mgmt.c revision 0cbf4ed6e6f43ac399afefdd14a1ee86db8de7d0
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/kernel.h> 28#include <linux/uaccess.h> 29#include <linux/module.h> 30#include <asm/unaligned.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/mgmt.h> 35#include <net/bluetooth/smp.h> 36 37bool enable_hs; 38bool enable_le; 39 40#define MGMT_VERSION 1 41#define MGMT_REVISION 0 42 43static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_PAIRABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81}; 82 83static const u16 mgmt_events[] = { 84 MGMT_EV_CONTROLLER_ERROR, 85 MGMT_EV_INDEX_ADDED, 86 MGMT_EV_INDEX_REMOVED, 87 MGMT_EV_NEW_SETTINGS, 88 MGMT_EV_CLASS_OF_DEV_CHANGED, 89 MGMT_EV_LOCAL_NAME_CHANGED, 90 MGMT_EV_NEW_LINK_KEY, 91 MGMT_EV_NEW_LONG_TERM_KEY, 92 MGMT_EV_DEVICE_CONNECTED, 93 MGMT_EV_DEVICE_DISCONNECTED, 94 MGMT_EV_CONNECT_FAILED, 95 MGMT_EV_PIN_CODE_REQUEST, 96 MGMT_EV_USER_CONFIRM_REQUEST, 97 MGMT_EV_USER_PASSKEY_REQUEST, 98 MGMT_EV_AUTH_FAILED, 99 MGMT_EV_DEVICE_FOUND, 100 MGMT_EV_DISCOVERING, 101 MGMT_EV_DEVICE_BLOCKED, 102 MGMT_EV_DEVICE_UNBLOCKED, 103 MGMT_EV_DEVICE_UNPAIRED, 104}; 105 106/* 107 * These LE scan and inquiry parameters were chosen according to LE General 108 * Discovery Procedure specification. 109 */ 110#define LE_SCAN_TYPE 0x01 111#define LE_SCAN_WIN 0x12 112#define LE_SCAN_INT 0x12 113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 115 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 118 119#define SERVICE_CACHE_TIMEOUT (5 * 1000) 120 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 123 124struct pending_cmd { 125 struct list_head list; 126 u16 opcode; 127 int index; 128 void *param; 129 struct sock *sk; 130 void *user_data; 131}; 132 133/* HCI to MGMT error code conversion table */ 134static u8 mgmt_status_table[] = { 135 MGMT_STATUS_SUCCESS, 136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 138 MGMT_STATUS_FAILED, /* Hardware Failure */ 139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 147 MGMT_STATUS_BUSY, /* Command Disallowed */ 148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 149 MGMT_STATUS_REJECTED, /* Rejected Security */ 150 MGMT_STATUS_REJECTED, /* Rejected Personal */ 151 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 158 MGMT_STATUS_BUSY, /* Repeated Attempts */ 159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 166 MGMT_STATUS_FAILED, /* Unspecified Error */ 167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 173 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 175 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 177 MGMT_STATUS_FAILED, /* Transaction Collision */ 178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 179 MGMT_STATUS_REJECTED, /* QoS Rejected */ 180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 181 MGMT_STATUS_REJECTED, /* Insufficient Security */ 182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 183 MGMT_STATUS_BUSY, /* Role Switch Pending */ 184 MGMT_STATUS_FAILED, /* Slot Violation */ 185 MGMT_STATUS_FAILED, /* Role Switch Failed */ 186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 188 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 190 MGMT_STATUS_BUSY, /* Controller Busy */ 191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 196}; 197 198static u8 mgmt_status(u8 hci_status) 199{ 200 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 201 return mgmt_status_table[hci_status]; 202 203 return MGMT_STATUS_FAILED; 204} 205 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 207{ 208 struct sk_buff *skb; 209 struct mgmt_hdr *hdr; 210 struct mgmt_ev_cmd_status *ev; 211 int err; 212 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 214 215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 216 if (!skb) 217 return -ENOMEM; 218 219 hdr = (void *) skb_put(skb, sizeof(*hdr)); 220 221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 222 hdr->index = cpu_to_le16(index); 223 hdr->len = cpu_to_le16(sizeof(*ev)); 224 225 ev = (void *) skb_put(skb, sizeof(*ev)); 226 ev->status = status; 227 put_unaligned_le16(cmd, &ev->opcode); 228 229 err = sock_queue_rcv_skb(sk, skb); 230 if (err < 0) 231 kfree_skb(skb); 232 233 return err; 234} 235 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, 237 void *rp, size_t rp_len) 238{ 239 struct sk_buff *skb; 240 struct mgmt_hdr *hdr; 241 struct mgmt_ev_cmd_complete *ev; 242 int err; 243 244 BT_DBG("sock %p", sk); 245 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 247 if (!skb) 248 return -ENOMEM; 249 250 hdr = (void *) skb_put(skb, sizeof(*hdr)); 251 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 253 hdr->index = cpu_to_le16(index); 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 255 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 257 put_unaligned_le16(cmd, &ev->opcode); 258 ev->status = status; 259 260 if (rp) 261 memcpy(ev->data, rp, rp_len); 262 263 err = sock_queue_rcv_skb(sk, skb); 264 if (err < 0) 265 kfree_skb(skb); 266 267 return err;; 268} 269 270static int read_version(struct sock *sk) 271{ 272 struct mgmt_rp_read_version rp; 273 274 BT_DBG("sock %p", sk); 275 276 rp.version = MGMT_VERSION; 277 put_unaligned_le16(MGMT_REVISION, &rp.revision); 278 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp, 280 sizeof(rp)); 281} 282 283static int read_commands(struct sock *sk) 284{ 285 struct mgmt_rp_read_commands *rp; 286 u16 num_commands = ARRAY_SIZE(mgmt_commands); 287 u16 num_events = ARRAY_SIZE(mgmt_events); 288 u16 *opcode; 289 size_t rp_size; 290 int i, err; 291 292 BT_DBG("sock %p", sk); 293 294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 295 296 rp = kmalloc(rp_size, GFP_KERNEL); 297 if (!rp) 298 return -ENOMEM; 299 300 put_unaligned_le16(num_commands, &rp->num_commands); 301 put_unaligned_le16(num_events, &rp->num_events); 302 303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++) 304 put_unaligned_le16(mgmt_commands[i], opcode); 305 306 for (i = 0; i < num_events; i++, opcode++) 307 put_unaligned_le16(mgmt_events[i], opcode); 308 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp, 310 rp_size); 311 kfree(rp); 312 313 return err; 314} 315 316static int read_index_list(struct sock *sk) 317{ 318 struct mgmt_rp_read_index_list *rp; 319 struct list_head *p; 320 struct hci_dev *d; 321 size_t rp_len; 322 u16 count; 323 int i, err; 324 325 BT_DBG("sock %p", sk); 326 327 read_lock(&hci_dev_list_lock); 328 329 count = 0; 330 list_for_each(p, &hci_dev_list) { 331 count++; 332 } 333 334 rp_len = sizeof(*rp) + (2 * count); 335 rp = kmalloc(rp_len, GFP_ATOMIC); 336 if (!rp) { 337 read_unlock(&hci_dev_list_lock); 338 return -ENOMEM; 339 } 340 341 put_unaligned_le16(count, &rp->num_controllers); 342 343 i = 0; 344 list_for_each_entry(d, &hci_dev_list, list) { 345 if (test_bit(HCI_SETUP, &d->dev_flags)) 346 continue; 347 348 put_unaligned_le16(d->id, &rp->index[i++]); 349 BT_DBG("Added hci%u", d->id); 350 } 351 352 read_unlock(&hci_dev_list_lock); 353 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 355 rp_len); 356 357 kfree(rp); 358 359 return err; 360} 361 362static u32 get_supported_settings(struct hci_dev *hdev) 363{ 364 u32 settings = 0; 365 366 settings |= MGMT_SETTING_POWERED; 367 settings |= MGMT_SETTING_CONNECTABLE; 368 settings |= MGMT_SETTING_FAST_CONNECTABLE; 369 settings |= MGMT_SETTING_DISCOVERABLE; 370 settings |= MGMT_SETTING_PAIRABLE; 371 372 if (hdev->features[6] & LMP_SIMPLE_PAIR) 373 settings |= MGMT_SETTING_SSP; 374 375 if (!(hdev->features[4] & LMP_NO_BREDR)) { 376 settings |= MGMT_SETTING_BREDR; 377 settings |= MGMT_SETTING_LINK_SECURITY; 378 } 379 380 if (enable_hs) 381 settings |= MGMT_SETTING_HS; 382 383 if (enable_le) { 384 if (hdev->features[4] & LMP_LE) 385 settings |= MGMT_SETTING_LE; 386 } 387 388 return settings; 389} 390 391static u32 get_current_settings(struct hci_dev *hdev) 392{ 393 u32 settings = 0; 394 395 if (!test_bit(HCI_UP, &hdev->flags)) 396 return settings; 397 398 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 399 settings |= MGMT_SETTING_POWERED; 400 401 if (test_bit(HCI_PSCAN, &hdev->flags)) 402 settings |= MGMT_SETTING_CONNECTABLE; 403 404 if (test_bit(HCI_ISCAN, &hdev->flags)) 405 settings |= MGMT_SETTING_DISCOVERABLE; 406 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 408 settings |= MGMT_SETTING_PAIRABLE; 409 410 if (!(hdev->features[4] & LMP_NO_BREDR)) 411 settings |= MGMT_SETTING_BREDR; 412 413 if (hdev->host_features[0] & LMP_HOST_LE) 414 settings |= MGMT_SETTING_LE; 415 416 if (test_bit(HCI_AUTH, &hdev->flags)) 417 settings |= MGMT_SETTING_LINK_SECURITY; 418 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 420 settings |= MGMT_SETTING_SSP; 421 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 423 settings |= MGMT_SETTING_HS; 424 425 return settings; 426} 427 428#define PNP_INFO_SVCLASS_ID 0x1200 429 430static u8 bluetooth_base_uuid[] = { 431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 433}; 434 435static u16 get_uuid16(u8 *uuid128) 436{ 437 u32 val; 438 int i; 439 440 for (i = 0; i < 12; i++) { 441 if (bluetooth_base_uuid[i] != uuid128[i]) 442 return 0; 443 } 444 445 memcpy(&val, &uuid128[12], 4); 446 447 val = le32_to_cpu(val); 448 if (val > 0xffff) 449 return 0; 450 451 return (u16) val; 452} 453 454static void create_eir(struct hci_dev *hdev, u8 *data) 455{ 456 u8 *ptr = data; 457 u16 eir_len = 0; 458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 459 int i, truncated = 0; 460 struct bt_uuid *uuid; 461 size_t name_len; 462 463 name_len = strlen(hdev->dev_name); 464 465 if (name_len > 0) { 466 /* EIR Data type */ 467 if (name_len > 48) { 468 name_len = 48; 469 ptr[1] = EIR_NAME_SHORT; 470 } else 471 ptr[1] = EIR_NAME_COMPLETE; 472 473 /* EIR Data length */ 474 ptr[0] = name_len + 1; 475 476 memcpy(ptr + 2, hdev->dev_name, name_len); 477 478 eir_len += (name_len + 2); 479 ptr += (name_len + 2); 480 } 481 482 memset(uuid16_list, 0, sizeof(uuid16_list)); 483 484 /* Group all UUID16 types */ 485 list_for_each_entry(uuid, &hdev->uuids, list) { 486 u16 uuid16; 487 488 uuid16 = get_uuid16(uuid->uuid); 489 if (uuid16 == 0) 490 return; 491 492 if (uuid16 < 0x1100) 493 continue; 494 495 if (uuid16 == PNP_INFO_SVCLASS_ID) 496 continue; 497 498 /* Stop if not enough space to put next UUID */ 499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 500 truncated = 1; 501 break; 502 } 503 504 /* Check for duplicates */ 505 for (i = 0; uuid16_list[i] != 0; i++) 506 if (uuid16_list[i] == uuid16) 507 break; 508 509 if (uuid16_list[i] == 0) { 510 uuid16_list[i] = uuid16; 511 eir_len += sizeof(u16); 512 } 513 } 514 515 if (uuid16_list[0] != 0) { 516 u8 *length = ptr; 517 518 /* EIR Data type */ 519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 520 521 ptr += 2; 522 eir_len += 2; 523 524 for (i = 0; uuid16_list[i] != 0; i++) { 525 *ptr++ = (uuid16_list[i] & 0x00ff); 526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 527 } 528 529 /* EIR Data length */ 530 *length = (i * sizeof(u16)) + 1; 531 } 532} 533 534static int update_eir(struct hci_dev *hdev) 535{ 536 struct hci_cp_write_eir cp; 537 538 if (!