689 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5690 bdaddr_t *bdaddr, u8 type) 5691 { 5692 struct mgmt_ev_device_removed ev; 5693 5694 bacpy(&ev.addr.bdaddr, bdaddr); 5695 ev.addr.type = type; 5696 5697 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5698 } 5699 5700 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5701 void *data, u16 len) 5702 { 5703 struct mgmt_cp_remove_device *cp = data; 5704 int err; 5705 5706 BT_DBG("%s", hdev->name); 5707 5708 hci_dev_lock(hdev); 5709 5710 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5711 struct hci_conn_params *params; 5712 u8 addr_type; 5713 5714 if (!bdaddr_type_is_valid(cp->addr.type)) { 5715 err = mgmt_cmd_complete(sk, hdev->id, 5716 MGMT_OP_REMOVE_DEVICE, 5717 MGMT_STATUS_INVALID_PARAMS, 5718 &cp->addr, sizeof(cp->addr)); 5719 goto unlock; 5720 } 5721 5722 if (cp->addr.type == BDADDR_BREDR) { 5723 err = hci_bdaddr_list_del(&hdev->whitelist, 5724 &cp->addr.bdaddr, 5725 cp->addr.type); 5726 if (err) { 5727 err = mgmt_cmd_complete(sk, hdev->id, 5728 MGMT_OP_REMOVE_DEVICE, 5729 MGMT_STATUS_INVALID_PARAMS, 5730 &cp->addr, 5731 sizeof(cp->addr)); 5732 goto unlock; 5733 } 5734 5735 hci_req_update_scan(hdev); 5736 5737 device_removed(sk, hdev, &cp->addr.bdaddr, 5738 cp->addr.type); 5739 goto complete; 5740 } 5741 5742 addr_type = le_addr_type(cp->addr.type); 5743 5744 /* Kernel internally uses conn_params with resolvable private 5745 * address, but Remove Device allows only identity addresses. 5746 * Make sure it is enforced before calling 5747 * hci_conn_params_lookup. 5748 */ 5749 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5750 err = mgmt_cmd_complete(sk, hdev->id, 5751 MGMT_OP_REMOVE_DEVICE, 5752 MGMT_STATUS_INVALID_PARAMS, 5753 &cp->addr, sizeof(cp->addr)); 5754 goto unlock; 5755 } 5756 5757 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5758 addr_type); 5759 if (!params) { 5760 err = mgmt_cmd_complete(sk, hdev->id, 5761 MGMT_OP_REMOVE_DEVICE, 5762 MGMT_STATUS_INVALID_PARAMS, 5763 &cp->addr, sizeof(cp->addr)); 5764 goto unlock; 5765 } 5766 5767 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5768 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5769 err = mgmt_cmd_complete(sk, hdev->id, 5770 MGMT_OP_REMOVE_DEVICE, 5771 MGMT_STATUS_INVALID_PARAMS, 5772 &cp->addr, sizeof(cp->addr)); 5773 goto unlock; 5774 } 5775 5776 list_del(¶ms->action); 5777 list_del(¶ms->list); 5778 kfree(params); 5779 hci_update_background_scan(hdev); 5780 5781 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5782 } else { 5783 struct hci_conn_params *p, *tmp; 5784 struct bdaddr_list *b, *btmp; 5785 5786 if (cp->addr.type) { 5787 err = mgmt_cmd_complete(sk, hdev->id, 5788 MGMT_OP_REMOVE_DEVICE, 5789 MGMT_STATUS_INVALID_PARAMS, 5790 &cp->addr, sizeof(cp->addr)); 5791 goto unlock; 5792 } 5793 5794 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5795 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5796 list_del(&b->list); 5797 kfree(b); 5798 } 5799 5800 hci_req_update_scan(hdev); 5801 5802 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5803 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5804 continue; 5805 device_removed(sk, hdev, &p->addr, p->addr_type); 5806 if (p->explicit_connect) { 5807 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5808 continue; 5809 } 5810 list_del(&p->action); 5811 list_del(&p->list); 5812 kfree(p); 5813 } 5814 5815 BT_DBG("All LE connection parameters were removed"); 5816 5817 hci_update_background_scan(hdev); 5818 } 5819 5820 complete: 5821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5822 MGMT_STATUS_SUCCESS, &cp->addr, 5823 sizeof(cp->addr)); 5824 unlock: 5825 hci_dev_unlock(hdev); 5826 return err; 5827 } 5828 5829 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5830 u16 len) 5831 { 5832 struct mgmt_cp_load_conn_param *cp = data; 5833 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5834 sizeof(struct mgmt_conn_param)); 5835 u16 param_count, expected_len; 5836 int i; 5837 5838 if (!lmp_le_capable(hdev)) 5839 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5840 MGMT_STATUS_NOT_SUPPORTED); 5841 5842 param_count = __le16_to_cpu(cp->param_count); 5843 if (param_count > max_param_count) { 5844 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 5845 param_count); 5846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5847 MGMT_STATUS_INVALID_PARAMS); 5848 } 5849 5850 expected_len = sizeof(*cp) + param_count * 5851 sizeof(struct mgmt_conn_param); 5852 if (expected_len != len) { 5853 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 5854 expected_len, len); 5855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5856 MGMT_STATUS_INVALID_PARAMS); 5857 } 5858 5859 BT_DBG("%s param_count %u", hdev->name, param_count); 5860 5861 hci_dev_lock(hdev); 5862 5863 hci_conn_params_clear_disabled(hdev); 5864 5865 for (i = 0; i < param_count; i++) { 5866 struct mgmt_conn_param *param = &cp->params[i]; 5867 struct hci_conn_params *hci_param; 5868 u16 min, max, latency, timeout; 5869 u8 addr_type; 5870 5871 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5872 param->addr.type); 5873 5874 if (param->addr.type == BDADDR_LE_PUBLIC) { 5875 addr_type = ADDR_LE_DEV_PUBLIC; 5876 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5877 addr_type = ADDR_LE_DEV_RANDOM; 5878 } else { 5879 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5880 continue; 5881 } 5882 5883 min = le16_to_cpu(param->min_interval); 5884 max = le16_to_cpu(param->max_interval); 5885 latency = le16_to_cpu(param->latency); 5886 timeout = le16_to_cpu(param->timeout); 5887 5888 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5889 min, max, latency, timeout); 5890 5891 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5892 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5893 continue; 5894 } 5895 5896 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5897 addr_type); 5898 if (!hci_param) { 5899 bt_dev_err(hdev, "failed to add connection parameters"); 5900 continue; 5901 } 5902 5903 hci_param->conn_min_interval = min; 5904 hci_param->conn_max_interval = max; 5905 hci_param->conn_latency = latency; 5906 hci_param->supervision_timeout = timeout; 5907 } 5908 5909 hci_dev_unlock(hdev); 5910 5911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5912 NULL, 0); 5913 } 5914 5915 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5916 void *data, u16 len) 5917 { 5918 struct mgmt_cp_set_external_config *cp = data; 5919 bool changed; 5920 int err; 5921 5922 BT_DBG("%s", hdev->name); 5923 5924 if (hdev_is_powered(hdev)) 5925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5926 MGMT_STATUS_REJECTED); 5927 5928 if (cp->config != 0x00 && cp->config != 0x01) 5929 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5930 MGMT_STATUS_INVALID_PARAMS); 5931 5932 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5934 MGMT_STATUS_NOT_SUPPORTED); 5935 5936 hci_dev_lock(hdev); 5937 5938 if (cp->config) 5939 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5940 else 5941 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5942 5943 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5944 if (err < 0) 5945 goto unlock; 5946 5947 if (!changed) 5948 goto unlock; 5949 5950 err = new_options(hdev, sk); 5951 5952 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5953 mgmt_index_removed(hdev); 5954 5955 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5956 hci_dev_set_flag(hdev, HCI_CONFIG); 5957 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5958 5959 queue_work(hdev->req_workqueue, &hdev->power_on); 5960 } else { 5961 set_bit(HCI_RAW, &hdev->flags); 5962 mgmt_index_added(hdev); 5963 } 5964 } 5965 5966 unlock: 5967 hci_dev_unlock(hdev); 5968 return err; 5969 } 5970 5971 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5972 void *data, u16 len) 5973 { 5974 struct mgmt_cp_set_public_address *cp = data; 5975 bool changed; 5976 int err; 5977 5978 BT_DBG("%s", hdev->name); 5979 5980 if (hdev_is_powered(hdev)) 5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5982 MGMT_STATUS_REJECTED); 5983 5984 