1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 15 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 MGMT_OP_READ_EXT_INFO, 108 MGMT_OP_SET_APPEARANCE, 109 MGMT_OP_SET_BLOCKED_KEYS, 110 }; 111 112 static const u16 mgmt_events[] = { 113 MGMT_EV_CONTROLLER_ERROR, 114 MGMT_EV_INDEX_ADDED, 115 MGMT_EV_INDEX_REMOVED, 116 MGMT_EV_NEW_SETTINGS, 117 MGMT_EV_CLASS_OF_DEV_CHANGED, 118 MGMT_EV_LOCAL_NAME_CHANGED, 119 MGMT_EV_NEW_LINK_KEY, 120 MGMT_EV_NEW_LONG_TERM_KEY, 121 MGMT_EV_DEVICE_CONNECTED, 122 MGMT_EV_DEVICE_DISCONNECTED, 123 MGMT_EV_CONNECT_FAILED, 124 MGMT_EV_PIN_CODE_REQUEST, 125 MGMT_EV_USER_CONFIRM_REQUEST, 126 MGMT_EV_USER_PASSKEY_REQUEST, 127 MGMT_EV_AUTH_FAILED, 128 MGMT_EV_DEVICE_FOUND, 129 MGMT_EV_DISCOVERING, 130 MGMT_EV_DEVICE_BLOCKED, 131 MGMT_EV_DEVICE_UNBLOCKED, 132 MGMT_EV_DEVICE_UNPAIRED, 133 MGMT_EV_PASSKEY_NOTIFY, 134 MGMT_EV_NEW_IRK, 135 MGMT_EV_NEW_CSRK, 136 MGMT_EV_DEVICE_ADDED, 137 MGMT_EV_DEVICE_REMOVED, 138 MGMT_EV_NEW_CONN_PARAM, 139 MGMT_EV_UNCONF_INDEX_ADDED, 140 MGMT_EV_UNCONF_INDEX_REMOVED, 141 MGMT_EV_NEW_CONFIG_OPTIONS, 142 MGMT_EV_EXT_INDEX_ADDED, 143 MGMT_EV_EXT_INDEX_REMOVED, 144 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 145 MGMT_EV_ADVERTISING_ADDED, 146 MGMT_EV_ADVERTISING_REMOVED, 147 MGMT_EV_EXT_INFO_CHANGED, 148 }; 149 150 static const u16 mgmt_untrusted_commands[] = { 151 MGMT_OP_READ_INDEX_LIST, 152 MGMT_OP_READ_INFO, 153 MGMT_OP_READ_UNCONF_INDEX_LIST, 154 MGMT_OP_READ_CONFIG_INFO, 155 MGMT_OP_READ_EXT_INDEX_LIST, 156 MGMT_OP_READ_EXT_INFO, 157 }; 158 159 static const u16 mgmt_untrusted_events[] = { 160 MGMT_EV_INDEX_ADDED, 161 MGMT_EV_INDEX_REMOVED, 162 MGMT_EV_NEW_SETTINGS, 163 MGMT_EV_CLASS_OF_DEV_CHANGED, 164 MGMT_EV_LOCAL_NAME_CHANGED, 165 MGMT_EV_UNCONF_INDEX_ADDED, 166 MGMT_EV_UNCONF_INDEX_REMOVED, 167 MGMT_EV_NEW_CONFIG_OPTIONS, 168 MGMT_EV_EXT_INDEX_ADDED, 169 MGMT_EV_EXT_INDEX_REMOVED, 170 MGMT_EV_EXT_INFO_CHANGED, 171 }; 172 173 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 174 175 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 176 "\x00\x00\x00\x00\x00\x00\x00\x00" 177 178 /* HCI to MGMT error code conversion table */ 179 static const u8 mgmt_status_table[] = { 180 MGMT_STATUS_SUCCESS, 181 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 182 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 183 MGMT_STATUS_FAILED, /* Hardware Failure */ 184 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 185 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 186 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 187 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 188 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 189 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 190 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 191 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 192 MGMT_STATUS_BUSY, /* Command Disallowed */ 193 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 194 MGMT_STATUS_REJECTED, /* Rejected Security */ 195 MGMT_STATUS_REJECTED, /* Rejected Personal */ 196 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 197 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 198 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 199 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 200 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 201 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 202 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 203 MGMT_STATUS_BUSY, /* Repeated Attempts */ 204 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 205 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 207 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 208 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 209 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 210 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 211 MGMT_STATUS_FAILED, /* Unspecified Error */ 212 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 213 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 214 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 215 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 216 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 217 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 218 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 219 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 220 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 221 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 222 MGMT_STATUS_FAILED, /* Transaction Collision */ 223 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 224 MGMT_STATUS_REJECTED, /* QoS Rejected */ 225 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 226 MGMT_STATUS_REJECTED, /* Insufficient Security */ 227 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 228 MGMT_STATUS_BUSY, /* Role Switch Pending */ 229 MGMT_STATUS_FAILED, /* Slot Violation */ 230 MGMT_STATUS_FAILED, /* Role Switch Failed */ 231 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 232 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 233 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 234 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 235 MGMT_STATUS_BUSY, /* Controller Busy */ 236 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 237 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 238 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 239 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 240 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 241 }; 242 243 static u8 mgmt_status(u8 hci_status) 244 { 245 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 246 return mgmt_status_table[hci_status]; 247 248 return MGMT_STATUS_FAILED; 249 } 250 251 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 252 u16 len, int flag) 253 { 254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 255 flag, NULL); 256 } 257 258 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 259 u16 len, int flag, struct sock *skip_sk) 260 { 261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 262 flag, skip_sk); 263 } 264 265 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 266 struct sock *skip_sk) 267 { 268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 269 HCI_SOCK_TRUSTED, skip_sk); 270 } 271 272 static u8 le_addr_type(u8 mgmt_addr_type) 273 { 274 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 275 return ADDR_LE_DEV_PUBLIC; 276 else 277 return ADDR_LE_DEV_RANDOM; 278 } 279 280 void mgmt_fill_version_info(void *ver) 281 { 282 struct mgmt_rp_read_version *rp = ver; 283 284 rp->version = MGMT_VERSION; 285 rp->revision = cpu_to_le16(MGMT_REVISION); 286 } 287 288 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 289 u16 data_len) 290 { 291 struct mgmt_rp_read_version rp; 292 293 BT_DBG("sock %p", sk); 294 295 mgmt_fill_version_info(&rp); 296 297 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 298 &rp, sizeof(rp)); 299 } 300 301 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 302 u16 data_len) 303 { 304 struct mgmt_rp_read_commands *rp; 305 u16 num_commands, num_events; 306 size_t rp_size; 307 int i, err; 308 309 BT_DBG("sock %p", sk); 310 311 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 312 num_commands = ARRAY_SIZE(mgmt_commands); 313 num_events = ARRAY_SIZE(mgmt_events); 314 } else { 315 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 316 num_events = ARRAY_SIZE(mgmt_untrusted_events); 317 } 318 319 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 320 321 rp = kmalloc(rp_size, GFP_KERNEL); 322 if (!rp) 323 return -ENOMEM; 324 325 rp->num_commands = cpu_to_le16(num_commands); 326 rp->num_events = cpu_to_le16(num_events); 327 328 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 329 __le16 *opcode = rp->opcodes; 330 331 for (i = 0; i < num_commands; i++, opcode++) 332 put_unaligned_le16(mgmt_commands[i], opcode); 333 334 for (i = 0; i < num_events; i++, opcode++) 335 put_unaligned_le16(mgmt_events[i], opcode); 336 } else { 337 __le16 *opcode = rp->opcodes; 338 339 for (i = 0; i < num_commands; i++, opcode++) 340 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 341 342 for (i = 0; i < num_events; i++, opcode++) 343 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 344 } 345 346 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 347 rp, rp_size); 348 kfree(rp); 349 350 return err; 351 } 352 353 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 354 u16 data_len) 355 { 356 struct mgmt_rp_read_index_list *rp; 357 struct hci_dev *d; 358 size_t rp_len; 359 u16 count; 360 int err; 361 362 BT_DBG("sock %p", sk); 363 364 read_lock(&hci_dev_list_lock); 365 366 count = 0; 367 list_for_each_entry(d, &hci_dev_list, list) { 368 if (d->dev_type == HCI_PRIMARY && 369 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 370 count++; 371 } 372 373 rp_len = sizeof(*rp) + (2 * count); 374 rp = kmalloc(rp_len, GFP_ATOMIC); 375 if (!rp) { 376 read_unlock(&hci_dev_list_lock); 377 return -ENOMEM; 378 } 379 380 count = 0; 381 list_for_each_entry(d, &hci_dev_list, list) { 382 if (hci_dev_test_flag(d, HCI_SETUP) || 383 hci_dev_test_flag(d, HCI_CONFIG) || 384 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 385 continue; 386 387 /* Devices marked as raw-only are neither configured 388 * nor unconfigured controllers. 389 */ 390 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 391 continue; 392 393 if (d->dev_type == HCI_PRIMARY && 394 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 395 rp->index[count++] = cpu_to_le16(d->id); 396 BT_DBG("Added hci%u", d->id); 397 } 398 } 399 400 rp->num_controllers = cpu_to_le16(count); 401 rp_len = sizeof(*rp) + (2 * count); 402 403 read_unlock(&hci_dev_list_lock); 404 405 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 406 0, rp, rp_len); 407 408 kfree(rp); 409 410 return err; 411 } 412 413 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 414 void *data, u16 data_len) 415 { 416 struct mgmt_rp_read_unconf_index_list *rp; 417 struct hci_dev *d; 418 size_t rp_len; 419 u16 count; 420 int err; 421 422 BT_DBG("sock %p", sk); 423 424 read_lock(&hci_dev_list_lock); 425 426 count = 0; 427 list_for_each_entry(d, &hci_dev_list, list) { 428 if (d->dev_type == HCI_PRIMARY && 429 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 430 count++; 431 } 432 433 rp_len = sizeof(*rp) + (2 * count); 434 rp = kmalloc(rp_len, GFP_ATOMIC); 435 if (!rp) { 436 read_unlock(&hci_dev_list_lock); 437 return -ENOMEM; 438 } 439 440 count = 0; 441 list_for_each_entry(d, &hci_dev_list, list) { 442 if (hci_dev_test_flag(d, HCI_SETUP) || 443 hci_dev_test_flag(d, HCI_CONFIG) || 444 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 445 continue; 446 447 /* Devices marked as raw-only are neither configured 448 * nor unconfigured controllers. 449 */ 450 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 451 continue; 452 453 if (d->dev_type == HCI_PRIMARY && 454 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 455 rp->index[count++] = cpu_to_le16(d->id); 456 BT_DBG("Added hci%u", d->id); 457 } 458 } 459 460 rp->num_controllers = cpu_to_le16(count); 461 rp_len = sizeof(*rp) + (2 * count); 462 463 read_unlock(&hci_dev_list_lock); 464 465 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 466 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 467 468 kfree(rp); 469 470 return err; 471 } 472 473 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 474 void *data, u16 data_len) 475 { 476 struct mgmt_rp_read_ext_index_list *rp; 477 struct hci_dev *d; 478 u16 count; 479 int err; 480 481 BT_DBG("sock %p", sk); 482 483 read_lock(&hci_dev_list_lock); 484 485 count = 0; 486 list_for_each_entry(d, &hci_dev_list, list) { 487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 488 count++; 489 } 490 491 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 492 if (!rp) { 493 read_unlock(&hci_dev_list_lock); 494 return -ENOMEM; 495 } 496 497 count = 0; 498 list_for_each_entry(d, &hci_dev_list, list) { 499 if (hci_dev_test_flag(d, HCI_SETUP) || 500 hci_dev_test_flag(d, HCI_CONFIG) || 501 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 502 continue; 503 504 /* Devices marked as raw-only are neither configured 505 * nor unconfigured controllers. 506 */ 507 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 508 continue; 509 510 if (d->dev_type == HCI_PRIMARY) { 511 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 512 rp->entry[count].type = 0x01; 513 else 514 rp->entry[count].type = 0x00; 515 } else if (d->dev_type == HCI_AMP) { 516 rp->entry[count].type = 0x02; 517 } else { 518 continue; 519 } 520 521 rp->entry[count].bus = d->bus; 522 rp->entry[count++].index = cpu_to_le16(d->id); 523 BT_DBG("Added hci%u", d->id); 524 } 525 526 rp->num_controllers = cpu_to_le16(count); 527 528 read_unlock(&hci_dev_list_lock); 529 530 /* If this command is called at least once, then all the 531 * default index and unconfigured index events are disabled 532 * and from now on only extended index events are used. 533 */ 534 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 535 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 536 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 537 538 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 539 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 540 struct_size(rp, entry, count)); 541 542 kfree(rp); 543 544 return err; 545 } 546 547 static bool is_configured(struct hci_dev *hdev) 548 { 549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 550 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 551 return false; 552 553 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 554 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 555 !bacmp(&hdev->public_addr, BDADDR_ANY)) 556 return false; 557 558 return true; 559 } 560 561 static __le32 get_missing_options(struct hci_dev *hdev) 562 { 563 u32 options = 0; 564 565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 567 options |= MGMT_OPTION_EXTERNAL_CONFIG; 568 569 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 570 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 571 !bacmp(&hdev->public_addr, BDADDR_ANY)) 572 options |= MGMT_OPTION_PUBLIC_ADDRESS; 573 574 return cpu_to_le32(options); 575 } 576 577 static int new_options(struct hci_dev *hdev, struct sock *skip) 578 { 579 __le32 options = get_missing_options(hdev); 580 581 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 582 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 583 } 584 585 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 586 { 587 __le32 options = get_missing_options(hdev); 588 589 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 590 sizeof(options)); 591 } 592 593 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 594 void *data, u16 data_len) 595 { 596 struct mgmt_rp_read_config_info rp; 597 u32 options = 0; 598 599 BT_DBG("sock %p %s", sk, hdev->name); 600 601 hci_dev_lock(hdev); 602 603 memset(&rp, 0, sizeof(rp)); 604 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 605 606 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 607 options |= MGMT_OPTION_EXTERNAL_CONFIG; 608 609 if (hdev->set_bdaddr) 610 options |= MGMT_OPTION_PUBLIC_ADDRESS; 611 612 rp.supported_options = cpu_to_le32(options); 613 rp.missing_options = get_missing_options(hdev); 614 615 hci_dev_unlock(hdev); 616 617 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 618 &rp, sizeof(rp)); 619 } 620 621 static u32 get_supported_phys(struct hci_dev *hdev) 622 { 623 u32 supported_phys = 0; 624 625 if (lmp_bredr_capable(hdev)) { 626 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 627 628 if (hdev->features[0][0] & LMP_3SLOT) 629 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 630 631 if (hdev->features[0][0] & LMP_5SLOT) 632 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 633 634 if (lmp_edr_2m_capable(hdev)) { 635 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 636 637 if (lmp_edr_3slot_capable(hdev)) 638 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 639 640 if (lmp_edr_5slot_capable(hdev)) 641 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 642 643 if (lmp_edr_3m_capable(hdev)) { 644 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 645 646 if (lmp_edr_3slot_capable(hdev)) 647 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 648 649 if (lmp_edr_5slot_capable(hdev)) 650 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 651 } 652 } 653 } 654 655 if (lmp_le_capable(hdev)) { 656 supported_phys |= MGMT_PHY_LE_1M_TX; 657 supported_phys |= MGMT_PHY_LE_1M_RX; 658 659 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 660 supported_phys |= MGMT_PHY_LE_2M_TX; 661 supported_phys |= MGMT_PHY_LE_2M_RX; 662 } 663 664 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 665 supported_phys |= MGMT_PHY_LE_CODED_TX; 666 supported_phys |= MGMT_PHY_LE_CODED_RX; 667 } 668 } 669 670 return supported_phys; 671 } 672 673 static u32 get_selected_phys(struct hci_dev *hdev) 674 { 675 u32 selected_phys = 0; 676 677 if (lmp_bredr_capable(hdev)) { 678 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 679 680 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 681 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 682 683 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 684 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 685 686 if (lmp_edr_2m_capable(hdev)) { 687 if (!(hdev->pkt_type & HCI_2DH1)) 688 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 689 690 if (lmp_edr_3slot_capable(hdev) && 691 !(hdev->pkt_type & HCI_2DH3)) 692 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 693 694 if (lmp_edr_5slot_capable(hdev) && 695 !(hdev->pkt_type & HCI_2DH5)) 696 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 697 698 if (lmp_edr_3m_capable(hdev)) { 699 if (!(hdev->pkt_type & HCI_3DH1)) 700 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 701 702 if (lmp_edr_3slot_capable(hdev) && 703 !(hdev->pkt_type & HCI_3DH3)) 704 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 705 706 if (lmp_edr_5slot_capable(hdev) && 707 !(hdev->pkt_type & HCI_3DH5)) 708 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 709 } 710 } 711 } 712 713 if (lmp_le_capable(hdev)) { 714 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 715 selected_phys |= MGMT_PHY_LE_1M_TX; 716 717 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 718 selected_phys |= MGMT_PHY_LE_1M_RX; 719 720 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 721 selected_phys |= MGMT_PHY_LE_2M_TX; 722 723 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 724 selected_phys |= MGMT_PHY_LE_2M_RX; 725 726 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 727 selected_phys |= MGMT_PHY_LE_CODED_TX; 728 729 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 730 selected_phys |= MGMT_PHY_LE_CODED_RX; 731 } 732 733 return selected_phys; 734 } 735 736 static u32 get_configurable_phys(struct hci_dev *hdev) 737 { 738 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 739 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 740 } 741 742 static u32 get_supported_settings(struct hci_dev *hdev) 743 { 744 u32 settings = 0; 745 746 settings |= MGMT_SETTING_POWERED; 747 settings |= MGMT_SETTING_BONDABLE; 748 settings |= MGMT_SETTING_DEBUG_KEYS; 749 settings |= MGMT_SETTING_CONNECTABLE; 750 settings |= MGMT_SETTING_DISCOVERABLE; 751 752 if (lmp_bredr_capable(hdev)) { 753 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 754 settings |= MGMT_SETTING_FAST_CONNECTABLE; 755 settings |= MGMT_SETTING_BREDR; 756 settings |= MGMT_SETTING_LINK_SECURITY; 757 758 if (lmp_ssp_capable(hdev)) { 759 settings |= MGMT_SETTING_SSP; 760 settings |= MGMT_SETTING_HS; 761 } 762 763 if (lmp_sc_capable(hdev)) 764 settings |= MGMT_SETTING_SECURE_CONN; 765 } 766 767 if (lmp_le_capable(hdev)) { 768 settings |= MGMT_SETTING_LE; 769 settings |= MGMT_SETTING_ADVERTISING; 770 settings |= MGMT_SETTING_SECURE_CONN; 771 settings |= MGMT_SETTING_PRIVACY; 772 settings |= MGMT_SETTING_STATIC_ADDRESS; 773 } 774 775 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 776 hdev->set_bdaddr) 777 settings |= MGMT_SETTING_CONFIGURATION; 778 779 settings |= MGMT_SETTING_PHY_CONFIGURATION; 780 781 return settings; 782 } 783 784 static u32 get_current_settings(struct hci_dev *hdev) 785 { 786 u32 settings = 0; 787 788 if (hdev_is_powered(hdev)) 789 settings |= MGMT_SETTING_POWERED; 790 791 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 792 settings |= MGMT_SETTING_CONNECTABLE; 793 794 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 795 settings |= MGMT_SETTING_FAST_CONNECTABLE; 796 797 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 798 settings |= MGMT_SETTING_DISCOVERABLE; 799 800 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 801 settings |= MGMT_SETTING_BONDABLE; 802 803 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 804 settings |= MGMT_SETTING_BREDR; 805 806 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 807 settings |= MGMT_SETTING_LE; 808 809 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 810 settings |= MGMT_SETTING_LINK_SECURITY; 811 812 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 813 settings |= MGMT_SETTING_SSP; 814 815 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 816 settings |= MGMT_SETTING_HS; 817 818 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 819 settings |= MGMT_SETTING_ADVERTISING; 820 821 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 822 settings |= MGMT_SETTING_SECURE_CONN; 823 824 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 825 settings |= MGMT_SETTING_DEBUG_KEYS; 826 827 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 828 settings |= MGMT_SETTING_PRIVACY; 829 830 /* The current setting for static address has two purposes. The 831 * first is to indicate if the static address will be used and 832 * the second is to indicate if it is actually set. 833 * 834 * This means if the static address is not configured, this flag 835 * will never be set. If the address is configured, then if the 836 * address is actually used decides if the flag is set or not. 837 * 838 * For single mode LE only controllers and dual-mode controllers 839 * with BR/EDR disabled, the existence of the static address will 840 * be evaluated. 841 */ 842 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 843 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 844 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 845 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 846 settings |= MGMT_SETTING_STATIC_ADDRESS; 847 } 848 849 return settings; 850 } 851 852 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 853 { 854 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 855 } 856 857 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 858 struct hci_dev *hdev, 859 const void *data) 860 { 861 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 862 } 863 864 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 865 { 866 struct mgmt_pending_cmd *cmd; 867 868 /* If there's a pending mgmt command the flags will not yet have 869 * their final values, so check for this first. 870 */ 871 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 872 if (cmd) { 873 struct mgmt_mode *cp = cmd->param; 874 if (cp->val == 0x01) 875 return LE_AD_GENERAL; 876 else if (cp->val == 0x02) 877 return LE_AD_LIMITED; 878 } else { 879 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 880 return LE_AD_LIMITED; 881 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 882 return LE_AD_GENERAL; 883 } 884 885 return 0; 886 } 887 888 bool mgmt_get_connectable(struct hci_dev *hdev) 889 { 890 struct mgmt_pending_cmd *cmd; 891 892 /* If there's a pending mgmt command the flag will not yet have 893 * it's final value, so check for this first. 894 */ 895 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 896 if (cmd) { 897 struct mgmt_mode *cp = cmd->param; 898 899 return cp->val; 900 } 901 902 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 903 } 904 905 static void service_cache_off(struct work_struct *work) 906 { 907 struct hci_dev *hdev = container_of(work, struct hci_dev, 908 service_cache.work); 909 struct hci_request req; 910 911 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 912 return; 913 914 hci_req_init(&req, hdev); 915 916 hci_dev_lock(hdev); 917 918 __hci_req_update_eir(&req); 919 __hci_req_update_class(&req); 920 921 hci_dev_unlock(hdev); 922 923 hci_req_run(&req, NULL); 924 } 925 926 static void rpa_expired(struct work_struct *work) 927 { 928 struct hci_dev *hdev = container_of(work, struct hci_dev, 929 rpa_expired.work); 930 struct hci_request req; 931 932 BT_DBG(""); 933 934 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 935 936 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 937 return; 938 939 /* The generation of a new RPA and programming it into the 940 * controller happens in the hci_req_enable_advertising() 941 * function. 