1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 14 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 MGMT_OP_READ_EXT_INFO, 108 MGMT_OP_SET_APPEARANCE, 109 }; 110 111 static const u16 mgmt_events[] = { 112 MGMT_EV_CONTROLLER_ERROR, 113 MGMT_EV_INDEX_ADDED, 114 MGMT_EV_INDEX_REMOVED, 115 MGMT_EV_NEW_SETTINGS, 116 MGMT_EV_CLASS_OF_DEV_CHANGED, 117 MGMT_EV_LOCAL_NAME_CHANGED, 118 MGMT_EV_NEW_LINK_KEY, 119 MGMT_EV_NEW_LONG_TERM_KEY, 120 MGMT_EV_DEVICE_CONNECTED, 121 MGMT_EV_DEVICE_DISCONNECTED, 122 MGMT_EV_CONNECT_FAILED, 123 MGMT_EV_PIN_CODE_REQUEST, 124 MGMT_EV_USER_CONFIRM_REQUEST, 125 MGMT_EV_USER_PASSKEY_REQUEST, 126 MGMT_EV_AUTH_FAILED, 127 MGMT_EV_DEVICE_FOUND, 128 MGMT_EV_DISCOVERING, 129 MGMT_EV_DEVICE_BLOCKED, 130 MGMT_EV_DEVICE_UNBLOCKED, 131 MGMT_EV_DEVICE_UNPAIRED, 132 MGMT_EV_PASSKEY_NOTIFY, 133 MGMT_EV_NEW_IRK, 134 MGMT_EV_NEW_CSRK, 135 MGMT_EV_DEVICE_ADDED, 136 MGMT_EV_DEVICE_REMOVED, 137 MGMT_EV_NEW_CONN_PARAM, 138 MGMT_EV_UNCONF_INDEX_ADDED, 139 MGMT_EV_UNCONF_INDEX_REMOVED, 140 MGMT_EV_NEW_CONFIG_OPTIONS, 141 MGMT_EV_EXT_INDEX_ADDED, 142 MGMT_EV_EXT_INDEX_REMOVED, 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 144 MGMT_EV_ADVERTISING_ADDED, 145 MGMT_EV_ADVERTISING_REMOVED, 146 MGMT_EV_EXT_INFO_CHANGED, 147 }; 148 149 static const u16 mgmt_untrusted_commands[] = { 150 MGMT_OP_READ_INDEX_LIST, 151 MGMT_OP_READ_INFO, 152 MGMT_OP_READ_UNCONF_INDEX_LIST, 153 MGMT_OP_READ_CONFIG_INFO, 154 MGMT_OP_READ_EXT_INDEX_LIST, 155 MGMT_OP_READ_EXT_INFO, 156 }; 157 158 static const u16 mgmt_untrusted_events[] = { 159 MGMT_EV_INDEX_ADDED, 160 MGMT_EV_INDEX_REMOVED, 161 MGMT_EV_NEW_SETTINGS, 162 MGMT_EV_CLASS_OF_DEV_CHANGED, 163 MGMT_EV_LOCAL_NAME_CHANGED, 164 MGMT_EV_UNCONF_INDEX_ADDED, 165 MGMT_EV_UNCONF_INDEX_REMOVED, 166 MGMT_EV_NEW_CONFIG_OPTIONS, 167 MGMT_EV_EXT_INDEX_ADDED, 168 MGMT_EV_EXT_INDEX_REMOVED, 169 MGMT_EV_EXT_INFO_CHANGED, 170 }; 171 172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 173 174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 175 "\x00\x00\x00\x00\x00\x00\x00\x00" 176 177 /* HCI to MGMT error code conversion table */ 178 static u8 mgmt_status_table[] = { 179 MGMT_STATUS_SUCCESS, 180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 182 MGMT_STATUS_FAILED, /* Hardware Failure */ 183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 191 MGMT_STATUS_BUSY, /* Command Disallowed */ 192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 193 MGMT_STATUS_REJECTED, /* Rejected Security */ 194 MGMT_STATUS_REJECTED, /* Rejected Personal */ 195 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 202 MGMT_STATUS_BUSY, /* Repeated Attempts */ 203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 210 MGMT_STATUS_FAILED, /* Unspecified Error */ 211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 217 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 219 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 221 MGMT_STATUS_FAILED, /* Transaction Collision */ 222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 223 MGMT_STATUS_REJECTED, /* QoS Rejected */ 224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 225 MGMT_STATUS_REJECTED, /* Insufficient Security */ 226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 227 MGMT_STATUS_BUSY, /* Role Switch Pending */ 228 MGMT_STATUS_FAILED, /* Slot Violation */ 229 MGMT_STATUS_FAILED, /* Role Switch Failed */ 230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 232 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 234 MGMT_STATUS_BUSY, /* Controller Busy */ 235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 240 }; 241 242 static u8 mgmt_status(u8 hci_status) 243 { 244 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 245 return mgmt_status_table[hci_status]; 246 247 return MGMT_STATUS_FAILED; 248 } 249 250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 251 u16 len, int flag) 252 { 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 254 flag, NULL); 255 } 256 257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 258 u16 len, int flag, struct sock *skip_sk) 259 { 260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 261 flag, skip_sk); 262 } 263 264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 265 struct sock *skip_sk) 266 { 267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 268 HCI_SOCK_TRUSTED, skip_sk); 269 } 270 271 static u8 le_addr_type(u8 mgmt_addr_type) 272 { 273 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 274 return ADDR_LE_DEV_PUBLIC; 275 else 276 return ADDR_LE_DEV_RANDOM; 277 } 278 279 void mgmt_fill_version_info(void *ver) 280 { 281 struct mgmt_rp_read_version *rp = ver; 282 283 rp->version = MGMT_VERSION; 284 rp->revision = cpu_to_le16(MGMT_REVISION); 285 } 286 287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 288 u16 data_len) 289 { 290 struct mgmt_rp_read_version rp; 291 292 BT_DBG("sock %p", sk); 293 294 mgmt_fill_version_info(&rp); 295 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 297 &rp, sizeof(rp)); 298 } 299 300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 301 u16 data_len) 302 { 303 struct mgmt_rp_read_commands *rp; 304 u16 num_commands, num_events; 305 size_t rp_size; 306 int i, err; 307 308 BT_DBG("sock %p", sk); 309 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 311 num_commands = ARRAY_SIZE(mgmt_commands); 312 num_events = ARRAY_SIZE(mgmt_events); 313 } else { 314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 315 num_events = ARRAY_SIZE(mgmt_untrusted_events); 316 } 317 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 319 320 rp = kmalloc(rp_size, GFP_KERNEL); 321 if (!rp) 322 return -ENOMEM; 323 324 rp->num_commands = cpu_to_le16(num_commands); 325 rp->num_events = cpu_to_le16(num_events); 326 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 328 __le16 *opcode = rp->opcodes; 329 330 for (i = 0; i < num_commands; i++, opcode++) 331 put_unaligned_le16(mgmt_commands[i], opcode); 332 333 for (i = 0; i < num_events; i++, opcode++) 334 put_unaligned_le16(mgmt_events[i], opcode); 335 } else { 336 __le16 *opcode = rp->opcodes; 337 338 for (i = 0; i < num_commands; i++, opcode++) 339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 340 341 for (i = 0; i < num_events; i++, opcode++) 342 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 343 } 344 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 346 rp, rp_size); 347 kfree(rp); 348 349 return err; 350 } 351 352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 353 u16 data_len) 354 { 355 struct mgmt_rp_read_index_list *rp; 356 struct hci_dev *d; 357 size_t rp_len; 358 u16 count; 359 int err; 360 361 BT_DBG("sock %p", sk); 362 363 read_lock(&hci_dev_list_lock); 364 365 count = 0; 366 list_for_each_entry(d, &hci_dev_list, list) { 367 if (d->dev_type == HCI_PRIMARY && 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 369 count++; 370 } 371 372 rp_len = sizeof(*rp) + (2 * count); 373 rp = kmalloc(rp_len, GFP_ATOMIC); 374 if (!rp) { 375 read_unlock(&hci_dev_list_lock); 376 return -ENOMEM; 377 } 378 379 count = 0; 380 list_for_each_entry(d, &hci_dev_list, list) { 381 if (hci_dev_test_flag(d, HCI_SETUP) || 382 hci_dev_test_flag(d, HCI_CONFIG) || 383 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 384 continue; 385 386 /* Devices marked as raw-only are neither configured 387 * nor unconfigured controllers. 388 */ 389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 390 continue; 391 392 if (d->dev_type == HCI_PRIMARY && 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 394 rp->index[count++] = cpu_to_le16(d->id); 395 BT_DBG("Added hci%u", d->id); 396 } 397 } 398 399 rp->num_controllers = cpu_to_le16(count); 400 rp_len = sizeof(*rp) + (2 * count); 401 402 read_unlock(&hci_dev_list_lock); 403 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 405 0, rp, rp_len); 406 407 kfree(rp); 408 409 return err; 410 } 411 412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 413 void *data, u16 data_len) 414 { 415 struct mgmt_rp_read_unconf_index_list *rp; 416 struct hci_dev *d; 417 size_t rp_len; 418 u16 count; 419 int err; 420 421 BT_DBG("sock %p", sk); 422 423 read_lock(&hci_dev_list_lock); 424 425 count = 0; 426 list_for_each_entry(d, &hci_dev_list, list) { 427 if (d->dev_type == HCI_PRIMARY && 428 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 429 count++; 430 } 431 432 rp_len = sizeof(*rp) + (2 * count); 433 rp = kmalloc(rp_len, GFP_ATOMIC); 434 if (!rp) { 435 read_unlock(&hci_dev_list_lock); 436 return -ENOMEM; 437 } 438 439 count = 0; 440 list_for_each_entry(d, &hci_dev_list, list) { 441 if (hci_dev_test_flag(d, HCI_SETUP) || 442 hci_dev_test_flag(d, HCI_CONFIG) || 443 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 444 continue; 445 446 /* Devices marked as raw-only are neither configured 447 * nor unconfigured controllers. 448 */ 449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 450 continue; 451 452 if (d->dev_type == HCI_PRIMARY && 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 454 rp->index[count++] = cpu_to_le16(d->id); 455 BT_DBG("Added hci%u", d->id); 456 } 457 } 458 459 rp->num_controllers = cpu_to_le16(count); 460 rp_len = sizeof(*rp) + (2 * count); 461 462 read_unlock(&hci_dev_list_lock); 463 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 466 467 kfree(rp); 468 469 return err; 470 } 471 472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 473 void *data, u16 data_len) 474 { 475 struct mgmt_rp_read_ext_index_list *rp; 476 struct hci_dev *d; 477 size_t rp_len; 478 u16 count; 479 int err; 480 481 BT_DBG("sock %p", sk); 482 483 read_lock(&hci_dev_list_lock); 484 485 count = 0; 486 list_for_each_entry(d, &hci_dev_list, list) { 487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 488 count++; 489 } 490 491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 492 rp = kmalloc(rp_len, GFP_ATOMIC); 493 if (!rp) { 494 read_unlock(&hci_dev_list_lock); 495 return -ENOMEM; 496 } 497 498 count = 0; 499 list_for_each_entry(d, &hci_dev_list, list) { 500 if (hci_dev_test_flag(d, HCI_SETUP) || 501 hci_dev_test_flag(d, HCI_CONFIG) || 502 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 503 continue; 504 505 /* Devices marked as raw-only are neither configured 506 * nor unconfigured controllers. 507 */ 508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 509 continue; 510 511 if (d->dev_type == HCI_PRIMARY) { 512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 513 rp->entry[count].type = 0x01; 514 else 515 rp->entry[count].type = 0x00; 516 } else if (d->dev_type == HCI_AMP) { 517 rp->entry[count].type = 0x02; 518 } else { 519 continue; 520 } 521 522 rp->entry[count].bus = d->bus; 523 rp->entry[count++].index = cpu_to_le16(d->id); 524 BT_DBG("Added hci%u", d->id); 525 } 526 527 rp->num_controllers = cpu_to_le16(count); 528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 529 530 read_unlock(&hci_dev_list_lock); 531 532 /* If this command is called at least once, then all the 533 * default index and unconfigured index events are disabled 534 * and from now on only extended index events are used. 535 */ 536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 539 540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 542 543 kfree(rp); 544 545 return err; 546 } 547 548 static bool is_configured(struct hci_dev *hdev) 549 { 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 552 return false; 553 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 555 !bacmp(&hdev->public_addr, BDADDR_ANY)) 556 return false; 557 558 return true; 559 } 560 561 static __le32 get_missing_options(struct hci_dev *hdev) 562 { 563 u32 options = 0; 564 565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 567 options |= MGMT_OPTION_EXTERNAL_CONFIG; 568 569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 570 !bacmp(&hdev->public_addr, BDADDR_ANY)) 571 options |= MGMT_OPTION_PUBLIC_ADDRESS; 572 573 return cpu_to_le32(options); 574 } 575 576 static int new_options(struct hci_dev *hdev, struct sock *skip) 577 { 578 __le32 options = get_missing_options(hdev); 579 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 582 } 583 584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 585 { 586 __le32 options = get_missing_options(hdev); 587 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 589 sizeof(options)); 590 } 591 592 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 593 void *data, u16 data_len) 594 { 595 struct mgmt_rp_read_config_info rp; 596 u32 options = 0; 597 598 BT_DBG("sock %p %s", sk, hdev->name); 599 600 hci_dev_lock(hdev); 601 602 memset(&rp, 0, sizeof(rp)); 603 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 604 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 606 options |= MGMT_OPTION_EXTERNAL_CONFIG; 607 608 if (hdev->set_bdaddr) 609 options |= MGMT_OPTION_PUBLIC_ADDRESS; 610 611 rp.supported_options = cpu_to_le32(options); 612 rp.missing_options = get_missing_options(hdev); 613 614 hci_dev_unlock(hdev); 615 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 617 &rp, sizeof(rp)); 618 } 619 620 static u32 get_supported_settings(struct hci_dev *hdev) 621 { 622 u32 settings = 0; 623 624 settings |= MGMT_SETTING_POWERED; 625 settings |= MGMT_SETTING_BONDABLE; 626 settings |= MGMT_SETTING_DEBUG_KEYS; 627 settings |= MGMT_SETTING_CONNECTABLE; 628 settings |= MGMT_SETTING_DISCOVERABLE; 629 630 if (lmp_bredr_capable(hdev)) { 631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 632 settings |= MGMT_SETTING_FAST_CONNECTABLE; 633 settings |= MGMT_SETTING_BREDR; 634 settings |= MGMT_SETTING_LINK_SECURITY; 635 636 if (lmp_ssp_capable(hdev)) { 637 settings |= MGMT_SETTING_SSP; 638 settings |= MGMT_SETTING_HS; 639 } 640 641 if (lmp_sc_capable(hdev)) 642 settings |= MGMT_SETTING_SECURE_CONN; 643 } 644 645 if (lmp_le_capable(hdev)) { 646 settings |= MGMT_SETTING_LE; 647 settings |= MGMT_SETTING_ADVERTISING; 648 settings |= MGMT_SETTING_SECURE_CONN; 649 settings |= MGMT_SETTING_PRIVACY; 650 settings |= MGMT_SETTING_STATIC_ADDRESS; 651 } 652 653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 654 hdev->set_bdaddr) 655 settings |= MGMT_SETTING_CONFIGURATION; 656 657 return settings; 658 } 659 660 static u32 get_current_settings(struct hci_dev *hdev) 661 { 662 u32 settings = 0; 663 664 if (hdev_is_powered(hdev)) 665 settings |= MGMT_SETTING_POWERED; 666 667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 668 settings |= MGMT_SETTING_CONNECTABLE; 669 670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 671 settings |= MGMT_SETTING_FAST_CONNECTABLE; 672 673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 674 settings |= MGMT_SETTING_DISCOVERABLE; 675 676 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 677 settings |= MGMT_SETTING_BONDABLE; 678 679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 680 settings |= MGMT_SETTING_BREDR; 681 682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 683 settings |= MGMT_SETTING_LE; 684 685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 686 settings |= MGMT_SETTING_LINK_SECURITY; 687 688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 689 settings |= MGMT_SETTING_SSP; 690 691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 692 settings |= MGMT_SETTING_HS; 693 694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 695 settings |= MGMT_SETTING_ADVERTISING; 696 697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 698 settings |= MGMT_SETTING_SECURE_CONN; 699 700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 701 settings |= MGMT_SETTING_DEBUG_KEYS; 702 703 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 704 settings |= MGMT_SETTING_PRIVACY; 705 706 /* The current setting for static address has two purposes. The 707 * first is to indicate if the static address will be used and 708 * the second is to indicate if it is actually set. 709 * 710 * This means if the static address is not configured, this flag 711 * will never be set. If the address is configured, then if the 712 * address is actually used decides if the flag is set or not. 713 * 714 * For single mode LE only controllers and dual-mode controllers 715 * with BR/EDR disabled, the existence of the static address will 716 * be evaluated. 717 */ 718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 721 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 722 settings |= MGMT_SETTING_STATIC_ADDRESS; 723 } 724 725 return settings; 726 } 727 728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 729 { 730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 731 } 732 733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 734 struct hci_dev *hdev, 735 const void *data) 736 { 737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 738 } 739 740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 741 { 742 struct mgmt_pending_cmd *cmd; 743 744 /* If there's a pending mgmt command the flags will not yet have 745 * their final values, so check for this first. 746 */ 747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 748 if (cmd) { 749 struct mgmt_mode *cp = cmd->param; 750 if (cp->val == 0x01) 751 return LE_AD_GENERAL; 752 else if (cp->val == 0x02) 753 return LE_AD_LIMITED; 754 } else { 755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 756 return LE_AD_LIMITED; 757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 758 return LE_AD_GENERAL; 759 } 760 761 return 0; 762 } 763 764 bool mgmt_get_connectable(struct hci_dev *hdev) 765 { 766 struct mgmt_pending_cmd *cmd; 767 768 /* If there's a pending mgmt command the flag will not yet have 769 * it's final value, so check for this first. 770 */ 771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 772 if (cmd) { 773 struct mgmt_mode *cp = cmd->param; 774 775 return cp->val; 776 } 777 778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 779 } 780 781 static void service_cache_off(struct work_struct *work) 782 { 783 struct hci_dev *hdev = container_of(work, struct hci_dev, 784 service_cache.work); 785 struct hci_request req; 786 787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 788 return; 789 790 hci_req_init(&req, hdev); 791 792 hci_dev_lock(hdev); 793 794 __hci_req_update_eir(&req); 795 __hci_req_update_class(&req); 796 797 hci_dev_unlock(hdev); 798 799 hci_req_run(&req, NULL); 800 } 801 802 static void rpa_expired(struct work_struct *work) 803 { 804 struct hci_dev *hdev = container_of(work, struct hci_dev, 805 rpa_expired.work); 806 struct hci_request req; 807 808 BT_DBG(""); 809 810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 811 812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 813 return; 814 815 /* The generation of a new RPA and programming it into the 816 * controller happens in the hci_req_enable_advertising() 817 * function. 818 */ 819 hci_req_init(&req, hdev); 820 __hci_req_enable_advertising(&req); 821 hci_req_run(&req, NULL); 822 } 823 824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 825 { 826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 827 return; 828 829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 831 832 /* Non-mgmt controlled devices get this bit set 833 * implicitly so that pairing works for them, however 834 * for mgmt we require user-space to explicitly enable 835 * it 836 */ 837 hci_dev_clear_flag(hdev, HCI_BONDABLE); 838 } 839 840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 841 void *data, u16 data_len) 842 { 843 struct mgmt_rp_read_info rp; 844 845 BT_DBG("sock %p %s", sk, hdev->name); 846 847 hci_dev_lock(hdev); 848 849 memset(&rp, 0, sizeof(rp)); 850 851 bacpy(&rp.bdaddr, &hdev->bdaddr); 852 853 rp.version = hdev->hci_ver; 854 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 855 856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 857 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 858 859 memcpy(rp.dev_class, hdev->dev_class, 3); 860 861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 863 864 hci_dev_unlock(hdev); 865 866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 867 sizeof(rp)); 868 } 869 870 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 871 { 872 u16 eir_len = 0; 873 size_t name_len; 874 875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 877 hdev->dev_class, 3); 878 879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 881 hdev->appearance); 882 883 name_len = strlen(hdev->dev_name); 884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 885 hdev->dev_name, name_len); 886 887 name_len = strlen(hdev->short_name); 888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 889 hdev->short_name, name_len); 890 891 return eir_len; 892 } 893 894 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 895 void *data, u16 data_len) 896 { 897 char buf[512]; 898 struct mgmt_rp_read_ext_info *rp = (void *)buf; 899 u16 eir_len; 900 901 BT_DBG("sock %p %s", sk, hdev->name); 902 903 memset(&buf, 0, sizeof(buf)); 904 905 hci_dev_lock(hdev); 906 907 bacpy(&rp->bdaddr, &hdev->bdaddr); 908 909 rp->version = hdev->hci_ver; 910 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 911 912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 913 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 914 915 916 eir_len = append_eir_data_to_buf(hdev, rp->eir); 917 rp->eir_len = cpu_to_le16(eir_len); 918 919 hci_dev_unlock(hdev); 920 921 /* If this command is called at least once, then the events 922 * for class of device and local name changes are disabled 923 * and only the new extended controller information event 924 * is used. 925 */ 926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 929 930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 931 sizeof(*rp) + eir_len); 932 } 933 934 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 935 { 936 char buf[512]; 937 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 938 u16 eir_len; 939 940 memset(buf, 0, sizeof(buf)); 941 942 eir_len = append_eir_data_to_buf(hdev, ev->eir); 943 ev->eir_len = cpu_to_le16(eir_len); 944 945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 946 sizeof(*ev) + eir_len, 947 HCI_MGMT_EXT_INFO_EVENTS, skip); 948 } 949 950 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 951 { 952 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 953 954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 955 sizeof(settings)); 956 } 957 958 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 959 { 960 BT_DBG("%s status 0x%02x", hdev->name, status); 961 962 if (hci_conn_count(hdev) == 0) { 963 cancel_delayed_work(&hdev->power_off); 964 queue_work(hdev->req_workqueue, &hdev->power_off.work); 965 } 966 } 967 968 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 969 { 970 struct mgmt_ev_advertising_added ev; 971 972 ev.instance = instance; 973 974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 975 } 976 977 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 978 u8 instance) 979 { 980 struct mgmt_ev_advertising_removed ev; 981 982 ev.instance = instance; 983 984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 985 } 986 987 static void cancel_adv_timeout(struct hci_dev *hdev) 988 { 989 if (hdev->adv_instance_timeout) { 990 hdev->adv_instance_timeout = 0; 991 cancel_delayed_work(&hdev->adv_instance_expire); 992 } 993 } 994 995 static int clean_up_hci_state(struct hci_dev *hdev) 996 { 997 struct hci_request req; 998 struct hci_conn *conn; 999 bool discov_stopped; 1000 int err; 1001 1002 hci_req_init(&req, hdev); 1003 1004 if (test_bit(HCI_ISCAN, &hdev->flags) || 1005 test_bit(HCI_PSCAN, &hdev->flags)) { 1006 u8 scan = 0x00; 1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1008 } 1009 1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false); 1011 1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1013 __hci_req_disable_advertising(&req); 1014 1015 discov_stopped = hci_req_stop_discovery(&req); 1016 1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1018 /* 0x15 == Terminated due to Power Off */ 1019 __hci_abort_conn(&req, conn, 0x15); 1020 } 1021 1022 err = hci_req_run(&req, clean_up_hci_complete); 1023 if (!err && discov_stopped) 1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1025 1026 return err; 1027 } 1028 1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1030 u16 len) 1031 { 1032 struct mgmt_mode *cp = data; 1033 struct mgmt_pending_cmd *cmd; 1034 int err; 1035 1036 BT_DBG("request for %s", hdev->name); 1037 1038 if (cp->val != 0x00 && cp->val != 0x01) 1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1040 MGMT_STATUS_INVALID_PARAMS); 1041 1042 hci_dev_lock(hdev); 1043 1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1046 MGMT_STATUS_BUSY); 1047 goto failed; 1048 } 1049 1050 if (!!cp->val == hdev_is_powered(hdev)) { 1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1052 goto failed; 1053 } 1054 1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1056 if (!cmd) { 1057 err = -ENOMEM; 1058 goto failed; 1059 } 1060 1061 if (cp->val) { 1062 queue_work(hdev->req_workqueue, &hdev->power_on); 1063 err = 0; 1064 } else { 1065 /* Disconnect connections, stop scans, etc */ 1066 err = clean_up_hci_state(hdev); 1067 if (!err) 1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1069 HCI_POWER_OFF_TIMEOUT); 1070 1071 /* ENODATA means there were no HCI commands queued */ 1072 if (err == -ENODATA) { 1073 cancel_delayed_work(&hdev->power_off); 1074 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1075 err = 0; 1076 } 1077 } 1078 1079 failed: 1080 hci_dev_unlock(hdev); 1081 return err; 1082 } 1083 1084 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1085 { 1086 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1087 1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1090 } 1091 1092 int mgmt_new_settings(struct hci_dev *hdev) 1093 { 1094 return new_settings(hdev, NULL); 1095 } 1096 1097 struct cmd_lookup { 1098 struct sock *sk; 1099 struct hci_dev *hdev; 1100 u8 mgmt_status; 1101 }; 1102 1103 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1104 { 1105 struct cmd_lookup *match = data; 1106 1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1108 1109 list_del(&cmd->list); 1110 1111 if (match->sk == NULL) { 1112 match->sk = cmd->sk; 1113 sock_hold(match->sk); 1114 } 1115 1116 mgmt_pending_free(cmd); 1117 } 1118 1119 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1120 { 1121 u8 *status = data; 1122 1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1124 mgmt_pending_remove(cmd); 1125 } 1126 1127 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1128 { 1129 if (cmd->cmd_complete) { 1130 u8 *status = data; 1131 1132 cmd->cmd_complete(cmd, *status); 1133 mgmt_pending_remove(cmd); 1134 1135 return; 1136 } 1137 1138 cmd_status_rsp(cmd, data); 1139 } 1140 1141 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1142 { 1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1144 cmd->param, cmd->param_len); 1145 } 1146 1147 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1148 { 1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1150 cmd->param, sizeof(struct mgmt_addr_info)); 1151 } 1152 1153 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1154 { 1155 if (!lmp_bredr_capable(hdev)) 1156 return MGMT_STATUS_NOT_SUPPORTED; 1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1158 return MGMT_STATUS_REJECTED; 1159 else 1160 return MGMT_STATUS_SUCCESS; 1161 } 1162 1163 static u8 mgmt_le_support(struct hci_dev *hdev) 1164 { 1165 if (!lmp_le_capable(hdev)) 1166 return MGMT_STATUS_NOT_SUPPORTED; 1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1168 return MGMT_STATUS_REJECTED; 1169 else 1170 return MGMT_STATUS_SUCCESS; 1171 } 1172 1173 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1174 { 1175 struct mgmt_pending_cmd *cmd; 1176 1177 BT_DBG("status 0x%02x", status); 1178 1179 hci_dev_lock(hdev); 1180 1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1182 if (!cmd) 1183 goto unlock; 1184 1185 if (status) { 1186 u8 mgmt_err = mgmt_status(status); 1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1189 goto remove_cmd; 1190 } 1191 1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1193 hdev->discov_timeout > 0) { 1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1196 } 1197 1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1199 new_settings(hdev, cmd->sk); 1200 1201 remove_cmd: 1202 mgmt_pending_remove(cmd); 1203 1204 unlock: 1205 hci_dev_unlock(hdev); 1206 } 1207 1208 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1209 u16 len) 1210 { 1211 struct mgmt_cp_set_discoverable *cp = data; 1212 struct mgmt_pending_cmd *cmd; 1213 u16 timeout; 1214 int err; 1215 1216 BT_DBG("request for %s", hdev->name); 1217 1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1221 MGMT_STATUS_REJECTED); 1222 1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1225 MGMT_STATUS_INVALID_PARAMS); 1226 1227 timeout = __le16_to_cpu(cp->timeout); 1228 1229 /* Disabling discoverable requires that no timeout is set, 1230 * and enabling limited discoverable requires a timeout. 1231 */ 1232 if ((cp->val == 0x00 && timeout > 0) || 1233 (cp->val == 0x02 && timeout == 0)) 1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1235 MGMT_STATUS_INVALID_PARAMS); 1236 1237 hci_dev_lock(hdev); 1238 1239 if (!hdev_is_powered(hdev) && timeout > 0) { 1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1241 MGMT_STATUS_NOT_POWERED); 1242 goto failed; 1243 } 1244 1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1248 MGMT_STATUS_BUSY); 1249 goto failed; 1250 } 1251 1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1254 MGMT_STATUS_REJECTED); 1255 goto failed; 1256 } 1257 1258 if (!hdev_is_powered(hdev)) { 1259 bool changed = false; 1260 1261 /* Setting limited discoverable when powered off is 1262 * not a valid operation since it requires a timeout 1263 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1264 */ 1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1267 changed = true; 1268 } 1269 1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1271 if (err < 0) 1272 goto failed; 1273 1274 if (changed) 1275 err = new_settings(hdev, sk); 1276 1277 goto failed; 1278 } 1279 1280 /* If the current mode is the same, then just update the timeout 1281 * value with the new value. And if only the timeout gets updated, 1282 * then no need for any HCI transactions. 1283 */ 1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1285 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1286 HCI_LIMITED_DISCOVERABLE)) { 1287 cancel_delayed_work(&hdev->discov_off); 1288 hdev->discov_timeout = timeout; 1289 1290 if (cp->val && hdev->discov_timeout > 0) { 1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1292 queue_delayed_work(hdev->req_workqueue, 1293 &hdev->discov_off, to); 1294 } 1295 1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1297 goto failed; 1298 } 1299 1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1301 if (!cmd) { 1302 err = -ENOMEM; 1303 goto failed; 1304 } 1305 1306 /* Cancel any potential discoverable timeout that might be 1307 * still active and store new timeout value. The arming of 1308 * the timeout happens in the complete handler. 1309 */ 1310 cancel_delayed_work(&hdev->discov_off); 1311 hdev->discov_timeout = timeout; 1312 1313 if (cp->val) 1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1315 else 1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1317 1318 /* Limited discoverable mode */ 1319 if (cp->val == 0x02) 1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1321 else 1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1323 1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1325 err = 0; 1326 1327 failed: 1328 hci_dev_unlock(hdev); 1329 return err; 1330 } 1331 1332 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1333 { 1334 struct mgmt_pending_cmd *cmd; 1335 1336 BT_DBG("status 0x%02x", status); 1337 1338 hci_dev_lock(hdev); 1339 1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1341 if (!cmd) 1342 goto unlock; 1343 1344 if (status) { 1345 u8 mgmt_err = mgmt_status(status); 1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1347 goto remove_cmd; 1348 } 1349 1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1351 new_settings(hdev, cmd->sk); 1352 1353 remove_cmd: 1354 mgmt_pending_remove(cmd); 1355 1356 unlock: 1357 hci_dev_unlock(hdev); 1358 } 1359 1360 static int set_connectable_update_settings(struct hci_dev *hdev, 1361 struct sock *sk, u8 val) 1362 { 1363 bool changed = false; 1364 int err; 1365 1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1367 changed = true; 1368 1369 if (val) { 1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1371 } else { 1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1374 } 1375 1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1377 if (err < 0) 1378 return err; 1379 1380 if (changed) { 1381 hci_req_update_scan(hdev); 1382 hci_update_background_scan(hdev); 1383 return new_settings(hdev, sk); 1384 } 1385 1386 return 0; 1387 } 1388 1389 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1390 u16 len) 1391 { 1392 struct mgmt_mode *cp = data; 1393 struct mgmt_pending_cmd *cmd; 1394 int err; 1395 1396 BT_DBG("request for %s", hdev->name); 1397 1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1401 MGMT_STATUS_REJECTED); 1402 1403 if (cp->val != 0x00 && cp->val != 0x01) 1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1405 MGMT_STATUS_INVALID_PARAMS); 1406 1407 hci_dev_lock(hdev); 1408 1409 if (!hdev_is_powered(hdev)) { 1410 err = set_connectable_update_settings(hdev, sk, cp->val); 1411 goto failed; 1412 } 1413 1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1417 MGMT_STATUS_BUSY); 1418 goto failed; 1419 } 1420 1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1422 if (!cmd) { 1423 err = -ENOMEM; 1424 goto failed; 1425 } 1426 1427 if (cp->val) { 1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1429 } else { 1430 if (hdev->discov_timeout > 0) 1431 cancel_delayed_work(&hdev->discov_off); 1432 1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1436 } 1437 1438 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1439 err = 0; 1440 1441 failed: 1442 hci_dev_unlock(hdev); 1443 return err; 1444 } 1445 1446 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1447 u16 len) 1448 { 1449 struct mgmt_mode *cp = data; 1450 bool changed; 1451 int err; 1452 1453 BT_DBG("request for %s", hdev->name); 1454 1455 if (cp->val != 0x00 && cp->val != 0x01) 1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1457 MGMT_STATUS_INVALID_PARAMS); 1458 1459 hci_dev_lock(hdev); 1460 1461 if (cp->val) 1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1463 else 1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1465 1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1467 if (err < 0) 1468 goto unlock; 1469 1470 if (changed) { 1471 /* In limited privacy mode the change of bondable mode 1472 * may affect the local advertising address. 1473 */ 1474 if (hdev_is_powered(hdev) && 1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) && 1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 1478 queue_work(hdev->req_workqueue, 1479 &hdev->discoverable_update); 1480 1481 err = new_settings(hdev, sk); 1482 } 1483 1484 unlock: 1485 hci_dev_unlock(hdev); 1486 return err; 1487 } 1488 1489 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1490 u16 len) 1491 { 1492 struct mgmt_mode *cp = data; 1493 struct mgmt_pending_cmd *cmd; 1494 u8 val, status; 1495 int err; 1496 1497 BT_DBG("request for %s", hdev->name); 1498 1499 status = mgmt_bredr_support(hdev); 1500 if (status) 1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1502 status); 1503 1504 if (cp->val != 0x00 && cp->val != 0x01) 1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1506 MGMT_STATUS_INVALID_PARAMS); 1507 1508 hci_dev_lock(hdev); 1509 1510 if (!hdev_is_powered(hdev)) { 1511 bool changed = false; 1512 1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1515 changed = true; 1516 } 1517 1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1519 if (err < 0) 1520 goto failed; 1521 1522 if (changed) 1523 err = new_settings(hdev, sk); 1524 1525 goto failed; 1526 } 1527 1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1530 MGMT_STATUS_BUSY); 1531 goto failed; 1532 } 1533 1534 val = !!cp->val; 1535 1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1538 goto failed; 1539 } 1540 1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1542 if (!cmd) { 1543 err = -ENOMEM; 1544 goto failed; 1545 } 1546 1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1548 if (err < 0) { 1549 mgmt_pending_remove(cmd); 1550 goto failed; 1551 } 1552 1553 failed: 1554 hci_dev_unlock(hdev); 1555 return err; 1556 } 1557 1558 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1559 { 1560 struct mgmt_mode *cp = data; 1561 struct mgmt_pending_cmd *cmd; 1562 u8 status; 1563 int err; 1564 1565 BT_DBG("request for %s", hdev->name); 1566 1567 status = mgmt_bredr_support(hdev); 1568 if (status) 1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1570 1571 if (!lmp_ssp_capable(hdev)) 1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1573 MGMT_STATUS_NOT_SUPPORTED); 1574 1575 if (cp->val != 0x00 && cp->val != 0x01) 1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1577 MGMT_STATUS_INVALID_PARAMS); 1578 1579 hci_dev_lock(hdev); 1580 1581 if (!hdev_is_powered(hdev)) { 1582 bool changed; 1583 1584 if (cp->val) { 1585 changed = !hci_dev_test_and_set_flag(hdev, 1586 HCI_SSP_ENABLED); 1587 } else { 1588 changed = hci_dev_test_and_clear_flag(hdev, 1589 HCI_SSP_ENABLED); 1590 if (!changed) 1591 changed = hci_dev_test_and_clear_flag(hdev, 1592 HCI_HS_ENABLED); 1593 else 1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1595 } 1596 1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1598 if (err < 0) 1599 goto failed; 1600 1601 if (changed) 1602 err = new_settings(hdev, sk); 1603 1604 goto failed; 1605 } 1606 1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1609 MGMT_STATUS_BUSY); 1610 goto failed; 1611 } 1612 1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1615 goto failed; 1616 } 1617 1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1619 if (!cmd) { 1620 err = -ENOMEM; 1621 goto failed; 1622 } 1623 1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1626 sizeof(cp->val), &cp->val); 1627 1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1629 if (err < 0) { 1630 mgmt_pending_remove(cmd); 1631 goto failed; 1632 } 1633 1634 failed: 1635 hci_dev_unlock(hdev); 1636 return err; 1637 } 1638 1639 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1640 { 1641 struct mgmt_mode *cp = data; 1642 bool changed; 1643 u8 status; 1644 int err; 1645 1646 BT_DBG("request for %s", hdev->name); 1647 1648 status = mgmt_bredr_support(hdev); 1649 if (status) 1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1651 1652 if (!lmp_ssp_capable(hdev)) 1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1654 MGMT_STATUS_NOT_SUPPORTED); 1655 1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1658 MGMT_STATUS_REJECTED); 1659 1660 if (cp->val != 0x00 && cp->val != 0x01) 1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1662 MGMT_STATUS_INVALID_PARAMS); 1663 1664 hci_dev_lock(hdev); 1665 1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1668 MGMT_STATUS_BUSY); 1669 goto unlock; 1670 } 1671 1672 if (cp->val) { 1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1674 } else { 1675 if (hdev_is_powered(hdev)) { 1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1677 MGMT_STATUS_REJECTED); 1678 goto unlock; 1679 } 1680 1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1682 } 1683 1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1685 if (err < 0) 1686 goto unlock; 1687 1688 if (changed) 1689 err = new_settings(hdev, sk); 1690 1691 unlock: 1692 hci_dev_unlock(hdev); 1693 return err; 1694 } 1695 1696 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1697 { 1698 struct cmd_lookup match = { NULL, hdev }; 1699 1700 hci_dev_lock(hdev); 1701 1702 if (status) { 1703 u8 mgmt_err = mgmt_status(status); 1704 1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1706 &mgmt_err); 1707 goto unlock; 1708 } 1709 1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1711 1712 new_settings(hdev, match.sk); 1713 1714 if (match.sk) 1715 sock_put(match.sk); 1716 1717 /* Make sure the controller has a good default for 1718 * advertising data. Restrict the update to when LE 1719 * has actually been enabled. During power on, the 1720 * update in powered_update_hci will take care of it. 1721 */ 1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1723 struct hci_request req; 1724 1725 hci_req_init(&req, hdev); 1726 __hci_req_update_adv_data(&req, 0x00); 1727 __hci_req_update_scan_rsp_data(&req, 0x00); 1728 hci_req_run(&req, NULL); 1729 hci_update_background_scan(hdev); 1730 } 1731 1732 unlock: 1733 hci_dev_unlock(hdev); 1734 } 1735 1736 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1737 { 1738 struct mgmt_mode *cp = data; 1739 struct hci_cp_write_le_host_supported hci_cp; 1740 struct mgmt_pending_cmd *cmd; 1741 struct hci_request req; 1742 int err; 1743 u8 val, enabled; 1744 1745 BT_DBG("request for %s", hdev->name); 1746 1747 if (!lmp_le_capable(hdev)) 1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1749 MGMT_STATUS_NOT_SUPPORTED); 1750 1751 if (cp->val != 0x00 && cp->val != 0x01) 1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1753 MGMT_STATUS_INVALID_PARAMS); 1754 1755 /* Bluetooth single mode LE only controllers or dual-mode 1756 * controllers configured as LE only devices, do not allow 1757 * switching LE off. These have either LE enabled explicitly 1758 * or BR/EDR has been previously switched off. 1759 * 1760 * When trying to enable an already enabled LE, then gracefully 1761 * send a positive response. Trying to disable it however will 1762 * result into rejection. 1763 */ 1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1765 if (cp->val == 0x01) 1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1767 1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1769 MGMT_STATUS_REJECTED); 1770 } 1771 1772 hci_dev_lock(hdev); 1773 1774 val = !!cp->val; 1775 enabled = lmp_host_le_capable(hdev); 1776 1777 if (!val) 1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 1779 1780 if (!hdev_is_powered(hdev) || val == enabled) { 1781 bool changed = false; 1782 1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1785 changed = true; 1786 } 1787 1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1790 changed = true; 1791 } 1792 1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1794 if (err < 0) 1795 goto unlock; 1796 1797 if (changed) 1798 err = new_settings(hdev, sk); 1799 1800 goto unlock; 1801 } 1802 1803 if (pending_find(MGMT_OP_SET_LE, hdev) || 1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1806 MGMT_STATUS_BUSY); 1807 goto unlock; 1808 } 1809 1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1811 if (!cmd) { 1812 err = -ENOMEM; 1813 goto unlock; 1814 } 1815 1816 hci_req_init(&req, hdev); 1817 1818 memset(&hci_cp, 0, sizeof(hci_cp)); 1819 1820 if (val) { 1821 hci_cp.le = val; 1822 hci_cp.simul = 0x00; 1823 } else { 1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1825 __hci_req_disable_advertising(&req); 1826 } 1827 1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1829 &hci_cp); 1830 1831 err = hci_req_run(&req, le_enable_complete); 1832 if (err < 0) 1833 mgmt_pending_remove(cmd); 1834 1835 unlock: 1836 hci_dev_unlock(hdev); 1837 return err; 1838 } 1839 1840 /* This is a helper function to test for pending mgmt commands that can 1841 * cause CoD or EIR HCI commands. We can only allow one such pending 1842 * mgmt command at a time since otherwise we cannot easily track what 1843 * the current values are, will be, and based on that calculate if a new 1844 * HCI command needs to be sent and if yes with what value. 1845 */ 1846 static bool pending_eir_or_class(struct hci_dev *hdev) 1847 { 1848 struct mgmt_pending_cmd *cmd; 1849 1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1851 switch (cmd->opcode) { 1852 case MGMT_OP_ADD_UUID: 1853 case MGMT_OP_REMOVE_UUID: 1854 case MGMT_OP_SET_DEV_CLASS: 1855 case MGMT_OP_SET_POWERED: 1856 return true; 1857 } 1858 } 1859 1860 return false; 1861 } 1862 1863 static const u8 bluetooth_base_uuid[] = { 1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1866 }; 1867 1868 static u8 get_uuid_size(const u8 *uuid) 1869 { 1870 u32 val; 1871 1872 if (memcmp(uuid, bluetooth_base_uuid, 12)) 1873 return 128; 1874 1875 val = get_unaligned_le32(&uuid[12]); 1876 if (val > 0xffff) 1877 return 32; 1878 1879 return 16; 1880 } 1881 1882 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 1883 { 1884 struct mgmt_pending_cmd *cmd; 1885 1886 hci_dev_lock(hdev); 1887 1888 cmd = pending_find(mgmt_op, hdev); 1889 if (!cmd) 1890 goto unlock; 1891 1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 1893 mgmt_status(status), hdev->dev_class, 3); 1894 1895 mgmt_pending_remove(cmd); 1896 1897 unlock: 1898 hci_dev_unlock(hdev); 1899 } 1900 1901 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1902 { 1903 BT_DBG("status 0x%02x", status); 1904 1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 1906 } 1907 1908 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1909 { 1910 struct mgmt_cp_add_uuid *cp = data; 1911 struct mgmt_pending_cmd *cmd; 1912 struct hci_request req; 1913 struct bt_uuid *uuid; 1914 int err; 1915 1916 BT_DBG("request for %s", hdev->name); 1917 1918 hci_dev_lock(hdev); 1919 1920 if (pending_eir_or_class(hdev)) { 1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1922 MGMT_STATUS_BUSY); 1923 goto failed; 1924 } 1925 1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 1927 if (!uuid) { 1928 err = -ENOMEM; 1929 goto failed; 1930 } 1931 1932 memcpy(uuid->uuid, cp->uuid, 16); 1933 uuid->svc_hint = cp->svc_hint; 1934 uuid->size = get_uuid_size(cp->uuid); 1935 1936 list_add_tail(&uuid->list, &hdev->uuids); 1937 1938 hci_req_init(&req, hdev); 1939 1940 __hci_req_update_class(&req); 1941 __hci_req_update_eir(&req); 1942 1943 err = hci_req_run(&req, add_uuid_complete); 1944 if (err < 0) { 1945 if (err != -ENODATA) 1946 goto failed; 1947 1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1949 hdev->dev_class, 3); 1950 goto failed; 1951 } 1952 1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1954 if (!cmd) { 1955 err = -ENOMEM; 1956 goto failed; 1957 } 1958 1959 err = 0; 1960 1961 failed: 1962 hci_dev_unlock(hdev); 1963 return err; 1964 } 1965 1966 static bool enable_service_cache(struct hci_dev *hdev) 1967 { 1968 if (!hdev_is_powered(hdev)) 1969 return false; 1970 1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 1973 CACHE_TIMEOUT); 1974 return true; 1975 } 1976 1977 return false; 1978 } 1979 1980 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1981 { 1982 BT_DBG("status 0x%02x", status); 1983 1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 1985 } 1986 1987 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1988 u16 len) 1989 { 1990 struct mgmt_cp_remove_uuid *cp = data; 1991 struct mgmt_pending_cmd *cmd; 1992 struct bt_uuid *match, *tmp; 1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1994 struct hci_request req; 1995 int err, found; 1996 1997 BT_DBG("request for %s", hdev->name); 1998 1999 hci_dev_lock(hdev); 2000 2001 if (pending_eir_or_class(hdev)) { 2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2003 MGMT_STATUS_BUSY); 2004 goto unlock; 2005 } 2006 2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2008 hci_uuids_clear(hdev); 2009 2010 if (enable_service_cache(hdev)) { 2011 err = mgmt_cmd_complete(sk, hdev->id, 2012 MGMT_OP_REMOVE_UUID, 2013 0, hdev->dev_class, 3); 2014 goto unlock; 2015 } 2016 2017 goto update_class; 2018 } 2019 2020 found = 0; 2021 2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2023 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2024 continue; 2025 2026 list_del(&match->list); 2027 kfree(match); 2028 found++; 2029 } 2030 2031 if (found == 0) { 2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2033 MGMT_STATUS_INVALID_PARAMS); 2034 goto unlock; 2035 } 2036 2037 update_class: 2038 hci_req_init(&req, hdev); 2039 2040 __hci_req_update_class(&req); 2041 __hci_req_update_eir(&req); 2042 2043 err = hci_req_run(&req, remove_uuid_complete); 2044 if (err < 0) { 2045 if (err != -ENODATA) 2046 goto unlock; 2047 2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2049 hdev->dev_class, 3); 2050 goto unlock; 2051 } 2052 2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2054 if (!cmd) { 2055 err = -ENOMEM; 2056 goto unlock; 2057 } 2058 2059 err = 0; 2060 2061 unlock: 2062 hci_dev_unlock(hdev); 2063 return err; 2064 } 2065 2066 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2067 { 2068 BT_DBG("status 0x%02x", status); 2069 2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2071 } 2072 2073 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2074 u16 len) 2075 { 2076 struct mgmt_cp_set_dev_class *cp = data; 2077 struct mgmt_pending_cmd *cmd; 2078 struct hci_request req; 2079 int err; 2080 2081 BT_DBG("request for %s", hdev->name); 2082 2083 if (!lmp_bredr_capable(hdev)) 2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2085 MGMT_STATUS_NOT_SUPPORTED); 2086 2087 hci_dev_lock(hdev); 2088 2089 if (pending_eir_or_class(hdev)) { 2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2091 