]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33
34 #include "smp.h"
35
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
38
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_BREDR,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 };
83
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
106 };
107
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
109
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
113 struct pending_cmd {
114 struct list_head list;
115 u16 opcode;
116 int index;
117 void *param;
118 struct sock *sk;
119 void *user_data;
120 };
121
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 };
186
187 static u8 mgmt_status(u8 hci_status)
188 {
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193 }
194
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
196 {
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
200 int err;
201
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
203
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
216 ev->opcode = cpu_to_le16(cmd);
217
218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
220 kfree_skb(skb);
221
222 return err;
223 }
224
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
227 {
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
231 int err;
232
233 BT_DBG("sock %p", sk);
234
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
240
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
244
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
247 ev->status = status;
248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
251
252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
254 kfree_skb(skb);
255
256 return err;
257 }
258
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
261 {
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
268
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
270 sizeof(rp));
271 }
272
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
275 {
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
279 __le16 *opcode;
280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
301 rp_size);
302 kfree(rp);
303
304 return err;
305 }
306
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
309 {
310 struct mgmt_rp_read_index_list *rp;
311 struct hci_dev *d;
312 size_t rp_len;
313 u16 count;
314 int err;
315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
323 count++;
324 }
325
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
329 read_unlock(&hci_dev_list_lock);
330 return -ENOMEM;
331 }
332
333 count = 0;
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
336 continue;
337
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
345 }
346
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
350 read_unlock(&hci_dev_list_lock);
351
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
353 rp_len);
354
355 kfree(rp);
356
357 return err;
358 }
359
360 static u32 get_supported_settings(struct hci_dev *hdev)
361 {
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
366
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
379 }
380
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
384 }
385
386 return settings;
387 }
388
389 static u32 get_current_settings(struct hci_dev *hdev)
390 {
391 u32 settings = 0;
392
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
395
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
398
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
404
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
407
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
410
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
413
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
416
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
419
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
425
426 return settings;
427 }
428
429 #define PNP_INFO_SVCLASS_ID 0x1200
430
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432 {
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471 }
472
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474 {
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504 }
505
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507 {
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537 }
538
539 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
540 {
541 struct pending_cmd *cmd;
542
543 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
544 if (cmd->opcode == opcode)
545 return cmd;
546 }
547
548 return NULL;
549 }
550
551 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
552 {
553 u8 ad_len = 0;
554 size_t name_len;
555
556 name_len = strlen(hdev->dev_name);
557 if (name_len > 0) {
558 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
559
560 if (name_len > max_len) {
561 name_len = max_len;
562 ptr[1] = EIR_NAME_SHORT;
563 } else
564 ptr[1] = EIR_NAME_COMPLETE;
565
566 ptr[0] = name_len + 1;
567
568 memcpy(ptr + 2, hdev->dev_name, name_len);
569
570 ad_len += (name_len + 2);
571 ptr += (name_len + 2);
572 }
573
574 return ad_len;
575 }
576
577 static void update_scan_rsp_data(struct hci_request *req)
578 {
579 struct hci_dev *hdev = req->hdev;
580 struct hci_cp_le_set_scan_rsp_data cp;
581 u8 len;
582
583 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
584 return;
585
586 memset(&cp, 0, sizeof(cp));
587
588 len = create_scan_rsp_data(hdev, cp.data);
589
590 if (hdev->scan_rsp_data_len == len &&
591 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
592 return;
593
594 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
595 hdev->scan_rsp_data_len = len;
596
597 cp.length = len;
598
599 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
600 }
601
602 static u8 get_adv_discov_flags(struct hci_dev *hdev)
603 {
604 struct pending_cmd *cmd;
605
606 /* If there's a pending mgmt command the flags will not yet have
607 * their final values, so check for this first.
608 */
609 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
610 if (cmd) {
611 struct mgmt_mode *cp = cmd->param;
612 if (cp->val == 0x01)
613 return LE_AD_GENERAL;
614 else if (cp->val == 0x02)
615 return LE_AD_LIMITED;
616 } else {
617 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
618 return LE_AD_LIMITED;
619 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
620 return LE_AD_GENERAL;
621 }
622
623 return 0;
624 }
625
626 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
627 {
628 u8 ad_len = 0, flags = 0;
629
630 flags |= get_adv_discov_flags(hdev);
631
632 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
633 if (lmp_le_br_capable(hdev))
634 flags |= LE_AD_SIM_LE_BREDR_CTRL;
635 if (lmp_host_le_br_capable(hdev))
636 flags |= LE_AD_SIM_LE_BREDR_HOST;
637 } else {
638 flags |= LE_AD_NO_BREDR;
639 }
640
641 if (flags) {
642 BT_DBG("adv flags 0x%02x", flags);
643
644 ptr[0] = 2;
645 ptr[1] = EIR_FLAGS;
646 ptr[2] = flags;
647
648 ad_len += 3;
649 ptr += 3;
650 }
651
652 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
653 ptr[0] = 2;
654 ptr[1] = EIR_TX_POWER;
655 ptr[2] = (u8) hdev->adv_tx_power;
656
657 ad_len += 3;
658 ptr += 3;
659 }
660
661 return ad_len;
662 }
663
664 static void update_adv_data(struct hci_request *req)
665 {
666 struct hci_dev *hdev = req->hdev;
667 struct hci_cp_le_set_adv_data cp;
668 u8 len;
669
670 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
671 return;
672
673 memset(&cp, 0, sizeof(cp));
674
675 len = create_adv_data(hdev, cp.data);
676
677 if (hdev->adv_data_len == len &&
678 memcmp(cp.data, hdev->adv_data, len) == 0)
679 return;
680
681 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
682 hdev->adv_data_len = len;
683
684 cp.length = len;
685
686 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
687 }
688
689 static void create_eir(struct hci_dev *hdev, u8 *data)
690 {
691 u8 *ptr = data;
692 size_t name_len;
693
694 name_len = strlen(hdev->dev_name);
695
696 if (name_len > 0) {
697 /* EIR Data type */
698 if (name_len > 48) {
699 name_len = 48;
700 ptr[1] = EIR_NAME_SHORT;
701 } else
702 ptr[1] = EIR_NAME_COMPLETE;
703
704 /* EIR Data length */
705 ptr[0] = name_len + 1;
706
707 memcpy(ptr + 2, hdev->dev_name, name_len);
708
709 ptr += (name_len + 2);
710 }
711
712 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
713 ptr[0] = 2;
714 ptr[1] = EIR_TX_POWER;
715 ptr[2] = (u8) hdev->inq_tx_power;
716
717 ptr += 3;
718 }
719
720 if (hdev->devid_source > 0) {
721 ptr[0] = 9;
722 ptr[1] = EIR_DEVICE_ID;
723
724 put_unaligned_le16(hdev->devid_source, ptr + 2);
725 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
726 put_unaligned_le16(hdev->devid_product, ptr + 6);
727 put_unaligned_le16(hdev->devid_version, ptr + 8);
728
729 ptr += 10;
730 }
731
732 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
733 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
734 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
735 }
736
737 static void update_eir(struct hci_request *req)
738 {
739 struct hci_dev *hdev = req->hdev;
740 struct hci_cp_write_eir cp;
741
742 if (!hdev_is_powered(hdev))
743 return;
744
745 if (!lmp_ext_inq_capable(hdev))
746 return;
747
748 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
749 return;
750
751 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
752 return;
753
754 memset(&cp, 0, sizeof(cp));
755
756 create_eir(hdev, cp.data);
757
758 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
759 return;
760
761 memcpy(hdev->eir, cp.data, sizeof(cp.data));
762
763 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
764 }
765
766 static u8 get_service_classes(struct hci_dev *hdev)
767 {
768 struct bt_uuid *uuid;
769 u8 val = 0;
770
771 list_for_each_entry(uuid, &hdev->uuids, list)
772 val |= uuid->svc_hint;
773
774 return val;
775 }
776
777 static void update_class(struct hci_request *req)
778 {
779 struct hci_dev *hdev = req->hdev;
780 u8 cod[3];
781
782 BT_DBG("%s", hdev->name);
783
784 if (!hdev_is_powered(hdev))
785 return;
786
787 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
788 return;
789
790 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
791 return;
792
793 cod[0] = hdev->minor_class;
794 cod[1] = hdev->major_class;
795 cod[2] = get_service_classes(hdev);
796
797 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
798 cod[1] |= 0x20;
799
800 if (memcmp(cod, hdev->dev_class, 3) == 0)
801 return;
802
803 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
804 }
805
806 static void service_cache_off(struct work_struct *work)
807 {
808 struct hci_dev *hdev = container_of(work, struct hci_dev,
809 service_cache.work);
810 struct hci_request req;
811
812 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
813 return;
814
815 hci_req_init(&req, hdev);
816
817 hci_dev_lock(hdev);
818
819 update_eir(&req);
820 update_class(&req);
821
822 hci_dev_unlock(hdev);
823
824 hci_req_run(&req, NULL);
825 }
826
827 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
828 {
829 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
830 return;
831
832 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
833
834 /* Non-mgmt controlled devices get this bit set
835 * implicitly so that pairing works for them, however
836 * for mgmt we require user-space to explicitly enable
837 * it
838 */
839 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
840 }
841
842 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
843 void *data, u16 data_len)
844 {
845 struct mgmt_rp_read_info rp;
846
847 BT_DBG("sock %p %s", sk, hdev->name);
848
849 hci_dev_lock(hdev);
850
851 memset(&rp, 0, sizeof(rp));
852
853 bacpy(&rp.bdaddr, &hdev->bdaddr);
854
855 rp.version = hdev->hci_ver;
856 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
857
858 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
859 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
860
861 memcpy(rp.dev_class, hdev->dev_class, 3);
862
863 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
864 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
865
866 hci_dev_unlock(hdev);
867
868 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
869 sizeof(rp));
870 }
871
872 static void mgmt_pending_free(struct pending_cmd *cmd)
873 {
874 sock_put(cmd->sk);
875 kfree(cmd->param);
876 kfree(cmd);
877 }
878
879 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
880 struct hci_dev *hdev, void *data,
881 u16 len)
882 {
883 struct pending_cmd *cmd;
884
885 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
886 if (!cmd)
887 return NULL;
888
889 cmd->opcode = opcode;
890 cmd->index = hdev->id;
891
892 cmd->param = kmalloc(len, GFP_KERNEL);
893 if (!cmd->param) {
894 kfree(cmd);
895 return NULL;
896 }
897
898 if (data)
899 memcpy(cmd->param, data, len);
900
901 cmd->sk = sk;
902 sock_hold(sk);
903
904 list_add(&cmd->list, &hdev->mgmt_pending);
905
906 return cmd;
907 }
908
909 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
910 void (*cb)(struct pending_cmd *cmd,
911 void *data),
912 void *data)
913 {
914 struct pending_cmd *cmd, *tmp;
915
916 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
917 if (opcode > 0 && cmd->opcode != opcode)
918 continue;
919
920 cb(cmd, data);
921 }
922 }
923
924 static void mgmt_pending_remove(struct pending_cmd *cmd)
925 {
926 list_del(&cmd->list);
927 mgmt_pending_free(cmd);
928 }
929
930 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
931 {
932 __le32 settings = cpu_to_le32(get_current_settings(hdev));
933
934 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
935 sizeof(settings));
936 }
937
938 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
939 u16 len)
940 {
941 struct mgmt_mode *cp = data;
942 struct pending_cmd *cmd;
943 int err;
944
945 BT_DBG("request for %s", hdev->name);
946
947 if (cp->val != 0x00 && cp->val != 0x01)
948 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
949 MGMT_STATUS_INVALID_PARAMS);
950
951 hci_dev_lock(hdev);
952
953 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
954 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
955 MGMT_STATUS_BUSY);
956 goto failed;
957 }
958
959 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
960 cancel_delayed_work(&hdev->power_off);
961
962 if (cp->val) {
963 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
964 data, len);
965 err = mgmt_powered(hdev, 1);
966 goto failed;
967 }
968 }
969
970 if (!!cp->val == hdev_is_powered(hdev)) {
971 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
972 goto failed;
973 }
974
975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
976 if (!cmd) {
977 err = -ENOMEM;
978 goto failed;
979 }
980
981 if (cp->val)
982 queue_work(hdev->req_workqueue, &hdev->power_on);
983 else
984 queue_work(hdev->req_workqueue, &hdev->power_off.work);
985
986 err = 0;
987
988 failed:
989 hci_dev_unlock(hdev);
990 return err;
991 }
992
993 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
994 struct sock *skip_sk)
995 {
996 struct sk_buff *skb;
997 struct mgmt_hdr *hdr;
998
999 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1000 if (!skb)
1001 return -ENOMEM;
1002
1003 hdr = (void *) skb_put(skb, sizeof(*hdr));
1004 hdr->opcode = cpu_to_le16(event);
1005 if (hdev)
1006 hdr->index = cpu_to_le16(hdev->id);
1007 else
1008 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
1009 hdr->len = cpu_to_le16(data_len);
1010
1011 if (data)
1012 memcpy(skb_put(skb, data_len), data, data_len);
1013
1014 /* Time stamp */
1015 __net_timestamp(skb);
1016
1017 hci_send_to_control(skb, skip_sk);
1018 kfree_skb(skb);
1019
1020 return 0;
1021 }
1022
1023 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1024 {
1025 __le32 ev;
1026
1027 ev = cpu_to_le32(get_current_settings(hdev));
1028
1029 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1030 }
1031
1032 struct cmd_lookup {
1033 struct sock *sk;
1034 struct hci_dev *hdev;
1035 u8 mgmt_status;
1036 };
1037
1038 static void settings_rsp(struct pending_cmd *cmd, void *data)
1039 {
1040 struct cmd_lookup *match = data;
1041
1042 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1043
1044 list_del(&cmd->list);
1045
1046 if (match->sk == NULL) {
1047 match->sk = cmd->sk;
1048 sock_hold(match->sk);
1049 }
1050
1051 mgmt_pending_free(cmd);
1052 }
1053
1054 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1055 {
1056 u8 *status = data;
1057
1058 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1059 mgmt_pending_remove(cmd);
1060 }
1061
1062 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1063 {
1064 if (!lmp_bredr_capable(hdev))
1065 return MGMT_STATUS_NOT_SUPPORTED;
1066 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1067 return MGMT_STATUS_REJECTED;
1068 else
1069 return MGMT_STATUS_SUCCESS;
1070 }
1071
1072 static u8 mgmt_le_support(struct hci_dev *hdev)
1073 {
1074 if (!lmp_le_capable(hdev))
1075 return MGMT_STATUS_NOT_SUPPORTED;
1076 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1077 return MGMT_STATUS_REJECTED;
1078 else
1079 return MGMT_STATUS_SUCCESS;
1080 }
1081
1082 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1083 {
1084 struct pending_cmd *cmd;
1085 struct mgmt_mode *cp;
1086 struct hci_request req;
1087 bool changed;
1088
1089 BT_DBG("status 0x%02x", status);
1090
1091 hci_dev_lock(hdev);
1092
1093 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1094 if (!cmd)
1095 goto unlock;
1096
1097 if (status) {
1098 u8 mgmt_err = mgmt_status(status);
1099 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1100 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1101 goto remove_cmd;
1102 }
1103
1104 cp = cmd->param;
1105 if (cp->val) {
1106 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1107 &hdev->dev_flags);
1108
1109 if (hdev->discov_timeout > 0) {
1110 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1111 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1112 to);
1113 }
1114 } else {
1115 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1116 &hdev->dev_flags);
1117 }
1118
1119 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1120
1121 if (changed)
1122 new_settings(hdev, cmd->sk);
1123
1124 /* When the discoverable mode gets changed, make sure
1125 * that class of device has the limited discoverable
1126 * bit correctly set.
