mgmt.c revision 4f87da80a5210e66fb47b0e839f4d05016986f78
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/kernel.h> 28#include <linux/uaccess.h> 29#include <linux/module.h> 30#include <asm/unaligned.h> 31 32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/mgmt.h> 35#include <net/bluetooth/smp.h> 36 37bool enable_hs; 38bool enable_le; 39 40#define MGMT_VERSION 1 41#define MGMT_REVISION 0 42 43static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_PAIRABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81}; 82 83static const u16 mgmt_events[] = { 84 MGMT_EV_CONTROLLER_ERROR, 85 MGMT_EV_INDEX_ADDED, 86 MGMT_EV_INDEX_REMOVED, 87 MGMT_EV_NEW_SETTINGS, 88 MGMT_EV_CLASS_OF_DEV_CHANGED, 89 MGMT_EV_LOCAL_NAME_CHANGED, 90 MGMT_EV_NEW_LINK_KEY, 91 MGMT_EV_NEW_LONG_TERM_KEY, 92 MGMT_EV_DEVICE_CONNECTED, 93 MGMT_EV_DEVICE_DISCONNECTED, 94 MGMT_EV_CONNECT_FAILED, 95 MGMT_EV_PIN_CODE_REQUEST, 96 MGMT_EV_USER_CONFIRM_REQUEST, 97 MGMT_EV_USER_PASSKEY_REQUEST, 98 MGMT_EV_AUTH_FAILED, 99 MGMT_EV_DEVICE_FOUND, 100 MGMT_EV_DISCOVERING, 101 MGMT_EV_DEVICE_BLOCKED, 102 MGMT_EV_DEVICE_UNBLOCKED, 103 MGMT_EV_DEVICE_UNPAIRED, 104}; 105 106/* 107 * These LE scan and inquiry parameters were chosen according to LE General 108 * Discovery Procedure specification. 109 */ 110#define LE_SCAN_TYPE 0x01 111#define LE_SCAN_WIN 0x12 112#define LE_SCAN_INT 0x12 113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 115 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 118 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 120 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 123 124struct pending_cmd { 125 struct list_head list; 126 u16 opcode; 127 int index; 128 void *param; 129 struct sock *sk; 130 void *user_data; 131}; 132 133/* HCI to MGMT error code conversion table */ 134static u8 mgmt_status_table[] = { 135 MGMT_STATUS_SUCCESS, 136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 138 MGMT_STATUS_FAILED, /* Hardware Failure */ 139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 147 MGMT_STATUS_BUSY, /* Command Disallowed */ 148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 149 MGMT_STATUS_REJECTED, /* Rejected Security */ 150 MGMT_STATUS_REJECTED, /* Rejected Personal */ 151 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 158 MGMT_STATUS_BUSY, /* Repeated Attempts */ 159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 166 MGMT_STATUS_FAILED, /* Unspecified Error */ 167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 173 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 175 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 177 MGMT_STATUS_FAILED, /* Transaction Collision */ 178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 179 MGMT_STATUS_REJECTED, /* QoS Rejected */ 180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 181 MGMT_STATUS_REJECTED, /* Insufficient Security */ 182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 183 MGMT_STATUS_BUSY, /* Role Switch Pending */ 184 MGMT_STATUS_FAILED, /* Slot Violation */ 185 MGMT_STATUS_FAILED, /* Role Switch Failed */ 186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 188 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 190 MGMT_STATUS_BUSY, /* Controller Busy */ 191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 196}; 197 198static u8 mgmt_status(u8 hci_status) 199{ 200 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 201 return mgmt_status_table[hci_status]; 202 203 return MGMT_STATUS_FAILED; 204} 205 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 207{ 208 struct sk_buff *skb; 209 struct mgmt_hdr *hdr; 210 struct mgmt_ev_cmd_status *ev; 211 int err; 212 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 214 215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 216 if (!skb) 217 return -ENOMEM; 218 219 hdr = (void *) skb_put(skb, sizeof(*hdr)); 220 221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 222 hdr->index = cpu_to_le16(index); 223 hdr->len = cpu_to_le16(sizeof(*ev)); 224 225 ev = (void *) skb_put(skb, sizeof(*ev)); 226 ev->status = status; 227 put_unaligned_le16(cmd, &ev->opcode); 228 229 err = sock_queue_rcv_skb(sk, skb); 230 if (err < 0) 231 kfree_skb(skb); 232 233 return err; 234} 235 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, 237 void *rp, size_t rp_len) 238{ 239 struct sk_buff *skb; 240 struct mgmt_hdr *hdr; 241 struct mgmt_ev_cmd_complete *ev; 242 int err; 243 244 BT_DBG("sock %p", sk); 245 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 247 if (!skb) 248 return -ENOMEM; 249 250 hdr = (void *) skb_put(skb, sizeof(*hdr)); 251 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 253 hdr->index = cpu_to_le16(index); 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 255 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 257 put_unaligned_le16(cmd, &ev->opcode); 258 ev->status = status; 259 260 if (rp) 261 memcpy(ev->data, rp, rp_len); 262 263 err = sock_queue_rcv_skb(sk, skb); 264 if (err < 0) 265 kfree_skb(skb); 266 267 return err; 268} 269 270static int read_version(struct sock *sk, struct hci_dev *hdev, 271 void *data, u16 data_len) 272{ 273 struct mgmt_rp_read_version rp; 274 275 BT_DBG("sock %p", sk); 276 277 rp.version = MGMT_VERSION; 278 put_unaligned_le16(MGMT_REVISION, &rp.revision); 279 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp, 281 sizeof(rp)); 282} 283 284static int read_commands(struct sock *sk, struct hci_dev *hdev, 285 void *data, u16 data_len) 286{ 287 struct mgmt_rp_read_commands *rp; 288 u16 num_commands = ARRAY_SIZE(mgmt_commands); 289 u16 num_events = ARRAY_SIZE(mgmt_events); 290 u16 *opcode; 291 size_t rp_size; 292 int i, err; 293 294 BT_DBG("sock %p", sk); 295 296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 297 298 rp = kmalloc(rp_size, GFP_KERNEL); 299 if (!rp) 300 return -ENOMEM; 301 302 put_unaligned_le16(num_commands, &rp->num_commands); 303 put_unaligned_le16(num_events, &rp->num_events); 304 305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++) 306 put_unaligned_le16(mgmt_commands[i], opcode); 307 308 for (i = 0; i < num_events; i++, opcode++) 309 put_unaligned_le16(mgmt_events[i], opcode); 310 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp, 312 rp_size); 313 kfree(rp); 314 315 return err; 316} 317 318static int read_index_list(struct sock *sk, struct hci_dev *hdev, 319 void *data, u16 data_len) 320{ 321 struct mgmt_rp_read_index_list *rp; 322 struct list_head *p; 323 struct hci_dev *d; 324 size_t rp_len; 325 u16 count; 326 int i, err; 327 328 BT_DBG("sock %p", sk); 329 330 read_lock(&hci_dev_list_lock); 331 332 count = 0; 333 list_for_each(p, &hci_dev_list) { 334 count++; 335 } 336 337 rp_len = sizeof(*rp) + (2 * count); 338 rp = kmalloc(rp_len, GFP_ATOMIC); 339 if (!rp) { 340 read_unlock(&hci_dev_list_lock); 341 return -ENOMEM; 342 } 343 344 put_unaligned_le16(count, &rp->num_controllers); 345 346 i = 0; 347 list_for_each_entry(d, &hci_dev_list, list) { 348 if (test_bit(HCI_SETUP, &d->dev_flags)) 349 continue; 350 351 put_unaligned_le16(d->id, &rp->index[i++]); 352 BT_DBG("Added hci%u", d->id); 353 } 354 355 read_unlock(&hci_dev_list_lock); 356 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 358 rp_len); 359 360 kfree(rp); 361 362 return err; 363} 364 365static u32 get_supported_settings(struct hci_dev *hdev) 366{ 367 u32 settings = 0; 368 369 settings |= MGMT_SETTING_POWERED; 370 settings |= MGMT_SETTING_CONNECTABLE; 371 settings |= MGMT_SETTING_FAST_CONNECTABLE; 372 settings |= MGMT_SETTING_DISCOVERABLE; 373 settings |= MGMT_SETTING_PAIRABLE; 374 375 if (hdev->features[6] & LMP_SIMPLE_PAIR) 376 settings |= MGMT_SETTING_SSP; 377 378 if (!(hdev->features[4] & LMP_NO_BREDR)) { 379 settings |= MGMT_SETTING_BREDR; 380 settings |= MGMT_SETTING_LINK_SECURITY; 381 } 382 383 if (enable_hs) 384 settings |= MGMT_SETTING_HS; 385 386 if (enable_le) { 387 if (hdev->features[4] & LMP_LE) 388 settings |= MGMT_SETTING_LE; 389 } 390 391 return settings; 392} 393 394static u32 get_current_settings(struct hci_dev *hdev) 395{ 396 u32 settings = 0; 397 398 if (hdev_is_powered(hdev)) 399 settings |= MGMT_SETTING_POWERED; 400 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 402 settings |= MGMT_SETTING_CONNECTABLE; 403 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 405 settings |= MGMT_SETTING_DISCOVERABLE; 406 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 408 settings |= MGMT_SETTING_PAIRABLE; 409 410 if (!