]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth...
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 bool enable_hs;
36
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
39
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 };
80
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
103 };
104
105 /*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
114
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
123 struct pending_cmd {
124 struct list_head list;
125 u16 opcode;
126 int index;
127 void *param;
128 struct sock *sk;
129 void *user_data;
130 };
131
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195 };
196
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
198 {
199 return hdev->dev_type == HCI_BREDR;
200 }
201
202 static u8 mgmt_status(u8 hci_status)
203 {
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208 }
209
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
211 {
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
215 int err;
216
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
218
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
231 ev->opcode = cpu_to_le16(cmd);
232
233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
235 kfree_skb(skb);
236
237 return err;
238 }
239
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
242 {
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
246 int err;
247
248 BT_DBG("sock %p", sk);
249
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255
256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
262 ev->status = status;
263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
266
267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
269 kfree_skb(skb);
270
271 return err;
272 }
273
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
276 {
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
283
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 sizeof(rp));
286 }
287
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290 {
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
294 __le16 *opcode;
295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 rp_size);
317 kfree(rp);
318
319 return err;
320 }
321
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
324 {
325 struct mgmt_rp_read_index_list *rp;
326 struct hci_dev *d;
327 size_t rp_len;
328 u16 count;
329 int i, err;
330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
340 count++;
341 }
342
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
346 read_unlock(&hci_dev_list_lock);
347 return -ENOMEM;
348 }
349
350 rp->num_controllers = cpu_to_le16(count);
351
352 i = 0;
353 list_for_each_entry(d, &hci_dev_list, list) {
354 if (test_bit(HCI_SETUP, &d->dev_flags))
355 continue;
356
357 if (!mgmt_valid_hdev(d))
358 continue;
359
360 rp->index[i++] = cpu_to_le16(d->id);
361 BT_DBG("Added hci%u", d->id);
362 }
363
364 read_unlock(&hci_dev_list_lock);
365
366 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
367 rp_len);
368
369 kfree(rp);
370
371 return err;
372 }
373
374 static u32 get_supported_settings(struct hci_dev *hdev)
375 {
376 u32 settings = 0;
377
378 settings |= MGMT_SETTING_POWERED;
379 settings |= MGMT_SETTING_CONNECTABLE;
380 settings |= MGMT_SETTING_FAST_CONNECTABLE;
381 settings |= MGMT_SETTING_DISCOVERABLE;
382 settings |= MGMT_SETTING_PAIRABLE;
383
384 if (lmp_ssp_capable(hdev))
385 settings |= MGMT_SETTING_SSP;
386
387 if (lmp_bredr_capable(hdev)) {
388 settings |= MGMT_SETTING_BREDR;
389 settings |= MGMT_SETTING_LINK_SECURITY;
390 }
391
392 if (enable_hs)
393 settings |= MGMT_SETTING_HS;
394
395 if (lmp_le_capable(hdev))
396 settings |= MGMT_SETTING_LE;
397
398 return settings;
399 }
400
401 static u32 get_current_settings(struct hci_dev *hdev)
402 {
403 u32 settings = 0;
404
405 if (hdev_is_powered(hdev))
406 settings |= MGMT_SETTING_POWERED;
407
408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_CONNECTABLE;
410
411 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_DISCOVERABLE;
413
414 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
415 settings |= MGMT_SETTING_PAIRABLE;
416
417 if (lmp_bredr_capable(hdev))
418 settings |= MGMT_SETTING_BREDR;
419
420 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_LE;
422
423 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
424 settings |= MGMT_SETTING_LINK_SECURITY;
425
426 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
427 settings |= MGMT_SETTING_SSP;
428
429 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
430 settings |= MGMT_SETTING_HS;
431
432 return settings;
433 }
434
435 #define PNP_INFO_SVCLASS_ID 0x1200
436
437 static u8 bluetooth_base_uuid[] = {
438 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
439 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
440 };
441
442 static u16 get_uuid16(u8 *uuid128)
443 {
444 u32 val;
445 int i;
446
447 for (i = 0; i < 12; i++) {
448 if (bluetooth_base_uuid[i] != uuid128[i])
449 return 0;
450 }
451
452 val = get_unaligned_le32(&uuid128[12]);
453 if (val > 0xffff)
454 return 0;
455
456 return (u16) val;
457 }
458
459 static void create_eir(struct hci_dev *hdev, u8 *data)
460 {
461 u8 *ptr = data;
462 u16 eir_len = 0;
463 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
464 int i, truncated = 0;
465 struct bt_uuid *uuid;
466 size_t name_len;
467
468 name_len = strlen(hdev->dev_name);
469
470 if (name_len > 0) {
471 /* EIR Data type */
472 if (name_len > 48) {
473 name_len = 48;
474 ptr[1] = EIR_NAME_SHORT;
475 } else
476 ptr[1] = EIR_NAME_COMPLETE;
477
478 /* EIR Data length */
479 ptr[0] = name_len + 1;
480
481 memcpy(ptr + 2, hdev->dev_name, name_len);
482
483 eir_len += (name_len + 2);
484 ptr += (name_len + 2);
485 }
486
487 if (hdev->inq_tx_power) {
488 ptr[0] = 2;
489 ptr[1] = EIR_TX_POWER;
490 ptr[2] = (u8) hdev->inq_tx_power;
491
492 eir_len += 3;
493 ptr += 3;
494 }
495
496 if (hdev->devid_source > 0) {
497 ptr[0] = 9;
498 ptr[1] = EIR_DEVICE_ID;
499
500 put_unaligned_le16(hdev->devid_source, ptr + 2);
501 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
502 put_unaligned_le16(hdev->devid_product, ptr + 6);
503 put_unaligned_le16(hdev->devid_version, ptr + 8);
504
505 eir_len += 10;
506 ptr += 10;
507 }
508
509 memset(uuid16_list, 0, sizeof(uuid16_list));
510
511 /* Group all UUID16 types */
512 list_for_each_entry(uuid, &hdev->uuids, list) {
513 u16 uuid16;
514
515 uuid16 = get_uuid16(uuid->uuid);
516 if (uuid16 == 0)
517 return;
518
519 if (uuid16 < 0x1100)
520 continue;
521
522 if (uuid16 == PNP_INFO_SVCLASS_ID)
523 continue;
524
525 /* Stop if not enough space to put next UUID */
526 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
527 truncated = 1;
528 break;
529 }
530
531 /* Check for duplicates */
532 for (i = 0; uuid16_list[i] != 0; i++)
533 if (uuid16_list[i] == uuid16)
534 break;
535
536 if (uuid16_list[i] == 0) {
537 uuid16_list[i] = uuid16;
538 eir_len += sizeof(u16);
539 }
540 }
541
542 if (uuid16_list[0] != 0) {
543 u8 *length = ptr;
544
545 /* EIR Data type */
546 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
547
548 ptr += 2;
549 eir_len += 2;
550
551 for (i = 0; uuid16_list[i] != 0; i++) {
552 *ptr++ = (uuid16_list[i] & 0x00ff);
553 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
554 }
555
556 /* EIR Data length */
557 *length = (i * sizeof(u16)) + 1;
558 }
559 }
560
561 static int update_eir(struct hci_dev *hdev)
562 {
563 struct hci_cp_write_eir cp;
564
565 if (!hdev_is_powered(hdev))
566 return 0;
567
568 if (!(hdev->features[6] & LMP_EXT_INQ))
569 return 0;
570
571 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
572 return 0;
573
574 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
575 return 0;
576
577 memset(&cp, 0, sizeof(cp));
578
579 create_eir(hdev, cp.data);
580
581 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
582 return 0;
583
584 memcpy(hdev->eir, cp.data, sizeof(cp.data));
585
586 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
587 }
588
589 static u8 get_service_classes(struct hci_dev *hdev)
590 {
591 struct bt_uuid *uuid;
592 u8 val = 0;
593
594 list_for_each_entry(uuid, &hdev->uuids, list)
595 val |= uuid->svc_hint;
596
597 return val;
598 }
599
600 static int update_class(struct hci_dev *hdev)
601 {
602 u8 cod[3];
603 int err;
604
605 BT_DBG("%s", hdev->name);
606
607 if (!hdev_is_powered(hdev))
608 return 0;
609
610 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
611 return 0;
612
613 cod[0] = hdev->minor_class;
614 cod[1] = hdev->major_class;
615 cod[2] = get_service_classes(hdev);
616
617 if (memcmp(cod, hdev->dev_class, 3) == 0)
618 return 0;
619
620 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
621 if (err == 0)
622 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
623
624 return err;
625 }
626
627 static void service_cache_off(struct work_struct *work)
628 {
629 struct hci_dev *hdev = container_of(work, struct hci_dev,
630 service_cache.work);
631
632 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
633 return;
634
635 hci_dev_lock(hdev);
636
637 update_eir(hdev);
638 update_class(hdev);
639
640 hci_dev_unlock(hdev);
641 }
642
643 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
644 {
645 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
646 return;
647
648 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
649
650 /* Non-mgmt controlled devices get this bit set
651 * implicitly so that pairing works for them, however
652 * for mgmt we require user-space to explicitly enable
653 * it
654 */
655 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
656 }
657
658 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
659 void *data, u16 data_len)
660 {
661 struct mgmt_rp_read_info rp;
662
663 BT_DBG("sock %p %s", sk, hdev->name);
664
665 hci_dev_lock(hdev);
666
667 memset(&rp, 0, sizeof(rp));
668
669 bacpy(&rp.bdaddr, &hdev->bdaddr);
670
671 rp.version = hdev->hci_ver;
672 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
673
674 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
675 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
676
677 memcpy(rp.dev_class, hdev->dev_class, 3);
678
679 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
680 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
681
682 hci_dev_unlock(hdev);
683
684 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
685 sizeof(rp));
686 }
687
688 static void mgmt_pending_free(struct pending_cmd *cmd)
689 {
690 sock_put(cmd->sk);
691 kfree(cmd->param);
692 kfree(cmd);
693 }
694
695 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
696 struct hci_dev *hdev, void *data,
697 u16 len)
698 {
699 struct pending_cmd *cmd;
700
701 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
702 if (!cmd)
703 return NULL;
704
705 cmd->opcode = opcode;
706 cmd->index = hdev->id;
707
