]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33
34 #include "smp.h"
35
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 5
38
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_BREDR,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
84 MGMT_OP_SET_PRIVACY,
85 MGMT_OP_LOAD_IRKS,
86 };
87
88 static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
109 MGMT_EV_PASSKEY_NOTIFY,
110 MGMT_EV_NEW_IRK,
111 MGMT_EV_NEW_CSRK,
112 };
113
114 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
115
116 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
117 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
118
119 struct pending_cmd {
120 struct list_head list;
121 u16 opcode;
122 int index;
123 void *param;
124 struct sock *sk;
125 void *user_data;
126 };
127
128 /* HCI to MGMT error code conversion table */
129 static u8 mgmt_status_table[] = {
130 MGMT_STATUS_SUCCESS,
131 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
132 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
133 MGMT_STATUS_FAILED, /* Hardware Failure */
134 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
135 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
136 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
137 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
138 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
141 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
142 MGMT_STATUS_BUSY, /* Command Disallowed */
143 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
144 MGMT_STATUS_REJECTED, /* Rejected Security */
145 MGMT_STATUS_REJECTED, /* Rejected Personal */
146 MGMT_STATUS_TIMEOUT, /* Host Timeout */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
148 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
149 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
150 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
151 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
152 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
153 MGMT_STATUS_BUSY, /* Repeated Attempts */
154 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
155 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
157 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
158 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
159 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
160 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
161 MGMT_STATUS_FAILED, /* Unspecified Error */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
163 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
164 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
165 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
166 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
167 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
168 MGMT_STATUS_FAILED, /* Unit Link Key Used */
169 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
170 MGMT_STATUS_TIMEOUT, /* Instant Passed */
171 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
172 MGMT_STATUS_FAILED, /* Transaction Collision */
173 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
174 MGMT_STATUS_REJECTED, /* QoS Rejected */
175 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
176 MGMT_STATUS_REJECTED, /* Insufficient Security */
177 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
178 MGMT_STATUS_BUSY, /* Role Switch Pending */
179 MGMT_STATUS_FAILED, /* Slot Violation */
180 MGMT_STATUS_FAILED, /* Role Switch Failed */
181 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
182 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
183 MGMT_STATUS_BUSY, /* Host Busy Pairing */
184 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
185 MGMT_STATUS_BUSY, /* Controller Busy */
186 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
187 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
189 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
190 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
191 };
192
193 static u8 mgmt_status(u8 hci_status)
194 {
195 if (hci_status < ARRAY_SIZE(mgmt_status_table))
196 return mgmt_status_table[hci_status];
197
198 return MGMT_STATUS_FAILED;
199 }
200
201 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
202 {
203 struct sk_buff *skb;
204 struct mgmt_hdr *hdr;
205 struct mgmt_ev_cmd_status *ev;
206 int err;
207
208 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
209
210 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 if (!skb)
212 return -ENOMEM;
213
214 hdr = (void *) skb_put(skb, sizeof(*hdr));
215
216 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
217 hdr->index = cpu_to_le16(index);
218 hdr->len = cpu_to_le16(sizeof(*ev));
219
220 ev = (void *) skb_put(skb, sizeof(*ev));
221 ev->status = status;
222 ev->opcode = cpu_to_le16(cmd);
223
224 err = sock_queue_rcv_skb(sk, skb);
225 if (err < 0)
226 kfree_skb(skb);
227
228 return err;
229 }
230
231 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
232 void *rp, size_t rp_len)
233 {
234 struct sk_buff *skb;
235 struct mgmt_hdr *hdr;
236 struct mgmt_ev_cmd_complete *ev;
237 int err;
238
239 BT_DBG("sock %p", sk);
240
241 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 if (!skb)
243 return -ENOMEM;
244
245 hdr = (void *) skb_put(skb, sizeof(*hdr));
246
247 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
248 hdr->index = cpu_to_le16(index);
249 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
250
251 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
252 ev->opcode = cpu_to_le16(cmd);
253 ev->status = status;
254
255 if (rp)
256 memcpy(ev->data, rp, rp_len);
257
258 err = sock_queue_rcv_skb(sk, skb);
259 if (err < 0)
260 kfree_skb(skb);
261
262 return err;
263 }
264
265 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
266 u16 data_len)
267 {
268 struct mgmt_rp_read_version rp;
269
270 BT_DBG("sock %p", sk);
271
272 rp.version = MGMT_VERSION;
273 rp.revision = cpu_to_le16(MGMT_REVISION);
274
275 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 sizeof(rp));
277 }
278
279 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
281 {
282 struct mgmt_rp_read_commands *rp;
283 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
284 const u16 num_events = ARRAY_SIZE(mgmt_events);
285 __le16 *opcode;
286 size_t rp_size;
287 int i, err;
288
289 BT_DBG("sock %p", sk);
290
291 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
292
293 rp = kmalloc(rp_size, GFP_KERNEL);
294 if (!rp)
295 return -ENOMEM;
296
297 rp->num_commands = cpu_to_le16(num_commands);
298 rp->num_events = cpu_to_le16(num_events);
299
300 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
301 put_unaligned_le16(mgmt_commands[i], opcode);
302
303 for (i = 0; i < num_events; i++, opcode++)
304 put_unaligned_le16(mgmt_events[i], opcode);
305
306 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 rp_size);
308 kfree(rp);
309
310 return err;
311 }
312
313 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
315 {
316 struct mgmt_rp_read_index_list *rp;
317 struct hci_dev *d;
318 size_t rp_len;
319 u16 count;
320 int err;
321
322 BT_DBG("sock %p", sk);
323
324 read_lock(&hci_dev_list_lock);
325
326 count = 0;
327 list_for_each_entry(d, &hci_dev_list, list) {
328 if (d->dev_type == HCI_BREDR)
329 count++;
330 }
331
332 rp_len = sizeof(*rp) + (2 * count);
333 rp = kmalloc(rp_len, GFP_ATOMIC);
334 if (!rp) {
335 read_unlock(&hci_dev_list_lock);
336 return -ENOMEM;
337 }
338
339 count = 0;
340 list_for_each_entry(d, &hci_dev_list, list) {
341 if (test_bit(HCI_SETUP, &d->dev_flags))
342 continue;
343
344 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
345 continue;
346
347 if (d->dev_type == HCI_BREDR) {
348 rp->index[count++] = cpu_to_le16(d->id);
349 BT_DBG("Added hci%u", d->id);
350 }
351 }
352
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
356 read_unlock(&hci_dev_list_lock);
357
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
359 rp_len);
360
361 kfree(rp);
362
363 return err;
364 }
365
366 static u32 get_supported_settings(struct hci_dev *hdev)
367 {
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
372 settings |= MGMT_SETTING_DEBUG_KEYS;
373
374 if (lmp_bredr_capable(hdev)) {
375 settings |= MGMT_SETTING_CONNECTABLE;
376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
378 settings |= MGMT_SETTING_DISCOVERABLE;
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381
382 if (lmp_ssp_capable(hdev)) {
383 settings |= MGMT_SETTING_SSP;
384 settings |= MGMT_SETTING_HS;
385 }
386
387 if (lmp_sc_capable(hdev) ||
388 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
389 settings |= MGMT_SETTING_SECURE_CONN;
390 }
391
392 if (lmp_le_capable(hdev)) {
393 settings |= MGMT_SETTING_LE;
394 settings |= MGMT_SETTING_ADVERTISING;
395 settings |= MGMT_SETTING_PRIVACY;
396 }
397
398 return settings;
399 }
400
401 static u32 get_current_settings(struct hci_dev *hdev)
402 {
403 u32 settings = 0;
404
405 if (hdev_is_powered(hdev))
406 settings |= MGMT_SETTING_POWERED;
407
408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_CONNECTABLE;
410
411 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_FAST_CONNECTABLE;
413
414 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
415 settings |= MGMT_SETTING_DISCOVERABLE;
416
417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
418 settings |= MGMT_SETTING_PAIRABLE;
419
420 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_BREDR;
422
423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_LE;
425
426 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
427 settings |= MGMT_SETTING_LINK_SECURITY;
428
429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
430 settings |= MGMT_SETTING_SSP;
431
432 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
433 settings |= MGMT_SETTING_HS;
434
435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
436 settings |= MGMT_SETTING_ADVERTISING;
437
438 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_SECURE_CONN;
440
441 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
442 settings |= MGMT_SETTING_DEBUG_KEYS;
443
444 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
445 settings |= MGMT_SETTING_PRIVACY;
446
447 return settings;
448 }
449
450 #define PNP_INFO_SVCLASS_ID 0x1200
451
452 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
453 {
454 u8 *ptr = data, *uuids_start = NULL;
455 struct bt_uuid *uuid;
456
457 if (len < 4)
458 return ptr;
459
460 list_for_each_entry(uuid, &hdev->uuids, list) {
461 u16 uuid16;
462
463 if (uuid->size != 16)
464 continue;
465
466 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
467 if (uuid16 < 0x1100)
468 continue;
469
470 if (uuid16 == PNP_INFO_SVCLASS_ID)
471 continue;
472
473 if (!uuids_start) {
474 uuids_start = ptr;
475 uuids_start[0] = 1;
476 uuids_start[1] = EIR_UUID16_ALL;
477 ptr += 2;
478 }
479
480 /* Stop if not enough space to put next UUID */
481 if ((ptr - data) + sizeof(u16) > len) {
482 uuids_start[1] = EIR_UUID16_SOME;
483 break;
484 }
485
486 *ptr++ = (uuid16 & 0x00ff);
487 *ptr++ = (uuid16 & 0xff00) >> 8;
488 uuids_start[0] += sizeof(uuid16);
489 }
490
491 return ptr;
492 }
493
494 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
495 {
496 u8 *ptr = data, *uuids_start = NULL;
497 struct bt_uuid *uuid;
498
499 if (len < 6)
500 return ptr;
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 if (uuid->size != 32)
504 continue;
505
506 if (!uuids_start) {
507 uuids_start = ptr;
508 uuids_start[0] = 1;
509 uuids_start[1] = EIR_UUID32_ALL;
510 ptr += 2;
511 }
512
513 /* Stop if not enough space to put next UUID */
514 if ((ptr - data) + sizeof(u32) > len) {
515 uuids_start[1] = EIR_UUID32_SOME;
516 break;
517 }
518
519 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
520 ptr += sizeof(u32);
521 uuids_start[0] += sizeof(u32);
522 }
523
524 return ptr;
525 }
526
527 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
528 {
529 u8 *ptr = data, *uuids_start = NULL;
530 struct bt_uuid *uuid;
531
532 if (len < 18)
533 return ptr;
534
535 list_for_each_entry(uuid, &hdev->uuids, list) {
536 if (uuid->size != 128)
537 continue;
538
539 if (!uuids_start) {
540 uuids_start = ptr;
541 uuids_start[0] = 1;
542 uuids_start[1] = EIR_UUID128_ALL;
543 ptr += 2;
544 }
545
546 /* Stop if not enough space to put next UUID */
547 if ((ptr - data) + 16 > len) {
548 uuids_start[1] = EIR_UUID128_SOME;
549 break;
550 }
551
552 memcpy(ptr, uuid->uuid, 16);
553 ptr += 16;
554 uuids_start[0] += 16;
555 }
556
557 return ptr;
558 }
559
560 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
561 {
562 struct pending_cmd *cmd;
563
564 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
565 if (cmd->opcode == opcode)
566 return cmd;
567 }
568
569 return NULL;
570 }
571
572 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
573 {
574 u8 ad_len = 0;
575 size_t name_len;
576
577 name_len = strlen(hdev->dev_name);
578 if (name_len > 0) {
579 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580
581 if (name_len > max_len) {
582 name_len = max_len;
583 ptr[1] = EIR_NAME_SHORT;
584 } else
585 ptr[1] = EIR_NAME_COMPLETE;
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ad_len += (name_len + 2);
592 ptr += (name_len + 2);
593 }
594
595 return ad_len;
596 }
597
598 static void update_scan_rsp_data(struct hci_request *req)
599 {
600 struct hci_dev *hdev = req->hdev;
601 struct hci_cp_le_set_scan_rsp_data cp;
602 u8 len;
603
604 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
605 return;
606
607 memset(&cp, 0, sizeof(cp));
608
609 len = create_scan_rsp_data(hdev, cp.data);
610
611 if (hdev->scan_rsp_data_len == len &&
612 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
613 return;
614
615 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
616 hdev->scan_rsp_data_len = len;
617
618 cp.length = len;
619
620 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
621 }
622
623 static u8 get_adv_discov_flags(struct hci_dev *hdev)
624 {
625 struct pending_cmd *cmd;
626
627 /* If there's a pending mgmt command the flags will not yet have
628 * their final values, so check for this first.
629 */
630 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
631 if (cmd) {
632 struct mgmt_mode *cp = cmd->param;
633 if (cp->val == 0x01)
634 return LE_AD_GENERAL;
635 else if (cp->val == 0x02)
636 return LE_AD_LIMITED;
637 } else {
638 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_LIMITED;
640 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_GENERAL;
642 }
643
644 return 0;
645 }
646
647 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
648 {
649 u8 ad_len = 0, flags = 0;
650
651 flags |= get_adv_discov_flags(hdev);
652
653 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
654 flags |= LE_AD_NO_BREDR;
655
656 if (flags) {
657 BT_DBG("adv flags 0x%02x", flags);
658
659 ptr[0] = 2;
660 ptr[1] = EIR_FLAGS;
661 ptr[2] = flags;
662
663 ad_len += 3;
664 ptr += 3;
665 }
666
667 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
668 ptr[0] = 2;
669 ptr[1] = EIR_TX_POWER;
670 ptr[2] = (u8) hdev->adv_tx_power;
671
672 ad_len += 3;
673 ptr += 3;
674 }
675
676 return ad_len;
677 }
678
679 static void update_adv_data(struct hci_request *req)
680 {
681 struct hci_dev *hdev = req->hdev;
682 struct hci_cp_le_set_adv_data cp;
683 u8 len;
684
685 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
686 return;
687
688 memset(&cp, 0, sizeof(cp));
689
690 len = create_adv_data(hdev, cp.data);
691
692 if (hdev->adv_data_len == len &&
693 memcmp(cp.data, hdev->adv_data, len) == 0)
694 return;
695
696 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
697 hdev->adv_data_len = len;
698
699 cp.length = len;
700
701 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
702 }
703
704 static void create_eir(struct hci_dev *hdev, u8 *data)
705 {
706 u8 *ptr = data;
707 size_t name_len;
708
709 name_len = strlen(hdev->dev_name);
710
711 if (name_len > 0) {
712 /* EIR Data type */
713 if (name_len > 48) {
714 name_len = 48;
715 ptr[1] = EIR_NAME_SHORT;
716 } else
717 ptr[1] = EIR_NAME_COMPLETE;
718
719 /* EIR Data length */
720 ptr[0] = name_len + 1;
721
722 memcpy(ptr + 2, hdev->dev_name, name_len);
723
724 ptr += (name_len + 2);
725 }
726
727 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
728 ptr[0] = 2;
729 ptr[1] = EIR_TX_POWER;
730 ptr[2] = (u8) hdev->inq_tx_power;
731
732 ptr += 3;
733 }
734
735 if (hdev->devid_source > 0) {
736 ptr[0] = 9;
737 ptr[1] = EIR_DEVICE_ID;
738
739 put_unaligned_le16(hdev->devid_source, ptr + 2);
740 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
741 put_unaligned_le16(hdev->devid_product, ptr + 6);
742 put_unaligned_le16(hdev->devid_version, ptr + 8);
743
744 ptr += 10;
745 }
746
747 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
748 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
749 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
750 }
751
752 static void update_eir(struct hci_request *req)
753 {
754 struct hci_dev *hdev = req->hdev;
755 struct hci_cp_write_eir cp;
756
757 if (!hdev_is_powered(hdev))
758 return;
759
760 if (!lmp_ext_inq_capable(hdev))
761 return;
762
763 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
764 return;
765
766 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
767 return;
768
769 memset(&cp, 0, sizeof(cp));
770
771 create_eir(hdev, cp.data);
772
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
774 return;
775
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
777
778 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
779 }
780
781 static u8 get_service_classes(struct hci_dev *hdev)
782 {
783 struct bt_uuid *uuid;
784 u8 val = 0;
785
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
788
789 return val;
790 }
791
792 static void update_class(struct hci_request *req)
793 {
794 struct hci_dev *hdev = req->hdev;
795 u8 cod[3];
796
797 BT_DBG("%s", hdev->name);
798
799 if (!hdev_is_powered(hdev))
800 return;
801
802 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
803 return;
804
805 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
806 return;
807
808 cod[0] = hdev->minor_class;
809 cod[1] = hdev->major_class;
810 cod[2] = get_service_classes(hdev);
811
812 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
813 cod[1] |= 0x20;
814
815 if (memcmp(cod, hdev->dev_class, 3) == 0)
816 return;
817
818 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
819 }
820
821 static bool get_connectable(struct hci_dev *hdev)
822 {
823 struct pending_cmd *cmd;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 return cp->val;
832 }
833
834 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
835 }
836
837 static void enable_advertising(struct hci_request *req)
838 {
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_adv_param cp;
841 u8 own_addr_type, enable = 0x01;
842 bool connectable;
843
844 /* Clear the HCI_ADVERTISING bit temporarily so that the
845 * hci_update_random_address knows that it's safe to go ahead
846 * and write a new random address. The flag will be set back on
847 * as soon as the SET_ADV_ENABLE HCI command completes.