(hdev->features[4] & LMP_NO_BREDR)) 411 settings |= MGMT_SETTING_BREDR; 412 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 414 settings |= MGMT_SETTING_LE; 415 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 417 settings |= MGMT_SETTING_LINK_SECURITY; 418 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 420 settings |= MGMT_SETTING_SSP; 421 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 423 settings |= MGMT_SETTING_HS; 424 425 return settings; 426} 427 428#define PNP_INFO_SVCLASS_ID 0x1200 429 430static u8 bluetooth_base_uuid[] = { 431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 433}; 434 435static u16 get_uuid16(u8 *uuid128) 436{ 437 u32 val; 438 int i; 439 440 for (i = 0; i < 12; i++) { 441 if (bluetooth_base_uuid[i] != uuid128[i]) 442 return 0; 443 } 444 445 memcpy(&val, &uuid128[12], 4); 446 447 val = le32_to_cpu(val); 448 if (val > 0xffff) 449 return 0; 450 451 return (u16) val; 452} 453 454static void create_eir(struct hci_dev *hdev, u8 *data) 455{ 456 u8 *ptr = data; 457 u16 eir_len = 0; 458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 459 int i, truncated = 0; 460 struct bt_uuid *uuid; 461 size_t name_len; 462 463 name_len = strlen(hdev->dev_name); 464 465 if (name_len > 0) { 466 /* EIR Data type */ 467 if (name_len > 48) { 468 name_len = 48; 469 ptr[1] = EIR_NAME_SHORT; 470 } else 471 ptr[1] = EIR_NAME_COMPLETE; 472 473 /* EIR Data length */ 474 ptr[0] = name_len + 1; 475 476 memcpy(ptr + 2, hdev->dev_name, name_len); 477 478 eir_len += (name_len + 2); 479 ptr += (name_len + 2); 480 } 481 482 memset(uuid16_list, 0, sizeof(uuid16_list)); 483 484 /* Group all UUID16 types */ 485 list_for_each_entry(uuid, &hdev->uuids, list) { 486 u16 uuid16; 487 488 uuid16 = get_uuid16(uuid->uuid); 489 if (uuid16 == 0) 490 return; 491 492 if (uuid16 < 0x1100) 493 continue; 494 495 if (uuid16 == PNP_INFO_SVCLASS_ID) 496 continue; 497 498 /* Stop if not enough space to put next UUID */ 499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 500 truncated = 1; 501 break; 502 } 503 504 /* Check for duplicates */ 505 for (i = 0; uuid16_list[i] != 0; i++) 506 if (uuid16_list[i] == uuid16) 507 break; 508 509 if (uuid16_list[i] == 0) { 510 uuid16_list[i] = uuid16; 511 eir_len += sizeof(u16); 512 } 513 } 514 515 if (uuid16_list[0] != 0) { 516 u8 *length = ptr; 517 518 /* EIR Data type */ 519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 520 521 ptr += 2; 522 eir_len += 2; 523 524 for (i = 0; uuid16_list[i] != 0; i++) { 525 *ptr++ = (uuid16_list[i] & 0x00ff); 526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 527 } 528 529 /* EIR Data length */ 530 *length = (i * sizeof(u16)) + 1; 531 } 532} 533 534static int update_eir(struct hci_dev *hdev) 535{ 536 struct hci_cp_write_eir cp; 537 538 if (!hdev_is_powered(hdev)) 539 return 0; 540 541 if (!(hdev->features[6] & LMP_EXT_INQ)) 542 return 0; 543 544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 545 return 0; 546 547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 548 return 0; 549 550 memset(&cp, 0, sizeof(cp)); 551 552 create_eir(hdev, cp.data); 553 554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 555 return 0; 556 557 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 558 559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 560} 561 562static u8 get_service_classes(struct hci_dev *hdev) 563{ 564 struct bt_uuid *uuid; 565 u8 val = 0; 566 567 list_for_each_entry(uuid, &hdev->uuids, list) 568 val |= uuid->svc_hint; 569 570 return val; 571} 572 573static int update_class(struct hci_dev *hdev) 574{ 575 u8 cod[3]; 576 int err; 577 578 BT_DBG("%s", hdev->name); 579 580 if (!hdev_is_powered(hdev)) 581 return 0; 582 583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 584 return 0; 585 586 cod[0] = hdev->minor_class; 587 cod[1] = hdev->major_class; 588 cod[2] = get_service_classes(hdev); 589 590 if (memcmp(cod, hdev->dev_class, 3) == 0) 591 return 0; 592 593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 594 if (err == 0) 595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 596 597 return err; 598} 599 600static void service_cache_off(struct work_struct *work) 601{ 602 struct hci_dev *hdev = container_of(work, struct hci_dev, 603 service_cache.work); 604 605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 606 return; 607 608 hci_dev_lock(hdev); 609 610 update_eir(hdev); 611 update_class(hdev); 612 613 hci_dev_unlock(hdev); 614} 615 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 617{ 618 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) 619 return; 620 621 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 622 623 /* Non-mgmt controlled devices get this bit set 624 * implicitly so that pairing works for them, however 625 * for mgmt we require user-space to explicitly enable 626 * it 627 */ 628 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 629} 630 631static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 632 void *data, u16 data_len) 633{ 634 struct mgmt_rp_read_info rp; 635 636 BT_DBG("sock %p %s", sk, hdev->name); 637 638 hci_dev_lock(hdev); 639 640 memset(&rp, 0, sizeof(rp)); 641 642 bacpy(&rp.bdaddr, &hdev->bdaddr); 643 644 rp.version = hdev->hci_ver; 645 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 647 648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 649 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 650 651 memcpy(rp.dev_class, hdev->dev_class, 3); 652 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 654 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 655 656 hci_dev_unlock(hdev); 657 658 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 659 sizeof(rp)); 660} 661 662static void mgmt_pending_free(struct pending_cmd *cmd) 663{ 664 sock_put(cmd->sk); 665 kfree(cmd->param); 666 kfree(cmd); 667} 668 669static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 670 struct hci_dev *hdev, 671 void *data, u16 len) 672{ 673 struct pending_cmd *cmd; 674 675 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 676 if (!cmd) 677 return NULL; 678 679 cmd->opcode = opcode; 680 cmd->index = hdev->id; 681 682 cmd->param = kmalloc(len, GFP_ATOMIC); 683 if (!cmd->param) { 684 kfree(cmd); 685 return NULL; 686 } 687 688 if (data) 689 memcpy(cmd->param, data, len); 690 691 cmd->sk = sk; 692 sock_hold(sk); 693 694 list_add(&cmd->list, &hdev->mgmt_pending); 695 696 return cmd; 697} 698 699static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 700 void (*cb)(struct pending_cmd *cmd, void *data), 701 void *data) 702{ 703 struct list_head *p, *n; 704 705 list_for_each_safe(p, n, &hdev->mgmt_pending) { 706 struct pending_cmd *cmd; 707 708 cmd = list_entry(p, struct pending_cmd, list); 709 710 if (opcode > 0 && cmd->opcode != opcode) 711 continue; 712 713 cb(cmd, data); 714 } 715} 716 717static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 718{ 719 struct pending_cmd *cmd; 720 721 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 722 if (cmd->opcode == opcode) 723 return cmd; 724 } 725 726 return NULL; 727} 728 729static void mgmt_pending_remove(struct pending_cmd *cmd) 730{ 731 list_del(&cmd->list); 732 mgmt_pending_free(cmd); 733} 734 735static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 736{ 737 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 738 739 return cmd_complete(sk, hdev->id, opcode, 0, &settings, 740 sizeof(settings)); 741} 742 743static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 744 u16 len) 745{ 746 struct mgmt_mode *cp = data; 747 struct pending_cmd *cmd; 748 int err; 749 750 BT_DBG("request for %s", hdev->name); 751 752 hci_dev_lock(hdev); 753 754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 