708 cmd->param = kmalloc(len, GFP_KERNEL);
709 if (!cmd->param) {
710 kfree(cmd);
711 return NULL;
712 }
713
714 if (data)
715 memcpy(cmd->param, data, len);
716
717 cmd->sk = sk;
718 sock_hold(sk);
719
720 list_add(&cmd->list, &hdev->mgmt_pending);
721
722 return cmd;
723 }
724
725 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
726 void (*cb)(struct pending_cmd *cmd,
727 void *data),
728 void *data)
729 {
730 struct list_head *p, *n;
731
732 list_for_each_safe(p, n, &hdev->mgmt_pending) {
733 struct pending_cmd *cmd;
734
735 cmd = list_entry(p, struct pending_cmd, list);
736
737 if (opcode > 0 && cmd->opcode != opcode)
738 continue;
739
740 cb(cmd, data);
741 }
742 }
743
744 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
745 {
746 struct pending_cmd *cmd;
747
748 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
749 if (cmd->opcode == opcode)
750 return cmd;
751 }
752
753 return NULL;
754 }
755
756 static void mgmt_pending_remove(struct pending_cmd *cmd)
757 {
758 list_del(&cmd->list);
759 mgmt_pending_free(cmd);
760 }
761
762 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
763 {
764 __le32 settings = cpu_to_le32(get_current_settings(hdev));
765
766 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
767 sizeof(settings));
768 }
769
770 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
771 u16 len)
772 {
773 struct mgmt_mode *cp = data;
774 struct pending_cmd *cmd;
775 int err;
776
777 BT_DBG("request for %s", hdev->name);
778
779 hci_dev_lock(hdev);
780
781 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
782 cancel_delayed_work(&hdev->power_off);
783
784 if (cp->val) {
785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
786 mgmt_powered(hdev, 1);
787 goto failed;
788 }
789 }
790
791 if (!!cp->val == hdev_is_powered(hdev)) {
792 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
793 goto failed;
794 }
795
796 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
797 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
798 MGMT_STATUS_BUSY);
799 goto failed;
800 }
801
802 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
803 if (!cmd) {
804 err = -ENOMEM;
805 goto failed;
806 }
807
808 if (cp->val)
809 schedule_work(&hdev->power_on);
810 else
811 schedule_work(&hdev->power_off.work);
812
813 err = 0;
814
815 failed:
816 hci_dev_unlock(hdev);
817 return err;
818 }
819
820 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
821 struct sock *skip_sk)
822 {
823 struct sk_buff *skb;
824 struct mgmt_hdr *hdr;
825
826 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
827 if (!skb)
828 return -ENOMEM;
829
830 hdr = (void *) skb_put(skb, sizeof(*hdr));
831 hdr->opcode = cpu_to_le16(event);
832 if (hdev)
833 hdr->index = cpu_to_le16(hdev->id);
834 else
835 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
836 hdr->len = cpu_to_le16(data_len);
837
838 if (data)
839 memcpy(skb_put(skb, data_len), data, data_len);
840
841 /* Time stamp */
842 __net_timestamp(skb);
843
844 hci_send_to_control(skb, skip_sk);
845 kfree_skb(skb);
846
847 return 0;
848 }
849
850 static int new_settings(struct hci_dev *hdev, struct sock *skip)
851 {
852 __le32 ev;
853
854 ev = cpu_to_le32(get_current_settings(hdev));
855
856 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
857 }
858
859 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
860 u16 len)
861 {
862 struct mgmt_cp_set_discoverable *cp = data;
863 struct pending_cmd *cmd;
864 u16 timeout;
865 u8 scan;
866 int err;
867
868 BT_DBG("request for %s", hdev->name);
869
870 timeout = __le16_to_cpu(cp->timeout);
871 if (!cp->val && timeout > 0)
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_INVALID_PARAMS);
874
875 hci_dev_lock(hdev);
876
877 if (!hdev_is_powered(hdev) && timeout > 0) {
878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
879 MGMT_STATUS_NOT_POWERED);
880 goto failed;
881 }
882
883 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
884 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
886 MGMT_STATUS_BUSY);
887 goto failed;
888 }
889
890 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
891 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
892 MGMT_STATUS_REJECTED);
893 goto failed;
894 }
895
896 if (!hdev_is_powered(hdev)) {
897 bool changed = false;
898
899 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
900 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
901 changed = true;
902 }
903
904 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
905 if (err < 0)
906 goto failed;
907
908 if (changed)
909 err = new_settings(hdev, sk);
910
911 goto failed;
912 }
913
914 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
915 if (hdev->discov_timeout > 0) {
916 cancel_delayed_work(&hdev->discov_off);
917 hdev->discov_timeout = 0;
918 }
919
920 if (cp->val && timeout > 0) {
921 hdev->discov_timeout = timeout;
922 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
923 msecs_to_jiffies(hdev->discov_timeout * 1000));
924 }
925
926 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
927 goto failed;
928 }
929
930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
931 if (!cmd) {
932 err = -ENOMEM;
933 goto failed;
934 }
935
936 scan = SCAN_PAGE;
937
938 if (cp->val)
939 scan |= SCAN_INQUIRY;
940 else
941 cancel_delayed_work(&hdev->discov_off);
942
943 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
944 if (err < 0)
945 mgmt_pending_remove(cmd);
946
947 if (cp->val)
948 hdev->discov_timeout = timeout;
949
950 failed:
951 hci_dev_unlock(hdev);
952 return err;
953 }
954
955 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
956 u16 len)
957 {
958 struct mgmt_mode *cp = data;
959 struct pending_cmd *cmd;
960 u8 scan;
961 int err;
962
963 BT_DBG("request for %s", hdev->name);
964
965 hci_dev_lock(hdev);
966
967 if (!hdev_is_powered(hdev)) {
968 bool changed = false;
969
970 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
971 changed = true;
972
973 if (cp->val) {
974 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
975 } else {
976 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
977 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
978 }
979
980 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
981 if (err < 0)
982 goto failed;
983
984 if (changed)
985 err = new_settings(hdev, sk);
986
987 goto failed;
988 }
989
990 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
991 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
992 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
993 MGMT_STATUS_BUSY);
994 goto failed;
995 }
996
997 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
998 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
999 goto failed;
1000 }
1001
1002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1003 if (!cmd) {
1004 err = -ENOMEM;
1005 goto failed;
1006 }
1007
1008 if (cp->val) {
1009 scan = SCAN_PAGE;
1010 } else {
1011 scan = 0;
1012
1013 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1014 hdev->discov_timeout > 0)
1015 cancel_delayed_work(&hdev->discov_off);
1016 }
1017
1018 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1019 if (err < 0)
1020 mgmt_pending_remove(cmd);
1021
1022 failed:
1023 hci_dev_unlock(hdev);
1024 return err;
1025 }
1026
1027 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1028 u16 len)
1029 {
1030 struct mgmt_mode *cp = data;
1031 int err;
1032
1033 BT_DBG("request for %s", hdev->name);
1034
1035 hci_dev_lock(hdev);
1036
1037 if (cp->val)
1038 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1039 else
1040 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1041
1042 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1043 if (err < 0)
1044 goto failed;
1045
1046 err = new_settings(hdev, sk);
1047
1048 failed:
1049 hci_dev_unlock(hdev);
1050 return err;
1051 }
1052
1053 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1054 u16 len)
1055 {
1056 struct mgmt_mode *cp = data;
1057 struct pending_cmd *cmd;
1058 u8 val;
1059 int err;
1060
1061 BT_DBG("request for %s", hdev->name);
1062
1063 hci_dev_lock(hdev);
1064
1065 if (!hdev_is_powered(hdev)) {
1066 bool changed = false;
1067
1068 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1069 &hdev->dev_flags)) {
1070 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1071 changed = true;
1072 }
1073
1074 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1075 if (err < 0)
1076 goto failed;
1077
1078 if (changed)
1079 err = new_settings(hdev, sk);
1080
1081 goto failed;
1082 }
1083
1084 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1085 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1086 MGMT_STATUS_BUSY);
1087 goto failed;
1088 }
1089
1090 val = !!cp->val;
1091
1092 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1093 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1094 goto failed;
1095 }
1096
1097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1098 if (!cmd) {
1099 err = -ENOMEM;
1100 goto failed;
1101 }
1102
1103 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1104 if (err < 0) {
1105 mgmt_pending_remove(cmd);
1106 goto failed;
1107 }
1108
1109 failed:
1110 hci_dev_unlock(hdev);
1111 return err;
1112 }
1113
1114 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1115 {
1116 struct mgmt_mode *cp = data;
1117 struct pending_cmd *cmd;
1118 u8 val;
1119 int err;
1120
1121 BT_DBG("request for %s", hdev->name);
1122
1123 hci_dev_lock(hdev);
1124
1125 if (!lmp_ssp_capable(hdev)) {
1126 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1127 MGMT_STATUS_NOT_SUPPORTED);
1128 goto failed;
1129 }
1130
1131 val = !!cp->val;
1132
1133 if (!hdev_is_powered(hdev)) {
1134 bool changed = false;
1135
1136 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1137 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1138 changed = true;
1139 }
1140
1141 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1142 if (err < 0)
1143 goto failed;
1144
1145 if (changed)
1146 err = new_settings(hdev, sk);
1147
1148 goto failed;
1149 }
1150
1151 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1153 MGMT_STATUS_BUSY);
1154 goto failed;
1155 }
1156
1157 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1158 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1159 goto failed;
1160 }
1161
1162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1163 if (!cmd) {
1164 err = -ENOMEM;
1165 goto failed;
1166 }
1167
1168 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1169 if (err < 0) {
1170 mgmt_pending_remove(cmd);
1171 goto failed;
1172 }
1173
1174 failed:
1175 hci_dev_unlock(hdev);
1176 return err;
1177 }
1178
1179 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1180 {
1181 struct mgmt_mode *cp = data;
1182
1183 BT_DBG("request for %s", hdev->name);
1184
1185 if (!enable_hs)