(hdev->features[6] & LMP_EXT_INQ)) 539 return 0; 540 541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 542 return 0; 543 544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 545 return 0; 546 547 memset(&cp, 0, sizeof(cp)); 548 549 create_eir(hdev, cp.data); 550 551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 552 return 0; 553 554 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 555 556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 557} 558 559static u8 get_service_classes(struct hci_dev *hdev) 560{ 561 struct bt_uuid *uuid; 562 u8 val = 0; 563 564 list_for_each_entry(uuid, &hdev->uuids, list) 565 val |= uuid->svc_hint; 566 567 return val; 568} 569 570static int update_class(struct hci_dev *hdev) 571{ 572 u8 cod[3]; 573 574 BT_DBG("%s", hdev->name); 575 576 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 577 return 0; 578 579 cod[0] = hdev->minor_class; 580 cod[1] = hdev->major_class; 581 cod[2] = get_service_classes(hdev); 582 583 if (memcmp(cod, hdev->dev_class, 3) == 0) 584 return 0; 585 586 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 587} 588 589static void service_cache_off(struct work_struct *work) 590{ 591 struct hci_dev *hdev = container_of(work, struct hci_dev, 592 service_cache.work); 593 594 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 595 return; 596 597 hci_dev_lock(hdev); 598 599 update_eir(hdev); 600 update_class(hdev); 601 602 hci_dev_unlock(hdev); 603} 604 605static void mgmt_init_hdev(struct hci_dev *hdev) 606{ 607 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) { 608 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 609 610 /* Non-mgmt controlled devices get this bit set 611 * implicitly so that pairing works for them, however 612 * for mgmt we require user-space to explicitly enable 613 * it 614 */ 615 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 616 } 617 618 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 619 schedule_delayed_work(&hdev->service_cache, 620 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT)); 621} 622 623static int read_controller_info(struct sock *sk, u16 index) 624{ 625 struct mgmt_rp_read_info rp; 626 struct hci_dev *hdev; 627 628 BT_DBG("sock %p hci%u", sk, index); 629 630 hdev = hci_dev_get(index); 631 if (!hdev) 632 return cmd_status(sk, index, MGMT_OP_READ_INFO, 633 MGMT_STATUS_INVALID_PARAMS); 634 635 hci_dev_lock(hdev); 636 637 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags)) 638 mgmt_init_hdev(hdev); 639 640 memset(&rp, 0, sizeof(rp)); 641 642 bacpy(&rp.bdaddr, &hdev->bdaddr); 643 644 rp.version = hdev->hci_ver; 645 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 647 648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 649 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 650 651 memcpy(rp.dev_class, hdev->dev_class, 3); 652 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 654 655 hci_dev_unlock(hdev); 656 hci_dev_put(hdev); 657 658 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp)); 659} 660 661static void mgmt_pending_free(struct pending_cmd *cmd) 662{ 663 sock_put(cmd->sk); 664 kfree(cmd->param); 665 kfree(cmd); 666} 667 668static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 669 struct hci_dev *hdev, 670 void *data, u16 len) 671{ 672 struct pending_cmd *cmd; 673 674 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 675 if (!cmd) 676 return NULL; 677 678 cmd->opcode = opcode; 679 cmd->index = hdev->id; 680 681 cmd->param = kmalloc(len, GFP_ATOMIC); 682 if (!cmd->param) { 683 kfree(cmd); 684 return NULL; 685 } 686 687 if (data) 688 memcpy(cmd->param, data, len); 689 690 cmd->sk = sk; 691 sock_hold(sk); 692 693 list_add(&cmd->list, &hdev->mgmt_pending); 694 695 return cmd; 696} 697 698static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 699 void (*cb)(struct pending_cmd *cmd, void *data), 700 void *data) 701{ 702 struct list_head *p, *n; 703 704 list_for_each_safe(p, n, &hdev->mgmt_pending) { 705 struct pending_cmd *cmd; 706 707 cmd = list_entry(p, struct pending_cmd, list); 708 709 if (opcode > 0 && cmd->opcode != opcode) 710 continue; 711 712 cb(cmd, data); 713 } 714} 715 716static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 717{ 718 struct pending_cmd *cmd; 719 720 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 721 if (cmd->opcode == opcode) 722 return cmd; 723 } 724 725 return NULL; 726} 727 728static void mgmt_pending_remove(struct pending_cmd *cmd) 729{ 730 list_del(&cmd->list); 731 mgmt_pending_free(cmd); 732} 733 734static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 735{ 736 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 737 738 return cmd_complete(sk, hdev->id, opcode, 0, &settings, 739 sizeof(settings)); 740} 741 742static int set_powered(struct sock *sk, u16 index, void *data, u16 len) 743{ 744 struct mgmt_mode *cp = data; 745 struct hci_dev *hdev; 746 struct pending_cmd *cmd; 747 int err; 748 749 BT_DBG("request for hci%u", index); 750 751 if (len != sizeof(*cp)) 752 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 753 MGMT_STATUS_INVALID_PARAMS); 754 755 hdev = hci_dev_get(index); 756 if (!hdev) 757 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 758 MGMT_STATUS_INVALID_PARAMS); 759 760 hci_dev_lock(hdev); 761 762 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 763 cancel_delayed_work(&hdev->power_off); 764 765 if (cp->val) { 766 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 767 mgmt_powered(hdev, 1); 768 goto failed; 769 } 770 } 771 772 if (!!cp->val == hdev_is_powered(hdev)) { 773 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 774 goto failed; 775 } 776 777 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 778 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, 779 MGMT_STATUS_BUSY); 780 goto failed; 781 } 782 783 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 784 if (!cmd) { 785 err = -ENOMEM; 786 goto failed; 787 } 788 789 if (cp->val) 790 schedule_work(&hdev->power_on); 791 else 792 schedule_work(&hdev->power_off.work); 793 794 err = 0; 795 796failed: 797 hci_dev_unlock(hdev); 798 hci_dev_put(hdev); 799 return err; 800} 801 802static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len) 803{ 804 struct mgmt_cp_set_discoverable *cp = data; 805 struct hci_dev *hdev; 806 struct pending_cmd *cmd; 807 u8 scan; 808 int err; 809 810 BT_DBG("request for hci%u", index); 811 812 if (len != sizeof(*cp)) 813 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 814 MGMT_STATUS_INVALID_PARAMS); 815 816 hdev = hci_dev_get(index); 817 if (!hdev) 818 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 819 MGMT_STATUS_INVALID_PARAMS); 820 821 hci_dev_lock(hdev); 822 823 if (!hdev_is_powered(hdev)) { 824 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 825 MGMT_STATUS_NOT_POWERED); 826 goto failed; 827 } 828 829 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 830 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 831 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 832 MGMT_STATUS_BUSY); 833 goto failed; 834 } 835 836 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 837 test_bit(HCI_PSCAN, &hdev->flags)) { 838 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 839 goto failed; 840 } 841 842 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 843 if (!cmd) { 844 err = -ENOMEM; 845 goto failed; 846 } 847 848 scan = SCAN_PAGE; 849 850 if (cp->val) 851 scan |= SCAN_INQUIRY; 852 else 853 cancel_delayed_work(&hdev->discov_off); 854 855 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 856 if (err < 0) 857 mgmt_pending_remove(cmd); 858 859 if (cp->val) 860 hdev->discov_timeout = get_unaligned_le16(&cp->timeout); 861 862failed: 863 hci_dev_unlock(hdev); 864 hci_dev_put(hdev); 865 866 return err; 867} 868 869static int set_connectable(struct sock *sk, u16 index, void *data, u16 len) 870{ 871 struct mgmt_mode *cp = data; 872 struct hci_dev *hdev; 873 struct pending_cmd *cmd; 874 u8 scan; 875 int err; 876 877 BT_DBG("request for hci%u", index); 878 879 if (len != sizeof(*cp)) 880 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 881 MGMT_STATUS_INVALID_PARAMS); 882 883 hdev = hci_dev_get(index); 884 if (!hdev) 885 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 886 MGMT_STATUS_INVALID_PARAMS); 887 888 hci_dev_lock(hdev); 889 890 if (!hdev_is_powered(hdev)) { 891 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 892 MGMT_STATUS_NOT_POWERED); 893 goto failed; 894 } 895 896 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 897 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 898 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 899 MGMT_STATUS_BUSY); 900 goto failed; 901 } 902 903 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 904 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 905 goto failed; 906 } 907 908 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 909 if (!cmd) { 910 err = -ENOMEM; 911 goto failed; 912 } 913 914 if (cp->val) 915 scan = SCAN_PAGE; 916 else 917 scan = 0; 918 919 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 920 if (err < 0) 921 mgmt_pending_remove(cmd); 922 923failed: 924 hci_dev_unlock(hdev); 925 hci_dev_put(hdev); 926 927 return err; 928} 929 930static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 931 u16 data_len, struct sock *skip_sk) 932{ 933 struct sk_buff *skb; 934 struct mgmt_hdr *hdr; 935 936 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 937 if (!skb) 938 return -ENOMEM; 939 940 hdr = (void *) skb_put(skb, sizeof(*hdr)); 941 hdr->opcode = cpu_to_le16(event); 942 if (hdev) 943 hdr->index = cpu_to_le16(hdev->id); 944 else 945 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 946 hdr->len = cpu_to_le16(data_len); 947 948 if (data) 949 memcpy(skb_put(skb, data_len), data, data_len); 950 951 hci_send_to_control(skb, skip_sk); 952 kfree_skb(skb); 953 954 return 0; 955} 956 957static int set_pairable(struct sock *sk, u16 index, void *data, u16 len) 958{ 959 struct mgmt_mode *cp = data; 960 struct hci_dev *hdev; 961 __le32 ev; 962 int err; 963 964 BT_DBG("request for hci%u", index); 965 966 if (len != sizeof(*cp)) 967 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 968 MGMT_STATUS_INVALID_PARAMS); 969 970 hdev = hci_dev_get(index); 971 if (!hdev) 972 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 973 MGMT_STATUS_INVALID_PARAMS); 974 975 hci_dev_lock(hdev); 976 977 if (cp->val) 978 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 979 else 980 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 981 982 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 983 if (err < 0) 984 goto failed; 985 986 ev = cpu_to_le32(get_current_settings(hdev)); 987 988 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk); 989 990failed: 991 hci_dev_unlock(hdev); 992 hci_dev_put(hdev); 993 994 return err; 995} 996 997static int set_link_security(struct