]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Use privacy mode for non-connectable advertising
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33
34 #include "smp.h"
35
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 5
38
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_BREDR,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
84 MGMT_OP_SET_PRIVACY,
85 MGMT_OP_LOAD_IRKS,
86 };
87
88 static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
109 MGMT_EV_PASSKEY_NOTIFY,
110 MGMT_EV_NEW_IRK,
111 };
112
113 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
114
115 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
118 struct pending_cmd {
119 struct list_head list;
120 u16 opcode;
121 int index;
122 void *param;
123 struct sock *sk;
124 void *user_data;
125 };
126
127 /* HCI to MGMT error code conversion table */
128 static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190 };
191
192 static u8 mgmt_status(u8 hci_status)
193 {
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198 }
199
200 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 {
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
205 int err;
206
207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
208
209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
216 hdr->index = cpu_to_le16(index);
217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
221 ev->opcode = cpu_to_le16(cmd);
222
223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
225 kfree_skb(skb);
226
227 return err;
228 }
229
230 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
231 void *rp, size_t rp_len)
232 {
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
236 int err;
237
238 BT_DBG("sock %p", sk);
239
240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
245
246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
247 hdr->index = cpu_to_le16(index);
248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
249
250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
251 ev->opcode = cpu_to_le16(cmd);
252 ev->status = status;
253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
256
257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
259 kfree_skb(skb);
260
261 return err;
262 }
263
264 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
266 {
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
273
274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
275 sizeof(rp));
276 }
277
278 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
280 {
281 struct mgmt_rp_read_commands *rp;
282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
284 __le16 *opcode;
285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
306 rp_size);
307 kfree(rp);
308
309 return err;
310 }
311
312 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
314 {
315 struct mgmt_rp_read_index_list *rp;
316 struct hci_dev *d;
317 size_t rp_len;
318 u16 count;
319 int err;
320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
326 list_for_each_entry(d, &hci_dev_list, list) {
327 if (d->dev_type == HCI_BREDR)
328 count++;
329 }
330
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
334 read_unlock(&hci_dev_list_lock);
335 return -ENOMEM;
336 }
337
338 count = 0;
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
341 continue;
342
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
350 }
351
352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
355 read_unlock(&hci_dev_list_lock);
356
357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
358 rp_len);
359
360 kfree(rp);
361
362 return err;
363 }
364
365 static u32 get_supported_settings(struct hci_dev *hdev)
366 {
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_PAIRABLE;
371 settings |= MGMT_SETTING_DEBUG_KEYS;
372
373 if (lmp_bredr_capable(hdev)) {
374 settings |= MGMT_SETTING_CONNECTABLE;
375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
377 settings |= MGMT_SETTING_DISCOVERABLE;
378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
385
386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
388 settings |= MGMT_SETTING_SECURE_CONN;
389 }
390
391 if (lmp_le_capable(hdev)) {
392 settings |= MGMT_SETTING_LE;
393 settings |= MGMT_SETTING_ADVERTISING;
394 settings |= MGMT_SETTING_PRIVACY;
395 }
396
397 return settings;
398 }
399
400 static u32 get_current_settings(struct hci_dev *hdev)
401 {
402 u32 settings = 0;
403
404 if (hdev_is_powered(hdev))
405 settings |= MGMT_SETTING_POWERED;
406
407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_CONNECTABLE;
409
410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_DISCOVERABLE;
415
416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
417 settings |= MGMT_SETTING_PAIRABLE;
418
419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_BREDR;
421
422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_LE;
424
425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
426 settings |= MGMT_SETTING_LINK_SECURITY;
427
428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
429 settings |= MGMT_SETTING_SSP;
430
431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
435 settings |= MGMT_SETTING_ADVERTISING;
436
437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
446 return settings;
447 }
448
449 #define PNP_INFO_SVCLASS_ID 0x1200
450
451 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452 {
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491 }
492
493 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494 {
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524 }
525
526 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527 {
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557 }
558
559 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560 {
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569 }
570
571 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572 {
573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
595 }
596
597 static void update_scan_rsp_data(struct hci_request *req)
598 {
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
612 return;
613
614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620 }
621
622 static u8 get_adv_discov_flags(struct hci_dev *hdev)
623 {
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644 }
645
646 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
647 {
648 u8 ad_len = 0, flags = 0;
649
650 flags |= get_adv_discov_flags(hdev);
651
652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
653 flags |= LE_AD_NO_BREDR;
654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
675 return ad_len;
676 }
677
678 static void update_adv_data(struct hci_request *req)
679 {
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
689 len = create_adv_data(hdev, cp.data);
690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701 }
702
703 static void create_eir(struct hci_dev *hdev, u8 *data)
704 {
705 u8 *ptr = data;
706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
723 ptr += (name_len + 2);
724 }
725
726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
731 ptr += 3;
732 }
733
734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
743 ptr += 10;
744 }
745
746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
749 }
750
751 static void update_eir(struct hci_request *req)
752 {
753 struct hci_dev *hdev = req->hdev;
754 struct hci_cp_write_eir cp;
755
756 if (!hdev_is_powered(hdev))
757 return;
758
759 if (!lmp_ext_inq_capable(hdev))
760 return;
761
762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
763 return;
764
765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
766 return;
767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
773 return;
774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
778 }
779
780 static u8 get_service_classes(struct hci_dev *hdev)
781 {
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789 }
790
791 static void update_class(struct hci_request *req)
792 {
793 struct hci_dev *hdev = req->hdev;
794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
798 if (!hdev_is_powered(hdev))
799 return;
800
801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
805 return;
806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
814 if (memcmp(cod, hdev->dev_class, 3) == 0)
815 return;
816
817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
818 }
819
820 static u8 get_adv_type(struct hci_dev *hdev)
821 {
822 struct pending_cmd *cmd;
823 bool connectable;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 connectable = !!cp->val;
832 } else {
833 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
834 }
835
836 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
837 }
838
839 static void enable_advertising(struct hci_request *req)
840 {
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
843 u8 own_addr_type, enable = 0x01;
844 bool require_privacy;
845
846 require_privacy = !test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
847
848 if (hci_update_random_address(req, require_privacy, &own_addr_type) < 0)
849 return;
850
851 memset(&cp, 0, sizeof(cp));
852 cp.min_interval = __constant_cpu_to_le16(0x0800);
853 cp.max_interval = __constant_cpu_to_le16(0x0800);
854 cp.type = get_adv_type(hdev);
855 cp.own_address_type = own_addr_type;
856 cp.channel_map = hdev->le_adv_channel_map;
857
858 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
859
860 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
861 }
862
863 static void disable_advertising(struct hci_request *req)
864 {
865 u8 enable = 0x00;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
868 }
869
870 static void service_cache_off(struct work_struct *work)
871 {
872 struct hci_dev *hdev = container_of(work, struct hci_dev,
873 service_cache.work);
874 struct hci_request req;
875
876 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
877 return;
878
879 hci_req_init(&req, hdev);
880
881 hci_dev_lock(hdev);
882
883 update_eir(&req);
884 update_class(&req);
885
886 hci_dev_unlock(hdev);
887
888 hci_req_run(&req, NULL);
889 }
890
891 static void rpa_expired(struct work_struct *work)
892 {
893 struct hci_dev *hdev = container_of(work, struct hci_dev,
894 rpa_expired.work);
895 struct hci_request req;
896
897 BT_DBG("");
898
899 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
900
901 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
902 hci_conn_num(hdev, LE_LINK) > 0)
903 return;
904
905 /* The generation of a new RPA and programming it into the
906 * controller happens in the enable_advertising() function.
907 */
908
909 hci_req_init(&req, hdev);
910
911 disable_advertising(&req);
912 enable_advertising(&req);
913
914 hci_req_run(&req, NULL);
915 }
916
917 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
918 {
919 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
920 return;
921
922 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
923 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
924
925 /* Non-mgmt controlled devices get this bit set
926 * implicitly so that pairing works for them, however
927 * for mgmt we require user-space to explicitly enable
928 * it
929 */
930 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
931 }
932
933 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
934 void *data, u16 data_len)
935 {
936 struct mgmt_rp_read_info rp;
937
938 BT_DBG("sock %p %s", sk, hdev->name);
939
940 hci_dev_lock(hdev);
941
942 memset(&rp, 0, sizeof(rp));
943
944 bacpy(&rp.bdaddr, &hdev->bdaddr);
945
946 rp.version = hdev->hci_ver;
947 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
948
949 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
950 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
951
952 memcpy(rp.dev_class, hdev->dev_class, 3);
953
954 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
955 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
956
957 hci_dev_unlock(hdev);
958
959 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
960 sizeof(rp));
961 }
962
963 static void mgmt_pending_free(struct pending_cmd *cmd)
964 {
965 sock_put(cmd->sk);
966 kfree(cmd->param);
967 kfree(cmd);
968 }
969
970 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
971 struct hci_dev *hdev, void *data,
972 u16 len)
973 {
974 struct pending_cmd *cmd;
975
976 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
977 if (!cmd)
978 return NULL;
979
980 cmd->opcode = opcode;
981 cmd->index = hdev->id;
982
983 cmd->param = kmalloc(len, GFP_KERNEL);
984 if (!cmd->param) {
985 kfree(cmd);
986 return NULL;
987 }
988
989 if (data)
990 memcpy(cmd->param, data, len);
991
992 cmd->sk = sk;
993 sock_hold(sk);
994
995 list_add(&cmd->list, &hdev->mgmt_pending);
996
997 return cmd;
998 }
999
1000 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1001 void (*cb)(struct pending_cmd *cmd,
1002 void *data),
1003 void *data)
1004 {
1005 struct pending_cmd *cmd, *tmp;
1006
1007 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1008 if (opcode > 0 && cmd->opcode != opcode)
1009 continue;
1010
1011 cb(cmd, data);
1012 }
1013 }
1014
1015 static void mgmt_pending_remove(struct pending_cmd *cmd)
1016 {
1017 list_del(&cmd->list);
1018 mgmt_pending_free(cmd);
1019 }
1020
1021 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1022 {
1023 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1024
1025 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1026 sizeof(settings));
1027 }
1028
1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1030 u16 len)
1031 {
1032 struct mgmt_mode *cp = data;
1033 struct pending_cmd *cmd;
1034 int err;
1035
1036 BT_DBG("request for %s", hdev->name);
1037
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
1042 hci_dev_lock(hdev);
1043
1044 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 MGMT_STATUS_BUSY);
1047 goto failed;
1048 }
1049
1050 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1051 cancel_delayed_work(&hdev->power_off);
1052
1053 if (cp->val) {
1054 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1055 data, len);
1056 err = mgmt_powered(hdev, 1);
1057 goto failed;
1058 }
1059 }
1060
1061 if (!!cp->val == hdev_is_powered(hdev)) {
1062 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1063 goto failed;
1064 }
1065
1066 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1067 if (!cmd) {
1068 err = -ENOMEM;
1069 goto failed;
1070 }
1071
1072 if (cp->val)
1073 queue_work(hdev->req_workqueue, &hdev->power_on);
1074 else
1075 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1076
1077 err = 0;
1078
1079 failed:
1080 hci_dev_unlock(hdev);
1081 return err;
1082 }
1083
1084 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1085 struct sock *skip_sk)
1086 {
1087 struct sk_buff *skb;
1088 struct mgmt_hdr *hdr;
1089
1090 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1091 if (!skb)
1092 return -ENOMEM;
1093
1094 hdr = (void *) skb_put(skb, sizeof(*hdr));
1095 hdr->opcode = cpu_to_le16(event);
1096 if (hdev)
1097 hdr->index = cpu_to_le16(hdev->id);
1098 else
1099 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
1100 hdr->len = cpu_to_le16(data_len);
1101
1102 if (data)
1103 memcpy(skb_put(skb, data_len), data, data_len);
1104
1105 /* Time stamp */
1106 __net_timestamp(skb);
1107
1108 hci_send_to_control(skb, skip_sk);
1109 kfree_skb(skb);
1110
1111 return 0;
1112 }
1113
1114 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1115 {
1116 __le32 ev;
1117
1118 ev = cpu_to_le32(get_current_settings(hdev));
1119
1120 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1121 }
1122
1123 struct cmd_lookup {
1124 struct sock *sk;
1125 struct hci_dev *hdev;
1126 u8 mgmt_status;
1127 };
1128
1129 static void settings_rsp(struct pending_cmd *cmd, void *data)
1130 {
1131 struct cmd_lookup *match = data;
1132
1133 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1134
1135 list_del(&cmd->list);
1136
1137 if (match->sk == NULL) {
1138 match->sk = cmd->sk;
1139 sock_hold(match->sk);
1140 }
1141
1142 mgmt_pending_free(cmd);
1143 }
1144
1145 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1146 {
1147 u8 *status = data;
1148
1149 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1150 mgmt_pending_remove(cmd);
1151 }
1152
1153 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1154 {
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1158 return MGMT_STATUS_REJECTED;
1159 else
1160 return MGMT_STATUS_SUCCESS;
1161 }
1162
1163 static u8 mgmt_le_support(struct hci_dev *hdev)
1164 {
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1168 return MGMT_STATUS_REJECTED;
1169 else
1170 return MGMT_STATUS_SUCCESS;
1171 }
1172
1173 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1174 {
1175 struct pending_cmd *cmd;
1176 struct mgmt_mode *cp;
1177 struct hci_request req;
1178 bool changed;
1179
1180 BT_DBG("status 0x%02x", status);
1181
1182 hci_dev_lock(hdev);
1183
1184 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1185 if (!cmd)
1186 goto unlock;
1187
1188 if (status) {
1189 u8 mgmt_err = mgmt_status(status);
1190 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1191 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1192 goto remove_cmd;
1193 }
1194
1195 cp = cmd->param;
1196 if (cp->val) {
1197 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1198 &hdev->dev_flags);
1199
1200 if (hdev->discov_timeout > 0) {
1201 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1202 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1203 to);
1204 }
1205 } else {
1206 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1207 &hdev->dev_flags);
1208 }
1209
1210 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1211
1212 if (changed)
1213 new_settings(hdev, cmd->sk);
1214
1215 /* When the discoverable mode gets changed, make sure
1216 * that class of device has the limited discoverable
1217 * bit correctly set.
1218 */
1219 hci_req_init(&req, hdev);
1220 update_class(&req);
1221 hci_req_run(&req, NULL);
1222
1223 remove_cmd:
1224 mgmt_pending_remove(cmd);
1225
1226 unlock:
1227 hci_dev_unlock(hdev);
1228 }
1229
1230 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1231 u16 len)
1232 {
1233 struct mgmt_cp_set_discoverable *cp = data;
1234 struct pending_cmd *cmd;
1235 struct hci_request req;
1236 u16 timeout;
1237 u8 scan;
1238 int err;
1239
1240 BT_DBG("request for %s", hdev->name);
1241
1242 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1243 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1244 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1245 MGMT_STATUS_REJECTED);
1246
1247 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1249 MGMT_STATUS_INVALID_PARAMS);
1250
1251 timeout = __le16_to_cpu(cp->timeout);
1252
1253 /* Disabling discoverable requires that no timeout is set,
1254 * and enabling limited discoverable requires a timeout.