1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1187 MGMT_STATUS_NOT_SUPPORTED);
1188
1189 if (cp->val)
1190 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1191 else
1192 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1193
1194 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1195 }
1196
1197 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1198 {
1199 struct mgmt_mode *cp = data;
1200 struct hci_cp_write_le_host_supported hci_cp;
1201 struct pending_cmd *cmd;
1202 int err;
1203 u8 val, enabled;
1204
1205 BT_DBG("request for %s", hdev->name);
1206
1207 hci_dev_lock(hdev);
1208
1209 if (!lmp_le_capable(hdev)) {
1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1211 MGMT_STATUS_NOT_SUPPORTED);
1212 goto unlock;
1213 }
1214
1215 val = !!cp->val;
1216 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1217
1218 if (!hdev_is_powered(hdev) || val == enabled) {
1219 bool changed = false;
1220
1221 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1222 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1223 changed = true;
1224 }
1225
1226 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1227 if (err < 0)
1228 goto unlock;
1229
1230 if (changed)
1231 err = new_settings(hdev, sk);
1232
1233 goto unlock;
1234 }
1235
1236 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1237 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1238 MGMT_STATUS_BUSY);
1239 goto unlock;
1240 }
1241
1242 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1243 if (!cmd) {
1244 err = -ENOMEM;
1245 goto unlock;
1246 }
1247
1248 memset(&hci_cp, 0, sizeof(hci_cp));
1249
1250 if (val) {
1251 hci_cp.le = val;
1252 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1253 }
1254
1255 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1256 &hci_cp);
1257 if (err < 0)
1258 mgmt_pending_remove(cmd);
1259
1260 unlock:
1261 hci_dev_unlock(hdev);
1262 return err;
1263 }
1264
1265 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1266 {
1267 struct mgmt_cp_add_uuid *cp = data;
1268 struct pending_cmd *cmd;
1269 struct bt_uuid *uuid;
1270 int err;
1271
1272 BT_DBG("request for %s", hdev->name);
1273
1274 hci_dev_lock(hdev);
1275
1276 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1277 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1278 MGMT_STATUS_BUSY);
1279 goto failed;
1280 }
1281
1282 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1283 if (!uuid) {
1284 err = -ENOMEM;
1285 goto failed;
1286 }
1287
1288 memcpy(uuid->uuid, cp->uuid, 16);
1289 uuid->svc_hint = cp->svc_hint;
1290
1291 list_add(&uuid->list, &hdev->uuids);
1292
1293 err = update_class(hdev);
1294 if (err < 0)
1295 goto failed;
1296
1297 err = update_eir(hdev);
1298 if (err < 0)
1299 goto failed;
1300
1301 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1302 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1303 hdev->dev_class, 3);
1304 goto failed;
1305 }
1306
1307 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1308 if (!cmd)
1309 err = -ENOMEM;
1310
1311 failed:
1312 hci_dev_unlock(hdev);
1313 return err;
1314 }
1315
1316 static bool enable_service_cache(struct hci_dev *hdev)
1317 {
1318 if (!hdev_is_powered(hdev))
1319 return false;
1320
1321 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1322 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1323 return true;
1324 }
1325
1326 return false;
1327 }
1328
1329 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1330 u16 len)
1331 {
1332 struct mgmt_cp_remove_uuid *cp = data;
1333 struct pending_cmd *cmd;
1334 struct list_head *p, *n;
1335 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1336 int err, found;
1337
1338 BT_DBG("request for %s", hdev->name);
1339
1340 hci_dev_lock(hdev);
1341
1342 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1343 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1344 MGMT_STATUS_BUSY);
1345 goto unlock;
1346 }
1347
1348 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1349 err = hci_uuids_clear(hdev);
1350
1351 if (enable_service_cache(hdev)) {
1352 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1353 0, hdev->dev_class, 3);
1354 goto unlock;
1355 }
1356
1357 goto update_class;
1358 }
1359
1360 found = 0;
1361
1362 list_for_each_safe(p, n, &hdev->uuids) {
1363 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1364
1365 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1366 continue;
1367
1368 list_del(&match->list);
1369 found++;
1370 }
1371
1372 if (found == 0) {
1373 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1374 MGMT_STATUS_INVALID_PARAMS);
1375 goto unlock;
1376 }
1377
1378 update_class:
1379 err = update_class(hdev);
1380 if (err < 0)
1381 goto unlock;
1382
1383 err = update_eir(hdev);
1384 if (err < 0)
1385 goto unlock;
1386
1387 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1388 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1389 hdev->dev_class, 3);
1390 goto unlock;
1391 }
1392
1393 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1394 if (!cmd)
1395 err = -ENOMEM;
1396
1397 unlock:
1398 hci_dev_unlock(hdev);
1399 return err;
1400 }
1401
1402 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1403 u16 len)
1404 {
1405 struct mgmt_cp_set_dev_class *cp = data;
1406 struct pending_cmd *cmd;
1407 int err;
1408
1409 BT_DBG("request for %s", hdev->name);
1410
1411 hci_dev_lock(hdev);
1412
1413 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1414 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1415 MGMT_STATUS_BUSY);
1416 goto unlock;
1417 }
1418
1419 hdev->major_class = cp->major;
1420 hdev->minor_class = cp->minor;
1421
1422 if (!hdev_is_powered(hdev)) {
1423 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1424 hdev->dev_class, 3);
1425 goto unlock;
1426 }
1427
1428 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1429 hci_dev_unlock(hdev);
1430 cancel_delayed_work_sync(&hdev->service_cache);
1431 hci_dev_lock(hdev);
1432 update_eir(hdev);
1433 }
1434
1435 err = update_class(hdev);
1436 if (err < 0)
1437 goto unlock;
1438
1439 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1440 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1441 hdev->dev_class, 3);
1442 goto unlock;
1443 }
1444
1445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1446 if (!cmd)
1447 err = -ENOMEM;
1448
1449 unlock:
1450 hci_dev_unlock(hdev);
1451 return err;
1452 }
1453
1454 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1455 u16 len)
1456 {
1457 struct mgmt_cp_load_link_keys *cp = data;
1458 u16 key_count, expected_len;
1459 int i;
1460
1461 key_count = __le16_to_cpu(cp->key_count);
1462
1463 expected_len = sizeof(*cp) + key_count *
1464 sizeof(struct mgmt_link_key_info);
1465 if (expected_len != len) {
1466 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1467 len, expected_len);
1468 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1469 MGMT_STATUS_INVALID_PARAMS);
1470 }
1471
1472 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1473 key_count);
1474
1475 hci_dev_lock(hdev);
1476
1477 hci_link_keys_clear(hdev);
1478
1479 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1480
1481 if (cp->debug_keys)
1482 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1483 else
1484 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1485
1486 for (i = 0; i < key_count; i++) {
1487 struct mgmt_link_key_info *key = &cp->keys[i];
1488
1489 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1490 key->type, key->pin_len);
1491 }
1492
1493 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1494
1495 hci_dev_unlock(hdev);
1496
1497 return 0;
1498 }
1499
1500 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1501 u8 addr_type, struct sock *skip_sk)
1502 {
1503 struct mgmt_ev_device_unpaired ev;
1504
1505 bacpy(&ev.addr.bdaddr, bdaddr);
1506 ev.addr.type = addr_type;
1507
1508 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1509 skip_sk);
1510 }
1511
1512 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1513 u16 len)
1514 {
1515 struct mgmt_cp_unpair_device *cp = data;
1516 struct mgmt_rp_unpair_device rp;
1517 struct hci_cp_disconnect dc;
1518 struct pending_cmd *cmd;
1519 struct hci_conn *conn;
1520 int err;
1521
1522 hci_dev_lock(hdev);
1523
1524 memset(&rp, 0, sizeof(rp));
1525 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1526 rp.addr.type = cp->addr.type;
1527
1528 if (!hdev_is_powered(hdev)) {
1529 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1530 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1531 goto unlock;
1532 }
1533
1534 if (cp->addr.type == BDADDR_BREDR)
1535 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1536 else
1537 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1538
1539 if (err < 0) {
1540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1541 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1542 goto unlock;
1543 }
1544
1545 if (cp->disconnect) {
1546 if (cp->addr.type == BDADDR_BREDR)
1547 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1548 &cp->addr.bdaddr);
1549 else
1550 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1551 &cp->addr.bdaddr);
1552 } else {
1553 conn = NULL;
1554 }
1555
1556 if (!conn) {
1557 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1558 &rp, sizeof(rp));
1559 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1560 goto unlock;
1561 }
1562
1563 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1564 sizeof(*cp));
1565 if (!cmd) {
1566 err = -ENOMEM;
1567 goto unlock;
1568 }
1569
1570 dc.handle = cpu_to_le16(conn->handle);
1571 dc.reason = 0x13; /* Remote User Terminated Connection */
1572 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1573 if (err < 0)
1574 mgmt_pending_remove(cmd);
1575
1576 unlock:
1577 hci_dev_unlock(hdev);
1578 return err;
1579 }
1580
1581 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1582 u16 len)
1583 {
1584 struct mgmt_cp_disconnect *cp = data;
1585 struct hci_cp_disconnect dc;
1586 struct pending_cmd *cmd;
1587 struct hci_conn *conn;
1588 int err;
1589
1590 BT_DBG("");
1591
1592 hci_dev_lock(hdev);
1593
1594 if (!test_bit(HCI_UP, &hdev->flags)) {
1595 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1596 MGMT_STATUS_NOT_POWERED);
1597 goto failed;
1598 }
1599
1600 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1601 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1602 MGMT_STATUS_BUSY);
1603 goto failed;
1604 }
1605
1606 if (cp->addr.type == BDADDR_BREDR)
1607 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1608 &cp->addr.bdaddr);
1609 else
1610 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1611
1612 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1613 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1614 MGMT_STATUS_NOT_CONNECTED);
1615 goto failed;
1616 }
1617
