]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
35
36 #include "hci_request.h"
37 #include "smp.h"
38 #include "mgmt_util.h"
39
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
42
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 };
110
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147 };
148
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156 };
157
158 static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170 };
171
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240 };
241
242 static u8 mgmt_status(u8 hci_status)
243 {
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248 }
249
250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252 {
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255 }
256
257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259 {
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262 }
263
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266 {
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269 }
270
271 static u8 le_addr_type(u8 mgmt_addr_type)
272 {
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277 }
278
279 void mgmt_fill_version_info(void *ver)
280 {
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285 }
286
287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289 {
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298 }
299
300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302 {
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350 }
351
352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354 {
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410 }
411
412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414 {
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470 }
471
472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474 {
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
488 count++;
489 }
490
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) {
494 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM;
496 }
497
498 count = 0;
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 continue;
504
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
507 */
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 continue;
510
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
514 else
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
518 } else {
519 continue;
520 }
521
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
525 }
526
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529
530 read_unlock(&hci_dev_list_lock);
531
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
535 */
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
542
543 kfree(rp);
544
545 return err;
546 }
547
548 static bool is_configured(struct hci_dev *hdev)
549 {
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 return false;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559 }
560
561 static __le32 get_missing_options(struct hci_dev *hdev)
562 {
563 u32 options = 0;
564
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574 }
575
576 static int new_options(struct hci_dev *hdev, struct sock *skip)
577 {
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582 }
583
584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585 {
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590 }
591
592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594 {
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618 }
619
620 static u32 get_supported_settings(struct hci_dev *hdev)
621 {
622 u32 settings = 0;
623
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
629
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
635
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
639 }
640
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
643 }
644
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
651 }
652
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
654 hdev->set_bdaddr)
655 settings |= MGMT_SETTING_CONFIGURATION;
656
657 return settings;
658 }
659
660 static u32 get_current_settings(struct hci_dev *hdev)
661 {
662 u32 settings = 0;
663
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
666
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
669
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
672
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
675
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
678
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
681
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
684
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
687
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
690
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
693
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
696
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
699
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
702
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
705
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
709 *
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
713 *
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
716 * be evaluated.
717 */
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 }
724
725 return settings;
726 }
727
728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
729 {
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
731 }
732
733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
735 const void *data)
736 {
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
738 }
739
740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
741 {
742 struct mgmt_pending_cmd *cmd;
743
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
746 */
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
748 if (cmd) {
749 struct mgmt_mode *cp = cmd->param;
750 if (cp->val == 0x01)
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
754 } else {
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
759 }
760
761 return 0;
762 }
763
764 bool mgmt_get_connectable(struct hci_dev *hdev)
765 {
766 struct mgmt_pending_cmd *cmd;
767
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
770 */
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
772 if (cmd) {
773 struct mgmt_mode *cp = cmd->param;
774
775 return cp->val;
776 }
777
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
779 }
780
781 static void service_cache_off(struct work_struct *work)
782 {
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
784 service_cache.work);
785 struct hci_request req;
786
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
788 return;
789
790 hci_req_init(&req, hdev);
791
792 hci_dev_lock(hdev);
793
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
796
797 hci_dev_unlock(hdev);
798
799 hci_req_run(&req, NULL);
800 }
801
802 static void rpa_expired(struct work_struct *work)
803 {
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
805 rpa_expired.work);
806 struct hci_request req;
807
808 BT_DBG("");
809
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
811
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
813 return;
814
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
817 * function.
818 */
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
822 }
823
824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
825 {
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
827 return;
828
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
831
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
835 * it
836 */
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
838 }
839
840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
842 {
843 struct mgmt_rp_read_info rp;
844
845 BT_DBG("sock %p %s", sk, hdev->name);
846
847 hci_dev_lock(hdev);
848
849 memset(&rp, 0, sizeof(rp));
850
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
852
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
855
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
858
859 memcpy(rp.dev_class, hdev->dev_class, 3);
860
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
863
864 hci_dev_unlock(hdev);
865
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
867 sizeof(rp));
868 }
869
870 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
871 u8 data_len)
872 {
873 eir[eir_len++] = sizeof(type) + data_len;
874 eir[eir_len++] = type;
875 memcpy(&eir[eir_len], data, data_len);
876 eir_len += data_len;
877
878 return eir_len;
879 }
880
881 static inline u16 eir_append_le16(u8 *eir, u16 eir_len, u8 type, u16 data)
882 {
883 eir[eir_len++] = sizeof(type) + sizeof(data);
884 eir[eir_len++] = type;
885 put_unaligned_le16(data, &eir[eir_len]);
886 eir_len += sizeof(data);
887
888 return eir_len;
889 }
890
891 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
892 {
893 u16 eir_len = 0;
894 size_t name_len;
895
896 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
897 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
898 hdev->dev_class, 3);
899
900 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
901 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
902 hdev->appearance);
903
904 name_len = strlen(hdev->dev_name);
905 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
906 hdev->dev_name, name_len);
907
908 name_len = strlen(hdev->short_name);
909 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
910 hdev->short_name, name_len);
911
912 return eir_len;
913 }
914
915 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
916 void *data, u16 data_len)
917 {
918 char buf[512];
919 struct mgmt_rp_read_ext_info *rp = (void *)buf;
920 u16 eir_len;
921
922 BT_DBG("sock %p %s", sk, hdev->name);
923
924 memset(&buf, 0, sizeof(buf));
925
926 hci_dev_lock(hdev);
927
928 bacpy(&rp->bdaddr, &hdev->bdaddr);
929
930 rp->version = hdev->hci_ver;
931 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
932
933 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
934 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
935
936
937 eir_len = append_eir_data_to_buf(hdev, rp->eir);
938 rp->eir_len = cpu_to_le16(eir_len);
939
940 hci_dev_unlock(hdev);
941
942 /* If this command is called at least once, then the events
943 * for class of device and local name changes are disabled
944 * and only the new extended controller information event
945 * is used.
946 */
947 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
948 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
949 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
950
951 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
952 sizeof(*rp) + eir_len);
953 }
954
955 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
956 {
957 char buf[512];
958 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
959 u16 eir_len;
960
961 memset(buf, 0, sizeof(buf));
962
963 eir_len = append_eir_data_to_buf(hdev, ev->eir);
964 ev->eir_len = cpu_to_le16(eir_len);
965
966 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
967 sizeof(*ev) + eir_len,
968 HCI_MGMT_EXT_INFO_EVENTS, skip);
969 }
970
971 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
972 {
973 __le32 settings = cpu_to_le32(get_current_settings(hdev));
974
975 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
976 sizeof(settings));
977 }
978
979 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
980 {
981 BT_DBG("%s status 0x%02x", hdev->name, status);
982
983 if (hci_conn_count(hdev) == 0) {
984 cancel_delayed_work(&hdev->power_off);
985 queue_work(hdev->req_workqueue, &hdev->power_off.work);
986 }
987 }
988
989 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
990 {
991 struct mgmt_ev_advertising_added ev;
992
993 ev.instance = instance;
994
995 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
996 }
997
998 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
999 u8 instance)
1000 {
1001 struct mgmt_ev_advertising_removed ev;
1002
1003 ev.instance = instance;
1004
1005 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1006 }
1007
1008 static void cancel_adv_timeout(struct hci_dev *hdev)
1009 {
1010 if (hdev->adv_instance_timeout) {
1011 hdev->adv_instance_timeout = 0;
1012 cancel_delayed_work(&hdev->adv_instance_expire);
1013 }
1014 }
1015
1016 static int clean_up_hci_state(struct hci_dev *hdev)
1017 {
1018 struct hci_request req;
1019 struct hci_conn *conn;
1020 bool discov_stopped;
1021 int err;
1022
1023 hci_req_init(&req, hdev);
1024
1025 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1026 test_bit(HCI_PSCAN, &hdev->flags)) {
1027 u8 scan = 0x00;
1028 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 }
1030
1031 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1032
1033 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1034 __hci_req_disable_advertising(&req);
1035
1036 discov_stopped = hci_req_stop_discovery(&req);
1037
1038 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1039 /* 0x15 == Terminated due to Power Off */
1040 __hci_abort_conn(&req, conn, 0x15);
1041 }
1042
1043 err = hci_req_run(&req, clean_up_hci_complete);
1044 if (!err && discov_stopped)
1045 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1046
1047 return err;
1048 }
1049
1050 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1051 u16 len)
1052 {
1053 struct mgmt_mode *cp = data;
1054 struct mgmt_pending_cmd *cmd;
1055 int err;
1056
1057 BT_DBG("request for %s", hdev->name);
1058
1059 if (cp->val != 0x00 && cp->val != 0x01)
1060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1061 MGMT_STATUS_INVALID_PARAMS);
1062
1063 hci_dev_lock(hdev);
1064
1065 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1067 MGMT_STATUS_BUSY);
1068 goto failed;
1069 }
1070
1071 if (!!cp->val == hdev_is_powered(hdev)) {
1072 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1073 goto failed;
1074 }
1075
1076 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1077 if (!cmd) {
1078 err = -ENOMEM;
1079 goto failed;
1080 }
1081
1082 if (cp->val) {
1083 queue_work(hdev->req_workqueue, &hdev->power_on);
1084 err = 0;
1085 } else {
1086 /* Disconnect connections, stop scans, etc */
1087 err = clean_up_hci_state(hdev);
1088 if (!err)
1089 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1090 HCI_POWER_OFF_TIMEOUT);
1091
1092 /* ENODATA means there were no HCI commands queued */
1093 if (err == -ENODATA) {
1094 cancel_delayed_work(&hdev->power_off);
1095 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1096 err = 0;
1097 }
1098 }
1099
1100 failed:
1101 hci_dev_unlock(hdev);
1102 return err;
1103 }
1104
1105 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1106 {
1107 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1108
1109 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1110 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1111 }
1112
1113 int mgmt_new_settings(struct hci_dev *hdev)
1114 {
1115 return new_settings(hdev, NULL);
1116 }
1117
1118 struct cmd_lookup {
1119 struct sock *sk;
1120 struct hci_dev *hdev;
1121 u8 mgmt_status;
1122 };
1123
1124 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1125 {
1126 struct cmd_lookup *match = data;
1127
1128 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1129
1130 list_del(&cmd->list);
1131
1132 if (match->sk == NULL) {
1133 match->sk = cmd->sk;
1134 sock_hold(match->sk);
1135 }
1136
1137 mgmt_pending_free(cmd);
1138 }
1139
1140 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1141 {
1142 u8 *status = data;
1143
1144 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1145 mgmt_pending_remove(cmd);
1146 }
1147
1148 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1149 {
1150 if (cmd->cmd_complete) {
1151 u8 *status = data;
1152
1153 cmd->cmd_complete(cmd, *status);
1154 mgmt_pending_remove(cmd);
1155
1156 return;
1157 }
1158
1159 cmd_status_rsp(cmd, data);
1160 }
1161
1162 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1163 {
1164 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1165 cmd->param, cmd->param_len);
1166 }
1167
1168 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1169 {
1170 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1171 cmd->param, sizeof(struct mgmt_addr_info));
1172 }
1173
1174 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1175 {
1176 if (!lmp_bredr_capable(hdev))
1177 return MGMT_STATUS_NOT_SUPPORTED;
1178 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1179 return MGMT_STATUS_REJECTED;
1180 else
1181 return MGMT_STATUS_SUCCESS;
1182 }
1183
1184 static u8 mgmt_le_support(struct hci_dev *hdev)
1185 {
1186 if (!lmp_le_capable(hdev))
1187 return MGMT_STATUS_NOT_SUPPORTED;
1188 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1189 return MGMT_STATUS_REJECTED;
1190 else
1191 return MGMT_STATUS_SUCCESS;
1192 }
1193
1194 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1195 {
1196 struct mgmt_pending_cmd *cmd;
1197
1198 BT_DBG("status 0x%02x", status);
1199
1200 hci_dev_lock(hdev);
1201
1202 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1203 if (!cmd)
1204 goto unlock;
1205
1206 if (status) {
1207 u8 mgmt_err = mgmt_status(status);
1208 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1209 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1210 goto remove_cmd;
1211 }
1212
1213 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1214 hdev->discov_timeout > 0) {
1215 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1216 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1217 }
1218
1219 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1220 new_settings(hdev, cmd->sk);
1221
1222 remove_cmd:
1223 mgmt_pending_remove(cmd);
1224
1225 unlock:
1226 hci_dev_unlock(hdev);
1227 }
1228
1229 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1230 u16 len)
1231 {
1232 struct mgmt_cp_set_discoverable *cp = data;
1233 struct mgmt_pending_cmd *cmd;
1234 u16 timeout;
1235 int err;
1236
1237 BT_DBG("request for %s", hdev->name);
1238
1239 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1240 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1241 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1242 MGMT_STATUS_REJECTED);
1243
1244 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1245 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1246 MGMT_STATUS_INVALID_PARAMS);
1247
1248 timeout = __le16_to_cpu(cp->timeout);
1249
1250 /* Disabling discoverable requires that no timeout is set,
1251 * and enabling limited discoverable requires a timeout.
1252 */
1253 if ((cp->val == 0x00 && timeout > 0) ||
1254 (cp->val == 0x02 && timeout == 0))
1255 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1256 MGMT_STATUS_INVALID_PARAMS);
1257
1258 hci_dev_lock(hdev);
1259
1260 if (!hdev_is_powered(hdev) && timeout > 0) {
1261 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1262 MGMT_STATUS_NOT_POWERED);
1263 goto failed;
1264 }
1265
1266 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1267 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1268 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1269 MGMT_STATUS_BUSY);
1270 goto failed;
1271 }
1272
1273 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1274 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1275 MGMT_STATUS_REJECTED);
1276 goto failed;
1277 }
1278
1279 if (!hdev_is_powered(hdev)) {
1280 bool changed = false;
1281
1282 /* Setting limited discoverable when powered off is
1283 * not a valid operation since it requires a timeout
1284 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1285 */
1286 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1287 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1288 changed = true;
1289 }
1290
1291 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1292 if (err < 0)
1293 goto failed;
1294
1295 if (changed)
1296 err = new_settings(hdev, sk);
1297
1298 goto failed;
1299 }
1300
1301 /* If the current mode is the same, then just update the timeout
1302 * value with the new value. And if only the timeout gets updated,
1303 * then no need for any HCI transactions.
1304 */
1305 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1306 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1307 HCI_LIMITED_DISCOVERABLE)) {
1308 cancel_delayed_work(&hdev->discov_off);
1309 hdev->discov_timeout = timeout;
1310
1311 if (cp->val && hdev->discov_timeout > 0) {
1312 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1313 queue_delayed_work(hdev->req_workqueue,
1314 &hdev->discov_off, to);
1315 }
1316
1317 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1318 goto failed;
1319 }
1320
1321 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1322 if (!cmd) {
1323 err = -ENOMEM;
1324 goto failed;
1325 }
1326
1327 /* Cancel any potential discoverable timeout that might be
1328 * still active and store new timeout value. The arming of
1329 * the timeout happens in the complete handler.
1330 */
1331 cancel_delayed_work(&hdev->discov_off);
1332 hdev->discov_timeout = timeout;
1333
1334 if (cp->val)
1335 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1336 else
1337 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1338
1339 /* Limited discoverable mode */
1340 if (cp->val == 0x02)
1341 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1342 else
1343 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1344
1345 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1346 err = 0;
1347
1348 failed:
1349 hci_dev_unlock(hdev);
1350 return err;
1351 }
1352
1353 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1354 {
1355 struct mgmt_pending_cmd *cmd;
1356
1357 BT_DBG("status 0x%02x", status);
1358
1359 hci_dev_lock(hdev);
1360
1361 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1362 if (!cmd)
1363 goto unlock;
1364
1365 if (status) {
1366 u8 mgmt_err = mgmt_status(status);
1367 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1368 goto remove_cmd;
1369 }
1370
1371 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1372 new_settings(hdev, cmd->sk);
1373
1374 remove_cmd:
1375 mgmt_pending_remove(cmd);
1376
1377 unlock:
1378 hci_dev_unlock(hdev);
1379 }
1380
1381 static int set_connectable_update_settings(struct hci_dev *hdev,
1382 struct sock *sk, u8 val)
1383 {
1384 bool changed = false;
1385 int err;
1386
1387 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1388 changed = true;
1389
1390 if (val) {
1391 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1392 } else {
1393 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1394 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1395 }
1396
1397 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1398 if (err < 0)
1399 return err;
1400
1401 if (changed) {
1402 hci_req_update_scan(hdev);
1403 hci_update_background_scan(hdev);
1404 return new_settings(hdev, sk);
1405 }
1406
1407 return 0;
1408 }
1409
1410 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1411 u16 len)
1412 {
1413 struct mgmt_mode *cp = data;
1414 struct mgmt_pending_cmd *cmd;
1415 int err;
1416
1417 BT_DBG("request for %s", hdev->name);
1418
1419 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1420 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1422 MGMT_STATUS_REJECTED);
1423
1424 if (cp->val != 0x00 && cp->val != 0x01)
1425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1426 MGMT_STATUS_INVALID_PARAMS);
1427
1428 hci_dev_lock(hdev);
1429
1430 if (!hdev_is_powered(hdev)) {
1431 err = set_connectable_update_settings(hdev, sk, cp->val);
1432 goto failed;
1433 }
1434
1435 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1436 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1437 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1438 MGMT_STATUS_BUSY);
1439 goto failed;
1440 }
1441
1442 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1443 if (!cmd) {
1444 err = -ENOMEM;
1445 goto failed;
1446 }
1447
1448 if (cp->val) {
1449 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1450 } else {
1451 if (hdev->discov_timeout > 0)
1452 cancel_delayed_work(&hdev->discov_off);
1453
1454 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1455 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1456 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1457 }
1458
1459 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1460 err = 0;
1461
1462 failed:
1463 hci_dev_unlock(hdev);
1464 return err;
1465 }
1466
1467 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1468 u16 len)
1469 {
1470 struct mgmt_mode *cp = data;
1471 bool changed;
1472 int err;
1473
1474 BT_DBG("request for %s", hdev->name);
1475
1476 if (cp->val != 0x00 && cp->val != 0x01)
1477 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1478 MGMT_STATUS_INVALID_PARAMS);
1479
1480 hci_dev_lock(hdev);
1481
1482 if (cp->val)
1483 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1484 else
1485 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1486
1487 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1488 if (err < 0)
1489 goto unlock;
1490
1491 if (changed) {
1492 /* In limited privacy mode the change of bondable mode
1493 * may affect the local advertising address.
1494 */
1495 if (hdev_is_powered(hdev) &&
1496 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1497 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1498 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1499 queue_work(hdev->req_workqueue,
1500 &hdev->discoverable_update);
1501
1502 err = new_settings(hdev, sk);
1503 }
1504
1505 unlock:
1506 hci_dev_unlock(hdev);
1507 return err;
1508 }
1509
1510 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1511 u16 len)
1512 {
1513 struct mgmt_mode *cp = data;
1514 struct mgmt_pending_cmd *cmd;
1515 u8 val, status;
1516 int err;
1517
1518 BT_DBG("request for %s", hdev->name);
1519
1520 status = mgmt_bredr_support(hdev);
1521 if (status)
1522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1523 status);
1524
1525 if (cp->val != 0x00 && cp->val != 0x01)
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1527 MGMT_STATUS_INVALID_PARAMS);
1528
1529 hci_dev_lock(hdev);
1530
1531 if (!hdev_is_powered(hdev)) {
1532 bool changed = false;
1533
1534 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1535 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1536 changed = true;
1537 }
1538
1539 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1540 if (err < 0)
1541 goto failed;
1542
1543 if (changed)
1544 err = new_settings(hdev, sk);
1545
1546 goto failed;
1547 }
1548
1549 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1550 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1551 MGMT_STATUS_BUSY);
1552 goto failed;
1553 }
1554
1555 val = !!cp->val;
1556
1557 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1558 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1559 goto failed;
1560 }
1561
1562 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1563 if (!cmd) {
1564 err = -ENOMEM;
1565 goto failed;
1566 }
1567
1568 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1569 if (err < 0) {
1570 mgmt_pending_remove(cmd);
1571 goto failed;
1572 }
1573
1574 failed:
1575 hci_dev_unlock(hdev);
1576 return err;
1577 }
1578
1579 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1580 {
1581 struct mgmt_mode *cp = data;
1582 struct mgmt_pending_cmd *cmd;
1583 u8 status;
1584 int err;
1585
1586 BT_DBG("request for %s", hdev->name);
1587
1588 status = mgmt_bredr_support(hdev);
1589 if (status)
1590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1591
1592 if (!lmp_ssp_capable(hdev))
1593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1594 MGMT_STATUS_NOT_SUPPORTED);
1595
1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
1600 hci_dev_lock(hdev);
1601
1602 if (!hdev_is_powered(hdev)) {
1603 bool changed;
1604
1605 if (cp->val) {
1606 changed = !hci_dev_test_and_set_flag(hdev,
1607 HCI_SSP_ENABLED);
1608 } else {
1609 changed = hci_dev_test_and_clear_flag(hdev,
1610 HCI_SSP_ENABLED);
1611 if (!changed)
1612 changed = hci_dev_test_and_clear_flag(hdev,
1613 HCI_HS_ENABLED);
1614 else
1615 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1616 }
1617
1618 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1619 if (err < 0)
1620 goto failed;
1621
1622 if (changed)
1623 err = new_settings(hdev, sk);
1624
1625 goto failed;
1626 }
1627
1628 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1629 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1630 MGMT_STATUS_BUSY);
1631 goto failed;
1632 }
1633
1634 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1635 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1636 goto failed;
1637 }
1638
1639 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1640 if (!cmd) {
1641 err = -ENOMEM;
1642 goto failed;
1643 }
1644
1645 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1646 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1647 sizeof(cp->val), &cp->val);
1648
1649 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1650 if (err < 0) {
1651 mgmt_pending_remove(cmd);
1652 goto failed;
1653 }
1654
1655 failed:
1656 hci_dev_unlock(hdev);
1657 return err;
1658 }
1659
1660 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1661 {
1662 struct mgmt_mode *cp = data;
1663 bool changed;
1664 u8 status;
1665 int err;
1666
1667 BT_DBG("request for %s", hdev->name);
1668
1669 status = mgmt_bredr_support(hdev);
1670 if (status)
1671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1672
1673 if (!lmp_ssp_capable(hdev))
1674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1675 MGMT_STATUS_NOT_SUPPORTED);
1676
1677 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1679 MGMT_STATUS_REJECTED);
1680
1681 if (cp->val != 0x00 && cp->val != 0x01)
1682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1683 MGMT_STATUS_INVALID_PARAMS);
1684
1685 hci_dev_lock(hdev);
1686
1687 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1689 MGMT_STATUS_BUSY);
1690 goto unlock;
1691 }
1692
1693 if (cp->val) {
1694 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1695 } else {
1696 if (hdev_is_powered(hdev)) {
1697 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1698 MGMT_STATUS_REJECTED);
1699 goto unlock;
1700 }
1701
1702 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1703 }
1704
1705 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1706 if (err < 0)
1707 goto unlock;
1708
1709 if (changed)
1710 err = new_settings(hdev, sk);
1711
1712 unlock:
1713 hci_dev_unlock(hdev);
1714 return err;
1715 }
1716
1717 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1718 {
1719 struct cmd_lookup match = { NULL, hdev };
1720
1721 hci_dev_lock(hdev);
1722
1723 if (status) {
1724 u8 mgmt_err = mgmt_status(status);
1725
1726 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1727 &mgmt_err);
1728 goto unlock;
1729 }
1730
1731 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1732
1733 new_settings(hdev, match.sk);
1734
1735 if (match.sk)
1736 sock_put(match.sk);
1737
1738 /* Make sure the controller has a good default for
1739 * advertising data. Restrict the update to when LE
1740 * has actually been enabled. During power on, the
1741 * update in powered_update_hci will take care of it.