MGMT_STATUS_BUSY); 2092 goto unlock; 2093 } 2094 2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2097 MGMT_STATUS_INVALID_PARAMS); 2098 goto unlock; 2099 } 2100 2101 hdev->major_class = cp->major; 2102 hdev->minor_class = cp->minor; 2103 2104 if (!hdev_is_powered(hdev)) { 2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2106 hdev->dev_class, 3); 2107 goto unlock; 2108 } 2109 2110 hci_req_init(&req, hdev); 2111 2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2113 hci_dev_unlock(hdev); 2114 cancel_delayed_work_sync(&hdev->service_cache); 2115 hci_dev_lock(hdev); 2116 __hci_req_update_eir(&req); 2117 } 2118 2119 __hci_req_update_class(&req); 2120 2121 err = hci_req_run(&req, set_class_complete); 2122 if (err < 0) { 2123 if (err != -ENODATA) 2124 goto unlock; 2125 2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2127 hdev->dev_class, 3); 2128 goto unlock; 2129 } 2130 2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2132 if (!cmd) { 2133 err = -ENOMEM; 2134 goto unlock; 2135 } 2136 2137 err = 0; 2138 2139 unlock: 2140 hci_dev_unlock(hdev); 2141 return err; 2142 } 2143 2144 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2145 u16 len) 2146 { 2147 struct mgmt_cp_load_link_keys *cp = data; 2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2149 sizeof(struct mgmt_link_key_info)); 2150 u16 key_count, expected_len; 2151 bool changed; 2152 int i; 2153 2154 BT_DBG("request for %s", hdev->name); 2155 2156 if (!lmp_bredr_capable(hdev)) 2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2158 MGMT_STATUS_NOT_SUPPORTED); 2159 2160 key_count = __le16_to_cpu(cp->key_count); 2161 if (key_count > max_key_count) { 2162 BT_ERR("load_link_keys: too big key_count value %u", 2163 key_count); 2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2165 MGMT_STATUS_INVALID_PARAMS); 2166 } 2167 2168 expected_len = sizeof(*cp) + key_count * 2169 sizeof(struct mgmt_link_key_info); 2170 if (expected_len != len) { 2171 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 2172 expected_len, len); 2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2174 MGMT_STATUS_INVALID_PARAMS); 2175 } 2176 2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2179 MGMT_STATUS_INVALID_PARAMS); 2180 2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2182 key_count); 2183 2184 for (i = 0; i < key_count; i++) { 2185 struct mgmt_link_key_info *key = &cp->keys[i]; 2186 2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2188 return mgmt_cmd_status(sk, hdev->id, 2189 MGMT_OP_LOAD_LINK_KEYS, 2190 MGMT_STATUS_INVALID_PARAMS); 2191 } 2192 2193 hci_dev_lock(hdev); 2194 2195 hci_link_keys_clear(hdev); 2196 2197 if (cp->debug_keys) 2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2199 else 2200 changed = hci_dev_test_and_clear_flag(hdev, 2201 HCI_KEEP_DEBUG_KEYS); 2202 2203 if (changed) 2204 new_settings(hdev, NULL); 2205 2206 for (i = 0; i < key_count; i++) { 2207 struct mgmt_link_key_info *key = &cp->keys[i]; 2208 2209 /* Always ignore debug keys and require a new pairing if 2210 * the user wants to use them. 2211 */ 2212 if (key->type == HCI_LK_DEBUG_COMBINATION) 2213 continue; 2214 2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2216 key->type, key->pin_len, NULL); 2217 } 2218 2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2220 2221 hci_dev_unlock(hdev); 2222 2223 return 0; 2224 } 2225 2226 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2227 u8 addr_type, struct sock *skip_sk) 2228 { 2229 struct mgmt_ev_device_unpaired ev; 2230 2231 bacpy(&ev.addr.bdaddr, bdaddr); 2232 ev.addr.type = addr_type; 2233 2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2235 skip_sk); 2236 } 2237 2238 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2239 u16 len) 2240 { 2241 struct mgmt_cp_unpair_device *cp = data; 2242 struct mgmt_rp_unpair_device rp; 2243 struct hci_conn_params *params; 2244 struct mgmt_pending_cmd *cmd; 2245 struct hci_conn *conn; 2246 u8 addr_type; 2247 int err; 2248 2249 memset(&rp, 0, sizeof(rp)); 2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2251 rp.addr.type = cp->addr.type; 2252 2253 if (!bdaddr_type_is_valid(cp->addr.type)) 2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2255 MGMT_STATUS_INVALID_PARAMS, 2256 &rp, sizeof(rp)); 2257 2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2260 MGMT_STATUS_INVALID_PARAMS, 2261 &rp, sizeof(rp)); 2262 2263 hci_dev_lock(hdev); 2264 2265 if (!hdev_is_powered(hdev)) { 2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2267 MGMT_STATUS_NOT_POWERED, &rp, 2268 sizeof(rp)); 2269 goto unlock; 2270 } 2271 2272 if (cp->addr.type == BDADDR_BREDR) { 2273 /* If disconnection is requested, then look up the 2274 * connection. If the remote device is connected, it 2275 * will be later used to terminate the link. 2276 * 2277 * Setting it to NULL explicitly will cause no 2278 * termination of the link. 2279 */ 2280 if (cp->disconnect) 2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2282 &cp->addr.bdaddr); 2283 else 2284 conn = NULL; 2285 2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2287 if (err < 0) { 2288 err = mgmt_cmd_complete(sk, hdev->id, 2289 MGMT_OP_UNPAIR_DEVICE, 2290 MGMT_STATUS_NOT_PAIRED, &rp, 2291 sizeof(rp)); 2292 goto unlock; 2293 } 2294 2295 goto done; 2296 } 2297 2298 /* LE address type */ 2299 addr_type = le_addr_type(cp->addr.type); 2300 2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2302 2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2304 if (err < 0) { 2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2306 MGMT_STATUS_NOT_PAIRED, &rp, 2307 sizeof(rp)); 2308 goto unlock; 2309 } 2310 2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2312 if (!conn) { 2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2314 goto done; 2315 } 2316 2317 /* Abort any ongoing SMP pairing */ 2318 smp_cancel_pairing(conn); 2319 2320 /* Defer clearing up the connection parameters until closing to 2321 * give a chance of keeping them if a repairing happens. 2322 */ 2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2324 2325 /* Disable auto-connection parameters if present */ 2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2327 if (params) { 2328 if (params->explicit_connect) 2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2330 else 2331 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2332 } 2333 2334 /* If disconnection is not requested, then clear the connection 2335 * variable so that the link is not terminated. 2336 */ 2337 if (!cp->disconnect) 2338 conn = NULL; 2339 2340 done: 2341 /* If the connection variable is set, then termination of the 2342 * link is requested. 2343 */ 2344 if (!conn) { 2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2346 &rp, sizeof(rp)); 2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2348 goto unlock; 2349 } 2350 2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2352 sizeof(*cp)); 2353 if (!cmd) { 2354 err = -ENOMEM; 2355 goto unlock; 2356 } 2357 2358 cmd->cmd_complete = addr_cmd_complete; 2359 2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2361 if (err < 0) 2362 mgmt_pending_remove(cmd); 2363 2364 unlock: 2365 hci_dev_unlock(hdev); 2366 return err; 2367 } 2368 2369 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2370 u16 len) 2371 { 2372 struct mgmt_cp_disconnect *cp = data; 2373 struct mgmt_rp_disconnect rp; 2374 struct mgmt_pending_cmd *cmd; 2375 struct hci_conn *conn; 2376 int err; 2377 2378 BT_DBG(""); 2379 2380 memset(&rp, 0, sizeof(rp)); 2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2382 rp.addr.type = cp->addr.type; 2383 2384 if (!bdaddr_type_is_valid(cp->addr.type)) 2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2386 MGMT_STATUS_INVALID_PARAMS, 2387 &rp, sizeof(rp)); 2388 2389 hci_dev_lock(hdev); 2390 2391 if (!test_bit(HCI_UP, &hdev->flags)) { 2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2393 MGMT_STATUS_NOT_POWERED, &rp, 2394 sizeof(rp)); 2395 goto failed; 2396 } 2397 2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2400 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2401 goto failed; 2402 } 2403 2404 if (cp->addr.type == BDADDR_BREDR) 2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2406 &cp->addr.bdaddr); 2407 else 2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2409 le_addr_type(cp->addr.type)); 2410 2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2413 MGMT_STATUS_NOT_CONNECTED, &rp, 2414 sizeof(rp)); 2415 goto failed; 2416 } 2417 2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2419 if (!cmd) { 2420 err = -ENOMEM; 2421 goto failed; 2422 } 2423 2424 cmd->cmd_complete = generic_cmd_complete; 2425 2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2427 if (err < 0) 2428 mgmt_pending_remove(cmd); 2429 2430 failed: 2431 hci_dev_unlock(hdev); 2432 return err; 2433 } 2434 2435 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2436 { 2437 switch (link_type) { 2438 case LE_LINK: 2439 switch (addr_type) { 2440 case ADDR_LE_DEV_PUBLIC: 2441 return BDADDR_LE_PUBLIC; 2442 2443 default: 2444 /* Fallback to LE Random address type */ 2445 return BDADDR_LE_RANDOM; 2446 } 2447 2448 default: 2449 /* Fallback to BR/EDR type */ 2450 return BDADDR_BREDR; 2451 } 2452 } 2453 2454 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2455 u16 data_len) 2456 { 2457 struct mgmt_rp_get_connections *rp; 2458 struct hci_conn *c; 2459 size_t rp_len; 2460 int err; 2461 u16 i; 2462 2463 BT_DBG(""); 2464 2465 hci_dev_lock(hdev); 2466 2467 if (!hdev_is_powered(hdev)) { 2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2469 MGMT_STATUS_NOT_POWERED); 2470 goto unlock; 2471 } 2472 2473 i = 0; 2474 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2476 i++; 2477 } 2478 2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2480 rp = kmalloc(rp_len, GFP_KERNEL); 2481 if (!rp) { 2482 err = -ENOMEM; 2483 goto unlock; 2484 } 2485 2486 i = 0; 2487 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2489 continue; 2490 bacpy(&rp->addr[i].bdaddr, &c->dst); 2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2492 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2493 continue; 2494 i++; 2495 } 2496 2497 rp->conn_count = cpu_to_le16(i); 2498 2499 /* Recalculate length in case of filtered SCO connections, etc */ 2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2501 2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2503 rp_len); 2504 2505 kfree(rp); 2506 2507 unlock: 2508 hci_dev_unlock(hdev); 2509 return err; 2510 } 2511 2512 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2513 struct mgmt_cp_pin_code_neg_reply *cp) 2514 { 2515 struct mgmt_pending_cmd *cmd; 2516 int err; 2517 2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2519 sizeof(*cp)); 2520 if (!cmd) 2521 return -ENOMEM; 2522 2523 cmd->cmd_complete = addr_cmd_complete; 2524 2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2527 if (err < 0) 2528 mgmt_pending_remove(cmd); 2529 2530 return err; 2531 } 2532 2533 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2534 u16 len) 2535 { 2536 struct hci_conn *conn; 2537 struct mgmt_cp_pin_code_reply *cp = data; 2538 struct hci_cp_pin_code_reply reply; 2539 struct mgmt_pending_cmd *cmd; 2540 int err; 2541 2542 BT_DBG(""); 2543 2544 hci_dev_lock(hdev); 2545 2546 if (!hdev_is_powered(hdev)) { 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2548 MGMT_STATUS_NOT_POWERED); 2549 goto failed; 2550 } 2551 2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2553 if (!conn) { 2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2555 MGMT_STATUS_NOT_CONNECTED); 2556 goto failed; 2557 } 2558 2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2560 struct mgmt_cp_pin_code_neg_reply ncp; 2561 2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2563 2564 BT_ERR("PIN code is not 16 bytes long"); 2565 2566 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2567 if (err >= 0) 2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2569 MGMT_STATUS_INVALID_PARAMS); 2570 2571 goto failed; 2572 } 2573 2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2575 if (!cmd) { 2576 err = -ENOMEM; 2577 goto failed; 2578 } 2579 2580 cmd->cmd_complete = addr_cmd_complete; 2581 2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2583 reply.pin_len = cp->pin_len; 2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2585 2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2587 if (err < 0) 2588 mgmt_pending_remove(cmd); 2589 2590 failed: 2591 hci_dev_unlock(hdev); 2592 return err; 2593 } 2594 2595 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2596 u16 len) 2597 { 2598 struct mgmt_cp_set_io_capability *cp = data; 2599 2600 BT_DBG(""); 2601 2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2604 MGMT_STATUS_INVALID_PARAMS); 2605 2606 hci_dev_lock(hdev); 2607 2608 hdev->io_capability = cp->io_capability; 2609 2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2611 hdev->io_capability); 2612 2613 hci_dev_unlock(hdev); 2614 2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2616 NULL, 0); 2617 } 2618 2619 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2620 { 2621 struct hci_dev *hdev = conn->hdev; 2622 struct mgmt_pending_cmd *cmd; 2623 2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2626 continue; 2627 2628 if (cmd->user_data != conn) 2629 continue; 2630 2631 return cmd; 2632 } 2633 2634 return NULL; 2635 } 2636 2637 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2638 { 2639 struct mgmt_rp_pair_device rp; 2640 struct hci_conn *conn = cmd->user_data; 2641 int err; 2642 2643 bacpy(&rp.addr.bdaddr, &conn->dst); 2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2645 2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2647 status, &rp, sizeof(rp)); 2648 2649 /* So we don't get further callbacks for this connection */ 2650 conn->connect_cfm_cb = NULL; 2651 conn->security_cfm_cb = NULL; 2652 conn->disconn_cfm_cb = NULL; 2653 2654 hci_conn_drop(conn); 2655 2656 /* The device is paired so there is no need to remove 2657 * its connection parameters anymore. 2658 */ 2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2660 2661 hci_conn_put(conn); 2662 2663 return err; 2664 } 2665 2666 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2667 { 2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2669 struct mgmt_pending_cmd *cmd; 2670 2671 cmd = find_pairing(conn); 2672 if (cmd) { 2673 cmd->cmd_complete(cmd, status); 2674 mgmt_pending_remove(cmd); 2675 } 2676 } 2677 2678 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2679 { 2680 struct mgmt_pending_cmd *cmd; 2681 2682 BT_DBG("status %u", status); 2683 2684 cmd = find_pairing(conn); 2685 if (!cmd) { 2686 BT_DBG("Unable to find a pending command"); 2687 return; 2688 } 2689 2690 cmd->cmd_complete(cmd, mgmt_status(status)); 2691 mgmt_pending_remove(cmd); 2692 } 2693 2694 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2695 { 2696 struct mgmt_pending_cmd *cmd; 2697 2698 BT_DBG("status %u", status); 2699 2700 if (!status) 2701 return; 2702 2703 cmd = find_pairing(conn); 2704 if (!cmd) { 2705 BT_DBG("Unable to find a pending command"); 2706 return; 2707 } 2708 2709 cmd->cmd_complete(cmd, mgmt_status(status)); 2710 mgmt_pending_remove(cmd); 2711 } 2712 2713 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2714 u16 len) 2715 { 2716 struct mgmt_cp_pair_device *cp = data; 2717 struct mgmt_rp_pair_device rp; 2718 struct mgmt_pending_cmd *cmd; 2719 u8 sec_level, auth_type; 2720 struct hci_conn *conn; 2721 int err; 2722 2723 BT_DBG(""); 2724 2725 memset(&rp, 0, sizeof(rp)); 2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2727 rp.addr.type = cp->addr.type; 2728 2729 if (!bdaddr_type_is_valid(cp->addr.type)) 2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2731 MGMT_STATUS_INVALID_PARAMS, 2732 &rp, sizeof(rp)); 2733 2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2736 MGMT_STATUS_INVALID_PARAMS, 2737 &rp, sizeof(rp)); 2738 2739 hci_dev_lock(hdev); 2740 2741 if (!hdev_is_powered(hdev)) { 2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2743 MGMT_STATUS_NOT_POWERED, &rp, 2744 sizeof(rp)); 2745 goto unlock; 2746 } 2747 2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2750 MGMT_STATUS_ALREADY_PAIRED, &rp, 2751 sizeof(rp)); 2752 goto unlock; 2753 } 2754 2755 sec_level = BT_SECURITY_MEDIUM; 2756 auth_type = HCI_AT_DEDICATED_BONDING; 2757 2758 if (cp->addr.type == BDADDR_BREDR) { 2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2760 auth_type); 2761 } else { 2762 u8 addr_type = le_addr_type(cp->addr.type); 2763 struct hci_conn_params *p; 2764 2765 /* When pairing a new device, it is expected to remember 2766 * this device for future connections. Adding the connection 2767 * parameter information ahead of time allows tracking 2768 * of the slave preferred values and will speed up any 2769 * further connection establishment. 2770 * 2771 * If connection parameters already exist, then they 2772 * will be kept and this function does nothing. 2773 */ 2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2775 2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2777 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2778 2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2780 addr_type, sec_level, 2781 HCI_LE_CONN_TIMEOUT); 2782 } 2783 2784 if (IS_ERR(conn)) { 2785 int status; 2786 2787 if (PTR_ERR(conn) == -EBUSY) 2788 status = MGMT_STATUS_BUSY; 2789 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2790 status = MGMT_STATUS_NOT_SUPPORTED; 2791 else if (PTR_ERR(conn) == -ECONNREFUSED) 2792 status = MGMT_STATUS_REJECTED; 2793 else 2794 status = MGMT_STATUS_CONNECT_FAILED; 2795 2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2797 status, &rp, sizeof(rp)); 2798 goto unlock; 2799 } 2800 2801 if (conn->connect_cfm_cb) { 2802 hci_conn_drop(conn); 2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2804 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2805 goto unlock; 2806 } 2807 2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2809 if (!cmd) { 2810 err = -ENOMEM; 2811 hci_conn_drop(conn); 2812 goto unlock; 2813 } 2814 2815 cmd->cmd_complete = pairing_complete; 2816 2817 /* For LE, just connecting isn't a proof that the pairing finished */ 2818 if (cp->addr.type == BDADDR_BREDR) { 2819 conn->connect_cfm_cb = pairing_complete_cb; 2820 conn->security_cfm_cb = pairing_complete_cb; 2821 conn->disconn_cfm_cb = pairing_complete_cb; 2822 } else { 2823 conn->connect_cfm_cb = le_pairing_complete_cb; 2824 conn->security_cfm_cb = le_pairing_complete_cb; 2825 conn->disconn_cfm_cb = le_pairing_complete_cb; 2826 } 2827 2828 conn->io_capability = cp->io_cap; 2829 cmd->user_data = hci_conn_get(conn); 2830 2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2832 hci_conn_security(conn, sec_level, auth_type, true)) { 2833 cmd->cmd_complete(cmd, 0); 2834 mgmt_pending_remove(cmd); 2835 } 2836 2837 err = 0; 2838 2839 unlock: 2840 hci_dev_unlock(hdev); 2841 return err; 2842 } 2843 2844 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2845 u16 len) 2846 { 2847 struct mgmt_addr_info *addr = data; 2848 struct mgmt_pending_cmd *cmd; 2849 struct hci_conn *conn; 2850 int err; 2851 2852 BT_DBG(""); 2853 2854 hci_dev_lock(hdev); 2855 2856 if (!hdev_is_powered(hdev)) { 2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2858 MGMT_STATUS_NOT_POWERED); 2859 goto unlock; 2860 } 2861 2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2863 if (!cmd) { 2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2865 MGMT_STATUS_INVALID_PARAMS); 2866 goto unlock; 2867 } 2868 2869 conn = cmd->user_data; 2870 2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2873 MGMT_STATUS_INVALID_PARAMS); 2874 goto unlock; 2875 } 2876 2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 2878 mgmt_pending_remove(cmd); 2879 2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 2881 addr, sizeof(*addr)); 2882 unlock: 2883 hci_dev_unlock(hdev); 2884 return err; 2885 } 2886 2887 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 2888 struct mgmt_addr_info *addr, u16 mgmt_op, 2889 u16 hci_op, __le32 passkey) 2890 { 2891 struct mgmt_pending_cmd *cmd; 2892 struct hci_conn *conn; 2893 int err; 2894 2895 hci_dev_lock(hdev); 2896 2897 if (!hdev_is_powered(hdev)) { 2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2899 MGMT_STATUS_NOT_POWERED, addr, 2900 sizeof(*addr)); 2901 goto done; 2902 } 2903 2904 if (addr->type == BDADDR_BREDR) 2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 2906 else 2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 2908 le_addr_type(addr->type)); 2909 2910 if (!conn) { 2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2912 MGMT_STATUS_NOT_CONNECTED, addr, 2913 sizeof(*addr)); 2914 goto done; 2915 } 2916 2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2919 if (!err) 2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2921 MGMT_STATUS_SUCCESS, addr, 2922 sizeof(*addr)); 2923 else 2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2925 MGMT_STATUS_FAILED, addr, 2926 sizeof(*addr)); 2927 2928 goto done; 2929 } 2930 2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 2932 if (!cmd) { 2933 err = -ENOMEM; 2934 goto done; 2935 } 2936 2937 cmd->cmd_complete = addr_cmd_complete; 2938 2939 /* Continue with pairing via HCI */ 2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2941 struct hci_cp_user_passkey_reply cp; 2942 2943 bacpy(&cp.bdaddr, &addr->bdaddr); 2944 cp.passkey = passkey; 2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2946 } else 2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 2948 &addr->bdaddr); 2949 2950 if (err < 0) 2951 mgmt_pending_remove(cmd); 2952 2953 done: 2954 hci_dev_unlock(hdev); 2955 return err; 2956 } 2957 2958 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2959 void *data, u16 len) 2960 { 2961 struct mgmt_cp_pin_code_neg_reply *cp = data; 2962 2963 BT_DBG(""); 2964 2965 return user_pairing_resp(sk, hdev, &cp->addr, 2966 MGMT_OP_PIN_CODE_NEG_REPLY, 2967 HCI_OP_PIN_CODE_NEG_REPLY, 0); 2968 } 2969 2970 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2971 u16 len) 2972 { 2973 struct mgmt_cp_user_confirm_reply *cp = data; 2974 2975 BT_DBG(""); 2976 2977 if (len != sizeof(*cp)) 2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2979 MGMT_STATUS_INVALID_PARAMS); 2980 2981 return user_pairing_resp(sk, hdev, &cp->addr, 2982 MGMT_OP_USER_CONFIRM_REPLY, 2983 HCI_OP_USER_CONFIRM_REPLY, 0); 2984 } 2985 2986 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2987 void *data, u16 len) 2988 { 2989 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2990 2991 BT_DBG(""); 2992 2993 return user_pairing_resp(sk, hdev, &cp->addr, 2994 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2996 } 2997 2998 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2999 u16 len) 3000 { 3001 struct mgmt_cp_user_passkey_reply *cp = data; 3002 3003 BT_DBG(""); 3004 3005 return user_pairing_resp(sk, hdev, &cp->addr, 3006 MGMT_OP_USER_PASSKEY_REPLY, 3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3008 } 3009 3010 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3011 void *data, u16 len) 3012 { 3013 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3014 3015 BT_DBG(""); 3016 3017 return user_pairing_resp(sk, hdev, &cp->addr, 3018 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3020 } 3021 3022 static void adv_expire(struct hci_dev *hdev, u32 flags) 3023 { 3024 struct adv_info *adv_instance; 3025 struct hci_request req; 3026 int err; 3027 3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3029 if (!adv_instance) 3030 return; 3031 3032 /* stop if current instance doesn't need to be changed */ 3033 if (!(adv_instance->flags & flags)) 3034 return; 3035 3036 cancel_adv_timeout(hdev); 3037 3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3039 if (!adv_instance) 3040 return; 3041 3042 hci_req_init(&req, hdev); 3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance, 3044 true); 3045 if (err) 3046 return; 3047 3048 hci_req_run(&req, NULL); 3049 } 3050 3051 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 3052 { 3053 struct mgmt_cp_set_local_name *cp; 3054 struct mgmt_pending_cmd *cmd; 3055 3056 BT_DBG("status 0x%02x", status); 3057 3058 hci_dev_lock(hdev); 3059 3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3061 if (!cmd) 3062 goto unlock; 3063 3064 cp = cmd->param; 3065 3066 if (status) { 3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3068 mgmt_status(status)); 3069 } else { 3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3071 cp, sizeof(*cp)); 3072 3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3075 } 3076 3077 mgmt_pending_remove(cmd); 3078 3079 unlock: 3080 hci_dev_unlock(hdev); 3081 } 3082 3083 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3084 u16 len) 3085 { 3086 struct mgmt_cp_set_local_name *cp = data; 3087 struct mgmt_pending_cmd *cmd; 3088 struct hci_request req; 3089 int err; 3090 3091 BT_DBG(""); 3092 3093 hci_dev_lock(hdev); 3094 3095 /* If the old values are the same as the new ones just return a 3096 * direct command complete event. 