1127 */
1128 hci_req_init(&req, hdev);
1129 update_class(&req);
1130 hci_req_run(&req, NULL);
1131
1132 remove_cmd:
1133 mgmt_pending_remove(cmd);
1134
1135 unlock:
1136 hci_dev_unlock(hdev);
1137 }
1138
1139 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1140 u16 len)
1141 {
1142 struct mgmt_cp_set_discoverable *cp = data;
1143 struct pending_cmd *cmd;
1144 struct hci_request req;
1145 u16 timeout;
1146 u8 scan;
1147 int err;
1148
1149 BT_DBG("request for %s", hdev->name);
1150
1151 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1152 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1153 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1154 MGMT_STATUS_REJECTED);
1155
1156 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1157 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1158 MGMT_STATUS_INVALID_PARAMS);
1159
1160 timeout = __le16_to_cpu(cp->timeout);
1161
1162 /* Disabling discoverable requires that no timeout is set,
1163 * and enabling limited discoverable requires a timeout.
1164 */
1165 if ((cp->val == 0x00 && timeout > 0) ||
1166 (cp->val == 0x02 && timeout == 0))
1167 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1168 MGMT_STATUS_INVALID_PARAMS);
1169
1170 hci_dev_lock(hdev);
1171
1172 if (!hdev_is_powered(hdev) && timeout > 0) {
1173 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1174 MGMT_STATUS_NOT_POWERED);
1175 goto failed;
1176 }
1177
1178 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1179 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1181 MGMT_STATUS_BUSY);
1182 goto failed;
1183 }
1184
1185 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1186 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1187 MGMT_STATUS_REJECTED);
1188 goto failed;
1189 }
1190
1191 if (!hdev_is_powered(hdev)) {
1192 bool changed = false;
1193
1194 /* Setting limited discoverable when powered off is
1195 * not a valid operation since it requires a timeout
1196 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1197 */
1198 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1199 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1200 changed = true;
1201 }
1202
1203 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1204 if (err < 0)
1205 goto failed;
1206
1207 if (changed)
1208 err = new_settings(hdev, sk);
1209
1210 goto failed;
1211 }
1212
1213 /* If the current mode is the same, then just update the timeout
1214 * value with the new value. And if only the timeout gets updated,
1215 * then no need for any HCI transactions.
1216 */
1217 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1218 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1219 &hdev->dev_flags)) {
1220 cancel_delayed_work(&hdev->discov_off);
1221 hdev->discov_timeout = timeout;
1222
1223 if (cp->val && hdev->discov_timeout > 0) {
1224 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1225 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1226 to);
1227 }
1228
1229 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1230 goto failed;
1231 }
1232
1233 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1234 if (!cmd) {
1235 err = -ENOMEM;
1236 goto failed;
1237 }
1238
1239 /* Cancel any potential discoverable timeout that might be
1240 * still active and store new timeout value. The arming of
1241 * the timeout happens in the complete handler.
1242 */
1243 cancel_delayed_work(&hdev->discov_off);
1244 hdev->discov_timeout = timeout;
1245
1246 /* Limited discoverable mode */
1247 if (cp->val == 0x02)
1248 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1249 else
1250 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1251
1252 hci_req_init(&req, hdev);
1253
1254 /* The procedure for LE-only controllers is much simpler - just
1255 * update the advertising data.
1256 */
1257 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1258 goto update_ad;
1259
1260 scan = SCAN_PAGE;
1261
1262 if (cp->val) {
1263 struct hci_cp_write_current_iac_lap hci_cp;
1264
1265 if (cp->val == 0x02) {
1266 /* Limited discoverable mode */
1267 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1268 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1269 hci_cp.iac_lap[1] = 0x8b;
1270 hci_cp.iac_lap[2] = 0x9e;
1271 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1272 hci_cp.iac_lap[4] = 0x8b;
1273 hci_cp.iac_lap[5] = 0x9e;
1274 } else {
1275 /* General discoverable mode */
1276 hci_cp.num_iac = 1;
1277 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1278 hci_cp.iac_lap[1] = 0x8b;
1279 hci_cp.iac_lap[2] = 0x9e;
1280 }
1281
1282 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1283 (hci_cp.num_iac * 3) + 1, &hci_cp);
1284
1285 scan |= SCAN_INQUIRY;
1286 } else {
1287 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1288 }
1289
1290 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1291
1292 update_ad:
1293 update_adv_data(&req);
1294
1295 err = hci_req_run(&req, set_discoverable_complete);
1296 if (err < 0)
1297 mgmt_pending_remove(cmd);
1298
1299 failed:
1300 hci_dev_unlock(hdev);
1301 return err;
1302 }
1303
1304 static void write_fast_connectable(struct hci_request *req, bool enable)
1305 {
1306 struct hci_dev *hdev = req->hdev;
1307 struct hci_cp_write_page_scan_activity acp;
1308 u8 type;
1309
1310 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1311 return;
1312
1313 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1314 return;
1315
1316 if (enable) {
1317 type = PAGE_SCAN_TYPE_INTERLACED;
1318
1319 /* 160 msec page scan interval */
1320 acp.interval = __constant_cpu_to_le16(0x0100);
1321 } else {
1322 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1323
1324 /* default 1.28 sec page scan */
1325 acp.interval = __constant_cpu_to_le16(0x0800);
1326 }
1327
1328 acp.window = __constant_cpu_to_le16(0x0012);
1329
1330 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1331 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1332 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1333 sizeof(acp), &acp);
1334
1335 if (hdev->page_scan_type != type)
1336 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1337 }
1338
1339 static u8 get_adv_type(struct hci_dev *hdev)
1340 {
1341 struct pending_cmd *cmd;
1342 bool connectable;
1343
1344 /* If there's a pending mgmt command the flag will not yet have
1345 * it's final value, so check for this first.
1346 */
1347 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1348 if (cmd) {
1349 struct mgmt_mode *cp = cmd->param;
1350 connectable = !!cp->val;
1351 } else {
1352 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1353 }
1354
1355 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1356 }
1357
1358 static void enable_advertising(struct hci_request *req)
1359 {
1360 struct hci_dev *hdev = req->hdev;
1361 struct hci_cp_le_set_adv_param cp;
1362 u8 enable = 0x01;
1363
1364 memset(&cp, 0, sizeof(cp));
1365 cp.min_interval = __constant_cpu_to_le16(0x0800);
1366 cp.max_interval = __constant_cpu_to_le16(0x0800);
1367 cp.type = get_adv_type(hdev);
1368 cp.own_address_type = hdev->own_addr_type;
1369 cp.channel_map = 0x07;
1370
1371 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1372
1373 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1374 }
1375
1376 static void disable_advertising(struct hci_request *req)
1377 {
1378 u8 enable = 0x00;
1379
1380 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1381 }
1382
1383 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1384 {
1385 struct pending_cmd *cmd;
1386 struct mgmt_mode *cp;
1387 bool changed;
1388
1389 BT_DBG("status 0x%02x", status);
1390
1391 hci_dev_lock(hdev);
1392
1393 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1394 if (!cmd)
1395 goto unlock;
1396
1397 if (status) {
1398 u8 mgmt_err = mgmt_status(status);
1399 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1400 goto remove_cmd;
1401 }
1402
1403 cp = cmd->param;
1404 if (cp->val)
1405 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1406 else
1407 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1408
1409 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1410
1411 if (changed)
1412 new_settings(hdev, cmd->sk);
1413
1414 remove_cmd:
1415 mgmt_pending_remove(cmd);
1416
1417 unlock:
1418 hci_dev_unlock(hdev);
1419 }
1420
1421 static int set_connectable_update_settings(struct hci_dev *hdev,
1422 struct sock *sk, u8 val)
1423 {
1424 bool changed = false;
1425 int err;
1426
1427 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1428 changed = true;
1429
1430 if (val) {
1431 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1432 } else {
1433 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1434 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1435 }
1436
1437 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1438 if (err < 0)
1439 return err;
1440
1441 if (changed)
1442 return new_settings(hdev, sk);
1443
1444 return 0;
1445 }
1446
1447 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1448 u16 len)
1449 {
1450 struct mgmt_mode *cp = data;
1451 struct pending_cmd *cmd;
1452 struct hci_request req;
1453 u8 scan;
1454 int err;
1455
1456 BT_DBG("request for %s", hdev->name);
1457
1458 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1459 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1461 MGMT_STATUS_REJECTED);
1462
1463 if (cp->val != 0x00 && cp->val != 0x01)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1465 MGMT_STATUS_INVALID_PARAMS);
1466
1467 hci_dev_lock(hdev);
1468
1469 if (!hdev_is_powered(hdev)) {
1470 err = set_connectable_update_settings(hdev, sk, cp->val);
1471 goto failed;
1472 }
1473
1474 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1475 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1476 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1477 MGMT_STATUS_BUSY);
1478 goto failed;
1479 }
1480
1481 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1482 if (!cmd) {
1483 err = -ENOMEM;
1484 goto failed;
1485 }
1486
1487 hci_req_init(&req, hdev);
1488
1489 /* If BR/EDR is not enabled and we disable advertising as a
1490 * by-product of disabling connectable, we need to update the
1491 * advertising flags.
1492 */
1493 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1494 if (!cp->val) {
1495 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1496 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1497 }
1498 update_adv_data(&req);
1499 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1500 if (cp->val) {
1501 scan = SCAN_PAGE;
1502 } else {
1503 scan = 0;
1504
1505 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1506 hdev->discov_timeout > 0)
1507 cancel_delayed_work(&hdev->discov_off);
1508 }
1509
1510 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1511 }
1512
1513 /* If we're going from non-connectable to connectable or
1514 * vice-versa when fast connectable is enabled ensure that fast
1515 * connectable gets disabled. write_fast_connectable won't do
1516 * anything if the page scan parameters are already what they
1517 * should be.