1742 */
1743 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1744 struct hci_request req;
1745
1746 hci_req_init(&req, hdev);
1747 __hci_req_update_adv_data(&req, 0x00);
1748 __hci_req_update_scan_rsp_data(&req, 0x00);
1749 hci_req_run(&req, NULL);
1750 hci_update_background_scan(hdev);
1751 }
1752
1753 unlock:
1754 hci_dev_unlock(hdev);
1755 }
1756
1757 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1758 {
1759 struct mgmt_mode *cp = data;
1760 struct hci_cp_write_le_host_supported hci_cp;
1761 struct mgmt_pending_cmd *cmd;
1762 struct hci_request req;
1763 int err;
1764 u8 val, enabled;
1765
1766 BT_DBG("request for %s", hdev->name);
1767
1768 if (!lmp_le_capable(hdev))
1769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1770 MGMT_STATUS_NOT_SUPPORTED);
1771
1772 if (cp->val != 0x00 && cp->val != 0x01)
1773 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1774 MGMT_STATUS_INVALID_PARAMS);
1775
1776 /* Bluetooth single mode LE only controllers or dual-mode
1777 * controllers configured as LE only devices, do not allow
1778 * switching LE off. These have either LE enabled explicitly
1779 * or BR/EDR has been previously switched off.
1780 *
1781 * When trying to enable an already enabled LE, then gracefully
1782 * send a positive response. Trying to disable it however will
1783 * result into rejection.
1784 */
1785 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1786 if (cp->val == 0x01)
1787 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1788
1789 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1790 MGMT_STATUS_REJECTED);
1791 }
1792
1793 hci_dev_lock(hdev);
1794
1795 val = !!cp->val;
1796 enabled = lmp_host_le_capable(hdev);
1797
1798 if (!val)
1799 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1800
1801 if (!hdev_is_powered(hdev) || val == enabled) {
1802 bool changed = false;
1803
1804 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1805 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1806 changed = true;
1807 }
1808
1809 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1810 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1811 changed = true;
1812 }
1813
1814 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1815 if (err < 0)
1816 goto unlock;
1817
1818 if (changed)
1819 err = new_settings(hdev, sk);
1820
1821 goto unlock;
1822 }
1823
1824 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1825 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1826 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1827 MGMT_STATUS_BUSY);
1828 goto unlock;
1829 }
1830
1831 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1832 if (!cmd) {
1833 err = -ENOMEM;
1834 goto unlock;
1835 }
1836
1837 hci_req_init(&req, hdev);
1838
1839 memset(&hci_cp, 0, sizeof(hci_cp));
1840
1841 if (val) {
1842 hci_cp.le = val;
1843 hci_cp.simul = 0x00;
1844 } else {
1845 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1846 __hci_req_disable_advertising(&req);
1847 }
1848
1849 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1850 &hci_cp);
1851
1852 err = hci_req_run(&req, le_enable_complete);
1853 if (err < 0)
1854 mgmt_pending_remove(cmd);
1855
1856 unlock:
1857 hci_dev_unlock(hdev);
1858 return err;
1859 }
1860
1861 /* This is a helper function to test for pending mgmt commands that can
1862 * cause CoD or EIR HCI commands. We can only allow one such pending
1863 * mgmt command at a time since otherwise we cannot easily track what
1864 * the current values are, will be, and based on that calculate if a new
1865 * HCI command needs to be sent and if yes with what value.
1866 */
1867 static bool pending_eir_or_class(struct hci_dev *hdev)
1868 {
1869 struct mgmt_pending_cmd *cmd;
1870
1871 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1872 switch (cmd->opcode) {
1873 case MGMT_OP_ADD_UUID:
1874 case MGMT_OP_REMOVE_UUID:
1875 case MGMT_OP_SET_DEV_CLASS:
1876 case MGMT_OP_SET_POWERED:
1877 return true;
1878 }
1879 }
1880
1881 return false;
1882 }
1883
1884 static const u8 bluetooth_base_uuid[] = {
1885 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1886 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1887 };
1888
1889 static u8 get_uuid_size(const u8 *uuid)
1890 {
1891 u32 val;
1892
1893 if (memcmp(uuid, bluetooth_base_uuid, 12))
1894 return 128;
1895
1896 val = get_unaligned_le32(&uuid[12]);
1897 if (val > 0xffff)
1898 return 32;
1899
1900 return 16;
1901 }
1902
1903 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1904 {
1905 struct mgmt_pending_cmd *cmd;
1906
1907 hci_dev_lock(hdev);
1908
1909 cmd = pending_find(mgmt_op, hdev);
1910 if (!cmd)
1911 goto unlock;
1912
1913 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1914 mgmt_status(status), hdev->dev_class, 3);
1915
1916 mgmt_pending_remove(cmd);
1917
1918 unlock:
1919 hci_dev_unlock(hdev);
1920 }
1921
1922 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1923 {
1924 BT_DBG("status 0x%02x", status);
1925
1926 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1927 }
1928
1929 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1930 {
1931 struct mgmt_cp_add_uuid *cp = data;
1932 struct mgmt_pending_cmd *cmd;
1933 struct hci_request req;
1934 struct bt_uuid *uuid;
1935 int err;
1936
1937 BT_DBG("request for %s", hdev->name);
1938
1939 hci_dev_lock(hdev);
1940
1941 if (pending_eir_or_class(hdev)) {
1942 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1943 MGMT_STATUS_BUSY);
1944 goto failed;
1945 }
1946
1947 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1948 if (!uuid) {
1949 err = -ENOMEM;
1950 goto failed;
1951 }
1952
1953 memcpy(uuid->uuid, cp->uuid, 16);
1954 uuid->svc_hint = cp->svc_hint;
1955 uuid->size = get_uuid_size(cp->uuid);
1956
1957 list_add_tail(&uuid->list, &hdev->uuids);
1958
1959 hci_req_init(&req, hdev);
1960
1961 __hci_req_update_class(&req);
1962 __hci_req_update_eir(&req);
1963
1964 err = hci_req_run(&req, add_uuid_complete);
1965 if (err < 0) {
1966 if (err != -ENODATA)
1967 goto failed;
1968
1969 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1970 hdev->dev_class, 3);
1971 goto failed;
1972 }
1973
1974 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1975 if (!cmd) {
1976 err = -ENOMEM;
1977 goto failed;
1978 }
1979
1980 err = 0;
1981
1982 failed:
1983 hci_dev_unlock(hdev);
1984 return err;
1985 }
1986
1987 static bool enable_service_cache(struct hci_dev *hdev)
1988 {
1989 if (!hdev_is_powered(hdev))
1990 return false;
1991
1992 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1993 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1994 CACHE_TIMEOUT);
1995 return true;
1996 }
1997
1998 return false;
1999 }
2000
2001 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2002 {
2003 BT_DBG("status 0x%02x", status);
2004
2005 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2006 }
2007
2008 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2009 u16 len)
2010 {
2011 struct mgmt_cp_remove_uuid *cp = data;
2012 struct mgmt_pending_cmd *cmd;
2013 struct bt_uuid *match, *tmp;
2014 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2015 struct hci_request req;
2016 int err, found;
2017
2018 BT_DBG("request for %s", hdev->name);
2019
2020 hci_dev_lock(hdev);
2021
2022 if (pending_eir_or_class(hdev)) {
2023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2024 MGMT_STATUS_BUSY);
2025 goto unlock;
2026 }
2027
2028 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2029 hci_uuids_clear(hdev);
2030
2031 if (enable_service_cache(hdev)) {
2032 err = mgmt_cmd_complete(sk, hdev->id,
2033 MGMT_OP_REMOVE_UUID,
2034 0, hdev->dev_class, 3);
2035 goto unlock;
2036 }
2037
2038 goto update_class;
2039 }
2040
2041 found = 0;
2042
2043 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2044 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2045 continue;
2046
2047 list_del(&match->list);
2048 kfree(match);
2049 found++;
2050 }
2051
2052 if (found == 0) {
2053 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2054 MGMT_STATUS_INVALID_PARAMS);
2055 goto unlock;
2056 }
2057
2058 update_class:
2059 hci_req_init(&req, hdev);
2060
2061 __hci_req_update_class(&req);
2062 __hci_req_update_eir(&req);
2063
2064 err = hci_req_run(&req, remove_uuid_complete);
2065 if (err < 0) {
2066 if (err != -ENODATA)
2067 goto unlock;
2068
2069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2070 hdev->dev_class, 3);
2071 goto unlock;
2072 }
2073
2074 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2075 if (!cmd) {
2076 err = -ENOMEM;
2077 goto unlock;
2078 }
2079
2080 err = 0;
2081
2082 unlock:
2083 hci_dev_unlock(hdev);
2084 return err;
2085 }
2086
2087 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2088 {
2089 BT_DBG("status 0x%02x", status);
2090
2091 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2092 }
2093
2094 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2095 u16 len)
2096 {
2097 struct mgmt_cp_set_dev_class *cp = data;
2098 struct mgmt_pending_cmd *cmd;
2099 struct hci_request req;
2100 int err;
2101
2102 BT_DBG("request for %s", hdev->name);
2103
2104 if (!lmp_bredr_capable(hdev))
2105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2106 MGMT_STATUS_NOT_SUPPORTED);
2107
2108 hci_dev_lock(hdev);
2109
2110 if (pending_eir_or_class(hdev)) {
2111 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2112 MGMT_STATUS_BUSY);
2113 goto unlock;
2114 }
2115
2116 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2117 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2118 MGMT_STATUS_INVALID_PARAMS);
2119 goto unlock;
2120 }
2121
2122 hdev->major_class = cp->major;
2123 hdev->minor_class = cp->minor;
2124
2125 if (!hdev_is_powered(hdev)) {
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2128 goto unlock;
2129 }
2130
2131 hci_req_init(&req, hdev);
2132
2133 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2134 hci_dev_unlock(hdev);
2135 cancel_delayed_work_sync(&hdev->service_cache);
2136 hci_dev_lock(hdev);
2137 __hci_req_update_eir(&req);
2138 }
2139
2140 __hci_req_update_class(&req);
2141
2142 err = hci_req_run(&req, set_class_complete);
2143 if (err < 0) {
2144 if (err != -ENODATA)
2145 goto unlock;
2146
2147 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2148 hdev->dev_class, 3);
2149 goto unlock;
2150 }
2151
2152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto unlock;
2156 }
2157
2158 err = 0;
2159
2160 unlock:
2161 hci_dev_unlock(hdev);
2162 return err;
2163 }
2164
2165 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2166 u16 len)
2167 {
2168 struct mgmt_cp_load_link_keys *cp = data;
2169 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2170 sizeof(struct mgmt_link_key_info));
2171 u16 key_count, expected_len;
2172 bool changed;
2173 int i;
2174
2175 BT_DBG("request for %s", hdev->name);
2176
2177 if (!lmp_bredr_capable(hdev))
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_NOT_SUPPORTED);
2180
2181 key_count = __le16_to_cpu(cp->key_count);
2182 if (key_count > max_key_count) {
2183 BT_ERR("load_link_keys: too big key_count value %u",
2184 key_count);
2185 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2186 MGMT_STATUS_INVALID_PARAMS);
2187 }
2188
2189 expected_len = sizeof(*cp) + key_count *
2190 sizeof(struct mgmt_link_key_info);
2191 if (expected_len != len) {
2192 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2193 expected_len, len);
2194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2195 MGMT_STATUS_INVALID_PARAMS);
2196 }
2197
2198 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2200 MGMT_STATUS_INVALID_PARAMS);
2201
2202 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2203 key_count);
2204
2205 for (i = 0; i < key_count; i++) {
2206 struct mgmt_link_key_info *key = &cp->keys[i];
2207
2208 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2209 return mgmt_cmd_status(sk, hdev->id,
2210 MGMT_OP_LOAD_LINK_KEYS,
2211 MGMT_STATUS_INVALID_PARAMS);
2212 }
2213
2214 hci_dev_lock(hdev);
2215
2216 hci_link_keys_clear(hdev);
2217
2218 if (cp->debug_keys)
2219 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2220 else
2221 changed = hci_dev_test_and_clear_flag(hdev,
2222 HCI_KEEP_DEBUG_KEYS);
2223
2224 if (changed)
2225 new_settings(hdev, NULL);
2226
2227 for (i = 0; i < key_count; i++) {
2228 struct mgmt_link_key_info *key = &cp->keys[i];
2229
2230 /* Always ignore debug keys and require a new pairing if
2231 * the user wants to use them.
2232 */
2233 if (key->type == HCI_LK_DEBUG_COMBINATION)
2234 continue;
2235
2236 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2237 key->type, key->pin_len, NULL);
2238 }
2239
2240 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2241
2242 hci_dev_unlock(hdev);
2243
2244 return 0;
2245 }
2246
2247 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2248 u8 addr_type, struct sock *skip_sk)
2249 {
2250 struct mgmt_ev_device_unpaired ev;
2251
2252 bacpy(&ev.addr.bdaddr, bdaddr);
2253 ev.addr.type = addr_type;
2254
2255 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2256 skip_sk);
2257 }
2258
2259 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2260 u16 len)
2261 {
2262 struct mgmt_cp_unpair_device *cp = data;
2263 struct mgmt_rp_unpair_device rp;
2264 struct hci_conn_params *params;
2265 struct mgmt_pending_cmd *cmd;
2266 struct hci_conn *conn;
2267 u8 addr_type;
2268 int err;
2269
2270 memset(&rp, 0, sizeof(rp));
2271 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2272 rp.addr.type = cp->addr.type;
2273
2274 if (!bdaddr_type_is_valid(cp->addr.type))
2275 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2276 MGMT_STATUS_INVALID_PARAMS,
2277 &rp, sizeof(rp));
2278
2279 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2280 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2281 MGMT_STATUS_INVALID_PARAMS,
2282 &rp, sizeof(rp));
2283
2284 hci_dev_lock(hdev);
2285
2286 if (!hdev_is_powered(hdev)) {
2287 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2288 MGMT_STATUS_NOT_POWERED, &rp,
2289 sizeof(rp));
2290 goto unlock;
2291 }
2292
2293 if (cp->addr.type == BDADDR_BREDR) {
2294 /* If disconnection is requested, then look up the
2295 * connection. If the remote device is connected, it
2296 * will be later used to terminate the link.
2297 *
2298 * Setting it to NULL explicitly will cause no
2299 * termination of the link.
2300 */
2301 if (cp->disconnect)
2302 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2303 &cp->addr.bdaddr);
2304 else
2305 conn = NULL;
2306
2307 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2308 if (err < 0) {
2309 err = mgmt_cmd_complete(sk, hdev->id,
2310 MGMT_OP_UNPAIR_DEVICE,
2311 MGMT_STATUS_NOT_PAIRED, &rp,
2312 sizeof(rp));
2313 goto unlock;
2314 }
2315
2316 goto done;
2317 }
2318
2319 /* LE address type */
2320 addr_type = le_addr_type(cp->addr.type);
2321
2322 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2323
2324 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2325 if (err < 0) {
2326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2327 MGMT_STATUS_NOT_PAIRED, &rp,
2328 sizeof(rp));
2329 goto unlock;
2330 }
2331
2332 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2333 if (!conn) {
2334 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2335 goto done;
2336 }
2337
2338 /* Abort any ongoing SMP pairing */
2339 smp_cancel_pairing(conn);
2340
2341 /* Defer clearing up the connection parameters until closing to
2342 * give a chance of keeping them if a repairing happens.
2343 */
2344 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2345
2346 /* Disable auto-connection parameters if present */
2347 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2348 if (params) {
2349 if (params->explicit_connect)
2350 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2351 else
2352 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2353 }
2354
2355 /* If disconnection is not requested, then clear the connection
2356 * variable so that the link is not terminated.
2357 */
2358 if (!cp->disconnect)
2359 conn = NULL;
2360
2361 done:
2362 /* If the connection variable is set, then termination of the
2363 * link is requested.
2364 */
2365 if (!conn) {
2366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2367 &rp, sizeof(rp));
2368 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2369 goto unlock;
2370 }
2371
2372 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2373 sizeof(*cp));
2374 if (!cmd) {
2375 err = -ENOMEM;
2376 goto unlock;
2377 }
2378
2379 cmd->cmd_complete = addr_cmd_complete;
2380
2381 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2382 if (err < 0)
2383 mgmt_pending_remove(cmd);
2384
2385 unlock:
2386 hci_dev_unlock(hdev);
2387 return err;
2388 }
2389
2390 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2391 u16 len)
2392 {
2393 struct mgmt_cp_disconnect *cp = data;
2394 struct mgmt_rp_disconnect rp;
2395 struct mgmt_pending_cmd *cmd;
2396 struct hci_conn *conn;
2397 int err;
2398
2399 BT_DBG("");
2400
2401 memset(&rp, 0, sizeof(rp));
2402 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2403 rp.addr.type = cp->addr.type;
2404
2405 if (!bdaddr_type_is_valid(cp->addr.type))
2406 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2407 MGMT_STATUS_INVALID_PARAMS,
2408 &rp, sizeof(rp));
2409
2410 hci_dev_lock(hdev);
2411
2412 if (!test_bit(HCI_UP, &hdev->flags)) {
2413 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2414 MGMT_STATUS_NOT_POWERED, &rp,
2415 sizeof(rp));
2416 goto failed;
2417 }
2418
2419 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2420 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2421 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2422 goto failed;
2423 }
2424
2425 if (cp->addr.type == BDADDR_BREDR)
2426 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2427 &cp->addr.bdaddr);
2428 else
2429 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2430 le_addr_type(cp->addr.type));
2431
2432 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2433 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2434 MGMT_STATUS_NOT_CONNECTED, &rp,
2435 sizeof(rp));
2436 goto failed;
2437 }
2438
2439 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2440 if (!cmd) {
2441 err = -ENOMEM;
2442 goto failed;
2443 }
2444
2445 cmd->cmd_complete = generic_cmd_complete;
2446
2447 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2448 if (err < 0)
2449 mgmt_pending_remove(cmd);
2450
2451 failed:
2452 hci_dev_unlock(hdev);
2453 return err;
2454 }
2455
2456 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2457 {
2458 switch (link_type) {
2459 case LE_LINK:
2460 switch (addr_type) {
2461 case ADDR_LE_DEV_PUBLIC:
2462 return BDADDR_LE_PUBLIC;
2463
2464 default:
2465 /* Fallback to LE Random address type */
2466 return BDADDR_LE_RANDOM;
2467 }
2468
2469 default:
2470 /* Fallback to BR/EDR type */
2471 return BDADDR_BREDR;
2472 }
2473 }
2474
2475 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2476 u16 data_len)
2477 {
2478 struct mgmt_rp_get_connections *rp;
2479 struct hci_conn *c;
2480 size_t rp_len;
2481 int err;
2482 u16 i;
2483
2484 BT_DBG("");
2485
2486 hci_dev_lock(hdev);
2487
2488 if (!hdev_is_powered(hdev)) {
2489 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2490 MGMT_STATUS_NOT_POWERED);
2491 goto unlock;
2492 }
2493
2494 i = 0;
2495 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2496 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2497 i++;
2498 }
2499
2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2501 rp = kmalloc(rp_len, GFP_KERNEL);
2502 if (!rp) {
2503 err = -ENOMEM;
2504 goto unlock;
2505 }
2506
2507 i = 0;
2508 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2509 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2510 continue;
2511 bacpy(&rp->addr[i].bdaddr, &c->dst);
2512 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2513 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2514 continue;
2515 i++;
2516 }
2517
2518 rp->conn_count = cpu_to_le16(i);
2519
2520 /* Recalculate length in case of filtered SCO connections, etc */
2521 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2522
2523 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2524 rp_len);
2525
2526 kfree(rp);
2527
2528 unlock:
2529 hci_dev_unlock(hdev);
2530 return err;
2531 }
2532
2533 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2534 struct mgmt_cp_pin_code_neg_reply *cp)
2535 {
2536 struct mgmt_pending_cmd *cmd;
2537 int err;
2538
2539 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2540 sizeof(*cp));
2541 if (!cmd)
2542 return -ENOMEM;
2543
2544 cmd->cmd_complete = addr_cmd_complete;
2545
2546 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2547 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2548 if (err < 0)
2549 mgmt_pending_remove(cmd);
2550
2551 return err;
2552 }
2553
2554 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2555 u16 len)
2556 {
2557 struct hci_conn *conn;
2558 struct mgmt_cp_pin_code_reply *cp = data;
2559 struct hci_cp_pin_code_reply reply;
2560 struct mgmt_pending_cmd *cmd;
2561 int err;
2562
2563 BT_DBG("");
2564
2565 hci_dev_lock(hdev);
2566
2567 if (!hdev_is_powered(hdev)) {
2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2569 MGMT_STATUS_NOT_POWERED);
2570 goto failed;
2571 }
2572
2573 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2574 if (!conn) {
2575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2576 MGMT_STATUS_NOT_CONNECTED);
2577 goto failed;
2578 }
2579
2580 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2581 struct mgmt_cp_pin_code_neg_reply ncp;
2582
2583 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2584
2585 BT_ERR("PIN code is not 16 bytes long");
2586
2587 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2588 if (err >= 0)
2589 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2590 MGMT_STATUS_INVALID_PARAMS);
2591
2592 goto failed;
2593 }
2594
2595 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2596 if (!cmd) {
2597 err = -ENOMEM;
2598 goto failed;
2599 }
2600
2601 cmd->cmd_complete = addr_cmd_complete;
2602
2603 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2604 reply.pin_len = cp->pin_len;
2605 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2606
2607 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2608 if (err < 0)
2609 mgmt_pending_remove(cmd);
2610
2611 failed:
2612 hci_dev_unlock(hdev);
2613 return err;
2614 }
2615
2616 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2617 u16 len)
2618 {
2619 struct mgmt_cp_set_io_capability *cp = data;
2620
2621 BT_DBG("");
2622
2623 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2624 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2625 MGMT_STATUS_INVALID_PARAMS);
2626
2627 hci_dev_lock(hdev);
2628
2629 hdev->io_capability = cp->io_capability;
2630
2631 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2632 hdev->io_capability);
2633
2634 hci_dev_unlock(hdev);
2635
2636 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2637 NULL, 0);
2638 }
2639
2640 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2641 {
2642 struct hci_dev *hdev = conn->hdev;
2643 struct mgmt_pending_cmd *cmd;
2644
2645 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2646 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2647 continue;
2648
2649 if (cmd->user_data != conn)
2650 continue;
2651
2652 return cmd;
2653 }
2654
2655 return NULL;
2656 }
2657
2658 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2659 {
2660 struct mgmt_rp_pair_device rp;
2661 struct hci_conn *conn = cmd->user_data;
2662 int err;
2663
2664 bacpy(&rp.addr.bdaddr, &conn->dst);
2665 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2666
2667 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2668 status, &rp, sizeof(rp));
2669
2670 /* So we don't get further callbacks for this connection */
2671 conn->connect_cfm_cb = NULL;
2672 conn->security_cfm_cb = NULL;
2673 conn->disconn_cfm_cb = NULL;
2674
2675 hci_conn_drop(conn);
2676
2677 /* The device is paired so there is no need to remove
2678 * its connection parameters anymore.
