]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame_incremental - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Bluetooth: Move SMP LTK notification after key distribution
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
... / ...
CommitLineData
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
33
34#include "smp.h"
35
36#define MGMT_VERSION 1
37#define MGMT_REVISION 5
38
39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_BREDR,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
84 MGMT_OP_LOAD_IRKS,
85};
86
87static const u16 mgmt_events[] = {
88 MGMT_EV_CONTROLLER_ERROR,
89 MGMT_EV_INDEX_ADDED,
90 MGMT_EV_INDEX_REMOVED,
91 MGMT_EV_NEW_SETTINGS,
92 MGMT_EV_CLASS_OF_DEV_CHANGED,
93 MGMT_EV_LOCAL_NAME_CHANGED,
94 MGMT_EV_NEW_LINK_KEY,
95 MGMT_EV_NEW_LONG_TERM_KEY,
96 MGMT_EV_DEVICE_CONNECTED,
97 MGMT_EV_DEVICE_DISCONNECTED,
98 MGMT_EV_CONNECT_FAILED,
99 MGMT_EV_PIN_CODE_REQUEST,
100 MGMT_EV_USER_CONFIRM_REQUEST,
101 MGMT_EV_USER_PASSKEY_REQUEST,
102 MGMT_EV_AUTH_FAILED,
103 MGMT_EV_DEVICE_FOUND,
104 MGMT_EV_DISCOVERING,
105 MGMT_EV_DEVICE_BLOCKED,
106 MGMT_EV_DEVICE_UNBLOCKED,
107 MGMT_EV_DEVICE_UNPAIRED,
108 MGMT_EV_PASSKEY_NOTIFY,
109};
110
111#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
112
113#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
114 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
115
116struct pending_cmd {
117 struct list_head list;
118 u16 opcode;
119 int index;
120 void *param;
121 struct sock *sk;
122 void *user_data;
123};
124
125/* HCI to MGMT error code conversion table */
126static u8 mgmt_status_table[] = {
127 MGMT_STATUS_SUCCESS,
128 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
129 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
130 MGMT_STATUS_FAILED, /* Hardware Failure */
131 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
132 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
133 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
134 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
135 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
136 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
137 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
138 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
139 MGMT_STATUS_BUSY, /* Command Disallowed */
140 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
141 MGMT_STATUS_REJECTED, /* Rejected Security */
142 MGMT_STATUS_REJECTED, /* Rejected Personal */
143 MGMT_STATUS_TIMEOUT, /* Host Timeout */
144 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
145 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
146 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
147 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
148 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
149 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
150 MGMT_STATUS_BUSY, /* Repeated Attempts */
151 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
152 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
154 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
155 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
156 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
157 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
158 MGMT_STATUS_FAILED, /* Unspecified Error */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
160 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
161 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
162 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
163 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
164 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
165 MGMT_STATUS_FAILED, /* Unit Link Key Used */
166 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
167 MGMT_STATUS_TIMEOUT, /* Instant Passed */
168 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
169 MGMT_STATUS_FAILED, /* Transaction Collision */
170 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
171 MGMT_STATUS_REJECTED, /* QoS Rejected */
172 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
173 MGMT_STATUS_REJECTED, /* Insufficient Security */
174 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
175 MGMT_STATUS_BUSY, /* Role Switch Pending */
176 MGMT_STATUS_FAILED, /* Slot Violation */
177 MGMT_STATUS_FAILED, /* Role Switch Failed */
178 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
179 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
180 MGMT_STATUS_BUSY, /* Host Busy Pairing */
181 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
182 MGMT_STATUS_BUSY, /* Controller Busy */
183 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
184 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
185 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
186 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
187 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
188};
189
190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
203 int err;
204
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
206
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
219 ev->opcode = cpu_to_le16(cmd);
220
221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
223 kfree_skb(skb);
224
225 return err;
226}
227
228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
234 int err;
235
236 BT_DBG("sock %p", sk);
237
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
243
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
247
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
250 ev->status = status;
251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
254
255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
257 kfree_skb(skb);
258
259 return err;
260}
261
262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
271
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 sizeof(rp));
274}
275
276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
278{
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
282 __le16 *opcode;
283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
304 rp_size);
305 kfree(rp);
306
307 return err;
308}
309
310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
312{
313 struct mgmt_rp_read_index_list *rp;
314 struct hci_dev *d;
315 size_t rp_len;
316 u16 count;
317 int err;
318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (d->dev_type == HCI_BREDR)
326 count++;
327 }
328
329 rp_len = sizeof(*rp) + (2 * count);
330 rp = kmalloc(rp_len, GFP_ATOMIC);
331 if (!rp) {
332 read_unlock(&hci_dev_list_lock);
333 return -ENOMEM;
334 }
335
336 count = 0;
337 list_for_each_entry(d, &hci_dev_list, list) {
338 if (test_bit(HCI_SETUP, &d->dev_flags))
339 continue;
340
341 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
342 continue;
343
344 if (d->dev_type == HCI_BREDR) {
345 rp->index[count++] = cpu_to_le16(d->id);
346 BT_DBG("Added hci%u", d->id);
347 }
348 }
349
350 rp->num_controllers = cpu_to_le16(count);
351 rp_len = sizeof(*rp) + (2 * count);
352
353 read_unlock(&hci_dev_list_lock);
354
355 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
356 rp_len);
357
358 kfree(rp);
359
360 return err;
361}
362
363static u32 get_supported_settings(struct hci_dev *hdev)
364{
365 u32 settings = 0;
366
367 settings |= MGMT_SETTING_POWERED;
368 settings |= MGMT_SETTING_PAIRABLE;
369 settings |= MGMT_SETTING_DEBUG_KEYS;
370
371 if (lmp_bredr_capable(hdev)) {
372 settings |= MGMT_SETTING_CONNECTABLE;
373 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
374 settings |= MGMT_SETTING_FAST_CONNECTABLE;
375 settings |= MGMT_SETTING_DISCOVERABLE;
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378
379 if (lmp_ssp_capable(hdev)) {
380 settings |= MGMT_SETTING_SSP;
381 settings |= MGMT_SETTING_HS;
382 }
383
384 if (lmp_sc_capable(hdev) ||
385 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
386 settings |= MGMT_SETTING_SECURE_CONN;
387 }
388
389 if (lmp_le_capable(hdev)) {
390 settings |= MGMT_SETTING_LE;
391 settings |= MGMT_SETTING_ADVERTISING;
392 }
393
394 return settings;
395}
396
397static u32 get_current_settings(struct hci_dev *hdev)
398{
399 u32 settings = 0;
400
401 if (hdev_is_powered(hdev))
402 settings |= MGMT_SETTING_POWERED;
403
404 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_CONNECTABLE;
406
407 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_FAST_CONNECTABLE;
409
410 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_DISCOVERABLE;
412
413 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_PAIRABLE;
415
416 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_BREDR;
418
419 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LE;
421
422 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
423 settings |= MGMT_SETTING_LINK_SECURITY;
424
425 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_SSP;
427
428 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
429 settings |= MGMT_SETTING_HS;
430
431 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
432 settings |= MGMT_SETTING_ADVERTISING;
433
434 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_SECURE_CONN;
436
437 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
438 settings |= MGMT_SETTING_DEBUG_KEYS;
439
440 return settings;
441}
442
443#define PNP_INFO_SVCLASS_ID 0x1200
444
445static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
446{
447 u8 *ptr = data, *uuids_start = NULL;
448 struct bt_uuid *uuid;
449
450 if (len < 4)
451 return ptr;
452
453 list_for_each_entry(uuid, &hdev->uuids, list) {
454 u16 uuid16;
455
456 if (uuid->size != 16)
457 continue;
458
459 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
460 if (uuid16 < 0x1100)
461 continue;
462
463 if (uuid16 == PNP_INFO_SVCLASS_ID)
464 continue;
465
466 if (!uuids_start) {
467 uuids_start = ptr;
468 uuids_start[0] = 1;
469 uuids_start[1] = EIR_UUID16_ALL;
470 ptr += 2;
471 }
472
473 /* Stop if not enough space to put next UUID */
474 if ((ptr - data) + sizeof(u16) > len) {
475 uuids_start[1] = EIR_UUID16_SOME;
476 break;
477 }
478
479 *ptr++ = (uuid16 & 0x00ff);
480 *ptr++ = (uuid16 & 0xff00) >> 8;
481 uuids_start[0] += sizeof(uuid16);
482 }
483
484 return ptr;
485}
486
487static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
488{
489 u8 *ptr = data, *uuids_start = NULL;
490 struct bt_uuid *uuid;
491
492 if (len < 6)
493 return ptr;
494
495 list_for_each_entry(uuid, &hdev->uuids, list) {
496 if (uuid->size != 32)
497 continue;
498
499 if (!uuids_start) {
500 uuids_start = ptr;
501 uuids_start[0] = 1;
502 uuids_start[1] = EIR_UUID32_ALL;
503 ptr += 2;
504 }
505
506 /* Stop if not enough space to put next UUID */
507 if ((ptr - data) + sizeof(u32) > len) {
508 uuids_start[1] = EIR_UUID32_SOME;
509 break;
510 }
511
512 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
513 ptr += sizeof(u32);
514 uuids_start[0] += sizeof(u32);
515 }
516
517 return ptr;
518}
519
520static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
521{
522 u8 *ptr = data, *uuids_start = NULL;
523 struct bt_uuid *uuid;
524
525 if (len < 18)
526 return ptr;
527
528 list_for_each_entry(uuid, &hdev->uuids, list) {
529 if (uuid->size != 128)
530 continue;
531
532 if (!uuids_start) {
533 uuids_start = ptr;
534 uuids_start[0] = 1;
535 uuids_start[1] = EIR_UUID128_ALL;
536 ptr += 2;
537 }
538
539 /* Stop if not enough space to put next UUID */
540 if ((ptr - data) + 16 > len) {
541 uuids_start[1] = EIR_UUID128_SOME;
542 break;
543 }
544
545 memcpy(ptr, uuid->uuid, 16);
546 ptr += 16;
547 uuids_start[0] += 16;
548 }
549
550 return ptr;
551}
552
553static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
554{
555 struct pending_cmd *cmd;
556
557 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
558 if (cmd->opcode == opcode)
559 return cmd;
560 }
561
562 return NULL;
563}
564
565static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
566{
567 u8 ad_len = 0;
568 size_t name_len;
569
570 name_len = strlen(hdev->dev_name);
571 if (name_len > 0) {
572 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
573
574 if (name_len > max_len) {
575 name_len = max_len;
576 ptr[1] = EIR_NAME_SHORT;
577 } else
578 ptr[1] = EIR_NAME_COMPLETE;
579
580 ptr[0] = name_len + 1;
581
582 memcpy(ptr + 2, hdev->dev_name, name_len);
583
584 ad_len += (name_len + 2);
585 ptr += (name_len + 2);
586 }
587
588 return ad_len;
589}
590
591static void update_scan_rsp_data(struct hci_request *req)
592{
593 struct hci_dev *hdev = req->hdev;
594 struct hci_cp_le_set_scan_rsp_data cp;
595 u8 len;
596
597 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
598 return;
599
600 memset(&cp, 0, sizeof(cp));
601
602 len = create_scan_rsp_data(hdev, cp.data);
603
604 if (hdev->scan_rsp_data_len == len &&
605 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
606 return;
607
608 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
609 hdev->scan_rsp_data_len = len;
610
611 cp.length = len;
612
613 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
614}
615
616static u8 get_adv_discov_flags(struct hci_dev *hdev)
617{
618 struct pending_cmd *cmd;
619
620 /* If there's a pending mgmt command the flags will not yet have
621 * their final values, so check for this first.