1518 */
1519 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1520 write_fast_connectable(&req, false);
1521
1522 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1523 hci_conn_num(hdev, LE_LINK) == 0) {
1524 disable_advertising(&req);
1525 enable_advertising(&req);
1526 }
1527
1528 err = hci_req_run(&req, set_connectable_complete);
1529 if (err < 0) {
1530 mgmt_pending_remove(cmd);
1531 if (err == -ENODATA)
1532 err = set_connectable_update_settings(hdev, sk,
1533 cp->val);
1534 goto failed;
1535 }
1536
1537 failed:
1538 hci_dev_unlock(hdev);
1539 return err;
1540 }
1541
1542 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1543 u16 len)
1544 {
1545 struct mgmt_mode *cp = data;
1546 bool changed;
1547 int err;
1548
1549 BT_DBG("request for %s", hdev->name);
1550
1551 if (cp->val != 0x00 && cp->val != 0x01)
1552 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1553 MGMT_STATUS_INVALID_PARAMS);
1554
1555 hci_dev_lock(hdev);
1556
1557 if (cp->val)
1558 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1559 else
1560 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1561
1562 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1563 if (err < 0)
1564 goto unlock;
1565
1566 if (changed)
1567 err = new_settings(hdev, sk);
1568
1569 unlock:
1570 hci_dev_unlock(hdev);
1571 return err;
1572 }
1573
1574 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1575 u16 len)
1576 {
1577 struct mgmt_mode *cp = data;
1578 struct pending_cmd *cmd;
1579 u8 val, status;
1580 int err;
1581
1582 BT_DBG("request for %s", hdev->name);
1583
1584 status = mgmt_bredr_support(hdev);
1585 if (status)
1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1587 status);
1588
1589 if (cp->val != 0x00 && cp->val != 0x01)
1590 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1591 MGMT_STATUS_INVALID_PARAMS);
1592
1593 hci_dev_lock(hdev);
1594
1595 if (!hdev_is_powered(hdev)) {
1596 bool changed = false;
1597
1598 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1599 &hdev->dev_flags)) {
1600 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1601 changed = true;
1602 }
1603
1604 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1605 if (err < 0)
1606 goto failed;
1607
1608 if (changed)
1609 err = new_settings(hdev, sk);
1610
1611 goto failed;
1612 }
1613
1614 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1616 MGMT_STATUS_BUSY);
1617 goto failed;
1618 }
1619
1620 val = !!cp->val;
1621
1622 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1623 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1624 goto failed;
1625 }
1626
1627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1628 if (!cmd) {
1629 err = -ENOMEM;
1630 goto failed;
1631 }
1632
1633 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1634 if (err < 0) {
1635 mgmt_pending_remove(cmd);
1636 goto failed;
1637 }
1638
1639 failed:
1640 hci_dev_unlock(hdev);
1641 return err;
1642 }
1643
1644 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1645 {
1646 struct mgmt_mode *cp = data;
1647 struct pending_cmd *cmd;
1648 u8 status;
1649 int err;
1650
1651 BT_DBG("request for %s", hdev->name);
1652
1653 status = mgmt_bredr_support(hdev);
1654 if (status)
1655 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1656
1657 if (!lmp_ssp_capable(hdev))
1658 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1659 MGMT_STATUS_NOT_SUPPORTED);
1660
1661 if (cp->val != 0x00 && cp->val != 0x01)
1662 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1663 MGMT_STATUS_INVALID_PARAMS);
1664
1665 hci_dev_lock(hdev);
1666
1667 if (!hdev_is_powered(hdev)) {
1668 bool changed;
1669
1670 if (cp->val) {
1671 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1672 &hdev->dev_flags);
1673 } else {
1674 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1675 &hdev->dev_flags);
1676 if (!changed)
1677 changed = test_and_clear_bit(HCI_HS_ENABLED,
1678 &hdev->dev_flags);
1679 else
1680 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1681 }
1682
1683 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1684 if (err < 0)
1685 goto failed;
1686
1687 if (changed)
1688 err = new_settings(hdev, sk);
1689
1690 goto failed;
1691 }
1692
1693 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1694 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1695 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1696 MGMT_STATUS_BUSY);
1697 goto failed;
1698 }
1699
1700 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1701 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1702 goto failed;
1703 }
1704
1705 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1706 if (!cmd) {
1707 err = -ENOMEM;
1708 goto failed;
1709 }
1710
1711 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1712 if (err < 0) {
1713 mgmt_pending_remove(cmd);
1714 goto failed;
1715 }
1716
1717 failed:
1718 hci_dev_unlock(hdev);
1719 return err;
1720 }
1721
1722 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1723 {
1724 struct mgmt_mode *cp = data;
1725 bool changed;
1726 u8 status;
1727 int err;
1728
1729 BT_DBG("request for %s", hdev->name);
1730
1731 status = mgmt_bredr_support(hdev);
1732 if (status)
1733 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1734
1735 if (!lmp_ssp_capable(hdev))
1736 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1737 MGMT_STATUS_NOT_SUPPORTED);
1738
1739 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1740 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1741 MGMT_STATUS_REJECTED);
1742
1743 if (cp->val != 0x00 && cp->val != 0x01)
1744 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1745 MGMT_STATUS_INVALID_PARAMS);
1746
1747 hci_dev_lock(hdev);
1748
1749 if (cp->val) {
1750 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1751 } else {
1752 if (hdev_is_powered(hdev)) {
1753 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1754 MGMT_STATUS_REJECTED);
1755 goto unlock;
1756 }
1757
1758 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1759 }
1760
1761 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1762 if (err < 0)
1763 goto unlock;
1764
1765 if (changed)
1766 err = new_settings(hdev, sk);
1767
1768 unlock:
1769 hci_dev_unlock(hdev);
1770 return err;
1771 }
1772
1773 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1774 {
1775 struct cmd_lookup match = { NULL, hdev };
1776
1777 if (status) {
1778 u8 mgmt_err = mgmt_status(status);
1779
1780 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1781 &mgmt_err);
1782 return;
1783 }
1784
1785 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1786
1787 new_settings(hdev, match.sk);
1788
1789 if (match.sk)
1790 sock_put(match.sk);
1791
1792 /* Make sure the controller has a good default for
1793 * advertising data. Restrict the update to when LE
1794 * has actually been enabled. During power on, the
1795 * update in powered_update_hci will take care of it.
1796 */
1797 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1798 struct hci_request req;
1799
1800 hci_dev_lock(hdev);
1801
1802 hci_req_init(&req, hdev);
1803 update_adv_data(&req);
1804 update_scan_rsp_data(&req);
1805 hci_req_run(&req, NULL);
1806
1807 hci_dev_unlock(hdev);
1808 }
1809 }
1810
1811 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1812 {
1813 struct mgmt_mode *cp = data;
1814 struct hci_cp_write_le_host_supported hci_cp;
1815 struct pending_cmd *cmd;
1816 struct hci_request req;
1817 int err;
1818 u8 val, enabled;
1819
1820 BT_DBG("request for %s", hdev->name);
1821
1822 if (!lmp_le_capable(hdev))
1823 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1824 MGMT_STATUS_NOT_SUPPORTED);
1825
1826 if (cp->val != 0x00 && cp->val != 0x01)
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1828 MGMT_STATUS_INVALID_PARAMS);
1829
1830 /* LE-only devices do not allow toggling LE on/off */
1831 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1832 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1833 MGMT_STATUS_REJECTED);
1834
1835 hci_dev_lock(hdev);
1836
1837 val = !!cp->val;
1838 enabled = lmp_host_le_capable(hdev);
1839
1840 if (!hdev_is_powered(hdev) || val == enabled) {
1841 bool changed = false;
1842
1843 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1844 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1845 changed = true;
1846 }
1847
1848 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1850 changed = true;
1851 }
1852
1853 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1854 if (err < 0)
1855 goto unlock;
1856
1857 if (changed)
1858 err = new_settings(hdev, sk);
1859
1860 goto unlock;
1861 }
1862
1863 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1864 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1865 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1866 MGMT_STATUS_BUSY);
1867 goto unlock;
1868 }
1869
1870 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1871 if (!cmd) {
1872 err = -ENOMEM;
1873 goto unlock;
1874 }
1875
1876 hci_req_init(&req, hdev);
1877
1878 memset(&hci_cp, 0, sizeof(hci_cp));
1879
1880 if (val) {
1881 hci_cp.le = val;
1882 hci_cp.simul = lmp_le_br_capable(hdev);
1883 } else {
1884 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1885 disable_advertising(&req);
1886 }
1887
1888 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1889 &hci_cp);
1890
1891 err = hci_req_run(&req, le_enable_complete);
1892 if (err < 0)
1893 mgmt_pending_remove(cmd);
1894
1895 unlock:
1896 hci_dev_unlock(hdev);
1897 return err;
1898 }
1899
1900 /* This is a helper function to test for pending mgmt commands that can
1901 * cause CoD or EIR HCI commands. We can only allow one such pending
1902 * mgmt command at a time since otherwise we cannot easily track what
1903 * the current values are, will be, and based on that calculate if a new
1904 * HCI command needs to be sent and if yes with what value.
1905 */
1906 static bool pending_eir_or_class(struct hci_dev *hdev)
1907 {
1908 struct pending_cmd *cmd;
1909
1910 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1911 switch (cmd->opcode) {
1912 case MGMT_OP_ADD_UUID:
1913 case MGMT_OP_REMOVE_UUID:
1914 case MGMT_OP_SET_DEV_CLASS:
1915 case MGMT_OP_SET_POWERED:
1916 return true;
1917 }
1918 }
1919
1920 return false;
1921 }
1922
1923 static const u8 bluetooth_base_uuid[] = {
1924 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1925 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1926 };
1927
1928 static u8 get_uuid_size(const u8 *uuid)
1929 {
1930 u32 val;
1931
1932 if (memcmp(uuid, bluetooth_base_uuid, 12))
1933 return 128;
1934
1935 val = get_unaligned_le32(&uuid[12]);
1936 if (val > 0xffff)
1937 return 32;
1938
1939 return 16;
1940 }
1941
1942 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1943 {
1944 struct pending_cmd *cmd;
1945
1946 hci_dev_lock(hdev);
1947
1948 cmd = mgmt_pending_find(mgmt_op, hdev);
1949 if (!cmd)
1950 goto unlock;
1951
1952 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1953 hdev->dev_class, 3);
1954
1955 mgmt_pending_remove(cmd);
1956
1957 unlock:
1958 hci_dev_unlock(hdev);
1959 }
1960
1961 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1962 {
1963 BT_DBG("status 0x%02x", status);
1964
1965 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1966 }
1967
1968 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1969 {
1970 struct mgmt_cp_add_uuid *cp = data;
1971 struct pending_cmd *cmd;
1972 struct hci_request req;
1973 struct bt_uuid *uuid;
1974 int err;
1975
1976 BT_DBG("request for %s", hdev->name);
1977
1978 hci_dev_lock(hdev);
1979
1980 if (pending_eir_or_class(hdev)) {
1981 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1982 MGMT_STATUS_BUSY);
1983 goto failed;
1984 }
1985
1986 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1987 if (!uuid) {
1988 err = -ENOMEM;
1989 goto failed;
1990 }
1991
1992 memcpy(uuid->uuid, cp->uuid, 16);
1993 uuid->svc_hint = cp->svc_hint;
1994 uuid->size = get_uuid_size(cp->uuid);
1995
1996 list_add_tail(&uuid->list, &hdev->uuids);
1997
1998 hci_req_init(&req, hdev);
1999
2000 update_class(&req);
2001 update_eir(&req);
2002
2003 err = hci_req_run(&req, add_uuid_complete);
2004 if (err < 0) {
2005 if (err != -ENODATA)
2006 goto failed;
2007
2008 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2009 hdev->dev_class, 3);
2010 goto failed;
2011 }
2012
2013 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2014 if (!cmd) {
2015 err = -ENOMEM;
2016 goto failed;
2017 }
2018
2019 err = 0;
2020
2021 failed:
2022 hci_dev_unlock(hdev);
2023 return err;
2024 }
2025
2026 static bool enable_service_cache(struct hci_dev *hdev)
2027 {
2028 if (!hdev_is_powered(hdev))
2029 return false;
2030
2031 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2032 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2033 CACHE_TIMEOUT);
2034 return true;
2035 }
2036
2037 return false;
2038 }
2039
2040 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2041 {
2042 BT_DBG("status 0x%02x", status);
2043
2044 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2045 }
2046
2047 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2048 u16 len)
2049 {
2050 struct mgmt_cp_remove_uuid *cp = data;
2051 struct pending_cmd *cmd;
2052 struct bt_uuid *match, *tmp;
2053 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2054 struct hci_request req;
2055 int err, found;
2056
2057 BT_DBG("request for %s", hdev->name);
2058
2059 hci_dev_lock(hdev);
2060
2061 if (pending_eir_or_class(hdev)) {
2062 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2063 MGMT_STATUS_BUSY);
2064 goto unlock;
2065 }
2066
2067 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2068 err = hci_uuids_clear(hdev);
2069
2070 if (enable_service_cache(hdev)) {
2071 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2072 0, hdev->dev_class, 3);
2073 goto unlock;
2074 }
2075
2076 goto update_class;
2077 }
2078
2079 found = 0;
2080
2081 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2082 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2083 continue;
2084
2085 list_del(&match->list);
2086 kfree(match);
2087 found++;
2088 }
2089
2090 if (found == 0) {
2091 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2092 MGMT_STATUS_INVALID_PARAMS);
2093 goto unlock;
2094 }
2095
2096 update_class:
2097 hci_req_init(&req, hdev);
2098
2099 update_class(&req);
2100 update_eir(&req);
2101
2102 err = hci_req_run(&req, remove_uuid_complete);
2103 if (err < 0) {
2104 if (err != -ENODATA)
2105 goto unlock;
2106
2107 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2108 hdev->dev_class, 3);
2109 goto unlock;
2110 }
2111
2112 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2113 if (!cmd) {
2114 err = -ENOMEM;
2115 goto unlock;
2116 }
2117
2118 err = 0;
2119
2120 unlock:
2121 hci_dev_unlock(hdev);
2122 return err;
2123 }
2124
2125 static void set_class_complete(struct hci_dev *hdev, u8 status)
2126 {
2127 BT_DBG("status 0x%02x", status);
2128
2129 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2130 }
2131
2132 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2133 u16 len)
2134 {
2135 struct mgmt_cp_set_dev_class *cp = data;
2136 struct pending_cmd *cmd;
2137 struct hci_request req;
2138 int err;
2139
2140 BT_DBG("request for %s", hdev->name);
2141
2142 if (!lmp_bredr_capable(hdev))
2143 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2144 MGMT_STATUS_NOT_SUPPORTED);
2145
2146 hci_dev_lock(hdev);
2147
2148 if (pending_eir_or_class(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2150 MGMT_STATUS_BUSY);
2151 goto unlock;
2152 }
2153
2154 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2155 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2156 MGMT_STATUS_INVALID_PARAMS);
2157 goto unlock;
2158 }
2159
2160 hdev->major_class = cp->major;
2161 hdev->minor_class = cp->minor;
2162
2163 if (!hdev_is_powered(hdev)) {
2164 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2165 hdev->dev_class, 3);
2166 goto unlock;
2167 }
2168
2169 hci_req_init(&req, hdev);
2170
2171 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2172 hci_dev_unlock(hdev);
2173 cancel_delayed_work_sync(&hdev->service_cache);
2174 hci_dev_lock(hdev);
2175 update_eir(&req);
2176 }
2177
2178 update_class(&req);
2179
2180 err = hci_req_run(&req, set_class_complete);
2181 if (err < 0) {
2182 if (err != -ENODATA)
2183 goto unlock;
2184
2185 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2186 hdev->dev_class, 3);
2187 goto unlock;
2188 }
2189
2190 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2191 if (!cmd) {
2192 err = -ENOMEM;
2193 goto unlock;
2194 }
2195
2196 err = 0;
2197
2198 unlock:
2199 hci_dev_unlock(hdev);
2200 return err;
2201 }
2202
2203 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2204 u16 len)
2205 {
2206 struct mgmt_cp_load_link_keys *cp = data;
2207 u16 key_count, expected_len;
2208 int i;
2209
2210 BT_DBG("request for %s", hdev->name);
2211
2212 if (!lmp_bredr_capable(hdev))
2213 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2214 MGMT_STATUS_NOT_SUPPORTED);
2215
2216 key_count = __le16_to_cpu(cp->key_count);
2217
2218 expected_len = sizeof(*cp) + key_count *
2219 sizeof(struct mgmt_link_key_info);
2220 if (expected_len != len) {
2221 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2222 len, expected_len);
2223 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2224 MGMT_STATUS_INVALID_PARAMS);
2225 }
2226
2227 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2228 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2229 MGMT_STATUS_INVALID_PARAMS);
2230
2231 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2232 key_count);
2233
2234 for (i = 0; i < key_count; i++) {
2235 struct mgmt_link_key_info *key = &cp->keys[i];
2236
2237 if (key->addr.type != BDADDR_BREDR)
2238 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2239 MGMT_STATUS_INVALID_PARAMS);
2240 }
2241
2242 hci_dev_lock(hdev);
2243
2244 hci_link_keys_clear(hdev);
2245
2246 if (cp->debug_keys)
2247 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2248 else
2249 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2250
2251 for (i = 0; i < key_count; i++) {
2252 struct mgmt_link_key_info *key = &cp->keys[i];
2253
2254 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2255 key->type, key->pin_len);
2256 }
2257
2258 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2259
2260 hci_dev_unlock(hdev);
2261
2262 return 0;
2263 }
2264
2265 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2266 u8 addr_type, struct sock *skip_sk)
2267 {
2268 struct mgmt_ev_device_unpaired ev;
