Loading...
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 14
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147};
148
149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170};
171
172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177/* HCI to MGMT error code conversion table */
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255}
256
257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269}
270
271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298}
299
300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302{
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350}
351
352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354{
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410}
411
412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470}
471
472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 u16 count;
478 int err;
479
480 BT_DBG("sock %p", sk);
481
482 read_lock(&hci_dev_list_lock);
483
484 count = 0;
485 list_for_each_entry(d, &hci_dev_list, list) {
486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
487 count++;
488 }
489
490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
491 if (!rp) {
492 read_unlock(&hci_dev_list_lock);
493 return -ENOMEM;
494 }
495
496 count = 0;
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
501 continue;
502
503 /* Devices marked as raw-only are neither configured
504 * nor unconfigured controllers.
505 */
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
507 continue;
508
509 if (d->dev_type == HCI_PRIMARY) {
510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
512 else
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
516 } else {
517 continue;
518 }
519
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
523 }
524
525 rp->num_controllers = cpu_to_le16(count);
526
527 read_unlock(&hci_dev_list_lock);
528
529 /* If this command is called at least once, then all the
530 * default index and unconfigured index events are disabled
531 * and from now on only extended index events are used.
532 */
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
536
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
540
541 kfree(rp);
542
543 return err;
544}
545
546static bool is_configured(struct hci_dev *hdev)
547{
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
550 return false;
551
552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
554 !bacmp(&hdev->public_addr, BDADDR_ANY))
555 return false;
556
557 return true;
558}
559
560static __le32 get_missing_options(struct hci_dev *hdev)
561{
562 u32 options = 0;
563
564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
567
568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582}
583
584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590}
591
592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618}
619
620static u32 get_supported_phys(struct hci_dev *hdev)
621{
622 u32 supported_phys = 0;
623
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
626
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
629
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
632
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
635
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
638
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
641
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
644
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
647
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
650 }
651 }
652 }
653
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
657
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
661 }
662
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
666 }
667 }
668
669 return supported_phys;
670}
671
672static u32 get_selected_phys(struct hci_dev *hdev)
673{
674 u32 selected_phys = 0;
675
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
678
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
681
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
684
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
688
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
692
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
696
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
700
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
708 }
709 }
710 }
711
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
715
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
718
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
721
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
724
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
727
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
730 }
731
732 return selected_phys;
733}
734
735static u32 get_configurable_phys(struct hci_dev *hdev)
736{
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
739}
740
741static u32 get_supported_settings(struct hci_dev *hdev)
742{
743 u32 settings = 0;
744
745 settings |= MGMT_SETTING_POWERED;
746 settings |= MGMT_SETTING_BONDABLE;
747 settings |= MGMT_SETTING_DEBUG_KEYS;
748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
750
751 if (lmp_bredr_capable(hdev)) {
752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
756
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
760 }
761
762 if (lmp_sc_capable(hdev))
763 settings |= MGMT_SETTING_SECURE_CONN;
764 }
765
766 if (lmp_le_capable(hdev)) {
767 settings |= MGMT_SETTING_LE;
768 settings |= MGMT_SETTING_ADVERTISING;
769 settings |= MGMT_SETTING_SECURE_CONN;
770 settings |= MGMT_SETTING_PRIVACY;
771 settings |= MGMT_SETTING_STATIC_ADDRESS;
772 }
773
774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
775 hdev->set_bdaddr)
776 settings |= MGMT_SETTING_CONFIGURATION;
777
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
779
780 return settings;
781}
782
783static u32 get_current_settings(struct hci_dev *hdev)
784{
785 u32 settings = 0;
786
787 if (hdev_is_powered(hdev))
788 settings |= MGMT_SETTING_POWERED;
789
790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
791 settings |= MGMT_SETTING_CONNECTABLE;
792
793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
795
796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
797 settings |= MGMT_SETTING_DISCOVERABLE;
798
799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
800 settings |= MGMT_SETTING_BONDABLE;
801
802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
803 settings |= MGMT_SETTING_BREDR;
804
805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
806 settings |= MGMT_SETTING_LE;
807
808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
809 settings |= MGMT_SETTING_LINK_SECURITY;
810
811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
812 settings |= MGMT_SETTING_SSP;
813
814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
815 settings |= MGMT_SETTING_HS;
816
817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
818 settings |= MGMT_SETTING_ADVERTISING;
819
820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
821 settings |= MGMT_SETTING_SECURE_CONN;
822
823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
824 settings |= MGMT_SETTING_DEBUG_KEYS;
825
826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
827 settings |= MGMT_SETTING_PRIVACY;
828
829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
832 *
833 * This means if the static address is not configured, this flag
834 * will never be set. If the address is configured, then if the
835 * address is actually used decides if the flag is set or not.
836 *
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
839 * be evaluated.
840 */
841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
846 }
847
848 return settings;
849}
850
851static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
852{
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
854}
855
856static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
858 const void *data)
859{
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
861}
862
863u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
864{
865 struct mgmt_pending_cmd *cmd;
866
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
869 */
870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
871 if (cmd) {
872 struct mgmt_mode *cp = cmd->param;
873 if (cp->val == 0x01)
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
877 } else {
878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
879 return LE_AD_LIMITED;
880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
881 return LE_AD_GENERAL;
882 }
883
884 return 0;
885}
886
887bool mgmt_get_connectable(struct hci_dev *hdev)
888{
889 struct mgmt_pending_cmd *cmd;
890
891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
893 */
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
895 if (cmd) {
896 struct mgmt_mode *cp = cmd->param;
897
898 return cp->val;
899 }
900
901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
902}
903
904static void service_cache_off(struct work_struct *work)
905{
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
907 service_cache.work);
908 struct hci_request req;
909
910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
911 return;
912
913 hci_req_init(&req, hdev);
914
915 hci_dev_lock(hdev);
916
917 __hci_req_update_eir(&req);
918 __hci_req_update_class(&req);
919
920 hci_dev_unlock(hdev);
921
922 hci_req_run(&req, NULL);
923}
924
925static void rpa_expired(struct work_struct *work)
926{
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
928 rpa_expired.work);
929 struct hci_request req;
930
931 BT_DBG("");
932
933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
934
935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
936 return;
937
938 /* The generation of a new RPA and programming it into the
939 * controller happens in the hci_req_enable_advertising()
940 * function.
941 */
942 hci_req_init(&req, hdev);
943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
945 else
946 __hci_req_enable_advertising(&req);
947 hci_req_run(&req, NULL);
948}
949
950static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
951{
952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
953 return;
954
955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
957
958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
961 * it
962 */
963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
964}
965
966static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
967 void *data, u16 data_len)
968{
969 struct mgmt_rp_read_info rp;
970
971 BT_DBG("sock %p %s", sk, hdev->name);
972
973 hci_dev_lock(hdev);
974
975 memset(&rp, 0, sizeof(rp));
976
977 bacpy(&rp.bdaddr, &hdev->bdaddr);
978
979 rp.version = hdev->hci_ver;
980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
981
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
984
985 memcpy(rp.dev_class, hdev->dev_class, 3);
986
987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
989
990 hci_dev_unlock(hdev);
991
992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
993 sizeof(rp));
994}
995
996static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
997{
998 u16 eir_len = 0;
999 size_t name_len;
1000
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1004
1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1007 hdev->appearance);
1008
1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1012
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1016
1017 return eir_len;
1018}
1019
1020static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1022{
1023 char buf[512];
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1025 u16 eir_len;
1026
1027 BT_DBG("sock %p %s", sk, hdev->name);
1028
1029 memset(&buf, 0, sizeof(buf));
1030
1031 hci_dev_lock(hdev);
1032
1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1034
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1037
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1040
1041
1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1043 rp->eir_len = cpu_to_le16(eir_len);
1044
1045 hci_dev_unlock(hdev);
1046
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1050 * is used.
1051 */
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1055
1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
1058}
1059
1060static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1061{
1062 char buf[512];
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1064 u16 eir_len;
1065
1066 memset(buf, 0, sizeof(buf));
1067
1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
1070
1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
1074}
1075
1076static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1077{
1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1079
1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1081 sizeof(settings));
1082}
1083
1084static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1085{
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1087
1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1091 }
1092}
1093
1094void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1095{
1096 struct mgmt_ev_advertising_added ev;
1097
1098 ev.instance = instance;
1099
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1101}
1102
1103void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1104 u8 instance)
1105{
1106 struct mgmt_ev_advertising_removed ev;
1107
1108 ev.instance = instance;
1109
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1111}
1112
1113static void cancel_adv_timeout(struct hci_dev *hdev)
1114{
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1118 }
1119}
1120
1121static int clean_up_hci_state(struct hci_dev *hdev)
1122{
1123 struct hci_request req;
1124 struct hci_conn *conn;
1125 bool discov_stopped;
1126 int err;
1127
1128 hci_req_init(&req, hdev);
1129
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1132 u8 scan = 0x00;
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1134 }
1135
1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1137
1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1139 __hci_req_disable_advertising(&req);
1140
1141 discov_stopped = hci_req_stop_discovery(&req);
1142
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
1146 }
1147
1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1151
1152 return err;
1153}
1154
1155static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1156 u16 len)
1157{
1158 struct mgmt_mode *cp = data;
1159 struct mgmt_pending_cmd *cmd;
1160 int err;
1161
1162 BT_DBG("request for %s", hdev->name);
1163
1164 if (cp->val != 0x00 && cp->val != 0x01)
1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
1167
1168 hci_dev_lock(hdev);
1169
1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1172 MGMT_STATUS_BUSY);
1173 goto failed;
1174 }
1175
1176 if (!!cp->val == hdev_is_powered(hdev)) {
1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1178 goto failed;
1179 }
1180
1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1182 if (!cmd) {
1183 err = -ENOMEM;
1184 goto failed;
1185 }
1186
1187 if (cp->val) {
1188 queue_work(hdev->req_workqueue, &hdev->power_on);
1189 err = 0;
1190 } else {
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
1193 if (!err)
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
1196
1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
1199 cancel_delayed_work(&hdev->power_off);
1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1201 err = 0;
1202 }
1203 }
1204
1205failed:
1206 hci_dev_unlock(hdev);
1207 return err;
1208}
1209
1210static int new_settings(struct hci_dev *hdev, struct sock *skip)
1211{
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1213
1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1216}
1217
1218int mgmt_new_settings(struct hci_dev *hdev)
1219{
1220 return new_settings(hdev, NULL);
1221}
1222
1223struct cmd_lookup {
1224 struct sock *sk;
1225 struct hci_dev *hdev;
1226 u8 mgmt_status;
1227};
1228
1229static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1230{
1231 struct cmd_lookup *match = data;
1232
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1234
1235 list_del(&cmd->list);
1236
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1240 }
1241
1242 mgmt_pending_free(cmd);
1243}
1244
1245static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1246{
1247 u8 *status = data;
1248
1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1250 mgmt_pending_remove(cmd);
1251}
1252
1253static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1254{
1255 if (cmd->cmd_complete) {
1256 u8 *status = data;
1257
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1260
1261 return;
1262 }
1263
1264 cmd_status_rsp(cmd, data);
1265}
1266
1267static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1268{
1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
1271}
1272
1273static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1274{
1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
1277}
1278
1279static u8 mgmt_bredr_support(struct hci_dev *hdev)
1280{
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1284 return MGMT_STATUS_REJECTED;
1285 else
1286 return MGMT_STATUS_SUCCESS;
1287}
1288
1289static u8 mgmt_le_support(struct hci_dev *hdev)
1290{
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1294 return MGMT_STATUS_REJECTED;
1295 else
1296 return MGMT_STATUS_SUCCESS;
1297}
1298
1299void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1300{
1301 struct mgmt_pending_cmd *cmd;
1302
1303 BT_DBG("status 0x%02x", status);
1304
1305 hci_dev_lock(hdev);
1306
1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1308 if (!cmd)
1309 goto unlock;
1310
1311 if (status) {
1312 u8 mgmt_err = mgmt_status(status);
1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1315 goto remove_cmd;
1316 }
1317
1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1322 }
1323
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1325 new_settings(hdev, cmd->sk);
1326
1327remove_cmd:
1328 mgmt_pending_remove(cmd);
1329
1330unlock:
1331 hci_dev_unlock(hdev);
1332}
1333
1334static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1335 u16 len)
1336{
1337 struct mgmt_cp_set_discoverable *cp = data;
1338 struct mgmt_pending_cmd *cmd;
1339 u16 timeout;
1340 int err;
1341
1342 BT_DBG("request for %s", hdev->name);
1343
1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
1348
1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
1352
1353 timeout = __le16_to_cpu(cp->timeout);
1354
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1357 */
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
1362
1363 hci_dev_lock(hdev);
1364
1365 if (!hdev_is_powered(hdev) && timeout > 0) {
1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
1368 goto failed;
1369 }
1370
1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1374 MGMT_STATUS_BUSY);
1375 goto failed;
1376 }
1377
1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
1381 goto failed;
1382 }
1383
1384 if (!hdev_is_powered(hdev)) {
1385 bool changed = false;
1386
1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1390 */
1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1393 changed = true;
1394 }
1395
1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1397 if (err < 0)
1398 goto failed;
1399
1400 if (changed)
1401 err = new_settings(hdev, sk);
1402
1403 goto failed;
1404 }
1405
1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1409 */
1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
1415
1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
1420 }
1421
1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1423 goto failed;
1424 }
1425
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1427 if (!cmd) {
1428 err = -ENOMEM;
1429 goto failed;
1430 }
1431
1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1435 */
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1438
1439 if (cp->val)
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1441 else
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1443
1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1447 else
1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1449
1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1451 err = 0;
1452
1453failed:
1454 hci_dev_unlock(hdev);
1455 return err;
1456}
1457
1458void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1459{
1460 struct mgmt_pending_cmd *cmd;
1461
1462 BT_DBG("status 0x%02x", status);
1463
1464 hci_dev_lock(hdev);
1465
1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1467 if (!cmd)
1468 goto unlock;
1469
1470 if (status) {
1471 u8 mgmt_err = mgmt_status(status);
1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1473 goto remove_cmd;
1474 }
1475
1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1477 new_settings(hdev, cmd->sk);
1478
1479remove_cmd:
1480 mgmt_pending_remove(cmd);
1481
1482unlock:
1483 hci_dev_unlock(hdev);
1484}
1485
1486static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1488{
1489 bool changed = false;
1490 int err;
1491
1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1493 changed = true;
1494
1495 if (val) {
1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1497 } else {
1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1500 }
1501
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1503 if (err < 0)
1504 return err;
1505
1506 if (changed) {
1507 hci_req_update_scan(hdev);
1508 hci_update_background_scan(hdev);
1509 return new_settings(hdev, sk);
1510 }
1511
1512 return 0;
1513}
1514
1515static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1516 u16 len)
1517{
1518 struct mgmt_mode *cp = data;
1519 struct mgmt_pending_cmd *cmd;
1520 int err;
1521
1522 BT_DBG("request for %s", hdev->name);
1523
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
1528
1529 if (cp->val != 0x00 && cp->val != 0x01)
1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
1532
1533 hci_dev_lock(hdev);
1534
1535 if (!hdev_is_powered(hdev)) {
1536 err = set_connectable_update_settings(hdev, sk, cp->val);
1537 goto failed;
1538 }
1539
1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1543 MGMT_STATUS_BUSY);
1544 goto failed;
1545 }
1546
1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1548 if (!cmd) {
1549 err = -ENOMEM;
1550 goto failed;
1551 }
1552
1553 if (cp->val) {
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1555 } else {
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
1558
1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1562 }
1563
1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1565 err = 0;
1566
1567failed:
1568 hci_dev_unlock(hdev);
1569 return err;
1570}
1571
1572static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1573 u16 len)
1574{
1575 struct mgmt_mode *cp = data;
1576 bool changed;
1577 int err;
1578
1579 BT_DBG("request for %s", hdev->name);
1580
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1584
1585 hci_dev_lock(hdev);
1586
1587 if (cp->val)
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1589 else
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1591
1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1593 if (err < 0)
1594 goto unlock;
1595
1596 if (changed) {
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1599 */
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1606
1607 err = new_settings(hdev, sk);
1608 }
1609
1610unlock:
1611 hci_dev_unlock(hdev);
1612 return err;
1613}
1614
1615static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1616 u16 len)
1617{
1618 struct mgmt_mode *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1620 u8 val, status;
1621 int err;
1622
1623 BT_DBG("request for %s", hdev->name);
1624
1625 status = mgmt_bredr_support(hdev);
1626 if (status)
1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1628 status);
1629
1630 if (cp->val != 0x00 && cp->val != 0x01)
1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
1633
1634 hci_dev_lock(hdev);
1635
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1638
1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1641 changed = true;
1642 }
1643
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
1651 goto failed;
1652 }
1653
1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1656 MGMT_STATUS_BUSY);
1657 goto failed;
1658 }
1659
1660 val = !!cp->val;
1661
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1664 goto failed;
1665 }
1666
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1668 if (!cmd) {
1669 err = -ENOMEM;
1670 goto failed;
1671 }
1672
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1674 if (err < 0) {
1675 mgmt_pending_remove(cmd);
1676 goto failed;
1677 }
1678
1679failed:
1680 hci_dev_unlock(hdev);
1681 return err;
1682}
1683
1684static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1685{
1686 struct mgmt_mode *cp = data;
1687 struct mgmt_pending_cmd *cmd;
1688 u8 status;
1689 int err;
1690
1691 BT_DBG("request for %s", hdev->name);
1692
1693 status = mgmt_bredr_support(hdev);
1694 if (status)
1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1696
1697 if (!lmp_ssp_capable(hdev))
1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
1700
1701 if (cp->val != 0x00 && cp->val != 0x01)
1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
1704
1705 hci_dev_lock(hdev);
1706
1707 if (!hdev_is_powered(hdev)) {
1708 bool changed;
1709
1710 if (cp->val) {
1711 changed = !hci_dev_test_and_set_flag(hdev,
1712 HCI_SSP_ENABLED);
1713 } else {
1714 changed = hci_dev_test_and_clear_flag(hdev,
1715 HCI_SSP_ENABLED);
1716 if (!changed)
1717 changed = hci_dev_test_and_clear_flag(hdev,
1718 HCI_HS_ENABLED);
1719 else
1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1721 }
1722
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1724 if (err < 0)
1725 goto failed;
1726
1727 if (changed)
1728 err = new_settings(hdev, sk);
1729
1730 goto failed;
1731 }
1732
1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1735 MGMT_STATUS_BUSY);
1736 goto failed;
1737 }
1738
1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1741 goto failed;
1742 }
1743
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1745 if (!cmd) {
1746 err = -ENOMEM;
1747 goto failed;
1748 }
1749
1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1753
1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1755 if (err < 0) {
1756 mgmt_pending_remove(cmd);
1757 goto failed;
1758 }
1759
1760failed:
1761 hci_dev_unlock(hdev);
1762 return err;
1763}
1764
1765static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1766{
1767 struct mgmt_mode *cp = data;
1768 bool changed;
1769 u8 status;
1770 int err;
1771
1772 BT_DBG("request for %s", hdev->name);
1773
1774 status = mgmt_bredr_support(hdev);
1775 if (status)
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1777
1778 if (!lmp_ssp_capable(hdev))
1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
1781
1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
1785
1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
1789
1790 hci_dev_lock(hdev);
1791
1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1794 MGMT_STATUS_BUSY);
1795 goto unlock;
1796 }
1797
1798 if (cp->val) {
1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1800 } else {
1801 if (hdev_is_powered(hdev)) {
1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
1804 goto unlock;
1805 }
1806
1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1808 }
1809
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1811 if (err < 0)
1812 goto unlock;
1813
1814 if (changed)
1815 err = new_settings(hdev, sk);
1816
1817unlock:
1818 hci_dev_unlock(hdev);
1819 return err;
1820}
1821
1822static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1823{
1824 struct cmd_lookup match = { NULL, hdev };
1825
1826 hci_dev_lock(hdev);
1827
1828 if (status) {
1829 u8 mgmt_err = mgmt_status(status);
1830
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1832 &mgmt_err);
1833 goto unlock;
1834 }
1835
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1837
1838 new_settings(hdev, match.sk);
1839
1840 if (match.sk)
1841 sock_put(match.sk);
1842
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1847 */
1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1849 struct hci_request req;
1850 hci_req_init(&req, hdev);
1851 if (ext_adv_capable(hdev)) {
1852 int err;
1853
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1855 if (!err)
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1857 } else {
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1860 }
1861 hci_req_run(&req, NULL);
1862 hci_update_background_scan(hdev);
1863 }
1864
1865unlock:
1866 hci_dev_unlock(hdev);
1867}
1868
1869static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1870{
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
1873 struct mgmt_pending_cmd *cmd;
1874 struct hci_request req;
1875 int err;
1876 u8 val, enabled;
1877
1878 BT_DBG("request for %s", hdev->name);
1879
1880 if (!lmp_le_capable(hdev))
1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1883
1884 if (cp->val != 0x00 && cp->val != 0x01)
1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
1887
1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1892 *
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1896 */
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1900
1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
1903 }
1904
1905 hci_dev_lock(hdev);
1906
1907 val = !!cp->val;
1908 enabled = lmp_host_le_capable(hdev);
1909
1910 if (!val)
1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1912
1913 if (!hdev_is_powered(hdev) || val == enabled) {
1914 bool changed = false;
1915
1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1918 changed = true;
1919 }
1920
1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1923 changed = true;
1924 }
1925
1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1927 if (err < 0)
1928 goto unlock;
1929
1930 if (changed)
1931 err = new_settings(hdev, sk);
1932
1933 goto unlock;
1934 }
1935
1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1939 MGMT_STATUS_BUSY);
1940 goto unlock;
1941 }
1942
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1944 if (!cmd) {
1945 err = -ENOMEM;
1946 goto unlock;
1947 }
1948
1949 hci_req_init(&req, hdev);
1950
1951 memset(&hci_cp, 0, sizeof(hci_cp));
1952
1953 if (val) {
1954 hci_cp.le = val;
1955 hci_cp.simul = 0x00;
1956 } else {
1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1958 __hci_req_disable_advertising(&req);
1959
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1962 }
1963
1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1965 &hci_cp);
1966
1967 err = hci_req_run(&req, le_enable_complete);
1968 if (err < 0)
1969 mgmt_pending_remove(cmd);
1970
1971unlock:
1972 hci_dev_unlock(hdev);
1973 return err;
1974}
1975
1976/* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1981 */
1982static bool pending_eir_or_class(struct hci_dev *hdev)
1983{
1984 struct mgmt_pending_cmd *cmd;
1985
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1992 return true;
1993 }
1994 }
1995
1996 return false;
1997}
1998
1999static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2002};
2003
2004static u8 get_uuid_size(const u8 *uuid)
2005{
2006 u32 val;
2007
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2009 return 128;
2010
2011 val = get_unaligned_le32(&uuid[12]);
2012 if (val > 0xffff)
2013 return 32;
2014
2015 return 16;
2016}
2017
2018static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2019{
2020 struct mgmt_pending_cmd *cmd;
2021
2022 hci_dev_lock(hdev);
2023
2024 cmd = pending_find(mgmt_op, hdev);
2025 if (!cmd)
2026 goto unlock;
2027
2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
2030
2031 mgmt_pending_remove(cmd);
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
2037static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2038{
2039 BT_DBG("status 0x%02x", status);
2040
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2042}
2043
2044static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2045{
2046 struct mgmt_cp_add_uuid *cp = data;
2047 struct mgmt_pending_cmd *cmd;
2048 struct hci_request req;
2049 struct bt_uuid *uuid;
2050 int err;
2051
2052 BT_DBG("request for %s", hdev->name);
2053
2054 hci_dev_lock(hdev);
2055
2056 if (pending_eir_or_class(hdev)) {
2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2058 MGMT_STATUS_BUSY);
2059 goto failed;
2060 }
2061
2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2063 if (!uuid) {
2064 err = -ENOMEM;
2065 goto failed;
2066 }
2067
2068 memcpy(uuid->uuid, cp->uuid, 16);
2069 uuid->svc_hint = cp->svc_hint;
2070 uuid->size = get_uuid_size(cp->uuid);
2071
2072 list_add_tail(&uuid->list, &hdev->uuids);
2073
2074 hci_req_init(&req, hdev);
2075
2076 __hci_req_update_class(&req);
2077 __hci_req_update_eir(&req);
2078
2079 err = hci_req_run(&req, add_uuid_complete);
2080 if (err < 0) {
2081 if (err != -ENODATA)
2082 goto failed;
2083
2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
2086 goto failed;
2087 }
2088
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2090 if (!cmd) {
2091 err = -ENOMEM;
2092 goto failed;
2093 }
2094
2095 err = 0;
2096
2097failed:
2098 hci_dev_unlock(hdev);
2099 return err;
2100}
2101
2102static bool enable_service_cache(struct hci_dev *hdev)
2103{
2104 if (!hdev_is_powered(hdev))
2105 return false;
2106
2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2109 CACHE_TIMEOUT);
2110 return true;
2111 }
2112
2113 return false;
2114}
2115
2116static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2117{
2118 BT_DBG("status 0x%02x", status);
2119
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2121}
2122
2123static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2124 u16 len)
2125{
2126 struct mgmt_cp_remove_uuid *cp = data;
2127 struct mgmt_pending_cmd *cmd;
2128 struct bt_uuid *match, *tmp;
2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2130 struct hci_request req;
2131 int err, found;
2132
2133 BT_DBG("request for %s", hdev->name);
2134
2135 hci_dev_lock(hdev);
2136
2137 if (pending_eir_or_class(hdev)) {
2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_BUSY);
2140 goto unlock;
2141 }
2142
2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2144 hci_uuids_clear(hdev);
2145
2146 if (enable_service_cache(hdev)) {
2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
2150 goto unlock;
2151 }
2152
2153 goto update_class;
2154 }
2155
2156 found = 0;
2157
2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2160 continue;
2161
2162 list_del(&match->list);
2163 kfree(match);
2164 found++;
2165 }
2166
2167 if (found == 0) {
2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2170 goto unlock;
2171 }
2172
2173update_class:
2174 hci_req_init(&req, hdev);
2175
2176 __hci_req_update_class(&req);
2177 __hci_req_update_eir(&req);
2178
2179 err = hci_req_run(&req, remove_uuid_complete);
2180 if (err < 0) {
2181 if (err != -ENODATA)
2182 goto unlock;
2183
2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
2186 goto unlock;
2187 }
2188
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2190 if (!cmd) {
2191 err = -ENOMEM;
2192 goto unlock;
2193 }
2194
2195 err = 0;
2196
2197unlock:
2198 hci_dev_unlock(hdev);
2199 return err;
2200}
2201
2202static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2203{
2204 BT_DBG("status 0x%02x", status);
2205
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2207}
2208
2209static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2210 u16 len)
2211{
2212 struct mgmt_cp_set_dev_class *cp = data;
2213 struct mgmt_pending_cmd *cmd;
2214 struct hci_request req;
2215 int err;
2216
2217 BT_DBG("request for %s", hdev->name);
2218
2219 if (!lmp_bredr_capable(hdev))
2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2222
2223 hci_dev_lock(hdev);
2224
2225 if (pending_eir_or_class(hdev)) {
2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2227 MGMT_STATUS_BUSY);
2228 goto unlock;
2229 }
2230
2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
2234 goto unlock;
2235 }
2236
2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2239
2240 if (!hdev_is_powered(hdev)) {
2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
2243 goto unlock;
2244 }
2245
2246 hci_req_init(&req, hdev);
2247
2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2251 hci_dev_lock(hdev);
2252 __hci_req_update_eir(&req);
2253 }
2254
2255 __hci_req_update_class(&req);
2256
2257 err = hci_req_run(&req, set_class_complete);
2258 if (err < 0) {
2259 if (err != -ENODATA)
2260 goto unlock;
2261
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
2264 goto unlock;
2265 }
2266
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2268 if (!cmd) {
2269 err = -ENOMEM;
2270 goto unlock;
2271 }
2272
2273 err = 0;
2274
2275unlock:
2276 hci_dev_unlock(hdev);
2277 return err;
2278}
2279
2280static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2281 u16 len)
2282{
2283 struct mgmt_cp_load_link_keys *cp = data;
2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
2286 u16 key_count, expected_len;
2287 bool changed;
2288 int i;
2289
2290 BT_DBG("request for %s", hdev->name);
2291
2292 if (!lmp_bredr_capable(hdev))
2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
2295
2296 key_count = __le16_to_cpu(cp->key_count);
2297 if (key_count > max_key_count) {
2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2299 key_count);
2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
2302 }
2303
2304 expected_len = struct_size(cp, keys, key_count);
2305 if (expected_len != len) {
2306 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2307 expected_len, len);
2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_INVALID_PARAMS);
2310 }
2311
2312 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2314 MGMT_STATUS_INVALID_PARAMS);
2315
2316 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2317 key_count);
2318
2319 for (i = 0; i < key_count; i++) {
2320 struct mgmt_link_key_info *key = &cp->keys[i];
2321
2322 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2323 return mgmt_cmd_status(sk, hdev->id,
2324 MGMT_OP_LOAD_LINK_KEYS,
2325 MGMT_STATUS_INVALID_PARAMS);
2326 }
2327
2328 hci_dev_lock(hdev);
2329
2330 hci_link_keys_clear(hdev);
2331
2332 if (cp->debug_keys)
2333 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2334 else
2335 changed = hci_dev_test_and_clear_flag(hdev,
2336 HCI_KEEP_DEBUG_KEYS);
2337
2338 if (changed)
2339 new_settings(hdev, NULL);
2340
2341 for (i = 0; i < key_count; i++) {
2342 struct mgmt_link_key_info *key = &cp->keys[i];
2343
2344 /* Always ignore debug keys and require a new pairing if
2345 * the user wants to use them.
2346 */
2347 if (key->type == HCI_LK_DEBUG_COMBINATION)
2348 continue;
2349
2350 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2351 key->type, key->pin_len, NULL);
2352 }
2353
2354 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2355
2356 hci_dev_unlock(hdev);
2357
2358 return 0;
2359}
2360
2361static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2362 u8 addr_type, struct sock *skip_sk)
2363{
2364 struct mgmt_ev_device_unpaired ev;
2365
2366 bacpy(&ev.addr.bdaddr, bdaddr);
2367 ev.addr.type = addr_type;
2368
2369 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2370 skip_sk);
2371}
2372
2373static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2374 u16 len)
2375{
2376 struct mgmt_cp_unpair_device *cp = data;
2377 struct mgmt_rp_unpair_device rp;
2378 struct hci_conn_params *params;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2381 u8 addr_type;
2382 int err;
2383
2384 memset(&rp, 0, sizeof(rp));
2385 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2386 rp.addr.type = cp->addr.type;
2387
2388 if (!bdaddr_type_is_valid(cp->addr.type))
2389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS,
2391 &rp, sizeof(rp));
2392
2393 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2394 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2395 MGMT_STATUS_INVALID_PARAMS,
2396 &rp, sizeof(rp));
2397
2398 hci_dev_lock(hdev);
2399
2400 if (!hdev_is_powered(hdev)) {
2401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2402 MGMT_STATUS_NOT_POWERED, &rp,
2403 sizeof(rp));
2404 goto unlock;
2405 }
2406
2407 if (cp->addr.type == BDADDR_BREDR) {
2408 /* If disconnection is requested, then look up the
2409 * connection. If the remote device is connected, it
2410 * will be later used to terminate the link.
2411 *
2412 * Setting it to NULL explicitly will cause no
2413 * termination of the link.
2414 */
2415 if (cp->disconnect)
2416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2417 &cp->addr.bdaddr);
2418 else
2419 conn = NULL;
2420
2421 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2422 if (err < 0) {
2423 err = mgmt_cmd_complete(sk, hdev->id,
2424 MGMT_OP_UNPAIR_DEVICE,
2425 MGMT_STATUS_NOT_PAIRED, &rp,
2426 sizeof(rp));
2427 goto unlock;
2428 }
2429
2430 goto done;
2431 }
2432
2433 /* LE address type */
2434 addr_type = le_addr_type(cp->addr.type);
2435
2436 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2437 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2438 if (err < 0) {
2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2440 MGMT_STATUS_NOT_PAIRED, &rp,
2441 sizeof(rp));
2442 goto unlock;
2443 }
2444
2445 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2446 if (!conn) {
2447 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2448 goto done;
2449 }
2450
2451
2452 /* Defer clearing up the connection parameters until closing to
2453 * give a chance of keeping them if a repairing happens.
2454 */
2455 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2456
2457 /* Disable auto-connection parameters if present */
2458 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2459 if (params) {
2460 if (params->explicit_connect)
2461 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2462 else
2463 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2464 }
2465
2466 /* If disconnection is not requested, then clear the connection
2467 * variable so that the link is not terminated.
2468 */
2469 if (!cp->disconnect)
2470 conn = NULL;
2471
2472done:
2473 /* If the connection variable is set, then termination of the
2474 * link is requested.
2475 */
2476 if (!conn) {
2477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2478 &rp, sizeof(rp));
2479 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2480 goto unlock;
2481 }
2482
2483 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2484 sizeof(*cp));
2485 if (!cmd) {
2486 err = -ENOMEM;
2487 goto unlock;
2488 }
2489
2490 cmd->cmd_complete = addr_cmd_complete;
2491
2492 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2493 if (err < 0)
2494 mgmt_pending_remove(cmd);
2495
2496unlock:
2497 hci_dev_unlock(hdev);
2498 return err;
2499}
2500
2501static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2502 u16 len)
2503{
2504 struct mgmt_cp_disconnect *cp = data;
2505 struct mgmt_rp_disconnect rp;
2506 struct mgmt_pending_cmd *cmd;
2507 struct hci_conn *conn;
2508 int err;
2509
2510 BT_DBG("");
2511
2512 memset(&rp, 0, sizeof(rp));
2513 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2514 rp.addr.type = cp->addr.type;
2515
2516 if (!bdaddr_type_is_valid(cp->addr.type))
2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2518 MGMT_STATUS_INVALID_PARAMS,
2519 &rp, sizeof(rp));
2520
2521 hci_dev_lock(hdev);
2522
2523 if (!test_bit(HCI_UP, &hdev->flags)) {
2524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2525 MGMT_STATUS_NOT_POWERED, &rp,
2526 sizeof(rp));
2527 goto failed;
2528 }
2529
2530 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2531 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2532 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2533 goto failed;
2534 }
2535
2536 if (cp->addr.type == BDADDR_BREDR)
2537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2538 &cp->addr.bdaddr);
2539 else
2540 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2541 le_addr_type(cp->addr.type));
2542
2543 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2545 MGMT_STATUS_NOT_CONNECTED, &rp,
2546 sizeof(rp));
2547 goto failed;
2548 }
2549
2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2551 if (!cmd) {
2552 err = -ENOMEM;
2553 goto failed;
2554 }
2555
2556 cmd->cmd_complete = generic_cmd_complete;
2557
2558 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2559 if (err < 0)
2560 mgmt_pending_remove(cmd);
2561
2562failed:
2563 hci_dev_unlock(hdev);
2564 return err;
2565}
2566
2567static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2568{
2569 switch (link_type) {
2570 case LE_LINK:
2571 switch (addr_type) {
2572 case ADDR_LE_DEV_PUBLIC:
2573 return BDADDR_LE_PUBLIC;
2574
2575 default:
2576 /* Fallback to LE Random address type */
2577 return BDADDR_LE_RANDOM;
2578 }
2579
2580 default:
2581 /* Fallback to BR/EDR type */
2582 return BDADDR_BREDR;
2583 }
2584}
2585
2586static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2587 u16 data_len)
2588{
2589 struct mgmt_rp_get_connections *rp;
2590 struct hci_conn *c;
2591 int err;
2592 u16 i;
2593
2594 BT_DBG("");
2595
2596 hci_dev_lock(hdev);
2597
2598 if (!hdev_is_powered(hdev)) {
2599 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2600 MGMT_STATUS_NOT_POWERED);
2601 goto unlock;
2602 }
2603
2604 i = 0;
2605 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2606 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2607 i++;
2608 }
2609
2610 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2611 if (!rp) {
2612 err = -ENOMEM;
2613 goto unlock;
2614 }
2615
2616 i = 0;
2617 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2618 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2619 continue;
2620 bacpy(&rp->addr[i].bdaddr, &c->dst);
2621 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2622 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2623 continue;
2624 i++;
2625 }
2626
2627 rp->conn_count = cpu_to_le16(i);
2628
2629 /* Recalculate length in case of filtered SCO connections, etc */
2630 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2631 struct_size(rp, addr, i));
2632
2633 kfree(rp);
2634
2635unlock:
2636 hci_dev_unlock(hdev);
2637 return err;
2638}
2639
2640static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2641 struct mgmt_cp_pin_code_neg_reply *cp)
2642{
2643 struct mgmt_pending_cmd *cmd;
2644 int err;
2645
2646 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2647 sizeof(*cp));
2648 if (!cmd)
2649 return -ENOMEM;
2650
2651 cmd->cmd_complete = addr_cmd_complete;
2652
2653 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2654 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2655 if (err < 0)
2656 mgmt_pending_remove(cmd);
2657
2658 return err;
2659}
2660
2661static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2662 u16 len)
2663{
2664 struct hci_conn *conn;
2665 struct mgmt_cp_pin_code_reply *cp = data;
2666 struct hci_cp_pin_code_reply reply;
2667 struct mgmt_pending_cmd *cmd;
2668 int err;
2669
2670 BT_DBG("");
2671
2672 hci_dev_lock(hdev);
2673
2674 if (!hdev_is_powered(hdev)) {
2675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2676 MGMT_STATUS_NOT_POWERED);
2677 goto failed;
2678 }
2679
2680 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2681 if (!conn) {
2682 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2683 MGMT_STATUS_NOT_CONNECTED);
2684 goto failed;
2685 }
2686
2687 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2688 struct mgmt_cp_pin_code_neg_reply ncp;
2689
2690 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2691
2692 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2693
2694 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2695 if (err >= 0)
2696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2697 MGMT_STATUS_INVALID_PARAMS);
2698
2699 goto failed;
2700 }
2701
2702 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2703 if (!cmd) {
2704 err = -ENOMEM;
2705 goto failed;
2706 }
2707
2708 cmd->cmd_complete = addr_cmd_complete;
2709
2710 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2711 reply.pin_len = cp->pin_len;
2712 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2713
2714 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2715 if (err < 0)
2716 mgmt_pending_remove(cmd);
2717
2718failed:
2719 hci_dev_unlock(hdev);
2720 return err;
2721}
2722
2723static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2724 u16 len)
2725{
2726 struct mgmt_cp_set_io_capability *cp = data;
2727
2728 BT_DBG("");
2729
2730 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2731 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2732 MGMT_STATUS_INVALID_PARAMS);
2733
2734 hci_dev_lock(hdev);
2735
2736 hdev->io_capability = cp->io_capability;
2737
2738 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2739 hdev->io_capability);
2740
2741 hci_dev_unlock(hdev);
2742
2743 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2744 NULL, 0);
2745}
2746
2747static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2748{
2749 struct hci_dev *hdev = conn->hdev;
2750 struct mgmt_pending_cmd *cmd;
2751
2752 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2753 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2754 continue;
2755
2756 if (cmd->user_data != conn)
2757 continue;
2758
2759 return cmd;
2760 }
2761
2762 return NULL;
2763}
2764
2765static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2766{
2767 struct mgmt_rp_pair_device rp;
2768 struct hci_conn *conn = cmd->user_data;
2769 int err;
2770
2771 bacpy(&rp.addr.bdaddr, &conn->dst);
2772 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2773
2774 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2775 status, &rp, sizeof(rp));
2776
2777 /* So we don't get further callbacks for this connection */
2778 conn->connect_cfm_cb = NULL;
2779 conn->security_cfm_cb = NULL;
2780 conn->disconn_cfm_cb = NULL;
2781
2782 hci_conn_drop(conn);
2783
2784 /* The device is paired so there is no need to remove
2785 * its connection parameters anymore.
2786 */
2787 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2788
2789 hci_conn_put(conn);
2790
2791 return err;
2792}
2793
2794void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2795{
2796 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2797 struct mgmt_pending_cmd *cmd;
2798
2799 cmd = find_pairing(conn);
2800 if (cmd) {
2801 cmd->cmd_complete(cmd, status);
2802 mgmt_pending_remove(cmd);
2803 }
2804}
2805
2806static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2807{
2808 struct mgmt_pending_cmd *cmd;
2809
2810 BT_DBG("status %u", status);
2811
2812 cmd = find_pairing(conn);
2813 if (!cmd) {
2814 BT_DBG("Unable to find a pending command");
2815 return;
2816 }
2817
2818 cmd->cmd_complete(cmd, mgmt_status(status));
2819 mgmt_pending_remove(cmd);
2820}
2821
2822static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2823{
2824 struct mgmt_pending_cmd *cmd;
2825
2826 BT_DBG("status %u", status);
2827
2828 if (!status)
2829 return;
2830
2831 cmd = find_pairing(conn);
2832 if (!cmd) {
2833 BT_DBG("Unable to find a pending command");
2834 return;
2835 }
2836
2837 cmd->cmd_complete(cmd, mgmt_status(status));
2838 mgmt_pending_remove(cmd);
2839}
2840
2841static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2842 u16 len)
2843{
2844 struct mgmt_cp_pair_device *cp = data;
2845 struct mgmt_rp_pair_device rp;
2846 struct mgmt_pending_cmd *cmd;
2847 u8 sec_level, auth_type;
2848 struct hci_conn *conn;
2849 int err;
2850
2851 BT_DBG("");
2852
2853 memset(&rp, 0, sizeof(rp));
2854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2855 rp.addr.type = cp->addr.type;
2856
2857 if (!bdaddr_type_is_valid(cp->addr.type))
2858 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2859 MGMT_STATUS_INVALID_PARAMS,
2860 &rp, sizeof(rp));
2861
2862 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2863 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2864 MGMT_STATUS_INVALID_PARAMS,
2865 &rp, sizeof(rp));
2866
2867 hci_dev_lock(hdev);
2868
2869 if (!hdev_is_powered(hdev)) {
2870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2871 MGMT_STATUS_NOT_POWERED, &rp,
2872 sizeof(rp));
2873 goto unlock;
2874 }
2875
2876 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2878 MGMT_STATUS_ALREADY_PAIRED, &rp,
2879 sizeof(rp));
2880 goto unlock;
2881 }
2882
2883 sec_level = BT_SECURITY_MEDIUM;
2884 auth_type = HCI_AT_DEDICATED_BONDING;
2885
2886 if (cp->addr.type == BDADDR_BREDR) {
2887 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2888 auth_type);
2889 } else {
2890 u8 addr_type = le_addr_type(cp->addr.type);
2891 struct hci_conn_params *p;
2892
2893 /* When pairing a new device, it is expected to remember
2894 * this device for future connections. Adding the connection
2895 * parameter information ahead of time allows tracking
2896 * of the slave preferred values and will speed up any
2897 * further connection establishment.
2898 *
2899 * If connection parameters already exist, then they
2900 * will be kept and this function does nothing.