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5985 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5986 MGMT_STATUS_INVALID_PARAMS); 5987 5988 if (!hdev->set_bdaddr) 5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5990 MGMT_STATUS_NOT_SUPPORTED); 5991 5992 hci_dev_lock(hdev); 5993 5994 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5995 bacpy(&hdev->public_addr, &cp->bdaddr); 5996 5997 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 5998 if (err < 0) 5999 goto unlock; 6000 6001 if (!changed) 6002 goto unlock; 6003 6004 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 6005 err = new_options(hdev, sk); 6006 6007 if (is_configured(hdev)) { 6008 mgmt_index_removed(hdev); 6009 6010 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 6011 6012 hci_dev_set_flag(hdev, HCI_CONFIG); 6013 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6014 6015 queue_work(hdev->req_workqueue, &hdev->power_on); 6016 } 6017 6018 unlock: 6019 hci_dev_unlock(hdev); 6020 return err; 6021 } 6022 6023 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 6024 u16 opcode, struct sk_buff *skb) 6025 { 6026 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 6027 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 6028 u8 *h192, *r192, *h256, *r256; 6029 struct mgmt_pending_cmd *cmd; 6030 u16 eir_len; 6031 int err; 6032 6033 BT_DBG("%s status %u", hdev->name, status); 6034 6035 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 6036 if (!cmd) 6037 return; 6038 6039 mgmt_cp = cmd->param; 6040 6041 if (status) { 6042 status = mgmt_status(status); 6043 eir_len = 0; 6044 6045 h192 = NULL; 6046 r192 = NULL; 6047 h256 = NULL; 6048 r256 = NULL; 6049 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 6050 struct hci_rp_read_local_oob_data *rp; 6051 6052 if (skb->len != sizeof(*rp)) { 6053 status = MGMT_STATUS_FAILED; 6054 eir_len = 0; 6055 } else { 6056 status = MGMT_STATUS_SUCCESS; 6057 rp = (void *)skb->data; 6058 6059 eir_len = 5 + 18 + 18; 6060 h192 = rp->hash; 6061 r192 = rp->rand; 6062 h256 = NULL; 6063 r256 = NULL; 6064 } 6065 } else { 6066 struct hci_rp_read_local_oob_ext_data *rp; 6067 6068 if (skb->len != sizeof(*rp)) { 6069 status = MGMT_STATUS_FAILED; 6070 eir_len = 0; 6071 } else { 6072 status = MGMT_STATUS_SUCCESS; 6073 rp = (void *)skb->data; 6074 6075 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6076 eir_len = 5 + 18 + 18; 6077 h192 = NULL; 6078 r192 = NULL; 6079 } else { 6080 eir_len = 5 + 18 + 18 + 18 + 18; 6081 h192 = rp->hash192; 6082 r192 = rp->rand192; 6083 } 6084 6085 h256 = rp->hash256; 6086 r256 = rp->rand256; 6087 } 6088 } 6089 6090 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 6091 if (!mgmt_rp) 6092 goto done; 6093 6094 if (status) 6095 goto send_rsp; 6096 6097 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 6098 hdev->dev_class, 3); 6099 6100 if (h192 && r192) { 6101 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6102 EIR_SSP_HASH_C192, h192, 16); 6103 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6104 EIR_SSP_RAND_R192, r192, 16); 6105 } 6106 6107 if (h256 && r256) { 6108 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6109 EIR_SSP_HASH_C256, h256, 16); 6110 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6111 EIR_SSP_RAND_R256, r256, 16); 6112 } 6113 6114 send_rsp: 6115 mgmt_rp->type = mgmt_cp->type; 6116 mgmt_rp->eir_len = cpu_to_le16(eir_len); 6117 6118 err = mgmt_cmd_complete(cmd->sk, hdev->id, 6119 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 6120 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 6121 if (err < 0 || status) 6122 goto done; 6123 6124 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 6125 6126 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6127 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 6128 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 6129 done: 6130 kfree(mgmt_rp); 6131 mgmt_pending_remove(cmd); 6132 } 6133 6134 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 6135 struct mgmt_cp_read_local_oob_ext_data *cp) 6136 { 6137 struct mgmt_pending_cmd *cmd; 6138 struct hci_request req; 6139 int err; 6140 6141 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 6142 cp, sizeof(*cp)); 6143 if (!cmd) 6144 return -ENOMEM; 6145 6146 hci_req_init(&req, hdev); 6147 6148 if (bredr_sc_enabled(hdev)) 6149 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 6150 else 6151 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 6152 6153 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 6154 if (err < 0) { 6155 mgmt_pending_remove(cmd); 6156 return err; 6157 } 6158 6159 return 0; 6160 } 6161 6162 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 6163 void *data, u16 data_len) 6164 { 6165 struct mgmt_cp_read_local_oob_ext_data *cp = data; 6166 struct mgmt_rp_read_local_oob_ext_data *rp; 6167 size_t rp_len; 6168 u16 eir_len; 6169 u8 status, flags, role, addr[7], hash[16], rand[16]; 6170 int err; 6171 6172 BT_DBG("%s", hdev->name); 6173 6174 if (hdev_is_powered(hdev)) { 6175 switch (cp->type) { 6176 case BIT(BDADDR_BREDR): 6177 status = mgmt_bredr_support(hdev); 6178 if (status) 6179 eir_len = 0; 6180 else 6181 eir_len = 5; 6182 break; 6183 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6184 status = mgmt_le_support(hdev); 6185 if (status) 6186 eir_len = 0; 6187 else 6188 eir_len = 9 + 3 + 18 + 18 + 3; 6189 break; 6190 default: 6191 status = MGMT_STATUS_INVALID_PARAMS; 6192 eir_len = 0; 6193 break; 6194 } 6195 } else { 6196 status = MGMT_STATUS_NOT_POWERED; 6197 eir_len = 0; 6198 } 6199 6200 rp_len = sizeof(*rp) + eir_len; 6201 rp = kmalloc(rp_len, GFP_ATOMIC); 6202 if (!rp) 6203 return -ENOMEM; 6204 6205 if (status) 6206 goto complete; 6207 6208 hci_dev_lock(hdev); 6209 6210 eir_len = 0; 6211 switch (cp->type) { 6212 case BIT(BDADDR_BREDR): 6213 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6214 err = read_local_ssp_oob_req(hdev, sk, cp); 6215 hci_dev_unlock(hdev); 6216 if (!err) 6217 goto done; 6218 6219 status = MGMT_STATUS_FAILED; 6220 goto complete; 6221 } else { 6222 eir_len = eir_append_data(rp->eir, eir_len, 6223 EIR_CLASS_OF_DEV, 6224 hdev->dev_class, 3); 6225 } 6226 break; 6227 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6228 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6229 smp_generate_oob(hdev, hash, rand) < 0) { 6230 hci_dev_unlock(hdev); 6231 status = MGMT_STATUS_FAILED; 6232 goto complete; 6233 } 6234 6235 /* This should return the active RPA, but since the RPA 6236 * is only programmed on demand, it is really hard to fill 6237 * this in at the moment. For now disallow retrieving 6238 * local out-of-band data when privacy is in use. 6239 * 6240 * Returning the identity address will not help here since 6241 * pairing happens before the identity resolving key is 6242 * known and thus the connection establishment happens 6243 * based on the RPA and not the identity address. 