2269
2270 bacpy(&ev.addr.bdaddr, bdaddr);
2271 ev.addr.type = addr_type;
2272
2273 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2274 skip_sk);
2275 }
2276
2277 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2278 u16 len)
2279 {
2280 struct mgmt_cp_unpair_device *cp = data;
2281 struct mgmt_rp_unpair_device rp;
2282 struct hci_cp_disconnect dc;
2283 struct pending_cmd *cmd;
2284 struct hci_conn *conn;
2285 int err;
2286
2287 memset(&rp, 0, sizeof(rp));
2288 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2289 rp.addr.type = cp->addr.type;
2290
2291 if (!bdaddr_type_is_valid(cp->addr.type))
2292 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2293 MGMT_STATUS_INVALID_PARAMS,
2294 &rp, sizeof(rp));
2295
2296 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2297 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2298 MGMT_STATUS_INVALID_PARAMS,
2299 &rp, sizeof(rp));
2300
2301 hci_dev_lock(hdev);
2302
2303 if (!hdev_is_powered(hdev)) {
2304 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2305 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2306 goto unlock;
2307 }
2308
2309 if (cp->addr.type == BDADDR_BREDR)
2310 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2311 else
2312 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2313
2314 if (err < 0) {
2315 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2316 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2317 goto unlock;
2318 }
2319
2320 if (cp->disconnect) {
2321 if (cp->addr.type == BDADDR_BREDR)
2322 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2323 &cp->addr.bdaddr);
2324 else
2325 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2326 &cp->addr.bdaddr);
2327 } else {
2328 conn = NULL;
2329 }
2330
2331 if (!conn) {
2332 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2333 &rp, sizeof(rp));
2334 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2335 goto unlock;
2336 }
2337
2338 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2339 sizeof(*cp));
2340 if (!cmd) {
2341 err = -ENOMEM;
2342 goto unlock;
2343 }
2344
2345 dc.handle = cpu_to_le16(conn->handle);
2346 dc.reason = 0x13; /* Remote User Terminated Connection */
2347 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2348 if (err < 0)
2349 mgmt_pending_remove(cmd);
2350
2351 unlock:
2352 hci_dev_unlock(hdev);
2353 return err;
2354 }
2355
2356 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2357 u16 len)
2358 {
2359 struct mgmt_cp_disconnect *cp = data;
2360 struct mgmt_rp_disconnect rp;
2361 struct hci_cp_disconnect dc;
2362 struct pending_cmd *cmd;
2363 struct hci_conn *conn;
2364 int err;
2365
2366 BT_DBG("");
2367
2368 memset(&rp, 0, sizeof(rp));
2369 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2370 rp.addr.type = cp->addr.type;
2371
2372 if (!bdaddr_type_is_valid(cp->addr.type))
2373 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2374 MGMT_STATUS_INVALID_PARAMS,
2375 &rp, sizeof(rp));
2376
2377 hci_dev_lock(hdev);
2378
2379 if (!test_bit(HCI_UP, &hdev->flags)) {
2380 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2381 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2382 goto failed;
2383 }
2384
2385 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2386 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2387 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2388 goto failed;
2389 }
2390
2391 if (cp->addr.type == BDADDR_BREDR)
2392 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2393 &cp->addr.bdaddr);
2394 else
2395 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2396
2397 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2398 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2399 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2400 goto failed;
2401 }
2402
2403 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2404 if (!cmd) {
2405 err = -ENOMEM;
2406 goto failed;
2407 }
2408
2409 dc.handle = cpu_to_le16(conn->handle);
2410 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2411
2412 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2413 if (err < 0)
2414 mgmt_pending_remove(cmd);
2415
2416 failed:
2417 hci_dev_unlock(hdev);
2418 return err;
2419 }
2420
2421 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2422 {
2423 switch (link_type) {
2424 case LE_LINK:
2425 switch (addr_type) {
2426 case ADDR_LE_DEV_PUBLIC:
2427 return BDADDR_LE_PUBLIC;
2428
2429 default:
2430 /* Fallback to LE Random address type */
2431 return BDADDR_LE_RANDOM;
2432 }
2433
2434 default:
2435 /* Fallback to BR/EDR type */
2436 return BDADDR_BREDR;
2437 }
2438 }
2439
2440 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2441 u16 data_len)
2442 {
2443 struct mgmt_rp_get_connections *rp;
2444 struct hci_conn *c;
2445 size_t rp_len;
2446 int err;
2447 u16 i;
2448
2449 BT_DBG("");
2450
2451 hci_dev_lock(hdev);
2452
2453 if (!hdev_is_powered(hdev)) {
2454 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2455 MGMT_STATUS_NOT_POWERED);
2456 goto unlock;
2457 }
2458
2459 i = 0;
2460 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2461 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2462 i++;
2463 }
2464
2465 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2466 rp = kmalloc(rp_len, GFP_KERNEL);
2467 if (!rp) {
2468 err = -ENOMEM;
2469 goto unlock;
2470 }
2471
2472 i = 0;
2473 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2474 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2475 continue;
2476 bacpy(&rp->addr[i].bdaddr, &c->dst);
2477 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2478 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2479 continue;
2480 i++;
2481 }
2482
2483 rp->conn_count = cpu_to_le16(i);
2484
2485 /* Recalculate length in case of filtered SCO connections, etc */
2486 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2487
2488 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2489 rp_len);
2490
2491 kfree(rp);
2492
2493 unlock:
2494 hci_dev_unlock(hdev);
2495 return err;
2496 }
2497
2498 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2499 struct mgmt_cp_pin_code_neg_reply *cp)
2500 {
2501 struct pending_cmd *cmd;
2502 int err;
2503
2504 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2505 sizeof(*cp));
2506 if (!cmd)
2507 return -ENOMEM;
2508
2509 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2510 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2511 if (err < 0)
2512 mgmt_pending_remove(cmd);
2513
2514 return err;
2515 }
2516
2517 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2518 u16 len)
2519 {
2520 struct hci_conn *conn;
2521 struct mgmt_cp_pin_code_reply *cp = data;
2522 struct hci_cp_pin_code_reply reply;
2523 struct pending_cmd *cmd;
2524 int err;
2525
2526 BT_DBG("");
2527
2528 hci_dev_lock(hdev);
2529
2530 if (!hdev_is_powered(hdev)) {
2531 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2532 MGMT_STATUS_NOT_POWERED);
2533 goto failed;
2534 }
2535
2536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2537 if (!conn) {
2538 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2539 MGMT_STATUS_NOT_CONNECTED);
2540 goto failed;
2541 }
2542
2543 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2544 struct mgmt_cp_pin_code_neg_reply ncp;
2545
2546 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2547
2548 BT_ERR("PIN code is not 16 bytes long");
2549
2550 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2551 if (err >= 0)
2552 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2553 MGMT_STATUS_INVALID_PARAMS);
2554
2555 goto failed;
2556 }
2557
2558 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2559 if (!cmd) {
2560 err = -ENOMEM;
2561 goto failed;
2562 }
2563
2564 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2565 reply.pin_len = cp->pin_len;
2566 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2567
2568 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2569 if (err < 0)
2570 mgmt_pending_remove(cmd);
2571
2572 failed:
2573 hci_dev_unlock(hdev);
2574 return err;
2575 }
2576
2577 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2578 u16 len)
2579 {
2580 struct mgmt_cp_set_io_capability *cp = data;
2581
2582 BT_DBG("");
2583
2584 hci_dev_lock(hdev);
2585
2586 hdev->io_capability = cp->io_capability;
2587
2588 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2589 hdev->io_capability);
2590
2591 hci_dev_unlock(hdev);
2592
2593 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2594 0);
2595 }
2596
2597 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2598 {
2599 struct hci_dev *hdev = conn->hdev;
2600 struct pending_cmd *cmd;
2601
2602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2603 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2604 continue;
2605
2606 if (cmd->user_data != conn)
2607 continue;
2608
2609 return cmd;
2610 }
2611
2612 return NULL;
2613 }
2614
2615 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2616 {
2617 struct mgmt_rp_pair_device rp;
2618 struct hci_conn *conn = cmd->user_data;
2619
2620 bacpy(&rp.addr.bdaddr, &conn->dst);
2621 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2622
2623 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2624 &rp, sizeof(rp));
2625
2626 /* So we don't get further callbacks for this connection */
2627 conn->connect_cfm_cb = NULL;
2628 conn->security_cfm_cb = NULL;
2629 conn->disconn_cfm_cb = NULL;
2630
2631 hci_conn_drop(conn);
2632
2633 mgmt_pending_remove(cmd);
2634 }
2635
2636 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2637 {
2638 struct pending_cmd *cmd;
2639
2640 BT_DBG("status %u", status);
2641
2642 cmd = find_pairing(conn);
2643 if (!cmd)
2644 BT_DBG("Unable to find a pending command");
2645 else
2646 pairing_complete(cmd, mgmt_status(status));
2647 }
2648
2649 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2650 {
2651 struct pending_cmd *cmd;
2652
2653 BT_DBG("status %u", status);
2654
2655 if (!status)
2656 return;
2657
2658 cmd = find_pairing(conn);
2659 if (!cmd)
2660 BT_DBG("Unable to find a pending command");
2661 else
2662 pairing_complete(cmd, mgmt_status(status));
2663 }
2664
2665 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2666 u16 len)
2667 {
2668 struct mgmt_cp_pair_device *cp = data;
2669 struct mgmt_rp_pair_device rp;
2670 struct pending_cmd *cmd;
2671 u8 sec_level, auth_type;
2672 struct hci_conn *conn;
2673 int err;
2674
2675 BT_DBG("");
2676
2677 memset(&rp, 0, sizeof(rp));
2678 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2679 rp.addr.type = cp->addr.type;
2680
2681 if (!bdaddr_type_is_valid(cp->addr.type))
2682 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2683 MGMT_STATUS_INVALID_PARAMS,
2684 &rp, sizeof(rp));
2685
2686 hci_dev_lock(hdev);
2687
2688 if (!hdev_is_powered(hdev)) {
2689 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2690 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2691 goto unlock;
2692 }
2693
2694 sec_level = BT_SECURITY_MEDIUM;
2695 if (cp->io_cap == 0x03)
2696 auth_type = HCI_AT_DEDICATED_BONDING;
2697 else
2698 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2699
2700 if (cp->addr.type == BDADDR_BREDR)
2701 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2702 cp->addr.type, sec_level, auth_type);
2703 else
2704 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2705 cp->addr.type, sec_level, auth_type);
2706
2707 if (IS_ERR(conn)) {
2708 int status;
2709
2710 if (PTR_ERR(conn) == -EBUSY)
2711 status = MGMT_STATUS_BUSY;
2712 else
2713 status = MGMT_STATUS_CONNECT_FAILED;
2714
2715 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2716 status, &rp,
2717 sizeof(rp));
2718 goto unlock;
2719 }
2720
2721 if (conn->connect_cfm_cb) {
2722 hci_conn_drop(conn);
2723 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2724 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2725 goto unlock;
2726 }
2727
2728 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2729 if (!cmd) {
2730 err = -ENOMEM;
2731 hci_conn_drop(conn);
2732 goto unlock;
2733 }
2734
2735 /* For LE, just connecting isn't a proof that the pairing finished */
2736 if (cp->addr.type == BDADDR_BREDR)
2737 conn->connect_cfm_cb = pairing_complete_cb;
2738 else
2739 conn->connect_cfm_cb = le_connect_complete_cb;
2740
2741 conn->security_cfm_cb = pairing_complete_cb;
2742 conn->disconn_cfm_cb = pairing_complete_cb;
2743 conn->io_capability = cp->io_cap;
2744 cmd->user_data = conn;
2745
2746 if (conn->state == BT_CONNECTED &&
2747 hci_conn_security(conn, sec_level, auth_type))
2748 pairing_complete(cmd, 0);
2749
2750 err = 0;
2751
2752 unlock:
2753 hci_dev_unlock(hdev);
2754 return err;
2755 }
2756
2757 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2758 u16 len)
2759 {
2760 struct mgmt_addr_info *addr = data;
2761 struct pending_cmd *cmd;
2762 struct hci_conn *conn;
2763 int err;
2764
2765 BT_DBG("");
2766
2767 hci_dev_lock(hdev);
2768
2769 if (!hdev_is_powered(hdev)) {
2770 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2771 MGMT_STATUS_NOT_POWERED);
2772 goto unlock;
2773 }
2774
2775 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2776 if (!cmd) {
2777 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2778 MGMT_STATUS_INVALID_PARAMS);
2779 goto unlock;
2780 }
2781
2782 conn = cmd->user_data;
2783
2784 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2785 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2786 MGMT_STATUS_INVALID_PARAMS);
2787 goto unlock;
2788 }
2789
2790 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2791
2792 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2793 addr, sizeof(*addr));
2794 unlock:
2795 hci_dev_unlock(hdev);
2796 return err;
2797 }
2798
2799 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2800 struct mgmt_addr_info *addr, u16 mgmt_op,
2801 u16 hci_op, __le32 passkey)
2802 {
2803 struct pending_cmd *cmd;
2804 struct hci_conn *conn;
2805 int err;
2806
2807 hci_dev_lock(hdev);
2808
2809 if (!hdev_is_powered(hdev)) {
2810 err = cmd_complete(sk, hdev->id, mgmt_op,
2811 MGMT_STATUS_NOT_POWERED, addr,
2812 sizeof(*addr));
2813 goto done;
2814 }
2815
2816 if (addr->type == BDADDR_BREDR)
2817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2818 else
2819 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2820
2821 if (!conn) {
2822 err = cmd_complete(sk, hdev->id, mgmt_op,
2823 MGMT_STATUS_NOT_CONNECTED, addr,
2824 sizeof(*addr));
2825 goto done;
2826 }
2827
2828 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2829 /* Continue with pairing via SMP */
2830 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2831
2832 if (!err)
2833 err = cmd_complete(sk, hdev->id, mgmt_op,
2834 MGMT_STATUS_SUCCESS, addr,
2835 sizeof(*addr));
2836 else
2837 err = cmd_complete(sk, hdev->id, mgmt_op,
2838 MGMT_STATUS_FAILED, addr,
2839 sizeof(*addr));
2840
2841 goto done;
2842 }
2843
2844 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2845 if (!cmd) {
2846 err = -ENOMEM;
2847 goto done;
2848 }
2849
2850 /* Continue with pairing via HCI */
2851 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2852 struct hci_cp_user_passkey_reply cp;
2853
2854 bacpy(&cp.bdaddr, &addr->bdaddr);
2855 cp.passkey = passkey;
2856 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2857 } else
2858 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2859 &addr->bdaddr);
2860
2861 if (err < 0)
2862 mgmt_pending_remove(cmd);
2863
2864 done:
2865 hci_dev_unlock(hdev);
2866 return err;
2867 }
2868
2869 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2870 void *data, u16 len)
2871 {
2872 struct mgmt_cp_pin_code_neg_reply *cp = data;
2873
2874 BT_DBG("");
2875
2876 return user_pairing_resp(sk, hdev, &cp->addr,
2877 MGMT_OP_PIN_CODE_NEG_REPLY,
2878 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2879 }
2880
2881 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2882 u16 len)
2883 {
2884 struct mgmt_cp_user_confirm_reply *cp = data;
2885
2886 BT_DBG("");
2887
2888 if (len != sizeof(*cp))
2889 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2890 MGMT_STATUS_INVALID_PARAMS);
2891
2892 return user_pairing_resp(sk, hdev, &cp->addr,
2893 MGMT_OP_USER_CONFIRM_REPLY,
2894 HCI_OP_USER_CONFIRM_REPLY, 0);
2895 }
2896
2897 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2898 void *data, u16 len)
2899 {
2900 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2901
2902 BT_DBG("");
2903
2904 return user_pairing_resp(sk, hdev, &cp->addr,
2905 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2906 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2907 }
2908
2909 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2910 u16 len)
2911 {
2912 struct mgmt_cp_user_passkey_reply *cp = data;
2913
2914 BT_DBG("");
2915
2916 return user_pairing_resp(sk, hdev, &cp->addr,
2917 MGMT_OP_USER_PASSKEY_REPLY,
2918 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2919 }
2920
2921 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2922 void *data, u16 len)
2923 {
2924 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2925
2926 BT_DBG("");
2927
2928 return user_pairing_resp(sk, hdev, &cp->addr,
2929 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2930 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2931 }
2932
2933 static void update_name(struct hci_request *req)
2934 {
2935 struct hci_dev *hdev = req->hdev;
2936 struct hci_cp_write_local_name cp;
2937
2938 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2939
2940 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2941 }
2942
2943 static void set_name_complete(struct hci_dev *hdev, u8 status)
2944 {
2945 struct mgmt_cp_set_local_name *cp;
2946 struct pending_cmd *cmd;
2947
2948 BT_DBG("status 0x%02x", status);
2949
2950 hci_dev_lock(hdev);
2951
2952 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2953 if (!cmd)
2954 goto unlock;
2955
2956 cp = cmd->param;
2957
2958 if (status)
2959 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2960 mgmt_status(status));
2961 else
2962 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2963 cp, sizeof(*cp));
2964
2965 mgmt_pending_remove(cmd);
2966
2967 unlock:
2968 hci_dev_unlock(hdev);
2969 }
2970
2971 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2972 u16 len)
2973 {
2974 struct mgmt_cp_set_local_name *cp = data;
2975 struct pending_cmd *cmd;
2976 struct hci_request req;
2977 int err;
2978
2979 BT_DBG("");
2980
2981 hci_dev_lock(hdev);
2982
2983 /* If the old values are the same as the new ones just return a
2984 * direct command complete event.