1255 */
1256 if ((cp->val == 0x00 && timeout > 0) ||
1257 (cp->val == 0x02 && timeout == 0))
1258 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1259 MGMT_STATUS_INVALID_PARAMS);
1260
1261 hci_dev_lock(hdev);
1262
1263 if (!hdev_is_powered(hdev) && timeout > 0) {
1264 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1265 MGMT_STATUS_NOT_POWERED);
1266 goto failed;
1267 }
1268
1269 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1270 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1272 MGMT_STATUS_BUSY);
1273 goto failed;
1274 }
1275
1276 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1277 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1278 MGMT_STATUS_REJECTED);
1279 goto failed;
1280 }
1281
1282 if (!hdev_is_powered(hdev)) {
1283 bool changed = false;
1284
1285 /* Setting limited discoverable when powered off is
1286 * not a valid operation since it requires a timeout
1287 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1288 */
1289 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1290 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1291 changed = true;
1292 }
1293
1294 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1295 if (err < 0)
1296 goto failed;
1297
1298 if (changed)
1299 err = new_settings(hdev, sk);
1300
1301 goto failed;
1302 }
1303
1304 /* If the current mode is the same, then just update the timeout
1305 * value with the new value. And if only the timeout gets updated,
1306 * then no need for any HCI transactions.
1307 */
1308 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1309 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1310 &hdev->dev_flags)) {
1311 cancel_delayed_work(&hdev->discov_off);
1312 hdev->discov_timeout = timeout;
1313
1314 if (cp->val && hdev->discov_timeout > 0) {
1315 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1316 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1317 to);
1318 }
1319
1320 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1321 goto failed;
1322 }
1323
1324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1325 if (!cmd) {
1326 err = -ENOMEM;
1327 goto failed;
1328 }
1329
1330 /* Cancel any potential discoverable timeout that might be
1331 * still active and store new timeout value. The arming of
1332 * the timeout happens in the complete handler.
1333 */
1334 cancel_delayed_work(&hdev->discov_off);
1335 hdev->discov_timeout = timeout;
1336
1337 /* Limited discoverable mode */
1338 if (cp->val == 0x02)
1339 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1340 else
1341 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1342
1343 hci_req_init(&req, hdev);
1344
1345 /* The procedure for LE-only controllers is much simpler - just
1346 * update the advertising data.
1347 */
1348 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1349 goto update_ad;
1350
1351 scan = SCAN_PAGE;
1352
1353 if (cp->val) {
1354 struct hci_cp_write_current_iac_lap hci_cp;
1355
1356 if (cp->val == 0x02) {
1357 /* Limited discoverable mode */
1358 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1359 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1360 hci_cp.iac_lap[1] = 0x8b;
1361 hci_cp.iac_lap[2] = 0x9e;
1362 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1363 hci_cp.iac_lap[4] = 0x8b;
1364 hci_cp.iac_lap[5] = 0x9e;
1365 } else {
1366 /* General discoverable mode */
1367 hci_cp.num_iac = 1;
1368 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1369 hci_cp.iac_lap[1] = 0x8b;
1370 hci_cp.iac_lap[2] = 0x9e;
1371 }
1372
1373 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1374 (hci_cp.num_iac * 3) + 1, &hci_cp);
1375
1376 scan |= SCAN_INQUIRY;
1377 } else {
1378 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1379 }
1380
1381 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1382
1383 update_ad:
1384 update_adv_data(&req);
1385
1386 err = hci_req_run(&req, set_discoverable_complete);
1387 if (err < 0)
1388 mgmt_pending_remove(cmd);
1389
1390 failed:
1391 hci_dev_unlock(hdev);
1392 return err;
1393 }
1394
1395 static void write_fast_connectable(struct hci_request *req, bool enable)
1396 {
1397 struct hci_dev *hdev = req->hdev;
1398 struct hci_cp_write_page_scan_activity acp;
1399 u8 type;
1400
1401 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1402 return;
1403
1404 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1405 return;
1406
1407 if (enable) {
1408 type = PAGE_SCAN_TYPE_INTERLACED;
1409
1410 /* 160 msec page scan interval */
1411 acp.interval = __constant_cpu_to_le16(0x0100);
1412 } else {
1413 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1414
1415 /* default 1.28 sec page scan */
1416 acp.interval = __constant_cpu_to_le16(0x0800);
1417 }
1418
1419 acp.window = __constant_cpu_to_le16(0x0012);
1420
1421 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1422 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1423 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1424 sizeof(acp), &acp);
1425
1426 if (hdev->page_scan_type != type)
1427 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1428 }
1429
1430 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1431 {
1432 struct pending_cmd *cmd;
1433 struct mgmt_mode *cp;
1434 bool changed;
1435
1436 BT_DBG("status 0x%02x", status);
1437
1438 hci_dev_lock(hdev);
1439
1440 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1441 if (!cmd)
1442 goto unlock;
1443
1444 if (status) {
1445 u8 mgmt_err = mgmt_status(status);
1446 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1447 goto remove_cmd;
1448 }
1449
1450 cp = cmd->param;
1451 if (cp->val)
1452 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1453 else
1454 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1455
1456 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1457
1458 if (changed)
1459 new_settings(hdev, cmd->sk);
1460
1461 remove_cmd:
1462 mgmt_pending_remove(cmd);
1463
1464 unlock:
1465 hci_dev_unlock(hdev);
1466 }
1467
1468 static int set_connectable_update_settings(struct hci_dev *hdev,
1469 struct sock *sk, u8 val)
1470 {
1471 bool changed = false;
1472 int err;
1473
1474 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1475 changed = true;
1476
1477 if (val) {
1478 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1479 } else {
1480 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1481 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1482 }
1483
1484 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1485 if (err < 0)
1486 return err;
1487
1488 if (changed)
1489 return new_settings(hdev, sk);
1490
1491 return 0;
1492 }
1493
1494 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1495 u16 len)
1496 {
1497 struct mgmt_mode *cp = data;
1498 struct pending_cmd *cmd;
1499 struct hci_request req;
1500 u8 scan;
1501 int err;
1502
1503 BT_DBG("request for %s", hdev->name);
1504
1505 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1506 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1507 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1508 MGMT_STATUS_REJECTED);
1509
1510 if (cp->val != 0x00 && cp->val != 0x01)
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1512 MGMT_STATUS_INVALID_PARAMS);
1513
1514 hci_dev_lock(hdev);
1515
1516 if (!hdev_is_powered(hdev)) {
1517 err = set_connectable_update_settings(hdev, sk, cp->val);
1518 goto failed;
1519 }
1520
1521 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1522 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1523 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1524 MGMT_STATUS_BUSY);
1525 goto failed;
1526 }
1527
1528 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1529 if (!cmd) {
1530 err = -ENOMEM;
1531 goto failed;
1532 }
1533
1534 hci_req_init(&req, hdev);
1535
1536 /* If BR/EDR is not enabled and we disable advertising as a
1537 * by-product of disabling connectable, we need to update the
1538 * advertising flags.
1539 */
1540 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1541 if (!cp->val) {
1542 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1543 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1544 }
1545 update_adv_data(&req);
1546 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1547 if (cp->val) {
1548 scan = SCAN_PAGE;
1549 } else {
1550 scan = 0;
1551
1552 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1553 hdev->discov_timeout > 0)
1554 cancel_delayed_work(&hdev->discov_off);
1555 }
1556
1557 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1558 }
1559
1560 /* If we're going from non-connectable to connectable or
1561 * vice-versa when fast connectable is enabled ensure that fast
1562 * connectable gets disabled. write_fast_connectable won't do
1563 * anything if the page scan parameters are already what they
1564 * should be.
1565 */
1566 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1567 write_fast_connectable(&req, false);
1568
1569 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1570 hci_conn_num(hdev, LE_LINK) == 0) {
1571 disable_advertising(&req);
1572 enable_advertising(&req);
1573 }
1574
1575 err = hci_req_run(&req, set_connectable_complete);
1576 if (err < 0) {
1577 mgmt_pending_remove(cmd);
1578 if (err == -ENODATA)
1579 err = set_connectable_update_settings(hdev, sk,
1580 cp->val);
1581 goto failed;
1582 }
1583
1584 failed:
1585 hci_dev_unlock(hdev);
1586 return err;
1587 }
1588
1589 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1590 u16 len)
1591 {
1592 struct mgmt_mode *cp = data;
1593 bool changed;
1594 int err;
1595
1596 BT_DBG("request for %s", hdev->name);
1597
1598 if (cp->val != 0x00 && cp->val != 0x01)
1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
1602 hci_dev_lock(hdev);
1603
1604 if (cp->val)
1605 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1606 else
1607 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1608
1609 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1610 if (err < 0)
1611 goto unlock;
1612
1613 if (changed)
1614 err = new_settings(hdev, sk);
1615
1616 unlock:
1617 hci_dev_unlock(hdev);
1618 return err;
1619 }
1620
1621 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1622 u16 len)
1623 {
1624 struct mgmt_mode *cp = data;
1625 struct pending_cmd *cmd;
1626 u8 val, status;
1627 int err;
1628
1629 BT_DBG("request for %s", hdev->name);
1630
1631 status = mgmt_bredr_support(hdev);
1632 if (status)
1633 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1634 status);
1635
1636 if (cp->val != 0x00 && cp->val != 0x01)
1637 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1638 MGMT_STATUS_INVALID_PARAMS);
1639
1640 hci_dev_lock(hdev);
1641
1642 if (!hdev_is_powered(hdev)) {
1643 bool changed = false;
1644
1645 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1646 &hdev->dev_flags)) {
1647 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1648 changed = true;
1649 }
1650
1651 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1652 if (err < 0)
1653 goto failed;
1654
1655 if (changed)
1656 err = new_settings(hdev, sk);
1657
1658 goto failed;
1659 }
1660
1661 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1662 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1663 MGMT_STATUS_BUSY);
1664 goto failed;
1665 }
1666
1667 val = !!cp->val;
1668
1669 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1670 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1671 goto failed;
1672 }
1673
1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1675 if (!cmd) {
1676 err = -ENOMEM;
1677 goto failed;
1678 }
1679
1680 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1681 if (err < 0) {
1682 mgmt_pending_remove(cmd);
1683 goto failed;
1684 }
1685
1686 failed:
1687 hci_dev_unlock(hdev);
1688 return err;
1689 }
1690
1691 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1692 {
1693 struct mgmt_mode *cp = data;
1694 struct pending_cmd *cmd;
1695 u8 status;
1696 int err;
1697
1698 BT_DBG("request for %s", hdev->name);
1699
1700 status = mgmt_bredr_support(hdev);
1701 if (status)
1702 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1703
1704 if (!lmp_ssp_capable(hdev))
1705 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1706 MGMT_STATUS_NOT_SUPPORTED);
1707
1708 if (cp->val != 0x00 && cp->val != 0x01)
1709 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1710 MGMT_STATUS_INVALID_PARAMS);
1711
1712 hci_dev_lock(hdev);
1713
1714 if (!hdev_is_powered(hdev)) {
1715 bool changed;
1716
1717 if (cp->val) {
1718 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1719 &hdev->dev_flags);
1720 } else {
1721 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1722 &hdev->dev_flags);
1723 if (!changed)
1724 changed = test_and_clear_bit(HCI_HS_ENABLED,
1725 &hdev->dev_flags);
1726 else
1727 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1728 }
1729
1730 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1731 if (err < 0)
1732 goto failed;
1733
1734 if (changed)
1735 err = new_settings(hdev, sk);
1736
1737 goto failed;
1738 }
1739
1740 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1741 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1742 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1743 MGMT_STATUS_BUSY);
1744 goto failed;
1745 }
1746
1747 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1748 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1749 goto failed;
1750 }
1751
1752 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1753 if (!cmd) {
1754 err = -ENOMEM;
1755 goto failed;
1756 }
1757
1758 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1759 if (err < 0) {
1760 mgmt_pending_remove(cmd);
1761 goto failed;
1762 }
1763
1764 failed:
1765 hci_dev_unlock(hdev);
1766 return err;
1767 }
1768
1769 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1770 {
1771 struct mgmt_mode *cp = data;
1772 bool changed;
1773 u8 status;
1774 int err;
1775
1776 BT_DBG("request for %s", hdev->name);
1777
1778 status = mgmt_bredr_support(hdev);
1779 if (status)
1780 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1781
1782 if (!lmp_ssp_capable(hdev))
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_NOT_SUPPORTED);
1785
1786 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_REJECTED);
1789
1790 if (cp->val != 0x00 && cp->val != 0x01)
1791 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1792 MGMT_STATUS_INVALID_PARAMS);
1793
1794 hci_dev_lock(hdev);
1795
1796 if (cp->val) {
1797 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1798 } else {
1799 if (hdev_is_powered(hdev)) {
1800 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1801 MGMT_STATUS_REJECTED);
1802 goto unlock;
1803 }
1804
1805 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1806 }
1807
1808 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1809 if (err < 0)
1810 goto unlock;
1811
1812 if (changed)
1813 err = new_settings(hdev, sk);
1814
1815 unlock:
1816 hci_dev_unlock(hdev);
1817 return err;
1818 }
1819
1820 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1821 {
1822 struct cmd_lookup match = { NULL, hdev };
1823
1824 if (status) {
1825 u8 mgmt_err = mgmt_status(status);
1826
1827 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1828 &mgmt_err);
1829 return;
1830 }
1831
1832 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1833
1834 new_settings(hdev, match.sk);
1835
1836 if (match.sk)
1837 sock_put(match.sk);
1838
1839 /* Make sure the controller has a good default for
1840 * advertising data. Restrict the update to when LE
1841 * has actually been enabled. During power on, the
1842 * update in powered_update_hci will take care of it.
1843 */
1844 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1845 struct hci_request req;
1846
1847 hci_dev_lock(hdev);
1848
1849 hci_req_init(&req, hdev);
1850 update_adv_data(&req);
1851 update_scan_rsp_data(&req);
1852 hci_req_run(&req, NULL);
1853
1854 hci_dev_unlock(hdev);
1855 }
1856 }
1857
1858 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1859 {
1860 struct mgmt_mode *cp = data;
1861 struct hci_cp_write_le_host_supported hci_cp;
1862 struct pending_cmd *cmd;
1863 struct hci_request req;
1864 int err;
1865 u8 val, enabled;
1866
1867 BT_DBG("request for %s", hdev->name);
1868
1869 if (!lmp_le_capable(hdev))
1870 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1871 MGMT_STATUS_NOT_SUPPORTED);
1872
1873 if (cp->val != 0x00 && cp->val != 0x01)
1874 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1875 MGMT_STATUS_INVALID_PARAMS);
1876
1877 /* LE-only devices do not allow toggling LE on/off */
1878 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1879 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1880 MGMT_STATUS_REJECTED);
1881
1882 hci_dev_lock(hdev);
1883
1884 val = !!cp->val;
1885 enabled = lmp_host_le_capable(hdev);
1886
1887 if (!hdev_is_powered(hdev) || val == enabled) {
1888 bool changed = false;
1889
1890 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1891 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1892 changed = true;
1893 }
1894
1895 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1896 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1897 changed = true;
1898 }
1899
1900 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901 if (err < 0)
1902 goto unlock;
1903
1904 if (changed)
1905 err = new_settings(hdev, sk);
1906
1907 goto unlock;
1908 }
1909
1910 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1911 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1912 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1913 MGMT_STATUS_BUSY);
1914 goto unlock;
1915 }
1916
1917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1918 if (!cmd) {
1919 err = -ENOMEM;
1920 goto unlock;
1921 }
1922
1923 hci_req_init(&req, hdev);
1924
1925 memset(&hci_cp, 0, sizeof(hci_cp));
1926
1927 if (val) {
1928 hci_cp.le = val;
1929 hci_cp.simul = lmp_le_br_capable(hdev);
1930 } else {
1931 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1932 disable_advertising(&req);
1933 }
1934
1935 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1936 &hci_cp);
1937
1938 err = hci_req_run(&req, le_enable_complete);
1939 if (err < 0)
1940 mgmt_pending_remove(cmd);
1941
1942 unlock:
1943 hci_dev_unlock(hdev);
1944 return err;
1945 }
1946
1947 /* This is a helper function to test for pending mgmt commands that can
1948 * cause CoD or EIR HCI commands. We can only allow one such pending
1949 * mgmt command at a time since otherwise we cannot easily track what
1950 * the current values are, will be, and based on that calculate if a new
1951 * HCI command needs to be sent and if yes with what value.