sock *sk, u16 index, void *data, u16 len) 998{ 999 struct mgmt_mode *cp = data; 1000 struct pending_cmd *cmd; 1001 struct hci_dev *hdev; 1002 uint8_t val; 1003 int err; 1004 1005 BT_DBG("request for hci%u", index); 1006 1007 if (len != sizeof(*cp)) 1008 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY, 1009 MGMT_STATUS_INVALID_PARAMS); 1010 1011 hdev = hci_dev_get(index); 1012 if (!hdev) 1013 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY, 1014 MGMT_STATUS_INVALID_PARAMS); 1015 1016 hci_dev_lock(hdev); 1017 1018 if (!hdev_is_powered(hdev)) { 1019 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY, 1020 MGMT_STATUS_NOT_POWERED); 1021 goto failed; 1022 } 1023 1024 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1025 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY, 1026 MGMT_STATUS_BUSY); 1027 goto failed; 1028 } 1029 1030 val = !!cp->val; 1031 1032 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1033 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1034 goto failed; 1035 } 1036 1037 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1038 if (!cmd) { 1039 err = -ENOMEM; 1040 goto failed; 1041 } 1042 1043 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1044 if (err < 0) { 1045 mgmt_pending_remove(cmd); 1046 goto failed; 1047 } 1048 1049failed: 1050 hci_dev_unlock(hdev); 1051 hci_dev_put(hdev); 1052 1053 return err; 1054} 1055 1056static int set_ssp(struct sock *sk, u16 index, void *data, u16 len) 1057{ 1058 struct mgmt_mode *cp = data; 1059 struct pending_cmd *cmd; 1060 struct hci_dev *hdev; 1061 uint8_t val; 1062 int err; 1063 1064 BT_DBG("request for hci%u", index); 1065 1066 if (len != sizeof(*cp)) 1067 return cmd_status(sk, index, MGMT_OP_SET_SSP, 1068 MGMT_STATUS_INVALID_PARAMS); 1069 1070 hdev = hci_dev_get(index); 1071 if (!hdev) 1072 return cmd_status(sk, index, MGMT_OP_SET_SSP, 1073 MGMT_STATUS_INVALID_PARAMS); 1074 1075 hci_dev_lock(hdev); 1076 1077 if (!hdev_is_powered(hdev)) { 1078 err = cmd_status(sk, index, MGMT_OP_SET_SSP, 1079 MGMT_STATUS_NOT_POWERED); 1080 goto failed; 1081 } 1082 1083 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1084 err = cmd_status(sk, index, MGMT_OP_SET_SSP, 1085 MGMT_STATUS_NOT_SUPPORTED); 1086 goto failed; 1087 } 1088 1089 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) { 1090 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY); 1091 goto failed; 1092 } 1093 1094 val = !!cp->val; 1095 1096 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) { 1097 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1098 goto failed; 1099 } 1100 1101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1102 if (!cmd) { 1103 err = -ENOMEM; 1104 goto failed; 1105 } 1106 1107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val); 1108 if (err < 0) { 1109 mgmt_pending_remove(cmd); 1110 goto failed; 1111 } 1112 1113failed: 1114 hci_dev_unlock(hdev); 1115 hci_dev_put(hdev); 1116 1117 return err; 1118} 1119 1120static int set_hs(struct sock *sk, u16 index, void *data, u16 len) 1121{ 1122 struct mgmt_mode *cp = data; 1123 struct hci_dev *hdev; 1124 int err; 1125 1126 BT_DBG("request for hci%u", index); 1127 1128 if (len != sizeof(*cp)) 1129 return cmd_status(sk, index, MGMT_OP_SET_HS, 1130 MGMT_STATUS_INVALID_PARAMS); 1131 1132 hdev = hci_dev_get(index); 1133 if (!hdev) 1134 return cmd_status(sk, index, MGMT_OP_SET_HS, 1135 MGMT_STATUS_INVALID_PARAMS); 1136 1137 if (!enable_hs) { 1138 err = cmd_status(sk, index, MGMT_OP_SET_HS, 1139 MGMT_STATUS_NOT_SUPPORTED); 1140 goto failed; 1141 } 1142 1143 if (cp->val) 1144 set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1145 else 1146 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1147 1148 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1149 1150failed: 1151 hci_dev_put(hdev); 1152 return err; 1153} 1154 1155static int add_uuid(struct sock *sk, u16 index, void *data, u16 len) 1156{ 1157 struct mgmt_cp_add_uuid *cp = data; 1158 struct hci_dev *hdev; 1159 struct bt_uuid *uuid; 1160 int err; 1161 1162 BT_DBG("request for hci%u", index); 1163 1164 if (len != sizeof(*cp)) 1165 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 1166 MGMT_STATUS_INVALID_PARAMS); 1167 1168 hdev = hci_dev_get(index); 1169 if (!hdev) 1170 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 1171 MGMT_STATUS_INVALID_PARAMS); 1172 1173 hci_dev_lock(hdev); 1174 1175 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1176 if (!uuid) { 1177 err = -ENOMEM; 1178 goto failed; 1179 } 1180 1181 memcpy(uuid->uuid, cp->uuid, 16); 1182 uuid->svc_hint = cp->svc_hint; 1183 1184 list_add(&uuid->list, &hdev->uuids); 1185 1186 err = update_class(hdev); 1187 if (err < 0) 1188 goto failed; 1189 1190 err = update_eir(hdev); 1191 if (err < 0) 1192 goto failed; 1193 1194 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0); 1195 1196failed: 1197 hci_dev_unlock(hdev); 1198 hci_dev_put(hdev); 1199 1200 return err; 1201} 1202 1203static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len) 1204{ 1205 struct mgmt_cp_remove_uuid *cp = data; 1206 struct list_head *p, *n; 1207 struct hci_dev *hdev; 1208 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1209 int err, found; 1210 1211 BT_DBG("request for hci%u", index); 1212 1213 if (len != sizeof(*cp)) 1214 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 1215 MGMT_STATUS_INVALID_PARAMS); 1216 1217 hdev = hci_dev_get(index); 1218 if (!hdev) 1219 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 1220 MGMT_STATUS_INVALID_PARAMS); 1221 1222 hci_dev_lock(hdev); 1223 1224 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1225 err = hci_uuids_clear(hdev); 1226 goto unlock; 1227 } 1228 1229 found = 0; 1230 1231 list_for_each_safe(p, n, &hdev->uuids) { 1232 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 1233 1234 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1235 continue; 1236 1237 list_del(&match->list); 1238 found++; 1239 } 1240 1241 if (found == 0) { 1242 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 1243 MGMT_STATUS_INVALID_PARAMS); 1244 goto unlock; 1245 } 1246 1247 err = update_class(hdev); 1248 if (err < 0) 1249 goto unlock; 1250 1251 err = update_eir(hdev); 1252 if (err < 0) 1253 goto unlock; 1254 1255 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0); 1256 1257unlock: 1258 hci_dev_unlock(hdev); 1259 hci_dev_put(hdev); 1260 1261 return err; 1262} 1263 1264static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len) 1265{ 1266 struct hci_dev *hdev; 1267 struct mgmt_cp_set_dev_class *cp = data; 1268 int err; 1269 1270 BT_DBG("request for hci%u", index); 1271 1272 if (len != sizeof(*cp)) 1273 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1274 MGMT_STATUS_INVALID_PARAMS); 1275 1276 hdev = hci_dev_get(index); 1277 if (!hdev) 1278 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1279 MGMT_STATUS_INVALID_PARAMS); 1280 1281 hci_dev_lock(hdev); 1282 1283 if (!hdev_is_powered(hdev)) { 1284 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1285 MGMT_STATUS_NOT_POWERED); 1286 goto unlock; 1287 } 1288 1289 hdev->major_class = cp->major; 1290 hdev->minor_class = cp->minor; 1291 1292 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1293 hci_dev_unlock(hdev); 1294 cancel_delayed_work_sync(&hdev->service_cache); 1295 hci_dev_lock(hdev); 1296 update_eir(hdev); 1297 } 1298 1299 err = update_class(hdev); 1300 1301 if (err == 0) 1302 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0, 1303 NULL, 0); 1304 1305unlock: 1306 hci_dev_unlock(hdev); 1307 hci_dev_put(hdev); 1308 1309 return err; 1310} 1311 1312static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len) 1313{ 1314 struct hci_dev *hdev; 1315 struct mgmt_cp_load_link_keys *cp = data; 1316 u16 key_count, expected_len; 1317 int i; 1318 1319 if (len < sizeof(*cp)) 1320 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1321 MGMT_STATUS_INVALID_PARAMS); 1322 1323 key_count = get_unaligned_le16(&cp->key_count); 1324 1325 expected_len = sizeof(*cp) + key_count * 1326 sizeof(struct mgmt_link_key_info); 1327 if (expected_len != len) { 1328 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1329 len, expected_len); 1330 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1331 MGMT_STATUS_INVALID_PARAMS); 1332 } 1333 1334 hdev = hci_dev_get(index); 1335 if (!hdev) 1336 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1337 MGMT_STATUS_INVALID_PARAMS); 1338 1339 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 1340 key_count); 1341 1342 hci_dev_lock(hdev); 1343 1344 hci_link_keys_clear(hdev); 1345 1346 set_bit(HCI_LINK_KEYS, &hdev->dev_flags); 1347 1348 if (cp->debug_keys) 1349 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1350 else 1351 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1352 1353 for (i = 0; i < key_count; i++) { 1354 struct mgmt_link_key_info *key = &cp->keys[i]; 1355 1356 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val, 1357 key->type, key->pin_len); 1358 } 1359 1360 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 1361 1362 hci_dev_unlock(hdev); 1363 hci_dev_put(hdev); 1364 1365 return 0; 1366} 1367 1368static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 1369 u8 addr_type, struct sock *skip_sk) 1370{ 1371 struct mgmt_ev_device_unpaired ev; 1372 1373 bacpy(&ev.addr.bdaddr, bdaddr); 1374 ev.addr.type = addr_type; 1375 1376 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 1377 skip_sk); 1378} 1379 1380static int unpair_device(struct sock *sk, u16 index, void *data, u16 len) 1381{ 1382 struct hci_dev *hdev; 1383 struct mgmt_cp_unpair_device *cp = data; 1384 struct mgmt_rp_unpair_device rp; 1385 struct hci_cp_disconnect dc; 1386 struct pending_cmd *cmd; 1387 struct hci_conn *conn; 1388 u8 status = 0; 1389 int err; 1390 1391 if (len != sizeof(*cp)) 1392 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE, 1393 MGMT_STATUS_INVALID_PARAMS); 1394 1395 hdev = hci_dev_get(index); 1396 if (!hdev) 1397 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE, 1398 MGMT_STATUS_INVALID_PARAMS); 1399 1400 hci_dev_lock(hdev); 1401 1402 memset(&rp, 0, sizeof(rp)); 1403 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1404 rp.addr.type = cp->addr.type; 1405 1406 if (cp->addr.type == MGMT_ADDR_BREDR) 1407 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 1408 else 1409 err = hci_remove_ltk(hdev, &cp->addr.bdaddr); 1410 1411 if (err < 0) { 1412 status = MGMT_STATUS_NOT_PAIRED; 1413 goto unlock; 1414 } 1415 1416 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) { 1417 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status, 1418 &rp, sizeof(rp)); 1419 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 1420 goto unlock; 1421 } 1422 1423 if (cp->addr.type == MGMT_ADDR_BREDR) 1424 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 1425 &cp->addr.bdaddr); 1426 else 1427 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, 1428 &cp->addr.bdaddr); 1429 1430 if (!conn) { 1431 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status, 