1618 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1619 if (!cmd) {
1620 err = -ENOMEM;
1621 goto failed;
1622 }
1623
1624 dc.handle = cpu_to_le16(conn->handle);
1625 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1626
1627 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1628 if (err < 0)
1629 mgmt_pending_remove(cmd);
1630
1631 failed:
1632 hci_dev_unlock(hdev);
1633 return err;
1634 }
1635
1636 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1637 {
1638 switch (link_type) {
1639 case LE_LINK:
1640 switch (addr_type) {
1641 case ADDR_LE_DEV_PUBLIC:
1642 return BDADDR_LE_PUBLIC;
1643
1644 default:
1645 /* Fallback to LE Random address type */
1646 return BDADDR_LE_RANDOM;
1647 }
1648
1649 default:
1650 /* Fallback to BR/EDR type */
1651 return BDADDR_BREDR;
1652 }
1653 }
1654
1655 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1656 u16 data_len)
1657 {
1658 struct mgmt_rp_get_connections *rp;
1659 struct hci_conn *c;
1660 size_t rp_len;
1661 int err;
1662 u16 i;
1663
1664 BT_DBG("");
1665
1666 hci_dev_lock(hdev);
1667
1668 if (!hdev_is_powered(hdev)) {
1669 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1670 MGMT_STATUS_NOT_POWERED);
1671 goto unlock;
1672 }
1673
1674 i = 0;
1675 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1676 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1677 i++;
1678 }
1679
1680 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1681 rp = kmalloc(rp_len, GFP_KERNEL);
1682 if (!rp) {
1683 err = -ENOMEM;
1684 goto unlock;
1685 }
1686
1687 i = 0;
1688 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1689 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1690 continue;
1691 bacpy(&rp->addr[i].bdaddr, &c->dst);
1692 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1693 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1694 continue;
1695 i++;
1696 }
1697
1698 rp->conn_count = cpu_to_le16(i);
1699
1700 /* Recalculate length in case of filtered SCO connections, etc */
1701 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1702
1703 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1704 rp_len);
1705
1706 kfree(rp);
1707
1708 unlock:
1709 hci_dev_unlock(hdev);
1710 return err;
1711 }
1712
1713 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1714 struct mgmt_cp_pin_code_neg_reply *cp)
1715 {
1716 struct pending_cmd *cmd;
1717 int err;
1718
1719 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1720 sizeof(*cp));
1721 if (!cmd)
1722 return -ENOMEM;
1723
1724 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1725 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1726 if (err < 0)
1727 mgmt_pending_remove(cmd);
1728
1729 return err;
1730 }
1731
1732 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1733 u16 len)
1734 {
1735 struct hci_conn *conn;
1736 struct mgmt_cp_pin_code_reply *cp = data;
1737 struct hci_cp_pin_code_reply reply;
1738 struct pending_cmd *cmd;
1739 int err;
1740
1741 BT_DBG("");
1742
1743 hci_dev_lock(hdev);
1744
1745 if (!hdev_is_powered(hdev)) {
1746 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1747 MGMT_STATUS_NOT_POWERED);
1748 goto failed;
1749 }
1750
1751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1752 if (!conn) {
1753 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1754 MGMT_STATUS_NOT_CONNECTED);
1755 goto failed;
1756 }
1757
1758 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1759 struct mgmt_cp_pin_code_neg_reply ncp;
1760
1761 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1762
1763 BT_ERR("PIN code is not 16 bytes long");
1764
1765 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1766 if (err >= 0)
1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1768 MGMT_STATUS_INVALID_PARAMS);
1769
1770 goto failed;
1771 }
1772
1773 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1774 if (!cmd) {
1775 err = -ENOMEM;
1776 goto failed;
1777 }
1778
1779 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1780 reply.pin_len = cp->pin_len;
1781 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1782
1783 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1784 if (err < 0)
1785 mgmt_pending_remove(cmd);
1786
1787 failed:
1788 hci_dev_unlock(hdev);
1789 return err;
1790 }
1791
1792 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1793 u16 len)
1794 {
1795 struct mgmt_cp_set_io_capability *cp = data;
1796
1797 BT_DBG("");
1798
1799 hci_dev_lock(hdev);
1800
1801 hdev->io_capability = cp->io_capability;
1802
1803 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1804 hdev->io_capability);
1805
1806 hci_dev_unlock(hdev);
1807
1808 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1809 0);
1810 }
1811
1812 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1813 {
1814 struct hci_dev *hdev = conn->hdev;
1815 struct pending_cmd *cmd;
1816
1817 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1818 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1819 continue;
1820
1821 if (cmd->user_data != conn)
1822 continue;
1823
1824 return cmd;
1825 }
1826
1827 return NULL;
1828 }
1829
1830 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1831 {
1832 struct mgmt_rp_pair_device rp;
1833 struct hci_conn *conn = cmd->user_data;
1834
1835 bacpy(&rp.addr.bdaddr, &conn->dst);
1836 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1837
1838 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1839 &rp, sizeof(rp));
1840
1841 /* So we don't get further callbacks for this connection */
1842 conn->connect_cfm_cb = NULL;
1843 conn->security_cfm_cb = NULL;
1844 conn->disconn_cfm_cb = NULL;
1845
1846 hci_conn_put(conn);
1847
1848 mgmt_pending_remove(cmd);
1849 }
1850
1851 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1852 {
1853 struct pending_cmd *cmd;
1854
1855 BT_DBG("status %u", status);
1856
1857 cmd = find_pairing(conn);
1858 if (!cmd)
1859 BT_DBG("Unable to find a pending command");
1860 else
1861 pairing_complete(cmd, mgmt_status(status));
1862 }
1863
1864 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1865 {
1866 struct pending_cmd *cmd;
1867
1868 BT_DBG("status %u", status);
1869
1870 if (!status)
1871 return;
1872
1873 cmd = find_pairing(conn);
1874 if (!cmd)
1875 BT_DBG("Unable to find a pending command");
1876 else
1877 pairing_complete(cmd, mgmt_status(status));
1878 }
1879
1880 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1881 u16 len)
1882 {
1883 struct mgmt_cp_pair_device *cp = data;
1884 struct mgmt_rp_pair_device rp;
1885 struct pending_cmd *cmd;
1886 u8 sec_level, auth_type;
1887 struct hci_conn *conn;
1888 int err;
1889
1890 BT_DBG("");
1891
1892 hci_dev_lock(hdev);
1893
1894 if (!hdev_is_powered(hdev)) {
1895 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1896 MGMT_STATUS_NOT_POWERED);
1897 goto unlock;
1898 }
1899
1900 sec_level = BT_SECURITY_MEDIUM;
1901 if (cp->io_cap == 0x03)
1902 auth_type = HCI_AT_DEDICATED_BONDING;
1903 else
1904 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1905
1906 if (cp->addr.type == BDADDR_BREDR)
1907 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1908 cp->addr.type, sec_level, auth_type);
1909 else
1910 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1911 cp->addr.type, sec_level, auth_type);
1912
1913 memset(&rp, 0, sizeof(rp));
1914 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1915 rp.addr.type = cp->addr.type;
1916
1917 if (IS_ERR(conn)) {
1918 int status;
1919
1920 if (PTR_ERR(conn) == -EBUSY)
1921 status = MGMT_STATUS_BUSY;
1922 else
1923 status = MGMT_STATUS_CONNECT_FAILED;
1924
1925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1926 status, &rp,
1927 sizeof(rp));
1928 goto unlock;
1929 }
1930
1931 if (conn->connect_cfm_cb) {
1932 hci_conn_put(conn);
1933 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1934 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1935 goto unlock;
1936 }
1937
1938 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1939 if (!cmd) {
1940 err = -ENOMEM;
1941 hci_conn_put(conn);
1942 goto unlock;
1943 }
1944
1945 /* For LE, just connecting isn't a proof that the pairing finished */
1946 if (cp->addr.type == BDADDR_BREDR)
1947 conn->connect_cfm_cb = pairing_complete_cb;
1948 else
1949 conn->connect_cfm_cb = le_connect_complete_cb;
1950
1951 conn->security_cfm_cb = pairing_complete_cb;
1952 conn->disconn_cfm_cb = pairing_complete_cb;
1953 conn->io_capability = cp->io_cap;
1954 cmd->user_data = conn;
1955
1956 if (conn->state == BT_CONNECTED &&
1957 hci_conn_security(conn, sec_level, auth_type))
1958 pairing_complete(cmd, 0);
1959
1960 err = 0;
1961
1962 unlock:
1963 hci_dev_unlock(hdev);
1964 return err;
1965 }
1966
1967 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1968 u16 len)
1969 {
1970 struct mgmt_addr_info *addr = data;
1971 struct pending_cmd *cmd;
1972 struct hci_conn *conn;
1973 int err;
1974
1975 BT_DBG("");
1976
1977 hci_dev_lock(hdev);
1978
1979 if (!hdev_is_powered(hdev)) {
1980 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1981 MGMT_STATUS_NOT_POWERED);
1982 goto unlock;
1983 }
1984
1985 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1986 if (!cmd) {
1987 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1988 MGMT_STATUS_INVALID_PARAMS);
1989 goto unlock;
1990 }
1991
1992 conn = cmd->user_data;
1993
1994 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1995 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1996 MGMT_STATUS_INVALID_PARAMS);
1997 goto unlock;
1998 }
1999
2000 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2001
2002 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2003 addr, sizeof(*addr));
2004 unlock:
2005 hci_dev_unlock(hdev);
2006 return err;
2007 }
2008
2009 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2010 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2011 u16 hci_op, __le32 passkey)
2012 {
2013 struct pending_cmd *cmd;
2014 struct hci_conn *conn;
2015 int err;
2016
2017 hci_dev_lock(hdev);
2018
2019 if (!hdev_is_powered(hdev)) {
2020 err = cmd_status(sk, hdev->id, mgmt_op,
2021 MGMT_STATUS_NOT_POWERED);
2022 goto done;
2023 }
2024
2025 if (type == BDADDR_BREDR)
2026 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2027 else
2028 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2029
2030 if (!conn) {
2031 err = cmd_status(sk, hdev->id, mgmt_op,
2032 MGMT_STATUS_NOT_CONNECTED);
2033 goto done;
2034 }
2035
2036 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2037 /* Continue with pairing via SMP */
2038 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2039
2040 if (!err)
2041 err = cmd_status(sk, hdev->id, mgmt_op,
2042 MGMT_STATUS_SUCCESS);
2043 else
2044 err = cmd_status(sk, hdev->id, mgmt_op,
2045 MGMT_STATUS_FAILED);
2046
2047 goto done;
2048 }
2049
2050 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2051 if (!cmd) {
2052 err = -ENOMEM;