1952 */
1953 static bool pending_eir_or_class(struct hci_dev *hdev)
1954 {
1955 struct pending_cmd *cmd;
1956
1957 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1958 switch (cmd->opcode) {
1959 case MGMT_OP_ADD_UUID:
1960 case MGMT_OP_REMOVE_UUID:
1961 case MGMT_OP_SET_DEV_CLASS:
1962 case MGMT_OP_SET_POWERED:
1963 return true;
1964 }
1965 }
1966
1967 return false;
1968 }
1969
1970 static const u8 bluetooth_base_uuid[] = {
1971 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1972 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1973 };
1974
1975 static u8 get_uuid_size(const u8 *uuid)
1976 {
1977 u32 val;
1978
1979 if (memcmp(uuid, bluetooth_base_uuid, 12))
1980 return 128;
1981
1982 val = get_unaligned_le32(&uuid[12]);
1983 if (val > 0xffff)
1984 return 32;
1985
1986 return 16;
1987 }
1988
1989 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1990 {
1991 struct pending_cmd *cmd;
1992
1993 hci_dev_lock(hdev);
1994
1995 cmd = mgmt_pending_find(mgmt_op, hdev);
1996 if (!cmd)
1997 goto unlock;
1998
1999 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2000 hdev->dev_class, 3);
2001
2002 mgmt_pending_remove(cmd);
2003
2004 unlock:
2005 hci_dev_unlock(hdev);
2006 }
2007
2008 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2009 {
2010 BT_DBG("status 0x%02x", status);
2011
2012 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2013 }
2014
2015 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2016 {
2017 struct mgmt_cp_add_uuid *cp = data;
2018 struct pending_cmd *cmd;
2019 struct hci_request req;
2020 struct bt_uuid *uuid;
2021 int err;
2022
2023 BT_DBG("request for %s", hdev->name);
2024
2025 hci_dev_lock(hdev);
2026
2027 if (pending_eir_or_class(hdev)) {
2028 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2029 MGMT_STATUS_BUSY);
2030 goto failed;
2031 }
2032
2033 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2034 if (!uuid) {
2035 err = -ENOMEM;
2036 goto failed;
2037 }
2038
2039 memcpy(uuid->uuid, cp->uuid, 16);
2040 uuid->svc_hint = cp->svc_hint;
2041 uuid->size = get_uuid_size(cp->uuid);
2042
2043 list_add_tail(&uuid->list, &hdev->uuids);
2044
2045 hci_req_init(&req, hdev);
2046
2047 update_class(&req);
2048 update_eir(&req);
2049
2050 err = hci_req_run(&req, add_uuid_complete);
2051 if (err < 0) {
2052 if (err != -ENODATA)
2053 goto failed;
2054
2055 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2056 hdev->dev_class, 3);
2057 goto failed;
2058 }
2059
2060 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2061 if (!cmd) {
2062 err = -ENOMEM;
2063 goto failed;
2064 }
2065
2066 err = 0;
2067
2068 failed:
2069 hci_dev_unlock(hdev);
2070 return err;
2071 }
2072
2073 static bool enable_service_cache(struct hci_dev *hdev)
2074 {
2075 if (!hdev_is_powered(hdev))
2076 return false;
2077
2078 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2079 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2080 CACHE_TIMEOUT);
2081 return true;
2082 }
2083
2084 return false;
2085 }
2086
2087 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2088 {
2089 BT_DBG("status 0x%02x", status);
2090
2091 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2092 }
2093
2094 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2095 u16 len)
2096 {
2097 struct mgmt_cp_remove_uuid *cp = data;
2098 struct pending_cmd *cmd;
2099 struct bt_uuid *match, *tmp;
2100 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2101 struct hci_request req;
2102 int err, found;
2103
2104 BT_DBG("request for %s", hdev->name);
2105
2106 hci_dev_lock(hdev);
2107
2108 if (pending_eir_or_class(hdev)) {
2109 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2110 MGMT_STATUS_BUSY);
2111 goto unlock;
2112 }
2113
2114 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2115 hci_uuids_clear(hdev);
2116
2117 if (enable_service_cache(hdev)) {
2118 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2119 0, hdev->dev_class, 3);
2120 goto unlock;
2121 }
2122
2123 goto update_class;
2124 }
2125
2126 found = 0;
2127
2128 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2129 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2130 continue;
2131
2132 list_del(&match->list);
2133 kfree(match);
2134 found++;
2135 }
2136
2137 if (found == 0) {
2138 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_INVALID_PARAMS);
2140 goto unlock;
2141 }
2142
2143 update_class:
2144 hci_req_init(&req, hdev);
2145
2146 update_class(&req);
2147 update_eir(&req);
2148
2149 err = hci_req_run(&req, remove_uuid_complete);
2150 if (err < 0) {
2151 if (err != -ENODATA)
2152 goto unlock;
2153
2154 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2155 hdev->dev_class, 3);
2156 goto unlock;
2157 }
2158
2159 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2160 if (!cmd) {
2161 err = -ENOMEM;
2162 goto unlock;
2163 }
2164
2165 err = 0;
2166
2167 unlock:
2168 hci_dev_unlock(hdev);
2169 return err;
2170 }
2171
2172 static void set_class_complete(struct hci_dev *hdev, u8 status)
2173 {
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2177 }
2178
2179 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2180 u16 len)
2181 {
2182 struct mgmt_cp_set_dev_class *cp = data;
2183 struct pending_cmd *cmd;
2184 struct hci_request req;
2185 int err;
2186
2187 BT_DBG("request for %s", hdev->name);
2188
2189 if (!lmp_bredr_capable(hdev))
2190 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2191 MGMT_STATUS_NOT_SUPPORTED);
2192
2193 hci_dev_lock(hdev);
2194
2195 if (pending_eir_or_class(hdev)) {
2196 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2197 MGMT_STATUS_BUSY);
2198 goto unlock;
2199 }
2200
2201 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2202 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2203 MGMT_STATUS_INVALID_PARAMS);
2204 goto unlock;
2205 }
2206
2207 hdev->major_class = cp->major;
2208 hdev->minor_class = cp->minor;
2209
2210 if (!hdev_is_powered(hdev)) {
2211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2212 hdev->dev_class, 3);
2213 goto unlock;
2214 }
2215
2216 hci_req_init(&req, hdev);
2217
2218 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2219 hci_dev_unlock(hdev);
2220 cancel_delayed_work_sync(&hdev->service_cache);
2221 hci_dev_lock(hdev);
2222 update_eir(&req);
2223 }
2224
2225 update_class(&req);
2226
2227 err = hci_req_run(&req, set_class_complete);
2228 if (err < 0) {
2229 if (err != -ENODATA)
2230 goto unlock;
2231
2232 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2233 hdev->dev_class, 3);
2234 goto unlock;
2235 }
2236
2237 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2238 if (!cmd) {
2239 err = -ENOMEM;
2240 goto unlock;
2241 }
2242
2243 err = 0;
2244
2245 unlock:
2246 hci_dev_unlock(hdev);
2247 return err;
2248 }
2249
2250 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2251 u16 len)
2252 {
2253 struct mgmt_cp_load_link_keys *cp = data;
2254 u16 key_count, expected_len;
2255 bool changed;
2256 int i;
2257
2258 BT_DBG("request for %s", hdev->name);
2259
2260 if (!lmp_bredr_capable(hdev))
2261 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2262 MGMT_STATUS_NOT_SUPPORTED);
2263
2264 key_count = __le16_to_cpu(cp->key_count);
2265
2266 expected_len = sizeof(*cp) + key_count *
2267 sizeof(struct mgmt_link_key_info);
2268 if (expected_len != len) {
2269 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2270 len, expected_len);
2271 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2272 MGMT_STATUS_INVALID_PARAMS);
2273 }
2274
2275 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2276 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2277 MGMT_STATUS_INVALID_PARAMS);
2278
2279 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2280 key_count);
2281
2282 for (i = 0; i < key_count; i++) {
2283 struct mgmt_link_key_info *key = &cp->keys[i];
2284
2285 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2286 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2287 MGMT_STATUS_INVALID_PARAMS);
2288 }
2289
2290 hci_dev_lock(hdev);
2291
2292 hci_link_keys_clear(hdev);
2293
2294 if (cp->debug_keys)
2295 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2296 else
2297 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2298
2299 if (changed)
2300 new_settings(hdev, NULL);
2301
2302 for (i = 0; i < key_count; i++) {
2303 struct mgmt_link_key_info *key = &cp->keys[i];
2304
2305 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2306 key->type, key->pin_len);
2307 }
2308
2309 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2310
2311 hci_dev_unlock(hdev);
2312
2313 return 0;
2314 }
2315
2316 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2317 u8 addr_type, struct sock *skip_sk)
2318 {
2319 struct mgmt_ev_device_unpaired ev;
2320
2321 bacpy(&ev.addr.bdaddr, bdaddr);
2322 ev.addr.type = addr_type;
2323
2324 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2325 skip_sk);
2326 }
2327
2328 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2329 u16 len)
2330 {
2331 struct mgmt_cp_unpair_device *cp = data;
2332 struct mgmt_rp_unpair_device rp;
2333 struct hci_cp_disconnect dc;
2334 struct pending_cmd *cmd;
2335 struct hci_conn *conn;
2336 int err;
2337
2338 memset(&rp, 0, sizeof(rp));
2339 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2340 rp.addr.type = cp->addr.type;
2341
2342 if (!bdaddr_type_is_valid(cp->addr.type))
2343 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2344 MGMT_STATUS_INVALID_PARAMS,
2345 &rp, sizeof(rp));
2346
2347 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2348 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2349 MGMT_STATUS_INVALID_PARAMS,
2350 &rp, sizeof(rp));
2351
2352 hci_dev_lock(hdev);
2353
2354 if (!hdev_is_powered(hdev)) {
2355 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2356 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2357 goto unlock;
2358 }
2359
2360 if (cp->addr.type == BDADDR_BREDR) {
2361 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2362 } else {
2363 u8 addr_type;
2364
2365 if (cp->addr.type == BDADDR_LE_PUBLIC)
2366 addr_type = ADDR_LE_DEV_PUBLIC;
2367 else
2368 addr_type = ADDR_LE_DEV_RANDOM;
2369
2370 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2371
2372 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2373 }
2374
2375 if (err < 0) {
2376 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2377 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2378 goto unlock;
2379 }
2380
2381 if (cp->disconnect) {
2382 if (cp->addr.type == BDADDR_BREDR)
2383 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2384 &cp->addr.bdaddr);
2385 else
2386 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2387 &cp->addr.bdaddr);
2388 } else {
2389 conn = NULL;
2390 }
2391
2392 if (!conn) {
2393 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2394 &rp, sizeof(rp));
2395 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2396 goto unlock;
2397 }
2398
2399 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2400 sizeof(*cp));
2401 if (!cmd) {
2402 err = -ENOMEM;
2403 goto unlock;
2404 }
2405
2406 dc.handle = cpu_to_le16(conn->handle);
2407 dc.reason = 0x13; /* Remote User Terminated Connection */
2408 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2409 if (err < 0)
2410 mgmt_pending_remove(cmd);
2411
2412 unlock:
2413 hci_dev_unlock(hdev);
2414 return err;
2415 }
2416
2417 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2418 u16 len)
2419 {
2420 struct mgmt_cp_disconnect *cp = data;
2421 struct mgmt_rp_disconnect rp;
2422 struct hci_cp_disconnect dc;
2423 struct pending_cmd *cmd;
2424 struct hci_conn *conn;
2425 int err;
2426
2427 BT_DBG("");
2428
2429 memset(&rp, 0, sizeof(rp));
2430 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2431 rp.addr.type = cp->addr.type;
2432
2433 if (!bdaddr_type_is_valid(cp->addr.type))
2434 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2435 MGMT_STATUS_INVALID_PARAMS,
2436 &rp, sizeof(rp));
2437
2438 hci_dev_lock(hdev);
2439
2440 if (!test_bit(HCI_UP, &hdev->flags)) {
2441 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2442 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2443 goto failed;
2444 }
2445
2446 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2447 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2448 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2449 goto failed;
2450 }
2451
2452 if (cp->addr.type == BDADDR_BREDR)
2453 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2454 &cp->addr.bdaddr);
2455 else
2456 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2457
2458 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2459 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2460 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2461 goto failed;
2462 }
2463
2464 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2465 if (!cmd) {
2466 err = -ENOMEM;
2467 goto failed;
2468 }
2469
2470 dc.handle = cpu_to_le16(conn->handle);
2471 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2472
2473 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2474 if (err < 0)
2475 mgmt_pending_remove(cmd);
2476
2477 failed:
2478 hci_dev_unlock(hdev);
2479 return err;
2480 }
2481
2482 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2483 {
2484 switch (link_type) {
2485 case LE_LINK:
2486 switch (addr_type) {
2487 case ADDR_LE_DEV_PUBLIC:
2488 return BDADDR_LE_PUBLIC;
2489
2490 default:
2491 /* Fallback to LE Random address type */
2492 return BDADDR_LE_RANDOM;
2493 }
2494
2495 default:
2496 /* Fallback to BR/EDR type */
2497 return BDADDR_BREDR;
2498 }
2499 }
2500
2501 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2502 u16 data_len)
2503 {
2504 struct mgmt_rp_get_connections *rp;
2505 struct hci_conn *c;
2506 size_t rp_len;
2507 int err;
2508 u16 i;
2509
2510 BT_DBG("");
2511
2512 hci_dev_lock(hdev);
2513
2514 if (!hdev_is_powered(hdev)) {
2515 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2516 MGMT_STATUS_NOT_POWERED);
2517 goto unlock;
2518 }
2519
2520 i = 0;
2521 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2522 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2523 i++;
2524 }
2525
2526 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2527 rp = kmalloc(rp_len, GFP_KERNEL);
2528 if (!rp) {
2529 err = -ENOMEM;
2530 goto unlock;
2531 }
2532
2533 i = 0;
2534 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2535 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2536 continue;