2679 */
2680 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2681
2682 hci_conn_put(conn);
2683
2684 return err;
2685 }
2686
2687 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2688 {
2689 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2690 struct mgmt_pending_cmd *cmd;
2691
2692 cmd = find_pairing(conn);
2693 if (cmd) {
2694 cmd->cmd_complete(cmd, status);
2695 mgmt_pending_remove(cmd);
2696 }
2697 }
2698
2699 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2700 {
2701 struct mgmt_pending_cmd *cmd;
2702
2703 BT_DBG("status %u", status);
2704
2705 cmd = find_pairing(conn);
2706 if (!cmd) {
2707 BT_DBG("Unable to find a pending command");
2708 return;
2709 }
2710
2711 cmd->cmd_complete(cmd, mgmt_status(status));
2712 mgmt_pending_remove(cmd);
2713 }
2714
2715 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2716 {
2717 struct mgmt_pending_cmd *cmd;
2718
2719 BT_DBG("status %u", status);
2720
2721 if (!status)
2722 return;
2723
2724 cmd = find_pairing(conn);
2725 if (!cmd) {
2726 BT_DBG("Unable to find a pending command");
2727 return;
2728 }
2729
2730 cmd->cmd_complete(cmd, mgmt_status(status));
2731 mgmt_pending_remove(cmd);
2732 }
2733
2734 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2735 u16 len)
2736 {
2737 struct mgmt_cp_pair_device *cp = data;
2738 struct mgmt_rp_pair_device rp;
2739 struct mgmt_pending_cmd *cmd;
2740 u8 sec_level, auth_type;
2741 struct hci_conn *conn;
2742 int err;
2743
2744 BT_DBG("");
2745
2746 memset(&rp, 0, sizeof(rp));
2747 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2748 rp.addr.type = cp->addr.type;
2749
2750 if (!bdaddr_type_is_valid(cp->addr.type))
2751 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2752 MGMT_STATUS_INVALID_PARAMS,
2753 &rp, sizeof(rp));
2754
2755 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2756 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2757 MGMT_STATUS_INVALID_PARAMS,
2758 &rp, sizeof(rp));
2759
2760 hci_dev_lock(hdev);
2761
2762 if (!hdev_is_powered(hdev)) {
2763 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2764 MGMT_STATUS_NOT_POWERED, &rp,
2765 sizeof(rp));
2766 goto unlock;
2767 }
2768
2769 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2770 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2771 MGMT_STATUS_ALREADY_PAIRED, &rp,
2772 sizeof(rp));
2773 goto unlock;
2774 }
2775
2776 sec_level = BT_SECURITY_MEDIUM;
2777 auth_type = HCI_AT_DEDICATED_BONDING;
2778
2779 if (cp->addr.type == BDADDR_BREDR) {
2780 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2781 auth_type);
2782 } else {
2783 u8 addr_type = le_addr_type(cp->addr.type);
2784 struct hci_conn_params *p;
2785
2786 /* When pairing a new device, it is expected to remember
2787 * this device for future connections. Adding the connection
2788 * parameter information ahead of time allows tracking
2789 * of the slave preferred values and will speed up any
2790 * further connection establishment.
2791 *
2792 * If connection parameters already exist, then they
2793 * will be kept and this function does nothing.
2794 */
2795 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2796
2797 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2798 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2799
2800 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2801 addr_type, sec_level,
2802 HCI_LE_CONN_TIMEOUT);
2803 }
2804
2805 if (IS_ERR(conn)) {
2806 int status;
2807
2808 if (PTR_ERR(conn) == -EBUSY)
2809 status = MGMT_STATUS_BUSY;
2810 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2811 status = MGMT_STATUS_NOT_SUPPORTED;
2812 else if (PTR_ERR(conn) == -ECONNREFUSED)
2813 status = MGMT_STATUS_REJECTED;
2814 else
2815 status = MGMT_STATUS_CONNECT_FAILED;
2816
2817 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2818 status, &rp, sizeof(rp));
2819 goto unlock;
2820 }
2821
2822 if (conn->connect_cfm_cb) {
2823 hci_conn_drop(conn);
2824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2825 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2826 goto unlock;
2827 }
2828
2829 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2830 if (!cmd) {
2831 err = -ENOMEM;
2832 hci_conn_drop(conn);
2833 goto unlock;
2834 }
2835
2836 cmd->cmd_complete = pairing_complete;
2837
2838 /* For LE, just connecting isn't a proof that the pairing finished */
2839 if (cp->addr.type == BDADDR_BREDR) {
2840 conn->connect_cfm_cb = pairing_complete_cb;
2841 conn->security_cfm_cb = pairing_complete_cb;
2842 conn->disconn_cfm_cb = pairing_complete_cb;
2843 } else {
2844 conn->connect_cfm_cb = le_pairing_complete_cb;
2845 conn->security_cfm_cb = le_pairing_complete_cb;
2846 conn->disconn_cfm_cb = le_pairing_complete_cb;
2847 }
2848
2849 conn->io_capability = cp->io_cap;
2850 cmd->user_data = hci_conn_get(conn);
2851
2852 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2853 hci_conn_security(conn, sec_level, auth_type, true)) {
2854 cmd->cmd_complete(cmd, 0);
2855 mgmt_pending_remove(cmd);
2856 }
2857
2858 err = 0;
2859
2860 unlock:
2861 hci_dev_unlock(hdev);
2862 return err;
2863 }
2864
2865 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2866 u16 len)
2867 {
2868 struct mgmt_addr_info *addr = data;
2869 struct mgmt_pending_cmd *cmd;
2870 struct hci_conn *conn;
2871 int err;
2872
2873 BT_DBG("");
2874
2875 hci_dev_lock(hdev);
2876
2877 if (!hdev_is_powered(hdev)) {
2878 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2879 MGMT_STATUS_NOT_POWERED);
2880 goto unlock;
2881 }
2882
2883 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2884 if (!cmd) {
2885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2886 MGMT_STATUS_INVALID_PARAMS);
2887 goto unlock;
2888 }
2889
2890 conn = cmd->user_data;
2891
2892 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2893 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2894 MGMT_STATUS_INVALID_PARAMS);
2895 goto unlock;
2896 }
2897
2898 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2899 mgmt_pending_remove(cmd);
2900
2901 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2902 addr, sizeof(*addr));
2903 unlock:
2904 hci_dev_unlock(hdev);
2905 return err;
2906 }
2907
2908 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2909 struct mgmt_addr_info *addr, u16 mgmt_op,
2910 u16 hci_op, __le32 passkey)
2911 {
2912 struct mgmt_pending_cmd *cmd;
2913 struct hci_conn *conn;
2914 int err;
2915
2916 hci_dev_lock(hdev);
2917
2918 if (!hdev_is_powered(hdev)) {
2919 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2920 MGMT_STATUS_NOT_POWERED, addr,
2921 sizeof(*addr));
2922 goto done;
2923 }
2924
2925 if (addr->type == BDADDR_BREDR)
2926 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2927 else
2928 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2929 le_addr_type(addr->type));
2930
2931 if (!conn) {
2932 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2933 MGMT_STATUS_NOT_CONNECTED, addr,
2934 sizeof(*addr));
2935 goto done;
2936 }
2937
2938 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2939 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2940 if (!err)
2941 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2942 MGMT_STATUS_SUCCESS, addr,
2943 sizeof(*addr));
2944 else
2945 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2946 MGMT_STATUS_FAILED, addr,
2947 sizeof(*addr));
2948
2949 goto done;
2950 }
2951
2952 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2953 if (!cmd) {
2954 err = -ENOMEM;
2955 goto done;
2956 }
2957
2958 cmd->cmd_complete = addr_cmd_complete;
2959
2960 /* Continue with pairing via HCI */
2961 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2962 struct hci_cp_user_passkey_reply cp;
2963
2964 bacpy(&cp.bdaddr, &addr->bdaddr);
2965 cp.passkey = passkey;
2966 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2967 } else
2968 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2969 &addr->bdaddr);
2970
2971 if (err < 0)
2972 mgmt_pending_remove(cmd);
2973
2974 done:
2975 hci_dev_unlock(hdev);
2976 return err;
2977 }
2978
2979 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2980 void *data, u16 len)
2981 {
2982 struct mgmt_cp_pin_code_neg_reply *cp = data;
2983
2984 BT_DBG("");
2985
2986 return user_pairing_resp(sk, hdev, &cp->addr,
2987 MGMT_OP_PIN_CODE_NEG_REPLY,
2988 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2989 }
2990
2991 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2992 u16 len)
2993 {
2994 struct mgmt_cp_user_confirm_reply *cp = data;
2995
2996 BT_DBG("");
2997
2998 if (len != sizeof(*cp))
2999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3000 MGMT_STATUS_INVALID_PARAMS);
3001
3002 return user_pairing_resp(sk, hdev, &cp->addr,
3003 MGMT_OP_USER_CONFIRM_REPLY,
3004 HCI_OP_USER_CONFIRM_REPLY, 0);
3005 }
3006
3007 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3008 void *data, u16 len)
3009 {
3010 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3011
3012 BT_DBG("");
3013
3014 return user_pairing_resp(sk, hdev, &cp->addr,
3015 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3016 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3017 }
3018
3019 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3020 u16 len)
3021 {
3022 struct mgmt_cp_user_passkey_reply *cp = data;
3023
3024 BT_DBG("");
3025
3026 return user_pairing_resp(sk, hdev, &cp->addr,
3027 MGMT_OP_USER_PASSKEY_REPLY,
3028 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3029 }
3030
3031 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3032 void *data, u16 len)
3033 {
3034 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3035
3036 BT_DBG("");
3037
3038 return user_pairing_resp(sk, hdev, &cp->addr,
3039 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3040 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3041 }
3042
3043 static void adv_expire(struct hci_dev *hdev, u32 flags)
3044 {
3045 struct adv_info *adv_instance;
3046 struct hci_request req;
3047 int err;
3048
3049 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3050 if (!adv_instance)
3051 return;
3052
3053 /* stop if current instance doesn't need to be changed */
3054 if (!(adv_instance->flags & flags))
3055 return;
3056
3057 cancel_adv_timeout(hdev);
3058
3059 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3060 if (!adv_instance)
3061 return;
3062
3063 hci_req_init(&req, hdev);
3064 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3065 true);
3066 if (err)
3067 return;
3068
3069 hci_req_run(&req, NULL);
3070 }
3071
3072 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3073 {
3074 struct mgmt_cp_set_local_name *cp;
3075 struct mgmt_pending_cmd *cmd;
3076
3077 BT_DBG("status 0x%02x", status);
3078
3079 hci_dev_lock(hdev);
3080
3081 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3082 if (!cmd)
3083 goto unlock;
3084
3085 cp = cmd->param;
3086
3087 if (status) {
3088 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3089 mgmt_status(status));
3090 } else {
3091 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3092 cp, sizeof(*cp));
3093
3094 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3095 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3096 }
3097
3098 mgmt_pending_remove(cmd);
3099
3100 unlock:
3101 hci_dev_unlock(hdev);
3102 }
3103
3104 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3105 u16 len)
3106 {
3107 struct mgmt_cp_set_local_name *cp = data;
3108 struct mgmt_pending_cmd *cmd;
3109 struct hci_request req;
3110 int err;
3111
3112 BT_DBG("");
3113
3114 hci_dev_lock(hdev);
3115
3116 /* If the old values are the same as the new ones just return a
3117 * direct command complete event.
3118 */
3119 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3120 !memcmp(hdev->short_name, cp->short_name,
3121 sizeof(hdev->short_name))) {
3122 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3123 data, len);
3124 goto failed;
3125 }
3126
3127 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3128
3129 if (!hdev_is_powered(hdev)) {
3130 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3131
3132 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3133 data, len);
3134 if (err < 0)
3135 goto failed;
3136
3137 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3138 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3139 ext_info_changed(hdev, sk);
3140
3141 goto failed;
3142 }
3143
3144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3145 if (!cmd) {
3146 err = -ENOMEM;
3147 goto failed;
3148 }
3149
3150 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3151
3152 hci_req_init(&req, hdev);
3153
3154 if (lmp_bredr_capable(hdev)) {
3155 __hci_req_update_name(&req);
3156 __hci_req_update_eir(&req);
3157 }
3158
3159 /* The name is stored in the scan response data and so
3160 * no need to udpate the advertising data here.
3161 */
3162 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3163 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3164
3165 err = hci_req_run(&req, set_name_complete);
3166 if (err < 0)
3167 mgmt_pending_remove(cmd);
3168
3169 failed:
3170 hci_dev_unlock(hdev);
3171 return err;
3172 }
3173
3174 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3175 u16 len)
3176 {
3177 struct mgmt_cp_set_appearance *cp = data;
3178 u16 apperance;
3179 int err;
3180
3181 BT_DBG("");
3182
3183 if (!lmp_le_capable(hdev))
3184 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3185 MGMT_STATUS_NOT_SUPPORTED);
3186
3187 apperance = le16_to_cpu(cp->appearance);
3188
3189 hci_dev_lock(hdev);
3190
3191 if (hdev->appearance != apperance) {
3192 hdev->appearance = apperance;
3193
3194 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3195 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3196
3197 ext_info_changed(hdev, sk);
3198 }
3199
3200 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3201 0);
3202
3203 hci_dev_unlock(hdev);
3204
3205 return err;
3206 }
3207
3208 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3209 u16 opcode, struct sk_buff *skb)
3210 {
3211 struct mgmt_rp_read_local_oob_data mgmt_rp;
3212 size_t rp_size = sizeof(mgmt_rp);
3213 struct mgmt_pending_cmd *cmd;
3214
3215 BT_DBG("%s status %u", hdev->name, status);
3216
3217 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3218 if (!cmd)
3219 return;
3220
3221 if (status || !skb) {
3222 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3223 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3224 goto remove;
3225 }
3226
3227 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3228
3229 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3230 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3231
3232 if (skb->len < sizeof(*rp)) {
3233 mgmt_cmd_status(cmd->sk, hdev->id,
3234 MGMT_OP_READ_LOCAL_OOB_DATA,
3235 MGMT_STATUS_FAILED);
3236 goto remove;
3237 }
3238
3239 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3240 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3241
3242 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3243 } else {
3244 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3245
3246 if (skb->len < sizeof(*rp)) {
3247 mgmt_cmd_status(cmd->sk, hdev->id,
3248 MGMT_OP_READ_LOCAL_OOB_DATA,
3249 MGMT_STATUS_FAILED);
3250 goto remove;
3251 }
3252
3253 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3254 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3255
3256 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3257 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3258 }
3259
3260 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3261 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3262
3263 remove:
3264 mgmt_pending_remove(cmd);
3265 }
3266
3267 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3268 void *data, u16 data_len)
3269 {
3270 struct mgmt_pending_cmd *cmd;
3271 struct hci_request req;
3272 int err;
3273
3274 BT_DBG("%s", hdev->name);
3275
3276 hci_dev_lock(hdev);
3277
3278 if (!hdev_is_powered(hdev)) {
3279 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3280 MGMT_STATUS_NOT_POWERED);
3281 goto unlock;
3282 }
3283
3284 if (!lmp_ssp_capable(hdev)) {
3285 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3286 MGMT_STATUS_NOT_SUPPORTED);
3287 goto unlock;
3288 }
3289
3290 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3291 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3292 MGMT_STATUS_BUSY);
3293 goto unlock;
3294 }
3295
3296 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3297 if (!cmd) {
3298 err = -ENOMEM;
3299 goto unlock;
3300 }
3301
3302 hci_req_init(&req, hdev);
3303
3304 if (bredr_sc_enabled(hdev))
3305 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3306 else
3307 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3308
3309 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3310 if (err < 0)
3311 mgmt_pending_remove(cmd);
3312
3313 unlock:
3314 hci_dev_unlock(hdev);
3315 return err;
3316 }
3317
3318 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3319 void *data, u16 len)
3320 {
3321 struct mgmt_addr_info *addr = data;
3322 int err;
3323
3324 BT_DBG("%s ", hdev->name);
3325
3326 if (!bdaddr_type_is_valid(addr->type))
3327 return mgmt_cmd_complete(sk, hdev->id,
3328 MGMT_OP_ADD_REMOTE_OOB_DATA,
3329 MGMT_STATUS_INVALID_PARAMS,
3330 addr, sizeof(*addr));
3331
3332 hci_dev_lock(hdev);
3333
3334 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3335 struct mgmt_cp_add_remote_oob_data *cp = data;
3336 u8 status;
3337
3338 if (cp->addr.type != BDADDR_BREDR) {
3339 err = mgmt_cmd_complete(sk, hdev->id,
3340 MGMT_OP_ADD_REMOTE_OOB_DATA,
3341 MGMT_STATUS_INVALID_PARAMS,
3342 &cp->addr, sizeof(cp->addr));
3343 goto unlock;
3344 }
3345
3346 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3347 cp->addr.type, cp->hash,
3348 cp->rand, NULL, NULL);
3349 if (err < 0)
3350 status = MGMT_STATUS_FAILED;
3351 else
3352 status = MGMT_STATUS_SUCCESS;
3353
3354 err = mgmt_cmd_complete(sk, hdev->id,
3355 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3356 &cp->addr, sizeof(cp->addr));
3357 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3358 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3359 u8 *rand192, *hash192, *rand256, *hash256;
3360 u8 status;
3361
3362 if (bdaddr_type_is_le(cp->addr.type)) {
3363 /* Enforce zero-valued 192-bit parameters as
3364 * long as legacy SMP OOB isn't implemented.
3365 */
3366 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3367 memcmp(cp->hash192, ZERO_KEY, 16)) {
3368 err = mgmt_cmd_complete(sk, hdev->id,
3369 MGMT_OP_ADD_REMOTE_OOB_DATA,
3370 MGMT_STATUS_INVALID_PARAMS,
3371 addr, sizeof(*addr));
3372 goto unlock;
3373 }
3374
3375 rand192 = NULL;
3376 hash192 = NULL;
3377 } else {
3378 /* In case one of the P-192 values is set to zero,
3379 * then just disable OOB data for P-192.
3380 */
3381 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3382 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3383 rand192 = NULL;
3384 hash192 = NULL;
3385 } else {
3386 rand192 = cp->rand192;
3387 hash192 = cp->hash192;
3388 }
3389 }
3390
3391 /* In case one of the P-256 values is set to zero, then just
3392 * disable OOB data for P-256.