2053 goto done;
2054 }
2055
2056 /* Continue with pairing via HCI */
2057 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2058 struct hci_cp_user_passkey_reply cp;
2059
2060 bacpy(&cp.bdaddr, bdaddr);
2061 cp.passkey = passkey;
2062 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2063 } else
2064 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2065
2066 if (err < 0)
2067 mgmt_pending_remove(cmd);
2068
2069 done:
2070 hci_dev_unlock(hdev);
2071 return err;
2072 }
2073
2074 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2075 void *data, u16 len)
2076 {
2077 struct mgmt_cp_pin_code_neg_reply *cp = data;
2078
2079 BT_DBG("");
2080
2081 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2082 MGMT_OP_PIN_CODE_NEG_REPLY,
2083 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2084 }
2085
2086 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2087 u16 len)
2088 {
2089 struct mgmt_cp_user_confirm_reply *cp = data;
2090
2091 BT_DBG("");
2092
2093 if (len != sizeof(*cp))
2094 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2095 MGMT_STATUS_INVALID_PARAMS);
2096
2097 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2098 MGMT_OP_USER_CONFIRM_REPLY,
2099 HCI_OP_USER_CONFIRM_REPLY, 0);
2100 }
2101
2102 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2103 void *data, u16 len)
2104 {
2105 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2106
2107 BT_DBG("");
2108
2109 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2110 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2111 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2112 }
2113
2114 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2115 u16 len)
2116 {
2117 struct mgmt_cp_user_passkey_reply *cp = data;
2118
2119 BT_DBG("");
2120
2121 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2122 MGMT_OP_USER_PASSKEY_REPLY,
2123 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2124 }
2125
2126 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2127 void *data, u16 len)
2128 {
2129 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2130
2131 BT_DBG("");
2132
2133 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2134 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2135 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2136 }
2137
2138 static int update_name(struct hci_dev *hdev, const char *name)
2139 {
2140 struct hci_cp_write_local_name cp;
2141
2142 memcpy(cp.name, name, sizeof(cp.name));
2143
2144 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2145 }
2146
2147 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2148 u16 len)
2149 {
2150 struct mgmt_cp_set_local_name *cp = data;
2151 struct pending_cmd *cmd;
2152 int err;
2153
2154 BT_DBG("");
2155
2156 hci_dev_lock(hdev);
2157
2158 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2159
2160 if (!hdev_is_powered(hdev)) {
2161 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2162
2163 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2164 data, len);
2165 if (err < 0)
2166 goto failed;
2167
2168 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2169 sk);
2170
2171 goto failed;
2172 }
2173
2174 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2175 if (!cmd) {
2176 err = -ENOMEM;
2177 goto failed;
2178 }
2179
2180 err = update_name(hdev, cp->name);
2181 if (err < 0)
2182 mgmt_pending_remove(cmd);
2183
2184 failed:
2185 hci_dev_unlock(hdev);
2186 return err;
2187 }
2188
2189 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2190 void *data, u16 data_len)
2191 {
2192 struct pending_cmd *cmd;
2193 int err;
2194
2195 BT_DBG("%s", hdev->name);
2196
2197 hci_dev_lock(hdev);
2198
2199 if (!hdev_is_powered(hdev)) {
2200 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2201 MGMT_STATUS_NOT_POWERED);
2202 goto unlock;
2203 }
2204
2205 if (!lmp_ssp_capable(hdev)) {
2206 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2207 MGMT_STATUS_NOT_SUPPORTED);
2208 goto unlock;
2209 }
2210
2211 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2212 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2213 MGMT_STATUS_BUSY);
2214 goto unlock;
2215 }
2216
2217 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2218 if (!cmd) {
2219 err = -ENOMEM;
2220 goto unlock;
2221 }
2222
2223 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2224 if (err < 0)
2225 mgmt_pending_remove(cmd);
2226
2227 unlock:
2228 hci_dev_unlock(hdev);
2229 return err;
2230 }
2231
2232 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2233 void *data, u16 len)
2234 {
2235 struct mgmt_cp_add_remote_oob_data *cp = data;
2236 u8 status;
2237 int err;
2238
2239 BT_DBG("%s ", hdev->name);
2240
2241 hci_dev_lock(hdev);
2242
2243 if (!hdev_is_powered(hdev)) {
2244 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED, &cp->addr,
2246 sizeof(cp->addr));
2247 goto unlock;
2248 }
2249
2250 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2251 cp->randomizer);
2252 if (err < 0)
2253 status = MGMT_STATUS_FAILED;
2254 else
2255 status = 0;
2256
2257 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2258 &cp->addr, sizeof(cp->addr));
2259
2260 unlock:
2261 hci_dev_unlock(hdev);
2262 return err;
2263 }
2264
2265 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2266 void *data, u16 len)
2267 {
2268 struct mgmt_cp_remove_remote_oob_data *cp = data;
2269 u8 status;
2270 int err;
2271
2272 BT_DBG("%s", hdev->name);
2273
2274 hci_dev_lock(hdev);
2275
2276 if (!hdev_is_powered(hdev)) {
2277 err = cmd_complete(sk, hdev->id,
2278 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2279 MGMT_STATUS_NOT_POWERED, &cp->addr,
2280 sizeof(cp->addr));
2281 goto unlock;
2282 }
2283
2284 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2285 if (err < 0)
2286 status = MGMT_STATUS_INVALID_PARAMS;
2287 else
2288 status = 0;
2289
2290 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2291 status, &cp->addr, sizeof(cp->addr));
2292
2293 unlock:
2294 hci_dev_unlock(hdev);
2295 return err;
2296 }
2297
2298 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2299 {
2300 int err;
2301
2302 BT_DBG("%s", hdev->name);
2303
2304 hci_dev_lock(hdev);
2305
2306 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2307 if (err < 0)
2308 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2309
2310 hci_dev_unlock(hdev);
2311
2312 return err;
2313 }
2314
2315 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2316 void *data, u16 len)
2317 {
2318 struct mgmt_cp_start_discovery *cp = data;
2319 struct pending_cmd *cmd;
2320 int err;
2321
2322 BT_DBG("%s", hdev->name);
2323
2324 hci_dev_lock(hdev);
2325
2326 if (!hdev_is_powered(hdev)) {
2327 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2328 MGMT_STATUS_NOT_POWERED);
2329 goto failed;
2330 }
2331
2332 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2333 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2334 MGMT_STATUS_BUSY);
2335 goto failed;
2336 }
2337
2338 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2339 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2340 MGMT_STATUS_BUSY);
2341 goto failed;
2342 }
2343
2344 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2345 if (!cmd) {
2346 err = -ENOMEM;
2347 goto failed;
2348 }
2349
2350 hdev->discovery.type = cp->type;
2351
2352 switch (hdev->discovery.type) {
2353 case DISCOV_TYPE_BREDR:
2354 if (lmp_bredr_capable(hdev))
2355 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2356 else
2357 err = -ENOTSUPP;
2358 break;
2359
2360 case DISCOV_TYPE_LE:
2361 if (lmp_host_le_capable(hdev))
2362 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2363 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2364 else
2365 err = -ENOTSUPP;
2366 break;
2367
2368 case DISCOV_TYPE_INTERLEAVED:
2369 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2370 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2371 LE_SCAN_WIN,
2372 LE_SCAN_TIMEOUT_BREDR_LE);
2373 else
2374 err = -ENOTSUPP;
2375 break;
2376
2377 default:
2378 err = -EINVAL;
2379 }
2380
2381 if (err < 0)
2382 mgmt_pending_remove(cmd);
2383 else
2384 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2385
2386 failed:
2387 hci_dev_unlock(hdev);
2388 return err;
2389 }
2390
2391 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2392 u16 len)
2393 {
2394 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2395 struct pending_cmd *cmd;
2396 struct hci_cp_remote_name_req_cancel cp;
2397 struct inquiry_entry *e;
2398 int err;
2399
2400 BT_DBG("%s", hdev->name);
2401
2402 hci_dev_lock(hdev);
2403
2404 if (!hci_discovery_active(hdev)) {
2405 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2406 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2407 sizeof(mgmt_cp->type));
2408 goto unlock;
2409 }
2410
2411 if (hdev->discovery.type != mgmt_cp->type) {
2412 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2413 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2414 sizeof(mgmt_cp->type));
2415 goto unlock;
2416 }
2417
2418 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2419 if (!cmd) {
2420 err = -ENOMEM;
2421 goto unlock;
2422 }
2423
2424 switch (hdev->discovery.state) {
2425 case DISCOVERY_FINDING:
2426 if (test_bit(HCI_INQUIRY, &hdev->flags))
2427 err = hci_cancel_inquiry(hdev);
2428 else
2429 err = hci_cancel_le_scan(hdev);
2430
2431 break;
2432
2433 case DISCOVERY_RESOLVING:
2434 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2435 NAME_PENDING);
2436 if (!e) {
2437 mgmt_pending_remove(cmd);
2438 err = cmd_complete(sk, hdev->id,
2439 MGMT_OP_STOP_DISCOVERY, 0,
2440 &mgmt_cp->type,
2441 sizeof(mgmt_cp->type));
2442 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2443 goto unlock;
2444 }
2445
2446 bacpy(&cp.bdaddr, &e->data.bdaddr);
2447 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2448 sizeof(cp), &cp);
2449
2450 break;
2451
2452 default:
2453 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2454 err = -EFAULT;
2455 }
2456
2457 if (err < 0)
2458 mgmt_pending_remove(cmd);
2459 else
2460 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2461
2462 unlock:
2463 hci_dev_unlock(hdev);
2464 return err;
2465 }
2466
2467 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2468 u16 len)
2469 {
2470 struct mgmt_cp_confirm_name *cp = data;
2471 struct inquiry_entry *e;
2472 int err;
2473
2474 BT_DBG("%s", hdev->name);
2475
2476 hci_dev_lock(hdev);
2477
2478 if (!hci_discovery_active(hdev)) {
2479 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2480 MGMT_STATUS_FAILED);
2481 goto failed;
2482 }
2483
2484 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2485 if (!e) {
2486 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2487 MGMT_STATUS_INVALID_PARAMS);
2488 goto failed;
2489 }
2490
2491 if (cp->name_known) {
2492 e->name_state = NAME_KNOWN;
2493 list_del(&e->list);