848 */
849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
850
851 connectable = get_connectable(hdev);
852
853 /* Set require_privacy to true only when non-connectable
854 * advertising is used. In that case it is fine to use a
855 * non-resolvable private address.
856 */
857 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
858 return;
859
860 memset(&cp, 0, sizeof(cp));
861 cp.min_interval = cpu_to_le16(0x0800);
862 cp.max_interval = cpu_to_le16(0x0800);
863 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
864 cp.own_address_type = own_addr_type;
865 cp.channel_map = hdev->le_adv_channel_map;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870 }
871
872 static void disable_advertising(struct hci_request *req)
873 {
874 u8 enable = 0x00;
875
876 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
877 }
878
879 static void service_cache_off(struct work_struct *work)
880 {
881 struct hci_dev *hdev = container_of(work, struct hci_dev,
882 service_cache.work);
883 struct hci_request req;
884
885 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
886 return;
887
888 hci_req_init(&req, hdev);
889
890 hci_dev_lock(hdev);
891
892 update_eir(&req);
893 update_class(&req);
894
895 hci_dev_unlock(hdev);
896
897 hci_req_run(&req, NULL);
898 }
899
900 static void rpa_expired(struct work_struct *work)
901 {
902 struct hci_dev *hdev = container_of(work, struct hci_dev,
903 rpa_expired.work);
904 struct hci_request req;
905
906 BT_DBG("");
907
908 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
909
910 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
911 hci_conn_num(hdev, LE_LINK) > 0)
912 return;
913
914 /* The generation of a new RPA and programming it into the
915 * controller happens in the enable_advertising() function.
916 */
917
918 hci_req_init(&req, hdev);
919
920 disable_advertising(&req);
921 enable_advertising(&req);
922
923 hci_req_run(&req, NULL);
924 }
925
926 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
927 {
928 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
929 return;
930
931 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
932 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
933
934 /* Non-mgmt controlled devices get this bit set
935 * implicitly so that pairing works for them, however
936 * for mgmt we require user-space to explicitly enable
937 * it
938 */
939 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
940 }
941
942 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
943 void *data, u16 data_len)
944 {
945 struct mgmt_rp_read_info rp;
946
947 BT_DBG("sock %p %s", sk, hdev->name);
948
949 hci_dev_lock(hdev);
950
951 memset(&rp, 0, sizeof(rp));
952
953 bacpy(&rp.bdaddr, &hdev->bdaddr);
954
955 rp.version = hdev->hci_ver;
956 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
957
958 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
959 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
960
961 memcpy(rp.dev_class, hdev->dev_class, 3);
962
963 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
964 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
965
966 hci_dev_unlock(hdev);
967
968 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
969 sizeof(rp));
970 }
971
972 static void mgmt_pending_free(struct pending_cmd *cmd)
973 {
974 sock_put(cmd->sk);
975 kfree(cmd->param);
976 kfree(cmd);
977 }
978
979 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
980 struct hci_dev *hdev, void *data,
981 u16 len)
982 {
983 struct pending_cmd *cmd;
984
985 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
986 if (!cmd)
987 return NULL;
988
989 cmd->opcode = opcode;
990 cmd->index = hdev->id;
991
992 cmd->param = kmalloc(len, GFP_KERNEL);
993 if (!cmd->param) {
994 kfree(cmd);
995 return NULL;
996 }
997
998 if (data)
999 memcpy(cmd->param, data, len);
1000
1001 cmd->sk = sk;
1002 sock_hold(sk);
1003
1004 list_add(&cmd->list, &hdev->mgmt_pending);
1005
1006 return cmd;
1007 }
1008
1009 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1010 void (*cb)(struct pending_cmd *cmd,
1011 void *data),
1012 void *data)
1013 {
1014 struct pending_cmd *cmd, *tmp;
1015
1016 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1017 if (opcode > 0 && cmd->opcode != opcode)
1018 continue;
1019
1020 cb(cmd, data);
1021 }
1022 }
1023
1024 static void mgmt_pending_remove(struct pending_cmd *cmd)
1025 {
1026 list_del(&cmd->list);
1027 mgmt_pending_free(cmd);
1028 }
1029
1030 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1031 {
1032 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1033
1034 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1035 sizeof(settings));
1036 }
1037
1038 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1039 {
1040 BT_DBG("%s status 0x%02x", hdev->name, status);
1041
1042 if (hci_conn_count(hdev) == 0) {
1043 cancel_delayed_work(&hdev->power_off);
1044 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1045 }
1046 }
1047
1048 static int clean_up_hci_state(struct hci_dev *hdev)
1049 {
1050 struct hci_request req;
1051 struct hci_conn *conn;
1052
1053 hci_req_init(&req, hdev);
1054
1055 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1056 test_bit(HCI_PSCAN, &hdev->flags)) {
1057 u8 scan = 0x00;
1058 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1059 }
1060
1061 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1062 disable_advertising(&req);
1063
1064 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1065 hci_req_add_le_scan_disable(&req);
1066 }
1067
1068 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1069 struct hci_cp_disconnect dc;
1070 struct hci_cp_reject_conn_req rej;
1071
1072 switch (conn->state) {
1073 case BT_CONNECTED:
1074 case BT_CONFIG:
1075 dc.handle = cpu_to_le16(conn->handle);
1076 dc.reason = 0x15; /* Terminated due to Power Off */
1077 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1078 break;
1079 case BT_CONNECT:
1080 if (conn->type == LE_LINK)
1081 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1082 0, NULL);
1083 else if (conn->type == ACL_LINK)
1084 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1085 6, &conn->dst);
1086 break;
1087 case BT_CONNECT2:
1088 bacpy(&rej.bdaddr, &conn->dst);
1089 rej.reason = 0x15; /* Terminated due to Power Off */
1090 if (conn->type == ACL_LINK)
1091 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1092 sizeof(rej), &rej);
1093 else if (conn->type == SCO_LINK)
1094 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1095 sizeof(rej), &rej);
1096 break;
1097 }
1098 }
1099
1100 return hci_req_run(&req, clean_up_hci_complete);
1101 }
1102
1103 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1104 u16 len)
1105 {
1106 struct mgmt_mode *cp = data;
1107 struct pending_cmd *cmd;
1108 int err;
1109
1110 BT_DBG("request for %s", hdev->name);
1111
1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
1116 hci_dev_lock(hdev);
1117
1118 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1120 MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
1124 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1125 cancel_delayed_work(&hdev->power_off);
1126
1127 if (cp->val) {
1128 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1129 data, len);
1130 err = mgmt_powered(hdev, 1);
1131 goto failed;
1132 }
1133 }
1134
1135 if (!!cp->val == hdev_is_powered(hdev)) {
1136 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1137 goto failed;
1138 }
1139
1140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1141 if (!cmd) {
1142 err = -ENOMEM;
1143 goto failed;
1144 }
1145
1146 if (cp->val) {
1147 queue_work(hdev->req_workqueue, &hdev->power_on);
1148 err = 0;
1149 } else {
1150 /* Disconnect connections, stop scans, etc */
1151 err = clean_up_hci_state(hdev);
1152 if (!err)
1153 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1154 HCI_POWER_OFF_TIMEOUT);
1155
1156 /* ENODATA means there were no HCI commands queued */
1157 if (err == -ENODATA) {
1158 cancel_delayed_work(&hdev->power_off);
1159 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1160 err = 0;
1161 }
1162 }
1163
1164 failed:
1165 hci_dev_unlock(hdev);
1166 return err;
1167 }
1168
1169 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1170 struct sock *skip_sk)
1171 {
1172 struct sk_buff *skb;
1173 struct mgmt_hdr *hdr;
1174
1175 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1176 if (!skb)
1177 return -ENOMEM;
1178
1179 hdr = (void *) skb_put(skb, sizeof(*hdr));
1180 hdr->opcode = cpu_to_le16(event);
1181 if (hdev)
1182 hdr->index = cpu_to_le16(hdev->id);
1183 else
1184 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
1185 hdr->len = cpu_to_le16(data_len);
1186
1187 if (data)
1188 memcpy(skb_put(skb, data_len), data, data_len);
1189
1190 /* Time stamp */
1191 __net_timestamp(skb);
1192
1193 hci_send_to_control(skb, skip_sk);
1194 kfree_skb(skb);
1195
1196 return 0;
1197 }
1198
1199 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1200 {
1201 __le32 ev;
1202
1203 ev = cpu_to_le32(get_current_settings(hdev));
1204
1205 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1206 }
1207
1208 struct cmd_lookup {
1209 struct sock *sk;
1210 struct hci_dev *hdev;
1211 u8 mgmt_status;
1212 };
1213
1214 static void settings_rsp(struct pending_cmd *cmd, void *data)
1215 {
1216 struct cmd_lookup *match = data;
1217
1218 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1219
1220 list_del(&cmd->list);
1221
1222 if (match->sk == NULL) {
1223 match->sk = cmd->sk;
1224 sock_hold(match->sk);
1225 }
1226
1227 mgmt_pending_free(cmd);
1228 }
1229
1230 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1231 {
1232 u8 *status = data;
1233
1234 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1235 mgmt_pending_remove(cmd);
1236 }
1237
1238 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1239 {
1240 if (!lmp_bredr_capable(hdev))
1241 return MGMT_STATUS_NOT_SUPPORTED;
1242 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1243 return MGMT_STATUS_REJECTED;
1244 else
1245 return MGMT_STATUS_SUCCESS;
1246 }
1247
1248 static u8 mgmt_le_support(struct hci_dev *hdev)
1249 {
1250 if (!lmp_le_capable(hdev))
1251 return MGMT_STATUS_NOT_SUPPORTED;
1252 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1253 return MGMT_STATUS_REJECTED;
1254 else
1255 return MGMT_STATUS_SUCCESS;
1256 }
1257
1258 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1259 {
1260 struct pending_cmd *cmd;
1261 struct mgmt_mode *cp;
1262 struct hci_request req;
1263 bool changed;
1264
1265 BT_DBG("status 0x%02x", status);
1266
1267 hci_dev_lock(hdev);
1268
1269 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1270 if (!cmd)
1271 goto unlock;
1272
1273 if (status) {
1274 u8 mgmt_err = mgmt_status(status);
1275 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1276 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1277 goto remove_cmd;
1278 }
1279
1280 cp = cmd->param;
1281 if (cp->val) {
1282 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1283 &hdev->dev_flags);
1284
1285 if (hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1287 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1288 to);
1289 }
1290 } else {
1291 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1292 &hdev->dev_flags);
1293 }
1294
1295 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296
1297 if (changed)
1298 new_settings(hdev, cmd->sk);
1299
1300 /* When the discoverable mode gets changed, make sure
1301 * that class of device has the limited discoverable
1302 * bit correctly set.
1303 */
1304 hci_req_init(&req, hdev);
1305 update_class(&req);
1306 hci_req_run(&req, NULL);
1307
1308 remove_cmd:
1309 mgmt_pending_remove(cmd);
1310
1311 unlock:
1312 hci_dev_unlock(hdev);
1313 }
1314
1315 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1316 u16 len)
1317 {
1318 struct mgmt_cp_set_discoverable *cp = data;
1319 struct pending_cmd *cmd;
1320 struct hci_request req;
1321 u16 timeout;
1322 u8 scan;
1323 int err;
1324
1325 BT_DBG("request for %s", hdev->name);
1326
1327 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1328 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1330 MGMT_STATUS_REJECTED);
1331
1332 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1333 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1334 MGMT_STATUS_INVALID_PARAMS);
1335
1336 timeout = __le16_to_cpu(cp->timeout);
1337
1338 /* Disabling discoverable requires that no timeout is set,
1339 * and enabling limited discoverable requires a timeout.
1340 */
1341 if ((cp->val == 0x00 && timeout > 0) ||
1342 (cp->val == 0x02 && timeout == 0))
1343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1344 MGMT_STATUS_INVALID_PARAMS);
1345
1346 hci_dev_lock(hdev);
1347
1348 if (!hdev_is_powered(hdev) && timeout > 0) {
1349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1350 MGMT_STATUS_NOT_POWERED);
1351 goto failed;
1352 }
1353
1354 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1355 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1357 MGMT_STATUS_BUSY);
1358 goto failed;
1359 }
1360
1361 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1362 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1363 MGMT_STATUS_REJECTED);
1364 goto failed;
1365 }
1366
1367 if (!hdev_is_powered(hdev)) {
1368 bool changed = false;
1369
1370 /* Setting limited discoverable when powered off is
1371 * not a valid operation since it requires a timeout
1372 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1373 */
1374 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1375 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1376 changed = true;
1377 }
1378
1379 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1380 if (err < 0)
1381 goto failed;
1382
1383 if (changed)
1384 err = new_settings(hdev, sk);
1385
1386 goto failed;
1387 }
1388
1389 /* If the current mode is the same, then just update the timeout
1390 * value with the new value. And if only the timeout gets updated,
1391 * then no need for any HCI transactions.
1392 */
1393 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1394 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1395 &hdev->dev_flags)) {
1396 cancel_delayed_work(&hdev->discov_off);
1397 hdev->discov_timeout = timeout;
1398
1399 if (cp->val && hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1401 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1402 to);
1403 }
1404
1405 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1406 goto failed;
1407 }
1408
1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1410 if (!cmd) {
1411 err = -ENOMEM;
1412 goto failed;
1413 }
1414
1415 /* Cancel any potential discoverable timeout that might be
1416 * still active and store new timeout value. The arming of
1417 * the timeout happens in the complete handler.
1418 */
1419 cancel_delayed_work(&hdev->discov_off);
1420 hdev->discov_timeout = timeout;
1421
1422 /* Limited discoverable mode */
1423 if (cp->val == 0x02)
1424 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1425 else
1426 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427
1428 hci_req_init(&req, hdev);
1429
1430 /* The procedure for LE-only controllers is much simpler - just
1431 * update the advertising data.
1432 */
1433 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1434 goto update_ad;
1435
1436 scan = SCAN_PAGE;
1437
1438 if (cp->val) {
1439 struct hci_cp_write_current_iac_lap hci_cp;
1440
1441 if (cp->val == 0x02) {
1442 /* Limited discoverable mode */
1443 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1444 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1445 hci_cp.iac_lap[1] = 0x8b;
1446 hci_cp.iac_lap[2] = 0x9e;
1447 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1448 hci_cp.iac_lap[4] = 0x8b;
1449 hci_cp.iac_lap[5] = 0x9e;
1450 } else {
1451 /* General discoverable mode */
1452 hci_cp.num_iac = 1;
1453 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1454 hci_cp.iac_lap[1] = 0x8b;
1455 hci_cp.iac_lap[2] = 0x9e;
1456 }
1457
1458 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1459 (hci_cp.num_iac * 3) + 1, &hci_cp);
1460
1461 scan |= SCAN_INQUIRY;
1462 } else {
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464 }
1465
1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1467
1468 update_ad:
1469 update_adv_data(&req);
1470
1471 err = hci_req_run(&req, set_discoverable_complete);
1472 if (err < 0)
1473 mgmt_pending_remove(cmd);
1474
1475 failed:
1476 hci_dev_unlock(hdev);
1477 return err;
1478 }
1479
1480 static void write_fast_connectable(struct hci_request *req, bool enable)
1481 {
1482 struct hci_dev *hdev = req->hdev;
1483 struct hci_cp_write_page_scan_activity acp;
1484 u8 type;
1485
1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return;
1488
1489 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1490 return;
1491
1492 if (enable) {
1493 type = PAGE_SCAN_TYPE_INTERLACED;
1494
1495 /* 160 msec page scan interval */
1496 acp.interval = cpu_to_le16(0x0100);
1497 } else {
1498 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1499
1500 /* default 1.28 sec page scan */
1501 acp.interval = cpu_to_le16(0x0800);
1502 }
1503
1504 acp.window = cpu_to_le16(0x0012);
1505
1506 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1507 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1508 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1509 sizeof(acp), &acp);
1510
1511 if (hdev->page_scan_type != type)
1512 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1513 }
1514
1515 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1516 {
1517 struct pending_cmd *cmd;
1518 struct mgmt_mode *cp;
1519 bool changed;
1520
1521 BT_DBG("status 0x%02x", status);
1522
1523 hci_dev_lock(hdev);
1524
1525 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 if (!cmd)
1527 goto unlock;
1528
1529 if (status) {
1530 u8 mgmt_err = mgmt_status(status);
1531 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1532 goto remove_cmd;
1533 }
1534
1535 cp = cmd->param;
1536 if (cp->val)
1537 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1538 else
1539 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540
1541 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1542
1543 if (changed)
1544 new_settings(hdev, cmd->sk);
1545
1546 remove_cmd:
1547 mgmt_pending_remove(cmd);
1548
1549 unlock:
1550 hci_dev_unlock(hdev);
1551 }
1552
1553 static int set_connectable_update_settings(struct hci_dev *hdev,
1554 struct sock *sk, u8 val)
1555 {
1556 bool changed = false;
1557 int err;
1558
1559 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1560 changed = true;
1561
1562 if (val) {
1563 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1564 } else {
1565 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1567 }
1568
1569 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1570 if (err < 0)
1571 return err;
1572
1573 if (changed)
1574 return new_settings(hdev, sk);
1575
1576 return 0;
1577 }
1578
1579 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1580 u16 len)
1581 {
1582 struct mgmt_mode *cp = data;
1583 struct pending_cmd *cmd;
1584 struct hci_request req;
1585 u8 scan;
1586 int err;
1587
1588 BT_DBG("request for %s", hdev->name);
1589
1590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1591 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1592 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1593 MGMT_STATUS_REJECTED);
1594
1595 if (cp->val != 0x00 && cp->val != 0x01)
1596 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1597 MGMT_STATUS_INVALID_PARAMS);
1598
1599 hci_dev_lock(hdev);
1600
1601 if (!hdev_is_powered(hdev)) {
1602 err = set_connectable_update_settings(hdev, sk, cp->val);
1603 goto failed;
1604 }
1605
1606 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1607 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1609 MGMT_STATUS_BUSY);
1610 goto failed;
1611 }
1612
1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1614 if (!cmd) {
1615 err = -ENOMEM;
1616 goto failed;
1617 }
1618
1619 hci_req_init(&req, hdev);
1620
1621 /* If BR/EDR is not enabled and we disable advertising as a
1622 * by-product of disabling connectable, we need to update the
1623 * advertising flags.