942 */ 943 hci_req_init(&req, hdev); 944 if (ext_adv_capable(hdev)) 945 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance); 946 else 947 __hci_req_enable_advertising(&req); 948 hci_req_run(&req, NULL); 949 } 950 951 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 952 { 953 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 954 return; 955 956 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 957 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 958 959 /* Non-mgmt controlled devices get this bit set 960 * implicitly so that pairing works for them, however 961 * for mgmt we require user-space to explicitly enable 962 * it 963 */ 964 hci_dev_clear_flag(hdev, HCI_BONDABLE); 965 } 966 967 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 968 void *data, u16 data_len) 969 { 970 struct mgmt_rp_read_info rp; 971 972 BT_DBG("sock %p %s", sk, hdev->name); 973 974 hci_dev_lock(hdev); 975 976 memset(&rp, 0, sizeof(rp)); 977 978 bacpy(&rp.bdaddr, &hdev->bdaddr); 979 980 rp.version = hdev->hci_ver; 981 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 982 983 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 984 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 985 986 memcpy(rp.dev_class, hdev->dev_class, 3); 987 988 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 989 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 990 991 hci_dev_unlock(hdev); 992 993 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 994 sizeof(rp)); 995 } 996 997 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 998 { 999 u16 eir_len = 0; 1000 size_t name_len; 1001 1002 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1003 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1004 hdev->dev_class, 3); 1005 1006 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1007 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1008 hdev->appearance); 1009 1010 name_len = strlen(hdev->dev_name); 1011 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1012 hdev->dev_name, name_len); 1013 1014 name_len = strlen(hdev->short_name); 1015 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1016 hdev->short_name, name_len); 1017 1018 return eir_len; 1019 } 1020 1021 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1022 void *data, u16 data_len) 1023 { 1024 char buf[512]; 1025 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1026 u16 eir_len; 1027 1028 BT_DBG("sock %p %s", sk, hdev->name); 1029 1030 memset(&buf, 0, sizeof(buf)); 1031 1032 hci_dev_lock(hdev); 1033 1034 bacpy(&rp->bdaddr, &hdev->bdaddr); 1035 1036 rp->version = hdev->hci_ver; 1037 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1038 1039 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1040 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1041 1042 1043 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1044 rp->eir_len = cpu_to_le16(eir_len); 1045 1046 hci_dev_unlock(hdev); 1047 1048 /* If this command is called at least once, then the events 1049 * for class of device and local name changes are disabled 1050 * and only the new extended controller information event 1051 * is used. 1052 */ 1053 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1054 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1055 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1056 1057 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1058 sizeof(*rp) + eir_len); 1059 } 1060 1061 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1062 { 1063 char buf[512]; 1064 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1065 u16 eir_len; 1066 1067 memset(buf, 0, sizeof(buf)); 1068 1069 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1070 ev->eir_len = cpu_to_le16(eir_len); 1071 1072 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1073 sizeof(*ev) + eir_len, 1074 HCI_MGMT_EXT_INFO_EVENTS, skip); 1075 } 1076 1077 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1078 { 1079 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1080 1081 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1082 sizeof(settings)); 1083 } 1084 1085 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1086 { 1087 BT_DBG("%s status 0x%02x", hdev->name, status); 1088 1089 if (hci_conn_count(hdev) == 0) { 1090 cancel_delayed_work(&hdev->power_off); 1091 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1092 } 1093 } 1094 1095 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1096 { 1097 struct mgmt_ev_advertising_added ev; 1098 1099 ev.instance = instance; 1100 1101 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1102 } 1103 1104 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1105 u8 instance) 1106 { 1107 struct mgmt_ev_advertising_removed ev; 1108 1109 ev.instance = instance; 1110 1111 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1112 } 1113 1114 static void cancel_adv_timeout(struct hci_dev *hdev) 1115 { 1116 if (hdev->adv_instance_timeout) { 1117 hdev->adv_instance_timeout = 0; 1118 cancel_delayed_work(&hdev->adv_instance_expire); 1119 } 1120 } 1121 1122 static int clean_up_hci_state(struct hci_dev *hdev) 1123 { 1124 struct hci_request req; 1125 struct hci_conn *conn; 1126 bool discov_stopped; 1127 int err; 1128 1129 hci_req_init(&req, hdev); 1130 1131 if (test_bit(HCI_ISCAN, &hdev->flags) || 1132 test_bit(HCI_PSCAN, &hdev->flags)) { 1133 u8 scan = 0x00; 1134 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1135 } 1136 1137 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1138 1139 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1140 __hci_req_disable_advertising(&req); 1141 1142 discov_stopped = hci_req_stop_discovery(&req); 1143 1144 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1145 /* 0x15 == Terminated due to Power Off */ 1146 __hci_abort_conn(&req, conn, 0x15); 1147 } 1148 1149 err = hci_req_run(&req, clean_up_hci_complete); 1150 if (!err && discov_stopped) 1151 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1152 1153 return err; 1154 } 1155 1156 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1157 u16 len) 1158 { 1159 struct mgmt_mode *cp = data; 1160 struct mgmt_pending_cmd *cmd; 1161 int err; 1162 1163 BT_DBG("request for %s", hdev->name); 1164 1165 if (cp->val != 0x00 && cp->val != 0x01) 1166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1167 MGMT_STATUS_INVALID_PARAMS); 1168 1169 hci_dev_lock(hdev); 1170 1171 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1172 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1173 MGMT_STATUS_BUSY); 1174 goto failed; 1175 } 1176 1177 if (!!cp->val == hdev_is_powered(hdev)) { 1178 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1179 goto failed; 1180 } 1181 1182 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1183 if (!cmd) { 1184 err = -ENOMEM; 1185 goto failed; 1186 } 1187 1188 if (cp->val) { 1189 queue_work(hdev->req_workqueue, &hdev->power_on); 1190 err = 0; 1191 } else { 1192 /* Disconnect connections, stop scans, etc */ 1193 err = clean_up_hci_state(hdev); 1194 if (!err) 1195 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1196 HCI_POWER_OFF_TIMEOUT); 1197 1198 /* ENODATA means there were no HCI commands queued */ 1199 if (err == -ENODATA) { 1200 cancel_delayed_work(&hdev->power_off); 1201 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1202 err = 0; 1203 } 1204 } 1205 1206 failed: 1207 hci_dev_unlock(hdev); 1208 return err; 1209 } 1210 1211 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1212 { 1213 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1214 1215 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1216 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1217 } 1218 1219 int mgmt_new_settings(struct hci_dev *hdev) 1220 { 1221 return new_settings(hdev, NULL); 1222 } 1223 1224 struct cmd_lookup { 1225 struct sock *sk; 1226 struct hci_dev *hdev; 1227 u8 mgmt_status; 1228 }; 1229 1230 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1231 { 1232 struct cmd_lookup *match = data; 1233 1234 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1235 1236 list_del(&cmd->list); 1237 1238 if (match->sk == NULL) { 1239 match->sk = cmd->sk; 1240 sock_hold(match->sk); 1241 } 1242 1243 mgmt_pending_free(cmd); 1244 } 1245 1246 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1247 { 1248 u8 *status = data; 1249 1250 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1251 mgmt_pending_remove(cmd); 1252 } 1253 1254 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1255 { 1256 if (cmd->cmd_complete) { 1257 u8 *status = data; 1258 1259 cmd->cmd_complete(cmd, *status); 1260 mgmt_pending_remove(cmd); 1261 1262 return; 1263 } 1264 1265 cmd_status_rsp(cmd, data); 1266 } 1267 1268 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1269 { 1270 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1271 cmd->param, cmd->param_len); 1272 } 1273 1274 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1275 { 1276 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1277 cmd->param, sizeof(struct mgmt_addr_info)); 1278 } 1279 1280 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1281 { 1282 if (!lmp_bredr_capable(hdev)) 1283 return MGMT_STATUS_NOT_SUPPORTED; 1284 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1285 return MGMT_STATUS_REJECTED; 1286 else 1287 return MGMT_STATUS_SUCCESS; 1288 } 1289 1290 static u8 mgmt_le_support(struct hci_dev *hdev) 1291 { 1292 if (!lmp_le_capable(hdev)) 1293 return MGMT_STATUS_NOT_SUPPORTED; 1294 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1295 return MGMT_STATUS_REJECTED; 1296 else 1297 return MGMT_STATUS_SUCCESS; 1298 } 1299 1300 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1301 { 1302 struct mgmt_pending_cmd *cmd; 1303 1304 BT_DBG("status 0x%02x", status); 1305 1306 hci_dev_lock(hdev); 1307 1308 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1309 if (!cmd) 1310 goto unlock; 1311 1312 if (status) { 1313 u8 mgmt_err = mgmt_status(status); 1314 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1315 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1316 goto remove_cmd; 1317 } 1318 1319 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1320 hdev->discov_timeout > 0) { 1321 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1322 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1323 } 1324 1325 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1326 new_settings(hdev, cmd->sk); 1327 1328 remove_cmd: 1329 mgmt_pending_remove(cmd); 1330 1331 unlock: 1332 hci_dev_unlock(hdev); 1333 } 1334 1335 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1336 u16 len) 1337 { 1338 struct mgmt_cp_set_discoverable *cp = data; 1339 struct mgmt_pending_cmd *cmd; 1340 u16 timeout; 1341 int err; 1342 1343 BT_DBG("request for %s", hdev->name); 1344 1345 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1346 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1347 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1348 MGMT_STATUS_REJECTED); 1349 1350 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1352 MGMT_STATUS_INVALID_PARAMS); 1353 1354 timeout = __le16_to_cpu(cp->timeout); 1355 1356 /* Disabling discoverable requires that no timeout is set, 1357 * and enabling limited discoverable requires a timeout. 1358 */ 1359 if ((cp->val == 0x00 && timeout > 0) || 1360 (cp->val == 0x02 && timeout == 0)) 1361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1362 MGMT_STATUS_INVALID_PARAMS); 1363 1364 hci_dev_lock(hdev); 1365 1366 if (!hdev_is_powered(hdev) && timeout > 0) { 1367 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1368 MGMT_STATUS_NOT_POWERED); 1369 goto failed; 1370 } 1371 1372 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1373 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1375 MGMT_STATUS_BUSY); 1376 goto failed; 1377 } 1378 1379 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1380 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1381 MGMT_STATUS_REJECTED); 1382 goto failed; 1383 } 1384 1385 if (!hdev_is_powered(hdev)) { 1386 bool changed = false; 1387 1388 /* Setting limited discoverable when powered off is 1389 * not a valid operation since it requires a timeout 1390 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1391 */ 1392 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1393 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1394 changed = true; 1395 } 1396 1397 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1398 if (err < 0) 1399 goto failed; 1400 1401 if (changed) 1402 err = new_settings(hdev, sk); 1403 1404 goto failed; 1405 } 1406 1407 /* If the current mode is the same, then just update the timeout 1408 * value with the new value. And if only the timeout gets updated, 1409 * then no need for any HCI transactions. 1410 */ 1411 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1412 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1413 HCI_LIMITED_DISCOVERABLE)) { 1414 cancel_delayed_work(&hdev->discov_off); 1415 hdev->discov_timeout = timeout; 1416 1417 if (cp->val && hdev->discov_timeout > 0) { 1418 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1419 queue_delayed_work(hdev->req_workqueue, 1420 &hdev->discov_off, to); 1421 } 1422 1423 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1424 goto failed; 1425 } 1426 1427 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1428 if (!cmd) { 1429 err = -ENOMEM; 1430 goto failed; 1431 } 1432 1433 /* Cancel any potential discoverable timeout that might be 1434 * still active and store new timeout value. The arming of 1435 * the timeout happens in the complete handler. 1436 */ 1437 cancel_delayed_work(&hdev->discov_off); 1438 hdev->discov_timeout = timeout; 1439 1440 if (cp->val) 1441 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1442 else 1443 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1444 1445 /* Limited discoverable mode */ 1446 if (cp->val == 0x02) 1447 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1448 else 1449 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1450 1451 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1452 err = 0; 1453 1454 failed: 1455 hci_dev_unlock(hdev); 1456 return err; 1457 } 1458 1459 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1460 { 1461 struct mgmt_pending_cmd *cmd; 1462 1463 BT_DBG("status 0x%02x", status); 1464 1465 hci_dev_lock(hdev); 1466 1467 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1468 if (!cmd) 1469 goto unlock; 1470 1471 if (status) { 1472 u8 mgmt_err = mgmt_status(status); 1473 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1474 goto remove_cmd; 1475 } 1476 1477 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1478 new_settings(hdev, cmd->sk); 1479 1480 remove_cmd: 1481 mgmt_pending_remove(cmd); 1482 1483 unlock: 1484 hci_dev_unlock(hdev); 1485 } 1486 1487 static int set_connectable_update_settings(struct hci_dev *hdev, 1488 struct sock *sk, u8 val) 1489 { 1490 bool changed = false; 1491 int err; 1492 1493 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1494 changed = true; 1495 1496 if (val) { 1497 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1498 } else { 1499 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1500 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1501 } 1502 1503 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1504 if (err < 0) 1505 return err; 1506 1507 if (changed) { 1508 hci_req_update_scan(hdev); 1509 hci_update_background_scan(hdev); 1510 return new_settings(hdev, sk); 1511 } 1512 1513 return 0; 1514 } 1515 1516 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1517 u16 len) 1518 { 1519 struct mgmt_mode *cp = data; 1520 struct mgmt_pending_cmd *cmd; 1521 int err; 1522 1523 BT_DBG("request for %s", hdev->name); 1524 1525 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1526 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1528 MGMT_STATUS_REJECTED); 1529 1530 if (cp->val != 0x00 && cp->val != 0x01) 1531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1532 MGMT_STATUS_INVALID_PARAMS); 1533 1534 hci_dev_lock(hdev); 1535 1536 if (!hdev_is_powered(hdev)) { 1537 err = set_connectable_update_settings(hdev, sk, cp->val); 1538 goto failed; 1539 } 1540 1541 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1542 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1543 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1544 MGMT_STATUS_BUSY); 1545 goto failed; 1546 } 1547 1548 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1549 if (!cmd) { 1550 err = -ENOMEM; 1551 goto failed; 1552 } 1553 1554 if (cp->val) { 1555 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1556 } else { 1557 if (hdev->discov_timeout > 0) 1558 cancel_delayed_work(&hdev->discov_off); 1559 1560 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1561 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1562 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1563 } 1564 1565 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1566 err = 0; 1567 1568 failed: 1569 hci_dev_unlock(hdev); 1570 return err; 1571 } 1572 1573 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1574 u16 len) 1575 { 1576 struct mgmt_mode *cp = data; 1577 bool changed; 1578 int err; 1579 1580 BT_DBG("request for %s", hdev->name); 1581 1582 if (cp->val != 0x00 && cp->val != 0x01) 1583 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1584 MGMT_STATUS_INVALID_PARAMS); 1585 1586 hci_dev_lock(hdev); 1587 1588 if (cp->val) 1589 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1590 else 1591 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1592 1593 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1594 if (err < 0) 1595 goto unlock; 1596 1597 if (changed) { 1598 /* In limited privacy mode the change of bondable mode 1599 * may affect the local advertising address. 1600 */ 1601 if (hdev_is_powered(hdev) && 1602 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1603 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1604 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1605 queue_work(hdev->req_workqueue, 1606 &hdev->discoverable_update); 1607 1608 err = new_settings(hdev, sk); 1609 } 1610 1611 unlock: 1612 hci_dev_unlock(hdev); 1613 return err; 1614 } 1615 1616 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1617 u16 len) 1618 { 1619 struct mgmt_mode *cp = data; 1620 struct mgmt_pending_cmd *cmd; 1621 u8 val, status; 1622 int err; 1623 1624 BT_DBG("request for %s", hdev->name); 1625 1626 status = mgmt_bredr_support(hdev); 1627 if (status) 1628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1629 status); 1630 1631 if (cp->val != 0x00 && cp->val != 0x01) 1632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1633 MGMT_STATUS_INVALID_PARAMS); 1634 1635 hci_dev_lock(hdev); 1636 1637 if (!hdev_is_powered(hdev)) { 1638 bool changed = false; 1639 1640 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1641 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1642 changed = true; 1643 } 1644 1645 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1646 if (err < 0) 1647 goto failed; 1648 1649 if (changed) 1650 err = new_settings(hdev, sk); 1651 1652 goto failed; 1653 } 1654 1655 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1657 MGMT_STATUS_BUSY); 1658 goto failed; 1659 } 1660 1661 val = !!cp->val; 1662 1663 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1664 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1665 goto failed; 1666 } 1667 1668 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1669 if (!cmd) { 1670 err = -ENOMEM; 1671 goto failed; 1672 } 1673 1674 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1675 if (err < 0) { 1676 mgmt_pending_remove(cmd); 1677 goto failed; 1678 } 1679 1680 failed: 1681 hci_dev_unlock(hdev); 1682 return err; 1683 } 1684 1685 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1686 { 1687 struct mgmt_mode *cp = data; 1688 struct mgmt_pending_cmd *cmd; 1689 u8 status; 1690 int err; 1691 1692 BT_DBG("request for %s", hdev->name); 1693 1694 status = mgmt_bredr_support(hdev); 1695 if (status) 1696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1697 1698 if (!lmp_ssp_capable(hdev)) 1699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1700 MGMT_STATUS_NOT_SUPPORTED); 1701 1702 if (cp->val != 0x00 && cp->val != 0x01) 1703 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1704 MGMT_STATUS_INVALID_PARAMS); 1705 1706 hci_dev_lock(hdev); 1707 1708 if (!hdev_is_powered(hdev)) { 1709 bool changed; 1710 1711 if (cp->val) { 1712 changed = !hci_dev_test_and_set_flag(hdev, 1713 HCI_SSP_ENABLED); 1714 } else { 1715 changed = hci_dev_test_and_clear_flag(hdev, 1716 HCI_SSP_ENABLED); 1717 if (!changed) 1718 changed = hci_dev_test_and_clear_flag(hdev, 1719 HCI_HS_ENABLED); 1720 else 1721 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1722 } 1723 1724 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1725 if (err < 0) 1726 goto failed; 1727 1728 if (changed) 1729 err = new_settings(hdev, sk); 1730 1731 goto failed; 1732 } 1733 1734 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1736 MGMT_STATUS_BUSY); 1737 goto failed; 1738 } 1739 1740 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1741 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1742 goto failed; 1743 } 1744 1745 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1746 if (!cmd) { 1747 err = -ENOMEM; 1748 goto failed; 1749 } 1750 1751 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1752 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1753 sizeof(cp->val), &cp->val); 1754 1755 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1756 if (err < 0) { 1757 mgmt_pending_remove(cmd); 1758 goto failed; 1759 } 1760 1761 failed: 1762 hci_dev_unlock(hdev); 1763 return err; 1764 } 1765 1766 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1767 { 1768 struct mgmt_mode *cp = data; 1769 bool changed; 1770 u8 status; 1771 int err; 1772 1773 BT_DBG("request for %s", hdev->name); 1774 1775 status = mgmt_bredr_support(hdev); 1776 if (status) 1777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1778 1779 if (!lmp_ssp_capable(hdev)) 1780 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1781 MGMT_STATUS_NOT_SUPPORTED); 1782 1783 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1784 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1785 MGMT_STATUS_REJECTED); 1786 1787 if (cp->val != 0x00 && cp->val != 0x01) 1788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1789 MGMT_STATUS_INVALID_PARAMS); 1790 1791 hci_dev_lock(hdev); 1792 1793 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1794 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1795 MGMT_STATUS_BUSY); 1796 goto unlock; 1797 } 1798 1799 if (cp->val) { 1800 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1801 } else { 1802 if (hdev_is_powered(hdev)) { 1803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1804 MGMT_STATUS_REJECTED); 1805 goto unlock; 1806 } 1807 1808 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1809 } 1810 1811 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1812 if (err < 0) 1813 goto unlock; 1814 1815 if (changed) 1816 err = new_settings(hdev, sk); 1817 1818 unlock: 1819 hci_dev_unlock(hdev); 1820 return err; 1821 } 1822 1823 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1824 { 1825 struct cmd_lookup match = { NULL, hdev }; 1826 1827 hci_dev_lock(hdev); 1828 1829 if (status) { 1830 u8 mgmt_err = mgmt_status(status); 1831 1832 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1833 &mgmt_err); 1834 goto unlock; 1835 } 1836 1837 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1838 1839 new_settings(hdev, match.sk); 1840 1841 if (match.sk) 1842 sock_put(match.sk); 1843 1844 /* Make sure the controller has a good default for 1845 * advertising data. Restrict the update to when LE 1846 * has actually been enabled. During power on, the 1847 * update in powered_update_hci will take care of it. 1848 */ 1849 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1850 struct hci_request req; 1851 hci_req_init(&req, hdev); 1852 if (ext_adv_capable(hdev)) { 1853 int err; 1854 1855 err = __hci_req_setup_ext_adv_instance(&req, 0x00); 1856 if (!err) 1857 __hci_req_update_scan_rsp_data(&req, 0x00); 1858 } else { 1859 __hci_req_update_adv_data(&req, 0x00); 1860 __hci_req_update_scan_rsp_data(&req, 0x00); 1861 } 1862 hci_req_run(&req, NULL); 1863 hci_update_background_scan(hdev); 1864 } 1865 1866 unlock: 1867 hci_dev_unlock(hdev); 1868 } 1869 1870 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1871 { 1872 struct mgmt_mode *cp = data; 1873 struct hci_cp_write_le_host_supported hci_cp; 1874 struct mgmt_pending_cmd *cmd; 1875 struct hci_request req; 1876 int err; 1877 u8 val, enabled; 1878 1879 BT_DBG("request for %s", hdev->name); 1880 1881 if (!lmp_le_capable(hdev)) 1882 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1883 MGMT_STATUS_NOT_SUPPORTED); 1884 1885 if (cp->val != 0x00 && cp->val != 0x01) 1886 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1887 MGMT_STATUS_INVALID_PARAMS); 1888 1889 /* Bluetooth single mode LE only controllers or dual-mode 1890 * controllers configured as LE only devices, do not allow 1891 * switching LE off. These have either LE enabled explicitly 1892 * or BR/EDR has been previously switched off. 1893 * 1894 * When trying to enable an already enabled LE, then gracefully 1895 * send a positive response. Trying to disable it however will 1896 * result into rejection. 1897 */ 1898 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1899 if (cp->val == 0x01) 1900 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1901 1902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1903 MGMT_STATUS_REJECTED); 1904 } 1905 1906 hci_dev_lock(hdev); 1907 1908 val = !!cp->val; 1909 enabled = lmp_host_le_capable(hdev); 1910 1911 if (!val) 1912 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1913 1914 if (!hdev_is_powered(hdev) || val == enabled) { 1915 bool changed = false; 1916 1917 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1918 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1919 changed = true; 1920 } 1921 1922 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1923 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1924 changed = true; 1925 } 1926 1927 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1928 if (err < 0) 1929 goto unlock; 1930 1931 if (changed) 1932 err = new_settings(hdev, sk); 1933 1934 goto unlock; 1935 } 1936 1937 if (pending_find(MGMT_OP_SET_LE, hdev) || 1938 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1939 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1940 MGMT_STATUS_BUSY); 1941 goto unlock; 1942 } 1943 1944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1945 if (!cmd) { 1946 err = -ENOMEM; 1947 goto unlock; 1948 } 1949 1950 hci_req_init(&req, hdev); 1951 1952 memset(&hci_cp, 0, sizeof(hci_cp)); 1953 1954 if (val) { 1955 hci_cp.le = val; 1956 hci_cp.simul = 0x00; 1957 } else { 1958 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1959 __hci_req_disable_advertising(&req); 1960 1961 if (ext_adv_capable(hdev)) 1962 __hci_req_clear_ext_adv_sets(&req); 1963 } 1964 1965 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1966 &hci_cp); 1967 1968 err = hci_req_run(&req, le_enable_complete); 1969 if (err < 0) 1970 mgmt_pending_remove(cmd); 1971 1972 unlock: 1973 hci_dev_unlock(hdev); 1974 return err; 1975 } 1976 1977 /* This is a helper function to test for pending mgmt commands that can 1978 * cause CoD or EIR HCI commands. We can only allow one such pending 1979 * mgmt command at a time since otherwise we cannot easily track what 1980 * the current values are, will be, and based on that calculate if a new 1981 * HCI command needs to be sent and if yes with what value. 