2494 } else {
2495 e->name_state = NAME_NEEDED;
2496 hci_inquiry_cache_update_resolve(hdev, e);
2497 }
2498
2499 err = 0;
2500
2501 failed:
2502 hci_dev_unlock(hdev);
2503 return err;
2504 }
2505
2506 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2507 u16 len)
2508 {
2509 struct mgmt_cp_block_device *cp = data;
2510 u8 status;
2511 int err;
2512
2513 BT_DBG("%s", hdev->name);
2514
2515 hci_dev_lock(hdev);
2516
2517 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2518 if (err < 0)
2519 status = MGMT_STATUS_FAILED;
2520 else
2521 status = 0;
2522
2523 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2524 &cp->addr, sizeof(cp->addr));
2525
2526 hci_dev_unlock(hdev);
2527
2528 return err;
2529 }
2530
2531 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2532 u16 len)
2533 {
2534 struct mgmt_cp_unblock_device *cp = data;
2535 u8 status;
2536 int err;
2537
2538 BT_DBG("%s", hdev->name);
2539
2540 hci_dev_lock(hdev);
2541
2542 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2543 if (err < 0)
2544 status = MGMT_STATUS_INVALID_PARAMS;
2545 else
2546 status = 0;
2547
2548 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2549 &cp->addr, sizeof(cp->addr));
2550
2551 hci_dev_unlock(hdev);
2552
2553 return err;
2554 }
2555
2556 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2557 u16 len)
2558 {
2559 struct mgmt_cp_set_device_id *cp = data;
2560 int err;
2561 __u16 source;
2562
2563 BT_DBG("%s", hdev->name);
2564
2565 source = __le16_to_cpu(cp->source);
2566
2567 if (source > 0x0002)
2568 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2569 MGMT_STATUS_INVALID_PARAMS);
2570
2571 hci_dev_lock(hdev);
2572
2573 hdev->devid_source = source;
2574 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2575 hdev->devid_product = __le16_to_cpu(cp->product);
2576 hdev->devid_version = __le16_to_cpu(cp->version);
2577
2578 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2579
2580 update_eir(hdev);
2581
2582 hci_dev_unlock(hdev);
2583
2584 return err;
2585 }
2586
2587 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2588 void *data, u16 len)
2589 {
2590 struct mgmt_mode *cp = data;
2591 struct hci_cp_write_page_scan_activity acp;
2592 u8 type;
2593 int err;
2594
2595 BT_DBG("%s", hdev->name);
2596
2597 if (!hdev_is_powered(hdev))
2598 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2599 MGMT_STATUS_NOT_POWERED);
2600
2601 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2602 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2603 MGMT_STATUS_REJECTED);
2604
2605 hci_dev_lock(hdev);
2606
2607 if (cp->val) {
2608 type = PAGE_SCAN_TYPE_INTERLACED;
2609
2610 /* 160 msec page scan interval */
2611 acp.interval = __constant_cpu_to_le16(0x0100);
2612 } else {
2613 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2614
2615 /* default 1.28 sec page scan */
2616 acp.interval = __constant_cpu_to_le16(0x0800);
2617 }
2618
2619 /* default 11.25 msec page scan window */
2620 acp.window = __constant_cpu_to_le16(0x0012);
2621
2622 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2623 &acp);
2624 if (err < 0) {
2625 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2626 MGMT_STATUS_FAILED);
2627 goto done;
2628 }
2629
2630 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2631 if (err < 0) {
2632 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2633 MGMT_STATUS_FAILED);
2634 goto done;
2635 }
2636
2637 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2638 NULL, 0);
2639 done:
2640 hci_dev_unlock(hdev);
2641 return err;
2642 }
2643
2644 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2645 void *cp_data, u16 len)
2646 {
2647 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2648 u16 key_count, expected_len;
2649 int i;
2650
2651 key_count = __le16_to_cpu(cp->key_count);
2652
2653 expected_len = sizeof(*cp) + key_count *
2654 sizeof(struct mgmt_ltk_info);
2655 if (expected_len != len) {
2656 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2657 len, expected_len);
2658 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2659 EINVAL);
2660 }
2661
2662 BT_DBG("%s key_count %u", hdev->name, key_count);
2663
2664 hci_dev_lock(hdev);
2665
2666 hci_smp_ltks_clear(hdev);
2667
2668 for (i = 0; i < key_count; i++) {
2669 struct mgmt_ltk_info *key = &cp->keys[i];
2670 u8 type;
2671
2672 if (key->master)
2673 type = HCI_SMP_LTK;
2674 else
2675 type = HCI_SMP_LTK_SLAVE;
2676
2677 hci_add_ltk(hdev, &key->addr.bdaddr,
2678 bdaddr_to_le(key->addr.type),
2679 type, 0, key->authenticated, key->val,
2680 key->enc_size, key->ediv, key->rand);
2681 }
2682
2683 hci_dev_unlock(hdev);
2684
2685 return 0;
2686 }
2687
2688 static const struct mgmt_handler {
2689 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2690 u16 data_len);
2691 bool var_len;
2692 size_t data_len;
2693 } mgmt_handlers[] = {
2694 { NULL }, /* 0x0000 (no command) */
2695 { read_version, false, MGMT_READ_VERSION_SIZE },
2696 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2697 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2698 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2699 { set_powered, false, MGMT_SETTING_SIZE },
2700 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2701 { set_connectable, false, MGMT_SETTING_SIZE },
2702 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2703 { set_pairable, false, MGMT_SETTING_SIZE },
2704 { set_link_security, false, MGMT_SETTING_SIZE },
2705 { set_ssp, false, MGMT_SETTING_SIZE },
2706 { set_hs, false, MGMT_SETTING_SIZE },
2707 { set_le, false, MGMT_SETTING_SIZE },
2708 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2709 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2710 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2711 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2712 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2713 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2714 { disconnect, false, MGMT_DISCONNECT_SIZE },
2715 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2716 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2717 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2718 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2719 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2720 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2721 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2722 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2723 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2724 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2725 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2726 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2727 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2728 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2729 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2730 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2731 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2732 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2733 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2734 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2735 };
2736
2737
2738 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2739 {
2740 void *buf;
2741 u8 *cp;
2742 struct mgmt_hdr *hdr;
2743 u16 opcode, index, len;
2744 struct hci_dev *hdev = NULL;
2745 const struct mgmt_handler *handler;
2746 int err;
2747
2748 BT_DBG("got %zu bytes", msglen);
2749
2750 if (msglen < sizeof(*hdr))
2751 return -EINVAL;
2752
2753 buf = kmalloc(msglen, GFP_KERNEL);
2754 if (!buf)
2755 return -ENOMEM;
2756
2757 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2758 err = -EFAULT;
2759 goto done;
2760 }
2761
2762 hdr = buf;
2763 opcode = __le16_to_cpu(hdr->opcode);
2764 index = __le16_to_cpu(hdr->index);
2765 len = __le16_to_cpu(hdr->len);
2766
2767 if (len != msglen - sizeof(*hdr)) {
2768 err = -EINVAL;
2769 goto done;
2770 }
2771
2772 if (index != MGMT_INDEX_NONE) {
2773 hdev = hci_dev_get(index);
2774 if (!hdev) {
2775 err = cmd_status(sk, index, opcode,
2776 MGMT_STATUS_INVALID_INDEX);
2777 goto done;
2778 }
2779 }
2780
2781 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2782 mgmt_handlers[opcode].func == NULL) {
2783 BT_DBG("Unknown op %u", opcode);
2784 err = cmd_status(sk, index, opcode,
2785 MGMT_STATUS_UNKNOWN_COMMAND);
2786 goto done;
2787 }
2788
2789 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2790 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2791 err = cmd_status(sk, index, opcode,
2792 MGMT_STATUS_INVALID_INDEX);
2793 goto done;
2794 }
2795
2796 handler = &mgmt_handlers[opcode];
2797
2798 if ((handler->var_len && len < handler->data_len) ||
2799 (!handler->var_len && len != handler->data_len)) {
2800 err = cmd_status(sk, index, opcode,
2801 MGMT_STATUS_INVALID_PARAMS);
2802 goto done;
2803 }
2804
2805 if (hdev)
2806 mgmt_init_hdev(sk, hdev);
2807
2808 cp = buf + sizeof(*hdr);
2809
2810 err = handler->func(sk, hdev, cp, len);
2811 if (err < 0)
2812 goto done;
2813
2814 err = msglen;
2815
2816 done:
2817 if (hdev)
2818 hci_dev_put(hdev);
2819
2820 kfree(buf);
2821 return err;
2822 }
2823
2824 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2825 {
2826 u8 *status = data;
2827
2828 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2829 mgmt_pending_remove(cmd);
2830 }
2831
2832 int mgmt_index_added(struct hci_dev *hdev)
2833 {
2834 if (!mgmt_valid_hdev(hdev))
2835 return -ENOTSUPP;
2836
2837 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2838 }
2839
2840 int mgmt_index_removed(struct hci_dev *hdev)
2841 {
2842 u8 status = MGMT_STATUS_INVALID_INDEX;
2843
2844 if (!mgmt_valid_hdev(hdev))
2845 return -ENOTSUPP;
2846
2847 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2848
2849 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2850 }
2851
2852 struct cmd_lookup {
2853 struct sock *sk;
2854 struct hci_dev *hdev;
2855 u8 mgmt_status;
2856 };
2857
2858 static void settings_rsp(struct pending_cmd *cmd, void *data)
2859 {
2860 struct cmd_lookup *match = data;
2861
2862 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2863
2864 list_del(&cmd->list);
2865
2866 if (match->sk == NULL) {
2867 match->sk = cmd->sk;
2868 sock_hold(match->sk);
2869 }
2870
2871 mgmt_pending_free(cmd);
2872 }
2873
2874 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2875 {
2876 struct cmd_lookup match = { NULL, hdev };
2877 int err;
2878
2879 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2880 return 0;
2881
2882 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2883
2884 if (powered) {
2885 u8 scan = 0;
2886
2887 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2888 scan |= SCAN_PAGE;
2889 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2890 scan |= SCAN_INQUIRY;
2891
2892 if (scan)