1624 */
1625 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1626 if (!cp->val) {
1627 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630 update_adv_data(&req);
1631 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1632 if (cp->val) {
1633 scan = SCAN_PAGE;
1634 } else {
1635 scan = 0;
1636
1637 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1638 hdev->discov_timeout > 0)
1639 cancel_delayed_work(&hdev->discov_off);
1640 }
1641
1642 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1643 }
1644
1645 /* If we're going from non-connectable to connectable or
1646 * vice-versa when fast connectable is enabled ensure that fast
1647 * connectable gets disabled. write_fast_connectable won't do
1648 * anything if the page scan parameters are already what they
1649 * should be.
1650 */
1651 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1652 write_fast_connectable(&req, false);
1653
1654 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1655 hci_conn_num(hdev, LE_LINK) == 0) {
1656 disable_advertising(&req);
1657 enable_advertising(&req);
1658 }
1659
1660 err = hci_req_run(&req, set_connectable_complete);
1661 if (err < 0) {
1662 mgmt_pending_remove(cmd);
1663 if (err == -ENODATA)
1664 err = set_connectable_update_settings(hdev, sk,
1665 cp->val);
1666 goto failed;
1667 }
1668
1669 failed:
1670 hci_dev_unlock(hdev);
1671 return err;
1672 }
1673
1674 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1675 u16 len)
1676 {
1677 struct mgmt_mode *cp = data;
1678 bool changed;
1679 int err;
1680
1681 BT_DBG("request for %s", hdev->name);
1682
1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
1687 hci_dev_lock(hdev);
1688
1689 if (cp->val)
1690 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1691 else
1692 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1693
1694 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1695 if (err < 0)
1696 goto unlock;
1697
1698 if (changed)
1699 err = new_settings(hdev, sk);
1700
1701 unlock:
1702 hci_dev_unlock(hdev);
1703 return err;
1704 }
1705
1706 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1707 u16 len)
1708 {
1709 struct mgmt_mode *cp = data;
1710 struct pending_cmd *cmd;
1711 u8 val, status;
1712 int err;
1713
1714 BT_DBG("request for %s", hdev->name);
1715
1716 status = mgmt_bredr_support(hdev);
1717 if (status)
1718 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1719 status);
1720
1721 if (cp->val != 0x00 && cp->val != 0x01)
1722 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1723 MGMT_STATUS_INVALID_PARAMS);
1724
1725 hci_dev_lock(hdev);
1726
1727 if (!hdev_is_powered(hdev)) {
1728 bool changed = false;
1729
1730 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1731 &hdev->dev_flags)) {
1732 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1733 changed = true;
1734 }
1735
1736 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1737 if (err < 0)
1738 goto failed;
1739
1740 if (changed)
1741 err = new_settings(hdev, sk);
1742
1743 goto failed;
1744 }
1745
1746 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1747 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1748 MGMT_STATUS_BUSY);
1749 goto failed;
1750 }
1751
1752 val = !!cp->val;
1753
1754 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1755 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1756 goto failed;
1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1762 goto failed;
1763 }
1764
1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1766 if (err < 0) {
1767 mgmt_pending_remove(cmd);
1768 goto failed;
1769 }
1770
1771 failed:
1772 hci_dev_unlock(hdev);
1773 return err;
1774 }
1775
1776 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1777 {
1778 struct mgmt_mode *cp = data;
1779 struct pending_cmd *cmd;
1780 u8 status;
1781 int err;
1782
1783 BT_DBG("request for %s", hdev->name);
1784
1785 status = mgmt_bredr_support(hdev);
1786 if (status)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1788
1789 if (!lmp_ssp_capable(hdev))
1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 MGMT_STATUS_NOT_SUPPORTED);
1792
1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
1797 hci_dev_lock(hdev);
1798
1799 if (!hdev_is_powered(hdev)) {
1800 bool changed;
1801
1802 if (cp->val) {
1803 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1804 &hdev->dev_flags);
1805 } else {
1806 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1807 &hdev->dev_flags);
1808 if (!changed)
1809 changed = test_and_clear_bit(HCI_HS_ENABLED,
1810 &hdev->dev_flags);
1811 else
1812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1813 }
1814
1815 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1816 if (err < 0)
1817 goto failed;
1818
1819 if (changed)
1820 err = new_settings(hdev, sk);
1821
1822 goto failed;
1823 }
1824
1825 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1826 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_BUSY);
1829 goto failed;
1830 }
1831
1832 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1833 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1834 goto failed;
1835 }
1836
1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1838 if (!cmd) {
1839 err = -ENOMEM;
1840 goto failed;
1841 }
1842
1843 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1844 if (err < 0) {
1845 mgmt_pending_remove(cmd);
1846 goto failed;
1847 }
1848
1849 failed:
1850 hci_dev_unlock(hdev);
1851 return err;
1852 }
1853
1854 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1855 {
1856 struct mgmt_mode *cp = data;
1857 bool changed;
1858 u8 status;
1859 int err;
1860
1861 BT_DBG("request for %s", hdev->name);
1862
1863 status = mgmt_bredr_support(hdev);
1864 if (status)
1865 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1866
1867 if (!lmp_ssp_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1871 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1873 MGMT_STATUS_REJECTED);
1874
1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
1879 hci_dev_lock(hdev);
1880
1881 if (cp->val) {
1882 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1883 } else {
1884 if (hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1886 MGMT_STATUS_REJECTED);
1887 goto unlock;
1888 }
1889
1890 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1891 }
1892
1893 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1894 if (err < 0)
1895 goto unlock;
1896
1897 if (changed)
1898 err = new_settings(hdev, sk);
1899
1900 unlock:
1901 hci_dev_unlock(hdev);
1902 return err;
1903 }
1904
1905 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1906 {
1907 struct cmd_lookup match = { NULL, hdev };
1908
1909 if (status) {
1910 u8 mgmt_err = mgmt_status(status);
1911
1912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1913 &mgmt_err);
1914 return;
1915 }
1916
1917 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1918
1919 new_settings(hdev, match.sk);
1920
1921 if (match.sk)
1922 sock_put(match.sk);
1923
1924 /* Make sure the controller has a good default for
1925 * advertising data. Restrict the update to when LE
1926 * has actually been enabled. During power on, the
1927 * update in powered_update_hci will take care of it.
1928 */
1929 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1930 struct hci_request req;
1931
1932 hci_dev_lock(hdev);
1933
1934 hci_req_init(&req, hdev);
1935 update_adv_data(&req);
1936 update_scan_rsp_data(&req);
1937 hci_req_run(&req, NULL);
1938
1939 hci_dev_unlock(hdev);
1940 }
1941 }
1942
1943 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1944 {
1945 struct mgmt_mode *cp = data;
1946 struct hci_cp_write_le_host_supported hci_cp;
1947 struct pending_cmd *cmd;
1948 struct hci_request req;
1949 int err;
1950 u8 val, enabled;
1951
1952 BT_DBG("request for %s", hdev->name);
1953
1954 if (!lmp_le_capable(hdev))
1955 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1956 MGMT_STATUS_NOT_SUPPORTED);
1957
1958 if (cp->val != 0x00 && cp->val != 0x01)
1959 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 MGMT_STATUS_INVALID_PARAMS);
1961
1962 /* LE-only devices do not allow toggling LE on/off */
1963 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1964 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1965 MGMT_STATUS_REJECTED);
1966
1967 hci_dev_lock(hdev);
1968
1969 val = !!cp->val;
1970 enabled = lmp_host_le_capable(hdev);
1971
1972 if (!hdev_is_powered(hdev) || val == enabled) {
1973 bool changed = false;
1974
1975 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1976 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1977 changed = true;
1978 }
1979
1980 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1981 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1982 changed = true;
1983 }
1984
1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986 if (err < 0)
1987 goto unlock;
1988
1989 if (changed)
1990 err = new_settings(hdev, sk);
1991
1992 goto unlock;
1993 }
1994
1995 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1996 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1997 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1998 MGMT_STATUS_BUSY);
1999 goto unlock;
2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003 if (!cmd) {
2004 err = -ENOMEM;
2005 goto unlock;
2006 }
2007
2008 hci_req_init(&req, hdev);
2009
2010 memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012 if (val) {
2013 hci_cp.le = val;
2014 hci_cp.simul = lmp_le_br_capable(hdev);
2015 } else {
2016 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2017 disable_advertising(&req);
2018 }
2019
2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2021 &hci_cp);
2022
2023 err = hci_req_run(&req, le_enable_complete);
2024 if (err < 0)
2025 mgmt_pending_remove(cmd);
2026
2027 unlock:
2028 hci_dev_unlock(hdev);
2029 return err;
2030 }
2031
2032 /* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2037 */
2038 static bool pending_eir_or_class(struct hci_dev *hdev)
2039 {
2040 struct pending_cmd *cmd;
2041
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2048 return true;
2049 }
2050 }
2051
2052 return false;
2053 }
2054
2055 static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2058 };
2059
2060 static u8 get_uuid_size(const u8 *uuid)
2061 {
2062 u32 val;
2063
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2065 return 128;
2066
2067 val = get_unaligned_le32(&uuid[12]);
2068 if (val > 0xffff)
2069 return 32;
2070
2071 return 16;
2072 }
2073
2074 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2075 {
2076 struct pending_cmd *cmd;
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(mgmt_op, hdev);
2081 if (!cmd)
2082 goto unlock;
2083
2084 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2085 hdev->dev_class, 3);
2086
2087 mgmt_pending_remove(cmd);
2088
2089 unlock:
2090 hci_dev_unlock(hdev);
2091 }
2092
2093 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2094 {
2095 BT_DBG("status 0x%02x", status);
2096
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2098 }
2099
2100 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2101 {
2102 struct mgmt_cp_add_uuid *cp = data;
2103 struct pending_cmd *cmd;
2104 struct hci_request req;
2105 struct bt_uuid *uuid;
2106 int err;
2107
2108 BT_DBG("request for %s", hdev->name);
2109
2110 hci_dev_lock(hdev);
2111
2112 if (pending_eir_or_class(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2114 MGMT_STATUS_BUSY);
2115 goto failed;
2116 }
2117
2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2119 if (!uuid) {
2120 err = -ENOMEM;
2121 goto failed;
2122 }
2123
2124 memcpy(uuid->uuid, cp->uuid, 16);
2125 uuid->svc_hint = cp->svc_hint;
2126 uuid->size = get_uuid_size(cp->uuid);
2127
2128 list_add_tail(&uuid->list, &hdev->uuids);
2129
2130 hci_req_init(&req, hdev);
2131
2132 update_class(&req);
2133 update_eir(&req);
2134
2135 err = hci_req_run(&req, add_uuid_complete);
2136 if (err < 0) {
2137 if (err != -ENODATA)
2138 goto failed;
2139
2140 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2141 hdev->dev_class, 3);
2142 goto failed;
2143 }
2144
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2146 if (!cmd) {
2147 err = -ENOMEM;
2148 goto failed;
2149 }
2150
2151 err = 0;
2152
2153 failed:
2154 hci_dev_unlock(hdev);
2155 return err;
2156 }
2157
2158 static bool enable_service_cache(struct hci_dev *hdev)
2159 {
2160 if (!hdev_is_powered(hdev))
2161 return false;
2162
2163 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2165 CACHE_TIMEOUT);
2166 return true;
2167 }
2168
2169 return false;
2170 }
2171
2172 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2173 {
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2177 }
2178
2179 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2180 u16 len)
2181 {
2182 struct mgmt_cp_remove_uuid *cp = data;
2183 struct pending_cmd *cmd;
2184 struct bt_uuid *match, *tmp;
2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2186 struct hci_request req;
2187 int err, found;
2188
2189 BT_DBG("request for %s", hdev->name);
2190
2191 hci_dev_lock(hdev);
2192
2193 if (pending_eir_or_class(hdev)) {
2194 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2195 MGMT_STATUS_BUSY);
2196 goto unlock;
2197 }
2198
2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2200 hci_uuids_clear(hdev);
2201
2202 if (enable_service_cache(hdev)) {
2203 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2204 0, hdev->dev_class, 3);
2205 goto unlock;
2206 }
2207
2208 goto update_class;
2209 }
2210
2211 found = 0;
2212
2213 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2214 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2215 continue;
2216
2217 list_del(&match->list);
2218 kfree(match);
2219 found++;
2220 }
2221
2222 if (found == 0) {
2223 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2224 MGMT_STATUS_INVALID_PARAMS);
2225 goto unlock;
2226 }
2227
2228 update_class:
2229 hci_req_init(&req, hdev);
2230
2231 update_class(&req);
2232 update_eir(&req);
2233
2234 err = hci_req_run(&req, remove_uuid_complete);
2235 if (err < 0) {
2236 if (err != -ENODATA)
2237 goto unlock;
2238
2239 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2240 hdev->dev_class, 3);
2241 goto unlock;
2242 }
2243
2244 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2245 if (!cmd) {
2246 err = -ENOMEM;
2247 goto unlock;
2248 }
2249
2250 err = 0;
2251
2252 unlock:
2253 hci_dev_unlock(hdev);
2254 return err;
2255 }
2256
2257 static void set_class_complete(struct hci_dev *hdev, u8 status)
2258 {
2259 BT_DBG("status 0x%02x", status);
2260
2261 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2262 }
2263
2264 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2265 u16 len)
2266 {
2267 struct mgmt_cp_set_dev_class *cp = data;
2268 struct pending_cmd *cmd;
2269 struct hci_request req;
2270 int err;
2271
2272 BT_DBG("request for %s", hdev->name);
2273
2274 if (!lmp_bredr_capable(hdev))
2275 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2276 MGMT_STATUS_NOT_SUPPORTED);
2277
2278 hci_dev_lock(hdev);
2279
2280 if (pending_eir_or_class(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2282 MGMT_STATUS_BUSY);
2283 goto unlock;
2284 }
2285
2286 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2288 MGMT_STATUS_INVALID_PARAMS);
2289 goto unlock;
2290 }
2291
2292 hdev->major_class = cp->major;
2293 hdev->minor_class = cp->minor;
2294
2295 if (!hdev_is_powered(hdev)) {
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2297 hdev->dev_class, 3);
2298 goto unlock;
2299 }
2300
2301 hci_req_init(&req, hdev);
2302
2303 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2304 hci_dev_unlock(hdev);
2305 cancel_delayed_work_sync(&hdev->service_cache);
2306 hci_dev_lock(hdev);
2307 update_eir(&req);
2308 }
2309
2310 update_class(&req);
2311
2312 err = hci_req_run(&req, set_class_complete);
2313 if (err < 0) {
2314 if (err != -ENODATA)
2315 goto unlock;
2316
2317 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2318 hdev->dev_class, 3);
2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2323 if (!cmd) {
2324 err = -ENOMEM;
2325 goto unlock;
2326 }
2327
2328 err = 0;
2329
2330 unlock:
2331 hci_dev_unlock(hdev);
2332 return err;
2333 }
2334
2335 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2336 u16 len)
2337 {
2338 struct mgmt_cp_load_link_keys *cp = data;
2339 u16 key_count, expected_len;
2340 bool changed;
2341 int i;
2342
2343 BT_DBG("request for %s", hdev->name);
2344
2345 if (!lmp_bredr_capable(hdev))
2346 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2347 MGMT_STATUS_NOT_SUPPORTED);
2348
2349 key_count = __le16_to_cpu(cp->key_count);
2350
2351 expected_len = sizeof(*cp) + key_count *
2352 sizeof(struct mgmt_link_key_info);
2353 if (expected_len != len) {
2354 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2355 expected_len, len);
2356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2357 MGMT_STATUS_INVALID_PARAMS);
2358 }
2359
2360 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2362 MGMT_STATUS_INVALID_PARAMS);
2363
2364 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2365 key_count);
2366
2367 for (i = 0; i < key_count; i++) {
2368 struct mgmt_link_key_info *key = &cp->keys[i];
2369
2370 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2371 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2372 MGMT_STATUS_INVALID_PARAMS);
2373 }
2374
2375 hci_dev_lock(hdev);
2376
2377 hci_link_keys_clear(hdev);
2378
2379 if (cp->debug_keys)
2380 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2381 else
2382 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383
2384 if (changed)
2385 new_settings(hdev, NULL);
2386
2387 for (i = 0; i < key_count; i++) {
2388 struct mgmt_link_key_info *key = &cp->keys[i];
2389
2390 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2391 key->type, key->pin_len);
2392 }
2393
2394 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2395
2396 hci_dev_unlock(hdev);
2397
2398 return 0;
2399 }
2400
2401 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2402 u8 addr_type, struct sock *skip_sk)
2403 {
2404 struct mgmt_ev_device_unpaired ev;
2405
2406 bacpy(&ev.addr.bdaddr, bdaddr);
2407 ev.addr.type = addr_type;
2408
2409 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2410 skip_sk);
2411 }
2412
2413 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2414 u16 len)
2415 {
2416 struct mgmt_cp_unpair_device *cp = data;