622 */
623 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
624 if (cmd) {
625 struct mgmt_mode *cp = cmd->param;
626 if (cp->val == 0x01)
627 return LE_AD_GENERAL;
628 else if (cp->val == 0x02)
629 return LE_AD_LIMITED;
630 } else {
631 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
632 return LE_AD_LIMITED;
633 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
634 return LE_AD_GENERAL;
635 }
636
637 return 0;
638}
639
640static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
641{
642 u8 ad_len = 0, flags = 0;
643
644 flags |= get_adv_discov_flags(hdev);
645
646 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
647 flags |= LE_AD_NO_BREDR;
648
649 if (flags) {
650 BT_DBG("adv flags 0x%02x", flags);
651
652 ptr[0] = 2;
653 ptr[1] = EIR_FLAGS;
654 ptr[2] = flags;
655
656 ad_len += 3;
657 ptr += 3;
658 }
659
660 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
661 ptr[0] = 2;
662 ptr[1] = EIR_TX_POWER;
663 ptr[2] = (u8) hdev->adv_tx_power;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 return ad_len;
670}
671
672static void update_adv_data(struct hci_request *req)
673{
674 struct hci_dev *hdev = req->hdev;
675 struct hci_cp_le_set_adv_data cp;
676 u8 len;
677
678 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
679 return;
680
681 memset(&cp, 0, sizeof(cp));
682
683 len = create_adv_data(hdev, cp.data);
684
685 if (hdev->adv_data_len == len &&
686 memcmp(cp.data, hdev->adv_data, len) == 0)
687 return;
688
689 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
690 hdev->adv_data_len = len;
691
692 cp.length = len;
693
694 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
695}
696
697static void create_eir(struct hci_dev *hdev, u8 *data)
698{
699 u8 *ptr = data;
700 size_t name_len;
701
702 name_len = strlen(hdev->dev_name);
703
704 if (name_len > 0) {
705 /* EIR Data type */
706 if (name_len > 48) {
707 name_len = 48;
708 ptr[1] = EIR_NAME_SHORT;
709 } else
710 ptr[1] = EIR_NAME_COMPLETE;
711
712 /* EIR Data length */
713 ptr[0] = name_len + 1;
714
715 memcpy(ptr + 2, hdev->dev_name, name_len);
716
717 ptr += (name_len + 2);
718 }
719
720 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
721 ptr[0] = 2;
722 ptr[1] = EIR_TX_POWER;
723 ptr[2] = (u8) hdev->inq_tx_power;
724
725 ptr += 3;
726 }
727
728 if (hdev->devid_source > 0) {
729 ptr[0] = 9;
730 ptr[1] = EIR_DEVICE_ID;
731
732 put_unaligned_le16(hdev->devid_source, ptr + 2);
733 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
734 put_unaligned_le16(hdev->devid_product, ptr + 6);
735 put_unaligned_le16(hdev->devid_version, ptr + 8);
736
737 ptr += 10;
738 }
739
740 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
741 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
742 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
743}
744
745static void update_eir(struct hci_request *req)
746{
747 struct hci_dev *hdev = req->hdev;
748 struct hci_cp_write_eir cp;
749
750 if (!hdev_is_powered(hdev))
751 return;
752
753 if (!lmp_ext_inq_capable(hdev))
754 return;
755
756 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
757 return;
758
759 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
760 return;
761
762 memset(&cp, 0, sizeof(cp));
763
764 create_eir(hdev, cp.data);
765
766 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
767 return;
768
769 memcpy(hdev->eir, cp.data, sizeof(cp.data));
770
771 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
772}
773
774static u8 get_service_classes(struct hci_dev *hdev)
775{
776 struct bt_uuid *uuid;
777 u8 val = 0;
778
779 list_for_each_entry(uuid, &hdev->uuids, list)
780 val |= uuid->svc_hint;
781
782 return val;
783}
784
785static void update_class(struct hci_request *req)
786{
787 struct hci_dev *hdev = req->hdev;
788 u8 cod[3];
789
790 BT_DBG("%s", hdev->name);
791
792 if (!hdev_is_powered(hdev))
793 return;
794
795 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
796 return;
797
798 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
799 return;
800
801 cod[0] = hdev->minor_class;
802 cod[1] = hdev->major_class;
803 cod[2] = get_service_classes(hdev);
804
805 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
806 cod[1] |= 0x20;
807
808 if (memcmp(cod, hdev->dev_class, 3) == 0)
809 return;
810
811 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
812}
813
814static void service_cache_off(struct work_struct *work)
815{
816 struct hci_dev *hdev = container_of(work, struct hci_dev,
817 service_cache.work);
818 struct hci_request req;
819
820 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
821 return;
822
823 hci_req_init(&req, hdev);
824
825 hci_dev_lock(hdev);
826
827 update_eir(&req);
828 update_class(&req);
829
830 hci_dev_unlock(hdev);
831
832 hci_req_run(&req, NULL);
833}
834
835static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
836{
837 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
838 return;
839
840 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
841
842 /* Non-mgmt controlled devices get this bit set
843 * implicitly so that pairing works for them, however
844 * for mgmt we require user-space to explicitly enable
845 * it
846 */
847 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
848}
849
850static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
851 void *data, u16 data_len)
852{
853 struct mgmt_rp_read_info rp;
854
855 BT_DBG("sock %p %s", sk, hdev->name);
856
857 hci_dev_lock(hdev);
858
859 memset(&rp, 0, sizeof(rp));
860
861 bacpy(&rp.bdaddr, &hdev->bdaddr);
862
863 rp.version = hdev->hci_ver;
864 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
865
866 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
867 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
868
869 memcpy(rp.dev_class, hdev->dev_class, 3);
870
871 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
872 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
873
874 hci_dev_unlock(hdev);
875
876 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
877 sizeof(rp));
878}
879
880static void mgmt_pending_free(struct pending_cmd *cmd)
881{
882 sock_put(cmd->sk);
883 kfree(cmd->param);
884 kfree(cmd);
885}
886
887static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
888 struct hci_dev *hdev, void *data,
889 u16 len)
890{
891 struct pending_cmd *cmd;
892
893 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
894 if (!cmd)
895 return NULL;
896
897 cmd->opcode = opcode;
898 cmd->index = hdev->id;
899
900 cmd->param = kmalloc(len, GFP_KERNEL);
901 if (!cmd->param) {
902 kfree(cmd);
903 return NULL;
904 }
905
906 if (data)
907 memcpy(cmd->param, data, len);
908
909 cmd->sk = sk;
910 sock_hold(sk);
911
912 list_add(&cmd->list, &hdev->mgmt_pending);
913
914 return cmd;
915}
916
917static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
918 void (*cb)(struct pending_cmd *cmd,
919 void *data),
920 void *data)
921{
922 struct pending_cmd *cmd, *tmp;
923
924 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
925 if (opcode > 0 && cmd->opcode != opcode)
926 continue;
927
928 cb(cmd, data);
929 }
930}
931
932static void mgmt_pending_remove(struct pending_cmd *cmd)
933{
934 list_del(&cmd->list);
935 mgmt_pending_free(cmd);
936}
937
938static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
939{
940 __le32 settings = cpu_to_le32(get_current_settings(hdev));
941
942 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
943 sizeof(settings));
944}
945
946static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
947 u16 len)
948{
949 struct mgmt_mode *cp = data;
950 struct pending_cmd *cmd;
951 int err;
952
953 BT_DBG("request for %s", hdev->name);
954
955 if (cp->val != 0x00 && cp->val != 0x01)
956 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
957 MGMT_STATUS_INVALID_PARAMS);
958
959 hci_dev_lock(hdev);
960
961 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
962 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
963 MGMT_STATUS_BUSY);
964 goto failed;
965 }
966
967 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
968 cancel_delayed_work(&hdev->power_off);
969
970 if (cp->val) {
971 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
972 data, len);
973 err = mgmt_powered(hdev, 1);
974 goto failed;
975 }
976 }
977
978 if (!!cp->val == hdev_is_powered(hdev)) {
979 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
980 goto failed;
981 }
982
983 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
984 if (!cmd) {
985 err = -ENOMEM;
986 goto failed;
987 }
988
989 if (cp->val)
990 queue_work(hdev->req_workqueue, &hdev->power_on);
991 else
992 queue_work(hdev->req_workqueue, &hdev->power_off.work);
993
994 err = 0;
995
996failed:
997 hci_dev_unlock(hdev);
998 return err;
999}
1000
1001static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1002 struct sock *skip_sk)
1003{
1004 struct sk_buff *skb;
1005 struct mgmt_hdr *hdr;
1006
1007 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1008 if (!skb)
1009 return -ENOMEM;
1010
1011 hdr = (void *) skb_put(skb, sizeof(*hdr));
1012 hdr->opcode = cpu_to_le16(event);
1013 if (hdev)
1014 hdr->index = cpu_to_le16(hdev->id);
1015 else
1016 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
1017 hdr->len = cpu_to_le16(data_len);
1018
1019 if (data)
1020 memcpy(skb_put(skb, data_len), data, data_len);
1021
1022 /* Time stamp */
1023 __net_timestamp(skb);
1024
1025 hci_send_to_control(skb, skip_sk);
1026 kfree_skb(skb);
1027
1028 return 0;
1029}
1030
1031static int new_settings(struct hci_dev *hdev, struct sock *skip)
1032{
1033 __le32 ev;
1034
1035 ev = cpu_to_le32(get_current_settings(hdev));
1036
1037 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1038}
1039
1040struct cmd_lookup {
1041 struct sock *sk;
1042 struct hci_dev *hdev;
1043 u8 mgmt_status;
1044};
1045
1046static void settings_rsp(struct pending_cmd *cmd, void *data)
1047{
1048 struct cmd_lookup *match = data;
1049
1050 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1051
1052 list_del(&cmd->list);
1053
1054 if (match->sk == NULL) {
1055 match->sk = cmd->sk;
1056 sock_hold(match->sk);
1057 }
1058
1059 mgmt_pending_free(cmd);
1060}
1061
1062static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1063{
1064 u8 *status = data;
1065
1066 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1067 mgmt_pending_remove(cmd);
1068}
1069
1070static u8 mgmt_bredr_support(struct hci_dev *hdev)
1071{
1072 if (!lmp_bredr_capable(hdev))
1073 return MGMT_STATUS_NOT_SUPPORTED;
1074 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1075 return MGMT_STATUS_REJECTED;
1076 else
1077 return MGMT_STATUS_SUCCESS;
1078}
1079
1080static u8 mgmt_le_support(struct hci_dev *hdev)
1081{
1082 if (!lmp_le_capable(hdev))
1083 return MGMT_STATUS_NOT_SUPPORTED;
1084 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1085 return MGMT_STATUS_REJECTED;
1086 else
1087 return MGMT_STATUS_SUCCESS;
1088}
1089
1090static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1091{
1092 struct pending_cmd *cmd;
1093 struct mgmt_mode *cp;
1094 struct hci_request req;
1095 bool changed;
1096
1097 BT_DBG("status 0x%02x", status);
1098
1099 hci_dev_lock(hdev);
1100
1101 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1102 if (!cmd)
1103 goto unlock;
1104
1105 if (status) {
1106 u8 mgmt_err = mgmt_status(status);
1107 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1108 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1109 goto remove_cmd;
1110 }
1111
1112 cp = cmd->param;
1113 if (cp->val) {
1114 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1115 &hdev->dev_flags);
1116
1117 if (hdev->discov_timeout > 0) {
1118 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1119 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1120 to);
1121 }
1122 } else {
1123 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1124 &hdev->dev_flags);
1125 }
1126
1127 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1128
1129 if (changed)
1130 new_settings(hdev, cmd->sk);
1131
1132 /* When the discoverable mode gets changed, make sure
1133 * that class of device has the limited discoverable
1134 * bit correctly set.
1135 */
1136 hci_req_init(&req, hdev);
1137 update_class(&req);
1138 hci_req_run(&req, NULL);
1139
1140remove_cmd:
1141 mgmt_pending_remove(cmd);
1142
1143unlock:
1144 hci_dev_unlock(hdev);
1145}
1146
1147static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1148 u16 len)
1149{
1150 struct mgmt_cp_set_discoverable *cp = data;
1151 struct pending_cmd *cmd;
1152 struct hci_request req;
1153 u16 timeout;
1154 u8 scan;
1155 int err;
1156
1157 BT_DBG("request for %s", hdev->name);
1158
1159 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1160 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1161 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1162 MGMT_STATUS_REJECTED);
1163
1164 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1165 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1166 MGMT_STATUS_INVALID_PARAMS);
1167
1168 timeout = __le16_to_cpu(cp->timeout);
1169
1170 /* Disabling discoverable requires that no timeout is set,
1171 * and enabling limited discoverable requires a timeout.
1172 */
1173 if ((cp->val == 0x00 && timeout > 0) ||
1174 (cp->val == 0x02 && timeout == 0))
1175 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1176 MGMT_STATUS_INVALID_PARAMS);
1177
1178 hci_dev_lock(hdev);
1179
1180 if (!hdev_is_powered(hdev) && timeout > 0) {
1181 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1182 MGMT_STATUS_NOT_POWERED);
1183 goto failed;
1184 }
1185
1186 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1187 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1189 MGMT_STATUS_BUSY);
1190 goto failed;
1191 }
1192
1193 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1194 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1195 MGMT_STATUS_REJECTED);
1196 goto failed;
1197 }
1198
1199 if (!hdev_is_powered(hdev)) {
1200 bool changed = false;
1201
1202 /* Setting limited discoverable when powered off is
1203 * not a valid operation since it requires a timeout
1204 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1205 */
1206 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1207 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1208 changed = true;
1209 }
1210
1211 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1212 if (err < 0)
1213 goto failed;
1214
1215 if (changed)
1216 err = new_settings(hdev, sk);
1217
1218 goto failed;
1219 }
1220
1221 /* If the current mode is the same, then just update the timeout
1222 * value with the new value. And if only the timeout gets updated,
1223 * then no need for any HCI transactions.
1224 */
1225 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1226 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1227 &hdev->dev_flags)) {
1228 cancel_delayed_work(&hdev->discov_off);
1229 hdev->discov_timeout = timeout;
1230
1231 if (cp->val && hdev->discov_timeout > 0) {
1232 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1233 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1234 to);
1235 }
1236
1237 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1238 goto failed;
1239 }
1240
1241 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1242 if (!cmd) {
1243 err = -ENOMEM;
1244 goto failed;
1245 }
1246
1247 /* Cancel any potential discoverable timeout that might be
1248 * still active and store new timeout value. The arming of
1249 * the timeout happens in the complete handler.
1250 */
1251 cancel_delayed_work(&hdev->discov_off);
1252 hdev->discov_timeout = timeout;
1253
1254 /* Limited discoverable mode */
1255 if (cp->val == 0x02)
1256 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1257 else
1258 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1259
1260 hci_req_init(&req, hdev);
1261
1262 /* The procedure for LE-only controllers is much simpler - just
1263 * update the advertising data.
1264 */
1265 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1266 goto update_ad;
1267
1268 scan = SCAN_PAGE;
1269
1270 if (cp->val) {
1271 struct hci_cp_write_current_iac_lap hci_cp;
1272
1273 if (cp->val == 0x02) {
1274 /* Limited discoverable mode */
1275 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1276 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1277 hci_cp.iac_lap[1] = 0x8b;
1278 hci_cp.iac_lap[2] = 0x9e;
1279 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1280 hci_cp.iac_lap[4] = 0x8b;
1281 hci_cp.iac_lap[5] = 0x9e;
1282 } else {
1283 /* General discoverable mode */
1284 hci_cp.num_iac = 1;
1285 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1286 hci_cp.iac_lap[1] = 0x8b;
1287 hci_cp.iac_lap[2] = 0x9e;
1288 }
1289
1290 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1291 (hci_cp.num_iac * 3) + 1, &hci_cp);
1292
1293 scan |= SCAN_INQUIRY;
1294 } else {
1295 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1296 }
1297
1298 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1299
1300update_ad:
1301 update_adv_data(&req);
1302
1303 err = hci_req_run(&req, set_discoverable_complete);
1304 if (err < 0)
1305 mgmt_pending_remove(cmd);
1306
1307failed:
1308 hci_dev_unlock(hdev);
1309 return err;
1310}
1311
1312static void write_fast_connectable(struct hci_request *req, bool enable)
1313{
1314 struct hci_dev *hdev = req->hdev;
1315 struct hci_cp_write_page_scan_activity acp;
1316 u8 type;
1317
1318 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1319 return;
1320
1321 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1322 return;
1323
1324 if (enable) {
1325 type = PAGE_SCAN_TYPE_INTERLACED;
1326
1327 /* 160 msec page scan interval */
1328 acp.interval = __constant_cpu_to_le16(0x0100);
1329 } else {
1330 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1331
1332 /* default 1.28 sec page scan */
1333 acp.interval = __constant_cpu_to_le16(0x0800);
1334 }
1335
1336 acp.window = __constant_cpu_to_le16(0x0012);
1337
1338 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1339 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1340 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1341 sizeof(acp), &acp);
1342
1343 if (hdev->page_scan_type != type)
1344 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1345}
1346
1347static u8 get_adv_type(struct hci_dev *hdev)
1348{
1349 struct pending_cmd *cmd;
1350 bool connectable;
1351
1352 /* If there's a pending mgmt command the flag will not yet have
1353 * it's final value, so check for this first.
1354 */
1355 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1356 if (cmd) {
1357 struct mgmt_mode *cp = cmd->param;
1358 connectable = !!cp->val;
1359 } else {
1360 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1361 }
1362
1363 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1364}
1365
1366static void enable_advertising(struct hci_request *req)
1367{
1368 struct hci_dev *hdev = req->hdev;
1369 struct hci_cp_le_set_adv_param cp;
1370 u8 enable = 0x01;
1371
1372 memset(&cp, 0, sizeof(cp));
1373 cp.min_interval = __constant_cpu_to_le16(0x0800);
1374 cp.max_interval = __constant_cpu_to_le16(0x0800);
1375 cp.type = get_adv_type(hdev);
1376 cp.own_address_type = hdev->own_addr_type;
1377 cp.channel_map = 0x07;
1378
1379 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1380
1381 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1382}
1383
1384static void disable_advertising(struct hci_request *req)
1385{
1386 u8 enable = 0x00;
1387
1388 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1389}
1390
1391static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1392{
1393 struct pending_cmd *cmd;
1394 struct mgmt_mode *cp;
1395 bool changed;
1396
1397 BT_DBG("status 0x%02x", status);
1398
1399 hci_dev_lock(hdev);
1400
1401 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1402 if (!cmd)
1403 goto unlock;
1404
1405 if (status) {
1406 u8 mgmt_err = mgmt_status(status);
1407 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1408 goto remove_cmd;
1409 }
1410
1411 cp = cmd->param;
1412 if (cp->val)
1413 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1414 else
1415 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1416
1417 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1418
1419 if (changed)
1420 new_settings(hdev, cmd->sk);
1421
1422remove_cmd:
1423 mgmt_pending_remove(cmd);
1424
1425unlock:
1426 hci_dev_unlock(hdev);
1427}
1428
1429static int set_connectable_update_settings(struct hci_dev *hdev,
1430 struct sock *sk, u8 val)
1431{
1432 bool changed = false;
1433 int err;
1434
1435 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1436 changed = true;
1437
1438 if (val) {
1439 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1440 } else {
1441 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1442 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1443 }
1444
1445 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1446 if (err < 0)
1447 return err;
1448
1449 if (changed)
1450 return new_settings(hdev, sk);
1451
1452 return 0;
1453}
1454
1455static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1456 u16 len)
1457{
1458 struct mgmt_mode *cp = data;
1459 struct pending_cmd *cmd;
1460 struct hci_request req;
1461 u8 scan;
1462 int err;
1463
1464 BT_DBG("request for %s", hdev->name);
1465
1466 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1467 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1468 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1469 MGMT_STATUS_REJECTED);
1470
1471 if (cp->val != 0x00 && cp->val != 0x01)
1472 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1473 MGMT_STATUS_INVALID_PARAMS);
1474
1475 hci_dev_lock(hdev);
1476
1477 if (!hdev_is_powered(hdev)) {
1478 err = set_connectable_update_settings(hdev, sk, cp->val);
1479 goto failed;
1480 }
1481
1482 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1483 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1484 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1485 MGMT_STATUS_BUSY);
1486 goto failed;
1487 }
1488
1489 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1490 if (!cmd) {
1491 err = -ENOMEM;
1492 goto failed;
1493 }
1494
1495 hci_req_init(&req, hdev);
1496
1497 /* If BR/EDR is not enabled and we disable advertising as a
1498 * by-product of disabling connectable, we need to update the
1499 * advertising flags.