3393 */
3394 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3395 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3396 rand256 = NULL;
3397 hash256 = NULL;
3398 } else {
3399 rand256 = cp->rand256;
3400 hash256 = cp->hash256;
3401 }
3402
3403 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3404 cp->addr.type, hash192, rand192,
3405 hash256, rand256);
3406 if (err < 0)
3407 status = MGMT_STATUS_FAILED;
3408 else
3409 status = MGMT_STATUS_SUCCESS;
3410
3411 err = mgmt_cmd_complete(sk, hdev->id,
3412 MGMT_OP_ADD_REMOTE_OOB_DATA,
3413 status, &cp->addr, sizeof(cp->addr));
3414 } else {
3415 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3417 MGMT_STATUS_INVALID_PARAMS);
3418 }
3419
3420 unlock:
3421 hci_dev_unlock(hdev);
3422 return err;
3423 }
3424
3425 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3426 void *data, u16 len)
3427 {
3428 struct mgmt_cp_remove_remote_oob_data *cp = data;
3429 u8 status;
3430 int err;
3431
3432 BT_DBG("%s", hdev->name);
3433
3434 if (cp->addr.type != BDADDR_BREDR)
3435 return mgmt_cmd_complete(sk, hdev->id,
3436 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3437 MGMT_STATUS_INVALID_PARAMS,
3438 &cp->addr, sizeof(cp->addr));
3439
3440 hci_dev_lock(hdev);
3441
3442 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3443 hci_remote_oob_data_clear(hdev);
3444 status = MGMT_STATUS_SUCCESS;
3445 goto done;
3446 }
3447
3448 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3449 if (err < 0)
3450 status = MGMT_STATUS_INVALID_PARAMS;
3451 else
3452 status = MGMT_STATUS_SUCCESS;
3453
3454 done:
3455 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3456 status, &cp->addr, sizeof(cp->addr));
3457
3458 hci_dev_unlock(hdev);
3459 return err;
3460 }
3461
3462 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3463 {
3464 struct mgmt_pending_cmd *cmd;
3465
3466 BT_DBG("status %d", status);
3467
3468 hci_dev_lock(hdev);
3469
3470 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3471 if (!cmd)
3472 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3473
3474 if (!cmd)
3475 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3476
3477 if (cmd) {
3478 cmd->cmd_complete(cmd, mgmt_status(status));
3479 mgmt_pending_remove(cmd);
3480 }
3481
3482 hci_dev_unlock(hdev);
3483 }
3484
3485 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3486 uint8_t *mgmt_status)
3487 {
3488 switch (type) {
3489 case DISCOV_TYPE_LE:
3490 *mgmt_status = mgmt_le_support(hdev);
3491 if (*mgmt_status)
3492 return false;
3493 break;
3494 case DISCOV_TYPE_INTERLEAVED:
3495 *mgmt_status = mgmt_le_support(hdev);
3496 if (*mgmt_status)
3497 return false;
3498 /* Intentional fall-through */
3499 case DISCOV_TYPE_BREDR:
3500 *mgmt_status = mgmt_bredr_support(hdev);
3501 if (*mgmt_status)
3502 return false;
3503 break;
3504 default:
3505 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3506 return false;
3507 }
3508
3509 return true;
3510 }
3511
3512 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3513 u16 op, void *data, u16 len)
3514 {
3515 struct mgmt_cp_start_discovery *cp = data;
3516 struct mgmt_pending_cmd *cmd;
3517 u8 status;
3518 int err;
3519
3520 BT_DBG("%s", hdev->name);
3521
3522 hci_dev_lock(hdev);
3523
3524 if (!hdev_is_powered(hdev)) {
3525 err = mgmt_cmd_complete(sk, hdev->id, op,
3526 MGMT_STATUS_NOT_POWERED,
3527 &cp->type, sizeof(cp->type));
3528 goto failed;
3529 }
3530
3531 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3532 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3533 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3534 &cp->type, sizeof(cp->type));
3535 goto failed;
3536 }
3537
3538 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3539 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3540 &cp->type, sizeof(cp->type));
3541 goto failed;
3542 }
3543
3544 /* Clear the discovery filter first to free any previously
3545 * allocated memory for the UUID list.
3546 */
3547 hci_discovery_filter_clear(hdev);
3548
3549 hdev->discovery.type = cp->type;
3550 hdev->discovery.report_invalid_rssi = false;
3551 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3552 hdev->discovery.limited = true;
3553 else
3554 hdev->discovery.limited = false;
3555
3556 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3557 if (!cmd) {
3558 err = -ENOMEM;
3559 goto failed;
3560 }
3561
3562 cmd->cmd_complete = generic_cmd_complete;
3563
3564 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3565 queue_work(hdev->req_workqueue, &hdev->discov_update);
3566 err = 0;
3567
3568 failed:
3569 hci_dev_unlock(hdev);
3570 return err;
3571 }
3572
3573 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3574 void *data, u16 len)
3575 {
3576 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3577 data, len);
3578 }
3579
3580 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3581 void *data, u16 len)
3582 {
3583 return start_discovery_internal(sk, hdev,
3584 MGMT_OP_START_LIMITED_DISCOVERY,
3585 data, len);
3586 }
3587
3588 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3589 u8 status)
3590 {
3591 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3592 cmd->param, 1);
3593 }
3594
3595 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3596 void *data, u16 len)
3597 {
3598 struct mgmt_cp_start_service_discovery *cp = data;
3599 struct mgmt_pending_cmd *cmd;
3600 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3601 u16 uuid_count, expected_len;
3602 u8 status;
3603 int err;
3604
3605 BT_DBG("%s", hdev->name);
3606
3607 hci_dev_lock(hdev);
3608
3609 if (!hdev_is_powered(hdev)) {
3610 err = mgmt_cmd_complete(sk, hdev->id,
3611 MGMT_OP_START_SERVICE_DISCOVERY,
3612 MGMT_STATUS_NOT_POWERED,
3613 &cp->type, sizeof(cp->type));
3614 goto failed;
3615 }
3616
3617 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3618 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3619 err = mgmt_cmd_complete(sk, hdev->id,
3620 MGMT_OP_START_SERVICE_DISCOVERY,
3621 MGMT_STATUS_BUSY, &cp->type,
3622 sizeof(cp->type));
3623 goto failed;
3624 }
3625
3626 uuid_count = __le16_to_cpu(cp->uuid_count);
3627 if (uuid_count > max_uuid_count) {
3628 BT_ERR("service_discovery: too big uuid_count value %u",
3629 uuid_count);
3630 err = mgmt_cmd_complete(sk, hdev->id,
3631 MGMT_OP_START_SERVICE_DISCOVERY,
3632 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3633 sizeof(cp->type));
3634 goto failed;
3635 }
3636
3637 expected_len = sizeof(*cp) + uuid_count * 16;
3638 if (expected_len != len) {
3639 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3640 expected_len, len);
3641 err = mgmt_cmd_complete(sk, hdev->id,
3642 MGMT_OP_START_SERVICE_DISCOVERY,
3643 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3644 sizeof(cp->type));
3645 goto failed;
3646 }
3647
3648 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3649 err = mgmt_cmd_complete(sk, hdev->id,
3650 MGMT_OP_START_SERVICE_DISCOVERY,
3651 status, &cp->type, sizeof(cp->type));
3652 goto failed;
3653 }
3654
3655 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3656 hdev, data, len);
3657 if (!cmd) {
3658 err = -ENOMEM;
3659 goto failed;
3660 }
3661
3662 cmd->cmd_complete = service_discovery_cmd_complete;
3663
3664 /* Clear the discovery filter first to free any previously
3665 * allocated memory for the UUID list.
3666 */
3667 hci_discovery_filter_clear(hdev);
3668
3669 hdev->discovery.result_filtering = true;
3670 hdev->discovery.type = cp->type;
3671 hdev->discovery.rssi = cp->rssi;
3672 hdev->discovery.uuid_count = uuid_count;
3673
3674 if (uuid_count > 0) {
3675 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3676 GFP_KERNEL);
3677 if (!hdev->discovery.uuids) {
3678 err = mgmt_cmd_complete(sk, hdev->id,
3679 MGMT_OP_START_SERVICE_DISCOVERY,
3680 MGMT_STATUS_FAILED,
3681 &cp->type, sizeof(cp->type));
3682 mgmt_pending_remove(cmd);
3683 goto failed;
3684 }
3685 }
3686
3687 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3688 queue_work(hdev->req_workqueue, &hdev->discov_update);
3689 err = 0;
3690
3691 failed:
3692 hci_dev_unlock(hdev);
3693 return err;
3694 }
3695
3696 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3697 {
3698 struct mgmt_pending_cmd *cmd;
3699
3700 BT_DBG("status %d", status);
3701
3702 hci_dev_lock(hdev);
3703
3704 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3705 if (cmd) {
3706 cmd->cmd_complete(cmd, mgmt_status(status));
3707 mgmt_pending_remove(cmd);
3708 }
3709
3710 hci_dev_unlock(hdev);
3711 }
3712
3713 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3714 u16 len)
3715 {
3716 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3717 struct mgmt_pending_cmd *cmd;
3718 int err;
3719
3720 BT_DBG("%s", hdev->name);
3721
3722 hci_dev_lock(hdev);
3723
3724 if (!hci_discovery_active(hdev)) {
3725 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3726 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3727 sizeof(mgmt_cp->type));
3728 goto unlock;
3729 }
3730
3731 if (hdev->discovery.type != mgmt_cp->type) {
3732 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3733 MGMT_STATUS_INVALID_PARAMS,
3734 &mgmt_cp->type, sizeof(mgmt_cp->type));
3735 goto unlock;
3736 }
3737
3738 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3739 if (!cmd) {
3740 err = -ENOMEM;
3741 goto unlock;
3742 }
3743
3744 cmd->cmd_complete = generic_cmd_complete;
3745
3746 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3747 queue_work(hdev->req_workqueue, &hdev->discov_update);
3748 err = 0;
3749
3750 unlock:
3751 hci_dev_unlock(hdev);
3752 return err;
3753 }
3754
3755 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3756 u16 len)
3757 {
3758 struct mgmt_cp_confirm_name *cp = data;
3759 struct inquiry_entry *e;
3760 int err;
3761
3762 BT_DBG("%s", hdev->name);
3763
3764 hci_dev_lock(hdev);
3765
3766 if (!hci_discovery_active(hdev)) {
3767 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3768 MGMT_STATUS_FAILED, &cp->addr,
3769 sizeof(cp->addr));
3770 goto failed;
3771 }
3772
3773 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3774 if (!e) {
3775 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3776 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3777 sizeof(cp->addr));
3778 goto failed;
3779 }
3780
3781 if (cp->name_known) {
3782 e->name_state = NAME_KNOWN;
3783 list_del(&e->list);
3784 } else {
3785 e->name_state = NAME_NEEDED;
3786 hci_inquiry_cache_update_resolve(hdev, e);
3787 }
3788
3789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3790 &cp->addr, sizeof(cp->addr));
3791
3792 failed:
3793 hci_dev_unlock(hdev);
3794 return err;
3795 }
3796
3797 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3798 u16 len)
3799 {
3800 struct mgmt_cp_block_device *cp = data;
3801 u8 status;
3802 int err;
3803
3804 BT_DBG("%s", hdev->name);
3805
3806 if (!bdaddr_type_is_valid(cp->addr.type))
3807 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3808 MGMT_STATUS_INVALID_PARAMS,
3809 &cp->addr, sizeof(cp->addr));
3810
3811 hci_dev_lock(hdev);
3812
3813 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3814 cp->addr.type);
3815 if (err < 0) {
3816 status = MGMT_STATUS_FAILED;
3817 goto done;
3818 }
3819
3820 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3821 sk);
3822 status = MGMT_STATUS_SUCCESS;
3823
3824 done:
3825 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3826 &cp->addr, sizeof(cp->addr));
3827
3828 hci_dev_unlock(hdev);
3829
3830 return err;
3831 }
3832
3833 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3834 u16 len)
3835 {
3836 struct mgmt_cp_unblock_device *cp = data;
3837 u8 status;
3838 int err;
3839
3840 BT_DBG("%s", hdev->name);
3841
3842 if (!bdaddr_type_is_valid(cp->addr.type))
3843 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3844 MGMT_STATUS_INVALID_PARAMS,
3845 &cp->addr, sizeof(cp->addr));
3846
3847 hci_dev_lock(hdev);
3848
3849 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3850 cp->addr.type);
3851 if (err < 0) {
3852 status = MGMT_STATUS_INVALID_PARAMS;
3853 goto done;
3854 }
3855
3856 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3857 sk);
3858 status = MGMT_STATUS_SUCCESS;
3859
3860 done:
3861 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3862 &cp->addr, sizeof(cp->addr));
3863
3864 hci_dev_unlock(hdev);
3865
3866 return err;
3867 }
3868
3869 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3870 u16 len)
3871 {
3872 struct mgmt_cp_set_device_id *cp = data;
3873 struct hci_request req;
3874 int err;
3875 __u16 source;
3876
3877 BT_DBG("%s", hdev->name);
3878
3879 source = __le16_to_cpu(cp->source);
3880
3881 if (source > 0x0002)
3882 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3883 MGMT_STATUS_INVALID_PARAMS);
3884
3885 hci_dev_lock(hdev);
3886
3887 hdev->devid_source = source;
3888 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3889 hdev->devid_product = __le16_to_cpu(cp->product);
3890 hdev->devid_version = __le16_to_cpu(cp->version);
3891
3892 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3893 NULL, 0);
3894
3895 hci_req_init(&req, hdev);
3896 __hci_req_update_eir(&req);
3897 hci_req_run(&req, NULL);
3898
3899 hci_dev_unlock(hdev);
3900
3901 return err;
3902 }
3903
3904 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3905 u16 opcode)
3906 {
3907 BT_DBG("status %d", status);
3908 }
3909
3910 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3911 u16 opcode)
3912 {
3913 struct cmd_lookup match = { NULL, hdev };
3914 struct hci_request req;
3915 u8 instance;
3916 struct adv_info *adv_instance;
3917 int err;
3918
3919 hci_dev_lock(hdev);
3920
3921 if (status) {
3922 u8 mgmt_err = mgmt_status(status);
3923
3924 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3925 cmd_status_rsp, &mgmt_err);
3926 goto unlock;
3927 }
3928
3929 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3930 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3931 else
3932 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3933
3934 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3935 &match);
3936
3937 new_settings(hdev, match.sk);
3938
3939 if (match.sk)
3940 sock_put(match.sk);
3941
3942 /* If "Set Advertising" was just disabled and instance advertising was
3943 * set up earlier, then re-enable multi-instance advertising.
3944 */
3945 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3946 list_empty(&hdev->adv_instances))
3947 goto unlock;
3948
3949 instance = hdev->cur_adv_instance;
3950 if (!instance) {
3951 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3952 struct adv_info, list);
3953 if (!adv_instance)
3954 goto unlock;
3955
3956 instance = adv_instance->instance;
3957 }
3958
3959 hci_req_init(&req, hdev);
3960
3961 err = __hci_req_schedule_adv_instance(&req, instance, true);
3962
3963 if (!err)
3964 err = hci_req_run(&req, enable_advertising_instance);
3965
3966 if (err)
3967 BT_ERR("Failed to re-configure advertising");
3968
3969 unlock:
3970 hci_dev_unlock(hdev);
3971 }
3972
3973 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3974 u16 len)
3975 {
3976 struct mgmt_mode *cp = data;
3977 struct mgmt_pending_cmd *cmd;
3978 struct hci_request req;
3979 u8 val, status;
3980 int err;
3981
3982 BT_DBG("request for %s", hdev->name);
3983
3984 status = mgmt_le_support(hdev);
3985 if (status)
3986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3987 status);
3988
3989 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3990 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3991 MGMT_STATUS_INVALID_PARAMS);
3992
3993 hci_dev_lock(hdev);
3994
3995 val = !!cp->val;
3996
3997 /* The following conditions are ones which mean that we should
3998 * not do any HCI communication but directly send a mgmt
3999 * response to user space (after toggling the flag if
4000 * necessary).
4001 */
4002 if (!hdev_is_powered(hdev) ||
4003 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4004 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4005 hci_conn_num(hdev, LE_LINK) > 0 ||
4006 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4007 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4008 bool changed;
4009
4010 if (cp->val) {
4011 hdev->cur_adv_instance = 0x00;
4012 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4013 if (cp->val == 0x02)
4014 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4015 else
4016 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4017 } else {
4018 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4019 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4020 }
4021
4022 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4023 if (err < 0)
4024 goto unlock;
4025
4026 if (changed)
4027 err = new_settings(hdev, sk);
4028
4029 goto unlock;
4030 }
4031
4032 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4033 pending_find(MGMT_OP_SET_LE, hdev)) {
4034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4035 MGMT_STATUS_BUSY);
4036 goto unlock;
4037 }
4038
4039 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4040 if (!cmd) {
4041 err = -ENOMEM;
4042 goto unlock;
4043 }
4044
4045 hci_req_init(&req, hdev);
4046
4047 if (cp->val == 0x02)
4048 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4049 else
4050 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4051
4052 cancel_adv_timeout(hdev);
4053
4054 if (val) {
4055 /* Switch to instance "0" for the Set Advertising setting.
4056 * We cannot use update_[adv|scan_rsp]_data() here as the
4057 * HCI_ADVERTISING flag is not yet set.
4058 */
4059 hdev->cur_adv_instance = 0x00;
4060 __hci_req_update_adv_data(&req, 0x00);
4061 __hci_req_update_scan_rsp_data(&req, 0x00);
4062 __hci_req_enable_advertising(&req);
4063 } else {
4064 __hci_req_disable_advertising(&req);
4065 }
4066
4067 err = hci_req_run(&req, set_advertising_complete);
4068 if (err < 0)
4069 mgmt_pending_remove(cmd);
4070
4071 unlock:
4072 hci_dev_unlock(hdev);
4073 return err;
4074 }
4075
4076 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4077 void *data, u16 len)
4078 {
4079 struct mgmt_cp_set_static_address *cp = data;
4080 int err;
4081
4082 BT_DBG("%s", hdev->name);
4083
4084 if (!lmp_le_capable(hdev))
4085 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4086 MGMT_STATUS_NOT_SUPPORTED);
4087
4088 if (hdev_is_powered(hdev))
4089 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4090 MGMT_STATUS_REJECTED);
4091
4092 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4093 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4094 return mgmt_cmd_status(sk, hdev->id,
4095 MGMT_OP_SET_STATIC_ADDRESS,
4096 MGMT_STATUS_INVALID_PARAMS);
4097
4098 /* Two most significant bits shall be set */
4099 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4100 return mgmt_cmd_status(sk, hdev->id,
4101 MGMT_OP_SET_STATIC_ADDRESS,
4102 MGMT_STATUS_INVALID_PARAMS);
4103 }
4104
4105 hci_dev_lock(hdev);
4106
4107 bacpy(&hdev->static_addr, &cp->bdaddr);
4108
4109 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4110 if (err < 0)
4111 goto unlock;
4112
4113 err = new_settings(hdev, sk);
4114
4115 unlock:
4116 hci_dev_unlock(hdev);
4117 return err;
4118 }
4119
4120 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4121 void *data, u16 len)
4122 {
4123 struct mgmt_cp_set_scan_params *cp = data;
4124 __u16 interval, window;
4125 int err;
4126
4127 BT_DBG("%s", hdev->name);
4128
4129 if (!lmp_le_capable(hdev))
4130 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4131 MGMT_STATUS_NOT_SUPPORTED);
4132
4133 interval = __le16_to_cpu(cp->interval);
4134
4135 if (interval < 0x0004 || interval > 0x4000)
4136 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4137 MGMT_STATUS_INVALID_PARAMS);
4138
4139 window = __le16_to_cpu(cp->window);
4140
4141 if (window < 0x0004 || window > 0x4000)
4142 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4143 MGMT_STATUS_INVALID_PARAMS);
4144
4145 if (window > interval)
4146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4147 MGMT_STATUS_INVALID_PARAMS);
4148
4149 hci_dev_lock(hdev);
4150
4151 hdev->le_scan_interval = interval;
4152 hdev->le_scan_window = window;
4153
4154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4155 NULL, 0);
4156
4157 /* If background scan is running, restart it so new parameters are
4158 * loaded.
4159 */
4160 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4161 hdev->discovery.state == DISCOVERY_STOPPED) {
4162 struct hci_request req;
4163
4164 hci_req_init(&req, hdev);
4165
4166 hci_req_add_le_scan_disable(&req);
4167 hci_req_add_le_passive_scan(&req);
4168
4169 hci_req_run(&req, NULL);
4170 }
4171
4172 hci_dev_unlock(hdev);
4173
4174 return err;
4175 }
4176
4177 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4178 u16 opcode)
4179 {
4180 struct mgmt_pending_cmd *cmd;
4181
4182 BT_DBG("status 0x%02x", status);
4183
4184 hci_dev_lock(hdev);
4185
4186 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4187 if (!cmd)
4188 goto unlock;
4189
4190 if (status) {
4191 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4192 mgmt_status(status));
4193 } else {
4194 struct mgmt_mode *cp = cmd->param;
4195
4196 if (cp->val)
4197 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4198 else
4199 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4200
4201 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4202 new_settings(hdev, cmd->sk);
4203 }
4204
4205 mgmt_pending_remove(cmd);
4206
4207 unlock:
4208 hci_dev_unlock(hdev);
4209 }
4210
4211 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4212 void *data, u16 len)
4213 {
4214 struct mgmt_mode *cp = data;
4215 struct mgmt_pending_cmd *cmd;
4216 struct hci_request req;
4217 int err;
4218
4219 BT_DBG("%s", hdev->name);
4220
4221 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4222 hdev->hci_ver < BLUETOOTH_VER_1_2)
4223 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4224 MGMT_STATUS_NOT_SUPPORTED);
4225
4226 if (cp->val != 0x00 && cp->val != 0x01)
4227 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4228 MGMT_STATUS_INVALID_PARAMS);
4229
4230 hci_dev_lock(hdev);
4231
4232 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4233 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4234 MGMT_STATUS_BUSY);
4235 goto unlock;
4236 }
4237
4238 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4239 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4240 hdev);
4241 goto unlock;
4242 }
4243
4244 if (!hdev_is_powered(hdev)) {
4245 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4246 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4247 hdev);
4248 new_settings(hdev, sk);
4249 goto unlock;
4250 }
4251
4252 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4253 data, len);
4254 if (!cmd) {
4255 err = -ENOMEM;
4256 goto unlock;
4257 }
4258
4259 hci_req_init(&req, hdev);
4260
4261 __hci_req_write_fast_connectable(&req, cp->val);
4262
4263 err = hci_req_run(&req, fast_connectable_complete);
4264 if (err < 0) {
4265 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4266 MGMT_STATUS_FAILED);
4267 mgmt_pending_remove(cmd);
4268 }
4269
4270 unlock:
4271 hci_dev_unlock(hdev);
4272
4273 return err;
4274 }
4275
4276 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4277 {
4278 struct mgmt_pending_cmd *cmd;
4279
4280 BT_DBG("status 0x%02x", status);
4281
4282 hci_dev_lock(hdev);
4283
4284 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4285 if (!cmd)
4286 goto unlock;
4287
4288 if (status) {
4289 u8 mgmt_err = mgmt_status(status);
4290
4291 /* We need to restore the flag if related HCI commands
4292 * failed.