2417 struct mgmt_rp_unpair_device rp;
2418 struct hci_cp_disconnect dc;
2419 struct pending_cmd *cmd;
2420 struct hci_conn *conn;
2421 int err;
2422
2423 memset(&rp, 0, sizeof(rp));
2424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 rp.addr.type = cp->addr.type;
2426
2427 if (!bdaddr_type_is_valid(cp->addr.type))
2428 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS,
2430 &rp, sizeof(rp));
2431
2432 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2433 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_INVALID_PARAMS,
2435 &rp, sizeof(rp));
2436
2437 hci_dev_lock(hdev);
2438
2439 if (!hdev_is_powered(hdev)) {
2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2441 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2442 goto unlock;
2443 }
2444
2445 if (cp->addr.type == BDADDR_BREDR) {
2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2447 } else {
2448 u8 addr_type;
2449
2450 if (cp->addr.type == BDADDR_LE_PUBLIC)
2451 addr_type = ADDR_LE_DEV_PUBLIC;
2452 else
2453 addr_type = ADDR_LE_DEV_RANDOM;
2454
2455 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2456
2457 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2458
2459 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2460 }
2461
2462 if (err < 0) {
2463 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2464 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2465 goto unlock;
2466 }
2467
2468 if (cp->disconnect) {
2469 if (cp->addr.type == BDADDR_BREDR)
2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2471 &cp->addr.bdaddr);
2472 else
2473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2474 &cp->addr.bdaddr);
2475 } else {
2476 conn = NULL;
2477 }
2478
2479 if (!conn) {
2480 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2481 &rp, sizeof(rp));
2482 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2483 goto unlock;
2484 }
2485
2486 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2487 sizeof(*cp));
2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto unlock;
2491 }
2492
2493 dc.handle = cpu_to_le16(conn->handle);
2494 dc.reason = 0x13; /* Remote User Terminated Connection */
2495 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2496 if (err < 0)
2497 mgmt_pending_remove(cmd);
2498
2499 unlock:
2500 hci_dev_unlock(hdev);
2501 return err;
2502 }
2503
2504 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2505 u16 len)
2506 {
2507 struct mgmt_cp_disconnect *cp = data;
2508 struct mgmt_rp_disconnect rp;
2509 struct hci_cp_disconnect dc;
2510 struct pending_cmd *cmd;
2511 struct hci_conn *conn;
2512 int err;
2513
2514 BT_DBG("");
2515
2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
2520 if (!bdaddr_type_is_valid(cp->addr.type))
2521 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
2524
2525 hci_dev_lock(hdev);
2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
2528 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2530 goto failed;
2531 }
2532
2533 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2534 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2535 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2536 goto failed;
2537 }
2538
2539 if (cp->addr.type == BDADDR_BREDR)
2540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 &cp->addr.bdaddr);
2542 else
2543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2544
2545 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2546 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2547 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2548 goto failed;
2549 }
2550
2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2552 if (!cmd) {
2553 err = -ENOMEM;
2554 goto failed;
2555 }
2556
2557 dc.handle = cpu_to_le16(conn->handle);
2558 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2559
2560 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2561 if (err < 0)
2562 mgmt_pending_remove(cmd);
2563
2564 failed:
2565 hci_dev_unlock(hdev);
2566 return err;
2567 }
2568
2569 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2570 {
2571 switch (link_type) {
2572 case LE_LINK:
2573 switch (addr_type) {
2574 case ADDR_LE_DEV_PUBLIC:
2575 return BDADDR_LE_PUBLIC;
2576
2577 default:
2578 /* Fallback to LE Random address type */
2579 return BDADDR_LE_RANDOM;
2580 }
2581
2582 default:
2583 /* Fallback to BR/EDR type */
2584 return BDADDR_BREDR;
2585 }
2586 }
2587
2588 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 data_len)
2590 {
2591 struct mgmt_rp_get_connections *rp;
2592 struct hci_conn *c;
2593 size_t rp_len;
2594 int err;
2595 u16 i;
2596
2597 BT_DBG("");
2598
2599 hci_dev_lock(hdev);
2600
2601 if (!hdev_is_powered(hdev)) {
2602 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2603 MGMT_STATUS_NOT_POWERED);
2604 goto unlock;
2605 }
2606
2607 i = 0;
2608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2609 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2610 i++;
2611 }
2612
2613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2614 rp = kmalloc(rp_len, GFP_KERNEL);
2615 if (!rp) {
2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2620 i = 0;
2621 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2622 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 continue;
2624 bacpy(&rp->addr[i].bdaddr, &c->dst);
2625 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2626 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2627 continue;
2628 i++;
2629 }
2630
2631 rp->conn_count = cpu_to_le16(i);
2632
2633 /* Recalculate length in case of filtered SCO connections, etc */
2634 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2635
2636 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2637 rp_len);
2638
2639 kfree(rp);
2640
2641 unlock:
2642 hci_dev_unlock(hdev);
2643 return err;
2644 }
2645
2646 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2647 struct mgmt_cp_pin_code_neg_reply *cp)
2648 {
2649 struct pending_cmd *cmd;
2650 int err;
2651
2652 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2653 sizeof(*cp));
2654 if (!cmd)
2655 return -ENOMEM;
2656
2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663 }
2664
2665 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2666 u16 len)
2667 {
2668 struct hci_conn *conn;
2669 struct mgmt_cp_pin_code_reply *cp = data;
2670 struct hci_cp_pin_code_reply reply;
2671 struct pending_cmd *cmd;
2672 int err;
2673
2674 BT_DBG("");
2675
2676 hci_dev_lock(hdev);
2677
2678 if (!hdev_is_powered(hdev)) {
2679 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2680 MGMT_STATUS_NOT_POWERED);
2681 goto failed;
2682 }
2683
2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2685 if (!conn) {
2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2687 MGMT_STATUS_NOT_CONNECTED);
2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2695
2696 BT_ERR("PIN code is not 16 bytes long");
2697
2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2699 if (err >= 0)
2700 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_INVALID_PARAMS);
2702
2703 goto failed;
2704 }
2705
2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2707 if (!cmd) {
2708 err = -ENOMEM;
2709 goto failed;
2710 }
2711
2712 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2713 reply.pin_len = cp->pin_len;
2714 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2715
2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2717 if (err < 0)
2718 mgmt_pending_remove(cmd);
2719
2720 failed:
2721 hci_dev_unlock(hdev);
2722 return err;
2723 }
2724
2725 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 u16 len)
2727 {
2728 struct mgmt_cp_set_io_capability *cp = data;
2729
2730 BT_DBG("");
2731
2732 hci_dev_lock(hdev);
2733
2734 hdev->io_capability = cp->io_capability;
2735
2736 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2737 hdev->io_capability);
2738
2739 hci_dev_unlock(hdev);
2740
2741 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2742 0);
2743 }
2744
2745 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2746 {
2747 struct hci_dev *hdev = conn->hdev;
2748 struct pending_cmd *cmd;
2749
2750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2751 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2752 continue;
2753
2754 if (cmd->user_data != conn)
2755 continue;
2756
2757 return cmd;
2758 }
2759
2760 return NULL;
2761 }
2762
2763 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2764 {
2765 struct mgmt_rp_pair_device rp;
2766 struct hci_conn *conn = cmd->user_data;
2767
2768 bacpy(&rp.addr.bdaddr, &conn->dst);
2769 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2770
2771 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2772 &rp, sizeof(rp));
2773
2774 /* So we don't get further callbacks for this connection */
2775 conn->connect_cfm_cb = NULL;
2776 conn->security_cfm_cb = NULL;
2777 conn->disconn_cfm_cb = NULL;
2778
2779 hci_conn_drop(conn);
2780
2781 mgmt_pending_remove(cmd);
2782 }
2783
2784 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2785 {
2786 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2787 struct pending_cmd *cmd;
2788
2789 cmd = find_pairing(conn);
2790 if (cmd)
2791 pairing_complete(cmd, status);
2792 }
2793
2794 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2795 {
2796 struct pending_cmd *cmd;
2797
2798 BT_DBG("status %u", status);
2799
2800 cmd = find_pairing(conn);
2801 if (!cmd)
2802 BT_DBG("Unable to find a pending command");
2803 else
2804 pairing_complete(cmd, mgmt_status(status));
2805 }
2806
2807 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2808 {
2809 struct pending_cmd *cmd;
2810
2811 BT_DBG("status %u", status);
2812
2813 if (!status)
2814 return;
2815
2816 cmd = find_pairing(conn);
2817 if (!cmd)
2818 BT_DBG("Unable to find a pending command");
2819 else
2820 pairing_complete(cmd, mgmt_status(status));
2821 }
2822
2823 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2824 u16 len)
2825 {
2826 struct mgmt_cp_pair_device *cp = data;
2827 struct mgmt_rp_pair_device rp;
2828 struct pending_cmd *cmd;
2829 u8 sec_level, auth_type;
2830 struct hci_conn *conn;
2831 int err;
2832
2833 BT_DBG("");
2834
2835 memset(&rp, 0, sizeof(rp));
2836 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2837 rp.addr.type = cp->addr.type;
2838
2839 if (!bdaddr_type_is_valid(cp->addr.type))
2840 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2841 MGMT_STATUS_INVALID_PARAMS,
2842 &rp, sizeof(rp));
2843
2844 hci_dev_lock(hdev);
2845
2846 if (!hdev_is_powered(hdev)) {
2847 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2848 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2849 goto unlock;
2850 }
2851
2852 sec_level = BT_SECURITY_MEDIUM;
2853 if (cp->io_cap == 0x03)
2854 auth_type = HCI_AT_DEDICATED_BONDING;
2855 else
2856 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2857
2858 if (cp->addr.type == BDADDR_BREDR) {
2859 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2860 auth_type);
2861 } else {
2862 u8 addr_type;
2863
2864 /* Convert from L2CAP channel address type to HCI address type
2865 */
2866 if (cp->addr.type == BDADDR_LE_PUBLIC)
2867 addr_type = ADDR_LE_DEV_PUBLIC;
2868 else
2869 addr_type = ADDR_LE_DEV_RANDOM;
2870
2871 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
2872 sec_level, auth_type);
2873 }
2874
2875 if (IS_ERR(conn)) {
2876 int status;
2877
2878 if (PTR_ERR(conn) == -EBUSY)
2879 status = MGMT_STATUS_BUSY;
2880 else
2881 status = MGMT_STATUS_CONNECT_FAILED;
2882
2883 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2884 status, &rp,
2885 sizeof(rp));
2886 goto unlock;
2887 }
2888
2889 if (conn->connect_cfm_cb) {
2890 hci_conn_drop(conn);
2891 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2892 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2893 goto unlock;
2894 }
2895
2896 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2897 if (!cmd) {
2898 err = -ENOMEM;
2899 hci_conn_drop(conn);
2900 goto unlock;
2901 }
2902
2903 /* For LE, just connecting isn't a proof that the pairing finished */
2904 if (cp->addr.type == BDADDR_BREDR) {
2905 conn->connect_cfm_cb = pairing_complete_cb;
2906 conn->security_cfm_cb = pairing_complete_cb;
2907 conn->disconn_cfm_cb = pairing_complete_cb;
2908 } else {
2909 conn->connect_cfm_cb = le_pairing_complete_cb;
2910 conn->security_cfm_cb = le_pairing_complete_cb;
2911 conn->disconn_cfm_cb = le_pairing_complete_cb;
2912 }
2913
2914 conn->io_capability = cp->io_cap;
2915 cmd->user_data = conn;
2916
2917 if (conn->state == BT_CONNECTED &&
2918 hci_conn_security(conn, sec_level, auth_type))
2919 pairing_complete(cmd, 0);
2920
2921 err = 0;
2922
2923 unlock:
2924 hci_dev_unlock(hdev);
2925 return err;
2926 }
2927
2928 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2929 u16 len)
2930 {
2931 struct mgmt_addr_info *addr = data;
2932 struct pending_cmd *cmd;
2933 struct hci_conn *conn;
2934 int err;
2935
2936 BT_DBG("");
2937
2938 hci_dev_lock(hdev);
2939
2940 if (!hdev_is_powered(hdev)) {
2941 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2942 MGMT_STATUS_NOT_POWERED);
2943 goto unlock;
2944 }
2945
2946 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2947 if (!cmd) {
2948 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2949 MGMT_STATUS_INVALID_PARAMS);
2950 goto unlock;
2951 }
2952
2953 conn = cmd->user_data;
2954
2955 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2956 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2957 MGMT_STATUS_INVALID_PARAMS);
2958 goto unlock;
2959 }
2960
2961 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2962
2963 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2964 addr, sizeof(*addr));
2965 unlock:
2966 hci_dev_unlock(hdev);
2967 return err;
2968 }
2969
2970 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2971 struct mgmt_addr_info *addr, u16 mgmt_op,
2972 u16 hci_op, __le32 passkey)
2973 {
2974 struct pending_cmd *cmd;
2975 struct hci_conn *conn;
2976 int err;
2977
2978 hci_dev_lock(hdev);
2979
2980 if (!hdev_is_powered(hdev)) {
2981 err = cmd_complete(sk, hdev->id, mgmt_op,
2982 MGMT_STATUS_NOT_POWERED, addr,
2983 sizeof(*addr));
2984 goto done;
2985 }
2986
2987 if (addr->type == BDADDR_BREDR)
2988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2989 else
2990 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2991
2992 if (!conn) {
2993 err = cmd_complete(sk, hdev->id, mgmt_op,
2994 MGMT_STATUS_NOT_CONNECTED, addr,
2995 sizeof(*addr));
2996 goto done;
2997 }
2998
2999 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3000 /* Continue with pairing via SMP */
3001 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3002
3003 if (!err)
3004 err = cmd_complete(sk, hdev->id, mgmt_op,
3005 MGMT_STATUS_SUCCESS, addr,
3006 sizeof(*addr));
3007 else
3008 err = cmd_complete(sk, hdev->id, mgmt_op,
3009 MGMT_STATUS_FAILED, addr,
3010 sizeof(*addr));
3011
3012 goto done;
3013 }
3014
3015 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3016 if (!cmd) {
3017 err = -ENOMEM;
3018 goto done;
3019 }
3020
3021 /* Continue with pairing via HCI */
3022 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3023 struct hci_cp_user_passkey_reply cp;
3024
3025 bacpy(&cp.bdaddr, &addr->bdaddr);
3026 cp.passkey = passkey;
3027 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3028 } else
3029 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3030 &addr->bdaddr);
3031
3032 if (err < 0)
3033 mgmt_pending_remove(cmd);
3034
3035 done:
3036 hci_dev_unlock(hdev);
3037 return err;
3038 }
3039
3040 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3041 void *data, u16 len)
3042 {
3043 struct mgmt_cp_pin_code_neg_reply *cp = data;
3044
3045 BT_DBG("");
3046
3047 return user_pairing_resp(sk, hdev, &cp->addr,
3048 MGMT_OP_PIN_CODE_NEG_REPLY,
3049 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3050 }
3051
3052 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3053 u16 len)
3054 {
3055 struct mgmt_cp_user_confirm_reply *cp = data;
3056
3057 BT_DBG("");
3058
3059 if (len != sizeof(*cp))
3060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3061 MGMT_STATUS_INVALID_PARAMS);
3062
3063 return user_pairing_resp(sk, hdev, &cp->addr,
3064 MGMT_OP_USER_CONFIRM_REPLY,
3065 HCI_OP_USER_CONFIRM_REPLY, 0);
3066 }
3067
3068 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3069 void *data, u16 len)
3070 {
3071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3072
3073 BT_DBG("");
3074
3075 return user_pairing_resp(sk, hdev, &cp->addr,
3076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3078 }
3079
3080 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3081 u16 len)
3082 {
3083 struct mgmt_cp_user_passkey_reply *cp = data;
3084
3085 BT_DBG("");
3086
3087 return user_pairing_resp(sk, hdev, &cp->addr,
3088 MGMT_OP_USER_PASSKEY_REPLY,
3089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3090 }
3091
3092 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3093 void *data, u16 len)
3094 {
3095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3096
3097 BT_DBG("");
3098
3099 return user_pairing_resp(sk, hdev, &cp->addr,
3100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3102 }
3103
3104 static void update_name(struct hci_request *req)
3105 {
3106 struct hci_dev *hdev = req->hdev;
3107 struct hci_cp_write_local_name cp;
3108
3109 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3110
3111 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3112 }
3113
3114 static void set_name_complete(struct hci_dev *hdev, u8 status)
3115 {
3116 struct mgmt_cp_set_local_name *cp;
3117 struct pending_cmd *cmd;
3118
3119 BT_DBG("status 0x%02x", status);
3120
3121 hci_dev_lock(hdev);
3122
3123 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3124 if (!cmd)
3125 goto unlock;
3126
3127 cp = cmd->param;
3128
3129 if (status)
3130 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3131 mgmt_status(status));
3132 else
3133 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3134 cp, sizeof(*cp));
3135
3136 mgmt_pending_remove(cmd);
3137
3138 unlock:
3139 hci_dev_unlock(hdev);
3140 }
3141
3142 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3143 u16 len)
3144 {
3145 struct mgmt_cp_set_local_name *cp = data;
3146 struct pending_cmd *cmd;
3147 struct hci_request req;
3148 int err;
3149
3150 BT_DBG("");
3151
3152 hci_dev_lock(hdev);
3153
3154 /* If the old values are the same as the new ones just return a
3155 * direct command complete event.