1500 */
1501 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1502 if (!cp->val) {
1503 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1504 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1505 }
1506 update_adv_data(&req);
1507 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1508 if (cp->val) {
1509 scan = SCAN_PAGE;
1510 } else {
1511 scan = 0;
1512
1513 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1514 hdev->discov_timeout > 0)
1515 cancel_delayed_work(&hdev->discov_off);
1516 }
1517
1518 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1519 }
1520
1521 /* If we're going from non-connectable to connectable or
1522 * vice-versa when fast connectable is enabled ensure that fast
1523 * connectable gets disabled. write_fast_connectable won't do
1524 * anything if the page scan parameters are already what they
1525 * should be.
1526 */
1527 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1528 write_fast_connectable(&req, false);
1529
1530 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1531 hci_conn_num(hdev, LE_LINK) == 0) {
1532 disable_advertising(&req);
1533 enable_advertising(&req);
1534 }
1535
1536 err = hci_req_run(&req, set_connectable_complete);
1537 if (err < 0) {
1538 mgmt_pending_remove(cmd);
1539 if (err == -ENODATA)
1540 err = set_connectable_update_settings(hdev, sk,
1541 cp->val);
1542 goto failed;
1543 }
1544
1545failed:
1546 hci_dev_unlock(hdev);
1547 return err;
1548}
1549
1550static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1551 u16 len)
1552{
1553 struct mgmt_mode *cp = data;
1554 bool changed;
1555 int err;
1556
1557 BT_DBG("request for %s", hdev->name);
1558
1559 if (cp->val != 0x00 && cp->val != 0x01)
1560 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1561 MGMT_STATUS_INVALID_PARAMS);
1562
1563 hci_dev_lock(hdev);
1564
1565 if (cp->val)
1566 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1567 else
1568 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1569
1570 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1571 if (err < 0)
1572 goto unlock;
1573
1574 if (changed)
1575 err = new_settings(hdev, sk);
1576
1577unlock:
1578 hci_dev_unlock(hdev);
1579 return err;
1580}
1581
1582static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1583 u16 len)
1584{
1585 struct mgmt_mode *cp = data;
1586 struct pending_cmd *cmd;
1587 u8 val, status;
1588 int err;
1589
1590 BT_DBG("request for %s", hdev->name);
1591
1592 status = mgmt_bredr_support(hdev);
1593 if (status)
1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1595 status);
1596
1597 if (cp->val != 0x00 && cp->val != 0x01)
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1599 MGMT_STATUS_INVALID_PARAMS);
1600
1601 hci_dev_lock(hdev);
1602
1603 if (!hdev_is_powered(hdev)) {
1604 bool changed = false;
1605
1606 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1607 &hdev->dev_flags)) {
1608 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1609 changed = true;
1610 }
1611
1612 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1613 if (err < 0)
1614 goto failed;
1615
1616 if (changed)
1617 err = new_settings(hdev, sk);
1618
1619 goto failed;
1620 }
1621
1622 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1623 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1624 MGMT_STATUS_BUSY);
1625 goto failed;
1626 }
1627
1628 val = !!cp->val;
1629
1630 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1631 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1632 goto failed;
1633 }
1634
1635 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1636 if (!cmd) {
1637 err = -ENOMEM;
1638 goto failed;
1639 }
1640
1641 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1642 if (err < 0) {
1643 mgmt_pending_remove(cmd);
1644 goto failed;
1645 }
1646
1647failed:
1648 hci_dev_unlock(hdev);
1649 return err;
1650}
1651
1652static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1653{
1654 struct mgmt_mode *cp = data;
1655 struct pending_cmd *cmd;
1656 u8 status;
1657 int err;
1658
1659 BT_DBG("request for %s", hdev->name);
1660
1661 status = mgmt_bredr_support(hdev);
1662 if (status)
1663 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1664
1665 if (!lmp_ssp_capable(hdev))
1666 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1667 MGMT_STATUS_NOT_SUPPORTED);
1668
1669 if (cp->val != 0x00 && cp->val != 0x01)
1670 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1671 MGMT_STATUS_INVALID_PARAMS);
1672
1673 hci_dev_lock(hdev);
1674
1675 if (!hdev_is_powered(hdev)) {
1676 bool changed;
1677
1678 if (cp->val) {
1679 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1680 &hdev->dev_flags);
1681 } else {
1682 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1683 &hdev->dev_flags);
1684 if (!changed)
1685 changed = test_and_clear_bit(HCI_HS_ENABLED,
1686 &hdev->dev_flags);
1687 else
1688 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1689 }
1690
1691 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1692 if (err < 0)
1693 goto failed;
1694
1695 if (changed)
1696 err = new_settings(hdev, sk);
1697
1698 goto failed;
1699 }
1700
1701 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1702 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1703 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1704 MGMT_STATUS_BUSY);
1705 goto failed;
1706 }
1707
1708 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1709 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1710 goto failed;
1711 }
1712
1713 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1714 if (!cmd) {
1715 err = -ENOMEM;
1716 goto failed;
1717 }
1718
1719 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1720 if (err < 0) {
1721 mgmt_pending_remove(cmd);
1722 goto failed;
1723 }
1724
1725failed:
1726 hci_dev_unlock(hdev);
1727 return err;
1728}
1729
1730static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1731{
1732 struct mgmt_mode *cp = data;
1733 bool changed;
1734 u8 status;
1735 int err;
1736
1737 BT_DBG("request for %s", hdev->name);
1738
1739 status = mgmt_bredr_support(hdev);
1740 if (status)
1741 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1742
1743 if (!lmp_ssp_capable(hdev))
1744 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1745 MGMT_STATUS_NOT_SUPPORTED);
1746
1747 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1748 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1749 MGMT_STATUS_REJECTED);
1750
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1753 MGMT_STATUS_INVALID_PARAMS);
1754
1755 hci_dev_lock(hdev);
1756
1757 if (cp->val) {
1758 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1759 } else {
1760 if (hdev_is_powered(hdev)) {
1761 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1762 MGMT_STATUS_REJECTED);
1763 goto unlock;
1764 }
1765
1766 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1767 }
1768
1769 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1770 if (err < 0)
1771 goto unlock;
1772
1773 if (changed)
1774 err = new_settings(hdev, sk);
1775
1776unlock:
1777 hci_dev_unlock(hdev);
1778 return err;
1779}
1780
1781static void le_enable_complete(struct hci_dev *hdev, u8 status)
1782{
1783 struct cmd_lookup match = { NULL, hdev };
1784
1785 if (status) {
1786 u8 mgmt_err = mgmt_status(status);
1787
1788 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1789 &mgmt_err);
1790 return;
1791 }
1792
1793 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1794
1795 new_settings(hdev, match.sk);
1796
1797 if (match.sk)
1798 sock_put(match.sk);
1799
1800 /* Make sure the controller has a good default for
1801 * advertising data. Restrict the update to when LE
1802 * has actually been enabled. During power on, the
1803 * update in powered_update_hci will take care of it.
1804 */
1805 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1806 struct hci_request req;
1807
1808 hci_dev_lock(hdev);
1809
1810 hci_req_init(&req, hdev);
1811 update_adv_data(&req);
1812 update_scan_rsp_data(&req);
1813 hci_req_run(&req, NULL);
1814
1815 hci_dev_unlock(hdev);
1816 }
1817}
1818
1819static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1820{
1821 struct mgmt_mode *cp = data;
1822 struct hci_cp_write_le_host_supported hci_cp;
1823 struct pending_cmd *cmd;
1824 struct hci_request req;
1825 int err;
1826 u8 val, enabled;
1827
1828 BT_DBG("request for %s", hdev->name);
1829
1830 if (!lmp_le_capable(hdev))
1831 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1832 MGMT_STATUS_NOT_SUPPORTED);
1833
1834 if (cp->val != 0x00 && cp->val != 0x01)
1835 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1836 MGMT_STATUS_INVALID_PARAMS);
1837
1838 /* LE-only devices do not allow toggling LE on/off */
1839 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1840 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1841 MGMT_STATUS_REJECTED);
1842
1843 hci_dev_lock(hdev);
1844
1845 val = !!cp->val;
1846 enabled = lmp_host_le_capable(hdev);
1847
1848 if (!hdev_is_powered(hdev) || val == enabled) {
1849 bool changed = false;
1850
1851 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1852 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1853 changed = true;
1854 }
1855
1856 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1857 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1858 changed = true;
1859 }
1860
1861 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1862 if (err < 0)
1863 goto unlock;
1864
1865 if (changed)
1866 err = new_settings(hdev, sk);
1867
1868 goto unlock;
1869 }
1870
1871 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1872 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1873 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1874 MGMT_STATUS_BUSY);
1875 goto unlock;
1876 }
1877
1878 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1879 if (!cmd) {
1880 err = -ENOMEM;
1881 goto unlock;
1882 }
1883
1884 hci_req_init(&req, hdev);
1885
1886 memset(&hci_cp, 0, sizeof(hci_cp));
1887
1888 if (val) {
1889 hci_cp.le = val;
1890 hci_cp.simul = lmp_le_br_capable(hdev);
1891 } else {
1892 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1893 disable_advertising(&req);
1894 }
1895
1896 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1897 &hci_cp);
1898
1899 err = hci_req_run(&req, le_enable_complete);
1900 if (err < 0)
1901 mgmt_pending_remove(cmd);
1902
1903unlock:
1904 hci_dev_unlock(hdev);
1905 return err;
1906}
1907
1908/* This is a helper function to test for pending mgmt commands that can
1909 * cause CoD or EIR HCI commands. We can only allow one such pending
1910 * mgmt command at a time since otherwise we cannot easily track what
1911 * the current values are, will be, and based on that calculate if a new
1912 * HCI command needs to be sent and if yes with what value.
1913 */
1914static bool pending_eir_or_class(struct hci_dev *hdev)
1915{
1916 struct pending_cmd *cmd;
1917
1918 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1919 switch (cmd->opcode) {
1920 case MGMT_OP_ADD_UUID:
1921 case MGMT_OP_REMOVE_UUID:
1922 case MGMT_OP_SET_DEV_CLASS:
1923 case MGMT_OP_SET_POWERED:
1924 return true;
1925 }
1926 }
1927
1928 return false;
1929}
1930
1931static const u8 bluetooth_base_uuid[] = {
1932 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1933 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1934};
1935
1936static u8 get_uuid_size(const u8 *uuid)
1937{
1938 u32 val;
1939
1940 if (memcmp(uuid, bluetooth_base_uuid, 12))
1941 return 128;
1942
1943 val = get_unaligned_le32(&uuid[12]);
1944 if (val > 0xffff)
1945 return 32;
1946
1947 return 16;
1948}
1949
1950static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1951{
1952 struct pending_cmd *cmd;
1953
1954 hci_dev_lock(hdev);
1955
1956 cmd = mgmt_pending_find(mgmt_op, hdev);
1957 if (!cmd)
1958 goto unlock;
1959
1960 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1961 hdev->dev_class, 3);
1962
1963 mgmt_pending_remove(cmd);
1964
1965unlock:
1966 hci_dev_unlock(hdev);
1967}
1968
1969static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1970{
1971 BT_DBG("status 0x%02x", status);
1972
1973 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1974}
1975
1976static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1977{
1978 struct mgmt_cp_add_uuid *cp = data;
1979 struct pending_cmd *cmd;
1980 struct hci_request req;
1981 struct bt_uuid *uuid;
1982 int err;
1983
1984 BT_DBG("request for %s", hdev->name);
1985
1986 hci_dev_lock(hdev);
1987
1988 if (pending_eir_or_class(hdev)) {
1989 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1990 MGMT_STATUS_BUSY);
1991 goto failed;
1992 }
1993
1994 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1995 if (!uuid) {
1996 err = -ENOMEM;
1997 goto failed;
1998 }
1999
2000 memcpy(uuid->uuid, cp->uuid, 16);
2001 uuid->svc_hint = cp->svc_hint;
2002 uuid->size = get_uuid_size(cp->uuid);
2003
2004 list_add_tail(&uuid->list, &hdev->uuids);
2005
2006 hci_req_init(&req, hdev);
2007
2008 update_class(&req);
2009 update_eir(&req);
2010
2011 err = hci_req_run(&req, add_uuid_complete);
2012 if (err < 0) {
2013 if (err != -ENODATA)
2014 goto failed;
2015
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2017 hdev->dev_class, 3);
2018 goto failed;
2019 }
2020
2021 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2022 if (!cmd) {
2023 err = -ENOMEM;
2024 goto failed;
2025 }
2026
2027 err = 0;
2028
2029failed:
2030 hci_dev_unlock(hdev);
2031 return err;
2032}
2033
2034static bool enable_service_cache(struct hci_dev *hdev)
2035{
2036 if (!hdev_is_powered(hdev))
2037 return false;
2038
2039 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2040 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2041 CACHE_TIMEOUT);
2042 return true;
2043 }
2044
2045 return false;
2046}
2047
2048static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2049{
2050 BT_DBG("status 0x%02x", status);
2051
2052 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2053}
2054
2055static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2056 u16 len)
2057{
2058 struct mgmt_cp_remove_uuid *cp = data;
2059 struct pending_cmd *cmd;
2060 struct bt_uuid *match, *tmp;
2061 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2062 struct hci_request req;
2063 int err, found;
2064
2065 BT_DBG("request for %s", hdev->name);
2066
2067 hci_dev_lock(hdev);
2068
2069 if (pending_eir_or_class(hdev)) {
2070 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2071 MGMT_STATUS_BUSY);
2072 goto unlock;
2073 }
2074
2075 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2076 hci_uuids_clear(hdev);
2077
2078 if (enable_service_cache(hdev)) {
2079 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2080 0, hdev->dev_class, 3);
2081 goto unlock;
2082 }
2083
2084 goto update_class;
2085 }
2086
2087 found = 0;
2088
2089 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2090 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2091 continue;
2092
2093 list_del(&match->list);
2094 kfree(match);
2095 found++;
2096 }
2097
2098 if (found == 0) {
2099 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2100 MGMT_STATUS_INVALID_PARAMS);
2101 goto unlock;
2102 }
2103
2104update_class:
2105 hci_req_init(&req, hdev);
2106
2107 update_class(&req);
2108 update_eir(&req);
2109
2110 err = hci_req_run(&req, remove_uuid_complete);
2111 if (err < 0) {
2112 if (err != -ENODATA)
2113 goto unlock;
2114
2115 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2116 hdev->dev_class, 3);
2117 goto unlock;
2118 }
2119
2120 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2121 if (!cmd) {
2122 err = -ENOMEM;
2123 goto unlock;
2124 }
2125
2126 err = 0;
2127
2128unlock:
2129 hci_dev_unlock(hdev);
2130 return err;
2131}
2132
2133static void set_class_complete(struct hci_dev *hdev, u8 status)
2134{
2135 BT_DBG("status 0x%02x", status);
2136
2137 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2138}
2139
2140static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2141 u16 len)
2142{
2143 struct mgmt_cp_set_dev_class *cp = data;
2144 struct pending_cmd *cmd;
2145 struct hci_request req;
2146 int err;
2147
2148 BT_DBG("request for %s", hdev->name);
2149
2150 if (!lmp_bredr_capable(hdev))
2151 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2152 MGMT_STATUS_NOT_SUPPORTED);
2153
2154 hci_dev_lock(hdev);
2155
2156 if (pending_eir_or_class(hdev)) {
2157 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2158 MGMT_STATUS_BUSY);
2159 goto unlock;
2160 }
2161
2162 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2163 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2164 MGMT_STATUS_INVALID_PARAMS);
2165 goto unlock;
2166 }
2167
2168 hdev->major_class = cp->major;
2169 hdev->minor_class = cp->minor;
2170
2171 if (!hdev_is_powered(hdev)) {
2172 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2173 hdev->dev_class, 3);
2174 goto unlock;
2175 }
2176
2177 hci_req_init(&req, hdev);
2178
2179 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2180 hci_dev_unlock(hdev);
2181 cancel_delayed_work_sync(&hdev->service_cache);
2182 hci_dev_lock(hdev);
2183 update_eir(&req);
2184 }
2185
2186 update_class(&req);
2187
2188 err = hci_req_run(&req, set_class_complete);
2189 if (err < 0) {
2190 if (err != -ENODATA)
2191 goto unlock;
2192
2193 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2194 hdev->dev_class, 3);
2195 goto unlock;
2196 }
2197
2198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2199 if (!cmd) {
2200 err = -ENOMEM;
2201 goto unlock;
2202 }
2203
2204 err = 0;
2205
2206unlock:
2207 hci_dev_unlock(hdev);
2208 return err;
2209}
2210
2211static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2212 u16 len)
2213{
2214 struct mgmt_cp_load_link_keys *cp = data;
2215 u16 key_count, expected_len;
2216 bool changed;
2217 int i;
2218
2219 BT_DBG("request for %s", hdev->name);
2220
2221 if (!lmp_bredr_capable(hdev))
2222 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2223 MGMT_STATUS_NOT_SUPPORTED);
2224
2225 key_count = __le16_to_cpu(cp->key_count);
2226
2227 expected_len = sizeof(*cp) + key_count *
2228 sizeof(struct mgmt_link_key_info);
2229 if (expected_len != len) {
2230 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2231 len, expected_len);
2232 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2233 MGMT_STATUS_INVALID_PARAMS);
2234 }
2235
2236 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2237 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2238 MGMT_STATUS_INVALID_PARAMS);
2239
2240 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2241 key_count);
2242
2243 for (i = 0; i < key_count; i++) {
2244 struct mgmt_link_key_info *key = &cp->keys[i];
2245
2246 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2247 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2248 MGMT_STATUS_INVALID_PARAMS);
2249 }
2250
2251 hci_dev_lock(hdev);
2252
2253 hci_link_keys_clear(hdev);
2254
2255 if (cp->debug_keys)
2256 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2257 else
2258 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2259
2260 if (changed)
2261 new_settings(hdev, NULL);
2262
2263 for (i = 0; i < key_count; i++) {
2264 struct mgmt_link_key_info *key = &cp->keys[i];
2265
2266 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2267 key->type, key->pin_len);
2268 }
2269