1982 */ 1983 static bool pending_eir_or_class(struct hci_dev *hdev) 1984 { 1985 struct mgmt_pending_cmd *cmd; 1986 1987 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1988 switch (cmd->opcode) { 1989 case MGMT_OP_ADD_UUID: 1990 case MGMT_OP_REMOVE_UUID: 1991 case MGMT_OP_SET_DEV_CLASS: 1992 case MGMT_OP_SET_POWERED: 1993 return true; 1994 } 1995 } 1996 1997 return false; 1998 } 1999 2000 static const u8 bluetooth_base_uuid[] = { 2001 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2002 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2003 }; 2004 2005 static u8 get_uuid_size(const u8 *uuid) 2006 { 2007 u32 val; 2008 2009 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2010 return 128; 2011 2012 val = get_unaligned_le32(&uuid[12]); 2013 if (val > 0xffff) 2014 return 32; 2015 2016 return 16; 2017 } 2018 2019 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 2020 { 2021 struct mgmt_pending_cmd *cmd; 2022 2023 hci_dev_lock(hdev); 2024 2025 cmd = pending_find(mgmt_op, hdev); 2026 if (!cmd) 2027 goto unlock; 2028 2029 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2030 mgmt_status(status), hdev->dev_class, 3); 2031 2032 mgmt_pending_remove(cmd); 2033 2034 unlock: 2035 hci_dev_unlock(hdev); 2036 } 2037 2038 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2039 { 2040 BT_DBG("status 0x%02x", status); 2041 2042 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 2043 } 2044 2045 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2046 { 2047 struct mgmt_cp_add_uuid *cp = data; 2048 struct mgmt_pending_cmd *cmd; 2049 struct hci_request req; 2050 struct bt_uuid *uuid; 2051 int err; 2052 2053 BT_DBG("request for %s", hdev->name); 2054 2055 hci_dev_lock(hdev); 2056 2057 if (pending_eir_or_class(hdev)) { 2058 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2059 MGMT_STATUS_BUSY); 2060 goto failed; 2061 } 2062 2063 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2064 if (!uuid) { 2065 err = -ENOMEM; 2066 goto failed; 2067 } 2068 2069 memcpy(uuid->uuid, cp->uuid, 16); 2070 uuid->svc_hint = cp->svc_hint; 2071 uuid->size = get_uuid_size(cp->uuid); 2072 2073 list_add_tail(&uuid->list, &hdev->uuids); 2074 2075 hci_req_init(&req, hdev); 2076 2077 __hci_req_update_class(&req); 2078 __hci_req_update_eir(&req); 2079 2080 err = hci_req_run(&req, add_uuid_complete); 2081 if (err < 0) { 2082 if (err != -ENODATA) 2083 goto failed; 2084 2085 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 2086 hdev->dev_class, 3); 2087 goto failed; 2088 } 2089 2090 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2091 if (!cmd) { 2092 err = -ENOMEM; 2093 goto failed; 2094 } 2095 2096 err = 0; 2097 2098 failed: 2099 hci_dev_unlock(hdev); 2100 return err; 2101 } 2102 2103 static bool enable_service_cache(struct hci_dev *hdev) 2104 { 2105 if (!hdev_is_powered(hdev)) 2106 return false; 2107 2108 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2109 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2110 CACHE_TIMEOUT); 2111 return true; 2112 } 2113 2114 return false; 2115 } 2116 2117 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2118 { 2119 BT_DBG("status 0x%02x", status); 2120 2121 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 2122 } 2123 2124 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2125 u16 len) 2126 { 2127 struct mgmt_cp_remove_uuid *cp = data; 2128 struct mgmt_pending_cmd *cmd; 2129 struct bt_uuid *match, *tmp; 2130 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 2131 struct hci_request req; 2132 int err, found; 2133 2134 BT_DBG("request for %s", hdev->name); 2135 2136 hci_dev_lock(hdev); 2137 2138 if (pending_eir_or_class(hdev)) { 2139 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2140 MGMT_STATUS_BUSY); 2141 goto unlock; 2142 } 2143 2144 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2145 hci_uuids_clear(hdev); 2146 2147 if (enable_service_cache(hdev)) { 2148 err = mgmt_cmd_complete(sk, hdev->id, 2149 MGMT_OP_REMOVE_UUID, 2150 0, hdev->dev_class, 3); 2151 goto unlock; 2152 } 2153 2154 goto update_class; 2155 } 2156 2157 found = 0; 2158 2159 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2160 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2161 continue; 2162 2163 list_del(&match->list); 2164 kfree(match); 2165 found++; 2166 } 2167 2168 if (found == 0) { 2169 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2170 MGMT_STATUS_INVALID_PARAMS); 2171 goto unlock; 2172 } 2173 2174 update_class: 2175 hci_req_init(&req, hdev); 2176 2177 __hci_req_update_class(&req); 2178 __hci_req_update_eir(&req); 2179 2180 err = hci_req_run(&req, remove_uuid_complete); 2181 if (err < 0) { 2182 if (err != -ENODATA) 2183 goto unlock; 2184 2185 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2186 hdev->dev_class, 3); 2187 goto unlock; 2188 } 2189 2190 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2191 if (!cmd) { 2192 err = -ENOMEM; 2193 goto unlock; 2194 } 2195 2196 err = 0; 2197 2198 unlock: 2199 hci_dev_unlock(hdev); 2200 return err; 2201 } 2202 2203 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2204 { 2205 BT_DBG("status 0x%02x", status); 2206 2207 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2208 } 2209 2210 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2211 u16 len) 2212 { 2213 struct mgmt_cp_set_dev_class *cp = data; 2214 struct mgmt_pending_cmd *cmd; 2215 struct hci_request req; 2216 int err; 2217 2218 BT_DBG("request for %s", hdev->name); 2219 2220 if (!lmp_bredr_capable(hdev)) 2221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2222 MGMT_STATUS_NOT_SUPPORTED); 2223 2224 hci_dev_lock(hdev); 2225 2226 if (pending_eir_or_class(hdev)) { 2227 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2228 MGMT_STATUS_BUSY); 2229 goto unlock; 2230 } 2231 2232 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2233 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2234 MGMT_STATUS_INVALID_PARAMS); 2235 goto unlock; 2236 } 2237 2238 hdev->major_class = cp->major; 2239 hdev->minor_class = cp->minor; 2240 2241 if (!hdev_is_powered(hdev)) { 2242 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2243 hdev->dev_class, 3); 2244 goto unlock; 2245 } 2246 2247 hci_req_init(&req, hdev); 2248 2249 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2250 hci_dev_unlock(hdev); 2251 cancel_delayed_work_sync(&hdev->service_cache); 2252 hci_dev_lock(hdev); 2253 __hci_req_update_eir(&req); 2254 } 2255 2256 __hci_req_update_class(&req); 2257 2258 err = hci_req_run(&req, set_class_complete); 2259 if (err < 0) { 2260 if (err != -ENODATA) 2261 goto unlock; 2262 2263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2264 hdev->dev_class, 3); 2265 goto unlock; 2266 } 2267 2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2269 if (!cmd) { 2270 err = -ENOMEM; 2271 goto unlock; 2272 } 2273 2274 err = 0; 2275 2276 unlock: 2277 hci_dev_unlock(hdev); 2278 return err; 2279 } 2280 2281 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2282 u16 len) 2283 { 2284 struct mgmt_cp_load_link_keys *cp = data; 2285 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2286 sizeof(struct mgmt_link_key_info)); 2287 u16 key_count, expected_len; 2288 bool changed; 2289 int i; 2290 2291 BT_DBG("request for %s", hdev->name); 2292 2293 if (!lmp_bredr_capable(hdev)) 2294 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2295 MGMT_STATUS_NOT_SUPPORTED); 2296 2297 key_count = __le16_to_cpu(cp->key_count); 2298 if (key_count > max_key_count) { 2299 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2300 key_count); 2301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2302 MGMT_STATUS_INVALID_PARAMS); 2303 } 2304 2305 expected_len = struct_size(cp, keys, key_count); 2306 if (expected_len != len) { 2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2308 expected_len, len); 2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2310 MGMT_STATUS_INVALID_PARAMS); 2311 } 2312 2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2315 MGMT_STATUS_INVALID_PARAMS); 2316 2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2318 key_count); 2319 2320 for (i = 0; i < key_count; i++) { 2321 struct mgmt_link_key_info *key = &cp->keys[i]; 2322 2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2324 return mgmt_cmd_status(sk, hdev->id, 2325 MGMT_OP_LOAD_LINK_KEYS, 2326 MGMT_STATUS_INVALID_PARAMS); 2327 } 2328 2329 hci_dev_lock(hdev); 2330 2331 hci_link_keys_clear(hdev); 2332 2333 if (cp->debug_keys) 2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2335 else 2336 changed = hci_dev_test_and_clear_flag(hdev, 2337 HCI_KEEP_DEBUG_KEYS); 2338 2339 if (changed) 2340 new_settings(hdev, NULL); 2341 2342 for (i = 0; i < key_count; i++) { 2343 struct mgmt_link_key_info *key = &cp->keys[i]; 2344 2345 if (hci_is_blocked_key(hdev, 2346 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2347 key->val)) { 2348 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2349 &key->addr.bdaddr); 2350 continue; 2351 } 2352 2353 /* Always ignore debug keys and require a new pairing if 2354 * the user wants to use them. 2355 */ 2356 if (key->type == HCI_LK_DEBUG_COMBINATION) 2357 continue; 2358 2359 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2360 key->type, key->pin_len, NULL); 2361 } 2362 2363 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2364 2365 hci_dev_unlock(hdev); 2366 2367 return 0; 2368 } 2369 2370 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2371 u8 addr_type, struct sock *skip_sk) 2372 { 2373 struct mgmt_ev_device_unpaired ev; 2374 2375 bacpy(&ev.addr.bdaddr, bdaddr); 2376 ev.addr.type = addr_type; 2377 2378 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2379 skip_sk); 2380 } 2381 2382 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2383 u16 len) 2384 { 2385 struct mgmt_cp_unpair_device *cp = data; 2386 struct mgmt_rp_unpair_device rp; 2387 struct hci_conn_params *params; 2388 struct mgmt_pending_cmd *cmd; 2389 struct hci_conn *conn; 2390 u8 addr_type; 2391 int err; 2392 2393 memset(&rp, 0, sizeof(rp)); 2394 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2395 rp.addr.type = cp->addr.type; 2396 2397 if (!bdaddr_type_is_valid(cp->addr.type)) 2398 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2399 MGMT_STATUS_INVALID_PARAMS, 2400 &rp, sizeof(rp)); 2401 2402 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2403 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2404 MGMT_STATUS_INVALID_PARAMS, 2405 &rp, sizeof(rp)); 2406 2407 hci_dev_lock(hdev); 2408 2409 if (!hdev_is_powered(hdev)) { 2410 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2411 MGMT_STATUS_NOT_POWERED, &rp, 2412 sizeof(rp)); 2413 goto unlock; 2414 } 2415 2416 if (cp->addr.type == BDADDR_BREDR) { 2417 /* If disconnection is requested, then look up the 2418 * connection. If the remote device is connected, it 2419 * will be later used to terminate the link. 2420 * 2421 * Setting it to NULL explicitly will cause no 2422 * termination of the link. 2423 */ 2424 if (cp->disconnect) 2425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2426 &cp->addr.bdaddr); 2427 else 2428 conn = NULL; 2429 2430 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2431 if (err < 0) { 2432 err = mgmt_cmd_complete(sk, hdev->id, 2433 MGMT_OP_UNPAIR_DEVICE, 2434 MGMT_STATUS_NOT_PAIRED, &rp, 2435 sizeof(rp)); 2436 goto unlock; 2437 } 2438 2439 goto done; 2440 } 2441 2442 /* LE address type */ 2443 addr_type = le_addr_type(cp->addr.type); 2444 2445 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 2446 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 2447 if (err < 0) { 2448 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2449 MGMT_STATUS_NOT_PAIRED, &rp, 2450 sizeof(rp)); 2451 goto unlock; 2452 } 2453 2454 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2455 if (!conn) { 2456 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2457 goto done; 2458 } 2459 2460 2461 /* Defer clearing up the connection parameters until closing to 2462 * give a chance of keeping them if a repairing happens. 2463 */ 2464 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2465 2466 /* Disable auto-connection parameters if present */ 2467 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2468 if (params) { 2469 if (params->explicit_connect) 2470 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2471 else 2472 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2473 } 2474 2475 /* If disconnection is not requested, then clear the connection 2476 * variable so that the link is not terminated. 2477 */ 2478 if (!cp->disconnect) 2479 conn = NULL; 2480 2481 done: 2482 /* If the connection variable is set, then termination of the 2483 * link is requested. 2484 */ 2485 if (!conn) { 2486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2487 &rp, sizeof(rp)); 2488 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2489 goto unlock; 2490 } 2491 2492 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2493 sizeof(*cp)); 2494 if (!cmd) { 2495 err = -ENOMEM; 2496 goto unlock; 2497 } 2498 2499 cmd->cmd_complete = addr_cmd_complete; 2500 2501 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2502 if (err < 0) 2503 mgmt_pending_remove(cmd); 2504 2505 unlock: 2506 hci_dev_unlock(hdev); 2507 return err; 2508 } 2509 2510 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2511 u16 len) 2512 { 2513 struct mgmt_cp_disconnect *cp = data; 2514 struct mgmt_rp_disconnect rp; 2515 struct mgmt_pending_cmd *cmd; 2516 struct hci_conn *conn; 2517 int err; 2518 2519 BT_DBG(""); 2520 2521 memset(&rp, 0, sizeof(rp)); 2522 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2523 rp.addr.type = cp->addr.type; 2524 2525 if (!bdaddr_type_is_valid(cp->addr.type)) 2526 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2527 MGMT_STATUS_INVALID_PARAMS, 2528 &rp, sizeof(rp)); 2529 2530 hci_dev_lock(hdev); 2531 2532 if (!test_bit(HCI_UP, &hdev->flags)) { 2533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2534 MGMT_STATUS_NOT_POWERED, &rp, 2535 sizeof(rp)); 2536 goto failed; 2537 } 2538 2539 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2541 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2542 goto failed; 2543 } 2544 2545 if (cp->addr.type == BDADDR_BREDR) 2546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2547 &cp->addr.bdaddr); 2548 else 2549 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2550 le_addr_type(cp->addr.type)); 2551 2552 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2553 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2554 MGMT_STATUS_NOT_CONNECTED, &rp, 2555 sizeof(rp)); 2556 goto failed; 2557 } 2558 2559 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2560 if (!cmd) { 2561 err = -ENOMEM; 2562 goto failed; 2563 } 2564 2565 cmd->cmd_complete = generic_cmd_complete; 2566 2567 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2568 if (err < 0) 2569 mgmt_pending_remove(cmd); 2570 2571 failed: 2572 hci_dev_unlock(hdev); 2573 return err; 2574 } 2575 2576 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2577 { 2578 switch (link_type) { 2579 case LE_LINK: 2580 switch (addr_type) { 2581 case ADDR_LE_DEV_PUBLIC: 2582 return BDADDR_LE_PUBLIC; 2583 2584 default: 2585 /* Fallback to LE Random address type */ 2586 return BDADDR_LE_RANDOM; 2587 } 2588 2589 default: 2590 /* Fallback to BR/EDR type */ 2591 return BDADDR_BREDR; 2592 } 2593 } 2594 2595 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2596 u16 data_len) 2597 { 2598 struct mgmt_rp_get_connections *rp; 2599 struct hci_conn *c; 2600 int err; 2601 u16 i; 2602 2603 BT_DBG(""); 2604 2605 hci_dev_lock(hdev); 2606 2607 if (!hdev_is_powered(hdev)) { 2608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2609 MGMT_STATUS_NOT_POWERED); 2610 goto unlock; 2611 } 2612 2613 i = 0; 2614 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2615 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2616 i++; 2617 } 2618 2619 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 2620 if (!rp) { 2621 err = -ENOMEM; 2622 goto unlock; 2623 } 2624 2625 i = 0; 2626 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2627 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2628 continue; 2629 bacpy(&rp->addr[i].bdaddr, &c->dst); 2630 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2631 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2632 continue; 2633 i++; 2634 } 2635 2636 rp->conn_count = cpu_to_le16(i); 2637 2638 /* Recalculate length in case of filtered SCO connections, etc */ 2639 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2640 struct_size(rp, addr, i)); 2641 2642 kfree(rp); 2643 2644 unlock: 2645 hci_dev_unlock(hdev); 2646 return err; 2647 } 2648 2649 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2650 struct mgmt_cp_pin_code_neg_reply *cp) 2651 { 2652 struct mgmt_pending_cmd *cmd; 2653 int err; 2654 2655 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2656 sizeof(*cp)); 2657 if (!cmd) 2658 return -ENOMEM; 2659 2660 cmd->cmd_complete = addr_cmd_complete; 2661 2662 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2663 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2664 if (err < 0) 2665 mgmt_pending_remove(cmd); 2666 2667 return err; 2668 } 2669 2670 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2671 u16 len) 2672 { 2673 struct hci_conn *conn; 2674 struct mgmt_cp_pin_code_reply *cp = data; 2675 struct hci_cp_pin_code_reply reply; 2676 struct mgmt_pending_cmd *cmd; 2677 int err; 2678 2679 BT_DBG(""); 2680 2681 hci_dev_lock(hdev); 2682 2683 if (!hdev_is_powered(hdev)) { 2684 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2685 MGMT_STATUS_NOT_POWERED); 2686 goto failed; 2687 } 2688 2689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2690 if (!conn) { 2691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2692 MGMT_STATUS_NOT_CONNECTED); 2693 goto failed; 2694 } 2695 2696 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2697 struct mgmt_cp_pin_code_neg_reply ncp; 2698 2699 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2700 2701 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2702 2703 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2704 if (err >= 0) 2705 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2706 MGMT_STATUS_INVALID_PARAMS); 2707 2708 goto failed; 2709 } 2710 2711 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2712 if (!cmd) { 2713 err = -ENOMEM; 2714 goto failed; 2715 } 2716 2717 cmd->cmd_complete = addr_cmd_complete; 2718 2719 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2720 reply.pin_len = cp->pin_len; 2721 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2722 2723 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2724 if (err < 0) 2725 mgmt_pending_remove(cmd); 2726 2727 failed: 2728 hci_dev_unlock(hdev); 2729 return err; 2730 } 2731 2732 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2733 u16 len) 2734 { 2735 struct mgmt_cp_set_io_capability *cp = data; 2736 2737 BT_DBG(""); 2738 2739 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2740 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2741 MGMT_STATUS_INVALID_PARAMS); 2742 2743 hci_dev_lock(hdev); 2744 2745 hdev->io_capability = cp->io_capability; 2746 2747 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2748 hdev->io_capability); 2749 2750 hci_dev_unlock(hdev); 2751 2752 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2753 NULL, 0); 2754 } 2755 2756 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2757 { 2758 struct hci_dev *hdev = conn->hdev; 2759 struct mgmt_pending_cmd *cmd; 2760 2761 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2762 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2763 continue; 2764 2765 if (cmd->user_data != conn) 2766 continue; 2767 2768 return cmd; 2769 } 2770 2771 return NULL; 2772 } 2773 2774 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2775 { 2776 struct mgmt_rp_pair_device rp; 2777 struct hci_conn *conn = cmd->user_data; 2778 int err; 2779 2780 bacpy(&rp.addr.bdaddr, &conn->dst); 2781 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2782 2783 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2784 status, &rp, sizeof(rp)); 2785 2786 /* So we don't get further callbacks for this connection */ 2787 conn->connect_cfm_cb = NULL; 2788 conn->security_cfm_cb = NULL; 2789 conn->disconn_cfm_cb = NULL; 2790 2791 hci_conn_drop(conn); 2792 2793 /* The device is paired so there is no need to remove 2794 * its connection parameters anymore. 2795 */ 2796 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2797 2798 hci_conn_put(conn); 2799 2800 return err; 2801 } 2802 2803 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2804 { 2805 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2806 struct mgmt_pending_cmd *cmd; 2807 2808 cmd = find_pairing(conn); 2809 if (cmd) { 2810 cmd->cmd_complete(cmd, status); 2811 mgmt_pending_remove(cmd); 2812 } 2813 } 2814 2815 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2816 { 2817 struct mgmt_pending_cmd *cmd; 2818 2819 BT_DBG("status %u", status); 2820 2821 cmd = find_pairing(conn); 2822 if (!cmd) { 2823 BT_DBG("Unable to find a pending command"); 2824 return; 2825 } 2826 2827 cmd->cmd_complete(cmd, mgmt_status(status)); 2828 mgmt_pending_remove(cmd); 2829 } 2830 2831 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2832 { 2833 struct mgmt_pending_cmd *cmd; 2834 2835 BT_DBG("status %u", status); 2836 2837 if (!status) 2838 return; 2839 2840 cmd = find_pairing(conn); 2841 if (!cmd) { 2842 BT_DBG("Unable to find a pending command"); 2843 return; 2844 } 2845 2846 cmd->cmd_complete(cmd, mgmt_status(status)); 2847 mgmt_pending_remove(cmd); 2848 } 2849 2850 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2851 u16 len) 2852 { 2853 struct mgmt_cp_pair_device *cp = data; 2854 struct mgmt_rp_pair_device rp; 2855 struct mgmt_pending_cmd *cmd; 2856 u8 sec_level, auth_type; 2857 struct hci_conn *conn; 2858 int err; 2859 2860 BT_DBG(""); 2861 2862 memset(&rp, 0, sizeof(rp)); 2863 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2864 rp.addr.type = cp->addr.type; 2865 2866 if (!bdaddr_type_is_valid(cp->addr.type)) 2867 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2868 MGMT_STATUS_INVALID_PARAMS, 2869 &rp, sizeof(rp)); 2870 2871 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2872 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2873 MGMT_STATUS_INVALID_PARAMS, 2874 &rp, sizeof(rp)); 2875 2876 hci_dev_lock(hdev); 2877 2878 if (!hdev_is_powered(hdev)) { 2879 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2880 MGMT_STATUS_NOT_POWERED, &rp, 2881 sizeof(rp)); 2882 goto unlock; 2883 } 2884 2885 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2886 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2887 MGMT_STATUS_ALREADY_PAIRED, &rp, 2888 sizeof(rp)); 2889 goto unlock; 2890 } 2891 2892 sec_level = BT_SECURITY_MEDIUM; 2893 auth_type = HCI_AT_DEDICATED_BONDING; 2894 2895 if (cp->addr.type == BDADDR_BREDR) { 2896 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2897 auth_type); 2898 } else { 2899 u8 addr_type = le_addr_type(cp->addr.type); 2900 struct hci_conn_params *p; 2901 2902 /* When pairing a new device, it is expected to remember 2903 * this device for future connections. Adding the connection 2904 * parameter information ahead of time allows tracking 2905 * of the slave preferred values and will speed up any 2906 * further connection establishment. 2907 * 2908 * If connection parameters already exist, then they 2909 * will be kept and this function does nothing. 2910 */ 2911 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2912 2913 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2914 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2915 2916 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2917 addr_type, sec_level, 2918 HCI_LE_CONN_TIMEOUT); 2919 } 2920 2921 if (IS_ERR(conn)) { 2922 int status; 2923 2924 if (PTR_ERR(conn) == -EBUSY) 2925 status = MGMT_STATUS_BUSY; 2926 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2927 status = MGMT_STATUS_NOT_SUPPORTED; 2928 else if (PTR_ERR(conn) == -ECONNREFUSED) 2929 status = MGMT_STATUS_REJECTED; 2930 else 2931 status = MGMT_STATUS_CONNECT_FAILED; 2932 2933 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2934 status, &rp, sizeof(rp)); 2935 goto unlock; 2936 } 2937 2938 if (conn->connect_cfm_cb) { 2939 hci_conn_drop(conn); 2940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2941 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2942 goto unlock; 2943 } 2944 2945 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2946 if (!cmd) { 2947 err = -ENOMEM; 2948 hci_conn_drop(conn); 2949 goto unlock; 2950 } 2951 2952 cmd->cmd_complete = pairing_complete; 2953 2954 /* For LE, just connecting isn't a proof that the pairing finished */ 2955 if (cp->addr.type == BDADDR_BREDR) { 2956 conn->connect_cfm_cb = pairing_complete_cb; 2957 conn->security_cfm_cb = pairing_complete_cb; 2958 conn->disconn_cfm_cb = pairing_complete_cb; 2959 } else { 2960 conn->connect_cfm_cb = le_pairing_complete_cb; 2961 conn->security_cfm_cb = le_pairing_complete_cb; 2962 conn->disconn_cfm_cb = le_pairing_complete_cb; 2963 } 2964 2965 conn->io_capability = cp->io_cap; 2966 cmd->user_data = hci_conn_get(conn); 2967 2968 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2969 hci_conn_security(conn, sec_level, auth_type, true)) { 2970 cmd->cmd_complete(cmd, 0); 2971 mgmt_pending_remove(cmd); 2972 } 2973 2974 err = 0; 2975 2976 unlock: 2977 hci_dev_unlock(hdev); 2978 return err; 2979 } 2980 2981 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2982 u16 len) 2983 { 2984 struct mgmt_addr_info *addr = data; 2985 struct mgmt_pending_cmd *cmd; 2986 struct hci_conn *conn; 2987 int err; 2988 2989 BT_DBG(""); 2990 2991 hci_dev_lock(hdev); 2992 2993 if (!hdev_is_powered(hdev)) { 2994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2995 MGMT_STATUS_NOT_POWERED); 2996 goto unlock; 2997 } 2998 2999 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3000 if (!cmd) { 3001 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3002 MGMT_STATUS_INVALID_PARAMS); 3003 goto unlock; 3004 } 3005 3006 conn = cmd->user_data; 3007 3008 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3010 MGMT_STATUS_INVALID_PARAMS); 3011 goto unlock; 3012 } 3013 3014 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3015 mgmt_pending_remove(cmd); 3016 3017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3018 addr, sizeof(*addr)); 3019 unlock: 3020 hci_dev_unlock(hdev); 3021 return err; 3022 } 3023 3024 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3025 struct mgmt_addr_info *addr, u16 mgmt_op, 3026 u16 hci_op, __le32 passkey) 3027 { 3028 struct mgmt_pending_cmd *cmd; 3029 struct hci_conn *conn; 3030 int err; 3031 3032 hci_dev_lock(hdev); 3033 3034 if (!hdev_is_powered(hdev)) { 3035 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3036 MGMT_STATUS_NOT_POWERED, addr, 3037 sizeof(*addr)); 3038 goto done; 3039 } 3040 3041 if (addr->type == BDADDR_BREDR) 3042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3043 else 3044 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3045 le_addr_type(addr->type)); 3046 3047 if (!conn) { 3048 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3049 MGMT_STATUS_NOT_CONNECTED, addr, 3050 sizeof(*addr)); 3051 goto done; 3052 } 3053 3054 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3055 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3056 if (!err) 3057 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3058 MGMT_STATUS_SUCCESS, addr, 3059 sizeof(*addr)); 3060 else 3061 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3062 MGMT_STATUS_FAILED, addr, 3063 sizeof(*addr)); 3064 3065 goto done; 3066 } 3067 3068 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3069 if (!cmd) { 3070 err = -ENOMEM; 3071 goto done; 3072 } 3073 3074 cmd->cmd_complete = addr_cmd_complete; 3075 3076 /* Continue with pairing via HCI */ 3077 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3078 struct hci_cp_user_passkey_reply cp; 3079 3080 bacpy(&cp.bdaddr, &addr->bdaddr); 3081 cp.passkey = passkey; 3082 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3083 } else 3084 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3085 &addr->bdaddr); 3086 3087 if (err < 0) 3088 mgmt_pending_remove(cmd); 3089 3090 done: 3091 hci_dev_unlock(hdev); 3092 return err; 3093 } 3094 3095 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3096 void *data, u16 len) 3097 { 3098 struct mgmt_cp_pin_code_neg_reply *cp = data; 3099 3100 BT_DBG(""); 3101 3102 return user_pairing_resp(sk, hdev, &cp->addr, 3103 MGMT_OP_PIN_CODE_NEG_REPLY, 3104 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3105 } 3106 3107 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3108 u16 len) 3109 { 3110 struct mgmt_cp_user_confirm_reply *cp = data; 3111 3112 BT_DBG(""); 3113 3114 if (len != sizeof(*cp)) 3115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3116 MGMT_STATUS_INVALID_PARAMS); 3117 3118 return user_pairing_resp(sk, hdev, &cp->addr, 3119 MGMT_OP_USER_CONFIRM_REPLY, 3120 HCI_OP_USER_CONFIRM_REPLY, 0); 3121 } 3122 3123 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3124 void *data, u16 len) 3125 { 3126 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3127 3128 BT_DBG(""); 3129 3130 return user_pairing_resp(sk, hdev, &cp->addr, 3131 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3132 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3133 } 3134 3135 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3136 u16 len) 3137 { 3138 struct mgmt_cp_user_passkey_reply *cp = data; 3139 3140 BT_DBG(""); 3141 3142 return user_pairing_resp(sk, hdev, &cp->addr, 3143 MGMT_OP_USER_PASSKEY_REPLY, 3144 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3145 } 3146 3147 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3148 void *data, u16 len) 3149 { 3150 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3151 3152 BT_DBG(""); 3153 3154 return user_pairing_resp(sk, hdev, &cp->addr, 3155 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3156 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3157 } 3158 3159 static void adv_expire(struct hci_dev *hdev, u32 flags) 3160 { 3161 struct adv_info *adv_instance; 3162 struct hci_request req; 3163 int err; 3164 3165 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3166 if (!adv_instance) 3167 return; 3168 3169 /* stop if current instance doesn't need to be changed */ 3170 if (!