4293 */
4294 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4295
4296 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4297 } else {
4298 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4299 new_settings(hdev, cmd->sk);
4300 }
4301
4302 mgmt_pending_remove(cmd);
4303
4304 unlock:
4305 hci_dev_unlock(hdev);
4306 }
4307
4308 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4309 {
4310 struct mgmt_mode *cp = data;
4311 struct mgmt_pending_cmd *cmd;
4312 struct hci_request req;
4313 int err;
4314
4315 BT_DBG("request for %s", hdev->name);
4316
4317 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4319 MGMT_STATUS_NOT_SUPPORTED);
4320
4321 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4323 MGMT_STATUS_REJECTED);
4324
4325 if (cp->val != 0x00 && cp->val != 0x01)
4326 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4327 MGMT_STATUS_INVALID_PARAMS);
4328
4329 hci_dev_lock(hdev);
4330
4331 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4332 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4333 goto unlock;
4334 }
4335
4336 if (!hdev_is_powered(hdev)) {
4337 if (!cp->val) {
4338 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4339 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4340 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4341 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4342 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4343 }
4344
4345 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4346
4347 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4348 if (err < 0)
4349 goto unlock;
4350
4351 err = new_settings(hdev, sk);
4352 goto unlock;
4353 }
4354
4355 /* Reject disabling when powered on */
4356 if (!cp->val) {
4357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4358 MGMT_STATUS_REJECTED);
4359 goto unlock;
4360 } else {
4361 /* When configuring a dual-mode controller to operate
4362 * with LE only and using a static address, then switching
4363 * BR/EDR back on is not allowed.
4364 *
4365 * Dual-mode controllers shall operate with the public
4366 * address as its identity address for BR/EDR and LE. So
4367 * reject the attempt to create an invalid configuration.
4368 *
4369 * The same restrictions applies when secure connections
4370 * has been enabled. For BR/EDR this is a controller feature
4371 * while for LE it is a host stack feature. This means that
4372 * switching BR/EDR back on when secure connections has been
4373 * enabled is not a supported transaction.
4374 */
4375 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4376 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4377 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4379 MGMT_STATUS_REJECTED);
4380 goto unlock;
4381 }
4382 }
4383
4384 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4385 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4386 MGMT_STATUS_BUSY);
4387 goto unlock;
4388 }
4389
4390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4391 if (!cmd) {
4392 err = -ENOMEM;
4393 goto unlock;
4394 }
4395
4396 /* We need to flip the bit already here so that
4397 * hci_req_update_adv_data generates the correct flags.
4398 */
4399 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4400
4401 hci_req_init(&req, hdev);
4402
4403 __hci_req_write_fast_connectable(&req, false);
4404 __hci_req_update_scan(&req);
4405
4406 /* Since only the advertising data flags will change, there
4407 * is no need to update the scan response data.
4408 */
4409 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4410
4411 err = hci_req_run(&req, set_bredr_complete);
4412 if (err < 0)
4413 mgmt_pending_remove(cmd);
4414
4415 unlock:
4416 hci_dev_unlock(hdev);
4417 return err;
4418 }
4419
4420 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4421 {
4422 struct mgmt_pending_cmd *cmd;
4423 struct mgmt_mode *cp;
4424
4425 BT_DBG("%s status %u", hdev->name, status);
4426
4427 hci_dev_lock(hdev);
4428
4429 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4430 if (!cmd)
4431 goto unlock;
4432
4433 if (status) {
4434 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4435 mgmt_status(status));
4436 goto remove;
4437 }
4438
4439 cp = cmd->param;
4440
4441 switch (cp->val) {
4442 case 0x00:
4443 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4444 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4445 break;
4446 case 0x01:
4447 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4448 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4449 break;
4450 case 0x02:
4451 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4452 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4453 break;
4454 }
4455
4456 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4457 new_settings(hdev, cmd->sk);
4458
4459 remove:
4460 mgmt_pending_remove(cmd);
4461 unlock:
4462 hci_dev_unlock(hdev);
4463 }
4464
4465 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4466 void *data, u16 len)
4467 {
4468 struct mgmt_mode *cp = data;
4469 struct mgmt_pending_cmd *cmd;
4470 struct hci_request req;
4471 u8 val;
4472 int err;
4473
4474 BT_DBG("request for %s", hdev->name);
4475
4476 if (!lmp_sc_capable(hdev) &&
4477 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4479 MGMT_STATUS_NOT_SUPPORTED);
4480
4481 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4482 lmp_sc_capable(hdev) &&
4483 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4484 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4485 MGMT_STATUS_REJECTED);
4486
4487 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4488 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4489 MGMT_STATUS_INVALID_PARAMS);
4490
4491 hci_dev_lock(hdev);
4492
4493 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4494 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4495 bool changed;
4496
4497 if (cp->val) {
4498 changed = !hci_dev_test_and_set_flag(hdev,
4499 HCI_SC_ENABLED);
4500 if (cp->val == 0x02)
4501 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4502 else
4503 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4504 } else {
4505 changed = hci_dev_test_and_clear_flag(hdev,
4506 HCI_SC_ENABLED);
4507 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4508 }
4509
4510 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4511 if (err < 0)
4512 goto failed;
4513
4514 if (changed)
4515 err = new_settings(hdev, sk);
4516
4517 goto failed;
4518 }
4519
4520 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4521 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4522 MGMT_STATUS_BUSY);
4523 goto failed;
4524 }
4525
4526 val = !!cp->val;
4527
4528 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4529 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4530 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4531 goto failed;
4532 }
4533
4534 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4535 if (!cmd) {
4536 err = -ENOMEM;
4537 goto failed;
4538 }
4539
4540 hci_req_init(&req, hdev);
4541 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4542 err = hci_req_run(&req, sc_enable_complete);
4543 if (err < 0) {
4544 mgmt_pending_remove(cmd);
4545 goto failed;
4546 }
4547
4548 failed:
4549 hci_dev_unlock(hdev);
4550 return err;
4551 }
4552
4553 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4554 void *data, u16 len)
4555 {
4556 struct mgmt_mode *cp = data;
4557 bool changed, use_changed;
4558 int err;
4559
4560 BT_DBG("request for %s", hdev->name);
4561
4562 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4564 MGMT_STATUS_INVALID_PARAMS);
4565
4566 hci_dev_lock(hdev);
4567
4568 if (cp->val)
4569 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4570 else
4571 changed = hci_dev_test_and_clear_flag(hdev,
4572 HCI_KEEP_DEBUG_KEYS);
4573
4574 if (cp->val == 0x02)
4575 use_changed = !hci_dev_test_and_set_flag(hdev,
4576 HCI_USE_DEBUG_KEYS);
4577 else
4578 use_changed = hci_dev_test_and_clear_flag(hdev,
4579 HCI_USE_DEBUG_KEYS);
4580
4581 if (hdev_is_powered(hdev) && use_changed &&
4582 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4583 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4584 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4585 sizeof(mode), &mode);
4586 }
4587
4588 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4589 if (err < 0)
4590 goto unlock;
4591
4592 if (changed)
4593 err = new_settings(hdev, sk);
4594
4595 unlock:
4596 hci_dev_unlock(hdev);
4597 return err;
4598 }
4599
4600 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4601 u16 len)
4602 {
4603 struct mgmt_cp_set_privacy *cp = cp_data;
4604 bool changed;
4605 int err;
4606
4607 BT_DBG("request for %s", hdev->name);
4608
4609 if (!lmp_le_capable(hdev))
4610 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4611 MGMT_STATUS_NOT_SUPPORTED);
4612
4613 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4614 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4615 MGMT_STATUS_INVALID_PARAMS);
4616
4617 if (hdev_is_powered(hdev))
4618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4619 MGMT_STATUS_REJECTED);
4620
4621 hci_dev_lock(hdev);
4622
4623 /* If user space supports this command it is also expected to
4624 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4625 */
4626 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4627
4628 if (cp->privacy) {
4629 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4630 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4631 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4632 if (cp->privacy == 0x02)
4633 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4634 else
4635 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4636 } else {
4637 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4638 memset(hdev->irk, 0, sizeof(hdev->irk));
4639 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4640 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4641 }
4642
4643 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4644 if (err < 0)
4645 goto unlock;
4646
4647 if (changed)
4648 err = new_settings(hdev, sk);
4649
4650 unlock:
4651 hci_dev_unlock(hdev);
4652 return err;
4653 }
4654
4655 static bool irk_is_valid(struct mgmt_irk_info *irk)
4656 {
4657 switch (irk->addr.type) {
4658 case BDADDR_LE_PUBLIC:
4659 return true;
4660
4661 case BDADDR_LE_RANDOM:
4662 /* Two most significant bits shall be set */
4663 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4664 return false;
4665 return true;
4666 }
4667
4668 return false;
4669 }
4670
4671 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4672 u16 len)
4673 {
4674 struct mgmt_cp_load_irks *cp = cp_data;
4675 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4676 sizeof(struct mgmt_irk_info));
4677 u16 irk_count, expected_len;
4678 int i, err;
4679
4680 BT_DBG("request for %s", hdev->name);
4681
4682 if (!lmp_le_capable(hdev))
4683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4684 MGMT_STATUS_NOT_SUPPORTED);
4685
4686 irk_count = __le16_to_cpu(cp->irk_count);
4687 if (irk_count > max_irk_count) {
4688 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4689 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4690 MGMT_STATUS_INVALID_PARAMS);
4691 }
4692
4693 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4694 if (expected_len != len) {
4695 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4696 expected_len, len);
4697 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4698 MGMT_STATUS_INVALID_PARAMS);
4699 }
4700
4701 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4702
4703 for (i = 0; i < irk_count; i++) {
4704 struct mgmt_irk_info *key = &cp->irks[i];
4705
4706 if (!irk_is_valid(key))
4707 return mgmt_cmd_status(sk, hdev->id,
4708 MGMT_OP_LOAD_IRKS,
4709 MGMT_STATUS_INVALID_PARAMS);
4710 }
4711
4712 hci_dev_lock(hdev);
4713
4714 hci_smp_irks_clear(hdev);
4715
4716 for (i = 0; i < irk_count; i++) {
4717 struct mgmt_irk_info *irk = &cp->irks[i];
4718
4719 hci_add_irk(hdev, &irk->addr.bdaddr,
4720 le_addr_type(irk->addr.type), irk->val,
4721 BDADDR_ANY);
4722 }
4723
4724 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4725
4726 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4727
4728 hci_dev_unlock(hdev);
4729
4730 return err;
4731 }
4732
4733 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4734 {
4735 if (key->master != 0x00 && key->master != 0x01)
4736 return false;
4737
4738 switch (key->addr.type) {
4739 case BDADDR_LE_PUBLIC:
4740 return true;
4741
4742 case BDADDR_LE_RANDOM:
4743 /* Two most significant bits shall be set */
4744 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4745 return false;
4746 return true;
4747 }
4748
4749 return false;
4750 }
4751
4752 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4753 void *cp_data, u16 len)
4754 {
4755 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4756 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4757 sizeof(struct mgmt_ltk_info));
4758 u16 key_count, expected_len;
4759 int i, err;
4760
4761 BT_DBG("request for %s", hdev->name);
4762
4763 if (!lmp_le_capable(hdev))
4764 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4765 MGMT_STATUS_NOT_SUPPORTED);
4766
4767 key_count = __le16_to_cpu(cp->key_count);
4768 if (key_count > max_key_count) {
4769 BT_ERR("load_ltks: too big key_count value %u", key_count);
4770 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4771 MGMT_STATUS_INVALID_PARAMS);
4772 }
4773
4774 expected_len = sizeof(*cp) + key_count *
4775 sizeof(struct mgmt_ltk_info);
4776 if (expected_len != len) {
4777 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4778 expected_len, len);
4779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4780 MGMT_STATUS_INVALID_PARAMS);
4781 }
4782
4783 BT_DBG("%s key_count %u", hdev->name, key_count);
4784
4785 for (i = 0; i < key_count; i++) {
4786 struct mgmt_ltk_info *key = &cp->keys[i];
4787
4788 if (!ltk_is_valid(key))
4789 return mgmt_cmd_status(sk, hdev->id,
4790 MGMT_OP_LOAD_LONG_TERM_KEYS,
4791 MGMT_STATUS_INVALID_PARAMS);
4792 }
4793
4794 hci_dev_lock(hdev);
4795
4796 hci_smp_ltks_clear(hdev);
4797
4798 for (i = 0; i < key_count; i++) {
4799 struct mgmt_ltk_info *key = &cp->keys[i];
4800 u8 type, authenticated;
4801
4802 switch (key->type) {
4803 case MGMT_LTK_UNAUTHENTICATED:
4804 authenticated = 0x00;
4805 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4806 break;
4807 case MGMT_LTK_AUTHENTICATED:
4808 authenticated = 0x01;
4809 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4810 break;
4811 case MGMT_LTK_P256_UNAUTH:
4812 authenticated = 0x00;
4813 type = SMP_LTK_P256;
4814 break;
4815 case MGMT_LTK_P256_AUTH:
4816 authenticated = 0x01;
4817 type = SMP_LTK_P256;
4818 break;
4819 case MGMT_LTK_P256_DEBUG:
4820 authenticated = 0x00;
4821 type = SMP_LTK_P256_DEBUG;
4822 default:
4823 continue;
4824 }
4825
4826 hci_add_ltk(hdev, &key->addr.bdaddr,
4827 le_addr_type(key->addr.type), type, authenticated,
4828 key->val, key->enc_size, key->ediv, key->rand);
4829 }
4830
4831 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4832 NULL, 0);
4833
4834 hci_dev_unlock(hdev);
4835
4836 return err;
4837 }
4838
4839 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4840 {
4841 struct hci_conn *conn = cmd->user_data;
4842 struct mgmt_rp_get_conn_info rp;
4843 int err;
4844
4845 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4846
4847 if (status == MGMT_STATUS_SUCCESS) {
4848 rp.rssi = conn->rssi;
4849 rp.tx_power = conn->tx_power;
4850 rp.max_tx_power = conn->max_tx_power;
4851 } else {
4852 rp.rssi = HCI_RSSI_INVALID;
4853 rp.tx_power = HCI_TX_POWER_INVALID;
4854 rp.max_tx_power = HCI_TX_POWER_INVALID;
4855 }
4856
4857 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4858 status, &rp, sizeof(rp));
4859
4860 hci_conn_drop(conn);
4861 hci_conn_put(conn);
4862
4863 return err;
4864 }
4865
4866 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4867 u16 opcode)
4868 {
4869 struct hci_cp_read_rssi *cp;
4870 struct mgmt_pending_cmd *cmd;
4871 struct hci_conn *conn;
4872 u16 handle;
4873 u8 status;
4874
4875 BT_DBG("status 0x%02x", hci_status);
4876
4877 hci_dev_lock(hdev);
4878
4879 /* Commands sent in request are either Read RSSI or Read Transmit Power
4880 * Level so we check which one was last sent to retrieve connection
4881 * handle. Both commands have handle as first parameter so it's safe to
4882 * cast data on the same command struct.
4883 *
4884 * First command sent is always Read RSSI and we fail only if it fails.
4885 * In other case we simply override error to indicate success as we
4886 * already remembered if TX power value is actually valid.
4887 */
4888 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4889 if (!cp) {
4890 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4891 status = MGMT_STATUS_SUCCESS;
4892 } else {
4893 status = mgmt_status(hci_status);
4894 }
4895
4896 if (!cp) {
4897 BT_ERR("invalid sent_cmd in conn_info response");
4898 goto unlock;
4899 }
4900
4901 handle = __le16_to_cpu(cp->handle);
4902 conn = hci_conn_hash_lookup_handle(hdev, handle);
4903 if (!conn) {
4904 BT_ERR("unknown handle (%d) in conn_info response", handle);
4905 goto unlock;
4906 }
4907
4908 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4909 if (!cmd)
4910 goto unlock;
4911
4912 cmd->cmd_complete(cmd, status);
4913 mgmt_pending_remove(cmd);
4914
4915 unlock:
4916 hci_dev_unlock(hdev);
4917 }
4918
4919 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4920 u16 len)
4921 {
4922 struct mgmt_cp_get_conn_info *cp = data;
4923 struct mgmt_rp_get_conn_info rp;
4924 struct hci_conn *conn;
4925 unsigned long conn_info_age;
4926 int err = 0;
4927
4928 BT_DBG("%s", hdev->name);
4929
4930 memset(&rp, 0, sizeof(rp));
4931 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4932 rp.addr.type = cp->addr.type;
4933
4934 if (!bdaddr_type_is_valid(cp->addr.type))
4935 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4936 MGMT_STATUS_INVALID_PARAMS,
4937 &rp, sizeof(rp));
4938
4939 hci_dev_lock(hdev);
4940
4941 if (!hdev_is_powered(hdev)) {
4942 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4943 MGMT_STATUS_NOT_POWERED, &rp,
4944 sizeof(rp));
4945 goto unlock;
4946 }
4947
4948 if (cp->addr.type == BDADDR_BREDR)
4949 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4950 &cp->addr.bdaddr);
4951 else
4952 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4953
4954 if (!conn || conn->state != BT_CONNECTED) {
4955 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4956 MGMT_STATUS_NOT_CONNECTED, &rp,
4957 sizeof(rp));
4958 goto unlock;
4959 }
4960
4961 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4962 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4963 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4964 goto unlock;
4965 }
4966
4967 /* To avoid client trying to guess when to poll again for information we
4968 * calculate conn info age as random value between min/max set in hdev.
4969 */
4970 conn_info_age = hdev->conn_info_min_age +
4971 prandom_u32_max(hdev->conn_info_max_age -
4972 hdev->conn_info_min_age);
4973
4974 /* Query controller to refresh cached values if they are too old or were
4975 * never read.
4976 */
4977 if (time_after(jiffies, conn->conn_info_timestamp +
4978 msecs_to_jiffies(conn_info_age)) ||
4979 !conn->conn_info_timestamp) {
4980 struct hci_request req;
4981 struct hci_cp_read_tx_power req_txp_cp;
4982 struct hci_cp_read_rssi req_rssi_cp;
4983 struct mgmt_pending_cmd *cmd;
4984
4985 hci_req_init(&req, hdev);
4986 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4987 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4988 &req_rssi_cp);
4989
4990 /* For LE links TX power does not change thus we don't need to
4991 * query for it once value is known.
4992 */
4993 if (!bdaddr_type_is_le(cp->addr.type) ||
4994 conn->tx_power == HCI_TX_POWER_INVALID) {
4995 req_txp_cp.handle = cpu_to_le16(conn->handle);
4996 req_txp_cp.type = 0x00;
4997 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4998 sizeof(req_txp_cp), &req_txp_cp);
4999 }
5000
5001 /* Max TX power needs to be read only once per connection */
5002 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5003 req_txp_cp.handle = cpu_to_le16(conn->handle);
5004 req_txp_cp.type = 0x01;
5005 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5006 sizeof(req_txp_cp), &req_txp_cp);
5007 }
5008
5009 err = hci_req_run(&req, conn_info_refresh_complete);
5010 if (err < 0)
5011 goto unlock;
5012
5013 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5014 data, len);
5015 if (!cmd) {
5016 err = -ENOMEM;
5017 goto unlock;
5018 }
5019
5020 hci_conn_hold(conn);
5021 cmd->user_data = hci_conn_get(conn);
5022 cmd->cmd_complete = conn_info_cmd_complete;
5023
5024 conn->conn_info_timestamp = jiffies;
5025 } else {
5026 /* Cache is valid, just reply with values cached in hci_conn */
5027 rp.rssi = conn->rssi;
5028 rp.tx_power = conn->tx_power;
5029 rp.max_tx_power = conn->max_tx_power;
5030
5031 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5032 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5033 }
5034
5035 unlock:
5036 hci_dev_unlock(hdev);
5037 return err;
5038 }
5039
5040 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5041 {
5042 struct hci_conn *conn = cmd->user_data;
5043 struct mgmt_rp_get_clock_info rp;
5044 struct hci_dev *hdev;
5045 int err;
5046
5047 memset(&rp, 0, sizeof(rp));
5048 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5049
5050 if (status)
5051 goto complete;
5052
5053 hdev = hci_dev_get(cmd->index);
5054 if (hdev) {
5055 rp.local_clock = cpu_to_le32(hdev->clock);
5056 hci_dev_put(hdev);
5057 }
5058
5059 if (conn) {
5060 rp.piconet_clock = cpu_to_le32(conn->clock);
5061 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5062 }
5063
5064 complete:
5065 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5066 sizeof(rp));
5067
5068 if (conn) {
5069 hci_conn_drop(conn);
5070 hci_conn_put(conn);
5071 }
5072
5073 return err;
5074 }
5075
5076 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5077 {
5078 struct hci_cp_read_clock *hci_cp;
5079 struct mgmt_pending_cmd *cmd;
5080 struct hci_conn *conn;
5081
5082 BT_DBG("%s status %u", hdev->name, status);
5083
5084 hci_dev_lock(hdev);
5085
5086 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5087 if (!hci_cp)
5088 goto unlock;
5089
5090 if (hci_cp->which) {
5091 u16 handle = __le16_to_cpu(hci_cp->handle);
5092 conn = hci_conn_hash_lookup_handle(hdev, handle);
5093 } else {
5094 conn = NULL;
5095 }
5096
5097 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5098 if (!cmd)
5099 goto unlock;
5100
5101 cmd->cmd_complete(cmd, mgmt_status(status));
5102 mgmt_pending_remove(cmd);
5103
5104 unlock:
5105 hci_dev_unlock(hdev);
5106 }
5107
5108 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5109 u16 len)
5110 {
5111 struct mgmt_cp_get_clock_info *cp = data;
5112 struct mgmt_rp_get_clock_info rp;
5113 struct hci_cp_read_clock hci_cp;
5114 struct mgmt_pending_cmd *cmd;
5115 struct hci_request req;
5116 struct hci_conn *conn;
5117 int err;
5118
5119 BT_DBG("%s", hdev->name);
5120
5121 memset(&rp, 0, sizeof(rp));
5122 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5123 rp.addr.type = cp->addr.type;
5124
5125 if (cp->addr.type != BDADDR_BREDR)
5126 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5127 MGMT_STATUS_INVALID_PARAMS,
5128 &rp, sizeof(rp));
5129
5130 hci_dev_lock(hdev);
5131
5132 if (!hdev_is_powered(hdev)) {
5133 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5134 MGMT_STATUS_NOT_POWERED, &rp,
5135 sizeof(rp));
5136 goto unlock;
5137 }
5138
5139 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5141 &cp->addr.bdaddr);
5142 if (!conn || conn->state != BT_CONNECTED) {
5143 err = mgmt_cmd_complete(sk, hdev->id,
5144 MGMT_OP_GET_CLOCK_INFO,
5145 MGMT_STATUS_NOT_CONNECTED,
5146 &rp, sizeof(rp));
5147 goto unlock;
5148 }
5149 } else {
5150 conn = NULL;
5151 }
5152
5153 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5154 if (!cmd) {
5155 err = -ENOMEM;
5156 goto unlock;
5157 }
5158
5159 cmd->cmd_complete = clock_info_cmd_complete;
5160
5161 hci_req_init(&req, hdev);
5162
5163 memset(&hci_cp, 0, sizeof(hci_cp));
5164 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5165
5166 if (conn) {
5167 hci_conn_hold(conn);
5168 cmd->user_data = hci_conn_get(conn);
5169
5170 hci_cp.handle = cpu_to_le16(conn->handle);
5171 hci_cp.which = 0x01; /* Piconet clock */
5172 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5173 }
5174
5175 err = hci_req_run(&req, get_clock_info_complete);
5176 if (err < 0)
5177 mgmt_pending_remove(cmd);
5178
5179 unlock:
5180 hci_dev_unlock(hdev);
5181 return err;
5182 }
5183
5184 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5185 {
5186 struct hci_conn *conn;
5187
5188 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5189 if (!conn)
5190 return false;
5191
5192 if (conn->dst_type != type)
5193 return false;
5194
5195 if (conn->state != BT_CONNECTED)
5196 return false;
5197
5198 return true;
5199 }
5200
5201 /* This function requires the caller holds hdev->lock */
5202 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5203 u8 addr_type, u8 auto_connect)
5204 {
5205 struct hci_conn_params *params;
5206
5207 params = hci_conn_params_add(hdev, addr, addr_type);
5208 if (!params)
5209 return -EIO;
5210
5211 if (params->auto_connect == auto_connect)
5212 return 0;
5213
5214 list_del_init(&params->action);
5215
5216 switch (auto_connect) {
5217 case HCI_AUTO_CONN_DISABLED:
5218 case HCI_AUTO_CONN_LINK_LOSS:
5219 /* If auto connect is being disabled when we're trying to
5220 * connect to device, keep connecting.