3097 */ 3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3099 !memcmp(hdev->short_name, cp->short_name, 3100 sizeof(hdev->short_name))) { 3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3102 data, len); 3103 goto failed; 3104 } 3105 3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3107 3108 if (!hdev_is_powered(hdev)) { 3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3110 3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3112 data, len); 3113 if (err < 0) 3114 goto failed; 3115 3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3118 ext_info_changed(hdev, sk); 3119 3120 goto failed; 3121 } 3122 3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3124 if (!cmd) { 3125 err = -ENOMEM; 3126 goto failed; 3127 } 3128 3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3130 3131 hci_req_init(&req, hdev); 3132 3133 if (lmp_bredr_capable(hdev)) { 3134 __hci_req_update_name(&req); 3135 __hci_req_update_eir(&req); 3136 } 3137 3138 /* The name is stored in the scan response data and so 3139 * no need to udpate the advertising data here. 3140 */ 3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3143 3144 err = hci_req_run(&req, set_name_complete); 3145 if (err < 0) 3146 mgmt_pending_remove(cmd); 3147 3148 failed: 3149 hci_dev_unlock(hdev); 3150 return err; 3151 } 3152 3153 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3154 u16 len) 3155 { 3156 struct mgmt_cp_set_appearance *cp = data; 3157 u16 apperance; 3158 int err; 3159 3160 BT_DBG(""); 3161 3162 if (!lmp_le_capable(hdev)) 3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3164 MGMT_STATUS_NOT_SUPPORTED); 3165 3166 apperance = le16_to_cpu(cp->appearance); 3167 3168 hci_dev_lock(hdev); 3169 3170 if (hdev->appearance != apperance) { 3171 hdev->appearance = apperance; 3172 3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE); 3175 3176 ext_info_changed(hdev, sk); 3177 } 3178 3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3180 0); 3181 3182 hci_dev_unlock(hdev); 3183 3184 return err; 3185 } 3186 3187 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3188 u16 opcode, struct sk_buff *skb) 3189 { 3190 struct mgmt_rp_read_local_oob_data mgmt_rp; 3191 size_t rp_size = sizeof(mgmt_rp); 3192 struct mgmt_pending_cmd *cmd; 3193 3194 BT_DBG("%s status %u", hdev->name, status); 3195 3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3197 if (!cmd) 3198 return; 3199 3200 if (status || !skb) { 3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3203 goto remove; 3204 } 3205 3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3207 3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3210 3211 if (skb->len < sizeof(*rp)) { 3212 mgmt_cmd_status(cmd->sk, hdev->id, 3213 MGMT_OP_READ_LOCAL_OOB_DATA, 3214 MGMT_STATUS_FAILED); 3215 goto remove; 3216 } 3217 3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3220 3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3222 } else { 3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3224 3225 if (skb->len < sizeof(*rp)) { 3226 mgmt_cmd_status(cmd->sk, hdev->id, 3227 MGMT_OP_READ_LOCAL_OOB_DATA, 3228 MGMT_STATUS_FAILED); 3229 goto remove; 3230 } 3231 3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3234 3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3237 } 3238 3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3241 3242 remove: 3243 mgmt_pending_remove(cmd); 3244 } 3245 3246 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3247 void *data, u16 data_len) 3248 { 3249 struct mgmt_pending_cmd *cmd; 3250 struct hci_request req; 3251 int err; 3252 3253 BT_DBG("%s", hdev->name); 3254 3255 hci_dev_lock(hdev); 3256 3257 if (!hdev_is_powered(hdev)) { 3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3259 MGMT_STATUS_NOT_POWERED); 3260 goto unlock; 3261 } 3262 3263 if (!lmp_ssp_capable(hdev)) { 3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3265 MGMT_STATUS_NOT_SUPPORTED); 3266 goto unlock; 3267 } 3268 3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3271 MGMT_STATUS_BUSY); 3272 goto unlock; 3273 } 3274 3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3276 if (!cmd) { 3277 err = -ENOMEM; 3278 goto unlock; 3279 } 3280 3281 hci_req_init(&req, hdev); 3282 3283 if (bredr_sc_enabled(hdev)) 3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3285 else 3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3287 3288 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3289 if (err < 0) 3290 mgmt_pending_remove(cmd); 3291 3292 unlock: 3293 hci_dev_unlock(hdev); 3294 return err; 3295 } 3296 3297 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3298 void *data, u16 len) 3299 { 3300 struct mgmt_addr_info *addr = data; 3301 int err; 3302 3303 BT_DBG("%s ", hdev->name); 3304 3305 if (!bdaddr_type_is_valid(addr->type)) 3306 return mgmt_cmd_complete(sk, hdev->id, 3307 MGMT_OP_ADD_REMOTE_OOB_DATA, 3308 MGMT_STATUS_INVALID_PARAMS, 3309 addr, sizeof(*addr)); 3310 3311 hci_dev_lock(hdev); 3312 3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3314 struct mgmt_cp_add_remote_oob_data *cp = data; 3315 u8 status; 3316 3317 if (cp->addr.type != BDADDR_BREDR) { 3318 err = mgmt_cmd_complete(sk, hdev->id, 3319 MGMT_OP_ADD_REMOTE_OOB_DATA, 3320 MGMT_STATUS_INVALID_PARAMS, 3321 &cp->addr, sizeof(cp->addr)); 3322 goto unlock; 3323 } 3324 3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3326 cp->addr.type, cp->hash, 3327 cp->rand, NULL, NULL); 3328 if (err < 0) 3329 status = MGMT_STATUS_FAILED; 3330 else 3331 status = MGMT_STATUS_SUCCESS; 3332 3333 err = mgmt_cmd_complete(sk, hdev->id, 3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3335 &cp->addr, sizeof(cp->addr)); 3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3338 u8 *rand192, *hash192, *rand256, *hash256; 3339 u8 status; 3340 3341 if (bdaddr_type_is_le(cp->addr.type)) { 3342 /* Enforce zero-valued 192-bit parameters as 3343 * long as legacy SMP OOB isn't implemented. 3344 */ 3345 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3346 memcmp(cp->hash192, ZERO_KEY, 16)) { 3347 err = mgmt_cmd_complete(sk, hdev->id, 3348 MGMT_OP_ADD_REMOTE_OOB_DATA, 3349 MGMT_STATUS_INVALID_PARAMS, 3350 addr, sizeof(*addr)); 3351 goto unlock; 3352 } 3353 3354 rand192 = NULL; 3355 hash192 = NULL; 3356 } else { 3357 /* In case one of the P-192 values is set to zero, 3358 * then just disable OOB data for P-192. 3359 */ 3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3361 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3362 rand192 = NULL; 3363 hash192 = NULL; 3364 } else { 3365 rand192 = cp->rand192; 3366 hash192 = cp->hash192; 3367 } 3368 } 3369 3370 /* In case one of the P-256 values is set to zero, then just 3371 * disable OOB data for P-256. 3372 */ 3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3374 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3375 rand256 = NULL; 3376 hash256 = NULL; 3377 } else { 3378 rand256 = cp->rand256; 3379 hash256 = cp->hash256; 3380 } 3381 3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3383 cp->addr.type, hash192, rand192, 3384 hash256, rand256); 3385 if (err < 0) 3386 status = MGMT_STATUS_FAILED; 3387 else 3388 status = MGMT_STATUS_SUCCESS; 3389 3390 err = mgmt_cmd_complete(sk, hdev->id, 3391 MGMT_OP_ADD_REMOTE_OOB_DATA, 3392 status, &cp->addr, sizeof(cp->addr)); 3393 } else { 3394 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len); 3395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3396 MGMT_STATUS_INVALID_PARAMS); 3397 } 3398 3399 unlock: 3400 hci_dev_unlock(hdev); 3401 return err; 3402 } 3403 3404 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3405 void *data, u16 len) 3406 { 3407 struct mgmt_cp_remove_remote_oob_data *cp = data; 3408 u8 status; 3409 int err; 3410 3411 BT_DBG("%s", hdev->name); 3412 3413 if (cp->addr.type != BDADDR_BREDR) 3414 return mgmt_cmd_complete(sk, hdev->id, 3415 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3416 MGMT_STATUS_INVALID_PARAMS, 3417 &cp->addr, sizeof(cp->addr)); 3418 3419 hci_dev_lock(hdev); 3420 3421 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3422 hci_remote_oob_data_clear(hdev); 3423 status = MGMT_STATUS_SUCCESS; 3424 goto done; 3425 } 3426 3427 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3428 if (err < 0) 3429 status = MGMT_STATUS_INVALID_PARAMS; 3430 else 3431 status = MGMT_STATUS_SUCCESS; 3432 3433 done: 3434 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3435 status, &cp->addr, sizeof(cp->addr)); 3436 3437 hci_dev_unlock(hdev); 3438 return err; 3439 } 3440 3441 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3442 { 3443 struct mgmt_pending_cmd *cmd; 3444 3445 BT_DBG("status %d", status); 3446 3447 hci_dev_lock(hdev); 3448 3449 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3450 if (!cmd) 3451 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3452 3453 if (!cmd) 3454 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3455 3456 if (cmd) { 3457 cmd->cmd_complete(cmd, mgmt_status(status)); 3458 mgmt_pending_remove(cmd); 3459 } 3460 3461 hci_dev_unlock(hdev); 3462 } 3463 3464 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3465 uint8_t *mgmt_status) 3466 { 3467 switch (type) { 3468 case DISCOV_TYPE_LE: 3469 *mgmt_status = mgmt_le_support(hdev); 3470 if (*mgmt_status) 3471 return false; 3472 break; 3473 case DISCOV_TYPE_INTERLEAVED: 3474 *mgmt_status = mgmt_le_support(hdev); 3475 if (*mgmt_status) 3476 return false; 3477 /* Intentional fall-through */ 3478 case DISCOV_TYPE_BREDR: 3479 *mgmt_status = mgmt_bredr_support(hdev); 3480 if (*mgmt_status) 3481 return false; 3482 break; 3483 default: 3484 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3485 return false; 3486 } 3487 3488 return true; 3489 } 3490 3491 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3492 u16 op, void *data, u16 len) 3493 { 3494 struct mgmt_cp_start_discovery *cp = data; 3495 struct mgmt_pending_cmd *cmd; 3496 u8 status; 3497 int err; 3498 3499 BT_DBG("%s", hdev->name); 3500 3501 hci_dev_lock(hdev); 3502 3503 if (!hdev_is_powered(hdev)) { 3504 err = mgmt_cmd_complete(sk, hdev->id, op, 3505 MGMT_STATUS_NOT_POWERED, 3506 &cp->type, sizeof(cp->type)); 3507 goto failed; 3508 } 3509 3510 if (hdev->discovery.state != DISCOVERY_STOPPED || 3511 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3512 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3513 &cp->type, sizeof(cp->type)); 3514 goto failed; 3515 } 3516 3517 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3518 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3519 &cp->type, sizeof(cp->type)); 3520 goto failed; 3521 } 3522 3523 /* Clear the discovery filter first to free any previously 3524 * allocated memory for the UUID list. 3525 */ 3526 hci_discovery_filter_clear(hdev); 3527 3528 hdev->discovery.type = cp->type; 3529 hdev->discovery.report_invalid_rssi = false; 3530 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3531 hdev->discovery.limited = true; 3532 else 3533 hdev->discovery.limited = false; 3534 3535 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3536 if (!cmd) { 3537 err = -ENOMEM; 3538 goto failed; 3539 } 3540 3541 cmd->cmd_complete = generic_cmd_complete; 3542 3543 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3544 queue_work(hdev->req_workqueue, &hdev->discov_update); 3545 err = 0; 3546 3547 failed: 3548 hci_dev_unlock(hdev); 3549 return err; 3550 } 3551 3552 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3553 void *data, u16 len) 3554 { 3555 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3556 data, len); 3557 } 3558 3559 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3560 void *data, u16 len) 3561 { 3562 return start_discovery_internal(sk, hdev, 3563 MGMT_OP_START_LIMITED_DISCOVERY, 3564 data, len); 3565 } 3566 3567 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3568 u8 status) 3569 { 3570 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3571 cmd->param, 1); 3572 } 3573 3574 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3575 void *data, u16 len) 3576 { 3577 struct mgmt_cp_start_service_discovery *cp = data; 3578 struct mgmt_pending_cmd *cmd; 3579 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3580 u16 uuid_count, expected_len; 3581 u8 status; 3582 int err; 3583 3584 BT_DBG("%s", hdev->name); 3585 3586 hci_dev_lock(hdev); 3587 3588 if (!hdev_is_powered(hdev)) { 3589 err = mgmt_cmd_complete(sk, hdev->id, 3590 MGMT_OP_START_SERVICE_DISCOVERY, 3591 MGMT_STATUS_NOT_POWERED, 3592 &cp->type, sizeof(cp->type)); 3593 goto failed; 3594 } 3595 3596 if (hdev->discovery.state != DISCOVERY_STOPPED || 3597 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3598 err = mgmt_cmd_complete(sk, hdev->id, 3599 MGMT_OP_START_SERVICE_DISCOVERY, 3600 MGMT_STATUS_BUSY, &cp->type, 3601 sizeof(cp->type)); 3602 goto failed; 3603 } 3604 3605 uuid_count = __le16_to_cpu(cp->uuid_count); 3606 if (uuid_count > max_uuid_count) { 3607 BT_ERR("service_discovery: too big uuid_count value %u", 3608 uuid_count); 3609 err = mgmt_cmd_complete(sk, hdev->id, 3610 MGMT_OP_START_SERVICE_DISCOVERY, 3611 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3612 sizeof(cp->type)); 3613 goto failed; 3614 } 3615 3616 expected_len = sizeof(*cp) + uuid_count * 16; 3617 if (expected_len != len) { 3618 BT_ERR("service_discovery: expected %u bytes, got %u bytes", 3619 expected_len, len); 3620 err = mgmt_cmd_complete(sk, hdev->id, 3621 MGMT_OP_START_SERVICE_DISCOVERY, 3622 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3623 sizeof(cp->type)); 3624 goto failed; 3625 } 3626 3627 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3628 err = mgmt_cmd_complete(sk, hdev->id, 3629 MGMT_OP_START_SERVICE_DISCOVERY, 3630 status, &cp->type, sizeof(cp->type)); 3631 goto failed; 3632 } 3633 3634 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3635 hdev, data, len); 3636 if (!cmd) { 3637 err = -ENOMEM; 3638 goto failed; 3639 } 3640 3641 cmd->cmd_complete = service_discovery_cmd_complete; 3642 3643 /* Clear the discovery filter first to free any previously 3644 * allocated memory for the UUID list. 3645 */ 3646 hci_discovery_filter_clear(hdev); 3647 3648 hdev->discovery.result_filtering = true; 3649 hdev->discovery.type = cp->type; 3650 hdev->discovery.rssi = cp->rssi; 3651 hdev->discovery.uuid_count = uuid_count; 3652 3653 if (uuid_count > 0) { 3654 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 3655 GFP_KERNEL); 3656 if (!hdev->discovery.uuids) { 3657 err = mgmt_cmd_complete(sk, hdev->id, 3658 MGMT_OP_START_SERVICE_DISCOVERY, 3659 MGMT_STATUS_FAILED, 3660 &cp->type, sizeof(cp->type)); 3661 mgmt_pending_remove(cmd); 3662 goto failed; 3663 } 3664 } 3665 3666 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3667 queue_work(hdev->req_workqueue, &hdev->discov_update); 3668 err = 0; 3669 3670 failed: 3671 hci_dev_unlock(hdev); 3672 return err; 3673 } 3674 3675 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 3676 { 3677 struct mgmt_pending_cmd *cmd; 3678 3679 BT_DBG("status %d", status); 3680 3681 hci_dev_lock(hdev); 3682 3683 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3684 if (cmd) { 3685 cmd->cmd_complete(cmd, mgmt_status(status)); 3686 mgmt_pending_remove(cmd); 3687 } 3688 3689 hci_dev_unlock(hdev); 3690 } 3691 3692 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 3693 u16 len) 3694 { 3695 struct mgmt_cp_stop_discovery *mgmt_cp = data; 3696 struct mgmt_pending_cmd *cmd; 3697 int err; 3698 3699 BT_DBG("%s", hdev->name); 3700 3701 hci_dev_lock(hdev); 3702 3703 if (!hci_discovery_active(hdev)) { 3704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3705 MGMT_STATUS_REJECTED, &mgmt_cp->type, 3706 sizeof(mgmt_cp->type)); 3707 goto unlock; 3708 } 3709 3710 if (hdev->discovery.type != mgmt_cp->type) { 3711 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3712 MGMT_STATUS_INVALID_PARAMS, 3713 &mgmt_cp->type, sizeof(mgmt_cp->type)); 3714 goto unlock; 3715 } 3716 3717 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 3718 if (!cmd) { 3719 err = -ENOMEM; 3720 goto unlock; 3721 } 3722 3723 cmd->cmd_complete = generic_cmd_complete; 3724 3725 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 3726 queue_work(hdev->req_workqueue, &hdev->discov_update); 3727 err = 0; 3728 3729 unlock: 3730 hci_dev_unlock(hdev); 3731 return err; 3732 } 3733 3734 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 3735 u16 len) 3736 { 3737 struct mgmt_cp_confirm_name *cp = data; 3738 struct inquiry_entry *e; 3739 int err; 3740 3741 BT_DBG("%s", hdev->name); 3742 3743 hci_dev_lock(hdev); 3744 3745 if (!hci_discovery_active(hdev)) { 3746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3747 MGMT_STATUS_FAILED, &cp->addr, 3748 sizeof(cp->addr)); 3749 goto failed; 3750 } 3751 3752 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 3753 if (!e) { 3754 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3755 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 3756 sizeof(cp->addr)); 3757 goto failed; 3758 } 3759 3760 if (cp->name_known) { 3761 e->name_state = NAME_KNOWN; 3762 list_del(&e->list); 3763 } else { 3764 e->name_state = NAME_NEEDED; 3765 hci_inquiry_cache_update_resolve(hdev, e); 3766 } 3767 3768 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 3769 &cp->addr, sizeof(cp->addr)); 3770 3771 failed: 3772 hci_dev_unlock(hdev); 3773 return err; 3774 } 3775 3776 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 3777 u16 len) 3778 { 3779 struct mgmt_cp_block_device *cp = data; 3780 u8 status; 3781 int err; 3782 3783 BT_DBG("%s", hdev->name); 3784 3785 if (!bdaddr_type_is_valid(cp->addr.type)) 3786 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 3787 MGMT_STATUS_INVALID_PARAMS, 3788 &cp->addr, sizeof(cp->addr)); 3789 3790 hci_dev_lock(hdev); 3791 3792 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 3793 cp->addr.type); 3794 if (err < 0) { 3795 status = MGMT_STATUS_FAILED; 3796 goto done; 3797 } 3798 3799 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3800 sk); 3801 status = MGMT_STATUS_SUCCESS; 3802 3803 done: 3804 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 3805 &cp->addr, sizeof(cp->addr)); 3806 3807 hci_dev_unlock(hdev); 3808 3809 return err; 3810 } 3811 3812 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 3813 u16 len) 3814 { 3815 struct mgmt_cp_unblock_device *cp = data; 3816 u8 status; 3817 int err; 3818 3819 BT_DBG("%s", hdev->name); 3820 3821 if (!bdaddr_type_is_valid(cp->addr.type)) 3822 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 3823 MGMT_STATUS_INVALID_PARAMS, 3824 &cp->addr, sizeof(cp->addr)); 3825 3826 hci_dev_lock(hdev); 3827 3828 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 3829 cp->addr.type); 3830 if (err < 0) { 3831 status = MGMT_STATUS_INVALID_PARAMS; 3832 goto done; 3833 } 3834 3835 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3836 sk); 3837 status = MGMT_STATUS_SUCCESS; 3838 3839 done: 3840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 3841 &cp->addr, sizeof(cp->addr)); 3842 3843 hci_dev_unlock(hdev); 3844 3845 return err; 3846 } 3847 3848 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 3849 u16 len) 3850 { 3851 struct mgmt_cp_set_device_id *cp = data; 3852 struct hci_request req; 3853 int err; 3854 __u16 source; 3855 3856 BT_DBG("%s", hdev->name); 3857 3858 source = __le16_to_cpu(cp->source); 3859 3860 if (source > 0x0002) 3861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 3862 MGMT_STATUS_INVALID_PARAMS); 3863 3864 hci_dev_lock(hdev); 3865 3866 hdev->devid_source = source; 3867 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 3868 hdev->devid_product = __le16_to_cpu(cp->product); 3869 hdev->devid_version = __le16_to_cpu(cp->version); 3870 3871 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 3872 NULL, 0); 3873 3874 hci_req_init(&req, hdev); 3875 __hci_req_update_eir(&req); 3876 hci_req_run(&req, NULL); 3877 3878 hci_dev_unlock(hdev); 3879 3880 return err; 3881 } 3882 3883 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 3884 u16 opcode) 3885 { 3886 BT_DBG("status %d", status); 3887 } 3888 3889 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 3890 u16 opcode) 3891 { 3892 struct cmd_lookup match = { NULL, hdev }; 3893 struct hci_request req; 3894 u8 instance; 3895 struct adv_info *adv_instance; 3896 int err; 3897 3898 hci_dev_lock(hdev); 3899 3900 if (status) { 3901 u8 mgmt_err = mgmt_status(status); 3902 3903 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3904 cmd_status_rsp, &mgmt_err); 3905 goto unlock; 3906 } 3907 3908 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3909 hci_dev_set_flag(hdev, HCI_ADVERTISING); 3910 else 3911 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 3912 3913 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3914 &match); 3915 3916 new_settings(hdev, match.sk); 3917 3918 if (match.sk) 3919 sock_put(match.sk); 3920 3921 /* If "Set Advertising" was just disabled and instance advertising was 3922 * set up earlier, then re-enable multi-instance advertising. 3923 */ 3924 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 3925 list_empty(&hdev->adv_instances)) 3926 goto unlock; 3927 3928 instance = hdev->cur_adv_instance; 3929 if (!instance) { 3930 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 3931 struct adv_info, list); 3932 if (!adv_instance) 3933 goto unlock; 3934 3935 instance = adv_instance->instance; 3936 } 3937 3938 hci_req_init(&req, hdev); 3939 3940 err = __hci_req_schedule_adv_instance(&req, instance, true); 3941 3942 if (!err) 3943 err = hci_req_run(&req, enable_advertising_instance); 3944 3945 if (err) 3946 BT_ERR("Failed to re-configure advertising"); 3947 3948 unlock: 3949 hci_dev_unlock(hdev); 3950 } 3951 3952 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 3953 u16 len) 3954 { 3955 struct mgmt_mode *cp = data; 3956 struct mgmt_pending_cmd *cmd; 3957 struct hci_request req; 3958 u8 val, status; 3959 int err; 3960 3961 BT_DBG("request for %s", hdev->name); 3962 3963 status = mgmt_le_support(hdev); 3964 if (status) 3965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3966 status); 3967 3968 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 3969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3970 MGMT_STATUS_INVALID_PARAMS); 3971 3972 hci_dev_lock(hdev); 3973 3974 val = !!cp->val; 3975 3976 /* The following conditions are ones which mean that we should 3977 * not do any HCI communication but directly send a mgmt 3978 * response to user space (after toggling the flag if 3979 * necessary). 3980 */ 3981 if (!hdev_is_powered(hdev) || 3982 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 3983 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 3984 hci_conn_num(hdev, LE_LINK) > 0 || 3985 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3986 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 3987 bool changed; 3988 3989 if (cp->val) { 3990 hdev->cur_adv_instance = 0x00; 3991 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 3992 if (cp->val == 0x02) 3993 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3994 else 3995 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3996 } else { 3997 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 3998 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3999 } 4000 4001 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 4002 if (err < 0) 4003 goto unlock; 4004 4005 if (changed) 4006 err = new_settings(hdev, sk); 4007 4008 goto unlock; 4009 } 4010 4011 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 4012 pending_find(MGMT_OP_SET_LE, hdev)) { 4013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4014 MGMT_STATUS_BUSY); 4015 goto unlock; 4016 } 4017 4018 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 4019 if (!cmd) { 4020 err = -ENOMEM; 4021 goto unlock; 4022 } 4023 4024 hci_req_init(&req, hdev); 4025 4026 if (cp->val == 0x02) 4027 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4028 else 4029 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 4030 4031 cancel_adv_timeout(hdev); 4032 4033 if (val) { 4034 /* Switch to instance "0" for the Set Advertising setting. 