(adv_instance->flags & flags)) 3171 return; 3172 3173 cancel_adv_timeout(hdev); 3174 3175 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3176 if (!adv_instance) 3177 return; 3178 3179 hci_req_init(&req, hdev); 3180 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3181 true); 3182 if (err) 3183 return; 3184 3185 hci_req_run(&req, NULL); 3186 } 3187 3188 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3189 { 3190 struct mgmt_cp_set_local_name *cp; 3191 struct mgmt_pending_cmd *cmd; 3192 3193 BT_DBG("status 0x%02x", status); 3194 3195 hci_dev_lock(hdev); 3196 3197 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3198 if (!cmd) 3199 goto unlock; 3200 3201 cp = cmd->param; 3202 3203 if (status) { 3204 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3205 mgmt_status(status)); 3206 } else { 3207 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3208 cp, sizeof(*cp)); 3209 3210 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3211 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3212 } 3213 3214 mgmt_pending_remove(cmd); 3215 3216 unlock: 3217 hci_dev_unlock(hdev); 3218 } 3219 3220 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3221 u16 len) 3222 { 3223 struct mgmt_cp_set_local_name *cp = data; 3224 struct mgmt_pending_cmd *cmd; 3225 struct hci_request req; 3226 int err; 3227 3228 BT_DBG(""); 3229 3230 hci_dev_lock(hdev); 3231 3232 /* If the old values are the same as the new ones just return a 3233 * direct command complete event. 3234 */ 3235 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3236 !memcmp(hdev->short_name, cp->short_name, 3237 sizeof(hdev->short_name))) { 3238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3239 data, len); 3240 goto failed; 3241 } 3242 3243 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3244 3245 if (!hdev_is_powered(hdev)) { 3246 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3247 3248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3249 data, len); 3250 if (err < 0) 3251 goto failed; 3252 3253 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3254 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3255 ext_info_changed(hdev, sk); 3256 3257 goto failed; 3258 } 3259 3260 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3261 if (!cmd) { 3262 err = -ENOMEM; 3263 goto failed; 3264 } 3265 3266 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3267 3268 hci_req_init(&req, hdev); 3269 3270 if (lmp_bredr_capable(hdev)) { 3271 __hci_req_update_name(&req); 3272 __hci_req_update_eir(&req); 3273 } 3274 3275 /* The name is stored in the scan response data and so 3276 * no need to udpate the advertising data here. 3277 */ 3278 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3279 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3280 3281 err = hci_req_run(&req, set_name_complete); 3282 if (err < 0) 3283 mgmt_pending_remove(cmd); 3284 3285 failed: 3286 hci_dev_unlock(hdev); 3287 return err; 3288 } 3289 3290 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3291 u16 len) 3292 { 3293 struct mgmt_cp_set_appearance *cp = data; 3294 u16 appearance; 3295 int err; 3296 3297 BT_DBG(""); 3298 3299 if (!lmp_le_capable(hdev)) 3300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3301 MGMT_STATUS_NOT_SUPPORTED); 3302 3303 appearance = le16_to_cpu(cp->appearance); 3304 3305 hci_dev_lock(hdev); 3306 3307 if (hdev->appearance != appearance) { 3308 hdev->appearance = appearance; 3309 3310 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3311 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3312 3313 ext_info_changed(hdev, sk); 3314 } 3315 3316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3317 0); 3318 3319 hci_dev_unlock(hdev); 3320 3321 return err; 3322 } 3323 3324 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3325 void *data, u16 len) 3326 { 3327 struct mgmt_rp_get_phy_confguration rp; 3328 3329 BT_DBG("sock %p %s", sk, hdev->name); 3330 3331 hci_dev_lock(hdev); 3332 3333 memset(&rp, 0, sizeof(rp)); 3334 3335 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3336 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3337 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3338 3339 hci_dev_unlock(hdev); 3340 3341 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3342 &rp, sizeof(rp)); 3343 } 3344 3345 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3346 { 3347 struct mgmt_ev_phy_configuration_changed ev; 3348 3349 memset(&ev, 0, sizeof(ev)); 3350 3351 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3352 3353 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3354 sizeof(ev), skip); 3355 } 3356 3357 static void set_default_phy_complete(struct hci_dev *hdev, u8 status, 3358 u16 opcode, struct sk_buff *skb) 3359 { 3360 struct mgmt_pending_cmd *cmd; 3361 3362 BT_DBG("status 0x%02x", status); 3363 3364 hci_dev_lock(hdev); 3365 3366 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev); 3367 if (!cmd) 3368 goto unlock; 3369 3370 if (status) { 3371 mgmt_cmd_status(cmd->sk, hdev->id, 3372 MGMT_OP_SET_PHY_CONFIGURATION, 3373 mgmt_status(status)); 3374 } else { 3375 mgmt_cmd_complete(cmd->sk, hdev->id, 3376 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3377 NULL, 0); 3378 3379 mgmt_phy_configuration_changed(hdev, cmd->sk); 3380 } 3381 3382 mgmt_pending_remove(cmd); 3383 3384 unlock: 3385 hci_dev_unlock(hdev); 3386 } 3387 3388 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3389 void *data, u16 len) 3390 { 3391 struct mgmt_cp_set_phy_confguration *cp = data; 3392 struct hci_cp_le_set_default_phy cp_phy; 3393 struct mgmt_pending_cmd *cmd; 3394 struct hci_request req; 3395 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 3396 u16 pkt_type = (HCI_DH1 | HCI_DM1); 3397 bool changed = false; 3398 int err; 3399 3400 BT_DBG("sock %p %s", sk, hdev->name); 3401 3402 configurable_phys = get_configurable_phys(hdev); 3403 supported_phys = get_supported_phys(hdev); 3404 selected_phys = __le32_to_cpu(cp->selected_phys); 3405 3406 if (selected_phys & ~supported_phys) 3407 return mgmt_cmd_status(sk, hdev->id, 3408 MGMT_OP_SET_PHY_CONFIGURATION, 3409 MGMT_STATUS_INVALID_PARAMS); 3410 3411 unconfigure_phys = supported_phys & ~configurable_phys; 3412 3413 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 3414 return mgmt_cmd_status(sk, hdev->id, 3415 MGMT_OP_SET_PHY_CONFIGURATION, 3416 MGMT_STATUS_INVALID_PARAMS); 3417 3418 if (selected_phys == get_selected_phys(hdev)) 3419 return mgmt_cmd_complete(sk, hdev->id, 3420 MGMT_OP_SET_PHY_CONFIGURATION, 3421 0, NULL, 0); 3422 3423 hci_dev_lock(hdev); 3424 3425 if (!hdev_is_powered(hdev)) { 3426 err = mgmt_cmd_status(sk, hdev->id, 3427 MGMT_OP_SET_PHY_CONFIGURATION, 3428 MGMT_STATUS_REJECTED); 3429 goto unlock; 3430 } 3431 3432 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 3433 err = mgmt_cmd_status(sk, hdev->id, 3434 MGMT_OP_SET_PHY_CONFIGURATION, 3435 MGMT_STATUS_BUSY); 3436 goto unlock; 3437 } 3438 3439 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 3440 pkt_type |= (HCI_DH3 | HCI_DM3); 3441 else 3442 pkt_type &= ~(HCI_DH3 | HCI_DM3); 3443 3444 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 3445 pkt_type |= (HCI_DH5 | HCI_DM5); 3446 else 3447 pkt_type &= ~(HCI_DH5 | HCI_DM5); 3448 3449 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 3450 pkt_type &= ~HCI_2DH1; 3451 else 3452 pkt_type |= HCI_2DH1; 3453 3454 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 3455 pkt_type &= ~HCI_2DH3; 3456 else 3457 pkt_type |= HCI_2DH3; 3458 3459 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 3460 pkt_type &= ~HCI_2DH5; 3461 else 3462 pkt_type |= HCI_2DH5; 3463 3464 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 3465 pkt_type &= ~HCI_3DH1; 3466 else 3467 pkt_type |= HCI_3DH1; 3468 3469 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 3470 pkt_type &= ~HCI_3DH3; 3471 else 3472 pkt_type |= HCI_3DH3; 3473 3474 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 3475 pkt_type &= ~HCI_3DH5; 3476 else 3477 pkt_type |= HCI_3DH5; 3478 3479 if (pkt_type != hdev->pkt_type) { 3480 hdev->pkt_type = pkt_type; 3481 changed = true; 3482 } 3483 3484 if ((selected_phys & MGMT_PHY_LE_MASK) == 3485 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 3486 if (changed) 3487 mgmt_phy_configuration_changed(hdev, sk); 3488 3489 err = mgmt_cmd_complete(sk, hdev->id, 3490 MGMT_OP_SET_PHY_CONFIGURATION, 3491 0, NULL, 0); 3492 3493 goto unlock; 3494 } 3495 3496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 3497 len); 3498 if (!cmd) { 3499 err = -ENOMEM; 3500 goto unlock; 3501 } 3502 3503 hci_req_init(&req, hdev); 3504 3505 memset(&cp_phy, 0, sizeof(cp_phy)); 3506 3507 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 3508 cp_phy.all_phys |= 0x01; 3509 3510 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 3511 cp_phy.all_phys |= 0x02; 3512 3513 if (selected_phys & MGMT_PHY_LE_1M_TX) 3514 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 3515 3516 if (selected_phys & MGMT_PHY_LE_2M_TX) 3517 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 3518 3519 if (selected_phys & MGMT_PHY_LE_CODED_TX) 3520 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 3521 3522 if (selected_phys & MGMT_PHY_LE_1M_RX) 3523 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 3524 3525 if (selected_phys & MGMT_PHY_LE_2M_RX) 3526 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 3527 3528 if (selected_phys & MGMT_PHY_LE_CODED_RX) 3529 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 3530 3531 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy); 3532 3533 err = hci_req_run_skb(&req, set_default_phy_complete); 3534 if (err < 0) 3535 mgmt_pending_remove(cmd); 3536 3537 unlock: 3538 hci_dev_unlock(hdev); 3539 3540 return err; 3541 } 3542 3543 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 3544 u16 len) 3545 { 3546 int err = MGMT_STATUS_SUCCESS; 3547 struct mgmt_cp_set_blocked_keys *keys = data; 3548 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 3549 sizeof(struct mgmt_blocked_key_info)); 3550 u16 key_count, expected_len; 3551 int i; 3552 3553 BT_DBG("request for %s", hdev->name); 3554 3555 key_count = __le16_to_cpu(keys->key_count); 3556 if (key_count > max_key_count) { 3557 bt_dev_err(hdev, "too big key_count value %u", key_count); 3558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3559 MGMT_STATUS_INVALID_PARAMS); 3560 } 3561 3562 expected_len = struct_size(keys, keys, key_count); 3563 if (expected_len != len) { 3564 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 3565 expected_len, len); 3566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3567 MGMT_STATUS_INVALID_PARAMS); 3568 } 3569 3570 hci_dev_lock(hdev); 3571 3572 hci_blocked_keys_clear(hdev); 3573 3574 for (i = 0; i < keys->key_count; ++i) { 3575 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 3576 3577 if (!b) { 3578 err = MGMT_STATUS_NO_RESOURCES; 3579 break; 3580 } 3581 3582 b->type = keys->keys[i].type; 3583 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 3584 list_add_rcu(&b->list, &hdev->blocked_keys); 3585 } 3586 hci_dev_unlock(hdev); 3587 3588 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3589 err, NULL, 0); 3590 } 3591 3592 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3593 u16 opcode, struct sk_buff *skb) 3594 { 3595 struct mgmt_rp_read_local_oob_data mgmt_rp; 3596 size_t rp_size = sizeof(mgmt_rp); 3597 struct mgmt_pending_cmd *cmd; 3598 3599 BT_DBG("%s status %u", hdev->name, status); 3600 3601 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3602 if (!cmd) 3603 return; 3604 3605 if (status || !skb) { 3606 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3607 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3608 goto remove; 3609 } 3610 3611 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3612 3613 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3614 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3615 3616 if (skb->len < sizeof(*rp)) { 3617 mgmt_cmd_status(cmd->sk, hdev->id, 3618 MGMT_OP_READ_LOCAL_OOB_DATA, 3619 MGMT_STATUS_FAILED); 3620 goto remove; 3621 } 3622 3623 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3624 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3625 3626 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3627 } else { 3628 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3629 3630 if (skb->len < sizeof(*rp)) { 3631 mgmt_cmd_status(cmd->sk, hdev->id, 3632 MGMT_OP_READ_LOCAL_OOB_DATA, 3633 MGMT_STATUS_FAILED); 3634 goto remove; 3635 } 3636 3637 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3638 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3639 3640 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3641 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3642 } 3643 3644 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3645 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3646 3647 remove: 3648 mgmt_pending_remove(cmd); 3649 } 3650 3651 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3652 void *data, u16 data_len) 3653 { 3654 struct mgmt_pending_cmd *cmd; 3655 struct hci_request req; 3656 int err; 3657 3658 BT_DBG("%s", hdev->name); 3659 3660 hci_dev_lock(hdev); 3661 3662 if (!hdev_is_powered(hdev)) { 3663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3664 MGMT_STATUS_NOT_POWERED); 3665 goto unlock; 3666 } 3667 3668 if (!lmp_ssp_capable(hdev)) { 3669 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3670 MGMT_STATUS_NOT_SUPPORTED); 3671 goto unlock; 3672 } 3673 3674 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3676 MGMT_STATUS_BUSY); 3677 goto unlock; 3678 } 3679 3680 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3681 if (!cmd) { 3682 err = -ENOMEM; 3683 goto unlock; 3684 } 3685 3686 hci_req_init(&req, hdev); 3687 3688 if (bredr_sc_enabled(hdev)) 3689 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3690 else 3691 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3692 3693 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3694 if (err < 0) 3695 mgmt_pending_remove(cmd); 3696 3697 unlock: 3698 hci_dev_unlock(hdev); 3699 return err; 3700 } 3701 3702 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3703 void *data, u16 len) 3704 { 3705 struct mgmt_addr_info *addr = data; 3706 int err; 3707 3708 BT_DBG("%s ", hdev->name); 3709 3710 if (!bdaddr_type_is_valid(addr->type)) 3711 return mgmt_cmd_complete(sk, hdev->id, 3712 MGMT_OP_ADD_REMOTE_OOB_DATA, 3713 MGMT_STATUS_INVALID_PARAMS, 3714 addr, sizeof(*addr)); 3715 3716 hci_dev_lock(hdev); 3717 3718 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3719 struct mgmt_cp_add_remote_oob_data *cp = data; 3720 u8 status; 3721 3722 if (cp->addr.type != BDADDR_BREDR) { 3723 err = mgmt_cmd_complete(sk, hdev->id, 3724 MGMT_OP_ADD_REMOTE_OOB_DATA, 3725 MGMT_STATUS_INVALID_PARAMS, 3726 &cp->addr, sizeof(cp->addr)); 3727 goto unlock; 3728 } 3729 3730 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3731 cp->addr.type, cp->hash, 3732 cp->rand, NULL, NULL); 3733 if (err < 0) 3734 status = MGMT_STATUS_FAILED; 3735 else 3736 status = MGMT_STATUS_SUCCESS; 3737 3738 err = mgmt_cmd_complete(sk, hdev->id, 3739 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3740 &cp->addr, sizeof(cp->addr)); 3741 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3742 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3743 u8 *rand192, *hash192, *rand256, *hash256; 3744 u8 status; 3745 3746 if (bdaddr_type_is_le(cp->addr.type)) { 3747 /* Enforce zero-valued 192-bit parameters as 3748 * long as legacy SMP OOB isn't implemented. 3749 */ 3750 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3751 memcmp(cp->hash192, ZERO_KEY, 16)) { 3752 err = mgmt_cmd_complete(sk, hdev->id, 3753 MGMT_OP_ADD_REMOTE_OOB_DATA, 3754 MGMT_STATUS_INVALID_PARAMS, 3755 addr, sizeof(*addr)); 3756 goto unlock; 3757 } 3758 3759 rand192 = NULL; 3760 hash192 = NULL; 3761 } else { 3762 /* In case one of the P-192 values is set to zero, 3763 * then just disable OOB data for P-192. 3764 */ 3765 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3766 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3767 rand192 = NULL; 3768 hash192 = NULL; 3769 } else { 3770 rand192 = cp->rand192; 3771 hash192 = cp->hash192; 3772 } 3773 } 3774 3775 /* In case one of the P-256 values is set to zero, then just 3776 * disable OOB data for P-256. 3777 */ 3778 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3779 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3780 rand256 = NULL; 3781 hash256 = NULL; 3782 } else { 3783 rand256 = cp->rand256; 3784 hash256 = cp->hash256; 3785 } 3786 3787 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3788 cp->addr.type, hash192, rand192, 3789 hash256, rand256); 3790 if (err < 0) 3791 status = MGMT_STATUS_FAILED; 3792 else 3793 status = MGMT_STATUS_SUCCESS; 3794 3795 err = mgmt_cmd_complete(sk, hdev->id, 3796 MGMT_OP_ADD_REMOTE_OOB_DATA, 3797 status, &cp->addr, sizeof(cp->addr)); 3798 } else { 3799 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 3800 len); 3801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3802 MGMT_STATUS_INVALID_PARAMS); 3803 } 3804 3805 unlock: 3806 hci_dev_unlock(hdev); 3807 return err; 3808 } 3809 3810 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3811 void *data, u16 len) 3812 { 3813 struct mgmt_cp_remove_remote_oob_data *cp = data; 3814 u8 status; 3815 int err; 3816 3817 BT_DBG("%s", hdev->name); 3818 3819 if (cp->addr.type != BDADDR_BREDR) 3820 return mgmt_cmd_complete(sk, hdev->id, 3821 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3822 MGMT_STATUS_INVALID_PARAMS, 3823 &cp->addr, sizeof(cp->addr)); 3824 3825 hci_dev_lock(hdev); 3826 3827 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3828 hci_remote_oob_data_clear(hdev); 3829 status = MGMT_STATUS_SUCCESS; 3830 goto done; 3831 } 3832 3833 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3834 if (err < 0) 3835 status = MGMT_STATUS_INVALID_PARAMS; 3836 else 3837 status = MGMT_STATUS_SUCCESS; 3838 3839 done: 3840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3841 status, &cp->addr, sizeof(cp->addr)); 3842 3843 hci_dev_unlock(hdev); 3844 return err; 3845 } 3846 3847 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3848 { 3849 struct mgmt_pending_cmd *cmd; 3850 3851 BT_DBG("status %d", status); 3852 3853 hci_dev_lock(hdev); 3854 3855 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3856 if (!cmd) 3857 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3858 3859 if (!cmd) 3860 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3861 3862 if (cmd) { 3863 cmd->cmd_complete(cmd, mgmt_status(status)); 3864 mgmt_pending_remove(cmd); 3865 } 3866 3867 hci_dev_unlock(hdev); 3868 } 3869 3870 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3871 uint8_t *mgmt_status) 3872 { 3873 switch (type) { 3874 case DISCOV_TYPE_LE: 3875 *mgmt_status = mgmt_le_support(hdev); 3876 if (*mgmt_status) 3877 return false; 3878 break; 3879 case DISCOV_TYPE_INTERLEAVED: 3880 *mgmt_status = mgmt_le_support(hdev); 3881 if (*mgmt_status) 3882 return false; 3883 /* Intentional fall-through */ 3884 case DISCOV_TYPE_BREDR: 3885 *mgmt_status = mgmt_bredr_support(hdev); 3886 if (*mgmt_status) 3887 return false; 3888 break; 3889 default: 3890 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3891 return false; 3892 } 3893 3894 return true; 3895 } 3896 3897 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3898 u16 op, void *data, u16 len) 3899 { 3900 struct mgmt_cp_start_discovery *cp = data; 3901 struct mgmt_pending_cmd *cmd; 3902 u8 status; 3903 int err; 3904 3905 BT_DBG("%s", hdev->name); 3906 3907 hci_dev_lock(hdev); 3908 3909 if (!hdev_is_powered(hdev)) { 3910 err = mgmt_cmd_complete(sk, hdev->id, op, 3911 MGMT_STATUS_NOT_POWERED, 3912 &cp->type, sizeof(cp->type)); 3913 goto failed; 3914 } 3915 3916 if (hdev->discovery.state != DISCOVERY_STOPPED || 3917 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3918 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3919 &cp->type, sizeof(cp->type)); 3920 goto failed; 3921 } 3922 3923 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3924 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3925 &cp->type, sizeof(cp->type)); 3926 goto failed; 3927 } 3928 3929 /* Clear the discovery filter first to free any previously 3930 * allocated memory for the UUID list. 3931 */ 3932 hci_discovery_filter_clear(hdev); 3933 3934 hdev->discovery.type = cp->type; 3935 hdev->discovery.report_invalid_rssi = false; 3936 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3937 hdev->discovery.limited = true; 3938 else 3939 hdev->discovery.limited = false; 3940 3941 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3942 if (!cmd) { 3943 err = -ENOMEM; 3944 goto failed; 3945 } 3946 3947 cmd->cmd_complete = generic_cmd_complete; 3948 3949 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3950 queue_work(hdev->req_workqueue, &hdev->discov_update); 3951 err = 0; 3952 3953 failed: 3954 hci_dev_unlock(hdev); 3955 return err; 3956 } 3957 3958 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3959 void *data, u16 len) 3960 { 3961 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3962 data, len); 3963 } 3964 3965 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3966 void *data, u16 len) 3967 { 3968 return start_discovery_internal(sk, hdev, 3969 MGMT_OP_START_LIMITED_DISCOVERY, 3970 data, len); 3971 } 3972 3973 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3974 u8 status) 3975 { 3976 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3977 cmd->param, 1); 3978 } 3979 3980 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3981 void *data, u16 len) 3982 { 3983 struct mgmt_cp_start_service_discovery *cp = data; 3984 struct mgmt_pending_cmd *cmd; 3985 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3986 u16 uuid_count, expected_len; 3987 u8 status; 3988 int err; 3989 3990 BT_DBG("%s", hdev->name); 3991 3992 hci_dev_lock(hdev); 3993 3994 if (!hdev_is_powered(hdev)) { 3995 err = mgmt_cmd_complete(sk, hdev->id, 3996 MGMT_OP_START_SERVICE_DISCOVERY, 3997 MGMT_STATUS_NOT_POWERED, 3998 &cp->type, sizeof(cp->type)); 3999 goto failed; 4000 } 4001 4002 if (hdev->discovery.state != DISCOVERY_STOPPED || 4003 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 4004 err = mgmt_cmd_complete(sk, hdev->id, 4005 MGMT_OP_START_SERVICE_DISCOVERY, 4006 MGMT_STATUS_BUSY, &cp->type, 4007 sizeof(cp->type)); 4008 goto failed; 4009 } 4010 4011 uuid_count = __le16_to_cpu(cp->uuid_count); 4012 if (uuid_count > max_uuid_count) { 4013 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 4014 uuid_count); 4015 err = mgmt_cmd_complete(sk, hdev->id, 4016 MGMT_OP_START_SERVICE_DISCOVERY, 4017 MGMT_STATUS_INVALID_PARAMS, &cp->type, 4018 sizeof(cp->type)); 4019 goto failed; 4020 } 4021 4022 expected_len = sizeof(*cp) + uuid_count * 16; 4023 if (expected_len != len) { 4024 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 4025 expected_len, len); 4026 err = mgmt_cmd_complete(sk, hdev->id, 4027 MGMT_OP_START_SERVICE_DISCOVERY, 4028 MGMT_STATUS_INVALID_PARAMS, &cp->type, 4029 sizeof(cp->type)); 4030 goto failed; 4031 } 4032 4033 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 4034 err = mgmt_cmd_complete(sk, hdev->id, 4035 MGMT_OP_START_SERVICE_DISCOVERY, 4036 status, &cp->type, sizeof(cp->type)); 4037 goto failed; 4038 } 4039 4040 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 4041 hdev, data, len); 4042 if (!cmd) { 4043 err = -ENOMEM; 4044 goto failed; 4045 } 4046 4047 cmd->cmd_complete = service_discovery_cmd_complete; 4048 4049 /* Clear the discovery filter first to free any previously 4050 * allocated memory for the UUID list. 4051 */ 4052 hci_discovery_filter_clear(hdev); 4053 4054 hdev->discovery.result_filtering = true; 4055 hdev->discovery.type = cp->type; 4056 hdev->discovery.rssi = cp->rssi; 4057 hdev->discovery.uuid_count = uuid_count; 4058 4059 if (uuid_count > 0) { 4060 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 4061 GFP_KERNEL); 4062 if (!hdev->discovery.uuids) { 4063 err = mgmt_cmd_complete(sk, hdev->id, 4064 MGMT_OP_START_SERVICE_DISCOVERY, 4065 MGMT_STATUS_FAILED, 4066 &cp->type, sizeof(cp->type)); 4067 mgmt_pending_remove(cmd); 4068 goto failed; 4069 } 4070 } 4071 4072 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 4073 queue_work(hdev->req_workqueue, &hdev->discov_update); 4074 err = 0; 4075 4076 failed: 4077 hci_dev_unlock(hdev); 4078 return err; 4079 } 4080 4081 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 4082 { 4083 struct mgmt_pending_cmd *cmd; 4084 4085 BT_DBG("status %d", status); 4086 4087 hci_dev_lock(hdev); 4088 4089 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 4090 if (cmd) { 4091 cmd->cmd_complete(cmd, mgmt_status(status)); 4092 mgmt_pending_remove(cmd); 4093 } 4094 4095 hci_dev_unlock(hdev); 4096 } 4097 4098 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 4099 u16 len) 4100 { 4101 struct mgmt_cp_stop_discovery *mgmt_cp = data; 4102 struct mgmt_pending_cmd *cmd; 4103 int err; 4104 4105 BT_DBG("%s", hdev->name); 4106 4107 hci_dev_lock(hdev); 4108 4109 if (!hci_discovery_active(hdev)) { 4110 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4111 MGMT_STATUS_REJECTED, &mgmt_cp->type, 4112 sizeof(mgmt_cp->type)); 4113 goto unlock; 4114 } 4115 4116 if (hdev->discovery.type != mgmt_cp->type) { 4117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 4118 MGMT_STATUS_INVALID_PARAMS, 4119 &mgmt_cp->type, sizeof(mgmt_cp->type)); 4120 goto unlock; 4121 } 4122 4123 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 4124 if (!cmd) { 4125 err = -ENOMEM; 4126 goto