1432 &rp, sizeof(rp)); 1433 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 1434 goto unlock; 1435 } 1436 1437 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 1438 sizeof(*cp)); 1439 if (!cmd) { 1440 err = -ENOMEM; 1441 goto unlock; 1442 } 1443 1444 put_unaligned_le16(conn->handle, &dc.handle); 1445 dc.reason = 0x13; /* Remote User Terminated Connection */ 1446 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1447 if (err < 0) 1448 mgmt_pending_remove(cmd); 1449 1450unlock: 1451 if (err < 0) 1452 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status, 1453 &rp, sizeof(rp)); 1454 hci_dev_unlock(hdev); 1455 hci_dev_put(hdev); 1456 1457 return err; 1458} 1459 1460static int disconnect(struct sock *sk, u16 index, void *data, u16 len) 1461{ 1462 struct hci_dev *hdev; 1463 struct mgmt_cp_disconnect *cp = data; 1464 struct hci_cp_disconnect dc; 1465 struct pending_cmd *cmd; 1466 struct hci_conn *conn; 1467 int err; 1468 1469 BT_DBG(""); 1470 1471 if (len != sizeof(*cp)) 1472 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1473 MGMT_STATUS_INVALID_PARAMS); 1474 1475 hdev = hci_dev_get(index); 1476 if (!hdev) 1477 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1478 MGMT_STATUS_INVALID_PARAMS); 1479 1480 hci_dev_lock(hdev); 1481 1482 if (!test_bit(HCI_UP, &hdev->flags)) { 1483 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1484 MGMT_STATUS_NOT_POWERED); 1485 goto failed; 1486 } 1487 1488 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1489 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1490 MGMT_STATUS_BUSY); 1491 goto failed; 1492 } 1493 1494 if (cp->addr.type == MGMT_ADDR_BREDR) 1495 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1496 else 1497 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 1498 1499 if (!conn) { 1500 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1501 MGMT_STATUS_NOT_CONNECTED); 1502 goto failed; 1503 } 1504 1505 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1506 if (!cmd) { 1507 err = -ENOMEM; 1508 goto failed; 1509 } 1510 1511 put_unaligned_le16(conn->handle, &dc.handle); 1512 dc.reason = 0x13; /* Remote User Terminated Connection */ 1513 1514 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1515 if (err < 0) 1516 mgmt_pending_remove(cmd); 1517 1518failed: 1519 hci_dev_unlock(hdev); 1520 hci_dev_put(hdev); 1521 1522 return err; 1523} 1524 1525static u8 link_to_mgmt(u8 link_type, u8 addr_type) 1526{ 1527 switch (link_type) { 1528 case LE_LINK: 1529 switch (addr_type) { 1530 case ADDR_LE_DEV_PUBLIC: 1531 return MGMT_ADDR_LE_PUBLIC; 1532 case ADDR_LE_DEV_RANDOM: 1533 return MGMT_ADDR_LE_RANDOM; 1534 default: 1535 return MGMT_ADDR_INVALID; 1536 } 1537 case ACL_LINK: 1538 return MGMT_ADDR_BREDR; 1539 default: 1540 return MGMT_ADDR_INVALID; 1541 } 1542} 1543 1544static int get_connections(struct sock *sk, u16 index) 1545{ 1546 struct mgmt_rp_get_connections *rp; 1547 struct hci_dev *hdev; 1548 struct hci_conn *c; 1549 size_t rp_len; 1550 u16 count; 1551 int i, err; 1552 1553 BT_DBG(""); 1554 1555 hdev = hci_dev_get(index); 1556 if (!hdev) 1557 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, 1558 MGMT_STATUS_INVALID_PARAMS); 1559 1560 hci_dev_lock(hdev); 1561 1562 count = 0; 1563 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1564 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1565 count++; 1566 } 1567 1568 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); 1569 rp = kmalloc(rp_len, GFP_ATOMIC); 1570 if (!rp) { 1571 err = -ENOMEM; 1572 goto unlock; 1573 } 1574 1575 put_unaligned_le16(count, &rp->conn_count); 1576 1577 i = 0; 1578 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1579 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1580 continue; 1581 bacpy(&rp->addr[i].bdaddr, &c->dst); 1582 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1583 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1584 continue; 1585 i++; 1586 } 1587 1588 /* Recalculate length in case of filtered SCO connections, etc */ 1589 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1590 1591 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len); 1592 1593unlock: 1594 kfree(rp); 1595 hci_dev_unlock(hdev); 1596 hci_dev_put(hdev); 1597 return err; 1598} 1599 1600static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1601 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1602{ 1603 struct pending_cmd *cmd; 1604 int err; 1605 1606 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1607 sizeof(*cp)); 1608 if (!cmd) 1609 return -ENOMEM; 1610 1611 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 1612 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 1613 if (err < 0) 1614 mgmt_pending_remove(cmd); 1615 1616 return err; 1617} 1618 1619static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len) 1620{ 1621 struct hci_dev *hdev; 1622 struct hci_conn *conn; 1623 struct mgmt_cp_pin_code_reply *cp = data; 1624 struct hci_cp_pin_code_reply reply; 1625 struct pending_cmd *cmd; 1626 int err; 1627 1628 BT_DBG(""); 1629 1630 if (len != sizeof(*cp)) 1631 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1632 MGMT_STATUS_INVALID_PARAMS); 1633 1634 hdev = hci_dev_get(index); 1635 if (!hdev) 1636 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1637 MGMT_STATUS_INVALID_PARAMS); 1638 1639 hci_dev_lock(hdev); 1640 1641 if (!hdev_is_powered(hdev)) { 1642 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1643 MGMT_STATUS_NOT_POWERED); 1644 goto failed; 1645 } 1646 1647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1648 if (!conn) { 1649 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1650 MGMT_STATUS_NOT_CONNECTED); 1651 goto failed; 1652 } 1653 1654 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1655 struct mgmt_cp_pin_code_neg_reply ncp; 1656 1657 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 1658 1659 BT_ERR("PIN code is not 16 bytes long"); 1660 1661 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1662 if (err >= 0) 1663 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1664 MGMT_STATUS_INVALID_PARAMS); 1665 1666 goto failed; 1667 } 1668 1669 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, 1670 len); 1671 if (!cmd) { 1672 err = -ENOMEM; 1673 goto failed; 1674 } 1675 1676 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 1677 reply.pin_len = cp->pin_len; 1678 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1679 1680 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1681 if (err < 0) 1682 mgmt_pending_remove(cmd); 1683 1684failed: 1685 hci_dev_unlock(hdev); 1686 hci_dev_put(hdev); 1687 1688 return err; 1689} 1690 1691static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len) 1692{ 1693 struct hci_dev *hdev; 1694 struct mgmt_cp_pin_code_neg_reply *cp = data; 1695 int err; 1696 1697 BT_DBG(""); 1698 1699 if (len != sizeof(*cp)) 1700 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1701 MGMT_STATUS_INVALID_PARAMS); 1702 1703 hdev = hci_dev_get(index); 1704 if (!hdev) 1705 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1706 MGMT_STATUS_INVALID_PARAMS); 1707 1708 hci_dev_lock(hdev); 1709 1710 if (!hdev_is_powered(hdev)) { 1711 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1712 MGMT_STATUS_NOT_POWERED); 1713 goto failed; 1714 } 1715 1716 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1717 1718failed: 1719 hci_dev_unlock(hdev); 1720 hci_dev_put(hdev); 1721 1722 return err; 1723} 1724 1725static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len) 1726{ 1727 struct hci_dev *hdev; 1728 struct mgmt_cp_set_io_capability *cp = data; 1729 1730 BT_DBG(""); 1731 1732 if (len != sizeof(*cp)) 1733 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1734 MGMT_STATUS_INVALID_PARAMS); 1735 1736 hdev = hci_dev_get(index); 1737 if (!hdev) 1738 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1739 MGMT_STATUS_INVALID_PARAMS); 1740 1741 hci_dev_lock(hdev); 1742 1743 hdev->io_capability = cp->io_capability; 1744 1745 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1746 hdev->io_capability); 1747 1748 hci_dev_unlock(hdev); 1749 hci_dev_put(hdev); 1750 1751 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0); 1752} 1753 1754static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1755{ 1756 struct hci_dev *hdev = conn->hdev; 1757 struct pending_cmd *cmd; 1758 1759 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1760 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1761 continue; 1762 1763 if (cmd->user_data != conn) 1764 continue; 1765 1766 return cmd; 1767 } 1768 1769 return NULL; 1770} 1771 1772static void pairing_complete(struct pending_cmd *cmd, u8 status) 1773{ 1774 struct mgmt_rp_pair_device rp; 1775 struct hci_conn *conn = cmd->user_data; 1776 1777 bacpy(&rp.addr.bdaddr, &conn->dst); 1778 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type); 1779 1780 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status, 1781 &rp, sizeof(rp)); 1782 1783 /* So we don't get further callbacks for this connection */ 1784 conn->connect_cfm_cb = NULL; 1785 conn->security_cfm_cb = NULL; 1786 conn->disconn_cfm_cb = NULL; 1787 1788 hci_conn_put(conn); 1789 1790 mgmt_pending_remove(cmd); 1791} 1792 1793static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1794{ 1795 struct pending_cmd *cmd; 1796 1797 BT_DBG("status %u", status); 1798 1799 cmd = find_pairing(conn); 1800 if (!cmd) 1801 BT_DBG("Unable to find a pending command"); 1802 else 1803 pairing_complete(cmd, mgmt_status(status)); 1804} 1805 1806static int pair_device(struct sock *sk, u16 index, void *data, u16 len) 1807{ 1808 struct hci_dev *hdev; 1809 struct mgmt_cp_pair_device *cp = data; 1810 struct mgmt_rp_pair_device rp; 1811 struct pending_cmd *cmd; 1812 u8 sec_level, auth_type; 1813 struct hci_conn *conn; 1814 int err; 1815 1816 BT_DBG(""); 1817 1818 if (len != sizeof(*cp)) 1819 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1820 MGMT_STATUS_INVALID_PARAMS); 1821 1822 hdev = hci_dev_get(index); 1823 if (!hdev) 1824 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1825 MGMT_STATUS_INVALID_PARAMS); 1826 1827 hci_dev_lock(hdev); 1828 1829 sec_level = BT_SECURITY_MEDIUM; 1830 if (cp->io_cap == 0x03) 1831 auth_type = HCI_AT_DEDICATED_BONDING; 1832 else 1833 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1834 1835 if (cp->addr.type == MGMT_ADDR_BREDR) 1836 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level, 1837 auth_type); 1838 else 1839 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level, 1840 auth_type); 1841 1842 memset(&rp, 0, sizeof(rp)); 1843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1844 rp.addr.type = cp->addr.type; 1845 1846 if (IS_ERR(conn)) { 1847 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1848 MGMT_STATUS_CONNECT_FAILED, 1849 &rp, sizeof(rp)); 1850 goto unlock; 1851 } 1852 1853 if (conn->connect_cfm_cb) { 1854 hci_conn_put(conn); 1855 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1856 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 