4035 * We cannot use update_[adv|scan_rsp]_data() here as the 4036 * HCI_ADVERTISING flag is not yet set. 4037 */ 4038 hdev->cur_adv_instance = 0x00; 4039 __hci_req_update_adv_data(&req, 0x00); 4040 __hci_req_update_scan_rsp_data(&req, 0x00); 4041 __hci_req_enable_advertising(&req); 4042 } else { 4043 __hci_req_disable_advertising(&req); 4044 } 4045 4046 err = hci_req_run(&req, set_advertising_complete); 4047 if (err < 0) 4048 mgmt_pending_remove(cmd); 4049 4050 unlock: 4051 hci_dev_unlock(hdev); 4052 return err; 4053 } 4054 4055 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 4056 void *data, u16 len) 4057 { 4058 struct mgmt_cp_set_static_address *cp = data; 4059 int err; 4060 4061 BT_DBG("%s", hdev->name); 4062 4063 if (!lmp_le_capable(hdev)) 4064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4065 MGMT_STATUS_NOT_SUPPORTED); 4066 4067 if (hdev_is_powered(hdev)) 4068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 4069 MGMT_STATUS_REJECTED); 4070 4071 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 4072 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 4073 return mgmt_cmd_status(sk, hdev->id, 4074 MGMT_OP_SET_STATIC_ADDRESS, 4075 MGMT_STATUS_INVALID_PARAMS); 4076 4077 /* Two most significant bits shall be set */ 4078 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 4079 return mgmt_cmd_status(sk, hdev->id, 4080 MGMT_OP_SET_STATIC_ADDRESS, 4081 MGMT_STATUS_INVALID_PARAMS); 4082 } 4083 4084 hci_dev_lock(hdev); 4085 4086 bacpy(&hdev->static_addr, &cp->bdaddr); 4087 4088 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 4089 if (err < 0) 4090 goto unlock; 4091 4092 err = new_settings(hdev, sk); 4093 4094 unlock: 4095 hci_dev_unlock(hdev); 4096 return err; 4097 } 4098 4099 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4100 void *data, u16 len) 4101 { 4102 struct mgmt_cp_set_scan_params *cp = data; 4103 __u16 interval, window; 4104 int err; 4105 4106 BT_DBG("%s", hdev->name); 4107 4108 if (!lmp_le_capable(hdev)) 4109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4110 MGMT_STATUS_NOT_SUPPORTED); 4111 4112 interval = __le16_to_cpu(cp->interval); 4113 4114 if (interval < 0x0004 || interval > 0x4000) 4115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4116 MGMT_STATUS_INVALID_PARAMS); 4117 4118 window = __le16_to_cpu(cp->window); 4119 4120 if (window < 0x0004 || window > 0x4000) 4121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4122 MGMT_STATUS_INVALID_PARAMS); 4123 4124 if (window > interval) 4125 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4126 MGMT_STATUS_INVALID_PARAMS); 4127 4128 hci_dev_lock(hdev); 4129 4130 hdev->le_scan_interval = interval; 4131 hdev->le_scan_window = window; 4132 4133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 4134 NULL, 0); 4135 4136 /* If background scan is running, restart it so new parameters are 4137 * loaded. 4138 */ 4139 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 4140 hdev->discovery.state == DISCOVERY_STOPPED) { 4141 struct hci_request req; 4142 4143 hci_req_init(&req, hdev); 4144 4145 hci_req_add_le_scan_disable(&req); 4146 hci_req_add_le_passive_scan(&req); 4147 4148 hci_req_run(&req, NULL); 4149 } 4150 4151 hci_dev_unlock(hdev); 4152 4153 return err; 4154 } 4155 4156 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 4157 u16 opcode) 4158 { 4159 struct mgmt_pending_cmd *cmd; 4160 4161 BT_DBG("status 0x%02x", status); 4162 4163 hci_dev_lock(hdev); 4164 4165 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4166 if (!cmd) 4167 goto unlock; 4168 4169 if (status) { 4170 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4171 mgmt_status(status)); 4172 } else { 4173 struct mgmt_mode *cp = cmd->param; 4174 4175 if (cp->val) 4176 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4177 else 4178 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4179 4180 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4181 new_settings(hdev, cmd->sk); 4182 } 4183 4184 mgmt_pending_remove(cmd); 4185 4186 unlock: 4187 hci_dev_unlock(hdev); 4188 } 4189 4190 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4191 void *data, u16 len) 4192 { 4193 struct mgmt_mode *cp = data; 4194 struct mgmt_pending_cmd *cmd; 4195 struct hci_request req; 4196 int err; 4197 4198 BT_DBG("%s", hdev->name); 4199 4200 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4201 hdev->hci_ver < BLUETOOTH_VER_1_2) 4202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4203 MGMT_STATUS_NOT_SUPPORTED); 4204 4205 if (cp->val != 0x00 && cp->val != 0x01) 4206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4207 MGMT_STATUS_INVALID_PARAMS); 4208 4209 hci_dev_lock(hdev); 4210 4211 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4212 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4213 MGMT_STATUS_BUSY); 4214 goto unlock; 4215 } 4216 4217 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4218 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4219 hdev); 4220 goto unlock; 4221 } 4222 4223 if (!hdev_is_powered(hdev)) { 4224 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4225 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4226 hdev); 4227 new_settings(hdev, sk); 4228 goto unlock; 4229 } 4230 4231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4232 data, len); 4233 if (!cmd) { 4234 err = -ENOMEM; 4235 goto unlock; 4236 } 4237 4238 hci_req_init(&req, hdev); 4239 4240 __hci_req_write_fast_connectable(&req, cp->val); 4241 4242 err = hci_req_run(&req, fast_connectable_complete); 4243 if (err < 0) { 4244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4245 MGMT_STATUS_FAILED); 4246 mgmt_pending_remove(cmd); 4247 } 4248 4249 unlock: 4250 hci_dev_unlock(hdev); 4251 4252 return err; 4253 } 4254 4255 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4256 { 4257 struct mgmt_pending_cmd *cmd; 4258 4259 BT_DBG("status 0x%02x", status); 4260 4261 hci_dev_lock(hdev); 4262 4263 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4264 if (!cmd) 4265 goto unlock; 4266 4267 if (status) { 4268 u8 mgmt_err = mgmt_status(status); 4269 4270 /* We need to restore the flag if related HCI commands 4271 * failed. 4272 */ 4273 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4274 4275 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4276 } else { 4277 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4278 new_settings(hdev, cmd->sk); 4279 } 4280 4281 mgmt_pending_remove(cmd); 4282 4283 unlock: 4284 hci_dev_unlock(hdev); 4285 } 4286 4287 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4288 { 4289 struct mgmt_mode *cp = data; 4290 struct mgmt_pending_cmd *cmd; 4291 struct hci_request req; 4292 int err; 4293 4294 BT_DBG("request for %s", hdev->name); 4295 4296 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4298 MGMT_STATUS_NOT_SUPPORTED); 4299 4300 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4302 MGMT_STATUS_REJECTED); 4303 4304 if (cp->val != 0x00 && cp->val != 0x01) 4305 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4306 MGMT_STATUS_INVALID_PARAMS); 4307 4308 hci_dev_lock(hdev); 4309 4310 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4311 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4312 goto unlock; 4313 } 4314 4315 if (!hdev_is_powered(hdev)) { 4316 if (!cp->val) { 4317 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4318 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4319 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4320 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4321 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4322 } 4323 4324 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4325 4326 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4327 if (err < 0) 4328 goto unlock; 4329 4330 err = new_settings(hdev, sk); 4331 goto unlock; 4332 } 4333 4334 /* Reject disabling when powered on */ 4335 if (!cp->val) { 4336 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4337 MGMT_STATUS_REJECTED); 4338 goto unlock; 4339 } else { 4340 /* When configuring a dual-mode controller to operate 4341 * with LE only and using a static address, then switching 4342 * BR/EDR back on is not allowed. 4343 * 4344 * Dual-mode controllers shall operate with the public 4345 * address as its identity address for BR/EDR and LE. So 4346 * reject the attempt to create an invalid configuration. 4347 * 4348 * The same restrictions applies when secure connections 4349 * has been enabled. For BR/EDR this is a controller feature 4350 * while for LE it is a host stack feature. This means that 4351 * switching BR/EDR back on when secure connections has been 4352 * enabled is not a supported transaction. 4353 */ 4354 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4355 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4356 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4358 MGMT_STATUS_REJECTED); 4359 goto unlock; 4360 } 4361 } 4362 4363 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4364 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4365 MGMT_STATUS_BUSY); 4366 goto unlock; 4367 } 4368 4369 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4370 if (!cmd) { 4371 err = -ENOMEM; 4372 goto unlock; 4373 } 4374 4375 /* We need to flip the bit already here so that 4376 * hci_req_update_adv_data generates the correct flags. 4377 */ 4378 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4379 4380 hci_req_init(&req, hdev); 4381 4382 __hci_req_write_fast_connectable(&req, false); 4383 __hci_req_update_scan(&req); 4384 4385 /* Since only the advertising data flags will change, there 4386 * is no need to update the scan response data. 4387 */ 4388 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4389 4390 err = hci_req_run(&req, set_bredr_complete); 4391 if (err < 0) 4392 mgmt_pending_remove(cmd); 4393 4394 unlock: 4395 hci_dev_unlock(hdev); 4396 return err; 4397 } 4398 4399 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4400 { 4401 struct mgmt_pending_cmd *cmd; 4402 struct mgmt_mode *cp; 4403 4404 BT_DBG("%s status %u", hdev->name, status); 4405 4406 hci_dev_lock(hdev); 4407 4408 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4409 if (!cmd) 4410 goto unlock; 4411 4412 if (status) { 4413 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4414 mgmt_status(status)); 4415 goto remove; 4416 } 4417 4418 cp = cmd->param; 4419 4420 switch (cp->val) { 4421 case 0x00: 4422 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4423 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4424 break; 4425 case 0x01: 4426 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4427 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4428 break; 4429 case 0x02: 4430 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4431 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4432 break; 4433 } 4434 4435 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4436 new_settings(hdev, cmd->sk); 4437 4438 remove: 4439 mgmt_pending_remove(cmd); 4440 unlock: 4441 hci_dev_unlock(hdev); 4442 } 4443 4444 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4445 void *data, u16 len) 4446 { 4447 struct mgmt_mode *cp = data; 4448 struct mgmt_pending_cmd *cmd; 4449 struct hci_request req; 4450 u8 val; 4451 int err; 4452 4453 BT_DBG("request for %s", hdev->name); 4454 4455 if (!lmp_sc_capable(hdev) && 4456 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4457 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4458 MGMT_STATUS_NOT_SUPPORTED); 4459 4460 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4461 lmp_sc_capable(hdev) && 4462 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4464 MGMT_STATUS_REJECTED); 4465 4466 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4468 MGMT_STATUS_INVALID_PARAMS); 4469 4470 hci_dev_lock(hdev); 4471 4472 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4473 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4474 bool changed; 4475 4476 if (cp->val) { 4477 changed = !hci_dev_test_and_set_flag(hdev, 4478 HCI_SC_ENABLED); 4479 if (cp->val == 0x02) 4480 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4481 else 4482 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4483 } else { 4484 changed = hci_dev_test_and_clear_flag(hdev, 4485 HCI_SC_ENABLED); 4486 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4487 } 4488 4489 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4490 if (err < 0) 4491 goto failed; 4492 4493 if (changed) 4494 err = new_settings(hdev, sk); 4495 4496 goto failed; 4497 } 4498 4499 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4500 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4501 MGMT_STATUS_BUSY); 4502 goto failed; 4503 } 4504 4505 val = !!cp->val; 4506 4507 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4508 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4509 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4510 goto failed; 4511 } 4512 4513 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4514 if (!cmd) { 4515 err = -ENOMEM; 4516 goto failed; 4517 } 4518 4519 hci_req_init(&req, hdev); 4520 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4521 err = hci_req_run(&req, sc_enable_complete); 4522 if (err < 0) { 4523 mgmt_pending_remove(cmd); 4524 goto failed; 4525 } 4526 4527 failed: 4528 hci_dev_unlock(hdev); 4529 return err; 4530 } 4531 4532 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4533 void *data, u16 len) 4534 { 4535 struct mgmt_mode *cp = data; 4536 bool changed, use_changed; 4537 int err; 4538 4539 BT_DBG("request for %s", hdev->name); 4540 4541 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4542 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4543 MGMT_STATUS_INVALID_PARAMS); 4544 4545 hci_dev_lock(hdev); 4546 4547 if (cp->val) 4548 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4549 else 4550 changed = hci_dev_test_and_clear_flag(hdev, 4551 HCI_KEEP_DEBUG_KEYS); 4552 4553 if (cp->val == 0x02) 4554 use_changed = !hci_dev_test_and_set_flag(hdev, 4555 HCI_USE_DEBUG_KEYS); 4556 else 4557 use_changed = hci_dev_test_and_clear_flag(hdev, 4558 HCI_USE_DEBUG_KEYS); 4559 4560 if (hdev_is_powered(hdev) && use_changed && 4561 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4562 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4564 sizeof(mode), &mode); 4565 } 4566 4567 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4568 if (err < 0) 4569 goto unlock; 4570 4571 if (changed) 4572 err = new_settings(hdev, sk); 4573 4574 unlock: 4575 hci_dev_unlock(hdev); 4576 return err; 4577 } 4578 4579 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4580 u16 len) 4581 { 4582 struct mgmt_cp_set_privacy *cp = cp_data; 4583 bool changed; 4584 int err; 4585 4586 BT_DBG("request for %s", hdev->name); 4587 4588 if (!lmp_le_capable(hdev)) 4589 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4590 MGMT_STATUS_NOT_SUPPORTED); 4591 4592 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 4593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4594 MGMT_STATUS_INVALID_PARAMS); 4595 4596 if (hdev_is_powered(hdev)) 4597 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4598 MGMT_STATUS_REJECTED); 4599 4600 hci_dev_lock(hdev); 4601 4602 /* If user space supports this command it is also expected to 4603 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4604 */ 4605 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4606 4607 if (cp->privacy) { 4608 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4609 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4610 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4611 if (cp->privacy == 0x02) 4612 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4613 else 4614 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4615 } else { 4616 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4617 memset(hdev->irk, 0, sizeof(hdev->irk)); 4618 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4619 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4620 } 4621 4622 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4623 if (err < 0) 4624 goto unlock; 4625 4626 if (changed) 4627 err = new_settings(hdev, sk); 4628 4629 unlock: 4630 hci_dev_unlock(hdev); 4631 return err; 4632 } 4633 4634 static bool irk_is_valid(struct mgmt_irk_info *irk) 4635 { 4636 switch (irk->addr.type) { 4637 case BDADDR_LE_PUBLIC: 4638 return true; 4639 4640 case BDADDR_LE_RANDOM: 4641 /* Two most significant bits shall be set */ 4642 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4643 return false; 4644 return true; 4645 } 4646 4647 return false; 4648 } 4649 4650 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4651 u16 len) 4652 { 4653 struct mgmt_cp_load_irks *cp = cp_data; 4654 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 4655 sizeof(struct mgmt_irk_info)); 4656 u16 irk_count, expected_len; 4657 int i, err; 4658 4659 BT_DBG("request for %s", hdev->name); 4660 4661 if (!lmp_le_capable(hdev)) 4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4663 MGMT_STATUS_NOT_SUPPORTED); 4664 4665 irk_count = __le16_to_cpu(cp->irk_count); 4666 if (irk_count > max_irk_count) { 4667 BT_ERR("load_irks: too big irk_count value %u", irk_count); 4668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4669 MGMT_STATUS_INVALID_PARAMS); 4670 } 4671 4672 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 4673 if (expected_len != len) { 4674 BT_ERR("load_irks: expected %u bytes, got %u bytes", 4675 expected_len, len); 4676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4677 MGMT_STATUS_INVALID_PARAMS); 4678 } 4679 4680 BT_DBG("%s irk_count %u", hdev->name, irk_count); 4681 4682 for (i = 0; i < irk_count; i++) { 4683 struct mgmt_irk_info *key = &cp->irks[i]; 4684 4685 if (!irk_is_valid(key)) 4686 return mgmt_cmd_status(sk, hdev->id, 4687 MGMT_OP_LOAD_IRKS, 4688 MGMT_STATUS_INVALID_PARAMS); 4689 } 4690 4691 hci_dev_lock(hdev); 4692 4693 hci_smp_irks_clear(hdev); 4694 4695 for (i = 0; i < irk_count; i++) { 4696 struct mgmt_irk_info *irk = &cp->irks[i]; 4697 4698 hci_add_irk(hdev, &irk->addr.bdaddr, 4699 le_addr_type(irk->addr.type), irk->val, 4700 BDADDR_ANY); 4701 } 4702 4703 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4704 4705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 4706 4707 hci_dev_unlock(hdev); 4708 4709 return err; 4710 } 4711 4712 static bool ltk_is_valid(struct mgmt_ltk_info *key) 4713 { 4714 if (key->master != 0x00 && key->master != 0x01) 4715 return false; 4716 4717 switch (key->addr.type) { 4718 case BDADDR_LE_PUBLIC: 4719 return true; 4720 4721 case BDADDR_LE_RANDOM: 4722 /* Two most significant bits shall be set */ 4723 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4724 return false; 4725 return true; 4726 } 4727 4728 return false; 4729 } 4730 4731 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 4732 void *cp_data, u16 len) 4733 { 4734 struct mgmt_cp_load_long_term_keys *cp = cp_data; 4735 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 4736 sizeof(struct mgmt_ltk_info)); 4737 u16 key_count, expected_len; 4738 int i, err; 4739 4740 BT_DBG("request for %s", hdev->name); 4741 4742 if (!lmp_le_capable(hdev)) 4743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4744 MGMT_STATUS_NOT_SUPPORTED); 4745 4746 key_count = __le16_to_cpu(cp->key_count); 4747 if (key_count > max_key_count) { 4748 BT_ERR("load_ltks: too big key_count value %u", key_count); 4749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4750 MGMT_STATUS_INVALID_PARAMS); 4751 } 4752 4753 expected_len = sizeof(*cp) + key_count * 4754 sizeof(struct mgmt_ltk_info); 4755 if (expected_len != len) { 4756 BT_ERR("load_keys: expected %u bytes, got %u bytes", 4757 expected_len, len); 4758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4759 MGMT_STATUS_INVALID_PARAMS); 4760 } 4761 4762 BT_DBG("%s key_count %u", hdev->name, key_count); 4763 4764 for (i = 0; i < key_count; i++) { 4765 struct mgmt_ltk_info *key = &cp->keys[i]; 4766 4767 if (!ltk_is_valid(key)) 4768 return mgmt_cmd_status(sk, hdev->id, 4769 MGMT_OP_LOAD_LONG_TERM_KEYS, 4770 MGMT_STATUS_INVALID_PARAMS); 4771 } 4772 4773 hci_dev_lock(hdev); 4774 4775 hci_smp_ltks_clear(hdev); 4776 4777 for (i = 0; i < key_count; i++) { 4778 struct mgmt_ltk_info *key = &cp->keys[i]; 4779 u8 type, authenticated; 4780 4781 switch (key->type) { 4782 case MGMT_LTK_UNAUTHENTICATED: 4783 authenticated = 0x00; 4784 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4785 break; 4786 case MGMT_LTK_AUTHENTICATED: 4787 authenticated = 0x01; 4788 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4789 break; 4790 case MGMT_LTK_P256_UNAUTH: 4791 authenticated = 0x00; 4792 type = SMP_LTK_P256; 4793 break; 4794 case MGMT_LTK_P256_AUTH: 4795 authenticated = 0x01; 4796 type = SMP_LTK_P256; 4797 break; 4798 case MGMT_LTK_P256_DEBUG: 4799 authenticated = 0x00; 4800 type = SMP_LTK_P256_DEBUG; 4801 default: 4802 continue; 4803 } 4804 4805 hci_add_ltk(hdev, &key->addr.bdaddr, 4806 le_addr_type(key->addr.type), type, authenticated, 4807 key->val, key->enc_size, key->ediv, key->rand); 4808 } 4809 4810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 4811 NULL, 0); 4812 4813 hci_dev_unlock(hdev); 4814 4815 return err; 4816 } 4817 4818 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4819 { 4820 struct hci_conn *conn = cmd->user_data; 4821 struct mgmt_rp_get_conn_info rp; 4822 int err; 4823 4824 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 4825 4826 if (status == MGMT_STATUS_SUCCESS) { 4827 rp.rssi = conn->rssi; 4828 rp.tx_power = conn->tx_power; 4829 rp.max_tx_power = conn->max_tx_power; 4830 } else { 4831 rp.rssi = HCI_RSSI_INVALID; 4832 rp.tx_power = HCI_TX_POWER_INVALID; 4833 rp.max_tx_power = HCI_TX_POWER_INVALID; 4834 } 4835 4836 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4837 status, &rp, sizeof(rp)); 4838 4839 hci_conn_drop(conn); 4840 hci_conn_put(conn); 4841 4842 return err; 4843 } 4844 4845 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 4846 u16 opcode) 4847 { 4848 struct hci_cp_read_rssi *cp; 4849 struct mgmt_pending_cmd *cmd; 4850 struct hci_conn *conn; 4851 u16 handle; 4852 u8 status; 4853 4854 BT_DBG("status 0x%02x", hci_status); 4855 4856 hci_dev_lock(hdev); 4857 4858 /* Commands sent in request are either Read RSSI or Read Transmit Power 4859 * Level so we check which one was last sent to retrieve connection 4860 * handle. Both commands have handle as first parameter so it's safe to 4861 * cast data on the same command struct. 4862 * 4863 * First command sent is always Read RSSI and we fail only if it fails. 4864 * In other case we simply override error to indicate success as we 4865 * already remembered if TX power value is actually valid. 4866 */ 4867 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4868 if (!cp) { 4869 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4870 status = MGMT_STATUS_SUCCESS; 4871 } else { 4872 status = mgmt_status(hci_status); 4873 } 4874 4875 if (!cp) { 4876 BT_ERR("invalid sent_cmd in conn_info response"); 4877 goto unlock; 4878 } 4879 4880 handle = __le16_to_cpu(cp->handle); 4881 conn = hci_conn_hash_lookup_handle(hdev, handle); 4882 if (!conn) { 4883 BT_ERR("unknown handle (%d) in conn_info response", handle); 4884 goto unlock; 4885 } 4886 4887 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 4888 if (!cmd) 4889 goto unlock; 4890 4891 cmd->cmd_complete(cmd, status); 4892 mgmt_pending_remove(cmd); 4893 4894 unlock: 4895 hci_dev_unlock(hdev); 4896 } 4897 4898 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4899 u16 len) 4900 { 4901 struct mgmt_cp_get_conn_info *cp = data; 4902 struct mgmt_rp_get_conn_info rp; 4903 struct hci_conn *conn; 4904 unsigned long conn_info_age; 4905 int err = 0; 4906 4907 BT_DBG("%s", hdev->name); 4908 4909 memset(&rp, 0, sizeof(rp)); 4910 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4911 rp.addr.type = cp->addr.type; 4912 4913 if (!bdaddr_type_is_valid(cp->addr.type)) 4914 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4915 MGMT_STATUS_INVALID_PARAMS, 4916 &rp, sizeof(rp)); 4917 4918 hci_dev_lock(hdev); 4919 4920 if (!hdev_is_powered(hdev)) { 4921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4922 MGMT_STATUS_NOT_POWERED, &rp, 4923 sizeof(rp)); 4924 goto unlock; 4925 } 4926 4927 if (cp->addr.type == BDADDR_BREDR) 4928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4929 &cp->addr.bdaddr); 4930 else 4931 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4932 4933 if (!conn || conn->state != BT_CONNECTED) { 4934 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4935 MGMT_STATUS_NOT_CONNECTED, &rp, 4936 sizeof(rp)); 4937 goto unlock; 4938 } 4939 4940 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 4941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4942 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 4943 goto unlock; 4944 } 4945 4946 /* To avoid client trying to guess when to poll again for information we 4947 * calculate conn info age as random value between min/max set in hdev. 4948 */ 4949 conn_info_age = hdev->conn_info_min_age + 4950 prandom_u32_max(hdev->conn_info_max_age - 4951 hdev->conn_info_min_age); 4952 4953 /* Query controller to refresh cached values if they are too old or were 4954 * never read. 4955 */ 4956 if (time_after(jiffies, conn->conn_info_timestamp + 4957 msecs_to_jiffies(conn_info_age)) || 4958 !conn->conn_info_timestamp) { 4959 struct hci_request req; 4960 struct hci_cp_read_tx_power req_txp_cp; 4961 struct hci_cp_read_rssi req_rssi_cp; 4962 struct mgmt_pending_cmd *cmd; 4963 4964 hci_req_init(&req, hdev); 4965 req_rssi_cp.handle = cpu_to_le16(conn->handle); 4966 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4967 &req_rssi_cp); 4968 4969 /* For LE links TX power does not change thus we don't need to 4970 * query for it once value is known. 