755 cancel_delayed_work(&hdev->power_off); 756 757 if (cp->val) { 758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 759 mgmt_powered(hdev, 1); 760 goto failed; 761 } 762 } 763 764 if (!!cp->val == hdev_is_powered(hdev)) { 765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 766 goto failed; 767 } 768 769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 770 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 771 MGMT_STATUS_BUSY); 772 goto failed; 773 } 774 775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 776 if (!cmd) { 777 err = -ENOMEM; 778 goto failed; 779 } 780 781 if (cp->val) 782 schedule_work(&hdev->power_on); 783 else 784 schedule_work(&hdev->power_off.work); 785 786 err = 0; 787 788failed: 789 hci_dev_unlock(hdev); 790 return err; 791} 792 793static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 794 u16 data_len, struct sock *skip_sk) 795{ 796 struct sk_buff *skb; 797 struct mgmt_hdr *hdr; 798 799 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 800 if (!skb) 801 return -ENOMEM; 802 803 hdr = (void *) skb_put(skb, sizeof(*hdr)); 804 hdr->opcode = cpu_to_le16(event); 805 if (hdev) 806 hdr->index = cpu_to_le16(hdev->id); 807 else 808 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 809 hdr->len = cpu_to_le16(data_len); 810 811 if (data) 812 memcpy(skb_put(skb, data_len), data, data_len); 813 814 /* Time stamp */ 815 __net_timestamp(skb); 816 817 hci_send_to_control(skb, skip_sk); 818 kfree_skb(skb); 819 820 return 0; 821} 822 823static int new_settings(struct hci_dev *hdev, struct sock *skip) 824{ 825 __le32 ev; 826 827 ev = cpu_to_le32(get_current_settings(hdev)); 828 829 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip); 830} 831 832static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 833 u16 len) 834{ 835 struct mgmt_cp_set_discoverable *cp = data; 836 struct pending_cmd *cmd; 837 u16 timeout; 838 u8 scan; 839 int err; 840 841 BT_DBG("request for %s", hdev->name); 842 843 timeout = get_unaligned_le16(&cp->timeout); 844 if (!cp->val && timeout > 0) 845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 846 MGMT_STATUS_INVALID_PARAMS); 847 848 hci_dev_lock(hdev); 849 850 if (!hdev_is_powered(hdev) && timeout > 0) { 851 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 852 MGMT_STATUS_NOT_POWERED); 853 goto failed; 854 } 855 856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 859 MGMT_STATUS_BUSY); 860 goto failed; 861 } 862 863 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) { 864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 865 MGMT_STATUS_REJECTED); 866 goto failed; 867 } 868 869 if (!hdev_is_powered(hdev)) { 870 bool changed = false; 871 872 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 873 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 874 changed = true; 875 } 876 877 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 878 if (err < 0) 879 goto failed; 880 881 if (changed) 882 err = new_settings(hdev, sk); 883 884 goto failed; 885 } 886 887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 888 if (hdev->discov_timeout > 0) { 889 cancel_delayed_work(&hdev->discov_off); 890 hdev->discov_timeout = 0; 891 } 892 893 if (cp->val && timeout > 0) { 894 hdev->discov_timeout = timeout; 895 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 896 msecs_to_jiffies(hdev->discov_timeout * 1000)); 897 } 898 899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 900 goto failed; 901 } 902 903 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 904 if (!cmd) { 905 err = -ENOMEM; 906 goto failed; 907 } 908 909 scan = SCAN_PAGE; 910 911 if (cp->val) 912 scan |= SCAN_INQUIRY; 913 else 914 cancel_delayed_work(&hdev->discov_off); 915 916 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 917 if (err < 0) 918 mgmt_pending_remove(cmd); 919 920 if (cp->val) 921 hdev->discov_timeout = timeout; 922 923failed: 924 hci_dev_unlock(hdev); 925 return err; 926} 927 928static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 929 u16 len) 930{ 931 struct mgmt_mode *cp = data; 932 struct pending_cmd *cmd; 933 u8 scan; 934 int err; 935 936 BT_DBG("request for %s", hdev->name); 937 938 hci_dev_lock(hdev); 939 940 if (!hdev_is_powered(hdev)) { 941 bool changed = false; 942 943 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 944 changed = true; 945 946 if (cp->val) { 947 set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 948 } else { 949 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 950 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 951 } 952 953 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 954 if (err < 0) 955 goto failed; 956 957 if (changed) 958 err = new_settings(hdev, sk); 959 960 goto failed; 961 } 962 963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 966 MGMT_STATUS_BUSY); 967 goto failed; 968 } 969 970 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 971 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 972 goto failed; 973 } 974 975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 976 if (!cmd) { 977 err = -ENOMEM; 978 goto failed; 979 } 980 981 if (cp->val) { 982 scan = SCAN_PAGE; 983 } else { 984 scan = 0; 985 986 if (test_bit(HCI_ISCAN, &hdev->flags) && 987 hdev->discov_timeout > 0) 988 cancel_delayed_work(&hdev->discov_off); 989 } 990 991 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 992 if (err < 0) 993 mgmt_pending_remove(cmd); 994 995failed: 996 hci_dev_unlock(hdev); 997 return err; 998} 999 1000static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, 1001 u16 len) 1002{ 1003 struct mgmt_mode *cp = data; 1004 int err; 1005 1006 BT_DBG("request for %s", hdev->name); 1007 1008 hci_dev_lock(hdev); 1009 1010 if (cp->val) 1011 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1012 else 1013 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1014 1015 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1016 if (err < 0) 1017 goto failed; 1018 1019 err = new_settings(hdev, sk); 1020 1021failed: 1022 hci_dev_unlock(hdev); 1023 return err; 1024} 1025 1026static int set_link_security(struct sock *sk, struct hci_dev *hdev, 1027 void *data, u16 len) 1028{ 1029 struct mgmt_mode *cp = data; 1030 struct pending_cmd *cmd; 1031 u8 val; 1032 int err; 1033 1034 BT_DBG("request for %s", hdev->name); 1035 1036 hci_dev_lock(hdev); 1037 1038 if (!hdev_is_powered(hdev)) { 1039 bool changed = false; 1040 1041 if (!!cp->val != test_bit(HCI_LINK_SECURITY, 1042 &hdev->dev_flags)) { 1043 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 1044 changed = true; 1045 } 1046 1047 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1048 if (err < 0) 1049 goto failed; 1050 1051 if (changed) 1052 err = new_settings(hdev, sk); 1053 1054 goto failed; 1055 } 1056 1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1059 MGMT_STATUS_BUSY); 1060 goto failed; 1061 } 1062 1063 val = !!cp->val; 1064 1065 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1066 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1067 goto failed; 1068 } 1069 1070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1071 if (!cmd) { 1072 err = -ENOMEM; 1073 goto failed; 1074 } 1075 1076 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1077 if (err < 0) { 1078 mgmt_pending_remove(cmd); 1079 goto failed; 1080 } 1081 1082failed: 1083 hci_dev_unlock(hdev); 1084 return err; 1085} 1086 1087static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1088{ 1089 struct mgmt_mode *cp = data; 1090 struct pending_cmd *cmd; 1091 u8 val; 1092 int err; 1093 1094 BT_DBG("request for %s", hdev->name); 1095 1096 hci_dev_lock(hdev); 1097 1098 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1100 MGMT_STATUS_NOT_SUPPORTED); 1101 goto failed; 1102 } 1103 1104 val = !!cp->val; 1105 1106 if (!hdev_is_powered(hdev)) { 1107 bool changed = false; 1108 1109 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1110 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 1111 changed = true; 1112 } 1113 1114 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1115 if (err < 0) 1116 