1857 goto unlock; 1858 } 1859 1860 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1861 if (!cmd) { 1862 err = -ENOMEM; 1863 hci_conn_put(conn); 1864 goto unlock; 1865 } 1866 1867 /* For LE, just connecting isn't a proof that the pairing finished */ 1868 if (cp->addr.type == MGMT_ADDR_BREDR) 1869 conn->connect_cfm_cb = pairing_complete_cb; 1870 1871 conn->security_cfm_cb = pairing_complete_cb; 1872 conn->disconn_cfm_cb = pairing_complete_cb; 1873 conn->io_capability = cp->io_cap; 1874 cmd->user_data = conn; 1875 1876 if (conn->state == BT_CONNECTED && 1877 hci_conn_security(conn, sec_level, auth_type)) 1878 pairing_complete(cmd, 0); 1879 1880 err = 0; 1881 1882unlock: 1883 hci_dev_unlock(hdev); 1884 hci_dev_put(hdev); 1885 1886 return err; 1887} 1888 1889static int cancel_pair_device(struct sock *sk, u16 index, 1890 unsigned char *data, u16 len) 1891{ 1892 struct mgmt_addr_info *addr = (void *) data; 1893 struct hci_dev *hdev; 1894 struct pending_cmd *cmd; 1895 struct hci_conn *conn; 1896 int err; 1897 1898 BT_DBG(""); 1899 1900 if (len != sizeof(*addr)) 1901 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 1902 MGMT_STATUS_INVALID_PARAMS); 1903 1904 hdev = hci_dev_get(index); 1905 if (!hdev) 1906 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 1907 MGMT_STATUS_INVALID_PARAMS); 1908 1909 hci_dev_lock(hdev); 1910 1911 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev); 1912 if (!cmd) { 1913 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 1914 MGMT_STATUS_INVALID_PARAMS); 1915 goto unlock; 1916 } 1917 1918 conn = cmd->user_data; 1919 1920 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 1921 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 1922 MGMT_STATUS_INVALID_PARAMS); 1923 goto unlock; 1924 } 1925 1926 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 1927 1928 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr, 1929 sizeof(*addr)); 1930unlock: 1931 hci_dev_unlock(hdev); 1932 hci_dev_put(hdev); 1933 1934 return err; 1935} 1936 1937static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr, 1938 u8 type, u16 mgmt_op, u16 hci_op, 1939 __le32 passkey) 1940{ 1941 struct pending_cmd *cmd; 1942 struct hci_dev *hdev; 1943 struct hci_conn *conn; 1944 int err; 1945 1946 hdev = hci_dev_get(index); 1947 if (!hdev) 1948 return cmd_status(sk, index, mgmt_op, 1949 MGMT_STATUS_INVALID_PARAMS); 1950 1951 hci_dev_lock(hdev); 1952 1953 if (!hdev_is_powered(hdev)) { 1954 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED); 1955 goto done; 1956 } 1957 1958 if (type == MGMT_ADDR_BREDR) 1959 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 1960 else 1961 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 1962 1963 if (!conn) { 1964 err = cmd_status(sk, index, mgmt_op, 1965 MGMT_STATUS_NOT_CONNECTED); 1966 goto done; 1967 } 1968 1969 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) { 1970 /* Continue with pairing via SMP */ 1971 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 1972 1973 if (!err) 1974 err = cmd_status(sk, index, mgmt_op, 1975 MGMT_STATUS_SUCCESS); 1976 else 1977 err = cmd_status(sk, index, mgmt_op, 1978 MGMT_STATUS_FAILED); 1979 1980 goto done; 1981 } 1982 1983 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 1984 if (!cmd) { 1985 err = -ENOMEM; 1986 goto done; 1987 } 1988 1989 /* Continue with pairing via HCI */ 1990 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 1991 struct hci_cp_user_passkey_reply cp; 1992 1993 bacpy(&cp.bdaddr, bdaddr); 1994 cp.passkey = passkey; 1995 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 1996 } else 1997 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 1998 1999 if (err < 0) 2000 mgmt_pending_remove(cmd); 2001 2002done: 2003 hci_dev_unlock(hdev); 2004 hci_dev_put(hdev); 2005 2006 return err; 2007} 2008 2009static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len) 2010{ 2011 struct mgmt_cp_user_confirm_reply *cp = data; 2012 2013 BT_DBG(""); 2014 2015 if (len != sizeof(*cp)) 2016 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY, 2017 MGMT_STATUS_INVALID_PARAMS); 2018 2019 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type, 2020 MGMT_OP_USER_CONFIRM_REPLY, 2021 HCI_OP_USER_CONFIRM_REPLY, 0); 2022} 2023 2024static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data, 2025 u16 len) 2026{ 2027 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2028 2029 BT_DBG(""); 2030 2031 if (len != sizeof(*cp)) 2032 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY, 2033 MGMT_STATUS_INVALID_PARAMS); 2034 2035 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type, 2036 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2037 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2038} 2039 2040static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len) 2041{ 2042 struct mgmt_cp_user_passkey_reply *cp = data; 2043 2044 BT_DBG(""); 2045 2046 if (len != sizeof(*cp)) 2047 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY, 2048 EINVAL); 2049 2050 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type, 2051 MGMT_OP_USER_PASSKEY_REPLY, 2052 HCI_OP_USER_PASSKEY_REPLY, 2053 cp->passkey); 2054} 2055 2056static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data, 2057 u16 len) 2058{ 2059 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2060 2061 BT_DBG(""); 2062 2063 if (len != sizeof(*cp)) 2064 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY, 2065 EINVAL); 2066 2067 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type, 2068 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2069 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2070} 2071 2072static int set_local_name(struct sock *sk, u16 index, void *data, 2073 u16 len) 2074{ 2075 struct mgmt_cp_set_local_name *mgmt_cp = data; 2076 struct hci_cp_write_local_name hci_cp; 2077 struct hci_dev *hdev; 2078 struct pending_cmd *cmd; 2079 int err; 2080 2081 BT_DBG(""); 2082 2083 if (len != sizeof(*mgmt_cp)) 2084 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 2085 MGMT_STATUS_INVALID_PARAMS); 2086 2087 hdev = hci_dev_get(index); 2088 if (!hdev) 2089 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 2090 MGMT_STATUS_INVALID_PARAMS); 2091 2092 hci_dev_lock(hdev); 2093 2094 if (!hdev_is_powered(hdev)) { 2095 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 2096 MGMT_STATUS_NOT_POWERED); 2097 goto failed; 2098 } 2099 2100 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, 2101 len); 2102 if (!cmd) { 2103 err = -ENOMEM; 2104 goto failed; 2105 } 2106 2107 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 2108 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 2109 &hci_cp); 2110 if (err < 0) 2111 mgmt_pending_remove(cmd); 2112 2113failed: 2114 hci_dev_unlock(hdev); 2115 hci_dev_put(hdev); 2116 2117 return err; 2118} 2119 2120static int read_local_oob_data(struct sock *sk, u16 index) 2121{ 2122 struct hci_dev *hdev; 2123 struct pending_cmd *cmd; 2124 int err; 2125 2126 BT_DBG("hci%u", index); 2127 2128 hdev = hci_dev_get(index); 2129 if (!hdev) 2130 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2131 MGMT_STATUS_INVALID_PARAMS); 2132 2133 hci_dev_lock(hdev); 2134 2135 if (!hdev_is_powered(hdev)) { 2136 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2137 MGMT_STATUS_NOT_POWERED); 2138 goto unlock; 2139 } 2140 2141 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 2142 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2143 MGMT_STATUS_NOT_SUPPORTED); 2144 goto unlock; 2145 } 2146 2147 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 2148 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2149 MGMT_STATUS_BUSY); 2150 goto unlock; 2151 } 2152 2153 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 2154 if (!cmd) { 2155 err = -ENOMEM; 2156 goto unlock; 2157 } 2158 2159 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 2160 if (err < 0) 2161 mgmt_pending_remove(cmd); 2162 2163unlock: 2164 hci_dev_unlock(hdev); 2165 hci_dev_put(hdev); 2166 2167 return err; 2168} 2169 2170static int add_remote_oob_data(struct sock *sk, u16 index, void *data, 2171 u16 len) 2172{ 2173 struct hci_dev *hdev; 2174 struct mgmt_cp_add_remote_oob_data *cp = data; 2175 u8 status; 2176 int err; 2177 2178 BT_DBG("hci%u ", index); 2179 2180 if (len != sizeof(*cp)) 2181 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 2182 MGMT_STATUS_INVALID_PARAMS); 2183 2184 hdev = hci_dev_get(index); 2185 if (!hdev) 2186 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 2187 MGMT_STATUS_INVALID_PARAMS, 2188 &cp->addr, sizeof(cp->addr)); 2189 2190 hci_dev_lock(hdev); 2191 2192 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash, 2193 cp->randomizer); 2194 if (err < 0) 2195 status = MGMT_STATUS_FAILED; 2196 else 2197 status = 0; 2198 2199 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status, 2200 &cp->addr, sizeof(cp->addr)); 2201 2202 hci_dev_unlock(hdev); 2203 hci_dev_put(hdev); 2204 2205 return err; 2206} 2207 2208static int remove_remote_oob_data(struct sock *sk, u16 index, 2209 void *data, u16 len) 2210{ 2211 struct hci_dev *hdev; 2212 struct mgmt_cp_remove_remote_oob_data *cp = data; 2213 u8 status; 2214 int err; 2215 2216 BT_DBG("hci%u ", index); 2217 2218 if (len != sizeof(*cp)) 2219 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2220 MGMT_STATUS_INVALID_PARAMS); 2221 2222 hdev = hci_dev_get(index); 2223 if (!hdev) 2224 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2225 MGMT_STATUS_INVALID_PARAMS, 2226 &cp->addr, sizeof(cp->addr)); 2227 2228 hci_dev_lock(hdev); 2229 2230 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 2231 if (err < 0) 2232 status = MGMT_STATUS_INVALID_PARAMS; 2233 else 2234 status = 0; 2235 2236 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status, 2237 &cp->addr, sizeof(cp->addr)); 2238 2239 hci_dev_unlock(hdev); 2240 hci_dev_put(hdev); 2241 2242 return err; 2243} 2244 2245static int discovery(struct hci_dev *hdev) 2246{ 2247 int err; 2248 2249 if (lmp_host_le_capable(hdev)) { 2250 if (lmp_bredr_capable(hdev)) { 2251 err = hci_le_scan(hdev, LE_SCAN_TYPE, 2252 LE_SCAN_INT, LE_SCAN_WIN, 2253 LE_SCAN_TIMEOUT_BREDR_LE); 2254 } else { 2255 hdev->discovery.type = DISCOV_TYPE_LE; 2256 err = hci_le_scan(hdev, LE_SCAN_TYPE, 2257 LE_SCAN_INT, LE_SCAN_WIN, 2258 LE_SCAN_TIMEOUT_LE_ONLY); 2259 } 2260 } else { 2261 hdev->discovery.type = DISCOV_TYPE_BREDR; 2262 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2263 } 2264 2265 return err; 2266} 2267 2268int mgmt_interleaved_discovery(struct hci_dev *hdev) 2269{ 2270 int err; 2271 2272 BT_DBG("%s", hdev->name); 2273 2274 hci_dev_lock(hdev); 2275 2276 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE); 2277 if (err < 0) 2278 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2279 2280 hci_dev_unlock(hdev); 2281 2282 return err; 2283} 2284 2285static int start_discovery(struct sock *sk, u16 index, 2286 void *data, u16 len) 2287{ 2288 struct mgmt_cp_start_discovery *cp = data; 2289 struct pending_cmd *cmd; 2290 struct