3156 */
3157 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3158 !memcmp(hdev->short_name, cp->short_name,
3159 sizeof(hdev->short_name))) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3161 data, len);
3162 goto failed;
3163 }
3164
3165 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3166
3167 if (!hdev_is_powered(hdev)) {
3168 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3169
3170 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3171 data, len);
3172 if (err < 0)
3173 goto failed;
3174
3175 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3176 sk);
3177
3178 goto failed;
3179 }
3180
3181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3182 if (!cmd) {
3183 err = -ENOMEM;
3184 goto failed;
3185 }
3186
3187 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3188
3189 hci_req_init(&req, hdev);
3190
3191 if (lmp_bredr_capable(hdev)) {
3192 update_name(&req);
3193 update_eir(&req);
3194 }
3195
3196 /* The name is stored in the scan response data and so
3197 * no need to udpate the advertising data here.
3198 */
3199 if (lmp_le_capable(hdev))
3200 update_scan_rsp_data(&req);
3201
3202 err = hci_req_run(&req, set_name_complete);
3203 if (err < 0)
3204 mgmt_pending_remove(cmd);
3205
3206 failed:
3207 hci_dev_unlock(hdev);
3208 return err;
3209 }
3210
3211 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3212 void *data, u16 data_len)
3213 {
3214 struct pending_cmd *cmd;
3215 int err;
3216
3217 BT_DBG("%s", hdev->name);
3218
3219 hci_dev_lock(hdev);
3220
3221 if (!hdev_is_powered(hdev)) {
3222 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3223 MGMT_STATUS_NOT_POWERED);
3224 goto unlock;
3225 }
3226
3227 if (!lmp_ssp_capable(hdev)) {
3228 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3229 MGMT_STATUS_NOT_SUPPORTED);
3230 goto unlock;
3231 }
3232
3233 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3234 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3235 MGMT_STATUS_BUSY);
3236 goto unlock;
3237 }
3238
3239 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3240 if (!cmd) {
3241 err = -ENOMEM;
3242 goto unlock;
3243 }
3244
3245 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3246 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3247 0, NULL);
3248 else
3249 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3250
3251 if (err < 0)
3252 mgmt_pending_remove(cmd);
3253
3254 unlock:
3255 hci_dev_unlock(hdev);
3256 return err;
3257 }
3258
3259 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3260 void *data, u16 len)
3261 {
3262 int err;
3263
3264 BT_DBG("%s ", hdev->name);
3265
3266 hci_dev_lock(hdev);
3267
3268 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3269 struct mgmt_cp_add_remote_oob_data *cp = data;
3270 u8 status;
3271
3272 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3273 cp->hash, cp->randomizer);
3274 if (err < 0)
3275 status = MGMT_STATUS_FAILED;
3276 else
3277 status = MGMT_STATUS_SUCCESS;
3278
3279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3280 status, &cp->addr, sizeof(cp->addr));
3281 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3282 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3283 u8 status;
3284
3285 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3286 cp->hash192,
3287 cp->randomizer192,
3288 cp->hash256,
3289 cp->randomizer256);
3290 if (err < 0)
3291 status = MGMT_STATUS_FAILED;
3292 else
3293 status = MGMT_STATUS_SUCCESS;
3294
3295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3296 status, &cp->addr, sizeof(cp->addr));
3297 } else {
3298 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3299 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3300 MGMT_STATUS_INVALID_PARAMS);
3301 }
3302
3303 hci_dev_unlock(hdev);
3304 return err;
3305 }
3306
3307 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3308 void *data, u16 len)
3309 {
3310 struct mgmt_cp_remove_remote_oob_data *cp = data;
3311 u8 status;
3312 int err;
3313
3314 BT_DBG("%s", hdev->name);
3315
3316 hci_dev_lock(hdev);
3317
3318 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3319 if (err < 0)
3320 status = MGMT_STATUS_INVALID_PARAMS;
3321 else
3322 status = MGMT_STATUS_SUCCESS;
3323
3324 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3325 status, &cp->addr, sizeof(cp->addr));
3326
3327 hci_dev_unlock(hdev);
3328 return err;
3329 }
3330
3331 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3332 {
3333 struct pending_cmd *cmd;
3334 u8 type;
3335 int err;
3336
3337 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3338
3339 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3340 if (!cmd)
3341 return -ENOENT;
3342
3343 type = hdev->discovery.type;
3344
3345 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3346 &type, sizeof(type));
3347 mgmt_pending_remove(cmd);
3348
3349 return err;
3350 }
3351
3352 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3353 {
3354 BT_DBG("status %d", status);
3355
3356 if (status) {
3357 hci_dev_lock(hdev);
3358 mgmt_start_discovery_failed(hdev, status);
3359 hci_dev_unlock(hdev);
3360 return;
3361 }
3362
3363 hci_dev_lock(hdev);
3364 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3365 hci_dev_unlock(hdev);
3366
3367 switch (hdev->discovery.type) {
3368 case DISCOV_TYPE_LE:
3369 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3370 DISCOV_LE_TIMEOUT);
3371 break;
3372
3373 case DISCOV_TYPE_INTERLEAVED:
3374 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3375 DISCOV_INTERLEAVED_TIMEOUT);
3376 break;
3377
3378 case DISCOV_TYPE_BREDR:
3379 break;
3380
3381 default:
3382 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3383 }
3384 }
3385
3386 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3387 void *data, u16 len)
3388 {
3389 struct mgmt_cp_start_discovery *cp = data;
3390 struct pending_cmd *cmd;
3391 struct hci_cp_le_set_scan_param param_cp;
3392 struct hci_cp_le_set_scan_enable enable_cp;
3393 struct hci_cp_inquiry inq_cp;
3394 struct hci_request req;
3395 /* General inquiry access code (GIAC) */
3396 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3397 u8 status, own_addr_type;
3398 int err;
3399
3400 BT_DBG("%s", hdev->name);
3401
3402 hci_dev_lock(hdev);
3403
3404 if (!hdev_is_powered(hdev)) {
3405 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3406 MGMT_STATUS_NOT_POWERED);
3407 goto failed;
3408 }
3409
3410 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3411 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3412 MGMT_STATUS_BUSY);
3413 goto failed;
3414 }
3415
3416 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3417 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3418 MGMT_STATUS_BUSY);
3419 goto failed;
3420 }
3421
3422 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3423 if (!cmd) {
3424 err = -ENOMEM;
3425 goto failed;
3426 }
3427
3428 hdev->discovery.type = cp->type;
3429
3430 hci_req_init(&req, hdev);
3431
3432 switch (hdev->discovery.type) {
3433 case DISCOV_TYPE_BREDR:
3434 status = mgmt_bredr_support(hdev);
3435 if (status) {
3436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3437 status);
3438 mgmt_pending_remove(cmd);
3439 goto failed;
3440 }
3441
3442 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3444 MGMT_STATUS_BUSY);
3445 mgmt_pending_remove(cmd);
3446 goto failed;
3447 }
3448
3449 hci_inquiry_cache_flush(hdev);
3450
3451 memset(&inq_cp, 0, sizeof(inq_cp));
3452 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3453 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3454 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3455 break;
3456
3457 case DISCOV_TYPE_LE:
3458 case DISCOV_TYPE_INTERLEAVED:
3459 status = mgmt_le_support(hdev);
3460 if (status) {
3461 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3462 status);
3463 mgmt_pending_remove(cmd);
3464 goto failed;
3465 }
3466
3467 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3468 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3469 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3470 MGMT_STATUS_NOT_SUPPORTED);
3471 mgmt_pending_remove(cmd);
3472 goto failed;
3473 }
3474
3475 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3476 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3477 MGMT_STATUS_REJECTED);
3478 mgmt_pending_remove(cmd);
3479 goto failed;
3480 }
3481
3482 /* If controller is scanning, it means the background scanning
3483 * is running. Thus, we should temporarily stop it in order to
3484 * set the discovery scanning parameters.
3485 */
3486 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3487 hci_req_add_le_scan_disable(&req);
3488
3489 memset(&param_cp, 0, sizeof(param_cp));
3490
3491 /* All active scans will be done with either a resolvable
3492 * private address (when privacy feature has been enabled)
3493 * or unresolvable private address.
3494 */
3495 err = hci_update_random_address(&req, true, &own_addr_type);
3496 if (err < 0) {
3497 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3498 MGMT_STATUS_FAILED);
3499 mgmt_pending_remove(cmd);
3500 goto failed;
3501 }
3502
3503 param_cp.type = LE_SCAN_ACTIVE;
3504 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3505 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3506 param_cp.own_address_type = own_addr_type;
3507 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3508 &param_cp);
3509
3510 memset(&enable_cp, 0, sizeof(enable_cp));
3511 enable_cp.enable = LE_SCAN_ENABLE;
3512 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3513 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3514 &enable_cp);
3515 break;
3516
3517 default:
3518 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3519 MGMT_STATUS_INVALID_PARAMS);
3520 mgmt_pending_remove(cmd);
3521 goto failed;
3522 }
3523
3524 err = hci_req_run(&req, start_discovery_complete);
3525 if (err < 0)
3526 mgmt_pending_remove(cmd);
3527 else
3528 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3529
3530 failed:
3531 hci_dev_unlock(hdev);
3532 return err;
3533 }
3534
3535 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3536 {
3537 struct pending_cmd *cmd;
3538 int err;
3539
3540 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3541 if (!cmd)
3542 return -ENOENT;
3543
3544 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3545 &hdev->discovery.type, sizeof(hdev->discovery.type));
3546 mgmt_pending_remove(cmd);
3547
3548 return err;
3549 }
3550
3551 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3552 {
3553 BT_DBG("status %d", status);
3554
3555 hci_dev_lock(hdev);
3556
3557 if (status) {
3558 mgmt_stop_discovery_failed(hdev, status);
3559 goto unlock;
3560 }
3561
3562 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3563
3564 unlock:
3565 hci_dev_unlock(hdev);
3566 }
3567
3568 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3569 u16 len)
3570 {
3571 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3572 struct pending_cmd *cmd;
3573 struct hci_cp_remote_name_req_cancel cp;
3574 struct inquiry_entry *e;
3575 struct hci_request req;
3576 int err;
3577
3578 BT_DBG("%s", hdev->name);
3579
3580 hci_dev_lock(hdev);
3581
3582 if (!hci_discovery_active(hdev)) {
3583 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3584 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3585 sizeof(mgmt_cp->type));
3586 goto unlock;
3587 }
3588
3589 if (hdev->discovery.type != mgmt_cp->type) {
3590 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3591 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3592 sizeof(mgmt_cp->type));
3593 goto unlock;
3594 }
3595
3596 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3597 if (!cmd) {
3598 err = -ENOMEM;
3599 goto unlock;
3600 }
3601
3602 hci_req_init(&req, hdev);
3603
3604 switch (hdev->discovery.state) {
3605 case DISCOVERY_FINDING:
3606 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3607 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3608 } else {
3609 cancel_delayed_work(&hdev->le_scan_disable);
3610
3611 hci_req_add_le_scan_disable(&req);
3612 }
3613
3614 break;
3615
3616 case DISCOVERY_RESOLVING:
3617 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3618 NAME_PENDING);
3619 if (!e) {
3620 mgmt_pending_remove(cmd);
3621 err = cmd_complete(sk, hdev->id,
3622 MGMT_OP_STOP_DISCOVERY, 0,
3623 &mgmt_cp->type,
3624 sizeof(mgmt_cp->type));
3625 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3626 goto unlock;
3627 }
3628
3629 bacpy(&cp.bdaddr, &e->data.bdaddr);
3630 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3631 &cp);
3632
3633 break;
3634
3635 default:
3636 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3637
3638 mgmt_pending_remove(cmd);
3639 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3640 MGMT_STATUS_FAILED, &mgmt_cp->type,
3641 sizeof(mgmt_cp->type));
3642 goto unlock;
3643 }
3644
3645 err = hci_req_run(&req, stop_discovery_complete);
3646 if (err < 0)
3647 mgmt_pending_remove(cmd);
3648 else
3649 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3650
3651 unlock:
3652 hci_dev_unlock(hdev);
3653 return err;
3654 }
3655
3656 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3657 u16 len)
3658 {
3659 struct mgmt_cp_confirm_name *cp = data;
3660 struct inquiry_entry *e;
3661 int err;
3662
3663 BT_DBG("%s", hdev->name);
3664
3665 hci_dev_lock(hdev);
3666
3667 if (!hci_discovery_active(hdev)) {
3668 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3669 MGMT_STATUS_FAILED, &cp->addr,
3670 sizeof(cp->addr));
3671 goto failed;
3672 }
3673
3674 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3675 if (!e) {
3676 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3677 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3678 sizeof(cp->addr));
3679 goto failed;
3680 }
3681
3682 if (cp->name_known) {
3683 e->name_state = NAME_KNOWN;
3684 list_del(&e->list);
3685 } else {
3686 e->name_state = NAME_NEEDED;
3687 hci_inquiry_cache_update_resolve(hdev, e);
3688 }
3689
3690 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3691 sizeof(cp->addr));
3692
3693 failed:
3694 hci_dev_unlock(hdev);
3695 return err;
3696 }
3697
3698 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3699 u16 len)
3700 {
3701 struct mgmt_cp_block_device *cp = data;
3702 u8 status;
3703 int err;
3704
3705 BT_DBG("%s", hdev->name);
3706
3707 if (!bdaddr_type_is_valid(cp->addr.type))
3708 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3709 MGMT_STATUS_INVALID_PARAMS,
3710 &cp->addr, sizeof(cp->addr));
3711
3712 hci_dev_lock(hdev);
3713
3714 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3715 if (err < 0)
3716 status = MGMT_STATUS_FAILED;
3717 else
3718 status = MGMT_STATUS_SUCCESS;
3719
3720 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3721 &cp->addr, sizeof(cp->addr));
3722
3723 hci_dev_unlock(hdev);
3724
3725 return err;
3726 }
3727
3728 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3729 u16 len)
3730 {
3731 struct mgmt_cp_unblock_device *cp = data;
3732 u8 status;
3733 int err;
3734
3735 BT_DBG("%s", hdev->name);
3736
3737 if (!bdaddr_type_is_valid(cp->addr.type))
3738 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3739 MGMT_STATUS_INVALID_PARAMS,
3740 &cp->addr, sizeof(cp->addr));
3741
3742 hci_dev_lock(hdev);
3743
3744 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3745 if (err < 0)
3746 status = MGMT_STATUS_INVALID_PARAMS;
3747 else
3748 status = MGMT_STATUS_SUCCESS;
3749
3750 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3751 &cp->addr, sizeof(cp->addr));
3752
3753 hci_dev_unlock(hdev);
3754
3755 return err;
3756 }
3757
3758 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3759 u16 len)
3760 {
3761 struct mgmt_cp_set_device_id *cp = data;
3762 struct hci_request req;
3763 int err;
3764 __u16 source;
3765
3766 BT_DBG("%s", hdev->name);
3767
3768 source = __le16_to_cpu(cp->source);
3769
3770 if (source > 0x0002)
3771 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3772 MGMT_STATUS_INVALID_PARAMS);
3773
3774 hci_dev_lock(hdev);
3775
3776 hdev->devid_source = source;
3777 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3778 hdev->devid_product = __le16_to_cpu(cp->product);
3779 hdev->devid_version = __le16_to_cpu(cp->version);
3780
3781 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3782
3783 hci_req_init(&req, hdev);
3784 update_eir(&req);
3785 hci_req_run(&req, NULL);
3786
3787 hci_dev_unlock(hdev);
3788
3789 return err;
3790 }
3791
3792 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3793 {
3794 struct cmd_lookup match = { NULL, hdev };
3795
3796 if (status) {
3797 u8 mgmt_err = mgmt_status(status);
3798
3799 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3800 cmd_status_rsp, &mgmt_err);
3801 return;
3802 }
3803
3804 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3805 &match);
3806
3807 new_settings(hdev, match.sk);
3808
3809 if (match.sk)
3810 sock_put(match.sk);
3811 }
3812
3813 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3814 u16 len)
3815 {
3816 struct mgmt_mode *cp = data;
3817 struct pending_cmd *cmd;
3818 struct hci_request req;
3819 u8 val, enabled, status;
3820 int err;
3821
3822 BT_DBG("request for %s", hdev->name);
3823
3824 status = mgmt_le_support(hdev);
3825 if (status)
3826 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3827 status);
3828
3829 if (cp->val != 0x00 && cp->val != 0x01)
3830 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3831 MGMT_STATUS_INVALID_PARAMS);
3832
3833 hci_dev_lock(hdev);
3834
3835 val = !!cp->val;
3836 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3837
3838 /* The following conditions are ones which mean that we should
3839 * not do any HCI communication but directly send a mgmt
3840 * response to user space (after toggling the flag if
3841 * necessary).