2985 */
2986 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2987 !memcmp(hdev->short_name, cp->short_name,
2988 sizeof(hdev->short_name))) {
2989 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2990 data, len);
2991 goto failed;
2992 }
2993
2994 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2995
2996 if (!hdev_is_powered(hdev)) {
2997 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2998
2999 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3000 data, len);
3001 if (err < 0)
3002 goto failed;
3003
3004 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3005 sk);
3006
3007 goto failed;
3008 }
3009
3010 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3011 if (!cmd) {
3012 err = -ENOMEM;
3013 goto failed;
3014 }
3015
3016 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3017
3018 hci_req_init(&req, hdev);
3019
3020 if (lmp_bredr_capable(hdev)) {
3021 update_name(&req);
3022 update_eir(&req);
3023 }
3024
3025 /* The name is stored in the scan response data and so
3026 * no need to udpate the advertising data here.
3027 */
3028 if (lmp_le_capable(hdev))
3029 update_scan_rsp_data(&req);
3030
3031 err = hci_req_run(&req, set_name_complete);
3032 if (err < 0)
3033 mgmt_pending_remove(cmd);
3034
3035 failed:
3036 hci_dev_unlock(hdev);
3037 return err;
3038 }
3039
3040 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3041 void *data, u16 data_len)
3042 {
3043 struct pending_cmd *cmd;
3044 int err;
3045
3046 BT_DBG("%s", hdev->name);
3047
3048 hci_dev_lock(hdev);
3049
3050 if (!hdev_is_powered(hdev)) {
3051 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3052 MGMT_STATUS_NOT_POWERED);
3053 goto unlock;
3054 }
3055
3056 if (!lmp_ssp_capable(hdev)) {
3057 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3058 MGMT_STATUS_NOT_SUPPORTED);
3059 goto unlock;
3060 }
3061
3062 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3063 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3064 MGMT_STATUS_BUSY);
3065 goto unlock;
3066 }
3067
3068 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3069 if (!cmd) {
3070 err = -ENOMEM;
3071 goto unlock;
3072 }
3073
3074 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3075 if (err < 0)
3076 mgmt_pending_remove(cmd);
3077
3078 unlock:
3079 hci_dev_unlock(hdev);
3080 return err;
3081 }
3082
3083 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3084 void *data, u16 len)
3085 {
3086 struct mgmt_cp_add_remote_oob_data *cp = data;
3087 u8 status;
3088 int err;
3089
3090 BT_DBG("%s ", hdev->name);
3091
3092 hci_dev_lock(hdev);
3093
3094 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
3095 cp->randomizer);
3096 if (err < 0)
3097 status = MGMT_STATUS_FAILED;
3098 else
3099 status = MGMT_STATUS_SUCCESS;
3100
3101 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3102 &cp->addr, sizeof(cp->addr));
3103
3104 hci_dev_unlock(hdev);
3105 return err;
3106 }
3107
3108 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3109 void *data, u16 len)
3110 {
3111 struct mgmt_cp_remove_remote_oob_data *cp = data;
3112 u8 status;
3113 int err;
3114
3115 BT_DBG("%s", hdev->name);
3116
3117 hci_dev_lock(hdev);
3118
3119 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3120 if (err < 0)
3121 status = MGMT_STATUS_INVALID_PARAMS;
3122 else
3123 status = MGMT_STATUS_SUCCESS;
3124
3125 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3126 status, &cp->addr, sizeof(cp->addr));
3127
3128 hci_dev_unlock(hdev);
3129 return err;
3130 }
3131
3132 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3133 {
3134 struct pending_cmd *cmd;
3135 u8 type;
3136 int err;
3137
3138 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3139
3140 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3141 if (!cmd)
3142 return -ENOENT;
3143
3144 type = hdev->discovery.type;
3145
3146 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3147 &type, sizeof(type));
3148 mgmt_pending_remove(cmd);
3149
3150 return err;
3151 }
3152
3153 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3154 {
3155 BT_DBG("status %d", status);
3156
3157 if (status) {
3158 hci_dev_lock(hdev);
3159 mgmt_start_discovery_failed(hdev, status);
3160 hci_dev_unlock(hdev);
3161 return;
3162 }
3163
3164 hci_dev_lock(hdev);
3165 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3166 hci_dev_unlock(hdev);
3167
3168 switch (hdev->discovery.type) {
3169 case DISCOV_TYPE_LE:
3170 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3171 DISCOV_LE_TIMEOUT);
3172 break;
3173
3174 case DISCOV_TYPE_INTERLEAVED:
3175 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3176 DISCOV_INTERLEAVED_TIMEOUT);
3177 break;
3178
3179 case DISCOV_TYPE_BREDR:
3180 break;
3181
3182 default:
3183 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3184 }
3185 }
3186
3187 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3188 void *data, u16 len)
3189 {
3190 struct mgmt_cp_start_discovery *cp = data;
3191 struct pending_cmd *cmd;
3192 struct hci_cp_le_set_scan_param param_cp;
3193 struct hci_cp_le_set_scan_enable enable_cp;
3194 struct hci_cp_inquiry inq_cp;
3195 struct hci_request req;
3196 /* General inquiry access code (GIAC) */
3197 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3198 u8 status;
3199 int err;
3200
3201 BT_DBG("%s", hdev->name);
3202
3203 hci_dev_lock(hdev);
3204
3205 if (!hdev_is_powered(hdev)) {
3206 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3207 MGMT_STATUS_NOT_POWERED);
3208 goto failed;
3209 }
3210
3211 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3212 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3213 MGMT_STATUS_BUSY);
3214 goto failed;
3215 }
3216
3217 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3218 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3219 MGMT_STATUS_BUSY);
3220 goto failed;
3221 }
3222
3223 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3224 if (!cmd) {
3225 err = -ENOMEM;
3226 goto failed;
3227 }
3228
3229 hdev->discovery.type = cp->type;
3230
3231 hci_req_init(&req, hdev);
3232
3233 switch (hdev->discovery.type) {
3234 case DISCOV_TYPE_BREDR:
3235 status = mgmt_bredr_support(hdev);
3236 if (status) {
3237 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3238 status);
3239 mgmt_pending_remove(cmd);
3240 goto failed;
3241 }
3242
3243 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3244 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3245 MGMT_STATUS_BUSY);
3246 mgmt_pending_remove(cmd);
3247 goto failed;
3248 }
3249
3250 hci_inquiry_cache_flush(hdev);
3251
3252 memset(&inq_cp, 0, sizeof(inq_cp));
3253 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3254 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3255 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3256 break;
3257
3258 case DISCOV_TYPE_LE:
3259 case DISCOV_TYPE_INTERLEAVED:
3260 status = mgmt_le_support(hdev);
3261 if (status) {
3262 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3263 status);
3264 mgmt_pending_remove(cmd);
3265 goto failed;
3266 }
3267
3268 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3269 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3270 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3271 MGMT_STATUS_NOT_SUPPORTED);
3272 mgmt_pending_remove(cmd);
3273 goto failed;
3274 }
3275
3276 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3277 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3278 MGMT_STATUS_REJECTED);
3279 mgmt_pending_remove(cmd);
3280 goto failed;
3281 }
3282
3283 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3284 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3285 MGMT_STATUS_BUSY);
3286 mgmt_pending_remove(cmd);
3287 goto failed;
3288 }
3289
3290 memset(&param_cp, 0, sizeof(param_cp));
3291 param_cp.type = LE_SCAN_ACTIVE;
3292 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3293 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3294 param_cp.own_address_type = hdev->own_addr_type;
3295 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3296 &param_cp);
3297
3298 memset(&enable_cp, 0, sizeof(enable_cp));
3299 enable_cp.enable = LE_SCAN_ENABLE;
3300 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3301 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3302 &enable_cp);
3303 break;
3304
3305 default:
3306 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3307 MGMT_STATUS_INVALID_PARAMS);
3308 mgmt_pending_remove(cmd);
3309 goto failed;
3310 }
3311
3312 err = hci_req_run(&req, start_discovery_complete);
3313 if (err < 0)
3314 mgmt_pending_remove(cmd);
3315 else
3316 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3317
3318 failed:
3319 hci_dev_unlock(hdev);
3320 return err;
3321 }
3322
3323 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3324 {
3325 struct pending_cmd *cmd;
3326 int err;
3327
3328 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3329 if (!cmd)
3330 return -ENOENT;
3331
3332 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3333 &hdev->discovery.type, sizeof(hdev->discovery.type));
3334 mgmt_pending_remove(cmd);
3335
3336 return err;
3337 }
3338
3339 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3340 {
3341 BT_DBG("status %d", status);
3342
3343 hci_dev_lock(hdev);
3344
3345 if (status) {
3346 mgmt_stop_discovery_failed(hdev, status);
3347 goto unlock;
3348 }
3349
3350 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3351
3352 unlock:
3353 hci_dev_unlock(hdev);
3354 }
3355
3356 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3357 u16 len)
3358 {
3359 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3360 struct pending_cmd *cmd;
3361 struct hci_cp_remote_name_req_cancel cp;
3362 struct inquiry_entry *e;
3363 struct hci_request req;
3364 struct hci_cp_le_set_scan_enable enable_cp;
3365 int err;
3366
3367 BT_DBG("%s", hdev->name);
3368
3369 hci_dev_lock(hdev);
3370
3371 if (!hci_discovery_active(hdev)) {
3372 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3373 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3374 sizeof(mgmt_cp->type));
3375 goto unlock;
3376 }
3377
3378 if (hdev->discovery.type != mgmt_cp->type) {
3379 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3380 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3381 sizeof(mgmt_cp->type));
3382 goto unlock;
3383 }
3384
3385 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3386 if (!cmd) {
3387 err = -ENOMEM;
3388 goto unlock;
3389 }
3390
3391 hci_req_init(&req, hdev);
3392
3393 switch (hdev->discovery.state) {
3394 case DISCOVERY_FINDING:
3395 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3396 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3397 } else {
3398 cancel_delayed_work(&hdev->le_scan_disable);
3399
3400 memset(&enable_cp, 0, sizeof(enable_cp));
3401 enable_cp.enable = LE_SCAN_DISABLE;
3402 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3403 sizeof(enable_cp), &enable_cp);
3404 }
3405
3406 break;
3407
3408 case DISCOVERY_RESOLVING:
3409 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3410 NAME_PENDING);
3411 if (!e) {
3412 mgmt_pending_remove(cmd);
3413 err = cmd_complete(sk, hdev->id,
3414 MGMT_OP_STOP_DISCOVERY, 0,
3415 &mgmt_cp->type,
3416 sizeof(mgmt_cp->type));
3417 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3418 goto unlock;
3419 }
3420
3421 bacpy(&cp.bdaddr, &e->data.bdaddr);
3422 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3423 &cp);
3424
3425 break;
3426
3427 default:
3428 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3429
3430 mgmt_pending_remove(cmd);
3431 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3432 MGMT_STATUS_FAILED, &mgmt_cp->type,
3433 sizeof(mgmt_cp->type));
3434 goto unlock;
3435 }
3436
3437 err = hci_req_run(&req, stop_discovery_complete);
3438 if (err < 0)
3439 mgmt_pending_remove(cmd);
3440 else
3441 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3442
3443 unlock:
3444 hci_dev_unlock(hdev);
3445 return err;
3446 }
3447
3448 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3449 u16 len)
3450 {
3451 struct mgmt_cp_confirm_name *cp = data;
3452 struct inquiry_entry *e;
3453 int err;
3454
3455 BT_DBG("%s", hdev->name);
3456
3457 hci_dev_lock(hdev);
3458
3459 if (!hci_discovery_active(hdev)) {
3460 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3461 MGMT_STATUS_FAILED);
3462 goto failed;
3463 }
3464
3465 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3466 if (!e) {
3467 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3468 MGMT_STATUS_INVALID_PARAMS);
3469 goto failed;
3470 }
3471
3472 if (cp->name_known) {
3473 e->name_state = NAME_KNOWN;
3474 list_del(&e->list);
3475 } else {
3476 e->name_state = NAME_NEEDED;
3477 hci_inquiry_cache_update_resolve(hdev, e);
3478 }
3479
3480 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3481 sizeof(cp->addr));
3482
3483 failed:
3484 hci_dev_unlock(hdev);
3485 return err;
3486 }
3487
3488 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3489 u16 len)
3490 {
3491 struct mgmt_cp_block_device *cp = data;
3492 u8 status;
3493 int err;
3494