2901 */
2902 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2903
2904 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2905 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2906
2907 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2908 addr_type, sec_level,
2909 HCI_LE_CONN_TIMEOUT);
2910 }
2911
2912 if (IS_ERR(conn)) {
2913 int status;
2914
2915 if (PTR_ERR(conn) == -EBUSY)
2916 status = MGMT_STATUS_BUSY;
2917 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2918 status = MGMT_STATUS_NOT_SUPPORTED;
2919 else if (PTR_ERR(conn) == -ECONNREFUSED)
2920 status = MGMT_STATUS_REJECTED;
2921 else
2922 status = MGMT_STATUS_CONNECT_FAILED;
2923
2924 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2925 status, &rp, sizeof(rp));
2926 goto unlock;
2927 }
2928
2929 if (conn->connect_cfm_cb) {
2930 hci_conn_drop(conn);
2931 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2932 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2933 goto unlock;
2934 }
2935
2936 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2937 if (!cmd) {
2938 err = -ENOMEM;
2939 hci_conn_drop(conn);
2940 goto unlock;
2941 }
2942
2943 cmd->cmd_complete = pairing_complete;
2944
2945 /* For LE, just connecting isn't a proof that the pairing finished */
2946 if (cp->addr.type == BDADDR_BREDR) {
2947 conn->connect_cfm_cb = pairing_complete_cb;
2948 conn->security_cfm_cb = pairing_complete_cb;
2949 conn->disconn_cfm_cb = pairing_complete_cb;
2950 } else {
2951 conn->connect_cfm_cb = le_pairing_complete_cb;
2952 conn->security_cfm_cb = le_pairing_complete_cb;
2953 conn->disconn_cfm_cb = le_pairing_complete_cb;
2954 }
2955
2956 conn->io_capability = cp->io_cap;
2957 cmd->user_data = hci_conn_get(conn);
2958
2959 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2960 hci_conn_security(conn, sec_level, auth_type, true)) {
2961 cmd->cmd_complete(cmd, 0);
2962 mgmt_pending_remove(cmd);
2963 }
2964
2965 err = 0;
2966
2967unlock:
2968 hci_dev_unlock(hdev);
2969 return err;
2970}
2971
2972static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2973 u16 len)
2974{
2975 struct mgmt_addr_info *addr = data;
2976 struct mgmt_pending_cmd *cmd;
2977 struct hci_conn *conn;
2978 int err;
2979
2980 BT_DBG("");
2981
2982 hci_dev_lock(hdev);
2983
2984 if (!hdev_is_powered(hdev)) {
2985 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2986 MGMT_STATUS_NOT_POWERED);
2987 goto unlock;
2988 }
2989
2990 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2991 if (!cmd) {
2992 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2993 MGMT_STATUS_INVALID_PARAMS);
2994 goto unlock;
2995 }
2996
2997 conn = cmd->user_data;
2998
2999 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3001 MGMT_STATUS_INVALID_PARAMS);
3002 goto unlock;
3003 }
3004
3005 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3006 mgmt_pending_remove(cmd);
3007
3008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3009 addr, sizeof(*addr));
3010unlock:
3011 hci_dev_unlock(hdev);
3012 return err;
3013}
3014
3015static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3016 struct mgmt_addr_info *addr, u16 mgmt_op,
3017 u16 hci_op, __le32 passkey)
3018{
3019 struct mgmt_pending_cmd *cmd;
3020 struct hci_conn *conn;
3021 int err;
3022
3023 hci_dev_lock(hdev);
3024
3025 if (!hdev_is_powered(hdev)) {
3026 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3027 MGMT_STATUS_NOT_POWERED, addr,
3028 sizeof(*addr));
3029 goto done;
3030 }
3031
3032 if (addr->type == BDADDR_BREDR)
3033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3034 else
3035 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3036 le_addr_type(addr->type));
3037
3038 if (!conn) {
3039 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3040 MGMT_STATUS_NOT_CONNECTED, addr,
3041 sizeof(*addr));
3042 goto done;
3043 }
3044
3045 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3046 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3047 if (!err)
3048 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3049 MGMT_STATUS_SUCCESS, addr,
3050 sizeof(*addr));
3051 else
3052 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3053 MGMT_STATUS_FAILED, addr,
3054 sizeof(*addr));
3055
3056 goto done;
3057 }
3058
3059 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3060 if (!cmd) {
3061 err = -ENOMEM;
3062 goto done;
3063 }
3064
3065 cmd->cmd_complete = addr_cmd_complete;
3066
3067 /* Continue with pairing via HCI */
3068 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3069 struct hci_cp_user_passkey_reply cp;
3070
3071 bacpy(&cp.bdaddr, &addr->bdaddr);
3072 cp.passkey = passkey;
3073 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3074 } else
3075 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3076 &addr->bdaddr);
3077
3078 if (err < 0)
3079 mgmt_pending_remove(cmd);
3080
3081done:
3082 hci_dev_unlock(hdev);
3083 return err;
3084}
3085
3086static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3087 void *data, u16 len)
3088{
3089 struct mgmt_cp_pin_code_neg_reply *cp = data;
3090
3091 BT_DBG("");
3092
3093 return user_pairing_resp(sk, hdev, &cp->addr,
3094 MGMT_OP_PIN_CODE_NEG_REPLY,
3095 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3096}
3097
3098static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3099 u16 len)
3100{
3101 struct mgmt_cp_user_confirm_reply *cp = data;
3102
3103 BT_DBG("");
3104
3105 if (len != sizeof(*cp))
3106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3107 MGMT_STATUS_INVALID_PARAMS);
3108
3109 return user_pairing_resp(sk, hdev, &cp->addr,
3110 MGMT_OP_USER_CONFIRM_REPLY,
3111 HCI_OP_USER_CONFIRM_REPLY, 0);
3112}
3113
3114static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3115 void *data, u16 len)
3116{
3117 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3118
3119 BT_DBG("");
3120
3121 return user_pairing_resp(sk, hdev, &cp->addr,
3122 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3123 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3124}
3125
3126static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3127 u16 len)
3128{
3129 struct mgmt_cp_user_passkey_reply *cp = data;
3130
3131 BT_DBG("");
3132
3133 return user_pairing_resp(sk, hdev, &cp->addr,
3134 MGMT_OP_USER_PASSKEY_REPLY,
3135 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3136}
3137
3138static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3139 void *data, u16 len)
3140{
3141 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3142
3143 BT_DBG("");
3144
3145 return user_pairing_resp(sk, hdev, &cp->addr,
3146 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3147 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3148}
3149
3150static void adv_expire(struct hci_dev *hdev, u32 flags)
3151{
3152 struct adv_info *adv_instance;
3153 struct hci_request req;
3154 int err;
3155
3156 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3157 if (!adv_instance)
3158 return;
3159
3160 /* stop if current instance doesn't need to be changed */
3161 if (!(adv_instance->flags & flags))
3162 return;
3163
3164 cancel_adv_timeout(hdev);
3165
3166 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3167 if (!adv_instance)
3168 return;
3169
3170 hci_req_init(&req, hdev);
3171 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3172 true);
3173 if (err)
3174 return;
3175
3176 hci_req_run(&req, NULL);
3177}
3178
3179static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3180{
3181 struct mgmt_cp_set_local_name *cp;
3182 struct mgmt_pending_cmd *cmd;
3183
3184 BT_DBG("status 0x%02x", status);
3185
3186 hci_dev_lock(hdev);
3187
3188 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3189 if (!cmd)
3190 goto unlock;
3191
3192 cp = cmd->param;
3193
3194 if (status) {
3195 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3196 mgmt_status(status));
3197 } else {
3198 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3199 cp, sizeof(*cp));
3200
3201 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3202 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3203 }
3204
3205 mgmt_pending_remove(cmd);
3206
3207unlock:
3208 hci_dev_unlock(hdev);
3209}
3210
3211static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3212 u16 len)
3213{
3214 struct mgmt_cp_set_local_name *cp = data;
3215 struct mgmt_pending_cmd *cmd;
3216 struct hci_request req;
3217 int err;
3218
3219 BT_DBG("");
3220
3221 hci_dev_lock(hdev);
3222
3223 /* If the old values are the same as the new ones just return a
3224 * direct command complete event.
3225 */
3226 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3227 !memcmp(hdev->short_name, cp->short_name,
3228 sizeof(hdev->short_name))) {
3229 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3230 data, len);
3231 goto failed;
3232 }
3233
3234 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3235
3236 if (!hdev_is_powered(hdev)) {
3237 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3238
3239 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3240 data, len);
3241 if (err < 0)
3242 goto failed;
3243
3244 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3245 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3246 ext_info_changed(hdev, sk);
3247
3248 goto failed;
3249 }
3250
3251 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3252 if (!cmd) {
3253 err = -ENOMEM;
3254 goto failed;
3255 }
3256
3257 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3258
3259 hci_req_init(&req, hdev);
3260
3261 if (lmp_bredr_capable(hdev)) {
3262 __hci_req_update_name(&req);
3263 __hci_req_update_eir(&req);
3264 }
3265
3266 /* The name is stored in the scan response data and so
3267 * no need to udpate the advertising data here.
3268 */
3269 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3270 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3271
3272 err = hci_req_run(&req, set_name_complete);
3273 if (err < 0)
3274 mgmt_pending_remove(cmd);
3275
3276failed:
3277 hci_dev_unlock(hdev);
3278 return err;
3279}
3280
3281static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3282 u16 len)
3283{
3284 struct mgmt_cp_set_appearance *cp = data;
3285 u16 apperance;
3286 int err;
3287
3288 BT_DBG("");
3289
3290 if (!lmp_le_capable(hdev))
3291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3292 MGMT_STATUS_NOT_SUPPORTED);
3293
3294 apperance = le16_to_cpu(cp->appearance);
3295
3296 hci_dev_lock(hdev);
3297
3298 if (hdev->appearance != apperance) {
3299 hdev->appearance = apperance;
3300
3301 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3302 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3303
3304 ext_info_changed(hdev, sk);
3305 }
3306
3307 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3308 0);
3309
3310 hci_dev_unlock(hdev);
3311
3312 return err;
3313}
3314
3315static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3316 void *data, u16 len)
3317{
3318 struct mgmt_rp_get_phy_confguration rp;
3319
3320 BT_DBG("sock %p %s", sk, hdev->name);
3321
3322 hci_dev_lock(hdev);
3323
3324 memset(&rp, 0, sizeof(rp));
3325
3326 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3327 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3328 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3329
3330 hci_dev_unlock(hdev);
3331
3332 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3333 &rp, sizeof(rp));
3334}
3335
3336int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3337{
3338 struct mgmt_ev_phy_configuration_changed ev;
3339
3340 memset(&ev, 0, sizeof(ev));
3341
3342 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3343
3344 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3345 sizeof(ev), skip);
3346}
3347
3348static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3349 u16 opcode, struct sk_buff *skb)
3350{
3351 struct mgmt_pending_cmd *cmd;
3352
3353 BT_DBG("status 0x%02x", status);
3354
3355 hci_dev_lock(hdev);
3356
3357 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3358 if (!cmd)
3359 goto unlock;
3360
3361 if (status) {
3362 mgmt_cmd_status(cmd->sk, hdev->id,
3363 MGMT_OP_SET_PHY_CONFIGURATION,
3364 mgmt_status(status));
3365 } else {
3366 mgmt_cmd_complete(cmd->sk, hdev->id,
3367 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3368 NULL, 0);
3369
3370 mgmt_phy_configuration_changed(hdev, cmd->sk);
3371 }
3372
3373 mgmt_pending_remove(cmd);
3374
3375unlock:
3376 hci_dev_unlock(hdev);
3377}
3378
3379static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3380 void *data, u16 len)
3381{
3382 struct mgmt_cp_set_phy_confguration *cp = data;
3383 struct hci_cp_le_set_default_phy cp_phy;
3384 struct mgmt_pending_cmd *cmd;
3385 struct hci_request req;
3386 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3387 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3388 bool changed = false;
3389 int err;
3390
3391 BT_DBG("sock %p %s", sk, hdev->name);
3392
3393 configurable_phys = get_configurable_phys(hdev);
3394 supported_phys = get_supported_phys(hdev);
3395 selected_phys = __le32_to_cpu(cp->selected_phys);
3396
3397 if (selected_phys & ~supported_phys)
3398 return mgmt_cmd_status(sk, hdev->id,
3399 MGMT_OP_SET_PHY_CONFIGURATION,
3400 MGMT_STATUS_INVALID_PARAMS);
3401
3402 unconfigure_phys = supported_phys & ~configurable_phys;
3403
3404 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3405 return mgmt_cmd_status(sk, hdev->id,
3406 MGMT_OP_SET_PHY_CONFIGURATION,
3407 MGMT_STATUS_INVALID_PARAMS);
3408
3409 if (selected_phys == get_selected_phys(hdev))
3410 return mgmt_cmd_complete(sk, hdev->id,
3411 MGMT_OP_SET_PHY_CONFIGURATION,
3412 0, NULL, 0);
3413
3414 hci_dev_lock(hdev);
3415
3416 if (!hdev_is_powered(hdev)) {
3417 err = mgmt_cmd_status(sk, hdev->id,
3418 MGMT_OP_SET_PHY_CONFIGURATION,
3419 MGMT_STATUS_REJECTED);
3420 goto unlock;
3421 }
3422
3423 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3424 err = mgmt_cmd_status(sk, hdev->id,
3425 MGMT_OP_SET_PHY_CONFIGURATION,
3426 MGMT_STATUS_BUSY);
3427 goto unlock;
3428 }
3429
3430 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3431 pkt_type |= (HCI_DH3 | HCI_DM3);
3432 else
3433 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3434
3435 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3436 pkt_type |= (HCI_DH5 | HCI_DM5);
3437 else
3438 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3439
3440 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3441 pkt_type &= ~HCI_2DH1;
3442 else
3443 pkt_type |= HCI_2DH1;
3444
3445 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3446 pkt_type &= ~HCI_2DH3;
3447 else
3448 pkt_type |= HCI_2DH3;
3449
3450 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3451 pkt_type &= ~HCI_2DH5;
3452 else
3453 pkt_type |= HCI_2DH5;
3454
3455 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3456 pkt_type &= ~HCI_3DH1;
3457 else
3458 pkt_type |= HCI_3DH1;
3459
3460 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3461 pkt_type &= ~HCI_3DH3;
3462 else
3463 pkt_type |= HCI_3DH3;
3464
3465 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3466 pkt_type &= ~HCI_3DH5;
3467 else
3468 pkt_type |= HCI_3DH5;
3469
3470 if (pkt_type != hdev->pkt_type) {
3471 hdev->pkt_type = pkt_type;
3472 changed = true;
3473 }
3474
3475 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3476 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3477 if (changed)
3478 mgmt_phy_configuration_changed(hdev, sk);
3479
3480 err = mgmt_cmd_complete(sk, hdev->id,
3481 MGMT_OP_SET_PHY_CONFIGURATION,
3482 0, NULL, 0);
3483
3484 goto unlock;
3485 }
3486
3487 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3488 len);
3489 if (!cmd) {
3490 err = -ENOMEM;
3491 goto unlock;
3492 }
3493
3494 hci_req_init(&req, hdev);
3495
3496 memset(&cp_phy, 0, sizeof(cp_phy));
3497
3498 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3499 cp_phy.all_phys |= 0x01;
3500
3501 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3502 cp_phy.all_phys |= 0x02;
3503
3504 if (selected_phys & MGMT_PHY_LE_1M_TX)
3505 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3506
3507 if (selected_phys & MGMT_PHY_LE_2M_TX)
3508 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3509
3510 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3511 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3512
3513 if (selected_phys & MGMT_PHY_LE_1M_RX)
3514 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3515
3516 if (selected_phys & MGMT_PHY_LE_2M_RX)
3517 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3518
3519 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3520 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3521
3522 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3523
3524 err = hci_req_run_skb(&req, set_default_phy_complete);
3525 if (err < 0)
3526 mgmt_pending_remove(cmd);
3527
3528unlock:
3529 hci_dev_unlock(hdev);
3530
3531 return err;
3532}
3533
3534static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3535 u16 opcode, struct sk_buff *skb)
3536{
3537 struct mgmt_rp_read_local_oob_data mgmt_rp;
3538 size_t rp_size = sizeof(mgmt_rp);
3539 struct mgmt_pending_cmd *cmd;
3540
3541 BT_DBG("%s status %u", hdev->name, status);
3542
3543 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3544 if (!cmd)
3545 return;
3546
3547 if (status || !skb) {
3548 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3549 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3550 goto remove;
3551 }
3552
3553 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3554
3555 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3556 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3557
3558 if (skb->len < sizeof(*rp)) {
3559 mgmt_cmd_status(cmd->sk, hdev->id,
3560 MGMT_OP_READ_LOCAL_OOB_DATA,
3561 MGMT_STATUS_FAILED);
3562 goto remove;
3563 }
3564
3565 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3566 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3567
3568 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3569 } else {
3570 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3571
3572 if (skb->len < sizeof(*rp)) {
3573 mgmt_cmd_status(cmd->sk, hdev->id,
3574 MGMT_OP_READ_LOCAL_OOB_DATA,
3575 MGMT_STATUS_FAILED);
3576 goto remove;
3577 }
3578
3579 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3580 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3581
3582 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3583 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3584 }
3585
3586 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3587 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3588
3589remove:
3590 mgmt_pending_remove(cmd);
3591}
3592
3593static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3594 void *data, u16 data_len)
3595{
3596 struct mgmt_pending_cmd *cmd;
3597 struct hci_request req;
3598 int err;
3599
3600 BT_DBG("%s", hdev->name);
3601
3602 hci_dev_lock(hdev);
3603
3604 if (!hdev_is_powered(hdev)) {
3605 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3606 MGMT_STATUS_NOT_POWERED);
3607 goto unlock;
3608 }
3609
3610 if (!lmp_ssp_capable(hdev)) {
3611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3612 MGMT_STATUS_NOT_SUPPORTED);
3613 goto unlock;
3614 }
3615
3616 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3618 MGMT_STATUS_BUSY);
3619 goto unlock;
3620 }
3621
3622 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3623 if (!cmd) {
3624 err = -ENOMEM;
3625 goto unlock;
3626 }
3627
3628 hci_req_init(&req, hdev);
3629
3630 if (bredr_sc_enabled(hdev))
3631 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3632 else
3633 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3634
3635 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3636 if (err < 0)
3637 mgmt_pending_remove(cmd);
3638
3639unlock:
3640 hci_dev_unlock(hdev);
3641 return err;
3642}
3643
3644static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3645 void *data, u16 len)
3646{
3647 struct mgmt_addr_info *addr = data;
3648 int err;
3649
3650 BT_DBG("%s ", hdev->name);
3651
3652 if (!bdaddr_type_is_valid(addr->type))
3653 return mgmt_cmd_complete(sk, hdev->id,
3654 MGMT_OP_ADD_REMOTE_OOB_DATA,
3655 MGMT_STATUS_INVALID_PARAMS,
3656 addr, sizeof(*addr));
3657
3658 hci_dev_lock(hdev);
3659
3660 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3661 struct mgmt_cp_add_remote_oob_data *cp = data;
3662 u8 status;
3663
3664 if (cp->addr.type != BDADDR_BREDR) {
3665 err = mgmt_cmd_complete(sk, hdev->id,
3666 MGMT_OP_ADD_REMOTE_OOB_DATA,
3667 MGMT_STATUS_INVALID_PARAMS,
3668 &cp->addr, sizeof(cp->addr));
3669 goto unlock;
3670 }
3671
3672 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3673 cp->addr.type, cp->hash,
3674 cp->rand, NULL, NULL);
3675 if (err < 0)
3676 status = MGMT_STATUS_FAILED;
3677 else
3678 status = MGMT_STATUS_SUCCESS;
3679
3680 err = mgmt_cmd_complete(sk, hdev->id,
3681 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3682 &cp->addr, sizeof(cp->addr));
3683 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3684 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3685 u8 *rand192, *hash192, *rand256, *hash256;
3686 u8 status;
3687
3688 if (bdaddr_type_is_le(cp->addr.type)) {
3689 /* Enforce zero-valued 192-bit parameters as
3690 * long as legacy SMP OOB isn't implemented.
3691 */
3692 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3693 memcmp(cp->hash192, ZERO_KEY, 16)) {
3694 err = mgmt_cmd_complete(sk, hdev->id,
3695 MGMT_OP_ADD_REMOTE_OOB_DATA,
3696 MGMT_STATUS_INVALID_PARAMS,
3697 addr, sizeof(*addr));
3698 goto unlock;
3699 }
3700
3701 rand192 = NULL;
3702 hash192 = NULL;
3703 } else {
3704 /* In case one of the P-192 values is set to zero,
3705 * then just disable OOB data for P-192.
3706 */
3707 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3708 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3709 rand192 = NULL;
3710 hash192 = NULL;
3711 } else {
3712 rand192 = cp->rand192;
3713 hash192 = cp->hash192;
3714 }
3715 }
3716
3717 /* In case one of the P-256 values is set to zero, then just
3718 * disable OOB data for P-256.
3719 */
3720 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3721 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3722 rand256 = NULL;
3723 hash256 = NULL;
3724 } else {
3725 rand256 = cp->rand256;
3726 hash256 = cp->hash256;
3727 }
3728
3729 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3730 cp->addr.type, hash192, rand192,
3731 hash256, rand256);
3732 if (err < 0)
3733 status = MGMT_STATUS_FAILED;
3734 else
3735 status = MGMT_STATUS_SUCCESS;
3736
3737 err = mgmt_cmd_complete(sk, hdev->id,
3738 MGMT_OP_ADD_REMOTE_OOB_DATA,
3739 status, &cp->addr, sizeof(cp->addr));
3740 } else {
3741 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3742 len);
3743 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3744 MGMT_STATUS_INVALID_PARAMS);
3745 }
3746
3747unlock:
3748 hci_dev_unlock(hdev);
3749 return err;
3750}
3751
3752static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3753 void *data, u16 len)
3754{
3755 struct mgmt_cp_remove_remote_oob_data *cp = data;
3756 u8 status;
3757 int err;
3758
3759 BT_DBG("%s", hdev->name);
3760
3761 if (cp->addr.type != BDADDR_BREDR)
3762 return mgmt_cmd_complete(sk, hdev->id,
3763 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3764 MGMT_STATUS_INVALID_PARAMS,
3765 &cp->addr, sizeof(cp->addr));
3766
3767 hci_dev_lock(hdev);
3768
3769 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3770 hci_remote_oob_data_clear(hdev);
3771 status = MGMT_STATUS_SUCCESS;
3772 goto done;
3773 }
3774
3775 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3776 if (err < 0)
3777 status = MGMT_STATUS_INVALID_PARAMS;
3778 else
3779 status = MGMT_STATUS_SUCCESS;
3780
3781done:
3782 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3783 status, &cp->addr, sizeof(cp->addr));
3784
3785 hci_dev_unlock(hdev);
3786 return err;
3787}
3788
3789void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3790{
3791 struct mgmt_pending_cmd *cmd;
3792
3793 BT_DBG("status %d", status);
3794
3795 hci_dev_lock(hdev);
3796
3797 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3798 if (!cmd)
3799 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3800
3801 if (!cmd)
3802 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3803
3804 if (cmd) {
3805 cmd->cmd_complete(cmd, mgmt_status(status));
3806 mgmt_pending_remove(cmd);
3807 }
3808
3809 hci_dev_unlock(hdev);
3810}
3811
3812static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3813 uint8_t *mgmt_status)
3814{
3815 switch (type) {
3816 case DISCOV_TYPE_LE:
3817 *mgmt_status = mgmt_le_support(hdev);
3818 if (*mgmt_status)
3819 return false;
3820 break;
3821 case DISCOV_TYPE_INTERLEAVED:
3822 *mgmt_status = mgmt_le_support(hdev);
3823 if (*mgmt_status)
3824 return false;
3825 /* Intentional fall-through */
3826 case DISCOV_TYPE_BREDR:
3827 *mgmt_status = mgmt_bredr_support(hdev);
3828 if (*mgmt_status)
3829 return false;
3830 break;
3831 default:
3832 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3833 return false;
3834 }
3835
3836 return true;
3837}
3838
3839static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3840 u16 op, void *data, u16 len)
3841{
3842 struct mgmt_cp_start_discovery *cp = data;
3843 struct mgmt_pending_cmd *cmd;
3844 u8 status;
3845 int err;
3846
3847 BT_DBG("%s", hdev->name);
3848
3849 hci_dev_lock(hdev);
3850
3851 if (!hdev_is_powered(hdev)) {
3852 err = mgmt_cmd_complete(sk, hdev->id, op,
3853 MGMT_STATUS_NOT_POWERED,
3854 &cp->type, sizeof(cp->type));
3855 goto failed;
3856 }
3857
3858 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3859 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3860 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3861 &cp->type, sizeof(cp->type));
3862 goto failed;
3863 }
3864
3865 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3866 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3867 &cp->type, sizeof(cp->type));
3868 goto failed;
3869 }
3870
3871 /* Clear the discovery filter first to free any previously
3872 * allocated memory for the UUID list.
3873 */
3874 hci_discovery_filter_clear(hdev);
3875
3876 hdev->discovery.type = cp->type;
3877 hdev->discovery.report_invalid_rssi = false;
3878 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3879 hdev->discovery.limited = true;
3880 else
3881 hdev->discovery.limited = false;
3882
3883 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3884 if (!cmd) {
3885 err = -ENOMEM;
3886 goto failed;
3887 }
3888
3889 cmd->cmd_complete = generic_cmd_complete;
3890
3891 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3892 queue_work(hdev->req_workqueue, &hdev->discov_update);
3893 err = 0;
3894
3895failed:
3896 hci_dev_unlock(hdev);
3897 return err;
3898}
3899
3900static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3901 void *data, u16 len)
3902{
3903 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3904 data, len);
3905}
3906
3907static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3908 void *data, u16 len)
3909{
3910 return start_discovery_internal(sk, hdev,
3911 MGMT_OP_START_LIMITED_DISCOVERY,
3912 data, len);
3913}
3914
3915static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3916 u8 status)
3917{
3918 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3919 cmd->param, 1);
3920}
3921
3922static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3923 void *data, u16 len)
3924{
3925 struct mgmt_cp_start_service_discovery *cp = data;
3926 struct mgmt_pending_cmd *cmd;
3927 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3928 u16 uuid_count, expected_len;
3929 u8 status;
3930 int err;
3931
3932 BT_DBG("%s", hdev->name);
3933
3934 hci_dev_lock(hdev);
3935
3936 if (!hdev_is_powered(hdev)) {
3937 err = mgmt_cmd_complete(sk, hdev->id,
3938 MGMT_OP_START_SERVICE_DISCOVERY,
3939 MGMT_STATUS_NOT_POWERED,
3940 &cp->type, sizeof(cp->type));
3941 goto failed;
3942 }
3943
3944 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3945 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3946 err = mgmt_cmd_complete(sk, hdev->id,
3947 MGMT_OP_START_SERVICE_DISCOVERY,
3948 MGMT_STATUS_BUSY, &cp->type,
3949 sizeof(cp->type));
3950 goto failed;
3951 }
3952
3953 uuid_count = __le16_to_cpu(cp->uuid_count);
3954 if (uuid_count > max_uuid_count) {
3955 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3956 uuid_count);
3957 err = mgmt_cmd_complete(sk, hdev->id,
3958 MGMT_OP_START_SERVICE_DISCOVERY,
3959 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3960 sizeof(cp->type));
3961 goto failed;
3962 }
3963
3964 expected_len = sizeof(*cp) + uuid_count * 16;
3965 if (expected_len != len) {
3966 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3967 expected_len, len);
3968 err = mgmt_cmd_complete(sk, hdev->id,
3969 MGMT_OP_START_SERVICE_DISCOVERY,
3970 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3971 sizeof(cp->type));
3972 goto failed;
3973 }
3974
3975 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3976 err = mgmt_cmd_complete(sk, hdev->id,
3977 MGMT_OP_START_SERVICE_DISCOVERY,
3978 status, &cp->type, sizeof(cp->type));
3979 goto failed;
3980 }
3981
3982 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3983 hdev, data, len);
3984 if (!cmd) {
3985 err = -ENOMEM;
3986 goto failed;
3987 }
3988
3989 cmd->cmd_complete = service_discovery_cmd_complete;
3990
3991 /* Clear the discovery filter first to free any previously
3992 * allocated memory for the UUID list.
3993 */
3994 hci_discovery_filter_clear(hdev);
3995
3996 hdev->discovery.result_filtering = true;
3997 hdev->discovery.type = cp->type;
3998 hdev->discovery.rssi = cp->rssi;
3999 hdev->discovery.uuid_count = uuid_count;
4000
4001 if (uuid_count > 0) {
4002 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4003 GFP_KERNEL);
4004 if (!hdev->discovery.uuids) {
4005 err = mgmt_cmd_complete(sk, hdev->id,
4006 MGMT_OP_START_SERVICE_DISCOVERY,
4007 MGMT_STATUS_FAILED,
4008 &cp->type, sizeof(cp->type));
4009 mgmt_pending_remove(cmd);
4010 goto failed;
4011 }
4012 }
4013
4014 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4015 queue_work(hdev->req_workqueue, &hdev->discov_update);
4016 err = 0;
4017
4018failed:
4019 hci_dev_unlock(hdev);
4020 return err;
4021}
4022
4023void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4024{
4025 struct mgmt_pending_cmd *cmd;
4026
4027 BT_DBG("status %d", status);
4028
4029 hci_dev_lock(hdev);
4030
4031 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4032 if (cmd) {
4033 cmd->cmd_complete(cmd, mgmt_status(status));
4034 mgmt_pending_remove(cmd);
4035 }
4036
4037 hci_dev_unlock(hdev);
4038}
4039
4040static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4041 u16 len)
4042{
4043 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4044 struct mgmt_pending_cmd *cmd;
4045 int err;
4046
4047 BT_DBG("%s", hdev->name);
4048
4049 hci_dev_lock(hdev);
4050
4051 if (!hci_discovery_active(hdev)) {
4052 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4053 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4054 sizeof(mgmt_cp->type));
4055 goto unlock;
4056 }
4057
4058 if (hdev->discovery.type != mgmt_cp->type) {
4059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4060 MGMT_STATUS_INVALID_PARAMS,
4061 &mgmt_cp->type, sizeof(mgmt_cp->type));
4062 goto unlock;
4063 }
4064
4065 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4066 if (!cmd) {
4067 err = -ENOMEM;
4068 goto unlock;
4069 }
4070
4071 cmd->cmd_complete = generic_cmd_complete;
4072
4073 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4074 queue_work(hdev->req_workqueue, &hdev->discov_update);
4075 err = 0;
4076
4077unlock:
4078 hci_dev_unlock(hdev);
4079 return err;
4080}
4081
4082static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4083 u16 len)
4084{
4085 struct mgmt_cp_confirm_name *cp = data;
4086 struct inquiry_entry *e;
4087 int err;
4088
4089 BT_DBG("%s", hdev->name);
4090
4091 hci_dev_lock(hdev);
4092
4093 if (!hci_discovery_active(hdev)) {
4094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4095 MGMT_STATUS_FAILED, &cp->addr,
4096 sizeof(cp->addr));
4097 goto failed;
4098 }
4099
4100 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4101 if (!e) {
4102 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4103 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4104 sizeof(cp->addr));
4105 goto failed;
4106 }
4107
4108 if (cp->name_known) {
4109 e->name_state = NAME_KNOWN;
4110 list_del(&e->list);
4111 } else {
4112 e->name_state = NAME_NEEDED;
4113 hci_inquiry_cache_update_resolve(hdev, e);
4114 }
4115
4116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4117 &cp->addr, sizeof(cp->addr));
4118
4119failed:
4120 hci_dev_unlock(hdev);
4121 return err;
4122}
4123
4124static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4125 u16 len)
4126{
4127 struct mgmt_cp_block_device *cp = data;
4128 u8 status;
4129 int err;
4130
4131 BT_DBG("%s", hdev->name);
4132
4133 if (!bdaddr_type_is_valid(cp->addr.type))
4134 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4135 MGMT_STATUS_INVALID_PARAMS,
4136 &cp->addr, sizeof(cp->addr));
4137
4138 hci_dev_lock(hdev);
4139
4140 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4141 cp->addr.type);
4142 if (err < 0) {
4143 status = MGMT_STATUS_FAILED;
4144 goto done;
4145 }
4146
4147 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4148 sk);
4149 status = MGMT_STATUS_SUCCESS;
4150
4151done:
4152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4153 &cp->addr, sizeof(cp->addr));
4154
4155 hci_dev_unlock(hdev);
4156
4157 return err;
4158}
4159
4160static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4161 u16 len)
4162{
4163 struct mgmt_cp_unblock_device *cp = data;
4164 u8 status;
4165 int err;
4166
4167 BT_DBG("%s", hdev->name);
4168
4169 if (!bdaddr_type_is_valid(cp->addr.type))
4170 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4171 MGMT_STATUS_INVALID_PARAMS,
4172 &cp->addr, sizeof(cp->addr));
4173
4174 hci_dev_lock(hdev);
4175
4176 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4177 cp->addr.type);
4178 if (err < 0) {
4179 status = MGMT_STATUS_INVALID_PARAMS;
4180 goto done;
4181 }
4182
4183 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4184 sk);
4185 status = MGMT_STATUS_SUCCESS;
4186
4187done:
4188 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4189 &cp->addr, sizeof(cp->addr));
4190
4191 hci_dev_unlock(hdev);
4192
4193 return err;
4194}
4195
4196static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4197 u16 len)
4198{
4199 struct mgmt_cp_set_device_id *cp = data;
4200 struct hci_request req;
4201 int err;
4202 __u16 source;
4203
4204 BT_DBG("%s", hdev->name);
4205
4206 source = __le16_to_cpu(cp->source);
4207
4208 if (source > 0x0002)
4209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4210 MGMT_STATUS_INVALID_PARAMS);
4211
4212 hci_dev_lock(hdev);
4213
4214 hdev->devid_source = source;
4215 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4216 hdev->devid_product = __le16_to_cpu(cp->product);
4217 hdev->devid_version = __le16_to_cpu(cp->version);
4218
4219 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4220 NULL, 0);
4221
4222 hci_req_init(&req, hdev);
4223 __hci_req_update_eir(&req);
4224 hci_req_run(&req, NULL);
4225
4226 hci_dev_unlock(hdev);
4227
4228 return err;
4229}
4230
4231static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4232 u16 opcode)
4233{
4234 BT_DBG("status %d", status);
4235}
4236
4237static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4238 u16 opcode)
4239{
4240 struct cmd_lookup match = { NULL, hdev };
4241 struct hci_request req;
4242 u8 instance;
4243 struct adv_info *adv_instance;
4244 int err;
4245
4246 hci_dev_lock(hdev);
4247
4248 if (status) {
4249 u8 mgmt_err = mgmt_status(status);
4250
4251 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4252 cmd_status_rsp, &mgmt_err);
4253 goto unlock;
4254 }
4255
4256 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4257 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4258 else
4259 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4260
4261 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4262 &match);
4263
4264 new_settings(hdev, match.sk);
4265
4266 if (match.sk)
4267 sock_put(match.sk);
4268
4269 /* If "Set Advertising" was just disabled and instance advertising was
4270 * set up earlier, then re-enable multi-instance advertising.
4271 */
4272 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4273 list_empty(&hdev->adv_instances))
4274 goto unlock;
4275
4276 instance = hdev->cur_adv_instance;
4277 if (!instance) {
4278 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4279 struct adv_info, list);
4280 if (!adv_instance)
4281 goto unlock;
4282
4283 instance = adv_instance->instance;
4284 }
4285
4286 hci_req_init(&req, hdev);
4287
4288 err = __hci_req_schedule_adv_instance(&req, instance, true);
4289
4290 if (!err)
4291 err = hci_req_run(&req, enable_advertising_instance);
4292
4293 if (err)
4294 bt_dev_err(hdev, "failed to re-configure advertising");
4295
4296unlock:
4297 hci_dev_unlock(hdev);
4298}
4299
4300static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4301 u16 len)
4302{
4303 struct mgmt_mode *cp = data;
4304 struct mgmt_pending_cmd *cmd;
4305 struct hci_request req;
4306 u8 val, status;
4307 int err;
4308
4309 BT_DBG("request for %s", hdev->name);
4310
4311 status = mgmt_le_support(hdev);
4312 if (status)
4313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4314 status);
4315
4316 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4318 MGMT_STATUS_INVALID_PARAMS);
4319
4320 hci_dev_lock(hdev);
4321
4322 val = !!cp->val;
4323
4324 /* The following conditions are ones which mean that we should
4325 * not do any HCI communication but directly send a mgmt
4326 * response to user space (after toggling the flag if
4327 * necessary).
4328 */
4329 if (!hdev_is_powered(hdev) ||
4330 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4331 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4332 hci_conn_num(hdev, LE_LINK) > 0 ||
4333 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4334 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4335 bool changed;
4336
4337 if (cp->val) {
4338 hdev->cur_adv_instance = 0x00;
4339 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4340 if (cp->val == 0x02)
4341 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4342 else
4343 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4344 } else {
4345 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4346 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4347 }
4348
4349 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4350 if (err < 0)
4351 goto unlock;
4352
4353 if (changed)
4354 err = new_settings(hdev, sk);
4355
4356 goto unlock;
4357 }
4358
4359 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4360 pending_find(MGMT_OP_SET_LE, hdev)) {
4361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4362 MGMT_STATUS_BUSY);
4363 goto unlock;
4364 }
4365
4366 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4367 if (!cmd) {
4368 err = -ENOMEM;
4369 goto unlock;
4370 }
4371
4372 hci_req_init(&req, hdev);
4373
4374 if (cp->val == 0x02)
4375 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4376 else
4377 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4378
4379 cancel_adv_timeout(hdev);
4380
4381 if (val) {
4382 /* Switch to instance "0" for the Set Advertising setting.
4383 * We cannot use update_[adv|scan_rsp]_data() here as the
4384 * HCI_ADVERTISING flag is not yet set.
4385 */
4386 hdev->cur_adv_instance = 0x00;
4387
4388 if (ext_adv_capable(hdev)) {
4389 __hci_req_start_ext_adv(&req, 0x00);
4390 } else {
4391 __hci_req_update_adv_data(&req, 0x00);
4392 __hci_req_update_scan_rsp_data(&req, 0x00);
4393 __hci_req_enable_advertising(&req);
4394 }
4395 } else {
4396 __hci_req_disable_advertising(&req);
4397 }
4398
4399 err = hci_req_run(&req, set_advertising_complete);
4400 if (err < 0)
4401 mgmt_pending_remove(cmd);
4402
4403unlock:
4404 hci_dev_unlock(hdev);
4405 return err;
4406}
4407
4408static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4409 void *data, u16 len)
4410{
4411 struct mgmt_cp_set_static_address *cp = data;
4412 int err;
4413
4414 BT_DBG("%s", hdev->name);
4415
4416 if (!lmp_le_capable(hdev))
4417 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4418 MGMT_STATUS_NOT_SUPPORTED);
4419
4420 if (hdev_is_powered(hdev))
4421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4422 MGMT_STATUS_REJECTED);
4423
4424 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4425 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4426 return mgmt_cmd_status(sk, hdev->id,
4427 MGMT_OP_SET_STATIC_ADDRESS,
4428 MGMT_STATUS_INVALID_PARAMS);
4429
4430 /* Two most significant bits shall be set */
4431 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4432 return mgmt_cmd_status(sk, hdev->id,
4433 MGMT_OP_SET_STATIC_ADDRESS,
4434 MGMT_STATUS_INVALID_PARAMS);
4435 }
4436
4437 hci_dev_lock(hdev);
4438
4439 bacpy(&hdev->static_addr, &cp->bdaddr);
4440
4441 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4442 if (err < 0)
4443 goto unlock;
4444
4445 err = new_settings(hdev, sk);
4446
4447unlock:
4448 hci_dev_unlock(hdev);
4449 return err;
4450}
4451
4452static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4453 void *data, u16 len)
4454{
4455 struct mgmt_cp_set_scan_params *cp = data;
4456 __u16 interval, window;
4457 int err;
4458
4459 BT_DBG("%s", hdev->name);
4460
4461 if (!lmp_le_capable(hdev))
4462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4463 MGMT_STATUS_NOT_SUPPORTED);
4464
4465 interval = __le16_to_cpu(cp->interval);
4466
4467 if (interval < 0x0004 || interval > 0x4000)
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4469 MGMT_STATUS_INVALID_PARAMS);
4470
4471 window = __le16_to_cpu(cp->window);
4472
4473 if (window < 0x0004 || window > 0x4000)
4474 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4475 MGMT_STATUS_INVALID_PARAMS);
4476
4477 if (window > interval)
4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4479 MGMT_STATUS_INVALID_PARAMS);
4480
4481 hci_dev_lock(hdev);
4482
4483 hdev->le_scan_interval = interval;
4484 hdev->le_scan_window = window;
4485
4486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4487 NULL, 0);
4488
4489 /* If background scan is running, restart it so new parameters are
4490 * loaded.
4491 */
4492 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4493 hdev->discovery.state == DISCOVERY_STOPPED) {
4494 struct hci_request req;
4495
4496 hci_req_init(&req, hdev);
4497
4498 hci_req_add_le_scan_disable(&req);
4499 hci_req_add_le_passive_scan(&req);
4500
4501 hci_req_run(&req, NULL);
4502 }
4503
4504 hci_dev_unlock(hdev);
4505
4506 return err;
4507}
4508
4509static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4510 u16 opcode)
4511{
4512 struct mgmt_pending_cmd *cmd;
4513
4514 BT_DBG("status 0x%02x", status);
4515
4516 hci_dev_lock(hdev);
4517
4518 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4519 if (!cmd)
4520 goto unlock;
4521
4522 if (status) {
4523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4524 mgmt_status(status));
4525 } else {
4526 struct mgmt_mode *cp = cmd->param;
4527
4528 if (cp->val)
4529 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4530 else
4531 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4532
4533 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4534 new_settings(hdev, cmd->sk);
4535 }
4536
4537 mgmt_pending_remove(cmd);
4538
4539unlock:
4540 hci_dev_unlock(hdev);
4541}
4542
4543static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4544 void *data, u16 len)
4545{
4546 struct mgmt_mode *cp = data;
4547 struct mgmt_pending_cmd *cmd;
4548 struct hci_request req;
4549 int err;
4550
4551 BT_DBG("%s", hdev->name);
4552
4553 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4554 hdev->hci_ver < BLUETOOTH_VER_1_2)
4555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4556 MGMT_STATUS_NOT_SUPPORTED);
4557
4558 if (cp->val != 0x00 && cp->val != 0x01)
4559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_INVALID_PARAMS);
4561
4562 hci_dev_lock(hdev);
4563
4564 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4566 MGMT_STATUS_BUSY);
4567 goto unlock;
4568 }
4569
4570 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4571 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4572 hdev);
4573 goto unlock;
4574 }
4575
4576 if (!hdev_is_powered(hdev)) {
4577 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4578 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4579 hdev);
4580 new_settings(hdev, sk);
4581 goto unlock;
4582 }
4583
4584 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4585 data, len);
4586 if (!cmd) {
4587 err = -ENOMEM;
4588 goto unlock;
4589 }
4590
4591 hci_req_init(&req, hdev);
4592
4593 __hci_req_write_fast_connectable(&req, cp->val);
4594
4595 err = hci_req_run(&req, fast_connectable_complete);
4596 if (err < 0) {
4597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4598 MGMT_STATUS_FAILED);
4599 mgmt_pending_remove(cmd);
4600 }
4601
4602unlock:
4603 hci_dev_unlock(hdev);
4604
4605 return err;
4606}
4607
4608static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4609{
4610 struct mgmt_pending_cmd *cmd;
4611
4612 BT_DBG("status 0x%02x", status);
4613
4614 hci_dev_lock(hdev);
4615
4616 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4617 if (!cmd)
4618 goto unlock;
4619
4620 if (status) {
4621 u8 mgmt_err = mgmt_status(status);
4622
4623 /* We need to restore the flag if related HCI commands
4624 * failed.