6244 */ 6245 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 6246 hci_dev_unlock(hdev); 6247 status = MGMT_STATUS_REJECTED; 6248 goto complete; 6249 } 6250 6251 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 6252 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 6253 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6254 bacmp(&hdev->static_addr, BDADDR_ANY))) { 6255 memcpy(addr, &hdev->static_addr, 6); 6256 addr[6] = 0x01; 6257 } else { 6258 memcpy(addr, &hdev->bdaddr, 6); 6259 addr[6] = 0x00; 6260 } 6261 6262 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 6263 addr, sizeof(addr)); 6264 6265 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 6266 role = 0x02; 6267 else 6268 role = 0x01; 6269 6270 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 6271 &role, sizeof(role)); 6272 6273 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 6274 eir_len = eir_append_data(rp->eir, eir_len, 6275 EIR_LE_SC_CONFIRM, 6276 hash, sizeof(hash)); 6277 6278 eir_len = eir_append_data(rp->eir, eir_len, 6279 EIR_LE_SC_RANDOM, 6280 rand, sizeof(rand)); 6281 } 6282 6283 flags = mgmt_get_adv_discov_flags(hdev); 6284 6285 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 6286 flags |= LE_AD_NO_BREDR; 6287 6288 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 6289 &flags, sizeof(flags)); 6290 break; 6291 } 6292 6293 hci_dev_unlock(hdev); 6294 6295 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 6296 6297 status = MGMT_STATUS_SUCCESS; 6298 6299 complete: 6300 rp->type = cp->type; 6301 rp->eir_len = cpu_to_le16(eir_len); 6302 6303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 6304 status, rp, sizeof(*rp) + eir_len); 6305 if (err < 0 || status) 6306 goto done; 6307 6308 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6309 rp, sizeof(*rp) + eir_len, 6310 HCI_MGMT_OOB_DATA_EVENTS, sk); 6311 6312 done: 6313 kfree(rp); 6314 6315 return err; 6316 } 6317 6318 static u32 get_supported_adv_flags(struct hci_dev *hdev) 6319 { 6320 u32 flags = 0; 6321 6322 flags |= MGMT_ADV_FLAG_CONNECTABLE; 6323 flags |= MGMT_ADV_FLAG_DISCOV; 6324 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 6325 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 6326 flags |= MGMT_ADV_FLAG_APPEARANCE; 6327 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 6328 6329 /* In extended adv TX_POWER returned from Set Adv Param 6330 * will be always valid. 6331 */ 6332 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) || 6333 ext_adv_capable(hdev)) 6334 flags |= MGMT_ADV_FLAG_TX_POWER; 6335 6336 if (ext_adv_capable(hdev)) { 6337 flags |= MGMT_ADV_FLAG_SEC_1M; 6338 6339 if (hdev->le_features[1] & HCI_LE_PHY_2M) 6340 flags |= MGMT_ADV_FLAG_SEC_2M; 6341 6342 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 6343 flags |= MGMT_ADV_FLAG_SEC_CODED; 6344 } 6345 6346 return flags; 6347 } 6348 6349 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 6350 void *data, u16 data_len) 6351 { 6352 struct mgmt_rp_read_adv_features *rp; 6353 size_t rp_len; 6354 int err; 6355 struct adv_info *adv_instance; 6356 u32 supported_flags; 6357 u8 *instance; 6358 6359 BT_DBG("%s", hdev->name); 6360 6361 if (!lmp_le_capable(hdev)) 6362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6363 MGMT_STATUS_REJECTED); 6364 6365 hci_dev_lock(hdev); 6366 6367 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 6368 rp = kmalloc(rp_len, GFP_ATOMIC); 6369 if (!rp) { 6370 hci_dev_unlock(hdev); 6371 return -ENOMEM; 6372 } 6373 6374 supported_flags = get_supported_adv_flags(hdev); 6375 6376 rp->supported_flags = cpu_to_le32(supported_flags); 6377 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 6378 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 6379 rp->max_instances = HCI_MAX_ADV_INSTANCES; 6380 rp->num_instances = hdev->adv_instance_cnt; 6381 6382 instance = rp->instance; 6383 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 6384 *instance = adv_instance->instance; 6385 instance++; 6386 } 6387 6388 hci_dev_unlock(hdev); 6389 6390 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6391 MGMT_STATUS_SUCCESS, rp, rp_len); 6392 6393 kfree(rp); 6394 6395 return err; 6396 } 6397 6398 static u8 calculate_name_len(struct hci_dev *hdev) 6399 { 6400 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 6401 6402 return append_local_name(hdev, buf, 0); 6403 } 6404 6405 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 6406 bool is_adv_data) 6407 { 6408 u8 max_len = HCI_MAX_AD_LENGTH; 6409 6410 if (is_adv_data) { 6411 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6412 MGMT_ADV_FLAG_LIMITED_DISCOV | 6413 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6414 max_len -= 3; 6415 6416 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6417 max_len -= 3; 6418 } else { 6419 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 6420 max_len -= calculate_name_len(hdev); 6421 6422 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 6423 max_len -= 4; 6424 } 6425 6426 return max_len; 6427 } 6428 6429 static bool flags_managed(u32 adv_flags) 6430 { 6431 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 6432 MGMT_ADV_FLAG_LIMITED_DISCOV | 6433 MGMT_ADV_FLAG_MANAGED_FLAGS); 6434 } 6435 6436 static bool tx_power_managed(u32 adv_flags) 6437 { 6438 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 6439 } 6440 6441 static bool name_managed(u32 adv_flags) 6442 { 6443 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 6444 } 6445 6446 static bool appearance_managed(u32 adv_flags) 6447 { 6448 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 6449 } 6450 6451 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 6452 u8 len, bool is_adv_data) 6453 { 6454 int i, cur_len; 6455 u8 max_len; 6456 6457 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 6458 6459 if (len > max_len) 6460 return false; 6461 6462 /* Make sure that the data is correctly formatted. */ 6463 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 6464 cur_len = data[i]; 6465 6466 if (data[i + 1] == EIR_FLAGS && 6467 (!is_adv_data || flags_managed(adv_flags))) 6468 return false; 6469 6470 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 6471 return false; 6472 6473 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 6474 return false; 6475 6476 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 6477 return false; 6478 6479 if (data[i + 1] == EIR_APPEARANCE && 6480 appearance_managed(adv_flags)) 6481 return false; 6482 6483 /* If the current field length would exceed the total data 6484 * length, then it's invalid. 6485 */ 6486 if (i + cur_len >= len) 6487 return false; 6488 } 6489 6490 return true; 6491 } 6492 6493 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 6494 u16 opcode) 6495 { 6496 struct mgmt_pending_cmd *cmd; 6497 struct mgmt_cp_add_advertising *cp; 6498 struct mgmt_rp_add_advertising rp; 6499 struct adv_info *adv_instance, *n; 6500 u8 instance; 6501 6502 BT_DBG("status %d", status); 6503 6504 hci_dev_lock(hdev); 6505 6506 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 6507 6508 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 6509 if (!adv_instance->pending) 6510 continue; 6511 6512 if (!status) { 6513 adv_instance->pending = false; 6514 continue; 6515 } 6516 6517 instance = adv_instance->instance; 6518 6519 if (hdev->cur_adv_instance == instance) 6520 cancel_adv_timeout(hdev); 6521 6522 hci_remove_adv_instance(hdev, instance); 6523 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 6524 } 6525 6526 if (!cmd) 6527 goto unlock; 6528 6529 cp = cmd->param; 6530 rp.instance = cp->instance; 6531 6532 if (status) 6533 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 6534 mgmt_status(status)); 6535 else 6536 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 6537 mgmt_status(status), &rp, sizeof(rp)); 6538 6539 mgmt_pending_remove(cmd); 6540 6541 unlock: 6542 hci_dev_unlock(hdev); 6543 } 6544 6545 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 6546 void *data, u16 data_len) 6547 { 6548 struct mgmt_cp_add_advertising *cp = data; 6549 struct mgmt_rp_add_advertising rp; 6550 u32 flags; 6551 u32 supported_flags, phy_flags; 6552 u8 status; 6553 u16 timeout, duration; 6554 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6555 u8 schedule_instance = 0; 6556 struct adv_info *next_instance; 6557 int err; 6558 struct mgmt_pending_cmd *cmd; 6559 struct hci_request req; 6560 6561 BT_DBG("%s", hdev->name); 6562 6563 status = mgmt_le_support(hdev); 6564 if (status) 6565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6566 status); 6567 6568 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6570 MGMT_STATUS_INVALID_PARAMS); 6571 6572 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 6573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6574 MGMT_STATUS_INVALID_PARAMS); 6575 6576 flags = __le32_to_cpu(cp->flags); 6577 timeout = __le16_to_cpu(cp->timeout); 6578 duration = __le16_to_cpu(cp->duration); 6579 6580 /* The current implementation only supports a subset of the specified 6581 * flags. Also need to check mutual exclusiveness of sec flags. 