3495 BT_DBG("%s", hdev->name);
3496
3497 if (!bdaddr_type_is_valid(cp->addr.type))
3498 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3499 MGMT_STATUS_INVALID_PARAMS,
3500 &cp->addr, sizeof(cp->addr));
3501
3502 hci_dev_lock(hdev);
3503
3504 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3505 if (err < 0)
3506 status = MGMT_STATUS_FAILED;
3507 else
3508 status = MGMT_STATUS_SUCCESS;
3509
3510 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3511 &cp->addr, sizeof(cp->addr));
3512
3513 hci_dev_unlock(hdev);
3514
3515 return err;
3516 }
3517
3518 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3519 u16 len)
3520 {
3521 struct mgmt_cp_unblock_device *cp = data;
3522 u8 status;
3523 int err;
3524
3525 BT_DBG("%s", hdev->name);
3526
3527 if (!bdaddr_type_is_valid(cp->addr.type))
3528 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3529 MGMT_STATUS_INVALID_PARAMS,
3530 &cp->addr, sizeof(cp->addr));
3531
3532 hci_dev_lock(hdev);
3533
3534 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3535 if (err < 0)
3536 status = MGMT_STATUS_INVALID_PARAMS;
3537 else
3538 status = MGMT_STATUS_SUCCESS;
3539
3540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3541 &cp->addr, sizeof(cp->addr));
3542
3543 hci_dev_unlock(hdev);
3544
3545 return err;
3546 }
3547
3548 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3549 u16 len)
3550 {
3551 struct mgmt_cp_set_device_id *cp = data;
3552 struct hci_request req;
3553 int err;
3554 __u16 source;
3555
3556 BT_DBG("%s", hdev->name);
3557
3558 source = __le16_to_cpu(cp->source);
3559
3560 if (source > 0x0002)
3561 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3562 MGMT_STATUS_INVALID_PARAMS);
3563
3564 hci_dev_lock(hdev);
3565
3566 hdev->devid_source = source;
3567 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3568 hdev->devid_product = __le16_to_cpu(cp->product);
3569 hdev->devid_version = __le16_to_cpu(cp->version);
3570
3571 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3572
3573 hci_req_init(&req, hdev);
3574 update_eir(&req);
3575 hci_req_run(&req, NULL);
3576
3577 hci_dev_unlock(hdev);
3578
3579 return err;
3580 }
3581
3582 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3583 {
3584 struct cmd_lookup match = { NULL, hdev };
3585
3586 if (status) {
3587 u8 mgmt_err = mgmt_status(status);
3588
3589 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3590 cmd_status_rsp, &mgmt_err);
3591 return;
3592 }
3593
3594 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3595 &match);
3596
3597 new_settings(hdev, match.sk);
3598
3599 if (match.sk)
3600 sock_put(match.sk);
3601 }
3602
3603 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3604 u16 len)
3605 {
3606 struct mgmt_mode *cp = data;
3607 struct pending_cmd *cmd;
3608 struct hci_request req;
3609 u8 val, enabled, status;
3610 int err;
3611
3612 BT_DBG("request for %s", hdev->name);
3613
3614 status = mgmt_le_support(hdev);
3615 if (status)
3616 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3617 status);
3618
3619 if (cp->val != 0x00 && cp->val != 0x01)
3620 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3621 MGMT_STATUS_INVALID_PARAMS);
3622
3623 hci_dev_lock(hdev);
3624
3625 val = !!cp->val;
3626 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3627
3628 /* The following conditions are ones which mean that we should
3629 * not do any HCI communication but directly send a mgmt
3630 * response to user space (after toggling the flag if
3631 * necessary).
3632 */
3633 if (!hdev_is_powered(hdev) || val == enabled ||
3634 hci_conn_num(hdev, LE_LINK) > 0) {
3635 bool changed = false;
3636
3637 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3638 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3639 changed = true;
3640 }
3641
3642 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3643 if (err < 0)
3644 goto unlock;
3645
3646 if (changed)
3647 err = new_settings(hdev, sk);
3648
3649 goto unlock;
3650 }
3651
3652 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3653 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3654 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3655 MGMT_STATUS_BUSY);
3656 goto unlock;
3657 }
3658
3659 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3660 if (!cmd) {
3661 err = -ENOMEM;
3662 goto unlock;
3663 }
3664
3665 hci_req_init(&req, hdev);
3666
3667 if (val)
3668 enable_advertising(&req);
3669 else
3670 disable_advertising(&req);
3671
3672 err = hci_req_run(&req, set_advertising_complete);
3673 if (err < 0)
3674 mgmt_pending_remove(cmd);
3675
3676 unlock:
3677 hci_dev_unlock(hdev);
3678 return err;
3679 }
3680
3681 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3682 void *data, u16 len)
3683 {
3684 struct mgmt_cp_set_static_address *cp = data;
3685 int err;
3686
3687 BT_DBG("%s", hdev->name);
3688
3689 if (!lmp_le_capable(hdev))
3690 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3691 MGMT_STATUS_NOT_SUPPORTED);
3692
3693 if (hdev_is_powered(hdev))
3694 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3695 MGMT_STATUS_REJECTED);
3696
3697 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3698 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3699 return cmd_status(sk, hdev->id,
3700 MGMT_OP_SET_STATIC_ADDRESS,
3701 MGMT_STATUS_INVALID_PARAMS);
3702
3703 /* Two most significant bits shall be set */
3704 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3705 return cmd_status(sk, hdev->id,
3706 MGMT_OP_SET_STATIC_ADDRESS,
3707 MGMT_STATUS_INVALID_PARAMS);
3708 }
3709
3710 hci_dev_lock(hdev);
3711
3712 bacpy(&hdev->static_addr, &cp->bdaddr);
3713
3714 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3715
3716 hci_dev_unlock(hdev);
3717
3718 return err;
3719 }
3720
3721 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3722 void *data, u16 len)
3723 {
3724 struct mgmt_cp_set_scan_params *cp = data;
3725 __u16 interval, window;
3726 int err;
3727
3728 BT_DBG("%s", hdev->name);
3729
3730 if (!lmp_le_capable(hdev))
3731 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3732 MGMT_STATUS_NOT_SUPPORTED);
3733
3734 interval = __le16_to_cpu(cp->interval);
3735
3736 if (interval < 0x0004 || interval > 0x4000)
3737 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3738 MGMT_STATUS_INVALID_PARAMS);
3739
3740 window = __le16_to_cpu(cp->window);
3741
3742 if (window < 0x0004 || window > 0x4000)
3743 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3744 MGMT_STATUS_INVALID_PARAMS);
3745
3746 if (window > interval)
3747 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3748 MGMT_STATUS_INVALID_PARAMS);
3749
3750 hci_dev_lock(hdev);
3751
3752 hdev->le_scan_interval = interval;
3753 hdev->le_scan_window = window;
3754
3755 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3756
3757 hci_dev_unlock(hdev);
3758
3759 return err;
3760 }
3761
3762 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3763 {
3764 struct pending_cmd *cmd;
3765
3766 BT_DBG("status 0x%02x", status);
3767
3768 hci_dev_lock(hdev);
3769
3770 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3771 if (!cmd)
3772 goto unlock;
3773
3774 if (status) {
3775 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3776 mgmt_status(status));
3777 } else {
3778 struct mgmt_mode *cp = cmd->param;
3779
3780 if (cp->val)
3781 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3782 else
3783 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3784
3785 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3786 new_settings(hdev, cmd->sk);
3787 }
3788
3789 mgmt_pending_remove(cmd);
3790
3791 unlock:
3792 hci_dev_unlock(hdev);
3793 }
3794
3795 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3796 void *data, u16 len)
3797 {
3798 struct mgmt_mode *cp = data;
3799 struct pending_cmd *cmd;
3800 struct hci_request req;
3801 int err;
3802
3803 BT_DBG("%s", hdev->name);
3804
3805 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3806 hdev->hci_ver < BLUETOOTH_VER_1_2)
3807 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3808 MGMT_STATUS_NOT_SUPPORTED);
3809
3810 if (cp->val != 0x00 && cp->val != 0x01)
3811 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3812 MGMT_STATUS_INVALID_PARAMS);
3813
3814 if (!hdev_is_powered(hdev))
3815 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3816 MGMT_STATUS_NOT_POWERED);
3817
3818 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3819 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3820 MGMT_STATUS_REJECTED);
3821
3822 hci_dev_lock(hdev);
3823
3824 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3825 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3826 MGMT_STATUS_BUSY);
3827 goto unlock;
3828 }
3829
3830 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3831 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3832 hdev);
3833 goto unlock;
3834 }
3835
3836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3837 data, len);
3838 if (!cmd) {
3839 err = -ENOMEM;
3840 goto unlock;
3841 }
3842
3843 hci_req_init(&req, hdev);
3844
3845 write_fast_connectable(&req, cp->val);
3846
3847 err = hci_req_run(&req, fast_connectable_complete);
3848 if (err < 0) {
3849 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3850 MGMT_STATUS_FAILED);
3851 mgmt_pending_remove(cmd);
3852 }
3853
3854 unlock:
3855 hci_dev_unlock(hdev);
3856
3857 return err;
3858 }
3859
3860 static void set_bredr_scan(struct hci_request *req)
3861 {
3862 struct hci_dev *hdev = req->hdev;
3863 u8 scan = 0;
3864
3865 /* Ensure that fast connectable is disabled. This function will
3866 * not do anything if the page scan parameters are already what
3867 * they should be.
3868 */
3869 write_fast_connectable(req, false);
3870
3871 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3872 scan |= SCAN_PAGE;
3873 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3874 scan |= SCAN_INQUIRY;
3875
3876 if (scan)
3877 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3878 }
3879
3880 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3881 {
3882 struct pending_cmd *cmd;
3883
3884 BT_DBG("status 0x%02x", status);
3885
3886 hci_dev_lock(hdev);
3887
3888 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3889 if (!cmd)
3890 goto unlock;
3891
3892 if (status) {
3893 u8 mgmt_err = mgmt_status(status);
3894
3895 /* We need to restore the flag if related HCI commands
3896 * failed.
3897 */
3898 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3899
3900 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3901 } else {
3902 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3903 new_settings(hdev, cmd->sk);
3904 }
3905
3906 mgmt_pending_remove(cmd);
3907
3908 unlock:
3909 hci_dev_unlock(hdev);
3910 }
3911
3912 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3913 {
3914 struct mgmt_mode *cp = data;
3915 struct pending_cmd *cmd;
3916 struct hci_request req;
3917 int err;
3918
3919 BT_DBG("request for %s", hdev->name);
3920
3921 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3922 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3923 MGMT_STATUS_NOT_SUPPORTED);
3924
3925 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3926 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3927 MGMT_STATUS_REJECTED);
3928
3929 if (cp->val != 0x00 && cp->val != 0x01)
3930 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3931 MGMT_STATUS_INVALID_PARAMS);
3932
3933 hci_dev_lock(hdev);
3934
3935 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3936 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3937 goto unlock;
3938 }
3939
3940 if (!hdev_is_powered(hdev)) {
3941 if (!cp->val) {
3942 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3943 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3944 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3945 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3946 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3947 }
3948
3949 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3950
3951 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3952 if (err < 0)
3953 goto unlock;
3954
3955 err = new_settings(hdev, sk);
3956 goto unlock;
3957 }
3958
3959 /* Reject disabling when powered on */
3960 if (!cp->val) {
3961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3962 MGMT_STATUS_REJECTED);
3963 goto unlock;
3964 }
3965
3966 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3967 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3968 MGMT_STATUS_BUSY);
3969 goto unlock;
3970 }
3971
3972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3973 if (!cmd) {
3974 err = -ENOMEM;
3975 goto unlock;
3976 }
3977
3978 /* We need to flip the bit already here so that update_adv_data
3979 * generates the correct flags.
3980 */
3981 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3982
3983 hci_req_init(&req, hdev);
3984
3985 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3986 set_bredr_scan(&req);
3987
3988 /* Since only the advertising data flags will change, there
3989 * is no need to update the scan response data.