3842 */
3843 if (!hdev_is_powered(hdev) || val == enabled ||
3844 hci_conn_num(hdev, LE_LINK) > 0) {
3845 bool changed = false;
3846
3847 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3848 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3849 changed = true;
3850 }
3851
3852 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3853 if (err < 0)
3854 goto unlock;
3855
3856 if (changed)
3857 err = new_settings(hdev, sk);
3858
3859 goto unlock;
3860 }
3861
3862 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3863 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3865 MGMT_STATUS_BUSY);
3866 goto unlock;
3867 }
3868
3869 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3870 if (!cmd) {
3871 err = -ENOMEM;
3872 goto unlock;
3873 }
3874
3875 hci_req_init(&req, hdev);
3876
3877 if (val)
3878 enable_advertising(&req);
3879 else
3880 disable_advertising(&req);
3881
3882 err = hci_req_run(&req, set_advertising_complete);
3883 if (err < 0)
3884 mgmt_pending_remove(cmd);
3885
3886 unlock:
3887 hci_dev_unlock(hdev);
3888 return err;
3889 }
3890
3891 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3892 void *data, u16 len)
3893 {
3894 struct mgmt_cp_set_static_address *cp = data;
3895 int err;
3896
3897 BT_DBG("%s", hdev->name);
3898
3899 if (!lmp_le_capable(hdev))
3900 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3901 MGMT_STATUS_NOT_SUPPORTED);
3902
3903 if (hdev_is_powered(hdev))
3904 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3905 MGMT_STATUS_REJECTED);
3906
3907 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3908 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3909 return cmd_status(sk, hdev->id,
3910 MGMT_OP_SET_STATIC_ADDRESS,
3911 MGMT_STATUS_INVALID_PARAMS);
3912
3913 /* Two most significant bits shall be set */
3914 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3915 return cmd_status(sk, hdev->id,
3916 MGMT_OP_SET_STATIC_ADDRESS,
3917 MGMT_STATUS_INVALID_PARAMS);
3918 }
3919
3920 hci_dev_lock(hdev);
3921
3922 bacpy(&hdev->static_addr, &cp->bdaddr);
3923
3924 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3925
3926 hci_dev_unlock(hdev);
3927
3928 return err;
3929 }
3930
3931 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3932 void *data, u16 len)
3933 {
3934 struct mgmt_cp_set_scan_params *cp = data;
3935 __u16 interval, window;
3936 int err;
3937
3938 BT_DBG("%s", hdev->name);
3939
3940 if (!lmp_le_capable(hdev))
3941 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3942 MGMT_STATUS_NOT_SUPPORTED);
3943
3944 interval = __le16_to_cpu(cp->interval);
3945
3946 if (interval < 0x0004 || interval > 0x4000)
3947 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3948 MGMT_STATUS_INVALID_PARAMS);
3949
3950 window = __le16_to_cpu(cp->window);
3951
3952 if (window < 0x0004 || window > 0x4000)
3953 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3954 MGMT_STATUS_INVALID_PARAMS);
3955
3956 if (window > interval)
3957 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3958 MGMT_STATUS_INVALID_PARAMS);
3959
3960 hci_dev_lock(hdev);
3961
3962 hdev->le_scan_interval = interval;
3963 hdev->le_scan_window = window;
3964
3965 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3966
3967 /* If background scan is running, restart it so new parameters are
3968 * loaded.
3969 */
3970 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3971 hdev->discovery.state == DISCOVERY_STOPPED) {
3972 struct hci_request req;
3973
3974 hci_req_init(&req, hdev);
3975
3976 hci_req_add_le_scan_disable(&req);
3977 hci_req_add_le_passive_scan(&req);
3978
3979 hci_req_run(&req, NULL);
3980 }
3981
3982 hci_dev_unlock(hdev);
3983
3984 return err;
3985 }
3986
3987 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3988 {
3989 struct pending_cmd *cmd;
3990
3991 BT_DBG("status 0x%02x", status);
3992
3993 hci_dev_lock(hdev);
3994
3995 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3996 if (!cmd)
3997 goto unlock;
3998
3999 if (status) {
4000 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4001 mgmt_status(status));
4002 } else {
4003 struct mgmt_mode *cp = cmd->param;
4004
4005 if (cp->val)
4006 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4007 else
4008 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4009
4010 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4011 new_settings(hdev, cmd->sk);
4012 }
4013
4014 mgmt_pending_remove(cmd);
4015
4016 unlock:
4017 hci_dev_unlock(hdev);
4018 }
4019
4020 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4021 void *data, u16 len)
4022 {
4023 struct mgmt_mode *cp = data;
4024 struct pending_cmd *cmd;
4025 struct hci_request req;
4026 int err;
4027
4028 BT_DBG("%s", hdev->name);
4029
4030 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4031 hdev->hci_ver < BLUETOOTH_VER_1_2)
4032 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4033 MGMT_STATUS_NOT_SUPPORTED);
4034
4035 if (cp->val != 0x00 && cp->val != 0x01)
4036 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4037 MGMT_STATUS_INVALID_PARAMS);
4038
4039 if (!hdev_is_powered(hdev))
4040 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4041 MGMT_STATUS_NOT_POWERED);
4042
4043 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4045 MGMT_STATUS_REJECTED);
4046
4047 hci_dev_lock(hdev);
4048
4049 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4050 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4051 MGMT_STATUS_BUSY);
4052 goto unlock;
4053 }
4054
4055 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4056 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4057 hdev);
4058 goto unlock;
4059 }
4060
4061 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4062 data, len);
4063 if (!cmd) {
4064 err = -ENOMEM;
4065 goto unlock;
4066 }
4067
4068 hci_req_init(&req, hdev);
4069
4070 write_fast_connectable(&req, cp->val);
4071
4072 err = hci_req_run(&req, fast_connectable_complete);
4073 if (err < 0) {
4074 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4075 MGMT_STATUS_FAILED);
4076 mgmt_pending_remove(cmd);
4077 }
4078
4079 unlock:
4080 hci_dev_unlock(hdev);
4081
4082 return err;
4083 }
4084
4085 static void set_bredr_scan(struct hci_request *req)
4086 {
4087 struct hci_dev *hdev = req->hdev;
4088 u8 scan = 0;
4089
4090 /* Ensure that fast connectable is disabled. This function will
4091 * not do anything if the page scan parameters are already what
4092 * they should be.
4093 */
4094 write_fast_connectable(req, false);
4095
4096 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4097 scan |= SCAN_PAGE;
4098 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4099 scan |= SCAN_INQUIRY;
4100
4101 if (scan)
4102 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4103 }
4104
4105 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4106 {
4107 struct pending_cmd *cmd;
4108
4109 BT_DBG("status 0x%02x", status);
4110
4111 hci_dev_lock(hdev);
4112
4113 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4114 if (!cmd)
4115 goto unlock;
4116
4117 if (status) {
4118 u8 mgmt_err = mgmt_status(status);
4119
4120 /* We need to restore the flag if related HCI commands
4121 * failed.
4122 */
4123 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4124
4125 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4126 } else {
4127 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4128 new_settings(hdev, cmd->sk);
4129 }
4130
4131 mgmt_pending_remove(cmd);
4132
4133 unlock:
4134 hci_dev_unlock(hdev);
4135 }
4136
4137 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4138 {
4139 struct mgmt_mode *cp = data;
4140 struct pending_cmd *cmd;
4141 struct hci_request req;
4142 int err;
4143
4144 BT_DBG("request for %s", hdev->name);
4145
4146 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4147 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4148 MGMT_STATUS_NOT_SUPPORTED);
4149
4150 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4151 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4152 MGMT_STATUS_REJECTED);
4153
4154 if (cp->val != 0x00 && cp->val != 0x01)
4155 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4156 MGMT_STATUS_INVALID_PARAMS);
4157
4158 hci_dev_lock(hdev);
4159
4160 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4161 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4162 goto unlock;
4163 }
4164
4165 if (!hdev_is_powered(hdev)) {
4166 if (!cp->val) {
4167 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4168 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4169 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4170 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4171 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4172 }
4173
4174 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4175
4176 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4177 if (err < 0)
4178 goto unlock;
4179
4180 err = new_settings(hdev, sk);
4181 goto unlock;
4182 }
4183
4184 /* Reject disabling when powered on */
4185 if (!cp->val) {
4186 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4187 MGMT_STATUS_REJECTED);
4188 goto unlock;
4189 }
4190
4191 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4192 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4193 MGMT_STATUS_BUSY);
4194 goto unlock;
4195 }
4196
4197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4198 if (!cmd) {
4199 err = -ENOMEM;
4200 goto unlock;
4201 }
4202
4203 /* We need to flip the bit already here so that update_adv_data
4204 * generates the correct flags.
4205 */
4206 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4207
4208 hci_req_init(&req, hdev);
4209
4210 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4211 set_bredr_scan(&req);
4212
4213 /* Since only the advertising data flags will change, there
4214 * is no need to update the scan response data.
4215 */
4216 update_adv_data(&req);
4217
4218 err = hci_req_run(&req, set_bredr_complete);
4219 if (err < 0)
4220 mgmt_pending_remove(cmd);
4221
4222 unlock:
4223 hci_dev_unlock(hdev);
4224 return err;
4225 }
4226
4227 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4228 void *data, u16 len)
4229 {
4230 struct mgmt_mode *cp = data;
4231 struct pending_cmd *cmd;
4232 u8 val, status;
4233 int err;
4234
4235 BT_DBG("request for %s", hdev->name);
4236
4237 status = mgmt_bredr_support(hdev);
4238 if (status)
4239 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4240 status);
4241
4242 if (!lmp_sc_capable(hdev) &&
4243 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4244 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4245 MGMT_STATUS_NOT_SUPPORTED);
4246
4247 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4249 MGMT_STATUS_INVALID_PARAMS);
4250
4251 hci_dev_lock(hdev);
4252
4253 if (!hdev_is_powered(hdev)) {
4254 bool changed;
4255
4256 if (cp->val) {
4257 changed = !test_and_set_bit(HCI_SC_ENABLED,
4258 &hdev->dev_flags);
4259 if (cp->val == 0x02)
4260 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4261 else
4262 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4263 } else {
4264 changed = test_and_clear_bit(HCI_SC_ENABLED,
4265 &hdev->dev_flags);
4266 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 }
4268
4269 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4270 if (err < 0)
4271 goto failed;
4272
4273 if (changed)
4274 err = new_settings(hdev, sk);
4275
4276 goto failed;
4277 }
4278
4279 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4280 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4281 MGMT_STATUS_BUSY);
4282 goto failed;
4283 }
4284
4285 val = !!cp->val;
4286
4287 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4288 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4289 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4290 goto failed;
4291 }
4292
4293 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4294 if (!cmd) {
4295 err = -ENOMEM;
4296 goto failed;
4297 }
4298
4299 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4300 if (err < 0) {
4301 mgmt_pending_remove(cmd);
4302 goto failed;
4303 }
4304
4305 if (cp->val == 0x02)
4306 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4307 else
4308 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4309
4310 failed:
4311 hci_dev_unlock(hdev);
4312 return err;
4313 }
4314
4315 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4316 void *data, u16 len)
4317 {
4318 struct mgmt_mode *cp = data;
4319 bool changed;
4320 int err;
4321
4322 BT_DBG("request for %s", hdev->name);
4323
4324 if (cp->val != 0x00 && cp->val != 0x01)
4325 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4326 MGMT_STATUS_INVALID_PARAMS);
4327
4328 hci_dev_lock(hdev);
4329
4330 if (cp->val)
4331 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4332 else
4333 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4334
4335 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4336 if (err < 0)
4337 goto unlock;
4338
4339 if (changed)
4340 err = new_settings(hdev, sk);
4341
4342 unlock:
4343 hci_dev_unlock(hdev);
4344 return err;
4345 }
4346
4347 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4348 u16 len)
4349 {
4350 struct mgmt_cp_set_privacy *cp = cp_data;
4351 bool changed;
4352 int err;
4353
4354 BT_DBG("request for %s", hdev->name);
4355
4356 if (!lmp_le_capable(hdev))
4357 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4358 MGMT_STATUS_NOT_SUPPORTED);
4359
4360 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4361 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4362 MGMT_STATUS_INVALID_PARAMS);
4363
4364 if (hdev_is_powered(hdev))
4365 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4366 MGMT_STATUS_REJECTED);
4367
4368 hci_dev_lock(hdev);
4369
4370 /* If user space supports this command it is also expected to
4371 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4372 */
4373 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4374
4375 if (cp->privacy) {
4376 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4377 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4378 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4379 } else {
4380 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4381 memset(hdev->irk, 0, sizeof(hdev->irk));
4382 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 }
4384
4385 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4386 if (err < 0)
4387 goto unlock;
4388
4389 if (changed)
4390 err = new_settings(hdev, sk);
4391
4392 unlock:
4393 hci_dev_unlock(hdev);
4394 return err;
4395 }
4396
4397 static bool irk_is_valid(struct mgmt_irk_info *irk)
4398 {
4399 switch (irk->addr.type) {
4400 case BDADDR_LE_PUBLIC:
4401 return true;
4402
4403 case BDADDR_LE_RANDOM:
4404 /* Two most significant bits shall be set */
4405 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4406 return false;
4407 return true;
4408 }
4409
4410 return false;
4411 }
4412
4413 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4414 u16 len)
4415 {
4416 struct mgmt_cp_load_irks *cp = cp_data;
4417 u16 irk_count, expected_len;
4418 int i, err;
4419
4420 BT_DBG("request for %s", hdev->name);
4421
4422 if (!lmp_le_capable(hdev))
4423 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4424 MGMT_STATUS_NOT_SUPPORTED);
4425
4426 irk_count = __le16_to_cpu(cp->irk_count);
4427
4428 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4429 if (expected_len != len) {
4430 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4431 expected_len, len);
4432 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4433 MGMT_STATUS_INVALID_PARAMS);
4434 }
4435
4436 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4437
4438 for (i = 0; i < irk_count; i++) {
4439 struct mgmt_irk_info *key = &cp->irks[i];
4440
4441 if (!irk_is_valid(key))
4442 return cmd_status(sk, hdev->id,
4443 MGMT_OP_LOAD_IRKS,
4444 MGMT_STATUS_INVALID_PARAMS);
4445 }
4446
4447 hci_dev_lock(hdev);
4448
4449 hci_smp_irks_clear(hdev);
4450
4451 for (i = 0; i < irk_count; i++) {
4452 struct mgmt_irk_info *irk = &cp->irks[i];
4453 u8 addr_type;
4454
4455 if (irk->addr.type == BDADDR_LE_PUBLIC)
4456 addr_type = ADDR_LE_DEV_PUBLIC;
4457 else
4458 addr_type = ADDR_LE_DEV_RANDOM;
4459
4460 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4461 BDADDR_ANY);
4462 }
4463
4464 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4465
4466 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4467
4468 hci_dev_unlock(hdev);
4469
4470 return err;
4471 }
4472
4473 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4474 {
4475 if (key->master != 0x00 && key->master != 0x01)
4476 return false;
4477
4478 switch (key->addr.type) {
4479 case BDADDR_LE_PUBLIC:
4480 return true;
4481
4482 case BDADDR_LE_RANDOM:
4483 /* Two most significant bits shall be set */
4484 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4485 return false;
4486 return true;
4487 }
4488
4489 return false;
4490 }
4491
4492 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4493 void *cp_data, u16 len)
4494 {
4495 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4496 u16 key_count, expected_len;
4497 int i, err;
4498
4499 BT_DBG("request for %s", hdev->name);
4500
4501 if (!lmp_le_capable(hdev))
4502 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4503 MGMT_STATUS_NOT_SUPPORTED);
4504
4505 key_count = __le16_to_cpu(cp->key_count);
4506
4507 expected_len = sizeof(*cp) + key_count *
4508 sizeof(struct mgmt_ltk_info);
4509 if (expected_len != len) {
4510 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4511 expected_len, len);