5221 */
5222 if (params->explicit_connect)
5223 list_add(&params->action, &hdev->pend_le_conns);
5224 break;
5225 case HCI_AUTO_CONN_REPORT:
5226 if (params->explicit_connect)
5227 list_add(&params->action, &hdev->pend_le_conns);
5228 else
5229 list_add(&params->action, &hdev->pend_le_reports);
5230 break;
5231 case HCI_AUTO_CONN_DIRECT:
5232 case HCI_AUTO_CONN_ALWAYS:
5233 if (!is_connected(hdev, addr, addr_type))
5234 list_add(&params->action, &hdev->pend_le_conns);
5235 break;
5236 }
5237
5238 params->auto_connect = auto_connect;
5239
5240 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5241 auto_connect);
5242
5243 return 0;
5244 }
5245
5246 static void device_added(struct sock *sk, struct hci_dev *hdev,
5247 bdaddr_t *bdaddr, u8 type, u8 action)
5248 {
5249 struct mgmt_ev_device_added ev;
5250
5251 bacpy(&ev.addr.bdaddr, bdaddr);
5252 ev.addr.type = type;
5253 ev.action = action;
5254
5255 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5256 }
5257
5258 static int add_device(struct sock *sk, struct hci_dev *hdev,
5259 void *data, u16 len)
5260 {
5261 struct mgmt_cp_add_device *cp = data;
5262 u8 auto_conn, addr_type;
5263 int err;
5264
5265 BT_DBG("%s", hdev->name);
5266
5267 if (!bdaddr_type_is_valid(cp->addr.type) ||
5268 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5269 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5270 MGMT_STATUS_INVALID_PARAMS,
5271 &cp->addr, sizeof(cp->addr));
5272
5273 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5274 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5275 MGMT_STATUS_INVALID_PARAMS,
5276 &cp->addr, sizeof(cp->addr));
5277
5278 hci_dev_lock(hdev);
5279
5280 if (cp->addr.type == BDADDR_BREDR) {
5281 /* Only incoming connections action is supported for now */
5282 if (cp->action != 0x01) {
5283 err = mgmt_cmd_complete(sk, hdev->id,
5284 MGMT_OP_ADD_DEVICE,
5285 MGMT_STATUS_INVALID_PARAMS,
5286 &cp->addr, sizeof(cp->addr));
5287 goto unlock;
5288 }
5289
5290 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5291 cp->addr.type);
5292 if (err)
5293 goto unlock;
5294
5295 hci_req_update_scan(hdev);
5296
5297 goto added;
5298 }
5299
5300 addr_type = le_addr_type(cp->addr.type);
5301
5302 if (cp->action == 0x02)
5303 auto_conn = HCI_AUTO_CONN_ALWAYS;
5304 else if (cp->action == 0x01)
5305 auto_conn = HCI_AUTO_CONN_DIRECT;
5306 else
5307 auto_conn = HCI_AUTO_CONN_REPORT;
5308
5309 /* Kernel internally uses conn_params with resolvable private
5310 * address, but Add Device allows only identity addresses.
5311 * Make sure it is enforced before calling
5312 * hci_conn_params_lookup.
5313 */
5314 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5316 MGMT_STATUS_INVALID_PARAMS,
5317 &cp->addr, sizeof(cp->addr));
5318 goto unlock;
5319 }
5320
5321 /* If the connection parameters don't exist for this device,
5322 * they will be created and configured with defaults.
5323 */
5324 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5325 auto_conn) < 0) {
5326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5327 MGMT_STATUS_FAILED, &cp->addr,
5328 sizeof(cp->addr));
5329 goto unlock;
5330 }
5331
5332 hci_update_background_scan(hdev);
5333
5334 added:
5335 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5336
5337 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5338 MGMT_STATUS_SUCCESS, &cp->addr,
5339 sizeof(cp->addr));
5340
5341 unlock:
5342 hci_dev_unlock(hdev);
5343 return err;
5344 }
5345
5346 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5347 bdaddr_t *bdaddr, u8 type)
5348 {
5349 struct mgmt_ev_device_removed ev;
5350
5351 bacpy(&ev.addr.bdaddr, bdaddr);
5352 ev.addr.type = type;
5353
5354 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5355 }
5356
5357 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5358 void *data, u16 len)
5359 {
5360 struct mgmt_cp_remove_device *cp = data;
5361 int err;
5362
5363 BT_DBG("%s", hdev->name);
5364
5365 hci_dev_lock(hdev);
5366
5367 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5368 struct hci_conn_params *params;
5369 u8 addr_type;
5370
5371 if (!bdaddr_type_is_valid(cp->addr.type)) {
5372 err = mgmt_cmd_complete(sk, hdev->id,
5373 MGMT_OP_REMOVE_DEVICE,
5374 MGMT_STATUS_INVALID_PARAMS,
5375 &cp->addr, sizeof(cp->addr));
5376 goto unlock;
5377 }
5378
5379 if (cp->addr.type == BDADDR_BREDR) {
5380 err = hci_bdaddr_list_del(&hdev->whitelist,
5381 &cp->addr.bdaddr,
5382 cp->addr.type);
5383 if (err) {
5384 err = mgmt_cmd_complete(sk, hdev->id,
5385 MGMT_OP_REMOVE_DEVICE,
5386 MGMT_STATUS_INVALID_PARAMS,
5387 &cp->addr,
5388 sizeof(cp->addr));
5389 goto unlock;
5390 }
5391
5392 hci_req_update_scan(hdev);
5393
5394 device_removed(sk, hdev, &cp->addr.bdaddr,
5395 cp->addr.type);
5396 goto complete;
5397 }
5398
5399 addr_type = le_addr_type(cp->addr.type);
5400
5401 /* Kernel internally uses conn_params with resolvable private
5402 * address, but Remove Device allows only identity addresses.
5403 * Make sure it is enforced before calling
5404 * hci_conn_params_lookup.
5405 */
5406 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5407 err = mgmt_cmd_complete(sk, hdev->id,
5408 MGMT_OP_REMOVE_DEVICE,
5409 MGMT_STATUS_INVALID_PARAMS,
5410 &cp->addr, sizeof(cp->addr));
5411 goto unlock;
5412 }
5413
5414 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5415 addr_type);
5416 if (!params) {
5417 err = mgmt_cmd_complete(sk, hdev->id,
5418 MGMT_OP_REMOVE_DEVICE,
5419 MGMT_STATUS_INVALID_PARAMS,
5420 &cp->addr, sizeof(cp->addr));
5421 goto unlock;
5422 }
5423
5424 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5425 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5426 err = mgmt_cmd_complete(sk, hdev->id,
5427 MGMT_OP_REMOVE_DEVICE,
5428 MGMT_STATUS_INVALID_PARAMS,
5429 &cp->addr, sizeof(cp->addr));
5430 goto unlock;
5431 }
5432
5433 list_del(&params->action);
5434 list_del(&params->list);
5435 kfree(params);
5436 hci_update_background_scan(hdev);
5437
5438 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5439 } else {
5440 struct hci_conn_params *p, *tmp;
5441 struct bdaddr_list *b, *btmp;
5442
5443 if (cp->addr.type) {
5444 err = mgmt_cmd_complete(sk, hdev->id,
5445 MGMT_OP_REMOVE_DEVICE,
5446 MGMT_STATUS_INVALID_PARAMS,
5447 &cp->addr, sizeof(cp->addr));
5448 goto unlock;
5449 }
5450
5451 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5452 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5453 list_del(&b->list);
5454 kfree(b);
5455 }
5456
5457 hci_req_update_scan(hdev);
5458
5459 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5460 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5461 continue;
5462 device_removed(sk, hdev, &p->addr, p->addr_type);
5463 if (p->explicit_connect) {
5464 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5465 continue;
5466 }
5467 list_del(&p->action);
5468 list_del(&p->list);
5469 kfree(p);
5470 }
5471
5472 BT_DBG("All LE connection parameters were removed");
5473
5474 hci_update_background_scan(hdev);
5475 }
5476
5477 complete:
5478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5479 MGMT_STATUS_SUCCESS, &cp->addr,
5480 sizeof(cp->addr));
5481 unlock:
5482 hci_dev_unlock(hdev);
5483 return err;
5484 }
5485
5486 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5487 u16 len)
5488 {
5489 struct mgmt_cp_load_conn_param *cp = data;
5490 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5491 sizeof(struct mgmt_conn_param));
5492 u16 param_count, expected_len;
5493 int i;
5494
5495 if (!lmp_le_capable(hdev))
5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_NOT_SUPPORTED);
5498
5499 param_count = __le16_to_cpu(cp->param_count);
5500 if (param_count > max_param_count) {
5501 BT_ERR("load_conn_param: too big param_count value %u",
5502 param_count);
5503 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5504 MGMT_STATUS_INVALID_PARAMS);
5505 }
5506
5507 expected_len = sizeof(*cp) + param_count *
5508 sizeof(struct mgmt_conn_param);
5509 if (expected_len != len) {
5510 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5511 expected_len, len);
5512 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5513 MGMT_STATUS_INVALID_PARAMS);
5514 }
5515
5516 BT_DBG("%s param_count %u", hdev->name, param_count);
5517
5518 hci_dev_lock(hdev);
5519
5520 hci_conn_params_clear_disabled(hdev);
5521
5522 for (i = 0; i < param_count; i++) {
5523 struct mgmt_conn_param *param = &cp->params[i];
5524 struct hci_conn_params *hci_param;
5525 u16 min, max, latency, timeout;
5526 u8 addr_type;
5527
5528 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5529 param->addr.type);
5530
5531 if (param->addr.type == BDADDR_LE_PUBLIC) {
5532 addr_type = ADDR_LE_DEV_PUBLIC;
5533 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5534 addr_type = ADDR_LE_DEV_RANDOM;
5535 } else {
5536 BT_ERR("Ignoring invalid connection parameters");
5537 continue;
5538 }
5539
5540 min = le16_to_cpu(param->min_interval);
5541 max = le16_to_cpu(param->max_interval);
5542 latency = le16_to_cpu(param->latency);
5543 timeout = le16_to_cpu(param->timeout);
5544
5545 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5546 min, max, latency, timeout);
5547
5548 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5549 BT_ERR("Ignoring invalid connection parameters");
5550 continue;
5551 }
5552
5553 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5554 addr_type);
5555 if (!hci_param) {
5556 BT_ERR("Failed to add connection parameters");
5557 continue;
5558 }
5559
5560 hci_param->conn_min_interval = min;
5561 hci_param->conn_max_interval = max;
5562 hci_param->conn_latency = latency;
5563 hci_param->supervision_timeout = timeout;
5564 }
5565
5566 hci_dev_unlock(hdev);
5567
5568 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5569 NULL, 0);
5570 }
5571
5572 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5573 void *data, u16 len)
5574 {
5575 struct mgmt_cp_set_external_config *cp = data;
5576 bool changed;
5577 int err;
5578
5579 BT_DBG("%s", hdev->name);
5580
5581 if (hdev_is_powered(hdev))
5582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5583 MGMT_STATUS_REJECTED);
5584
5585 if (cp->config != 0x00 && cp->config != 0x01)
5586 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5587 MGMT_STATUS_INVALID_PARAMS);
5588
5589 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5591 MGMT_STATUS_NOT_SUPPORTED);
5592
5593 hci_dev_lock(hdev);
5594
5595 if (cp->config)
5596 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5597 else
5598 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5599
5600 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5601 if (err < 0)
5602 goto unlock;
5603
5604 if (!changed)
5605 goto unlock;
5606
5607 err = new_options(hdev, sk);
5608
5609 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5610 mgmt_index_removed(hdev);
5611
5612 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5613 hci_dev_set_flag(hdev, HCI_CONFIG);
5614 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5615
5616 queue_work(hdev->req_workqueue, &hdev->power_on);
5617 } else {
5618 set_bit(HCI_RAW, &hdev->flags);
5619 mgmt_index_added(hdev);
5620 }
5621 }
5622
5623 unlock:
5624 hci_dev_unlock(hdev);
5625 return err;
5626 }
5627
5628 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5629 void *data, u16 len)
5630 {
5631 struct mgmt_cp_set_public_address *cp = data;
5632 bool changed;
5633 int err;
5634
5635 BT_DBG("%s", hdev->name);
5636
5637 if (hdev_is_powered(hdev))
5638 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5639 MGMT_STATUS_REJECTED);
5640
5641 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5642 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5643 MGMT_STATUS_INVALID_PARAMS);
5644
5645 if (!hdev->set_bdaddr)
5646 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5647 MGMT_STATUS_NOT_SUPPORTED);
5648
5649 hci_dev_lock(hdev);
5650
5651 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5652 bacpy(&hdev->public_addr, &cp->bdaddr);
5653
5654 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5655 if (err < 0)
5656 goto unlock;
5657
5658 if (!changed)
5659 goto unlock;
5660
5661 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5662 err = new_options(hdev, sk);
5663
5664 if (is_configured(hdev)) {
5665 mgmt_index_removed(hdev);
5666
5667 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5668
5669 hci_dev_set_flag(hdev, HCI_CONFIG);
5670 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5671
5672 queue_work(hdev->req_workqueue, &hdev->power_on);
5673 }
5674
5675 unlock:
5676 hci_dev_unlock(hdev);
5677 return err;
5678 }
5679
5680 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5681 u16 opcode, struct sk_buff *skb)
5682 {
5683 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5684 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5685 u8 *h192, *r192, *h256, *r256;
5686 struct mgmt_pending_cmd *cmd;
5687 u16 eir_len;
5688 int err;
5689
5690 BT_DBG("%s status %u", hdev->name, status);
5691
5692 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5693 if (!cmd)
5694 return;
5695
5696 mgmt_cp = cmd->param;
5697
5698 if (status) {
5699 status = mgmt_status(status);
5700 eir_len = 0;
5701
5702 h192 = NULL;
5703 r192 = NULL;
5704 h256 = NULL;
5705 r256 = NULL;
5706 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5707 struct hci_rp_read_local_oob_data *rp;
5708
5709 if (skb->len != sizeof(*rp)) {
5710 status = MGMT_STATUS_FAILED;
5711 eir_len = 0;
5712 } else {
5713 status = MGMT_STATUS_SUCCESS;
5714 rp = (void *)skb->data;
5715
5716 eir_len = 5 + 18 + 18;
5717 h192 = rp->hash;
5718 r192 = rp->rand;
5719 h256 = NULL;
5720 r256 = NULL;
5721 }
5722 } else {
5723 struct hci_rp_read_local_oob_ext_data *rp;
5724
5725 if (skb->len != sizeof(*rp)) {
5726 status = MGMT_STATUS_FAILED;
5727 eir_len = 0;
5728 } else {
5729 status = MGMT_STATUS_SUCCESS;
5730 rp = (void *)skb->data;
5731
5732 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5733 eir_len = 5 + 18 + 18;
5734 h192 = NULL;
5735 r192 = NULL;
5736 } else {
5737 eir_len = 5 + 18 + 18 + 18 + 18;
5738 h192 = rp->hash192;
5739 r192 = rp->rand192;
5740 }
5741
5742 h256 = rp->hash256;
5743 r256 = rp->rand256;
5744 }
5745 }
5746
5747 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5748 if (!mgmt_rp)
5749 goto done;
5750
5751 if (status)
5752 goto send_rsp;
5753
5754 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5755 hdev->dev_class, 3);
5756
5757 if (h192 && r192) {
5758 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5759 EIR_SSP_HASH_C192, h192, 16);
5760 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5761 EIR_SSP_RAND_R192, r192, 16);
5762 }
5763
5764 if (h256 && r256) {
5765 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5766 EIR_SSP_HASH_C256, h256, 16);
5767 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5768 EIR_SSP_RAND_R256, r256, 16);
5769 }
5770
5771 send_rsp:
5772 mgmt_rp->type = mgmt_cp->type;
5773 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5774
5775 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5776 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5777 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5778 if (err < 0 || status)
5779 goto done;
5780
5781 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5782
5783 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5784 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5785 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5786 done:
5787 kfree(mgmt_rp);
5788 mgmt_pending_remove(cmd);
5789 }
5790
5791 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5792 struct mgmt_cp_read_local_oob_ext_data *cp)
5793 {
5794 struct mgmt_pending_cmd *cmd;
5795 struct hci_request req;
5796 int err;
5797
5798 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5799 cp, sizeof(*cp));
5800 if (!cmd)
5801 return -ENOMEM;
5802
5803 hci_req_init(&req, hdev);
5804
5805 if (bredr_sc_enabled(hdev))
5806 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5807 else
5808 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5809
5810 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5811 if (err < 0) {
5812 mgmt_pending_remove(cmd);
5813 return err;
5814 }
5815
5816 return 0;
5817 }
5818
5819 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5820 void *data, u16 data_len)
5821 {
5822 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5823 struct mgmt_rp_read_local_oob_ext_data *rp;
5824 size_t rp_len;
5825 u16 eir_len;
5826 u8 status, flags, role, addr[7], hash[16], rand[16];
5827 int err;
5828
5829 BT_DBG("%s", hdev->name);
5830
5831 if (hdev_is_powered(hdev)) {
5832 switch (cp->type) {
5833 case BIT(BDADDR_BREDR):
5834 status = mgmt_bredr_support(hdev);
5835 if (status)
5836 eir_len = 0;
5837 else
5838 eir_len = 5;
5839 break;
5840 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5841 status = mgmt_le_support(hdev);
5842 if (status)
5843 eir_len = 0;
5844 else
5845 eir_len = 9 + 3 + 18 + 18 + 3;
5846 break;
5847 default:
5848 status = MGMT_STATUS_INVALID_PARAMS;
5849 eir_len = 0;
5850 break;
5851 }
5852 } else {
5853 status = MGMT_STATUS_NOT_POWERED;
5854 eir_len = 0;
5855 }
5856
5857 rp_len = sizeof(*rp) + eir_len;
5858 rp = kmalloc(rp_len, GFP_ATOMIC);
5859 if (!rp)
5860 return -ENOMEM;
5861
5862 if (status)
5863 goto complete;
5864
5865 hci_dev_lock(hdev);
5866
5867 eir_len = 0;
5868 switch (cp->type) {
5869 case BIT(BDADDR_BREDR):
5870 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5871 err = read_local_ssp_oob_req(hdev, sk, cp);
5872 hci_dev_unlock(hdev);
5873 if (!err)
5874 goto done;
5875
5876 status = MGMT_STATUS_FAILED;
5877 goto complete;
5878 } else {
5879 eir_len = eir_append_data(rp->eir, eir_len,
5880 EIR_CLASS_OF_DEV,
5881 hdev->dev_class, 3);
5882 }
5883 break;
5884 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5885 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5886 smp_generate_oob(hdev, hash, rand) < 0) {
5887 hci_dev_unlock(hdev);
5888 status = MGMT_STATUS_FAILED;
5889 goto complete;
5890 }
5891
5892 /* This should return the active RPA, but since the RPA
5893 * is only programmed on demand, it is really hard to fill
5894 * this in at the moment. For now disallow retrieving
5895 * local out-of-band data when privacy is in use.
5896 *
5897 * Returning the identity address will not help here since
5898 * pairing happens before the identity resolving key is
5899 * known and thus the connection establishment happens
5900 * based on the RPA and not the identity address.