goto failed; 1117 1118 if (changed) 1119 err = new_settings(hdev, sk); 1120 1121 goto failed; 1122 } 1123 1124 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) { 1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1126 MGMT_STATUS_BUSY); 1127 goto failed; 1128 } 1129 1130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) { 1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1132 goto failed; 1133 } 1134 1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1136 if (!cmd) { 1137 err = -ENOMEM; 1138 goto failed; 1139 } 1140 1141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val); 1142 if (err < 0) { 1143 mgmt_pending_remove(cmd); 1144 goto failed; 1145 } 1146 1147failed: 1148 hci_dev_unlock(hdev); 1149 return err; 1150} 1151 1152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1153{ 1154 struct mgmt_mode *cp = data; 1155 1156 BT_DBG("request for %s", hdev->name); 1157 1158 if (!enable_hs) 1159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1160 MGMT_STATUS_NOT_SUPPORTED); 1161 1162 if (cp->val) 1163 set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1164 else 1165 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1166 1167 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1168} 1169 1170static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1171{ 1172 struct mgmt_mode *cp = data; 1173 struct hci_cp_write_le_host_supported hci_cp; 1174 struct pending_cmd *cmd; 1175 int err; 1176 u8 val, enabled; 1177 1178 BT_DBG("request for %s", hdev->name); 1179 1180 hci_dev_lock(hdev); 1181 1182 if (!enable_le || !(hdev->features[4] & LMP_LE)) { 1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1184 MGMT_STATUS_NOT_SUPPORTED); 1185 goto unlock; 1186 } 1187 1188 val = !!cp->val; 1189 enabled = !!(hdev->host_features[0] & LMP_HOST_LE); 1190 1191 if (!hdev_is_powered(hdev) || val == enabled) { 1192 bool changed = false; 1193 1194 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1195 change_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1196 changed = true; 1197 } 1198 1199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1200 if (err < 0) 1201 goto unlock; 1202 1203 if (changed) 1204 err = new_settings(hdev, sk); 1205 1206 goto unlock; 1207 } 1208 1209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1211 MGMT_STATUS_BUSY); 1212 goto unlock; 1213 } 1214 1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1216 if (!cmd) { 1217 err = -ENOMEM; 1218 goto unlock; 1219 } 1220 1221 memset(&hci_cp, 0, sizeof(hci_cp)); 1222 1223 if (val) { 1224 hci_cp.le = val; 1225 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 1226 } 1227 1228 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, 1229 sizeof(hci_cp), &hci_cp); 1230 if (err < 0) { 1231 mgmt_pending_remove(cmd); 1232 goto unlock; 1233 } 1234 1235unlock: 1236 hci_dev_unlock(hdev); 1237 return err; 1238} 1239 1240static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1241{ 1242 struct mgmt_cp_add_uuid *cp = data; 1243 struct pending_cmd *cmd; 1244 struct bt_uuid *uuid; 1245 int err; 1246 1247 BT_DBG("request for %s", hdev->name); 1248 1249 hci_dev_lock(hdev); 1250 1251 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1253 MGMT_STATUS_BUSY); 1254 goto failed; 1255 } 1256 1257 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1258 if (!uuid) { 1259 err = -ENOMEM; 1260 goto failed; 1261 } 1262 1263 memcpy(uuid->uuid, cp->uuid, 16); 1264 uuid->svc_hint = cp->svc_hint; 1265 1266 list_add(&uuid->list, &hdev->uuids); 1267 1268 err = update_class(hdev); 1269 if (err < 0) 1270 goto failed; 1271 1272 err = update_eir(hdev); 1273 if (err < 0) 1274 goto failed; 1275 1276 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1278 hdev->dev_class, 3); 1279 goto failed; 1280 } 1281 1282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1283 if (!cmd) { 1284 err = -ENOMEM; 1285 goto failed; 1286 } 1287 1288failed: 1289 hci_dev_unlock(hdev); 1290 return err; 1291} 1292 1293static bool enable_service_cache(struct hci_dev *hdev) 1294{ 1295 if (!hdev_is_powered(hdev)) 1296 return false; 1297 1298 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1299 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT); 1300 return true; 1301 } 1302 1303 return false; 1304} 1305 1306static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1307 u16 len) 1308{ 1309 struct mgmt_cp_remove_uuid *cp = data; 1310 struct pending_cmd *cmd; 1311 struct list_head *p, *n; 1312 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1313 int err, found; 1314 1315 BT_DBG("request for %s", hdev->name); 1316 1317 hci_dev_lock(hdev); 1318 1319 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1320 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1321 MGMT_STATUS_BUSY); 1322 goto unlock; 1323 } 1324 1325 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1326 err = hci_uuids_clear(hdev); 1327 1328 if (enable_service_cache(hdev)) { 1329 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1330 0, hdev->dev_class, 3); 1331 goto unlock; 1332 } 1333 1334 goto update_class; 1335 } 1336 1337 found = 0; 1338 1339 list_for_each_safe(p, n, &hdev->uuids) { 1340 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 1341 1342 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1343 continue; 1344 1345 list_del(&match->list); 1346 found++; 1347 } 1348 1349 if (found == 0) { 1350 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1351 MGMT_STATUS_INVALID_PARAMS); 1352 goto unlock; 1353 } 1354 1355update_class: 1356 err = update_class(hdev); 1357 if (err < 0) 1358 goto unlock; 1359 1360 err = update_eir(hdev); 1361 if (err < 0) 1362 goto unlock; 1363 1364 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 1366 hdev->dev_class, 3); 1367 goto unlock; 1368 } 1369 1370 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 1371 if (!cmd) { 1372 err = -ENOMEM; 1373 goto unlock; 1374 } 1375 1376unlock: 1377 hci_dev_unlock(hdev); 1378 return err; 1379} 1380 1381static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 1382 u16 len) 1383{ 1384 struct mgmt_cp_set_dev_class *cp = data; 1385 struct pending_cmd *cmd; 1386 int err; 1387 1388 BT_DBG("request for %s", hdev->name); 1389 1390 hci_dev_lock(hdev); 1391 1392 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1394 MGMT_STATUS_BUSY); 1395 goto unlock; 1396 } 1397 1398 hdev->major_class = cp->major; 1399 hdev->minor_class = cp->minor; 1400 1401 if (!hdev_is_powered(hdev)) { 1402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1403 hdev->dev_class, 3); 1404 goto unlock; 1405 } 1406 1407 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1408 hci_dev_unlock(hdev); 1409 cancel_delayed_work_sync(&hdev->service_cache); 1410 hci_dev_lock(hdev); 1411 update_eir(hdev); 1412 } 1413 1414 err = update_class(hdev); 1415 if (err < 0) 1416 goto unlock; 1417 1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1420 hdev->dev_class, 3); 1421 goto unlock; 1422 } 1423 1424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 1425 if (!cmd) { 1426 err = -ENOMEM; 1427 goto unlock; 1428 } 1429 1430unlock: 1431 hci_dev_unlock(hdev); 1432 return err; 1433} 1434 1435static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 1436 u16 len) 1437{ 1438 struct mgmt_cp_load_link_keys *cp = data; 1439 u16 key_count, expected_len; 1440 int i; 1441 1442 key_count = get_unaligned_le16(&cp->key_count); 1443 1444 expected_len = sizeof(*cp) + key_count * 1445 sizeof(struct mgmt_link_key_info); 1446 if (expected_len != len) { 1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1448 len, expected_len); 1449 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1450 MGMT_STATUS_INVALID_PARAMS); 1451 } 1452 1453 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 1454 key_count); 1455 1456 hci_dev_lock(hdev); 1457 1458 hci_link_keys_clear(hdev); 1459 1460 set_bit(HCI_LINK_KEYS, &hdev->dev_flags); 1461 1462 if (cp->debug_keys) 1463 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1464 else 1465 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1466 1467 for (i = 0; i < key_count; i++) { 1468 struct