6582 */ 6583 supported_flags = get_supported_adv_flags(hdev); 6584 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK; 6585 if (flags & ~supported_flags || 6586 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 6587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6588 MGMT_STATUS_INVALID_PARAMS); 6589 6590 hci_dev_lock(hdev); 6591 6592 if (timeout && !hdev_is_powered(hdev)) { 6593 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6594 MGMT_STATUS_REJECTED); 6595 goto unlock; 6596 } 6597 6598 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6599 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6600 pending_find(MGMT_OP_SET_LE, hdev)) { 6601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6602 MGMT_STATUS_BUSY); 6603 goto unlock; 6604 } 6605 6606 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6607 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6608 cp->scan_rsp_len, false)) { 6609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6610 MGMT_STATUS_INVALID_PARAMS); 6611 goto unlock; 6612 } 6613 6614 err = hci_add_adv_instance(hdev, cp->instance, flags, 6615 cp->adv_data_len, cp->data, 6616 cp->scan_rsp_len, 6617 cp->data + cp->adv_data_len, 6618 timeout, duration); 6619 if (err < 0) { 6620 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6621 MGMT_STATUS_FAILED); 6622 goto unlock; 6623 } 6624 6625 /* Only trigger an advertising added event if a new instance was 6626 * actually added. 6627 */ 6628 if (hdev->adv_instance_cnt > prev_instance_cnt) 6629 mgmt_advertising_added(sk, hdev, cp->instance); 6630 6631 if (hdev->cur_adv_instance == cp->instance) { 6632 /* If the currently advertised instance is being changed then 6633 * cancel the current advertising and schedule the next 6634 * instance. If there is only one instance then the overridden 6635 * advertising data will be visible right away. 6636 */ 6637 cancel_adv_timeout(hdev); 6638 6639 next_instance = hci_get_next_instance(hdev, cp->instance); 6640 if (next_instance) 6641 schedule_instance = next_instance->instance; 6642 } else if (!hdev->adv_instance_timeout) { 6643 /* Immediately advertise the new instance if no other 6644 * instance is currently being advertised. 6645 */ 6646 schedule_instance = cp->instance; 6647 } 6648 6649 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6650 * there is no instance to be advertised then we have no HCI 6651 * communication to make. Simply return. 6652 */ 6653 if (!hdev_is_powered(hdev) || 6654 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6655 !schedule_instance) { 6656 rp.instance = cp->instance; 6657 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6658 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6659 goto unlock; 6660 } 6661 6662 /* We're good to go, update advertising data, parameters, and start 6663 * advertising. 6664 */ 6665 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6666 data_len); 6667 if (!cmd) { 6668 err = -ENOMEM; 6669 goto unlock; 6670 } 6671 6672 hci_req_init(&req, hdev); 6673 6674 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6675 6676 if (!err) 6677 err = hci_req_run(&req, add_advertising_complete); 6678 6679 if (err < 0) 6680 mgmt_pending_remove(cmd); 6681 6682 unlock: 6683 hci_dev_unlock(hdev); 6684 6685 return err; 6686 } 6687 6688 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6689 u16 opcode) 6690 { 6691 struct mgmt_pending_cmd *cmd; 6692 struct mgmt_cp_remove_advertising *cp; 6693 struct mgmt_rp_remove_advertising rp; 6694 6695 BT_DBG("status %d", status); 6696 6697 hci_dev_lock(hdev); 6698 6699 /* A failure status here only means that we failed to disable 6700 * advertising. Otherwise, the advertising instance has been removed, 6701 * so report success. 6702 */ 6703 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6704 if (!cmd) 6705 goto unlock; 6706 6707 cp = cmd->param; 6708 rp.instance = cp->instance; 6709 6710 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6711 &rp, sizeof(rp)); 6712 mgmt_pending_remove(cmd); 6713 6714 unlock: 6715 hci_dev_unlock(hdev); 6716 } 6717 6718 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6719 void *data, u16 data_len) 6720 { 6721 struct mgmt_cp_remove_advertising *cp = data; 6722 struct mgmt_rp_remove_advertising rp; 6723 struct mgmt_pending_cmd *cmd; 6724 struct hci_request req; 6725 int err; 6726 6727 BT_DBG("%s", hdev->name); 6728 6729 hci_dev_lock(hdev); 6730 6731 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6732 err = mgmt_cmd_status(sk, hdev->id, 6733 MGMT_OP_REMOVE_ADVERTISING, 6734 MGMT_STATUS_INVALID_PARAMS); 6735 goto unlock; 6736 } 6737 6738 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6739 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6740 pending_find(MGMT_OP_SET_LE, hdev)) { 6741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6742 MGMT_STATUS_BUSY); 6743 goto unlock; 6744 } 6745 6746 if (list_empty(&hdev->adv_instances)) { 6747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6748 MGMT_STATUS_INVALID_PARAMS); 6749 goto unlock; 6750 } 6751 6752 hci_req_init(&req, hdev); 6753 6754 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 6755 6756 if (list_empty(&hdev->adv_instances)) 6757 __hci_req_disable_advertising(&req); 6758 6759 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6760 * flag is set or the device isn't powered then we have no HCI 6761 * communication to make. Simply return. 6762 */ 6763 if (skb_queue_empty(&req.cmd_q) || 6764 !hdev_is_powered(hdev) || 6765 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6766 hci_req_purge(&req); 6767 rp.instance = cp->instance; 6768 err = mgmt_cmd_complete(sk, hdev->id, 6769 MGMT_OP_REMOVE_ADVERTISING, 6770 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6771 goto unlock; 6772 } 6773 6774 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6775 data_len); 6776 if (!cmd) { 6777 err = -ENOMEM; 6778 goto unlock; 6779 } 6780 6781 err = hci_req_run(&req, remove_advertising_complete); 6782 if (err < 0) 6783 mgmt_pending_remove(cmd); 6784 6785 unlock: 6786 hci_dev_unlock(hdev); 6787 6788 return err; 6789 } 6790 6791 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6792 void *data, u16 data_len) 6793 { 6794 struct mgmt_cp_get_adv_size_info *cp = data; 6795 struct mgmt_rp_get_adv_size_info rp; 6796 u32 flags, supported_flags; 6797 int err; 6798 6799 BT_DBG("%s", hdev->name); 6800 6801 if (!lmp_le_capable(hdev)) 6802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6803 MGMT_STATUS_REJECTED); 6804 6805 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6807 MGMT_STATUS_INVALID_PARAMS); 6808 6809 flags = __le32_to_cpu(cp->flags); 6810 6811 /* The current implementation only supports a subset of the specified 6812 * flags. 6813 */ 6814 supported_flags = get_supported_adv_flags(hdev); 6815 if (flags & ~supported_flags) 6816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6817 MGMT_STATUS_INVALID_PARAMS); 6818 6819 rp.instance = cp->instance; 6820 rp.flags = cp->flags; 6821 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 6822 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 6823 6824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6825 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6826 6827 return err; 6828 } 6829 6830 static const struct hci_mgmt_handler mgmt_handlers[] = { 6831 { NULL }, /* 0x0000 (no command) */ 6832 { read_version, MGMT_READ_VERSION_SIZE, 6833 HCI_MGMT_NO_HDEV | 6834 HCI_MGMT_UNTRUSTED }, 6835 { read_commands, MGMT_READ_COMMANDS_SIZE, 6836 HCI_MGMT_NO_HDEV | 6837 HCI_MGMT_UNTRUSTED }, 6838 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6839 HCI_MGMT_NO_HDEV | 6840 HCI_MGMT_UNTRUSTED }, 6841 { read_controller_info, MGMT_READ_INFO_SIZE, 6842 HCI_MGMT_UNTRUSTED }, 6843 { set_powered, MGMT_SETTING_SIZE }, 6844 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6845 { set_connectable, MGMT_SETTING_SIZE }, 6846 { set_fast_connectable, MGMT_SETTING_SIZE }, 6847 { set_bondable, MGMT_SETTING_SIZE }, 6848 { set_link_security, MGMT_SETTING_SIZE }, 6849 { set_ssp, MGMT_SETTING_SIZE }, 6850 { set_hs, MGMT_SETTING_SIZE }, 6851 { set_le, MGMT_SETTING_SIZE }, 6852 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6853 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6854 { add_uuid, MGMT_ADD_UUID_SIZE }, 6855 