2537 bacpy(&rp->addr[i].bdaddr, &c->dst);
2538 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2539 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2540 continue;
2541 i++;
2542 }
2543
2544 rp->conn_count = cpu_to_le16(i);
2545
2546 /* Recalculate length in case of filtered SCO connections, etc */
2547 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2548
2549 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2550 rp_len);
2551
2552 kfree(rp);
2553
2554 unlock:
2555 hci_dev_unlock(hdev);
2556 return err;
2557 }
2558
2559 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2560 struct mgmt_cp_pin_code_neg_reply *cp)
2561 {
2562 struct pending_cmd *cmd;
2563 int err;
2564
2565 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2566 sizeof(*cp));
2567 if (!cmd)
2568 return -ENOMEM;
2569
2570 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2571 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2572 if (err < 0)
2573 mgmt_pending_remove(cmd);
2574
2575 return err;
2576 }
2577
2578 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2579 u16 len)
2580 {
2581 struct hci_conn *conn;
2582 struct mgmt_cp_pin_code_reply *cp = data;
2583 struct hci_cp_pin_code_reply reply;
2584 struct pending_cmd *cmd;
2585 int err;
2586
2587 BT_DBG("");
2588
2589 hci_dev_lock(hdev);
2590
2591 if (!hdev_is_powered(hdev)) {
2592 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2593 MGMT_STATUS_NOT_POWERED);
2594 goto failed;
2595 }
2596
2597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2598 if (!conn) {
2599 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2600 MGMT_STATUS_NOT_CONNECTED);
2601 goto failed;
2602 }
2603
2604 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2605 struct mgmt_cp_pin_code_neg_reply ncp;
2606
2607 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2608
2609 BT_ERR("PIN code is not 16 bytes long");
2610
2611 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2612 if (err >= 0)
2613 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2614 MGMT_STATUS_INVALID_PARAMS);
2615
2616 goto failed;
2617 }
2618
2619 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2620 if (!cmd) {
2621 err = -ENOMEM;
2622 goto failed;
2623 }
2624
2625 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2626 reply.pin_len = cp->pin_len;
2627 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2628
2629 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2630 if (err < 0)
2631 mgmt_pending_remove(cmd);
2632
2633 failed:
2634 hci_dev_unlock(hdev);
2635 return err;
2636 }
2637
2638 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2639 u16 len)
2640 {
2641 struct mgmt_cp_set_io_capability *cp = data;
2642
2643 BT_DBG("");
2644
2645 hci_dev_lock(hdev);
2646
2647 hdev->io_capability = cp->io_capability;
2648
2649 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2650 hdev->io_capability);
2651
2652 hci_dev_unlock(hdev);
2653
2654 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2655 0);
2656 }
2657
2658 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2659 {
2660 struct hci_dev *hdev = conn->hdev;
2661 struct pending_cmd *cmd;
2662
2663 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2664 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2665 continue;
2666
2667 if (cmd->user_data != conn)
2668 continue;
2669
2670 return cmd;
2671 }
2672
2673 return NULL;
2674 }
2675
2676 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2677 {
2678 struct mgmt_rp_pair_device rp;
2679 struct hci_conn *conn = cmd->user_data;
2680
2681 bacpy(&rp.addr.bdaddr, &conn->dst);
2682 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2683
2684 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2685 &rp, sizeof(rp));
2686
2687 /* So we don't get further callbacks for this connection */
2688 conn->connect_cfm_cb = NULL;
2689 conn->security_cfm_cb = NULL;
2690 conn->disconn_cfm_cb = NULL;
2691
2692 hci_conn_drop(conn);
2693
2694 mgmt_pending_remove(cmd);
2695 }
2696
2697 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2698 {
2699 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2700 struct pending_cmd *cmd;
2701
2702 cmd = find_pairing(conn);
2703 if (cmd)
2704 pairing_complete(cmd, status);
2705 }
2706
2707 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2708 {
2709 struct pending_cmd *cmd;
2710
2711 BT_DBG("status %u", status);
2712
2713 cmd = find_pairing(conn);
2714 if (!cmd)
2715 BT_DBG("Unable to find a pending command");
2716 else
2717 pairing_complete(cmd, mgmt_status(status));
2718 }
2719
2720 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2721 {
2722 struct pending_cmd *cmd;
2723
2724 BT_DBG("status %u", status);
2725
2726 if (!status)
2727 return;
2728
2729 cmd = find_pairing(conn);
2730 if (!cmd)
2731 BT_DBG("Unable to find a pending command");
2732 else
2733 pairing_complete(cmd, mgmt_status(status));
2734 }
2735
2736 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2737 u16 len)
2738 {
2739 struct mgmt_cp_pair_device *cp = data;
2740 struct mgmt_rp_pair_device rp;
2741 struct pending_cmd *cmd;
2742 u8 sec_level, auth_type;
2743 struct hci_conn *conn;
2744 int err;
2745
2746 BT_DBG("");
2747
2748 memset(&rp, 0, sizeof(rp));
2749 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2750 rp.addr.type = cp->addr.type;
2751
2752 if (!bdaddr_type_is_valid(cp->addr.type))
2753 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2754 MGMT_STATUS_INVALID_PARAMS,
2755 &rp, sizeof(rp));
2756
2757 hci_dev_lock(hdev);
2758
2759 if (!hdev_is_powered(hdev)) {
2760 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2761 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2762 goto unlock;
2763 }
2764
2765 sec_level = BT_SECURITY_MEDIUM;
2766 if (cp->io_cap == 0x03)
2767 auth_type = HCI_AT_DEDICATED_BONDING;
2768 else
2769 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2770
2771 if (cp->addr.type == BDADDR_BREDR)
2772 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2773 cp->addr.type, sec_level, auth_type);
2774 else
2775 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2776 cp->addr.type, sec_level, auth_type);
2777
2778 if (IS_ERR(conn)) {
2779 int status;
2780
2781 if (PTR_ERR(conn) == -EBUSY)
2782 status = MGMT_STATUS_BUSY;
2783 else
2784 status = MGMT_STATUS_CONNECT_FAILED;
2785
2786 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2787 status, &rp,
2788 sizeof(rp));
2789 goto unlock;
2790 }
2791
2792 if (conn->connect_cfm_cb) {
2793 hci_conn_drop(conn);
2794 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2795 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2796 goto unlock;
2797 }
2798
2799 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2800 if (!cmd) {
2801 err = -ENOMEM;
2802 hci_conn_drop(conn);
2803 goto unlock;
2804 }
2805
2806 /* For LE, just connecting isn't a proof that the pairing finished */
2807 if (cp->addr.type == BDADDR_BREDR) {
2808 conn->connect_cfm_cb = pairing_complete_cb;
2809 conn->security_cfm_cb = pairing_complete_cb;
2810 conn->disconn_cfm_cb = pairing_complete_cb;
2811 } else {
2812 conn->connect_cfm_cb = le_pairing_complete_cb;
2813 conn->security_cfm_cb = le_pairing_complete_cb;
2814 conn->disconn_cfm_cb = le_pairing_complete_cb;
2815 }
2816
2817 conn->io_capability = cp->io_cap;
2818 cmd->user_data = conn;
2819
2820 if (conn->state == BT_CONNECTED &&
2821 hci_conn_security(conn, sec_level, auth_type))
2822 pairing_complete(cmd, 0);
2823
2824 err = 0;
2825
2826 unlock:
2827 hci_dev_unlock(hdev);
2828 return err;
2829 }
2830
2831 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2832 u16 len)
2833 {
2834 struct mgmt_addr_info *addr = data;
2835 struct pending_cmd *cmd;
2836 struct hci_conn *conn;
2837 int err;
2838
2839 BT_DBG("");
2840
2841 hci_dev_lock(hdev);
2842
2843 if (!hdev_is_powered(hdev)) {
2844 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2845 MGMT_STATUS_NOT_POWERED);
2846 goto unlock;
2847 }
2848
2849 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2850 if (!cmd) {
2851 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2852 MGMT_STATUS_INVALID_PARAMS);
2853 goto unlock;
2854 }
2855
2856 conn = cmd->user_data;
2857
2858 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2859 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2860 MGMT_STATUS_INVALID_PARAMS);
2861 goto unlock;
2862 }
2863
2864 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2865
2866 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2867 addr, sizeof(*addr));
2868 unlock:
2869 hci_dev_unlock(hdev);
2870 return err;
2871 }
2872
2873 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2874 struct mgmt_addr_info *addr, u16 mgmt_op,
2875 u16 hci_op, __le32 passkey)
2876 {
2877 struct pending_cmd *cmd;
2878 struct hci_conn *conn;
2879 int err;
2880
2881 hci_dev_lock(hdev);
2882
2883 if (!hdev_is_powered(hdev)) {
2884 err = cmd_complete(sk, hdev->id, mgmt_op,
2885 MGMT_STATUS_NOT_POWERED, addr,
2886 sizeof(*addr));
2887 goto done;
2888 }
2889
2890 if (addr->type == BDADDR_BREDR)
2891 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2892 else
2893 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2894
2895 if (!conn) {
2896 err = cmd_complete(sk, hdev->id, mgmt_op,
2897 MGMT_STATUS_NOT_CONNECTED, addr,
2898 sizeof(*addr));
2899 goto done;
2900 }
2901
2902 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2903 /* Continue with pairing via SMP */
2904 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2905
2906 if (!err)
2907 err = cmd_complete(sk, hdev->id, mgmt_op,
2908 MGMT_STATUS_SUCCESS, addr,
2909 sizeof(*addr));
2910 else
2911 err = cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_FAILED, addr,
2913 sizeof(*addr));
2914
2915 goto done;
2916 }
2917
2918 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2919 if (!cmd) {
2920 err = -ENOMEM;
2921 goto done;
2922 }
2923
2924 /* Continue with pairing via HCI */
2925 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2926 struct hci_cp_user_passkey_reply cp;
2927
2928 bacpy(&cp.bdaddr, &addr->bdaddr);
2929 cp.passkey = passkey;
2930 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2931 } else
2932 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2933 &addr->bdaddr);
2934
2935 if (err < 0)
2936 mgmt_pending_remove(cmd);
2937
2938 done:
2939 hci_dev_unlock(hdev);
2940 return err;
2941 }
2942
2943 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2944 void *data, u16 len)
2945 {
2946 struct mgmt_cp_pin_code_neg_reply *cp = data;
2947
2948 BT_DBG("");
2949
2950 return user_pairing_resp(sk, hdev, &cp->addr,
2951 MGMT_OP_PIN_CODE_NEG_REPLY,
2952 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2953 }
2954
2955 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2956 u16 len)
2957 {
2958 struct mgmt_cp_user_confirm_reply *cp = data;
2959
2960 BT_DBG("");
2961
2962 if (len != sizeof(*cp))
2963 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2964 MGMT_STATUS_INVALID_PARAMS);
2965
2966 return user_pairing_resp(sk, hdev, &cp->addr,
2967 MGMT_OP_USER_CONFIRM_REPLY,
2968 HCI_OP_USER_CONFIRM_REPLY, 0);
2969 }
2970
2971 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2972 void *data, u16 len)
2973 {
2974 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2975
2976 BT_DBG("");
2977
2978 return user_pairing_resp(sk, hdev, &cp->addr,
2979 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2980 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2981 }
2982
2983 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2984 u16 len)
2985 {
2986 struct mgmt_cp_user_passkey_reply *cp = data;
2987
2988 BT_DBG("");
2989
2990 return user_pairing_resp(sk, hdev, &cp->addr,
2991 MGMT_OP_USER_PASSKEY_REPLY,
2992 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2993 }
2994
2995 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2996 void *data, u16 len)
2997 {
2998 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2999
3000 BT_DBG("");
3001
3002 return user_pairing_resp(sk, hdev, &cp->addr,
3003 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3004 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3005 }
3006
3007 static void update_name(struct hci_request *req)
3008 {
3009 struct hci_dev *hdev = req->hdev;
3010 struct hci_cp_write_local_name cp;
3011
3012 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3013
3014 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3015 }
3016
3017 static void set_name_complete(struct hci_dev *hdev, u8 status)
3018 {
3019 struct mgmt_cp_set_local_name *cp;
3020 struct pending_cmd *cmd;
3021
3022 BT_DBG("status 0x%02x", status);
3023
3024 hci_dev_lock(hdev);
3025
3026 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3027 if (!cmd)
3028 goto unlock;
3029
3030 cp = cmd->param;
3031
3032 if (status)
3033 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3034 mgmt_status(status));
3035 else
3036 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3037 cp, sizeof(*cp));
3038
3039 mgmt_pending_remove(cmd);
3040
3041 unlock:
3042 hci_dev_unlock(hdev);
3043 }
3044
3045 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3046 u16 len)
3047 {
3048 struct mgmt_cp_set_local_name *cp = data;
3049 struct pending_cmd *cmd;
3050 struct hci_request req;
3051 int err;
3052
3053 BT_DBG("");
3054
3055 hci_dev_lock(hdev);
3056
3057 /* If the old values are the same as the new ones just return a
3058 * direct command complete event.
3059 */
3060 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3061 !memcmp(hdev->short_name, cp->short_name,
3062 sizeof(hdev->short_name))) {
3063 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3064 data, len);
3065 goto failed;
3066 }
3067
3068 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3069
3070 if (!hdev_is_powered(hdev)) {
3071 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3072
3073 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3074 data, len);
3075 if (err < 0)
3076 goto failed;
3077
3078 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3079 sk);
3080
3081 goto failed;
3082 }
3083
3084 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3085 if (!cmd) {
3086 err = -ENOMEM;
3087 goto failed;
3088 }
3089
3090 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3091
3092 hci_req_init(&req, hdev);
3093
3094 if (lmp_bredr_capable(hdev)) {
3095 update_name(&req);
3096 update_eir(&req);
3097 }
3098
3099 /* The name is stored in the scan response data and so
3100 * no need to udpate the advertising data here.