mgmt_link_key_info *key = &cp->keys[i]; 1469 1470 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val, 1471 key->type, key->pin_len); 1472 } 1473 1474 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 1475 1476 hci_dev_unlock(hdev); 1477 1478 return 0; 1479} 1480 1481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 1482 u8 addr_type, struct sock *skip_sk) 1483{ 1484 struct mgmt_ev_device_unpaired ev; 1485 1486 bacpy(&ev.addr.bdaddr, bdaddr); 1487 ev.addr.type = addr_type; 1488 1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 1490 skip_sk); 1491} 1492 1493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1494 u16 len) 1495{ 1496 struct mgmt_cp_unpair_device *cp = data; 1497 struct mgmt_rp_unpair_device rp; 1498 struct hci_cp_disconnect dc; 1499 struct pending_cmd *cmd; 1500 struct hci_conn *conn; 1501 int err; 1502 1503 hci_dev_lock(hdev); 1504 1505 memset(&rp, 0, sizeof(rp)); 1506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1507 rp.addr.type = cp->addr.type; 1508 1509 if (!hdev_is_powered(hdev)) { 1510 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1511 MGMT_STATUS_NOT_POWERED, 1512 &rp, sizeof(rp)); 1513 goto unlock; 1514 } 1515 1516 if (cp->addr.type == MGMT_ADDR_BREDR) 1517 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 1518 else 1519 err = hci_remove_ltk(hdev, &cp->addr.bdaddr); 1520 1521 if (err < 0) { 1522 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1523 MGMT_STATUS_NOT_PAIRED, 1524 &rp, sizeof(rp)); 1525 goto unlock; 1526 } 1527 1528 if (cp->disconnect) { 1529 if (cp->addr.type == MGMT_ADDR_BREDR) 1530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 1531 &cp->addr.bdaddr); 1532 else 1533 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, 1534 &cp->addr.bdaddr); 1535 } else { 1536 conn = NULL; 1537 } 1538 1539 if (!conn) { 1540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 1541 &rp, sizeof(rp)); 1542 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 1543 goto unlock; 1544 } 1545 1546 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 1547 sizeof(*cp)); 1548 if (!cmd) { 1549 err = -ENOMEM; 1550 goto unlock; 1551 } 1552 1553 put_unaligned_le16(conn->handle, &dc.handle); 1554 dc.reason = 0x13; /* Remote User Terminated Connection */ 1555 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1556 if (err < 0) 1557 mgmt_pending_remove(cmd); 1558 1559unlock: 1560 hci_dev_unlock(hdev); 1561 return err; 1562} 1563 1564static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 1565 u16 len) 1566{ 1567 struct mgmt_cp_disconnect *cp = data; 1568 struct hci_cp_disconnect dc; 1569 struct pending_cmd *cmd; 1570 struct hci_conn *conn; 1571 int err; 1572 1573 BT_DBG(""); 1574 1575 hci_dev_lock(hdev); 1576 1577 if (!test_bit(HCI_UP, &hdev->flags)) { 1578 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1579 MGMT_STATUS_NOT_POWERED); 1580 goto failed; 1581 } 1582 1583 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1584 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1585 MGMT_STATUS_BUSY); 1586 goto failed; 1587 } 1588 1589 if (cp->addr.type == MGMT_ADDR_BREDR) 1590 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1591 else 1592 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 1593 1594 if (!conn) { 1595 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1596 MGMT_STATUS_NOT_CONNECTED); 1597 goto failed; 1598 } 1599 1600 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1601 if (!cmd) { 1602 err = -ENOMEM; 1603 goto failed; 1604 } 1605 1606 put_unaligned_le16(conn->handle, &dc.handle); 1607 dc.reason = 0x13; /* Remote User Terminated Connection */ 1608 1609 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1610 if (err < 0) 1611 mgmt_pending_remove(cmd); 1612 1613failed: 1614 hci_dev_unlock(hdev); 1615 return err; 1616} 1617 1618static u8 link_to_mgmt(u8 link_type, u8 addr_type) 1619{ 1620 switch (link_type) { 1621 case LE_LINK: 1622 switch (addr_type) { 1623 case ADDR_LE_DEV_PUBLIC: 1624 return MGMT_ADDR_LE_PUBLIC; 1625 case ADDR_LE_DEV_RANDOM: 1626 return MGMT_ADDR_LE_RANDOM; 1627 default: 1628 return MGMT_ADDR_INVALID; 1629 } 1630 case ACL_LINK: 1631 return MGMT_ADDR_BREDR; 1632 default: 1633 return MGMT_ADDR_INVALID; 1634 } 1635} 1636 1637static int get_connections(struct sock *sk, struct hci_dev *hdev, 1638 void *data, u16 data_len) 1639{ 1640 struct mgmt_rp_get_connections *rp; 1641 struct hci_conn *c; 1642 size_t rp_len; 1643 int err; 1644 u16 i; 1645 1646 BT_DBG(""); 1647 1648 hci_dev_lock(hdev); 1649 1650 if (!hdev_is_powered(hdev)) { 1651 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 1652 MGMT_STATUS_NOT_POWERED); 1653 goto unlock; 1654 } 1655 1656 i = 0; 1657 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1658 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1659 i++; 1660 } 1661 1662 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1663 rp = kmalloc(rp_len, GFP_ATOMIC); 1664 if (!rp) { 1665 err = -ENOMEM; 1666 goto unlock; 1667 } 1668 1669 i = 0; 1670 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1671 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1672 continue; 1673 bacpy(&rp->addr[i].bdaddr, &c->dst); 1674 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1675 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1676 continue; 1677 i++; 1678 } 1679 1680 put_unaligned_le16(i, &rp->conn_count); 1681 1682 /* Recalculate length in case of filtered SCO connections, etc */ 1683 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1684 1685 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 1686 rp_len); 1687 1688 kfree(rp); 1689 1690unlock: 1691 hci_dev_unlock(hdev); 1692 return err; 1693} 1694 1695static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 1696 struct mgmt_cp_pin_code_neg_reply *cp) 1697{ 1698 struct pending_cmd *cmd; 1699 int err; 1700 1701 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1702 sizeof(*cp)); 1703 if (!cmd) 1704 return -ENOMEM; 1705 1706 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 1707 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 1708 if (err < 0) 1709 mgmt_pending_remove(cmd); 1710 1711 return err; 1712} 1713 1714static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 1715 u16 len) 1716{ 1717 struct hci_conn *conn; 1718 struct mgmt_cp_pin_code_reply *cp = data; 1719 struct hci_cp_pin_code_reply reply; 1720 struct pending_cmd *cmd; 1721 int err; 1722 1723 BT_DBG(""); 1724 1725 hci_dev_lock(hdev); 1726 1727 if (!hdev_is_powered(hdev)) { 1728 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1729 MGMT_STATUS_NOT_POWERED); 1730 goto failed; 1731 } 1732 1733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1734 if (!conn) { 1735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1736 MGMT_STATUS_NOT_CONNECTED); 1737 goto failed; 1738 } 1739 1740 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1741 struct mgmt_cp_pin_code_neg_reply ncp; 1742 1743 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 1744 1745 BT_ERR("PIN code is not 16 bytes long"); 1746 1747 err = send_pin_code_neg_reply(sk, hdev, &ncp); 1748 if (err >= 0) 1749 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1750 MGMT_STATUS_INVALID_PARAMS); 1751 1752 goto failed; 1753 } 1754 1755 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1756 if (!cmd) { 1757 err = -ENOMEM; 1758 goto failed; 1759 } 1760 1761 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 1762 reply.pin_len = cp->pin_len; 1763 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1764 1765 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1766 if (err < 0) 1767 mgmt_pending_remove(cmd); 1768 1769failed: 1770 hci_dev_unlock(hdev); 1771 return err; 1772} 1773 1774static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 1775 void *data, u16 len) 1776{ 1777 struct mgmt_cp_pin_code_neg_reply *cp = data; 1778 int err; 1779 1780 BT_DBG(""); 1781 1782 hci_dev_lock(hdev); 1783 1784 if (!hdev_is_powered(hdev)) { 1785 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 1786 MGMT_STATUS_NOT_POWERED); 1787 goto failed; 1788 } 1789 1790 err = send_pin_code_neg_reply(sk, hdev, cp); 1791 1792failed: 1793 hci_dev_unlock(hdev); 1794 return err; 1795} 1796 1797static int set_io_capability(struct sock *sk, struct hci_dev *hdev, 1798 void *data, u16 len) 1799{ 1800 struct mgmt_cp_set_io_capability *cp = data; 1801 1802 BT_DBG(""); 1803 1804 hci_dev_lock(hdev); 1805 1806 hdev->io_capability = cp->io_capability; 1807 1808 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1809 hdev->io_capability); 1810 1811 hci_dev_unlock(hdev); 1812 1813 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 1814 NULL, 0); 1815} 1816 1817static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1818{ 1819 struct hci_dev *hdev = conn->hdev; 1820 struct pending_cmd *cmd; 1821 1822 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1823 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1824 continue; 1825 1826 if (cmd->user_data != conn) 1827 continue; 1828 1829 return cmd; 1830 } 1831 1832 return NULL; 1833} 1834 1835static void pairing_complete(struct pending_cmd *cmd, u8 status) 1836{ 1837 struct mgmt_rp_pair_device rp; 1838 struct hci_conn *conn = cmd->user_data; 1839 1840 bacpy(&rp.addr.bdaddr, &conn->dst); 1841 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type); 1842 1843 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status, 1844 &rp, sizeof(rp)); 1845 1846 /* So we don't get further callbacks for this connection */ 1847 conn->connect_cfm_cb = NULL; 1848 conn->security_cfm_cb = NULL; 1849 conn->disconn_cfm_cb = NULL; 1850 1851 hci_conn_put(conn); 1852 1853 mgmt_pending_remove(cmd); 1854} 1855 1856static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1857{ 1858 struct pending_cmd *cmd; 1859 1860 BT_DBG("status %u", status); 1861 1862 cmd = find_pairing(conn); 1863 if (!cmd) 1864 BT_DBG("Unable to find a pending command"); 1865 else 1866 pairing_complete(cmd, mgmt_status(status)); 1867} 1868 1869static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1870 u16 len) 1871{ 1872 struct mgmt_cp_pair_device *cp = data; 1873 struct mgmt_rp_pair_device rp; 1874 struct pending_cmd *cmd; 1875 u8 sec_level, auth_type; 1876 struct hci_conn *conn; 1877 int err; 1878 1879 BT_DBG(""); 1880 1881 hci_dev_lock(hdev); 1882 1883 if (!hdev_is_powered(hdev)) { 1884 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1885 MGMT_STATUS_NOT_POWERED); 1886 goto unlock; 1887 } 1888 1889 sec_level = BT_SECURITY_MEDIUM; 1890 if (cp->io_cap == 0x03) 1891 auth_type = HCI_AT_DEDICATED_BONDING; 1892 else 1893 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1894 1895 if (cp->addr.type == MGMT_ADDR_BREDR) 1896 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level, 1897 auth_type); 1898 else 1899 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level, 1900 auth_type); 1901 1902 memset(&rp, 0, sizeof(rp)); 1903 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1904 rp.addr.type = cp->addr.type; 1905 1906 if (IS_ERR(conn)) { 1907 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1908 MGMT_STATUS_CONNECT_FAILED, 1909 &rp, sizeof(rp)); 1910 goto unlock; 1911 } 1912 1913 if (conn->connect_cfm_cb) { 1914 hci_conn_put(conn); 1915 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1916 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 1917 goto unlock; 1918 } 1919 1920 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1921 if (!cmd) { 1922 err = -ENOMEM; 1923 hci_conn_put(conn); 1924 goto unlock; 1925 } 1926 1927 /* For LE, just connecting isn't a proof that the pairing finished */ 1928 if (cp->addr.type == MGMT_ADDR_BREDR) 1929 conn->connect_cfm_cb = pairing_complete_cb; 1930 1931 conn->security_cfm_cb = pairing_complete_cb; 1932 conn->disconn_cfm_cb = pairing_complete_cb; 1933 conn->io_capability = cp->io_cap; 1934 cmd->user_data = conn; 1935 1936 if (conn->state == BT_CONNECTED && 1937 hci_conn_security(conn, sec_level, auth_type)) 1938 pairing_complete(cmd, 0); 1939 1940 err = 0; 1941 1942unlock: 1943 hci_dev_unlock(hdev); 1944 return err; 1945} 1946 1947static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, 1948 void *data, u16 len) 1949{ 1950 struct mgmt_addr_info *addr = data; 1951 struct pending_cmd *cmd; 1952 struct hci_conn *conn; 1953 int err; 1954 1955 BT_DBG(""); 1956 1957 hci_dev_lock(hdev); 1958 1959 if (!hdev_is_powered(hdev)) { 1960 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1961 MGMT_STATUS_NOT_POWERED); 1962 goto unlock; 1963 } 1964 1965 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev); 1966 if (!cmd) { 1967 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1968 MGMT_STATUS_INVALID_PARAMS); 1969 goto unlock; 1970 } 1971 1972 conn = cmd->user_data; 1973 1974 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 1975 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1976 MGMT_STATUS_INVALID_PARAMS); 1977 goto unlock; 1978 } 1979 1980 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 1981 1982 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 1983 addr, sizeof(*addr)); 1984unlock: 1985 hci_dev_unlock(hdev); 1986 return err; 1987} 1988 1989static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 1990 bdaddr_t *bdaddr, u8 type, u16 mgmt_op, 1991 u16 hci_op, __le32 passkey) 1992{ 1993 struct pending_cmd *cmd; 1994 struct hci_conn *conn; 1995 int err; 1996 1997 hci_dev_lock(hdev); 1998 1999 if (!hdev_is_powered(hdev)) { 2000 err = cmd_status(sk, hdev->id, mgmt_op, 2001 MGMT_STATUS_NOT_POWERED); 2002 goto done; 2003 } 2004 2005 if (type == MGMT_ADDR_BREDR) 2006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 2007 else 2008 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 2009 2010 if (!conn) { 2011 err = cmd_status(sk, hdev->id, mgmt_op, 2012 MGMT_STATUS_NOT_CONNECTED); 2013 goto done; 2014 } 2015 2016 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) { 2017 /* Continue with pairing via SMP */ 2018 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2019 2020 if (!err) 2021 err = cmd_status(sk, hdev->id, mgmt_op, 2022 MGMT_STATUS_SUCCESS); 2023 else 2024 err = cmd_status(sk, hdev->id, mgmt_op, 2025 MGMT_STATUS_FAILED); 2026 2027 goto done; 2028 } 2029 2030 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 2031 if (!cmd) { 2032 err = -ENOMEM; 2033 goto done; 2034 } 2035 2036 /* Continue with pairing via HCI */ 2037 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2038 struct hci_cp_user_passkey_reply cp; 2039 2040 bacpy(&cp.bdaddr, bdaddr); 2041 cp.passkey = passkey; 2042 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2043 } else 2044 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 2045 2046 if (err < 0) 2047 mgmt_pending_remove(cmd); 2048 2049done: 2050 hci_dev_unlock(hdev); 2051 return err; 2052} 2053 2054static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, 2055 void *data, u16 len) 2056{ 2057 struct mgmt_cp_user_confirm_reply *cp = data; 2058 2059 BT_DBG(""); 2060 2061 if (len != sizeof(*cp)) 2062 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2063 MGMT_STATUS_INVALID_PARAMS); 2064 2065 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2066 MGMT_OP_USER_CONFIRM_REPLY, 2067 HCI_OP_USER_CONFIRM_REPLY, 0); 2068} 2069 2070static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2071 void *data, u16 len) 2072{ 2073 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2074 2075 BT_DBG(""); 2076 2077 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2078 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2079 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2080} 2081 2082static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, 2083 void *data, u16 len) 2084{ 2085 struct mgmt_cp_user_passkey_reply *cp = data; 2086 2087 BT_DBG(""); 2088 2089 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2090 MGMT_OP_USER_PASSKEY_REPLY, 2091 HCI_OP_USER_PASSKEY_REPLY, 2092 cp->passkey); 2093} 2094 2095static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 2096 void *data, u16 len) 2097{ 2098 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2099 2100 BT_DBG(""); 2101 2102 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2103 