3990 */
3991 update_adv_data(&req);
3992
3993 err = hci_req_run(&req, set_bredr_complete);
3994 if (err < 0)
3995 mgmt_pending_remove(cmd);
3996
3997 unlock:
3998 hci_dev_unlock(hdev);
3999 return err;
4000 }
4001
4002 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4003 {
4004 if (key->authenticated != 0x00 && key->authenticated != 0x01)
4005 return false;
4006 if (key->master != 0x00 && key->master != 0x01)
4007 return false;
4008 if (!bdaddr_type_is_le(key->addr.type))
4009 return false;
4010 return true;
4011 }
4012
4013 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4014 void *cp_data, u16 len)
4015 {
4016 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4017 u16 key_count, expected_len;
4018 int i, err;
4019
4020 BT_DBG("request for %s", hdev->name);
4021
4022 if (!lmp_le_capable(hdev))
4023 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4024 MGMT_STATUS_NOT_SUPPORTED);
4025
4026 key_count = __le16_to_cpu(cp->key_count);
4027
4028 expected_len = sizeof(*cp) + key_count *
4029 sizeof(struct mgmt_ltk_info);
4030 if (expected_len != len) {
4031 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4032 len, expected_len);
4033 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4034 MGMT_STATUS_INVALID_PARAMS);
4035 }
4036
4037 BT_DBG("%s key_count %u", hdev->name, key_count);
4038
4039 for (i = 0; i < key_count; i++) {
4040 struct mgmt_ltk_info *key = &cp->keys[i];
4041
4042 if (!ltk_is_valid(key))
4043 return cmd_status(sk, hdev->id,
4044 MGMT_OP_LOAD_LONG_TERM_KEYS,
4045 MGMT_STATUS_INVALID_PARAMS);
4046 }
4047
4048 hci_dev_lock(hdev);
4049
4050 hci_smp_ltks_clear(hdev);
4051
4052 for (i = 0; i < key_count; i++) {
4053 struct mgmt_ltk_info *key = &cp->keys[i];
4054 u8 type, addr_type;
4055
4056 if (key->addr.type == BDADDR_LE_PUBLIC)
4057 addr_type = ADDR_LE_DEV_PUBLIC;
4058 else
4059 addr_type = ADDR_LE_DEV_RANDOM;
4060
4061 if (key->master)
4062 type = HCI_SMP_LTK;
4063 else
4064 type = HCI_SMP_LTK_SLAVE;
4065
4066 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
4067 type, 0, key->authenticated, key->val,
4068 key->enc_size, key->ediv, key->rand);
4069 }
4070
4071 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4072 NULL, 0);
4073
4074 hci_dev_unlock(hdev);
4075
4076 return err;
4077 }
4078
4079 static const struct mgmt_handler {
4080 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4081 u16 data_len);
4082 bool var_len;
4083 size_t data_len;
4084 } mgmt_handlers[] = {
4085 { NULL }, /* 0x0000 (no command) */
4086 { read_version, false, MGMT_READ_VERSION_SIZE },
4087 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4088 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4089 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4090 { set_powered, false, MGMT_SETTING_SIZE },
4091 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4092 { set_connectable, false, MGMT_SETTING_SIZE },
4093 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4094 { set_pairable, false, MGMT_SETTING_SIZE },
4095 { set_link_security, false, MGMT_SETTING_SIZE },
4096 { set_ssp, false, MGMT_SETTING_SIZE },
4097 { set_hs, false, MGMT_SETTING_SIZE },
4098 { set_le, false, MGMT_SETTING_SIZE },
4099 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4100 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4101 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4102 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4103 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4104 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4105 { disconnect, false, MGMT_DISCONNECT_SIZE },
4106 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4107 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4108 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4109 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4110 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4111 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4112 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4113 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4114 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4115 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4116 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4117 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4118 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4119 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4120 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4121 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4122 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4123 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4124 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4125 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4126 { set_advertising, false, MGMT_SETTING_SIZE },
4127 { set_bredr, false, MGMT_SETTING_SIZE },
4128 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4129 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4130 };
4131
4132
4133 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4134 {
4135 void *buf;
4136 u8 *cp;
4137 struct mgmt_hdr *hdr;
4138 u16 opcode, index, len;
4139 struct hci_dev *hdev = NULL;
4140 const struct mgmt_handler *handler;
4141 int err;
4142
4143 BT_DBG("got %zu bytes", msglen);
4144
4145 if (msglen < sizeof(*hdr))
4146 return -EINVAL;
4147
4148 buf = kmalloc(msglen, GFP_KERNEL);
4149 if (!buf)
4150 return -ENOMEM;
4151
4152 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4153 err = -EFAULT;
4154 goto done;
4155 }
4156
4157 hdr = buf;
4158 opcode = __le16_to_cpu(hdr->opcode);
4159 index = __le16_to_cpu(hdr->index);
4160 len = __le16_to_cpu(hdr->len);
4161
4162 if (len != msglen - sizeof(*hdr)) {
4163 err = -EINVAL;
4164 goto done;
4165 }
4166
4167 if (index != MGMT_INDEX_NONE) {
4168 hdev = hci_dev_get(index);
4169 if (!hdev) {
4170 err = cmd_status(sk, index, opcode,
4171 MGMT_STATUS_INVALID_INDEX);
4172 goto done;
4173 }
4174
4175 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4176 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4177 err = cmd_status(sk, index, opcode,
4178 MGMT_STATUS_INVALID_INDEX);
4179 goto done;
4180 }
4181 }
4182
4183 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4184 mgmt_handlers[opcode].func == NULL) {
4185 BT_DBG("Unknown op %u", opcode);
4186 err = cmd_status(sk, index, opcode,
4187 MGMT_STATUS_UNKNOWN_COMMAND);
4188 goto done;
4189 }
4190
4191 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4192 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4193 err = cmd_status(sk, index, opcode,
4194 MGMT_STATUS_INVALID_INDEX);
4195 goto done;
4196 }
4197
4198 handler = &mgmt_handlers[opcode];
4199
4200 if ((handler->var_len && len < handler->data_len) ||
4201 (!handler->var_len && len != handler->data_len)) {
4202 err = cmd_status(sk, index, opcode,
4203 MGMT_STATUS_INVALID_PARAMS);
4204 goto done;
4205 }
4206
4207 if (hdev)
4208 mgmt_init_hdev(sk, hdev);
4209
4210 cp = buf + sizeof(*hdr);
4211
4212 err = handler->func(sk, hdev, cp, len);
4213 if (err < 0)
4214 goto done;
4215
4216 err = msglen;
4217
4218 done:
4219 if (hdev)
4220 hci_dev_put(hdev);
4221
4222 kfree(buf);
4223 return err;
4224 }
4225
4226 void mgmt_index_added(struct hci_dev *hdev)
4227 {
4228 if (hdev->dev_type != HCI_BREDR)
4229 return;
4230
4231 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4232 }
4233
4234 void mgmt_index_removed(struct hci_dev *hdev)
4235 {
4236 u8 status = MGMT_STATUS_INVALID_INDEX;
4237
4238 if (hdev->dev_type != HCI_BREDR)
4239 return;
4240
4241 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4242
4243 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4244 }
4245
4246 static void powered_complete(struct hci_dev *hdev, u8 status)
4247 {
4248 struct cmd_lookup match = { NULL, hdev };
4249
4250 BT_DBG("status 0x%02x", status);
4251
4252 hci_dev_lock(hdev);
4253
4254 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4255
4256 new_settings(hdev, match.sk);
4257
4258 hci_dev_unlock(hdev);
4259
4260 if (match.sk)
4261 sock_put(match.sk);
4262 }
4263
4264 static int powered_update_hci(struct hci_dev *hdev)
4265 {
4266 struct hci_request req;
4267 u8 link_sec;
4268
4269 hci_req_init(&req, hdev);
4270
4271 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4272 !lmp_host_ssp_capable(hdev)) {
4273 u8 ssp = 1;
4274
4275 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4276 }
4277
4278 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4279 lmp_bredr_capable(hdev)) {
4280 struct hci_cp_write_le_host_supported cp;
4281
4282 cp.le = 1;
4283 cp.simul = lmp_le_br_capable(hdev);
4284
4285 /* Check first if we already have the right
4286 * host state (host features set)
4287 */
4288 if (cp.le != lmp_host_le_capable(hdev) ||
4289 cp.simul != lmp_host_le_br_capable(hdev))
4290 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4291 sizeof(cp), &cp);
4292 }
4293
4294 if (lmp_le_capable(hdev)) {
4295 /* Set random address to static address if configured */
4296 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4297 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4298 &hdev->static_addr);
4299
4300 /* Make sure the controller has a good default for
4301 * advertising data. This also applies to the case
4302 * where BR/EDR was toggled during the AUTO_OFF phase.
4303 */
4304 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4305 update_adv_data(&req);
4306 update_scan_rsp_data(&req);
4307 }
4308
4309 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4310 enable_advertising(&req);
4311 }
4312
4313 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4314 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4315 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4316 sizeof(link_sec), &link_sec);
4317
4318 if (lmp_bredr_capable(hdev)) {
4319 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4320 set_bredr_scan(&req);
4321 update_class(&req);
4322 update_name(&req);
4323 update_eir(&req);
4324 }
4325
4326 return hci_req_run(&req, powered_complete);
4327 }
4328
4329 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4330 {
4331 struct cmd_lookup match = { NULL, hdev };
4332 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4333 u8 zero_cod[] = { 0, 0, 0 };
4334 int err;
4335
4336 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4337 return 0;
4338
4339 if (powered) {
4340 if (powered_update_hci(hdev) == 0)
4341 return 0;
4342
4343 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4344 &match);
4345 goto new_settings;
4346 }
4347
4348 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4349 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4350
4351 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4352 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4353 zero_cod, sizeof(zero_cod), NULL);
4354
4355 new_settings:
4356 err = new_settings(hdev, match.sk);
4357
4358 if (match.sk)
4359 sock_put(match.sk);
4360
4361 return err;
4362 }
4363
4364 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4365 {
4366 struct pending_cmd *cmd;
4367 u8 status;
4368
4369 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4370 if (!cmd)
4371 return;
4372
4373 if (err == -ERFKILL)
4374 status = MGMT_STATUS_RFKILLED;
4375 else
4376 status = MGMT_STATUS_FAILED;
4377
4378 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4379
4380 mgmt_pending_remove(cmd);
4381 }
4382
4383 void mgmt_discoverable_timeout(struct hci_dev *hdev)
4384 {
4385 struct hci_request req;
4386
4387 hci_dev_lock(hdev);
4388
4389 /* When discoverable timeout triggers, then just make sure
4390 * the limited discoverable flag is cleared. Even in the case
4391 * of a timeout triggered from general discoverable, it is
4392 * safe to unconditionally clear the flag.
4393 */
4394 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4395 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4396
4397 hci_req_init(&req, hdev);
4398 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4399 u8 scan = SCAN_PAGE;
4400 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4401 sizeof(scan), &scan);
4402 }
4403 update_class(&req);
4404 update_adv_data(&req);
4405 hci_req_run(&req, NULL);
4406
4407 hdev->discov_timeout = 0;
4408
4409 new_settings(hdev, NULL);
4410
4411 hci_dev_unlock(hdev);
4412 }
4413
4414 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4415 {
4416 bool changed;
4417
4418 /* Nothing needed here if there's a pending command since that
4419 * commands request completion callback takes care of everything
4420 * necessary.
4421 */
4422 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4423 return;
4424
4425 if (discoverable) {
4426 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4427 } else {
4428 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4429 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4430 }
4431
4432 if (changed) {
4433 struct hci_request req;
4434
4435 /* In case this change in discoverable was triggered by
4436 * a disabling of connectable there could be a need to
4437 * update the advertising flags.
4438 */
4439 hci_req_init(&req, hdev);
4440 update_adv_data(&req);
4441 hci_req_run(&req, NULL);
4442
4443 new_settings(hdev, NULL);
4444 }
4445 }
4446
4447 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4448 {
4449 bool changed;
4450
4451 /* Nothing needed here if there's a pending command since that
4452 * commands request completion callback takes care of everything
4453 * necessary.