4512 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4513 MGMT_STATUS_INVALID_PARAMS);
4514 }
4515
4516 BT_DBG("%s key_count %u", hdev->name, key_count);
4517
4518 for (i = 0; i < key_count; i++) {
4519 struct mgmt_ltk_info *key = &cp->keys[i];
4520
4521 if (!ltk_is_valid(key))
4522 return cmd_status(sk, hdev->id,
4523 MGMT_OP_LOAD_LONG_TERM_KEYS,
4524 MGMT_STATUS_INVALID_PARAMS);
4525 }
4526
4527 hci_dev_lock(hdev);
4528
4529 hci_smp_ltks_clear(hdev);
4530
4531 for (i = 0; i < key_count; i++) {
4532 struct mgmt_ltk_info *key = &cp->keys[i];
4533 u8 type, addr_type;
4534
4535 if (key->addr.type == BDADDR_LE_PUBLIC)
4536 addr_type = ADDR_LE_DEV_PUBLIC;
4537 else
4538 addr_type = ADDR_LE_DEV_RANDOM;
4539
4540 if (key->master)
4541 type = HCI_SMP_LTK;
4542 else
4543 type = HCI_SMP_LTK_SLAVE;
4544
4545 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4546 key->type, key->val, key->enc_size, key->ediv,
4547 key->rand);
4548 }
4549
4550 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4551 NULL, 0);
4552
4553 hci_dev_unlock(hdev);
4554
4555 return err;
4556 }
4557
4558 static const struct mgmt_handler {
4559 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4560 u16 data_len);
4561 bool var_len;
4562 size_t data_len;
4563 } mgmt_handlers[] = {
4564 { NULL }, /* 0x0000 (no command) */
4565 { read_version, false, MGMT_READ_VERSION_SIZE },
4566 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4567 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4568 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4569 { set_powered, false, MGMT_SETTING_SIZE },
4570 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4571 { set_connectable, false, MGMT_SETTING_SIZE },
4572 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4573 { set_pairable, false, MGMT_SETTING_SIZE },
4574 { set_link_security, false, MGMT_SETTING_SIZE },
4575 { set_ssp, false, MGMT_SETTING_SIZE },
4576 { set_hs, false, MGMT_SETTING_SIZE },
4577 { set_le, false, MGMT_SETTING_SIZE },
4578 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4579 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4580 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4581 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4582 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4583 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4584 { disconnect, false, MGMT_DISCONNECT_SIZE },
4585 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4586 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4587 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4588 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4589 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4590 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4591 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4592 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4593 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4594 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4595 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4596 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4597 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4598 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4599 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4600 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4601 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4602 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4603 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4604 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4605 { set_advertising, false, MGMT_SETTING_SIZE },
4606 { set_bredr, false, MGMT_SETTING_SIZE },
4607 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4608 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4609 { set_secure_conn, false, MGMT_SETTING_SIZE },
4610 { set_debug_keys, false, MGMT_SETTING_SIZE },
4611 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4612 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4613 };
4614
4615
4616 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4617 {
4618 void *buf;
4619 u8 *cp;
4620 struct mgmt_hdr *hdr;
4621 u16 opcode, index, len;
4622 struct hci_dev *hdev = NULL;
4623 const struct mgmt_handler *handler;
4624 int err;
4625
4626 BT_DBG("got %zu bytes", msglen);
4627
4628 if (msglen < sizeof(*hdr))
4629 return -EINVAL;
4630
4631 buf = kmalloc(msglen, GFP_KERNEL);
4632 if (!buf)
4633 return -ENOMEM;
4634
4635 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4636 err = -EFAULT;
4637 goto done;
4638 }
4639
4640 hdr = buf;
4641 opcode = __le16_to_cpu(hdr->opcode);
4642 index = __le16_to_cpu(hdr->index);
4643 len = __le16_to_cpu(hdr->len);
4644
4645 if (len != msglen - sizeof(*hdr)) {
4646 err = -EINVAL;
4647 goto done;
4648 }
4649
4650 if (index != MGMT_INDEX_NONE) {
4651 hdev = hci_dev_get(index);
4652 if (!hdev) {
4653 err = cmd_status(sk, index, opcode,
4654 MGMT_STATUS_INVALID_INDEX);
4655 goto done;
4656 }
4657
4658 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4659 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4660 err = cmd_status(sk, index, opcode,
4661 MGMT_STATUS_INVALID_INDEX);
4662 goto done;
4663 }
4664 }
4665
4666 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4667 mgmt_handlers[opcode].func == NULL) {
4668 BT_DBG("Unknown op %u", opcode);
4669 err = cmd_status(sk, index, opcode,
4670 MGMT_STATUS_UNKNOWN_COMMAND);
4671 goto done;
4672 }
4673
4674 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4675 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4676 err = cmd_status(sk, index, opcode,
4677 MGMT_STATUS_INVALID_INDEX);
4678 goto done;
4679 }
4680
4681 handler = &mgmt_handlers[opcode];
4682
4683 if ((handler->var_len && len < handler->data_len) ||
4684 (!handler->var_len && len != handler->data_len)) {
4685 err = cmd_status(sk, index, opcode,
4686 MGMT_STATUS_INVALID_PARAMS);
4687 goto done;
4688 }
4689
4690 if (hdev)
4691 mgmt_init_hdev(sk, hdev);
4692
4693 cp = buf + sizeof(*hdr);
4694
4695 err = handler->func(sk, hdev, cp, len);
4696 if (err < 0)
4697 goto done;
4698
4699 err = msglen;
4700
4701 done:
4702 if (hdev)
4703 hci_dev_put(hdev);
4704
4705 kfree(buf);
4706 return err;
4707 }
4708
4709 void mgmt_index_added(struct hci_dev *hdev)
4710 {
4711 if (hdev->dev_type != HCI_BREDR)
4712 return;
4713
4714 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4715 }
4716
4717 void mgmt_index_removed(struct hci_dev *hdev)
4718 {
4719 u8 status = MGMT_STATUS_INVALID_INDEX;
4720
4721 if (hdev->dev_type != HCI_BREDR)
4722 return;
4723
4724 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4725
4726 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4727 }
4728
4729 /* This function requires the caller holds hdev->lock */
4730 static void restart_le_auto_conns(struct hci_dev *hdev)
4731 {
4732 struct hci_conn_params *p;
4733
4734 list_for_each_entry(p, &hdev->le_conn_params, list) {
4735 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4736 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4737 }
4738 }
4739
4740 static void powered_complete(struct hci_dev *hdev, u8 status)
4741 {
4742 struct cmd_lookup match = { NULL, hdev };
4743
4744 BT_DBG("status 0x%02x", status);
4745
4746 hci_dev_lock(hdev);
4747
4748 restart_le_auto_conns(hdev);
4749
4750 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4751
4752 new_settings(hdev, match.sk);
4753
4754 hci_dev_unlock(hdev);
4755
4756 if (match.sk)
4757 sock_put(match.sk);
4758 }
4759
4760 static int powered_update_hci(struct hci_dev *hdev)
4761 {
4762 struct hci_request req;
4763 u8 link_sec;
4764
4765 hci_req_init(&req, hdev);
4766
4767 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4768 !lmp_host_ssp_capable(hdev)) {
4769 u8 ssp = 1;
4770
4771 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4772 }
4773
4774 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4775 lmp_bredr_capable(hdev)) {
4776 struct hci_cp_write_le_host_supported cp;
4777
4778 cp.le = 1;
4779 cp.simul = lmp_le_br_capable(hdev);
4780
4781 /* Check first if we already have the right
4782 * host state (host features set)
4783 */
4784 if (cp.le != lmp_host_le_capable(hdev) ||
4785 cp.simul != lmp_host_le_br_capable(hdev))
4786 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4787 sizeof(cp), &cp);
4788 }
4789
4790 if (lmp_le_capable(hdev)) {
4791 /* Make sure the controller has a good default for
4792 * advertising data. This also applies to the case
4793 * where BR/EDR was toggled during the AUTO_OFF phase.
4794 */
4795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4796 update_adv_data(&req);
4797 update_scan_rsp_data(&req);
4798 }
4799
4800 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4801 enable_advertising(&req);
4802 }
4803
4804 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4805 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4806 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4807 sizeof(link_sec), &link_sec);
4808
4809 if (lmp_bredr_capable(hdev)) {
4810 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4811 set_bredr_scan(&req);
4812 update_class(&req);
4813 update_name(&req);
4814 update_eir(&req);
4815 }
4816
4817 return hci_req_run(&req, powered_complete);
4818 }
4819
4820 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4821 {
4822 struct cmd_lookup match = { NULL, hdev };
4823 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4824 u8 zero_cod[] = { 0, 0, 0 };
4825 int err;
4826
4827 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4828 return 0;
4829
4830 if (powered) {
4831 if (powered_update_hci(hdev) == 0)
4832 return 0;
4833
4834 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4835 &match);
4836 goto new_settings;
4837 }
4838
4839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4840 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4841
4842 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4843 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4844 zero_cod, sizeof(zero_cod), NULL);
4845
4846 new_settings:
4847 err = new_settings(hdev, match.sk);
4848
4849 if (match.sk)
4850 sock_put(match.sk);
4851
4852 return err;
4853 }
4854
4855 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4856 {
4857 struct pending_cmd *cmd;
4858 u8 status;
4859
4860 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4861 if (!cmd)
4862 return;
4863
4864 if (err == -ERFKILL)
4865 status = MGMT_STATUS_RFKILLED;
4866 else
4867 status = MGMT_STATUS_FAILED;
4868
4869 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4870
4871 mgmt_pending_remove(cmd);
4872 }
4873
4874 void mgmt_discoverable_timeout(struct hci_dev *hdev)
4875 {
4876 struct hci_request req;
4877
4878 hci_dev_lock(hdev);
4879
4880 /* When discoverable timeout triggers, then just make sure
4881 * the limited discoverable flag is cleared. Even in the case
4882 * of a timeout triggered from general discoverable, it is
4883 * safe to unconditionally clear the flag.
4884 */
4885 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4886 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4887
4888 hci_req_init(&req, hdev);
4889 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4890 u8 scan = SCAN_PAGE;
4891 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4892 sizeof(scan), &scan);
4893 }
4894 update_class(&req);
4895 update_adv_data(&req);
4896 hci_req_run(&req, NULL);
4897
4898 hdev->discov_timeout = 0;
4899
4900 new_settings(hdev, NULL);
4901
4902 hci_dev_unlock(hdev);
4903 }
4904
4905 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4906 {
4907 bool changed;
4908
4909 /* Nothing needed here if there's a pending command since that
4910 * commands request completion callback takes care of everything
4911 * necessary.
4912 */
4913 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4914 return;
4915
4916 /* Powering off may clear the scan mode - don't let that interfere */
4917 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4918 return;
4919
4920 if (discoverable) {
4921 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4922 } else {
4923 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4924 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4925 }
4926
4927 if (changed) {
4928 struct hci_request req;
4929
4930 /* In case this change in discoverable was triggered by
4931 * a disabling of connectable there could be a need to
4932 * update the advertising flags.
4933 */
4934 hci_req_init(&req, hdev);
4935 update_adv_data(&req);
4936 hci_req_run(&req, NULL);
4937
4938 new_settings(hdev, NULL);
4939 }
4940 }
4941
4942 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4943 {
4944 bool changed;
4945
4946 /* Nothing needed here if there's a pending command since that
4947 * commands request completion callback takes care of everything
4948 * necessary.
4949 */
4950 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4951 return;
4952
4953 /* Powering off may clear the scan mode - don't let that interfere */
4954 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4955 return;
4956
4957 if (connectable)
4958 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4959 else
4960 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4961
4962 if (changed)
4963 new_settings(hdev, NULL);
4964 }
4965
4966 void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4967 {
4968 /* Powering off may stop advertising - don't let that interfere */
4969 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4970 return;
4971
4972 if (advertising)
4973 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4974 else
4975 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4976 }
4977
4978 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4979 {
4980 u8 mgmt_err = mgmt_status(status);
4981
4982 if (scan & SCAN_PAGE)
4983 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4984 cmd_status_rsp, &mgmt_err);
4985
4986 if (scan & SCAN_INQUIRY)
4987 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4988 cmd_status_rsp, &mgmt_err);
4989 }
4990
4991 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4992 bool persistent)
4993 {
4994 struct mgmt_ev_new_link_key ev;
4995
4996 memset(&ev, 0, sizeof(ev));
4997
4998 ev.store_hint = persistent;
4999 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5000 ev.key.addr.type = BDADDR_BREDR;
5001 ev.key.type = key->type;
5002 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
5003 ev.key.pin_len = key->pin_len;
5004
5005 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
5006 }
5007
5008 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
5009 {
5010 struct mgmt_ev_new_long_term_key ev;
5011
5012 memset(&ev, 0, sizeof(ev));
5013
5014 /* Devices using resolvable or non-resolvable random addresses
5015 * without providing an indentity resolving key don't require
5016 * to store long term keys. Their addresses will change the
5017 * next time around.
5018 *
5019 * Only when a remote device provides an identity address
5020 * make sure the long term key is stored. If the remote
5021 * identity is known, the long term keys are internally
5022 * mapped to the identity address. So allow static random
5023 * and public addresses here.
5024 */
5025 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5026 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5027 ev.store_hint = 0x00;
5028 else
5029 ev.store_hint = persistent;
5030
5031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5032 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
5033 ev.key.type = key->authenticated;
5034 ev.key.enc_size = key->enc_size;
5035 ev.key.ediv = key->ediv;
5036 ev.key.rand = key->rand;
5037
5038 if (key->type == HCI_SMP_LTK)
5039 ev.key.master = 1;
5040
5041 memcpy(ev.key.val, key->val, sizeof(key->val));
5042
5043 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
5044 }
5045
5046 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5047 {
5048 struct mgmt_ev_new_irk ev;
5049
5050 memset(&ev, 0, sizeof(ev));
5051
5052 /* For identity resolving keys from devices that are already
5053 * using a public address or static random address, do not
5054 * ask for storing this key. The identity resolving key really
5055 * is only mandatory for devices using resovlable random
5056 * addresses.
5057 *
5058 * Storing all identity resolving keys has the downside that
5059 * they will be also loaded on next boot of they system. More
5060 * identity resolving keys, means more time during scanning is
5061 * needed to actually resolve these addresses.
5062 */
5063 if (bacmp(&irk->rpa, BDADDR_ANY))
5064 ev.store_hint = 0x01;
5065 else
5066 ev.store_hint = 0x00;
5067
5068 bacpy(&ev.rpa, &irk->rpa);
5069 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5070 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5071 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5072
5073 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5074 }
5075
5076 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5077 bool persistent)
5078 {
5079 struct mgmt_ev_new_csrk ev;
5080
5081 memset(&ev, 0, sizeof(ev));
5082
5083 /* Devices using resolvable or non-resolvable random addresses
5084 * without providing an indentity resolving key don't require
5085 * to store signature resolving keys. Their addresses will change
5086 * the next time around.
5087 *
5088 * Only when a remote device provides an identity address
5089 * make sure the signature resolving key is stored. So allow
5090 * static random and public addresses here.