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2104 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2105} 2106 2107static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 2108 u16 len) 2109{ 2110 struct mgmt_cp_set_local_name *mgmt_cp = data; 2111 struct hci_cp_write_local_name hci_cp; 2112 struct pending_cmd *cmd; 2113 int err; 2114 2115 BT_DBG(""); 2116 2117 hci_dev_lock(hdev); 2118 2119 memcpy(hdev->short_name, mgmt_cp->short_name, 2120 sizeof(hdev->short_name)); 2121 2122 if (!hdev_is_powered(hdev)) { 2123 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name)); 2124 2125 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2126 data, len); 2127 if (err < 0) 2128 goto failed; 2129 2130 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len, 2131 sk); 2132 2133 goto failed; 2134 } 2135 2136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 2137 if (!cmd) { 2138 err = -ENOMEM; 2139 goto failed; 2140 } 2141 2142 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 2143 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 2144 &hci_cp); 2145 if (err < 0) 2146 mgmt_pending_remove(cmd); 2147 2148failed: 2149 hci_dev_unlock(hdev); 2150 return err; 2151} 2152 2153static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 2154 void *data, u16 data_len) 2155{ 2156 struct pending_cmd *cmd; 2157 int err; 2158 2159 BT_DBG("%s", hdev->name); 2160 2161 hci_dev_lock(hdev); 2162 2163 if (!hdev_is_powered(hdev)) { 2164 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2165 MGMT_STATUS_NOT_POWERED); 2166 goto unlock; 2167 } 2168 2169 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 2170 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2171 MGMT_STATUS_NOT_SUPPORTED); 2172 goto unlock; 2173 } 2174 2175 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 2176 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2177 MGMT_STATUS_BUSY); 2178 goto unlock; 2179 } 2180 2181 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 2182 if (!cmd) { 2183 err = -ENOMEM; 2184 goto unlock; 2185 } 2186 2187 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 2188 if (err < 0) 2189 mgmt_pending_remove(cmd); 2190 2191unlock: 2192 hci_dev_unlock(hdev); 2193 return err; 2194} 2195 2196static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2197 void *data, u16 len) 2198{ 2199 struct mgmt_cp_add_remote_oob_data *cp = data; 2200 u8 status; 2201 int err; 2202 2203 BT_DBG("%s ", hdev->name); 2204 2205 hci_dev_lock(hdev); 2206 2207 if (!hdev_is_powered(hdev)) { 2208 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 2209 MGMT_STATUS_NOT_POWERED, 2210 &cp->addr, sizeof(cp->addr)); 2211 goto unlock; 2212 } 2213 2214 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash, 2215 cp->randomizer); 2216 if (err < 0) 2217 status = MGMT_STATUS_FAILED; 2218 else 2219 status = 0; 2220 2221 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status, 2222 &cp->addr, sizeof(cp->addr)); 2223 2224unlock: 2225 hci_dev_unlock(hdev); 2226 return err; 2227} 2228 2229static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2230 void *data, u16 len) 2231{ 2232 struct mgmt_cp_remove_remote_oob_data *cp = data; 2233 u8 status; 2234 int err; 2235 2236 BT_DBG("%s", hdev->name); 2237 2238 hci_dev_lock(hdev); 2239 2240 if (!hdev_is_powered(hdev)) { 2241 err = cmd_complete(sk, hdev->id, 2242 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2243 MGMT_STATUS_NOT_POWERED, 2244 &cp->addr, sizeof(cp->addr)); 2245 goto unlock; 2246 } 2247 2248 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 2249 if (err < 0) 2250 status = MGMT_STATUS_INVALID_PARAMS; 2251 else 2252 status = 0; 2253 2254 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2255 status, &cp->addr, sizeof(cp->addr)); 2256 2257unlock: 2258 hci_dev_unlock(hdev); 2259 return err; 2260} 2261 2262int mgmt_interleaved_discovery(struct hci_dev *hdev) 2263{ 2264 int err; 2265 2266 BT_DBG("%s", hdev->name); 2267 2268 hci_dev_lock(hdev); 2269 2270 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE); 2271 if (err < 0) 2272 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2273 2274 hci_dev_unlock(hdev); 2275 2276 return err; 2277} 2278 2279static int start_discovery(struct sock *sk, struct hci_dev *hdev, 2280 void *data, u16 len) 2281{ 2282 struct mgmt_cp_start_discovery *cp = data; 2283 struct pending_cmd *cmd; 2284 int err; 2285 2286 BT_DBG("%s", hdev->name); 2287 2288 hci_dev_lock(hdev); 2289 2290 if (!hdev_is_powered(hdev)) { 2291 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2292 MGMT_STATUS_NOT_POWERED); 2293 goto failed; 2294 } 2295 2296 if (hdev->discovery.state != DISCOVERY_STOPPED) { 2297 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2298 MGMT_STATUS_BUSY); 2299 goto failed; 2300 } 2301 2302 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 2303 if (!cmd) { 2304 err = -ENOMEM; 2305 goto failed; 2306 } 2307 2308 hdev->discovery.type = cp->type; 2309 2310 switch (hdev->discovery.type) { 2311 case DISCOV_TYPE_BREDR: 2312 if (lmp_bredr_capable(hdev)) 2313 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2314 else 2315 err = -ENOTSUPP; 2316 break; 2317 2318 case DISCOV_TYPE_LE: 2319 if (lmp_host_le_capable(hdev)) 2320 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2321 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2322 else 2323 err = -ENOTSUPP; 2324 break; 2325 2326 case DISCOV_TYPE_INTERLEAVED: 2327 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev)) 2328 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2329 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE); 2330 else 2331 err = -ENOTSUPP; 2332 break; 2333 2334 default: 2335 err = -EINVAL; 2336 } 2337 2338 if (err < 0) 2339 mgmt_pending_remove(cmd); 2340 else 2341 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 2342 2343failed: 2344 hci_dev_unlock(hdev); 2345 return err; 2346} 2347 2348static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 2349 u16 len) 2350{ 2351 struct mgmt_cp_stop_discovery *mgmt_cp = data; 2352 struct pending_cmd *cmd; 2353 struct hci_cp_remote_name_req_cancel cp; 2354 struct inquiry_entry *e; 2355 int err; 2356 2357 BT_DBG("%s", hdev->name); 2358 2359 hci_dev_lock(hdev); 2360 2361 if (!hci_discovery_active(hdev)) { 2362 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2363 MGMT_STATUS_REJECTED, 2364 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2365 goto unlock; 2366 } 2367 2368 if (hdev->discovery.type != mgmt_cp->type) { 2369 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2370 MGMT_STATUS_INVALID_PARAMS, 2371 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2372 goto unlock; 2373 } 2374 2375 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 2376 if (!cmd) { 2377 err = -ENOMEM; 2378 goto unlock; 2379 } 2380 2381 if (hdev->discovery.state == DISCOVERY_FINDING) { 2382 err = hci_cancel_inquiry(hdev); 2383 if (err < 0) 2384 mgmt_pending_remove(cmd); 2385 else 2386 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2387 goto unlock; 2388 } 2389 2390 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING); 2391 if (!e) { 2392 mgmt_pending_remove(cmd); 2393 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0, 2394 &mgmt_cp->type, sizeof(mgmt_cp->type)); 2395 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2396 goto unlock; 2397 } 2398 2399 bacpy(&cp.bdaddr, &e->data.bdaddr); 2400 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 2401 sizeof(cp), &cp); 2402 if (err < 0) 2403 mgmt_pending_remove(cmd); 2404 else 2405 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2406 2407unlock: 2408 hci_dev_unlock(hdev); 2409 return err; 2410} 2411 2412static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 2413 u16 len) 2414{ 2415 struct mgmt_cp_confirm_name *cp = data; 2416 struct inquiry_entry *e; 2417 int err; 2418 2419 BT_DBG("%s", hdev->name); 2420 2421 hci_dev_lock(hdev); 2422 2423 if (!hci_discovery_active(hdev)) { 2424 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2425 MGMT_STATUS_FAILED); 2426 goto failed; 2427 } 2428 2429 