unlock; 4127 } 4128 4129 cmd->cmd_complete = generic_cmd_complete; 4130 4131 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 4132 queue_work(hdev->req_workqueue, &hdev->discov_update); 4133 err = 0; 4134 4135 unlock: 4136 hci_dev_unlock(hdev); 4137 return err; 4138 } 4139 4140 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 4141 u16 len) 4142 { 4143 struct mgmt_cp_confirm_name *cp = data; 4144 struct inquiry_entry *e; 4145 int err; 4146 4147 BT_DBG("%s", hdev->name); 4148 4149 hci_dev_lock(hdev); 4150 4151 if (!hci_discovery_active(hdev)) { 4152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4153 MGMT_STATUS_FAILED, &cp->addr, 4154 sizeof(cp->addr)); 4155 goto failed; 4156 } 4157 4158 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 4159 if (!e) { 4160 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 4161 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 4162 sizeof(cp->addr)); 4163 goto failed; 4164 } 4165 4166 if (cp->name_known) { 4167 e->name_state = NAME_KNOWN; 4168 list_del(&e->list); 4169 } else { 4170 e->name_state = NAME_NEEDED; 4171 hci_inquiry_cache_update_resolve(hdev, e); 4172 } 4173 4174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 4175 &cp->addr, sizeof(cp->addr)); 4176 4177 failed: 4178 hci_dev_unlock(hdev); 4179 return err; 4180 } 4181 4182 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 4183 u16 len) 4184 { 4185 struct mgmt_cp_block_device *cp = data; 4186 u8 status; 4187 int err; 4188 4189 BT_DBG("%s", hdev->name); 4190 4191 if (!bdaddr_type_is_valid(cp->addr.type)) 4192 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 4193 MGMT_STATUS_INVALID_PARAMS, 4194 &cp->addr, sizeof(cp->addr)); 4195 4196 hci_dev_lock(hdev); 4197 4198 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 4199 cp->addr.type); 4200 if (err < 0) { 4201 status = MGMT_STATUS_FAILED; 4202 goto done; 4203 } 4204 4205 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4206 sk); 4207 status = MGMT_STATUS_SUCCESS; 4208 4209 done: 4210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 4211 &cp->addr, sizeof(cp->addr)); 4212 4213 hci_dev_unlock(hdev); 4214 4215 return err; 4216 } 4217 4218 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 4219 u16 len) 4220 { 4221 struct mgmt_cp_unblock_device *cp = data; 4222 u8 status; 4223 int err; 4224 4225 BT_DBG("%s", hdev->name); 4226 4227 if (!bdaddr_type_is_valid(cp->addr.type)) 4228 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 4229 MGMT_STATUS_INVALID_PARAMS, 4230 &cp->addr, sizeof(cp->addr)); 4231 4232 hci_dev_lock(hdev); 4233 4234 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 4235 cp->addr.type); 4236 if (err < 0) { 4237 status = MGMT_STATUS_INVALID_PARAMS; 4238 goto done; 4239 } 4240 4241 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 4242 sk); 4243 status = MGMT_STATUS_SUCCESS; 4244 4245 done: 4246 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 4247 &cp->addr, sizeof(cp->addr)); 4248 4249 hci_dev_unlock(hdev); 4250 4251 return err; 4252 } 4253 4254 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 4255 u16 len) 4256 { 4257 struct mgmt_cp_set_device_id *cp = data; 4258 struct hci_request req; 4259 int err; 4260 __u16 source; 4261 4262 BT_DBG("%s", hdev->name); 4263 4264 source = __le16_to_cpu(cp->source); 4265 4266 if (source > 0x0002) 4267 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 4268 MGMT_STATUS_INVALID_PARAMS); 4269 4270 hci_dev_lock(hdev); 4271 4272 hdev->devid_source = source; 4273 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 4274 hdev->devid_product = __le16_to_cpu(cp->product); 4275 hdev->devid_version = __le16_to_cpu(cp->version); 4276 4277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 4278 NULL, 0); 4279 4280 hci_req_init(&req, hdev); 4281 __hci_req_update_eir(&req); 4282 hci_req_run(&req, NULL); 4283 4284 hci_dev_unlock(hdev); 4285 4286 return err; 4287 } 4288 4289 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 4290 u16 opcode) 4291 { 4292 BT_DBG("status %d", status); 4293 } 4294 4295 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 4296 u16 opcode) 4297 { 4298 struct cmd_lookup match = { NULL, hdev }; 4299 struct hci_request req; 4300 u8 instance; 4301 struct adv_info *adv_instance; 4302 int err; 4303 4304 hci_dev_lock(hdev); 4305 4306 if (status) { 4307 u8 mgmt_err = mgmt_status(status); 4308 4309 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 4310 cmd_status_rsp, &mgmt_err); 4311 goto unlock; 4312 } 4313 4314 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 4315 hci_dev_set_flag(hdev, HCI_ADVERTISING); 4316 else 4317 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4318 4319 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 4320 &match); 4321 4322 new_settings(hdev, match.sk); 4323 4324 if (match.sk) 4325 sock_put(match.sk); 4326 4327 /* If "Set Advertising" was just disabled and instance advertising was 4328 * set up earlier, then re-enable multi-instance advertising. 4329 */ 4330 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 4331 list_empty(&hdev->adv_instances)) 4332 goto unlock; 4333 4334 instance = hdev->cur_adv_instance; 4335 if (!instance) { 4336 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 4337 struct adv_info, list); 4338 if (!adv_instance) 4339 goto unlock; 4340 4341 instance = adv_instance->instance; 4342 } 4343 4344 hci_req_init(&req, hdev); 4345 4346 err = __hci_req_schedule_adv_instance(&req, instance, true); 4347 4348 if (!err) 4349 err = hci_req_run(&req, enable_advertising_instance); 4350 4351 if (err) 4352 bt_dev_err(hdev, "failed to re-configure advertising"); 4353 4354 unlock: 4355 hci_dev_unlock(hdev); 4356 } 4357 4358 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 4359 u16 len) 4360 { 4361 struct mgmt_mode *cp = data; 4362 struct mgmt_pending_cmd *cmd; 4363 struct hci_request req; 4364 u8 val, status; 4365 int err; 4366 4367 BT_DBG("request for %s", hdev->name); 4368 4369 status = mgmt_le_support(hdev); 4370 if (status) 4371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4372 status); 4373 4374 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4376 MGMT_STATUS_INVALID_PARAMS); 4377 4378 hci_dev_lock(hdev); 4379 4380 val = !!cp->val; 4381 4382 /* The following conditions are ones which mean that we should 4383 * not do any HCI communication but directly send a mgmt 4384 * response to user space (after toggling the flag if 4385 * necessary). 4386 */ 4387 if (!hdev_is_powered(hdev) || 4388 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 4389 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 4390 hci_conn_num(hdev, LE_LINK) > 0 || 4391 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4392 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 4393 bool changed; 4394 4395 if (cp->val) { 4396 hdev->cur_adv_instance = 0x00; 4397 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 4398 if (cp->val == 0x02) 4399 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4400 else 4401 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4402 } else { 4403 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 4404 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4405 } 4406 4407 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 4408 if (err < 0) 4409 goto unlock; 4410 4411 if (changed) 4412 err = new_settings(hdev, sk); 4413 4414 goto unlock; 4415 } 4416 4417 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 4418 pending_find(MGMT_OP_SET_LE, hdev)) { 4419 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4420 MGMT_STATUS_BUSY); 4421 goto unlock; 4422 } 4423 4424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 4425 if (!cmd) { 4426 err = -ENOMEM; 4427 goto unlock; 4428 } 4429 4430 hci_req_init(&req, hdev); 4431 4432 if (cp->val == 0x02) 4433 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4434 else 4435 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4436 4437 cancel_adv_timeout(hdev); 4438 4439 if (val) { 4440 /* Switch to instance "0" for the Set Advertising setting. 4441 * We cannot use update_[adv|scan_rsp]_data() here as the 4442 * HCI_ADVERTISING flag is not yet set. 4443 */ 4444 hdev->cur_adv_instance = 0x00; 4445 4446 if (ext_adv_capable(hdev)) { 4447 __hci_req_start_ext_adv(&req, 0x00); 4448 } else { 4449 __hci_req_update_adv_data(&req, 0x00); 4450 __hci_req_update_scan_rsp_data(&req, 0x00); 4451 __hci_req_enable_advertising(&req); 4452 } 4453 } else { 4454 __hci_req_disable_advertising(&req); 4455 } 4456 4457 err = hci_req_run(&req, set_advertising_complete); 4458 if (err < 0) 4459 mgmt_pending_remove(cmd); 4460 4461 unlock: 4462 hci_dev_unlock(hdev); 4463 return err; 4464 } 4465 4466 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 4467 void *data, u16 len) 4468 { 4469 struct mgmt_cp_set_static_address *cp = data; 4470 int err; 4471 4472 BT_DBG("%s", hdev->name); 4473 4474 if (!lmp_le_capable(hdev)) 4475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4476 MGMT_STATUS_NOT_SUPPORTED); 4477 4478 if (hdev_is_powered(hdev)) 4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4480 MGMT_STATUS_REJECTED); 4481 4482 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 4483 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 4484 return mgmt_cmd_status(sk, hdev->id, 4485 MGMT_OP_SET_STATIC_ADDRESS, 4486 MGMT_STATUS_INVALID_PARAMS); 4487 4488 /* Two most significant bits shall be set */ 4489 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 4490 return mgmt_cmd_status(sk, hdev->id, 4491 MGMT_OP_SET_STATIC_ADDRESS, 4492 MGMT_STATUS_INVALID_PARAMS); 4493 } 4494 4495 hci_dev_lock(hdev); 4496 4497 bacpy(&hdev->static_addr, &cp->bdaddr); 4498 4499 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 4500 if (err < 0) 4501 goto unlock; 4502 4503 err = new_settings(hdev, sk); 4504 4505 unlock: 4506 hci_dev_unlock(hdev); 4507 return err; 4508 } 4509 4510 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4511 void *data, u16 len) 4512 { 4513 struct mgmt_cp_set_scan_params *cp = data; 4514 __u16 interval, window; 4515 int err; 4516 4517 BT_DBG("%s", hdev->name); 4518 4519 if (!lmp_le_capable(hdev)) 4520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4521 MGMT_STATUS_NOT_SUPPORTED); 4522 4523 interval = __le16_to_cpu(cp->interval); 4524 4525 if (interval < 0x0004 || interval > 0x4000) 4526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4527 MGMT_STATUS_INVALID_PARAMS); 4528 4529 window = __le16_to_cpu(cp->window); 4530 4531 if (window < 0x0004 || window > 0x4000) 4532 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4533 MGMT_STATUS_INVALID_PARAMS); 4534 4535 if (window > interval) 4536 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4537 MGMT_STATUS_INVALID_PARAMS); 4538 4539 hci_dev_lock(hdev); 4540 4541 hdev->le_scan_interval = interval; 4542 hdev->le_scan_window = window; 4543 4544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 4545 NULL, 0); 4546 4547 /* If background scan is running, restart it so new parameters are 4548 * loaded. 4549 */ 4550 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4551 hdev->discovery.state == DISCOVERY_STOPPED) { 4552 struct hci_request req; 4553 4554 hci_req_init(&req, hdev); 4555 4556 hci_req_add_le_scan_disable(&req); 4557 hci_req_add_le_passive_scan(&req); 4558 4559 hci_req_run(&req, NULL); 4560 } 4561 4562 hci_dev_unlock(hdev); 4563 4564 return err; 4565 } 4566 4567 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4568 u16 opcode) 4569 { 4570 struct mgmt_pending_cmd *cmd; 4571 4572 BT_DBG("status 0x%02x", status); 4573 4574 hci_dev_lock(hdev); 4575 4576 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4577 if (!cmd) 4578 goto unlock; 4579 4580 if (status) { 4581 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4582 mgmt_status(status)); 4583 } else { 4584 struct mgmt_mode *cp = cmd->param; 4585 4586 if (cp->val) 4587 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4588 else 4589 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4590 4591 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4592 new_settings(hdev, cmd->sk); 4593 } 4594 4595 mgmt_pending_remove(cmd); 4596 4597 unlock: 4598 hci_dev_unlock(hdev); 4599 } 4600 4601 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4602 void *data, u16 len) 4603 { 4604 struct mgmt_mode *cp = data; 4605 struct mgmt_pending_cmd *cmd; 4606 struct hci_request req; 4607 int err; 4608 4609 BT_DBG("%s", hdev->name); 4610 4611 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4612 hdev->hci_ver < BLUETOOTH_VER_1_2) 4613 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4614 MGMT_STATUS_NOT_SUPPORTED); 4615 4616 if (cp->val != 0x00 && cp->val != 0x01) 4617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4618 MGMT_STATUS_INVALID_PARAMS); 4619 4620 hci_dev_lock(hdev); 4621 4622 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4624 MGMT_STATUS_BUSY); 4625 goto unlock; 4626 } 4627 4628 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4629 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4630 hdev); 4631 goto unlock; 4632 } 4633 4634 if (!hdev_is_powered(hdev)) { 4635 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4636 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4637 hdev); 4638 new_settings(hdev, sk); 4639 goto unlock; 4640 } 4641 4642 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4643 data, len); 4644 if (!cmd) { 4645 err = -ENOMEM; 4646 goto unlock; 4647 } 4648 4649 hci_req_init(&req, hdev); 4650 4651 __hci_req_write_fast_connectable(&req, cp->val); 4652 4653 err = hci_req_run(&req, fast_connectable_complete); 4654 if (err < 0) { 4655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4656 MGMT_STATUS_FAILED); 4657 mgmt_pending_remove(cmd); 4658 } 4659 4660 unlock: 4661 hci_dev_unlock(hdev); 4662 4663 return err; 4664 } 4665 4666 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4667 { 4668 struct mgmt_pending_cmd *cmd; 4669 4670 BT_DBG("status 0x%02x", status); 4671 4672 hci_dev_lock(hdev); 4673 4674 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4675 if (!cmd) 4676 goto unlock; 4677 4678 if (status) { 4679 u8 mgmt_err = mgmt_status(status); 4680 4681 /* We need to restore the flag if related HCI commands 4682 * failed. 4683 */ 4684 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4685 4686 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4687 } else { 4688 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4689 new_settings(hdev, cmd->sk); 4690 } 4691 4692 mgmt_pending_remove(cmd); 4693 4694 unlock: 4695 hci_dev_unlock(hdev); 4696 } 4697 4698 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4699 { 4700 struct mgmt_mode *cp = data; 4701 struct mgmt_pending_cmd *cmd; 4702 struct hci_request req; 4703 int err; 4704 4705 BT_DBG("request for %s", hdev->name); 4706 4707 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4708 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4709 MGMT_STATUS_NOT_SUPPORTED); 4710 4711 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4713 MGMT_STATUS_REJECTED); 4714 4715 if (cp->val != 0x00 && cp->val != 0x01) 4716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4717 MGMT_STATUS_INVALID_PARAMS); 4718 4719 hci_dev_lock(hdev); 4720 4721 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4722 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4723 goto unlock; 4724 } 4725 4726 if (!hdev_is_powered(hdev)) { 4727 if (!cp->val) { 4728 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4729 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4730 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4731 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4732 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4733 } 4734 4735 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4736 4737 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4738 if (err < 0) 4739 goto unlock; 4740 4741 err = new_settings(hdev, sk); 4742 goto unlock; 4743 } 4744 4745 /* Reject disabling when powered on */ 4746 if (!cp->val) { 4747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4748 MGMT_STATUS_REJECTED); 4749 goto unlock; 4750 } else { 4751 /* When configuring a dual-mode controller to operate 4752 * with LE only and using a static address, then switching 4753 * BR/EDR back on is not allowed. 4754 * 4755 * Dual-mode controllers shall operate with the public 4756 * address as its identity address for BR/EDR and LE. So 4757 * reject the attempt to create an invalid configuration. 4758 * 4759 * The same restrictions applies when secure connections 4760 * has been enabled. For BR/EDR this is a controller feature 4761 * while for LE it is a host stack feature. This means that 4762 * switching BR/EDR back on when secure connections has been 4763 * enabled is not a supported transaction. 4764 */ 4765 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4766 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4767 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4768 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4769 MGMT_STATUS_REJECTED); 4770 goto unlock; 4771 } 4772 } 4773 4774 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4776 MGMT_STATUS_BUSY); 4777 goto unlock; 4778 } 4779 4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4781 if (!cmd) { 4782 err = -ENOMEM; 4783 goto unlock; 4784 } 4785 4786 /* We need to flip the bit already here so that 4787 * hci_req_update_adv_data generates the correct flags. 4788 */ 4789 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4790 4791 hci_req_init(&req, hdev); 4792 4793 __hci_req_write_fast_connectable(&req, false); 4794 __hci_req_update_scan(&req); 4795 4796 /* Since only the advertising data flags will change, there 4797 * is no need to update the scan response data. 4798 */ 4799 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4800 4801 err = hci_req_run(&req, set_bredr_complete); 4802 if (err < 0) 4803 mgmt_pending_remove(cmd); 4804 4805 unlock: 4806 hci_dev_unlock(hdev); 4807 return err; 4808 } 4809 4810 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4811 { 4812 struct mgmt_pending_cmd *cmd; 4813 struct mgmt_mode *cp; 4814 4815 BT_DBG("%s status %u", hdev->name, status); 4816 4817 hci_dev_lock(hdev); 4818 4819 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4820 if (!cmd) 4821 goto unlock; 4822 4823 if (status) { 4824 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4825 mgmt_status(status)); 4826 goto remove; 4827 } 4828 4829 cp = cmd->param; 4830 4831 switch (cp->val) { 4832 case 0x00: 4833 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4834 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4835 break; 4836 case 0x01: 4837 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4838 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4839 break; 4840 case 0x02: 4841 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4842 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4843 break; 4844 } 4845 4846 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4847 new_settings(hdev, cmd->sk); 4848 4849 remove: 4850 mgmt_pending_remove(cmd); 4851 unlock: 4852 hci_dev_unlock(hdev); 4853 } 4854 4855 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4856 void *data, u16 len) 4857 { 4858 struct mgmt_mode *cp = data; 4859 struct mgmt_pending_cmd *cmd; 4860 struct hci_request req; 4861 u8 val; 4862 int err; 4863 4864 BT_DBG("request for %s", hdev->name); 4865 4866 if (!lmp_sc_capable(hdev) && 4867 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4869 MGMT_STATUS_NOT_SUPPORTED); 4870 4871 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4872 lmp_sc_capable(hdev) && 4873 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4875 MGMT_STATUS_REJECTED); 4876 4877 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4878 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4879 MGMT_STATUS_INVALID_PARAMS); 4880 4881 hci_dev_lock(hdev); 4882 4883 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4884 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4885 bool changed; 4886 4887 if (cp->val) { 4888 changed = !hci_dev_test_and_set_flag(hdev, 4889 HCI_SC_ENABLED); 4890 if (cp->val == 0x02) 4891 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4892 else 4893 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4894 } else { 4895 changed = hci_dev_test_and_clear_flag(hdev, 4896 HCI_SC_ENABLED); 4897 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4898 } 4899 4900 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4901 if (err < 0) 4902 goto failed; 4903 4904 if (changed) 4905 err = new_settings(hdev, sk); 4906 4907 goto failed; 4908 } 4909 4910 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4911 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4912 MGMT_STATUS_BUSY); 4913 goto failed; 4914 } 4915 4916 val = !!cp->val; 4917 4918 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4919 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4920 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4921 goto failed; 4922 } 4923 4924 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4925 if (!cmd) { 4926 err = -ENOMEM; 4927 goto failed; 4928 } 4929 4930 hci_req_init(&req, hdev); 4931 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4932 err = hci_req_run(&req, sc_enable_complete); 4933 if (err < 0) { 4934 mgmt_pending_remove(cmd); 4935 goto failed; 4936 } 4937 4938 failed: 4939 hci_dev_unlock(hdev); 4940 return err; 4941 } 4942 4943 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4944 void *data, u16 len) 4945 { 4946 struct mgmt_mode *cp = data; 4947 bool changed, use_changed; 4948 int err; 4949 4950 BT_DBG("request for %s", hdev->name); 4951 4952 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4954 MGMT_STATUS_INVALID_PARAMS); 4955 4956 hci_dev_lock(hdev); 4957 4958 if (cp->val) 4959 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4960 else 4961 changed = hci_dev_test_and_clear_flag(hdev, 4962 HCI_KEEP_DEBUG_KEYS); 4963 4964 if (cp->val == 0x02) 4965 use_changed = !hci_dev_test_and_set_flag(hdev, 4966 HCI_USE_DEBUG_KEYS); 4967 else 4968 use_changed = hci_dev_test_and_clear_flag(hdev, 4969 HCI_USE_DEBUG_KEYS); 4970 4971 if (hdev_is_powered(hdev) && use_changed && 4972 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4973 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4974 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4975 sizeof(mode), &mode); 4976 } 4977 4978 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4979 if (err < 0) 4980 goto unlock; 4981 4982 if (changed) 4983 err = new_settings(hdev, sk); 4984 4985 unlock: 4986 hci_dev_unlock(hdev); 4987 return err; 4988 } 4989 4990 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4991 u16 len) 4992 { 4993 struct mgmt_cp_set_privacy *cp = cp_data; 4994 bool changed; 4995 int err; 4996 4997 BT_DBG("request for %s", hdev->name); 4998 4999 if (!lmp_le_capable(hdev)) 5000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5001 MGMT_STATUS_NOT_SUPPORTED); 5002 5003 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 5004 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5005 MGMT_STATUS_INVALID_PARAMS); 5006 5007 if (hdev_is_powered(hdev)) 5008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 5009 MGMT_STATUS_REJECTED); 5010 5011 hci_dev_lock(hdev); 5012 5013 /* If user space supports this command it is also expected to 5014 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 5015 */ 5016 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5017 5018 if (cp->privacy) { 5019 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 5020 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 5021 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 5022 hci_adv_instances_set_rpa_expired(hdev, true); 5023 if (cp->privacy == 0x02) 5024 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 5025 else 5026 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 5027 } else { 5028 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 5029 memset(hdev->irk, 0, sizeof(hdev->irk)); 5030 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 5031 hci_adv_instances_set_rpa_expired(hdev, false); 5032 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 5033 } 5034 5035 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 5036 if (err < 0) 5037 goto unlock; 5038 5039 if (changed) 5040 err = new_settings(hdev, sk); 5041 5042 unlock: 5043 hci_dev_unlock(hdev); 5044 return err; 5045 } 5046 5047 static bool irk_is_valid(struct mgmt_irk_info *irk) 5048 { 5049 switch (irk->addr.type) { 5050 case BDADDR_LE_PUBLIC: 5051 return true; 5052 5053 case BDADDR_LE_RANDOM: 5054 /* Two most significant bits shall be set */ 5055 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5056 return false; 5057 return true; 5058 } 5059 5060 return false; 5061 } 5062 5063 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 5064 u16 len) 5065 { 5066 struct mgmt_cp_load_irks *cp = cp_data; 5067 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 5068 sizeof(struct mgmt_irk_info)); 5069 u16 irk_count, expected_len; 5070 int i, err; 5071 5072 BT_DBG("request for %s", hdev->name); 5073 5074 if (!lmp_le_capable(hdev)) 5075 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5076 MGMT_STATUS_NOT_SUPPORTED); 5077 5078 irk_count = __le16_to_cpu(cp->irk_count); 5079 if (irk_count > max_irk_count) { 5080 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 5081 irk_count); 5082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5083 MGMT_STATUS_INVALID_PARAMS); 5084 } 5085 5086 expected_len = struct_size(cp, irks, irk_count); 5087 if (expected_len != len) { 5088 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 5089 expected_len, len); 5090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 5091 MGMT_STATUS_INVALID_PARAMS); 5092 } 5093 5094 BT_DBG("%s irk_count %u", hdev->name, irk_count); 5095 5096 for (i = 0; i < irk_count; i++) { 5097 struct mgmt_irk_info *key = &cp->irks[i]; 5098 5099 if (!irk_is_valid(key)) 5100 return mgmt_cmd_status(sk, hdev->id, 5101 MGMT_OP_LOAD_IRKS, 5102 MGMT_STATUS_INVALID_PARAMS); 5103 } 5104 5105 hci_dev_lock(hdev); 5106 5107 hci_smp_irks_clear(hdev); 5108 5109 for (i = 0; i < irk_count; i++) { 5110 struct mgmt_irk_info *irk = &cp->irks[i]; 5111 5112 if (hci_is_blocked_key(hdev, 5113 HCI_BLOCKED_KEY_TYPE_IRK, 5114 irk->val)) { 5115 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 5116 &irk->addr.bdaddr); 5117 continue; 5118 } 5119 5120 hci_add_irk(hdev, &irk->addr.bdaddr, 5121 le_addr_type(irk->addr.type), irk->val, 5122 BDADDR_ANY); 5123 } 5124 5125 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 5126 5127 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 5128 5129 hci_dev_unlock(hdev); 5130 5131 return err; 5132 } 5133 5134 static bool ltk_is_valid(struct mgmt_ltk_info *key) 5135 { 5136 if (key->master != 0x00 && key->master != 0x01) 5137 return false; 5138 5139 switch (key->addr.type) { 5140 case BDADDR_LE_PUBLIC: 5141 return true; 5142 5143 case BDADDR_LE_RANDOM: 5144 /* Two most significant bits shall be set */ 5145 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 5146 return false; 5147 return true; 5148 } 5149 5150 return false; 5151 } 5152 5153 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 5154 void *cp_data, u16 len) 5155 { 5156 struct mgmt_cp_load_long_term_keys *cp = cp_data; 5157 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 5158 sizeof(struct mgmt_ltk_info)); 5159 u16 key_count, expected_len; 5160 int i, err; 5161 5162 BT_DBG("request for %s", hdev->name); 5163 5164 if (!lmp_le_capable(hdev)) 5165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5166 MGMT_STATUS_NOT_SUPPORTED); 5167 5168 key_count = __le16_to_cpu(cp->key_count); 5169 if (key_count > max_key_count) { 5170 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 5171 key_count); 5172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5173 MGMT_STATUS_INVALID_PARAMS); 5174 } 5175 5176 expected_len = struct_size(cp, keys, key_count); 5177 if (expected_len != len) { 5178 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 5179 expected_len, len); 5180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 5181 MGMT_STATUS_INVALID_PARAMS); 5182 } 5183 5184 BT_DBG("%s key_count %u", hdev->name, key_count); 5185 5186 for (i = 0; i < key_count; i++) { 5187 struct mgmt_ltk_info *key = &cp->keys[i]; 5188 5189 if (!ltk_is_valid(key)) 5190 return mgmt_cmd_status(sk, hdev->id, 5191 MGMT_OP_LOAD_LONG_TERM_KEYS, 5192 MGMT_STATUS_INVALID_PARAMS); 5193 } 5194 5195 hci_dev_lock(hdev); 5196 5197 hci_smp_ltks_clear(hdev); 5198 5199 for (i = 0; i < key_count; i++) { 5200 struct mgmt_ltk_info *key = &cp->keys[i]; 5201 u8 type, authenticated; 5202 5203 if (hci_is_blocked_key(hdev, 5204 HCI_BLOCKED_KEY_TYPE_LTK, 5205 key->val)) { 5206 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 5207 &key->addr.bdaddr); 5208 continue; 5209 } 5210 5211 switch (key->type) { 5212 case MGMT_LTK_UNAUTHENTICATED: 5213 authenticated = 0x00; 5214 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5215 break; 5216 case MGMT_LTK_AUTHENTICATED: 5217 authenticated = 0x01; 5218 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 5219 break; 5220 case MGMT_LTK_P256_UNAUTH: 5221 authenticated = 0x00; 5222 type = SMP_LTK_P256; 5223 break; 5224 case MGMT_LTK_P256_AUTH: 5225 authenticated = 0x01; 5226 type = SMP_LTK_P256; 5227 break; 5228 case MGMT_LTK_P256_DEBUG: 5229 authenticated = 0x00; 5230 type = SMP_LTK_P256_DEBUG; 5231 /* fall through */ 5232 default: 5233 continue; 5234 } 5235 5236 hci_add_ltk(hdev, &key->addr.bdaddr, 5237 le_addr_type(key->addr.type), type, authenticated, 5238 key->val, key->enc_size, key->ediv, key->rand); 5239 } 5240 5241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 5242 NULL, 0); 5243 5244 hci_dev_unlock(hdev); 5245 5246 return err; 5247 } 5248 5249 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5250 { 5251 struct hci_conn *conn = cmd->user_data; 5252 struct mgmt_rp_get_conn_info rp; 5253 int err; 5254 5255 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5256 5257 if (status == MGMT_STATUS_SUCCESS) { 5258 rp.rssi = conn->rssi; 5259 rp.tx_power = conn->tx_power; 5260 rp.max_tx_power = conn->max_tx_power; 5261 } else { 5262 rp.rssi = HCI_RSSI_INVALID; 5263 rp.tx_power = HCI_TX_POWER_INVALID; 5264 rp.max_tx_power = HCI_TX_POWER_INVALID; 5265 } 5266 5267 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 5268 status, &rp, sizeof(rp)); 5269 5270 hci_conn_drop(conn); 5271 hci_conn_put(conn); 5272 5273 return err; 5274 } 5275 5276 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 5277 u16 opcode) 5278 { 5279 struct hci_cp_read_rssi *cp; 5280 struct mgmt_pending_cmd *cmd; 5281 struct hci_conn *conn; 5282 u16 handle; 5283 u8 status; 5284 5285 BT_DBG("status 0x%02x", hci_status); 5286 5287 hci_dev_lock(hdev); 5288 5289 /* Commands sent in request are either Read RSSI or Read Transmit Power 5290 * Level so we check which one was last sent to retrieve connection 5291 * handle. Both commands have handle as first parameter so it's safe to 5292 * cast data on the same command struct. 