4971 */ 4972 if (!bdaddr_type_is_le(cp->addr.type) || 4973 conn->tx_power == HCI_TX_POWER_INVALID) { 4974 req_txp_cp.handle = cpu_to_le16(conn->handle); 4975 req_txp_cp.type = 0x00; 4976 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4977 sizeof(req_txp_cp), &req_txp_cp); 4978 } 4979 4980 /* Max TX power needs to be read only once per connection */ 4981 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4982 req_txp_cp.handle = cpu_to_le16(conn->handle); 4983 req_txp_cp.type = 0x01; 4984 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4985 sizeof(req_txp_cp), &req_txp_cp); 4986 } 4987 4988 err = hci_req_run(&req, conn_info_refresh_complete); 4989 if (err < 0) 4990 goto unlock; 4991 4992 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4993 data, len); 4994 if (!cmd) { 4995 err = -ENOMEM; 4996 goto unlock; 4997 } 4998 4999 hci_conn_hold(conn); 5000 cmd->user_data = hci_conn_get(conn); 5001 cmd->cmd_complete = conn_info_cmd_complete; 5002 5003 conn->conn_info_timestamp = jiffies; 5004 } else { 5005 /* Cache is valid, just reply with values cached in hci_conn */ 5006 rp.rssi = conn->rssi; 5007 rp.tx_power = conn->tx_power; 5008 rp.max_tx_power = conn->max_tx_power; 5009 5010 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 5011 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 5012 } 5013 5014 unlock: 5015 hci_dev_unlock(hdev); 5016 return err; 5017 } 5018 5019 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 5020 { 5021 struct hci_conn *conn = cmd->user_data; 5022 struct mgmt_rp_get_clock_info rp; 5023 struct hci_dev *hdev; 5024 int err; 5025 5026 memset(&rp, 0, sizeof(rp)); 5027 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 5028 5029 if (status) 5030 goto complete; 5031 5032 hdev = hci_dev_get(cmd->index); 5033 if (hdev) { 5034 rp.local_clock = cpu_to_le32(hdev->clock); 5035 hci_dev_put(hdev); 5036 } 5037 5038 if (conn) { 5039 rp.piconet_clock = cpu_to_le32(conn->clock); 5040 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 5041 } 5042 5043 complete: 5044 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 5045 sizeof(rp)); 5046 5047 if (conn) { 5048 hci_conn_drop(conn); 5049 hci_conn_put(conn); 5050 } 5051 5052 return err; 5053 } 5054 5055 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 5056 { 5057 struct hci_cp_read_clock *hci_cp; 5058 struct mgmt_pending_cmd *cmd; 5059 struct hci_conn *conn; 5060 5061 BT_DBG("%s status %u", hdev->name, status); 5062 5063 hci_dev_lock(hdev); 5064 5065 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 5066 if (!hci_cp) 5067 goto unlock; 5068 5069 if (hci_cp->which) { 5070 u16 handle = __le16_to_cpu(hci_cp->handle); 5071 conn = hci_conn_hash_lookup_handle(hdev, handle); 5072 } else { 5073 conn = NULL; 5074 } 5075 5076 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 5077 if (!cmd) 5078 goto unlock; 5079 5080 cmd->cmd_complete(cmd, mgmt_status(status)); 5081 mgmt_pending_remove(cmd); 5082 5083 unlock: 5084 hci_dev_unlock(hdev); 5085 } 5086 5087 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 5088 u16 len) 5089 { 5090 struct mgmt_cp_get_clock_info *cp = data; 5091 struct mgmt_rp_get_clock_info rp; 5092 struct hci_cp_read_clock hci_cp; 5093 struct mgmt_pending_cmd *cmd; 5094 struct hci_request req; 5095 struct hci_conn *conn; 5096 int err; 5097 5098 BT_DBG("%s", hdev->name); 5099 5100 memset(&rp, 0, sizeof(rp)); 5101 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5102 rp.addr.type = cp->addr.type; 5103 5104 if (cp->addr.type != BDADDR_BREDR) 5105 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5106 MGMT_STATUS_INVALID_PARAMS, 5107 &rp, sizeof(rp)); 5108 5109 hci_dev_lock(hdev); 5110 5111 if (!hdev_is_powered(hdev)) { 5112 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 5113 MGMT_STATUS_NOT_POWERED, &rp, 5114 sizeof(rp)); 5115 goto unlock; 5116 } 5117 5118 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 5120 &cp->addr.bdaddr); 5121 if (!conn || conn->state != BT_CONNECTED) { 5122 err = mgmt_cmd_complete(sk, hdev->id, 5123 MGMT_OP_GET_CLOCK_INFO, 5124 MGMT_STATUS_NOT_CONNECTED, 5125 &rp, sizeof(rp)); 5126 goto unlock; 5127 } 5128 } else { 5129 conn = NULL; 5130 } 5131 5132 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 5133 if (!cmd) { 5134 err = -ENOMEM; 5135 goto unlock; 5136 } 5137 5138 cmd->cmd_complete = clock_info_cmd_complete; 5139 5140 hci_req_init(&req, hdev); 5141 5142 memset(&hci_cp, 0, sizeof(hci_cp)); 5143 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5144 5145 if (conn) { 5146 hci_conn_hold(conn); 5147 cmd->user_data = hci_conn_get(conn); 5148 5149 hci_cp.handle = cpu_to_le16(conn->handle); 5150 hci_cp.which = 0x01; /* Piconet clock */ 5151 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 5152 } 5153 5154 err = hci_req_run(&req, get_clock_info_complete); 5155 if (err < 0) 5156 mgmt_pending_remove(cmd); 5157 5158 unlock: 5159 hci_dev_unlock(hdev); 5160 return err; 5161 } 5162 5163 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5164 { 5165 struct hci_conn *conn; 5166 5167 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5168 if (!conn) 5169 return false; 5170 5171 if (conn->dst_type != type) 5172 return false; 5173 5174 if (conn->state != BT_CONNECTED) 5175 return false; 5176 5177 return true; 5178 } 5179 5180 /* This function requires the caller holds hdev->lock */ 5181 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5182 u8 addr_type, u8 auto_connect) 5183 { 5184 struct hci_conn_params *params; 5185 5186 params = hci_conn_params_add(hdev, addr, addr_type); 5187 if (!params) 5188 return -EIO; 5189 5190 if (params->auto_connect == auto_connect) 5191 return 0; 5192 5193 list_del_init(¶ms->action); 5194 5195 switch (auto_connect) { 5196 case HCI_AUTO_CONN_DISABLED: 5197 case HCI_AUTO_CONN_LINK_LOSS: 5198 /* If auto connect is being disabled when we're trying to 5199 * connect to device, keep connecting. 5200 */ 5201 if (params->explicit_connect) 5202 list_add(¶ms->action, &hdev->pend_le_conns); 5203 break; 5204 case HCI_AUTO_CONN_REPORT: 5205 if (params->explicit_connect) 5206 list_add(¶ms->action, &hdev->pend_le_conns); 5207 else 5208 list_add(¶ms->action, &hdev->pend_le_reports); 5209 break; 5210 case HCI_AUTO_CONN_DIRECT: 5211 case HCI_AUTO_CONN_ALWAYS: 5212 if (!is_connected(hdev, addr, addr_type)) 5213 list_add(¶ms->action, &hdev->pend_le_conns); 5214 break; 5215 } 5216 5217 params->auto_connect = auto_connect; 5218 5219 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5220 auto_connect); 5221 5222 return 0; 5223 } 5224 5225 static void device_added(struct sock *sk, struct hci_dev *hdev, 5226 bdaddr_t *bdaddr, u8 type, u8 action) 5227 { 5228 struct mgmt_ev_device_added ev; 5229 5230 bacpy(&ev.addr.bdaddr, bdaddr); 5231 ev.addr.type = type; 5232 ev.action = action; 5233 5234 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5235 } 5236 5237 static int add_device(struct sock *sk, struct hci_dev *hdev, 5238 void *data, u16 len) 5239 { 5240 struct mgmt_cp_add_device *cp = data; 5241 u8 auto_conn, addr_type; 5242 int err; 5243 5244 BT_DBG("%s", hdev->name); 5245 5246 if (!bdaddr_type_is_valid(cp->addr.type) || 5247 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5248 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5249 MGMT_STATUS_INVALID_PARAMS, 5250 &cp->addr, sizeof(cp->addr)); 5251 5252 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5254 MGMT_STATUS_INVALID_PARAMS, 5255 &cp->addr, sizeof(cp->addr)); 5256 5257 hci_dev_lock(hdev); 5258 5259 if (cp->addr.type == BDADDR_BREDR) { 5260 /* Only incoming connections action is supported for now */ 5261 if (cp->action != 0x01) { 5262 err = mgmt_cmd_complete(sk, hdev->id, 5263 MGMT_OP_ADD_DEVICE, 5264 MGMT_STATUS_INVALID_PARAMS, 5265 &cp->addr, sizeof(cp->addr)); 5266 goto unlock; 5267 } 5268 5269 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5270 cp->addr.type); 5271 if (err) 5272 goto unlock; 5273 5274 hci_req_update_scan(hdev); 5275 5276 goto added; 5277 } 5278 5279 addr_type = le_addr_type(cp->addr.type); 5280 5281 if (cp->action == 0x02) 5282 auto_conn = HCI_AUTO_CONN_ALWAYS; 5283 else if (cp->action == 0x01) 5284 auto_conn = HCI_AUTO_CONN_DIRECT; 5285 else 5286 auto_conn = HCI_AUTO_CONN_REPORT; 5287 5288 /* Kernel internally uses conn_params with resolvable private 5289 * address, but Add Device allows only identity addresses. 5290 * Make sure it is enforced before calling 5291 * hci_conn_params_lookup. 5292 */ 5293 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5295 MGMT_STATUS_INVALID_PARAMS, 5296 &cp->addr, sizeof(cp->addr)); 5297 goto unlock; 5298 } 5299 5300 /* If the connection parameters don't exist for this device, 5301 * they will be created and configured with defaults. 5302 */ 5303 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5304 auto_conn) < 0) { 5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5306 MGMT_STATUS_FAILED, &cp->addr, 5307 sizeof(cp->addr)); 5308 goto unlock; 5309 } 5310 5311 hci_update_background_scan(hdev); 5312 5313 added: 5314 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5315 5316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5317 MGMT_STATUS_SUCCESS, &cp->addr, 5318 sizeof(cp->addr)); 5319 5320 unlock: 5321 hci_dev_unlock(hdev); 5322 return err; 5323 } 5324 5325 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5326 bdaddr_t *bdaddr, u8 type) 5327 { 5328 struct mgmt_ev_device_removed ev; 5329 5330 bacpy(&ev.addr.bdaddr, bdaddr); 5331 ev.addr.type = type; 5332 5333 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5334 } 5335 5336 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5337 void *data, u16 len) 5338 { 5339 struct mgmt_cp_remove_device *cp = data; 5340 int err; 5341 5342 BT_DBG("%s", hdev->name); 5343 5344 hci_dev_lock(hdev); 5345 5346 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5347 struct hci_conn_params *params; 5348 u8 addr_type; 5349 5350 if (!bdaddr_type_is_valid(cp->addr.type)) { 5351 err = mgmt_cmd_complete(sk, hdev->id, 5352 MGMT_OP_REMOVE_DEVICE, 5353 MGMT_STATUS_INVALID_PARAMS, 5354 &cp->addr, sizeof(cp->addr)); 5355 goto unlock; 5356 } 5357 5358 if (cp->addr.type == BDADDR_BREDR) { 5359 err = hci_bdaddr_list_del(&hdev->whitelist, 5360 &cp->addr.bdaddr, 5361 cp->addr.type); 5362 if (err) { 5363 err = mgmt_cmd_complete(sk, hdev->id, 5364 MGMT_OP_REMOVE_DEVICE, 5365 MGMT_STATUS_INVALID_PARAMS, 5366 &cp->addr, 5367 sizeof(cp->addr)); 5368 goto unlock; 5369 } 5370 5371 hci_req_update_scan(hdev); 5372 5373 device_removed(sk, hdev, &cp->addr.bdaddr, 5374 cp->addr.type); 5375 goto complete; 5376 } 5377 5378 addr_type = le_addr_type(cp->addr.type); 5379 5380 /* Kernel internally uses conn_params with resolvable private 5381 * address, but Remove Device allows only identity addresses. 5382 * Make sure it is enforced before calling 5383 * hci_conn_params_lookup. 5384 */ 5385 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5386 err = mgmt_cmd_complete(sk, hdev->id, 5387 MGMT_OP_REMOVE_DEVICE, 5388 MGMT_STATUS_INVALID_PARAMS, 5389 &cp->addr, sizeof(cp->addr)); 5390 goto unlock; 5391 } 5392 5393 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5394 addr_type); 5395 if (!params) { 5396 err = mgmt_cmd_complete(sk, hdev->id, 5397 MGMT_OP_REMOVE_DEVICE, 5398 MGMT_STATUS_INVALID_PARAMS, 5399 &cp->addr, sizeof(cp->addr)); 5400 goto unlock; 5401 } 5402 5403 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5404 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5405 err = mgmt_cmd_complete(sk, hdev->id, 5406 MGMT_OP_REMOVE_DEVICE, 5407 MGMT_STATUS_INVALID_PARAMS, 5408 &cp->addr, sizeof(cp->addr)); 5409 goto unlock; 5410 } 5411 5412 list_del(¶ms->action); 5413 list_del(¶ms->list); 5414 kfree(params); 5415 hci_update_background_scan(hdev); 5416 5417 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5418 } else { 5419 struct hci_conn_params *p, *tmp; 5420 struct bdaddr_list *b, *btmp; 5421 5422 if (cp->addr.type) { 5423 err = mgmt_cmd_complete(sk, hdev->id, 5424 MGMT_OP_REMOVE_DEVICE, 5425 MGMT_STATUS_INVALID_PARAMS, 5426 &cp->addr, sizeof(cp->addr)); 5427 goto unlock; 5428 } 5429 5430 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5431 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5432 list_del(&b->list); 5433 kfree(b); 5434 } 5435 5436 hci_req_update_scan(hdev); 5437 5438 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5439 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5440 continue; 5441 device_removed(sk, hdev, &p->addr, p->addr_type); 5442 if (p->explicit_connect) { 5443 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5444 continue; 5445 } 5446 list_del(&p->action); 5447 list_del(&p->list); 5448 kfree(p); 5449 } 5450 5451 BT_DBG("All LE connection parameters were removed"); 5452 5453 hci_update_background_scan(hdev); 5454 } 5455 5456 complete: 5457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5458 MGMT_STATUS_SUCCESS, &cp->addr, 5459 sizeof(cp->addr)); 5460 unlock: 5461 hci_dev_unlock(hdev); 5462 return err; 5463 } 5464 5465 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5466 u16 len) 5467 { 5468 struct mgmt_cp_load_conn_param *cp = data; 5469 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5470 sizeof(struct mgmt_conn_param)); 5471 u16 param_count, expected_len; 5472 int i; 5473 5474 if (!lmp_le_capable(hdev)) 5475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5476 MGMT_STATUS_NOT_SUPPORTED); 5477 5478 param_count = __le16_to_cpu(cp->param_count); 5479 if (param_count > max_param_count) { 5480 BT_ERR("load_conn_param: too big param_count value %u", 5481 param_count); 5482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5483 MGMT_STATUS_INVALID_PARAMS); 5484 } 5485 5486 expected_len = sizeof(*cp) + param_count * 5487 sizeof(struct mgmt_conn_param); 5488 if (expected_len != len) { 5489 BT_ERR("load_conn_param: expected %u bytes, got %u bytes", 5490 expected_len, len); 5491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5492 MGMT_STATUS_INVALID_PARAMS); 5493 } 5494 5495 BT_DBG("%s param_count %u", hdev->name, param_count); 5496 5497 hci_dev_lock(hdev); 5498 5499 hci_conn_params_clear_disabled(hdev); 5500 5501 for (i = 0; i < param_count; i++) { 5502 struct mgmt_conn_param *param = &cp->params[i]; 5503 struct hci_conn_params *hci_param; 5504 u16 min, max, latency, timeout; 5505 u8 addr_type; 5506 5507 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5508 param->addr.type); 5509 5510 if (param->addr.type == BDADDR_LE_PUBLIC) { 5511 addr_type = ADDR_LE_DEV_PUBLIC; 5512 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5513 addr_type = ADDR_LE_DEV_RANDOM; 5514 } else { 5515 BT_ERR("Ignoring invalid connection parameters"); 5516 continue; 5517 } 5518 5519 min = le16_to_cpu(param->min_interval); 5520 max = le16_to_cpu(param->max_interval); 5521 latency = le16_to_cpu(param->latency); 5522 timeout = le16_to_cpu(param->timeout); 5523 5524 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5525 min, max, latency, timeout); 5526 5527 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5528 BT_ERR("Ignoring invalid connection parameters"); 5529 continue; 5530 } 5531 5532 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5533 addr_type); 5534 if (!hci_param) { 5535 BT_ERR("Failed to add connection parameters"); 5536 continue; 5537 } 5538 5539 hci_param->conn_min_interval = min; 5540 hci_param->conn_max_interval = max; 5541 hci_param->conn_latency = latency; 5542 hci_param->supervision_timeout = timeout; 5543 } 5544 5545 hci_dev_unlock(hdev); 5546 5547 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5548 NULL, 0); 5549 } 5550 5551 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5552 void *data, u16 len) 5553 { 5554 struct mgmt_cp_set_external_config *cp = data; 5555 bool changed; 5556 int err; 5557 5558 BT_DBG("%s", hdev->name); 5559 5560 if (hdev_is_powered(hdev)) 5561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5562 MGMT_STATUS_REJECTED); 5563 5564 if (cp->config != 0x00 && cp->config != 0x01) 5565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5566 MGMT_STATUS_INVALID_PARAMS); 5567 5568 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5570 MGMT_STATUS_NOT_SUPPORTED); 5571 5572 hci_dev_lock(hdev); 5573 5574 if (cp->config) 5575 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5576 else 5577 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5578 5579 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5580 if (err < 0) 5581 goto unlock; 5582 5583 if (!changed) 5584 goto unlock; 5585 5586 err = new_options(hdev, sk); 5587 5588 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5589 mgmt_index_removed(hdev); 5590 5591 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5592 hci_dev_set_flag(hdev, HCI_CONFIG); 5593 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5594 5595 queue_work(hdev->req_workqueue, &hdev->power_on); 5596 } else { 5597 set_bit(HCI_RAW, &hdev->flags); 5598 mgmt_index_added(hdev); 5599 } 5600 } 5601 5602 unlock: 5603 hci_dev_unlock(hdev); 5604 return err; 5605 } 5606 5607 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5608 void *data, u16 len) 5609 { 5610 struct mgmt_cp_set_public_address *cp = data; 5611 bool changed; 5612 int err; 5613 5614 BT_DBG("%s", hdev->name); 5615 5616 if (hdev_is_powered(hdev)) 5617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5618 MGMT_STATUS_REJECTED); 5619 5620 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5622 MGMT_STATUS_INVALID_PARAMS); 5623 5624 if (!hdev->set_bdaddr) 5625 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5626 MGMT_STATUS_NOT_SUPPORTED); 5627 5628 hci_dev_lock(hdev); 5629 5630 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5631 bacpy(&hdev->public_addr, &cp->bdaddr); 5632 5633 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 5634 if (err < 0) 5635 goto unlock; 5636 5637 if (!changed) 5638 goto unlock; 5639 5640 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 5641 err = new_options(hdev, sk); 5642 5643 if (is_configured(hdev)) { 5644 mgmt_index_removed(hdev); 5645 5646 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 5647 5648 hci_dev_set_flag(hdev, HCI_CONFIG); 5649 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5650 5651 queue_work(hdev->req_workqueue, &hdev->power_on); 5652 } 5653 5654 unlock: 5655 hci_dev_unlock(hdev); 5656 return err; 5657 } 5658 5659 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 5660 u16 opcode, struct sk_buff *skb) 5661 { 5662 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 5663 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 5664 u8 *h192, *r192, *h256, *r256; 5665 struct mgmt_pending_cmd *cmd; 5666 u16 eir_len; 5667 int err; 5668 5669 BT_DBG("%s status %u", hdev->name, status); 5670 5671 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 5672 if (!cmd) 5673 return; 5674 5675 mgmt_cp = cmd->param; 5676 5677 if (status) { 5678 status = mgmt_status(status); 5679 eir_len = 0; 5680 5681 h192 = NULL; 5682 r192 = NULL; 5683 h256 = NULL; 5684 r256 = NULL; 5685 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 5686 struct hci_rp_read_local_oob_data *rp; 5687 5688 if (skb->len != sizeof(*rp)) { 5689 status = MGMT_STATUS_FAILED; 5690 eir_len = 0; 5691 } else { 5692 status = MGMT_STATUS_SUCCESS; 5693 rp = (void *)skb->data; 5694 5695 eir_len = 5 + 18 + 18; 5696 h192 = rp->hash; 5697 r192 = rp->rand; 5698 h256 = NULL; 5699 r256 = NULL; 5700 } 5701 } else { 5702 struct hci_rp_read_local_oob_ext_data *rp; 5703 5704 if (skb->len != sizeof(*rp)) { 5705 status = MGMT_STATUS_FAILED; 5706 eir_len = 0; 5707 } else { 5708 status = MGMT_STATUS_SUCCESS; 5709 rp = (void *)skb->data; 5710 5711 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 5712 eir_len = 5 + 18 + 18; 5713 h192 = NULL; 5714 r192 = NULL; 5715 } else { 5716 eir_len = 5 + 18 + 18 + 18 + 18; 5717 h192 = rp->hash192; 5718 r192 = rp->rand192; 5719 } 5720 5721 h256 = rp->hash256; 5722 r256 = rp->rand256; 5723 } 5724 } 5725 5726 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 5727 if (!mgmt_rp) 5728 goto done; 5729 5730 if (status) 5731 goto send_rsp; 5732 5733 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 5734 hdev->dev_class, 3); 5735 5736 if (h192 && r192) { 5737 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5738 EIR_SSP_HASH_C192, h192, 16); 5739 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5740 EIR_SSP_RAND_R192, r192, 16); 5741 } 5742 5743 if (h256 && r256) { 5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5745 EIR_SSP_HASH_C256, h256, 16); 5746 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5747 EIR_SSP_RAND_R256, r256, 16); 5748 } 5749 5750 send_rsp: 5751 mgmt_rp->type = mgmt_cp->type; 5752 mgmt_rp->eir_len = cpu_to_le16(eir_len); 5753 5754 err = mgmt_cmd_complete(cmd->sk, hdev->id, 5755 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 5756 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 5757 if (err < 0 || status) 5758 goto done; 5759 5760 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 5761 5762 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5763 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 5764 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 5765 done: 5766 kfree(mgmt_rp); 5767 mgmt_pending_remove(cmd); 5768 } 5769 5770 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 5771 struct mgmt_cp_read_local_oob_ext_data *cp) 5772 { 5773 struct mgmt_pending_cmd *cmd; 5774 struct hci_request req; 5775 int err; 5776 5777 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 5778 cp, sizeof(*cp)); 5779 if (!cmd) 5780 return -ENOMEM; 5781 5782 hci_req_init(&req, hdev); 5783 5784 if (bredr_sc_enabled(hdev)) 5785 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 5786 else 5787 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 5788 5789 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 5790 if (err < 0) { 5791 mgmt_pending_remove(cmd); 5792 return err; 5793 } 5794 5795 return 0; 5796 } 5797 5798 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 5799 void *data, u16 data_len) 5800 { 5801 struct mgmt_cp_read_local_oob_ext_data *cp = data; 5802 struct mgmt_rp_read_local_oob_ext_data *rp; 5803 size_t rp_len; 5804 u16 eir_len; 5805 u8 status, flags, role, addr[7], hash[16], rand[16]; 5806 int err; 5807 5808 BT_DBG("%s", hdev->name); 5809 5810 if (hdev_is_powered(hdev)) { 5811 switch (cp->type) { 5812 case BIT(BDADDR_BREDR): 5813 status = mgmt_bredr_support(hdev); 5814 if (status) 5815 eir_len = 0; 5816 else 5817 eir_len = 5; 5818 break; 5819 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5820 status = mgmt_le_support(hdev); 5821 if (status) 5822 eir_len = 0; 5823 else 5824 eir_len = 9 + 3 + 18 + 18 + 3; 5825 break; 5826 default: 5827 status = MGMT_STATUS_INVALID_PARAMS; 5828 eir_len = 0; 5829 break; 5830 } 5831 } else { 5832 status = MGMT_STATUS_NOT_POWERED; 5833 eir_len = 0; 5834 } 5835 5836 rp_len = sizeof(*rp) + eir_len; 5837 rp = kmalloc(rp_len, GFP_ATOMIC); 5838 if (!rp) 5839 return -ENOMEM; 5840 5841 if (status) 5842 goto complete; 5843 5844 hci_dev_lock(hdev); 5845 5846 eir_len = 0; 5847 switch (cp->type) { 5848 case BIT(BDADDR_BREDR): 5849 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 5850 err = read_local_ssp_oob_req(hdev, sk, cp); 5851 hci_dev_unlock(hdev); 5852 if (!err) 5853 goto done; 5854 5855 status = MGMT_STATUS_FAILED; 5856 goto complete; 5857 } else { 5858 eir_len = eir_append_data(rp->eir, eir_len, 5859 EIR_CLASS_OF_DEV, 5860 hdev->dev_class, 3); 5861 } 5862 break; 5863 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5864 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 5865 smp_generate_oob(hdev, hash, rand) < 0) { 5866 hci_dev_unlock(hdev); 5867 status = MGMT_STATUS_FAILED; 5868 goto complete; 5869 } 5870 5871 /* This should return the active RPA, but since the RPA 5872 * is only programmed on demand, it is really hard to fill 5873 * this in at the moment. For now disallow retrieving 5874 * local out-of-band data when privacy is in use. 5875 * 5876 * Returning the identity address will not help here since 5877 * pairing happens before the identity resolving key is 5878 * known and thus the connection establishment happens 5879 * based on the RPA and not the identity address. 