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6856 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6857 HCI_MGMT_VAR_LEN }, 6858 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6859 HCI_MGMT_VAR_LEN }, 6860 { disconnect, MGMT_DISCONNECT_SIZE }, 6861 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6862 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6863 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6864 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6865 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6866 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6867 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6868 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6869 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6870 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6871 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6872 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6873 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6874 HCI_MGMT_VAR_LEN }, 6875 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6876 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6877 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6878 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6879 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6880 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6881 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6882 { set_advertising, MGMT_SETTING_SIZE }, 6883 { set_bredr, MGMT_SETTING_SIZE }, 6884 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6885 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6886 { set_secure_conn, MGMT_SETTING_SIZE }, 6887 { set_debug_keys, MGMT_SETTING_SIZE }, 6888 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6889 { load_irks, MGMT_LOAD_IRKS_SIZE, 6890 HCI_MGMT_VAR_LEN }, 6891 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6892 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6893 { add_device, MGMT_ADD_DEVICE_SIZE }, 6894 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6895 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6896 HCI_MGMT_VAR_LEN }, 6897 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6898 HCI_MGMT_NO_HDEV | 6899 HCI_MGMT_UNTRUSTED }, 6900 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6901 HCI_MGMT_UNCONFIGURED | 6902 HCI_MGMT_UNTRUSTED }, 6903 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6904 HCI_MGMT_UNCONFIGURED }, 6905 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6906 HCI_MGMT_UNCONFIGURED }, 6907 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6908 HCI_MGMT_VAR_LEN }, 6909 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6910 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6911 HCI_MGMT_NO_HDEV | 6912 HCI_MGMT_UNTRUSTED }, 6913 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6914 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6915 HCI_MGMT_VAR_LEN }, 6916 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6917 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6918 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6919 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6920 HCI_MGMT_UNTRUSTED }, 6921 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6922 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 6923 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 6924 }; 6925 6926 void mgmt_index_added(struct hci_dev *hdev) 6927 { 6928 struct mgmt_ev_ext_index ev; 6929 6930 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6931 return; 6932 6933 switch (hdev->dev_type) { 6934 case HCI_PRIMARY: 6935 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6936 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6937 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6938 ev.type = 0x01; 6939 } else { 6940 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6941 HCI_MGMT_INDEX_EVENTS); 6942 ev.type = 0x00; 6943 } 6944 break; 6945 case HCI_AMP: 6946 ev.type = 0x02; 6947 break; 6948 default: 6949 return; 6950 } 6951 6952 ev.bus = hdev->bus; 6953 6954 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6955 HCI_MGMT_EXT_INDEX_EVENTS); 6956 } 6957 6958 void mgmt_index_removed(struct hci_dev *hdev) 6959 { 6960 struct mgmt_ev_ext_index ev; 6961 u8 status = MGMT_STATUS_INVALID_INDEX; 6962 6963 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6964 return; 6965 6966 switch (hdev->dev_type) { 6967 case HCI_PRIMARY: 6968 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6969 6970 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6971 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6972 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6973 ev.type = 0x01; 6974 } else { 6975 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6976 HCI_MGMT_INDEX_EVENTS); 6977 ev.type = 0x00; 6978 } 6979 break; 6980 case HCI_AMP: 6981 ev.type = 0x02; 6982 break; 6983 default: 6984 return; 6985 } 6986 6987 ev.bus = hdev->bus; 6988 6989 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6990 HCI_MGMT_EXT_INDEX_EVENTS); 6991 } 6992 6993 /* This function requires the caller holds hdev->lock */ 6994 static void restart_le_actions(struct hci_dev *hdev) 6995 { 6996 struct hci_conn_params *p; 6997 6998 list_for_each_entry(p, &hdev->le_conn_params, list) { 6999 /* Needed for AUTO_OFF case where might not "really" 7000 * have been powered off. 7001 */ 7002 list_del_init(&p->action); 7003 7004 switch (p->auto_connect) { 7005 case HCI_AUTO_CONN_DIRECT: 7006 case HCI_AUTO_CONN_ALWAYS: 7007 list_add(&p->action, &hdev->pend_le_conns); 7008 break; 7009 case HCI_AUTO_CONN_REPORT: 7010 list_add(&p->action, &hdev->pend_le_reports); 7011 break; 7012 default: 7013 break; 7014 } 7015 } 7016 } 7017 7018 void mgmt_power_on(struct hci_dev *hdev, int err) 7019 { 7020 struct cmd_lookup match = { NULL, hdev }; 7021 7022 BT_DBG("err %d", err); 7023 7024 hci_dev_lock(hdev); 7025 7026 if (!err) { 7027 restart_le_actions(hdev); 7028 hci_update_background_scan(hdev); 7029 } 7030 7031 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7032 7033 new_settings(hdev, match.sk); 7034 7035 if (match.sk) 7036 sock_put(match.sk); 7037 7038 hci_dev_unlock(hdev); 7039 } 7040 7041 void __mgmt_power_off(struct hci_dev *hdev) 7042 { 7043 struct cmd_lookup match = { NULL, hdev }; 7044 u8 status, zero_cod[] = { 0, 0, 0 }; 7045 7046 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7047 7048 /* If the power off is because of hdev unregistration let 7049 * use the appropriate INVALID_INDEX status. Otherwise use 7050 * NOT_POWERED. We cover both scenarios here since later in 7051 * mgmt_index_removed() any hci_conn callbacks will have already 7052 * been triggered, potentially causing misleading DISCONNECTED 7053 * status responses. 7054 */ 7055 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 7056 status = MGMT_STATUS_INVALID_INDEX; 7057 else 7058 status = MGMT_STATUS_NOT_POWERED; 7059 7060 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 7061 7062 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 7063 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 7064 zero_cod, sizeof(zero_cod), 7065 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7066 ext_info_changed(hdev, NULL); 7067 } 7068 7069 new_settings(hdev, match.sk); 7070 7071 if (match.sk) 7072 sock_put(match.sk); 7073 } 7074 7075 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 7076 { 7077 struct mgmt_pending_cmd *cmd; 7078 u8 status; 7079 7080 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7081 if (!cmd) 7082 return; 7083 7084 if (err == -ERFKILL) 7085 status = MGMT_STATUS_RFKILLED; 7086 else 7087 status = MGMT_STATUS_FAILED; 7088 7089 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 7090 7091 mgmt_pending_remove(cmd); 7092 } 7093 7094 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 7095 bool persistent) 7096 { 7097 struct mgmt_ev_new_link_key ev; 7098 7099 memset(&ev, 0, sizeof(ev)); 7100 7101 ev.store_hint = persistent; 7102 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7103 ev.key.addr.type = BDADDR_BREDR; 7104 ev.key.type = key->type; 7105 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 7106 ev.key.pin_len = key->pin_len; 7107 7108 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 7109 } 7110 7111 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 7112 { 7113 switch (ltk->type) { 7114 case SMP_LTK: 7115 case SMP_LTK_SLAVE: 7116 if (ltk->authenticated) 7117 return MGMT_LTK_AUTHENTICATED; 7118 return MGMT_LTK_UNAUTHENTICATED; 7119 case SMP_LTK_P256: 7120 if (ltk->authenticated) 7121 return MGMT_LTK_P256_AUTH; 7122 return MGMT_LTK_P256_UNAUTH; 7123 case SMP_LTK_P256_DEBUG: 7124 return MGMT_LTK_P256_DEBUG; 7125 } 7126 7127 return MGMT_LTK_UNAUTHENTICATED; 7128 } 7129 7130 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 7131 { 7132 struct mgmt_ev_new_long_term_key ev; 7133 7134 memset(&ev, 0, sizeof(ev)); 7135 7136 /* Devices using resolvable or non-resolvable random addresses 7137 * without providing an identity resolving key don't require 7138 * to store long term keys. Their addresses will change the 7139 * next time around. 