4625 */
4626 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4627
4628 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4629 } else {
4630 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4631 new_settings(hdev, cmd->sk);
4632 }
4633
4634 mgmt_pending_remove(cmd);
4635
4636unlock:
4637 hci_dev_unlock(hdev);
4638}
4639
4640static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4641{
4642 struct mgmt_mode *cp = data;
4643 struct mgmt_pending_cmd *cmd;
4644 struct hci_request req;
4645 int err;
4646
4647 BT_DBG("request for %s", hdev->name);
4648
4649 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4651 MGMT_STATUS_NOT_SUPPORTED);
4652
4653 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4655 MGMT_STATUS_REJECTED);
4656
4657 if (cp->val != 0x00 && cp->val != 0x01)
4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4659 MGMT_STATUS_INVALID_PARAMS);
4660
4661 hci_dev_lock(hdev);
4662
4663 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4664 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4665 goto unlock;
4666 }
4667
4668 if (!hdev_is_powered(hdev)) {
4669 if (!cp->val) {
4670 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4671 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4672 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4673 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4674 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4675 }
4676
4677 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4678
4679 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4680 if (err < 0)
4681 goto unlock;
4682
4683 err = new_settings(hdev, sk);
4684 goto unlock;
4685 }
4686
4687 /* Reject disabling when powered on */
4688 if (!cp->val) {
4689 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4690 MGMT_STATUS_REJECTED);
4691 goto unlock;
4692 } else {
4693 /* When configuring a dual-mode controller to operate
4694 * with LE only and using a static address, then switching
4695 * BR/EDR back on is not allowed.
4696 *
4697 * Dual-mode controllers shall operate with the public
4698 * address as its identity address for BR/EDR and LE. So
4699 * reject the attempt to create an invalid configuration.
4700 *
4701 * The same restrictions applies when secure connections
4702 * has been enabled. For BR/EDR this is a controller feature
4703 * while for LE it is a host stack feature. This means that
4704 * switching BR/EDR back on when secure connections has been
4705 * enabled is not a supported transaction.
4706 */
4707 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4708 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4709 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4710 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4711 MGMT_STATUS_REJECTED);
4712 goto unlock;
4713 }
4714 }
4715
4716 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4717 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4718 MGMT_STATUS_BUSY);
4719 goto unlock;
4720 }
4721
4722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4723 if (!cmd) {
4724 err = -ENOMEM;
4725 goto unlock;
4726 }
4727
4728 /* We need to flip the bit already here so that
4729 * hci_req_update_adv_data generates the correct flags.
4730 */
4731 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4732
4733 hci_req_init(&req, hdev);
4734
4735 __hci_req_write_fast_connectable(&req, false);
4736 __hci_req_update_scan(&req);
4737
4738 /* Since only the advertising data flags will change, there
4739 * is no need to update the scan response data.
4740 */
4741 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4742
4743 err = hci_req_run(&req, set_bredr_complete);
4744 if (err < 0)
4745 mgmt_pending_remove(cmd);
4746
4747unlock:
4748 hci_dev_unlock(hdev);
4749 return err;
4750}
4751
4752static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4753{
4754 struct mgmt_pending_cmd *cmd;
4755 struct mgmt_mode *cp;
4756
4757 BT_DBG("%s status %u", hdev->name, status);
4758
4759 hci_dev_lock(hdev);
4760
4761 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4762 if (!cmd)
4763 goto unlock;
4764
4765 if (status) {
4766 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4767 mgmt_status(status));
4768 goto remove;
4769 }
4770
4771 cp = cmd->param;
4772
4773 switch (cp->val) {
4774 case 0x00:
4775 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4776 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4777 break;
4778 case 0x01:
4779 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4780 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4781 break;
4782 case 0x02:
4783 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4784 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4785 break;
4786 }
4787
4788 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4789 new_settings(hdev, cmd->sk);
4790
4791remove:
4792 mgmt_pending_remove(cmd);
4793unlock:
4794 hci_dev_unlock(hdev);
4795}
4796
4797static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4798 void *data, u16 len)
4799{
4800 struct mgmt_mode *cp = data;
4801 struct mgmt_pending_cmd *cmd;
4802 struct hci_request req;
4803 u8 val;
4804 int err;
4805
4806 BT_DBG("request for %s", hdev->name);
4807
4808 if (!lmp_sc_capable(hdev) &&
4809 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4811 MGMT_STATUS_NOT_SUPPORTED);
4812
4813 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4814 lmp_sc_capable(hdev) &&
4815 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4817 MGMT_STATUS_REJECTED);
4818
4819 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4821 MGMT_STATUS_INVALID_PARAMS);
4822
4823 hci_dev_lock(hdev);
4824
4825 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4826 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4827 bool changed;
4828
4829 if (cp->val) {
4830 changed = !hci_dev_test_and_set_flag(hdev,
4831 HCI_SC_ENABLED);
4832 if (cp->val == 0x02)
4833 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4834 else
4835 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4836 } else {
4837 changed = hci_dev_test_and_clear_flag(hdev,
4838 HCI_SC_ENABLED);
4839 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4840 }
4841
4842 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4843 if (err < 0)
4844 goto failed;
4845
4846 if (changed)
4847 err = new_settings(hdev, sk);
4848
4849 goto failed;
4850 }
4851
4852 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4853 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4854 MGMT_STATUS_BUSY);
4855 goto failed;
4856 }
4857
4858 val = !!cp->val;
4859
4860 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4861 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4862 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4863 goto failed;
4864 }
4865
4866 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4867 if (!cmd) {
4868 err = -ENOMEM;
4869 goto failed;
4870 }
4871
4872 hci_req_init(&req, hdev);
4873 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4874 err = hci_req_run(&req, sc_enable_complete);
4875 if (err < 0) {
4876 mgmt_pending_remove(cmd);
4877 goto failed;
4878 }
4879
4880failed:
4881 hci_dev_unlock(hdev);
4882 return err;
4883}
4884
4885static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4886 void *data, u16 len)
4887{
4888 struct mgmt_mode *cp = data;
4889 bool changed, use_changed;
4890 int err;
4891
4892 BT_DBG("request for %s", hdev->name);
4893
4894 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4896 MGMT_STATUS_INVALID_PARAMS);
4897
4898 hci_dev_lock(hdev);
4899
4900 if (cp->val)
4901 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4902 else
4903 changed = hci_dev_test_and_clear_flag(hdev,
4904 HCI_KEEP_DEBUG_KEYS);
4905
4906 if (cp->val == 0x02)
4907 use_changed = !hci_dev_test_and_set_flag(hdev,
4908 HCI_USE_DEBUG_KEYS);
4909 else
4910 use_changed = hci_dev_test_and_clear_flag(hdev,
4911 HCI_USE_DEBUG_KEYS);
4912
4913 if (hdev_is_powered(hdev) && use_changed &&
4914 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4915 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4916 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4917 sizeof(mode), &mode);
4918 }
4919
4920 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4921 if (err < 0)
4922 goto unlock;
4923
4924 if (changed)
4925 err = new_settings(hdev, sk);
4926
4927unlock:
4928 hci_dev_unlock(hdev);
4929 return err;
4930}
4931
4932static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4933 u16 len)
4934{
4935 struct mgmt_cp_set_privacy *cp = cp_data;
4936 bool changed;
4937 int err;
4938
4939 BT_DBG("request for %s", hdev->name);
4940
4941 if (!lmp_le_capable(hdev))
4942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4943 MGMT_STATUS_NOT_SUPPORTED);
4944
4945 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4947 MGMT_STATUS_INVALID_PARAMS);
4948
4949 if (hdev_is_powered(hdev))
4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4951 MGMT_STATUS_REJECTED);
4952
4953 hci_dev_lock(hdev);
4954
4955 /* If user space supports this command it is also expected to
4956 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4957 */
4958 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4959
4960 if (cp->privacy) {
4961 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4962 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4963 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4964 hci_adv_instances_set_rpa_expired(hdev, true);
4965 if (cp->privacy == 0x02)
4966 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4967 else
4968 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4969 } else {
4970 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4971 memset(hdev->irk, 0, sizeof(hdev->irk));
4972 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4973 hci_adv_instances_set_rpa_expired(hdev, false);
4974 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4975 }
4976
4977 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4978 if (err < 0)
4979 goto unlock;
4980
4981 if (changed)
4982 err = new_settings(hdev, sk);
4983
4984unlock:
4985 hci_dev_unlock(hdev);
4986 return err;
4987}
4988
4989static bool irk_is_valid(struct mgmt_irk_info *irk)
4990{
4991 switch (irk->addr.type) {
4992 case BDADDR_LE_PUBLIC:
4993 return true;
4994
4995 case BDADDR_LE_RANDOM:
4996 /* Two most significant bits shall be set */
4997 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4998 return false;
4999 return true;
5000 }
5001
5002 return false;
5003}
5004
5005static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5006 u16 len)
5007{
5008 struct mgmt_cp_load_irks *cp = cp_data;
5009 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5010 sizeof(struct mgmt_irk_info));
5011 u16 irk_count, expected_len;
5012 int i, err;
5013
5014 BT_DBG("request for %s", hdev->name);
5015
5016 if (!lmp_le_capable(hdev))
5017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5018 MGMT_STATUS_NOT_SUPPORTED);
5019
5020 irk_count = __le16_to_cpu(cp->irk_count);
5021 if (irk_count > max_irk_count) {
5022 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5023 irk_count);
5024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5025 MGMT_STATUS_INVALID_PARAMS);
5026 }
5027
5028 expected_len = struct_size(cp, irks, irk_count);
5029 if (expected_len != len) {
5030 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5031 expected_len, len);
5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5033 MGMT_STATUS_INVALID_PARAMS);
5034 }
5035
5036 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5037
5038 for (i = 0; i < irk_count; i++) {
5039 struct mgmt_irk_info *key = &cp->irks[i];
5040
5041 if (!irk_is_valid(key))
5042 return mgmt_cmd_status(sk, hdev->id,
5043 MGMT_OP_LOAD_IRKS,
5044 MGMT_STATUS_INVALID_PARAMS);
5045 }
5046
5047 hci_dev_lock(hdev);
5048
5049 hci_smp_irks_clear(hdev);
5050
5051 for (i = 0; i < irk_count; i++) {
5052 struct mgmt_irk_info *irk = &cp->irks[i];
5053
5054 hci_add_irk(hdev, &irk->addr.bdaddr,
5055 le_addr_type(irk->addr.type), irk->val,
5056 BDADDR_ANY);
5057 }
5058
5059 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5060
5061 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5062
5063 hci_dev_unlock(hdev);
5064
5065 return err;
5066}
5067
5068static bool ltk_is_valid(struct mgmt_ltk_info *key)
5069{
5070 if (key->master != 0x00 && key->master != 0x01)
5071 return false;
5072
5073 switch (key->addr.type) {
5074 case BDADDR_LE_PUBLIC:
5075 return true;
5076
5077 case BDADDR_LE_RANDOM:
5078 /* Two most significant bits shall be set */
5079 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5080 return false;
5081 return true;
5082 }
5083
5084 return false;
5085}
5086
5087static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5088 void *cp_data, u16 len)
5089{
5090 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5091 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5092 sizeof(struct mgmt_ltk_info));
5093 u16 key_count, expected_len;
5094 int i, err;
5095
5096 BT_DBG("request for %s", hdev->name);
5097
5098 if (!lmp_le_capable(hdev))
5099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5100 MGMT_STATUS_NOT_SUPPORTED);
5101
5102 key_count = __le16_to_cpu(cp->key_count);
5103 if (key_count > max_key_count) {
5104 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5105 key_count);
5106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5107 MGMT_STATUS_INVALID_PARAMS);
5108 }
5109
5110 expected_len = struct_size(cp, keys, key_count);
5111 if (expected_len != len) {
5112 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5113 expected_len, len);
5114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5115 MGMT_STATUS_INVALID_PARAMS);
5116 }
5117
5118 BT_DBG("%s key_count %u", hdev->name, key_count);
5119
5120 for (i = 0; i < key_count; i++) {
5121 struct mgmt_ltk_info *key = &cp->keys[i];
5122
5123 if (!ltk_is_valid(key))
5124 return mgmt_cmd_status(sk, hdev->id,
5125 MGMT_OP_LOAD_LONG_TERM_KEYS,
5126 MGMT_STATUS_INVALID_PARAMS);
5127 }
5128
5129 hci_dev_lock(hdev);
5130
5131 hci_smp_ltks_clear(hdev);
5132
5133 for (i = 0; i < key_count; i++) {
5134 struct mgmt_ltk_info *key = &cp->keys[i];
5135 u8 type, authenticated;
5136
5137 switch (key->type) {
5138 case MGMT_LTK_UNAUTHENTICATED:
5139 authenticated = 0x00;
5140 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5141 break;
5142 case MGMT_LTK_AUTHENTICATED:
5143 authenticated = 0x01;
5144 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5145 break;
5146 case MGMT_LTK_P256_UNAUTH:
5147 authenticated = 0x00;
5148 type = SMP_LTK_P256;
5149 break;
5150 case MGMT_LTK_P256_AUTH:
5151 authenticated = 0x01;
5152 type = SMP_LTK_P256;
5153 break;
5154 case MGMT_LTK_P256_DEBUG:
5155 authenticated = 0x00;
5156 type = SMP_LTK_P256_DEBUG;
5157 /* fall through */
5158 default:
5159 continue;
5160 }
5161
5162 hci_add_ltk(hdev, &key->addr.bdaddr,
5163 le_addr_type(key->addr.type), type, authenticated,
5164 key->val, key->enc_size, key->ediv, key->rand);
5165 }
5166
5167 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5168 NULL, 0);
5169
5170 hci_dev_unlock(hdev);
5171
5172 return err;
5173}
5174
5175static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5176{
5177 struct hci_conn *conn = cmd->user_data;
5178 struct mgmt_rp_get_conn_info rp;
5179 int err;
5180
5181 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5182
5183 if (status == MGMT_STATUS_SUCCESS) {
5184 rp.rssi = conn->rssi;
5185 rp.tx_power = conn->tx_power;
5186 rp.max_tx_power = conn->max_tx_power;
5187 } else {
5188 rp.rssi = HCI_RSSI_INVALID;
5189 rp.tx_power = HCI_TX_POWER_INVALID;
5190 rp.max_tx_power = HCI_TX_POWER_INVALID;
5191 }
5192
5193 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5194 status, &rp, sizeof(rp));
5195
5196 hci_conn_drop(conn);
5197 hci_conn_put(conn);
5198
5199 return err;
5200}
5201
5202static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5203 u16 opcode)
5204{
5205 struct hci_cp_read_rssi *cp;
5206 struct mgmt_pending_cmd *cmd;
5207 struct hci_conn *conn;
5208 u16 handle;
5209 u8 status;
5210
5211 BT_DBG("status 0x%02x", hci_status);
5212
5213 hci_dev_lock(hdev);
5214
5215 /* Commands sent in request are either Read RSSI or Read Transmit Power
5216 * Level so we check which one was last sent to retrieve connection
5217 * handle. Both commands have handle as first parameter so it's safe to
5218 * cast data on the same command struct.
5219 *
5220 * First command sent is always Read RSSI and we fail only if it fails.
5221 * In other case we simply override error to indicate success as we
5222 * already remembered if TX power value is actually valid.
5223 */
5224 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5225 if (!cp) {
5226 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5227 status = MGMT_STATUS_SUCCESS;
5228 } else {
5229 status = mgmt_status(hci_status);
5230 }
5231
5232 if (!cp) {
5233 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5234 goto unlock;
5235 }
5236
5237 handle = __le16_to_cpu(cp->handle);
5238 conn = hci_conn_hash_lookup_handle(hdev, handle);
5239 if (!conn) {
5240 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5241 handle);
5242 goto unlock;
5243 }
5244
5245 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5246 if (!cmd)
5247 goto unlock;
5248
5249 cmd->cmd_complete(cmd, status);
5250 mgmt_pending_remove(cmd);
5251
5252unlock:
5253 hci_dev_unlock(hdev);
5254}
5255
5256static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5257 u16 len)
5258{
5259 struct mgmt_cp_get_conn_info *cp = data;
5260 struct mgmt_rp_get_conn_info rp;
5261 struct hci_conn *conn;
5262 unsigned long conn_info_age;
5263 int err = 0;
5264
5265 BT_DBG("%s", hdev->name);
5266
5267 memset(&rp, 0, sizeof(rp));
5268 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5269 rp.addr.type = cp->addr.type;
5270
5271 if (!bdaddr_type_is_valid(cp->addr.type))
5272 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5273 MGMT_STATUS_INVALID_PARAMS,
5274 &rp, sizeof(rp));
5275
5276 hci_dev_lock(hdev);
5277
5278 if (!hdev_is_powered(hdev)) {
5279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5280 MGMT_STATUS_NOT_POWERED, &rp,
5281 sizeof(rp));
5282 goto unlock;
5283 }
5284
5285 if (cp->addr.type == BDADDR_BREDR)
5286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5287 &cp->addr.bdaddr);
5288 else
5289 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5290
5291 if (!conn || conn->state != BT_CONNECTED) {
5292 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5293 MGMT_STATUS_NOT_CONNECTED, &rp,
5294 sizeof(rp));
5295 goto unlock;
5296 }
5297
5298 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5300 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5301 goto unlock;
5302 }
5303
5304 /* To avoid client trying to guess when to poll again for information we
5305 * calculate conn info age as random value between min/max set in hdev.
5306 */
5307 conn_info_age = hdev->conn_info_min_age +
5308 prandom_u32_max(hdev->conn_info_max_age -
5309 hdev->conn_info_min_age);
5310
5311 /* Query controller to refresh cached values if they are too old or were
5312 * never read.
5313 */
5314 if (time_after(jiffies, conn->conn_info_timestamp +
5315 msecs_to_jiffies(conn_info_age)) ||
5316 !conn->conn_info_timestamp) {
5317 struct hci_request req;
5318 struct hci_cp_read_tx_power req_txp_cp;
5319 struct hci_cp_read_rssi req_rssi_cp;
5320 struct mgmt_pending_cmd *cmd;
5321
5322 hci_req_init(&req, hdev);
5323 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5324 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5325 &req_rssi_cp);
5326
5327 /* For LE links TX power does not change thus we don't need to
5328 * query for it once value is known.
5329 */
5330 if (!bdaddr_type_is_le(cp->addr.type) ||
5331 conn->tx_power == HCI_TX_POWER_INVALID) {
5332 req_txp_cp.handle = cpu_to_le16(conn->handle);
5333 req_txp_cp.type = 0x00;
5334 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5335 sizeof(req_txp_cp), &req_txp_cp);
5336 }
5337
5338 /* Max TX power needs to be read only once per connection */
5339 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5340 req_txp_cp.handle = cpu_to_le16(conn->handle);
5341 req_txp_cp.type = 0x01;
5342 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5343 sizeof(req_txp_cp), &req_txp_cp);
5344 }
5345
5346 err = hci_req_run(&req, conn_info_refresh_complete);
5347 if (err < 0)
5348 goto unlock;
5349
5350 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5351 data, len);
5352 if (!cmd) {
5353 err = -ENOMEM;
5354 goto unlock;
5355 }
5356
5357 hci_conn_hold(conn);
5358 cmd->user_data = hci_conn_get(conn);
5359 cmd->cmd_complete = conn_info_cmd_complete;
5360
5361 conn->conn_info_timestamp = jiffies;
5362 } else {
5363 /* Cache is valid, just reply with values cached in hci_conn */
5364 rp.rssi = conn->rssi;
5365 rp.tx_power = conn->tx_power;
5366 rp.max_tx_power = conn->max_tx_power;
5367
5368 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5369 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5370 }
5371
5372unlock:
5373 hci_dev_unlock(hdev);
5374 return err;
5375}
5376
5377static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5378{
5379 struct hci_conn *conn = cmd->user_data;
5380 struct mgmt_rp_get_clock_info rp;
5381 struct hci_dev *hdev;
5382 int err;
5383
5384 memset(&rp, 0, sizeof(rp));
5385 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5386
5387 if (status)
5388 goto complete;
5389
5390 hdev = hci_dev_get(cmd->index);
5391 if (hdev) {
5392 rp.local_clock = cpu_to_le32(hdev->clock);
5393 hci_dev_put(hdev);
5394 }
5395
5396 if (conn) {
5397 rp.piconet_clock = cpu_to_le32(conn->clock);
5398 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5399 }
5400
5401complete:
5402 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5403 sizeof(rp));
5404
5405 if (conn) {
5406 hci_conn_drop(conn);
5407 hci_conn_put(conn);
5408 }
5409
5410 return err;
5411}
5412
5413static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5414{
5415 struct hci_cp_read_clock *hci_cp;
5416 struct mgmt_pending_cmd *cmd;
5417 struct hci_conn *conn;
5418
5419 BT_DBG("%s status %u", hdev->name, status);
5420
5421 hci_dev_lock(hdev);
5422
5423 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5424 if (!hci_cp)
5425 goto unlock;
5426
5427 if (hci_cp->which) {
5428 u16 handle = __le16_to_cpu(hci_cp->handle);
5429 conn = hci_conn_hash_lookup_handle(hdev, handle);
5430 } else {
5431 conn = NULL;
5432 }
5433
5434 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5435 if (!cmd)
5436 goto unlock;
5437
5438 cmd->cmd_complete(cmd, mgmt_status(status));
5439 mgmt_pending_remove(cmd);
5440
5441unlock:
5442 hci_dev_unlock(hdev);
5443}
5444
5445static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5446 u16 len)
5447{
5448 struct mgmt_cp_get_clock_info *cp = data;
5449 struct mgmt_rp_get_clock_info rp;
5450 struct hci_cp_read_clock hci_cp;
5451 struct mgmt_pending_cmd *cmd;
5452 struct hci_request req;
5453 struct hci_conn *conn;
5454 int err;
5455
5456 BT_DBG("%s", hdev->name);
5457
5458 memset(&rp, 0, sizeof(rp));
5459 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5460 rp.addr.type = cp->addr.type;
5461
5462 if (cp->addr.type != BDADDR_BREDR)
5463 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5464 MGMT_STATUS_INVALID_PARAMS,
5465 &rp, sizeof(rp));
5466
5467 hci_dev_lock(hdev);
5468
5469 if (!hdev_is_powered(hdev)) {
5470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5471 MGMT_STATUS_NOT_POWERED, &rp,
5472 sizeof(rp));
5473 goto unlock;
5474 }
5475
5476 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5477 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5478 &cp->addr.bdaddr);
5479 if (!conn || conn->state != BT_CONNECTED) {
5480 err = mgmt_cmd_complete(sk, hdev->id,
5481 MGMT_OP_GET_CLOCK_INFO,
5482 MGMT_STATUS_NOT_CONNECTED,
5483 &rp, sizeof(rp));
5484 goto unlock;
5485 }
5486 } else {
5487 conn = NULL;
5488 }
5489
5490 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5491 if (!cmd) {
5492 err = -ENOMEM;
5493 goto unlock;
5494 }
5495
5496 cmd->cmd_complete = clock_info_cmd_complete;
5497
5498 hci_req_init(&req, hdev);
5499
5500 memset(&hci_cp, 0, sizeof(hci_cp));
5501 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5502
5503 if (conn) {
5504 hci_conn_hold(conn);
5505 cmd->user_data = hci_conn_get(conn);
5506
5507 hci_cp.handle = cpu_to_le16(conn->handle);
5508 hci_cp.which = 0x01; /* Piconet clock */
5509 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5510 }
5511
5512 err = hci_req_run(&req, get_clock_info_complete);
5513 if (err < 0)
5514 mgmt_pending_remove(cmd);
5515
5516unlock:
5517 hci_dev_unlock(hdev);
5518 return err;
5519}
5520
5521static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5522{
5523 struct hci_conn *conn;
5524
5525 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5526 if (!conn)
5527 return false;
5528
5529 if (conn->dst_type != type)
5530 return false;
5531
5532 if (conn->state != BT_CONNECTED)
5533 return false;
5534
5535 return true;
5536}
5537
5538/* This function requires the caller holds hdev->lock */
5539static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5540 u8 addr_type, u8 auto_connect)
5541{
5542 struct hci_conn_params *params;
5543
5544 params = hci_conn_params_add(hdev, addr, addr_type);
5545 if (!params)
5546 return -EIO;
5547
5548 if (params->auto_connect == auto_connect)
5549 return 0;
5550
5551 list_del_init(¶ms->action);
5552
5553 switch (auto_connect) {
5554 case HCI_AUTO_CONN_DISABLED:
5555 case HCI_AUTO_CONN_LINK_LOSS:
5556 /* If auto connect is being disabled when we're trying to
5557 * connect to device, keep connecting.
5558 */
5559 if (params->explicit_connect)
5560 list_add(¶ms->action, &hdev->pend_le_conns);
5561 break;
5562 case HCI_AUTO_CONN_REPORT:
5563 if (params->explicit_connect)
5564 list_add(¶ms->action, &hdev->pend_le_conns);
5565 else
5566 list_add(¶ms->action, &hdev->pend_le_reports);
5567 break;
5568 case HCI_AUTO_CONN_DIRECT:
5569 case HCI_AUTO_CONN_ALWAYS:
5570 if (!is_connected(hdev, addr, addr_type))
5571 list_add(¶ms->action, &hdev->pend_le_conns);
5572 break;
5573 }
5574
5575 params->auto_connect = auto_connect;
5576
5577 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5578 auto_connect);
5579
5580 return 0;
5581}
5582
5583static void device_added(struct sock *sk, struct hci_dev *hdev,
5584 bdaddr_t *bdaddr, u8 type, u8 action)
5585{
5586 struct mgmt_ev_device_added ev;
5587
5588 bacpy(&ev.addr.bdaddr, bdaddr);
5589 ev.addr.type = type;
5590 ev.action = action;
5591
5592 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5593}
5594
5595static int add_device(struct sock *sk, struct hci_dev *hdev,
5596 void *data, u16 len)
5597{
5598 struct mgmt_cp_add_device *cp = data;
5599 u8 auto_conn, addr_type;
5600 int err;
5601
5602 BT_DBG("%s", hdev->name);
5603
5604 if (!bdaddr_type_is_valid(cp->addr.type) ||
5605 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5606 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5607 MGMT_STATUS_INVALID_PARAMS,
5608 &cp->addr, sizeof(cp->addr));
5609
5610 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5612 MGMT_STATUS_INVALID_PARAMS,
5613 &cp->addr, sizeof(cp->addr));
5614
5615 hci_dev_lock(hdev);
5616
5617 if (cp->addr.type == BDADDR_BREDR) {
5618 /* Only incoming connections action is supported for now */
5619 if (cp->action != 0x01) {
5620 err = mgmt_cmd_complete(sk, hdev->id,
5621 MGMT_OP_ADD_DEVICE,
5622 MGMT_STATUS_INVALID_PARAMS,
5623 &cp->addr, sizeof(cp->addr));
5624 goto unlock;
5625 }
5626
5627 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5628 cp->addr.type);
5629 if (err)
5630 goto unlock;
5631
5632 hci_req_update_scan(hdev);
5633
5634 goto added;
5635 }
5636
5637 addr_type = le_addr_type(cp->addr.type);
5638
5639 if (cp->action == 0x02)
5640 auto_conn = HCI_AUTO_CONN_ALWAYS;
5641 else if (cp->action == 0x01)
5642 auto_conn = HCI_AUTO_CONN_DIRECT;
5643 else
5644 auto_conn = HCI_AUTO_CONN_REPORT;
5645
5646 /* Kernel internally uses conn_params with resolvable private
5647 * address, but Add Device allows only identity addresses.
5648 * Make sure it is enforced before calling
5649 * hci_conn_params_lookup.
5650 */
5651 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5653 MGMT_STATUS_INVALID_PARAMS,
5654 &cp->addr, sizeof(cp->addr));
5655 goto unlock;
5656 }
5657
5658 /* If the connection parameters don't exist for this device,
5659 * they will be created and configured with defaults.
5660 */
5661 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5662 auto_conn) < 0) {
5663 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5664 MGMT_STATUS_FAILED, &cp->addr,
5665 sizeof(cp->addr));
5666 goto unlock;
5667 }
5668
5669 hci_update_background_scan(hdev);
5670
5671added:
5672 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5673
5674 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5675 MGMT_STATUS_SUCCESS, &cp->addr,
5676 sizeof(cp->addr));
5677
5678unlock:
5679 hci_dev_unlock(hdev);
5680 return err;
5681}
5682
5683static void device_removed(struct sock *sk, struct hci_dev *hdev,
5684 bdaddr_t *bdaddr, u8 type)
5685{
5686 struct mgmt_ev_device_removed ev;
5687
5688 bacpy(&ev.addr.bdaddr, bdaddr);
5689 ev.addr.type = type;
5690
5691 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5692}
5693
5694static int remove_device(struct sock *sk, struct hci_dev *hdev,
5695 void *data, u16 len)
5696{
5697 struct mgmt_cp_remove_device *cp = data;
5698 int err;
5699
5700 BT_DBG("%s", hdev->name);
5701
5702 hci_dev_lock(hdev);
5703
5704 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5705 struct hci_conn_params *params;
5706 u8 addr_type;
5707
5708 if (!bdaddr_type_is_valid(cp->addr.type)) {
5709 err = mgmt_cmd_complete(sk, hdev->id,
5710 MGMT_OP_REMOVE_DEVICE,
5711 MGMT_STATUS_INVALID_PARAMS,
5712 &cp->addr, sizeof(cp->addr));
5713 goto unlock;
5714 }
5715
5716 if (cp->addr.type == BDADDR_BREDR) {
5717 err = hci_bdaddr_list_del(&hdev->whitelist,
5718 &cp->addr.bdaddr,
5719 cp->addr.type);
5720 if (err) {
5721 err = mgmt_cmd_complete(sk, hdev->id,
5722 MGMT_OP_REMOVE_DEVICE,
5723 MGMT_STATUS_INVALID_PARAMS,
5724 &cp->addr,
5725 sizeof(cp->addr));
5726 goto unlock;
5727 }
5728
5729 hci_req_update_scan(hdev);
5730
5731 device_removed(sk, hdev, &cp->addr.bdaddr,
5732 cp->addr.type);
5733 goto complete;
5734 }
5735
5736 addr_type = le_addr_type(cp->addr.type);
5737
5738 /* Kernel internally uses conn_params with resolvable private
5739 * address, but Remove Device allows only identity addresses.
5740 * Make sure it is enforced before calling
5741 * hci_conn_params_lookup.
5742 */
5743 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5744 err = mgmt_cmd_complete(sk, hdev->id,
5745 MGMT_OP_REMOVE_DEVICE,
5746 MGMT_STATUS_INVALID_PARAMS,
5747 &cp->addr, sizeof(cp->addr));
5748 goto unlock;
5749 }
5750
5751 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5752 addr_type);
5753 if (!params) {
5754 err = mgmt_cmd_complete(sk, hdev->id,
5755 MGMT_OP_REMOVE_DEVICE,
5756 MGMT_STATUS_INVALID_PARAMS,
5757 &cp->addr, sizeof(cp->addr));
5758 goto unlock;
5759 }
5760
5761 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5762 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5763 err = mgmt_cmd_complete(sk, hdev->id,
5764 MGMT_OP_REMOVE_DEVICE,
5765 MGMT_STATUS_INVALID_PARAMS,
5766 &cp->addr, sizeof(cp->addr));
5767 goto unlock;
5768 }
5769
5770 list_del(¶ms->action);
5771 list_del(¶ms->list);
5772 kfree(params);
5773 hci_update_background_scan(hdev);
5774
5775 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5776 } else {
5777 struct hci_conn_params *p, *tmp;
5778 struct bdaddr_list *b, *btmp;
5779
5780 if (cp->addr.type) {
5781 err = mgmt_cmd_complete(sk, hdev->id,
5782 MGMT_OP_REMOVE_DEVICE,
5783 MGMT_STATUS_INVALID_PARAMS,
5784 &cp->addr, sizeof(cp->addr));
5785 goto unlock;
5786 }
5787
5788 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5789 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5790 list_del(&b->list);
5791 kfree(b);
5792 }
5793
5794 hci_req_update_scan(hdev);
5795
5796 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5797 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5798 continue;
5799 device_removed(sk, hdev, &p->addr, p->addr_type);
5800 if (p->explicit_connect) {
5801 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5802 continue;
5803 }
5804 list_del(&p->action);
5805 list_del(&p->list);
5806 kfree(p);
5807 }
5808
5809 BT_DBG("All LE connection parameters were removed");
5810
5811 hci_update_background_scan(hdev);
5812 }
5813
5814complete:
5815 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5816 MGMT_STATUS_SUCCESS, &cp->addr,
5817 sizeof(cp->addr));
5818unlock:
5819 hci_dev_unlock(hdev);
5820 return err;
5821}
5822
5823static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5824 u16 len)
5825{
5826 struct mgmt_cp_load_conn_param *cp = data;
5827 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5828 sizeof(struct mgmt_conn_param));
5829 u16 param_count, expected_len;
5830 int i;
5831
5832 if (!lmp_le_capable(hdev))
5833 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5834 MGMT_STATUS_NOT_SUPPORTED);
5835
5836 param_count = __le16_to_cpu(cp->param_count);
5837 if (param_count > max_param_count) {
5838 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5839 param_count);
5840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5841 MGMT_STATUS_INVALID_PARAMS);
5842 }
5843
5844 expected_len = struct_size(cp, params, param_count);
5845 if (expected_len != len) {
5846 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5847 expected_len, len);
5848 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5849 MGMT_STATUS_INVALID_PARAMS);
5850 }
5851
5852 BT_DBG("%s param_count %u", hdev->name, param_count);
5853
5854 hci_dev_lock(hdev);
5855
5856 hci_conn_params_clear_disabled(hdev);
5857
5858 for (i = 0; i < param_count; i++) {
5859 struct mgmt_conn_param *param = &cp->params[i];
5860 struct hci_conn_params *hci_param;
5861 u16 min, max, latency, timeout;
5862 u8 addr_type;
5863
5864 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5865 param->addr.type);
5866
5867 if (param->addr.type == BDADDR_LE_PUBLIC) {
5868 addr_type = ADDR_LE_DEV_PUBLIC;
5869 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5870 addr_type = ADDR_LE_DEV_RANDOM;
5871 } else {
5872 bt_dev_err(hdev, "ignoring invalid connection parameters");
5873 continue;
5874 }
5875
5876 min = le16_to_cpu(param->min_interval);
5877 max = le16_to_cpu(param->max_interval);
5878 latency = le16_to_cpu(param->latency);
5879 timeout = le16_to_cpu(param->timeout);
5880
5881 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5882 min, max, latency, timeout);
5883
5884 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5885 bt_dev_err(hdev, "ignoring invalid connection parameters");
5886 continue;
5887 }
5888
5889 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5890 addr_type);
5891 if (!hci_param) {
5892 bt_dev_err(hdev, "failed to add connection parameters");
5893 continue;
5894 }
5895
5896 hci_param->conn_min_interval = min;
5897 hci_param->conn_max_interval = max;
5898 hci_param->conn_latency = latency;
5899 hci_param->supervision_timeout = timeout;
5900 }
5901
5902 hci_dev_unlock(hdev);
5903
5904 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5905 NULL, 0);
5906}
5907
5908static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5909 void *data, u16 len)
5910{
5911 struct mgmt_cp_set_external_config *cp = data;
5912 bool changed;
5913 int err;
5914
5915 BT_DBG("%s", hdev->name);
5916
5917 if (hdev_is_powered(hdev))
5918 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5919 MGMT_STATUS_REJECTED);
5920
5921 if (cp->config != 0x00 && cp->config != 0x01)
5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5923 MGMT_STATUS_INVALID_PARAMS);
5924
5925 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5927 MGMT_STATUS_NOT_SUPPORTED);
5928
5929 hci_dev_lock(hdev);
5930
5931 if (cp->config)
5932 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5933 else
5934 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5935
5936 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5937 if (err < 0)
5938 goto unlock;
5939
5940 if (!changed)
5941 goto unlock;
5942
5943 err = new_options(hdev, sk);
5944
5945 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5946 mgmt_index_removed(hdev);
5947
5948 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5949 hci_dev_set_flag(hdev, HCI_CONFIG);
5950 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5951
5952 queue_work(hdev->req_workqueue, &hdev->power_on);
5953 } else {
5954 set_bit(HCI_RAW, &hdev->flags);
5955 mgmt_index_added(hdev);
5956 }
5957 }
5958
5959unlock:
5960 hci_dev_unlock(hdev);
5961 return err;
5962}
5963
5964static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5965 void *data, u16 len)
5966{
5967 struct mgmt_cp_set_public_address *cp = data;
5968 bool changed;
5969 int err;
5970
5971 BT_DBG("%s", hdev->name);
5972
5973 if (hdev_is_powered(hdev))
5974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5975 MGMT_STATUS_REJECTED);
5976
5977 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5979 MGMT_STATUS_INVALID_PARAMS);
5980
5981 if (!hdev->set_bdaddr)
5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5983 MGMT_STATUS_NOT_SUPPORTED);
5984
5985 hci_dev_lock(hdev);
5986
5987 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5988 bacpy(&hdev->public_addr, &cp->bdaddr);
5989
5990 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5991 if (err < 0)
5992 goto unlock;
5993
5994 if (!changed)
5995 goto unlock;
5996
5997 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5998 err = new_options(hdev, sk);
5999
6000 if (is_configured(hdev)) {
6001 mgmt_index_removed(hdev);
6002
6003 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6004
6005 hci_dev_set_flag(hdev, HCI_CONFIG);
6006 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6007
6008 queue_work(hdev->req_workqueue, &hdev->power_on);
6009 }
6010
6011unlock:
6012 hci_dev_unlock(hdev);
6013 return err;
6014}
6015
6016static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6017 u16 opcode, struct sk_buff *skb)
6018{
6019 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6020 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6021 u8 *h192, *r192, *h256, *r256;
6022 struct mgmt_pending_cmd *cmd;
6023 u16 eir_len;
6024 int err;
6025
6026 BT_DBG("%s status %u", hdev->name, status);
6027
6028 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6029 if (!cmd)
6030 return;
6031
6032 mgmt_cp = cmd->param;
6033
6034 if (status) {
6035 status = mgmt_status(status);
6036 eir_len = 0;
6037
6038 h192 = NULL;
6039 r192 = NULL;
6040 h256 = NULL;
6041 r256 = NULL;
6042 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6043 struct hci_rp_read_local_oob_data *rp;
6044
6045 if (skb->len != sizeof(*rp)) {
6046 status = MGMT_STATUS_FAILED;
6047 eir_len = 0;
6048 } else {
6049 status = MGMT_STATUS_SUCCESS;
6050 rp = (void *)skb->data;
6051
6052 eir_len = 5 + 18 + 18;
6053 h192 = rp->hash;
6054 r192 = rp->rand;
6055 h256 = NULL;
6056 r256 = NULL;
6057 }
6058 } else {
6059 struct hci_rp_read_local_oob_ext_data *rp;
6060
6061 if (skb->len != sizeof(*rp)) {
6062 status = MGMT_STATUS_FAILED;
6063 eir_len = 0;
6064 } else {
6065 status = MGMT_STATUS_SUCCESS;
6066 rp = (void *)skb->data;
6067
6068 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6069 eir_len = 5 + 18 + 18;
6070 h192 = NULL;
6071 r192 = NULL;
6072 } else {
6073 eir_len = 5 + 18 + 18 + 18 + 18;
6074 h192 = rp->hash192;
6075 r192 = rp->rand192;
6076 }
6077
6078 h256 = rp->hash256;
6079 r256 = rp->rand256;
6080 }
6081 }
6082
6083 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6084 if (!mgmt_rp)
6085 goto done;
6086
6087 if (status)
6088 goto send_rsp;
6089
6090 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6091 hdev->dev_class, 3);
6092
6093 if (h192 && r192) {
6094 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6095 EIR_SSP_HASH_C192, h192, 16);
6096 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6097 EIR_SSP_RAND_R192, r192, 16);
6098 }
6099
6100 if (h256 && r256) {
6101 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6102 EIR_SSP_HASH_C256, h256, 16);
6103 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6104 EIR_SSP_RAND_R256, r256, 16);
6105 }
6106
6107send_rsp:
6108 mgmt_rp->type = mgmt_cp->type;
6109 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6110
6111 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6112 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6113 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6114 if (err < 0 || status)
6115 goto done;
6116
6117 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6118
6119 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6120 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6121 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6122done:
6123 kfree(mgmt_rp);
6124 mgmt_pending_remove(cmd);
6125}
6126
6127static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6128 struct mgmt_cp_read_local_oob_ext_data *cp)
6129{
6130 struct mgmt_pending_cmd *cmd;
6131 struct hci_request req;
6132 int err;
6133
6134 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6135 cp, sizeof(*cp));
6136 if (!cmd)
6137 return -ENOMEM;
6138
6139 hci_req_init(&req, hdev);
6140
6141 if (bredr_sc_enabled(hdev))
6142 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6143 else
6144 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6145
6146 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6147 if (err < 0) {
6148 mgmt_pending_remove(cmd);
6149 return err;
6150 }
6151
6152 return 0;
6153}
6154
6155static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6156 void *data, u16 data_len)
6157{
6158 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6159 struct mgmt_rp_read_local_oob_ext_data *rp;
6160 size_t rp_len;
6161 u16 eir_len;
6162 u8 status, flags, role, addr[7], hash[16], rand[16];
6163 int err;
6164
6165 BT_DBG("%s", hdev->name);
6166
6167 if (hdev_is_powered(hdev)) {
6168 switch (cp->type) {
6169 case BIT(BDADDR_BREDR):
6170 status = mgmt_bredr_support(hdev);
6171 if (status)
6172 eir_len = 0;
6173 else
6174 eir_len = 5;
6175 break;
6176 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6177 status = mgmt_le_support(hdev);
6178 if (status)
6179 eir_len = 0;
6180 else
6181 eir_len = 9 + 3 + 18 + 18 + 3;
6182 break;
6183 default:
6184 status = MGMT_STATUS_INVALID_PARAMS;
6185 eir_len = 0;
6186 break;
6187 }
6188 } else {
6189 status = MGMT_STATUS_NOT_POWERED;
6190 eir_len = 0;
6191 }
6192
6193 rp_len = sizeof(*rp) + eir_len;
6194 rp = kmalloc(rp_len, GFP_ATOMIC);
6195 if (!rp)
6196 return -ENOMEM;
6197
6198 if (status)
6199 goto complete;
6200
6201 hci_dev_lock(hdev);
6202
6203 eir_len = 0;
6204 switch (cp->type) {
6205 case BIT(BDADDR_BREDR):
6206 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6207 err = read_local_ssp_oob_req(hdev, sk, cp);
6208 hci_dev_unlock(hdev);
6209 if (!err)
6210 goto done;
6211
6212 status = MGMT_STATUS_FAILED;
6213 goto complete;
6214 } else {
6215 eir_len = eir_append_data(rp->eir, eir_len,
6216 EIR_CLASS_OF_DEV,
6217 hdev->dev_class, 3);
6218 }
6219 break;
6220 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6221 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6222 smp_generate_oob(hdev, hash, rand) < 0) {
6223 hci_dev_unlock(hdev);
6224 status = MGMT_STATUS_FAILED;
6225 goto complete;
6226 }
6227
6228 /* This should return the active RPA, but since the RPA
6229 * is only programmed on demand, it is really hard to fill
6230 * this in at the moment. For now disallow retrieving
6231 * local out-of-band data when privacy is in use.