2270 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2271
2272 hci_dev_unlock(hdev);
2273
2274 return 0;
2275}
2276
2277static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2278 u8 addr_type, struct sock *skip_sk)
2279{
2280 struct mgmt_ev_device_unpaired ev;
2281
2282 bacpy(&ev.addr.bdaddr, bdaddr);
2283 ev.addr.type = addr_type;
2284
2285 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2286 skip_sk);
2287}
2288
2289static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2290 u16 len)
2291{
2292 struct mgmt_cp_unpair_device *cp = data;
2293 struct mgmt_rp_unpair_device rp;
2294 struct hci_cp_disconnect dc;
2295 struct pending_cmd *cmd;
2296 struct hci_conn *conn;
2297 int err;
2298
2299 memset(&rp, 0, sizeof(rp));
2300 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2301 rp.addr.type = cp->addr.type;
2302
2303 if (!bdaddr_type_is_valid(cp->addr.type))
2304 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2305 MGMT_STATUS_INVALID_PARAMS,
2306 &rp, sizeof(rp));
2307
2308 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2309 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2310 MGMT_STATUS_INVALID_PARAMS,
2311 &rp, sizeof(rp));
2312
2313 hci_dev_lock(hdev);
2314
2315 if (!hdev_is_powered(hdev)) {
2316 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2317 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2318 goto unlock;
2319 }
2320
2321 if (cp->addr.type == BDADDR_BREDR) {
2322 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2323 } else {
2324 u8 addr_type;
2325
2326 if (cp->addr.type == BDADDR_LE_PUBLIC)
2327 addr_type = ADDR_LE_DEV_PUBLIC;
2328 else
2329 addr_type = ADDR_LE_DEV_RANDOM;
2330
2331 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2332
2333 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2334 }
2335
2336 if (err < 0) {
2337 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2338 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2339 goto unlock;
2340 }
2341
2342 if (cp->disconnect) {
2343 if (cp->addr.type == BDADDR_BREDR)
2344 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2345 &cp->addr.bdaddr);
2346 else
2347 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2348 &cp->addr.bdaddr);
2349 } else {
2350 conn = NULL;
2351 }
2352
2353 if (!conn) {
2354 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2355 &rp, sizeof(rp));
2356 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2357 goto unlock;
2358 }
2359
2360 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2361 sizeof(*cp));
2362 if (!cmd) {
2363 err = -ENOMEM;
2364 goto unlock;
2365 }
2366
2367 dc.handle = cpu_to_le16(conn->handle);
2368 dc.reason = 0x13; /* Remote User Terminated Connection */
2369 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2370 if (err < 0)
2371 mgmt_pending_remove(cmd);
2372
2373unlock:
2374 hci_dev_unlock(hdev);
2375 return err;
2376}
2377
2378static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2379 u16 len)
2380{
2381 struct mgmt_cp_disconnect *cp = data;
2382 struct mgmt_rp_disconnect rp;
2383 struct hci_cp_disconnect dc;
2384 struct pending_cmd *cmd;
2385 struct hci_conn *conn;
2386 int err;
2387
2388 BT_DBG("");
2389
2390 memset(&rp, 0, sizeof(rp));
2391 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2392 rp.addr.type = cp->addr.type;
2393
2394 if (!bdaddr_type_is_valid(cp->addr.type))
2395 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2396 MGMT_STATUS_INVALID_PARAMS,
2397 &rp, sizeof(rp));
2398
2399 hci_dev_lock(hdev);
2400
2401 if (!test_bit(HCI_UP, &hdev->flags)) {
2402 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2403 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2404 goto failed;
2405 }
2406
2407 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2408 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2409 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2410 goto failed;
2411 }
2412
2413 if (cp->addr.type == BDADDR_BREDR)
2414 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2415 &cp->addr.bdaddr);
2416 else
2417 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2418
2419 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2420 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2421 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2422 goto failed;
2423 }
2424
2425 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2426 if (!cmd) {
2427 err = -ENOMEM;
2428 goto failed;
2429 }
2430
2431 dc.handle = cpu_to_le16(conn->handle);
2432 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2433
2434 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2435 if (err < 0)
2436 mgmt_pending_remove(cmd);
2437
2438failed:
2439 hci_dev_unlock(hdev);
2440 return err;
2441}
2442
2443static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2444{
2445 switch (link_type) {
2446 case LE_LINK:
2447 switch (addr_type) {
2448 case ADDR_LE_DEV_PUBLIC:
2449 return BDADDR_LE_PUBLIC;
2450
2451 default:
2452 /* Fallback to LE Random address type */
2453 return BDADDR_LE_RANDOM;
2454 }
2455
2456 default:
2457 /* Fallback to BR/EDR type */
2458 return BDADDR_BREDR;
2459 }
2460}
2461
2462static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2463 u16 data_len)
2464{
2465 struct mgmt_rp_get_connections *rp;
2466 struct hci_conn *c;
2467 size_t rp_len;
2468 int err;
2469 u16 i;
2470
2471 BT_DBG("");
2472
2473 hci_dev_lock(hdev);
2474
2475 if (!hdev_is_powered(hdev)) {
2476 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2477 MGMT_STATUS_NOT_POWERED);
2478 goto unlock;
2479 }
2480
2481 i = 0;
2482 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2483 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2484 i++;
2485 }
2486
2487 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2488 rp = kmalloc(rp_len, GFP_KERNEL);
2489 if (!rp) {
2490 err = -ENOMEM;
2491 goto unlock;
2492 }
2493
2494 i = 0;
2495 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2496 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2497 continue;
2498 bacpy(&rp->addr[i].bdaddr, &c->dst);
2499 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2500 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2501 continue;
2502 i++;
2503 }
2504
2505 rp->conn_count = cpu_to_le16(i);
2506
2507 /* Recalculate length in case of filtered SCO connections, etc */
2508 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2509
2510 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2511 rp_len);
2512
2513 kfree(rp);
2514
2515unlock:
2516 hci_dev_unlock(hdev);
2517 return err;
2518}
2519
2520static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2521 struct mgmt_cp_pin_code_neg_reply *cp)
2522{
2523 struct pending_cmd *cmd;
2524 int err;
2525
2526 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2527 sizeof(*cp));
2528 if (!cmd)
2529 return -ENOMEM;
2530
2531 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2532 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2533 if (err < 0)
2534 mgmt_pending_remove(cmd);
2535
2536 return err;
2537}
2538
2539static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2540 u16 len)
2541{
2542 struct hci_conn *conn;
2543 struct mgmt_cp_pin_code_reply *cp = data;
2544 struct hci_cp_pin_code_reply reply;
2545 struct pending_cmd *cmd;
2546 int err;
2547
2548 BT_DBG("");
2549
2550 hci_dev_lock(hdev);
2551
2552 if (!hdev_is_powered(hdev)) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2554 MGMT_STATUS_NOT_POWERED);
2555 goto failed;
2556 }
2557
2558 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2559 if (!conn) {
2560 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2561 MGMT_STATUS_NOT_CONNECTED);
2562 goto failed;
2563 }
2564
2565 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2566 struct mgmt_cp_pin_code_neg_reply ncp;
2567
2568 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2569
2570 BT_ERR("PIN code is not 16 bytes long");
2571
2572 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2573 if (err >= 0)
2574 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2575 MGMT_STATUS_INVALID_PARAMS);
2576
2577 goto failed;
2578 }
2579
2580 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2581 if (!cmd) {
2582 err = -ENOMEM;
2583 goto failed;
2584 }
2585
2586 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2587 reply.pin_len = cp->pin_len;
2588 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2589
2590 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2591 if (err < 0)
2592 mgmt_pending_remove(cmd);
2593
2594failed:
2595 hci_dev_unlock(hdev);
2596 return err;
2597}
2598
2599static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2600 u16 len)
2601{
2602 struct mgmt_cp_set_io_capability *cp = data;
2603
2604 BT_DBG("");
2605
2606 hci_dev_lock(hdev);
2607
2608 hdev->io_capability = cp->io_capability;
2609
2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2611 hdev->io_capability);
2612
2613 hci_dev_unlock(hdev);
2614
2615 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2616 0);
2617}
2618
2619static struct pending_cmd *find_pairing(struct hci_conn *conn)
2620{
2621 struct hci_dev *hdev = conn->hdev;
2622 struct pending_cmd *cmd;
2623
2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2626 continue;
2627
2628 if (cmd->user_data != conn)
2629 continue;
2630
2631 return cmd;
2632 }
2633
2634 return NULL;
2635}
2636
2637static void pairing_complete(struct pending_cmd *cmd, u8 status)
2638{
2639 struct mgmt_rp_pair_device rp;
2640 struct hci_conn *conn = cmd->user_data;
2641
2642 bacpy(&rp.addr.bdaddr, &conn->dst);
2643 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2644
2645 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2646 &rp, sizeof(rp));
2647
2648 /* So we don't get further callbacks for this connection */
2649 conn->connect_cfm_cb = NULL;
2650 conn->security_cfm_cb = NULL;
2651 conn->disconn_cfm_cb = NULL;
2652
2653 hci_conn_drop(conn);
2654
2655 mgmt_pending_remove(cmd);
2656}
2657
2658void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2659{
2660 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2661 struct pending_cmd *cmd;
2662
2663 cmd = find_pairing(conn);
2664 if (cmd)
2665 pairing_complete(cmd, status);
2666}
2667
2668static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2669{
2670 struct pending_cmd *cmd;
2671
2672 BT_DBG("status %u", status);
2673
2674 cmd = find_pairing(conn);
2675 if (!cmd)
2676 BT_DBG("Unable to find a pending command");
2677 else
2678 pairing_complete(cmd, mgmt_status(status));
2679}
2680
2681static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2682{
2683 struct pending_cmd *cmd;
2684
2685 BT_DBG("status %u", status);
2686
2687 if (!status)
2688 return;
2689
2690 cmd = find_pairing(conn);
2691 if (!cmd)
2692 BT_DBG("Unable to find a pending command");
2693 else
2694 pairing_complete(cmd, mgmt_status(status));
2695}
2696
2697static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2698 u16 len)
2699{
2700 struct mgmt_cp_pair_device *cp = data;
2701 struct mgmt_rp_pair_device rp;
2702 struct pending_cmd *cmd;
2703 u8 sec_level, auth_type;
2704 struct hci_conn *conn;
2705 int err;
2706
2707 BT_DBG("");
2708
2709 memset(&rp, 0, sizeof(rp));
2710 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2711 rp.addr.type = cp->addr.type;
2712
2713 if (!bdaddr_type_is_valid(cp->addr.type))
2714 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2715 MGMT_STATUS_INVALID_PARAMS,
2716 &rp, sizeof(rp));
2717
2718 hci_dev_lock(hdev);
2719
2720 if (!hdev_is_powered(hdev)) {
2721 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2722 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2723 goto unlock;
2724 }
2725
2726 sec_level = BT_SECURITY_MEDIUM;
2727 if (cp->io_cap == 0x03)
2728 auth_type = HCI_AT_DEDICATED_BONDING;
2729 else
2730 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2731
2732 if (cp->addr.type == BDADDR_BREDR)
2733 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2734 cp->addr.type, sec_level, auth_type);
2735 else
2736 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2737 cp->addr.type, sec_level, auth_type);
2738
2739 if (IS_ERR(conn)) {
2740 int status;
2741
2742 if (PTR_ERR(conn) == -EBUSY)
2743 status = MGMT_STATUS_BUSY;
2744 else
2745 status = MGMT_STATUS_CONNECT_FAILED;
2746
2747 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2748 status, &rp,
2749 sizeof(rp));
2750 goto unlock;
2751 }
2752
2753 if (conn->connect_cfm_cb) {
2754 hci_conn_drop(conn);
2755 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2756 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2757 goto unlock;
2758 }
2759
2760 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2761 if (!cmd) {
2762 err = -ENOMEM;
2763 hci_conn_drop(conn);
2764 goto unlock;
2765 }
2766
2767 /* For LE, just connecting isn't a proof that the pairing finished */
2768 if (cp->addr.type == BDADDR_BREDR) {
2769 conn->connect_cfm_cb = pairing_complete_cb;
2770 conn->security_cfm_cb = pairing_complete_cb;
2771 conn->disconn_cfm_cb = pairing_complete_cb;
2772 } else {
2773 conn->connect_cfm_cb = le_pairing_complete_cb;
2774 conn->security_cfm_cb = le_pairing_complete_cb;
2775 conn->disconn_cfm_cb = le_pairing_complete_cb;
2776 }
2777
2778 conn->io_capability = cp->io_cap;
2779 cmd->user_data = conn;
2780
2781 if (conn->state == BT_CONNECTED &&
2782 hci_conn_security(conn, sec_level, auth_type))
2783 pairing_complete(cmd, 0);
2784
2785 err = 0;
2786
2787unlock:
2788 hci_dev_unlock(hdev);
2789 return err;
2790}
2791
2792static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2793 u16 len)
2794{
2795 struct mgmt_addr_info *addr = data;
2796 struct pending_cmd *cmd;
2797 struct hci_conn *conn;
2798 int err;
2799
2800 BT_DBG("");
2801
2802 hci_dev_lock(hdev);
2803
2804 if (!hdev_is_powered(hdev)) {
2805 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2806 MGMT_STATUS_NOT_POWERED);
2807 goto unlock;
2808 }
2809
2810 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2811 if (!cmd) {
2812 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2813 MGMT_STATUS_INVALID_PARAMS);
2814 goto unlock;
2815 }
2816
2817 conn = cmd->user_data;
2818
2819 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2820 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2821 MGMT_STATUS_INVALID_PARAMS);
2822 goto unlock;
2823 }
2824
2825 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2826
2827 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2828 addr, sizeof(*addr));
2829unlock:
2830 hci_dev_unlock(hdev);
2831 return err;
2832}
2833
2834static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2835 struct mgmt_addr_info *addr, u16 mgmt_op,
2836 u16 hci_op, __le32 passkey)
2837{
2838 struct pending_cmd *cmd;
2839 struct hci_conn *conn;
2840 int err;
2841
2842 hci_dev_lock(hdev);
2843
2844 if (!hdev_is_powered(hdev)) {
2845 err = cmd_complete(sk, hdev->id, mgmt_op,
2846 MGMT_STATUS_NOT_POWERED, addr,
2847 sizeof(*addr));
2848 goto done;
2849 }
2850
2851 if (addr->type == BDADDR_BREDR)
2852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2853 else
2854 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2855
2856 if (!conn) {
2857 err = cmd_complete(sk, hdev->id, mgmt_op,
2858 MGMT_STATUS_NOT_CONNECTED, addr,
2859 sizeof(*addr));
2860 goto done;
2861 }
2862
2863 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2864 /* Continue with pairing via SMP */
2865 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2866
2867 if (!err)
2868 err = cmd_complete(sk, hdev->id, mgmt_op,
2869 MGMT_STATUS_SUCCESS, addr,
2870 sizeof(*addr));
2871 else
2872 err = cmd_complete(sk, hdev->id, mgmt_op,
2873 MGMT_STATUS_FAILED, addr,
2874 sizeof(*addr));
2875
2876 goto done;
2877 }
2878
2879 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2880 if (!cmd) {
2881 err = -ENOMEM;
2882 goto done;
2883 }
2884
2885 /* Continue with pairing via HCI */
2886 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2887 struct hci_cp_user_passkey_reply cp;
2888
2889 bacpy(&cp.bdaddr, &addr->bdaddr);
2890 cp.passkey = passkey;
2891 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2892 } else
2893 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2894 &addr->bdaddr);
2895
2896 if (err < 0)
2897 mgmt_pending_remove(cmd);
2898
2899done:
2900 hci_dev_unlock(hdev);
2901 return err;
2902}
2903
2904static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2905 void *data, u16 len)
2906{
2907 struct mgmt_cp_pin_code_neg_reply *cp = data;
2908
2909 BT_DBG("");
2910
2911 return user_pairing_resp(sk, hdev, &cp->addr,
2912 MGMT_OP_PIN_CODE_NEG_REPLY,
2913 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2914}
2915
2916static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2917 u16 len)
2918{
2919 struct mgmt_cp_user_confirm_reply *cp = data;
2920
2921 BT_DBG("");
2922
2923 if (len != sizeof(*cp))
2924 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2925 MGMT_STATUS_INVALID_PARAMS);
2926
2927 return user_pairing_resp(sk, hdev, &cp->addr,
2928 MGMT_OP_USER_CONFIRM_REPLY,
2929 HCI_OP_USER_CONFIRM_REPLY, 0);
2930}
2931
2932static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2933 void *data, u16 len)
2934{
2935 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2936
2937 BT_DBG("");
2938
2939 return user_pairing_resp(sk, hdev, &cp->addr,
2940 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2941 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2942}
2943
2944static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2945 u16 len)
2946{
2947 struct mgmt_cp_user_passkey_reply *cp = data;
2948
2949 BT_DBG("");
2950
2951 return user_pairing_resp(sk, hdev, &cp->addr,
2952 MGMT_OP_USER_PASSKEY_REPLY,
2953 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2954}
2955
2956static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2957 void *data, u16 len)
2958{
2959 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2960
2961 BT_DBG("");
2962
2963 return user_pairing_resp(sk, hdev, &cp->addr,
2964 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2965 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2966}
2967
2968static void update_name(struct hci_request *req)
2969{
2970 struct hci_dev *hdev = req->hdev;
2971 struct hci_cp_write_local_name cp;
2972
2973 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2974
2975 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2976}
2977
2978static void set_name_complete(struct hci_dev *hdev, u8 status)
2979{
2980 struct mgmt_cp_set_local_name *cp;
2981 struct pending_cmd *cmd;
2982
2983 BT_DBG("status 0x%02x", status);
2984
2985 hci_dev_lock(hdev);
2986
2987 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2988 if (!cmd)
2989 goto unlock;
2990
2991 cp = cmd->param;
2992
2993 if (status)
2994 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2995 mgmt_status(status));
2996 else
2997 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2998 cp, sizeof(*cp));
2999
3000 mgmt_pending_remove(cmd);
3001
3002unlock:
3003 hci_dev_unlock(hdev);
3004}
3005
3006static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3007 u16 len)
3008{
3009 struct mgmt_cp_set_local_name *cp = data;
3010 struct pending_cmd *cmd;
3011 struct hci_request req;
3012 int err;
3013
3014 BT_DBG("");
3015
3016 hci_dev_lock(hdev);
3017
3018 /* If the old values are the same as the new ones just return a
3019 * direct command complete event.