7140 * 7141 * Only when a remote device provides an identity address 7142 * make sure the long term key is stored. If the remote 7143 * identity is known, the long term keys are internally 7144 * mapped to the identity address. So allow static random 7145 * and public addresses here. 7146 */ 7147 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 7148 (key->bdaddr.b[5] & 0xc0) != 0xc0) 7149 ev.store_hint = 0x00; 7150 else 7151 ev.store_hint = persistent; 7152 7153 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7154 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 7155 ev.key.type = mgmt_ltk_type(key); 7156 ev.key.enc_size = key->enc_size; 7157 ev.key.ediv = key->ediv; 7158 ev.key.rand = key->rand; 7159 7160 if (key->type == SMP_LTK) 7161 ev.key.master = 1; 7162 7163 /* Make sure we copy only the significant bytes based on the 7164 * encryption key size, and set the rest of the value to zeroes. 7165 */ 7166 memcpy(ev.key.val, key->val, key->enc_size); 7167 memset(ev.key.val + key->enc_size, 0, 7168 sizeof(ev.key.val) - key->enc_size); 7169 7170 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 7171 } 7172 7173 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 7174 { 7175 struct mgmt_ev_new_irk ev; 7176 7177 memset(&ev, 0, sizeof(ev)); 7178 7179 ev.store_hint = persistent; 7180 7181 bacpy(&ev.rpa, &irk->rpa); 7182 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 7183 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 7184 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 7185 7186 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 7187 } 7188 7189 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 7190 bool persistent) 7191 { 7192 struct mgmt_ev_new_csrk ev; 7193 7194 memset(&ev, 0, sizeof(ev)); 7195 7196 /* Devices using resolvable or non-resolvable random addresses 7197 * without providing an identity resolving key don't require 7198 * to store signature resolving keys. Their addresses will change 7199 * the next time around. 7200 * 7201 * Only when a remote device provides an identity address 7202 * make sure the signature resolving key is stored. So allow 7203 * static random and public addresses here. 7204 */ 7205 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 7206 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 7207 ev.store_hint = 0x00; 7208 else 7209 ev.store_hint = persistent; 7210 7211 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 7212 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 7213 ev.key.type = csrk->type; 7214 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 7215 7216 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 7217 } 7218 7219 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 7220 u8 bdaddr_type, u8 store_hint, u16 min_interval, 7221 u16 max_interval, u16 latency, u16 timeout) 7222 { 7223 struct mgmt_ev_new_conn_param ev; 7224 7225 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 7226 return; 7227 7228 memset(&ev, 0, sizeof(ev)); 7229 bacpy(&ev.addr.bdaddr, bdaddr); 7230 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 7231 ev.store_hint = store_hint; 7232 ev.min_interval = cpu_to_le16(min_interval); 7233 ev.max_interval = cpu_to_le16(max_interval); 7234 ev.latency = cpu_to_le16(latency); 7235 ev.timeout = cpu_to_le16(timeout); 7236 7237 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 7238 } 7239 7240 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 7241 u32 flags, u8 *name, u8 name_len) 7242 { 7243 char buf[512]; 7244 struct mgmt_ev_device_connected *ev = (void *) buf; 7245 u16 eir_len = 0; 7246 7247 bacpy(&ev->addr.bdaddr, &conn->dst); 7248 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7249 7250 ev->flags = __cpu_to_le32(flags); 7251 7252 /* We must ensure that the EIR Data fields are ordered and 7253 * unique. Keep it simple for now and avoid the problem by not 7254 * adding any BR/EDR data to the LE adv. 7255 */ 7256 if (conn->le_adv_data_len > 0) { 7257 memcpy(&ev->eir[eir_len], 7258 conn->le_adv_data, conn->le_adv_data_len); 7259 eir_len = conn->le_adv_data_len; 7260 } else { 7261 if (name_len > 0) 7262 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 7263 name, name_len); 7264 7265 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 7266 eir_len = eir_append_data(ev->eir, eir_len, 7267 EIR_CLASS_OF_DEV, 7268 conn->dev_class, 3); 7269 } 7270 7271 ev->eir_len = cpu_to_le16(eir_len); 7272 7273 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 7274 sizeof(*ev) + eir_len, NULL); 7275 } 7276 7277 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 7278 { 7279 struct sock **sk = data; 7280 7281 cmd->cmd_complete(cmd, 0); 7282 7283 *sk = cmd->sk; 7284 sock_hold(*sk); 7285 7286 mgmt_pending_remove(cmd); 7287 } 7288 7289 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 7290 { 7291 struct hci_dev *hdev = data; 7292 struct mgmt_cp_unpair_device *cp = cmd->param; 7293 7294 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 7295 7296 cmd->cmd_complete(cmd, 0); 7297 mgmt_pending_remove(cmd); 7298 } 7299 7300 bool mgmt_powering_down(struct hci_dev *hdev) 7301 { 7302 struct mgmt_pending_cmd *cmd; 7303 struct mgmt_mode *cp; 7304 7305 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7306 if (!cmd) 7307 return false; 7308 7309 cp = cmd->param; 7310 if (!cp->val) 7311 return true; 7312 7313 return false; 7314 } 7315 7316 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 7317 u8 link_type, u8 addr_type, u8 reason, 7318 bool mgmt_connected) 7319 { 7320 struct mgmt_ev_device_disconnected ev; 7321 struct sock *sk = NULL; 7322 7323 /* The connection is still in hci_conn_hash so test for 1 7324 * instead of 0 to know if this is the last one. 7325 */ 7326 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7327 cancel_delayed_work(&hdev->power_off); 7328 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7329 } 7330 7331 if (!mgmt_connected) 7332 return; 7333 7334 if (link_type != ACL_LINK && link_type != LE_LINK) 7335 return; 7336 7337 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 7338 7339 bacpy(&ev.addr.bdaddr, bdaddr); 7340 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7341 ev.reason = reason; 7342 7343 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 7344 7345 if (sk) 7346 sock_put(sk); 7347 7348 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7349 hdev); 7350 } 7351 7352 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 7353 u8 link_type, u8 addr_type, u8 status) 7354 { 7355 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 7356 struct mgmt_cp_disconnect *cp; 7357 struct mgmt_pending_cmd *cmd; 7358 7359 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7360 hdev); 7361 7362 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 7363 if (!cmd) 7364 return; 7365 7366 cp = cmd->param; 7367 7368 if (bacmp(bdaddr, &cp->addr.bdaddr)) 7369 return; 7370 7371 if (cp->addr.type != bdaddr_type) 7372 return; 7373 7374 cmd->cmd_complete(cmd, mgmt_status(status)); 7375 mgmt_pending_remove(cmd); 7376 } 7377 7378 