6232 *
6233 * Returning the identity address will not help here since
6234 * pairing happens before the identity resolving key is
6235 * known and thus the connection establishment happens
6236 * based on the RPA and not the identity address.
6237 */
6238 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6239 hci_dev_unlock(hdev);
6240 status = MGMT_STATUS_REJECTED;
6241 goto complete;
6242 }
6243
6244 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6245 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6246 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6247 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6248 memcpy(addr, &hdev->static_addr, 6);
6249 addr[6] = 0x01;
6250 } else {
6251 memcpy(addr, &hdev->bdaddr, 6);
6252 addr[6] = 0x00;
6253 }
6254
6255 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6256 addr, sizeof(addr));
6257
6258 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6259 role = 0x02;
6260 else
6261 role = 0x01;
6262
6263 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6264 &role, sizeof(role));
6265
6266 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6267 eir_len = eir_append_data(rp->eir, eir_len,
6268 EIR_LE_SC_CONFIRM,
6269 hash, sizeof(hash));
6270
6271 eir_len = eir_append_data(rp->eir, eir_len,
6272 EIR_LE_SC_RANDOM,
6273 rand, sizeof(rand));
6274 }
6275
6276 flags = mgmt_get_adv_discov_flags(hdev);
6277
6278 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6279 flags |= LE_AD_NO_BREDR;
6280
6281 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6282 &flags, sizeof(flags));
6283 break;
6284 }
6285
6286 hci_dev_unlock(hdev);
6287
6288 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6289
6290 status = MGMT_STATUS_SUCCESS;
6291
6292complete:
6293 rp->type = cp->type;
6294 rp->eir_len = cpu_to_le16(eir_len);
6295
6296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6297 status, rp, sizeof(*rp) + eir_len);
6298 if (err < 0 || status)
6299 goto done;
6300
6301 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6302 rp, sizeof(*rp) + eir_len,
6303 HCI_MGMT_OOB_DATA_EVENTS, sk);
6304
6305done:
6306 kfree(rp);
6307
6308 return err;
6309}
6310
6311static u32 get_supported_adv_flags(struct hci_dev *hdev)
6312{
6313 u32 flags = 0;
6314
6315 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6316 flags |= MGMT_ADV_FLAG_DISCOV;
6317 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6318 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6319 flags |= MGMT_ADV_FLAG_APPEARANCE;
6320 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6321
6322 /* In extended adv TX_POWER returned from Set Adv Param
6323 * will be always valid.
6324 */
6325 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6326 ext_adv_capable(hdev))
6327 flags |= MGMT_ADV_FLAG_TX_POWER;
6328
6329 if (ext_adv_capable(hdev)) {
6330 flags |= MGMT_ADV_FLAG_SEC_1M;
6331
6332 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6333 flags |= MGMT_ADV_FLAG_SEC_2M;
6334
6335 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6336 flags |= MGMT_ADV_FLAG_SEC_CODED;
6337 }
6338
6339 return flags;
6340}
6341
6342static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6343 void *data, u16 data_len)
6344{
6345 struct mgmt_rp_read_adv_features *rp;
6346 size_t rp_len;
6347 int err;
6348 struct adv_info *adv_instance;
6349 u32 supported_flags;
6350 u8 *instance;
6351
6352 BT_DBG("%s", hdev->name);
6353
6354 if (!lmp_le_capable(hdev))
6355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6356 MGMT_STATUS_REJECTED);
6357
6358 hci_dev_lock(hdev);
6359
6360 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6361 rp = kmalloc(rp_len, GFP_ATOMIC);
6362 if (!rp) {
6363 hci_dev_unlock(hdev);
6364 return -ENOMEM;
6365 }
6366
6367 supported_flags = get_supported_adv_flags(hdev);
6368
6369 rp->supported_flags = cpu_to_le32(supported_flags);
6370 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6371 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6372 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6373 rp->num_instances = hdev->adv_instance_cnt;
6374
6375 instance = rp->instance;
6376 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6377 *instance = adv_instance->instance;
6378 instance++;
6379 }
6380
6381 hci_dev_unlock(hdev);
6382
6383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6384 MGMT_STATUS_SUCCESS, rp, rp_len);
6385
6386 kfree(rp);
6387
6388 return err;
6389}
6390
6391static u8 calculate_name_len(struct hci_dev *hdev)
6392{
6393 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6394
6395 return append_local_name(hdev, buf, 0);
6396}
6397
6398static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6399 bool is_adv_data)
6400{
6401 u8 max_len = HCI_MAX_AD_LENGTH;
6402
6403 if (is_adv_data) {
6404 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6405 MGMT_ADV_FLAG_LIMITED_DISCOV |
6406 MGMT_ADV_FLAG_MANAGED_FLAGS))
6407 max_len -= 3;
6408
6409 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6410 max_len -= 3;
6411 } else {
6412 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6413 max_len -= calculate_name_len(hdev);
6414
6415 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6416 max_len -= 4;
6417 }
6418
6419 return max_len;
6420}
6421
6422static bool flags_managed(u32 adv_flags)
6423{
6424 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6425 MGMT_ADV_FLAG_LIMITED_DISCOV |
6426 MGMT_ADV_FLAG_MANAGED_FLAGS);
6427}
6428
6429static bool tx_power_managed(u32 adv_flags)
6430{
6431 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6432}
6433
6434static bool name_managed(u32 adv_flags)
6435{
6436 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6437}
6438
6439static bool appearance_managed(u32 adv_flags)
6440{
6441 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6442}
6443
6444static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6445 u8 len, bool is_adv_data)
6446{
6447 int i, cur_len;
6448 u8 max_len;
6449
6450 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6451
6452 if (len > max_len)
6453 return false;
6454
6455 /* Make sure that the data is correctly formatted. */
6456 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6457 cur_len = data[i];
6458
6459 if (data[i + 1] == EIR_FLAGS &&
6460 (!is_adv_data || flags_managed(adv_flags)))
6461 return false;
6462
6463 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6464 return false;
6465
6466 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6467 return false;
6468
6469 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6470 return false;
6471
6472 if (data[i + 1] == EIR_APPEARANCE &&
6473 appearance_managed(adv_flags))
6474 return false;
6475
6476 /* If the current field length would exceed the total data
6477 * length, then it's invalid.
6478 */
6479 if (i + cur_len >= len)
6480 return false;
6481 }
6482
6483 return true;
6484}
6485
6486static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6487 u16 opcode)
6488{
6489 struct mgmt_pending_cmd *cmd;
6490 struct mgmt_cp_add_advertising *cp;
6491 struct mgmt_rp_add_advertising rp;
6492 struct adv_info *adv_instance, *n;
6493 u8 instance;
6494
6495 BT_DBG("status %d", status);
6496
6497 hci_dev_lock(hdev);
6498
6499 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6500
6501 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6502 if (!adv_instance->pending)
6503 continue;
6504
6505 if (!status) {
6506 adv_instance->pending = false;
6507 continue;
6508 }
6509
6510 instance = adv_instance->instance;
6511
6512 if (hdev->cur_adv_instance == instance)
6513 cancel_adv_timeout(hdev);
6514
6515 hci_remove_adv_instance(hdev, instance);
6516 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6517 }
6518
6519 if (!cmd)
6520 goto unlock;
6521
6522 cp = cmd->param;
6523 rp.instance = cp->instance;
6524
6525 if (status)
6526 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6527 mgmt_status(status));
6528 else
6529 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6530 mgmt_status(status), &rp, sizeof(rp));
6531
6532 mgmt_pending_remove(cmd);
6533
6534unlock:
6535 hci_dev_unlock(hdev);
6536}
6537
6538static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6539 void *data, u16 data_len)
6540{
6541 struct mgmt_cp_add_advertising *cp = data;
6542 struct mgmt_rp_add_advertising rp;
6543 u32 flags;
6544 u32 supported_flags, phy_flags;
6545 u8 status;
6546 u16 timeout, duration;
6547 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6548 u8 schedule_instance = 0;
6549 struct adv_info *next_instance;
6550 int err;
6551 struct mgmt_pending_cmd *cmd;
6552 struct hci_request req;
6553
6554 BT_DBG("%s", hdev->name);
6555
6556 status = mgmt_le_support(hdev);
6557 if (status)
6558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6559 status);
6560
6561 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6563 MGMT_STATUS_INVALID_PARAMS);
6564
6565 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6567 MGMT_STATUS_INVALID_PARAMS);
6568
6569 flags = __le32_to_cpu(cp->flags);
6570 timeout = __le16_to_cpu(cp->timeout);
6571 duration = __le16_to_cpu(cp->duration);
6572
6573 /* The current implementation only supports a subset of the specified
6574 * flags. Also need to check mutual exclusiveness of sec flags.
6575 */
6576 supported_flags = get_supported_adv_flags(hdev);
6577 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6578 if (flags & ~supported_flags ||
6579 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6581 MGMT_STATUS_INVALID_PARAMS);
6582
6583 hci_dev_lock(hdev);
6584
6585 if (timeout && !hdev_is_powered(hdev)) {
6586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6587 MGMT_STATUS_REJECTED);
6588 goto unlock;
6589 }
6590
6591 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6592 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6593 pending_find(MGMT_OP_SET_LE, hdev)) {
6594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6595 MGMT_STATUS_BUSY);
6596 goto unlock;
6597 }
6598
6599 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6600 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6601 cp->scan_rsp_len, false)) {
6602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6603 MGMT_STATUS_INVALID_PARAMS);
6604 goto unlock;
6605 }
6606
6607 err = hci_add_adv_instance(hdev, cp->instance, flags,
6608 cp->adv_data_len, cp->data,
6609 cp->scan_rsp_len,
6610 cp->data + cp->adv_data_len,
6611 timeout, duration);
6612 if (err < 0) {
6613 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6614 MGMT_STATUS_FAILED);
6615 goto unlock;
6616 }
6617
6618 /* Only trigger an advertising added event if a new instance was
6619 * actually added.
6620 */
6621 if (hdev->adv_instance_cnt > prev_instance_cnt)
6622 mgmt_advertising_added(sk, hdev, cp->instance);
6623
6624 if (hdev->cur_adv_instance == cp->instance) {
6625 /* If the currently advertised instance is being changed then
6626 * cancel the current advertising and schedule the next
6627 * instance. If there is only one instance then the overridden
6628 * advertising data will be visible right away.
6629 */
6630 cancel_adv_timeout(hdev);
6631
6632 next_instance = hci_get_next_instance(hdev, cp->instance);
6633 if (next_instance)
6634 schedule_instance = next_instance->instance;
6635 } else if (!hdev->adv_instance_timeout) {
6636 /* Immediately advertise the new instance if no other
6637 * instance is currently being advertised.
6638 */
6639 schedule_instance = cp->instance;
6640 }
6641
6642 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6643 * there is no instance to be advertised then we have no HCI
6644 * communication to make. Simply return.
6645 */
6646 if (!hdev_is_powered(hdev) ||
6647 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6648 !schedule_instance) {
6649 rp.instance = cp->instance;
6650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6651 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6652 goto unlock;
6653 }
6654
6655 /* We're good to go, update advertising data, parameters, and start
6656 * advertising.
6657 */
6658 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6659 data_len);
6660 if (!cmd) {
6661 err = -ENOMEM;
6662 goto unlock;
6663 }
6664
6665 hci_req_init(&req, hdev);
6666
6667 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6668
6669 if (!err)
6670 err = hci_req_run(&req, add_advertising_complete);
6671
6672 if (err < 0)
6673 mgmt_pending_remove(cmd);
6674
6675unlock:
6676 hci_dev_unlock(hdev);
6677
6678 return err;
6679}
6680
6681static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6682 u16 opcode)
6683{
6684 struct mgmt_pending_cmd *cmd;
6685 struct mgmt_cp_remove_advertising *cp;
6686 struct mgmt_rp_remove_advertising rp;
6687
6688 BT_DBG("status %d", status);
6689
6690 hci_dev_lock(hdev);
6691
6692 /* A failure status here only means that we failed to disable
6693 * advertising. Otherwise, the advertising instance has been removed,
6694 * so report success.
6695 */
6696 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6697 if (!cmd)
6698 goto unlock;
6699
6700 cp = cmd->param;
6701 rp.instance = cp->instance;
6702
6703 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6704 &rp, sizeof(rp));
6705 mgmt_pending_remove(cmd);
6706
6707unlock:
6708 hci_dev_unlock(hdev);
6709}
6710
6711static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6712 void *data, u16 data_len)
6713{
6714 struct mgmt_cp_remove_advertising *cp = data;
6715 struct mgmt_rp_remove_advertising rp;
6716 struct mgmt_pending_cmd *cmd;
6717 struct hci_request req;
6718 int err;
6719
6720 BT_DBG("%s", hdev->name);
6721
6722 hci_dev_lock(hdev);
6723
6724 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6725 err = mgmt_cmd_status(sk, hdev->id,
6726 MGMT_OP_REMOVE_ADVERTISING,
6727 MGMT_STATUS_INVALID_PARAMS);
6728 goto unlock;
6729 }
6730
6731 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6732 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6733 pending_find(MGMT_OP_SET_LE, hdev)) {
6734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6735 MGMT_STATUS_BUSY);
6736 goto unlock;
6737 }
6738
6739 if (list_empty(&hdev->adv_instances)) {
6740 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6741 MGMT_STATUS_INVALID_PARAMS);
6742 goto unlock;
6743 }
6744
6745 hci_req_init(&req, hdev);
6746
6747 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6748
6749 if (list_empty(&hdev->adv_instances))
6750 __hci_req_disable_advertising(&req);
6751
6752 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6753 * flag is set or the device isn't powered then we have no HCI
6754 * communication to make. Simply return.
6755 */
6756 if (skb_queue_empty(&req.cmd_q) ||
6757 !hdev_is_powered(hdev) ||
6758 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6759 hci_req_purge(&req);
6760 rp.instance = cp->instance;
6761 err = mgmt_cmd_complete(sk, hdev->id,
6762 MGMT_OP_REMOVE_ADVERTISING,
6763 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6764 goto unlock;
6765 }
6766
6767 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6768 data_len);
6769 if (!cmd) {
6770 err = -ENOMEM;
6771 goto unlock;
6772 }
6773
6774 err = hci_req_run(&req, remove_advertising_complete);
6775 if (err < 0)
6776 mgmt_pending_remove(cmd);
6777
6778unlock:
6779 hci_dev_unlock(hdev);
6780
6781 return err;
6782}
6783
6784static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6785 void *data, u16 data_len)
6786{
6787 struct mgmt_cp_get_adv_size_info *cp = data;
6788 struct mgmt_rp_get_adv_size_info rp;
6789 u32 flags, supported_flags;
6790 int err;
6791
6792 BT_DBG("%s", hdev->name);
6793
6794 if (!lmp_le_capable(hdev))
6795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6796 MGMT_STATUS_REJECTED);
6797
6798 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6800 MGMT_STATUS_INVALID_PARAMS);
6801
6802 flags = __le32_to_cpu(cp->flags);
6803
6804 /* The current implementation only supports a subset of the specified
6805 * flags.
6806 */
6807 supported_flags = get_supported_adv_flags(hdev);
6808 if (flags & ~supported_flags)
6809 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6810 MGMT_STATUS_INVALID_PARAMS);
6811
6812 rp.instance = cp->instance;
6813 rp.flags = cp->flags;
6814 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6815 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6816
6817 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6818 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6819
6820 return err;
6821}
6822
6823static const struct hci_mgmt_handler mgmt_handlers[] = {
6824 { NULL }, /* 0x0000 (no command) */
6825 { read_version, MGMT_READ_VERSION_SIZE,
6826 HCI_MGMT_NO_HDEV |
6827 HCI_MGMT_UNTRUSTED },
6828 { read_commands, MGMT_READ_COMMANDS_SIZE,
6829 HCI_MGMT_NO_HDEV |
6830 HCI_MGMT_UNTRUSTED },
6831 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6832 HCI_MGMT_NO_HDEV |
6833 HCI_MGMT_UNTRUSTED },
6834 { read_controller_info, MGMT_READ_INFO_SIZE,
6835 HCI_MGMT_UNTRUSTED },
6836 { set_powered, MGMT_SETTING_SIZE },
6837 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6838 { set_connectable, MGMT_SETTING_SIZE },
6839 { set_fast_connectable, MGMT_SETTING_SIZE },
6840 { set_bondable, MGMT_SETTING_SIZE },
6841 { set_link_security, MGMT_SETTING_SIZE },
6842 { set_ssp, MGMT_SETTING_SIZE },
6843 { set_hs, MGMT_SETTING_SIZE },
6844 { set_le, MGMT_SETTING_SIZE },
6845 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6846 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6847 { add_uuid, MGMT_ADD_UUID_SIZE },
6848 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6849 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6850 HCI_MGMT_VAR_LEN },
6851 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6852 HCI_MGMT_VAR_LEN },
6853 { disconnect, MGMT_DISCONNECT_SIZE },
6854 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6855 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6856 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6857 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6858 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6859 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6860 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6861 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6862 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6863 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6864 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6865 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6866 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6867 HCI_MGMT_VAR_LEN },
6868 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6869 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6870 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6871 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6872 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6873 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6874 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6875 { set_advertising, MGMT_SETTING_SIZE },
6876 { set_bredr, MGMT_SETTING_SIZE },
6877 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6878 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6879 { set_secure_conn, MGMT_SETTING_SIZE },
6880 { set_debug_keys, MGMT_SETTING_SIZE },
6881 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6882 { load_irks, MGMT_LOAD_IRKS_SIZE,
6883 HCI_MGMT_VAR_LEN },
6884 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6885 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6886 { add_device, MGMT_ADD_DEVICE_SIZE },
6887 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6888 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6889 HCI_MGMT_VAR_LEN },
6890 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6891 HCI_MGMT_NO_HDEV |
6892 HCI_MGMT_UNTRUSTED },
6893 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6894 HCI_MGMT_UNCONFIGURED |
6895 HCI_MGMT_UNTRUSTED },
6896 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6897 HCI_MGMT_UNCONFIGURED },
6898 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6899 HCI_MGMT_UNCONFIGURED },
6900 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6901 HCI_MGMT_VAR_LEN },
6902 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6903 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6904 HCI_MGMT_NO_HDEV |
6905 HCI_MGMT_UNTRUSTED },
6906 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6907 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6908 HCI_MGMT_VAR_LEN },
6909 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6910 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6911 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6912 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6913 HCI_MGMT_UNTRUSTED },
6914 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6915 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6916 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6917};
6918
6919void mgmt_index_added(struct hci_dev *hdev)
6920{
6921 struct mgmt_ev_ext_index ev;
6922
6923 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6924 return;
6925
6926 switch (hdev->dev_type) {
6927 case HCI_PRIMARY:
6928 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6929 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6930 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6931 ev.type = 0x01;
6932 } else {
6933 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6934 HCI_MGMT_INDEX_EVENTS);
6935 ev.type = 0x00;
6936 }
6937 break;
6938 case HCI_AMP:
6939 ev.type = 0x02;
6940 break;
6941 default:
6942 return;
6943 }
6944
6945 ev.bus = hdev->bus;
6946
6947 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6948 HCI_MGMT_EXT_INDEX_EVENTS);
6949}
6950
6951void mgmt_index_removed(struct hci_dev *hdev)
6952{
6953 struct mgmt_ev_ext_index ev;
6954 u8 status = MGMT_STATUS_INVALID_INDEX;
6955
6956 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6957 return;
6958
6959 switch (hdev->dev_type) {
6960 case HCI_PRIMARY:
6961 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6962
6963 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6964 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6965 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6966 ev.type = 0x01;
6967 } else {
6968 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6969 HCI_MGMT_INDEX_EVENTS);
6970 ev.type = 0x00;
6971 }
6972 break;
6973 case HCI_AMP:
6974 ev.type = 0x02;
6975 break;
6976 default:
6977 return;
6978 }
6979
6980 ev.bus = hdev->bus;
6981
6982 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6983 HCI_MGMT_EXT_INDEX_EVENTS);
6984}
6985
6986/* This function requires the caller holds hdev->lock */
6987static void restart_le_actions(struct hci_dev *hdev)
6988{
6989 struct hci_conn_params *p;
6990
6991 list_for_each_entry(p, &hdev->le_conn_params, list) {
6992 /* Needed for AUTO_OFF case where might not "really"
6993 * have been powered off.
6994 */
6995 list_del_init(&p->action);
6996
6997 switch (p->auto_connect) {
6998 case HCI_AUTO_CONN_DIRECT:
6999 case HCI_AUTO_CONN_ALWAYS:
7000 list_add(&p->action, &hdev->pend_le_conns);
7001 break;
7002 case HCI_AUTO_CONN_REPORT:
7003 list_add(&p->action, &hdev->pend_le_reports);
7004 break;
7005 default:
7006 break;
7007 }
7008 }
7009}
7010
7011void mgmt_power_on(struct hci_dev *hdev, int err)
7012{
7013 struct cmd_lookup match = { NULL, hdev };
7014
7015 BT_DBG("err %d", err);
7016
7017 hci_dev_lock(hdev);
7018
7019 if (!err) {
7020 restart_le_actions(hdev);
7021 hci_update_background_scan(hdev);
7022 }
7023
7024 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7025
7026 new_settings(hdev, match.sk);
7027
7028 if (match.sk)
7029 sock_put(match.sk);
7030
7031 hci_dev_unlock(hdev);
7032}
7033
7034void __mgmt_power_off(struct hci_dev *hdev)
7035{
7036 struct cmd_lookup match = { NULL, hdev };
7037 u8 status, zero_cod[] = { 0, 0, 0 };
7038
7039 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7040
7041 /* If the power off is because of hdev unregistration let
7042 * use the appropriate INVALID_INDEX status. Otherwise use
7043 * NOT_POWERED. We cover both scenarios here since later in
7044 * mgmt_index_removed() any hci_conn callbacks will have already
7045 * been triggered, potentially causing misleading DISCONNECTED
7046 * status responses.
7047 */
7048 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7049 status = MGMT_STATUS_INVALID_INDEX;
7050 else
7051 status = MGMT_STATUS_NOT_POWERED;
7052
7053 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7054
7055 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7056 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7057 zero_cod, sizeof(zero_cod),
7058 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7059 ext_info_changed(hdev, NULL);
7060 }
7061
7062 new_settings(hdev, match.sk);
7063
7064 if (match.sk)
7065 sock_put(match.sk);
7066}
7067
7068void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7069{
7070 struct mgmt_pending_cmd *cmd;
7071 u8 status;
7072
7073 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7074 if (!cmd)
7075 return;
7076
7077 if (err == -ERFKILL)
7078 status = MGMT_STATUS_RFKILLED;
7079 else
7080 status = MGMT_STATUS_FAILED;
7081
7082 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7083
7084 mgmt_pending_remove(cmd);
7085}
7086
7087void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7088 bool persistent)
7089{
7090 struct mgmt_ev_new_link_key ev;
7091
7092 memset(&ev, 0, sizeof(ev));
7093
7094 ev.store_hint = persistent;
7095 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7096 ev.key.addr.type = BDADDR_BREDR;
7097 ev.key.type = key->type;
7098 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7099 ev.key.pin_len = key->pin_len;
7100
7101 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7102}
7103
7104static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7105{
7106 switch (ltk->type) {
7107 case SMP_LTK:
7108 case SMP_LTK_SLAVE:
7109 if (ltk->authenticated)
7110 return MGMT_LTK_AUTHENTICATED;
7111 return MGMT_LTK_UNAUTHENTICATED;
7112 case SMP_LTK_P256:
7113 if (ltk->authenticated)
7114 return MGMT_LTK_P256_AUTH;
7115 return MGMT_LTK_P256_UNAUTH;
7116 case SMP_LTK_P256_DEBUG:
7117 return MGMT_LTK_P256_DEBUG;
7118 }
7119
7120 return MGMT_LTK_UNAUTHENTICATED;
7121}
7122
7123void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7124{
7125 struct mgmt_ev_new_long_term_key ev;
7126
7127 memset(&ev, 0, sizeof(ev));
7128
7129 /* Devices using resolvable or non-resolvable random addresses
7130 * without providing an identity resolving key don't require
7131 * to store long term keys. Their addresses will change the
7132 * next time around.
7133 *
7134 * Only when a remote device provides an identity address
7135 * make sure the long term key is stored. If the remote
7136 * identity is known, the long term keys are internally
7137 * mapped to the identity address. So allow static random
7138 * and public addresses here.
7139 */
7140 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7141 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7142 ev.store_hint = 0x00;
7143 else
7144 ev.store_hint = persistent;
7145
7146 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7147 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7148 ev.key.type = mgmt_ltk_type(key);
7149 ev.key.enc_size = key->enc_size;
7150 ev.key.ediv = key->ediv;
7151 ev.key.rand = key->rand;
7152
7153 if (key->type == SMP_LTK)
7154 ev.key.master = 1;
7155
7156 /* Make sure we copy only the significant bytes based on the
7157 * encryption key size, and set the rest of the value to zeroes.
7158 */
7159 memcpy(ev.key.val, key->val, key->enc_size);
7160 memset(ev.key.val + key->enc_size, 0,
7161 sizeof(ev.key.val) - key->enc_size);
7162
7163 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7164}
7165
7166void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7167{
7168 struct mgmt_ev_new_irk ev;
7169
7170 memset(&ev, 0, sizeof(ev));
7171
7172 ev.store_hint = persistent;
7173
7174 bacpy(&ev.rpa, &irk->rpa);
7175 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7176 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7177 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7178
7179 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7180}
7181
7182void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7183 bool persistent)
7184{
7185 struct mgmt_ev_new_csrk ev;
7186
7187 memset(&ev, 0, sizeof(ev));
7188
7189 /* Devices using resolvable or non-resolvable random addresses
7190 * without providing an identity resolving key don't require
7191 * to store signature resolving keys. Their addresses will change
7192 * the next time around.
7193 *
7194 * Only when a remote device provides an identity address
7195 * make sure the signature resolving key is stored. So allow
7196 * static random and public addresses here.
7197 */
7198 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7199 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7200 ev.store_hint = 0x00;
7201 else
7202 ev.store_hint = persistent;
7203
7204 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7205 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7206 ev.key.type = csrk->type;
7207 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7208
7209 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7210}
7211
7212void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7213 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7214 u16 max_interval, u16 latency, u16 timeout)
7215{
7216 struct mgmt_ev_new_conn_param ev;
7217
7218 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7219 return;
7220
7221 memset(&ev, 0, sizeof(ev));
7222 bacpy(&ev.addr.bdaddr, bdaddr);
7223 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7224 ev.store_hint = store_hint;
7225 ev.min_interval = cpu_to_le16(min_interval);
7226 ev.max_interval = cpu_to_le16(max_interval);
7227 ev.latency = cpu_to_le16(latency);
7228 ev.timeout = cpu_to_le16(timeout);
7229
7230 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7231}
7232
7233void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7234 u32 flags, u8 *name, u8 name_len)
7235{
7236 char buf[512];
7237 struct mgmt_ev_device_connected *ev = (void *) buf;
7238 u16 eir_len = 0;
7239
7240 bacpy(&ev->addr.bdaddr, &conn->dst);
7241 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7242
7243 ev->flags = __cpu_to_le32(flags);
7244
7245 /* We must ensure that the EIR Data fields are ordered and
7246 * unique. Keep it simple for now and avoid the problem by not
7247 * adding any BR/EDR data to the LE adv.
7248 */
7249 if (conn->le_adv_data_len > 0) {
7250 memcpy(&ev->eir[eir_len],
7251 conn->le_adv_data, conn->le_adv_data_len);
7252 eir_len = conn->le_adv_data_len;
7253 } else {
7254 if (name_len > 0)
7255 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7256 name, name_len);
7257
7258 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7259 eir_len = eir_append_data(ev->eir, eir_len,
7260 EIR_CLASS_OF_DEV,
7261 conn->dev_class, 3);
7262 }
7263
7264 ev->eir_len = cpu_to_le16(eir_len);
7265
7266 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7267 sizeof(*ev) + eir_len, NULL);
7268}
7269
7270static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7271{
7272 struct sock **sk = data;
7273
7274 cmd->cmd_complete(cmd, 0);
7275
7276 *sk = cmd->sk;
7277 sock_hold(*sk);
7278
7279 mgmt_pending_remove(cmd);
7280}
7281
7282static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7283{
7284 struct hci_dev *hdev = data;
7285 struct mgmt_cp_unpair_device *cp = cmd->param;
7286
7287 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7288
7289 cmd->cmd_complete(cmd, 0);
7290 mgmt_pending_remove(cmd);
7291}
7292
7293bool mgmt_powering_down(struct hci_dev *hdev)
7294{
7295 struct mgmt_pending_cmd *cmd;
7296 struct mgmt_mode *cp;
7297
7298 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7299 if (!cmd)
7300 return false;
7301
7302 cp = cmd->param;
7303 if (!cp->val)
7304 return true;
7305
7306 return false;
7307}
7308
7309void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7310 u8 link_type, u8 addr_type, u8 reason,
7311 bool mgmt_connected)
7312{
7313 struct mgmt_ev_device_disconnected ev;
7314 struct sock *sk = NULL;
7315
7316 /* The connection is still in hci_conn_hash so test for 1
7317 * instead of 0 to know if this is the last one.
7318 */
7319 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7320 cancel_delayed_work(&hdev->power_off);
7321 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7322 }
7323
7324 if (!mgmt_connected)
7325 return;
7326
7327 if (link_type != ACL_LINK && link_type != LE_LINK)
7328 return;
7329
7330 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7331
7332 bacpy(&ev.addr.bdaddr, bdaddr);
7333 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7334 ev.reason = reason;
7335
7336 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7337
7338 if (sk)
7339 sock_put(sk);
7340
7341 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7342 hdev);
7343}
7344
7345void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7346 u8 link_type, u8 addr_type, u8 status)
7347{
7348 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7349 struct mgmt_cp_disconnect *cp;
7350 struct mgmt_pending_cmd *cmd;
7351
7352 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7353 hdev);
7354
7355 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7356 if (!cmd)
7357 return;
7358
7359 cp = cmd->param;
7360
7361 if (bacmp(bdaddr, &cp->addr.bdaddr))
7362 return;
7363
7364 if (cp->addr.type != bdaddr_type)
7365 return;
7366
7367 cmd->cmd_complete(cmd, mgmt_status(status));
7368 mgmt_pending_remove(cmd);
7369}
7370
7371void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7372 u8 addr_type, u8 status)
7373{
7374 struct mgmt_ev_connect_failed ev;
7375
7376 /* The connection is still in hci_conn_hash so test for 1
7377 * instead of 0 to know if this is the last one.
7378 */
7379 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7380 cancel_delayed_work(&hdev->power_off);
7381 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7382 }
7383
7384 bacpy(&ev.addr.bdaddr, bdaddr);
7385 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7386 ev.status = mgmt_status(status);
7387
7388 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7389}
7390
7391void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7392{
7393 struct mgmt_ev_pin_code_request ev;
7394
7395 bacpy(&ev.addr.bdaddr, bdaddr);
7396 ev.addr.type = BDADDR_BREDR;
7397 ev.secure = secure;
7398
7399 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7400}
7401
7402void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7403 u8 status)
7404{
7405 struct mgmt_pending_cmd *cmd;
7406
7407 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7408 if (!cmd)
7409 return;
7410
7411 cmd->cmd_complete(cmd, mgmt_status(status));
7412 mgmt_pending_remove(cmd);
7413}
7414
7415void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7416 u8 status)
7417{
7418 struct mgmt_pending_cmd *cmd;
7419
7420 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7421 if (!cmd)
7422 return;
7423
7424 cmd->cmd_complete(cmd, mgmt_status(status));
7425 mgmt_pending_remove(cmd);
7426}
7427
7428int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7429 u8 link_type, u8 addr_type, u32 value,
7430 u8 confirm_hint)
7431{
7432 struct mgmt_ev_user_confirm_request ev;
7433
7434 BT_DBG("%s", hdev->name);
7435
7436 bacpy(&ev.addr.bdaddr, bdaddr);
7437 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7438 ev.confirm_hint = confirm_hint;
7439 ev.value = cpu_to_le32(value);
7440
7441 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7442 NULL);
7443}
7444
7445int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7446 u8 link_type, u8 addr_type)
7447{
7448 struct mgmt_ev_user_passkey_request ev;
7449
7450 BT_DBG("%s", hdev->name);
7451
7452 bacpy(&ev.addr.bdaddr, bdaddr);
7453 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7454
7455 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7456 NULL);
7457}
7458
7459static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7460 u8 link_type, u8 addr_type, u8 status,
7461 u8 opcode)
7462{
7463 struct mgmt_pending_cmd *cmd;
7464
7465 cmd = pending_find(opcode, hdev);
7466 if (!cmd)
7467 return -ENOENT;
7468
7469 cmd->cmd_complete(cmd, mgmt_status(status));
7470 mgmt_pending_remove(cmd);
7471
7472 return 0;
7473}
7474
7475int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7476 u8 link_type, u8 addr_type, u8 status)
7477{
7478 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7479 status, MGMT_OP_USER_CONFIRM_REPLY);
7480}
7481
7482int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7483 u8 link_type, u8 addr_type, u8 status)
7484{
7485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7486 status,
7487 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7488}
7489
7490int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7491 u8 link_type, u8 addr_type, u8 status)
7492{
7493 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7494 status, MGMT_OP_USER_PASSKEY_REPLY);
7495}
7496
7497int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7498 u8 link_type, u8 addr_type, u8 status)
7499{
7500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7501 status,
7502 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7503}
7504
7505int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7506 u8 link_type, u8 addr_type, u32 passkey,
7507 u8 entered)
7508{
7509 struct mgmt_ev_passkey_notify ev;
7510
7511 BT_DBG("%s", hdev->name);
7512
7513 bacpy(&ev.addr.bdaddr, bdaddr);
7514 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7515 ev.passkey = __cpu_to_le32(passkey);
7516 ev.entered = entered;
7517
7518 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7519}
7520
7521void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7522{
7523 struct mgmt_ev_auth_failed ev;
7524 struct mgmt_pending_cmd *cmd;
7525 u8 status = mgmt_status(hci_status);
7526
7527 bacpy(&ev.addr.bdaddr, &conn->dst);
7528 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7529 ev.status = status;
7530
7531 cmd = find_pairing(conn);
7532
7533 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7534 cmd ? cmd->sk : NULL);
7535
7536 if (cmd) {
7537 cmd->cmd_complete(cmd, status);
7538 mgmt_pending_remove(cmd);
7539 }
7540}
7541
7542void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7543{
7544 struct cmd_lookup match = { NULL, hdev };
7545 bool changed;
7546
7547 if (status) {
7548 u8 mgmt_err = mgmt_status(status);
7549 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7550 cmd_status_rsp, &mgmt_err);
7551 return;
7552 }
7553
7554 if (test_bit(HCI_AUTH, &hdev->flags))
7555 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7556 else
7557 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7558
7559 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7560 &match);
7561
7562 if (changed)
7563 new_settings(hdev, match.sk);
7564
7565 if (match.sk)
7566 sock_put(match.sk);
7567}
7568
7569static void clear_eir(struct hci_request *req)
7570{
7571 struct hci_dev *hdev = req->hdev;
7572 struct hci_cp_write_eir cp;
7573
7574 if (!lmp_ext_inq_capable(hdev))
7575 return;
7576
7577 memset(hdev->eir, 0, sizeof(hdev->eir));
7578
7579 memset(&cp, 0, sizeof(cp));
7580
7581 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7582}
7583
7584void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7585{
7586 struct cmd_lookup match = { NULL, hdev };
7587 struct hci_request req;
7588 bool changed = false;
7589
7590 if (status) {
7591 u8 mgmt_err = mgmt_status(status);
7592
7593 if (enable && hci_dev_test_and_clear_flag(hdev,
7594 HCI_SSP_ENABLED)) {
7595 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7596 new_settings(hdev, NULL);
7597 }
7598
7599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7600 &mgmt_err);
7601 return;
7602 }
7603
7604 if (enable) {
7605 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7606 } else {
7607 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7608 if (!changed)
7609 changed = hci_dev_test_and_clear_flag(hdev,
7610 HCI_HS_ENABLED);
7611 else
7612 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7613 }
7614
7615 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7616
7617 if (changed)
7618 new_settings(hdev, match.sk);
7619
7620 if (match.sk)
7621 sock_put(match.sk);
7622
7623 hci_req_init(&req, hdev);
7624
7625 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7626 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7627 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7628 sizeof(enable), &enable);
7629 __hci_req_update_eir(&req);
7630 } else {
7631 clear_eir(&req);
7632 }
7633
7634 hci_req_run(&req, NULL);
7635}
7636
7637static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7638{
7639 struct cmd_lookup *match = data;
7640
7641 if (match->sk == NULL) {
7642 match->sk = cmd->sk;
7643 sock_hold(match->sk);
7644 }
7645}
7646
7647void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7648 u8 status)
7649{
7650 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7651
7652 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7653 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7654 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7655
7656 if (!status) {
7657 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7658 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7659 ext_info_changed(hdev, NULL);
7660 }
7661
7662 if (match.sk)
7663 sock_put(match.sk);
7664}
7665
7666void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7667{
7668 struct mgmt_cp_set_local_name ev;
7669 struct mgmt_pending_cmd *cmd;
7670
7671 if (status)
7672 return;
7673
7674 memset(&ev, 0, sizeof(ev));
7675 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7676 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7677
7678 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7679 if (!cmd) {
7680 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7681
7682 /* If this is a HCI command related to powering on the
7683 * HCI dev don't send any mgmt signals.
7684 */
7685 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7686 return;
7687 }
7688
7689 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7690 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7691 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7692}
7693
7694static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7695{
7696 int i;
7697
7698 for (i = 0; i < uuid_count; i++) {
7699 if (!memcmp(uuid, uuids[i], 16))
7700 return true;
7701 }
7702
7703 return false;
7704}
7705
7706static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7707{
7708 u16 parsed = 0;
7709
7710 while (parsed < eir_len) {
7711 u8 field_len = eir[0];
7712 u8 uuid[16];
7713 int i;
7714
7715 if (field_len == 0)
7716 break;
7717
7718 if (eir_len - parsed < field_len + 1)
7719 break;
7720
7721 switch (eir[1]) {
7722 case EIR_UUID16_ALL:
7723 case EIR_UUID16_SOME:
7724 for (i = 0; i + 3 <= field_len; i += 2) {
7725 memcpy(uuid, bluetooth_base_uuid, 16);
7726 uuid[13] = eir[i + 3];
7727 uuid[12] = eir[i + 2];
7728 if (has_uuid(uuid, uuid_count, uuids))
7729 return true;
7730 }
7731 break;
7732 case EIR_UUID32_ALL:
7733 case EIR_UUID32_SOME:
7734 for (i = 0; i + 5 <= field_len; i += 4) {
7735 memcpy(uuid, bluetooth_base_uuid, 16);
7736 uuid[15] = eir[i + 5];
7737 uuid[14] = eir[i + 4];
7738 uuid[13] = eir[i + 3];
7739 uuid[12] = eir[i + 2];
7740 if (has_uuid(uuid, uuid_count, uuids))
7741 return true;
7742 }
7743 break;
7744 case EIR_UUID128_ALL:
7745 case EIR_UUID128_SOME:
7746 for (i = 0; i + 17 <= field_len; i += 16) {
7747 memcpy(uuid, eir + i + 2, 16);
7748 if (has_uuid(uuid, uuid_count, uuids))
7749 return true;
7750 }
7751 break;
7752 }
7753
7754 parsed += field_len + 1;
7755 eir += field_len + 1;
7756 }
7757
7758 return false;
7759}
7760
7761static void restart_le_scan(struct hci_dev *hdev)
7762{
7763 /* If controller is not scanning we are done. */
7764 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7765 return;
7766
7767 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7768 hdev->discovery.scan_start +
7769 hdev->discovery.scan_duration))
7770 return;
7771
7772 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7773 DISCOV_LE_RESTART_DELAY);
7774}
7775
7776static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7777 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7778{
7779 /* If a RSSI threshold has been specified, and
7780 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7781 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7782 * is set, let it through for further processing, as we might need to
7783 * restart the scan.
7784 *
7785 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7786 * the results are also dropped.
7787 */
7788 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7789 (rssi == HCI_RSSI_INVALID ||
7790 (rssi < hdev->discovery.rssi &&
7791 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7792 return false;
7793
7794 if (hdev->discovery.uuid_count != 0) {
7795 /* If a list of UUIDs is provided in filter, results with no
7796 * matching UUID should be dropped.
7797 */
7798 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7799 hdev->discovery.uuids) &&
7800 !eir_has_uuids(scan_rsp, scan_rsp_len,
7801 hdev->discovery.uuid_count,
7802 hdev->discovery.uuids))
7803 return false;
7804 }
7805
7806 /* If duplicate filtering does not report RSSI changes, then restart
7807 * scanning to ensure updated result with updated RSSI values.
7808 */
7809 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7810 restart_le_scan(hdev);
7811
7812 /* Validate RSSI value against the RSSI threshold once more. */
7813 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7814 rssi < hdev->discovery.rssi)
7815 return false;
7816 }
7817
7818 return true;
7819}
7820
7821void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7822 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7823 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7824{
7825 char buf[512];
7826 struct mgmt_ev_device_found *ev = (void *)buf;
7827 size_t ev_size;
7828
7829 /* Don't send events for a non-kernel initiated discovery. With
7830 * LE one exception is if we have pend_le_reports > 0 in which
7831 * case we're doing passive scanning and want these events.