3101 */
3102 if (lmp_le_capable(hdev))
3103 update_scan_rsp_data(&req);
3104
3105 err = hci_req_run(&req, set_name_complete);
3106 if (err < 0)
3107 mgmt_pending_remove(cmd);
3108
3109 failed:
3110 hci_dev_unlock(hdev);
3111 return err;
3112 }
3113
3114 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3115 void *data, u16 data_len)
3116 {
3117 struct pending_cmd *cmd;
3118 int err;
3119
3120 BT_DBG("%s", hdev->name);
3121
3122 hci_dev_lock(hdev);
3123
3124 if (!hdev_is_powered(hdev)) {
3125 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3126 MGMT_STATUS_NOT_POWERED);
3127 goto unlock;
3128 }
3129
3130 if (!lmp_ssp_capable(hdev)) {
3131 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3132 MGMT_STATUS_NOT_SUPPORTED);
3133 goto unlock;
3134 }
3135
3136 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3137 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3138 MGMT_STATUS_BUSY);
3139 goto unlock;
3140 }
3141
3142 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3143 if (!cmd) {
3144 err = -ENOMEM;
3145 goto unlock;
3146 }
3147
3148 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3149 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3150 0, NULL);
3151 else
3152 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3153
3154 if (err < 0)
3155 mgmt_pending_remove(cmd);
3156
3157 unlock:
3158 hci_dev_unlock(hdev);
3159 return err;
3160 }
3161
3162 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3163 void *data, u16 len)
3164 {
3165 int err;
3166
3167 BT_DBG("%s ", hdev->name);
3168
3169 hci_dev_lock(hdev);
3170
3171 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3172 struct mgmt_cp_add_remote_oob_data *cp = data;
3173 u8 status;
3174
3175 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3176 cp->hash, cp->randomizer);
3177 if (err < 0)
3178 status = MGMT_STATUS_FAILED;
3179 else
3180 status = MGMT_STATUS_SUCCESS;
3181
3182 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3183 status, &cp->addr, sizeof(cp->addr));
3184 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3185 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3186 u8 status;
3187
3188 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3189 cp->hash192,
3190 cp->randomizer192,
3191 cp->hash256,
3192 cp->randomizer256);
3193 if (err < 0)
3194 status = MGMT_STATUS_FAILED;
3195 else
3196 status = MGMT_STATUS_SUCCESS;
3197
3198 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3199 status, &cp->addr, sizeof(cp->addr));
3200 } else {
3201 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3202 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3203 MGMT_STATUS_INVALID_PARAMS);
3204 }
3205
3206 hci_dev_unlock(hdev);
3207 return err;
3208 }
3209
3210 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3211 void *data, u16 len)
3212 {
3213 struct mgmt_cp_remove_remote_oob_data *cp = data;
3214 u8 status;
3215 int err;
3216
3217 BT_DBG("%s", hdev->name);
3218
3219 hci_dev_lock(hdev);
3220
3221 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3222 if (err < 0)
3223 status = MGMT_STATUS_INVALID_PARAMS;
3224 else
3225 status = MGMT_STATUS_SUCCESS;
3226
3227 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3228 status, &cp->addr, sizeof(cp->addr));
3229
3230 hci_dev_unlock(hdev);
3231 return err;
3232 }
3233
3234 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3235 {
3236 struct pending_cmd *cmd;
3237 u8 type;
3238 int err;
3239
3240 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3241
3242 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3243 if (!cmd)
3244 return -ENOENT;
3245
3246 type = hdev->discovery.type;
3247
3248 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3249 &type, sizeof(type));
3250 mgmt_pending_remove(cmd);
3251
3252 return err;
3253 }
3254
3255 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3256 {
3257 BT_DBG("status %d", status);
3258
3259 if (status) {
3260 hci_dev_lock(hdev);
3261 mgmt_start_discovery_failed(hdev, status);
3262 hci_dev_unlock(hdev);
3263 return;
3264 }
3265
3266 hci_dev_lock(hdev);
3267 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3268 hci_dev_unlock(hdev);
3269
3270 switch (hdev->discovery.type) {
3271 case DISCOV_TYPE_LE:
3272 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3273 DISCOV_LE_TIMEOUT);
3274 break;
3275
3276 case DISCOV_TYPE_INTERLEAVED:
3277 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3278 DISCOV_INTERLEAVED_TIMEOUT);
3279 break;
3280
3281 case DISCOV_TYPE_BREDR:
3282 break;
3283
3284 default:
3285 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3286 }
3287 }
3288
3289 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3290 void *data, u16 len)
3291 {
3292 struct mgmt_cp_start_discovery *cp = data;
3293 struct pending_cmd *cmd;
3294 struct hci_cp_le_set_scan_param param_cp;
3295 struct hci_cp_le_set_scan_enable enable_cp;
3296 struct hci_cp_inquiry inq_cp;
3297 struct hci_request req;
3298 /* General inquiry access code (GIAC) */
3299 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3300 u8 status, own_addr_type;
3301 int err;
3302
3303 BT_DBG("%s", hdev->name);
3304
3305 hci_dev_lock(hdev);
3306
3307 if (!hdev_is_powered(hdev)) {
3308 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3309 MGMT_STATUS_NOT_POWERED);
3310 goto failed;
3311 }
3312
3313 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3314 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3315 MGMT_STATUS_BUSY);
3316 goto failed;
3317 }
3318
3319 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3320 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3321 MGMT_STATUS_BUSY);
3322 goto failed;
3323 }
3324
3325 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3326 if (!cmd) {
3327 err = -ENOMEM;
3328 goto failed;
3329 }
3330
3331 hdev->discovery.type = cp->type;
3332
3333 hci_req_init(&req, hdev);
3334
3335 switch (hdev->discovery.type) {
3336 case DISCOV_TYPE_BREDR:
3337 status = mgmt_bredr_support(hdev);
3338 if (status) {
3339 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3340 status);
3341 mgmt_pending_remove(cmd);
3342 goto failed;
3343 }
3344
3345 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3346 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3347 MGMT_STATUS_BUSY);
3348 mgmt_pending_remove(cmd);
3349 goto failed;
3350 }
3351
3352 hci_inquiry_cache_flush(hdev);
3353
3354 memset(&inq_cp, 0, sizeof(inq_cp));
3355 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3356 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3357 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3358 break;
3359
3360 case DISCOV_TYPE_LE:
3361 case DISCOV_TYPE_INTERLEAVED:
3362 status = mgmt_le_support(hdev);
3363 if (status) {
3364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3365 status);
3366 mgmt_pending_remove(cmd);
3367 goto failed;
3368 }
3369
3370 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3371 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3372 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3373 MGMT_STATUS_NOT_SUPPORTED);
3374 mgmt_pending_remove(cmd);
3375 goto failed;
3376 }
3377
3378 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3379 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3380 MGMT_STATUS_REJECTED);
3381 mgmt_pending_remove(cmd);
3382 goto failed;
3383 }
3384
3385 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3386 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3387 MGMT_STATUS_BUSY);
3388 mgmt_pending_remove(cmd);
3389 goto failed;
3390 }
3391
3392 memset(&param_cp, 0, sizeof(param_cp));
3393
3394 /* All active scans will be done with either a resolvable
3395 * private address (when privacy feature has been enabled)
3396 * or unresolvable private address.
3397 */
3398 err = hci_update_random_address(&req, true, &own_addr_type);
3399 if (err < 0) {
3400 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3401 MGMT_STATUS_FAILED);
3402 mgmt_pending_remove(cmd);
3403 goto failed;
3404 }
3405
3406 param_cp.type = LE_SCAN_ACTIVE;
3407 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3408 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3409 param_cp.own_address_type = own_addr_type;
3410 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3411 &param_cp);
3412
3413 memset(&enable_cp, 0, sizeof(enable_cp));
3414 enable_cp.enable = LE_SCAN_ENABLE;
3415 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3416 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3417 &enable_cp);
3418 break;
3419
3420 default:
3421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3422 MGMT_STATUS_INVALID_PARAMS);
3423 mgmt_pending_remove(cmd);
3424 goto failed;
3425 }
3426
3427 err = hci_req_run(&req, start_discovery_complete);
3428 if (err < 0)
3429 mgmt_pending_remove(cmd);
3430 else
3431 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3432
3433 failed:
3434 hci_dev_unlock(hdev);
3435 return err;
3436 }
3437
3438 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3439 {
3440 struct pending_cmd *cmd;
3441 int err;
3442
3443 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3444 if (!cmd)
3445 return -ENOENT;
3446
3447 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3448 &hdev->discovery.type, sizeof(hdev->discovery.type));
3449 mgmt_pending_remove(cmd);
3450
3451 return err;
3452 }
3453
3454 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3455 {
3456 BT_DBG("status %d", status);
3457
3458 hci_dev_lock(hdev);
3459
3460 if (status) {
3461 mgmt_stop_discovery_failed(hdev, status);
3462 goto unlock;
3463 }
3464
3465 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3466
3467 unlock:
3468 hci_dev_unlock(hdev);
3469 }
3470
3471 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3472 u16 len)
3473 {
3474 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3475 struct pending_cmd *cmd;
3476 struct hci_cp_remote_name_req_cancel cp;
3477 struct inquiry_entry *e;
3478 struct hci_request req;
3479 struct hci_cp_le_set_scan_enable enable_cp;
3480 int err;
3481
3482 BT_DBG("%s", hdev->name);
3483
3484 hci_dev_lock(hdev);
3485
3486 if (!hci_discovery_active(hdev)) {
3487 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3488 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3489 sizeof(mgmt_cp->type));
3490 goto unlock;
3491 }
3492
3493 if (hdev->discovery.type != mgmt_cp->type) {
3494 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3495 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3496 sizeof(mgmt_cp->type));
3497 goto unlock;
3498 }
3499
3500 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3501 if (!cmd) {
3502 err = -ENOMEM;
3503 goto unlock;
3504 }
3505
3506 hci_req_init(&req, hdev);
3507
3508 switch (hdev->discovery.state) {
3509 case DISCOVERY_FINDING:
3510 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3511 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3512 } else {
3513 cancel_delayed_work(&hdev->le_scan_disable);
3514
3515 memset(&enable_cp, 0, sizeof(enable_cp));
3516 enable_cp.enable = LE_SCAN_DISABLE;
3517 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3518 sizeof(enable_cp), &enable_cp);
3519 }
3520
3521 break;
3522
3523 case DISCOVERY_RESOLVING:
3524 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3525 NAME_PENDING);
3526 if (!e) {
3527 mgmt_pending_remove(cmd);
3528 err = cmd_complete(sk, hdev->id,
3529 MGMT_OP_STOP_DISCOVERY, 0,
3530 &mgmt_cp->type,
3531 sizeof(mgmt_cp->type));
3532 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3533 goto unlock;
3534 }
3535
3536 bacpy(&cp.bdaddr, &e->data.bdaddr);
3537 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3538 &cp);
3539
3540 break;
3541
3542 default:
3543 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3544
3545 mgmt_pending_remove(cmd);
3546 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3547 MGMT_STATUS_FAILED, &mgmt_cp->type,
3548 sizeof(mgmt_cp->type));
3549 goto unlock;
3550 }
3551
3552 err = hci_req_run(&req, stop_discovery_complete);
3553 if (err < 0)
3554 mgmt_pending_remove(cmd);
3555 else
3556 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3557
3558 unlock:
3559 hci_dev_unlock(hdev);
3560 return err;
3561 }
3562
3563 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3564 u16 len)
3565 {
3566 struct mgmt_cp_confirm_name *cp = data;
3567 struct inquiry_entry *e;
3568 int err;
3569
3570 BT_DBG("%s", hdev->name);
3571
3572 hci_dev_lock(hdev);
3573
3574 if (!hci_discovery_active(hdev)) {
3575 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3576 MGMT_STATUS_FAILED);
3577 goto failed;
3578 }
3579
3580 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3581 if (!e) {
3582 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3583 MGMT_STATUS_INVALID_PARAMS);
3584 goto failed;
3585 }
3586
3587 if (cp->name_known) {
3588 e->name_state = NAME_KNOWN;
3589 list_del(&e->list);
3590 } else {
3591 e->name_state = NAME_NEEDED;
3592 hci_inquiry_cache_update_resolve(hdev, e);
3593 }
3594
3595 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3596 sizeof(cp->addr));
3597
3598 failed:
3599 hci_dev_unlock(hdev);
3600 return err;
3601 }
3602
3603 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3604 u16 len)
3605 {
3606 struct mgmt_cp_block_device *cp = data;
3607 u8 status;
3608 int err;
3609
3610 BT_DBG("%s", hdev->name);
3611
3612 if (!bdaddr_type_is_valid(cp->addr.type))
3613 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3614 MGMT_STATUS_INVALID_PARAMS,
3615 &cp->addr, sizeof(cp->addr));
3616
3617 hci_dev_lock(hdev);
3618
3619 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3620 if (err < 0)
3621 status = MGMT_STATUS_FAILED;
3622 else
3623 status = MGMT_STATUS_SUCCESS;
3624
3625 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3626 &cp->addr, sizeof(cp->addr));
3627
3628 hci_dev_unlock(hdev);
3629
3630 return err;
3631 }
3632
3633 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3634 u16 len)
3635 {
3636 struct mgmt_cp_unblock_device *cp = data;
3637 u8 status;
3638 int err;
3639
3640 BT_DBG("%s", hdev->name);
3641
3642 if (!bdaddr_type_is_valid(cp->addr.type))
3643 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3644 MGMT_STATUS_INVALID_PARAMS,
3645 &cp->addr, sizeof(cp->addr));
3646
3647 hci_dev_lock(hdev);
3648
3649 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3650 if (err < 0)
3651 status = MGMT_STATUS_INVALID_PARAMS;
3652 else
3653 status = MGMT_STATUS_SUCCESS;
3654
3655 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3656 &cp->addr, sizeof(cp->addr));
3657
3658 hci_dev_unlock(hdev);
3659
3660 return err;
3661 }
3662
3663 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3664 u16 len)
3665 {
3666 struct mgmt_cp_set_device_id *cp = data;
3667 struct hci_request req;
3668 int err;
3669 __u16 source;
3670
3671 BT_DBG("%s", hdev->name);
3672
3673 source = __le16_to_cpu(cp->source);
3674
3675 if (source > 0x0002)
3676 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3677 MGMT_STATUS_INVALID_PARAMS);
3678
3679 hci_dev_lock(hdev);
3680
3681 hdev->devid_source = source;
3682 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3683 hdev->devid_product = __le16_to_cpu(cp->product);
3684 hdev->devid_version = __le16_to_cpu(cp->version);
3685
3686 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3687
3688 hci_req_init(&req, hdev);
3689 update_eir(&req);
3690 hci_req_run(&req, NULL);
3691
3692 hci_dev_unlock(hdev);
3693
3694 return err;
3695 }
3696
3697 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3698 {
3699 struct cmd_lookup match = { NULL, hdev };
3700
3701 if (status) {
3702 u8 mgmt_err = mgmt_status(status);
3703
3704 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3705 cmd_status_rsp, &mgmt_err);
3706 return;
3707 }
3708
3709 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3710 &match);
3711
3712 new_settings(hdev, match.sk);
3713
3714 if (match.sk)
3715 sock_put(match.sk);
3716 }
3717
3718 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3719 u16 len)
3720 {
3721 struct mgmt_mode *cp = data;
3722 struct pending_cmd *cmd;
3723 struct hci_request req;
3724 u8 val, enabled, status;
3725 int err;
3726
3727 BT_DBG("request for %s", hdev->name);
3728
3729 status = mgmt_le_support(hdev);
3730 if (status)
3731 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3732 status);
3733
3734 if (cp->val != 0x00 && cp->val != 0x01)
3735 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3736 MGMT_STATUS_INVALID_PARAMS);
3737
3738 hci_dev_lock(hdev);
3739
3740 val = !!cp->val;
3741 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3742
3743 /* The following conditions are ones which mean that we should
3744 * not do any HCI communication but directly send a mgmt
3745 * response to user space (after toggling the flag if
3746 * necessary).