2893 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2894
2895 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2896 u8 ssp = 1;
2897
2898 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2899 }
2900
2901 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2902 struct hci_cp_write_le_host_supported cp;
2903
2904 cp.le = 1;
2905 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2906
2907 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2908 sizeof(cp), &cp);
2909 }
2910
2911 update_class(hdev);
2912 update_name(hdev, hdev->dev_name);
2913 update_eir(hdev);
2914 } else {
2915 u8 status = MGMT_STATUS_NOT_POWERED;
2916 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2917 }
2918
2919 err = new_settings(hdev, match.sk);
2920
2921 if (match.sk)
2922 sock_put(match.sk);
2923
2924 return err;
2925 }
2926
2927 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2928 {
2929 struct cmd_lookup match = { NULL, hdev };
2930 bool changed = false;
2931 int err = 0;
2932
2933 if (discoverable) {
2934 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2935 changed = true;
2936 } else {
2937 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2938 changed = true;
2939 }
2940
2941 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2942 &match);
2943
2944 if (changed)
2945 err = new_settings(hdev, match.sk);
2946
2947 if (match.sk)
2948 sock_put(match.sk);
2949
2950 return err;
2951 }
2952
2953 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2954 {
2955 struct cmd_lookup match = { NULL, hdev };
2956 bool changed = false;
2957 int err = 0;
2958
2959 if (connectable) {
2960 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2961 changed = true;
2962 } else {
2963 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2964 changed = true;
2965 }
2966
2967 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2968 &match);
2969
2970 if (changed)
2971 err = new_settings(hdev, match.sk);
2972
2973 if (match.sk)
2974 sock_put(match.sk);
2975
2976 return err;
2977 }
2978
2979 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2980 {
2981 u8 mgmt_err = mgmt_status(status);
2982
2983 if (scan & SCAN_PAGE)
2984 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2985 cmd_status_rsp, &mgmt_err);
2986
2987 if (scan & SCAN_INQUIRY)
2988 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2989 cmd_status_rsp, &mgmt_err);
2990
2991 return 0;
2992 }
2993
2994 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2995 bool persistent)
2996 {
2997 struct mgmt_ev_new_link_key ev;
2998
2999 memset(&ev, 0, sizeof(ev));
3000
3001 ev.store_hint = persistent;
3002 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3003 ev.key.addr.type = BDADDR_BREDR;
3004 ev.key.type = key->type;
3005 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3006 ev.key.pin_len = key->pin_len;
3007
3008 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3009 }
3010
3011 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3012 {
3013 struct mgmt_ev_new_long_term_key ev;
3014
3015 memset(&ev, 0, sizeof(ev));
3016
3017 ev.store_hint = persistent;
3018 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3019 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3020 ev.key.authenticated = key->authenticated;
3021 ev.key.enc_size = key->enc_size;
3022 ev.key.ediv = key->ediv;
3023
3024 if (key->type == HCI_SMP_LTK)
3025 ev.key.master = 1;
3026
3027 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3028 memcpy(ev.key.val, key->val, sizeof(key->val));
3029
3030 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3031 NULL);
3032 }
3033
3034 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3035 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3036 u8 *dev_class)
3037 {
3038 char buf[512];
3039 struct mgmt_ev_device_connected *ev = (void *) buf;
3040 u16 eir_len = 0;
3041
3042 bacpy(&ev->addr.bdaddr, bdaddr);
3043 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3044
3045 ev->flags = __cpu_to_le32(flags);
3046
3047 if (name_len > 0)
3048 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3049 name, name_len);
3050
3051 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3052 eir_len = eir_append_data(ev->eir, eir_len,
3053 EIR_CLASS_OF_DEV, dev_class, 3);
3054
3055 ev->eir_len = cpu_to_le16(eir_len);
3056
3057 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3058 sizeof(*ev) + eir_len, NULL);
3059 }
3060
3061 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3062 {
3063 struct mgmt_cp_disconnect *cp = cmd->param;
3064 struct sock **sk = data;
3065 struct mgmt_rp_disconnect rp;
3066
3067 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3068 rp.addr.type = cp->addr.type;
3069
3070 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3071 sizeof(rp));
3072
3073 *sk = cmd->sk;
3074 sock_hold(*sk);
3075
3076 mgmt_pending_remove(cmd);
3077 }
3078
3079 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3080 {
3081 struct hci_dev *hdev = data;
3082 struct mgmt_cp_unpair_device *cp = cmd->param;
3083 struct mgmt_rp_unpair_device rp;
3084
3085 memset(&rp, 0, sizeof(rp));
3086 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3087 rp.addr.type = cp->addr.type;
3088
3089 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3090
3091 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3092
3093 mgmt_pending_remove(cmd);
3094 }
3095
3096 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3097 u8 link_type, u8 addr_type, u8 reason)
3098 {
3099 struct mgmt_ev_device_disconnected ev;
3100 struct sock *sk = NULL;
3101 int err;
3102
3103 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3104
3105 bacpy(&ev.addr.bdaddr, bdaddr);
3106 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3107 ev.reason = reason;
3108
3109 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3110 sk);
3111
3112 if (sk)
3113 sock_put(sk);
3114
3115 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3116 hdev);
3117
3118 return err;
3119 }
3120
3121 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3122 u8 link_type, u8 addr_type, u8 status)
3123 {
3124 struct mgmt_rp_disconnect rp;
3125 struct pending_cmd *cmd;
3126 int err;
3127
3128 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3129 hdev);
3130
3131 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3132 if (!cmd)
3133 return -ENOENT;
3134
3135 bacpy(&rp.addr.bdaddr, bdaddr);
3136 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3137
3138 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3139 mgmt_status(status), &rp, sizeof(rp));
3140
3141 mgmt_pending_remove(cmd);
3142
3143 return err;
3144 }
3145
3146 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3147 u8 addr_type, u8 status)
3148 {
3149 struct mgmt_ev_connect_failed ev;
3150
3151 bacpy(&ev.addr.bdaddr, bdaddr);
3152 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3153 ev.status = mgmt_status(status);
3154
3155 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3156 }
3157
3158 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3159 {
3160 struct mgmt_ev_pin_code_request ev;
3161
3162 bacpy(&ev.addr.bdaddr, bdaddr);
3163 ev.addr.type = BDADDR_BREDR;
3164 ev.secure = secure;
3165
3166 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3167 NULL);
3168 }
3169
3170 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3171 u8 status)
3172 {
3173 struct pending_cmd *cmd;
3174 struct mgmt_rp_pin_code_reply rp;
3175 int err;
3176
3177 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3178 if (!cmd)
3179 return -ENOENT;
3180
3181 bacpy(&rp.addr.bdaddr, bdaddr);
3182 rp.addr.type = BDADDR_BREDR;
3183
3184 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3185 mgmt_status(status), &rp, sizeof(rp));
3186
3187 mgmt_pending_remove(cmd);
3188
3189 return err;
3190 }
3191
3192 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3193 u8 status)
3194 {
3195 struct pending_cmd *cmd;
3196 struct mgmt_rp_pin_code_reply rp;
3197 int err;
3198
3199 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3200 if (!cmd)
3201 return -ENOENT;
3202
3203 bacpy(&rp.addr.bdaddr, bdaddr);
3204 rp.addr.type = BDADDR_BREDR;
3205
3206 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3207 mgmt_status(status), &rp, sizeof(rp));
3208
3209 mgmt_pending_remove(cmd);
3210
3211 return err;
3212 }
3213
3214 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3215 u8 link_type, u8 addr_type, __le32 value,
3216 u8 confirm_hint)
3217 {
3218 struct mgmt_ev_user_confirm_request ev;
3219
3220 BT_DBG("%s", hdev->name);
3221
3222 bacpy(&ev.addr.bdaddr, bdaddr);
3223 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3224 ev.confirm_hint = confirm_hint;
3225 ev.value = value;
3226
3227 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3228 NULL);
3229 }
3230
3231 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3232 u8 link_type, u8 addr_type)
3233 {
3234 struct mgmt_ev_user_passkey_request ev;
3235
3236 BT_DBG("%s", hdev->name);
3237
3238 bacpy(&ev.addr.bdaddr, bdaddr);
3239 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3240
3241 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3242 NULL);
3243 }
3244
3245 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3246 u8 link_type, u8 addr_type, u8 status,
3247 u8 opcode)
3248 {
3249 struct pending_cmd *cmd;
3250 struct mgmt_rp_user_confirm_reply rp;
3251 int err;
3252
3253 cmd = mgmt_pending_find(opcode, hdev);
3254 if (!cmd)
3255 return -ENOENT;
3256
3257 bacpy(&rp.addr.bdaddr, bdaddr);
3258 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3259 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3260 &rp, sizeof(rp));
3261
3262 mgmt_pending_remove(cmd);
3263
3264 return err;
3265 }
3266
3267 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3268 u8 link_type, u8 addr_type, u8 status)
3269 {
3270 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3271 status, MGMT_OP_USER_CONFIRM_REPLY);
3272 }
3273
3274 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3275 u8 link_type, u8 addr_type, u8 status)
3276 {
3277 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3278 status,
3279 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3280 }
3281
3282 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3283 u8 link_type, u8 addr_type, u8 status)
3284 {
3285 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3286 status, MGMT_OP_USER_PASSKEY_REPLY);
3287 }
3288
3289 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3290 u8 link_type, u8 addr_type, u8 status)
3291 {
3292 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3293 status,
3294 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3295 }
3296
3297 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3298 u8 link_type, u8 addr_type, u32 passkey,
3299 u8 entered)
3300 {
3301 struct mgmt_ev_passkey_notify ev;
3302
3303 BT_DBG("%s", hdev->name);