5293 * 5294 * First command sent is always Read RSSI and we fail only if it fails. 5295 * In other case we simply override error to indicate success as we 5296 * already remembered if TX power value is actually valid. 5297 */ 5298 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 5299 if (!cp) { 5300 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 5301 status = MGMT_STATUS_SUCCESS; 5302 } else { 5303 status = mgmt_status(hci_status); 5304 } 5305 5306 if (!cp) { 5307 bt_dev_err(hdev, "invalid sent_cmd in conn_info response"); 5308 goto unlock; 5309 } 5310 5311 handle = __le16_to_cpu(cp->handle); 5312 conn = hci_conn_hash_lookup_handle(hdev, handle); 5313 if (!conn) { 5314 bt_dev_err(hdev, "unknown handle (%d) in conn_info response", 5315 handle); 5316 goto unlock; 5317 } 5318 5319 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 5320 if (!cmd) 5321 goto unlock; 5322 5323 cmd->cmd_complete(cmd, status); 5324 mgmt_pending_remove(cmd); 5325 5326 unlock: 5327 hci_dev_unlock(hdev); 5328 } 5329 5330 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 5331 u16 len) 5332 { 5333 struct mgmt_cp_get_conn_info *cp = data; 5334 struct mgmt_rp_get_conn_info rp; 5335 struct hci_conn *conn; 5336 unsigned long conn_info_age; 5337 int err = 0; 5338 5339 BT_DBG("%s", hdev->name); 5340 5341 memset(&rp, 0, sizeof(rp)); 5342 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5343 rp.addr.type = cp->addr.type; 5344 5345 if (!bdaddr_type_is_valid(cp->addr.type)) 5346 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5347 MGMT_STATUS_INVALID_PARAMS, 5348 &rp, sizeof(rp)); 5349 5350 hci_dev_lock(hdev); 5351 5352 if (!hdev_is_powered(hdev)) { 5353 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5354 MGMT_STATUS_NOT_POWERED, &rp, 5355 sizeof(rp)); 5356 goto unlock; 5357 } 5358 5359 if (cp->addr.type == BDADDR_BREDR) 5360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5361 &cp->addr.bdaddr); 5362 else 5363 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 5364 5365 if (!conn || conn->state != BT_CONNECTED) { 5366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5367 MGMT_STATUS_NOT_CONNECTED, &rp, 5368 sizeof(rp)); 5369 goto unlock; 5370 } 5371 5372 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 5373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5374 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 5375 goto unlock; 5376 } 5377 5378 /* To avoid client trying to guess when to poll again for information we 5379 * calculate conn info age as random value between min/max set in hdev. 5380 */ 5381 conn_info_age = hdev->conn_info_min_age + 5382 prandom_u32_max(hdev->conn_info_max_age - 5383 hdev->conn_info_min_age); 5384 5385 /* Query controller to refresh cached values if they are too old or were 5386 * never read. 5387 */ 5388 if (time_after(jiffies, conn->conn_info_timestamp + 5389 msecs_to_jiffies(conn_info_age)) || 5390 !conn->conn_info_timestamp) { 5391 struct hci_request req; 5392 struct hci_cp_read_tx_power req_txp_cp; 5393 struct hci_cp_read_rssi req_rssi_cp; 5394 struct mgmt_pending_cmd *cmd; 5395 5396 hci_req_init(&req, hdev); 5397 req_rssi_cp.handle = cpu_to_le16(conn->handle); 5398 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 5399 &req_rssi_cp); 5400 5401 /* For LE links TX power does not change thus we don't need to 5402 * query for it once value is known. 5403 */ 5404 if (!bdaddr_type_is_le(cp->addr.type) || 5405 conn->tx_power == HCI_TX_POWER_INVALID) { 5406 req_txp_cp.handle = cpu_to_le16(conn->handle); 5407 req_txp_cp.type = 0x00; 5408 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5409 sizeof(req_txp_cp), &req_txp_cp); 5410 } 5411 5412 /* Max TX power needs to be read only once per connection */ 5413 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 5414 req_txp_cp.handle = cpu_to_le16(conn->handle); 5415 req_txp_cp.type = 0x01; 5416 hci_req_add(&req, HCI_OP_READ_TX_POWER, 5417 sizeof(req_txp_cp), &req_txp_cp); 5418 } 5419 5420 err = hci_req_run(&req, conn_info_refresh_complete); 5421 if (err < 0) 5422 goto unlock; 5423 5424 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 5425 data, len); 5426 if (!cmd) { 5427 err = -ENOMEM; 5428 goto unlock; 5429 } 5430 5431 hci_conn_hold(conn); 5432 cmd->user_data = hci_conn_get(conn); 5433 cmd->cmd_complete = conn_info_cmd_complete; 5434 5435 conn->conn_info_timestamp = jiffies; 5436 } else { 5437 /* Cache is valid, just reply with values cached in hci_conn */ 5438 rp.rssi = conn->rssi; 5439 rp.tx_power = conn->tx_power; 5440 rp.max_tx_power = conn->max_tx_power; 5441 5442 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5443 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 5444 } 5445 5446 unlock: 5447 hci_dev_unlock(hdev); 5448 return err; 5449 } 5450 5451 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5452 { 5453 struct hci_conn *conn = cmd->user_data; 5454 struct mgmt_rp_get_clock_info rp; 5455 struct hci_dev *hdev; 5456 int err; 5457 5458 memset(&rp, 0, sizeof(rp)); 5459 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5460 5461 if (status) 5462 goto complete; 5463 5464 hdev = hci_dev_get(cmd->index); 5465 if (hdev) { 5466 rp.local_clock = cpu_to_le32(hdev->clock); 5467 hci_dev_put(hdev); 5468 } 5469 5470 if (conn) { 5471 rp.piconet_clock = cpu_to_le32(conn->clock); 5472 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 5473 } 5474 5475 complete: 5476 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 5477 sizeof(rp)); 5478 5479 if (conn) { 5480 hci_conn_drop(conn); 5481 hci_conn_put(conn); 5482 } 5483 5484 return err; 5485 } 5486 5487 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5488 { 5489 struct hci_cp_read_clock *hci_cp; 5490 struct mgmt_pending_cmd *cmd; 5491 struct hci_conn *conn; 5492 5493 BT_DBG("%s status %u", hdev->name, status); 5494 5495 hci_dev_lock(hdev); 5496 5497 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 5498 if (!hci_cp) 5499 goto unlock; 5500 5501 if (hci_cp->which) { 5502 u16 handle = __le16_to_cpu(hci_cp->handle); 5503 conn = hci_conn_hash_lookup_handle(hdev, handle); 5504 } else { 5505 conn = NULL; 5506 } 5507 5508 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 5509 if (!cmd) 5510 goto unlock; 5511 5512 cmd->cmd_complete(cmd, mgmt_status(status)); 5513 mgmt_pending_remove(cmd); 5514 5515 unlock: 5516 hci_dev_unlock(hdev); 5517 } 5518 5519 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 5520 u16 len) 5521 { 5522 struct mgmt_cp_get_clock_info *cp = data; 5523 struct mgmt_rp_get_clock_info rp; 5524 struct hci_cp_read_clock hci_cp; 5525 struct mgmt_pending_cmd *cmd; 5526 struct hci_request req; 5527 struct hci_conn *conn; 5528 int err; 5529 5530 BT_DBG("%s", hdev->name); 5531 5532 memset(&rp, 0, sizeof(rp)); 5533 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5534 rp.addr.type = cp->addr.type; 5535 5536 if (cp->addr.type != BDADDR_BREDR) 5537 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5538 MGMT_STATUS_INVALID_PARAMS, 5539 &rp, sizeof(rp)); 5540 5541 hci_dev_lock(hdev); 5542 5543 if (!hdev_is_powered(hdev)) { 5544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5545 MGMT_STATUS_NOT_POWERED, &rp, 5546 sizeof(rp)); 5547 goto unlock; 5548 } 5549 5550 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5551 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5552 &cp->addr.bdaddr); 5553 if (!conn || conn->state != BT_CONNECTED) { 5554 err = mgmt_cmd_complete(sk, hdev->id, 5555 MGMT_OP_GET_CLOCK_INFO, 5556 MGMT_STATUS_NOT_CONNECTED, 5557 &rp, sizeof(rp)); 5558 goto unlock; 5559 } 5560 } else { 5561 conn = NULL; 5562 } 5563 5564 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 5565 if (!cmd) { 5566 err = -ENOMEM; 5567 goto unlock; 5568 } 5569 5570 cmd->cmd_complete = clock_info_cmd_complete; 5571 5572 hci_req_init(&req, hdev); 5573 5574 memset(&hci_cp, 0, sizeof(hci_cp)); 5575 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5576 5577 if (conn) { 5578 hci_conn_hold(conn); 5579 cmd->user_data = hci_conn_get(conn); 5580 5581 hci_cp.handle = cpu_to_le16(conn->handle); 5582 hci_cp.which = 0x01; /* Piconet clock */ 5583 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5584 } 5585 5586 err = hci_req_run(&req, get_clock_info_complete); 5587 if (err < 0) 5588 mgmt_pending_remove(cmd); 5589 5590 unlock: 5591 hci_dev_unlock(hdev); 5592 return err; 5593 } 5594 5595 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5596 { 5597 struct hci_conn *conn; 5598 5599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5600 if (!conn) 5601 return false; 5602 5603 if (conn->dst_type != type) 5604 return false; 5605 5606 if (conn->state != BT_CONNECTED) 5607 return false; 5608 5609 return true; 5610 } 5611 5612 /* This function requires the caller holds hdev->lock */ 5613 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5614 u8 addr_type, u8 auto_connect) 5615 { 5616 struct hci_conn_params *params; 5617 5618 params = hci_conn_params_add(hdev, addr, addr_type); 5619 if (!params) 5620 return -EIO; 5621 5622 if (params->auto_connect == auto_connect) 5623 return 0; 5624 5625 list_del_init(¶ms->action); 5626 5627 switch (auto_connect) { 5628 case HCI_AUTO_CONN_DISABLED: 5629 case HCI_AUTO_CONN_LINK_LOSS: 5630 /* If auto connect is being disabled when we're trying to 5631 * connect to device, keep connecting. 5632 */ 5633 if (params->explicit_connect) 5634 list_add(¶ms->action, &hdev->pend_le_conns); 5635 break; 5636 case HCI_AUTO_CONN_REPORT: 5637 if (params->explicit_connect) 5638 list_add(¶ms->action, &hdev->pend_le_conns); 5639 else 5640 list_add(¶ms->action, &hdev->pend_le_reports); 5641 break; 5642 case HCI_AUTO_CONN_DIRECT: 5643 case HCI_AUTO_CONN_ALWAYS: 5644 if (!is_connected(hdev, addr, addr_type)) 5645 list_add(¶ms->action, &hdev->pend_le_conns); 5646 break; 5647 } 5648 5649 params->auto_connect = auto_connect; 5650 5651 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5652 auto_connect); 5653 5654 return 0; 5655 } 5656 5657 static void device_added(struct sock *sk, struct hci_dev *hdev, 5658 bdaddr_t *bdaddr, u8 type, u8 action) 5659 { 5660 struct mgmt_ev_device_added ev; 5661 5662 bacpy(&ev.addr.bdaddr, bdaddr); 5663 ev.addr.type = type; 5664 ev.action = action; 5665 5666 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5667 } 5668 5669 static int add_device(struct sock *sk, struct hci_dev *hdev, 5670 void *data, u16 len) 5671 { 5672 struct mgmt_cp_add_device *cp = data; 5673 u8 auto_conn, addr_type; 5674 int err; 5675 5676 BT_DBG("%s", hdev->name); 5677 5678 if (!bdaddr_type_is_valid(cp->addr.type) || 5679 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5680 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5681 MGMT_STATUS_INVALID_PARAMS, 5682 &cp->addr, sizeof(cp->addr)); 5683 5684 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5685 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5686 MGMT_STATUS_INVALID_PARAMS, 5687 &cp->addr, sizeof(cp->addr)); 5688 5689 hci_dev_lock(hdev); 5690 5691 if (cp->addr.type == BDADDR_BREDR) { 5692 /* Only incoming connections action is supported for now */ 5693 if (cp->action != 0x01) { 5694 err = mgmt_cmd_complete(sk, hdev->id, 5695 MGMT_OP_ADD_DEVICE, 5696 MGMT_STATUS_INVALID_PARAMS, 5697 &cp->addr, sizeof(cp->addr)); 5698 goto unlock; 5699 } 5700 5701 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5702 cp->addr.type); 5703 if (err) 5704 goto unlock; 5705 5706 hci_req_update_scan(hdev); 5707 5708 goto added; 5709 } 5710 5711 addr_type = le_addr_type(cp->addr.type); 5712 5713 if (cp->action == 0x02) 5714 auto_conn = HCI_AUTO_CONN_ALWAYS; 5715 else if (cp->action == 0x01) 5716 auto_conn = HCI_AUTO_CONN_DIRECT; 5717 else 5718 auto_conn = HCI_AUTO_CONN_REPORT; 5719 5720 /* Kernel internally uses conn_params with resolvable private 5721 * address, but Add Device allows only identity addresses. 5722 * Make sure it is enforced before calling 5723 * hci_conn_params_lookup. 5724 */ 5725 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5726 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5727 MGMT_STATUS_INVALID_PARAMS, 5728 &cp->addr, sizeof(cp->addr)); 5729 goto unlock; 5730 } 5731 5732 /* If the connection parameters don't exist for this device, 5733 * they will be created and configured with defaults. 5734 */ 5735 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5736 auto_conn) < 0) { 5737 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5738 MGMT_STATUS_FAILED, &cp->addr, 5739 sizeof(cp->addr)); 5740 goto unlock; 5741 } 5742 5743 hci_update_background_scan(hdev); 5744 5745 added: 5746 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5747 5748 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5749 MGMT_STATUS_SUCCESS, &cp->addr, 5750 sizeof(cp->addr)); 5751 5752 unlock: 5753 hci_dev_unlock(hdev); 5754 return err; 5755 } 5756 5757 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5758 bdaddr_t *bdaddr, u8 type) 5759 { 5760 struct mgmt_ev_device_removed ev; 5761 5762 bacpy(&ev.addr.bdaddr, bdaddr); 5763 ev.addr.type = type; 5764 5765 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5766 } 5767 5768 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5769 void *data, u16 len) 5770 { 5771 struct mgmt_cp_remove_device *cp = data; 5772 int err; 5773 5774 BT_DBG("%s", hdev->name); 5775 5776 hci_dev_lock(hdev); 5777 5778 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5779 struct hci_conn_params *params; 5780 u8 addr_type; 5781 5782 if (!bdaddr_type_is_valid(cp->addr.type)) { 5783 err = mgmt_cmd_complete(sk, hdev->id, 5784 MGMT_OP_REMOVE_DEVICE, 5785 MGMT_STATUS_INVALID_PARAMS, 5786 &cp->addr, sizeof(cp->addr)); 5787 goto unlock; 5788 } 5789 5790 if (cp->addr.type == BDADDR_BREDR) { 5791 err = hci_bdaddr_list_del(&hdev->whitelist, 5792 &cp->addr.bdaddr, 5793 cp->addr.type); 5794 if (err) { 5795 err = mgmt_cmd_complete(sk, hdev->id, 5796 MGMT_OP_REMOVE_DEVICE, 5797 MGMT_STATUS_INVALID_PARAMS, 5798 &cp->addr, 5799 sizeof(cp->addr)); 5800 goto unlock; 5801 } 5802 5803 hci_req_update_scan(hdev); 5804 5805 device_removed(sk, hdev, &cp->addr.bdaddr, 5806 cp->addr.type); 5807 goto complete; 5808 } 5809 5810 addr_type = le_addr_type(cp->addr.type); 5811 5812 /* Kernel internally uses conn_params with resolvable private 5813 * address, but Remove Device allows only identity addresses. 5814 * Make sure it is enforced before calling 5815 * hci_conn_params_lookup. 5816 */ 5817 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5818 err = mgmt_cmd_complete(sk, hdev->id, 5819 MGMT_OP_REMOVE_DEVICE, 5820 MGMT_STATUS_INVALID_PARAMS, 5821 &cp->addr, sizeof(cp->addr)); 5822 goto unlock; 5823 } 5824 5825 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5826 addr_type); 5827 if (!params) { 5828 err = mgmt_cmd_complete(sk, hdev->id, 5829 MGMT_OP_REMOVE_DEVICE, 5830 MGMT_STATUS_INVALID_PARAMS, 5831 &cp->addr, sizeof(cp->addr)); 5832 goto unlock; 5833 } 5834 5835 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5836 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5837 err = mgmt_cmd_complete(sk, hdev->id, 5838 MGMT_OP_REMOVE_DEVICE, 5839 MGMT_STATUS_INVALID_PARAMS, 5840 &cp->addr, sizeof(cp->addr)); 5841 goto unlock; 5842 } 5843 5844 list_del(¶ms->action); 5845 list_del(¶ms->list); 5846 kfree(params); 5847 hci_update_background_scan(hdev); 5848 5849 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5850 } else { 5851 struct hci_conn_params *p, *tmp; 5852 struct bdaddr_list *b, *btmp; 5853 5854 if (cp->addr.type) { 5855 err = mgmt_cmd_complete(sk, hdev->id, 5856 MGMT_OP_REMOVE_DEVICE, 5857 MGMT_STATUS_INVALID_PARAMS, 5858 &cp->addr, sizeof(cp->addr)); 5859 goto unlock; 5860 } 5861 5862 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5863 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5864 list_del(&b->list); 5865 kfree(b); 5866 } 5867 5868 hci_req_update_scan(hdev); 5869 5870 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5871 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5872 continue; 5873 device_removed(sk, hdev, &p->addr, p->addr_type); 5874 if (p->explicit_connect) { 5875 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5876 continue; 5877 } 5878 list_del(&p->action); 5879 list_del(&p->list); 5880 kfree(p); 5881 } 5882 5883 BT_DBG("All LE connection parameters were removed"); 5884 5885 hci_update_background_scan(hdev); 5886 } 5887 5888 complete: 5889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5890 MGMT_STATUS_SUCCESS, &cp->addr, 5891 sizeof(cp->addr)); 5892 unlock: 5893 hci_dev_unlock(hdev); 5894 return err; 5895 } 5896 5897 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5898 u16 len) 5899 { 5900 struct mgmt_cp_load_conn_param *cp = data; 5901 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5902 sizeof(struct mgmt_conn_param)); 5903 u16 param_count, expected_len; 5904 int i; 5905 5906 if (!lmp_le_capable(hdev)) 5907 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5908 MGMT_STATUS_NOT_SUPPORTED); 5909 5910 param_count = __le16_to_cpu(cp->param_count); 5911 if (param_count > max_param_count) { 5912 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 5913 param_count); 5914 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5915 MGMT_STATUS_INVALID_PARAMS); 5916 } 5917 5918 expected_len = struct_size(cp, params, param_count); 5919 if (expected_len != len) { 5920 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 5921 expected_len, len); 5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5923 MGMT_STATUS_INVALID_PARAMS); 5924 } 5925 5926 BT_DBG("%s param_count %u", hdev->name, param_count); 5927 5928 hci_dev_lock(hdev); 5929 5930 hci_conn_params_clear_disabled(hdev); 5931 5932 for (i = 0; i < param_count; i++) { 5933 struct mgmt_conn_param *param = &cp->params[i]; 5934 struct hci_conn_params *hci_param; 5935 u16 min, max, latency, timeout; 5936 u8 addr_type; 5937 5938 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5939 param->addr.type); 5940 5941 if (param->addr.type == BDADDR_LE_PUBLIC) { 5942 addr_type = ADDR_LE_DEV_PUBLIC; 5943 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5944 addr_type = ADDR_LE_DEV_RANDOM; 5945 } else { 5946 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5947 continue; 5948 } 5949 5950 min = le16_to_cpu(param->min_interval); 5951 max = le16_to_cpu(param->max_interval); 5952 latency = le16_to_cpu(param->latency); 5953 timeout = le16_to_cpu(param->timeout); 5954 5955 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5956 min, max, latency, timeout); 5957 5958 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5959 bt_dev_err(hdev, "ignoring invalid connection parameters"); 5960 continue; 5961 } 5962 5963 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5964 addr_type); 5965 if (!hci_param) { 5966 bt_dev_err(hdev, "failed to add connection parameters"); 5967 continue; 5968 } 5969 5970 hci_param->conn_min_interval = min; 5971 hci_param->conn_max_interval = max; 5972 hci_param->conn_latency = latency; 5973 hci_param->supervision_timeout = timeout; 5974 } 5975 5976 hci_dev_unlock(hdev); 5977 5978 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5979 NULL, 0); 5980 } 5981 5982 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5983 void *data, u16 len) 5984 { 5985 struct mgmt_cp_set_external_config *cp = data; 5986 bool changed; 5987 int err; 5988 5989 BT_DBG("%s", hdev->name); 5990 5991 if (hdev_is_powered(hdev)) 5992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5993 MGMT_STATUS_REJECTED); 5994 5995 if (cp->config != 0x00 && cp->config != 0x01) 5996 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5997 MGMT_STATUS_INVALID_PARAMS); 5998 5999 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 6000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 6001 MGMT_STATUS_NOT_SUPPORTED); 6002 6003 hci_dev_lock(hdev); 6004 6005 if (cp->config) 6006 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 6007 else 6008 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 6009 6010 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 6011 if (err < 0) 6012 goto unlock; 6013 6014 if (!changed) 6015 goto unlock; 6016 6017 err = new_options(hdev, sk); 6018 6019 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 6020 mgmt_index_removed(hdev); 6021 6022 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 6023 hci_dev_set_flag(hdev, HCI_CONFIG); 6024 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6025 6026 queue_work(hdev->req_workqueue, &hdev->power_on); 6027 } else { 6028 set_bit(HCI_RAW, &hdev->flags); 6029 mgmt_index_added(hdev); 6030 } 6031 } 6032 6033 unlock: 6034 hci_dev_unlock(hdev); 6035 return err; 6036 } 6037 6038 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 6039 void *data, u16 len) 6040 { 6041 struct mgmt_cp_set_public_address *cp = data; 6042 bool changed; 6043 int err; 6044 6045 BT_DBG("%s", hdev->name); 6046 6047 if (hdev_is_powered(hdev)) 6048 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6049 MGMT_STATUS_REJECTED); 6050 6051 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 6052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6053 MGMT_STATUS_INVALID_PARAMS); 6054 6055 if (!hdev->set_bdaddr) 6056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 6057 MGMT_STATUS_NOT_SUPPORTED); 6058 6059 hci_dev_lock(hdev); 6060 6061 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 6062 bacpy(&hdev->public_addr, &cp->bdaddr); 6063 6064 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 6065 if (err < 0) 6066 goto unlock; 6067 6068 if (!changed) 6069 goto unlock; 6070 6071 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 6072 err = new_options(hdev, sk); 6073 6074 if (is_configured(hdev)) { 6075 mgmt_index_removed(hdev); 6076 6077 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 6078 6079 hci_dev_set_flag(hdev, HCI_CONFIG); 6080 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 6081 6082 queue_work(hdev->req_workqueue, &hdev->power_on); 6083 } 6084 6085 unlock: 6086 hci_dev_unlock(hdev); 6087 return err; 6088 } 6089 6090 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 6091 u16 opcode, struct sk_buff *skb) 6092 { 6093 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 6094 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 6095 u8 *h192, *r192, *h256, *r256; 6096 struct mgmt_pending_cmd *cmd; 6097 u16 eir_len; 6098 int err; 6099 6100 BT_DBG("%s status %u", hdev->name, status); 6101 6102 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 6103 if (!cmd) 6104 return; 6105 6106 mgmt_cp = cmd->param; 6107 6108 if (status) { 6109 status = mgmt_status(status); 6110 eir_len = 0; 6111 6112 h192 = NULL; 6113 r192 = NULL; 6114 h256 = NULL; 6115 r256 = NULL; 6116 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 6117 struct hci_rp_read_local_oob_data *rp; 6118 6119 if (skb->len != sizeof(*rp)) { 6120 status = MGMT_STATUS_FAILED; 6121 eir_len = 0; 6122 } else { 6123 status = MGMT_STATUS_SUCCESS; 6124 rp = (void *)skb->data; 6125 6126 eir_len = 5 + 18 + 18; 6127 h192 = rp->hash; 6128 r192 = rp->rand; 6129 h256 = NULL; 6130 r256 = NULL; 6131 } 6132 } else { 6133 struct hci_rp_read_local_oob_ext_data *rp; 6134 6135 if (skb->len != sizeof(*rp)) { 6136 status = MGMT_STATUS_FAILED; 6137 eir_len = 0; 6138 } else { 6139 status = MGMT_STATUS_SUCCESS; 6140 rp = (void *)skb->data; 6141 6142 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6143 eir_len = 5 + 18 + 18; 6144 h192 = NULL; 6145 r192 = NULL; 6146 } else { 6147 eir_len = 5 + 18 + 18 + 18 + 18; 6148 h192 = rp->hash192; 6149 r192 = rp->rand192; 6150 } 6151 6152 h256 = rp->hash256; 6153 r256 = rp->rand256; 6154 } 6155 } 6156 6157 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 6158 if (!mgmt_rp) 6159 goto done; 6160 6161 if (status) 6162 goto send_rsp; 6163 6164 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 6165 hdev->dev_class, 3); 6166 6167 if (h192 && r192) { 6168 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6169 EIR_SSP_HASH_C192, h192, 16); 6170 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6171 EIR_SSP_RAND_R192, r192, 16); 6172 } 6173 6174 if (h256 && r256) { 6175 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6176 EIR_SSP_HASH_C256, h256, 16); 6177 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 6178 EIR_SSP_RAND_R256, r256, 16); 6179 } 6180 6181 send_rsp: 6182 mgmt_rp->type = mgmt_cp->type; 6183 mgmt_rp->eir_len = cpu_to_le16(eir_len); 6184 6185 err = mgmt_cmd_complete(cmd->sk, hdev->id, 6186 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 6187 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 6188 if (err < 0 || status) 6189 goto done; 6190 6191 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 6192 6193 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6194 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 6195 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 6196 done: 6197 kfree(mgmt_rp); 6198 mgmt_pending_remove(cmd); 6199 } 6200 6201 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 6202 struct mgmt_cp_read_local_oob_ext_data *cp) 6203 { 6204 struct mgmt_pending_cmd *cmd; 6205 struct hci_request req; 6206 int err; 6207 6208 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 6209 cp, sizeof(*cp)); 6210 if (!cmd) 6211 return -ENOMEM; 6212 6213 hci_req_init(&req, hdev); 6214 6215 if (bredr_sc_enabled(hdev)) 6216 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 6217 else 6218 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 6219 6220 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 6221 if (err < 0) { 6222 mgmt_pending_remove(cmd); 6223 return err; 6224 } 6225 6226 return 0; 6227 } 6228 6229 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 6230 void *data, u16 data_len) 6231 { 6232 struct mgmt_cp_read_local_oob_ext_data *cp = data; 6233 struct mgmt_rp_read_local_oob_ext_data *rp; 6234 size_t rp_len; 6235 u16 eir_len; 6236 u8 status, flags, role, addr[7], hash[16], rand[16]; 6237 int err; 6238 6239 BT_DBG("%s", hdev->name); 6240 6241 if (hdev_is_powered(hdev)) { 6242 switch (cp->type) { 6243 case BIT(BDADDR_BREDR): 6244 status = mgmt_bredr_support(hdev); 6245 if (status) 6246 eir_len = 0; 6247 else 6248 eir_len = 5; 6249 break; 6250 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6251 status = mgmt_le_support(hdev); 6252 if (status) 6253 eir_len = 0; 6254 else 6255 eir_len = 9 + 3 + 18 + 18 + 3; 6256 break; 6257 default: 6258 status = MGMT_STATUS_INVALID_PARAMS; 6259 eir_len = 0; 6260 break; 6261 } 6262 } else { 6263 status = MGMT_STATUS_NOT_POWERED; 6264 eir_len = 0; 6265 } 6266 6267 rp_len = sizeof(*rp) + eir_len; 6268 rp = kmalloc(rp_len, GFP_ATOMIC); 6269 if (!rp) 6270 return -ENOMEM; 6271 6272 if (status) 6273 goto complete; 6274 6275 hci_dev_lock(hdev); 6276 6277 eir_len = 0; 6278 switch (cp->type) { 6279 case BIT(BDADDR_BREDR): 6280 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6281 err = read_local_ssp_oob_req(hdev, sk, cp); 6282 hci_dev_unlock(hdev); 6283 if (!err) 6284 goto done; 6285 6286 status = MGMT_STATUS_FAILED; 6287 goto complete; 6288 } else { 6289 eir_len = eir_append_data(rp->eir, eir_len, 6290 EIR_CLASS_OF_DEV, 6291 hdev->dev_class, 3); 6292 } 6293 break; 6294 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 6295 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6296 smp_generate_oob(hdev, hash, rand) < 0) { 6297 hci_dev_unlock(hdev); 6298 status = MGMT_STATUS_FAILED; 6299 goto complete; 6300 } 6301 6302 /* This should return the active RPA, but since the RPA 6303 * is only programmed on demand, it is really hard to fill 6304 * this in at the moment. For now disallow retrieving 6305 * local out-of-band data when privacy is in use. 6306 * 6307 * Returning the identity address will not help here since 6308 * pairing happens before the identity resolving key is 6309 * known and thus the connection establishment happens 6310 * based on the RPA and not the identity address. 6311 */ 6312 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 6313 hci_dev_unlock(hdev); 6314 status = MGMT_STATUS_REJECTED; 6315 goto complete; 6316 } 6317 6318 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 6319 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 6320 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6321 bacmp(&hdev->static_addr, BDADDR_ANY))) { 6322 memcpy(addr, &hdev->static_addr, 6); 6323 addr[6] = 0x01; 6324 } else { 6325 memcpy(addr, &hdev->bdaddr, 6); 6326 addr[6] = 0x00; 6327 } 6328 6329 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 6330 addr, sizeof(addr)); 6331 6332 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 6333 role = 0x02; 6334 else 6335 role = 0x01; 6336 6337 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 6338 &role, sizeof(role)); 6339 6340 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 6341 eir_len = eir_append_data(rp->eir, eir_len, 6342 EIR_LE_SC_CONFIRM, 6343 hash, sizeof(hash)); 6344 6345 eir_len = eir_append_data(rp->eir, eir_len, 6346 EIR_LE_SC_RANDOM, 6347 rand, sizeof(rand)); 6348 } 6349 6350 flags = mgmt_get_adv_discov_flags(hdev); 6351 6352 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 6353 flags |= LE_AD_NO_BREDR; 6354 6355 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 6356 &flags, sizeof(flags)); 6357 break; 6358 } 6359 6360 hci_dev_unlock(hdev); 6361 6362 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 6363 6364 status = MGMT_STATUS_SUCCESS; 6365 6366 complete: 6367 rp->type = cp->type; 6368 rp->eir_len = cpu_to_le16(eir_len); 6369 6370 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 6371 status, rp, sizeof(*rp) + eir_len); 6372 if (err < 0 || status) 6373 goto done; 6374 6375 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 6376 rp, sizeof(*rp) + eir_len, 6377 HCI_MGMT_OOB_DATA_EVENTS, sk); 6378 6379 done: 6380 kfree(rp); 6381 6382 return err; 6383 } 6384 6385 static u32 get_supported_adv_flags(struct hci_dev *hdev) 6386 { 6387 u32 flags = 0; 6388 6389 flags |= MGMT_ADV_FLAG_CONNECTABLE; 6390 flags |= MGMT_ADV_FLAG_DISCOV; 6391 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 6392 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 6393 flags |= MGMT_ADV_FLAG_APPEARANCE; 6394 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 6395 6396 /* In extended adv TX_POWER returned from Set Adv Param 6397 * will be always valid. 6398 */ 6399 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) || 6400 ext_adv_capable(hdev)) 6401 flags |= MGMT_ADV_FLAG_TX_POWER; 6402 6403 if (ext_adv_capable(hdev)) { 6404 flags |= MGMT_ADV_FLAG_SEC_1M; 6405 6406 if (hdev->le_features[1] & HCI_LE_PHY_2M) 6407 flags |= MGMT_ADV_FLAG_SEC_2M; 6408 6409 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 6410 flags |= MGMT_ADV_FLAG_SEC_CODED; 6411 } 6412 6413 return flags; 6414 } 6415 6416 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 6417 void *data, u16 data_len) 6418 { 6419 struct mgmt_rp_read_adv_features *rp; 6420 size_t rp_len; 6421 int err; 6422 struct adv_info *adv_instance; 6423 u32 supported_flags; 6424 u8 *instance; 6425 6426 BT_DBG("%s", hdev->name); 6427 6428 if (!lmp_le_capable(hdev)) 6429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6430 MGMT_STATUS_REJECTED); 6431 6432 hci_dev_lock(hdev); 6433 6434 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 6435 rp = kmalloc(rp_len, GFP_ATOMIC); 6436 if (!rp) { 6437 hci_dev_unlock(hdev); 6438 return -ENOMEM; 6439 } 6440 6441 supported_flags = get_supported_adv_flags(hdev); 6442 6443 rp->supported_flags = cpu_to_le32(supported_flags); 6444 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 6445 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 6446 rp->max_instances = HCI_MAX_ADV_INSTANCES; 6447 rp->num_instances = hdev->adv_instance_cnt; 6448 6449 instance = rp->instance; 6450 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 6451 *instance = adv_instance->instance; 6452 instance++; 6453 } 6454 6455 hci_dev_unlock(hdev); 6456 6457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6458 MGMT_STATUS_SUCCESS, rp, rp_len); 6459 6460 kfree(rp); 6461 6462 return err; 6463 } 6464 6465 static u8 calculate_name_len(struct hci_dev *hdev) 6466 { 6467 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 6468 6469 return append_local_name(hdev, buf, 0); 6470 } 6471 6472 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 6473 bool is_adv_data) 6474 { 6475 u8 max_len = HCI_MAX_AD_LENGTH; 6476 6477 if (is_adv_data) { 6478 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6479 MGMT_ADV_FLAG_LIMITED_DISCOV | 6480 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6481 max_len -= 3; 6482 6483 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6484 max_len -= 3; 6485 } else { 6486 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 6487 max_len -= calculate_name_len(hdev); 6488 6489 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 6490 max_len -= 4; 6491 } 6492 6493 return max_len; 6494 } 6495 6496 static bool flags_managed(u32 adv_flags) 6497 { 6498 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 6499 MGMT_ADV_FLAG_LIMITED_DISCOV | 6500 MGMT_ADV_FLAG_MANAGED_FLAGS); 6501 } 6502 6503 static bool tx_power_managed(u32 adv_flags) 6504 { 6505 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 6506 } 6507 6508 static bool name_managed(u32 adv_flags) 6509 { 6510 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 6511 } 6512 6513 static bool appearance_managed(u32 adv_flags) 6514 { 6515 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 6516 } 6517 6518 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 6519 u8 len, bool is_adv_data) 6520 { 6521 int i, cur_len; 6522 u8 max_len; 6523 6524 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 6525 6526 if (len > max_len) 6527 return false; 6528 6529 /* Make sure that the data is correctly formatted. */ 6530 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 6531 cur_len = data[i]; 6532 6533 if (data[i + 1] == EIR_FLAGS && 6534 (!is_adv_data || flags_managed(adv_flags))) 6535 return false; 6536 6537 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 6538 return false; 6539 6540 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 6541 return false; 6542 6543 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 6544 return false; 6545 6546 if (data[i + 1] == EIR_APPEARANCE && 6547 appearance_managed(adv_flags)) 6548 return false; 6549 6550 /* If the current field length would exceed the total data 6551 * length, then it's invalid. 6552 */ 6553 if (i + cur_len >= len) 6554 return false; 6555 } 6556 6557 return true; 6558 } 6559 6560 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 6561 u16 opcode) 6562 { 6563 struct mgmt_pending_cmd *cmd; 6564 struct mgmt_cp_add_advertising *cp; 6565 struct mgmt_rp_add_advertising rp; 6566 struct adv_info *adv_instance, *n; 6567 u8 instance; 6568 6569 BT_DBG("status %d", status); 6570 6571 hci_dev_lock(hdev); 6572 6573 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 6574 6575 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 6576 if (!adv_instance->pending) 6577 continue; 6578 6579 if (!status) { 6580 adv_instance->pending = false; 6581 continue; 6582 } 6583 6584 instance = adv_instance->instance; 6585 6586 if (hdev->cur_adv_instance == instance) 6587 cancel_adv_timeout(hdev); 6588 6589 hci_remove_adv_instance(hdev, instance); 6590 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 6591 } 6592 6593 if (!cmd) 6594 goto unlock; 6595 6596 cp = cmd->param; 6597 rp.instance = cp->instance; 6598 6599 if (status) 6600 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 6601 mgmt_status(status)); 6602 else 6603 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 6604 mgmt_status(status), &rp, sizeof(rp)); 6605 6606 mgmt_pending_remove(cmd); 6607 6608 unlock: 6609 hci_dev_unlock(hdev); 6610 } 6611 6612 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 6613 void *data, u16 data_len) 6614 { 6615 struct mgmt_cp_add_advertising *cp = data; 6616 struct mgmt_rp_add_advertising rp; 6617 u32 flags; 6618 u32 supported_flags, phy_flags; 6619 u8 status; 6620 u16 timeout, duration; 6621 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6622 u8 schedule_instance = 0; 6623 struct adv_info *next_instance; 6624 int err; 6625 struct mgmt_pending_cmd *cmd; 6626 struct hci_request req; 6627 6628 BT_DBG("%s", hdev->name); 6629 6630 status = mgmt_le_support(hdev); 6631 if (status) 6632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6633 status); 6634 6635 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6636 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6637 MGMT_STATUS_INVALID_PARAMS); 6638 6639 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 6640 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6641 MGMT_STATUS_INVALID_PARAMS); 6642 6643 flags = __le32_to_cpu(cp->flags); 6644 timeout = __le16_to_cpu(cp->timeout); 6645 duration = __le16_to_cpu(cp->duration); 6646 6647 /* The current implementation only supports a subset of the specified 6648 * flags. Also need to check mutual exclusiveness of sec flags. 6649 */ 6650 supported_flags = get_supported_adv_flags(hdev); 6651 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK; 6652 if (flags & ~supported_flags || 6653 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 6654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6655 MGMT_STATUS_INVALID_PARAMS); 6656 6657 hci_dev_lock(hdev); 6658 6659 if (timeout && !hdev_is_powered(hdev)) { 6660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6661 MGMT_STATUS_REJECTED); 6662 goto unlock; 6663 } 6664 6665 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6666 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6667 pending_find(MGMT_OP_SET_LE, hdev)) { 6668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6669 MGMT_STATUS_BUSY); 6670 goto unlock; 6671 } 6672 6673 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6674 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6675 cp->scan_rsp_len, false)) { 6676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6677 MGMT_STATUS_INVALID_PARAMS); 6678 goto unlock; 6679 } 6680 6681 err = hci_add_adv_instance(hdev, cp->instance, flags, 6682 cp->adv_data_len, cp->data, 6683 cp->scan_rsp_len, 6684 cp->data + cp->adv_data_len, 6685 timeout, duration); 6686 if (err < 0) { 6687 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6688 MGMT_STATUS_FAILED); 6689 goto unlock; 6690 } 6691 6692 /* Only trigger an advertising added event if a new instance was 6693 * actually added. 6694 */ 6695 if (hdev->adv_instance_cnt > prev_instance_cnt) 6696 mgmt_advertising_added(sk, hdev, cp->instance); 6697 6698 if (hdev->cur_adv_instance == cp->instance) { 6699 /* If the currently advertised instance is being changed then 6700 * cancel the current advertising and schedule the next 6701 * instance. If there is only one instance then the overridden 6702 * advertising data will be visible right away. 6703 */ 6704 cancel_adv_timeout(hdev); 6705 6706 next_instance = hci_get_next_instance(hdev, cp->instance); 6707 if (next_instance) 6708 schedule_instance = next_instance->instance; 6709 } else if (!hdev->adv_instance_timeout) { 6710 /* Immediately advertise the new instance if no other 6711 * instance is currently being advertised. 6712 */ 6713 schedule_instance = cp->instance; 6714 } 6715 6716 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6717 * there is no instance to be advertised then we have no HCI 6718 * communication to make. Simply return. 6719 */ 6720 if (!hdev_is_powered(hdev) || 6721 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6722 !schedule_instance) { 6723 rp.instance = cp->instance; 6724 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6725 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6726 goto unlock; 6727 } 6728 6729 /* We're good to go, update advertising data, parameters, and start 6730 * advertising. 6731 */ 6732 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6733 data_len); 6734 if (!cmd) { 6735 err = -ENOMEM; 6736 goto unlock; 6737 } 6738 6739 hci_req_init(&req, hdev); 6740 6741 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6742 6743 if (!err) 6744 err = hci_req_run(&req, add_advertising_complete); 6745 6746 if (err < 0) 6747 mgmt_pending_remove(cmd); 6748 6749 unlock: 6750 hci_dev_unlock(hdev); 6751 6752 return err; 6753 } 6754 6755 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6756 u16 opcode) 6757 { 6758 struct mgmt_pending_cmd *cmd; 6759 struct mgmt_cp_remove_advertising *cp; 6760 struct mgmt_rp_remove_advertising rp; 6761 6762 BT_DBG("status %d", status); 6763 6764 hci_dev_lock(hdev); 6765 6766 /* A failure status here only means that we failed to disable 6767 * advertising. Otherwise, the advertising instance has been removed, 6768 * so report success. 6769 */ 6770 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6771 if (!cmd) 6772 goto unlock; 6773 6774 cp = cmd->param; 6775 rp.instance = cp->instance; 6776 6777 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6778 &rp, sizeof(rp)); 6779 mgmt_pending_remove(cmd); 6780 6781 unlock: 6782 hci_dev_unlock(hdev); 6783 } 6784 6785 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6786 void *data, u16 data_len) 6787 { 6788 struct mgmt_cp_remove_advertising *cp = data; 6789 struct mgmt_rp_remove_advertising rp; 6790 struct mgmt_pending_cmd *cmd; 6791 struct hci_request req; 6792 int err; 6793 6794 BT_DBG("%s", hdev->name); 6795 6796 hci_dev_lock(hdev); 6797 6798 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6799 err = mgmt_cmd_status(sk, hdev->id, 6800 MGMT_OP_REMOVE_ADVERTISING, 6801 MGMT_STATUS_INVALID_PARAMS); 6802 goto unlock; 6803 } 6804 6805 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6806 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6807 pending_find(MGMT_OP_SET_LE, hdev)) { 6808 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6809 MGMT_STATUS_BUSY); 6810 goto unlock; 6811 } 6812 6813 if (list_empty(&hdev->adv_instances)) { 6814 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6815 MGMT_STATUS_INVALID_PARAMS); 6816 goto unlock; 6817 } 6818 6819 hci_req_init(&req, hdev); 6820 6821 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 6822 6823 if (list_empty(&hdev->adv_instances)) 6824 __hci_req_disable_advertising(&req); 6825 6826 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6827 * flag is set or the device isn't powered then we have no HCI 6828 * communication to make. Simply return. 6829 */ 6830 if (skb_queue_empty(&req.cmd_q) || 6831 !hdev_is_powered(hdev) || 6832 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6833 hci_req_purge(&req); 6834 rp.instance = cp->instance; 6835 err = mgmt_cmd_complete(sk, hdev->id, 6836 MGMT_OP_REMOVE_ADVERTISING, 6837 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6838 goto unlock; 6839 } 6840 6841 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6842 data_len); 6843 if (!cmd) { 6844 err = -ENOMEM; 6845 goto unlock; 6846 } 6847 6848 err = hci_req_run(&req, remove_advertising_complete); 6849 if (err < 0) 6850 mgmt_pending_remove(cmd); 6851 6852 unlock: 6853 hci_dev_unlock(hdev); 6854 6855 return err; 6856 } 6857 6858 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6859 void *data, u16 data_len) 6860 { 6861 struct mgmt_cp_get_adv_size_info *cp = data; 6862 struct mgmt_rp_get_adv_size_info rp; 6863 u32 flags, supported_flags; 6864 int err; 6865 6866 BT_DBG("%s", hdev->name); 6867 6868 if (!lmp_le_capable(hdev)) 6869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6870 MGMT_STATUS_REJECTED); 6871 6872 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6874 MGMT_STATUS_INVALID_PARAMS); 6875 6876 flags = __le32_to_cpu(cp->flags); 6877 6878 /* The current implementation only supports a subset of the specified 6879 * flags. 6880 */ 6881 supported_flags = get_supported_adv_flags(hdev); 6882 if (flags & ~supported_flags) 6883 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6884 MGMT_STATUS_INVALID_PARAMS); 6885 6886 rp.instance = cp->instance; 6887 rp.flags = cp->flags; 6888 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 6889 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 6890 6891 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6892 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6893 6894 return err; 6895 } 6896 6897 static const struct hci_mgmt_handler mgmt_handlers[] = { 6898 { NULL }, /* 0x0000 (no command) */ 6899 { read_version, MGMT_READ_VERSION_SIZE, 6900 HCI_MGMT_NO_HDEV | 6901 HCI_MGMT_UNTRUSTED }, 6902 { read_commands, MGMT_READ_COMMANDS_SIZE, 6903 HCI_MGMT_NO_HDEV | 6904 HCI_MGMT_UNTRUSTED }, 6905 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6906 HCI_MGMT_NO_HDEV | 6907 HCI_MGMT_UNTRUSTED }, 6908 { read_controller_info, MGMT_READ_INFO_SIZE, 6909 HCI_MGMT_UNTRUSTED }, 6910 { set_powered, MGMT_SETTING_SIZE }, 6911 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6912 { set_connectable, MGMT_SETTING_SIZE }, 6913 { set_fast_connectable, MGMT_SETTING_SIZE }, 6914 { set_bondable, MGMT_SETTING_SIZE }, 6915 { set_link_security, MGMT_SETTING_SIZE }, 6916 { set_ssp, MGMT_SETTING_SIZE }, 6917 { set_hs, MGMT_SETTING_SIZE }, 6918 { set_le, MGMT_SETTING_SIZE }, 6919 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6920 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6921 { add_uuid, MGMT_ADD_UUID_SIZE }, 6922 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6923 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6924 HCI_MGMT_VAR_LEN }, 6925 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6926 HCI_MGMT_VAR_LEN }, 6927 { disconnect, MGMT_DISCONNECT_SIZE }, 6928 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6929 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6930 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6931 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6932 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6933 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6934 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6935 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6936 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6937 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6938 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6939 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6940 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6941 HCI_MGMT_VAR_LEN }, 6942 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6943 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6944 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6945 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6946 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6947 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6948 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6949 { set_advertising, MGMT_SETTING_SIZE }, 6950 { set_bredr, MGMT_SETTING_SIZE }, 6951 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6952 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6953 { set_secure_conn, MGMT_SETTING_SIZE }, 6954 { set_debug_keys, MGMT_SETTING_SIZE }, 6955 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6956 { load_irks, MGMT_LOAD_IRKS_SIZE, 6957 HCI_MGMT_VAR_LEN }, 6958 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6959 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6960 { add_device, MGMT_ADD_DEVICE_SIZE }, 6961 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6962 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6963 HCI_MGMT_VAR_LEN }, 6964 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6965 HCI_MGMT_NO_HDEV | 6966 HCI_MGMT_UNTRUSTED }, 6967 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6968 HCI_MGMT_UNCONFIGURED | 6969 HCI_MGMT_UNTRUSTED }, 6970 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6971 HCI_MGMT_UNCONFIGURED }, 6972 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6973 HCI_MGMT_UNCONFIGURED }, 6974 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6975 HCI_MGMT_VAR_LEN }, 6976 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6977 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6978 HCI_MGMT_NO_HDEV | 6979 HCI_MGMT_UNTRUSTED }, 6980 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6981 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6982 HCI_MGMT_VAR_LEN }, 6983 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6984 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6985 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6986 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6987 HCI_MGMT_UNTRUSTED }, 6988 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6989 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 6990 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 6991 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 6992 HCI_MGMT_VAR_LEN }, 6993 }; 6994 6995 void mgmt_index_added(struct hci_dev *hdev) 6996 { 6997 struct mgmt_ev_ext_index ev; 6998 6999 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 7000 return; 7001 7002 switch (hdev->dev_type) { 7003 case HCI_PRIMARY: 7004 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 7005 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 7006 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 7007 ev.type = 0x01; 7008 } else { 7009 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 7010 HCI_MGMT_INDEX_EVENTS); 7011 ev.type = 0x00; 7012 } 7013 break; 7014 case HCI_AMP: 7015 ev.type = 0x02; 7016 break; 7017 default: 7018 return; 7019 } 7020 7021 ev.bus = hdev->bus; 7022 7023 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 7024 HCI_MGMT_EXT_INDEX_EVENTS); 7025 } 7026 7027 void mgmt_index_removed(struct hci_dev *hdev) 7028 { 7029 struct mgmt_ev_ext_index ev; 7030 u8 status = MGMT_STATUS_INVALID_INDEX; 7031 7032 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 7033 return; 7034 7035 switch (hdev->dev_type) { 7036 case HCI_PRIMARY: 7037 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 7038 7039 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 7040 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 7041 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 7042 ev.type = 0x01; 7043 } else { 7044 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 7045 HCI_MGMT_INDEX_EVENTS); 7046 ev.type = 0x00; 7047 } 7048 break; 7049 case HCI_AMP: 7050 ev.type = 0x02; 7051 break; 7052 default: 7053 return; 7054 } 7055 7056 ev.bus = hdev->bus; 7057 7058 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 7059 HCI_MGMT_EXT_INDEX_EVENTS); 7060 } 7061 7062 /* This function requires the caller holds hdev->lock */ 7063 static void restart_le_actions(struct hci_dev *hdev) 7064 { 7065 struct hci_conn_params *p; 7066 7067 list_for_each_entry(p, &hdev->le_conn_params, list) { 7068 /* Needed for AUTO_OFF case where might not "really" 7069 * have been powered off. 7070 */ 7071 list_del_init(&p->action); 7072 7073 switch (p->auto_connect) { 7074 case HCI_AUTO_CONN_DIRECT: 7075 case HCI_AUTO_CONN_ALWAYS: 7076 list_add(&p->action, &hdev->pend_le_conns); 7077 break; 7078 case HCI_AUTO_CONN_REPORT: 7079 list_add(&p->action, &hdev->pend_le_reports); 7080 break; 7081 default: 7082 break; 7083 } 7084 } 7085 } 7086 7087 void mgmt_power_on(struct hci_dev *hdev, int err) 7088 { 7089 struct cmd_lookup match = { NULL, hdev }; 7090 7091 BT_DBG("err %d", err); 7092 7093 hci_dev_lock(hdev); 7094 7095 if (!err) { 7096 restart_le_actions(hdev); 7097 hci_update_background_scan(hdev); 7098 } 7099 7100 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7101 7102 new_settings(hdev, match.sk); 7103 7104 if (match.sk) 7105 sock_put(match.sk); 7106 7107 hci_dev_unlock(hdev); 7108 } 7109 7110 void __mgmt_power_off(struct hci_dev *hdev) 7111 { 7112 struct cmd_lookup match = { NULL, hdev }; 7113 u8 status, zero_cod[] = { 0, 0, 0 }; 7114 7115 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 7116 7117 /* If the power off is because of hdev unregistration let 7118 * use the appropriate INVALID_INDEX status. Otherwise use 7119 * NOT_POWERED. We cover both scenarios here since later in 7120 * mgmt_index_removed() any hci_conn callbacks will have already 7121 * been triggered, potentially causing misleading DISCONNECTED 7122 * status responses. 