4454 */
4455 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4456 return;
4457
4458 if (connectable)
4459 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4460 else
4461 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4462
4463 if (changed)
4464 new_settings(hdev, NULL);
4465 }
4466
4467 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4468 {
4469 u8 mgmt_err = mgmt_status(status);
4470
4471 if (scan & SCAN_PAGE)
4472 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4473 cmd_status_rsp, &mgmt_err);
4474
4475 if (scan & SCAN_INQUIRY)
4476 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4477 cmd_status_rsp, &mgmt_err);
4478 }
4479
4480 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4481 bool persistent)
4482 {
4483 struct mgmt_ev_new_link_key ev;
4484
4485 memset(&ev, 0, sizeof(ev));
4486
4487 ev.store_hint = persistent;
4488 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4489 ev.key.addr.type = BDADDR_BREDR;
4490 ev.key.type = key->type;
4491 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4492 ev.key.pin_len = key->pin_len;
4493
4494 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4495 }
4496
4497 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4498 {
4499 struct mgmt_ev_new_long_term_key ev;
4500
4501 memset(&ev, 0, sizeof(ev));
4502
4503 ev.store_hint = persistent;
4504 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4505 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4506 ev.key.authenticated = key->authenticated;
4507 ev.key.enc_size = key->enc_size;
4508 ev.key.ediv = key->ediv;
4509
4510 if (key->type == HCI_SMP_LTK)
4511 ev.key.master = 1;
4512
4513 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4514 memcpy(ev.key.val, key->val, sizeof(key->val));
4515
4516 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
4517 }
4518
4519 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4520 u8 data_len)
4521 {
4522 eir[eir_len++] = sizeof(type) + data_len;
4523 eir[eir_len++] = type;
4524 memcpy(&eir[eir_len], data, data_len);
4525 eir_len += data_len;
4526
4527 return eir_len;
4528 }
4529
4530 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4531 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4532 u8 *dev_class)
4533 {
4534 char buf[512];
4535 struct mgmt_ev_device_connected *ev = (void *) buf;
4536 u16 eir_len = 0;
4537
4538 bacpy(&ev->addr.bdaddr, bdaddr);
4539 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4540
4541 ev->flags = __cpu_to_le32(flags);
4542
4543 if (name_len > 0)
4544 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4545 name, name_len);
4546
4547 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4548 eir_len = eir_append_data(ev->eir, eir_len,
4549 EIR_CLASS_OF_DEV, dev_class, 3);
4550
4551 ev->eir_len = cpu_to_le16(eir_len);
4552
4553 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4554 sizeof(*ev) + eir_len, NULL);
4555 }
4556
4557 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4558 {
4559 struct mgmt_cp_disconnect *cp = cmd->param;
4560 struct sock **sk = data;
4561 struct mgmt_rp_disconnect rp;
4562
4563 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4564 rp.addr.type = cp->addr.type;
4565
4566 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4567 sizeof(rp));
4568
4569 *sk = cmd->sk;
4570 sock_hold(*sk);
4571
4572 mgmt_pending_remove(cmd);
4573 }
4574
4575 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4576 {
4577 struct hci_dev *hdev = data;
4578 struct mgmt_cp_unpair_device *cp = cmd->param;
4579 struct mgmt_rp_unpair_device rp;
4580
4581 memset(&rp, 0, sizeof(rp));
4582 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4583 rp.addr.type = cp->addr.type;
4584
4585 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4586
4587 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4588
4589 mgmt_pending_remove(cmd);
4590 }
4591
4592 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4593 u8 link_type, u8 addr_type, u8 reason)
4594 {
4595 struct mgmt_ev_device_disconnected ev;
4596 struct sock *sk = NULL;
4597
4598 if (link_type != ACL_LINK && link_type != LE_LINK)
4599 return;
4600
4601 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4602
4603 bacpy(&ev.addr.bdaddr, bdaddr);
4604 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4605 ev.reason = reason;
4606
4607 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4608
4609 if (sk)
4610 sock_put(sk);
4611
4612 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4613 hdev);
4614 }
4615
4616 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4617 u8 link_type, u8 addr_type, u8 status)
4618 {
4619 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4620 struct mgmt_cp_disconnect *cp;
4621 struct mgmt_rp_disconnect rp;
4622 struct pending_cmd *cmd;
4623
4624 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4625 hdev);
4626
4627 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4628 if (!cmd)
4629 return;
4630
4631 cp = cmd->param;
4632
4633 if (bacmp(bdaddr, &cp->addr.bdaddr))
4634 return;
4635
4636 if (cp->addr.type != bdaddr_type)
4637 return;
4638
4639 bacpy(&rp.addr.bdaddr, bdaddr);
4640 rp.addr.type = bdaddr_type;
4641
4642 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4643 mgmt_status(status), &rp, sizeof(rp));
4644
4645 mgmt_pending_remove(cmd);
4646 }
4647
4648 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4649 u8 addr_type, u8 status)
4650 {
4651 struct mgmt_ev_connect_failed ev;
4652
4653 bacpy(&ev.addr.bdaddr, bdaddr);
4654 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4655 ev.status = mgmt_status(status);
4656
4657 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4658 }
4659
4660 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4661 {
4662 struct mgmt_ev_pin_code_request ev;
4663
4664 bacpy(&ev.addr.bdaddr, bdaddr);
4665 ev.addr.type = BDADDR_BREDR;
4666 ev.secure = secure;
4667
4668 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
4669 }
4670
4671 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4672 u8 status)
4673 {
4674 struct pending_cmd *cmd;
4675 struct mgmt_rp_pin_code_reply rp;
4676
4677 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4678 if (!cmd)
4679 return;
4680
4681 bacpy(&rp.addr.bdaddr, bdaddr);
4682 rp.addr.type = BDADDR_BREDR;
4683
4684 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4685 mgmt_status(status), &rp, sizeof(rp));
4686
4687 mgmt_pending_remove(cmd);
4688 }
4689
4690 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4691 u8 status)
4692 {
4693 struct pending_cmd *cmd;
4694 struct mgmt_rp_pin_code_reply rp;
4695
4696 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4697 if (!cmd)
4698 return;
4699
4700 bacpy(&rp.addr.bdaddr, bdaddr);
4701 rp.addr.type = BDADDR_BREDR;
4702
4703 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4704 mgmt_status(status), &rp, sizeof(rp));
4705
4706 mgmt_pending_remove(cmd);
4707 }
4708
4709 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4710 u8 link_type, u8 addr_type, __le32 value,
4711 u8 confirm_hint)
4712 {
4713 struct mgmt_ev_user_confirm_request ev;
4714
4715 BT_DBG("%s", hdev->name);
4716
4717 bacpy(&ev.addr.bdaddr, bdaddr);
4718 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4719 ev.confirm_hint = confirm_hint;
4720 ev.value = value;
4721
4722 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4723 NULL);
4724 }
4725
4726 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4727 u8 link_type, u8 addr_type)
4728 {
4729 struct mgmt_ev_user_passkey_request ev;
4730
4731 BT_DBG("%s", hdev->name);
4732
4733 bacpy(&ev.addr.bdaddr, bdaddr);
4734 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4735
4736 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4737 NULL);
4738 }
4739
4740 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4741 u8 link_type, u8 addr_type, u8 status,
4742 u8 opcode)
4743 {
4744 struct pending_cmd *cmd;
4745 struct mgmt_rp_user_confirm_reply rp;
4746 int err;
4747
4748 cmd = mgmt_pending_find(opcode, hdev);
4749 if (!cmd)
4750 return -ENOENT;
4751
4752 bacpy(&rp.addr.bdaddr, bdaddr);
4753 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4754 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4755 &rp, sizeof(rp));
4756
4757 mgmt_pending_remove(cmd);
4758
4759 return err;
4760 }
4761
4762 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4763 u8 link_type, u8 addr_type, u8 status)
4764 {
4765 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4766 status, MGMT_OP_USER_CONFIRM_REPLY);
4767 }
4768
4769 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4770 u8 link_type, u8 addr_type, u8 status)
4771 {
4772 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4773 status,
4774 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4775 }
4776
4777 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4778 u8 link_type, u8 addr_type, u8 status)
4779 {
4780 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4781 status, MGMT_OP_USER_PASSKEY_REPLY);
4782 }
4783
4784 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4785 u8 link_type, u8 addr_type, u8 status)
4786 {
4787 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4788 status,
4789 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4790 }
4791
4792 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4793 u8 link_type, u8 addr_type, u32 passkey,
4794 u8 entered)
4795 {
4796 struct mgmt_ev_passkey_notify ev;
4797
4798 BT_DBG("%s", hdev->name);
4799
4800 bacpy(&ev.addr.bdaddr, bdaddr);
4801 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4802 ev.passkey = __cpu_to_le32(passkey);
4803 ev.entered = entered;
4804
4805 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4806 }
4807
4808 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4809 u8 addr_type, u8 status)
4810 {
4811 struct mgmt_ev_auth_failed ev;
4812
4813 bacpy(&ev.addr.bdaddr, bdaddr);
4814 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4815 ev.status = mgmt_status(status);
4816
4817 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4818 }
4819
4820 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4821 {
4822 struct cmd_lookup match = { NULL, hdev };
4823 bool changed;
4824
4825 if (status) {
4826 u8 mgmt_err = mgmt_status(status);
4827 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4828 cmd_status_rsp, &mgmt_err);
4829 return;
4830 }
4831
4832 if (test_bit(HCI_AUTH, &hdev->flags))
4833 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4834 &hdev->dev_flags);
4835 else
4836 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4837 &hdev->dev_flags);
4838
4839 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4840 &match);
4841
4842 if (changed)
4843 new_settings(hdev, match.sk);
4844
4845 if (match.sk)
4846 sock_put(match.sk);
4847 }
4848
4849 static void clear_eir(struct hci_request *req)
4850 {
4851 struct hci_dev *hdev = req->hdev;
4852 struct hci_cp_write_eir cp;
4853
4854 if (!lmp_ext_inq_capable(hdev))
4855 return;
4856
4857 memset(hdev->eir, 0, sizeof(hdev->eir));
4858
4859 memset(&cp, 0, sizeof(cp));
4860
4861 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4862 }
4863
4864 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4865 {
4866 struct cmd_lookup match = { NULL, hdev };
4867 struct hci_request req;
4868 bool changed = false;
4869
4870 if (status) {
4871 u8 mgmt_err = mgmt_status(status);
4872
4873 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4874 &hdev->dev_flags)) {
4875 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4876 new_settings(hdev, NULL);
4877 }
4878
4879 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4880 &mgmt_err);
4881 return;
4882 }
4883
4884 if (enable) {
4885 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4886 } else {
4887 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4888 if (!changed)
4889 changed = test_and_clear_bit(HCI_HS_ENABLED,
4890 &hdev->dev_flags);
4891 else
4892 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4893 }
4894
4895 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4896
4897 if (changed)
4898 new_settings(hdev, match.sk);
4899
4900 if (match.sk)
4901 sock_put(match.sk);
4902
4903 hci_req_init(&req, hdev);
4904
4905 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4906 update_eir(&req);
4907 else
4908 clear_eir(&req);
4909
4910 hci_req_run(&req, NULL);
4911 }
4912
4913 static void sk_lookup(struct pending_cmd *cmd, void *data)
4914 {
4915 struct cmd_lookup *match = data;
4916
4917 if (match->sk == NULL) {
4918 match->sk = cmd->sk;
4919 sock_hold(match->sk);
4920 }
4921 }
4922
4923 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4924 u8 status)
4925 {
4926 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4927
4928 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4929 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4930 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4931
4932 if (!status)
4933 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4934 NULL);
4935
4936 if (match.sk)
4937 sock_put(match.sk);
4938 }
4939
4940 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4941 {
4942 struct mgmt_cp_set_local_name ev;
4943 struct pending_cmd *cmd;
4944
4945 if (status)
4946 return;
4947
4948 memset(&ev, 0, sizeof(ev));
4949 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4950 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4951
4952 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4953 if (!cmd) {
4954 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4955
4956 /* If this is a HCI command related to powering on the
4957 * HCI dev don't send any mgmt signals.
4958 */
4959 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4960 return;
4961 }
4962
4963 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4964 cmd ? cmd->sk : NULL);
4965 }
4966
4967 void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4968 u8 *randomizer, u8 status)
4969 {
4970 struct pending_cmd *cmd;
4971
4972 BT_DBG("%s status %u", hdev->name, status);
4973
4974 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4975 if (!cmd)
4976 return;
4977
4978 if (status) {
4979 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4980 mgmt_status(status));
4981 } else {
4982 struct mgmt_rp_read_local_oob_data rp;
4983
4984 memcpy(rp.hash, hash, sizeof(rp.hash));
4985 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4986
4987 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4988 0, &rp, sizeof(rp));
4989 }
4990
4991 mgmt_pending_remove(cmd);
4992 }
4993
4994 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4995 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4996 ssp, u8 *eir, u16 eir_len)
4997 {
4998 char buf[512];
4999 struct mgmt_ev_device_found *ev = (void *) buf;
5000 size_t ev_size;
5001
5002 if (!hci_discovery_active(hdev))
5003 return;
5004
5005 /* Leave 5 bytes for a potential CoD field */
5006 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
5007 return;
5008
5009 memset(buf, 0, sizeof(buf));
5010
5011 bacpy(&ev->addr.bdaddr, bdaddr);
5012 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5013 ev->rssi = rssi;
5014 if (cfm_name)
5015 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5016 if (!ssp)
5017 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5018
5019 if (eir_len > 0)
5020 memcpy(ev->eir, eir, eir_len);
5021
5022 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5023 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5024 dev_class, 3);
5025
5026 ev->eir_len = cpu_to_le16(eir_len);
5027 ev_size = sizeof(*ev) + eir_len;
5028
5029 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5030 }
5031
5032 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5033 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5034 {
5035 struct mgmt_ev_device_found *ev;
5036 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5037 u16 eir_len;
5038
5039 ev = (struct mgmt_ev_device_found *) buf;
5040
5041 memset(buf, 0, sizeof(buf));
5042
5043 bacpy(&ev->addr.bdaddr, bdaddr);
5044 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5045 ev->rssi = rssi;
5046
5047 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5048 name_len);
5049
5050 ev->eir_len = cpu_to_le16(eir_len);
5051
5052 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5053 }
5054
5055 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5056 {
5057 struct mgmt_ev_discovering ev;
5058 struct pending_cmd *cmd;
5059
5060 BT_DBG("%s discovering %u", hdev->name, discovering);
5061
5062 if (discovering)
5063 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5064 else
5065 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5066
5067 if (cmd != NULL) {
5068 u8 type = hdev->discovery.type;
5069
5070 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5071 sizeof(type));
5072 mgmt_pending_remove(cmd);
5073 }
5074
5075 memset(&ev, 0, sizeof(ev));
5076 ev.type = hdev->discovery.type;
5077 ev.discovering = discovering;
5078
5079 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5080 }
5081
5082 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5083 {
5084 struct pending_cmd *cmd;
5085 struct mgmt_ev_device_blocked ev;
5086
5087 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5088
5089 bacpy(&ev.addr.bdaddr, bdaddr);
5090 ev.addr.type = type;
5091
5092 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5093 cmd ? cmd->sk : NULL);
5094 }
5095
5096 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5097 {
5098 struct pending_cmd *cmd;
5099 struct mgmt_ev_device_unblocked ev;
5100
5101 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5102
5103 bacpy(&ev.addr.bdaddr, bdaddr);
5104 ev.addr.type = type;
5105
5106 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5107 cmd ? cmd->sk : NULL);
5108 }
5109
5110 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5111 {
5112 BT_DBG("%s status %u", hdev->name, status);
5113
5114 /* Clear the advertising mgmt setting if we failed to re-enable it */
5115 if (status) {
5116 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5117 new_settings(hdev, NULL);
5118 }
5119 }
5120
5121 void mgmt_reenable_advertising(struct hci_dev *hdev)
5122 {
5123 struct hci_request req;
5124
5125 if (hci_conn_num(hdev, LE_LINK) > 0)
5126 return;
5127
5128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5129 return;
5130
5131 hci_req_init(&req, hdev);
5132 enable_advertising(&req);
5133
5134 /* If this fails we have no option but to let user space know
5135 * that we've disabled advertising.
5136 */
5137 if (hci_req_run(&req, adv_enable_complete) < 0) {
5138 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5139 new_settings(hdev, NULL);
5140 }
5141 }
Ubuntu Artful kernel mirror