3747 */
3748 if (!hdev_is_powered(hdev) || val == enabled ||
3749 hci_conn_num(hdev, LE_LINK) > 0) {
3750 bool changed = false;
3751
3752 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3753 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3754 changed = true;
3755 }
3756
3757 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3758 if (err < 0)
3759 goto unlock;
3760
3761 if (changed)
3762 err = new_settings(hdev, sk);
3763
3764 goto unlock;
3765 }
3766
3767 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3768 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3769 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3770 MGMT_STATUS_BUSY);
3771 goto unlock;
3772 }
3773
3774 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3775 if (!cmd) {
3776 err = -ENOMEM;
3777 goto unlock;
3778 }
3779
3780 hci_req_init(&req, hdev);
3781
3782 if (val)
3783 enable_advertising(&req);
3784 else
3785 disable_advertising(&req);
3786
3787 err = hci_req_run(&req, set_advertising_complete);
3788 if (err < 0)
3789 mgmt_pending_remove(cmd);
3790
3791 unlock:
3792 hci_dev_unlock(hdev);
3793 return err;
3794 }
3795
3796 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3797 void *data, u16 len)
3798 {
3799 struct mgmt_cp_set_static_address *cp = data;
3800 int err;
3801
3802 BT_DBG("%s", hdev->name);
3803
3804 if (!lmp_le_capable(hdev))
3805 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3806 MGMT_STATUS_NOT_SUPPORTED);
3807
3808 if (hdev_is_powered(hdev))
3809 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3810 MGMT_STATUS_REJECTED);
3811
3812 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3813 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3814 return cmd_status(sk, hdev->id,
3815 MGMT_OP_SET_STATIC_ADDRESS,
3816 MGMT_STATUS_INVALID_PARAMS);
3817
3818 /* Two most significant bits shall be set */
3819 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3820 return cmd_status(sk, hdev->id,
3821 MGMT_OP_SET_STATIC_ADDRESS,
3822 MGMT_STATUS_INVALID_PARAMS);
3823 }
3824
3825 hci_dev_lock(hdev);
3826
3827 bacpy(&hdev->static_addr, &cp->bdaddr);
3828
3829 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3830
3831 hci_dev_unlock(hdev);
3832
3833 return err;
3834 }
3835
3836 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3837 void *data, u16 len)
3838 {
3839 struct mgmt_cp_set_scan_params *cp = data;
3840 __u16 interval, window;
3841 int err;
3842
3843 BT_DBG("%s", hdev->name);
3844
3845 if (!lmp_le_capable(hdev))
3846 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3847 MGMT_STATUS_NOT_SUPPORTED);
3848
3849 interval = __le16_to_cpu(cp->interval);
3850
3851 if (interval < 0x0004 || interval > 0x4000)
3852 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3853 MGMT_STATUS_INVALID_PARAMS);
3854
3855 window = __le16_to_cpu(cp->window);
3856
3857 if (window < 0x0004 || window > 0x4000)
3858 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3859 MGMT_STATUS_INVALID_PARAMS);
3860
3861 if (window > interval)
3862 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3863 MGMT_STATUS_INVALID_PARAMS);
3864
3865 hci_dev_lock(hdev);
3866
3867 hdev->le_scan_interval = interval;
3868 hdev->le_scan_window = window;
3869
3870 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3871
3872 hci_dev_unlock(hdev);
3873
3874 return err;
3875 }
3876
3877 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3878 {
3879 struct pending_cmd *cmd;
3880
3881 BT_DBG("status 0x%02x", status);
3882
3883 hci_dev_lock(hdev);
3884
3885 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3886 if (!cmd)
3887 goto unlock;
3888
3889 if (status) {
3890 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3891 mgmt_status(status));
3892 } else {
3893 struct mgmt_mode *cp = cmd->param;
3894
3895 if (cp->val)
3896 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3897 else
3898 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3899
3900 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3901 new_settings(hdev, cmd->sk);
3902 }
3903
3904 mgmt_pending_remove(cmd);
3905
3906 unlock:
3907 hci_dev_unlock(hdev);
3908 }
3909
3910 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3911 void *data, u16 len)
3912 {
3913 struct mgmt_mode *cp = data;
3914 struct pending_cmd *cmd;
3915 struct hci_request req;
3916 int err;
3917
3918 BT_DBG("%s", hdev->name);
3919
3920 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3921 hdev->hci_ver < BLUETOOTH_VER_1_2)
3922 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3923 MGMT_STATUS_NOT_SUPPORTED);
3924
3925 if (cp->val != 0x00 && cp->val != 0x01)
3926 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3927 MGMT_STATUS_INVALID_PARAMS);
3928
3929 if (!hdev_is_powered(hdev))
3930 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3931 MGMT_STATUS_NOT_POWERED);
3932
3933 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3934 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3935 MGMT_STATUS_REJECTED);
3936
3937 hci_dev_lock(hdev);
3938
3939 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3940 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3941 MGMT_STATUS_BUSY);
3942 goto unlock;
3943 }
3944
3945 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3946 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3947 hdev);
3948 goto unlock;
3949 }
3950
3951 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3952 data, len);
3953 if (!cmd) {
3954 err = -ENOMEM;
3955 goto unlock;
3956 }
3957
3958 hci_req_init(&req, hdev);
3959
3960 write_fast_connectable(&req, cp->val);
3961
3962 err = hci_req_run(&req, fast_connectable_complete);
3963 if (err < 0) {
3964 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3965 MGMT_STATUS_FAILED);
3966 mgmt_pending_remove(cmd);
3967 }
3968
3969 unlock:
3970 hci_dev_unlock(hdev);
3971
3972 return err;
3973 }
3974
3975 static void set_bredr_scan(struct hci_request *req)
3976 {
3977 struct hci_dev *hdev = req->hdev;
3978 u8 scan = 0;
3979
3980 /* Ensure that fast connectable is disabled. This function will
3981 * not do anything if the page scan parameters are already what
3982 * they should be.
3983 */
3984 write_fast_connectable(req, false);
3985
3986 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3987 scan |= SCAN_PAGE;
3988 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3989 scan |= SCAN_INQUIRY;
3990
3991 if (scan)
3992 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3993 }
3994
3995 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3996 {
3997 struct pending_cmd *cmd;
3998
3999 BT_DBG("status 0x%02x", status);
4000
4001 hci_dev_lock(hdev);
4002
4003 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4004 if (!cmd)
4005 goto unlock;
4006
4007 if (status) {
4008 u8 mgmt_err = mgmt_status(status);
4009
4010 /* We need to restore the flag if related HCI commands
4011 * failed.
4012 */
4013 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4014
4015 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4016 } else {
4017 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4018 new_settings(hdev, cmd->sk);
4019 }
4020
4021 mgmt_pending_remove(cmd);
4022
4023 unlock:
4024 hci_dev_unlock(hdev);
4025 }
4026
4027 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4028 {
4029 struct mgmt_mode *cp = data;
4030 struct pending_cmd *cmd;
4031 struct hci_request req;
4032 int err;
4033
4034 BT_DBG("request for %s", hdev->name);
4035
4036 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4037 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4038 MGMT_STATUS_NOT_SUPPORTED);
4039
4040 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4041 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4042 MGMT_STATUS_REJECTED);
4043
4044 if (cp->val != 0x00 && cp->val != 0x01)
4045 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4046 MGMT_STATUS_INVALID_PARAMS);
4047
4048 hci_dev_lock(hdev);
4049
4050 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4051 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4052 goto unlock;
4053 }
4054
4055 if (!hdev_is_powered(hdev)) {
4056 if (!cp->val) {
4057 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4058 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4059 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4060 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4061 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4062 }
4063
4064 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4065
4066 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4067 if (err < 0)
4068 goto unlock;
4069
4070 err = new_settings(hdev, sk);
4071 goto unlock;
4072 }
4073
4074 /* Reject disabling when powered on */
4075 if (!cp->val) {
4076 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4077 MGMT_STATUS_REJECTED);
4078 goto unlock;
4079 }
4080
4081 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4082 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4083 MGMT_STATUS_BUSY);
4084 goto unlock;
4085 }
4086
4087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4088 if (!cmd) {
4089 err = -ENOMEM;
4090 goto unlock;
4091 }
4092
4093 /* We need to flip the bit already here so that update_adv_data
4094 * generates the correct flags.
4095 */
4096 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4097
4098 hci_req_init(&req, hdev);
4099
4100 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 set_bredr_scan(&req);
4102
4103 /* Since only the advertising data flags will change, there
4104 * is no need to update the scan response data.
4105 */
4106 update_adv_data(&req);
4107
4108 err = hci_req_run(&req, set_bredr_complete);
4109 if (err < 0)
4110 mgmt_pending_remove(cmd);
4111
4112 unlock:
4113 hci_dev_unlock(hdev);
4114 return err;
4115 }
4116
4117 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4118 void *data, u16 len)
4119 {
4120 struct mgmt_mode *cp = data;
4121 struct pending_cmd *cmd;
4122 u8 val, status;
4123 int err;
4124
4125 BT_DBG("request for %s", hdev->name);
4126
4127 status = mgmt_bredr_support(hdev);
4128 if (status)
4129 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4130 status);
4131
4132 if (!lmp_sc_capable(hdev) &&
4133 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4134 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4135 MGMT_STATUS_NOT_SUPPORTED);
4136
4137 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4138 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4139 MGMT_STATUS_INVALID_PARAMS);
4140
4141 hci_dev_lock(hdev);
4142
4143 if (!hdev_is_powered(hdev)) {
4144 bool changed;
4145
4146 if (cp->val) {
4147 changed = !test_and_set_bit(HCI_SC_ENABLED,
4148 &hdev->dev_flags);
4149 if (cp->val == 0x02)
4150 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4151 else
4152 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4153 } else {
4154 changed = test_and_clear_bit(HCI_SC_ENABLED,
4155 &hdev->dev_flags);
4156 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4157 }
4158
4159 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4160 if (err < 0)
4161 goto failed;
4162
4163 if (changed)
4164 err = new_settings(hdev, sk);
4165
4166 goto failed;
4167 }
4168
4169 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4170 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4171 MGMT_STATUS_BUSY);
4172 goto failed;
4173 }
4174
4175 val = !!cp->val;
4176
4177 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4178 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4179 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4180 goto failed;
4181 }
4182
4183 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4184 if (!cmd) {
4185 err = -ENOMEM;
4186 goto failed;
4187 }
4188
4189 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4190 if (err < 0) {
4191 mgmt_pending_remove(cmd);
4192 goto failed;
4193 }
4194
4195 if (cp->val == 0x02)
4196 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4197 else
4198 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4199
4200 failed:
4201 hci_dev_unlock(hdev);
4202 return err;
4203 }
4204
4205 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4206 void *data, u16 len)
4207 {
4208 struct mgmt_mode *cp = data;
4209 bool changed;
4210 int err;
4211
4212 BT_DBG("request for %s", hdev->name);
4213
4214 if (cp->val != 0x00 && cp->val != 0x01)
4215 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4216 MGMT_STATUS_INVALID_PARAMS);
4217
4218 hci_dev_lock(hdev);
4219
4220 if (cp->val)
4221 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4222 else
4223 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4224
4225 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4226 if (err < 0)
4227 goto unlock;
4228
4229 if (changed)
4230 err = new_settings(hdev, sk);
4231
4232 unlock:
4233 hci_dev_unlock(hdev);
4234 return err;
4235 }
4236
4237 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4238 u16 len)
4239 {
4240 struct mgmt_cp_set_privacy *cp = cp_data;
4241 bool changed;
4242 int err;
4243
4244 BT_DBG("request for %s", hdev->name);
4245
4246 if (!lmp_le_capable(hdev))
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4248 MGMT_STATUS_NOT_SUPPORTED);
4249
4250 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4252 MGMT_STATUS_INVALID_PARAMS);
4253
4254 if (hdev_is_powered(hdev))
4255 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4256 MGMT_STATUS_REJECTED);
4257
4258 hci_dev_lock(hdev);
4259
4260 if (cp->privacy) {
4261 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4262 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4263 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4264 } else {
4265 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4266 memset(hdev->irk, 0, sizeof(hdev->irk));
4267 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4268 }
4269
4270 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4271 if (err < 0)
4272 goto unlock;
4273
4274 if (changed)
4275 err = new_settings(hdev, sk);
4276
4277 unlock:
4278 hci_dev_unlock(hdev);
4279 return err;
4280 }
4281
4282 static bool irk_is_valid(struct mgmt_irk_info *irk)
4283 {
4284 switch (irk->addr.type) {
4285 case BDADDR_LE_PUBLIC:
4286 return true;
4287
4288 case BDADDR_LE_RANDOM:
4289 /* Two most significant bits shall be set */
4290 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4291 return false;
4292 return true;
4293 }
4294
4295 return false;
4296 }
4297
4298 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4299 u16 len)
4300 {
4301 struct mgmt_cp_load_irks *cp = cp_data;
4302 u16 irk_count, expected_len;
4303 int i, err;
4304
4305 BT_DBG("request for %s", hdev->name);
4306
4307 if (!lmp_le_capable(hdev))
4308 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4309 MGMT_STATUS_NOT_SUPPORTED);
4310
4311 irk_count = __le16_to_cpu(cp->irk_count);
4312
4313 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4314 if (expected_len != len) {
4315 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4316 len, expected_len);
4317 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4318 MGMT_STATUS_INVALID_PARAMS);
4319 }
4320
4321 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4322
4323 for (i = 0; i < irk_count; i++) {
4324 struct mgmt_irk_info *key = &cp->irks[i];
4325
4326 if (!irk_is_valid(key))
4327 return cmd_status(sk, hdev->id,
4328 MGMT_OP_LOAD_IRKS,
4329 MGMT_STATUS_INVALID_PARAMS);
4330 }
4331
4332 hci_dev_lock(hdev);
4333
4334 hci_smp_irks_clear(hdev);
4335
4336 for (i = 0; i < irk_count; i++) {
4337 struct mgmt_irk_info *irk = &cp->irks[i];
4338 u8 addr_type;
4339
4340 if (irk->addr.type == BDADDR_LE_PUBLIC)
4341 addr_type = ADDR_LE_DEV_PUBLIC;
4342 else
4343 addr_type = ADDR_LE_DEV_RANDOM;
4344
4345 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4346 BDADDR_ANY);
4347 }
4348
4349 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4350
4351 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4352
4353 hci_dev_unlock(hdev);
4354
4355 return err;
4356 }
4357
4358 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4359 {
4360 if (key->master != 0x00 && key->master != 0x01)
4361 return false;
4362
4363 switch (key->addr.type) {
4364 case BDADDR_LE_PUBLIC:
4365 return true;
4366
4367 case BDADDR_LE_RANDOM:
4368 /* Two most significant bits shall be set */