5880 */ 5881 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 5882 hci_dev_unlock(hdev); 5883 status = MGMT_STATUS_REJECTED; 5884 goto complete; 5885 } 5886 5887 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 5888 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 5889 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5890 bacmp(&hdev->static_addr, BDADDR_ANY))) { 5891 memcpy(addr, &hdev->static_addr, 6); 5892 addr[6] = 0x01; 5893 } else { 5894 memcpy(addr, &hdev->bdaddr, 6); 5895 addr[6] = 0x00; 5896 } 5897 5898 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 5899 addr, sizeof(addr)); 5900 5901 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 5902 role = 0x02; 5903 else 5904 role = 0x01; 5905 5906 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 5907 &role, sizeof(role)); 5908 5909 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 5910 eir_len = eir_append_data(rp->eir, eir_len, 5911 EIR_LE_SC_CONFIRM, 5912 hash, sizeof(hash)); 5913 5914 eir_len = eir_append_data(rp->eir, eir_len, 5915 EIR_LE_SC_RANDOM, 5916 rand, sizeof(rand)); 5917 } 5918 5919 flags = mgmt_get_adv_discov_flags(hdev); 5920 5921 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 5922 flags |= LE_AD_NO_BREDR; 5923 5924 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 5925 &flags, sizeof(flags)); 5926 break; 5927 } 5928 5929 hci_dev_unlock(hdev); 5930 5931 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 5932 5933 status = MGMT_STATUS_SUCCESS; 5934 5935 complete: 5936 rp->type = cp->type; 5937 rp->eir_len = cpu_to_le16(eir_len); 5938 5939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 5940 status, rp, sizeof(*rp) + eir_len); 5941 if (err < 0 || status) 5942 goto done; 5943 5944 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5945 rp, sizeof(*rp) + eir_len, 5946 HCI_MGMT_OOB_DATA_EVENTS, sk); 5947 5948 done: 5949 kfree(rp); 5950 5951 return err; 5952 } 5953 5954 static u32 get_supported_adv_flags(struct hci_dev *hdev) 5955 { 5956 u32 flags = 0; 5957 5958 flags |= MGMT_ADV_FLAG_CONNECTABLE; 5959 flags |= MGMT_ADV_FLAG_DISCOV; 5960 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 5961 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 5962 flags |= MGMT_ADV_FLAG_APPEARANCE; 5963 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 5964 5965 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) 5966 flags |= MGMT_ADV_FLAG_TX_POWER; 5967 5968 return flags; 5969 } 5970 5971 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 5972 void *data, u16 data_len) 5973 { 5974 struct mgmt_rp_read_adv_features *rp; 5975 size_t rp_len; 5976 int err; 5977 struct adv_info *adv_instance; 5978 u32 supported_flags; 5979 u8 *instance; 5980 5981 BT_DBG("%s", hdev->name); 5982 5983 if (!lmp_le_capable(hdev)) 5984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5985 MGMT_STATUS_REJECTED); 5986 5987 hci_dev_lock(hdev); 5988 5989 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 5990 rp = kmalloc(rp_len, GFP_ATOMIC); 5991 if (!rp) { 5992 hci_dev_unlock(hdev); 5993 return -ENOMEM; 5994 } 5995 5996 supported_flags = get_supported_adv_flags(hdev); 5997 5998 rp->supported_flags = cpu_to_le32(supported_flags); 5999 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 6000 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 6001 rp->max_instances = HCI_MAX_ADV_INSTANCES; 6002 rp->num_instances = hdev->adv_instance_cnt; 6003 6004 instance = rp->instance; 6005 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 6006 *instance = adv_instance->instance; 6007 instance++; 6008 } 6009 6010 hci_dev_unlock(hdev); 6011 6012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 6013 MGMT_STATUS_SUCCESS, rp, rp_len); 6014 6015 kfree(rp); 6016 6017 return err; 6018 } 6019 6020 static u8 calculate_name_len(struct hci_dev *hdev) 6021 { 6022 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 6023 6024 return append_local_name(hdev, buf, 0); 6025 } 6026 6027 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 6028 bool is_adv_data) 6029 { 6030 u8 max_len = HCI_MAX_AD_LENGTH; 6031 6032 if (is_adv_data) { 6033 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6034 MGMT_ADV_FLAG_LIMITED_DISCOV | 6035 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6036 max_len -= 3; 6037 6038 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6039 max_len -= 3; 6040 } else { 6041 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 6042 max_len -= calculate_name_len(hdev); 6043 6044 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 6045 max_len -= 4; 6046 } 6047 6048 return max_len; 6049 } 6050 6051 static bool flags_managed(u32 adv_flags) 6052 { 6053 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 6054 MGMT_ADV_FLAG_LIMITED_DISCOV | 6055 MGMT_ADV_FLAG_MANAGED_FLAGS); 6056 } 6057 6058 static bool tx_power_managed(u32 adv_flags) 6059 { 6060 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 6061 } 6062 6063 static bool name_managed(u32 adv_flags) 6064 { 6065 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 6066 } 6067 6068 static bool appearance_managed(u32 adv_flags) 6069 { 6070 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 6071 } 6072 6073 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 6074 u8 len, bool is_adv_data) 6075 { 6076 int i, cur_len; 6077 u8 max_len; 6078 6079 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 6080 6081 if (len > max_len) 6082 return false; 6083 6084 /* Make sure that the data is correctly formatted. */ 6085 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 6086 cur_len = data[i]; 6087 6088 if (data[i + 1] == EIR_FLAGS && 6089 (!is_adv_data || flags_managed(adv_flags))) 6090 return false; 6091 6092 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 6093 return false; 6094 6095 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 6096 return false; 6097 6098 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 6099 return false; 6100 6101 if (data[i + 1] == EIR_APPEARANCE && 6102 appearance_managed(adv_flags)) 6103 return false; 6104 6105 /* If the current field length would exceed the total data 6106 * length, then it's invalid. 6107 */ 6108 if (i + cur_len >= len) 6109 return false; 6110 } 6111 6112 return true; 6113 } 6114 6115 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 6116 u16 opcode) 6117 { 6118 struct mgmt_pending_cmd *cmd; 6119 struct mgmt_cp_add_advertising *cp; 6120 struct mgmt_rp_add_advertising rp; 6121 struct adv_info *adv_instance, *n; 6122 u8 instance; 6123 6124 BT_DBG("status %d", status); 6125 6126 hci_dev_lock(hdev); 6127 6128 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 6129 6130 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 6131 if (!adv_instance->pending) 6132 continue; 6133 6134 if (!status) { 6135 adv_instance->pending = false; 6136 continue; 6137 } 6138 6139 instance = adv_instance->instance; 6140 6141 if (hdev->cur_adv_instance == instance) 6142 cancel_adv_timeout(hdev); 6143 6144 hci_remove_adv_instance(hdev, instance); 6145 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 6146 } 6147 6148 if (!cmd) 6149 goto unlock; 6150 6151 cp = cmd->param; 6152 rp.instance = cp->instance; 6153 6154 if (status) 6155 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 6156 mgmt_status(status)); 6157 else 6158 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 6159 mgmt_status(status), &rp, sizeof(rp)); 6160 6161 mgmt_pending_remove(cmd); 6162 6163 unlock: 6164 hci_dev_unlock(hdev); 6165 } 6166 6167 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 6168 void *data, u16 data_len) 6169 { 6170 struct mgmt_cp_add_advertising *cp = data; 6171 struct mgmt_rp_add_advertising rp; 6172 u32 flags; 6173 u32 supported_flags; 6174 u8 status; 6175 u16 timeout, duration; 6176 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6177 u8 schedule_instance = 0; 6178 struct adv_info *next_instance; 6179 int err; 6180 struct mgmt_pending_cmd *cmd; 6181 struct hci_request req; 6182 6183 BT_DBG("%s", hdev->name); 6184 6185 status = mgmt_le_support(hdev); 6186 if (status) 6187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6188 status); 6189 6190 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6192 MGMT_STATUS_INVALID_PARAMS); 6193 6194 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 6195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6196 MGMT_STATUS_INVALID_PARAMS); 6197 6198 flags = __le32_to_cpu(cp->flags); 6199 timeout = __le16_to_cpu(cp->timeout); 6200 duration = __le16_to_cpu(cp->duration); 6201 6202 /* The current implementation only supports a subset of the specified 6203 * flags. 6204 */ 6205 supported_flags = get_supported_adv_flags(hdev); 6206 if (flags & ~supported_flags) 6207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6208 MGMT_STATUS_INVALID_PARAMS); 6209 6210 hci_dev_lock(hdev); 6211 6212 if (timeout && !hdev_is_powered(hdev)) { 6213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6214 MGMT_STATUS_REJECTED); 6215 goto unlock; 6216 } 6217 6218 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6219 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6220 pending_find(MGMT_OP_SET_LE, hdev)) { 6221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6222 MGMT_STATUS_BUSY); 6223 goto unlock; 6224 } 6225 6226 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6227 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6228 cp->scan_rsp_len, false)) { 6229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6230 MGMT_STATUS_INVALID_PARAMS); 6231 goto unlock; 6232 } 6233 6234 err = hci_add_adv_instance(hdev, cp->instance, flags, 6235 cp->adv_data_len, cp->data, 6236 cp->scan_rsp_len, 6237 cp->data + cp->adv_data_len, 6238 timeout, duration); 6239 if (err < 0) { 6240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6241 MGMT_STATUS_FAILED); 6242 goto unlock; 6243 } 6244 6245 /* Only trigger an advertising added event if a new instance was 6246 * actually added. 6247 */ 6248 if (hdev->adv_instance_cnt > prev_instance_cnt) 6249 mgmt_advertising_added(sk, hdev, cp->instance); 6250 6251 if (hdev->cur_adv_instance == cp->instance) { 6252 /* If the currently advertised instance is being changed then 6253 * cancel the current advertising and schedule the next 6254 * instance. If there is only one instance then the overridden 6255 * advertising data will be visible right away. 6256 */ 6257 cancel_adv_timeout(hdev); 6258 6259 next_instance = hci_get_next_instance(hdev, cp->instance); 6260 if (next_instance) 6261 schedule_instance = next_instance->instance; 6262 } else if (!hdev->adv_instance_timeout) { 6263 /* Immediately advertise the new instance if no other 6264 * instance is currently being advertised. 6265 */ 6266 schedule_instance = cp->instance; 6267 } 6268 6269 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6270 * there is no instance to be advertised then we have no HCI 6271 * communication to make. Simply return. 6272 */ 6273 if (!hdev_is_powered(hdev) || 6274 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6275 !schedule_instance) { 6276 rp.instance = cp->instance; 6277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6278 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6279 goto unlock; 6280 } 6281 6282 /* We're good to go, update advertising data, parameters, and start 6283 * advertising. 6284 */ 6285 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6286 data_len); 6287 if (!cmd) { 6288 err = -ENOMEM; 6289 goto unlock; 6290 } 6291 6292 hci_req_init(&req, hdev); 6293 6294 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6295 6296 if (!err) 6297 err = hci_req_run(&req, add_advertising_complete); 6298 6299 if (err < 0) 6300 mgmt_pending_remove(cmd); 6301 6302 unlock: 6303 hci_dev_unlock(hdev); 6304 6305 return err; 6306 } 6307 6308 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6309 u16 opcode) 6310 { 6311 struct mgmt_pending_cmd *cmd; 6312 struct mgmt_cp_remove_advertising *cp; 6313 struct mgmt_rp_remove_advertising rp; 6314 6315 BT_DBG("status %d", status); 6316 6317 hci_dev_lock(hdev); 6318 6319 /* A failure status here only means that we failed to disable 6320 * advertising. Otherwise, the advertising instance has been removed, 6321 * so report success. 6322 */ 6323 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6324 if (!cmd) 6325 goto unlock; 6326 6327 cp = cmd->param; 6328 rp.instance = cp->instance; 6329 6330 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6331 &rp, sizeof(rp)); 6332 mgmt_pending_remove(cmd); 6333 6334 unlock: 6335 hci_dev_unlock(hdev); 6336 } 6337 6338 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6339 void *data, u16 data_len) 6340 { 6341 struct mgmt_cp_remove_advertising *cp = data; 6342 struct mgmt_rp_remove_advertising rp; 6343 struct mgmt_pending_cmd *cmd; 6344 struct hci_request req; 6345 int err; 6346 6347 BT_DBG("%s", hdev->name); 6348 6349 hci_dev_lock(hdev); 6350 6351 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6352 err = mgmt_cmd_status(sk, hdev->id, 6353 MGMT_OP_REMOVE_ADVERTISING, 6354 MGMT_STATUS_INVALID_PARAMS); 6355 goto unlock; 6356 } 6357 6358 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6359 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6360 pending_find(MGMT_OP_SET_LE, hdev)) { 6361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6362 MGMT_STATUS_BUSY); 6363 goto unlock; 6364 } 6365 6366 if (list_empty(&hdev->adv_instances)) { 6367 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6368 MGMT_STATUS_INVALID_PARAMS); 6369 goto unlock; 6370 } 6371 6372 hci_req_init(&req, hdev); 6373 6374 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 6375 6376 if (list_empty(&hdev->adv_instances)) 6377 __hci_req_disable_advertising(&req); 6378 6379 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6380 * flag is set or the device isn't powered then we have no HCI 6381 * communication to make. Simply return. 6382 */ 6383 if (skb_queue_empty(&req.cmd_q) || 6384 !hdev_is_powered(hdev) || 6385 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6386 rp.instance = cp->instance; 6387 err = mgmt_cmd_complete(sk, hdev->id, 6388 MGMT_OP_REMOVE_ADVERTISING, 6389 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6390 goto unlock; 6391 } 6392 6393 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6394 data_len); 6395 if (!cmd) { 6396 err = -ENOMEM; 6397 goto unlock; 6398 } 6399 6400 err = hci_req_run(&req, remove_advertising_complete); 6401 if (err < 0) 6402 mgmt_pending_remove(cmd); 6403 6404 unlock: 6405 hci_dev_unlock(hdev); 6406 6407 return err; 6408 } 6409 6410 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6411 void *data, u16 data_len) 6412 { 6413 struct mgmt_cp_get_adv_size_info *cp = data; 6414 struct mgmt_rp_get_adv_size_info rp; 6415 u32 flags, supported_flags; 6416 int err; 6417 6418 BT_DBG("%s", hdev->name); 6419 6420 if (!lmp_le_capable(hdev)) 6421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6422 MGMT_STATUS_REJECTED); 6423 6424 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6426 MGMT_STATUS_INVALID_PARAMS); 6427 6428 flags = __le32_to_cpu(cp->flags); 6429 6430 /* The current implementation only supports a subset of the specified 6431 * flags. 6432 */ 6433 supported_flags = get_supported_adv_flags(hdev); 6434 if (flags & ~supported_flags) 6435 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6436 MGMT_STATUS_INVALID_PARAMS); 6437 6438 rp.instance = cp->instance; 6439 rp.flags = cp->flags; 6440 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 6441 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 6442 6443 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6444 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6445 6446 return err; 6447 } 6448 6449 static const struct hci_mgmt_handler mgmt_handlers[] = { 6450 { NULL }, /* 0x0000 (no command) */ 6451 { read_version, MGMT_READ_VERSION_SIZE, 6452 HCI_MGMT_NO_HDEV | 6453 HCI_MGMT_UNTRUSTED }, 6454 { read_commands, MGMT_READ_COMMANDS_SIZE, 6455 HCI_MGMT_NO_HDEV | 6456 HCI_MGMT_UNTRUSTED }, 6457 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6458 HCI_MGMT_NO_HDEV | 6459 HCI_MGMT_UNTRUSTED }, 6460 { read_controller_info, MGMT_READ_INFO_SIZE, 6461 HCI_MGMT_UNTRUSTED }, 6462 { set_powered, MGMT_SETTING_SIZE }, 6463 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6464 { set_connectable, MGMT_SETTING_SIZE }, 6465 { set_fast_connectable, MGMT_SETTING_SIZE }, 6466 { set_bondable, MGMT_SETTING_SIZE }, 6467 { set_link_security, MGMT_SETTING_SIZE }, 6468 { set_ssp, MGMT_SETTING_SIZE }, 6469 { set_hs, MGMT_SETTING_SIZE }, 6470 { set_le, MGMT_SETTING_SIZE }, 6471 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6472 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6473 { add_uuid, MGMT_ADD_UUID_SIZE }, 6474 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6475 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6476 HCI_MGMT_VAR_LEN }, 6477 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6478 HCI_MGMT_VAR_LEN }, 6479 { disconnect, MGMT_DISCONNECT_SIZE }, 6480 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6481 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6482 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6483 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6484 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6485 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6486 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6487 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6488 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6489 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6490 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6491 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6492 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6493 HCI_MGMT_VAR_LEN }, 6494 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6495 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6496 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6497 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6498 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6499 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6500 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6501 { set_advertising, MGMT_SETTING_SIZE }, 6502 { set_bredr, MGMT_SETTING_SIZE }, 6503 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6504 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6505 { set_secure_conn, MGMT_SETTING_SIZE }, 6506 { set_debug_keys, MGMT_SETTING_SIZE }, 6507 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6508 { load_irks, MGMT_LOAD_IRKS_SIZE, 6509 HCI_MGMT_VAR_LEN }, 6510 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6511 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6512 { add_device, MGMT_ADD_DEVICE_SIZE }, 6513 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6514 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6515 HCI_MGMT_VAR_LEN }, 6516 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6517 HCI_MGMT_NO_HDEV | 6518 HCI_MGMT_UNTRUSTED }, 6519 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6520 HCI_MGMT_UNCONFIGURED | 6521 HCI_MGMT_UNTRUSTED }, 6522 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6523 HCI_MGMT_UNCONFIGURED }, 6524 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6525 HCI_MGMT_UNCONFIGURED }, 6526 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6527 HCI_MGMT_VAR_LEN }, 6528 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6529 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6530 HCI_MGMT_NO_HDEV | 6531 HCI_MGMT_UNTRUSTED }, 6532 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6533 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6534 HCI_MGMT_VAR_LEN }, 6535 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6536 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6537 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6538 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6539 HCI_MGMT_UNTRUSTED }, 6540 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6541 }; 6542 6543 void mgmt_index_added(struct hci_dev *hdev) 6544 { 6545 struct mgmt_ev_ext_index ev; 6546 6547 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6548 return; 6549 6550 switch (hdev->dev_type) { 6551 case HCI_PRIMARY: 6552 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6553 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6554 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6555 ev.type = 0x01; 6556 } else { 6557 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6558 HCI_MGMT_INDEX_EVENTS); 6559 ev.type = 0x00; 6560 } 6561 break; 6562 case HCI_AMP: 6563 ev.type = 0x02; 6564 break; 6565 default: 6566 return; 6567 } 6568 6569 ev.bus = hdev->bus; 6570 6571 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6572 HCI_MGMT_EXT_INDEX_EVENTS); 6573 } 6574 6575 void mgmt_index_removed(struct hci_dev *hdev) 6576 { 6577 struct mgmt_ev_ext_index ev; 6578 u8 status = MGMT_STATUS_INVALID_INDEX; 6579 6580 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6581 return; 6582 6583 switch (hdev->dev_type) { 6584 case HCI_PRIMARY: 6585 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6586 6587 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6588 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6589 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6590 ev.type = 0x01; 6591 } else { 6592 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6593 HCI_MGMT_INDEX_EVENTS); 6594 ev.type = 0x00; 6595 } 6596 break; 6597 case HCI_AMP: 6598 ev.type = 0x02; 6599 break; 6600 default: 6601 return; 6602 } 6603 6604 ev.bus = hdev->bus; 6605 6606 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6607 HCI_MGMT_EXT_INDEX_EVENTS); 6608 } 6609 6610 /* This function requires the caller holds hdev->lock */ 6611 static void restart_le_actions(struct hci_dev *hdev) 6612 { 6613 struct hci_conn_params *p; 6614 6615 list_for_each_entry(p, &hdev->le_conn_params, list) { 6616 /* Needed for AUTO_OFF case where might not "really" 6617 * have been powered off. 6618 */ 6619 list_del_init(&p->action); 6620 6621 switch (p->auto_connect) { 6622 case HCI_AUTO_CONN_DIRECT: 6623 case HCI_AUTO_CONN_ALWAYS: 6624 list_add(&p->action, &hdev->pend_le_conns); 6625 break; 6626 case HCI_AUTO_CONN_REPORT: 6627 list_add(&p->action, &hdev->pend_le_reports); 6628 break; 6629 default: 6630 break; 6631 } 6632 } 6633 } 6634 6635 void mgmt_power_on(struct hci_dev *hdev, int err) 6636 { 6637 struct cmd_lookup match = { NULL, hdev }; 6638 6639 BT_DBG("err %d", err); 6640 6641 hci_dev_lock(hdev); 6642 6643 if (!err) { 6644 restart_le_actions(hdev); 6645 hci_update_background_scan(hdev); 6646 } 6647 6648 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6649 6650 new_settings(hdev, match.sk); 6651 6652 if (match.sk) 6653 sock_put(match.sk); 6654 6655 hci_dev_unlock(hdev); 6656 } 6657 6658 void __mgmt_power_off(struct hci_dev *hdev) 6659 { 6660 struct cmd_lookup match = { NULL, hdev }; 6661 u8 status, zero_cod[] = { 0, 0, 0 }; 6662 6663 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6664 6665 /* If the power off is because of hdev unregistration let 6666 * use the appropriate INVALID_INDEX status. Otherwise use 6667 * NOT_POWERED. We cover both scenarios here since later in 6668 * mgmt_index_removed() any hci_conn callbacks will have already 6669 * been triggered, potentially causing misleading DISCONNECTED 6670 * status responses. 