7832 */
7833 if (!hci_discovery_active(hdev)) {
7834 if (link_type == ACL_LINK)
7835 return;
7836 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7837 return;
7838 }
7839
7840 if (hdev->discovery.result_filtering) {
7841 /* We are using service discovery */
7842 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7843 scan_rsp_len))
7844 return;
7845 }
7846
7847 if (hdev->discovery.limited) {
7848 /* Check for limited discoverable bit */
7849 if (dev_class) {
7850 if (!(dev_class[1] & 0x20))
7851 return;
7852 } else {
7853 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7854 if (!flags || !(flags[0] & LE_AD_LIMITED))
7855 return;
7856 }
7857 }
7858
7859 /* Make sure that the buffer is big enough. The 5 extra bytes
7860 * are for the potential CoD field.
7861 */
7862 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7863 return;
7864
7865 memset(buf, 0, sizeof(buf));
7866
7867 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7868 * RSSI value was reported as 0 when not available. This behavior
7869 * is kept when using device discovery. This is required for full
7870 * backwards compatibility with the API.
7871 *
7872 * However when using service discovery, the value 127 will be
7873 * returned when the RSSI is not available.
7874 */
7875 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7876 link_type == ACL_LINK)
7877 rssi = 0;
7878
7879 bacpy(&ev->addr.bdaddr, bdaddr);
7880 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7881 ev->rssi = rssi;
7882 ev->flags = cpu_to_le32(flags);
7883
7884 if (eir_len > 0)
7885 /* Copy EIR or advertising data into event */
7886 memcpy(ev->eir, eir, eir_len);
7887
7888 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7889 NULL))
7890 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7891 dev_class, 3);
7892
7893 if (scan_rsp_len > 0)
7894 /* Append scan response data to event */
7895 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7896
7897 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7898 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7899
7900 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7901}
7902
7903void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7904 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7905{
7906 struct mgmt_ev_device_found *ev;
7907 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7908 u16 eir_len;
7909
7910 ev = (struct mgmt_ev_device_found *) buf;
7911
7912 memset(buf, 0, sizeof(buf));
7913
7914 bacpy(&ev->addr.bdaddr, bdaddr);
7915 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7916 ev->rssi = rssi;
7917
7918 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7919 name_len);
7920
7921 ev->eir_len = cpu_to_le16(eir_len);
7922
7923 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7924}
7925
7926void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7927{
7928 struct mgmt_ev_discovering ev;
7929
7930 BT_DBG("%s discovering %u", hdev->name, discovering);
7931
7932 memset(&ev, 0, sizeof(ev));
7933 ev.type = hdev->discovery.type;
7934 ev.discovering = discovering;
7935
7936 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7937}
7938
7939static struct hci_mgmt_chan chan = {
7940 .channel = HCI_CHANNEL_CONTROL,
7941 .handler_count = ARRAY_SIZE(mgmt_handlers),
7942 .handlers = mgmt_handlers,
7943 .hdev_init = mgmt_init_hdev,
7944};
7945
7946int mgmt_init(void)
7947{
7948 return hci_mgmt_chan_register(&chan);
7949}
7950
7951void mgmt_exit(void)
7952{
7953 hci_mgmt_chan_unregister(&chan);
7954}
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 14
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147};
148
149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170};
171
172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177/* HCI to MGMT error code conversion table */
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255}
256
257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269}
270
271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298}
299
300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302{
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350}
351
352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354{
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410}
411
412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470}
471
472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
488 count++;
489 }
490
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) {
494 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM;
496 }
497
498 count = 0;
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 continue;
504
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
507 */
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 continue;
510
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
514 else
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
518 } else {
519 continue;
520 }
521
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
525 }
526
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529
530 read_unlock(&hci_dev_list_lock);
531
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
535 */
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
542
543 kfree(rp);
544
545 return err;
546}
547
548static bool is_configured(struct hci_dev *hdev)
549{
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 return false;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559}
560
561static __le32 get_missing_options(struct hci_dev *hdev)
562{
563 u32 options = 0;
564
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582}
583
584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590}
591
592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618}
619
620static u32 get_supported_settings(struct hci_dev *hdev)
621{
622 u32 settings = 0;
623
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
629
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
635
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
639 }
640
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
643 }
644
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
651 }
652
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
654 hdev->set_bdaddr)
655 settings |= MGMT_SETTING_CONFIGURATION;
656
657 return settings;
658}
659
660static u32 get_current_settings(struct hci_dev *hdev)
661{
662 u32 settings = 0;
663
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
666
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
669
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
672
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
675
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
678
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
681
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
684
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
687
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
690
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
693
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
696
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
699
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
702
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
705
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
709 *
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
713 *
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
716 * be evaluated.
717 */
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 }
724
725 return settings;
726}
727
728static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
729{
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
731}
732
733static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
735 const void *data)
736{
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
738}
739
740u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
741{
742 struct mgmt_pending_cmd *cmd;
743
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
746 */
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
748 if (cmd) {
749 struct mgmt_mode *cp = cmd->param;
750 if (cp->val == 0x01)
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
754 } else {
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
759 }
760
761 return 0;
762}
763
764bool mgmt_get_connectable(struct hci_dev *hdev)
765{
766 struct mgmt_pending_cmd *cmd;
767
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
770 */
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
772 if (cmd) {
773 struct mgmt_mode *cp = cmd->param;
774
775 return cp->val;
776 }
777
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
779}
780
781static void service_cache_off(struct work_struct *work)
782{
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
784 service_cache.work);
785 struct hci_request req;
786
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
788 return;
789
790 hci_req_init(&req, hdev);
791
792 hci_dev_lock(hdev);
793
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
796
797 hci_dev_unlock(hdev);
798
799 hci_req_run(&req, NULL);
800}
801
802static void rpa_expired(struct work_struct *work)
803{
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
805 rpa_expired.work);
806 struct hci_request req;
807
808 BT_DBG("");
809
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
811
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
813 return;
814
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
817 * function.
818 */
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
822}
823
824static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
825{
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
827 return;
828
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
831
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
835 * it
836 */
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
838}
839
840static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
842{
843 struct mgmt_rp_read_info rp;
844
845 BT_DBG("sock %p %s", sk, hdev->name);
846
847 hci_dev_lock(hdev);
848
849 memset(&rp, 0, sizeof(rp));
850
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
852
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
855
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
858
859 memcpy(rp.dev_class, hdev->dev_class, 3);
860
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
863
864 hci_dev_unlock(hdev);
865
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
867 sizeof(rp));
868}
869
870static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
871{
872 u16 eir_len = 0;
873 size_t name_len;
874
875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
877 hdev->dev_class, 3);
878
879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
881 hdev->appearance);
882
883 name_len = strlen(hdev->dev_name);
884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
885 hdev->dev_name, name_len);
886
887 name_len = strlen(hdev->short_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
889 hdev->short_name, name_len);
890
891 return eir_len;
892}
893
894static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
895 void *data, u16 data_len)
896{
897 char buf[512];
898 struct mgmt_rp_read_ext_info *rp = (void *)buf;
899 u16 eir_len;
900
901 BT_DBG("sock %p %s", sk, hdev->name);
902
903 memset(&buf, 0, sizeof(buf));
904
905 hci_dev_lock(hdev);
906
907 bacpy(&rp->bdaddr, &hdev->bdaddr);
908
909 rp->version = hdev->hci_ver;
910 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
911
912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
913 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
914
915
916 eir_len = append_eir_data_to_buf(hdev, rp->eir);
917 rp->eir_len = cpu_to_le16(eir_len);
918
919 hci_dev_unlock(hdev);
920
921 /* If this command is called at least once, then the events
922 * for class of device and local name changes are disabled
923 * and only the new extended controller information event
924 * is used.
925 */
926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
929
930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
931 sizeof(*rp) + eir_len);
932}
933
934static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
935{
936 char buf[512];
937 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
938 u16 eir_len;
939
940 memset(buf, 0, sizeof(buf));
941
942 eir_len = append_eir_data_to_buf(hdev, ev->eir);
943 ev->eir_len = cpu_to_le16(eir_len);
944
945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
946 sizeof(*ev) + eir_len,
947 HCI_MGMT_EXT_INFO_EVENTS, skip);
948}
949
950static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
951{
952 __le32 settings = cpu_to_le32(get_current_settings(hdev));
953
954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
955 sizeof(settings));
956}
957
958static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
959{
960 BT_DBG("%s status 0x%02x", hdev->name, status);
961
962 if (hci_conn_count(hdev) == 0) {
963 cancel_delayed_work(&hdev->power_off);
964 queue_work(hdev->req_workqueue, &hdev->power_off.work);
965 }
966}
967
968void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
969{
970 struct mgmt_ev_advertising_added ev;
971
972 ev.instance = instance;
973
974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
975}
976
977void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
978 u8 instance)
979{
980 struct mgmt_ev_advertising_removed ev;
981
982 ev.instance = instance;
983
984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
985}
986
987static void cancel_adv_timeout(struct hci_dev *hdev)
988{
989 if (hdev->adv_instance_timeout) {
990 hdev->adv_instance_timeout = 0;
991 cancel_delayed_work(&hdev->adv_instance_expire);
992 }
993}
994
995static int clean_up_hci_state(struct hci_dev *hdev)
996{
997 struct hci_request req;
998 struct hci_conn *conn;
999 bool discov_stopped;
1000 int err;
1001
1002 hci_req_init(&req, hdev);
1003
1004 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1005 test_bit(HCI_PSCAN, &hdev->flags)) {
1006 u8 scan = 0x00;
1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 }
1009
1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1011
1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1013 __hci_req_disable_advertising(&req);
1014
1015 discov_stopped = hci_req_stop_discovery(&req);
1016
1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1018 /* 0x15 == Terminated due to Power Off */
1019 __hci_abort_conn(&req, conn, 0x15);
1020 }
1021
1022 err = hci_req_run(&req, clean_up_hci_complete);
1023 if (!err && discov_stopped)
1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1025
1026 return err;
1027}
1028
1029static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1030 u16 len)
1031{
1032 struct mgmt_mode *cp = data;
1033 struct mgmt_pending_cmd *cmd;
1034 int err;
1035
1036 BT_DBG("request for %s", hdev->name);
1037
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
1042 hci_dev_lock(hdev);
1043
1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 MGMT_STATUS_BUSY);
1047 goto failed;
1048 }
1049
1050 if (!!cp->val == hdev_is_powered(hdev)) {
1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1052 goto failed;
1053 }
1054
1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1056 if (!cmd) {
1057 err = -ENOMEM;
1058 goto failed;
1059 }
1060
1061 if (cp->val) {
1062 queue_work(hdev->req_workqueue, &hdev->power_on);
1063 err = 0;
1064 } else {
1065 /* Disconnect connections, stop scans, etc */
1066 err = clean_up_hci_state(hdev);
1067 if (!err)
1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1069 HCI_POWER_OFF_TIMEOUT);
1070
1071 /* ENODATA means there were no HCI commands queued */
1072 if (err == -ENODATA) {
1073 cancel_delayed_work(&hdev->power_off);
1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1075 err = 0;
1076 }
1077 }
1078
1079failed:
1080 hci_dev_unlock(hdev);
1081 return err;
1082}
1083
1084static int new_settings(struct hci_dev *hdev, struct sock *skip)
1085{
1086 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1087
1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1090}
1091
1092int mgmt_new_settings(struct hci_dev *hdev)
1093{
1094 return new_settings(hdev, NULL);
1095}
1096
1097struct cmd_lookup {
1098 struct sock *sk;
1099 struct hci_dev *hdev;
1100 u8 mgmt_status;
1101};
1102
1103static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1104{
1105 struct cmd_lookup *match = data;
1106
1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1108
1109 list_del(&cmd->list);
1110
1111 if (match->sk == NULL) {
1112 match->sk = cmd->sk;
1113 sock_hold(match->sk);
1114 }
1115
1116 mgmt_pending_free(cmd);
1117}
1118
1119static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1120{
1121 u8 *status = data;
1122
1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1124 mgmt_pending_remove(cmd);
1125}
1126
1127static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1128{
1129 if (cmd->cmd_complete) {
1130 u8 *status = data;
1131
1132 cmd->cmd_complete(cmd, *status);
1133 mgmt_pending_remove(cmd);
1134
1135 return;
1136 }
1137
1138 cmd_status_rsp(cmd, data);
1139}
1140
1141static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1142{
1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1144 cmd->param, cmd->param_len);
1145}
1146
1147static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1148{
1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1150 cmd->param, sizeof(struct mgmt_addr_info));
1151}
1152
1153static u8 mgmt_bredr_support(struct hci_dev *hdev)
1154{
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1158 return MGMT_STATUS_REJECTED;
1159 else
1160 return MGMT_STATUS_SUCCESS;
1161}
1162
1163static u8 mgmt_le_support(struct hci_dev *hdev)
1164{
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1168 return MGMT_STATUS_REJECTED;
1169 else
1170 return MGMT_STATUS_SUCCESS;
1171}
1172
1173void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1174{
1175 struct mgmt_pending_cmd *cmd;
1176
1177 BT_DBG("status 0x%02x", status);
1178
1179 hci_dev_lock(hdev);
1180
1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1182 if (!cmd)
1183 goto unlock;
1184
1185 if (status) {
1186 u8 mgmt_err = mgmt_status(status);
1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1189 goto remove_cmd;
1190 }
1191
1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1193 hdev->discov_timeout > 0) {
1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1196 }
1197
1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1199 new_settings(hdev, cmd->sk);
1200
1201remove_cmd:
1202 mgmt_pending_remove(cmd);
1203
1204unlock:
1205 hci_dev_unlock(hdev);
1206}
1207
1208static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1209 u16 len)
1210{
1211 struct mgmt_cp_set_discoverable *cp = data;
1212 struct mgmt_pending_cmd *cmd;
1213 u16 timeout;
1214 int err;
1215
1216 BT_DBG("request for %s", hdev->name);
1217
1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_REJECTED);
1222
1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_INVALID_PARAMS);
1226
1227 timeout = __le16_to_cpu(cp->timeout);
1228
1229 /* Disabling discoverable requires that no timeout is set,
1230 * and enabling limited discoverable requires a timeout.
1231 */
1232 if ((cp->val == 0x00 && timeout > 0) ||
1233 (cp->val == 0x02 && timeout == 0))
1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1235 MGMT_STATUS_INVALID_PARAMS);
1236
1237 hci_dev_lock(hdev);
1238
1239 if (!hdev_is_powered(hdev) && timeout > 0) {
1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1241 MGMT_STATUS_NOT_POWERED);
1242 goto failed;
1243 }
1244
1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1248 MGMT_STATUS_BUSY);
1249 goto failed;
1250 }
1251
1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1254 MGMT_STATUS_REJECTED);
1255 goto failed;
1256 }
1257
1258 if (!hdev_is_powered(hdev)) {
1259 bool changed = false;
1260
1261 /* Setting limited discoverable when powered off is
1262 * not a valid operation since it requires a timeout
1263 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1264 */
1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1267 changed = true;
1268 }
1269
1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1271 if (err < 0)
1272 goto failed;
1273
1274 if (changed)
1275 err = new_settings(hdev, sk);
1276
1277 goto failed;
1278 }
1279
1280 /* If the current mode is the same, then just update the timeout
1281 * value with the new value. And if only the timeout gets updated,
1282 * then no need for any HCI transactions.
1283 */
1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1285 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1286 HCI_LIMITED_DISCOVERABLE)) {
1287 cancel_delayed_work(&hdev->discov_off);
1288 hdev->discov_timeout = timeout;
1289
1290 if (cp->val && hdev->discov_timeout > 0) {
1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1292 queue_delayed_work(hdev->req_workqueue,
1293 &hdev->discov_off, to);
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1301 if (!cmd) {
1302 err = -ENOMEM;
1303 goto failed;
1304 }
1305
1306 /* Cancel any potential discoverable timeout that might be
1307 * still active and store new timeout value. The arming of
1308 * the timeout happens in the complete handler.
1309 */
1310 cancel_delayed_work(&hdev->discov_off);
1311 hdev->discov_timeout = timeout;
1312
1313 if (cp->val)
1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1315 else
1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1317
1318 /* Limited discoverable mode */
1319 if (cp->val == 0x02)
1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1321 else
1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1323
1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1325 err = 0;
1326
1327failed:
1328 hci_dev_unlock(hdev);
1329 return err;
1330}
1331
1332void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1333{
1334 struct mgmt_pending_cmd *cmd;
1335
1336 BT_DBG("status 0x%02x", status);
1337
1338 hci_dev_lock(hdev);
1339
1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1341 if (!cmd)
1342 goto unlock;
1343
1344 if (status) {
1345 u8 mgmt_err = mgmt_status(status);
1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1347 goto remove_cmd;
1348 }
1349
1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1351 new_settings(hdev, cmd->sk);
1352
1353remove_cmd:
1354 mgmt_pending_remove(cmd);
1355
1356unlock:
1357 hci_dev_unlock(hdev);
1358}
1359
1360static int set_connectable_update_settings(struct hci_dev *hdev,
1361 struct sock *sk, u8 val)
1362{
1363 bool changed = false;
1364 int err;
1365
1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1367 changed = true;
1368
1369 if (val) {
1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1371 } else {
1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1374 }
1375
1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1377 if (err < 0)
1378 return err;
1379
1380 if (changed) {
1381 hci_req_update_scan(hdev);
1382 hci_update_background_scan(hdev);
1383 return new_settings(hdev, sk);
1384 }
1385
1386 return 0;
1387}
1388
1389static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1390 u16 len)
1391{
1392 struct mgmt_mode *cp = data;
1393 struct mgmt_pending_cmd *cmd;
1394 int err;
1395
1396 BT_DBG("request for %s", hdev->name);
1397
1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_REJECTED);
1402
1403 if (cp->val != 0x00 && cp->val != 0x01)
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_INVALID_PARAMS);
1406
1407 hci_dev_lock(hdev);
1408
1409 if (!hdev_is_powered(hdev)) {
1410 err = set_connectable_update_settings(hdev, sk, cp->val);
1411 goto failed;
1412 }
1413
1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1417 MGMT_STATUS_BUSY);
1418 goto failed;
1419 }
1420
1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1422 if (!cmd) {
1423 err = -ENOMEM;
1424 goto failed;
1425 }
1426
1427 if (cp->val) {
1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1429 } else {
1430 if (hdev->discov_timeout > 0)
1431 cancel_delayed_work(&hdev->discov_off);
1432
1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1436 }
1437
1438 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1439 err = 0;
1440
1441failed:
1442 hci_dev_unlock(hdev);
1443 return err;
1444}
1445
1446static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1447 u16 len)
1448{
1449 struct mgmt_mode *cp = data;
1450 bool changed;
1451 int err;
1452
1453 BT_DBG("request for %s", hdev->name);
1454
1455 if (cp->val != 0x00 && cp->val != 0x01)
1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1457 MGMT_STATUS_INVALID_PARAMS);
1458
1459 hci_dev_lock(hdev);
1460
1461 if (cp->val)
1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1463 else
1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1465
1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1467 if (err < 0)
1468 goto unlock;
1469
1470 if (changed) {
1471 /* In limited privacy mode the change of bondable mode
1472 * may affect the local advertising address.
1473 */
1474 if (hdev_is_powered(hdev) &&
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1478 queue_work(hdev->req_workqueue,
1479 &hdev->discoverable_update);
1480
1481 err = new_settings(hdev, sk);
1482 }
1483
1484unlock:
1485 hci_dev_unlock(hdev);
1486 return err;
1487}
1488
1489static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1490 u16 len)
1491{
1492 struct mgmt_mode *cp = data;
1493 struct mgmt_pending_cmd *cmd;
1494 u8 val, status;
1495 int err;
1496
1497 BT_DBG("request for %s", hdev->name);
1498
1499 status = mgmt_bredr_support(hdev);
1500 if (status)
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1502 status);
1503
1504 if (cp->val != 0x00 && cp->val != 0x01)
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1506 MGMT_STATUS_INVALID_PARAMS);
1507
1508 hci_dev_lock(hdev);
1509
1510 if (!hdev_is_powered(hdev)) {
1511 bool changed = false;
1512
1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1515 changed = true;
1516 }
1517
1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1519 if (err < 0)
1520 goto failed;
1521
1522 if (changed)
1523 err = new_settings(hdev, sk);
1524
1525 goto failed;
1526 }
1527
1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1530 MGMT_STATUS_BUSY);
1531 goto failed;
1532 }
1533
1534 val = !!cp->val;
1535
1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1538 goto failed;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1542 if (!cmd) {
1543 err = -ENOMEM;
1544 goto failed;
1545 }
1546
1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1548 if (err < 0) {
1549 mgmt_pending_remove(cmd);
1550 goto failed;
1551 }
1552
1553failed:
1554 hci_dev_unlock(hdev);
1555 return err;
1556}
1557
1558static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1559{
1560 struct mgmt_mode *cp = data;
1561 struct mgmt_pending_cmd *cmd;
1562 u8 status;
1563 int err;
1564
1565 BT_DBG("request for %s", hdev->name);
1566
1567 status = mgmt_bredr_support(hdev);
1568 if (status)
1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1570
1571 if (!lmp_ssp_capable(hdev))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_NOT_SUPPORTED);
1574
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_INVALID_PARAMS);
1578
1579 hci_dev_lock(hdev);
1580
1581 if (!hdev_is_powered(hdev)) {
1582 bool changed;
1583
1584 if (cp->val) {
1585 changed = !hci_dev_test_and_set_flag(hdev,
1586 HCI_SSP_ENABLED);
1587 } else {
1588 changed = hci_dev_test_and_clear_flag(hdev,
1589 HCI_SSP_ENABLED);
1590 if (!changed)
1591 changed = hci_dev_test_and_clear_flag(hdev,
1592 HCI_HS_ENABLED);
1593 else
1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1595 }
1596
1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1598 if (err < 0)
1599 goto failed;
1600
1601 if (changed)
1602 err = new_settings(hdev, sk);
1603
1604 goto failed;
1605 }
1606
1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1609 MGMT_STATUS_BUSY);
1610 goto failed;
1611 }
1612
1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1615 goto failed;
1616 }
1617
1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1619 if (!cmd) {
1620 err = -ENOMEM;
1621 goto failed;
1622 }
1623
1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1626 sizeof(cp->val), &cp->val);
1627
1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1629 if (err < 0) {
1630 mgmt_pending_remove(cmd);
1631 goto failed;
1632 }
1633
1634failed:
1635 hci_dev_unlock(hdev);
1636 return err;
1637}
1638
1639static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1640{
1641 struct mgmt_mode *cp = data;
1642 bool changed;
1643 u8 status;
1644 int err;
1645
1646 BT_DBG("request for %s", hdev->name);
1647
1648 status = mgmt_bredr_support(hdev);
1649 if (status)
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1651
1652 if (!lmp_ssp_capable(hdev))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1655
1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_REJECTED);
1659
1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_INVALID_PARAMS);
1663
1664 hci_dev_lock(hdev);
1665
1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1668 MGMT_STATUS_BUSY);
1669 goto unlock;
1670 }
1671
1672 if (cp->val) {
1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1674 } else {
1675 if (hdev_is_powered(hdev)) {
1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1677 MGMT_STATUS_REJECTED);
1678 goto unlock;
1679 }
1680
1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1682 }
1683
1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1685 if (err < 0)
1686 goto unlock;
1687
1688 if (changed)
1689 err = new_settings(hdev, sk);
1690
1691unlock:
1692 hci_dev_unlock(hdev);
1693 return err;
1694}
1695
1696static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1697{
1698 struct cmd_lookup match = { NULL, hdev };
1699
1700 hci_dev_lock(hdev);
1701
1702 if (status) {
1703 u8 mgmt_err = mgmt_status(status);
1704
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1706 &mgmt_err);
1707 goto unlock;
1708 }
1709
1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1711
1712 new_settings(hdev, match.sk);
1713
1714 if (match.sk)
1715 sock_put(match.sk);
1716
1717 /* Make sure the controller has a good default for
1718 * advertising data. Restrict the update to when LE
1719 * has actually been enabled. During power on, the
1720 * update in powered_update_hci will take care of it.
1721 */
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req;
1724
1725 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00);
1727 __hci_req_update_scan_rsp_data(&req, 0x00);
1728 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev);
1730 }
1731
1732unlock:
1733 hci_dev_unlock(hdev);
1734}
1735
1736static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1737{
1738 struct mgmt_mode *cp = data;
1739 struct hci_cp_write_le_host_supported hci_cp;
1740 struct mgmt_pending_cmd *cmd;
1741 struct hci_request req;
1742 int err;
1743 u8 val, enabled;
1744
1745 BT_DBG("request for %s", hdev->name);
1746
1747 if (!lmp_le_capable(hdev))
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_NOT_SUPPORTED);
1750
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1753 MGMT_STATUS_INVALID_PARAMS);
1754
1755 /* Bluetooth single mode LE only controllers or dual-mode
1756 * controllers configured as LE only devices, do not allow
1757 * switching LE off. These have either LE enabled explicitly
1758 * or BR/EDR has been previously switched off.
1759 *
1760 * When trying to enable an already enabled LE, then gracefully
1761 * send a positive response. Trying to disable it however will
1762 * result into rejection.
1763 */
1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1765 if (cp->val == 0x01)
1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1767
1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1769 MGMT_STATUS_REJECTED);
1770 }
1771
1772 hci_dev_lock(hdev);
1773
1774 val = !!cp->val;
1775 enabled = lmp_host_le_capable(hdev);
1776
1777 if (!val)
1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1779
1780 if (!hdev_is_powered(hdev) || val == enabled) {
1781 bool changed = false;
1782
1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1785 changed = true;
1786 }
1787
1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1790 changed = true;
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1794 if (err < 0)
1795 goto unlock;
1796
1797 if (changed)
1798 err = new_settings(hdev, sk);
1799
1800 goto unlock;
1801 }
1802
1803 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1806 MGMT_STATUS_BUSY);
1807 goto unlock;
1808 }
1809
1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1811 if (!cmd) {
1812 err = -ENOMEM;
1813 goto unlock;
1814 }
1815
1816 hci_req_init(&req, hdev);
1817
1818 memset(&hci_cp, 0, sizeof(hci_cp));
1819
1820 if (val) {
1821 hci_cp.le = val;
1822 hci_cp.simul = 0x00;
1823 } else {
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req);
1826 }
1827
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1829 &hci_cp);
1830
1831 err = hci_req_run(&req, le_enable_complete);
1832 if (err < 0)
1833 mgmt_pending_remove(cmd);
1834
1835unlock:
1836 hci_dev_unlock(hdev);
1837 return err;
1838}
1839
1840/* This is a helper function to test for pending mgmt commands that can
1841 * cause CoD or EIR HCI commands. We can only allow one such pending
1842 * mgmt command at a time since otherwise we cannot easily track what
1843 * the current values are, will be, and based on that calculate if a new
1844 * HCI command needs to be sent and if yes with what value.
1845 */
1846static bool pending_eir_or_class(struct hci_dev *hdev)
1847{
1848 struct mgmt_pending_cmd *cmd;
1849
1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1851 switch (cmd->opcode) {
1852 case MGMT_OP_ADD_UUID:
1853 case MGMT_OP_REMOVE_UUID:
1854 case MGMT_OP_SET_DEV_CLASS:
1855 case MGMT_OP_SET_POWERED:
1856 return true;
1857 }
1858 }
1859
1860 return false;
1861}
1862
1863static const u8 bluetooth_base_uuid[] = {
1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1866};
1867
1868static u8 get_uuid_size(const u8 *uuid)
1869{
1870 u32 val;
1871
1872 if (memcmp(uuid, bluetooth_base_uuid, 12))
1873 return 128;
1874
1875 val = get_unaligned_le32(&uuid[12]);
1876 if (val > 0xffff)
1877 return 32;
1878
1879 return 16;
1880}
1881
1882static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1883{
1884 struct mgmt_pending_cmd *cmd;
1885
1886 hci_dev_lock(hdev);
1887
1888 cmd = pending_find(mgmt_op, hdev);
1889 if (!cmd)
1890 goto unlock;
1891
1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1893 mgmt_status(status), hdev->dev_class, 3);
1894
1895 mgmt_pending_remove(cmd);
1896
1897unlock:
1898 hci_dev_unlock(hdev);
1899}
1900
1901static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1902{
1903 BT_DBG("status 0x%02x", status);
1904
1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1906}
1907
1908static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1909{
1910 struct mgmt_cp_add_uuid *cp = data;
1911 struct mgmt_pending_cmd *cmd;
1912 struct hci_request req;
1913 struct bt_uuid *uuid;
1914 int err;
1915
1916 BT_DBG("request for %s", hdev->name);
1917
1918 hci_dev_lock(hdev);
1919
1920 if (pending_eir_or_class(hdev)) {
1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1922 MGMT_STATUS_BUSY);
1923 goto failed;
1924 }
1925
1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1927 if (!uuid) {
1928 err = -ENOMEM;
1929 goto failed;
1930 }
1931
1932 memcpy(uuid->uuid, cp->uuid, 16);
1933 uuid->svc_hint = cp->svc_hint;
1934 uuid->size = get_uuid_size(cp->uuid);
1935
1936 list_add_tail(&uuid->list, &hdev->uuids);
1937
1938 hci_req_init(&req, hdev);
1939
1940 __hci_req_update_class(&req);
1941 __hci_req_update_eir(&req);
1942
1943 err = hci_req_run(&req, add_uuid_complete);
1944 if (err < 0) {
1945 if (err != -ENODATA)
1946 goto failed;
1947
1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1949 hdev->dev_class, 3);
1950 goto failed;
1951 }
1952
1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1954 if (!cmd) {
1955 err = -ENOMEM;
1956 goto failed;
1957 }
1958
1959 err = 0;
1960
1961failed:
1962 hci_dev_unlock(hdev);
1963 return err;
1964}
1965
1966static bool enable_service_cache(struct hci_dev *hdev)
1967{
1968 if (!hdev_is_powered(hdev))
1969 return false;
1970
1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1973 CACHE_TIMEOUT);
1974 return true;
1975 }
1976
1977 return false;
1978}
1979
1980static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1981{
1982 BT_DBG("status 0x%02x", status);
1983
1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1985}
1986
1987static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1988 u16 len)
1989{
1990 struct mgmt_cp_remove_uuid *cp = data;
1991 struct mgmt_pending_cmd *cmd;
1992 struct bt_uuid *match, *tmp;
1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1994 struct hci_request req;
1995 int err, found;
1996
1997 BT_DBG("request for %s", hdev->name);
1998
1999 hci_dev_lock(hdev);
2000
2001 if (pending_eir_or_class(hdev)) {
2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2003 MGMT_STATUS_BUSY);
2004 goto unlock;
2005 }
2006
2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2008 hci_uuids_clear(hdev);
2009
2010 if (enable_service_cache(hdev)) {
2011 err = mgmt_cmd_complete(sk, hdev->id,
2012 MGMT_OP_REMOVE_UUID,
2013 0, hdev->dev_class, 3);
2014 goto unlock;
2015 }
2016
2017 goto update_class;
2018 }
2019
2020 found = 0;
2021
2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2023 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2024 continue;
2025
2026 list_del(&match->list);
2027 kfree(match);
2028 found++;
2029 }
2030
2031 if (found == 0) {
2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2033 MGMT_STATUS_INVALID_PARAMS);
2034 goto unlock;
2035 }
2036
2037update_class:
2038 hci_req_init(&req, hdev);
2039
2040 __hci_req_update_class(&req);
2041 __hci_req_update_eir(&req);
2042
2043 err = hci_req_run(&req, remove_uuid_complete);
2044 if (err < 0) {
2045 if (err != -ENODATA)
2046 goto unlock;
2047
2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2049 hdev->dev_class, 3);
2050 goto unlock;
2051 }
2052
2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2054 if (!cmd) {
2055 err = -ENOMEM;
2056 goto unlock;
2057 }
2058
2059 err = 0;
2060
2061unlock:
2062 hci_dev_unlock(hdev);
2063 return err;
2064}
2065
2066static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2067{
2068 BT_DBG("status 0x%02x", status);
2069
2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2071}
2072
2073static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2074 u16 len)
2075{
2076 struct mgmt_cp_set_dev_class *cp = data;
2077 struct mgmt_pending_cmd *cmd;
2078 struct hci_request req;
2079 int err;
2080
2081 BT_DBG("request for %s", hdev->name);
2082
2083 if (!lmp_bredr_capable(hdev))
2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 hci_dev_lock(hdev);
2088
2089 if (pending_eir_or_class(hdev)) {
2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2091 MGMT_STATUS_BUSY);
2092 goto unlock;
2093 }
2094
2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2097 MGMT_STATUS_INVALID_PARAMS);
2098 goto unlock;
2099 }
2100
2101 hdev->major_class = cp->major;
2102 hdev->minor_class = cp->minor;
2103
2104 if (!hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2106 hdev->dev_class, 3);
2107 goto unlock;
2108 }
2109
2110 hci_req_init(&req, hdev);
2111
2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2113 hci_dev_unlock(hdev);
2114 cancel_delayed_work_sync(&hdev->service_cache);
2115 hci_dev_lock(hdev);
2116 __hci_req_update_eir(&req);
2117 }
2118
2119 __hci_req_update_class(&req);
2120
2121 err = hci_req_run(&req, set_class_complete);
2122 if (err < 0) {
2123 if (err != -ENODATA)
2124 goto unlock;
2125
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2128 goto unlock;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto unlock;
2135 }
2136
2137 err = 0;
2138
2139unlock:
2140 hci_dev_unlock(hdev);
2141 return err;
2142}
2143
2144static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2145 u16 len)
2146{
2147 struct mgmt_cp_load_link_keys *cp = data;
2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2149 sizeof(struct mgmt_link_key_info));
2150 u16 key_count, expected_len;
2151 bool changed;
2152 int i;
2153
2154 BT_DBG("request for %s", hdev->name);
2155
2156 if (!lmp_bredr_capable(hdev))
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2159
2160 key_count = __le16_to_cpu(cp->key_count);
2161 if (key_count > max_key_count) {
2162 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2163 key_count);
2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2165 MGMT_STATUS_INVALID_PARAMS);
2166 }
2167
2168 expected_len = sizeof(*cp) + key_count *
2169 sizeof(struct mgmt_link_key_info);
2170 if (expected_len != len) {
2171 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2172 expected_len, len);
2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
2175 }
2176
2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_INVALID_PARAMS);
2180
2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2182 key_count);
2183
2184 for (i = 0; i < key_count; i++) {
2185 struct mgmt_link_key_info *key = &cp->keys[i];
2186
2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2188 return mgmt_cmd_status(sk, hdev->id,
2189 MGMT_OP_LOAD_LINK_KEYS,
2190 MGMT_STATUS_INVALID_PARAMS);
2191 }
2192
2193 hci_dev_lock(hdev);
2194
2195 hci_link_keys_clear(hdev);
2196
2197 if (cp->debug_keys)
2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2199 else
2200 changed = hci_dev_test_and_clear_flag(hdev,
2201 HCI_KEEP_DEBUG_KEYS);
2202
2203 if (changed)
2204 new_settings(hdev, NULL);
2205
2206 for (i = 0; i < key_count; i++) {
2207 struct mgmt_link_key_info *key = &cp->keys[i];
2208
2209 /* Always ignore debug keys and require a new pairing if
2210 * the user wants to use them.
2211 */
2212 if (key->type == HCI_LK_DEBUG_COMBINATION)
2213 continue;
2214
2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2216 key->type, key->pin_len, NULL);
2217 }
2218
2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2220
2221 hci_dev_unlock(hdev);
2222
2223 return 0;
2224}
2225
2226static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2227 u8 addr_type, struct sock *skip_sk)
2228{
2229 struct mgmt_ev_device_unpaired ev;
2230
2231 bacpy(&ev.addr.bdaddr, bdaddr);
2232 ev.addr.type = addr_type;
2233
2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2235 skip_sk);
2236}
2237
2238static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2239 u16 len)
2240{
2241 struct mgmt_cp_unpair_device *cp = data;
2242 struct mgmt_rp_unpair_device rp;
2243 struct hci_conn_params *params;
2244 struct mgmt_pending_cmd *cmd;
2245 struct hci_conn *conn;
2246 u8 addr_type;
2247 int err;
2248
2249 memset(&rp, 0, sizeof(rp));
2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2251 rp.addr.type = cp->addr.type;
2252
2253 if (!bdaddr_type_is_valid(cp->addr.type))
2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2256 &rp, sizeof(rp));
2257
2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2260 MGMT_STATUS_INVALID_PARAMS,
2261 &rp, sizeof(rp));
2262
2263 hci_dev_lock(hdev);
2264
2265 if (!hdev_is_powered(hdev)) {
2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2267 MGMT_STATUS_NOT_POWERED, &rp,
2268 sizeof(rp));
2269 goto unlock;
2270 }
2271
2272 if (cp->addr.type == BDADDR_BREDR) {
2273 /* If disconnection is requested, then look up the
2274 * connection. If the remote device is connected, it
2275 * will be later used to terminate the link.
2276 *
2277 * Setting it to NULL explicitly will cause no
2278 * termination of the link.
2279 */
2280 if (cp->disconnect)
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2282 &cp->addr.bdaddr);
2283 else
2284 conn = NULL;
2285
2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2287 if (err < 0) {
2288 err = mgmt_cmd_complete(sk, hdev->id,
2289 MGMT_OP_UNPAIR_DEVICE,
2290 MGMT_STATUS_NOT_PAIRED, &rp,
2291 sizeof(rp));
2292 goto unlock;
2293 }
2294
2295 goto done;
2296 }
2297
2298 /* LE address type */
2299 addr_type = le_addr_type(cp->addr.type);
2300
2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2302
2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2304 if (err < 0) {
2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2306 MGMT_STATUS_NOT_PAIRED, &rp,
2307 sizeof(rp));
2308 goto unlock;
2309 }
2310
2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2312 if (!conn) {
2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2314 goto done;
2315 }
2316
2317 /* Abort any ongoing SMP pairing */
2318 smp_cancel_pairing(conn);
2319
2320 /* Defer clearing up the connection parameters until closing to
2321 * give a chance of keeping them if a repairing happens.
2322 */
2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2324
2325 /* Disable auto-connection parameters if present */
2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2327 if (params) {
2328 if (params->explicit_connect)
2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2330 else
2331 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2332 }
2333
2334 /* If disconnection is not requested, then clear the connection
2335 * variable so that the link is not terminated.
2336 */
2337 if (!cp->disconnect)
2338 conn = NULL;
2339
2340done:
2341 /* If the connection variable is set, then termination of the
2342 * link is requested.
2343 */
2344 if (!conn) {
2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2346 &rp, sizeof(rp));
2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2348 goto unlock;
2349 }
2350
2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2352 sizeof(*cp));
2353 if (!cmd) {
2354 err = -ENOMEM;
2355 goto unlock;
2356 }
2357
2358 cmd->cmd_complete = addr_cmd_complete;
2359
2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2361 if (err < 0)
2362 mgmt_pending_remove(cmd);
2363
2364unlock:
2365 hci_dev_unlock(hdev);
2366 return err;
2367}
2368
2369static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2370 u16 len)
2371{
2372 struct mgmt_cp_disconnect *cp = data;
2373 struct mgmt_rp_disconnect rp;
2374 struct mgmt_pending_cmd *cmd;
2375 struct hci_conn *conn;
2376 int err;
2377
2378 BT_DBG("");
2379
2380 memset(&rp, 0, sizeof(rp));
2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2382 rp.addr.type = cp->addr.type;
2383
2384 if (!bdaddr_type_is_valid(cp->addr.type))
2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2386 MGMT_STATUS_INVALID_PARAMS,
2387 &rp, sizeof(rp));
2388
2389 hci_dev_lock(hdev);
2390
2391 if (!test_bit(HCI_UP, &hdev->flags)) {
2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2393 MGMT_STATUS_NOT_POWERED, &rp,
2394 sizeof(rp));
2395 goto failed;
2396 }
2397
2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2400 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2401 goto failed;
2402 }
2403
2404 if (cp->addr.type == BDADDR_BREDR)
2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2406 &cp->addr.bdaddr);
2407 else
2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2409 le_addr_type(cp->addr.type));
2410
2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2413 MGMT_STATUS_NOT_CONNECTED, &rp,
2414 sizeof(rp));
2415 goto failed;
2416 }
2417
2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2419 if (!cmd) {
2420 err = -ENOMEM;
2421 goto failed;
2422 }
2423
2424 cmd->cmd_complete = generic_cmd_complete;
2425
2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2427 if (err < 0)
2428 mgmt_pending_remove(cmd);
2429
2430failed:
2431 hci_dev_unlock(hdev);
2432 return err;
2433}
2434
2435static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2436{
2437 switch (link_type) {
2438 case LE_LINK:
2439 switch (addr_type) {
2440 case ADDR_LE_DEV_PUBLIC:
2441 return BDADDR_LE_PUBLIC;
2442
2443 default:
2444 /* Fallback to LE Random address type */
2445 return BDADDR_LE_RANDOM;
2446 }
2447
2448 default:
2449 /* Fallback to BR/EDR type */
2450 return BDADDR_BREDR;
2451 }
2452}
2453
2454static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2455 u16 data_len)
2456{
2457 struct mgmt_rp_get_connections *rp;
2458 struct hci_conn *c;
2459 size_t rp_len;
2460 int err;
2461 u16 i;
2462
2463 BT_DBG("");
2464
2465 hci_dev_lock(hdev);
2466
2467 if (!hdev_is_powered(hdev)) {
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2469 MGMT_STATUS_NOT_POWERED);
2470 goto unlock;
2471 }
2472
2473 i = 0;
2474 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2476 i++;
2477 }
2478
2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2480 rp = kmalloc(rp_len, GFP_KERNEL);
2481 if (!rp) {
2482 err = -ENOMEM;
2483 goto unlock;
2484 }
2485
2486 i = 0;
2487 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2489 continue;
2490 bacpy(&rp->addr[i].bdaddr, &c->dst);
2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2492 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2493 continue;
2494 i++;
2495 }
2496
2497 rp->conn_count = cpu_to_le16(i);
2498
2499 /* Recalculate length in case of filtered SCO connections, etc */
2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2501
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2503 rp_len);
2504
2505 kfree(rp);
2506
2507unlock:
2508 hci_dev_unlock(hdev);
2509 return err;
2510}
2511
2512static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2513 struct mgmt_cp_pin_code_neg_reply *cp)
2514{
2515 struct mgmt_pending_cmd *cmd;
2516 int err;
2517
2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2519 sizeof(*cp));
2520 if (!cmd)
2521 return -ENOMEM;
2522
2523 cmd->cmd_complete = addr_cmd_complete;
2524
2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2527 if (err < 0)
2528 mgmt_pending_remove(cmd);
2529
2530 return err;
2531}
2532
2533static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2534 u16 len)
2535{
2536 struct hci_conn *conn;
2537 struct mgmt_cp_pin_code_reply *cp = data;
2538 struct hci_cp_pin_code_reply reply;
2539 struct mgmt_pending_cmd *cmd;
2540 int err;
2541
2542 BT_DBG("");
2543
2544 hci_dev_lock(hdev);
2545
2546 if (!hdev_is_powered(hdev)) {
2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2548 MGMT_STATUS_NOT_POWERED);
2549 goto failed;
2550 }
2551
2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2553 if (!conn) {
2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2555 MGMT_STATUS_NOT_CONNECTED);
2556 goto failed;
2557 }
2558
2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2560 struct mgmt_cp_pin_code_neg_reply ncp;
2561
2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2563
2564 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2565
2566 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2567 if (err >= 0)
2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2569 MGMT_STATUS_INVALID_PARAMS);
2570
2571 goto failed;
2572 }
2573
2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2575 if (!cmd) {
2576 err = -ENOMEM;
2577 goto failed;
2578 }
2579
2580 cmd->cmd_complete = addr_cmd_complete;
2581
2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2583 reply.pin_len = cp->pin_len;
2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2585
2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2587 if (err < 0)
2588 mgmt_pending_remove(cmd);
2589
2590failed:
2591 hci_dev_unlock(hdev);
2592 return err;
2593}
2594
2595static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2596 u16 len)
2597{
2598 struct mgmt_cp_set_io_capability *cp = data;
2599
2600 BT_DBG("");
2601
2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2604 MGMT_STATUS_INVALID_PARAMS);
2605
2606 hci_dev_lock(hdev);
2607
2608 hdev->io_capability = cp->io_capability;
2609
2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2611 hdev->io_capability);
2612
2613 hci_dev_unlock(hdev);
2614
2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2616 NULL, 0);
2617}
2618
2619static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2620{
2621 struct hci_dev *hdev = conn->hdev;
2622 struct mgmt_pending_cmd *cmd;
2623
2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2626 continue;
2627
2628 if (cmd->user_data != conn)
2629 continue;
2630
2631 return cmd;
2632 }
2633
2634 return NULL;
2635}
2636
2637static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2638{
2639 struct mgmt_rp_pair_device rp;
2640 struct hci_conn *conn = cmd->user_data;
2641 int err;
2642
2643 bacpy(&rp.addr.bdaddr, &conn->dst);
2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2645
2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2647 status, &rp, sizeof(rp));
2648
2649 /* So we don't get further callbacks for this connection */
2650 conn->connect_cfm_cb = NULL;
2651 conn->security_cfm_cb = NULL;
2652 conn->disconn_cfm_cb = NULL;
2653
2654 hci_conn_drop(conn);
2655
2656 /* The device is paired so there is no need to remove
2657 * its connection parameters anymore.