4369 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4370 return false;
4371 return true;
4372 }
4373
4374 return false;
4375 }
4376
4377 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4378 void *cp_data, u16 len)
4379 {
4380 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4381 u16 key_count, expected_len;
4382 int i, err;
4383
4384 BT_DBG("request for %s", hdev->name);
4385
4386 if (!lmp_le_capable(hdev))
4387 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4388 MGMT_STATUS_NOT_SUPPORTED);
4389
4390 key_count = __le16_to_cpu(cp->key_count);
4391
4392 expected_len = sizeof(*cp) + key_count *
4393 sizeof(struct mgmt_ltk_info);
4394 if (expected_len != len) {
4395 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4396 len, expected_len);
4397 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4398 MGMT_STATUS_INVALID_PARAMS);
4399 }
4400
4401 BT_DBG("%s key_count %u", hdev->name, key_count);
4402
4403 for (i = 0; i < key_count; i++) {
4404 struct mgmt_ltk_info *key = &cp->keys[i];
4405
4406 if (!ltk_is_valid(key))
4407 return cmd_status(sk, hdev->id,
4408 MGMT_OP_LOAD_LONG_TERM_KEYS,
4409 MGMT_STATUS_INVALID_PARAMS);
4410 }
4411
4412 hci_dev_lock(hdev);
4413
4414 hci_smp_ltks_clear(hdev);
4415
4416 for (i = 0; i < key_count; i++) {
4417 struct mgmt_ltk_info *key = &cp->keys[i];
4418 u8 type, addr_type;
4419
4420 if (key->addr.type == BDADDR_LE_PUBLIC)
4421 addr_type = ADDR_LE_DEV_PUBLIC;
4422 else
4423 addr_type = ADDR_LE_DEV_RANDOM;
4424
4425 if (key->master)
4426 type = HCI_SMP_LTK;
4427 else
4428 type = HCI_SMP_LTK_SLAVE;
4429
4430 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4431 key->type, key->val, key->enc_size, key->ediv,
4432 key->rand);
4433 }
4434
4435 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4436 NULL, 0);
4437
4438 hci_dev_unlock(hdev);
4439
4440 return err;
4441 }
4442
4443 static const struct mgmt_handler {
4444 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4445 u16 data_len);
4446 bool var_len;
4447 size_t data_len;
4448 } mgmt_handlers[] = {
4449 { NULL }, /* 0x0000 (no command) */
4450 { read_version, false, MGMT_READ_VERSION_SIZE },
4451 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4452 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4453 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4454 { set_powered, false, MGMT_SETTING_SIZE },
4455 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4456 { set_connectable, false, MGMT_SETTING_SIZE },
4457 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4458 { set_pairable, false, MGMT_SETTING_SIZE },
4459 { set_link_security, false, MGMT_SETTING_SIZE },
4460 { set_ssp, false, MGMT_SETTING_SIZE },
4461 { set_hs, false, MGMT_SETTING_SIZE },
4462 { set_le, false, MGMT_SETTING_SIZE },
4463 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4464 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4465 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4466 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4467 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4468 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4469 { disconnect, false, MGMT_DISCONNECT_SIZE },
4470 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4471 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4472 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4473 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4474 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4475 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4476 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4477 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4478 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4479 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4480 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4481 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4482 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4483 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4484 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4485 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4486 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4487 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4488 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4489 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4490 { set_advertising, false, MGMT_SETTING_SIZE },
4491 { set_bredr, false, MGMT_SETTING_SIZE },
4492 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4493 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4494 { set_secure_conn, false, MGMT_SETTING_SIZE },
4495 { set_debug_keys, false, MGMT_SETTING_SIZE },
4496 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4497 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4498 };
4499
4500
4501 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4502 {
4503 void *buf;
4504 u8 *cp;
4505 struct mgmt_hdr *hdr;
4506 u16 opcode, index, len;
4507 struct hci_dev *hdev = NULL;
4508 const struct mgmt_handler *handler;
4509 int err;
4510
4511 BT_DBG("got %zu bytes", msglen);
4512
4513 if (msglen < sizeof(*hdr))
4514 return -EINVAL;
4515
4516 buf = kmalloc(msglen, GFP_KERNEL);
4517 if (!buf)
4518 return -ENOMEM;
4519
4520 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4521 err = -EFAULT;
4522 goto done;
4523 }
4524
4525 hdr = buf;
4526 opcode = __le16_to_cpu(hdr->opcode);
4527 index = __le16_to_cpu(hdr->index);
4528 len = __le16_to_cpu(hdr->len);
4529
4530 if (len != msglen - sizeof(*hdr)) {
4531 err = -EINVAL;
4532 goto done;
4533 }
4534
4535 if (index != MGMT_INDEX_NONE) {
4536 hdev = hci_dev_get(index);
4537 if (!hdev) {
4538 err = cmd_status(sk, index, opcode,
4539 MGMT_STATUS_INVALID_INDEX);
4540 goto done;
4541 }
4542
4543 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4544 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4545 err = cmd_status(sk, index, opcode,
4546 MGMT_STATUS_INVALID_INDEX);
4547 goto done;
4548 }
4549 }
4550
4551 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4552 mgmt_handlers[opcode].func == NULL) {
4553 BT_DBG("Unknown op %u", opcode);
4554 err = cmd_status(sk, index, opcode,
4555 MGMT_STATUS_UNKNOWN_COMMAND);
4556 goto done;
4557 }
4558
4559 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4560 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4561 err = cmd_status(sk, index, opcode,
4562 MGMT_STATUS_INVALID_INDEX);
4563 goto done;
4564 }
4565
4566 handler = &mgmt_handlers[opcode];
4567
4568 if ((handler->var_len && len < handler->data_len) ||
4569 (!handler->var_len && len != handler->data_len)) {
4570 err = cmd_status(sk, index, opcode,
4571 MGMT_STATUS_INVALID_PARAMS);
4572 goto done;
4573 }
4574
4575 if (hdev)
4576 mgmt_init_hdev(sk, hdev);
4577
4578 cp = buf + sizeof(*hdr);
4579
4580 err = handler->func(sk, hdev, cp, len);
4581 if (err < 0)
4582 goto done;
4583
4584 err = msglen;
4585
4586 done:
4587 if (hdev)
4588 hci_dev_put(hdev);
4589
4590 kfree(buf);
4591 return err;
4592 }
4593
4594 void mgmt_index_added(struct hci_dev *hdev)
4595 {
4596 if (hdev->dev_type != HCI_BREDR)
4597 return;
4598
4599 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4600 }
4601
4602 void mgmt_index_removed(struct hci_dev *hdev)
4603 {
4604 u8 status = MGMT_STATUS_INVALID_INDEX;
4605
4606 if (hdev->dev_type != HCI_BREDR)
4607 return;
4608
4609 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4610
4611 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4612 }
4613
4614 static void powered_complete(struct hci_dev *hdev, u8 status)
4615 {
4616 struct cmd_lookup match = { NULL, hdev };
4617
4618 BT_DBG("status 0x%02x", status);
4619
4620 hci_dev_lock(hdev);
4621
4622 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4623
4624 new_settings(hdev, match.sk);
4625
4626 hci_dev_unlock(hdev);
4627
4628 if (match.sk)
4629 sock_put(match.sk);
4630 }
4631
4632 static int powered_update_hci(struct hci_dev *hdev)
4633 {
4634 struct hci_request req;
4635 u8 link_sec;
4636
4637 hci_req_init(&req, hdev);
4638
4639 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4640 !lmp_host_ssp_capable(hdev)) {
4641 u8 ssp = 1;
4642
4643 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4644 }
4645
4646 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4647 lmp_bredr_capable(hdev)) {
4648 struct hci_cp_write_le_host_supported cp;
4649
4650 cp.le = 1;
4651 cp.simul = lmp_le_br_capable(hdev);
4652
4653 /* Check first if we already have the right
4654 * host state (host features set)
4655 */
4656 if (cp.le != lmp_host_le_capable(hdev) ||
4657 cp.simul != lmp_host_le_br_capable(hdev))
4658 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4659 sizeof(cp), &cp);
4660 }
4661
4662 if (lmp_le_capable(hdev)) {
4663 /* Make sure the controller has a good default for
4664 * advertising data. This also applies to the case
4665 * where BR/EDR was toggled during the AUTO_OFF phase.
4666 */
4667 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4668 update_adv_data(&req);
4669 update_scan_rsp_data(&req);
4670 }
4671
4672 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4673 enable_advertising(&req);
4674 }
4675
4676 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4677 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4678 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4679 sizeof(link_sec), &link_sec);
4680
4681 if (lmp_bredr_capable(hdev)) {
4682 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4683 set_bredr_scan(&req);
4684 update_class(&req);
4685 update_name(&req);
4686 update_eir(&req);
4687 }
4688
4689 return hci_req_run(&req, powered_complete);
4690 }
4691
4692 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4693 {
4694 struct cmd_lookup match = { NULL, hdev };
4695 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4696 u8 zero_cod[] = { 0, 0, 0 };
4697 int err;
4698
4699 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4700 return 0;
4701
4702 if (powered) {
4703 if (powered_update_hci(hdev) == 0)
4704 return 0;
4705
4706 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4707 &match);
4708 goto new_settings;
4709 }
4710
4711 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4712 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4713
4714 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4715 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4716 zero_cod, sizeof(zero_cod), NULL);
4717
4718 new_settings:
4719 err = new_settings(hdev, match.sk);
4720
4721 if (match.sk)
4722 sock_put(match.sk);
4723
4724 return err;
4725 }
4726
4727 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4728 {
4729 struct pending_cmd *cmd;
4730 u8 status;
4731
4732 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4733 if (!cmd)
4734 return;
4735
4736 if (err == -ERFKILL)
4737 status = MGMT_STATUS_RFKILLED;
4738 else
4739 status = MGMT_STATUS_FAILED;
4740
4741 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4742
4743 mgmt_pending_remove(cmd);
4744 }
4745
4746 void mgmt_discoverable_timeout(struct hci_dev *hdev)
4747 {
4748 struct hci_request req;
4749
4750 hci_dev_lock(hdev);
4751
4752 /* When discoverable timeout triggers, then just make sure
4753 * the limited discoverable flag is cleared. Even in the case
4754 * of a timeout triggered from general discoverable, it is
4755 * safe to unconditionally clear the flag.
4756 */
4757 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4758 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4759
4760 hci_req_init(&req, hdev);
4761 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4762 u8 scan = SCAN_PAGE;
4763 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4764 sizeof(scan), &scan);
4765 }
4766 update_class(&req);
4767 update_adv_data(&req);
4768 hci_req_run(&req, NULL);
4769
4770 hdev->discov_timeout = 0;
4771
4772 new_settings(hdev, NULL);
4773
4774 hci_dev_unlock(hdev);
4775 }
4776
4777 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4778 {
4779 bool changed;
4780
4781 /* Nothing needed here if there's a pending command since that
4782 * commands request completion callback takes care of everything
4783 * necessary.
4784 */
4785 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4786 return;
4787
4788 if (discoverable) {
4789 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4790 } else {
4791 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4792 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4793 }
4794
4795 if (changed) {
4796 struct hci_request req;
4797
4798 /* In case this change in discoverable was triggered by
4799 * a disabling of connectable there could be a need to
4800 * update the advertising flags.
4801 */
4802 hci_req_init(&req, hdev);
4803 update_adv_data(&req);
4804 hci_req_run(&req, NULL);
4805
4806 new_settings(hdev, NULL);
4807 }
4808 }
4809
4810 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4811 {
4812 bool changed;
4813
4814 /* Nothing needed here if there's a pending command since that
4815 * commands request completion callback takes care of everything
4816 * necessary.
4817 */
4818 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4819 return;
4820
4821 if (connectable)
4822 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4823 else
4824 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4825
4826 if (changed)
4827 new_settings(hdev, NULL);
4828 }
4829
4830 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4831 {
4832 u8 mgmt_err = mgmt_status(status);
4833
4834 if (scan & SCAN_PAGE)
4835 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4836 cmd_status_rsp, &mgmt_err);
4837
4838 if (scan & SCAN_INQUIRY)
4839 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4840 cmd_status_rsp, &mgmt_err);
4841 }
4842
4843 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4844 bool persistent)
4845 {
4846 struct mgmt_ev_new_link_key ev;
4847
4848 memset(&ev, 0, sizeof(ev));
4849
4850 ev.store_hint = persistent;
4851 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4852 ev.key.addr.type = BDADDR_BREDR;
4853 ev.key.type = key->type;
4854 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4855 ev.key.pin_len = key->pin_len;
4856
4857 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4858 }
4859
4860 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
4861 {
4862 struct mgmt_ev_new_long_term_key ev;
4863
4864 memset(&ev, 0, sizeof(ev));
4865
4866 /* Devices using resolvable or non-resolvable random addresses
4867 * without providing an indentity resolving key don't require
4868 * to store long term keys. Their addresses will change the
4869 * next time around.
4870 *
4871 * Only when a remote device provides an identity address
4872 * make sure the long term key is stored. If the remote
4873 * identity is known, the long term keys are internally
4874 * mapped to the identity address. So allow static random
4875 * and public addresses here.
4876 */
4877 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4878 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4879 ev.store_hint = 0x00;
4880 else
4881 ev.store_hint = 0x01;
4882
4883 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4884 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4885 ev.key.type = key->authenticated;
4886 ev.key.enc_size = key->enc_size;
4887 ev.key.ediv = key->ediv;
4888
4889 if (key->type == HCI_SMP_LTK)
4890 ev.key.master = 1;
4891
4892 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4893 memcpy(ev.key.val, key->val, sizeof(key->val));
4894
4895 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
4896 }
4897
4898 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4899 {
4900 struct mgmt_ev_new_irk ev;
4901
4902 memset(&ev, 0, sizeof(ev));
4903
4904 /* For identity resolving keys from devices that are already
4905 * using a public address or static random address, do not
4906 * ask for storing this key. The identity resolving key really
4907 * is only mandatory for devices using resovlable random
4908 * addresses.
4909 *
4910 * Storing all identity resolving keys has the downside that
4911 * they will be also loaded on next boot of they system. More
4912 * identity resolving keys, means more time during scanning is
4913 * needed to actually resolve these addresses.