3304
3305 bacpy(&ev.addr.bdaddr, bdaddr);
3306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3307 ev.passkey = __cpu_to_le32(passkey);
3308 ev.entered = entered;
3309
3310 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3311 }
3312
3313 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3314 u8 addr_type, u8 status)
3315 {
3316 struct mgmt_ev_auth_failed ev;
3317
3318 bacpy(&ev.addr.bdaddr, bdaddr);
3319 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3320 ev.status = mgmt_status(status);
3321
3322 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3323 }
3324
3325 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3326 {
3327 struct cmd_lookup match = { NULL, hdev };
3328 bool changed = false;
3329 int err = 0;
3330
3331 if (status) {
3332 u8 mgmt_err = mgmt_status(status);
3333 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3334 cmd_status_rsp, &mgmt_err);
3335 return 0;
3336 }
3337
3338 if (test_bit(HCI_AUTH, &hdev->flags)) {
3339 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3340 changed = true;
3341 } else {
3342 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3343 changed = true;
3344 }
3345
3346 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3347 &match);
3348
3349 if (changed)
3350 err = new_settings(hdev, match.sk);
3351
3352 if (match.sk)
3353 sock_put(match.sk);
3354
3355 return err;
3356 }
3357
3358 static int clear_eir(struct hci_dev *hdev)
3359 {
3360 struct hci_cp_write_eir cp;
3361
3362 if (!(hdev->features[6] & LMP_EXT_INQ))
3363 return 0;
3364
3365 memset(hdev->eir, 0, sizeof(hdev->eir));
3366
3367 memset(&cp, 0, sizeof(cp));
3368
3369 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3370 }
3371
3372 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3373 {
3374 struct cmd_lookup match = { NULL, hdev };
3375 bool changed = false;
3376 int err = 0;
3377
3378 if (status) {
3379 u8 mgmt_err = mgmt_status(status);
3380
3381 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3382 &hdev->dev_flags))
3383 err = new_settings(hdev, NULL);
3384
3385 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3386 &mgmt_err);
3387
3388 return err;
3389 }
3390
3391 if (enable) {
3392 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3393 changed = true;
3394 } else {
3395 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3396 changed = true;
3397 }
3398
3399 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3400
3401 if (changed)
3402 err = new_settings(hdev, match.sk);
3403
3404 if (match.sk)
3405 sock_put(match.sk);
3406
3407 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3408 update_eir(hdev);
3409 else
3410 clear_eir(hdev);
3411
3412 return err;
3413 }
3414
3415 static void class_rsp(struct pending_cmd *cmd, void *data)
3416 {
3417 struct cmd_lookup *match = data;
3418
3419 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3420 match->hdev->dev_class, 3);
3421
3422 list_del(&cmd->list);
3423
3424 if (match->sk == NULL) {
3425 match->sk = cmd->sk;
3426 sock_hold(match->sk);
3427 }
3428
3429 mgmt_pending_free(cmd);
3430 }
3431
3432 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3433 u8 status)
3434 {
3435 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3436 int err = 0;
3437
3438 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3439
3440 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3441 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3442 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3443
3444 if (!status)
3445 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3446 3, NULL);
3447
3448 if (match.sk)
3449 sock_put(match.sk);
3450
3451 return err;
3452 }
3453
3454 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3455 {
3456 struct pending_cmd *cmd;
3457 struct mgmt_cp_set_local_name ev;
3458 bool changed = false;
3459 int err = 0;
3460
3461 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3462 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3463 changed = true;
3464 }
3465
3466 memset(&ev, 0, sizeof(ev));
3467 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3468 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3469
3470 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3471 if (!cmd)
3472 goto send_event;
3473
3474 /* Always assume that either the short or the complete name has
3475 * changed if there was a pending mgmt command */
3476 changed = true;
3477
3478 if (status) {
3479 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3480 mgmt_status(status));
3481 goto failed;
3482 }
3483
3484 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3485 sizeof(ev));
3486 if (err < 0)
3487 goto failed;
3488
3489 send_event:
3490 if (changed)
3491 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3492 sizeof(ev), cmd ? cmd->sk : NULL);
3493
3494 update_eir(hdev);
3495
3496 failed:
3497 if (cmd)
3498 mgmt_pending_remove(cmd);
3499 return err;
3500 }
3501
3502 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3503 u8 *randomizer, u8 status)
3504 {
3505 struct pending_cmd *cmd;
3506 int err;
3507
3508 BT_DBG("%s status %u", hdev->name, status);
3509
3510 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3511 if (!cmd)
3512 return -ENOENT;
3513
3514 if (status) {
3515 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3516 mgmt_status(status));
3517 } else {
3518 struct mgmt_rp_read_local_oob_data rp;
3519
3520 memcpy(rp.hash, hash, sizeof(rp.hash));
3521 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3522
3523 err = cmd_complete(cmd->sk, hdev->id,
3524 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3525 sizeof(rp));
3526 }
3527
3528 mgmt_pending_remove(cmd);
3529
3530 return err;
3531 }
3532
3533 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3534 {
3535 struct cmd_lookup match = { NULL, hdev };
3536 bool changed = false;
3537 int err = 0;
3538
3539 if (status) {
3540 u8 mgmt_err = mgmt_status(status);
3541
3542 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3543 &hdev->dev_flags))
3544 err = new_settings(hdev, NULL);
3545
3546 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3547 &mgmt_err);
3548
3549 return err;
3550 }
3551
3552 if (enable) {
3553 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3554 changed = true;
3555 } else {
3556 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3557 changed = true;
3558 }
3559
3560 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3561
3562 if (changed)
3563 err = new_settings(hdev, match.sk);
3564
3565 if (match.sk)
3566 sock_put(match.sk);
3567
3568 return err;
3569 }
3570
3571 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3572 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3573 ssp, u8 *eir, u16 eir_len)
3574 {
3575 char buf[512];
3576 struct mgmt_ev_device_found *ev = (void *) buf;
3577 size_t ev_size;
3578
3579 /* Leave 5 bytes for a potential CoD field */
3580 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3581 return -EINVAL;
3582
3583 memset(buf, 0, sizeof(buf));
3584
3585 bacpy(&ev->addr.bdaddr, bdaddr);
3586 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3587 ev->rssi = rssi;
3588 if (cfm_name)
3589 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3590 if (!ssp)
3591 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3592
3593 if (eir_len > 0)
3594 memcpy(ev->eir, eir, eir_len);
3595
3596 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3597 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3598 dev_class, 3);
3599
3600 ev->eir_len = cpu_to_le16(eir_len);
3601 ev_size = sizeof(*ev) + eir_len;
3602
3603 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3604 }
3605
3606 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3607 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3608 {
3609 struct mgmt_ev_device_found *ev;
3610 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3611 u16 eir_len;
3612
3613 ev = (struct mgmt_ev_device_found *) buf;
3614
3615 memset(buf, 0, sizeof(buf));
3616
3617 bacpy(&ev->addr.bdaddr, bdaddr);
3618 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3619 ev->rssi = rssi;
3620
3621 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3622 name_len);
3623
3624 ev->eir_len = cpu_to_le16(eir_len);
3625
3626 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3627 sizeof(*ev) + eir_len, NULL);
3628 }
3629
3630 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3631 {
3632 struct pending_cmd *cmd;
3633 u8 type;
3634 int err;
3635
3636 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3637
3638 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3639 if (!cmd)
3640 return -ENOENT;
3641
3642 type = hdev->discovery.type;
3643
3644 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3645 &type, sizeof(type));
3646 mgmt_pending_remove(cmd);
3647
3648 return err;
3649 }
3650
3651 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3652 {
3653 struct pending_cmd *cmd;
3654 int err;
3655
3656 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3657 if (!cmd)
3658 return -ENOENT;
3659
3660 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3661 &hdev->discovery.type, sizeof(hdev->discovery.type));
3662 mgmt_pending_remove(cmd);
3663
3664 return err;
3665 }
3666
3667 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3668 {
3669 struct mgmt_ev_discovering ev;
3670 struct pending_cmd *cmd;
3671
3672 BT_DBG("%s discovering %u", hdev->name, discovering);
3673
3674 if (discovering)
3675 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3676 else
3677 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3678
3679 if (cmd != NULL) {
3680 u8 type = hdev->discovery.type;
3681
3682 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3683 sizeof(type));
3684 mgmt_pending_remove(cmd);
3685 }
3686
3687 memset(&ev, 0, sizeof(ev));
3688 ev.type = hdev->discovery.type;
3689 ev.discovering = discovering;
3690
3691 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3692 }
3693
3694 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3695 {
3696 struct pending_cmd *cmd;
3697 struct mgmt_ev_device_blocked ev;
3698
3699 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3700
3701 bacpy(&ev.addr.bdaddr, bdaddr);
3702 ev.addr.type = type;
3703
3704 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3705 cmd ? cmd->sk : NULL);
3706 }
3707
3708 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3709 {
3710 struct pending_cmd *cmd;
3711 struct mgmt_ev_device_unblocked ev;
3712
3713 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3714
3715 bacpy(&ev.addr.bdaddr, bdaddr);
3716 ev.addr.type = type;
3717
3718 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3719 cmd ? cmd->sk : NULL);
3720 }
3721
3722 module_param(enable_hs, bool, 0644);
3723 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
ubuntu-zesty-kernel mirror