3020 */
3021 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3022 !memcmp(hdev->short_name, cp->short_name,
3023 sizeof(hdev->short_name))) {
3024 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3025 data, len);
3026 goto failed;
3027 }
3028
3029 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3030
3031 if (!hdev_is_powered(hdev)) {
3032 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3033
3034 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3035 data, len);
3036 if (err < 0)
3037 goto failed;
3038
3039 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3040 sk);
3041
3042 goto failed;
3043 }
3044
3045 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3046 if (!cmd) {
3047 err = -ENOMEM;
3048 goto failed;
3049 }
3050
3051 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3052
3053 hci_req_init(&req, hdev);
3054
3055 if (lmp_bredr_capable(hdev)) {
3056 update_name(&req);
3057 update_eir(&req);
3058 }
3059
3060 /* The name is stored in the scan response data and so
3061 * no need to udpate the advertising data here.
3062 */
3063 if (lmp_le_capable(hdev))
3064 update_scan_rsp_data(&req);
3065
3066 err = hci_req_run(&req, set_name_complete);
3067 if (err < 0)
3068 mgmt_pending_remove(cmd);
3069
3070failed:
3071 hci_dev_unlock(hdev);
3072 return err;
3073}
3074
3075static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3076 void *data, u16 data_len)
3077{
3078 struct pending_cmd *cmd;
3079 int err;
3080
3081 BT_DBG("%s", hdev->name);
3082
3083 hci_dev_lock(hdev);
3084
3085 if (!hdev_is_powered(hdev)) {
3086 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3087 MGMT_STATUS_NOT_POWERED);
3088 goto unlock;
3089 }
3090
3091 if (!lmp_ssp_capable(hdev)) {
3092 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3093 MGMT_STATUS_NOT_SUPPORTED);
3094 goto unlock;
3095 }
3096
3097 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3098 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3099 MGMT_STATUS_BUSY);
3100 goto unlock;
3101 }
3102
3103 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3104 if (!cmd) {
3105 err = -ENOMEM;
3106 goto unlock;
3107 }
3108
3109 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3110 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3111 0, NULL);
3112 else
3113 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3114
3115 if (err < 0)
3116 mgmt_pending_remove(cmd);
3117
3118unlock:
3119 hci_dev_unlock(hdev);
3120 return err;
3121}
3122
3123static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3124 void *data, u16 len)
3125{
3126 int err;
3127
3128 BT_DBG("%s ", hdev->name);
3129
3130 hci_dev_lock(hdev);
3131
3132 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3133 struct mgmt_cp_add_remote_oob_data *cp = data;
3134 u8 status;
3135
3136 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3137 cp->hash, cp->randomizer);
3138 if (err < 0)
3139 status = MGMT_STATUS_FAILED;
3140 else
3141 status = MGMT_STATUS_SUCCESS;
3142
3143 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3144 status, &cp->addr, sizeof(cp->addr));
3145 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3146 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3147 u8 status;
3148
3149 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3150 cp->hash192,
3151 cp->randomizer192,
3152 cp->hash256,
3153 cp->randomizer256);
3154 if (err < 0)
3155 status = MGMT_STATUS_FAILED;
3156 else
3157 status = MGMT_STATUS_SUCCESS;
3158
3159 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3160 status, &cp->addr, sizeof(cp->addr));
3161 } else {
3162 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3163 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3164 MGMT_STATUS_INVALID_PARAMS);
3165 }
3166
3167 hci_dev_unlock(hdev);
3168 return err;
3169}
3170
3171static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3172 void *data, u16 len)
3173{
3174 struct mgmt_cp_remove_remote_oob_data *cp = data;
3175 u8 status;
3176 int err;
3177
3178 BT_DBG("%s", hdev->name);
3179
3180 hci_dev_lock(hdev);
3181
3182 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3183 if (err < 0)
3184 status = MGMT_STATUS_INVALID_PARAMS;
3185 else
3186 status = MGMT_STATUS_SUCCESS;
3187
3188 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3189 status, &cp->addr, sizeof(cp->addr));
3190
3191 hci_dev_unlock(hdev);
3192 return err;
3193}
3194
3195static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3196{
3197 struct pending_cmd *cmd;
3198 u8 type;
3199 int err;
3200
3201 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3202
3203 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3204 if (!cmd)
3205 return -ENOENT;
3206
3207 type = hdev->discovery.type;
3208
3209 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3210 &type, sizeof(type));
3211 mgmt_pending_remove(cmd);
3212
3213 return err;
3214}
3215
3216static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3217{
3218 BT_DBG("status %d", status);
3219
3220 if (status) {
3221 hci_dev_lock(hdev);
3222 mgmt_start_discovery_failed(hdev, status);
3223 hci_dev_unlock(hdev);
3224 return;
3225 }
3226
3227 hci_dev_lock(hdev);
3228 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3229 hci_dev_unlock(hdev);
3230
3231 switch (hdev->discovery.type) {
3232 case DISCOV_TYPE_LE:
3233 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3234 DISCOV_LE_TIMEOUT);
3235 break;
3236
3237 case DISCOV_TYPE_INTERLEAVED:
3238 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3239 DISCOV_INTERLEAVED_TIMEOUT);
3240 break;
3241
3242 case DISCOV_TYPE_BREDR:
3243 break;
3244
3245 default:
3246 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3247 }
3248}
3249
3250static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3251 void *data, u16 len)
3252{
3253 struct mgmt_cp_start_discovery *cp = data;
3254 struct pending_cmd *cmd;
3255 struct hci_cp_le_set_scan_param param_cp;
3256 struct hci_cp_le_set_scan_enable enable_cp;
3257 struct hci_cp_inquiry inq_cp;
3258 struct hci_request req;
3259 /* General inquiry access code (GIAC) */
3260 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3261 u8 status;
3262 int err;
3263
3264 BT_DBG("%s", hdev->name);
3265
3266 hci_dev_lock(hdev);
3267
3268 if (!hdev_is_powered(hdev)) {
3269 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3270 MGMT_STATUS_NOT_POWERED);
3271 goto failed;
3272 }
3273
3274 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3275 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3276 MGMT_STATUS_BUSY);
3277 goto failed;
3278 }
3279
3280 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3281 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3282 MGMT_STATUS_BUSY);
3283 goto failed;
3284 }
3285
3286 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3287 if (!cmd) {
3288 err = -ENOMEM;
3289 goto failed;
3290 }
3291
3292 hdev->discovery.type = cp->type;
3293
3294 hci_req_init(&req, hdev);
3295
3296 switch (hdev->discovery.type) {
3297 case DISCOV_TYPE_BREDR:
3298 status = mgmt_bredr_support(hdev);
3299 if (status) {
3300 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3301 status);
3302 mgmt_pending_remove(cmd);
3303 goto failed;
3304 }
3305
3306 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3307 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3308 MGMT_STATUS_BUSY);
3309 mgmt_pending_remove(cmd);
3310 goto failed;
3311 }
3312
3313 hci_inquiry_cache_flush(hdev);
3314
3315 memset(&inq_cp, 0, sizeof(inq_cp));
3316 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3317 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3318 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3319 break;
3320
3321 case DISCOV_TYPE_LE:
3322 case DISCOV_TYPE_INTERLEAVED:
3323 status = mgmt_le_support(hdev);
3324 if (status) {
3325 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3326 status);
3327 mgmt_pending_remove(cmd);
3328 goto failed;
3329 }
3330
3331 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3332 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3333 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3334 MGMT_STATUS_NOT_SUPPORTED);
3335 mgmt_pending_remove(cmd);
3336 goto failed;
3337 }
3338
3339 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3340 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3341 MGMT_STATUS_REJECTED);
3342 mgmt_pending_remove(cmd);
3343 goto failed;
3344 }
3345
3346 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3347 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3348 MGMT_STATUS_BUSY);
3349 mgmt_pending_remove(cmd);
3350 goto failed;
3351 }
3352
3353 memset(&param_cp, 0, sizeof(param_cp));
3354 param_cp.type = LE_SCAN_ACTIVE;
3355 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3356 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3357 param_cp.own_address_type = hdev->own_addr_type;
3358 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3359 &param_cp);
3360
3361 memset(&enable_cp, 0, sizeof(enable_cp));
3362 enable_cp.enable = LE_SCAN_ENABLE;
3363 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3364 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3365 &enable_cp);
3366 break;
3367
3368 default:
3369 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3370 MGMT_STATUS_INVALID_PARAMS);
3371 mgmt_pending_remove(cmd);
3372 goto failed;
3373 }
3374
3375 err = hci_req_run(&req, start_discovery_complete);
3376 if (err < 0)
3377 mgmt_pending_remove(cmd);
3378 else
3379 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3380
3381failed:
3382 hci_dev_unlock(hdev);
3383 return err;
3384}
3385
3386static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3387{
3388 struct pending_cmd *cmd;
3389 int err;
3390
3391 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3392 if (!cmd)
3393 return -ENOENT;
3394
3395 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3396 &hdev->discovery.type, sizeof(hdev->discovery.type));
3397 mgmt_pending_remove(cmd);
3398
3399 return err;
3400}
3401
3402static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3403{
3404 BT_DBG("status %d", status);
3405
3406 hci_dev_lock(hdev);
3407
3408 if (status) {
3409 mgmt_stop_discovery_failed(hdev, status);
3410 goto unlock;
3411 }
3412
3413 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3414
3415unlock:
3416 hci_dev_unlock(hdev);
3417}
3418
3419static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3420 u16 len)
3421{
3422 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3423 struct pending_cmd *cmd;
3424 struct hci_cp_remote_name_req_cancel cp;
3425 struct inquiry_entry *e;
3426 struct hci_request req;
3427 struct hci_cp_le_set_scan_enable enable_cp;
3428 int err;
3429
3430 BT_DBG("%s", hdev->name);
3431
3432 hci_dev_lock(hdev);
3433
3434 if (!hci_discovery_active(hdev)) {
3435 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3436 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3437 sizeof(mgmt_cp->type));
3438 goto unlock;
3439 }
3440
3441 if (hdev->discovery.type != mgmt_cp->type) {
3442 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3443 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3444 sizeof(mgmt_cp->type));
3445 goto unlock;
3446 }
3447
3448 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3449 if (!cmd) {
3450 err = -ENOMEM;
3451 goto unlock;
3452 }
3453
3454 hci_req_init(&req, hdev);
3455
3456 switch (hdev->discovery.state) {
3457 case DISCOVERY_FINDING:
3458 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3459 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3460 } else {
3461 cancel_delayed_work(&hdev->le_scan_disable);
3462
3463 memset(&enable_cp, 0, sizeof(enable_cp));
3464 enable_cp.enable = LE_SCAN_DISABLE;
3465 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3466 sizeof(enable_cp), &enable_cp);
3467 }
3468
3469 break;
3470
3471 case DISCOVERY_RESOLVING:
3472 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3473 NAME_PENDING);
3474 if (!e) {
3475 mgmt_pending_remove(cmd);
3476 err = cmd_complete(sk, hdev->id,
3477 MGMT_OP_STOP_DISCOVERY, 0,
3478 &mgmt_cp->type,
3479 sizeof(mgmt_cp->type));
3480 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3481 goto unlock;
3482 }
3483
3484 bacpy(&cp.bdaddr, &e->data.bdaddr);
3485 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3486 &cp);
3487
3488 break;
3489
3490 default:
3491 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3492
3493 mgmt_pending_remove(cmd);
3494 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3495 MGMT_STATUS_FAILED, &mgmt_cp->type,
3496 sizeof(mgmt_cp->type));
3497 goto unlock;
3498 }
3499
3500 err = hci_req_run(&req, stop_discovery_complete);
3501 if (err < 0)
3502 mgmt_pending_remove(cmd);
3503 else
3504 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3505
3506unlock:
3507 hci_dev_unlock(hdev);
3508 return err;
3509}
3510
3511static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3512 u16 len)
3513{
3514 struct mgmt_cp_confirm_name *cp = data;
3515 struct inquiry_entry *e;
3516 int err;
3517
3518 BT_DBG("%s", hdev->name);
3519
3520 hci_dev_lock(hdev);
3521
3522 if (!hci_discovery_active(hdev)) {
3523 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3524 MGMT_STATUS_FAILED);
3525 goto failed;
3526 }
3527
3528 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3529 if (!e) {
3530 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3531 MGMT_STATUS_INVALID_PARAMS);
3532 goto failed;
3533 }
3534
3535 if (cp->name_known) {