5901 */
5902 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5903 hci_dev_unlock(hdev);
5904 status = MGMT_STATUS_REJECTED;
5905 goto complete;
5906 }
5907
5908 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5909 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5910 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5911 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5912 memcpy(addr, &hdev->static_addr, 6);
5913 addr[6] = 0x01;
5914 } else {
5915 memcpy(addr, &hdev->bdaddr, 6);
5916 addr[6] = 0x00;
5917 }
5918
5919 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5920 addr, sizeof(addr));
5921
5922 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5923 role = 0x02;
5924 else
5925 role = 0x01;
5926
5927 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5928 &role, sizeof(role));
5929
5930 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5931 eir_len = eir_append_data(rp->eir, eir_len,
5932 EIR_LE_SC_CONFIRM,
5933 hash, sizeof(hash));
5934
5935 eir_len = eir_append_data(rp->eir, eir_len,
5936 EIR_LE_SC_RANDOM,
5937 rand, sizeof(rand));
5938 }
5939
5940 flags = mgmt_get_adv_discov_flags(hdev);
5941
5942 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5943 flags |= LE_AD_NO_BREDR;
5944
5945 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5946 &flags, sizeof(flags));
5947 break;
5948 }
5949
5950 hci_dev_unlock(hdev);
5951
5952 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5953
5954 status = MGMT_STATUS_SUCCESS;
5955
5956 complete:
5957 rp->type = cp->type;
5958 rp->eir_len = cpu_to_le16(eir_len);
5959
5960 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5961 status, rp, sizeof(*rp) + eir_len);
5962 if (err < 0 || status)
5963 goto done;
5964
5965 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5966 rp, sizeof(*rp) + eir_len,
5967 HCI_MGMT_OOB_DATA_EVENTS, sk);
5968
5969 done:
5970 kfree(rp);
5971
5972 return err;
5973 }
5974
5975 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5976 {
5977 u32 flags = 0;
5978
5979 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5980 flags |= MGMT_ADV_FLAG_DISCOV;
5981 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5982 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5983 flags |= MGMT_ADV_FLAG_APPEARANCE;
5984 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5985
5986 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5987 flags |= MGMT_ADV_FLAG_TX_POWER;
5988
5989 return flags;
5990 }
5991
5992 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5993 void *data, u16 data_len)
5994 {
5995 struct mgmt_rp_read_adv_features *rp;
5996 size_t rp_len;
5997 int err;
5998 struct adv_info *adv_instance;
5999 u32 supported_flags;
6000 u8 *instance;
6001
6002 BT_DBG("%s", hdev->name);
6003
6004 if (!lmp_le_capable(hdev))
6005 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6006 MGMT_STATUS_REJECTED);
6007
6008 hci_dev_lock(hdev);
6009
6010 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6011 rp = kmalloc(rp_len, GFP_ATOMIC);
6012 if (!rp) {
6013 hci_dev_unlock(hdev);
6014 return -ENOMEM;
6015 }
6016
6017 supported_flags = get_supported_adv_flags(hdev);
6018
6019 rp->supported_flags = cpu_to_le32(supported_flags);
6020 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6021 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6022 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6023 rp->num_instances = hdev->adv_instance_cnt;
6024
6025 instance = rp->instance;
6026 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6027 *instance = adv_instance->instance;
6028 instance++;
6029 }
6030
6031 hci_dev_unlock(hdev);
6032
6033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6034 MGMT_STATUS_SUCCESS, rp, rp_len);
6035
6036 kfree(rp);
6037
6038 return err;
6039 }
6040
6041 static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6042 {
6043 u8 max_len = HCI_MAX_AD_LENGTH;
6044
6045 if (is_adv_data) {
6046 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6047 MGMT_ADV_FLAG_LIMITED_DISCOV |
6048 MGMT_ADV_FLAG_MANAGED_FLAGS))
6049 max_len -= 3;
6050
6051 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6052 max_len -= 3;
6053 } else {
6054 /* at least 1 byte of name should fit in */
6055 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6056 max_len -= 3;
6057
6058 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6059 max_len -= 4;
6060 }
6061
6062 return max_len;
6063 }
6064
6065 static bool flags_managed(u32 adv_flags)
6066 {
6067 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6068 MGMT_ADV_FLAG_LIMITED_DISCOV |
6069 MGMT_ADV_FLAG_MANAGED_FLAGS);
6070 }
6071
6072 static bool tx_power_managed(u32 adv_flags)
6073 {
6074 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6075 }
6076
6077 static bool name_managed(u32 adv_flags)
6078 {
6079 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6080 }
6081
6082 static bool appearance_managed(u32 adv_flags)
6083 {
6084 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6085 }
6086
6087 static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)
6088 {
6089 int i, cur_len;
6090 u8 max_len;
6091
6092 max_len = tlv_data_max_len(adv_flags, is_adv_data);
6093
6094 if (len > max_len)
6095 return false;
6096
6097 /* Make sure that the data is correctly formatted. */
6098 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6099 cur_len = data[i];
6100
6101 if (data[i + 1] == EIR_FLAGS &&
6102 (!is_adv_data || flags_managed(adv_flags)))
6103 return false;
6104
6105 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6106 return false;
6107
6108 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6109 return false;
6110
6111 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6112 return false;
6113
6114 if (data[i + 1] == EIR_APPEARANCE &&
6115 appearance_managed(adv_flags))
6116 return false;
6117
6118 /* If the current field length would exceed the total data
6119 * length, then it's invalid.
6120 */
6121 if (i + cur_len >= len)
6122 return false;
6123 }
6124
6125 return true;
6126 }
6127
6128 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6129 u16 opcode)
6130 {
6131 struct mgmt_pending_cmd *cmd;
6132 struct mgmt_cp_add_advertising *cp;
6133 struct mgmt_rp_add_advertising rp;
6134 struct adv_info *adv_instance, *n;
6135 u8 instance;
6136
6137 BT_DBG("status %d", status);
6138
6139 hci_dev_lock(hdev);
6140
6141 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6142
6143 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6144 if (!adv_instance->pending)
6145 continue;
6146
6147 if (!status) {
6148 adv_instance->pending = false;
6149 continue;
6150 }
6151
6152 instance = adv_instance->instance;
6153
6154 if (hdev->cur_adv_instance == instance)
6155 cancel_adv_timeout(hdev);
6156
6157 hci_remove_adv_instance(hdev, instance);
6158 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6159 }
6160
6161 if (!cmd)
6162 goto unlock;
6163
6164 cp = cmd->param;
6165 rp.instance = cp->instance;
6166
6167 if (status)
6168 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6169 mgmt_status(status));
6170 else
6171 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6172 mgmt_status(status), &rp, sizeof(rp));
6173
6174 mgmt_pending_remove(cmd);
6175
6176 unlock:
6177 hci_dev_unlock(hdev);
6178 }
6179
6180 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6181 void *data, u16 data_len)
6182 {
6183 struct mgmt_cp_add_advertising *cp = data;
6184 struct mgmt_rp_add_advertising rp;
6185 u32 flags;
6186 u32 supported_flags;
6187 u8 status;
6188 u16 timeout, duration;
6189 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6190 u8 schedule_instance = 0;
6191 struct adv_info *next_instance;
6192 int err;
6193 struct mgmt_pending_cmd *cmd;
6194 struct hci_request req;
6195
6196 BT_DBG("%s", hdev->name);
6197
6198 status = mgmt_le_support(hdev);
6199 if (status)
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6201 status);
6202
6203 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6205 MGMT_STATUS_INVALID_PARAMS);
6206
6207 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6209 MGMT_STATUS_INVALID_PARAMS);
6210
6211 flags = __le32_to_cpu(cp->flags);
6212 timeout = __le16_to_cpu(cp->timeout);
6213 duration = __le16_to_cpu(cp->duration);
6214
6215 /* The current implementation only supports a subset of the specified
6216 * flags.
6217 */
6218 supported_flags = get_supported_adv_flags(hdev);
6219 if (flags & ~supported_flags)
6220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6221 MGMT_STATUS_INVALID_PARAMS);
6222
6223 hci_dev_lock(hdev);
6224
6225 if (timeout && !hdev_is_powered(hdev)) {
6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6227 MGMT_STATUS_REJECTED);
6228 goto unlock;
6229 }
6230
6231 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6232 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6233 pending_find(MGMT_OP_SET_LE, hdev)) {
6234 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6235 MGMT_STATUS_BUSY);
6236 goto unlock;
6237 }
6238
6239 if (!tlv_data_is_valid(flags, cp->data, cp->adv_data_len, true) ||
6240 !tlv_data_is_valid(flags, cp->data + cp->adv_data_len,
6241 cp->scan_rsp_len, false)) {
6242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6243 MGMT_STATUS_INVALID_PARAMS);
6244 goto unlock;
6245 }
6246
6247 err = hci_add_adv_instance(hdev, cp->instance, flags,
6248 cp->adv_data_len, cp->data,
6249 cp->scan_rsp_len,
6250 cp->data + cp->adv_data_len,
6251 timeout, duration);
6252 if (err < 0) {
6253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6254 MGMT_STATUS_FAILED);
6255 goto unlock;
6256 }
6257
6258 /* Only trigger an advertising added event if a new instance was
6259 * actually added.
6260 */
6261 if (hdev->adv_instance_cnt > prev_instance_cnt)
6262 mgmt_advertising_added(sk, hdev, cp->instance);
6263
6264 if (hdev->cur_adv_instance == cp->instance) {
6265 /* If the currently advertised instance is being changed then
6266 * cancel the current advertising and schedule the next
6267 * instance. If there is only one instance then the overridden
6268 * advertising data will be visible right away.
6269 */
6270 cancel_adv_timeout(hdev);
6271
6272 next_instance = hci_get_next_instance(hdev, cp->instance);
6273 if (next_instance)
6274 schedule_instance = next_instance->instance;
6275 } else if (!hdev->adv_instance_timeout) {
6276 /* Immediately advertise the new instance if no other
6277 * instance is currently being advertised.
6278 */
6279 schedule_instance = cp->instance;
6280 }
6281
6282 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6283 * there is no instance to be advertised then we have no HCI
6284 * communication to make. Simply return.
6285 */
6286 if (!hdev_is_powered(hdev) ||
6287 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6288 !schedule_instance) {
6289 rp.instance = cp->instance;
6290 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6291 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6292 goto unlock;
6293 }
6294
6295 /* We're good to go, update advertising data, parameters, and start
6296 * advertising.
6297 */
6298 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6299 data_len);
6300 if (!cmd) {
6301 err = -ENOMEM;
6302 goto unlock;
6303 }
6304
6305 hci_req_init(&req, hdev);
6306
6307 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6308
6309 if (!err)
6310 err = hci_req_run(&req, add_advertising_complete);
6311
6312 if (err < 0)
6313 mgmt_pending_remove(cmd);
6314
6315 unlock:
6316 hci_dev_unlock(hdev);
6317
6318 return err;
6319 }
6320
6321 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6322 u16 opcode)
6323 {
6324 struct mgmt_pending_cmd *cmd;
6325 struct mgmt_cp_remove_advertising *cp;
6326 struct mgmt_rp_remove_advertising rp;
6327
6328 BT_DBG("status %d", status);
6329
6330 hci_dev_lock(hdev);
6331
6332 /* A failure status here only means that we failed to disable
6333 * advertising. Otherwise, the advertising instance has been removed,
6334 * so report success.
6335 */
6336 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6337 if (!cmd)
6338 goto unlock;
6339
6340 cp = cmd->param;
6341 rp.instance = cp->instance;
6342
6343 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6344 &rp, sizeof(rp));
6345 mgmt_pending_remove(cmd);
6346
6347 unlock:
6348 hci_dev_unlock(hdev);
6349 }
6350
6351 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6352 void *data, u16 data_len)
6353 {
6354 struct mgmt_cp_remove_advertising *cp = data;
6355 struct mgmt_rp_remove_advertising rp;
6356 struct mgmt_pending_cmd *cmd;
6357 struct hci_request req;
6358 int err;
6359
6360 BT_DBG("%s", hdev->name);
6361
6362 hci_dev_lock(hdev);
6363
6364 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6365 err = mgmt_cmd_status(sk, hdev->id,
6366 MGMT_OP_REMOVE_ADVERTISING,
6367 MGMT_STATUS_INVALID_PARAMS);
6368 goto unlock;
6369 }
6370
6371 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6372 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6373 pending_find(MGMT_OP_SET_LE, hdev)) {
6374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6375 MGMT_STATUS_BUSY);
6376 goto unlock;
6377 }
6378
6379 if (list_empty(&hdev->adv_instances)) {
6380 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6381 MGMT_STATUS_INVALID_PARAMS);
6382 goto unlock;
6383 }
6384
6385 hci_req_init(&req, hdev);
6386
6387 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6388
6389 if (list_empty(&hdev->adv_instances))
6390 __hci_req_disable_advertising(&req);
6391
6392 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6393 * flag is set or the device isn't powered then we have no HCI
6394 * communication to make. Simply return.
6395 */
6396 if (skb_queue_empty(&req.cmd_q) ||
6397 !hdev_is_powered(hdev) ||
6398 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6399 rp.instance = cp->instance;
6400 err = mgmt_cmd_complete(sk, hdev->id,
6401 MGMT_OP_REMOVE_ADVERTISING,
6402 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6403 goto unlock;
6404 }
6405
6406 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6407 data_len);
6408 if (!cmd) {
6409 err = -ENOMEM;
6410 goto unlock;
6411 }
6412
6413 err = hci_req_run(&req, remove_advertising_complete);
6414 if (err < 0)
6415 mgmt_pending_remove(cmd);
6416
6417 unlock:
6418 hci_dev_unlock(hdev);
6419
6420 return err;
6421 }
6422
6423 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6424 void *data, u16 data_len)
6425 {
6426 struct mgmt_cp_get_adv_size_info *cp = data;
6427 struct mgmt_rp_get_adv_size_info rp;
6428 u32 flags, supported_flags;
6429 int err;
6430
6431 BT_DBG("%s", hdev->name);
6432
6433 if (!lmp_le_capable(hdev))
6434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6435 MGMT_STATUS_REJECTED);
6436
6437 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6439 MGMT_STATUS_INVALID_PARAMS);
6440
6441 flags = __le32_to_cpu(cp->flags);
6442
6443 /* The current implementation only supports a subset of the specified
6444 * flags.
6445 */
6446 supported_flags = get_supported_adv_flags(hdev);
6447 if (flags & ~supported_flags)
6448 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6449 MGMT_STATUS_INVALID_PARAMS);
6450
6451 rp.instance = cp->instance;
6452 rp.flags = cp->flags;
6453 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6454 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6455
6456 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6457 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6458
6459 return err;
6460 }
6461
6462 static const struct hci_mgmt_handler mgmt_handlers[] = {
6463 { NULL }, /* 0x0000 (no command) */
6464 { read_version, MGMT_READ_VERSION_SIZE,
6465 HCI_MGMT_NO_HDEV |
6466 HCI_MGMT_UNTRUSTED },
6467 { read_commands, MGMT_READ_COMMANDS_SIZE,
6468 HCI_MGMT_NO_HDEV |
6469 HCI_MGMT_UNTRUSTED },
6470 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6471 HCI_MGMT_NO_HDEV |
6472 HCI_MGMT_UNTRUSTED },
6473 { read_controller_info, MGMT_READ_INFO_SIZE,
6474 HCI_MGMT_UNTRUSTED },
6475 { set_powered, MGMT_SETTING_SIZE },
6476 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6477 { set_connectable, MGMT_SETTING_SIZE },
6478 { set_fast_connectable, MGMT_SETTING_SIZE },
6479 { set_bondable, MGMT_SETTING_SIZE },
6480 { set_link_security, MGMT_SETTING_SIZE },
6481 { set_ssp, MGMT_SETTING_SIZE },
6482 { set_hs, MGMT_SETTING_SIZE },
6483 { set_le, MGMT_SETTING_SIZE },
6484 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6485 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6486 { add_uuid, MGMT_ADD_UUID_SIZE },
6487 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6488 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6489 HCI_MGMT_VAR_LEN },
6490 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6491 HCI_MGMT_VAR_LEN },
6492 { disconnect, MGMT_DISCONNECT_SIZE },
6493 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6494 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6495 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6496 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6497 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6498 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6499 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6500 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6501 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6502 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6503 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6504 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6505 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6506 HCI_MGMT_VAR_LEN },
6507 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6508 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6509 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6510 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6511 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6512 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6513 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6514 { set_advertising, MGMT_SETTING_SIZE },
6515 { set_bredr, MGMT_SETTING_SIZE },
6516 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6517 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6518 { set_secure_conn, MGMT_SETTING_SIZE },
6519 { set_debug_keys, MGMT_SETTING_SIZE },
6520 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6521 { load_irks, MGMT_LOAD_IRKS_SIZE,
6522 HCI_MGMT_VAR_LEN },
6523 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6524 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6525 { add_device, MGMT_ADD_DEVICE_SIZE },
6526 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6527 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6528 HCI_MGMT_VAR_LEN },
6529 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6530 HCI_MGMT_NO_HDEV |
6531 HCI_MGMT_UNTRUSTED },
6532 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6533 HCI_MGMT_UNCONFIGURED |
6534 HCI_MGMT_UNTRUSTED },
6535 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6536 HCI_MGMT_UNCONFIGURED },
6537 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6538 HCI_MGMT_UNCONFIGURED },
6539 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6540 HCI_MGMT_VAR_LEN },
6541 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6542 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6543 HCI_MGMT_NO_HDEV |
6544 HCI_MGMT_UNTRUSTED },
6545 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6546 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6547 HCI_MGMT_VAR_LEN },
6548 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6549 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6550 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6551 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6552 HCI_MGMT_UNTRUSTED },
6553 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6554 };
6555
6556 void mgmt_index_added(struct hci_dev *hdev)
6557 {
6558 struct mgmt_ev_ext_index ev;
6559
6560 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6561 return;
6562
6563 switch (hdev->dev_type) {
6564 case HCI_PRIMARY:
6565 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6566 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6567 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6568 ev.type = 0x01;
6569 } else {
6570 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6571 HCI_MGMT_INDEX_EVENTS);
6572 ev.type = 0x00;
6573 }
6574 break;
6575 case HCI_AMP:
6576 ev.type = 0x02;
6577 break;
6578 default:
6579 return;
6580 }
6581
6582 ev.bus = hdev->bus;
6583
6584 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6585 HCI_MGMT_EXT_INDEX_EVENTS);
6586 }
6587
6588 void mgmt_index_removed(struct hci_dev *hdev)
6589 {
6590 struct mgmt_ev_ext_index ev;
6591 u8 status = MGMT_STATUS_INVALID_INDEX;
6592
6593 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6594 return;
6595
6596 switch (hdev->dev_type) {
6597 case HCI_PRIMARY:
6598 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6599
6600 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6601 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6602 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6603 ev.type = 0x01;
6604 } else {
6605 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6606 HCI_MGMT_INDEX_EVENTS);
6607 ev.type = 0x00;
6608 }
6609 break;
6610 case HCI_AMP:
6611 ev.type = 0x02;
6612 break;
6613 default:
6614 return;
6615 }
6616
6617 ev.bus = hdev->bus;
6618
6619 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6620 HCI_MGMT_EXT_INDEX_EVENTS);
6621 }
6622
6623 /* This function requires the caller holds hdev->lock */
6624 static void restart_le_actions(struct hci_dev *hdev)
6625 {
6626 struct hci_conn_params *p;
6627
6628 list_for_each_entry(p, &hdev->le_conn_params, list) {
6629 /* Needed for AUTO_OFF case where might not "really"
6630 * have been powered off.
6631 */
6632 list_del_init(&p->action);
6633
6634 switch (p->auto_connect) {
6635 case HCI_AUTO_CONN_DIRECT:
6636 case HCI_AUTO_CONN_ALWAYS:
6637 list_add(&p->action, &hdev->pend_le_conns);
6638 break;
6639 case HCI_AUTO_CONN_REPORT:
6640 list_add(&p->action, &hdev->pend_le_reports);
6641 break;
6642 default:
6643 break;
6644 }
6645 }
6646 }
6647
6648 void mgmt_power_on(struct hci_dev *hdev, int err)
6649 {
6650 struct cmd_lookup match = { NULL, hdev };
6651
6652 BT_DBG("err %d", err);
6653
6654 hci_dev_lock(hdev);
6655
6656 if (!err) {
6657 restart_le_actions(hdev);
6658 hci_update_background_scan(hdev);
6659 }
6660
6661 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6662
6663 new_settings(hdev, match.sk);
6664
6665 if (match.sk)
6666 sock_put(match.sk);
6667
6668 hci_dev_unlock(hdev);
6669 }
6670
6671 void __mgmt_power_off(struct hci_dev *hdev)
6672 {
6673 struct cmd_lookup match = { NULL, hdev };
6674 u8 status, zero_cod[] = { 0, 0, 0 };
6675
6676 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6677
6678 /* If the power off is because of hdev unregistration let
6679 * use the appropriate INVALID_INDEX status. Otherwise use
6680 * NOT_POWERED. We cover both scenarios here since later in
6681 * mgmt_index_removed() any hci_conn callbacks will have already
6682 * been triggered, potentially causing misleading DISCONNECTED
6683 * status responses.