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7379 u8 addr_type, u8 status) 7380 { 7381 struct mgmt_ev_connect_failed ev; 7382 7383 /* The connection is still in hci_conn_hash so test for 1 7384 * instead of 0 to know if this is the last one. 7385 */ 7386 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7387 cancel_delayed_work(&hdev->power_off); 7388 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7389 } 7390 7391 bacpy(&ev.addr.bdaddr, bdaddr); 7392 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7393 ev.status = mgmt_status(status); 7394 7395 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 7396 } 7397 7398 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 7399 { 7400 struct mgmt_ev_pin_code_request ev; 7401 7402 bacpy(&ev.addr.bdaddr, bdaddr); 7403 ev.addr.type = BDADDR_BREDR; 7404 ev.secure = secure; 7405 7406 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 7407 } 7408 7409 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7410 u8 status) 7411 { 7412 struct mgmt_pending_cmd *cmd; 7413 7414 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 7415 if (!cmd) 7416 return; 7417 7418 cmd->cmd_complete(cmd, mgmt_status(status)); 7419 mgmt_pending_remove(cmd); 7420 } 7421 7422 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7423 u8 status) 7424 { 7425 struct mgmt_pending_cmd *cmd; 7426 7427 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 7428 if (!cmd) 7429 return; 7430 7431 cmd->cmd_complete(cmd, mgmt_status(status)); 7432 mgmt_pending_remove(cmd); 7433 } 7434 7435 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7436 u8 link_type, u8 addr_type, u32 value, 7437 u8 confirm_hint) 7438 { 7439 struct mgmt_ev_user_confirm_request ev; 7440 7441 BT_DBG("%s", hdev->name); 7442 7443 bacpy(&ev.addr.bdaddr, bdaddr); 7444 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7445 ev.confirm_hint = confirm_hint; 7446 ev.value = cpu_to_le32(value); 7447 7448 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 7449 NULL); 7450 } 7451 7452 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7453 u8 link_type, u8 addr_type) 7454 { 7455 struct mgmt_ev_user_passkey_request ev; 7456 7457 BT_DBG("%s", hdev->name); 7458 7459 bacpy(&ev.addr.bdaddr, bdaddr); 7460 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7461 7462 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 7463 NULL); 7464 } 7465 7466 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7467 u8 link_type, u8 addr_type, u8 status, 7468 u8 opcode) 7469 { 7470 struct mgmt_pending_cmd *cmd; 7471 7472 cmd = pending_find(opcode, hdev); 7473 if (!cmd) 7474 return -ENOENT; 7475 7476 cmd->cmd_complete(cmd, mgmt_status(status)); 7477 mgmt_pending_remove(cmd); 7478 7479 return 0; 7480 } 7481 7482 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7483 u8 link_type, u8 addr_type, u8 status) 7484 { 7485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7486 status, MGMT_OP_USER_CONFIRM_REPLY); 7487 } 7488 7489 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7490 u8 link_type, u8 addr_type, u8 status) 7491 { 7492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7493 status, 7494 MGMT_OP_USER_CONFIRM_NEG_REPLY); 7495 } 7496 7497 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7498 u8 link_type, u8 addr_type, u8 status) 7499 { 7500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7501 status, MGMT_OP_USER_PASSKEY_REPLY); 7502 } 7503 7504 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7505 u8 link_type, u8 addr_type, u8 status) 7506 { 7507 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7508 status, 7509 MGMT_OP_USER_PASSKEY_NEG_REPLY); 7510 } 7511 7512 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 7513 u8 link_type, u8 addr_type, u32 passkey, 7514 u8 entered) 7515 { 7516 struct mgmt_ev_passkey_notify ev; 7517 7518 BT_DBG("%s", hdev->name); 7519 7520 bacpy(&ev.addr.bdaddr, bdaddr); 7521 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7522 ev.passkey = __cpu_to_le32(passkey); 7523 ev.entered = entered; 7524 7525 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 7526 } 7527 7528 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 7529 { 7530 struct mgmt_ev_auth_failed ev; 7531 struct mgmt_pending_cmd *cmd; 7532 u8 status = mgmt_status(hci_status); 7533 7534 bacpy(&ev.addr.bdaddr, &conn->dst); 7535 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7536 ev.status = status; 7537 7538 cmd = find_pairing(conn); 7539 7540 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 7541 cmd ? cmd->sk : NULL); 7542 7543 if (cmd) { 7544 cmd->cmd_complete(cmd, status); 7545 mgmt_pending_remove(cmd); 7546 } 7547 } 7548 7549 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 7550 { 7551 struct cmd_lookup match = { NULL, hdev }; 7552 bool changed; 7553 7554 if (status) { 7555 u8 mgmt_err = mgmt_status(status); 7556 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 7557 cmd_status_rsp, &mgmt_err); 7558 return; 7559 } 7560 7561 if (test_bit(HCI_AUTH, &hdev->flags)) 7562 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 7563 else 7564 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 7565 7566 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 7567 &match); 7568 7569 if (changed) 7570 new_settings(hdev, match.sk); 7571 7572 if (match.sk) 7573 sock_put(match.sk); 7574 } 7575 7576 static void clear_eir(struct hci_request *req) 7577 { 7578 struct hci_dev *hdev = req->hdev; 7579 struct hci_cp_write_eir cp; 7580 7581 if (!lmp_ext_inq_capable(hdev)) 7582 return; 7583 7584 memset(hdev->eir, 0, sizeof(hdev->eir)); 7585 7586 memset(&cp, 0, sizeof(cp)); 7587 7588 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7589 } 7590 7591 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7592 { 7593 struct cmd_lookup match = { NULL, hdev }; 7594 struct hci_request req; 7595 bool changed = false; 7596 7597 if (status) { 7598 u8 mgmt_err = mgmt_status(status); 7599 7600 if (enable && hci_dev_test_and_clear_flag(hdev, 7601 HCI_SSP_ENABLED)) { 7602 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7603 new_settings(hdev, NULL); 7604 } 7605 7606 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7607 &mgmt_err); 7608 return; 7609 } 7610 7611 if (enable) { 7612 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7613 } else { 7614 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7615 if (!changed) 7616 changed = hci_dev_test_and_clear_flag(hdev, 7617 HCI_HS_ENABLED); 7618 else 7619 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7620 } 7621 7622 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7623 7624 if (changed) 7625 new_settings(hdev, match.sk); 7626 7627 if (match.sk) 7628 sock_put(match.sk); 7629 7630 hci_req_init(&req, hdev); 7631 7632 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7633 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7634 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7635 sizeof(enable), &enable); 7636 __hci_req_update_eir(&req); 7637 } else { 7638 clear_eir(&req); 7639 } 7640 7641 hci_req_run(&req, NULL); 7642 } 7643 7644 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7645 { 7646 struct cmd_lookup *match = data; 7647 7648 if (match->sk == NULL) { 7649 match->sk = cmd->sk; 7650 sock_hold(match->sk); 7651 } 7652 } 7653 7654 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7655 u8 status) 7656 { 7657 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7658 7659 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7660 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7661 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7662 7663 if (!status) { 7664 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 7665 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7666 ext_info_changed(hdev, NULL); 7667 } 7668 7669 if (match.sk) 7670 sock_put(match.sk); 7671 } 7672 7673 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7674 { 7675 struct mgmt_cp_set_local_name ev; 7676 struct mgmt_pending_cmd *cmd; 7677 7678 if (status) 7679 return; 7680 7681 memset(&ev, 0, sizeof(ev)); 7682 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7683 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7684 7685 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7686 if (!cmd) { 7687 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7688 7689 /* If this is a HCI command related to powering on the 7690 * HCI dev don't send any mgmt signals. 