6671 */ 6672 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 6673 status = MGMT_STATUS_INVALID_INDEX; 6674 else 6675 status = MGMT_STATUS_NOT_POWERED; 6676 6677 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6678 6679 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 6680 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6681 zero_cod, sizeof(zero_cod), 6682 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 6683 ext_info_changed(hdev, NULL); 6684 } 6685 6686 new_settings(hdev, match.sk); 6687 6688 if (match.sk) 6689 sock_put(match.sk); 6690 } 6691 6692 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 6693 { 6694 struct mgmt_pending_cmd *cmd; 6695 u8 status; 6696 6697 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6698 if (!cmd) 6699 return; 6700 6701 if (err == -ERFKILL) 6702 status = MGMT_STATUS_RFKILLED; 6703 else 6704 status = MGMT_STATUS_FAILED; 6705 6706 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 6707 6708 mgmt_pending_remove(cmd); 6709 } 6710 6711 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 6712 bool persistent) 6713 { 6714 struct mgmt_ev_new_link_key ev; 6715 6716 memset(&ev, 0, sizeof(ev)); 6717 6718 ev.store_hint = persistent; 6719 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6720 ev.key.addr.type = BDADDR_BREDR; 6721 ev.key.type = key->type; 6722 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 6723 ev.key.pin_len = key->pin_len; 6724 6725 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 6726 } 6727 6728 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 6729 { 6730 switch (ltk->type) { 6731 case SMP_LTK: 6732 case SMP_LTK_SLAVE: 6733 if (ltk->authenticated) 6734 return MGMT_LTK_AUTHENTICATED; 6735 return MGMT_LTK_UNAUTHENTICATED; 6736 case SMP_LTK_P256: 6737 if (ltk->authenticated) 6738 return MGMT_LTK_P256_AUTH; 6739 return MGMT_LTK_P256_UNAUTH; 6740 case SMP_LTK_P256_DEBUG: 6741 return MGMT_LTK_P256_DEBUG; 6742 } 6743 6744 return MGMT_LTK_UNAUTHENTICATED; 6745 } 6746 6747 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 6748 { 6749 struct mgmt_ev_new_long_term_key ev; 6750 6751 memset(&ev, 0, sizeof(ev)); 6752 6753 /* Devices using resolvable or non-resolvable random addresses 6754 * without providing an identity resolving key don't require 6755 * to store long term keys. Their addresses will change the 6756 * next time around. 6757 * 6758 * Only when a remote device provides an identity address 6759 * make sure the long term key is stored. If the remote 6760 * identity is known, the long term keys are internally 6761 * mapped to the identity address. So allow static random 6762 * and public addresses here. 6763 */ 6764 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 6765 (key->bdaddr.b[5] & 0xc0) != 0xc0) 6766 ev.store_hint = 0x00; 6767 else 6768 ev.store_hint = persistent; 6769 6770 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6771 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 6772 ev.key.type = mgmt_ltk_type(key); 6773 ev.key.enc_size = key->enc_size; 6774 ev.key.ediv = key->ediv; 6775 ev.key.rand = key->rand; 6776 6777 if (key->type == SMP_LTK) 6778 ev.key.master = 1; 6779 6780 /* Make sure we copy only the significant bytes based on the 6781 * encryption key size, and set the rest of the value to zeroes. 6782 */ 6783 memcpy(ev.key.val, key->val, key->enc_size); 6784 memset(ev.key.val + key->enc_size, 0, 6785 sizeof(ev.key.val) - key->enc_size); 6786 6787 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 6788 } 6789 6790 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 6791 { 6792 struct mgmt_ev_new_irk ev; 6793 6794 memset(&ev, 0, sizeof(ev)); 6795 6796 ev.store_hint = persistent; 6797 6798 bacpy(&ev.rpa, &irk->rpa); 6799 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 6800 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 6801 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 6802 6803 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 6804 } 6805 6806 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 6807 bool persistent) 6808 { 6809 struct mgmt_ev_new_csrk ev; 6810 6811 memset(&ev, 0, sizeof(ev)); 6812 6813 /* Devices using resolvable or non-resolvable random addresses 6814 * without providing an identity resolving key don't require 6815 * to store signature resolving keys. Their addresses will change 6816 * the next time around. 6817 * 6818 * Only when a remote device provides an identity address 6819 * make sure the signature resolving key is stored. So allow 6820 * static random and public addresses here. 6821 */ 6822 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 6823 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 6824 ev.store_hint = 0x00; 6825 else 6826 ev.store_hint = persistent; 6827 6828 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 6829 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 6830 ev.key.type = csrk->type; 6831 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 6832 6833 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 6834 } 6835 6836 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 6837 u8 bdaddr_type, u8 store_hint, u16 min_interval, 6838 u16 max_interval, u16 latency, u16 timeout) 6839 { 6840 struct mgmt_ev_new_conn_param ev; 6841 6842 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 6843 return; 6844 6845 memset(&ev, 0, sizeof(ev)); 6846 bacpy(&ev.addr.bdaddr, bdaddr); 6847 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 6848 ev.store_hint = store_hint; 6849 ev.min_interval = cpu_to_le16(min_interval); 6850 ev.max_interval = cpu_to_le16(max_interval); 6851 ev.latency = cpu_to_le16(latency); 6852 ev.timeout = cpu_to_le16(timeout); 6853 6854 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 6855 } 6856 6857 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 6858 u32 flags, u8 *name, u8 name_len) 6859 { 6860 char buf[512]; 6861 struct mgmt_ev_device_connected *ev = (void *) buf; 6862 u16 eir_len = 0; 6863 6864 bacpy(&ev->addr.bdaddr, &conn->dst); 6865 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6866 6867 ev->flags = __cpu_to_le32(flags); 6868 6869 /* We must ensure that the EIR Data fields are ordered and 6870 * unique. Keep it simple for now and avoid the problem by not 6871 * adding any BR/EDR data to the LE adv. 6872 */ 6873 if (conn->le_adv_data_len > 0) { 6874 memcpy(&ev->eir[eir_len], 6875 conn->le_adv_data, conn->le_adv_data_len); 6876 eir_len = conn->le_adv_data_len; 6877 } else { 6878 if (name_len > 0) 6879 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 6880 name, name_len); 6881 6882 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 6883 eir_len = eir_append_data(ev->eir, eir_len, 6884 EIR_CLASS_OF_DEV, 6885 conn->dev_class, 3); 6886 } 6887 6888 ev->eir_len = cpu_to_le16(eir_len); 6889 6890 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 6891 sizeof(*ev) + eir_len, NULL); 6892 } 6893 6894 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 6895 { 6896 struct sock **sk = data; 6897 6898 cmd->cmd_complete(cmd, 0); 6899 6900 *sk = cmd->sk; 6901 sock_hold(*sk); 6902 6903 mgmt_pending_remove(cmd); 6904 } 6905 6906 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 6907 { 6908 struct hci_dev *hdev = data; 6909 struct mgmt_cp_unpair_device *cp = cmd->param; 6910 6911 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 6912 6913 cmd->cmd_complete(cmd, 0); 6914 mgmt_pending_remove(cmd); 6915 } 6916 6917 bool mgmt_powering_down(struct hci_dev *hdev) 6918 { 6919 struct mgmt_pending_cmd *cmd; 6920 struct mgmt_mode *cp; 6921 6922 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6923 if (!cmd) 6924 return false; 6925 6926 cp = cmd->param; 6927 if (!cp->val) 6928 return true; 6929 6930 return false; 6931 } 6932 6933 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 6934 u8 link_type, u8 addr_type, u8 reason, 6935 bool mgmt_connected) 6936 { 6937 struct mgmt_ev_device_disconnected ev; 6938 struct sock *sk = NULL; 6939 6940 /* The connection is still in hci_conn_hash so test for 1 6941 * instead of 0 to know if this is the last one. 6942 */ 6943 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6944 cancel_delayed_work(&hdev->power_off); 6945 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6946 } 6947 6948 if (!mgmt_connected) 6949 return; 6950 6951 if (link_type != ACL_LINK && link_type != LE_LINK) 6952 return; 6953 6954 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 6955 6956 bacpy(&ev.addr.bdaddr, bdaddr); 6957 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6958 ev.reason = reason; 6959 6960 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 6961 6962 if (sk) 6963 sock_put(sk); 6964 6965 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6966 hdev); 6967 } 6968 6969 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 6970 u8 link_type, u8 addr_type, u8 status) 6971 { 6972 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 6973 struct mgmt_cp_disconnect *cp; 6974 struct mgmt_pending_cmd *cmd; 6975 6976 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6977 hdev); 6978 6979 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 6980 if (!cmd) 6981 return; 6982 6983 cp = cmd->param; 6984 6985 if (bacmp(bdaddr, &cp->addr.bdaddr)) 6986 return; 6987 6988 if (cp->addr.type != bdaddr_type) 6989 return; 6990 6991 cmd->cmd_complete(cmd, mgmt_status(status)); 6992 mgmt_pending_remove(cmd); 6993 } 6994 6995 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6996 u8 addr_type, u8 status) 6997 { 6998 struct mgmt_ev_connect_failed ev; 6999 7000 /* The connection is still in hci_conn_hash so test for 1 7001 * instead of 0 to know if this is the last one. 7002 */ 7003 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 7004 cancel_delayed_work(&hdev->power_off); 7005 queue_work(hdev->req_workqueue, &hdev->power_off.work); 7006 } 7007 7008 bacpy(&ev.addr.bdaddr, bdaddr); 7009 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7010 ev.status = mgmt_status(status); 7011 7012 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 7013 } 7014 7015 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 7016 { 7017 struct mgmt_ev_pin_code_request ev; 7018 7019 bacpy(&ev.addr.bdaddr, bdaddr); 7020 ev.addr.type = BDADDR_BREDR; 7021 ev.secure = secure; 7022 7023 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 7024 } 7025 7026 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7027 u8 status) 7028 { 7029 struct mgmt_pending_cmd *cmd; 7030 7031 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 7032 if (!cmd) 7033 return; 7034 7035 cmd->cmd_complete(cmd, mgmt_status(status)); 7036 mgmt_pending_remove(cmd); 7037 } 7038 7039 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7040 u8 status) 7041 { 7042 struct mgmt_pending_cmd *cmd; 7043 7044 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 7045 if (!cmd) 7046 return; 7047 7048 cmd->cmd_complete(cmd, mgmt_status(status)); 7049 mgmt_pending_remove(cmd); 7050 } 7051 7052 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7053 u8 link_type, u8 addr_type, u32 value, 7054 u8 confirm_hint) 7055 { 7056 struct mgmt_ev_user_confirm_request ev; 7057 7058 BT_DBG("%s", hdev->name); 7059 7060 bacpy(&ev.addr.bdaddr, bdaddr); 7061 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7062 ev.confirm_hint = confirm_hint; 7063 ev.value = cpu_to_le32(value); 7064 7065 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 7066 NULL); 7067 } 7068 7069 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 7070 u8 link_type, u8 addr_type) 7071 { 7072 struct mgmt_ev_user_passkey_request ev; 7073 7074 BT_DBG("%s", hdev->name); 7075 7076 bacpy(&ev.addr.bdaddr, bdaddr); 7077 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7078 7079 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 7080 NULL); 7081 } 7082 7083 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7084 u8 link_type, u8 addr_type, u8 status, 7085 u8 opcode) 7086 { 7087 struct mgmt_pending_cmd *cmd; 7088 7089 cmd = pending_find(opcode, hdev); 7090 if (!cmd) 7091 return -ENOENT; 7092 7093 cmd->cmd_complete(cmd, mgmt_status(status)); 7094 mgmt_pending_remove(cmd); 7095 7096 return 0; 7097 } 7098 7099 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7100 u8 link_type, u8 addr_type, u8 status) 7101 { 7102 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7103 status, MGMT_OP_USER_CONFIRM_REPLY); 7104 } 7105 7106 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7107 u8 link_type, u8 addr_type, u8 status) 7108 { 7109 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7110 status, 7111 MGMT_OP_USER_CONFIRM_NEG_REPLY); 7112 } 7113 7114 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7115 u8 link_type, u8 addr_type, u8 status) 7116 { 7117 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7118 status, MGMT_OP_USER_PASSKEY_REPLY); 7119 } 7120 7121 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 7122 u8 link_type, u8 addr_type, u8 status) 7123 { 7124 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 7125 status, 7126 MGMT_OP_USER_PASSKEY_NEG_REPLY); 7127 } 7128 7129 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 7130 u8 link_type, u8 addr_type, u32 passkey, 7131 u8 entered) 7132 { 7133 struct mgmt_ev_passkey_notify ev; 7134 7135 BT_DBG("%s", hdev->name); 7136 7137 bacpy(&ev.addr.bdaddr, bdaddr); 7138 ev.addr.type = link_to_bdaddr(link_type, addr_type); 7139 ev.passkey = __cpu_to_le32(passkey); 7140 ev.entered = entered; 7141 7142 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 7143 } 7144 7145 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 7146 { 7147 struct mgmt_ev_auth_failed ev; 7148 struct mgmt_pending_cmd *cmd; 7149 u8 status = mgmt_status(hci_status); 7150 7151 bacpy(&ev.addr.bdaddr, &conn->dst); 7152 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 7153 ev.status = status; 7154 7155 cmd = find_pairing(conn); 7156 7157 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 7158 cmd ? cmd->sk : NULL); 7159 7160 if (cmd) { 7161 cmd->cmd_complete(cmd, status); 7162 mgmt_pending_remove(cmd); 7163 } 7164 } 7165 7166 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 7167 { 7168 struct cmd_lookup match = { NULL, hdev }; 7169 bool changed; 7170 7171 if (status) { 7172 u8 mgmt_err = mgmt_status(status); 7173 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 7174 cmd_status_rsp, &mgmt_err); 7175 return; 7176 } 7177 7178 if (test_bit(HCI_AUTH, &hdev->flags)) 7179 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 7180 else 7181 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 7182 7183 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 7184 &match); 7185 7186 if (changed) 7187 new_settings(hdev, match.sk); 7188 7189 if (match.sk) 7190 sock_put(match.sk); 7191 } 7192 7193 static void clear_eir(struct hci_request *req) 7194 { 7195 struct hci_dev *hdev = req->hdev; 7196 struct hci_cp_write_eir cp; 7197 7198 if (!lmp_ext_inq_capable(hdev)) 7199 return; 7200 7201 memset(hdev->eir, 0, sizeof(hdev->eir)); 7202 7203 memset(&cp, 0, sizeof(cp)); 7204 7205 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7206 } 7207 7208 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7209 { 7210 struct cmd_lookup match = { NULL, hdev }; 7211 struct hci_request req; 7212 bool changed = false; 7213 7214 if (status) { 7215 u8 mgmt_err = mgmt_status(status); 7216 7217 if (enable && hci_dev_test_and_clear_flag(hdev, 7218 HCI_SSP_ENABLED)) { 7219 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7220 new_settings(hdev, NULL); 7221 } 7222 7223 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7224 &mgmt_err); 7225 return; 7226 } 7227 7228 if (enable) { 7229 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7230 } else { 7231 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7232 if (!changed) 7233 changed = hci_dev_test_and_clear_flag(hdev, 7234 HCI_HS_ENABLED); 7235 else 7236 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7237 } 7238 7239 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7240 7241 if (changed) 7242 new_settings(hdev, match.sk); 7243 7244 if (match.sk) 7245 sock_put(match.sk); 7246 7247 hci_req_init(&req, hdev); 7248 7249 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7250 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7251 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7252 sizeof(enable), &enable); 7253 __hci_req_update_eir(&req); 7254 } else { 7255 clear_eir(&req); 7256 } 7257 7258 hci_req_run(&req, NULL); 7259 } 7260 7261 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7262 { 7263 struct cmd_lookup *match = data; 7264 7265 if (match->sk == NULL) { 7266 match->sk = cmd->sk; 7267 sock_hold(match->sk); 7268 } 7269 } 7270 7271 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7272 u8 status) 7273 { 7274 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7275 7276 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7277 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7278 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7279 7280 if (!status) { 7281 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 7282 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 7283 ext_info_changed(hdev, NULL); 7284 } 7285 7286 if (match.sk) 7287 sock_put(match.sk); 7288 } 7289 7290 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7291 { 7292 struct mgmt_cp_set_local_name ev; 7293 struct mgmt_pending_cmd *cmd; 7294 7295 if (status) 7296 return; 7297 7298 memset(&ev, 0, sizeof(ev)); 7299 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7300 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7301 7302 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7303 if (!cmd) { 7304 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7305 7306 /* If this is a HCI command related to powering on the 7307 * HCI dev don't send any mgmt signals. 7308 */ 7309 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7310 return; 7311 } 7312 7313 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7314 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 7315 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 7316 } 7317 7318 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7319 { 7320 int i; 7321 7322 for (i = 0; i < uuid_count; i++) { 7323 if (!memcmp(uuid, uuids[i], 16)) 7324 return true; 7325 } 7326 7327 return false; 7328 } 7329 7330 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7331 { 7332 u16 parsed = 0; 7333 7334 while (parsed < eir_len) { 7335 u8 field_len = eir[0]; 7336 u8 uuid[16]; 7337 int i; 7338 7339 if (field_len == 0) 7340 break; 7341 7342 if (eir_len - parsed < field_len + 1) 7343 break; 7344 7345 switch (eir[1]) { 7346 case EIR_UUID16_ALL: 7347 case EIR_UUID16_SOME: 7348 for (i = 0; i + 3 <= field_len; i += 2) { 7349 memcpy(uuid, bluetooth_base_uuid, 16); 7350 uuid[13] = eir[i + 3]; 7351 uuid[12] = eir[i + 2]; 7352 if (has_uuid(uuid, uuid_count, uuids)) 7353 return true; 7354 } 7355 break; 7356 case EIR_UUID32_ALL: 7357 case EIR_UUID32_SOME: 7358 for (i = 0; i + 5 <= field_len; i += 4) { 7359 memcpy(uuid, bluetooth_base_uuid, 16); 7360 uuid[15] = eir[i + 5]; 7361 uuid[14] = eir[i + 4]; 7362 uuid[13] = eir[i + 3]; 7363 uuid[12] = eir[i + 2]; 7364 if (has_uuid(uuid, uuid_count, uuids)) 7365 return true; 7366 } 7367 break; 7368 case EIR_UUID128_ALL: 7369 case EIR_UUID128_SOME: 7370 for (i = 0; i + 17 <= field_len; i += 16) { 7371 memcpy(uuid, eir + i + 2, 16); 7372 if (has_uuid(uuid, uuid_count, uuids)) 7373 return true; 7374 } 7375 break; 7376 } 7377 7378 parsed += field_len + 1; 7379 eir += field_len + 1; 7380 } 7381 7382 return false; 7383 } 7384 7385 static void restart_le_scan(struct hci_dev *hdev) 7386 { 7387 /* If controller is not scanning we are done. */ 7388 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7389 return; 7390 7391 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7392 hdev->discovery.scan_start + 7393 hdev->discovery.scan_duration)) 7394 return; 7395 7396 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7397 DISCOV_LE_RESTART_DELAY); 7398 } 7399 7400 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7401 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7402 { 7403 /* If a RSSI threshold has been specified, and 7404 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7405 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7406 * is set, let it through for further processing, as we might need to 7407 * restart the scan. 7408 * 7409 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7410 * the results are also dropped. 7411 */ 7412 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7413 (rssi == HCI_RSSI_INVALID || 7414 (rssi < hdev->discovery.rssi && 7415 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7416 return false; 7417 7418 if (hdev->discovery.uuid_count != 0) { 7419 /* If a list of UUIDs is provided in filter, results with no 7420 * matching UUID should be dropped. 7421 */ 7422 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7423 hdev->discovery.uuids) && 7424 !eir_has_uuids(scan_rsp, scan_rsp_len, 7425 hdev->discovery.uuid_count, 7426 hdev->discovery.uuids)) 7427 return false; 7428 } 7429 7430 /* If duplicate filtering does not report RSSI changes, then restart 7431 * scanning to ensure updated result with updated RSSI values. 7432 */ 7433 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7434 restart_le_scan(hdev); 7435 7436 /* Validate RSSI value against the RSSI threshold once more. */ 7437 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7438 rssi < hdev->discovery.rssi) 7439 return false; 7440 } 7441 7442 return true; 7443 } 7444 7445 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7446 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7447 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7448 { 7449 char buf[512]; 7450 struct mgmt_ev_device_found *ev = (void *)buf; 7451 size_t ev_size; 7452 7453 /* Don't send events for a non-kernel initiated discovery. With 7454 * LE one exception is if we have pend_le_reports > 0 in which 7455 * case we're doing passive scanning and want these events. 7456 */ 7457 if (!hci_discovery_active(hdev)) { 7458 if (link_type == ACL_LINK) 7459 return; 7460 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7461 return; 7462 } 7463 7464 if (hdev->discovery.result_filtering) { 7465 /* We are using service discovery */ 7466 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7467 scan_rsp_len)) 7468 return; 7469 } 7470 7471 if (hdev->discovery.limited) { 7472 /* Check for limited discoverable bit */ 7473 if (dev_class) { 7474 if (!(dev_class[1] & 0x20)) 7475 return; 7476 } else { 7477 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7478 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7479 return; 7480 } 7481 } 7482 7483 /* Make sure that the buffer is big enough. The 5 extra bytes 7484 * are for the potential CoD field. 7485 */ 7486 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7487 return; 7488 7489 memset(buf, 0, sizeof(buf)); 7490 7491 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7492 * RSSI value was reported as 0 when not available. This behavior 7493 * is kept when using device discovery. This is required for full 7494 * backwards compatibility with the API. 7495 * 7496 * However when using service discovery, the value 127 will be 7497 * returned when the RSSI is not available. 7498 */ 7499 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7500 link_type == ACL_LINK) 7501 rssi = 0; 7502 7503 bacpy(&ev->addr.bdaddr, bdaddr); 7504 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7505 ev->rssi = rssi; 7506 ev->flags = cpu_to_le32(flags); 7507 7508 if (eir_len > 0) 7509 /* Copy EIR or advertising data into event */ 7510 memcpy(ev->eir, eir, eir_len); 7511 7512 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7513 NULL)) 7514 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7515 dev_class, 3); 7516 7517 if (scan_rsp_len > 0) 7518 /* Append scan response data to event */ 7519 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7520 7521 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7522 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7523 7524 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7525 } 7526 7527 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7528 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7529 { 7530 struct mgmt_ev_device_found *ev; 7531 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7532 u16 eir_len; 7533 7534 ev = (struct mgmt_ev_device_found *) buf; 7535 7536 memset(buf, 0, sizeof(buf)); 7537 7538 bacpy(&ev->addr.bdaddr, bdaddr); 7539 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7540 ev->rssi = rssi; 7541 7542 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7543 name_len); 7544 7545 ev->eir_len = cpu_to_le16(eir_len); 7546 7547 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7548 } 7549 7550 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7551 { 7552 struct mgmt_ev_discovering ev; 7553 7554 BT_DBG("%s discovering %u", hdev->name, discovering); 7555 7556 memset(&ev, 0, sizeof(ev)); 7557 ev.type = hdev->discovery.type; 7558 ev.discovering = discovering; 7559 7560 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7561 } 7562 7563 static struct hci_mgmt_chan chan = { 7564 .channel = HCI_CHANNEL_CONTROL, 7565 .handler_count = ARRAY_SIZE(mgmt_handlers), 7566 .handlers = mgmt_handlers, 7567 .hdev_init = mgmt_init_hdev, 7568 }; 7569 7570 int mgmt_init(void) 7571 { 7572 return hci_mgmt_chan_register(&chan); 7573 } 7574 7575 void mgmt_exit(void) 7576 { 7577 hci_mgmt_chan_unregister(&chan); 7578 } 7579