7123 */ 7124 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 7125 status = MGMT_STATUS_INVALID_INDEX; 7126 else 7127 status = MGMT_STATUS_NOT_POWERED; 7128 7129 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 7130 7131 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 7132 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 7133 zero_cod, sizeof(zero_cod), 7134 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7135 ext_info_changed(hdev, NULL); 7136 } 7137 7138 new_settings(hdev, match.sk); 7139 7140 if (match.sk) 7141 sock_put(match.sk); 7142 } 7143 7144 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 7145 { 7146 struct mgmt_pending_cmd *cmd; 7147 u8 status; 7148 7149 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7150 if (!cmd) 7151 return; 7152 7153 if (err == -ERFKILL) 7154 status = MGMT_STATUS_RFKILLED; 7155 else 7156 status = MGMT_STATUS_FAILED; 7157 7158 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 7159 7160 mgmt_pending_remove(cmd); 7161 } 7162 7163 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 7164 bool persistent) 7165 { 7166 struct mgmt_ev_new_link_key ev; 7167 7168 memset(&ev, 0, sizeof(ev)); 7169 7170 ev.store_hint = persistent; 7171 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7172 ev.key.addr.type = BDADDR_BREDR; 7173 ev.key.type = key->type; 7174 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 7175 ev.key.pin_len = key->pin_len; 7176 7177 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 7178 } 7179 7180 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 7181 { 7182 switch (ltk->type) { 7183 case SMP_LTK: 7184 case SMP_LTK_SLAVE: 7185 if (ltk->authenticated) 7186 return MGMT_LTK_AUTHENTICATED; 7187 return MGMT_LTK_UNAUTHENTICATED; 7188 case SMP_LTK_P256: 7189 if (ltk->authenticated) 7190 return MGMT_LTK_P256_AUTH; 7191 return MGMT_LTK_P256_UNAUTH; 7192 case SMP_LTK_P256_DEBUG: 7193 return MGMT_LTK_P256_DEBUG; 7194 } 7195 7196 return MGMT_LTK_UNAUTHENTICATED; 7197 } 7198 7199 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 7200 { 7201 struct mgmt_ev_new_long_term_key ev; 7202 7203 memset(&ev, 0, sizeof(ev)); 7204 7205 /* Devices using resolvable or non-resolvable random addresses 7206 * without providing an identity resolving key don't require 7207 * to store long term keys. Their addresses will change the 7208 * next time around. 7209 * 7210 * Only when a remote device provides an identity address 7211 * make sure the long term key is stored. If the remote 7212 * identity is known, the long term keys are internally 7213 * mapped to the identity address. So allow static random 7214 * and public addresses here. 7215 */ 7216 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 7217 (key->bdaddr.b[5] & 0xc0) != 0xc0) 7218 ev.store_hint = 0x00; 7219 else 7220 ev.store_hint = persistent; 7221 7222 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 7223 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 7224 ev.key.type = mgmt_ltk_type(key); 7225 ev.key.enc_size = key->enc_size; 7226 ev.key.ediv = key->ediv; 7227 ev.key.rand = key->rand; 7228 7229 if (key->type == SMP_LTK) 7230 ev.key.master = 1; 7231 7232 /* Make sure we copy only the significant bytes based on the 7233 * encryption key size, and set the rest of the value to zeroes. 7234 */ 7235 memcpy(ev.key.val, key->val, key->enc_size); 7236 memset(ev.key.val + key->enc_size, 0, 7237 sizeof(ev.key.val) - key->enc_size); 7238 7239 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 7240 } 7241 7242 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 7243 { 7244 struct mgmt_ev_new_irk ev; 7245 7246 memset(&ev, 0, sizeof(ev)); 7247 7248 ev.store_hint = persistent; 7249 7250 bacpy(&ev.rpa, &irk->rpa); 7251 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 7252 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 7253 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 7254 7255 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 7256 } 7257 7258 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 7259 bool persistent) 7260 { 7261 struct mgmt_ev_new_csrk ev; 7262 7263 memset(&ev, 0, sizeof(ev)); 7264 7265 /* Devices using resolvable or non-resolvable random addresses 7266 * without providing an identity resolving key don't require 7267 * to store signature resolving keys. Their addresses will change 7268 * the next time around. 7269 * 7270 * Only when a remote device provides an identity address 7271 * make sure the signature resolving key is stored. So allow 7272 * static random and public addresses here. 7273 */ 7274 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 7275 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 7276 ev.store_hint = 0x00; 7277 else 7278 ev.store_hint = persistent; 7279 7280 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 7281 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 7282 ev.key.type = csrk->type; 7283 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 7284 7285 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 7286 } 7287 7288 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 7289 u8 bdaddr_type, u8 store_hint, u16 min_interval, 7290 u16 max_interval, u16 latency, u16 timeout) 7291 { 7292 struct mgmt_ev_new_conn_param ev; 7293 7294 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 7295 return; 7296 7297 memset(&ev, 0, sizeof(ev)); 7298 bacpy(&ev.addr.bdaddr, bdaddr); 7299 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 7300 ev.store_hint = store_hint; 7301 ev.min_interval = cpu_to_le16(min_interval); 7302 ev.max_interval = cpu_to_le16(max_interval); 7303 ev.latency = cpu_to_le16(latency); 7304 ev.timeout = cpu_to_le16(timeout); 7305 7306 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 7307 } 7308 7309 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 7310 u32 flags, u8 *name, u8 name_len) 7311 { 7312 char buf[512]; 7313 struct mgmt_ev_device_connected *ev = (void *) buf; 7314 u16 eir_len = 0; 7315 7316 bacpy(&ev->addr.bdaddr, &conn->dst); 7317 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7318 7319 ev->flags = __cpu_to_le32(flags); 7320 7321 /* We must ensure that the EIR Data fields are ordered and 7322 * unique. Keep it simple for now and avoid the problem by not 7323 * adding any BR/EDR data to the LE adv. 7324 */ 7325 if (conn->le_adv_data_len > 0) { 7326 memcpy(&ev->eir[eir_len], 7327 conn->le_adv_data, conn->le_adv_data_len); 7328 eir_len = conn->le_adv_data_len; 7329 } else { 7330 if (name_len > 0) 7331 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 7332 name, name_len); 7333 7334 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 7335 eir_len = eir_append_data(ev->eir, eir_len, 7336 EIR_CLASS_OF_DEV, 7337 conn->dev_class, 3); 7338 } 7339 7340 ev->eir_len = cpu_to_le16(eir_len); 7341 7342 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 7343 sizeof(*ev) + eir_len, NULL); 7344 } 7345 7346 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 7347 { 7348 struct sock **sk = data; 7349 7350 cmd->cmd_complete(cmd, 0); 7351 7352 *sk = cmd->sk; 7353 sock_hold(*sk); 7354 7355 mgmt_pending_remove(cmd); 7356 } 7357 7358 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 7359 { 7360 struct hci_dev *hdev = data; 7361 struct mgmt_cp_unpair_device *cp = cmd->param; 7362 7363 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 7364 7365 cmd->cmd_complete(cmd, 0); 7366 mgmt_pending_remove(cmd); 7367 } 7368 7369 bool mgmt_powering_down(struct hci_dev *hdev) 7370 { 7371 struct mgmt_pending_cmd *cmd; 7372 struct mgmt_mode *cp; 7373 7374 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 7375 if (!cmd) 7376 return false; 7377 7378 cp = cmd->param; 7379 if (!cp->val) 7380 return true; 7381 7382 return false; 7383 } 7384 7385 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 7386 u8 link_type, u8 addr_type, u8 reason, 7387 bool mgmt_connected) 7388 { 7389 struct mgmt_ev_device_disconnected ev; 7390 struct sock *sk = NULL; 7391 7392 /* The connection is still in hci_conn_hash so test for 1 7393 * instead of 0 to know if this is the last one. 7394 */ 7395 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7396 cancel_delayed_work(&hdev->power_off); 7397 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7398 } 7399 7400 if (!mgmt_connected) 7401 return; 7402 7403 if (link_type != ACL_LINK && link_type != LE_LINK) 7404 return; 7405 7406 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 7407 7408 bacpy(&ev.addr.bdaddr, bdaddr); 7409 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7410 ev.reason = reason; 7411 7412 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 7413 7414 if (sk) 7415 sock_put(sk); 7416 7417 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7418 hdev); 7419 } 7420 7421 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 7422 u8 link_type, u8 addr_type, u8 status) 7423 { 7424 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 7425 struct mgmt_cp_disconnect *cp; 7426 struct mgmt_pending_cmd *cmd; 7427 7428 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 7429 hdev); 7430 7431 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 7432 if (!cmd) 7433 return; 7434 7435 cp = cmd->param; 7436 7437 if (bacmp(bdaddr, &cp->addr.bdaddr)) 7438 return; 7439 7440 if (cp->addr.type != bdaddr_type) 7441 return; 7442 7443 cmd->cmd_complete(cmd, mgmt_status(status)); 7444 mgmt_pending_remove(cmd); 7445 } 7446 7447 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7448 u8 addr_type, u8 status) 7449 { 7450 struct mgmt_ev_connect_failed ev; 7451 7452 /* The connection is still in hci_conn_hash so test for 1 7453 * instead of 0 to know if this is the last one. 7454 */ 7455 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7456 cancel_delayed_work(&hdev->power_off); 7457 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7458 } 7459 7460 bacpy(&ev.addr.bdaddr, bdaddr); 7461 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7462 ev.status = mgmt_status(status); 7463 7464 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 7465 } 7466 7467 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 7468 { 7469 struct mgmt_ev_pin_code_request ev; 7470 7471 bacpy(&ev.addr.bdaddr, bdaddr); 7472 ev.addr.type = BDADDR_BREDR; 7473 ev.secure = secure; 7474 7475 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 7476 } 7477 7478 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7479 u8 status) 7480 { 7481 struct mgmt_pending_cmd *cmd; 7482 7483 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 7484 if (!cmd) 7485 return; 7486 7487 cmd->cmd_complete(cmd, mgmt_status(status)); 7488 mgmt_pending_remove(cmd); 7489 } 7490 7491 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7492 u8 status) 7493 { 7494 struct mgmt_pending_cmd *cmd; 7495 7496 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 7497 if (!cmd) 7498 return; 7499 7500 cmd->cmd_complete(cmd, mgmt_status(status)); 7501 mgmt_pending_remove(cmd); 7502 } 7503 7504 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7505 u8 link_type, u8 addr_type, u32 value, 7506 u8 confirm_hint) 7507 { 7508 struct mgmt_ev_user_confirm_request ev; 7509 7510 BT_DBG("%s", hdev->name); 7511 7512 bacpy(&ev.addr.bdaddr, bdaddr); 7513 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7514 ev.confirm_hint = confirm_hint; 7515 ev.value = cpu_to_le32(value); 7516 7517 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 7518 NULL); 7519 } 7520 7521 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7522 u8 link_type, u8 addr_type) 7523 { 7524 struct mgmt_ev_user_passkey_request ev; 7525 7526 BT_DBG("%s", hdev->name); 7527 7528 bacpy(&ev.addr.bdaddr, bdaddr); 7529 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7530 7531 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 7532 NULL); 7533 } 7534 7535 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7536 u8 link_type, u8 addr_type, u8 status, 7537 u8 opcode) 7538 { 7539 struct mgmt_pending_cmd *cmd; 7540 7541 cmd = pending_find(opcode, hdev); 7542 if (!cmd) 7543 return -ENOENT; 7544 7545 cmd->cmd_complete(cmd, mgmt_status(status)); 7546 mgmt_pending_remove(cmd); 7547 7548 return 0; 7549 } 7550 7551 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7552 u8 link_type, u8 addr_type, u8 status) 7553 { 7554 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7555 status, MGMT_OP_USER_CONFIRM_REPLY); 7556 } 7557 7558 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7559 u8 link_type, u8 addr_type, u8 status) 7560 { 7561 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7562 status, 7563 MGMT_OP_USER_CONFIRM_NEG_REPLY); 7564 } 7565 7566 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7567 u8 link_type, u8 addr_type, u8 status) 7568 { 7569 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7570 status, MGMT_OP_USER_PASSKEY_REPLY); 7571 } 7572 7573 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7574 u8 link_type, u8 addr_type, u8 status) 7575 { 7576 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7577 status, 7578 MGMT_OP_USER_PASSKEY_NEG_REPLY); 7579 } 7580 7581 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 7582 u8 link_type, u8 addr_type, u32 passkey, 7583 u8 entered) 7584 { 7585 struct mgmt_ev_passkey_notify ev; 7586 7587 BT_DBG("%s", hdev->name); 7588 7589 bacpy(&ev.addr.bdaddr, bdaddr); 7590 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7591 ev.passkey = __cpu_to_le32(passkey); 7592 ev.entered = entered; 7593 7594 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 7595 } 7596 7597 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 7598 { 7599 struct mgmt_ev_auth_failed ev; 7600 struct mgmt_pending_cmd *cmd; 7601 u8 status = mgmt_status(hci_status); 7602 7603 bacpy(&ev.addr.bdaddr, &conn->dst); 7604 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7605 ev.status = status; 7606 7607 cmd = find_pairing(conn); 7608 7609 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 7610 cmd ? cmd->sk : NULL); 7611 7612 if (cmd) { 7613 cmd->cmd_complete(cmd, status); 7614 mgmt_pending_remove(cmd); 7615 } 7616 } 7617 7618 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 7619 { 7620 struct cmd_lookup match = { NULL, hdev }; 7621 bool changed; 7622 7623 if (status) { 7624 u8 mgmt_err = mgmt_status(status); 7625 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 7626 cmd_status_rsp, &mgmt_err); 7627 return; 7628 } 7629 7630 if (test_bit(HCI_AUTH, &hdev->flags)) 7631 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 7632 else 7633 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 7634 7635 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 7636 &match); 7637 7638 if (changed) 7639 new_settings(hdev, match.sk); 7640 7641 if (match.sk) 7642 sock_put(match.sk); 7643 } 7644 7645 static void clear_eir(struct hci_request *req) 7646 { 7647 struct hci_dev *hdev = req->hdev; 7648 struct hci_cp_write_eir cp; 7649 7650 if (!lmp_ext_inq_capable(hdev)) 7651 return; 7652 7653 memset(hdev->eir, 0, sizeof(hdev->eir)); 7654 7655 memset(&cp, 0, sizeof(cp)); 7656 7657 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7658 } 7659 7660 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7661 { 7662 struct cmd_lookup match = { NULL, hdev }; 7663 struct hci_request req; 7664 bool changed = false; 7665 7666 if (status) { 7667 u8 mgmt_err = mgmt_status(status); 7668 7669 if (enable && hci_dev_test_and_clear_flag(hdev, 7670 HCI_SSP_ENABLED)) { 7671 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7672 new_settings(hdev, NULL); 7673 } 7674 7675 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7676 &mgmt_err); 7677 return; 7678 } 7679 7680 if (enable) { 7681 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7682 } else { 7683 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7684 if (!changed) 7685 changed = hci_dev_test_and_clear_flag(hdev, 7686 HCI_HS_ENABLED); 7687 else 7688 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7689 } 7690 7691 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7692 7693 if (changed) 7694 new_settings(hdev, match.sk); 7695 7696 if (match.sk) 7697 sock_put(match.sk); 7698 7699 hci_req_init(&req, hdev); 7700 7701 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7702 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7703 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7704 sizeof(enable), &enable); 7705 __hci_req_update_eir(&req); 7706 } else { 7707 clear_eir(&req); 7708 } 7709 7710 hci_req_run(&req, NULL); 7711 } 7712 7713 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7714 { 7715 struct cmd_lookup *match = data; 7716 7717 if (match->sk == NULL) { 7718 match->sk = cmd->sk; 7719 sock_hold(match->sk); 7720 } 7721 } 7722 7723 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7724 u8 status) 7725 { 7726 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7727 7728 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7729 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7730 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7731 7732 if (!status) { 7733 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 7734 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7735 ext_info_changed(hdev, NULL); 7736 } 7737 7738 if (match.sk) 7739 sock_put(match.sk); 7740 } 7741 7742 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7743 { 7744 struct mgmt_cp_set_local_name ev; 7745 struct mgmt_pending_cmd *cmd; 7746 7747 if (status) 7748 return; 7749 7750 memset(&ev, 0, sizeof(ev)); 7751 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7752 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7753 7754 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7755 if (!cmd) { 7756 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7757 7758 /* If this is a HCI command related to powering on the 7759 * HCI dev don't send any mgmt signals. 7760 */ 7761 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7762 return; 7763 } 7764 7765 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7766 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 7767 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 7768 } 7769 7770 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7771 { 7772 int i; 7773 7774 for (i = 0; i < uuid_count; i++) { 7775 if (!memcmp(uuid, uuids[i], 16)) 7776 return true; 7777 } 7778 7779 return false; 7780 } 7781 7782 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7783 { 7784 u16 parsed = 0; 7785 7786 while (parsed < eir_len) { 7787 u8 field_len = eir[0]; 7788 u8 uuid[16]; 7789 int i; 7790 7791 if (field_len == 0) 7792 break; 7793 7794 if (eir_len - parsed < field_len + 1) 7795 break; 7796 7797 switch (eir[1]) { 7798 case EIR_UUID16_ALL: 7799 case EIR_UUID16_SOME: 7800 for (i = 0; i + 3 <= field_len; i += 2) { 7801 memcpy(uuid, bluetooth_base_uuid, 16); 7802 uuid[13] = eir[i + 3]; 7803 uuid[12] = eir[i + 2]; 7804 if (has_uuid(uuid, uuid_count, uuids)) 7805 return true; 7806 } 7807 break; 7808 case EIR_UUID32_ALL: 7809 case EIR_UUID32_SOME: 7810 for (i = 0; i + 5 <= field_len; i += 4) { 7811 memcpy(uuid, bluetooth_base_uuid, 16); 7812 uuid[15] = eir[i + 5]; 7813 uuid[14] = eir[i + 4]; 7814 uuid[13] = eir[i + 3]; 7815 uuid[12] = eir[i + 2]; 7816 if (has_uuid(uuid, uuid_count, uuids)) 7817 return true; 7818 } 7819 break; 7820 case EIR_UUID128_ALL: 7821 case EIR_UUID128_SOME: 7822 for (i = 0; i + 17 <= field_len; i += 16) { 7823 memcpy(uuid, eir + i + 2, 16); 7824 if (has_uuid(uuid, uuid_count, uuids)) 7825 return true; 7826 } 7827 break; 7828 } 7829 7830 parsed += field_len + 1; 7831 eir += field_len + 1; 7832 } 7833 7834 return false; 7835 } 7836 7837 static void restart_le_scan(struct hci_dev *hdev) 7838 { 7839 /* If controller is not scanning we are done. */ 7840 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7841 return; 7842 7843 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7844 hdev->discovery.scan_start + 7845 hdev->discovery.scan_duration)) 7846 return; 7847 7848 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7849 DISCOV_LE_RESTART_DELAY); 7850 } 7851 7852 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7853 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7854 { 7855 /* If a RSSI threshold has been specified, and 7856 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7857 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7858 * is set, let it through for further processing, as we might need to 7859 * restart the scan. 7860 * 7861 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7862 * the results are also dropped. 7863 */ 7864 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7865 (rssi == HCI_RSSI_INVALID || 7866 (rssi < hdev->discovery.rssi && 7867 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7868 return false; 7869 7870 if (hdev->discovery.uuid_count != 0) { 7871 /* If a list of UUIDs is provided in filter, results with no 7872 * matching UUID should be dropped. 7873 */ 7874 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7875 hdev->discovery.uuids) && 7876 !eir_has_uuids(scan_rsp, scan_rsp_len, 7877 hdev->discovery.uuid_count, 7878 hdev->discovery.uuids)) 7879 return false; 7880 } 7881 7882 /* If duplicate filtering does not report RSSI changes, then restart 7883 * scanning to ensure updated result with updated RSSI values. 7884 */ 7885 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7886 restart_le_scan(hdev); 7887 7888 /* Validate RSSI value against the RSSI threshold once more. */ 7889 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7890 rssi < hdev->discovery.rssi) 7891 return false; 7892 } 7893 7894 return true; 7895 } 7896 7897 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7898 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7899 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7900 { 7901 char buf[512]; 7902 struct mgmt_ev_device_found *ev = (void *)buf; 7903 size_t ev_size; 7904 7905 /* Don't send events for a non-kernel initiated discovery. With 7906 * LE one exception is if we have pend_le_reports > 0 in which 7907 * case we're doing passive scanning and want these events. 7908 */ 7909 if (!hci_discovery_active(hdev)) { 7910 if (link_type == ACL_LINK) 7911 return; 7912 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7913 return; 7914 } 7915 7916 if (hdev->discovery.result_filtering) { 7917 /* We are using service discovery */ 7918 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7919 scan_rsp_len)) 7920 return; 7921 } 7922 7923 if (hdev->discovery.limited) { 7924 /* Check for limited discoverable bit */ 7925 if (dev_class) { 7926 if (!(dev_class[1] & 0x20)) 7927 return; 7928 } else { 7929 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7930 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7931 return; 7932 } 7933 } 7934 7935 /* Make sure that the buffer is big enough. The 5 extra bytes 7936 * are for the potential CoD field. 7937 */ 7938 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7939 return; 7940 7941 memset(buf, 0, sizeof(buf)); 7942 7943 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7944 * RSSI value was reported as 0 when not available. This behavior 7945 * is kept when using device discovery. This is required for full 7946 * backwards compatibility with the API. 7947 * 7948 * However when using service discovery, the value 127 will be 7949 * returned when the RSSI is not available. 7950 */ 7951 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7952 link_type == ACL_LINK) 7953 rssi = 0; 7954 7955 bacpy(&ev->addr.bdaddr, bdaddr); 7956 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7957 ev->rssi = rssi; 7958 ev->flags = cpu_to_le32(flags); 7959 7960 if (eir_len > 0) 7961 /* Copy EIR or advertising data into event */ 7962 memcpy(ev->eir, eir, eir_len); 7963 7964 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7965 NULL)) 7966 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7967 dev_class, 3); 7968 7969 if (scan_rsp_len > 0) 7970 /* Append scan response data to event */ 7971 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7972 7973 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7974 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7975 7976 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7977 } 7978 7979 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7980 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7981 { 7982 struct mgmt_ev_device_found *ev; 7983 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7984 u16 eir_len; 7985 7986 ev = (struct mgmt_ev_device_found *) buf; 7987 7988 memset(buf, 0, sizeof(buf)); 7989 7990 bacpy(&ev->addr.bdaddr, bdaddr); 7991 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7992 ev->rssi = rssi; 7993 7994 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7995 name_len); 7996 7997 ev->eir_len = cpu_to_le16(eir_len); 7998 7999 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 8000 } 8001 8002 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 8003 { 8004 struct mgmt_ev_discovering ev; 8005 8006 BT_DBG("%s discovering %u", hdev->name, discovering); 8007 8008 memset(&ev, 0, sizeof(ev)); 8009 ev.type = hdev->discovery.type; 8010 ev.discovering = discovering; 8011 8012 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 8013 } 8014 8015 static struct hci_mgmt_chan chan = { 8016 .channel = HCI_CHANNEL_CONTROL, 8017 .handler_count = ARRAY_SIZE(mgmt_handlers), 8018 .handlers = mgmt_handlers, 8019 .hdev_init = mgmt_init_hdev, 8020 }; 8021 8022 int mgmt_init(void) 8023 { 8024 return hci_mgmt_chan_register(&chan); 8025 } 8026 8027 void mgmt_exit(void) 8028 { 8029 hci_mgmt_chan_unregister(&chan); 8030 } 8031