3536 e->name_state = NAME_KNOWN;
3537 list_del(&e->list);
3538 } else {
3539 e->name_state = NAME_NEEDED;
3540 hci_inquiry_cache_update_resolve(hdev, e);
3541 }
3542
3543 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3544 sizeof(cp->addr));
3545
3546failed:
3547 hci_dev_unlock(hdev);
3548 return err;
3549}
3550
3551static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3552 u16 len)
3553{
3554 struct mgmt_cp_block_device *cp = data;
3555 u8 status;
3556 int err;
3557
3558 BT_DBG("%s", hdev->name);
3559
3560 if (!bdaddr_type_is_valid(cp->addr.type))
3561 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3562 MGMT_STATUS_INVALID_PARAMS,
3563 &cp->addr, sizeof(cp->addr));
3564
3565 hci_dev_lock(hdev);
3566
3567 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3568 if (err < 0)
3569 status = MGMT_STATUS_FAILED;
3570 else
3571 status = MGMT_STATUS_SUCCESS;
3572
3573 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3574 &cp->addr, sizeof(cp->addr));
3575
3576 hci_dev_unlock(hdev);
3577
3578 return err;
3579}
3580
3581static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3582 u16 len)
3583{
3584 struct mgmt_cp_unblock_device *cp = data;
3585 u8 status;
3586 int err;
3587
3588 BT_DBG("%s", hdev->name);
3589
3590 if (!bdaddr_type_is_valid(cp->addr.type))
3591 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3592 MGMT_STATUS_INVALID_PARAMS,
3593 &cp->addr, sizeof(cp->addr));
3594
3595 hci_dev_lock(hdev);
3596
3597 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3598 if (err < 0)
3599 status = MGMT_STATUS_INVALID_PARAMS;
3600 else
3601 status = MGMT_STATUS_SUCCESS;
3602
3603 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3604 &cp->addr, sizeof(cp->addr));
3605
3606 hci_dev_unlock(hdev);
3607
3608 return err;
3609}
3610
3611static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3612 u16 len)
3613{
3614 struct mgmt_cp_set_device_id *cp = data;
3615 struct hci_request req;
3616 int err;
3617 __u16 source;
3618
3619 BT_DBG("%s", hdev->name);
3620
3621 source = __le16_to_cpu(cp->source);
3622
3623 if (source > 0x0002)
3624 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3625 MGMT_STATUS_INVALID_PARAMS);
3626
3627 hci_dev_lock(hdev);
3628
3629 hdev->devid_source = source;
3630 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3631 hdev->devid_product = __le16_to_cpu(cp->product);
3632 hdev->devid_version = __le16_to_cpu(cp->version);
3633
3634 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3635
3636 hci_req_init(&req, hdev);
3637 update_eir(&req);
3638 hci_req_run(&req, NULL);
3639
3640 hci_dev_unlock(hdev);
3641
3642 return err;
3643}
3644
3645static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3646{
3647 struct cmd_lookup match = { NULL, hdev };
3648
3649 if (status) {
3650 u8 mgmt_err = mgmt_status(status);
3651
3652 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3653 cmd_status_rsp, &mgmt_err);
3654 return;
3655 }
3656
3657 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3658 &match);
3659
3660 new_settings(hdev, match.sk);
3661
3662 if (match.sk)
3663 sock_put(match.sk);
3664}
3665
3666static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3667 u16 len)
3668{
3669 struct mgmt_mode *cp = data;
3670 struct pending_cmd *cmd;
3671 struct hci_request req;
3672 u8 val, enabled, status;
3673 int err;
3674
3675 BT_DBG("request for %s", hdev->name);
3676
3677 status = mgmt_le_support(hdev);
3678 if (status)
3679 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3680 status);
3681
3682 if (cp->val != 0x00 && cp->val != 0x01)
3683 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3684 MGMT_STATUS_INVALID_PARAMS);
3685
3686 hci_dev_lock(hdev);
3687
3688 val = !!cp->val;
3689 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3690
3691 /* The following conditions are ones which mean that we should
3692 * not do any HCI communication but directly send a mgmt
3693 * response to user space (after toggling the flag if
3694 * necessary).
3695 */
3696 if (!hdev_is_powered(hdev) || val == enabled ||
3697 hci_conn_num(hdev, LE_LINK) > 0) {
3698 bool changed = false;
3699
3700 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3701 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3702 changed = true;
3703 }
3704
3705 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3706 if (err < 0)
3707 goto unlock;
3708
3709 if (changed)
3710 err = new_settings(hdev, sk);
3711
3712 goto unlock;
3713 }
3714
3715 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3716 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3718 MGMT_STATUS_BUSY);
3719 goto unlock;
3720 }
3721
3722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3723 if (!cmd) {
3724 err = -ENOMEM;
3725 goto unlock;
3726 }
3727
3728 hci_req_init(&req, hdev);
3729
3730 if (val)
3731 enable_advertising(&req);
3732 else
3733 disable_advertising(&req);
3734
3735 err = hci_req_run(&req, set_advertising_complete);
3736 if (err < 0)
3737 mgmt_pending_remove(cmd);
3738
3739unlock:
3740 hci_dev_unlock(hdev);
3741 return err;
3742}
3743
3744static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3745 void *data, u16 len)
3746{
3747 struct mgmt_cp_set_static_address *cp = data;
3748 int err;
3749
3750 BT_DBG("%s", hdev->name);
3751
3752 if (!lmp_le_capable(hdev))
3753 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3754 MGMT_STATUS_NOT_SUPPORTED);
3755
3756 if (hdev_is_powered(hdev))
3757 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3758 MGMT_STATUS_REJECTED);
3759
3760 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3761 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3762 return cmd_status(sk, hdev->id,
3763 MGMT_OP_SET_STATIC_ADDRESS,
3764 MGMT_STATUS_INVALID_PARAMS);
3765
3766 /* Two most significant bits shall be set */
3767 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3768 return cmd_status(sk, hdev->id,
3769 MGMT_OP_SET_STATIC_ADDRESS,
3770 MGMT_STATUS_INVALID_PARAMS);
3771 }
3772
3773 hci_dev_lock(hdev);
3774
3775 bacpy(&hdev->static_addr, &cp->bdaddr);
3776
3777 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3778
3779 hci_dev_unlock(hdev);
3780
3781 return err;
3782}
3783
3784static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3785 void *data, u16 len)
3786{
3787 struct mgmt_cp_set_scan_params *cp = data;
3788 __u16 interval, window;
3789 int err;
3790
3791 BT_DBG("%s", hdev->name);
3792
3793 if (!lmp_le_capable(hdev))
3794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3795 MGMT_STATUS_NOT_SUPPORTED);
3796
3797 interval = __le16_to_cpu(cp->interval);
3798
3799 if (interval < 0x0004 || interval > 0x4000)
3800 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3801 MGMT_STATUS_INVALID_PARAMS);
3802
3803 window = __le16_to_cpu(cp->window);
3804
3805 if (window < 0x0004 || window > 0x4000)
3806 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3807 MGMT_STATUS_INVALID_PARAMS);
3808
3809 if (window > interval)
3810 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3811 MGMT_STATUS_INVALID_PARAMS);
3812
3813 hci_dev_lock(hdev);
3814
3815 hdev->le_scan_interval = interval;
3816 hdev->le_scan_window = window;
3817
3818 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3819
3820 hci_dev_unlock(hdev);
3821
3822 return err;
3823}
3824
3825static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3826{
3827 struct pending_cmd *cmd;
3828
3829 BT_DBG("status 0x%02x", status);
3830
3831 hci_dev_lock(hdev);
3832
3833 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3834 if (!cmd)
3835 goto unlock;
3836
3837 if (status) {
3838 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3839 mgmt_status(status));
3840 } else {
3841 struct mgmt_mode *cp = cmd->param;
3842
3843 if (cp->val)
3844 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3845 else
3846 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3847
3848 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3849 new_settings(hdev, cmd->sk);
3850 }
3851
3852 mgmt_pending_remove(cmd);
3853
3854unlock:
3855 hci_dev_unlock(hdev);
3856}
3857
3858static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3859 void *data, u16 len)
3860{
3861 struct mgmt_mode *cp = data;
3862 struct pending_cmd *cmd;
3863 struct hci_request req;
3864 int err;
3865
3866 BT_DBG("%s", hdev->name);
3867
3868 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3869 hdev->hci_ver < BLUETOOTH_VER_1_2)
3870 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3871 MGMT_STATUS_NOT_SUPPORTED);
3872
3873 if (cp->val != 0x00 && cp->val != 0x01)
3874 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3875 MGMT_STATUS_INVALID_PARAMS);
3876
3877 if (!hdev_is_powered(hdev))
3878 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3879 MGMT_STATUS_NOT_POWERED);
3880
3881 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3882 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3883 MGMT_STATUS_REJECTED);
3884
3885 hci_dev_lock(hdev);
3886
3887 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3889 MGMT_STATUS_BUSY);
3890 goto unlock;
3891 }
3892
3893 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3894 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3895 hdev);
3896 goto unlock;
3897 }
3898
3899 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3900 data, len);
3901 if (!cmd) {
3902 err = -ENOMEM;
3903 goto unlock;
3904 }
3905
3906 hci_req_init(&req, hdev);
3907
3908 write_fast_connectable(&req, cp->val);
3909
3910 err = hci_req_run(&req, fast_connectable_complete);
3911 if (err < 0) {
3912 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3913 MGMT_STATUS_FAILED);
3914 mgmt_pending_remove(cmd);
3915 }
3916
3917unlock:
3918 hci_dev_unlock(hdev);
3919
3920 return err;
3921}
3922
3923static void set_bredr_scan(struct hci_request *req)
3924{
3925 struct hci_dev *hdev = req->hdev;
3926 u8 scan = 0;
3927
3928 /* Ensure that fast connectable is disabled. This function will
3929 * not do anything if the page scan parameters are already what
3930 * they should be.
3931 */
3932 write_fast_connectable(req, false);
3933
3934 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3935 scan |= SCAN_PAGE;
3936 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3937 scan |= SCAN_INQUIRY;
3938
3939 if (scan)
3940 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3941}
3942
3943static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3944{
3945 struct pending_cmd *cmd;
3946
3947 BT_DBG("status 0x%02x", status);
3948
3949 hci_dev_lock(hdev);
3950
3951 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3952 if (!cmd)
3953 goto unlock;
3954
3955 if (status) {
3956 u8 mgmt_err = mgmt_status(status);
3957
3958 /* We need to restore the flag if related HCI commands
3959 * failed.
3960 */
3961 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3962
3963 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3964 } else {
3965 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3966 new_settings(hdev, cmd->sk);
3967 }
3968
3969 mgmt_pending_remove(cmd);
3970
3971unlock:
3972 hci_dev_unlock(hdev);
3973}
3974
3975static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3976{
3977 struct mgmt_mode *cp = data;
3978 struct pending_cmd *cmd;
3979 struct hci_request req;
3980 int err;
3981
3982 BT_DBG("request for %s", hdev->name);
3983
3984 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3985 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3986 MGMT_STATUS_NOT_SUPPORTED);
3987
3988 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3989 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3990 MGMT_STATUS_REJECTED);
3991
3992 if (cp->val != 0x00 && cp->val != 0x01)
3993 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3994 MGMT_STATUS_INVALID_PARAMS);
3995
3996 hci_dev_lock(hdev);
3997
3998 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3999 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4000 goto unlock;
4001 }
4002
4003 if (!hdev_is_powered(hdev)) {
4004 if (!cp->val) {
4005 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4006 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4007 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4008 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4009 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4010 }
4011
4012 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4013
4014 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4015 if (err < 0)
4016 goto unlock;
4017
4018 err = new_settings(hdev, sk);
4019 goto unlock;
4020 }
4021
4022 /* Reject disabling when powered on */
4023 if (!cp->val) {
4024 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4025 MGMT_STATUS_REJECTED);
4026 goto unlock;
4027 }
4028
4029 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4030 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4031 MGMT_STATUS_BUSY);
4032 goto unlock;
4033 }
4034
4035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4036 if (!cmd) {
4037 err = -ENOMEM;
4038 goto unlock;
4039 }
4040
4041 /* We need to flip the bit already here so that update_adv_data
4042 * generates the correct flags.
4043 */
4044 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4045
4046 hci_req_init(&req, hdev);
4047
4048 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4049 set_bredr_scan(&req);
4050
4051 /* Since only the advertising data flags will change, there
4052 * is no need to update the scan response data.