hci_dev *hdev; 2291 int err; 2292 2293 BT_DBG("hci%u", index); 2294 2295 if (len != sizeof(*cp)) 2296 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 2297 MGMT_STATUS_INVALID_PARAMS); 2298 2299 hdev = hci_dev_get(index); 2300 if (!hdev) 2301 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 2302 MGMT_STATUS_INVALID_PARAMS); 2303 2304 hci_dev_lock(hdev); 2305 2306 if (!hdev_is_powered(hdev)) { 2307 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 2308 MGMT_STATUS_NOT_POWERED); 2309 goto failed; 2310 } 2311 2312 if (hdev->discovery.state != DISCOVERY_STOPPED) { 2313 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 2314 MGMT_STATUS_BUSY); 2315 goto failed; 2316 } 2317 2318 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 2319 if (!cmd) { 2320 err = -ENOMEM; 2321 goto failed; 2322 } 2323 2324 hdev->discovery.type = cp->type; 2325 2326 switch (hdev->discovery.type) { 2327 case DISCOV_TYPE_BREDR: 2328 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2329 break; 2330 2331 case DISCOV_TYPE_LE: 2332 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2333 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2334 break; 2335 2336 case DISCOV_TYPE_INTERLEAVED: 2337 err = discovery(hdev); 2338 break; 2339 2340 default: 2341 err = -EINVAL; 2342 } 2343 2344 if (err < 0) 2345 mgmt_pending_remove(cmd); 2346 else 2347 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 2348 2349failed: 2350 hci_dev_unlock(hdev); 2351 hci_dev_put(hdev); 2352 2353 return err; 2354} 2355 2356static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len) 2357{ 2358 struct mgmt_cp_stop_discovery *mgmt_cp = data; 2359 struct hci_dev *hdev; 2360 struct pending_cmd *cmd; 2361 struct hci_cp_remote_name_req_cancel cp; 2362 struct inquiry_entry *e; 2363 int err; 2364 2365 BT_DBG("hci%u", index); 2366 2367 if (len != sizeof(*mgmt_cp)) 2368 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, 2369 MGMT_STATUS_INVALID_PARAMS); 2370 2371 hdev = hci_dev_get(index); 2372 if (!hdev) 2373 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, 2374 MGMT_STATUS_INVALID_PARAMS); 2375 2376 hci_dev_lock(hdev); 2377 2378 if (!hci_discovery_active(hdev)) { 2379 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 2380 MGMT_STATUS_REJECTED, 2381 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2382 goto unlock; 2383 } 2384 2385 if (hdev->discovery.type != mgmt_cp->type) { 2386 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 2387 MGMT_STATUS_INVALID_PARAMS, 2388 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2389 goto unlock; 2390 } 2391 2392 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 2393 if (!cmd) { 2394 err = -ENOMEM; 2395 goto unlock; 2396 } 2397 2398 if (hdev->discovery.state == DISCOVERY_FINDING) { 2399 err = hci_cancel_inquiry(hdev); 2400 if (err < 0) 2401 mgmt_pending_remove(cmd); 2402 else 2403 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2404 goto unlock; 2405 } 2406 2407 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING); 2408 if (!e) { 2409 mgmt_pending_remove(cmd); 2410 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0, 2411 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2412 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2413 goto unlock; 2414 } 2415 2416 bacpy(&cp.bdaddr, &e->data.bdaddr); 2417 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 2418 sizeof(cp), &cp); 2419 if (err < 0) 2420 mgmt_pending_remove(cmd); 2421 else 2422 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2423 2424unlock: 2425 hci_dev_unlock(hdev); 2426 hci_dev_put(hdev); 2427 2428 return err; 2429} 2430 2431static int confirm_name(struct sock *sk, u16 index, void *data, u16 len) 2432{ 2433 struct mgmt_cp_confirm_name *cp = data; 2434 struct inquiry_entry *e; 2435 struct hci_dev *hdev; 2436 int err; 2437 2438 BT_DBG("hci%u", index); 2439 2440 if (len != sizeof(*cp)) 2441 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2442 MGMT_STATUS_INVALID_PARAMS); 2443 2444 hdev = hci_dev_get(index); 2445 if (!hdev) 2446 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2447 MGMT_STATUS_INVALID_PARAMS); 2448 2449 hci_dev_lock(hdev); 2450 2451 if (!hci_discovery_active(hdev)) { 2452 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2453 MGMT_STATUS_FAILED); 2454 goto failed; 2455 } 2456 2457 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 2458 if (!e) { 2459 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME, 2460 MGMT_STATUS_INVALID_PARAMS); 2461 goto failed; 2462 } 2463 2464 if (cp->name_known) { 2465 e->name_state = NAME_KNOWN; 2466 list_del(&e->list); 2467 } else { 2468 e->name_state = NAME_NEEDED; 2469 hci_inquiry_cache_update_resolve(hdev, e); 2470 } 2471 2472 err = 0; 2473 2474failed: 2475 hci_dev_unlock(hdev); 2476 2477 return err; 2478} 2479 2480static int block_device(struct sock *sk, u16 index, void *data, u16 len) 2481{ 2482 struct hci_dev *hdev; 2483 struct mgmt_cp_block_device *cp = data; 2484 u8 status; 2485 int err; 2486 2487 BT_DBG("hci%u", index); 2488 2489 if (len != sizeof(*cp)) 2490 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2491 MGMT_STATUS_INVALID_PARAMS); 2492 2493 hdev = hci_dev_get(index); 2494 if (!hdev) 2495 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 2496 MGMT_STATUS_INVALID_PARAMS, 2497 &cp->addr, sizeof(cp->addr)); 2498 2499 hci_dev_lock(hdev); 2500 2501 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type); 2502 if (err < 0) 2503 status = MGMT_STATUS_FAILED; 2504 else 2505 status = 0; 2506 2507 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status, 2508 &cp->addr, sizeof(cp->addr)); 2509 2510 hci_dev_unlock(hdev); 2511 hci_dev_put(hdev); 2512 2513 return err; 2514} 2515 2516static int unblock_device(struct sock *sk, u16 index, void *data, u16 len) 2517{ 2518 struct hci_dev *hdev; 2519 struct mgmt_cp_unblock_device *cp = data; 2520 u8 status; 2521 int err; 2522 2523 BT_DBG("hci%u", index); 2524 2525 if (len != sizeof(*cp)) 2526 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2527 MGMT_STATUS_INVALID_PARAMS); 2528 2529 hdev = hci_dev_get(index); 2530 if (!hdev) 2531 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2532 MGMT_STATUS_INVALID_PARAMS, 2533 &cp->addr, sizeof(cp->addr)); 2534 2535 hci_dev_lock(hdev); 2536 2537 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type); 2538 if (err < 0) 2539 status = MGMT_STATUS_INVALID_PARAMS; 2540 else 2541 status = 0; 2542 2543 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status, 2544 &cp->addr, sizeof(cp->addr)); 2545 2546 hci_dev_unlock(hdev); 2547 hci_dev_put(hdev); 2548 2549 return err; 2550} 2551 2552static int set_fast_connectable(struct sock *sk, u16 index, 2553 void *data, u16 len) 2554{ 2555 struct hci_dev *hdev; 2556 struct mgmt_mode *cp = data; 2557 struct hci_cp_write_page_scan_activity acp; 2558 u8 type; 2559 int err; 2560 2561 BT_DBG("hci%u", index); 2562 2563 if (len != sizeof(*cp)) 2564 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2565 MGMT_STATUS_INVALID_PARAMS); 2566 2567 hdev = hci_dev_get(index); 2568 if (!hdev) 2569 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2570 MGMT_STATUS_INVALID_PARAMS); 2571 if (!hdev_is_powered(hdev)) 2572 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2573 MGMT_STATUS_NOT_POWERED); 2574 2575 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2576 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2577 MGMT_STATUS_REJECTED); 2578 2579 hci_dev_lock(hdev); 2580 2581 if (cp->val) { 2582 type = PAGE_SCAN_TYPE_INTERLACED; 2583 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 2584 } else { 2585 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2586 acp.interval = 0x0800; /* default 1.28 sec page scan */ 2587 } 2588 2589 acp.window = 0x0012; /* default 11.25 msec page scan window */ 2590 2591 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2592 sizeof(acp), &acp); 2593 if (err < 0) { 2594 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2595 MGMT_STATUS_FAILED); 2596 goto done; 2597 } 2598 2599 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2600 if (err < 0) { 2601 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2602 MGMT_STATUS_FAILED); 2603 goto done; 2604 } 2605 2606 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0, 2607 NULL, 0); 2608done: 2609 hci_dev_unlock(hdev); 2610 hci_dev_put(hdev); 2611 2612 return err; 2613} 2614 2615static int load_long_term_keys(struct sock *sk, u16 index, 2616 void *cp_data, u16 len) 2617{ 2618 struct hci_dev *hdev; 2619 struct mgmt_cp_load_long_term_keys *cp = cp_data; 2620 u16 key_count, expected_len; 2621 int i; 2622 2623 if (len < sizeof(*cp)) 2624 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS, 2625 EINVAL); 2626 2627 key_count = get_unaligned_le16(&cp->key_count); 2628 2629 expected_len = sizeof(*cp) + key_count * 2630 sizeof(struct mgmt_ltk_info); 2631 if (expected_len != len) { 2632 BT_ERR("load_keys: expected %u bytes, got %u bytes", 2633 len, expected_len); 2634 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS, 2635 EINVAL); 2636 } 2637 2638 hdev = hci_dev_get(index); 2639 if (!hdev) 2640 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS, 2641 ENODEV); 2642 2643 BT_DBG("hci%u key_count %u", index, key_count); 2644 2645 hci_dev_lock(hdev); 2646 2647 hci_smp_ltks_clear(hdev); 2648 2649 for (i = 0; i < key_count; i++) { 2650 struct mgmt_ltk_info *key = &cp->keys[i]; 2651 u8 type; 2652 2653 if (key->master) 2654 type = HCI_SMP_LTK; 2655 else 2656 type = HCI_SMP_LTK_SLAVE; 2657 2658 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type, 2659 type, 0, key->authenticated, key->val, 2660 key->enc_size, key->ediv, key->rand); 2661 } 2662 2663 hci_dev_unlock(hdev); 2664 hci_dev_put(hdev); 2665 2666 return 0; 2667} 2668 2669int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2670{ 2671 void *buf; 2672 u8 *cp; 2673 struct mgmt_hdr *hdr; 2674 u16 opcode, index, len; 2675 int err; 2676 2677 BT_DBG("got %zu bytes", msglen); 2678 2679 if (msglen < sizeof(*hdr)) 2680 return -EINVAL; 2681 2682 buf = kmalloc(msglen, GFP_KERNEL); 2683 if (!buf) 2684 return -ENOMEM; 2685 2686 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2687 err = -EFAULT; 2688 goto done; 2689 } 2690 2691 hdr = buf; 2692 opcode = get_unaligned_le16(&hdr->opcode); 2693 index = get_unaligned_le16(&hdr->index); 2694 len = get_unaligned_le16(&hdr->len); 2695 2696 if (len != msglen - sizeof(*hdr)) { 2697 err = -EINVAL; 2698 goto done; 2699 } 2700 2701 cp = buf + sizeof(*hdr); 2702 2703 switch (opcode) { 2704 case MGMT_OP_READ_VERSION: 2705 err = read_version(sk); 2706 break; 2707 case MGMT_OP_READ_COMMANDS: 2708 err = read_commands(sk); 2709 break; 2710 case MGMT_OP_READ_INDEX_LIST: 2711 err = read_index_list(sk); 2712 break; 2713 case MGMT_OP_READ_INFO: 2714 err = read_controller_info(sk, index); 2715 break; 2716 case MGMT_OP_SET_POWERED: 2717 err = set_powered(sk, index, cp, len); 2718 break; 2719 case MGMT_OP_SET_DISCOVERABLE: 2720 err = set_discoverable(sk, index, cp, len); 