5091 */
5092 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5093 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5094 ev.store_hint = 0x00;
5095 else
5096 ev.store_hint = persistent;
5097
5098 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5099 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5100 ev.key.master = csrk->master;
5101 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5102
5103 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5104 }
5105
5106 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5107 u8 data_len)
5108 {
5109 eir[eir_len++] = sizeof(type) + data_len;
5110 eir[eir_len++] = type;
5111 memcpy(&eir[eir_len], data, data_len);
5112 eir_len += data_len;
5113
5114 return eir_len;
5115 }
5116
5117 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5118 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5119 u8 *dev_class)
5120 {
5121 char buf[512];
5122 struct mgmt_ev_device_connected *ev = (void *) buf;
5123 u16 eir_len = 0;
5124
5125 bacpy(&ev->addr.bdaddr, bdaddr);
5126 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5127
5128 ev->flags = __cpu_to_le32(flags);
5129
5130 if (name_len > 0)
5131 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
5132 name, name_len);
5133
5134 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
5135 eir_len = eir_append_data(ev->eir, eir_len,
5136 EIR_CLASS_OF_DEV, dev_class, 3);
5137
5138 ev->eir_len = cpu_to_le16(eir_len);
5139
5140 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5141 sizeof(*ev) + eir_len, NULL);
5142 }
5143
5144 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5145 {
5146 struct mgmt_cp_disconnect *cp = cmd->param;
5147 struct sock **sk = data;
5148 struct mgmt_rp_disconnect rp;
5149
5150 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5151 rp.addr.type = cp->addr.type;
5152
5153 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
5154 sizeof(rp));
5155
5156 *sk = cmd->sk;
5157 sock_hold(*sk);
5158
5159 mgmt_pending_remove(cmd);
5160 }
5161
5162 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
5163 {
5164 struct hci_dev *hdev = data;
5165 struct mgmt_cp_unpair_device *cp = cmd->param;
5166 struct mgmt_rp_unpair_device rp;
5167
5168 memset(&rp, 0, sizeof(rp));
5169 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5170 rp.addr.type = cp->addr.type;
5171
5172 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5173
5174 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
5175
5176 mgmt_pending_remove(cmd);
5177 }
5178
5179 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5180 u8 link_type, u8 addr_type, u8 reason,
5181 bool mgmt_connected)
5182 {
5183 struct mgmt_ev_device_disconnected ev;
5184 struct pending_cmd *power_off;
5185 struct sock *sk = NULL;
5186
5187 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5188 if (power_off) {
5189 struct mgmt_mode *cp = power_off->param;
5190
5191 /* The connection is still in hci_conn_hash so test for 1
5192 * instead of 0 to know if this is the last one.
5193 */
5194 if (!cp->val && hci_conn_count(hdev) == 1) {
5195 cancel_delayed_work(&hdev->power_off);
5196 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5197 }
5198 }
5199
5200 if (!mgmt_connected)
5201 return;
5202
5203 if (link_type != ACL_LINK && link_type != LE_LINK)
5204 return;
5205
5206 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
5207
5208 bacpy(&ev.addr.bdaddr, bdaddr);
5209 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5210 ev.reason = reason;
5211
5212 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
5213
5214 if (sk)
5215 sock_put(sk);
5216
5217 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5218 hdev);
5219 }
5220
5221 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5222 u8 link_type, u8 addr_type, u8 status)
5223 {
5224 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5225 struct mgmt_cp_disconnect *cp;
5226 struct mgmt_rp_disconnect rp;
5227 struct pending_cmd *cmd;
5228
5229 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5230 hdev);
5231
5232 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
5233 if (!cmd)
5234 return;
5235
5236 cp = cmd->param;
5237
5238 if (bacmp(bdaddr, &cp->addr.bdaddr))
5239 return;
5240
5241 if (cp->addr.type != bdaddr_type)
5242 return;
5243
5244 bacpy(&rp.addr.bdaddr, bdaddr);
5245 rp.addr.type = bdaddr_type;
5246
5247 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5248 mgmt_status(status), &rp, sizeof(rp));
5249
5250 mgmt_pending_remove(cmd);
5251 }
5252
5253 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5254 u8 addr_type, u8 status)
5255 {
5256 struct mgmt_ev_connect_failed ev;
5257 struct pending_cmd *power_off;
5258
5259 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5260 if (power_off) {
5261 struct mgmt_mode *cp = power_off->param;
5262
5263 /* The connection is still in hci_conn_hash so test for 1
5264 * instead of 0 to know if this is the last one.
5265 */
5266 if (!cp->val && hci_conn_count(hdev) == 1) {
5267 cancel_delayed_work(&hdev->power_off);
5268 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5269 }
5270 }
5271
5272 bacpy(&ev.addr.bdaddr, bdaddr);
5273 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5274 ev.status = mgmt_status(status);
5275
5276 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
5277 }
5278
5279 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
5280 {
5281 struct mgmt_ev_pin_code_request ev;
5282
5283 bacpy(&ev.addr.bdaddr, bdaddr);
5284 ev.addr.type = BDADDR_BREDR;
5285 ev.secure = secure;
5286
5287 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
5288 }
5289
5290 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5291 u8 status)
5292 {
5293 struct pending_cmd *cmd;
5294 struct mgmt_rp_pin_code_reply rp;
5295
5296 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
5297 if (!cmd)
5298 return;
5299
5300 bacpy(&rp.addr.bdaddr, bdaddr);
5301 rp.addr.type = BDADDR_BREDR;
5302
5303 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5304 mgmt_status(status), &rp, sizeof(rp));
5305
5306 mgmt_pending_remove(cmd);
5307 }
5308
5309 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5310 u8 status)
5311 {
5312 struct pending_cmd *cmd;
5313 struct mgmt_rp_pin_code_reply rp;
5314
5315 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
5316 if (!cmd)
5317 return;
5318
5319 bacpy(&rp.addr.bdaddr, bdaddr);
5320 rp.addr.type = BDADDR_BREDR;
5321
5322 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5323 mgmt_status(status), &rp, sizeof(rp));
5324
5325 mgmt_pending_remove(cmd);
5326 }
5327
5328 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5329 u8 link_type, u8 addr_type, u32 value,
5330 u8 confirm_hint)
5331 {
5332 struct mgmt_ev_user_confirm_request ev;
5333
5334 BT_DBG("%s", hdev->name);
5335
5336 bacpy(&ev.addr.bdaddr, bdaddr);
5337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5338 ev.confirm_hint = confirm_hint;
5339 ev.value = cpu_to_le32(value);
5340
5341 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
5342 NULL);
5343 }
5344
5345 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5346 u8 link_type, u8 addr_type)
5347 {
5348 struct mgmt_ev_user_passkey_request ev;
5349
5350 BT_DBG("%s", hdev->name);
5351
5352 bacpy(&ev.addr.bdaddr, bdaddr);
5353 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5354
5355 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5356 NULL);
5357 }
5358
5359 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5360 u8 link_type, u8 addr_type, u8 status,
5361 u8 opcode)
5362 {
5363 struct pending_cmd *cmd;
5364 struct mgmt_rp_user_confirm_reply rp;
5365 int err;
5366
5367 cmd = mgmt_pending_find(opcode, hdev);
5368 if (!cmd)
5369 return -ENOENT;
5370
5371 bacpy(&rp.addr.bdaddr, bdaddr);
5372 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5373 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5374 &rp, sizeof(rp));
5375
5376 mgmt_pending_remove(cmd);
5377
5378 return err;
5379 }
5380
5381 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5382 u8 link_type, u8 addr_type, u8 status)
5383 {
5384 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5385 status, MGMT_OP_USER_CONFIRM_REPLY);
5386 }
5387
5388 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5389 u8 link_type, u8 addr_type, u8 status)
5390 {
5391 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5392 status,
5393 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5394 }
5395
5396 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5397 u8 link_type, u8 addr_type, u8 status)
5398 {
5399 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5400 status, MGMT_OP_USER_PASSKEY_REPLY);
5401 }
5402
5403 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5404 u8 link_type, u8 addr_type, u8 status)
5405 {
5406 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5407 status,
5408 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5409 }
5410
5411 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5412 u8 link_type, u8 addr_type, u32 passkey,
5413 u8 entered)
5414 {
5415 struct mgmt_ev_passkey_notify ev;
5416
5417 BT_DBG("%s", hdev->name);
5418
5419 bacpy(&ev.addr.bdaddr, bdaddr);
5420 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5421 ev.passkey = __cpu_to_le32(passkey);
5422 ev.entered = entered;
5423
5424 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5425 }
5426
5427 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5428 u8 addr_type, u8 status)
5429 {
5430 struct mgmt_ev_auth_failed ev;
5431
5432 bacpy(&ev.addr.bdaddr, bdaddr);
5433 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5434 ev.status = mgmt_status(status);
5435
5436 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5437 }
5438
5439 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5440 {
5441 struct cmd_lookup match = { NULL, hdev };
5442 bool changed;
5443
5444 if (status) {
5445 u8 mgmt_err = mgmt_status(status);
5446 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5447 cmd_status_rsp, &mgmt_err);
5448 return;
5449 }
5450
5451 if (test_bit(HCI_AUTH, &hdev->flags))
5452 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5453 &hdev->dev_flags);
5454 else
5455 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5456 &hdev->dev_flags);
5457
5458 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5459 &match);
5460
5461 if (changed)
5462 new_settings(hdev, match.sk);
5463
5464 if (match.sk)
5465 sock_put(match.sk);
5466 }
5467
5468 static void clear_eir(struct hci_request *req)
5469 {
5470 struct hci_dev *hdev = req->hdev;
5471 struct hci_cp_write_eir cp;
5472
5473 if (!lmp_ext_inq_capable(hdev))
5474 return;
5475
5476 memset(hdev->eir, 0, sizeof(hdev->eir));
5477
5478 memset(&cp, 0, sizeof(cp));
5479
5480 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5481 }
5482
5483 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5484 {
5485 struct cmd_lookup match = { NULL, hdev };
5486 struct hci_request req;
5487 bool changed = false;
5488
5489 if (status) {
5490 u8 mgmt_err = mgmt_status(status);
5491
5492 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5493 &hdev->dev_flags)) {
5494 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5495 new_settings(hdev, NULL);
5496 }
5497
5498 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5499 &mgmt_err);
5500 return;
5501 }
5502
5503 if (enable) {
5504 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5505 } else {
5506 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5507 if (!changed)
5508 changed = test_and_clear_bit(HCI_HS_ENABLED,
5509 &hdev->dev_flags);
5510 else
5511 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5512 }
5513
5514 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5515
5516 if (changed)
5517 new_settings(hdev, match.sk);
5518
5519 if (match.sk)
5520 sock_put(match.sk);
5521
5522 hci_req_init(&req, hdev);
5523
5524 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5525 update_eir(&req);
5526 else
5527 clear_eir(&req);
5528
5529 hci_req_run(&req, NULL);
5530 }
5531
5532 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5533 {
5534 struct cmd_lookup match = { NULL, hdev };
5535 bool changed = false;
5536
5537 if (status) {
5538 u8 mgmt_err = mgmt_status(status);
5539
5540 if (enable) {
5541 if (test_and_clear_bit(HCI_SC_ENABLED,
5542 &hdev->dev_flags))
5543 new_settings(hdev, NULL);
5544 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5545 }
5546
5547 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5548 cmd_status_rsp, &mgmt_err);
5549 return;
5550 }
5551
5552 if (enable) {
5553 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5554 } else {
5555 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5556 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5557 }
5558
5559 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5560 settings_rsp, &match);
5561
5562 if (changed)
5563 new_settings(hdev, match.sk);
5564
5565 if (match.sk)
5566 sock_put(match.sk);
5567 }
5568
5569 static void sk_lookup(struct pending_cmd *cmd, void *data)
5570 {
5571 struct cmd_lookup *match = data;
5572
5573 if (match->sk == NULL) {
5574 match->sk = cmd->sk;
5575 sock_hold(match->sk);
5576 }
5577 }
5578
5579 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5580 u8 status)
5581 {
5582 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5583
5584 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5585 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5586 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5587
5588 if (!status)
5589 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5590 NULL);
5591
5592 if (match.sk)
5593 sock_put(match.sk);
5594 }
5595
5596 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5597 {
5598 struct mgmt_cp_set_local_name ev;
5599 struct pending_cmd *cmd;
5600
5601 if (status)
5602 return;
5603
5604 memset(&ev, 0, sizeof(ev));
5605 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5606 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5607
5608 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5609 if (!cmd) {
5610 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5611
5612 /* If this is a HCI command related to powering on the
5613 * HCI dev don't send any mgmt signals.
5614 */
5615 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5616 return;
5617 }
5618
5619 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5620 cmd ? cmd->sk : NULL);
5621 }
5622
5623 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5624 u8 *randomizer192, u8 *hash256,
5625 u8 *randomizer256, u8 status)
5626 {
5627 struct pending_cmd *cmd;
5628
5629 BT_DBG("%s status %u", hdev->name, status);
5630
5631 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5632 if (!cmd)
5633 return;
5634
5635 if (status) {
5636 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5637 mgmt_status(status));
5638 } else {
5639 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5640 hash256 && randomizer256) {
5641 struct mgmt_rp_read_local_oob_ext_data rp;
5642
5643 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5644 memcpy(rp.randomizer192, randomizer192,
5645 sizeof(rp.randomizer192));
5646
5647 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5648 memcpy(rp.randomizer256, randomizer256,
5649 sizeof(rp.randomizer256));
5650
5651 cmd_complete(cmd->sk, hdev->id,
5652 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5653 &rp, sizeof(rp));
5654 } else {
5655 struct mgmt_rp_read_local_oob_data rp;
5656
5657 memcpy(rp.hash, hash192, sizeof(rp.hash));
5658 memcpy(rp.randomizer, randomizer192,
5659 sizeof(rp.randomizer));
5660
5661 cmd_complete(cmd->sk, hdev->id,
5662 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5663 &rp, sizeof(rp));
5664 }
5665 }
5666
5667 mgmt_pending_remove(cmd);
5668 }
5669
5670 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5671 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5672 ssp, u8 *eir, u16 eir_len)
5673 {
5674 char buf[512];
5675 struct mgmt_ev_device_found *ev = (void *) buf;
5676 struct smp_irk *irk;
5677 size_t ev_size;
5678
5679 if (!hci_discovery_active(hdev))
5680 return;
5681
5682 /* Leave 5 bytes for a potential CoD field */
5683 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
5684 return;
5685
5686 memset(buf, 0, sizeof(buf));
5687
5688 irk = hci_get_irk(hdev, bdaddr, addr_type);
5689 if (irk) {
5690 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5691 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5692 } else {
5693 bacpy(&ev->addr.bdaddr, bdaddr);
5694 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5695 }
5696
5697 ev->rssi = rssi;
5698 if (cfm_name)
5699 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5700 if (!ssp)
5701 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5702
5703 if (eir_len > 0)
5704 memcpy(ev->eir, eir, eir_len);
5705
5706 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5707 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5708 dev_class, 3);
5709
5710 ev->eir_len = cpu_to_le16(eir_len);
5711 ev_size = sizeof(*ev) + eir_len;
5712
5713 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5714 }
5715
5716 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5717 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5718 {
5719 struct mgmt_ev_device_found *ev;
5720 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5721 u16 eir_len;
5722
5723 ev = (struct mgmt_ev_device_found *) buf;
5724
5725 memset(buf, 0, sizeof(buf));
5726
5727 bacpy(&ev->addr.bdaddr, bdaddr);
5728 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5729 ev->rssi = rssi;
5730
5731 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5732 name_len);
5733
5734 ev->eir_len = cpu_to_le16(eir_len);
5735
5736 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5737 }
5738
5739 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5740 {
5741 struct mgmt_ev_discovering ev;
5742 struct pending_cmd *cmd;
5743
5744 BT_DBG("%s discovering %u", hdev->name, discovering);
5745
5746 if (discovering)
5747 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5748 else
5749 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5750
5751 if (cmd != NULL) {
5752 u8 type = hdev->discovery.type;
5753
5754 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5755 sizeof(type));
5756 mgmt_pending_remove(cmd);
5757 }
5758
5759 memset(&ev, 0, sizeof(ev));
5760 ev.type = hdev->discovery.type;
5761 ev.discovering = discovering;
5762
5763 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5764 }
5765
5766 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5767 {
5768 struct pending_cmd *cmd;
5769 struct mgmt_ev_device_blocked ev;
5770
5771 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5772
5773 bacpy(&ev.addr.bdaddr, bdaddr);
5774 ev.addr.type = type;
5775
5776 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5777 cmd ? cmd->sk : NULL);
5778 }
5779
5780 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5781 {
5782 struct pending_cmd *cmd;
5783 struct mgmt_ev_device_unblocked ev;
5784
5785 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5786
5787 bacpy(&ev.addr.bdaddr, bdaddr);
5788 ev.addr.type = type;
5789
5790 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5791 cmd ? cmd->sk : NULL);
5792 }
5793
5794 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5795 {
5796 BT_DBG("%s status %u", hdev->name, status);
5797
5798 /* Clear the advertising mgmt setting if we failed to re-enable it */
5799 if (status) {
5800 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5801 new_settings(hdev, NULL);
5802 }
5803 }
5804
5805 void mgmt_reenable_advertising(struct hci_dev *hdev)
5806 {
5807 struct hci_request req;
5808
5809 if (hci_conn_num(hdev, LE_LINK) > 0)
5810 return;
5811
5812 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5813 return;
5814
5815 hci_req_init(&req, hdev);
5816 enable_advertising(&req);
5817
5818 /* If this fails we have no option but to let user space know
5819 * that we've disabled advertising.
5820 */
5821 if (hci_req_run(&req, adv_enable_complete) < 0) {
5822 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5823 new_settings(hdev, NULL);
5824 }
5825 }
Ubuntu Artful kernel mirror