4053 */
4054 update_adv_data(&req);
4055
4056 err = hci_req_run(&req, set_bredr_complete);
4057 if (err < 0)
4058 mgmt_pending_remove(cmd);
4059
4060unlock:
4061 hci_dev_unlock(hdev);
4062 return err;
4063}
4064
4065static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4066 void *data, u16 len)
4067{
4068 struct mgmt_mode *cp = data;
4069 struct pending_cmd *cmd;
4070 u8 val, status;
4071 int err;
4072
4073 BT_DBG("request for %s", hdev->name);
4074
4075 status = mgmt_bredr_support(hdev);
4076 if (status)
4077 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4078 status);
4079
4080 if (!lmp_sc_capable(hdev) &&
4081 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4082 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4083 MGMT_STATUS_NOT_SUPPORTED);
4084
4085 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4086 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4087 MGMT_STATUS_INVALID_PARAMS);
4088
4089 hci_dev_lock(hdev);
4090
4091 if (!hdev_is_powered(hdev)) {
4092 bool changed;
4093
4094 if (cp->val) {
4095 changed = !test_and_set_bit(HCI_SC_ENABLED,
4096 &hdev->dev_flags);
4097 if (cp->val == 0x02)
4098 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4099 else
4100 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4101 } else {
4102 changed = test_and_clear_bit(HCI_SC_ENABLED,
4103 &hdev->dev_flags);
4104 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4105 }
4106
4107 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4108 if (err < 0)
4109 goto failed;
4110
4111 if (changed)
4112 err = new_settings(hdev, sk);
4113
4114 goto failed;
4115 }
4116
4117 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4119 MGMT_STATUS_BUSY);
4120 goto failed;
4121 }
4122
4123 val = !!cp->val;
4124
4125 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4126 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4127 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4128 goto failed;
4129 }
4130
4131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4132 if (!cmd) {
4133 err = -ENOMEM;
4134 goto failed;
4135 }
4136
4137 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4138 if (err < 0) {
4139 mgmt_pending_remove(cmd);
4140 goto failed;
4141 }
4142
4143 if (cp->val == 0x02)
4144 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4145 else
4146 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4147
4148failed:
4149 hci_dev_unlock(hdev);
4150 return err;
4151}
4152
4153static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4154 void *data, u16 len)
4155{
4156 struct mgmt_mode *cp = data;
4157 bool changed;
4158 int err;
4159
4160 BT_DBG("request for %s", hdev->name);
4161
4162 if (cp->val != 0x00 && cp->val != 0x01)
4163 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4164 MGMT_STATUS_INVALID_PARAMS);
4165
4166 hci_dev_lock(hdev);
4167
4168 if (cp->val)
4169 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4170 else
4171 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4172
4173 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4174 if (err < 0)
4175 goto unlock;
4176
4177 if (changed)
4178 err = new_settings(hdev, sk);
4179
4180unlock:
4181 hci_dev_unlock(hdev);
4182 return err;
4183}
4184
4185static bool irk_is_valid(struct mgmt_irk_info *irk)
4186{
4187 switch (irk->addr.type) {
4188 case BDADDR_LE_PUBLIC:
4189 return true;
4190
4191 case BDADDR_LE_RANDOM:
4192 /* Two most significant bits shall be set */
4193 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4194 return false;
4195 return true;
4196 }
4197
4198 return false;
4199}
4200
4201static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4202 u16 len)
4203{
4204 struct mgmt_cp_load_irks *cp = cp_data;
4205 u16 irk_count, expected_len;
4206 int i, err;
4207
4208 BT_DBG("request for %s", hdev->name);
4209
4210 if (!lmp_le_capable(hdev))
4211 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4212 MGMT_STATUS_NOT_SUPPORTED);
4213
4214 irk_count = __le16_to_cpu(cp->irk_count);
4215
4216 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4217 if (expected_len != len) {
4218 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4219 len, expected_len);
4220 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4221 MGMT_STATUS_INVALID_PARAMS);
4222 }
4223
4224 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4225
4226 for (i = 0; i < irk_count; i++) {
4227 struct mgmt_irk_info *key = &cp->irks[i];
4228
4229 if (!irk_is_valid(key))
4230 return cmd_status(sk, hdev->id,
4231 MGMT_OP_LOAD_IRKS,
4232 MGMT_STATUS_INVALID_PARAMS);
4233 }
4234
4235 hci_dev_lock(hdev);
4236
4237 hci_smp_irks_clear(hdev);
4238
4239 for (i = 0; i < irk_count; i++) {
4240 struct mgmt_irk_info *irk = &cp->irks[i];
4241 u8 addr_type;
4242
4243 if (irk->addr.type == BDADDR_LE_PUBLIC)
4244 addr_type = ADDR_LE_DEV_PUBLIC;
4245 else
4246 addr_type = ADDR_LE_DEV_RANDOM;
4247
4248 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4249 BDADDR_ANY);
4250 }
4251
4252 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4253
4254 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4255
4256 hci_dev_unlock(hdev);
4257
4258 return err;
4259}
4260
4261static bool ltk_is_valid(struct mgmt_ltk_info *key)
4262{
4263 if (key->master != 0x00 && key->master != 0x01)
4264 return false;
4265
4266 switch (key->addr.type) {
4267 case BDADDR_LE_PUBLIC:
4268 return true;
4269
4270 case BDADDR_LE_RANDOM:
4271 /* Two most significant bits shall be set */
4272 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4273 return false;
4274 return true;
4275 }
4276
4277 return false;
4278}
4279
4280static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4281 void *cp_data, u16 len)
4282{
4283 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4284 u16 key_count, expected_len;
4285 int i, err;
4286
4287 BT_DBG("request for %s", hdev->name);
4288
4289 if (!lmp_le_capable(hdev))
4290 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4291 MGMT_STATUS_NOT_SUPPORTED);
4292
4293 key_count = __le16_to_cpu(cp->key_count);
4294
4295 expected_len = sizeof(*cp) + key_count *
4296 sizeof(struct mgmt_ltk_info);
4297 if (expected_len != len) {
4298 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4299 len, expected_len);
4300 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4301 MGMT_STATUS_INVALID_PARAMS);
4302 }
4303
4304 BT_DBG("%s key_count %u", hdev->name, key_count);
4305
4306 for (i = 0; i < key_count; i++) {
4307 struct mgmt_ltk_info *key = &cp->keys[i];
4308
4309 if (!ltk_is_valid(key))
4310 return cmd_status(sk, hdev->id,
4311 MGMT_OP_LOAD_LONG_TERM_KEYS,
4312 MGMT_STATUS_INVALID_PARAMS);
4313 }
4314
4315 hci_dev_lock(hdev);
4316
4317 hci_smp_ltks_clear(hdev);
4318
4319 for (i = 0; i < key_count; i++) {
4320 struct mgmt_ltk_info *key = &cp->keys[i];
4321 u8 type, addr_type;
4322
4323 if (key->addr.type == BDADDR_LE_PUBLIC)
4324 addr_type = ADDR_LE_DEV_PUBLIC;
4325 else
4326 addr_type = ADDR_LE_DEV_RANDOM;
4327
4328 if (key->master)
4329 type = HCI_SMP_LTK;
4330 else
4331 type = HCI_SMP_LTK_SLAVE;
4332
4333 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4334 key->type, key->val, key->enc_size, key->ediv,
4335 key->rand);
4336 }
4337
4338 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4339 NULL, 0);
4340
4341 hci_dev_unlock(hdev);
4342
4343 return err;
4344}
4345
4346static const struct mgmt_handler {
4347 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4348 u16 data_len);
4349 bool var_len;
4350 size_t data_len;
4351} mgmt_handlers[] = {
4352 { NULL }, /* 0x0000 (no command) */
4353 { read_version, false, MGMT_READ_VERSION_SIZE },
4354 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4355 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4356 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4357 { set_powered, false, MGMT_SETTING_SIZE },
4358 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4359 { set_connectable, false, MGMT_SETTING_SIZE },
4360 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4361 { set_pairable, false, MGMT_SETTING_SIZE },
4362 { set_link_security, false, MGMT_SETTING_SIZE },
4363 { set_ssp, false, MGMT_SETTING_SIZE },
4364 { set_hs, false, MGMT_SETTING_SIZE },
4365 { set_le, false, MGMT_SETTING_SIZE },
4366 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4367 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4368 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4369 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4370 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4371 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4372 { disconnect, false, MGMT_DISCONNECT_SIZE },
4373 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4374 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4375 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4376 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4377 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4378 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4379 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4380 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4381 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4382 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4383 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4384 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4385 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4386 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4387 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4388 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4389 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4390 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4391 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4392 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4393 { set_advertising, false, MGMT_SETTING_SIZE },
4394 { set_bredr, false, MGMT_SETTING_SIZE },
4395 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4396 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4397 { set_secure_conn, false, MGMT_SETTING_SIZE },
4398 { set_debug_keys, false, MGMT_SETTING_SIZE },
4399 { },
4400 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4401};
4402
4403
4404int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4405{
4406 void *buf;
4407 u8 *cp;
4408 struct mgmt_hdr *hdr;
4409 u16 opcode, index, len;
4410 struct hci_dev *hdev = NULL;
4411 const struct mgmt_handler *handler;
4412 int err;
4413
4414 BT_DBG("got %zu bytes", msglen);
4415
4416 if (msglen < sizeof(*hdr))
4417 return -EINVAL;
4418
4419 buf = kmalloc(msglen, GFP_KERNEL);
4420 if (!buf)
4421 return -ENOMEM;
4422
4423 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4424 err = -EFAULT;
4425 goto done;
4426 }
4427
4428 hdr = buf;
4429 opcode = __le16_to_cpu(hdr->opcode);
4430 index = __le16_to_cpu(hdr->index);
4431 len = __le16_to_cpu(hdr->len);
4432
4433 if (len != msglen - sizeof(*hdr)) {
4434 err = -EINVAL;
4435 goto done;
4436 }
4437
4438 if (index != MGMT_INDEX_NONE) {
4439 hdev = hci_dev_get(index);
4440 if (!hdev) {
4441 err = cmd_status(sk, index, opcode,
4442 MGMT_STATUS_INVALID_INDEX);
4443 goto done;
4444 }
4445
4446 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4447 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4448 err = cmd_status(sk, index, opcode,
4449 MGMT_STATUS_INVALID_INDEX);
4450 goto done;
4451 }
4452 }
4453
4454 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4455 mgmt_handlers[opcode].func == NULL) {
4456 BT_DBG("Unknown op %u", opcode);
4457 err = cmd_status(sk, index, opcode,
4458 MGMT_STATUS_UNKNOWN_COMMAND);
4459 goto done;
4460 }
4461
4462 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4463 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4464 err = cmd_status(sk, index, opcode,
4465 MGMT_STATUS_INVALID_INDEX);
4466 goto done;
4467 }
4468
4469 handler = &mgmt_handlers[opcode];
4470
4471 if ((handler->var_len && len < handler->data_len) ||
4472 (!handler->var_len && len != handler->data_len)) {
4473 err = cmd_status(sk, index, opcode,
4474 MGMT_STATUS_INVALID_PARAMS);
4475 goto done;
4476 }
4477
4478 if (hdev)
4479 mgmt_init_hdev(sk, hdev);
4480
4481 cp = buf + sizeof(*hdr);
4482
4483 err = handler->func(sk, hdev, cp, len);
4484 if (err < 0)
4485 goto done;
4486
4487 err = msglen;
4488
4489done:
4490 if (hdev)
4491 hci_dev_put(hdev);
4492
4493 kfree(buf);
4494 return err;
4495}
4496
4497void mgmt_index_added(struct hci_dev *hdev)
4498{
4499 if (hdev->dev_type != HCI_BREDR)
4500 return;
4501
4502 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4503}
4504
4505void mgmt_index_removed(struct hci_dev *hdev)
4506{
4507 u8 status = MGMT_STATUS_INVALID_INDEX;
4508
4509 if (hdev->dev_type != HCI_BREDR)
4510 return;
4511
4512 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4513
4514 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4515}
4516
4517static void powered_complete(struct hci_dev *hdev, u8 status)
4518{
4519 struct cmd_lookup match = { NULL, hdev };
4520
4521 BT_DBG("status 0x%02x", status);
4522
4523 hci_dev_lock(hdev);
4524
4525 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4526
4527 new_settings(hdev, match.sk);
4528
4529 hci_dev_unlock(hdev);
4530
4531 if (match.sk)
4532 sock_put(match.sk);
4533}
4534
4535static int powered_update_hci(struct hci_dev *hdev)
4536{
4537 struct hci_request req;
4538 u8 link_sec;
4539
4540 hci_req_init(&req, hdev);
4541
4542 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4543 !lmp_host_ssp_capable(hdev)) {
4544 u8 ssp = 1;
4545
4546 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4547 }
4548
4549 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4550 lmp_bredr_capable(hdev)) {
4551 struct hci_cp_write_le_host_supported cp;
4552
4553 cp.le = 1;
4554 cp.simul = lmp_le_br_capable(hdev);
4555
4556 /* Check first if we already have the right
4557 * host state (host features set)
4558 */
4559 if (cp.le != lmp_host_le_capable(hdev) ||
4560 cp.simul != lmp_host_le_br_capable(hdev))
4561 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4562 sizeof(cp), &cp);
4563 }
4564
4565 if (lmp_le_capable(hdev)) {
4566 /* Set random address to static address if configured */
4567 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4568 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4569 &hdev->static_addr);
4570
4571 /* Make sure the controller has a good default for
4572 * advertising data. This also applies to the case
4573 * where BR/EDR was toggled during the AUTO_OFF phase.
4574 */
4575 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4576 update_adv_data(&req);
4577 update_scan_rsp_data(&req);
4578 }
4579
4580 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4581 enable_advertising(&req);
4582 }
4583
4584 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4585 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4586 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4587 sizeof(link_sec), &link_sec);
4588
4589 if (lmp_bredr_capable(hdev)) {
4590 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4591 set_bredr_scan(&req);
4592 update_class(&req);
4593 update_name(&req);
4594 update_eir(&req);
4595 }
4596
4597 return hci_req_run(&req, powered_complete);
4598}
4599
4600int mgmt_powered(struct hci_dev *hdev, u8 powered)
4601{
4602 struct cmd_lookup match = { NULL, hdev };
4603 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4604 u8 zero_cod[] = { 0, 0, 0 };
4605 int err;
4606
4607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4608 return 0;
4609
4610 if (powered) {
4611 if (powered_update_hci(hdev) == 0)
4612 return 0;
4613
4614 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4615 &match);
4616 goto new_settings;
4617 }
4618
4619 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4620 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4621
4622 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4623 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4624 zero_cod, sizeof(zero_cod), NULL);
4625
4626new_settings:
4627 err = new_settings(hdev, match.sk);
4628
4629 if (match.sk)
4630 sock_put(match.sk);
4631
4632 return err;
4633}
4634
4635void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4636{
4637 struct pending_cmd *cmd;
4638 u8 status;
4639
4640 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4641 if (!cmd)
4642 return;
4643
4644 if (err == -ERFKILL)
4645 status = MGMT_STATUS_RFKILLED;
4646 else
4647 status = MGMT_STATUS_FAILED;
4648
4649 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4650
4651 mgmt_pending_remove(cmd);
4652}
4653
4654void mgmt_discoverable_timeout(struct hci_dev *hdev)
4655{
4656 struct hci_request req;
4657
4658 hci_dev_lock(hdev);
4659
4660 /* When discoverable timeout triggers, then just make sure
4661 * the limited discoverable flag is cleared. Even in the case
4662 * of a timeout triggered from general discoverable, it is
4663 * safe to unconditionally clear the flag.
4664 */
4665 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4666 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4667
4668 hci_req_init(&req, hdev);
4669 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4670 u8 scan = SCAN_PAGE;
4671 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4672 sizeof(scan), &scan);
4673 }
4674 update_class(&req);
4675 update_adv_data(&req);
4676 hci_req_run(&req, NULL);
4677
4678 hdev->discov_timeout = 0;
4679
4680 new_settings(hdev, NULL);
4681
4682 hci_dev_unlock(hdev);
4683}
4684
4685void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4686{
4687 bool changed;
4688
4689 /* Nothing needed here if there's a pending command since that
4690 * commands request completion callback takes care of everything
4691 * necessary.
4692 */
4693 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4694 return;
4695
4696 if (discoverable) {
4697 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4698 } else {
4699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4700 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4701 }
4702
4703 if (changed) {
4704 struct hci_request req;
4705
4706 /* In case this change in discoverable was triggered by
4707 * a disabling of connectable there could be a need to
4708 * update the advertising flags.
4709 */
4710 hci_req_init(&req, hdev);
4711 update_adv_data(&req);
4712 hci_req_run(&req, NULL);
4713
4714 new_settings(hdev, NULL);
4715 }
4716}
4717
4718void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4719{
4720 bool changed;
4721
4722 /* Nothing needed here if there's a pending command since that
4723 * commands request completion callback takes care of everything
4724 * necessary.