2721 break; 2722 case MGMT_OP_SET_CONNECTABLE: 2723 err = set_connectable(sk, index, cp, len); 2724 break; 2725 case MGMT_OP_SET_FAST_CONNECTABLE: 2726 err = set_fast_connectable(sk, index, cp, len); 2727 break; 2728 case MGMT_OP_SET_PAIRABLE: 2729 err = set_pairable(sk, index, cp, len); 2730 break; 2731 case MGMT_OP_SET_LINK_SECURITY: 2732 err = set_link_security(sk, index, cp, len); 2733 break; 2734 case MGMT_OP_SET_SSP: 2735 err = set_ssp(sk, index, cp, len); 2736 break; 2737 case MGMT_OP_SET_HS: 2738 err = set_hs(sk, index, cp, len); 2739 break; 2740 case MGMT_OP_ADD_UUID: 2741 err = add_uuid(sk, index, cp, len); 2742 break; 2743 case MGMT_OP_REMOVE_UUID: 2744 err = remove_uuid(sk, index, cp, len); 2745 break; 2746 case MGMT_OP_SET_DEV_CLASS: 2747 err = set_dev_class(sk, index, cp, len); 2748 break; 2749 case MGMT_OP_LOAD_LINK_KEYS: 2750 err = load_link_keys(sk, index, cp, len); 2751 break; 2752 case MGMT_OP_DISCONNECT: 2753 err = disconnect(sk, index, cp, len); 2754 break; 2755 case MGMT_OP_GET_CONNECTIONS: 2756 err = get_connections(sk, index); 2757 break; 2758 case MGMT_OP_PIN_CODE_REPLY: 2759 err = pin_code_reply(sk, index, cp, len); 2760 break; 2761 case MGMT_OP_PIN_CODE_NEG_REPLY: 2762 err = pin_code_neg_reply(sk, index, cp, len); 2763 break; 2764 case MGMT_OP_SET_IO_CAPABILITY: 2765 err = set_io_capability(sk, index, cp, len); 2766 break; 2767 case MGMT_OP_PAIR_DEVICE: 2768 err = pair_device(sk, index, cp, len); 2769 break; 2770 case MGMT_OP_CANCEL_PAIR_DEVICE: 2771 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len); 2772 break; 2773 case MGMT_OP_UNPAIR_DEVICE: 2774 err = unpair_device(sk, index, cp, len); 2775 break; 2776 case MGMT_OP_USER_CONFIRM_REPLY: 2777 err = user_confirm_reply(sk, index, cp, len); 2778 break; 2779 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 2780 err = user_confirm_neg_reply(sk, index, cp, len); 2781 break; 2782 case MGMT_OP_USER_PASSKEY_REPLY: 2783 err = user_passkey_reply(sk, index, cp, len); 2784 break; 2785 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 2786 err = user_passkey_neg_reply(sk, index, cp, len); 2787 break; 2788 case MGMT_OP_SET_LOCAL_NAME: 2789 err = set_local_name(sk, index, cp, len); 2790 break; 2791 case MGMT_OP_READ_LOCAL_OOB_DATA: 2792 err = read_local_oob_data(sk, index); 2793 break; 2794 case MGMT_OP_ADD_REMOTE_OOB_DATA: 2795 err = add_remote_oob_data(sk, index, cp, len); 2796 break; 2797 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 2798 err = remove_remote_oob_data(sk, index, cp, len); 2799 break; 2800 case MGMT_OP_START_DISCOVERY: 2801 err = start_discovery(sk, index, cp, len); 2802 break; 2803 case MGMT_OP_STOP_DISCOVERY: 2804 err = stop_discovery(sk, index, cp, len); 2805 break; 2806 case MGMT_OP_CONFIRM_NAME: 2807 err = confirm_name(sk, index, cp, len); 2808 break; 2809 case MGMT_OP_BLOCK_DEVICE: 2810 err = block_device(sk, index, cp, len); 2811 break; 2812 case MGMT_OP_UNBLOCK_DEVICE: 2813 err = unblock_device(sk, index, cp, len); 2814 break; 2815 case MGMT_OP_LOAD_LONG_TERM_KEYS: 2816 err = load_long_term_keys(sk, index, cp, len); 2817 break; 2818 default: 2819 BT_DBG("Unknown op %u", opcode); 2820 err = cmd_status(sk, index, opcode, 2821 MGMT_STATUS_UNKNOWN_COMMAND); 2822 break; 2823 } 2824 2825 if (err < 0) 2826 goto done; 2827 2828 err = msglen; 2829 2830done: 2831 kfree(buf); 2832 return err; 2833} 2834 2835static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2836{ 2837 u8 *status = data; 2838 2839 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 2840 mgmt_pending_remove(cmd); 2841} 2842 2843int mgmt_index_added(struct hci_dev *hdev) 2844{ 2845 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 2846} 2847 2848int mgmt_index_removed(struct hci_dev *hdev) 2849{ 2850 u8 status = ENODEV; 2851 2852 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2853 2854 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 2855} 2856 2857struct cmd_lookup { 2858 struct sock *sk; 2859 struct hci_dev *hdev; 2860}; 2861 2862static void settings_rsp(struct pending_cmd *cmd, void *data) 2863{ 2864 struct cmd_lookup *match = data; 2865 2866 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 2867 2868 list_del(&cmd->list); 2869 2870 if (match->sk == NULL) { 2871 match->sk = cmd->sk; 2872 sock_hold(match->sk); 2873 } 2874 2875 mgmt_pending_free(cmd); 2876} 2877 2878int mgmt_powered(struct hci_dev *hdev, u8 powered) 2879{ 2880 struct cmd_lookup match = { NULL, hdev }; 2881 __le32 ev; 2882 int err; 2883 2884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2885 2886 if (!powered) { 2887 u8 status = ENETDOWN; 2888 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2889 } 2890 2891 ev = cpu_to_le32(get_current_settings(hdev)); 2892 2893 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2894 match.sk); 2895 2896 if (match.sk) 2897 sock_put(match.sk); 2898 2899 return err; 2900} 2901 2902int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2903{ 2904 struct cmd_lookup match = { NULL, hdev }; 2905 __le32 ev; 2906 int err; 2907 2908 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match); 2909 2910 ev = cpu_to_le32(get_current_settings(hdev)); 2911 2912 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2913 match.sk); 2914 if (match.sk) 2915 sock_put(match.sk); 2916 2917 return err; 2918} 2919 2920int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2921{ 2922 __le32 ev; 2923 struct cmd_lookup match = { NULL, hdev }; 2924 int err; 2925 2926 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2927 &match); 2928 2929 ev = cpu_to_le32(get_current_settings(hdev)); 2930 2931 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 2932 2933 if (match.sk) 2934 sock_put(match.sk); 2935 2936 return err; 2937} 2938 2939int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2940{ 2941 u8 mgmt_err = mgmt_status(status); 2942 2943 if (scan & SCAN_PAGE) 2944 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2945 cmd_status_rsp, &mgmt_err); 2946 2947 if (scan & SCAN_INQUIRY) 2948 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2949 cmd_status_rsp, &mgmt_err); 2950 2951 return 0; 2952} 2953 2954int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2955 u8 persistent) 2956{ 2957 struct mgmt_ev_new_link_key ev; 2958 2959 memset(&ev, 0, sizeof(ev)); 2960 2961 ev.store_hint = persistent; 2962 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2963 ev.key.addr.type = MGMT_ADDR_BREDR; 2964 ev.key.type = key->type; 2965 memcpy(ev.key.val, key->val, 16); 2966 ev.key.pin_len = key->pin_len; 2967 2968 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2969} 2970 2971int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent) 2972{ 2973 struct mgmt_ev_new_long_term_key ev; 2974 2975 memset(&ev, 0, sizeof(ev)); 2976 2977 ev.store_hint = persistent; 2978 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2979 ev.key.addr.type = key->bdaddr_type; 2980 ev.key.authenticated = key->authenticated; 2981 ev.key.enc_size = key->enc_size; 2982 ev.key.ediv = key->ediv; 2983 2984 if (key->type == HCI_SMP_LTK) 2985 ev.key.master = 1; 2986 2987 memcpy(ev.key.rand, key->rand, sizeof(key->rand)); 2988 memcpy(ev.key.val, key->val, sizeof(key->val)); 2989 2990 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, 2991 &ev, sizeof(ev), NULL); 2992} 2993 2994int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2995 u8 addr_type, u8 *name, u8 name_len, 2996 u8 *dev_class) 2997{ 2998 char buf[512]; 2999 struct mgmt_ev_device_connected *ev = (void *) buf; 3000 u16 eir_len = 0; 3001 3002 bacpy(&ev->addr.bdaddr, bdaddr); 3003 ev->addr.type = link_to_mgmt(link_type, addr_type); 3004 3005 if (name_len > 0) 3006 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 3007 name, name_len); 3008 3009 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 3010 eir_len = eir_append_data(&ev->eir[eir_len], eir_len, 3011 EIR_CLASS_OF_DEV, dev_class, 3); 3012 3013 put_unaligned_le16(eir_len, &ev->eir_len); 3014 3015 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 3016 sizeof(*ev) + eir_len, NULL); 3017} 3018 3019static void disconnect_rsp(struct pending_cmd *cmd, void *data) 3020{ 3021 struct mgmt_cp_disconnect *cp = cmd->param; 3022 struct sock **sk = data; 3023 struct mgmt_rp_disconnect rp; 3024 3025 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3026 rp.addr.type = cp->addr.type; 3027 3028 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp, 3029 sizeof(rp)); 3030 3031 *sk = cmd->sk; 3032 sock_hold(*sk); 3033 3034 mgmt_pending_remove(cmd); 3035} 3036 3037static void unpair_device_rsp(struct pending_cmd *cmd, void *data) 3038{ 3039 struct hci_dev *hdev = data; 3040 struct mgmt_cp_unpair_device *cp = cmd->param; 3041 struct mgmt_rp_unpair_device rp; 3042 3043 memset(&rp, 0, sizeof(rp)); 3044 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3045 rp.addr.type = cp->addr.type; 3046 3047 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 3048 3049 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 3050 3051 mgmt_pending_remove(cmd); 3052} 3053 3054int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 3055 u8 link_type, u8 addr_type) 3056{ 3057 struct mgmt_addr_info ev; 3058 struct sock *sk = NULL; 3059 int err; 3060 3061 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 3062 3063 bacpy(&ev.bdaddr, bdaddr); 3064 ev.type = link_to_mgmt(link_type, addr_type); 3065 3066 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 3067 sk); 3068 3069 if (sk) 3070 sock_put(sk); 3071 3072 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3073 hdev); 3074 3075 return err; 3076} 3077 3078int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 3079 u8 link_type, u8 addr_type, u8 status) 3080{ 3081 struct mgmt_rp_disconnect rp; 3082 struct pending_cmd *cmd; 3083 int err; 3084 3085 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3086 if (!cmd) 3087 return -ENOENT; 3088 3089 bacpy(&rp.addr.bdaddr, bdaddr); 3090 rp.addr.type = link_to_mgmt(link_type, addr_type); 3091 3092 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 3093 mgmt_status(status), &rp, sizeof(rp)); 3094 3095 mgmt_pending_remove(cmd); 3096 3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3098 hdev); 3099 return err; 3100} 3101 3102int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3103 u8 addr_type, u8 status) 3104{ 3105 struct mgmt_ev_connect_failed ev; 3106 3107 bacpy(&ev.addr.bdaddr, bdaddr); 3108 ev.addr.type = link_to_mgmt(link_type, addr_type); 3109 ev.status = mgmt_status(status); 3110 3111 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 3112} 3113 3114int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 3115{ 3116 struct mgmt_ev_pin_code_request ev; 3117 3118 bacpy(&ev.addr.bdaddr, bdaddr); 3119 ev.addr.type = MGMT_ADDR_BREDR; 3120 ev.secure = secure; 3121 3122 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 3123 NULL); 3124} 3125 3126int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3127 u8 status) 3128{ 3129 struct pending_cmd *cmd; 3130 struct