2658 */
2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2660
2661 hci_conn_put(conn);
2662
2663 return err;
2664}
2665
2666void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2667{
2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2669 struct mgmt_pending_cmd *cmd;
2670
2671 cmd = find_pairing(conn);
2672 if (cmd) {
2673 cmd->cmd_complete(cmd, status);
2674 mgmt_pending_remove(cmd);
2675 }
2676}
2677
2678static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2679{
2680 struct mgmt_pending_cmd *cmd;
2681
2682 BT_DBG("status %u", status);
2683
2684 cmd = find_pairing(conn);
2685 if (!cmd) {
2686 BT_DBG("Unable to find a pending command");
2687 return;
2688 }
2689
2690 cmd->cmd_complete(cmd, mgmt_status(status));
2691 mgmt_pending_remove(cmd);
2692}
2693
2694static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2695{
2696 struct mgmt_pending_cmd *cmd;
2697
2698 BT_DBG("status %u", status);
2699
2700 if (!status)
2701 return;
2702
2703 cmd = find_pairing(conn);
2704 if (!cmd) {
2705 BT_DBG("Unable to find a pending command");
2706 return;
2707 }
2708
2709 cmd->cmd_complete(cmd, mgmt_status(status));
2710 mgmt_pending_remove(cmd);
2711}
2712
2713static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2714 u16 len)
2715{
2716 struct mgmt_cp_pair_device *cp = data;
2717 struct mgmt_rp_pair_device rp;
2718 struct mgmt_pending_cmd *cmd;
2719 u8 sec_level, auth_type;
2720 struct hci_conn *conn;
2721 int err;
2722
2723 BT_DBG("");
2724
2725 memset(&rp, 0, sizeof(rp));
2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2727 rp.addr.type = cp->addr.type;
2728
2729 if (!bdaddr_type_is_valid(cp->addr.type))
2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2731 MGMT_STATUS_INVALID_PARAMS,
2732 &rp, sizeof(rp));
2733
2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2737 &rp, sizeof(rp));
2738
2739 hci_dev_lock(hdev);
2740
2741 if (!hdev_is_powered(hdev)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2743 MGMT_STATUS_NOT_POWERED, &rp,
2744 sizeof(rp));
2745 goto unlock;
2746 }
2747
2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2750 MGMT_STATUS_ALREADY_PAIRED, &rp,
2751 sizeof(rp));
2752 goto unlock;
2753 }
2754
2755 sec_level = BT_SECURITY_MEDIUM;
2756 auth_type = HCI_AT_DEDICATED_BONDING;
2757
2758 if (cp->addr.type == BDADDR_BREDR) {
2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2760 auth_type);
2761 } else {
2762 u8 addr_type = le_addr_type(cp->addr.type);
2763 struct hci_conn_params *p;
2764
2765 /* When pairing a new device, it is expected to remember
2766 * this device for future connections. Adding the connection
2767 * parameter information ahead of time allows tracking
2768 * of the slave preferred values and will speed up any
2769 * further connection establishment.
2770 *
2771 * If connection parameters already exist, then they
2772 * will be kept and this function does nothing.
2773 */
2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2775
2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2777 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2778
2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2780 addr_type, sec_level,
2781 HCI_LE_CONN_TIMEOUT);
2782 }
2783
2784 if (IS_ERR(conn)) {
2785 int status;
2786
2787 if (PTR_ERR(conn) == -EBUSY)
2788 status = MGMT_STATUS_BUSY;
2789 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2790 status = MGMT_STATUS_NOT_SUPPORTED;
2791 else if (PTR_ERR(conn) == -ECONNREFUSED)
2792 status = MGMT_STATUS_REJECTED;
2793 else
2794 status = MGMT_STATUS_CONNECT_FAILED;
2795
2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2797 status, &rp, sizeof(rp));
2798 goto unlock;
2799 }
2800
2801 if (conn->connect_cfm_cb) {
2802 hci_conn_drop(conn);
2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2804 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2805 goto unlock;
2806 }
2807
2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2809 if (!cmd) {
2810 err = -ENOMEM;
2811 hci_conn_drop(conn);
2812 goto unlock;
2813 }
2814
2815 cmd->cmd_complete = pairing_complete;
2816
2817 /* For LE, just connecting isn't a proof that the pairing finished */
2818 if (cp->addr.type == BDADDR_BREDR) {
2819 conn->connect_cfm_cb = pairing_complete_cb;
2820 conn->security_cfm_cb = pairing_complete_cb;
2821 conn->disconn_cfm_cb = pairing_complete_cb;
2822 } else {
2823 conn->connect_cfm_cb = le_pairing_complete_cb;
2824 conn->security_cfm_cb = le_pairing_complete_cb;
2825 conn->disconn_cfm_cb = le_pairing_complete_cb;
2826 }
2827
2828 conn->io_capability = cp->io_cap;
2829 cmd->user_data = hci_conn_get(conn);
2830
2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2832 hci_conn_security(conn, sec_level, auth_type, true)) {
2833 cmd->cmd_complete(cmd, 0);
2834 mgmt_pending_remove(cmd);
2835 }
2836
2837 err = 0;
2838
2839unlock:
2840 hci_dev_unlock(hdev);
2841 return err;
2842}
2843
2844static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2845 u16 len)
2846{
2847 struct mgmt_addr_info *addr = data;
2848 struct mgmt_pending_cmd *cmd;
2849 struct hci_conn *conn;
2850 int err;
2851
2852 BT_DBG("");
2853
2854 hci_dev_lock(hdev);
2855
2856 if (!hdev_is_powered(hdev)) {
2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2858 MGMT_STATUS_NOT_POWERED);
2859 goto unlock;
2860 }
2861
2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2863 if (!cmd) {
2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2865 MGMT_STATUS_INVALID_PARAMS);
2866 goto unlock;
2867 }
2868
2869 conn = cmd->user_data;
2870
2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2873 MGMT_STATUS_INVALID_PARAMS);
2874 goto unlock;
2875 }
2876
2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2878 mgmt_pending_remove(cmd);
2879
2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2881 addr, sizeof(*addr));
2882unlock:
2883 hci_dev_unlock(hdev);
2884 return err;
2885}
2886
2887static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2888 struct mgmt_addr_info *addr, u16 mgmt_op,
2889 u16 hci_op, __le32 passkey)
2890{
2891 struct mgmt_pending_cmd *cmd;
2892 struct hci_conn *conn;
2893 int err;
2894
2895 hci_dev_lock(hdev);
2896
2897 if (!hdev_is_powered(hdev)) {
2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2899 MGMT_STATUS_NOT_POWERED, addr,
2900 sizeof(*addr));
2901 goto done;
2902 }
2903
2904 if (addr->type == BDADDR_BREDR)
2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2906 else
2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2908 le_addr_type(addr->type));
2909
2910 if (!conn) {
2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_NOT_CONNECTED, addr,
2913 sizeof(*addr));
2914 goto done;
2915 }
2916
2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2919 if (!err)
2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2921 MGMT_STATUS_SUCCESS, addr,
2922 sizeof(*addr));
2923 else
2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2925 MGMT_STATUS_FAILED, addr,
2926 sizeof(*addr));
2927
2928 goto done;
2929 }
2930
2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2932 if (!cmd) {
2933 err = -ENOMEM;
2934 goto done;
2935 }
2936
2937 cmd->cmd_complete = addr_cmd_complete;
2938
2939 /* Continue with pairing via HCI */
2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2941 struct hci_cp_user_passkey_reply cp;
2942
2943 bacpy(&cp.bdaddr, &addr->bdaddr);
2944 cp.passkey = passkey;
2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2946 } else
2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2948 &addr->bdaddr);
2949
2950 if (err < 0)
2951 mgmt_pending_remove(cmd);
2952
2953done:
2954 hci_dev_unlock(hdev);
2955 return err;
2956}
2957
2958static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2959 void *data, u16 len)
2960{
2961 struct mgmt_cp_pin_code_neg_reply *cp = data;
2962
2963 BT_DBG("");
2964
2965 return user_pairing_resp(sk, hdev, &cp->addr,
2966 MGMT_OP_PIN_CODE_NEG_REPLY,
2967 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2968}
2969
2970static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2971 u16 len)
2972{
2973 struct mgmt_cp_user_confirm_reply *cp = data;
2974
2975 BT_DBG("");
2976
2977 if (len != sizeof(*cp))
2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2979 MGMT_STATUS_INVALID_PARAMS);
2980
2981 return user_pairing_resp(sk, hdev, &cp->addr,
2982 MGMT_OP_USER_CONFIRM_REPLY,
2983 HCI_OP_USER_CONFIRM_REPLY, 0);
2984}
2985
2986static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2987 void *data, u16 len)
2988{
2989 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2990
2991 BT_DBG("");
2992
2993 return user_pairing_resp(sk, hdev, &cp->addr,
2994 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2996}
2997
2998static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2999 u16 len)
3000{
3001 struct mgmt_cp_user_passkey_reply *cp = data;
3002
3003 BT_DBG("");
3004
3005 return user_pairing_resp(sk, hdev, &cp->addr,
3006 MGMT_OP_USER_PASSKEY_REPLY,
3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3008}
3009
3010static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3011 void *data, u16 len)
3012{
3013 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3014
3015 BT_DBG("");
3016
3017 return user_pairing_resp(sk, hdev, &cp->addr,
3018 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3020}
3021
3022static void adv_expire(struct hci_dev *hdev, u32 flags)
3023{
3024 struct adv_info *adv_instance;
3025 struct hci_request req;
3026 int err;
3027
3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3029 if (!adv_instance)
3030 return;
3031
3032 /* stop if current instance doesn't need to be changed */
3033 if (!(adv_instance->flags & flags))
3034 return;
3035
3036 cancel_adv_timeout(hdev);
3037
3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3039 if (!adv_instance)
3040 return;
3041
3042 hci_req_init(&req, hdev);
3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3044 true);
3045 if (err)
3046 return;
3047
3048 hci_req_run(&req, NULL);
3049}
3050
3051static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3052{
3053 struct mgmt_cp_set_local_name *cp;
3054 struct mgmt_pending_cmd *cmd;
3055
3056 BT_DBG("status 0x%02x", status);
3057
3058 hci_dev_lock(hdev);
3059
3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3061 if (!cmd)
3062 goto unlock;
3063
3064 cp = cmd->param;
3065
3066 if (status) {
3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3068 mgmt_status(status));
3069 } else {
3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3071 cp, sizeof(*cp));
3072
3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3075 }
3076
3077 mgmt_pending_remove(cmd);
3078
3079unlock:
3080 hci_dev_unlock(hdev);
3081}
3082
3083static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3084 u16 len)
3085{
3086 struct mgmt_cp_set_local_name *cp = data;
3087 struct mgmt_pending_cmd *cmd;
3088 struct hci_request req;
3089 int err;
3090
3091 BT_DBG("");
3092
3093 hci_dev_lock(hdev);
3094
3095 /* If the old values are the same as the new ones just return a
3096 * direct command complete event.
3097 */
3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3099 !memcmp(hdev->short_name, cp->short_name,
3100 sizeof(hdev->short_name))) {
3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3102 data, len);
3103 goto failed;
3104 }
3105
3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3107
3108 if (!hdev_is_powered(hdev)) {
3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3110
3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3112 data, len);
3113 if (err < 0)
3114 goto failed;
3115
3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3118 ext_info_changed(hdev, sk);
3119
3120 goto failed;
3121 }
3122
3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3124 if (!cmd) {
3125 err = -ENOMEM;
3126 goto failed;
3127 }
3128
3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3130
3131 hci_req_init(&req, hdev);
3132
3133 if (lmp_bredr_capable(hdev)) {
3134 __hci_req_update_name(&req);
3135 __hci_req_update_eir(&req);
3136 }
3137
3138 /* The name is stored in the scan response data and so
3139 * no need to udpate the advertising data here.
3140 */
3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3143
3144 err = hci_req_run(&req, set_name_complete);
3145 if (err < 0)
3146 mgmt_pending_remove(cmd);
3147
3148failed:
3149 hci_dev_unlock(hdev);
3150 return err;
3151}
3152
3153static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3154 u16 len)
3155{
3156 struct mgmt_cp_set_appearance *cp = data;
3157 u16 apperance;
3158 int err;
3159
3160 BT_DBG("");
3161
3162 if (!lmp_le_capable(hdev))
3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3164 MGMT_STATUS_NOT_SUPPORTED);
3165
3166 apperance = le16_to_cpu(cp->appearance);
3167
3168 hci_dev_lock(hdev);
3169
3170 if (hdev->appearance != apperance) {
3171 hdev->appearance = apperance;
3172
3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3175
3176 ext_info_changed(hdev, sk);
3177 }
3178
3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3180 0);
3181
3182 hci_dev_unlock(hdev);
3183
3184 return err;
3185}
3186
3187static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3188 u16 opcode, struct sk_buff *skb)
3189{
3190 struct mgmt_rp_read_local_oob_data mgmt_rp;
3191 size_t rp_size = sizeof(mgmt_rp);
3192 struct mgmt_pending_cmd *cmd;
3193
3194 BT_DBG("%s status %u", hdev->name, status);
3195
3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3197 if (!cmd)
3198 return;
3199
3200 if (status || !skb) {
3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3203 goto remove;
3204 }
3205
3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3207
3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3210
3211 if (skb->len < sizeof(*rp)) {
3212 mgmt_cmd_status(cmd->sk, hdev->id,
3213 MGMT_OP_READ_LOCAL_OOB_DATA,
3214 MGMT_STATUS_FAILED);
3215 goto remove;
3216 }
3217
3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3220
3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3222 } else {
3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3224
3225 if (skb->len < sizeof(*rp)) {
3226 mgmt_cmd_status(cmd->sk, hdev->id,
3227 MGMT_OP_READ_LOCAL_OOB_DATA,
3228 MGMT_STATUS_FAILED);
3229 goto remove;
3230 }
3231
3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3234
3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3237 }
3238
3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3241
3242remove:
3243 mgmt_pending_remove(cmd);
3244}
3245
3246static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3247 void *data, u16 data_len)
3248{
3249 struct mgmt_pending_cmd *cmd;
3250 struct hci_request req;
3251 int err;
3252
3253 BT_DBG("%s", hdev->name);
3254
3255 hci_dev_lock(hdev);
3256
3257 if (!hdev_is_powered(hdev)) {
3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3259 MGMT_STATUS_NOT_POWERED);
3260 goto unlock;
3261 }
3262
3263 if (!lmp_ssp_capable(hdev)) {
3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3265 MGMT_STATUS_NOT_SUPPORTED);
3266 goto unlock;
3267 }
3268
3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3271 MGMT_STATUS_BUSY);
3272 goto unlock;
3273 }
3274
3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3276 if (!cmd) {
3277 err = -ENOMEM;
3278 goto unlock;
3279 }
3280
3281 hci_req_init(&req, hdev);
3282
3283 if (bredr_sc_enabled(hdev))
3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3285 else
3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3287
3288 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3289 if (err < 0)
3290 mgmt_pending_remove(cmd);
3291
3292unlock:
3293 hci_dev_unlock(hdev);
3294 return err;
3295}
3296
3297static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3299{
3300 struct mgmt_addr_info *addr = data;
3301 int err;
3302
3303 BT_DBG("%s ", hdev->name);
3304
3305 if (!bdaddr_type_is_valid(addr->type))
3306 return mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 addr, sizeof(*addr));
3310
3311 hci_dev_lock(hdev);
3312
3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3314 struct mgmt_cp_add_remote_oob_data *cp = data;
3315 u8 status;
3316
3317 if (cp->addr.type != BDADDR_BREDR) {
3318 err = mgmt_cmd_complete(sk, hdev->id,
3319 MGMT_OP_ADD_REMOTE_OOB_DATA,
3320 MGMT_STATUS_INVALID_PARAMS,
3321 &cp->addr, sizeof(cp->addr));
3322 goto unlock;
3323 }
3324
3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3326 cp->addr.type, cp->hash,
3327 cp->rand, NULL, NULL);
3328 if (err < 0)
3329 status = MGMT_STATUS_FAILED;
3330 else
3331 status = MGMT_STATUS_SUCCESS;
3332
3333 err = mgmt_cmd_complete(sk, hdev->id,
3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3335 &cp->addr, sizeof(cp->addr));
3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3338 u8 *rand192, *hash192, *rand256, *hash256;
3339 u8 status;
3340
3341 if (bdaddr_type_is_le(cp->addr.type)) {
3342 /* Enforce zero-valued 192-bit parameters as
3343 * long as legacy SMP OOB isn't implemented.
3344 */
3345 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3346 memcmp(cp->hash192, ZERO_KEY, 16)) {
3347 err = mgmt_cmd_complete(sk, hdev->id,
3348 MGMT_OP_ADD_REMOTE_OOB_DATA,
3349 MGMT_STATUS_INVALID_PARAMS,
3350 addr, sizeof(*addr));
3351 goto unlock;
3352 }
3353
3354 rand192 = NULL;
3355 hash192 = NULL;
3356 } else {
3357 /* In case one of the P-192 values is set to zero,
3358 * then just disable OOB data for P-192.
3359 */
3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3361 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3362 rand192 = NULL;
3363 hash192 = NULL;
3364 } else {
3365 rand192 = cp->rand192;
3366 hash192 = cp->hash192;
3367 }
3368 }
3369
3370 /* In case one of the P-256 values is set to zero, then just
3371 * disable OOB data for P-256.
3372 */
3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3374 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3375 rand256 = NULL;
3376 hash256 = NULL;
3377 } else {
3378 rand256 = cp->rand256;
3379 hash256 = cp->hash256;
3380 }
3381
3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3383 cp->addr.type, hash192, rand192,
3384 hash256, rand256);
3385 if (err < 0)
3386 status = MGMT_STATUS_FAILED;
3387 else
3388 status = MGMT_STATUS_SUCCESS;
3389
3390 err = mgmt_cmd_complete(sk, hdev->id,
3391 MGMT_OP_ADD_REMOTE_OOB_DATA,
3392 status, &cp->addr, sizeof(cp->addr));
3393 } else {
3394 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3395 len);
3396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3397 MGMT_STATUS_INVALID_PARAMS);
3398 }
3399
3400unlock:
3401 hci_dev_unlock(hdev);
3402 return err;
3403}
3404
3405static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3406 void *data, u16 len)
3407{
3408 struct mgmt_cp_remove_remote_oob_data *cp = data;
3409 u8 status;
3410 int err;
3411
3412 BT_DBG("%s", hdev->name);
3413
3414 if (cp->addr.type != BDADDR_BREDR)
3415 return mgmt_cmd_complete(sk, hdev->id,
3416 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3417 MGMT_STATUS_INVALID_PARAMS,
3418 &cp->addr, sizeof(cp->addr));
3419
3420 hci_dev_lock(hdev);
3421
3422 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3423 hci_remote_oob_data_clear(hdev);
3424 status = MGMT_STATUS_SUCCESS;
3425 goto done;
3426 }
3427
3428 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3429 if (err < 0)
3430 status = MGMT_STATUS_INVALID_PARAMS;
3431 else
3432 status = MGMT_STATUS_SUCCESS;
3433
3434done:
3435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3436 status, &cp->addr, sizeof(cp->addr));
3437
3438 hci_dev_unlock(hdev);
3439 return err;
3440}
3441
3442void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3443{
3444 struct mgmt_pending_cmd *cmd;
3445
3446 BT_DBG("status %d", status);
3447
3448 hci_dev_lock(hdev);
3449
3450 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3451 if (!cmd)
3452 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3453
3454 if (!cmd)
3455 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3456
3457 if (cmd) {
3458 cmd->cmd_complete(cmd, mgmt_status(status));
3459 mgmt_pending_remove(cmd);
3460 }
3461
3462 hci_dev_unlock(hdev);
3463}
3464
3465static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3466 uint8_t *mgmt_status)
3467{
3468 switch (type) {
3469 case DISCOV_TYPE_LE:
3470 *mgmt_status = mgmt_le_support(hdev);
3471 if (*mgmt_status)
3472 return false;
3473 break;
3474 case DISCOV_TYPE_INTERLEAVED:
3475 *mgmt_status = mgmt_le_support(hdev);
3476 if (*mgmt_status)
3477 return false;
3478 /* Intentional fall-through */
3479 case DISCOV_TYPE_BREDR:
3480 *mgmt_status = mgmt_bredr_support(hdev);
3481 if (*mgmt_status)
3482 return false;
3483 break;
3484 default:
3485 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3486 return false;
3487 }
3488
3489 return true;
3490}
3491
3492static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3493 u16 op, void *data, u16 len)
3494{
3495 struct mgmt_cp_start_discovery *cp = data;
3496 struct mgmt_pending_cmd *cmd;
3497 u8 status;
3498 int err;
3499
3500 BT_DBG("%s", hdev->name);
3501
3502 hci_dev_lock(hdev);
3503
3504 if (!hdev_is_powered(hdev)) {
3505 err = mgmt_cmd_complete(sk, hdev->id, op,
3506 MGMT_STATUS_NOT_POWERED,
3507 &cp->type, sizeof(cp->type));
3508 goto failed;
3509 }
3510
3511 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3512 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3513 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3514 &cp->type, sizeof(cp->type));
3515 goto failed;
3516 }
3517
3518 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3519 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3520 &cp->type, sizeof(cp->type));
3521 goto failed;
3522 }
3523
3524 /* Clear the discovery filter first to free any previously
3525 * allocated memory for the UUID list.
3526 */
3527 hci_discovery_filter_clear(hdev);
3528
3529 hdev->discovery.type = cp->type;
3530 hdev->discovery.report_invalid_rssi = false;
3531 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3532 hdev->discovery.limited = true;
3533 else
3534 hdev->discovery.limited = false;
3535
3536 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3537 if (!cmd) {
3538 err = -ENOMEM;
3539 goto failed;
3540 }
3541
3542 cmd->cmd_complete = generic_cmd_complete;
3543
3544 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3545 queue_work(hdev->req_workqueue, &hdev->discov_update);
3546 err = 0;
3547
3548failed:
3549 hci_dev_unlock(hdev);
3550 return err;
3551}
3552
3553static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3554 void *data, u16 len)
3555{
3556 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3557 data, len);
3558}
3559
3560static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3561 void *data, u16 len)
3562{
3563 return start_discovery_internal(sk, hdev,
3564 MGMT_OP_START_LIMITED_DISCOVERY,
3565 data, len);
3566}
3567
3568static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3569 u8 status)
3570{
3571 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3572 cmd->param, 1);
3573}
3574
3575static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3576 void *data, u16 len)
3577{
3578 struct mgmt_cp_start_service_discovery *cp = data;
3579 struct mgmt_pending_cmd *cmd;
3580 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3581 u16 uuid_count, expected_len;
3582 u8 status;
3583 int err;
3584
3585 BT_DBG("%s", hdev->name);
3586
3587 hci_dev_lock(hdev);
3588
3589 if (!hdev_is_powered(hdev)) {
3590 err = mgmt_cmd_complete(sk, hdev->id,
3591 MGMT_OP_START_SERVICE_DISCOVERY,
3592 MGMT_STATUS_NOT_POWERED,
3593 &cp->type, sizeof(cp->type));
3594 goto failed;
3595 }
3596
3597 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3598 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3599 err = mgmt_cmd_complete(sk, hdev->id,
3600 MGMT_OP_START_SERVICE_DISCOVERY,
3601 MGMT_STATUS_BUSY, &cp->type,
3602 sizeof(cp->type));
3603 goto failed;
3604 }
3605
3606 uuid_count = __le16_to_cpu(cp->uuid_count);
3607 if (uuid_count > max_uuid_count) {
3608 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3609 uuid_count);
3610 err = mgmt_cmd_complete(sk, hdev->id,
3611 MGMT_OP_START_SERVICE_DISCOVERY,
3612 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3613 sizeof(cp->type));
3614 goto failed;
3615 }
3616
3617 expected_len = sizeof(*cp) + uuid_count * 16;
3618 if (expected_len != len) {
3619 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3620 expected_len, len);
3621 err = mgmt_cmd_complete(sk, hdev->id,
3622 MGMT_OP_START_SERVICE_DISCOVERY,
3623 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3624 sizeof(cp->type));
3625 goto failed;
3626 }
3627
3628 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3629 err = mgmt_cmd_complete(sk, hdev->id,
3630 MGMT_OP_START_SERVICE_DISCOVERY,
3631 status, &cp->type, sizeof(cp->type));
3632 goto failed;
3633 }
3634
3635 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3636 hdev, data, len);
3637 if (!cmd) {
3638 err = -ENOMEM;
3639 goto failed;
3640 }
3641
3642 cmd->cmd_complete = service_discovery_cmd_complete;
3643
3644 /* Clear the discovery filter first to free any previously
3645 * allocated memory for the UUID list.
3646 */
3647 hci_discovery_filter_clear(hdev);
3648
3649 hdev->discovery.result_filtering = true;
3650 hdev->discovery.type = cp->type;
3651 hdev->discovery.rssi = cp->rssi;
3652 hdev->discovery.uuid_count = uuid_count;
3653
3654 if (uuid_count > 0) {
3655 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3656 GFP_KERNEL);
3657 if (!hdev->discovery.uuids) {
3658 err = mgmt_cmd_complete(sk, hdev->id,
3659 MGMT_OP_START_SERVICE_DISCOVERY,
3660 MGMT_STATUS_FAILED,
3661 &cp->type, sizeof(cp->type));
3662 mgmt_pending_remove(cmd);
3663 goto failed;
3664 }
3665 }
3666
3667 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3668 queue_work(hdev->req_workqueue, &hdev->discov_update);
3669 err = 0;
3670
3671failed:
3672 hci_dev_unlock(hdev);
3673 return err;
3674}
3675
3676void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3677{
3678 struct mgmt_pending_cmd *cmd;
3679
3680 BT_DBG("status %d", status);
3681
3682 hci_dev_lock(hdev);
3683
3684 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3685 if (cmd) {
3686 cmd->cmd_complete(cmd, mgmt_status(status));
3687 mgmt_pending_remove(cmd);
3688 }
3689
3690 hci_dev_unlock(hdev);
3691}
3692
3693static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3694 u16 len)
3695{
3696 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3697 struct mgmt_pending_cmd *cmd;
3698 int err;
3699
3700 BT_DBG("%s", hdev->name);
3701
3702 hci_dev_lock(hdev);
3703
3704 if (!hci_discovery_active(hdev)) {
3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3706 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3707 sizeof(mgmt_cp->type));
3708 goto unlock;
3709 }
3710
3711 if (hdev->discovery.type != mgmt_cp->type) {
3712 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &mgmt_cp->type, sizeof(mgmt_cp->type));
3715 goto unlock;
3716 }
3717
3718 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3719 if (!cmd) {
3720 err = -ENOMEM;
3721 goto unlock;
3722 }
3723
3724 cmd->cmd_complete = generic_cmd_complete;
3725
3726 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3727 queue_work(hdev->req_workqueue, &hdev->discov_update);
3728 err = 0;
3729
3730unlock:
3731 hci_dev_unlock(hdev);
3732 return err;
3733}
3734
3735static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3736 u16 len)
3737{
3738 struct mgmt_cp_confirm_name *cp = data;
3739 struct inquiry_entry *e;
3740 int err;
3741
3742 BT_DBG("%s", hdev->name);
3743
3744 hci_dev_lock(hdev);
3745
3746 if (!hci_discovery_active(hdev)) {
3747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3748 MGMT_STATUS_FAILED, &cp->addr,
3749 sizeof(cp->addr));
3750 goto failed;
3751 }
3752
3753 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3754 if (!e) {
3755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3756 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3757 sizeof(cp->addr));
3758 goto failed;
3759 }
3760
3761 if (cp->name_known) {
3762 e->name_state = NAME_KNOWN;
3763 list_del(&e->list);
3764 } else {
3765 e->name_state = NAME_NEEDED;
3766 hci_inquiry_cache_update_resolve(hdev, e);
3767 }
3768
3769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3770 &cp->addr, sizeof(cp->addr));
3771
3772failed:
3773 hci_dev_unlock(hdev);
3774 return err;
3775}
3776
3777static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3778 u16 len)
3779{
3780 struct mgmt_cp_block_device *cp = data;
3781 u8 status;
3782 int err;
3783
3784 BT_DBG("%s", hdev->name);
3785
3786 if (!bdaddr_type_is_valid(cp->addr.type))
3787 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3788 MGMT_STATUS_INVALID_PARAMS,
3789 &cp->addr, sizeof(cp->addr));
3790
3791 hci_dev_lock(hdev);
3792
3793 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3794 cp->addr.type);
3795 if (err < 0) {
3796 status = MGMT_STATUS_FAILED;
3797 goto done;
3798 }
3799
3800 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3801 sk);
3802 status = MGMT_STATUS_SUCCESS;
3803
3804done:
3805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3806 &cp->addr, sizeof(cp->addr));
3807
3808 hci_dev_unlock(hdev);
3809
3810 return err;
3811}
3812
3813static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3814 u16 len)
3815{
3816 struct mgmt_cp_unblock_device *cp = data;
3817 u8 status;
3818 int err;
3819
3820 BT_DBG("%s", hdev->name);
3821
3822 if (!bdaddr_type_is_valid(cp->addr.type))
3823 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 &cp->addr, sizeof(cp->addr));
3826
3827 hci_dev_lock(hdev);
3828
3829 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3830 cp->addr.type);
3831 if (err < 0) {
3832 status = MGMT_STATUS_INVALID_PARAMS;
3833 goto done;
3834 }
3835
3836 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3837 sk);
3838 status = MGMT_STATUS_SUCCESS;
3839
3840done:
3841 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3842 &cp->addr, sizeof(cp->addr));
3843
3844 hci_dev_unlock(hdev);
3845
3846 return err;
3847}
3848
3849static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3850 u16 len)
3851{
3852 struct mgmt_cp_set_device_id *cp = data;
3853 struct hci_request req;
3854 int err;
3855 __u16 source;
3856
3857 BT_DBG("%s", hdev->name);
3858
3859 source = __le16_to_cpu(cp->source);
3860
3861 if (source > 0x0002)
3862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3863 MGMT_STATUS_INVALID_PARAMS);
3864
3865 hci_dev_lock(hdev);
3866
3867 hdev->devid_source = source;
3868 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3869 hdev->devid_product = __le16_to_cpu(cp->product);
3870 hdev->devid_version = __le16_to_cpu(cp->version);
3871
3872 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3873 NULL, 0);
3874
3875 hci_req_init(&req, hdev);
3876 __hci_req_update_eir(&req);
3877 hci_req_run(&req, NULL);
3878
3879 hci_dev_unlock(hdev);
3880
3881 return err;
3882}
3883
3884static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3885 u16 opcode)
3886{
3887 BT_DBG("status %d", status);
3888}
3889
3890static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3891 u16 opcode)
3892{
3893 struct cmd_lookup match = { NULL, hdev };
3894 struct hci_request req;
3895 u8 instance;
3896 struct adv_info *adv_instance;
3897 int err;
3898
3899 hci_dev_lock(hdev);
3900
3901 if (status) {
3902 u8 mgmt_err = mgmt_status(status);
3903
3904 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3905 cmd_status_rsp, &mgmt_err);
3906 goto unlock;
3907 }
3908
3909 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3910 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3911 else
3912 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3913
3914 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3915 &match);
3916
3917 new_settings(hdev, match.sk);
3918
3919 if (match.sk)
3920 sock_put(match.sk);
3921
3922 /* If "Set Advertising" was just disabled and instance advertising was
3923 * set up earlier, then re-enable multi-instance advertising.
3924 */
3925 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3926 list_empty(&hdev->adv_instances))
3927 goto unlock;
3928
3929 instance = hdev->cur_adv_instance;
3930 if (!instance) {
3931 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3932 struct adv_info, list);
3933 if (!adv_instance)
3934 goto unlock;
3935
3936 instance = adv_instance->instance;
3937 }
3938
3939 hci_req_init(&req, hdev);
3940
3941 err = __hci_req_schedule_adv_instance(&req, instance, true);
3942
3943 if (!err)
3944 err = hci_req_run(&req, enable_advertising_instance);
3945
3946 if (err)
3947 bt_dev_err(hdev, "failed to re-configure advertising");
3948
3949unlock:
3950 hci_dev_unlock(hdev);
3951}
3952
3953static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3954 u16 len)
3955{
3956 struct mgmt_mode *cp = data;
3957 struct mgmt_pending_cmd *cmd;
3958 struct hci_request req;
3959 u8 val, status;
3960 int err;
3961
3962 BT_DBG("request for %s", hdev->name);
3963
3964 status = mgmt_le_support(hdev);
3965 if (status)
3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3967 status);
3968
3969 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3971 MGMT_STATUS_INVALID_PARAMS);
3972
3973 hci_dev_lock(hdev);
3974
3975 val = !!cp->val;
3976
3977 /* The following conditions are ones which mean that we should
3978 * not do any HCI communication but directly send a mgmt
3979 * response to user space (after toggling the flag if
3980 * necessary).
3981 */
3982 if (!hdev_is_powered(hdev) ||
3983 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3984 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3985 hci_conn_num(hdev, LE_LINK) > 0 ||
3986 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3987 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3988 bool changed;
3989
3990 if (cp->val) {
3991 hdev->cur_adv_instance = 0x00;
3992 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3993 if (cp->val == 0x02)
3994 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3995 else
3996 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3997 } else {
3998 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3999 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4000 }
4001
4002 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4003 if (err < 0)
4004 goto unlock;
4005
4006 if (changed)
4007 err = new_settings(hdev, sk);
4008
4009 goto unlock;
4010 }
4011
4012 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4013 pending_find(MGMT_OP_SET_LE, hdev)) {
4014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4015 MGMT_STATUS_BUSY);
4016 goto unlock;
4017 }
4018
4019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4020 if (!cmd) {
4021 err = -ENOMEM;
4022 goto unlock;
4023 }
4024
4025 hci_req_init(&req, hdev);
4026
4027 if (cp->val == 0x02)
4028 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4029 else
4030 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4031
4032 cancel_adv_timeout(hdev);
4033
4034 if (val) {
4035 /* Switch to instance "0" for the Set Advertising setting.
4036 * We cannot use update_[adv|scan_rsp]_data() here as the
4037 * HCI_ADVERTISING flag is not yet set.
4038 */
4039 hdev->cur_adv_instance = 0x00;
4040 __hci_req_update_adv_data(&req, 0x00);
4041 __hci_req_update_scan_rsp_data(&req, 0x00);
4042 __hci_req_enable_advertising(&req);
4043 } else {
4044 __hci_req_disable_advertising(&req);
4045 }
4046
4047 err = hci_req_run(&req, set_advertising_complete);
4048 if (err < 0)
4049 mgmt_pending_remove(cmd);
4050
4051unlock:
4052 hci_dev_unlock(hdev);
4053 return err;
4054}
4055
4056static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4057 void *data, u16 len)
4058{
4059 struct mgmt_cp_set_static_address *cp = data;
4060 int err;
4061
4062 BT_DBG("%s", hdev->name);
4063
4064 if (!lmp_le_capable(hdev))
4065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4066 MGMT_STATUS_NOT_SUPPORTED);
4067
4068 if (hdev_is_powered(hdev))
4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4070 MGMT_STATUS_REJECTED);
4071
4072 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4073 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4074 return mgmt_cmd_status(sk, hdev->id,
4075 MGMT_OP_SET_STATIC_ADDRESS,
4076 MGMT_STATUS_INVALID_PARAMS);
4077
4078 /* Two most significant bits shall be set */
4079 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4080 return mgmt_cmd_status(sk, hdev->id,
4081 MGMT_OP_SET_STATIC_ADDRESS,
4082 MGMT_STATUS_INVALID_PARAMS);
4083 }
4084
4085 hci_dev_lock(hdev);
4086
4087 bacpy(&hdev->static_addr, &cp->bdaddr);
4088
4089 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4090 if (err < 0)
4091 goto unlock;
4092
4093 err = new_settings(hdev, sk);
4094
4095unlock:
4096 hci_dev_unlock(hdev);
4097 return err;
4098}
4099
4100static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4101 void *data, u16 len)
4102{
4103 struct mgmt_cp_set_scan_params *cp = data;
4104 __u16 interval, window;
4105 int err;
4106
4107 BT_DBG("%s", hdev->name);
4108
4109 if (!lmp_le_capable(hdev))
4110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4111 MGMT_STATUS_NOT_SUPPORTED);
4112
4113 interval = __le16_to_cpu(cp->interval);
4114
4115 if (interval < 0x0004 || interval > 0x4000)
4116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4117 MGMT_STATUS_INVALID_PARAMS);
4118
4119 window = __le16_to_cpu(cp->window);
4120
4121 if (window < 0x0004 || window > 0x4000)
4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4123 MGMT_STATUS_INVALID_PARAMS);
4124
4125 if (window > interval)
4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4128
4129 hci_dev_lock(hdev);
4130
4131 hdev->le_scan_interval = interval;
4132 hdev->le_scan_window = window;
4133
4134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4135 NULL, 0);
4136
4137 /* If background scan is running, restart it so new parameters are
4138 * loaded.
4139 */
4140 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4141 hdev->discovery.state == DISCOVERY_STOPPED) {
4142 struct hci_request req;
4143
4144 hci_req_init(&req, hdev);
4145
4146 hci_req_add_le_scan_disable(&req);
4147 hci_req_add_le_passive_scan(&req);
4148
4149 hci_req_run(&req, NULL);
4150 }
4151
4152 hci_dev_unlock(hdev);
4153
4154 return err;
4155}
4156
4157static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4158 u16 opcode)
4159{
4160 struct mgmt_pending_cmd *cmd;
4161
4162 BT_DBG("status 0x%02x", status);
4163
4164 hci_dev_lock(hdev);
4165
4166 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4167 if (!cmd)
4168 goto unlock;
4169
4170 if (status) {
4171 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4172 mgmt_status(status));
4173 } else {
4174 struct mgmt_mode *cp = cmd->param;
4175
4176 if (cp->val)
4177 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4178 else
4179 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4180
4181 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4182 new_settings(hdev, cmd->sk);
4183 }
4184
4185 mgmt_pending_remove(cmd);
4186
4187unlock:
4188 hci_dev_unlock(hdev);
4189}
4190
4191static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4192 void *data, u16 len)
4193{
4194 struct mgmt_mode *cp = data;
4195 struct mgmt_pending_cmd *cmd;
4196 struct hci_request req;
4197 int err;
4198
4199 BT_DBG("%s", hdev->name);
4200
4201 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4202 hdev->hci_ver < BLUETOOTH_VER_1_2)
4203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4204 MGMT_STATUS_NOT_SUPPORTED);
4205
4206 if (cp->val != 0x00 && cp->val != 0x01)
4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4208 MGMT_STATUS_INVALID_PARAMS);
4209
4210 hci_dev_lock(hdev);
4211
4212 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4214 MGMT_STATUS_BUSY);
4215 goto unlock;
4216 }
4217
4218 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4219 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4220 hdev);
4221 goto unlock;
4222 }
4223
4224 if (!hdev_is_powered(hdev)) {
4225 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4226 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4227 hdev);
4228 new_settings(hdev, sk);
4229 goto unlock;
4230 }
4231
4232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4233 data, len);
4234 if (!cmd) {
4235 err = -ENOMEM;
4236 goto unlock;
4237 }
4238
4239 hci_req_init(&req, hdev);
4240
4241 __hci_req_write_fast_connectable(&req, cp->val);
4242
4243 err = hci_req_run(&req, fast_connectable_complete);
4244 if (err < 0) {
4245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4246 MGMT_STATUS_FAILED);
4247 mgmt_pending_remove(cmd);
4248 }
4249
4250unlock:
4251 hci_dev_unlock(hdev);
4252
4253 return err;
4254}
4255
4256static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4257{
4258 struct mgmt_pending_cmd *cmd;
4259
4260 BT_DBG("status 0x%02x", status);
4261
4262 hci_dev_lock(hdev);
4263
4264 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4265 if (!cmd)
4266 goto unlock;
4267
4268 if (status) {
4269 u8 mgmt_err = mgmt_status(status);
4270
4271 /* We need to restore the flag if related HCI commands
4272 * failed.