6684 */
6685 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6686 status = MGMT_STATUS_INVALID_INDEX;
6687 else
6688 status = MGMT_STATUS_NOT_POWERED;
6689
6690 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6691
6692 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6693 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6694 zero_cod, sizeof(zero_cod),
6695 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6696 ext_info_changed(hdev, NULL);
6697 }
6698
6699 new_settings(hdev, match.sk);
6700
6701 if (match.sk)
6702 sock_put(match.sk);
6703 }
6704
6705 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6706 {
6707 struct mgmt_pending_cmd *cmd;
6708 u8 status;
6709
6710 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6711 if (!cmd)
6712 return;
6713
6714 if (err == -ERFKILL)
6715 status = MGMT_STATUS_RFKILLED;
6716 else
6717 status = MGMT_STATUS_FAILED;
6718
6719 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6720
6721 mgmt_pending_remove(cmd);
6722 }
6723
6724 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6725 bool persistent)
6726 {
6727 struct mgmt_ev_new_link_key ev;
6728
6729 memset(&ev, 0, sizeof(ev));
6730
6731 ev.store_hint = persistent;
6732 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6733 ev.key.addr.type = BDADDR_BREDR;
6734 ev.key.type = key->type;
6735 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6736 ev.key.pin_len = key->pin_len;
6737
6738 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6739 }
6740
6741 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6742 {
6743 switch (ltk->type) {
6744 case SMP_LTK:
6745 case SMP_LTK_SLAVE:
6746 if (ltk->authenticated)
6747 return MGMT_LTK_AUTHENTICATED;
6748 return MGMT_LTK_UNAUTHENTICATED;
6749 case SMP_LTK_P256:
6750 if (ltk->authenticated)
6751 return MGMT_LTK_P256_AUTH;
6752 return MGMT_LTK_P256_UNAUTH;
6753 case SMP_LTK_P256_DEBUG:
6754 return MGMT_LTK_P256_DEBUG;
6755 }
6756
6757 return MGMT_LTK_UNAUTHENTICATED;
6758 }
6759
6760 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6761 {
6762 struct mgmt_ev_new_long_term_key ev;
6763
6764 memset(&ev, 0, sizeof(ev));
6765
6766 /* Devices using resolvable or non-resolvable random addresses
6767 * without providing an identity resolving key don't require
6768 * to store long term keys. Their addresses will change the
6769 * next time around.
6770 *
6771 * Only when a remote device provides an identity address
6772 * make sure the long term key is stored. If the remote
6773 * identity is known, the long term keys are internally
6774 * mapped to the identity address. So allow static random
6775 * and public addresses here.
6776 */
6777 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6778 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6779 ev.store_hint = 0x00;
6780 else
6781 ev.store_hint = persistent;
6782
6783 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6784 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6785 ev.key.type = mgmt_ltk_type(key);
6786 ev.key.enc_size = key->enc_size;
6787 ev.key.ediv = key->ediv;
6788 ev.key.rand = key->rand;
6789
6790 if (key->type == SMP_LTK)
6791 ev.key.master = 1;
6792
6793 /* Make sure we copy only the significant bytes based on the
6794 * encryption key size, and set the rest of the value to zeroes.
6795 */
6796 memcpy(ev.key.val, key->val, key->enc_size);
6797 memset(ev.key.val + key->enc_size, 0,
6798 sizeof(ev.key.val) - key->enc_size);
6799
6800 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6801 }
6802
6803 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6804 {
6805 struct mgmt_ev_new_irk ev;
6806
6807 memset(&ev, 0, sizeof(ev));
6808
6809 ev.store_hint = persistent;
6810
6811 bacpy(&ev.rpa, &irk->rpa);
6812 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6813 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6814 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6815
6816 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6817 }
6818
6819 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6820 bool persistent)
6821 {
6822 struct mgmt_ev_new_csrk ev;
6823
6824 memset(&ev, 0, sizeof(ev));
6825
6826 /* Devices using resolvable or non-resolvable random addresses
6827 * without providing an identity resolving key don't require
6828 * to store signature resolving keys. Their addresses will change
6829 * the next time around.
6830 *
6831 * Only when a remote device provides an identity address
6832 * make sure the signature resolving key is stored. So allow
6833 * static random and public addresses here.
6834 */
6835 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6836 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6837 ev.store_hint = 0x00;
6838 else
6839 ev.store_hint = persistent;
6840
6841 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6842 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6843 ev.key.type = csrk->type;
6844 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6845
6846 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6847 }
6848
6849 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6850 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6851 u16 max_interval, u16 latency, u16 timeout)
6852 {
6853 struct mgmt_ev_new_conn_param ev;
6854
6855 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6856 return;
6857
6858 memset(&ev, 0, sizeof(ev));
6859 bacpy(&ev.addr.bdaddr, bdaddr);
6860 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6861 ev.store_hint = store_hint;
6862 ev.min_interval = cpu_to_le16(min_interval);
6863 ev.max_interval = cpu_to_le16(max_interval);
6864 ev.latency = cpu_to_le16(latency);
6865 ev.timeout = cpu_to_le16(timeout);
6866
6867 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6868 }
6869
6870 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6871 u32 flags, u8 *name, u8 name_len)
6872 {
6873 char buf[512];
6874 struct mgmt_ev_device_connected *ev = (void *) buf;
6875 u16 eir_len = 0;
6876
6877 bacpy(&ev->addr.bdaddr, &conn->dst);
6878 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6879
6880 ev->flags = __cpu_to_le32(flags);
6881
6882 /* We must ensure that the EIR Data fields are ordered and
6883 * unique. Keep it simple for now and avoid the problem by not
6884 * adding any BR/EDR data to the LE adv.
6885 */
6886 if (conn->le_adv_data_len > 0) {
6887 memcpy(&ev->eir[eir_len],
6888 conn->le_adv_data, conn->le_adv_data_len);
6889 eir_len = conn->le_adv_data_len;
6890 } else {
6891 if (name_len > 0)
6892 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6893 name, name_len);
6894
6895 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6896 eir_len = eir_append_data(ev->eir, eir_len,
6897 EIR_CLASS_OF_DEV,
6898 conn->dev_class, 3);
6899 }
6900
6901 ev->eir_len = cpu_to_le16(eir_len);
6902
6903 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6904 sizeof(*ev) + eir_len, NULL);
6905 }
6906
6907 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6908 {
6909 struct sock **sk = data;
6910
6911 cmd->cmd_complete(cmd, 0);
6912
6913 *sk = cmd->sk;
6914 sock_hold(*sk);
6915
6916 mgmt_pending_remove(cmd);
6917 }
6918
6919 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6920 {
6921 struct hci_dev *hdev = data;
6922 struct mgmt_cp_unpair_device *cp = cmd->param;
6923
6924 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6925
6926 cmd->cmd_complete(cmd, 0);
6927 mgmt_pending_remove(cmd);
6928 }
6929
6930 bool mgmt_powering_down(struct hci_dev *hdev)
6931 {
6932 struct mgmt_pending_cmd *cmd;
6933 struct mgmt_mode *cp;
6934
6935 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6936 if (!cmd)
6937 return false;
6938
6939 cp = cmd->param;
6940 if (!cp->val)
6941 return true;
6942
6943 return false;
6944 }
6945
6946 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6947 u8 link_type, u8 addr_type, u8 reason,
6948 bool mgmt_connected)
6949 {
6950 struct mgmt_ev_device_disconnected ev;
6951 struct sock *sk = NULL;
6952
6953 /* The connection is still in hci_conn_hash so test for 1
6954 * instead of 0 to know if this is the last one.
6955 */
6956 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6957 cancel_delayed_work(&hdev->power_off);
6958 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6959 }
6960
6961 if (!mgmt_connected)
6962 return;
6963
6964 if (link_type != ACL_LINK && link_type != LE_LINK)
6965 return;
6966
6967 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6968
6969 bacpy(&ev.addr.bdaddr, bdaddr);
6970 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6971 ev.reason = reason;
6972
6973 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6974
6975 if (sk)
6976 sock_put(sk);
6977
6978 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6979 hdev);
6980 }
6981
6982 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6983 u8 link_type, u8 addr_type, u8 status)
6984 {
6985 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6986 struct mgmt_cp_disconnect *cp;
6987 struct mgmt_pending_cmd *cmd;
6988
6989 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6990 hdev);
6991
6992 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6993 if (!cmd)
6994 return;
6995
6996 cp = cmd->param;
6997
6998 if (bacmp(bdaddr, &cp->addr.bdaddr))
6999 return;
7000
7001 if (cp->addr.type != bdaddr_type)
7002 return;
7003
7004 cmd->cmd_complete(cmd, mgmt_status(status));
7005 mgmt_pending_remove(cmd);
7006 }
7007
7008 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7009 u8 addr_type, u8 status)
7010 {
7011 struct mgmt_ev_connect_failed ev;
7012
7013 /* The connection is still in hci_conn_hash so test for 1
7014 * instead of 0 to know if this is the last one.
7015 */
7016 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7017 cancel_delayed_work(&hdev->power_off);
7018 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7019 }
7020
7021 bacpy(&ev.addr.bdaddr, bdaddr);
7022 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7023 ev.status = mgmt_status(status);
7024
7025 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7026 }
7027
7028 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7029 {
7030 struct mgmt_ev_pin_code_request ev;
7031
7032 bacpy(&ev.addr.bdaddr, bdaddr);
7033 ev.addr.type = BDADDR_BREDR;
7034 ev.secure = secure;
7035
7036 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7037 }
7038
7039 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7040 u8 status)
7041 {
7042 struct mgmt_pending_cmd *cmd;
7043
7044 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7045 if (!cmd)
7046 return;
7047
7048 cmd->cmd_complete(cmd, mgmt_status(status));
7049 mgmt_pending_remove(cmd);
7050 }
7051
7052 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7053 u8 status)
7054 {
7055 struct mgmt_pending_cmd *cmd;
7056
7057 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7058 if (!cmd)
7059 return;
7060
7061 cmd->cmd_complete(cmd, mgmt_status(status));
7062 mgmt_pending_remove(cmd);
7063 }
7064
7065 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7066 u8 link_type, u8 addr_type, u32 value,
7067 u8 confirm_hint)
7068 {
7069 struct mgmt_ev_user_confirm_request ev;
7070
7071 BT_DBG("%s", hdev->name);
7072
7073 bacpy(&ev.addr.bdaddr, bdaddr);
7074 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7075 ev.confirm_hint = confirm_hint;
7076 ev.value = cpu_to_le32(value);
7077
7078 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7079 NULL);
7080 }
7081
7082 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7083 u8 link_type, u8 addr_type)
7084 {
7085 struct mgmt_ev_user_passkey_request ev;
7086
7087 BT_DBG("%s", hdev->name);
7088
7089 bacpy(&ev.addr.bdaddr, bdaddr);
7090 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7091
7092 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7093 NULL);
7094 }
7095
7096 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7097 u8 link_type, u8 addr_type, u8 status,
7098 u8 opcode)
7099 {
7100 struct mgmt_pending_cmd *cmd;
7101
7102 cmd = pending_find(opcode, hdev);
7103 if (!cmd)
7104 return -ENOENT;
7105
7106 cmd->cmd_complete(cmd, mgmt_status(status));
7107 mgmt_pending_remove(cmd);
7108
7109 return 0;
7110 }
7111
7112 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7113 u8 link_type, u8 addr_type, u8 status)
7114 {
7115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7116 status, MGMT_OP_USER_CONFIRM_REPLY);
7117 }
7118
7119 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7120 u8 link_type, u8 addr_type, u8 status)
7121 {
7122 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7123 status,
7124 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7125 }
7126
7127 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7128 u8 link_type, u8 addr_type, u8 status)
7129 {
7130 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7131 status, MGMT_OP_USER_PASSKEY_REPLY);
7132 }
7133
7134 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7135 u8 link_type, u8 addr_type, u8 status)
7136 {
7137 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7138 status,
7139 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7140 }
7141
7142 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7143 u8 link_type, u8 addr_type, u32 passkey,
7144 u8 entered)
7145 {
7146 struct mgmt_ev_passkey_notify ev;
7147
7148 BT_DBG("%s", hdev->name);
7149
7150 bacpy(&ev.addr.bdaddr, bdaddr);
7151 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7152 ev.passkey = __cpu_to_le32(passkey);
7153 ev.entered = entered;
7154
7155 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7156 }
7157
7158 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7159 {
7160 struct mgmt_ev_auth_failed ev;
7161 struct mgmt_pending_cmd *cmd;
7162 u8 status = mgmt_status(hci_status);
7163
7164 bacpy(&ev.addr.bdaddr, &conn->dst);
7165 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7166 ev.status = status;
7167
7168 cmd = find_pairing(conn);
7169
7170 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7171 cmd ? cmd->sk : NULL);
7172
7173 if (cmd) {
7174 cmd->cmd_complete(cmd, status);
7175 mgmt_pending_remove(cmd);
7176 }
7177 }
7178
7179 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7180 {
7181 struct cmd_lookup match = { NULL, hdev };
7182 bool changed;
7183
7184 if (status) {
7185 u8 mgmt_err = mgmt_status(status);
7186 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7187 cmd_status_rsp, &mgmt_err);
7188 return;
7189 }
7190
7191 if (test_bit(HCI_AUTH, &hdev->flags))
7192 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7193 else
7194 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7195
7196 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7197 &match);
7198
7199 if (changed)
7200 new_settings(hdev, match.sk);
7201
7202 if (match.sk)
7203 sock_put(match.sk);
7204 }
7205
7206 static void clear_eir(struct hci_request *req)
7207 {
7208 struct hci_dev *hdev = req->hdev;
7209 struct hci_cp_write_eir cp;
7210
7211 if (!lmp_ext_inq_capable(hdev))
7212 return;
7213
7214 memset(hdev->eir, 0, sizeof(hdev->eir));
7215
7216 memset(&cp, 0, sizeof(cp));
7217
7218 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7219 }
7220
7221 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7222 {
7223 struct cmd_lookup match = { NULL, hdev };
7224 struct hci_request req;
7225 bool changed = false;
7226
7227 if (status) {
7228 u8 mgmt_err = mgmt_status(status);
7229
7230 if (enable && hci_dev_test_and_clear_flag(hdev,
7231 HCI_SSP_ENABLED)) {
7232 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7233 new_settings(hdev, NULL);
7234 }
7235
7236 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7237 &mgmt_err);
7238 return;
7239 }
7240
7241 if (enable) {
7242 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7243 } else {
7244 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7245 if (!changed)
7246 changed = hci_dev_test_and_clear_flag(hdev,
7247 HCI_HS_ENABLED);
7248 else
7249 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7250 }
7251
7252 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7253
7254 if (changed)
7255 new_settings(hdev, match.sk);
7256
7257 if (match.sk)
7258 sock_put(match.sk);
7259
7260 hci_req_init(&req, hdev);
7261
7262 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7263 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7264 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7265 sizeof(enable), &enable);
7266 __hci_req_update_eir(&req);
7267 } else {
7268 clear_eir(&req);
7269 }
7270
7271 hci_req_run(&req, NULL);
7272 }
7273
7274 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7275 {
7276 struct cmd_lookup *match = data;
7277
7278 if (match->sk == NULL) {
7279 match->sk = cmd->sk;
7280 sock_hold(match->sk);
7281 }
7282 }
7283
7284 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7285 u8 status)
7286 {
7287 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7288
7289 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7290 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7291 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7292
7293 if (!status) {
7294 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7295 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7296 ext_info_changed(hdev, NULL);
7297 }
7298
7299 if (match.sk)
7300 sock_put(match.sk);
7301 }
7302
7303 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7304 {
7305 struct mgmt_cp_set_local_name ev;
7306 struct mgmt_pending_cmd *cmd;
7307
7308 if (status)
7309 return;
7310
7311 memset(&ev, 0, sizeof(ev));
7312 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7313 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7314
7315 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7316 if (!cmd) {
7317 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7318
7319 /* If this is a HCI command related to powering on the
7320 * HCI dev don't send any mgmt signals.
7321 */
7322 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7323 return;
7324 }
7325
7326 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7327 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7328 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7329 }
7330
7331 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7332 {
7333 int i;
7334
7335 for (i = 0; i < uuid_count; i++) {
7336 if (!memcmp(uuid, uuids[i], 16))
7337 return true;
7338 }
7339
7340 return false;
7341 }
7342
7343 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7344 {
7345 u16 parsed = 0;
7346
7347 while (parsed < eir_len) {
7348 u8 field_len = eir[0];
7349 u8 uuid[16];
7350 int i;
7351
7352 if (field_len == 0)
7353 break;
7354
7355 if (eir_len - parsed < field_len + 1)
7356 break;
7357
7358 switch (eir[1]) {
7359 case EIR_UUID16_ALL:
7360 case EIR_UUID16_SOME:
7361 for (i = 0; i + 3 <= field_len; i += 2) {
7362 memcpy(uuid, bluetooth_base_uuid, 16);
7363 uuid[13] = eir[i + 3];
7364 uuid[12] = eir[i + 2];
7365 if (has_uuid(uuid, uuid_count, uuids))
7366 return true;
7367 }
7368 break;
7369 case EIR_UUID32_ALL:
7370 case EIR_UUID32_SOME:
7371 for (i = 0; i + 5 <= field_len; i += 4) {
7372 memcpy(uuid, bluetooth_base_uuid, 16);
7373 uuid[15] = eir[i + 5];
7374 uuid[14] = eir[i + 4];
7375 uuid[13] = eir[i + 3];
7376 uuid[12] = eir[i + 2];
7377 if (has_uuid(uuid, uuid_count, uuids))
7378 return true;
7379 }
7380 break;
7381 case EIR_UUID128_ALL:
7382 case EIR_UUID128_SOME:
7383 for (i = 0; i + 17 <= field_len; i += 16) {
7384 memcpy(uuid, eir + i + 2, 16);
7385 if (has_uuid(uuid, uuid_count, uuids))
7386 return true;
7387 }
7388 break;
7389 }
7390
7391 parsed += field_len + 1;
7392 eir += field_len + 1;
7393 }
7394
7395 return false;
7396 }
7397
7398 static void restart_le_scan(struct hci_dev *hdev)
7399 {
7400 /* If controller is not scanning we are done. */
7401 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7402 return;
7403
7404 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7405 hdev->discovery.scan_start +
7406 hdev->discovery.scan_duration))
7407 return;
7408
7409 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7410 DISCOV_LE_RESTART_DELAY);
7411 }
7412
7413 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7414 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7415 {
7416 /* If a RSSI threshold has been specified, and
7417 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7418 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7419 * is set, let it through for further processing, as we might need to
7420 * restart the scan.
7421 *
7422 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7423 * the results are also dropped.
7424 */
7425 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7426 (rssi == HCI_RSSI_INVALID ||
7427 (rssi < hdev->discovery.rssi &&
7428 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7429 return false;
7430
7431 if (hdev->discovery.uuid_count != 0) {
7432 /* If a list of UUIDs is provided in filter, results with no
7433 * matching UUID should be dropped.
7434 */
7435 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7436 hdev->discovery.uuids) &&
7437 !eir_has_uuids(scan_rsp, scan_rsp_len,
7438 hdev->discovery.uuid_count,
7439 hdev->discovery.uuids))
7440 return false;
7441 }
7442
7443 /* If duplicate filtering does not report RSSI changes, then restart
7444 * scanning to ensure updated result with updated RSSI values.
7445 */
7446 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7447 restart_le_scan(hdev);
7448
7449 /* Validate RSSI value against the RSSI threshold once more. */
7450 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7451 rssi < hdev->discovery.rssi)
7452 return false;
7453 }
7454
7455 return true;
7456 }
7457
7458 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7459 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7460 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7461 {
7462 char buf[512];
7463 struct mgmt_ev_device_found *ev = (void *)buf;
7464 size_t ev_size;
7465
7466 /* Don't send events for a non-kernel initiated discovery. With
7467 * LE one exception is if we have pend_le_reports > 0 in which
7468 * case we're doing passive scanning and want these events.
7469 */
7470 if (!hci_discovery_active(hdev)) {
7471 if (link_type == ACL_LINK)
7472 return;
7473 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7474 return;
7475 }
7476
7477 if (hdev->discovery.result_filtering) {
7478 /* We are using service discovery */
7479 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7480 scan_rsp_len))
7481 return;
7482 }
7483
7484 if (hdev->discovery.limited) {
7485 /* Check for limited discoverable bit */
7486 if (dev_class) {
7487 if (!(dev_class[1] & 0x20))
7488 return;
7489 } else {
7490 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7491 if (!flags || !(flags[0] & LE_AD_LIMITED))
7492 return;
7493 }
7494 }
7495
7496 /* Make sure that the buffer is big enough. The 5 extra bytes
7497 * are for the potential CoD field.
7498 */
7499 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7500 return;
7501
7502 memset(buf, 0, sizeof(buf));
7503
7504 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7505 * RSSI value was reported as 0 when not available. This behavior
7506 * is kept when using device discovery. This is required for full
7507 * backwards compatibility with the API.
7508 *
7509 * However when using service discovery, the value 127 will be
7510 * returned when the RSSI is not available.
7511 */
7512 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7513 link_type == ACL_LINK)
7514 rssi = 0;
7515
7516 bacpy(&ev->addr.bdaddr, bdaddr);
7517 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7518 ev->rssi = rssi;
7519 ev->flags = cpu_to_le32(flags);
7520
7521 if (eir_len > 0)
7522 /* Copy EIR or advertising data into event */
7523 memcpy(ev->eir, eir, eir_len);
7524
7525 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7526 NULL))
7527 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7528 dev_class, 3);
7529
7530 if (scan_rsp_len > 0)
7531 /* Append scan response data to event */
7532 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7533
7534 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7535 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7536
7537 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7538 }
7539
7540 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7541 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7542 {
7543 struct mgmt_ev_device_found *ev;
7544 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7545 u16 eir_len;
7546
7547 ev = (struct mgmt_ev_device_found *) buf;
7548
7549 memset(buf, 0, sizeof(buf));
7550
7551 bacpy(&ev->addr.bdaddr, bdaddr);
7552 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7553 ev->rssi = rssi;
7554
7555 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7556 name_len);
7557
7558 ev->eir_len = cpu_to_le16(eir_len);
7559
7560 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7561 }
7562
7563 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7564 {
7565 struct mgmt_ev_discovering ev;
7566
7567 BT_DBG("%s discovering %u", hdev->name, discovering);
7568
7569 memset(&ev, 0, sizeof(ev));
7570 ev.type = hdev->discovery.type;
7571 ev.discovering = discovering;
7572
7573 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7574 }
7575
7576 static struct hci_mgmt_chan chan = {
7577 .channel = HCI_CHANNEL_CONTROL,
7578 .handler_count = ARRAY_SIZE(mgmt_handlers),
7579 .handlers = mgmt_handlers,
7580 .hdev_init = mgmt_init_hdev,
7581 };
7582
7583 int mgmt_init(void)
7584 {
7585 return hci_mgmt_chan_register(&chan);
7586 }
7587
7588 void mgmt_exit(void)
7589 {
7590 hci_mgmt_chan_unregister(&chan);
7591 }
Ubuntu Artful kernel mirror