mgmt_rp_pin_code_reply rp; 3131 int err; 3132 3133 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 3134 if (!cmd) 3135 return -ENOENT; 3136 3137 bacpy(&rp.addr.bdaddr, bdaddr); 3138 rp.addr.type = MGMT_ADDR_BREDR; 3139 3140 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3141 mgmt_status(status), &rp, sizeof(rp)); 3142 3143 mgmt_pending_remove(cmd); 3144 3145 return err; 3146} 3147 3148int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3149 u8 status) 3150{ 3151 struct pending_cmd *cmd; 3152 struct mgmt_rp_pin_code_reply rp; 3153 int err; 3154 3155 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 3156 if (!cmd) 3157 return -ENOENT; 3158 3159 bacpy(&rp.addr.bdaddr, bdaddr); 3160 rp.addr.type = MGMT_ADDR_BREDR; 3161 3162 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 3163 mgmt_status(status), &rp, sizeof(rp)); 3164 3165 mgmt_pending_remove(cmd); 3166 3167 return err; 3168} 3169 3170int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3171 u8 link_type, u8 addr_type, __le32 value, 3172 u8 confirm_hint) 3173{ 3174 struct mgmt_ev_user_confirm_request ev; 3175 3176 BT_DBG("%s", hdev->name); 3177 3178 bacpy(&ev.addr.bdaddr, bdaddr); 3179 ev.addr.type = link_to_mgmt(link_type, addr_type); 3180 ev.confirm_hint = confirm_hint; 3181 put_unaligned_le32(value, &ev.value); 3182 3183 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 3184 NULL); 3185} 3186 3187int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3188 u8 link_type, u8 addr_type) 3189{ 3190 struct mgmt_ev_user_passkey_request ev; 3191 3192 BT_DBG("%s", hdev->name); 3193 3194 bacpy(&ev.addr.bdaddr, bdaddr); 3195 ev.addr.type = link_to_mgmt(link_type, addr_type); 3196 3197 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 3198 NULL); 3199} 3200 3201static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3202 u8 link_type, u8 addr_type, u8 status, 3203 u8 opcode) 3204{ 3205 struct pending_cmd *cmd; 3206 struct mgmt_rp_user_confirm_reply rp; 3207 int err; 3208 3209 cmd = mgmt_pending_find(opcode, hdev); 3210 if (!cmd) 3211 return -ENOENT; 3212 3213 bacpy(&rp.addr.bdaddr, bdaddr); 3214 rp.addr.type = link_to_mgmt(link_type, addr_type); 3215 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status), 3216 &rp, sizeof(rp)); 3217 3218 mgmt_pending_remove(cmd); 3219 3220 return err; 3221} 3222 3223int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3224 u8 link_type, u8 addr_type, u8 status) 3225{ 3226 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3227 status, MGMT_OP_USER_CONFIRM_REPLY); 3228} 3229 3230int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3231 u8 link_type, u8 addr_type, u8 status) 3232{ 3233 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3234 status, MGMT_OP_USER_CONFIRM_NEG_REPLY); 3235} 3236 3237int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3238 u8 link_type, u8 addr_type, u8 status) 3239{ 3240 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3241 status, MGMT_OP_USER_PASSKEY_REPLY); 3242} 3243 3244int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3245 u8 link_type, u8 addr_type, u8 status) 3246{ 3247 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3248 status, MGMT_OP_USER_PASSKEY_NEG_REPLY); 3249} 3250 3251int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3252 u8 addr_type, u8 status) 3253{ 3254 struct mgmt_ev_auth_failed ev; 3255 3256 bacpy(&ev.addr.bdaddr, bdaddr); 3257 ev.addr.type = link_to_mgmt(link_type, addr_type); 3258 ev.status = mgmt_status(status); 3259 3260 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 3261} 3262 3263int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 3264{ 3265 struct cmd_lookup match = { NULL, hdev }; 3266 __le32 ev; 3267 int err; 3268 3269 if (status) { 3270 u8 mgmt_err = mgmt_status(status); 3271 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 3272 cmd_status_rsp, &mgmt_err); 3273 return 0; 3274 } 3275 3276 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 3277 &match); 3278 3279 ev = cpu_to_le32(get_current_settings(hdev)); 3280 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 3281 3282 if (match.sk) 3283 sock_put(match.sk); 3284 3285 return err; 3286} 3287 3288static int clear_eir(struct hci_dev *hdev) 3289{ 3290 struct hci_cp_write_eir cp; 3291 3292 if (!(hdev->features[6] & LMP_EXT_INQ)) 3293 return 0; 3294 3295 memset(&cp, 0, sizeof(cp)); 3296 3297 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 3298} 3299 3300int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status) 3301{ 3302 struct cmd_lookup match = { NULL, hdev }; 3303 __le32 ev; 3304 int err; 3305 3306 if (status) { 3307 u8 mgmt_err = mgmt_status(status); 3308 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, 3309 cmd_status_rsp, &mgmt_err); 3310 return 0; 3311 } 3312 3313 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 3314 3315 ev = cpu_to_le32(get_current_settings(hdev)); 3316 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 3317 3318 if (match.sk) { 3319 sock_put(match.sk); 3320 3321 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3322 update_eir(hdev); 3323 else 3324 clear_eir(hdev); 3325 } 3326 3327 return err; 3328} 3329 3330int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 3331{ 3332 struct pending_cmd *cmd; 3333 struct mgmt_cp_set_local_name ev; 3334 int err; 3335 3336 memset(&ev, 0, sizeof(ev)); 3337 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3338 3339 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3340 if (!cmd) 3341 goto send_event; 3342 3343 if (status) { 3344 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3345 mgmt_status(status)); 3346 goto failed; 3347 } 3348 3349 update_eir(hdev); 3350 3351 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev, 3352 sizeof(ev)); 3353 if (err < 0) 3354 goto failed; 3355 3356send_event: 3357 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 3358 cmd ? cmd->sk : NULL); 3359 3360failed: 3361 if (cmd) 3362 mgmt_pending_remove(cmd); 3363 return err; 3364} 3365 3366int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 3367 u8 *randomizer, u8 status) 3368{ 3369 struct pending_cmd *cmd; 3370 int err; 3371 3372 BT_DBG("%s status %u", hdev->name, status); 3373 3374 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3375 if (!cmd) 3376 return -ENOENT; 3377 3378 if (status) { 3379 err = cmd_status(cmd->sk, hdev->id, 3380 MGMT_OP_READ_LOCAL_OOB_DATA, 3381 mgmt_status(status)); 3382 } else { 3383 struct mgmt_rp_read_local_oob_data rp; 3384 3385 memcpy(rp.hash, hash, sizeof(rp.hash)); 3386 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 3387 3388 err = cmd_complete(cmd->sk, hdev->id, 3389 MGMT_OP_READ_LOCAL_OOB_DATA, 3390 0, &rp, sizeof(rp)); 3391 } 3392 3393 mgmt_pending_remove(cmd); 3394 3395 return err; 3396} 3397 3398int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3399 u8 addr_type, u8 *dev_class, s8 rssi, 3400 u8 cfm_name, u8 *eir, u16 eir_len) 3401{ 3402 char buf[512]; 3403 struct mgmt_ev_device_found *ev = (void *) buf; 3404 size_t ev_size; 3405 3406 /* Leave 5 bytes for a potential CoD field */ 3407 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 3408 return -EINVAL; 3409 3410 memset(buf, 0, sizeof(buf)); 3411 3412 bacpy(&ev->addr.bdaddr, bdaddr); 3413 ev->addr.type = link_to_mgmt(link_type, addr_type); 3414 ev->rssi = rssi; 3415 ev->confirm_name = cfm_name; 3416 3417 if (eir_len > 0) 3418 memcpy(ev->eir, eir, eir_len); 3419 3420 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 3421 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 3422 dev_class, 3); 3423 3424 put_unaligned_le16(eir_len, &ev->eir_len); 3425 3426 ev_size = sizeof(*ev) + eir_len; 3427 3428 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3429} 3430 3431int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3432 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 3433{ 3434 struct mgmt_ev_device_found *ev; 3435 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 3436 u16 eir_len; 3437 3438 ev = (struct mgmt_ev_device_found *) buf; 3439 3440 memset(buf, 0, sizeof(buf)); 3441 3442 bacpy(&ev->addr.bdaddr, bdaddr); 3443 ev->addr.type = link_to_mgmt(link_type, addr_type); 3444 ev->rssi = rssi; 3445 3446 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 3447 name_len); 3448 3449 put_unaligned_le16(eir_len, &ev->eir_len); 3450 3451 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, 3452 sizeof(*ev) + eir_len, NULL); 3453} 3454 3455int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3456{ 3457 struct pending_cmd *cmd; 3458 u8 type; 3459 int err; 3460 3461 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3462 3463 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3464 if (!cmd) 3465 return -ENOENT; 3466 3467 type = hdev->discovery.type; 3468 3469 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3470 &type, sizeof(type)); 3471 mgmt_pending_remove(cmd); 3472 3473 return err; 3474} 3475 3476int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 3477{ 3478 struct pending_cmd *cmd; 3479 int err; 3480 3481 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3482 if (!cmd) 3483 return -ENOENT; 3484 3485 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3486 &hdev->discovery.type, 3487 sizeof(hdev->discovery.type)); 3488 mgmt_pending_remove(cmd); 3489 3490 return err; 3491} 3492 3493int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 3494{ 3495 struct mgmt_ev_discovering ev; 3496 struct pending_cmd *cmd; 3497 3498 BT_DBG("%s discovering %u", hdev->name, discovering); 3499 3500 if (discovering) 3501 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3502 else 3503 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3504 3505 if (cmd != NULL) { 3506 u8 type = hdev->discovery.type; 3507 3508 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, 3509 &type, sizeof(type)); 3510 mgmt_pending_remove(cmd); 3511 } 3512 3513 memset(&ev, 0, sizeof(ev)); 3514 ev.type = hdev->discovery.type; 3515 ev.discovering = discovering; 3516 3517 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 3518} 3519 3520int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3521{ 3522 struct pending_cmd *cmd; 3523 struct mgmt_ev_device_blocked ev; 3524 3525 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 3526 3527 bacpy(&ev.addr.bdaddr, bdaddr); 3528 ev.addr.type = type; 3529 3530 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 3531 cmd ? cmd->sk : NULL); 3532} 3533 3534int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3535{ 3536 struct pending_cmd *cmd; 3537 struct mgmt_ev_device_unblocked ev; 3538 3539 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 3540 3541 bacpy(&ev.addr.bdaddr, bdaddr); 3542 ev.addr.type = type; 3543 3544 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 3545 cmd ? cmd->sk : NULL); 3546} 3547 3548module_param(enable_hs, bool, 0644); 3549MODULE_PARM_DESC(enable_hs, "Enable High Speed support"); 3550 3551module_param(enable_le, bool, 0644); 3552MODULE_PARM_DESC(enable_le, "Enable Low Energy support"); 3553