4273 */
4274 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4275
4276 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4277 } else {
4278 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4279 new_settings(hdev, cmd->sk);
4280 }
4281
4282 mgmt_pending_remove(cmd);
4283
4284unlock:
4285 hci_dev_unlock(hdev);
4286}
4287
4288static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4289{
4290 struct mgmt_mode *cp = data;
4291 struct mgmt_pending_cmd *cmd;
4292 struct hci_request req;
4293 int err;
4294
4295 BT_DBG("request for %s", hdev->name);
4296
4297 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4299 MGMT_STATUS_NOT_SUPPORTED);
4300
4301 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_REJECTED);
4304
4305 if (cp->val != 0x00 && cp->val != 0x01)
4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4307 MGMT_STATUS_INVALID_PARAMS);
4308
4309 hci_dev_lock(hdev);
4310
4311 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4312 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4313 goto unlock;
4314 }
4315
4316 if (!hdev_is_powered(hdev)) {
4317 if (!cp->val) {
4318 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4319 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4320 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4321 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4322 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4323 }
4324
4325 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4326
4327 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4328 if (err < 0)
4329 goto unlock;
4330
4331 err = new_settings(hdev, sk);
4332 goto unlock;
4333 }
4334
4335 /* Reject disabling when powered on */
4336 if (!cp->val) {
4337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4338 MGMT_STATUS_REJECTED);
4339 goto unlock;
4340 } else {
4341 /* When configuring a dual-mode controller to operate
4342 * with LE only and using a static address, then switching
4343 * BR/EDR back on is not allowed.
4344 *
4345 * Dual-mode controllers shall operate with the public
4346 * address as its identity address for BR/EDR and LE. So
4347 * reject the attempt to create an invalid configuration.
4348 *
4349 * The same restrictions applies when secure connections
4350 * has been enabled. For BR/EDR this is a controller feature
4351 * while for LE it is a host stack feature. This means that
4352 * switching BR/EDR back on when secure connections has been
4353 * enabled is not a supported transaction.
4354 */
4355 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4356 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4357 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4359 MGMT_STATUS_REJECTED);
4360 goto unlock;
4361 }
4362 }
4363
4364 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4366 MGMT_STATUS_BUSY);
4367 goto unlock;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto unlock;
4374 }
4375
4376 /* We need to flip the bit already here so that
4377 * hci_req_update_adv_data generates the correct flags.
4378 */
4379 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4380
4381 hci_req_init(&req, hdev);
4382
4383 __hci_req_write_fast_connectable(&req, false);
4384 __hci_req_update_scan(&req);
4385
4386 /* Since only the advertising data flags will change, there
4387 * is no need to update the scan response data.
4388 */
4389 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4390
4391 err = hci_req_run(&req, set_bredr_complete);
4392 if (err < 0)
4393 mgmt_pending_remove(cmd);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
4400static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4401{
4402 struct mgmt_pending_cmd *cmd;
4403 struct mgmt_mode *cp;
4404
4405 BT_DBG("%s status %u", hdev->name, status);
4406
4407 hci_dev_lock(hdev);
4408
4409 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4410 if (!cmd)
4411 goto unlock;
4412
4413 if (status) {
4414 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4415 mgmt_status(status));
4416 goto remove;
4417 }
4418
4419 cp = cmd->param;
4420
4421 switch (cp->val) {
4422 case 0x00:
4423 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4424 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4425 break;
4426 case 0x01:
4427 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4429 break;
4430 case 0x02:
4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4432 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4433 break;
4434 }
4435
4436 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4437 new_settings(hdev, cmd->sk);
4438
4439remove:
4440 mgmt_pending_remove(cmd);
4441unlock:
4442 hci_dev_unlock(hdev);
4443}
4444
4445static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4446 void *data, u16 len)
4447{
4448 struct mgmt_mode *cp = data;
4449 struct mgmt_pending_cmd *cmd;
4450 struct hci_request req;
4451 u8 val;
4452 int err;
4453
4454 BT_DBG("request for %s", hdev->name);
4455
4456 if (!lmp_sc_capable(hdev) &&
4457 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4459 MGMT_STATUS_NOT_SUPPORTED);
4460
4461 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4462 lmp_sc_capable(hdev) &&
4463 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4464 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 MGMT_STATUS_REJECTED);
4466
4467 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 MGMT_STATUS_INVALID_PARAMS);
4470
4471 hci_dev_lock(hdev);
4472
4473 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4474 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4475 bool changed;
4476
4477 if (cp->val) {
4478 changed = !hci_dev_test_and_set_flag(hdev,
4479 HCI_SC_ENABLED);
4480 if (cp->val == 0x02)
4481 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4482 else
4483 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4484 } else {
4485 changed = hci_dev_test_and_clear_flag(hdev,
4486 HCI_SC_ENABLED);
4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4488 }
4489
4490 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4491 if (err < 0)
4492 goto failed;
4493
4494 if (changed)
4495 err = new_settings(hdev, sk);
4496
4497 goto failed;
4498 }
4499
4500 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4502 MGMT_STATUS_BUSY);
4503 goto failed;
4504 }
4505
4506 val = !!cp->val;
4507
4508 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4509 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4510 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4511 goto failed;
4512 }
4513
4514 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4515 if (!cmd) {
4516 err = -ENOMEM;
4517 goto failed;
4518 }
4519
4520 hci_req_init(&req, hdev);
4521 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4522 err = hci_req_run(&req, sc_enable_complete);
4523 if (err < 0) {
4524 mgmt_pending_remove(cmd);
4525 goto failed;
4526 }
4527
4528failed:
4529 hci_dev_unlock(hdev);
4530 return err;
4531}
4532
4533static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4534 void *data, u16 len)
4535{
4536 struct mgmt_mode *cp = data;
4537 bool changed, use_changed;
4538 int err;
4539
4540 BT_DBG("request for %s", hdev->name);
4541
4542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4543 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4544 MGMT_STATUS_INVALID_PARAMS);
4545
4546 hci_dev_lock(hdev);
4547
4548 if (cp->val)
4549 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4550 else
4551 changed = hci_dev_test_and_clear_flag(hdev,
4552 HCI_KEEP_DEBUG_KEYS);
4553
4554 if (cp->val == 0x02)
4555 use_changed = !hci_dev_test_and_set_flag(hdev,
4556 HCI_USE_DEBUG_KEYS);
4557 else
4558 use_changed = hci_dev_test_and_clear_flag(hdev,
4559 HCI_USE_DEBUG_KEYS);
4560
4561 if (hdev_is_powered(hdev) && use_changed &&
4562 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4563 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4565 sizeof(mode), &mode);
4566 }
4567
4568 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4569 if (err < 0)
4570 goto unlock;
4571
4572 if (changed)
4573 err = new_settings(hdev, sk);
4574
4575unlock:
4576 hci_dev_unlock(hdev);
4577 return err;
4578}
4579
4580static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4581 u16 len)
4582{
4583 struct mgmt_cp_set_privacy *cp = cp_data;
4584 bool changed;
4585 int err;
4586
4587 BT_DBG("request for %s", hdev->name);
4588
4589 if (!lmp_le_capable(hdev))
4590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4591 MGMT_STATUS_NOT_SUPPORTED);
4592
4593 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_INVALID_PARAMS);
4596
4597 if (hdev_is_powered(hdev))
4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_REJECTED);
4600
4601 hci_dev_lock(hdev);
4602
4603 /* If user space supports this command it is also expected to
4604 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4605 */
4606 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4607
4608 if (cp->privacy) {
4609 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4610 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4611 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4612 if (cp->privacy == 0x02)
4613 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4614 else
4615 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4616 } else {
4617 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4618 memset(hdev->irk, 0, sizeof(hdev->irk));
4619 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4620 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4621 }
4622
4623 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4624 if (err < 0)
4625 goto unlock;
4626
4627 if (changed)
4628 err = new_settings(hdev, sk);
4629
4630unlock:
4631 hci_dev_unlock(hdev);
4632 return err;
4633}
4634
4635static bool irk_is_valid(struct mgmt_irk_info *irk)
4636{
4637 switch (irk->addr.type) {
4638 case BDADDR_LE_PUBLIC:
4639 return true;
4640
4641 case BDADDR_LE_RANDOM:
4642 /* Two most significant bits shall be set */
4643 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4644 return false;
4645 return true;
4646 }
4647
4648 return false;
4649}
4650
4651static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4652 u16 len)
4653{
4654 struct mgmt_cp_load_irks *cp = cp_data;
4655 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4656 sizeof(struct mgmt_irk_info));
4657 u16 irk_count, expected_len;
4658 int i, err;
4659
4660 BT_DBG("request for %s", hdev->name);
4661
4662 if (!lmp_le_capable(hdev))
4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4664 MGMT_STATUS_NOT_SUPPORTED);
4665
4666 irk_count = __le16_to_cpu(cp->irk_count);
4667 if (irk_count > max_irk_count) {
4668 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
4669 irk_count);
4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4671 MGMT_STATUS_INVALID_PARAMS);
4672 }
4673
4674 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4675 if (expected_len != len) {
4676 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
4677 expected_len, len);
4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4679 MGMT_STATUS_INVALID_PARAMS);
4680 }
4681
4682 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4683
4684 for (i = 0; i < irk_count; i++) {
4685 struct mgmt_irk_info *key = &cp->irks[i];
4686
4687 if (!irk_is_valid(key))
4688 return mgmt_cmd_status(sk, hdev->id,
4689 MGMT_OP_LOAD_IRKS,
4690 MGMT_STATUS_INVALID_PARAMS);
4691 }
4692
4693 hci_dev_lock(hdev);
4694
4695 hci_smp_irks_clear(hdev);
4696
4697 for (i = 0; i < irk_count; i++) {
4698 struct mgmt_irk_info *irk = &cp->irks[i];
4699
4700 hci_add_irk(hdev, &irk->addr.bdaddr,
4701 le_addr_type(irk->addr.type), irk->val,
4702 BDADDR_ANY);
4703 }
4704
4705 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4706
4707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4708
4709 hci_dev_unlock(hdev);
4710
4711 return err;
4712}
4713
4714static bool ltk_is_valid(struct mgmt_ltk_info *key)
4715{
4716 if (key->master != 0x00 && key->master != 0x01)
4717 return false;
4718
4719 switch (key->addr.type) {
4720 case BDADDR_LE_PUBLIC:
4721 return true;
4722
4723 case BDADDR_LE_RANDOM:
4724 /* Two most significant bits shall be set */
4725 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4726 return false;
4727 return true;
4728 }
4729
4730 return false;
4731}
4732
4733static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4734 void *cp_data, u16 len)
4735{
4736 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4737 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4738 sizeof(struct mgmt_ltk_info));
4739 u16 key_count, expected_len;
4740 int i, err;
4741
4742 BT_DBG("request for %s", hdev->name);
4743
4744 if (!lmp_le_capable(hdev))
4745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4746 MGMT_STATUS_NOT_SUPPORTED);
4747
4748 key_count = __le16_to_cpu(cp->key_count);
4749 if (key_count > max_key_count) {
4750 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
4751 key_count);
4752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4753 MGMT_STATUS_INVALID_PARAMS);
4754 }
4755
4756 expected_len = sizeof(*cp) + key_count *
4757 sizeof(struct mgmt_ltk_info);
4758 if (expected_len != len) {
4759 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
4760 expected_len, len);
4761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4762 MGMT_STATUS_INVALID_PARAMS);
4763 }
4764
4765 BT_DBG("%s key_count %u", hdev->name, key_count);
4766
4767 for (i = 0; i < key_count; i++) {
4768 struct mgmt_ltk_info *key = &cp->keys[i];
4769
4770 if (!ltk_is_valid(key))
4771 return mgmt_cmd_status(sk, hdev->id,
4772 MGMT_OP_LOAD_LONG_TERM_KEYS,
4773 MGMT_STATUS_INVALID_PARAMS);
4774 }
4775
4776 hci_dev_lock(hdev);
4777
4778 hci_smp_ltks_clear(hdev);
4779
4780 for (i = 0; i < key_count; i++) {
4781 struct mgmt_ltk_info *key = &cp->keys[i];
4782 u8 type, authenticated;
4783
4784 switch (key->type) {
4785 case MGMT_LTK_UNAUTHENTICATED:
4786 authenticated = 0x00;
4787 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4788 break;
4789 case MGMT_LTK_AUTHENTICATED:
4790 authenticated = 0x01;
4791 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4792 break;
4793 case MGMT_LTK_P256_UNAUTH:
4794 authenticated = 0x00;
4795 type = SMP_LTK_P256;
4796 break;
4797 case MGMT_LTK_P256_AUTH:
4798 authenticated = 0x01;
4799 type = SMP_LTK_P256;
4800 break;
4801 case MGMT_LTK_P256_DEBUG:
4802 authenticated = 0x00;
4803 type = SMP_LTK_P256_DEBUG;
4804 /* fall through */
4805 default:
4806 continue;
4807 }
4808
4809 hci_add_ltk(hdev, &key->addr.bdaddr,
4810 le_addr_type(key->addr.type), type, authenticated,
4811 key->val, key->enc_size, key->ediv, key->rand);
4812 }
4813
4814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4815 NULL, 0);
4816
4817 hci_dev_unlock(hdev);
4818
4819 return err;
4820}
4821
4822static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4823{
4824 struct hci_conn *conn = cmd->user_data;
4825 struct mgmt_rp_get_conn_info rp;
4826 int err;
4827
4828 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4829
4830 if (status == MGMT_STATUS_SUCCESS) {
4831 rp.rssi = conn->rssi;
4832 rp.tx_power = conn->tx_power;
4833 rp.max_tx_power = conn->max_tx_power;
4834 } else {
4835 rp.rssi = HCI_RSSI_INVALID;
4836 rp.tx_power = HCI_TX_POWER_INVALID;
4837 rp.max_tx_power = HCI_TX_POWER_INVALID;
4838 }
4839
4840 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4841 status, &rp, sizeof(rp));
4842
4843 hci_conn_drop(conn);
4844 hci_conn_put(conn);
4845
4846 return err;
4847}
4848
4849static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4850 u16 opcode)
4851{
4852 struct hci_cp_read_rssi *cp;
4853 struct mgmt_pending_cmd *cmd;
4854 struct hci_conn *conn;
4855 u16 handle;
4856 u8 status;
4857
4858 BT_DBG("status 0x%02x", hci_status);
4859
4860 hci_dev_lock(hdev);
4861
4862 /* Commands sent in request are either Read RSSI or Read Transmit Power
4863 * Level so we check which one was last sent to retrieve connection
4864 * handle. Both commands have handle as first parameter so it's safe to
4865 * cast data on the same command struct.
4866 *
4867 * First command sent is always Read RSSI and we fail only if it fails.
4868 * In other case we simply override error to indicate success as we
4869 * already remembered if TX power value is actually valid.
4870 */
4871 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4872 if (!cp) {
4873 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4874 status = MGMT_STATUS_SUCCESS;
4875 } else {
4876 status = mgmt_status(hci_status);
4877 }
4878
4879 if (!cp) {
4880 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
4881 goto unlock;
4882 }
4883
4884 handle = __le16_to_cpu(cp->handle);
4885 conn = hci_conn_hash_lookup_handle(hdev, handle);
4886 if (!conn) {
4887 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
4888 handle);
4889 goto unlock;
4890 }
4891
4892 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4893 if (!cmd)
4894 goto unlock;
4895
4896 cmd->cmd_complete(cmd, status);
4897 mgmt_pending_remove(cmd);
4898
4899unlock:
4900 hci_dev_unlock(hdev);
4901}
4902
4903static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4904 u16 len)
4905{
4906 struct mgmt_cp_get_conn_info *cp = data;
4907 struct mgmt_rp_get_conn_info rp;
4908 struct hci_conn *conn;
4909 unsigned long conn_info_age;
4910 int err = 0;
4911
4912 BT_DBG("%s", hdev->name);
4913
4914 memset(&rp, 0, sizeof(rp));
4915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4916 rp.addr.type = cp->addr.type;
4917
4918 if (!bdaddr_type_is_valid(cp->addr.type))
4919 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4920 MGMT_STATUS_INVALID_PARAMS,
4921 &rp, sizeof(rp));
4922
4923 hci_dev_lock(hdev);
4924
4925 if (!hdev_is_powered(hdev)) {
4926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4927 MGMT_STATUS_NOT_POWERED, &rp,
4928 sizeof(rp));
4929 goto unlock;
4930 }
4931
4932 if (cp->addr.type == BDADDR_BREDR)
4933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4934 &cp->addr.bdaddr);
4935 else
4936 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4937
4938 if (!conn || conn->state != BT_CONNECTED) {
4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4940 MGMT_STATUS_NOT_CONNECTED, &rp,
4941 sizeof(rp));
4942 goto unlock;
4943 }
4944
4945 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4948 goto unlock;
4949 }
4950
4951 /* To avoid client trying to guess when to poll again for information we
4952 * calculate conn info age as random value between min/max set in hdev.
4953 */
4954 conn_info_age = hdev->conn_info_min_age +
4955 prandom_u32_max(hdev->conn_info_max_age -
4956 hdev->conn_info_min_age);
4957
4958 /* Query controller to refresh cached values if they are too old or were
4959 * never read.
4960 */
4961 if (time_after(jiffies, conn->conn_info_timestamp +
4962 msecs_to_jiffies(conn_info_age)) ||
4963 !conn->conn_info_timestamp) {
4964 struct hci_request req;
4965 struct hci_cp_read_tx_power req_txp_cp;
4966 struct hci_cp_read_rssi req_rssi_cp;
4967 struct mgmt_pending_cmd *cmd;
4968
4969 hci_req_init(&req, hdev);
4970 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4971 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4972 &req_rssi_cp);
4973
4974 /* For LE links TX power does not change thus we don't need to
4975 * query for it once value is known.
4976 */
4977 if (!bdaddr_type_is_le(cp->addr.type) ||
4978 conn->tx_power == HCI_TX_POWER_INVALID) {
4979 req_txp_cp.handle = cpu_to_le16(conn->handle);
4980 req_txp_cp.type = 0x00;
4981 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4982 sizeof(req_txp_cp), &req_txp_cp);
4983 }
4984
4985 /* Max TX power needs to be read only once per connection */
4986 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4987 req_txp_cp.handle = cpu_to_le16(conn->handle);
4988 req_txp_cp.type = 0x01;
4989 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4990 sizeof(req_txp_cp), &req_txp_cp);
4991 }
4992
4993 err = hci_req_run(&req, conn_info_refresh_complete);
4994 if (err < 0)
4995 goto unlock;
4996
4997 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4998 data, len);
4999 if (!cmd) {
5000 err = -ENOMEM;
5001 goto unlock;
5002 }
5003
5004 hci_conn_hold(conn);
5005 cmd->user_data = hci_conn_get(conn);
5006 cmd->cmd_complete = conn_info_cmd_complete;
5007
5008 conn->conn_info_timestamp = jiffies;
5009 } else {
5010 /* Cache is valid, just reply with values cached in hci_conn */
5011 rp.rssi = conn->rssi;
5012 rp.tx_power = conn->tx_power;
5013 rp.max_tx_power = conn->max_tx_power;
5014
5015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5016 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5017 }
5018
5019unlock:
5020 hci_dev_unlock(hdev);
5021 return err;
5022}
5023
5024static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5025{
5026 struct hci_conn *conn = cmd->user_data;
5027 struct mgmt_rp_get_clock_info rp;
5028 struct hci_dev *hdev;
5029 int err;
5030
5031 memset(&rp, 0, sizeof(rp));
5032 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5033
5034 if (status)
5035 goto complete;
5036
5037 hdev = hci_dev_get(cmd->index);
5038 if (hdev) {
5039 rp.local_clock = cpu_to_le32(hdev->clock);
5040 hci_dev_put(hdev);
5041 }
5042
5043 if (conn) {
5044 rp.piconet_clock = cpu_to_le32(conn->clock);
5045 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5046 }
5047
5048complete:
5049 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5050 sizeof(rp));
5051
5052 if (conn) {
5053 hci_conn_drop(conn);
5054 hci_conn_put(conn);
5055 }
5056
5057 return err;
5058}
5059
5060static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5061{
5062 struct hci_cp_read_clock *hci_cp;
5063 struct mgmt_pending_cmd *cmd;
5064 struct hci_conn *conn;
5065
5066 BT_DBG("%s status %u", hdev->name, status);
5067
5068 hci_dev_lock(hdev);
5069
5070 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5071 if (!hci_cp)
5072 goto unlock;
5073
5074 if (hci_cp->which) {
5075 u16 handle = __le16_to_cpu(hci_cp->handle);
5076 conn = hci_conn_hash_lookup_handle(hdev, handle);
5077 } else {
5078 conn = NULL;
5079 }
5080
5081 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5082 if (!cmd)
5083 goto unlock;
5084
5085 cmd->cmd_complete(cmd, mgmt_status(status));
5086 mgmt_pending_remove(cmd);
5087
5088unlock:
5089 hci_dev_unlock(hdev);
5090}
5091
5092static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5093 u16 len)
5094{
5095 struct mgmt_cp_get_clock_info *cp = data;
5096 struct mgmt_rp_get_clock_info rp;
5097 struct hci_cp_read_clock hci_cp;
5098 struct mgmt_pending_cmd *cmd;
5099 struct hci_request req;
5100 struct hci_conn *conn;
5101 int err;
5102
5103 BT_DBG("%s", hdev->name);
5104
5105 memset(&rp, 0, sizeof(rp));
5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5107 rp.addr.type = cp->addr.type;
5108
5109 if (cp->addr.type != BDADDR_BREDR)
5110 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5111 MGMT_STATUS_INVALID_PARAMS,
5112 &rp, sizeof(rp));
5113
5114 hci_dev_lock(hdev);
5115
5116 if (!hdev_is_powered(hdev)) {
5117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5118 MGMT_STATUS_NOT_POWERED, &rp,
5119 sizeof(rp));
5120 goto unlock;
5121 }
5122
5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5125 &cp->addr.bdaddr);
5126 if (!conn || conn->state != BT_CONNECTED) {
5127 err = mgmt_cmd_complete(sk, hdev->id,
5128 MGMT_OP_GET_CLOCK_INFO,
5129 MGMT_STATUS_NOT_CONNECTED,
5130 &rp, sizeof(rp));
5131 goto unlock;
5132 }
5133 } else {
5134 conn = NULL;
5135 }
5136
5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5138 if (!cmd) {
5139 err = -ENOMEM;
5140 goto unlock;
5141 }
5142
5143 cmd->cmd_complete = clock_info_cmd_complete;
5144
5145 hci_req_init(&req, hdev);
5146
5147 memset(&hci_cp, 0, sizeof(hci_cp));
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5149
5150 if (conn) {
5151 hci_conn_hold(conn);
5152 cmd->user_data = hci_conn_get(conn);
5153
5154 hci_cp.handle = cpu_to_le16(conn->handle);
5155 hci_cp.which = 0x01; /* Piconet clock */
5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5157 }
5158
5159 err = hci_req_run(&req, get_clock_info_complete);
5160 if (err < 0)
5161 mgmt_pending_remove(cmd);
5162
5163unlock:
5164 hci_dev_unlock(hdev);
5165 return err;
5166}
5167
5168static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5169{
5170 struct hci_conn *conn;
5171
5172 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5173 if (!conn)
5174 return false;
5175
5176 if (conn->dst_type != type)
5177 return false;
5178
5179 if (conn->state != BT_CONNECTED)
5180 return false;
5181
5182 return true;
5183}
5184
5185/* This function requires the caller holds hdev->lock */
5186static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5187 u8 addr_type, u8 auto_connect)
5188{
5189 struct hci_conn_params *params;
5190
5191 params = hci_conn_params_add(hdev, addr, addr_type);
5192 if (!params)
5193 return -EIO;
5194
5195 if (params->auto_connect == auto_connect)
5196 return 0;
5197
5198 list_del_init(¶ms->action);
5199
5200 switch (auto_connect) {
5201 case HCI_AUTO_CONN_DISABLED:
5202 case HCI_AUTO_CONN_LINK_LOSS:
5203 /* If auto connect is being disabled when we're trying to
5204 * connect to device, keep connecting.
5205 */
5206 if (params->explicit_connect)
5207 list_add(¶ms->action, &hdev->pend_le_conns);
5208 break;
5209 case HCI_AUTO_CONN_REPORT:
5210 if (params->explicit_connect)
5211 list_add(¶ms->action, &hdev->pend_le_conns);
5212 else
5213 list_add(¶ms->action, &hdev->pend_le_reports);
5214 break;
5215 case HCI_AUTO_CONN_DIRECT:
5216 case HCI_AUTO_CONN_ALWAYS:
5217 if (!is_connected(hdev, addr, addr_type))
5218 list_add(¶ms->action, &hdev->pend_le_conns);
5219 break;
5220 }
5221
5222 params->auto_connect = auto_connect;
5223
5224 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5225 auto_connect);
5226
5227 return 0;
5228}
5229
5230static void device_added(struct sock *sk, struct hci_dev *hdev,
5231 bdaddr_t *bdaddr, u8 type, u8 action)
5232{
5233 struct mgmt_ev_device_added ev;
5234
5235 bacpy(&ev.addr.bdaddr, bdaddr);
5236 ev.addr.type = type;
5237 ev.action = action;
5238
5239 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5240}
5241
5242static int add_device(struct sock *sk, struct hci_dev *hdev,
5243 void *data, u16 len)
5244{
5245 struct mgmt_cp_add_device *cp = data;
5246 u8 auto_conn, addr_type;
5247 int err;
5248
5249 BT_DBG("%s", hdev->name);
5250
5251 if (!bdaddr_type_is_valid(cp->addr.type) ||
5252 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5256
5257 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5261
5262 hci_dev_lock(hdev);
5263
5264 if (cp->addr.type == BDADDR_BREDR) {
5265 /* Only incoming connections action is supported for now */
5266 if (cp->action != 0x01) {
5267 err = mgmt_cmd_complete(sk, hdev->id,
5268 MGMT_OP_ADD_DEVICE,
5269 MGMT_STATUS_INVALID_PARAMS,
5270 &cp->addr, sizeof(cp->addr));
5271 goto unlock;
5272 }
5273
5274 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5275 cp->addr.type);
5276 if (err)
5277 goto unlock;
5278
5279 hci_req_update_scan(hdev);
5280
5281 goto added;
5282 }
5283
5284 addr_type = le_addr_type(cp->addr.type);
5285
5286 if (cp->action == 0x02)
5287 auto_conn = HCI_AUTO_CONN_ALWAYS;
5288 else if (cp->action == 0x01)
5289 auto_conn = HCI_AUTO_CONN_DIRECT;
5290 else
5291 auto_conn = HCI_AUTO_CONN_REPORT;
5292
5293 /* Kernel internally uses conn_params with resolvable private
5294 * address, but Add Device allows only identity addresses.
5295 * Make sure it is enforced before calling
5296 * hci_conn_params_lookup.
5297 */
5298 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5300 MGMT_STATUS_INVALID_PARAMS,
5301 &cp->addr, sizeof(cp->addr));
5302 goto unlock;
5303 }
5304
5305 /* If the connection parameters don't exist for this device,
5306 * they will be created and configured with defaults.
5307 */
5308 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5309 auto_conn) < 0) {
5310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5311 MGMT_STATUS_FAILED, &cp->addr,
5312 sizeof(cp->addr));
5313 goto unlock;
5314 }
5315
5316 hci_update_background_scan(hdev);
5317
5318added:
5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5320
5321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5322 MGMT_STATUS_SUCCESS, &cp->addr,
5323 sizeof(cp->addr));
5324
5325unlock:
5326 hci_dev_unlock(hdev);
5327 return err;
5328}
5329
5330static void device_removed(struct sock *sk, struct hci_dev *hdev,
5331 bdaddr_t *bdaddr, u8 type)
5332{
5333 struct mgmt_ev_device_removed ev;
5334
5335 bacpy(&ev.addr.bdaddr, bdaddr);
5336 ev.addr.type = type;
5337
5338 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5339}
5340
5341static int remove_device(struct sock *sk, struct hci_dev *hdev,
5342 void *data, u16 len)
5343{
5344 struct mgmt_cp_remove_device *cp = data;
5345 int err;
5346
5347 BT_DBG("%s", hdev->name);
5348
5349 hci_dev_lock(hdev);
5350
5351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5352 struct hci_conn_params *params;
5353 u8 addr_type;
5354
5355 if (!bdaddr_type_is_valid(cp->addr.type)) {
5356 err = mgmt_cmd_complete(sk, hdev->id,
5357 MGMT_OP_REMOVE_DEVICE,
5358 MGMT_STATUS_INVALID_PARAMS,
5359 &cp->addr, sizeof(cp->addr));
5360 goto unlock;
5361 }
5362
5363 if (cp->addr.type == BDADDR_BREDR) {
5364 err = hci_bdaddr_list_del(&hdev->whitelist,
5365 &cp->addr.bdaddr,
5366 cp->addr.type);
5367 if (err) {
5368 err = mgmt_cmd_complete(sk, hdev->id,
5369 MGMT_OP_REMOVE_DEVICE,
5370 MGMT_STATUS_INVALID_PARAMS,
5371 &cp->addr,
5372 sizeof(cp->addr));
5373 goto unlock;
5374 }
5375
5376 hci_req_update_scan(hdev);
5377
5378 device_removed(sk, hdev, &cp->addr.bdaddr,
5379 cp->addr.type);
5380 goto complete;
5381 }
5382
5383 addr_type = le_addr_type(cp->addr.type);
5384
5385 /* Kernel internally uses conn_params with resolvable private
5386 * address, but Remove Device allows only identity addresses.
5387 * Make sure it is enforced before calling
5388 * hci_conn_params_lookup.
5389 */
5390 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5391 err = mgmt_cmd_complete(sk, hdev->id,
5392 MGMT_OP_REMOVE_DEVICE,
5393 MGMT_STATUS_INVALID_PARAMS,
5394 &cp->addr, sizeof(cp->addr));
5395 goto unlock;
5396 }
5397
5398 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5399 addr_type);
5400 if (!params) {
5401 err = mgmt_cmd_complete(sk, hdev->id,
5402 MGMT_OP_REMOVE_DEVICE,
5403 MGMT_STATUS_INVALID_PARAMS,
5404 &cp->addr, sizeof(cp->addr));
5405 goto unlock;
5406 }
5407
5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5409 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5410 err = mgmt_cmd_complete(sk, hdev->id,
5411 MGMT_OP_REMOVE_DEVICE,
5412 MGMT_STATUS_INVALID_PARAMS,
5413 &cp->addr, sizeof(cp->addr));
5414 goto unlock;
5415 }
5416
5417 list_del(¶ms->action);
5418 list_del(¶ms->list);
5419 kfree(params);
5420 hci_update_background_scan(hdev);
5421
5422 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5423 } else {
5424 struct hci_conn_params *p, *tmp;
5425 struct bdaddr_list *b, *btmp;
5426
5427 if (cp->addr.type) {
5428 err = mgmt_cmd_complete(sk, hdev->id,
5429 MGMT_OP_REMOVE_DEVICE,
5430 MGMT_STATUS_INVALID_PARAMS,
5431 &cp->addr, sizeof(cp->addr));
5432 goto unlock;
5433 }
5434
5435 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5436 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5437 list_del(&b->list);
5438 kfree(b);
5439 }
5440
5441 hci_req_update_scan(hdev);
5442
5443 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5444 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5445 continue;
5446 device_removed(sk, hdev, &p->addr, p->addr_type);
5447 if (p->explicit_connect) {
5448 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5449 continue;
5450 }
5451 list_del(&p->action);
5452 list_del(&p->list);
5453 kfree(p);
5454 }
5455
5456 BT_DBG("All LE connection parameters were removed");
5457
5458 hci_update_background_scan(hdev);
5459 }
5460
5461complete:
5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5463 MGMT_STATUS_SUCCESS, &cp->addr,
5464 sizeof(cp->addr));
5465unlock:
5466 hci_dev_unlock(hdev);
5467 return err;
5468}
5469
5470static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5471 u16 len)
5472{
5473 struct mgmt_cp_load_conn_param *cp = data;
5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5475 sizeof(struct mgmt_conn_param));
5476 u16 param_count, expected_len;
5477 int i;
5478
5479 if (!lmp_le_capable(hdev))
5480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_NOT_SUPPORTED);
5482
5483 param_count = __le16_to_cpu(cp->param_count);
5484 if (param_count > max_param_count) {
5485 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5486 param_count);
5487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5488 MGMT_STATUS_INVALID_PARAMS);
5489 }
5490
5491 expected_len = sizeof(*cp) + param_count *
5492 sizeof(struct mgmt_conn_param);
5493 if (expected_len != len) {
5494 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5495 expected_len, len);
5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_INVALID_PARAMS);
5498 }
5499
5500 BT_DBG("%s param_count %u", hdev->name, param_count);
5501
5502 hci_dev_lock(hdev);
5503
5504 hci_conn_params_clear_disabled(hdev);
5505
5506 for (i = 0; i < param_count; i++) {
5507 struct mgmt_conn_param *param = &cp->params[i];
5508 struct hci_conn_params *hci_param;
5509 u16 min, max, latency, timeout;
5510 u8 addr_type;
5511
5512 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5513 param->addr.type);
5514
5515 if (param->addr.type == BDADDR_LE_PUBLIC) {
5516 addr_type = ADDR_LE_DEV_PUBLIC;
5517 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5518 addr_type = ADDR_LE_DEV_RANDOM;
5519 } else {
5520 bt_dev_err(hdev, "ignoring invalid connection parameters");
5521 continue;
5522 }
5523
5524 min = le16_to_cpu(param->min_interval);
5525 max = le16_to_cpu(param->max_interval);
5526 latency = le16_to_cpu(param->latency);
5527 timeout = le16_to_cpu(param->timeout);
5528
5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5530 min, max, latency, timeout);
5531
5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5533 bt_dev_err(hdev, "ignoring invalid connection parameters");
5534 continue;
5535 }
5536
5537 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5538 addr_type);
5539 if (!hci_param) {
5540 bt_dev_err(hdev, "failed to add connection parameters");
5541 continue;
5542 }
5543
5544 hci_param->conn_min_interval = min;
5545 hci_param->conn_max_interval = max;
5546 hci_param->conn_latency = latency;
5547 hci_param->supervision_timeout = timeout;
5548 }
5549
5550 hci_dev_unlock(hdev);
5551
5552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5553 NULL, 0);
5554}
5555
5556static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5557 void *data, u16 len)
5558{
5559 struct mgmt_cp_set_external_config *cp = data;
5560 bool changed;
5561 int err;
5562
5563 BT_DBG("%s", hdev->name);
5564
5565 if (hdev_is_powered(hdev))
5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_REJECTED);
5568
5569 if (cp->config != 0x00 && cp->config != 0x01)
5570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5571 MGMT_STATUS_INVALID_PARAMS);
5572
5573 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5575 MGMT_STATUS_NOT_SUPPORTED);
5576
5577 hci_dev_lock(hdev);
5578
5579 if (cp->config)
5580 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5581 else
5582 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5583
5584 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5585 if (err < 0)
5586 goto unlock;
5587
5588 if (!changed)
5589 goto unlock;
5590
5591 err = new_options(hdev, sk);
5592
5593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5594 mgmt_index_removed(hdev);
5595
5596 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5597 hci_dev_set_flag(hdev, HCI_CONFIG);
5598 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5599
5600 queue_work(hdev->req_workqueue, &hdev->power_on);
5601 } else {
5602 set_bit(HCI_RAW, &hdev->flags);
5603 mgmt_index_added(hdev);
5604 }
5605 }
5606
5607unlock:
5608 hci_dev_unlock(hdev);
5609 return err;
5610}
5611
5612static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5613 void *data, u16 len)
5614{
5615 struct mgmt_cp_set_public_address *cp = data;
5616 bool changed;
5617 int err;
5618
5619 BT_DBG("%s", hdev->name);
5620
5621 if (hdev_is_powered(hdev))
5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5623 MGMT_STATUS_REJECTED);
5624
5625 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5627 MGMT_STATUS_INVALID_PARAMS);
5628
5629 if (!hdev->set_bdaddr)
5630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5631 MGMT_STATUS_NOT_SUPPORTED);
5632
5633 hci_dev_lock(hdev);
5634
5635 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5636 bacpy(&hdev->public_addr, &cp->bdaddr);
5637
5638 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5639 if (err < 0)
5640 goto unlock;
5641
5642 if (!changed)
5643 goto unlock;
5644
5645 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5646 err = new_options(hdev, sk);
5647
5648 if (is_configured(hdev)) {
5649 mgmt_index_removed(hdev);
5650
5651 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5652
5653 hci_dev_set_flag(hdev, HCI_CONFIG);
5654 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5655
5656 queue_work(hdev->req_workqueue, &hdev->power_on);
5657 }
5658
5659unlock:
5660 hci_dev_unlock(hdev);
5661 return err;
5662}
5663
5664static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5665 u16 opcode, struct sk_buff *skb)
5666{
5667 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5668 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5669 u8 *h192, *r192, *h256, *r256;
5670 struct mgmt_pending_cmd *cmd;
5671 u16 eir_len;
5672 int err;
5673
5674 BT_DBG("%s status %u", hdev->name, status);
5675
5676 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5677 if (!cmd)
5678 return;
5679
5680 mgmt_cp = cmd->param;
5681
5682 if (status) {
5683 status = mgmt_status(status);
5684 eir_len = 0;
5685
5686 h192 = NULL;
5687 r192 = NULL;
5688 h256 = NULL;
5689 r256 = NULL;
5690 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5691 struct hci_rp_read_local_oob_data *rp;
5692
5693 if (skb->len != sizeof(*rp)) {
5694 status = MGMT_STATUS_FAILED;
5695 eir_len = 0;
5696 } else {
5697 status = MGMT_STATUS_SUCCESS;
5698 rp = (void *)skb->data;
5699
5700 eir_len = 5 + 18 + 18;
5701 h192 = rp->hash;
5702 r192 = rp->rand;
5703 h256 = NULL;
5704 r256 = NULL;
5705 }
5706 } else {
5707 struct hci_rp_read_local_oob_ext_data *rp;
5708
5709 if (skb->len != sizeof(*rp)) {
5710 status = MGMT_STATUS_FAILED;
5711 eir_len = 0;
5712 } else {
5713 status = MGMT_STATUS_SUCCESS;
5714 rp = (void *)skb->data;
5715
5716 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5717 eir_len = 5 + 18 + 18;
5718 h192 = NULL;
5719 r192 = NULL;
5720 } else {
5721 eir_len = 5 + 18 + 18 + 18 + 18;
5722 h192 = rp->hash192;
5723 r192 = rp->rand192;
5724 }
5725
5726 h256 = rp->hash256;
5727 r256 = rp->rand256;
5728 }
5729 }
5730
5731 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5732 if (!mgmt_rp)
5733 goto done;
5734
5735 if (status)
5736 goto send_rsp;
5737
5738 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5739 hdev->dev_class, 3);
5740
5741 if (h192 && r192) {
5742 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5743 EIR_SSP_HASH_C192, h192, 16);
5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5745 EIR_SSP_RAND_R192, r192, 16);
5746 }
5747
5748 if (h256 && r256) {
5749 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5750 EIR_SSP_HASH_C256, h256, 16);
5751 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5752 EIR_SSP_RAND_R256, r256, 16);
5753 }
5754
5755send_rsp:
5756 mgmt_rp->type = mgmt_cp->type;
5757 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5758
5759 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5760 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5761 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5762 if (err < 0 || status)
5763 goto done;
5764
5765 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5766
5767 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5768 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5769 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5770done:
5771 kfree(mgmt_rp);
5772 mgmt_pending_remove(cmd);
5773}
5774
5775static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5776 struct mgmt_cp_read_local_oob_ext_data *cp)
5777{
5778 struct mgmt_pending_cmd *cmd;
5779 struct hci_request req;
5780 int err;
5781
5782 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5783 cp, sizeof(*cp));
5784 if (!cmd)
5785 return -ENOMEM;
5786
5787 hci_req_init(&req, hdev);
5788
5789 if (bredr_sc_enabled(hdev))
5790 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5791 else
5792 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5793
5794 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5795 if (err < 0) {
5796 mgmt_pending_remove(cmd);
5797 return err;
5798 }
5799
5800 return 0;
5801}
5802
5803static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5804 void *data, u16 data_len)
5805{
5806 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5807 struct mgmt_rp_read_local_oob_ext_data *rp;
5808 size_t rp_len;
5809 u16 eir_len;
5810 u8 status, flags, role, addr[7], hash[16], rand[16];
5811 int err;
5812
5813 BT_DBG("%s", hdev->name);
5814
5815 if (hdev_is_powered(hdev)) {
5816 switch (cp->type) {
5817 case BIT(BDADDR_BREDR):
5818 status = mgmt_bredr_support(hdev);
5819 if (status)
5820 eir_len = 0;
5821 else
5822 eir_len = 5;
5823 break;
5824 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5825 status = mgmt_le_support(hdev);
5826 if (status)
5827 eir_len = 0;
5828 else
5829 eir_len = 9 + 3 + 18 + 18 + 3;
5830 break;
5831 default:
5832 status = MGMT_STATUS_INVALID_PARAMS;
5833 eir_len = 0;
5834 break;
5835 }
5836 } else {
5837 status = MGMT_STATUS_NOT_POWERED;
5838 eir_len = 0;
5839 }
5840
5841 rp_len = sizeof(*rp) + eir_len;
5842 rp = kmalloc(rp_len, GFP_ATOMIC);
5843 if (!rp)
5844 return -ENOMEM;
5845
5846 if (status)
5847 goto complete;
5848
5849 hci_dev_lock(hdev);
5850
5851 eir_len = 0;
5852 switch (cp->type) {
5853 case BIT(BDADDR_BREDR):
5854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5855 err = read_local_ssp_oob_req(hdev, sk, cp);
5856 hci_dev_unlock(hdev);
5857 if (!err)
5858 goto done;
5859
5860 status = MGMT_STATUS_FAILED;
5861 goto complete;
5862 } else {
5863 eir_len = eir_append_data(rp->eir, eir_len,
5864 EIR_CLASS_OF_DEV,
5865 hdev->dev_class, 3);
5866 }
5867 break;
5868 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5870 smp_generate_oob(hdev, hash, rand) < 0) {
5871 hci_dev_unlock(hdev);
5872 status = MGMT_STATUS_FAILED;
5873 goto complete;
5874 }
5875
5876 /* This should return the active RPA, but since the RPA
5877 * is only programmed on demand, it is really hard to fill
5878 * this in at the moment. For now disallow retrieving
5879 * local out-of-band data when privacy is in use.
5880 *
5881 * Returning the identity address will not help here since
5882 * pairing happens before the identity resolving key is
5883 * known and thus the connection establishment happens
5884 * based on the RPA and not the identity address.