7691 */ 7692 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7693 return; 7694 } 7695 7696 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7697 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 7698 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 7699 } 7700 7701 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7702 { 7703 int i; 7704 7705 for (i = 0; i < uuid_count; i++) { 7706 if (!memcmp(uuid, uuids[i], 16)) 7707 return true; 7708 } 7709 7710 return false; 7711 } 7712 7713 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7714 { 7715 u16 parsed = 0; 7716 7717 while (parsed < eir_len) { 7718 u8 field_len = eir[0]; 7719 u8 uuid[16]; 7720 int i; 7721 7722 if (field_len == 0) 7723 break; 7724 7725 if (eir_len - parsed < field_len + 1) 7726 break; 7727 7728 switch (eir[1]) { 7729 case EIR_UUID16_ALL: 7730 case EIR_UUID16_SOME: 7731 for (i = 0; i + 3 <= field_len; i += 2) { 7732 memcpy(uuid, bluetooth_base_uuid, 16); 7733 uuid[13] = eir[i + 3]; 7734 uuid[12] = eir[i + 2]; 7735 if (has_uuid(uuid, uuid_count, uuids)) 7736 return true; 7737 } 7738 break; 7739 case EIR_UUID32_ALL: 7740 case EIR_UUID32_SOME: 7741 for (i = 0; i + 5 <= field_len; i += 4) { 7742 memcpy(uuid, bluetooth_base_uuid, 16); 7743 uuid[15] = eir[i + 5]; 7744 uuid[14] = eir[i + 4]; 7745 uuid[13] = eir[i + 3]; 7746 uuid[12] = eir[i + 2]; 7747 if (has_uuid(uuid, uuid_count, uuids)) 7748 return true; 7749 } 7750 break; 7751 case EIR_UUID128_ALL: 7752 case EIR_UUID128_SOME: 7753 for (i = 0; i + 17 <= field_len; i += 16) { 7754 memcpy(uuid, eir + i + 2, 16); 7755 if (has_uuid(uuid, uuid_count, uuids)) 7756 return true; 7757 } 7758 break; 7759 } 7760 7761 parsed += field_len + 1; 7762 eir += field_len + 1; 7763 } 7764 7765 return false; 7766 } 7767 7768 static void restart_le_scan(struct hci_dev *hdev) 7769 { 7770 /* If controller is not scanning we are done. */ 7771 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7772 return; 7773 7774 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7775 hdev->discovery.scan_start + 7776 hdev->discovery.scan_duration)) 7777 return; 7778 7779 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7780 DISCOV_LE_RESTART_DELAY); 7781 } 7782 7783 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7784 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7785 { 7786 /* If a RSSI threshold has been specified, and 7787 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7788 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7789 * is set, let it through for further processing, as we might need to 7790 * restart the scan. 7791 * 7792 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7793 * the results are also dropped. 7794 */ 7795 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7796 (rssi == HCI_RSSI_INVALID || 7797 (rssi < hdev->discovery.rssi && 7798 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7799 return false; 7800 7801 if (hdev->discovery.uuid_count != 0) { 7802 /* If a list of UUIDs is provided in filter, results with no 7803 * matching UUID should be dropped. 7804 */ 7805 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7806 hdev->discovery.uuids) && 7807 !eir_has_uuids(scan_rsp, scan_rsp_len, 7808 hdev->discovery.uuid_count, 7809 hdev->discovery.uuids)) 7810 return false; 7811 } 7812 7813 /* If duplicate filtering does not report RSSI changes, then restart 7814 * scanning to ensure updated result with updated RSSI values. 7815 */ 7816 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7817 restart_le_scan(hdev); 7818 7819 /* Validate RSSI value against the RSSI threshold once more. */ 7820 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7821 rssi < hdev->discovery.rssi) 7822 return false; 7823 } 7824 7825 return true; 7826 } 7827 7828 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7829 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7830 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7831 { 7832 char buf[512]; 7833 struct mgmt_ev_device_found *ev = (void *)buf; 7834 size_t ev_size; 7835 7836 /* Don't send events for a non-kernel initiated discovery. With 7837 * LE one exception is if we have pend_le_reports > 0 in which 7838 * case we're doing passive scanning and want these events. 7839 */ 7840 if (!hci_discovery_active(hdev)) { 7841 if (link_type == ACL_LINK) 7842 return; 7843 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7844 return; 7845 } 7846 7847 if (hdev->discovery.result_filtering) { 7848 /* We are using service discovery */ 7849 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7850 scan_rsp_len)) 7851 return; 7852 } 7853 7854 if (hdev->discovery.limited) { 7855 /* Check for limited discoverable bit */ 7856 if (dev_class) { 7857 if (!(dev_class[1] & 0x20)) 7858 return; 7859 } else { 7860 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7861 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7862 return; 7863 } 7864 } 7865 7866 /* Make sure that the buffer is big enough. The 5 extra bytes 7867 * are for the potential CoD field. 7868 */ 7869 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7870 return; 7871 7872 memset(buf, 0, sizeof(buf)); 7873 7874 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7875 * RSSI value was reported as 0 when not available. This behavior 7876 * is kept when using device discovery. This is required for full 7877 * backwards compatibility with the API. 7878 * 7879 * However when using service discovery, the value 127 will be 7880 * returned when the RSSI is not available. 7881 */ 7882 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7883 link_type == ACL_LINK) 7884 rssi = 0; 7885 7886 bacpy(&ev->addr.bdaddr, bdaddr); 7887 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7888 ev->rssi = rssi; 7889 ev->flags = cpu_to_le32(flags); 7890 7891 if (eir_len > 0) 7892 /* Copy EIR or advertising data into event */ 7893 memcpy(ev->eir, eir, eir_len); 7894 7895 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7896 NULL)) 7897 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7898 dev_class, 3); 7899 7900 if (scan_rsp_len > 0) 7901 /* Append scan response data to event */ 7902 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7903 7904 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7905 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7906 7907 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7908 } 7909 7910 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7911 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7912 { 7913 struct mgmt_ev_device_found *ev; 7914 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7915 u16 eir_len; 7916 7917 ev = (struct mgmt_ev_device_found *) buf; 7918 7919 memset(buf, 0, sizeof(buf)); 7920 7921 bacpy(&ev->addr.bdaddr, bdaddr); 7922 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7923 ev->rssi = rssi; 7924 7925 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7926 name_len); 7927 7928 ev->eir_len = cpu_to_le16(eir_len); 7929 7930 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7931 } 7932 7933 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7934 { 7935 struct mgmt_ev_discovering ev; 7936 7937 BT_DBG("%s discovering %u", hdev->name, discovering); 7938 7939 memset(&ev, 0, sizeof(ev)); 7940 ev.type = hdev->discovery.type; 7941 ev.discovering = discovering; 7942 7943 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7944 } 7945 7946 static struct hci_mgmt_chan chan = { 7947 .channel = HCI_CHANNEL_CONTROL, 7948 .handler_count = ARRAY_SIZE(mgmt_handlers), 7949 .handlers = mgmt_handlers, 7950 .hdev_init = mgmt_init_hdev, 7951 }; 7952 7953 int mgmt_init(void) 7954 { 7955 return hci_mgmt_chan_register(&chan); 7956 } 7957 7958 void mgmt_exit(void) 7959 { 7960 hci_mgmt_chan_unregister(&chan); 7961 } 7962