4914 */
4915 if (bacmp(&irk->rpa, BDADDR_ANY))
4916 ev.store_hint = 0x01;
4917 else
4918 ev.store_hint = 0x00;
4919
4920 bacpy(&ev.rpa, &irk->rpa);
4921 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4922 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4923 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4924
4925 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
4926 }
4927
4928 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4929 u8 data_len)
4930 {
4931 eir[eir_len++] = sizeof(type) + data_len;
4932 eir[eir_len++] = type;
4933 memcpy(&eir[eir_len], data, data_len);
4934 eir_len += data_len;
4935
4936 return eir_len;
4937 }
4938
4939 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4940 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4941 u8 *dev_class)
4942 {
4943 char buf[512];
4944 struct mgmt_ev_device_connected *ev = (void *) buf;
4945 u16 eir_len = 0;
4946
4947 bacpy(&ev->addr.bdaddr, bdaddr);
4948 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4949
4950 ev->flags = __cpu_to_le32(flags);
4951
4952 if (name_len > 0)
4953 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4954 name, name_len);
4955
4956 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4957 eir_len = eir_append_data(ev->eir, eir_len,
4958 EIR_CLASS_OF_DEV, dev_class, 3);
4959
4960 ev->eir_len = cpu_to_le16(eir_len);
4961
4962 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4963 sizeof(*ev) + eir_len, NULL);
4964 }
4965
4966 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4967 {
4968 struct mgmt_cp_disconnect *cp = cmd->param;
4969 struct sock **sk = data;
4970 struct mgmt_rp_disconnect rp;
4971
4972 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4973 rp.addr.type = cp->addr.type;
4974
4975 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4976 sizeof(rp));
4977
4978 *sk = cmd->sk;
4979 sock_hold(*sk);
4980
4981 mgmt_pending_remove(cmd);
4982 }
4983
4984 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4985 {
4986 struct hci_dev *hdev = data;
4987 struct mgmt_cp_unpair_device *cp = cmd->param;
4988 struct mgmt_rp_unpair_device rp;
4989
4990 memset(&rp, 0, sizeof(rp));
4991 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4992 rp.addr.type = cp->addr.type;
4993
4994 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4995
4996 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4997
4998 mgmt_pending_remove(cmd);
4999 }
5000
5001 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5002 u8 link_type, u8 addr_type, u8 reason)
5003 {
5004 struct mgmt_ev_device_disconnected ev;
5005 struct sock *sk = NULL;
5006
5007 if (link_type != ACL_LINK && link_type != LE_LINK)
5008 return;
5009
5010 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
5011
5012 bacpy(&ev.addr.bdaddr, bdaddr);
5013 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5014 ev.reason = reason;
5015
5016 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
5017
5018 if (sk)
5019 sock_put(sk);
5020
5021 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5022 hdev);
5023 }
5024
5025 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5026 u8 link_type, u8 addr_type, u8 status)
5027 {
5028 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5029 struct mgmt_cp_disconnect *cp;
5030 struct mgmt_rp_disconnect rp;
5031 struct pending_cmd *cmd;
5032
5033 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5034 hdev);
5035
5036 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
5037 if (!cmd)
5038 return;
5039
5040 cp = cmd->param;
5041
5042 if (bacmp(bdaddr, &cp->addr.bdaddr))
5043 return;
5044
5045 if (cp->addr.type != bdaddr_type)
5046 return;
5047
5048 bacpy(&rp.addr.bdaddr, bdaddr);
5049 rp.addr.type = bdaddr_type;
5050
5051 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5052 mgmt_status(status), &rp, sizeof(rp));
5053
5054 mgmt_pending_remove(cmd);
5055 }
5056
5057 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5058 u8 addr_type, u8 status)
5059 {
5060 struct mgmt_ev_connect_failed ev;
5061
5062 bacpy(&ev.addr.bdaddr, bdaddr);
5063 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5064 ev.status = mgmt_status(status);
5065
5066 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
5067 }
5068
5069 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
5070 {
5071 struct mgmt_ev_pin_code_request ev;
5072
5073 bacpy(&ev.addr.bdaddr, bdaddr);
5074 ev.addr.type = BDADDR_BREDR;
5075 ev.secure = secure;
5076
5077 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
5078 }
5079
5080 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5081 u8 status)
5082 {
5083 struct pending_cmd *cmd;
5084 struct mgmt_rp_pin_code_reply rp;
5085
5086 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
5087 if (!cmd)
5088 return;
5089
5090 bacpy(&rp.addr.bdaddr, bdaddr);
5091 rp.addr.type = BDADDR_BREDR;
5092
5093 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5094 mgmt_status(status), &rp, sizeof(rp));
5095
5096 mgmt_pending_remove(cmd);
5097 }
5098
5099 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5100 u8 status)
5101 {
5102 struct pending_cmd *cmd;
5103 struct mgmt_rp_pin_code_reply rp;
5104
5105 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
5106 if (!cmd)
5107 return;
5108
5109 bacpy(&rp.addr.bdaddr, bdaddr);
5110 rp.addr.type = BDADDR_BREDR;
5111
5112 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5113 mgmt_status(status), &rp, sizeof(rp));
5114
5115 mgmt_pending_remove(cmd);
5116 }
5117
5118 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5119 u8 link_type, u8 addr_type, __le32 value,
5120 u8 confirm_hint)
5121 {
5122 struct mgmt_ev_user_confirm_request ev;
5123
5124 BT_DBG("%s", hdev->name);
5125
5126 bacpy(&ev.addr.bdaddr, bdaddr);
5127 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5128 ev.confirm_hint = confirm_hint;
5129 ev.value = value;
5130
5131 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
5132 NULL);
5133 }
5134
5135 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5136 u8 link_type, u8 addr_type)
5137 {
5138 struct mgmt_ev_user_passkey_request ev;
5139
5140 BT_DBG("%s", hdev->name);
5141
5142 bacpy(&ev.addr.bdaddr, bdaddr);
5143 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5144
5145 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5146 NULL);
5147 }
5148
5149 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5150 u8 link_type, u8 addr_type, u8 status,
5151 u8 opcode)
5152 {
5153 struct pending_cmd *cmd;
5154 struct mgmt_rp_user_confirm_reply rp;
5155 int err;
5156
5157 cmd = mgmt_pending_find(opcode, hdev);
5158 if (!cmd)
5159 return -ENOENT;
5160
5161 bacpy(&rp.addr.bdaddr, bdaddr);
5162 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5163 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5164 &rp, sizeof(rp));
5165
5166 mgmt_pending_remove(cmd);
5167
5168 return err;
5169 }
5170
5171 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5172 u8 link_type, u8 addr_type, u8 status)
5173 {
5174 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5175 status, MGMT_OP_USER_CONFIRM_REPLY);
5176 }
5177
5178 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5179 u8 link_type, u8 addr_type, u8 status)
5180 {
5181 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5182 status,
5183 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5184 }
5185
5186 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5187 u8 link_type, u8 addr_type, u8 status)
5188 {
5189 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5190 status, MGMT_OP_USER_PASSKEY_REPLY);
5191 }
5192
5193 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5194 u8 link_type, u8 addr_type, u8 status)
5195 {
5196 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5197 status,
5198 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5199 }
5200
5201 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5202 u8 link_type, u8 addr_type, u32 passkey,
5203 u8 entered)
5204 {
5205 struct mgmt_ev_passkey_notify ev;
5206
5207 BT_DBG("%s", hdev->name);
5208
5209 bacpy(&ev.addr.bdaddr, bdaddr);
5210 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5211 ev.passkey = __cpu_to_le32(passkey);
5212 ev.entered = entered;
5213
5214 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5215 }
5216
5217 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5218 u8 addr_type, u8 status)
5219 {
5220 struct mgmt_ev_auth_failed ev;
5221
5222 bacpy(&ev.addr.bdaddr, bdaddr);
5223 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5224 ev.status = mgmt_status(status);
5225
5226 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5227 }
5228
5229 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5230 {
5231 struct cmd_lookup match = { NULL, hdev };
5232 bool changed;
5233
5234 if (status) {
5235 u8 mgmt_err = mgmt_status(status);
5236 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5237 cmd_status_rsp, &mgmt_err);
5238 return;
5239 }
5240
5241 if (test_bit(HCI_AUTH, &hdev->flags))
5242 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5243 &hdev->dev_flags);
5244 else
5245 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5246 &hdev->dev_flags);
5247
5248 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5249 &match);
5250
5251 if (changed)
5252 new_settings(hdev, match.sk);
5253
5254 if (match.sk)
5255 sock_put(match.sk);
5256 }
5257
5258 static void clear_eir(struct hci_request *req)
5259 {
5260 struct hci_dev *hdev = req->hdev;
5261 struct hci_cp_write_eir cp;
5262
5263 if (!lmp_ext_inq_capable(hdev))
5264 return;
5265
5266 memset(hdev->eir, 0, sizeof(hdev->eir));
5267
5268 memset(&cp, 0, sizeof(cp));
5269
5270 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5271 }
5272
5273 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5274 {
5275 struct cmd_lookup match = { NULL, hdev };
5276 struct hci_request req;
5277 bool changed = false;
5278
5279 if (status) {
5280 u8 mgmt_err = mgmt_status(status);
5281
5282 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5283 &hdev->dev_flags)) {
5284 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5285 new_settings(hdev, NULL);
5286 }
5287
5288 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5289 &mgmt_err);
5290 return;
5291 }
5292
5293 if (enable) {
5294 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5295 } else {
5296 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5297 if (!changed)
5298 changed = test_and_clear_bit(HCI_HS_ENABLED,
5299 &hdev->dev_flags);
5300 else
5301 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5302 }
5303
5304 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5305
5306 if (changed)
5307 new_settings(hdev, match.sk);
5308
5309 if (match.sk)
5310 sock_put(match.sk);
5311
5312 hci_req_init(&req, hdev);
5313
5314 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5315 update_eir(&req);
5316 else
5317 clear_eir(&req);
5318
5319 hci_req_run(&req, NULL);
5320 }
5321
5322 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5323 {
5324 struct cmd_lookup match = { NULL, hdev };
5325 bool changed = false;
5326
5327 if (status) {
5328 u8 mgmt_err = mgmt_status(status);
5329
5330 if (enable) {
5331 if (test_and_clear_bit(HCI_SC_ENABLED,
5332 &hdev->dev_flags))
5333 new_settings(hdev, NULL);
5334 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5335 }
5336
5337 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5338 cmd_status_rsp, &mgmt_err);
5339 return;
5340 }
5341
5342 if (enable) {
5343 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5344 } else {
5345 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5346 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5347 }
5348
5349 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5350 settings_rsp, &match);
5351
5352 if (changed)
5353 new_settings(hdev, match.sk);
5354
5355 if (match.sk)
5356 sock_put(match.sk);
5357 }
5358
5359 static void sk_lookup(struct pending_cmd *cmd, void *data)
5360 {
5361 struct cmd_lookup *match = data;
5362
5363 if (match->sk == NULL) {
5364 match->sk = cmd->sk;
5365 sock_hold(match->sk);
5366 }
5367 }
5368
5369 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5370 u8 status)
5371 {
5372 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5373
5374 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5375 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5376 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5377
5378 if (!status)
5379 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5380 NULL);
5381
5382 if (match.sk)
5383 sock_put(match.sk);
5384 }
5385
5386 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5387 {
5388 struct mgmt_cp_set_local_name ev;
5389 struct pending_cmd *cmd;
5390
5391 if (status)
5392 return;
5393
5394 memset(&ev, 0, sizeof(ev));
5395 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5396 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5397
5398 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5399 if (!cmd) {
5400 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5401
5402 /* If this is a HCI command related to powering on the
5403 * HCI dev don't send any mgmt signals.
5404 */
5405 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5406 return;
5407 }
5408
5409 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5410 cmd ? cmd->sk : NULL);
5411 }
5412
5413 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5414 u8 *randomizer192, u8 *hash256,
5415 u8 *randomizer256, u8 status)
5416 {
5417 struct pending_cmd *cmd;
5418
5419 BT_DBG("%s status %u", hdev->name, status);
5420
5421 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5422 if (!cmd)
5423 return;
5424
5425 if (status) {
5426 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5427 mgmt_status(status));
5428 } else {
5429 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5430 hash256 && randomizer256) {
5431 struct mgmt_rp_read_local_oob_ext_data rp;
5432
5433 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5434 memcpy(rp.randomizer192, randomizer192,
5435 sizeof(rp.randomizer192));
5436
5437 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5438 memcpy(rp.randomizer256, randomizer256,
5439 sizeof(rp.randomizer256));
5440
5441 cmd_complete(cmd->sk, hdev->id,
5442 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5443 &rp, sizeof(rp));
5444 } else {
5445 struct mgmt_rp_read_local_oob_data rp;
5446
5447 memcpy(rp.hash, hash192, sizeof(rp.hash));
5448 memcpy(rp.randomizer, randomizer192,
5449 sizeof(rp.randomizer));
5450
5451 cmd_complete(cmd->sk, hdev->id,
5452 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5453 &rp, sizeof(rp));
5454 }
5455 }
5456
5457 mgmt_pending_remove(cmd);
5458 }
5459
5460 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5461 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5462 ssp, u8 *eir, u16 eir_len)
5463 {
5464 char buf[512];
5465 struct mgmt_ev_device_found *ev = (void *) buf;
5466 struct smp_irk *irk;
5467 size_t ev_size;
5468
5469 if (!hci_discovery_active(hdev))
5470 return;
5471
5472 /* Leave 5 bytes for a potential CoD field */
5473 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
5474 return;
5475
5476 memset(buf, 0, sizeof(buf));
5477
5478 irk = hci_get_irk(hdev, bdaddr, addr_type);
5479 if (irk) {
5480 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5481 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5482 } else {
5483 bacpy(&ev->addr.bdaddr, bdaddr);
5484 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5485 }
5486
5487 ev->rssi = rssi;
5488 if (cfm_name)
5489 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5490 if (!ssp)
5491 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5492
5493 if (eir_len > 0)
5494 memcpy(ev->eir, eir, eir_len);
5495
5496 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5497 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5498 dev_class, 3);
5499
5500 ev->eir_len = cpu_to_le16(eir_len);
5501 ev_size = sizeof(*ev) + eir_len;
5502
5503 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5504 }
5505
5506 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5507 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5508 {
5509 struct mgmt_ev_device_found *ev;
5510 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5511 u16 eir_len;
5512
5513 ev = (struct mgmt_ev_device_found *) buf;
5514
5515 memset(buf, 0, sizeof(buf));
5516
5517 bacpy(&ev->addr.bdaddr, bdaddr);
5518 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5519 ev->rssi = rssi;
5520
5521 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5522 name_len);
5523
5524 ev->eir_len = cpu_to_le16(eir_len);
5525
5526 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5527 }
5528
5529 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5530 {
5531 struct mgmt_ev_discovering ev;
5532 struct pending_cmd *cmd;
5533
5534 BT_DBG("%s discovering %u", hdev->name, discovering);
5535
5536 if (discovering)
5537 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5538 else
5539 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5540
5541 if (cmd != NULL) {
5542 u8 type = hdev->discovery.type;
5543
5544 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5545 sizeof(type));
5546 mgmt_pending_remove(cmd);
5547 }
5548
5549 memset(&ev, 0, sizeof(ev));
5550 ev.type = hdev->discovery.type;
5551 ev.discovering = discovering;
5552
5553 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5554 }
5555
5556 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5557 {
5558 struct pending_cmd *cmd;
5559 struct mgmt_ev_device_blocked ev;
5560
5561 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5562
5563 bacpy(&ev.addr.bdaddr, bdaddr);
5564 ev.addr.type = type;
5565
5566 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5567 cmd ? cmd->sk : NULL);
5568 }
5569
5570 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5571 {
5572 struct pending_cmd *cmd;
5573 struct mgmt_ev_device_unblocked ev;
5574
5575 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5576
5577 bacpy(&ev.addr.bdaddr, bdaddr);
5578 ev.addr.type = type;
5579
5580 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5581 cmd ? cmd->sk : NULL);
5582 }
5583
5584 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5585 {
5586 BT_DBG("%s status %u", hdev->name, status);
5587
5588 /* Clear the advertising mgmt setting if we failed to re-enable it */
5589 if (status) {
5590 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5591 new_settings(hdev, NULL);
5592 }
5593 }
5594
5595 void mgmt_reenable_advertising(struct hci_dev *hdev)
5596 {
5597 struct hci_request req;
5598
5599 if (hci_conn_num(hdev, LE_LINK) > 0)
5600 return;
5601
5602 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5603 return;
5604
5605 hci_req_init(&req, hdev);
5606 enable_advertising(&req);
5607
5608 /* If this fails we have no option but to let user space know
5609 * that we've disabled advertising.
5610 */
5611 if (hci_req_run(&req, adv_enable_complete) < 0) {
5612 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5613 new_settings(hdev, NULL);
5614 }
5615 }
Ubuntu Artful kernel mirror