4725 */
4726 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4727 return;
4728
4729 if (connectable)
4730 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4731 else
4732 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4733
4734 if (changed)
4735 new_settings(hdev, NULL);
4736}
4737
4738void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4739{
4740 u8 mgmt_err = mgmt_status(status);
4741
4742 if (scan & SCAN_PAGE)
4743 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4744 cmd_status_rsp, &mgmt_err);
4745
4746 if (scan & SCAN_INQUIRY)
4747 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4748 cmd_status_rsp, &mgmt_err);
4749}
4750
4751void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4752 bool persistent)
4753{
4754 struct mgmt_ev_new_link_key ev;
4755
4756 memset(&ev, 0, sizeof(ev));
4757
4758 ev.store_hint = persistent;
4759 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4760 ev.key.addr.type = BDADDR_BREDR;
4761 ev.key.type = key->type;
4762 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4763 ev.key.pin_len = key->pin_len;
4764
4765 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4766}
4767
4768void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
4769{
4770 struct mgmt_ev_new_long_term_key ev;
4771
4772 memset(&ev, 0, sizeof(ev));
4773
4774 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4775 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4776 ev.store_hint = 0x00;
4777 else
4778 ev.store_hint = 0x01;
4779
4780 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4781 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4782 ev.key.type = key->authenticated;
4783 ev.key.enc_size = key->enc_size;
4784 ev.key.ediv = key->ediv;
4785
4786 if (key->type == HCI_SMP_LTK)
4787 ev.key.master = 1;
4788
4789 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4790 memcpy(ev.key.val, key->val, sizeof(key->val));
4791
4792 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
4793}
4794
4795static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4796 u8 data_len)
4797{
4798 eir[eir_len++] = sizeof(type) + data_len;
4799 eir[eir_len++] = type;
4800 memcpy(&eir[eir_len], data, data_len);
4801 eir_len += data_len;
4802
4803 return eir_len;
4804}
4805
4806void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4807 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4808 u8 *dev_class)
4809{
4810 char buf[512];
4811 struct mgmt_ev_device_connected *ev = (void *) buf;
4812 u16 eir_len = 0;
4813
4814 bacpy(&ev->addr.bdaddr, bdaddr);
4815 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4816
4817 ev->flags = __cpu_to_le32(flags);
4818
4819 if (name_len > 0)
4820 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4821 name, name_len);
4822
4823 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4824 eir_len = eir_append_data(ev->eir, eir_len,
4825 EIR_CLASS_OF_DEV, dev_class, 3);
4826
4827 ev->eir_len = cpu_to_le16(eir_len);
4828
4829 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4830 sizeof(*ev) + eir_len, NULL);
4831}
4832
4833static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4834{
4835 struct mgmt_cp_disconnect *cp = cmd->param;
4836 struct sock **sk = data;
4837 struct mgmt_rp_disconnect rp;
4838
4839 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4840 rp.addr.type = cp->addr.type;
4841
4842 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4843 sizeof(rp));
4844
4845 *sk = cmd->sk;
4846 sock_hold(*sk);
4847
4848 mgmt_pending_remove(cmd);
4849}
4850
4851static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4852{
4853 struct hci_dev *hdev = data;
4854 struct mgmt_cp_unpair_device *cp = cmd->param;
4855 struct mgmt_rp_unpair_device rp;
4856
4857 memset(&rp, 0, sizeof(rp));
4858 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4859 rp.addr.type = cp->addr.type;
4860
4861 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4862
4863 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4864
4865 mgmt_pending_remove(cmd);
4866}
4867
4868void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4869 u8 link_type, u8 addr_type, u8 reason)
4870{
4871 struct mgmt_ev_device_disconnected ev;
4872 struct sock *sk = NULL;
4873
4874 if (link_type != ACL_LINK && link_type != LE_LINK)
4875 return;
4876
4877 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4878
4879 bacpy(&ev.addr.bdaddr, bdaddr);
4880 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4881 ev.reason = reason;
4882
4883 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4884
4885 if (sk)
4886 sock_put(sk);
4887
4888 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4889 hdev);
4890}
4891
4892void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4893 u8 link_type, u8 addr_type, u8 status)
4894{
4895 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4896 struct mgmt_cp_disconnect *cp;
4897 struct mgmt_rp_disconnect rp;
4898 struct pending_cmd *cmd;
4899
4900 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4901 hdev);
4902
4903 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4904 if (!cmd)
4905 return;
4906
4907 cp = cmd->param;
4908
4909 if (bacmp(bdaddr, &cp->addr.bdaddr))
4910 return;
4911
4912 if (cp->addr.type != bdaddr_type)
4913 return;
4914
4915 bacpy(&rp.addr.bdaddr, bdaddr);
4916 rp.addr.type = bdaddr_type;
4917
4918 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4919 mgmt_status(status), &rp, sizeof(rp));
4920
4921 mgmt_pending_remove(cmd);
4922}
4923
4924void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4925 u8 addr_type, u8 status)
4926{
4927 struct mgmt_ev_connect_failed ev;
4928
4929 bacpy(&ev.addr.bdaddr, bdaddr);
4930 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4931 ev.status = mgmt_status(status);
4932
4933 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4934}
4935
4936void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4937{
4938 struct mgmt_ev_pin_code_request ev;
4939
4940 bacpy(&ev.addr.bdaddr, bdaddr);
4941 ev.addr.type = BDADDR_BREDR;
4942 ev.secure = secure;
4943
4944 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
4945}
4946
4947void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4948 u8 status)
4949{
4950 struct pending_cmd *cmd;
4951 struct mgmt_rp_pin_code_reply rp;
4952
4953 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4954 if (!cmd)
4955 return;
4956
4957 bacpy(&rp.addr.bdaddr, bdaddr);
4958 rp.addr.type = BDADDR_BREDR;
4959
4960 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4961 mgmt_status(status), &rp, sizeof(rp));
4962
4963 mgmt_pending_remove(cmd);
4964}
4965
4966void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4967 u8 status)
4968{
4969 struct pending_cmd *cmd;
4970 struct mgmt_rp_pin_code_reply rp;
4971
4972 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4973 if (!cmd)
4974 return;
4975
4976 bacpy(&rp.addr.bdaddr, bdaddr);
4977 rp.addr.type = BDADDR_BREDR;
4978
4979 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4980 mgmt_status(status), &rp, sizeof(rp));
4981
4982 mgmt_pending_remove(cmd);
4983}
4984
4985int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4986 u8 link_type, u8 addr_type, __le32 value,
4987 u8 confirm_hint)
4988{
4989 struct mgmt_ev_user_confirm_request ev;
4990
4991 BT_DBG("%s", hdev->name);
4992
4993 bacpy(&ev.addr.bdaddr, bdaddr);
4994 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4995 ev.confirm_hint = confirm_hint;
4996 ev.value = value;
4997
4998 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4999 NULL);
5000}
5001
5002int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5003 u8 link_type, u8 addr_type)
5004{
5005 struct mgmt_ev_user_passkey_request ev;
5006
5007 BT_DBG("%s", hdev->name);
5008
5009 bacpy(&ev.addr.bdaddr, bdaddr);
5010 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5011
5012 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5013 NULL);
5014}
5015
5016static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5017 u8 link_type, u8 addr_type, u8 status,
5018 u8 opcode)
5019{
5020 struct pending_cmd *cmd;
5021 struct mgmt_rp_user_confirm_reply rp;
5022 int err;
5023
5024 cmd = mgmt_pending_find(opcode, hdev);
5025 if (!cmd)
5026 return -ENOENT;
5027
5028 bacpy(&rp.addr.bdaddr, bdaddr);
5029 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5030 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5031 &rp, sizeof(rp));
5032
5033 mgmt_pending_remove(cmd);
5034
5035 return err;
5036}
5037
5038int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5039 u8 link_type, u8 addr_type, u8 status)
5040{
5041 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5042 status, MGMT_OP_USER_CONFIRM_REPLY);
5043}
5044
5045int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5046 u8 link_type, u8 addr_type, u8 status)
5047{
5048 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5049 status,
5050 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5051}
5052
5053int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5054 u8 link_type, u8 addr_type, u8 status)
5055{
5056 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5057 status, MGMT_OP_USER_PASSKEY_REPLY);
5058}
5059
5060int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5061 u8 link_type, u8 addr_type, u8 status)
5062{
5063 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5064 status,
5065 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5066}
5067
5068int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5069 u8 link_type, u8 addr_type, u32 passkey,
5070 u8 entered)
5071{
5072 struct mgmt_ev_passkey_notify ev;
5073
5074 BT_DBG("%s", hdev->name);
5075
5076 bacpy(&ev.addr.bdaddr, bdaddr);
5077 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5078 ev.passkey = __cpu_to_le32(passkey);
5079 ev.entered = entered;
5080
5081 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5082}
5083
5084void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5085 u8 addr_type, u8 status)
5086{
5087 struct mgmt_ev_auth_failed ev;
5088
5089 bacpy(&ev.addr.bdaddr, bdaddr);
5090 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5091 ev.status = mgmt_status(status);
5092
5093 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5094}
5095
5096void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5097{
5098 struct cmd_lookup match = { NULL, hdev };
5099 bool changed;
5100
5101 if (status) {
5102 u8 mgmt_err = mgmt_status(status);
5103 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5104 cmd_status_rsp, &mgmt_err);
5105 return;
5106 }
5107
5108 if (test_bit(HCI_AUTH, &hdev->flags))
5109 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5110 &hdev->dev_flags);
5111 else
5112 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5113 &hdev->dev_flags);
5114
5115 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5116 &match);
5117
5118 if (changed)
5119 new_settings(hdev, match.sk);
5120
5121 if (match.sk)
5122 sock_put(match.sk);
5123}
5124
5125static void clear_eir(struct hci_request *req)
5126{
5127 struct hci_dev *hdev = req->hdev;
5128 struct hci_cp_write_eir cp;
5129
5130 if (!lmp_ext_inq_capable(hdev))
5131 return;
5132
5133 memset(hdev->eir, 0, sizeof(hdev->eir));
5134
5135 memset(&cp, 0, sizeof(cp));
5136
5137 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5138}
5139
5140void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5141{
5142 struct cmd_lookup match = { NULL, hdev };
5143 struct hci_request req;
5144 bool changed = false;
5145
5146 if (status) {
5147 u8 mgmt_err = mgmt_status(status);
5148
5149 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5150 &hdev->dev_flags)) {
5151 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5152 new_settings(hdev, NULL);
5153 }
5154
5155 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5156 &mgmt_err);
5157 return;
5158 }
5159
5160 if (enable) {
5161 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5162 } else {
5163 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5164 if (!changed)
5165 changed = test_and_clear_bit(HCI_HS_ENABLED,
5166 &hdev->dev_flags);
5167 else
5168 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5169 }
5170
5171 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5172
5173 if (changed)
5174 new_settings(hdev, match.sk);
5175
5176 if (match.sk)
5177 sock_put(match.sk);
5178
5179 hci_req_init(&req, hdev);
5180
5181 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5182 update_eir(&req);
5183 else
5184 clear_eir(&req);
5185
5186 hci_req_run(&req, NULL);
5187}
5188
5189void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5190{
5191 struct cmd_lookup match = { NULL, hdev };
5192 bool changed = false;
5193
5194 if (status) {
5195 u8 mgmt_err = mgmt_status(status);
5196
5197 if (enable) {
5198 if (test_and_clear_bit(HCI_SC_ENABLED,
5199 &hdev->dev_flags))
5200 new_settings(hdev, NULL);
5201 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5202 }
5203
5204 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5205 cmd_status_rsp, &mgmt_err);
5206 return;
5207 }
5208
5209 if (enable) {
5210 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5211 } else {
5212 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5213 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5214 }
5215
5216 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5217 settings_rsp, &match);
5218
5219 if (changed)
5220 new_settings(hdev, match.sk);
5221
5222 if (match.sk)
5223 sock_put(match.sk);
5224}
5225
5226static void sk_lookup(struct pending_cmd *cmd, void *data)
5227{
5228 struct cmd_lookup *match = data;
5229
5230 if (match->sk == NULL) {
5231 match->sk = cmd->sk;
5232 sock_hold(match->sk);
5233 }
5234}
5235
5236void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5237 u8 status)
5238{
5239 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5240
5241 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5242 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5243 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5244
5245 if (!status)
5246 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5247 NULL);
5248
5249 if (match.sk)
5250 sock_put(match.sk);
5251}
5252
5253void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5254{
5255 struct mgmt_cp_set_local_name ev;
5256 struct pending_cmd *cmd;
5257
5258 if (status)
5259 return;
5260
5261 memset(&ev, 0, sizeof(ev));
5262 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5263 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5264
5265 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5266 if (!cmd) {
5267 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5268
5269 /* If this is a HCI command related to powering on the
5270 * HCI dev don't send any mgmt signals.
5271 */
5272 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5273 return;
5274 }
5275
5276 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5277 cmd ? cmd->sk : NULL);
5278}
5279
5280void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5281 u8 *randomizer192, u8 *hash256,
5282 u8 *randomizer256, u8 status)
5283{
5284 struct pending_cmd *cmd;
5285
5286 BT_DBG("%s status %u", hdev->name, status);
5287
5288 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5289 if (!cmd)
5290 return;
5291
5292 if (status) {
5293 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5294 mgmt_status(status));
5295 } else {
5296 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5297 hash256 && randomizer256) {
5298 struct mgmt_rp_read_local_oob_ext_data rp;
5299
5300 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5301 memcpy(rp.randomizer192, randomizer192,
5302 sizeof(rp.randomizer192));
5303
5304 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5305 memcpy(rp.randomizer256, randomizer256,
5306 sizeof(rp.randomizer256));
5307
5308 cmd_complete(cmd->sk, hdev->id,
5309 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5310 &rp, sizeof(rp));
5311 } else {
5312 struct mgmt_rp_read_local_oob_data rp;
5313
5314 memcpy(rp.hash, hash192, sizeof(rp.hash));
5315 memcpy(rp.randomizer, randomizer192,
5316 sizeof(rp.randomizer));
5317
5318 cmd_complete(cmd->sk, hdev->id,
5319 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5320 &rp, sizeof(rp));
5321 }
5322 }
5323
5324 mgmt_pending_remove(cmd);
5325}
5326
5327void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5328 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5329 ssp, u8 *eir, u16 eir_len)
5330{
5331 char buf[512];
5332 struct mgmt_ev_device_found *ev = (void *) buf;
5333 struct smp_irk *irk;
5334 size_t ev_size;
5335
5336 if (!hci_discovery_active(hdev))
5337 return;
5338
5339 /* Leave 5 bytes for a potential CoD field */
5340 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
5341 return;
5342
5343 memset(buf, 0, sizeof(buf));
5344
5345 irk = hci_get_irk(hdev, bdaddr, addr_type);
5346 if (irk) {
5347 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5348 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5349 } else {
5350 bacpy(&ev->addr.bdaddr, bdaddr);
5351 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5352 }
5353
5354 ev->rssi = rssi;
5355 if (cfm_name)
5356 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5357 if (!ssp)
5358 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5359
5360 if (eir_len > 0)
5361 memcpy(ev->eir, eir, eir_len);
5362
5363 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5364 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5365 dev_class, 3);
5366
5367 ev->eir_len = cpu_to_le16(eir_len);
5368 ev_size = sizeof(*ev) + eir_len;
5369
5370 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5371}
5372
5373void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5374 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5375{
5376 struct mgmt_ev_device_found *ev;
5377 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5378 u16 eir_len;
5379
5380 ev = (struct mgmt_ev_device_found *) buf;
5381
5382 memset(buf, 0, sizeof(buf));
5383
5384 bacpy(&ev->addr.bdaddr, bdaddr);
5385 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5386 ev->rssi = rssi;
5387
5388 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5389 name_len);
5390
5391 ev->eir_len = cpu_to_le16(eir_len);
5392
5393 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5394}
5395
5396void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5397{
5398 struct mgmt_ev_discovering ev;
5399 struct pending_cmd *cmd;
5400
5401 BT_DBG("%s discovering %u", hdev->name, discovering);
5402
5403 if (discovering)
5404 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5405 else
5406 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5407
5408 if (cmd != NULL) {
5409 u8 type = hdev->discovery.type;
5410
5411 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5412 sizeof(type));
5413 mgmt_pending_remove(cmd);
5414 }
5415
5416 memset(&ev, 0, sizeof(ev));
5417 ev.type = hdev->discovery.type;
5418 ev.discovering = discovering;
5419
5420 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5421}
5422
5423int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5424{
5425 struct pending_cmd *cmd;
5426 struct mgmt_ev_device_blocked ev;
5427
5428 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5429
5430 bacpy(&ev.addr.bdaddr, bdaddr);
5431 ev.addr.type = type;
5432
5433 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5434 cmd ? cmd->sk : NULL);
5435}
5436
5437int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5438{
5439 struct pending_cmd *cmd;
5440 struct mgmt_ev_device_unblocked ev;
5441
5442 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5443
5444 bacpy(&ev.addr.bdaddr, bdaddr);
5445 ev.addr.type = type;
5446
5447 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5448 cmd ? cmd->sk : NULL);
5449}
5450
5451static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5452{
5453 BT_DBG("%s status %u", hdev->name, status);
5454
5455 /* Clear the advertising mgmt setting if we failed to re-enable it */
5456 if (status) {
5457 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5458 new_settings(hdev, NULL);
5459 }
5460}
5461
5462void mgmt_reenable_advertising(struct hci_dev *hdev)
5463{
5464 struct hci_request req;
5465
5466 if (hci_conn_num(hdev, LE_LINK) > 0)
5467 return;
5468
5469 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5470 return;
5471
5472 hci_req_init(&req, hdev);
5473 enable_advertising(&req);
5474
5475 /* If this fails we have no option but to let user space know
5476 * that we've disabled advertising.
5477 */
5478 if (hci_req_run(&req, adv_enable_complete) < 0) {
5479 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5480 new_settings(hdev, NULL);
5481 }
5482}
ubuntu-zesty-kernel mirror