5885 */
5886 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5887 hci_dev_unlock(hdev);
5888 status = MGMT_STATUS_REJECTED;
5889 goto complete;
5890 }
5891
5892 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5893 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5894 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5895 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5896 memcpy(addr, &hdev->static_addr, 6);
5897 addr[6] = 0x01;
5898 } else {
5899 memcpy(addr, &hdev->bdaddr, 6);
5900 addr[6] = 0x00;
5901 }
5902
5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5904 addr, sizeof(addr));
5905
5906 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5907 role = 0x02;
5908 else
5909 role = 0x01;
5910
5911 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5912 &role, sizeof(role));
5913
5914 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5915 eir_len = eir_append_data(rp->eir, eir_len,
5916 EIR_LE_SC_CONFIRM,
5917 hash, sizeof(hash));
5918
5919 eir_len = eir_append_data(rp->eir, eir_len,
5920 EIR_LE_SC_RANDOM,
5921 rand, sizeof(rand));
5922 }
5923
5924 flags = mgmt_get_adv_discov_flags(hdev);
5925
5926 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5927 flags |= LE_AD_NO_BREDR;
5928
5929 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5930 &flags, sizeof(flags));
5931 break;
5932 }
5933
5934 hci_dev_unlock(hdev);
5935
5936 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5937
5938 status = MGMT_STATUS_SUCCESS;
5939
5940complete:
5941 rp->type = cp->type;
5942 rp->eir_len = cpu_to_le16(eir_len);
5943
5944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5945 status, rp, sizeof(*rp) + eir_len);
5946 if (err < 0 || status)
5947 goto done;
5948
5949 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5950 rp, sizeof(*rp) + eir_len,
5951 HCI_MGMT_OOB_DATA_EVENTS, sk);
5952
5953done:
5954 kfree(rp);
5955
5956 return err;
5957}
5958
5959static u32 get_supported_adv_flags(struct hci_dev *hdev)
5960{
5961 u32 flags = 0;
5962
5963 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5964 flags |= MGMT_ADV_FLAG_DISCOV;
5965 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5966 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5967 flags |= MGMT_ADV_FLAG_APPEARANCE;
5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5969
5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5971 flags |= MGMT_ADV_FLAG_TX_POWER;
5972
5973 return flags;
5974}
5975
5976static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 data_len)
5978{
5979 struct mgmt_rp_read_adv_features *rp;
5980 size_t rp_len;
5981 int err;
5982 struct adv_info *adv_instance;
5983 u32 supported_flags;
5984 u8 *instance;
5985
5986 BT_DBG("%s", hdev->name);
5987
5988 if (!lmp_le_capable(hdev))
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5990 MGMT_STATUS_REJECTED);
5991
5992 hci_dev_lock(hdev);
5993
5994 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5995 rp = kmalloc(rp_len, GFP_ATOMIC);
5996 if (!rp) {
5997 hci_dev_unlock(hdev);
5998 return -ENOMEM;
5999 }
6000
6001 supported_flags = get_supported_adv_flags(hdev);
6002
6003 rp->supported_flags = cpu_to_le32(supported_flags);
6004 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6005 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6006 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6007 rp->num_instances = hdev->adv_instance_cnt;
6008
6009 instance = rp->instance;
6010 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6011 *instance = adv_instance->instance;
6012 instance++;
6013 }
6014
6015 hci_dev_unlock(hdev);
6016
6017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6018 MGMT_STATUS_SUCCESS, rp, rp_len);
6019
6020 kfree(rp);
6021
6022 return err;
6023}
6024
6025static u8 calculate_name_len(struct hci_dev *hdev)
6026{
6027 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6028
6029 return append_local_name(hdev, buf, 0);
6030}
6031
6032static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6033 bool is_adv_data)
6034{
6035 u8 max_len = HCI_MAX_AD_LENGTH;
6036
6037 if (is_adv_data) {
6038 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6039 MGMT_ADV_FLAG_LIMITED_DISCOV |
6040 MGMT_ADV_FLAG_MANAGED_FLAGS))
6041 max_len -= 3;
6042
6043 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6044 max_len -= 3;
6045 } else {
6046 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6047 max_len -= calculate_name_len(hdev);
6048
6049 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6050 max_len -= 4;
6051 }
6052
6053 return max_len;
6054}
6055
6056static bool flags_managed(u32 adv_flags)
6057{
6058 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6059 MGMT_ADV_FLAG_LIMITED_DISCOV |
6060 MGMT_ADV_FLAG_MANAGED_FLAGS);
6061}
6062
6063static bool tx_power_managed(u32 adv_flags)
6064{
6065 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6066}
6067
6068static bool name_managed(u32 adv_flags)
6069{
6070 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6071}
6072
6073static bool appearance_managed(u32 adv_flags)
6074{
6075 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6076}
6077
6078static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6079 u8 len, bool is_adv_data)
6080{
6081 int i, cur_len;
6082 u8 max_len;
6083
6084 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6085
6086 if (len > max_len)
6087 return false;
6088
6089 /* Make sure that the data is correctly formatted. */
6090 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6091 cur_len = data[i];
6092
6093 if (data[i + 1] == EIR_FLAGS &&
6094 (!is_adv_data || flags_managed(adv_flags)))
6095 return false;
6096
6097 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6098 return false;
6099
6100 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6101 return false;
6102
6103 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6104 return false;
6105
6106 if (data[i + 1] == EIR_APPEARANCE &&
6107 appearance_managed(adv_flags))
6108 return false;
6109
6110 /* If the current field length would exceed the total data
6111 * length, then it's invalid.
6112 */
6113 if (i + cur_len >= len)
6114 return false;
6115 }
6116
6117 return true;
6118}
6119
6120static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6121 u16 opcode)
6122{
6123 struct mgmt_pending_cmd *cmd;
6124 struct mgmt_cp_add_advertising *cp;
6125 struct mgmt_rp_add_advertising rp;
6126 struct adv_info *adv_instance, *n;
6127 u8 instance;
6128
6129 BT_DBG("status %d", status);
6130
6131 hci_dev_lock(hdev);
6132
6133 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6134
6135 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6136 if (!adv_instance->pending)
6137 continue;
6138
6139 if (!status) {
6140 adv_instance->pending = false;
6141 continue;
6142 }
6143
6144 instance = adv_instance->instance;
6145
6146 if (hdev->cur_adv_instance == instance)
6147 cancel_adv_timeout(hdev);
6148
6149 hci_remove_adv_instance(hdev, instance);
6150 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6151 }
6152
6153 if (!cmd)
6154 goto unlock;
6155
6156 cp = cmd->param;
6157 rp.instance = cp->instance;
6158
6159 if (status)
6160 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6161 mgmt_status(status));
6162 else
6163 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6164 mgmt_status(status), &rp, sizeof(rp));
6165
6166 mgmt_pending_remove(cmd);
6167
6168unlock:
6169 hci_dev_unlock(hdev);
6170}
6171
6172static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6173 void *data, u16 data_len)
6174{
6175 struct mgmt_cp_add_advertising *cp = data;
6176 struct mgmt_rp_add_advertising rp;
6177 u32 flags;
6178 u32 supported_flags;
6179 u8 status;
6180 u16 timeout, duration;
6181 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6182 u8 schedule_instance = 0;
6183 struct adv_info *next_instance;
6184 int err;
6185 struct mgmt_pending_cmd *cmd;
6186 struct hci_request req;
6187
6188 BT_DBG("%s", hdev->name);
6189
6190 status = mgmt_le_support(hdev);
6191 if (status)
6192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6193 status);
6194
6195 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6197 MGMT_STATUS_INVALID_PARAMS);
6198
6199 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6201 MGMT_STATUS_INVALID_PARAMS);
6202
6203 flags = __le32_to_cpu(cp->flags);
6204 timeout = __le16_to_cpu(cp->timeout);
6205 duration = __le16_to_cpu(cp->duration);
6206
6207 /* The current implementation only supports a subset of the specified
6208 * flags.
6209 */
6210 supported_flags = get_supported_adv_flags(hdev);
6211 if (flags & ~supported_flags)
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6213 MGMT_STATUS_INVALID_PARAMS);
6214
6215 hci_dev_lock(hdev);
6216
6217 if (timeout && !hdev_is_powered(hdev)) {
6218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6219 MGMT_STATUS_REJECTED);
6220 goto unlock;
6221 }
6222
6223 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6224 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6225 pending_find(MGMT_OP_SET_LE, hdev)) {
6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6227 MGMT_STATUS_BUSY);
6228 goto unlock;
6229 }
6230
6231 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6232 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6233 cp->scan_rsp_len, false)) {
6234 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6235 MGMT_STATUS_INVALID_PARAMS);
6236 goto unlock;
6237 }
6238
6239 err = hci_add_adv_instance(hdev, cp->instance, flags,
6240 cp->adv_data_len, cp->data,
6241 cp->scan_rsp_len,
6242 cp->data + cp->adv_data_len,
6243 timeout, duration);
6244 if (err < 0) {
6245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6246 MGMT_STATUS_FAILED);
6247 goto unlock;
6248 }
6249
6250 /* Only trigger an advertising added event if a new instance was
6251 * actually added.
6252 */
6253 if (hdev->adv_instance_cnt > prev_instance_cnt)
6254 mgmt_advertising_added(sk, hdev, cp->instance);
6255
6256 if (hdev->cur_adv_instance == cp->instance) {
6257 /* If the currently advertised instance is being changed then
6258 * cancel the current advertising and schedule the next
6259 * instance. If there is only one instance then the overridden
6260 * advertising data will be visible right away.
6261 */
6262 cancel_adv_timeout(hdev);
6263
6264 next_instance = hci_get_next_instance(hdev, cp->instance);
6265 if (next_instance)
6266 schedule_instance = next_instance->instance;
6267 } else if (!hdev->adv_instance_timeout) {
6268 /* Immediately advertise the new instance if no other
6269 * instance is currently being advertised.
6270 */
6271 schedule_instance = cp->instance;
6272 }
6273
6274 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6275 * there is no instance to be advertised then we have no HCI
6276 * communication to make. Simply return.
6277 */
6278 if (!hdev_is_powered(hdev) ||
6279 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6280 !schedule_instance) {
6281 rp.instance = cp->instance;
6282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6283 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6284 goto unlock;
6285 }
6286
6287 /* We're good to go, update advertising data, parameters, and start
6288 * advertising.
6289 */
6290 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6291 data_len);
6292 if (!cmd) {
6293 err = -ENOMEM;
6294 goto unlock;
6295 }
6296
6297 hci_req_init(&req, hdev);
6298
6299 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6300
6301 if (!err)
6302 err = hci_req_run(&req, add_advertising_complete);
6303
6304 if (err < 0)
6305 mgmt_pending_remove(cmd);
6306
6307unlock:
6308 hci_dev_unlock(hdev);
6309
6310 return err;
6311}
6312
6313static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6314 u16 opcode)
6315{
6316 struct mgmt_pending_cmd *cmd;
6317 struct mgmt_cp_remove_advertising *cp;
6318 struct mgmt_rp_remove_advertising rp;
6319
6320 BT_DBG("status %d", status);
6321
6322 hci_dev_lock(hdev);
6323
6324 /* A failure status here only means that we failed to disable
6325 * advertising. Otherwise, the advertising instance has been removed,
6326 * so report success.
6327 */
6328 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6329 if (!cmd)
6330 goto unlock;
6331
6332 cp = cmd->param;
6333 rp.instance = cp->instance;
6334
6335 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6336 &rp, sizeof(rp));
6337 mgmt_pending_remove(cmd);
6338
6339unlock:
6340 hci_dev_unlock(hdev);
6341}
6342
6343static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6344 void *data, u16 data_len)
6345{
6346 struct mgmt_cp_remove_advertising *cp = data;
6347 struct mgmt_rp_remove_advertising rp;
6348 struct mgmt_pending_cmd *cmd;
6349 struct hci_request req;
6350 int err;
6351
6352 BT_DBG("%s", hdev->name);
6353
6354 hci_dev_lock(hdev);
6355
6356 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6357 err = mgmt_cmd_status(sk, hdev->id,
6358 MGMT_OP_REMOVE_ADVERTISING,
6359 MGMT_STATUS_INVALID_PARAMS);
6360 goto unlock;
6361 }
6362
6363 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6364 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6365 pending_find(MGMT_OP_SET_LE, hdev)) {
6366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6367 MGMT_STATUS_BUSY);
6368 goto unlock;
6369 }
6370
6371 if (list_empty(&hdev->adv_instances)) {
6372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6373 MGMT_STATUS_INVALID_PARAMS);
6374 goto unlock;
6375 }
6376
6377 hci_req_init(&req, hdev);
6378
6379 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6380
6381 if (list_empty(&hdev->adv_instances))
6382 __hci_req_disable_advertising(&req);
6383
6384 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6385 * flag is set or the device isn't powered then we have no HCI
6386 * communication to make. Simply return.
6387 */
6388 if (skb_queue_empty(&req.cmd_q) ||
6389 !hdev_is_powered(hdev) ||
6390 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6391 hci_req_purge(&req);
6392 rp.instance = cp->instance;
6393 err = mgmt_cmd_complete(sk, hdev->id,
6394 MGMT_OP_REMOVE_ADVERTISING,
6395 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6396 goto unlock;
6397 }
6398
6399 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6400 data_len);
6401 if (!cmd) {
6402 err = -ENOMEM;
6403 goto unlock;
6404 }
6405
6406 err = hci_req_run(&req, remove_advertising_complete);
6407 if (err < 0)
6408 mgmt_pending_remove(cmd);
6409
6410unlock:
6411 hci_dev_unlock(hdev);
6412
6413 return err;
6414}
6415
6416static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6417 void *data, u16 data_len)
6418{
6419 struct mgmt_cp_get_adv_size_info *cp = data;
6420 struct mgmt_rp_get_adv_size_info rp;
6421 u32 flags, supported_flags;
6422 int err;
6423
6424 BT_DBG("%s", hdev->name);
6425
6426 if (!lmp_le_capable(hdev))
6427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6428 MGMT_STATUS_REJECTED);
6429
6430 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6432 MGMT_STATUS_INVALID_PARAMS);
6433
6434 flags = __le32_to_cpu(cp->flags);
6435
6436 /* The current implementation only supports a subset of the specified
6437 * flags.
6438 */
6439 supported_flags = get_supported_adv_flags(hdev);
6440 if (flags & ~supported_flags)
6441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6442 MGMT_STATUS_INVALID_PARAMS);
6443
6444 rp.instance = cp->instance;
6445 rp.flags = cp->flags;
6446 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6447 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6448
6449 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6450 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6451
6452 return err;
6453}
6454
6455static const struct hci_mgmt_handler mgmt_handlers[] = {
6456 { NULL }, /* 0x0000 (no command) */
6457 { read_version, MGMT_READ_VERSION_SIZE,
6458 HCI_MGMT_NO_HDEV |
6459 HCI_MGMT_UNTRUSTED },
6460 { read_commands, MGMT_READ_COMMANDS_SIZE,
6461 HCI_MGMT_NO_HDEV |
6462 HCI_MGMT_UNTRUSTED },
6463 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6464 HCI_MGMT_NO_HDEV |
6465 HCI_MGMT_UNTRUSTED },
6466 { read_controller_info, MGMT_READ_INFO_SIZE,
6467 HCI_MGMT_UNTRUSTED },
6468 { set_powered, MGMT_SETTING_SIZE },
6469 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6470 { set_connectable, MGMT_SETTING_SIZE },
6471 { set_fast_connectable, MGMT_SETTING_SIZE },
6472 { set_bondable, MGMT_SETTING_SIZE },
6473 { set_link_security, MGMT_SETTING_SIZE },
6474 { set_ssp, MGMT_SETTING_SIZE },
6475 { set_hs, MGMT_SETTING_SIZE },
6476 { set_le, MGMT_SETTING_SIZE },
6477 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6478 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6479 { add_uuid, MGMT_ADD_UUID_SIZE },
6480 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6481 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6482 HCI_MGMT_VAR_LEN },
6483 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6484 HCI_MGMT_VAR_LEN },
6485 { disconnect, MGMT_DISCONNECT_SIZE },
6486 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6487 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6488 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6489 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6490 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6491 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6492 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6493 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6494 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6495 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6496 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6497 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6498 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6499 HCI_MGMT_VAR_LEN },
6500 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6501 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6502 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6503 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6504 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6505 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6506 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6507 { set_advertising, MGMT_SETTING_SIZE },
6508 { set_bredr, MGMT_SETTING_SIZE },
6509 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6510 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6511 { set_secure_conn, MGMT_SETTING_SIZE },
6512 { set_debug_keys, MGMT_SETTING_SIZE },
6513 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6514 { load_irks, MGMT_LOAD_IRKS_SIZE,
6515 HCI_MGMT_VAR_LEN },
6516 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6517 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6518 { add_device, MGMT_ADD_DEVICE_SIZE },
6519 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6520 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6521 HCI_MGMT_VAR_LEN },
6522 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6523 HCI_MGMT_NO_HDEV |
6524 HCI_MGMT_UNTRUSTED },
6525 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6526 HCI_MGMT_UNCONFIGURED |
6527 HCI_MGMT_UNTRUSTED },
6528 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6529 HCI_MGMT_UNCONFIGURED },
6530 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6531 HCI_MGMT_UNCONFIGURED },
6532 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6533 HCI_MGMT_VAR_LEN },
6534 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6535 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6536 HCI_MGMT_NO_HDEV |
6537 HCI_MGMT_UNTRUSTED },
6538 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6539 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6540 HCI_MGMT_VAR_LEN },
6541 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6542 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6543 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6544 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6545 HCI_MGMT_UNTRUSTED },
6546 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6547};
6548
6549void mgmt_index_added(struct hci_dev *hdev)
6550{
6551 struct mgmt_ev_ext_index ev;
6552
6553 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6554 return;
6555
6556 switch (hdev->dev_type) {
6557 case HCI_PRIMARY:
6558 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6559 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6560 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6561 ev.type = 0x01;
6562 } else {
6563 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6564 HCI_MGMT_INDEX_EVENTS);
6565 ev.type = 0x00;
6566 }
6567 break;
6568 case HCI_AMP:
6569 ev.type = 0x02;
6570 break;
6571 default:
6572 return;
6573 }
6574
6575 ev.bus = hdev->bus;
6576
6577 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6578 HCI_MGMT_EXT_INDEX_EVENTS);
6579}
6580
6581void mgmt_index_removed(struct hci_dev *hdev)
6582{
6583 struct mgmt_ev_ext_index ev;
6584 u8 status = MGMT_STATUS_INVALID_INDEX;
6585
6586 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6587 return;
6588
6589 switch (hdev->dev_type) {
6590 case HCI_PRIMARY:
6591 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6592
6593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6594 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6595 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6596 ev.type = 0x01;
6597 } else {
6598 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6599 HCI_MGMT_INDEX_EVENTS);
6600 ev.type = 0x00;
6601 }
6602 break;
6603 case HCI_AMP:
6604 ev.type = 0x02;
6605 break;
6606 default:
6607 return;
6608 }
6609
6610 ev.bus = hdev->bus;
6611
6612 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6613 HCI_MGMT_EXT_INDEX_EVENTS);
6614}
6615
6616/* This function requires the caller holds hdev->lock */
6617static void restart_le_actions(struct hci_dev *hdev)
6618{
6619 struct hci_conn_params *p;
6620
6621 list_for_each_entry(p, &hdev->le_conn_params, list) {
6622 /* Needed for AUTO_OFF case where might not "really"
6623 * have been powered off.
6624 */
6625 list_del_init(&p->action);
6626
6627 switch (p->auto_connect) {
6628 case HCI_AUTO_CONN_DIRECT:
6629 case HCI_AUTO_CONN_ALWAYS:
6630 list_add(&p->action, &hdev->pend_le_conns);
6631 break;
6632 case HCI_AUTO_CONN_REPORT:
6633 list_add(&p->action, &hdev->pend_le_reports);
6634 break;
6635 default:
6636 break;
6637 }
6638 }
6639}
6640
6641void mgmt_power_on(struct hci_dev *hdev, int err)
6642{
6643 struct cmd_lookup match = { NULL, hdev };
6644
6645 BT_DBG("err %d", err);
6646
6647 hci_dev_lock(hdev);
6648
6649 if (!err) {
6650 restart_le_actions(hdev);
6651 hci_update_background_scan(hdev);
6652 }
6653
6654 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6655
6656 new_settings(hdev, match.sk);
6657
6658 if (match.sk)
6659 sock_put(match.sk);
6660
6661 hci_dev_unlock(hdev);
6662}
6663
6664void __mgmt_power_off(struct hci_dev *hdev)
6665{
6666 struct cmd_lookup match = { NULL, hdev };
6667 u8 status, zero_cod[] = { 0, 0, 0 };
6668
6669 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6670
6671 /* If the power off is because of hdev unregistration let
6672 * use the appropriate INVALID_INDEX status. Otherwise use
6673 * NOT_POWERED. We cover both scenarios here since later in
6674 * mgmt_index_removed() any hci_conn callbacks will have already
6675 * been triggered, potentially causing misleading DISCONNECTED
6676 * status responses.
6677 */
6678 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6679 status = MGMT_STATUS_INVALID_INDEX;
6680 else
6681 status = MGMT_STATUS_NOT_POWERED;
6682
6683 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6684
6685 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6686 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6687 zero_cod, sizeof(zero_cod),
6688 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6689 ext_info_changed(hdev, NULL);
6690 }
6691
6692 new_settings(hdev, match.sk);
6693
6694 if (match.sk)
6695 sock_put(match.sk);
6696}
6697
6698void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6699{
6700 struct mgmt_pending_cmd *cmd;
6701 u8 status;
6702
6703 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6704 if (!cmd)
6705 return;
6706
6707 if (err == -ERFKILL)
6708 status = MGMT_STATUS_RFKILLED;
6709 else
6710 status = MGMT_STATUS_FAILED;
6711
6712 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6713
6714 mgmt_pending_remove(cmd);
6715}
6716
6717void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6718 bool persistent)
6719{
6720 struct mgmt_ev_new_link_key ev;
6721
6722 memset(&ev, 0, sizeof(ev));
6723
6724 ev.store_hint = persistent;
6725 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6726 ev.key.addr.type = BDADDR_BREDR;
6727 ev.key.type = key->type;
6728 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6729 ev.key.pin_len = key->pin_len;
6730
6731 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6732}
6733
6734static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6735{
6736 switch (ltk->type) {
6737 case SMP_LTK:
6738 case SMP_LTK_SLAVE:
6739 if (ltk->authenticated)
6740 return MGMT_LTK_AUTHENTICATED;
6741 return MGMT_LTK_UNAUTHENTICATED;
6742 case SMP_LTK_P256:
6743 if (ltk->authenticated)
6744 return MGMT_LTK_P256_AUTH;
6745 return MGMT_LTK_P256_UNAUTH;
6746 case SMP_LTK_P256_DEBUG:
6747 return MGMT_LTK_P256_DEBUG;
6748 }
6749
6750 return MGMT_LTK_UNAUTHENTICATED;
6751}
6752
6753void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6754{
6755 struct mgmt_ev_new_long_term_key ev;
6756
6757 memset(&ev, 0, sizeof(ev));
6758
6759 /* Devices using resolvable or non-resolvable random addresses
6760 * without providing an identity resolving key don't require
6761 * to store long term keys. Their addresses will change the
6762 * next time around.
6763 *
6764 * Only when a remote device provides an identity address
6765 * make sure the long term key is stored. If the remote
6766 * identity is known, the long term keys are internally
6767 * mapped to the identity address. So allow static random
6768 * and public addresses here.
6769 */
6770 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6771 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6772 ev.store_hint = 0x00;
6773 else
6774 ev.store_hint = persistent;
6775
6776 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6777 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6778 ev.key.type = mgmt_ltk_type(key);
6779 ev.key.enc_size = key->enc_size;
6780 ev.key.ediv = key->ediv;
6781 ev.key.rand = key->rand;
6782
6783 if (key->type == SMP_LTK)
6784 ev.key.master = 1;
6785
6786 /* Make sure we copy only the significant bytes based on the
6787 * encryption key size, and set the rest of the value to zeroes.
6788 */
6789 memcpy(ev.key.val, key->val, key->enc_size);
6790 memset(ev.key.val + key->enc_size, 0,
6791 sizeof(ev.key.val) - key->enc_size);
6792
6793 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6794}
6795
6796void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6797{
6798 struct mgmt_ev_new_irk ev;
6799
6800 memset(&ev, 0, sizeof(ev));
6801
6802 ev.store_hint = persistent;
6803
6804 bacpy(&ev.rpa, &irk->rpa);
6805 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6806 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6807 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6808
6809 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6810}
6811
6812void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6813 bool persistent)
6814{
6815 struct mgmt_ev_new_csrk ev;
6816
6817 memset(&ev, 0, sizeof(ev));
6818
6819 /* Devices using resolvable or non-resolvable random addresses
6820 * without providing an identity resolving key don't require
6821 * to store signature resolving keys. Their addresses will change
6822 * the next time around.
6823 *
6824 * Only when a remote device provides an identity address
6825 * make sure the signature resolving key is stored. So allow
6826 * static random and public addresses here.
6827 */
6828 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6829 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6830 ev.store_hint = 0x00;
6831 else
6832 ev.store_hint = persistent;
6833
6834 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6835 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6836 ev.key.type = csrk->type;
6837 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6838
6839 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6840}
6841
6842void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6843 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6844 u16 max_interval, u16 latency, u16 timeout)
6845{
6846 struct mgmt_ev_new_conn_param ev;
6847
6848 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6849 return;
6850
6851 memset(&ev, 0, sizeof(ev));
6852 bacpy(&ev.addr.bdaddr, bdaddr);
6853 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6854 ev.store_hint = store_hint;
6855 ev.min_interval = cpu_to_le16(min_interval);
6856 ev.max_interval = cpu_to_le16(max_interval);
6857 ev.latency = cpu_to_le16(latency);
6858 ev.timeout = cpu_to_le16(timeout);
6859
6860 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6861}
6862
6863void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6864 u32 flags, u8 *name, u8 name_len)
6865{
6866 char buf[512];
6867 struct mgmt_ev_device_connected *ev = (void *) buf;
6868 u16 eir_len = 0;
6869
6870 bacpy(&ev->addr.bdaddr, &conn->dst);
6871 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6872
6873 ev->flags = __cpu_to_le32(flags);
6874
6875 /* We must ensure that the EIR Data fields are ordered and
6876 * unique. Keep it simple for now and avoid the problem by not
6877 * adding any BR/EDR data to the LE adv.
6878 */
6879 if (conn->le_adv_data_len > 0) {
6880 memcpy(&ev->eir[eir_len],
6881 conn->le_adv_data, conn->le_adv_data_len);
6882 eir_len = conn->le_adv_data_len;
6883 } else {
6884 if (name_len > 0)
6885 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6886 name, name_len);
6887
6888 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6889 eir_len = eir_append_data(ev->eir, eir_len,
6890 EIR_CLASS_OF_DEV,
6891 conn->dev_class, 3);
6892 }
6893
6894 ev->eir_len = cpu_to_le16(eir_len);
6895
6896 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6897 sizeof(*ev) + eir_len, NULL);
6898}
6899
6900static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6901{
6902 struct sock **sk = data;
6903
6904 cmd->cmd_complete(cmd, 0);
6905
6906 *sk = cmd->sk;
6907 sock_hold(*sk);
6908
6909 mgmt_pending_remove(cmd);
6910}
6911
6912static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6913{
6914 struct hci_dev *hdev = data;
6915 struct mgmt_cp_unpair_device *cp = cmd->param;
6916
6917 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6918
6919 cmd->cmd_complete(cmd, 0);
6920 mgmt_pending_remove(cmd);
6921}
6922
6923bool mgmt_powering_down(struct hci_dev *hdev)
6924{
6925 struct mgmt_pending_cmd *cmd;
6926 struct mgmt_mode *cp;
6927
6928 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6929 if (!cmd)
6930 return false;
6931
6932 cp = cmd->param;
6933 if (!cp->val)
6934 return true;
6935
6936 return false;
6937}
6938
6939void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6940 u8 link_type, u8 addr_type, u8 reason,
6941 bool mgmt_connected)
6942{
6943 struct mgmt_ev_device_disconnected ev;
6944 struct sock *sk = NULL;
6945
6946 /* The connection is still in hci_conn_hash so test for 1
6947 * instead of 0 to know if this is the last one.
6948 */
6949 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6950 cancel_delayed_work(&hdev->power_off);
6951 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6952 }
6953
6954 if (!mgmt_connected)
6955 return;
6956
6957 if (link_type != ACL_LINK && link_type != LE_LINK)
6958 return;
6959
6960 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6961
6962 bacpy(&ev.addr.bdaddr, bdaddr);
6963 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6964 ev.reason = reason;
6965
6966 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6967
6968 if (sk)
6969 sock_put(sk);
6970
6971 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6972 hdev);
6973}
6974
6975void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6976 u8 link_type, u8 addr_type, u8 status)
6977{
6978 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6979 struct mgmt_cp_disconnect *cp;
6980 struct mgmt_pending_cmd *cmd;
6981
6982 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6983 hdev);
6984
6985 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6986 if (!cmd)
6987 return;
6988
6989 cp = cmd->param;
6990
6991 if (bacmp(bdaddr, &cp->addr.bdaddr))
6992 return;
6993
6994 if (cp->addr.type != bdaddr_type)
6995 return;
6996
6997 cmd->cmd_complete(cmd, mgmt_status(status));
6998 mgmt_pending_remove(cmd);
6999}
7000
7001void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7002 u8 addr_type, u8 status)
7003{
7004 struct mgmt_ev_connect_failed ev;
7005
7006 /* The connection is still in hci_conn_hash so test for 1
7007 * instead of 0 to know if this is the last one.
7008 */
7009 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7010 cancel_delayed_work(&hdev->power_off);
7011 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7012 }
7013
7014 bacpy(&ev.addr.bdaddr, bdaddr);
7015 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7016 ev.status = mgmt_status(status);
7017
7018 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7019}
7020
7021void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7022{
7023 struct mgmt_ev_pin_code_request ev;
7024
7025 bacpy(&ev.addr.bdaddr, bdaddr);
7026 ev.addr.type = BDADDR_BREDR;
7027 ev.secure = secure;
7028
7029 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7030}
7031
7032void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7033 u8 status)
7034{
7035 struct mgmt_pending_cmd *cmd;
7036
7037 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7038 if (!cmd)
7039 return;
7040
7041 cmd->cmd_complete(cmd, mgmt_status(status));
7042 mgmt_pending_remove(cmd);
7043}
7044
7045void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7046 u8 status)
7047{
7048 struct mgmt_pending_cmd *cmd;
7049
7050 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7051 if (!cmd)
7052 return;
7053
7054 cmd->cmd_complete(cmd, mgmt_status(status));
7055 mgmt_pending_remove(cmd);
7056}
7057
7058int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7059 u8 link_type, u8 addr_type, u32 value,
7060 u8 confirm_hint)
7061{
7062 struct mgmt_ev_user_confirm_request ev;
7063
7064 BT_DBG("%s", hdev->name);
7065
7066 bacpy(&ev.addr.bdaddr, bdaddr);
7067 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7068 ev.confirm_hint = confirm_hint;
7069 ev.value = cpu_to_le32(value);
7070
7071 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7072 NULL);
7073}
7074
7075int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7076 u8 link_type, u8 addr_type)
7077{
7078 struct mgmt_ev_user_passkey_request ev;
7079
7080 BT_DBG("%s", hdev->name);
7081
7082 bacpy(&ev.addr.bdaddr, bdaddr);
7083 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7084
7085 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7086 NULL);
7087}
7088
7089static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7090 u8 link_type, u8 addr_type, u8 status,
7091 u8 opcode)
7092{
7093 struct mgmt_pending_cmd *cmd;
7094
7095 cmd = pending_find(opcode, hdev);
7096 if (!cmd)
7097 return -ENOENT;
7098
7099 cmd->cmd_complete(cmd, mgmt_status(status));
7100 mgmt_pending_remove(cmd);
7101
7102 return 0;
7103}
7104
7105int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7106 u8 link_type, u8 addr_type, u8 status)
7107{
7108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7109 status, MGMT_OP_USER_CONFIRM_REPLY);
7110}
7111
7112int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7113 u8 link_type, u8 addr_type, u8 status)
7114{
7115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7116 status,
7117 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7118}
7119
7120int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7121 u8 link_type, u8 addr_type, u8 status)
7122{
7123 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7124 status, MGMT_OP_USER_PASSKEY_REPLY);
7125}
7126
7127int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7128 u8 link_type, u8 addr_type, u8 status)
7129{
7130 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7131 status,
7132 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7133}
7134
7135int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7136 u8 link_type, u8 addr_type, u32 passkey,
7137 u8 entered)
7138{
7139 struct mgmt_ev_passkey_notify ev;
7140
7141 BT_DBG("%s", hdev->name);
7142
7143 bacpy(&ev.addr.bdaddr, bdaddr);
7144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7145 ev.passkey = __cpu_to_le32(passkey);
7146 ev.entered = entered;
7147
7148 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7149}
7150
7151void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7152{
7153 struct mgmt_ev_auth_failed ev;
7154 struct mgmt_pending_cmd *cmd;
7155 u8 status = mgmt_status(hci_status);
7156
7157 bacpy(&ev.addr.bdaddr, &conn->dst);
7158 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7159 ev.status = status;
7160
7161 cmd = find_pairing(conn);
7162
7163 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7164 cmd ? cmd->sk : NULL);
7165
7166 if (cmd) {
7167 cmd->cmd_complete(cmd, status);
7168 mgmt_pending_remove(cmd);
7169 }
7170}
7171
7172void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7173{
7174 struct cmd_lookup match = { NULL, hdev };
7175 bool changed;
7176
7177 if (status) {
7178 u8 mgmt_err = mgmt_status(status);
7179 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7180 cmd_status_rsp, &mgmt_err);
7181 return;
7182 }
7183
7184 if (test_bit(HCI_AUTH, &hdev->flags))
7185 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7186 else
7187 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7188
7189 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7190 &match);
7191
7192 if (changed)
7193 new_settings(hdev, match.sk);
7194
7195 if (match.sk)
7196 sock_put(match.sk);
7197}
7198
7199static void clear_eir(struct hci_request *req)
7200{
7201 struct hci_dev *hdev = req->hdev;
7202 struct hci_cp_write_eir cp;
7203
7204 if (!lmp_ext_inq_capable(hdev))
7205 return;
7206
7207 memset(hdev->eir, 0, sizeof(hdev->eir));
7208
7209 memset(&cp, 0, sizeof(cp));
7210
7211 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7212}
7213
7214void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7215{
7216 struct cmd_lookup match = { NULL, hdev };
7217 struct hci_request req;
7218 bool changed = false;
7219
7220 if (status) {
7221 u8 mgmt_err = mgmt_status(status);
7222
7223 if (enable && hci_dev_test_and_clear_flag(hdev,
7224 HCI_SSP_ENABLED)) {
7225 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7226 new_settings(hdev, NULL);
7227 }
7228
7229 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7230 &mgmt_err);
7231 return;
7232 }
7233
7234 if (enable) {
7235 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7236 } else {
7237 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7238 if (!changed)
7239 changed = hci_dev_test_and_clear_flag(hdev,
7240 HCI_HS_ENABLED);
7241 else
7242 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7243 }
7244
7245 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7246
7247 if (changed)
7248 new_settings(hdev, match.sk);
7249
7250 if (match.sk)
7251 sock_put(match.sk);
7252
7253 hci_req_init(&req, hdev);
7254
7255 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7256 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7257 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7258 sizeof(enable), &enable);
7259 __hci_req_update_eir(&req);
7260 } else {
7261 clear_eir(&req);
7262 }
7263
7264 hci_req_run(&req, NULL);
7265}
7266
7267static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7268{
7269 struct cmd_lookup *match = data;
7270
7271 if (match->sk == NULL) {
7272 match->sk = cmd->sk;
7273 sock_hold(match->sk);
7274 }
7275}
7276
7277void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7278 u8 status)
7279{
7280 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7281
7282 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7283 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7284 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7285
7286 if (!status) {
7287 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7288 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7289 ext_info_changed(hdev, NULL);
7290 }
7291
7292 if (match.sk)
7293 sock_put(match.sk);
7294}
7295
7296void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7297{
7298 struct mgmt_cp_set_local_name ev;
7299 struct mgmt_pending_cmd *cmd;
7300
7301 if (status)
7302 return;
7303
7304 memset(&ev, 0, sizeof(ev));
7305 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7306 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7307
7308 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7309 if (!cmd) {
7310 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7311
7312 /* If this is a HCI command related to powering on the
7313 * HCI dev don't send any mgmt signals.
7314 */
7315 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7316 return;
7317 }
7318
7319 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7320 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7321 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7322}
7323
7324static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7325{
7326 int i;
7327
7328 for (i = 0; i < uuid_count; i++) {
7329 if (!memcmp(uuid, uuids[i], 16))
7330 return true;
7331 }
7332
7333 return false;
7334}
7335
7336static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7337{
7338 u16 parsed = 0;
7339
7340 while (parsed < eir_len) {
7341 u8 field_len = eir[0];
7342 u8 uuid[16];
7343 int i;
7344
7345 if (field_len == 0)
7346 break;
7347
7348 if (eir_len - parsed < field_len + 1)
7349 break;
7350
7351 switch (eir[1]) {
7352 case EIR_UUID16_ALL:
7353 case EIR_UUID16_SOME:
7354 for (i = 0; i + 3 <= field_len; i += 2) {
7355 memcpy(uuid, bluetooth_base_uuid, 16);
7356 uuid[13] = eir[i + 3];
7357 uuid[12] = eir[i + 2];
7358 if (has_uuid(uuid, uuid_count, uuids))
7359 return true;
7360 }
7361 break;
7362 case EIR_UUID32_ALL:
7363 case EIR_UUID32_SOME:
7364 for (i = 0; i + 5 <= field_len; i += 4) {
7365 memcpy(uuid, bluetooth_base_uuid, 16);
7366 uuid[15] = eir[i + 5];
7367 uuid[14] = eir[i + 4];
7368 uuid[13] = eir[i + 3];
7369 uuid[12] = eir[i + 2];
7370 if (has_uuid(uuid, uuid_count, uuids))
7371 return true;
7372 }
7373 break;
7374 case EIR_UUID128_ALL:
7375 case EIR_UUID128_SOME:
7376 for (i = 0; i + 17 <= field_len; i += 16) {
7377 memcpy(uuid, eir + i + 2, 16);
7378 if (has_uuid(uuid, uuid_count, uuids))
7379 return true;
7380 }
7381 break;
7382 }
7383
7384 parsed += field_len + 1;
7385 eir += field_len + 1;
7386 }
7387
7388 return false;
7389}
7390
7391static void restart_le_scan(struct hci_dev *hdev)
7392{
7393 /* If controller is not scanning we are done. */
7394 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7395 return;
7396
7397 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7398 hdev->discovery.scan_start +
7399 hdev->discovery.scan_duration))
7400 return;
7401
7402 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7403 DISCOV_LE_RESTART_DELAY);
7404}
7405
7406static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7407 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7408{
7409 /* If a RSSI threshold has been specified, and
7410 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7411 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7412 * is set, let it through for further processing, as we might need to
7413 * restart the scan.
7414 *
7415 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7416 * the results are also dropped.
7417 */
7418 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7419 (rssi == HCI_RSSI_INVALID ||
7420 (rssi < hdev->discovery.rssi &&
7421 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7422 return false;
7423
7424 if (hdev->discovery.uuid_count != 0) {
7425 /* If a list of UUIDs is provided in filter, results with no
7426 * matching UUID should be dropped.
7427 */
7428 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7429 hdev->discovery.uuids) &&
7430 !eir_has_uuids(scan_rsp, scan_rsp_len,
7431 hdev->discovery.uuid_count,
7432 hdev->discovery.uuids))
7433 return false;
7434 }
7435
7436 /* If duplicate filtering does not report RSSI changes, then restart
7437 * scanning to ensure updated result with updated RSSI values.
7438 */
7439 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7440 restart_le_scan(hdev);
7441
7442 /* Validate RSSI value against the RSSI threshold once more. */
7443 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7444 rssi < hdev->discovery.rssi)
7445 return false;
7446 }
7447
7448 return true;
7449}
7450
7451void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7452 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7453 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7454{
7455 char buf[512];
7456 struct mgmt_ev_device_found *ev = (void *)buf;
7457 size_t ev_size;
7458
7459 /* Don't send events for a non-kernel initiated discovery. With
7460 * LE one exception is if we have pend_le_reports > 0 in which
7461 * case we're doing passive scanning and want these events.
7462 */
7463 if (!hci_discovery_active(hdev)) {
7464 if (link_type == ACL_LINK)
7465 return;
7466 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7467 return;
7468 }
7469
7470 if (hdev->discovery.result_filtering) {
7471 /* We are using service discovery */
7472 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7473 scan_rsp_len))
7474 return;
7475 }
7476
7477 if (hdev->discovery.limited) {
7478 /* Check for limited discoverable bit */
7479 if (dev_class) {
7480 if (!(dev_class[1] & 0x20))
7481 return;
7482 } else {
7483 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7484 if (!flags || !(flags[0] & LE_AD_LIMITED))
7485 return;
7486 }
7487 }
7488
7489 /* Make sure that the buffer is big enough. The 5 extra bytes
7490 * are for the potential CoD field.
7491 */
7492 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7493 return;
7494
7495 memset(buf, 0, sizeof(buf));
7496
7497 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7498 * RSSI value was reported as 0 when not available. This behavior
7499 * is kept when using device discovery. This is required for full
7500 * backwards compatibility with the API.
7501 *
7502 * However when using service discovery, the value 127 will be
7503 * returned when the RSSI is not available.
7504 */
7505 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7506 link_type == ACL_LINK)
7507 rssi = 0;
7508
7509 bacpy(&ev->addr.bdaddr, bdaddr);
7510 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7511 ev->rssi = rssi;
7512 ev->flags = cpu_to_le32(flags);
7513
7514 if (eir_len > 0)
7515 /* Copy EIR or advertising data into event */
7516 memcpy(ev->eir, eir, eir_len);
7517
7518 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7519 NULL))
7520 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7521 dev_class, 3);
7522
7523 if (scan_rsp_len > 0)
7524 /* Append scan response data to event */
7525 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7526
7527 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7528 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7529
7530 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7531}
7532
7533void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7534 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7535{
7536 struct mgmt_ev_device_found *ev;
7537 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7538 u16 eir_len;
7539
7540 ev = (struct mgmt_ev_device_found *) buf;
7541
7542 memset(buf, 0, sizeof(buf));
7543
7544 bacpy(&ev->addr.bdaddr, bdaddr);
7545 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7546 ev->rssi = rssi;
7547
7548 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7549 name_len);
7550
7551 ev->eir_len = cpu_to_le16(eir_len);
7552
7553 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7554}
7555
7556void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7557{
7558 struct mgmt_ev_discovering ev;
7559
7560 BT_DBG("%s discovering %u", hdev->name, discovering);
7561
7562 memset(&ev, 0, sizeof(ev));
7563 ev.type = hdev->discovery.type;
7564 ev.discovering = discovering;
7565
7566 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7567}
7568
7569static struct hci_mgmt_chan chan = {
7570 .channel = HCI_CHANNEL_CONTROL,
7571 .handler_count = ARRAY_SIZE(mgmt_handlers),
7572 .handlers = mgmt_handlers,
7573 .hdev_init = mgmt_init_hdev,
7574};
7575
7576int mgmt_init(void)
7577{
7578 return hci_mgmt_chan_register(&chan);
7579}
7580
7581void mgmt_exit(void)
7582{
7583 hci_mgmt_chan_unregister(&chan);
7584}