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 2430 if (!e) { 2431 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2432 MGMT_STATUS_INVALID_PARAMS); 2433 goto failed; 2434 } 2435 2436 if (cp->name_known) { 2437 e->name_state = NAME_KNOWN; 2438 list_del(&e->list); 2439 } else { 2440 e->name_state = NAME_NEEDED; 2441 hci_inquiry_cache_update_resolve(hdev, e); 2442 } 2443 2444 err = 0; 2445 2446failed: 2447 hci_dev_unlock(hdev); 2448 return err; 2449} 2450 2451static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 2452 u16 len) 2453{ 2454 struct mgmt_cp_block_device *cp = data; 2455 u8 status; 2456 int err; 2457 2458 BT_DBG("%s", hdev->name); 2459 2460 hci_dev_lock(hdev); 2461 2462 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type); 2463 if (err < 0) 2464 status = MGMT_STATUS_FAILED; 2465 else 2466 status = 0; 2467 2468 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 2469 &cp->addr, sizeof(cp->addr)); 2470 2471 hci_dev_unlock(hdev); 2472 2473 return err; 2474} 2475 2476static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 2477 u16 len) 2478{ 2479 struct mgmt_cp_unblock_device *cp = data; 2480 u8 status; 2481 int err; 2482 2483 BT_DBG("%s", hdev->name); 2484 2485 hci_dev_lock(hdev); 2486 2487 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type); 2488 if (err < 0) 2489 status = MGMT_STATUS_INVALID_PARAMS; 2490 else 2491 status = 0; 2492 2493 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 2494 &cp->addr, sizeof(cp->addr)); 2495 2496 hci_dev_unlock(hdev); 2497 2498 return err; 2499} 2500 2501static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 2502 void *data, u16 len) 2503{ 2504 struct mgmt_mode *cp = data; 2505 struct hci_cp_write_page_scan_activity acp; 2506 u8 type; 2507 int err; 2508 2509 BT_DBG("%s", hdev->name); 2510 2511 if (!hdev_is_powered(hdev)) 2512 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2513 MGMT_STATUS_NOT_POWERED); 2514 2515 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2516 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2517 MGMT_STATUS_REJECTED); 2518 2519 hci_dev_lock(hdev); 2520 2521 if (cp->val) { 2522 type = PAGE_SCAN_TYPE_INTERLACED; 2523 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 2524 } else { 2525 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2526 acp.interval = 0x0800; /* default 1.28 sec page scan */ 2527 } 2528 2529 acp.window = 0x0012; /* default 11.25 msec page scan window */ 2530 2531 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2532 sizeof(acp), &acp); 2533 if (err < 0) { 2534 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2535 MGMT_STATUS_FAILED); 2536 goto done; 2537 } 2538 2539 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2540 if (err < 0) { 2541 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2542 MGMT_STATUS_FAILED); 2543 goto done; 2544 } 2545 2546 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0, 2547 NULL, 0); 2548done: 2549 hci_dev_unlock(hdev); 2550 return err; 2551} 2552 2553static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 2554 void *cp_data, u16 len) 2555{ 2556 struct mgmt_cp_load_long_term_keys *cp = cp_data; 2557 u16 key_count, expected_len; 2558 int i; 2559 2560 key_count = get_unaligned_le16(&cp->key_count); 2561 2562 expected_len = sizeof(*cp) + key_count * 2563 sizeof(struct mgmt_ltk_info); 2564 if (expected_len != len) { 2565 BT_ERR("load_keys: expected %u bytes, got %u bytes", 2566 len, expected_len); 2567 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 2568 EINVAL); 2569 } 2570 2571 BT_DBG("%s key_count %u", hdev->name, key_count); 2572 2573 hci_dev_lock(hdev); 2574 2575 hci_smp_ltks_clear(hdev); 2576 2577 for (i = 0; i < key_count; i++) { 2578 struct mgmt_ltk_info *key = &cp->keys[i]; 2579 u8 type; 2580 2581 if (key->master) 2582 type = HCI_SMP_LTK; 2583 else 2584 type = HCI_SMP_LTK_SLAVE; 2585 2586 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type, 2587 type, 0, key->authenticated, key->val, 2588 key->enc_size, key->ediv, key->rand); 2589 } 2590 2591 hci_dev_unlock(hdev); 2592 2593 return 0; 2594} 2595 2596struct mgmt_handler { 2597 int (*func) (struct sock *sk, struct hci_dev *hdev, 2598 void *data, u16 data_len); 2599 bool var_len; 2600 size_t data_len; 2601} mgmt_handlers[] = { 2602 { NULL }, /* 0x0000 (no command) */ 2603 { read_version, false, MGMT_READ_VERSION_SIZE }, 2604 { read_commands, false, MGMT_READ_COMMANDS_SIZE }, 2605 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE }, 2606 { read_controller_info, false, MGMT_READ_INFO_SIZE }, 2607 { set_powered, false, MGMT_SETTING_SIZE }, 2608 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, 2609 { set_connectable, false, MGMT_SETTING_SIZE }, 2610 { set_fast_connectable, false, MGMT_SETTING_SIZE }, 2611 { set_pairable, false, MGMT_SETTING_SIZE }, 2612 { set_link_security, false, MGMT_SETTING_SIZE }, 2613 { set_ssp, false, MGMT_SETTING_SIZE }, 2614 { set_hs, false, MGMT_SETTING_SIZE }, 2615 { set_le, false, MGMT_SETTING_SIZE }, 2616 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE }, 2617 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE }, 2618 { add_uuid, false, MGMT_ADD_UUID_SIZE }, 2619 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE }, 2620 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE }, 2621 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE }, 2622 { disconnect, false, MGMT_DISCONNECT_SIZE }, 2623 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE }, 2624 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE }, 2625 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 2626 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE }, 2627 { pair_device, false, MGMT_PAIR_DEVICE_SIZE }, 2628 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 2629 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE }, 2630 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE }, 2631 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 2632 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, 2633 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 2634 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 2635 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, 2636 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 2637 { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, 2638 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, 2639 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE }, 2640 { block_device, false, MGMT_BLOCK_DEVICE_SIZE }, 2641 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE }, 2642}; 2643 2644 2645int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2646{ 2647 void *buf; 2648 u8 *cp; 2649 struct mgmt_hdr *hdr; 2650 u16 opcode, index, len; 2651 struct hci_dev *hdev = NULL; 2652 struct mgmt_handler *handler; 2653 int err; 2654 2655 BT_DBG("got %zu bytes", msglen); 2656 2657 if (msglen < sizeof(*hdr)) 2658 return -EINVAL; 2659 2660 buf = kmalloc(msglen, GFP_KERNEL); 2661 if (!buf) 2662 return -ENOMEM; 2663 2664 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2665 err = -EFAULT; 2666 goto done; 2667 } 2668 2669 hdr = buf; 2670 opcode = get_unaligned_le16(&hdr->opcode); 2671 index = get_unaligned_le16(&hdr->index); 2672 len = get_unaligned_le16(&hdr->len); 2673 2674 if (len != msglen - sizeof(*hdr)) { 2675 err = -EINVAL; 2676 goto done; 2677 } 2678 2679 if (index != MGMT_INDEX_NONE) { 2680 hdev = hci_dev_get(index); 2681 if (!hdev) { 2682 err = cmd_status(sk, index, opcode, 2683 MGMT_STATUS_INVALID_INDEX); 2684 goto done; 2685 } 2686 } 2687 2688 if (opcode >= ARRAY_SIZE(mgmt_handlers) || 2689 mgmt_handlers[opcode].func == NULL) { 2690 BT_DBG("Unknown op %u", opcode); 2691 err = cmd_status(sk, index, opcode, 2692 MGMT_STATUS_UNKNOWN_COMMAND); 2693 goto done; 2694 } 2695 2696 if ((hdev && opcode < MGMT_OP_READ_INFO) || 2697 (!hdev && opcode >= MGMT_OP_READ_INFO)) { 2698 err = cmd_status(sk, index, opcode, 2699 MGMT_STATUS_INVALID_INDEX); 2700 goto done; 2701 } 2702 2703 handler = &mgmt_handlers[opcode]; 2704 2705 if ((handler->var_len && len < handler->data_len) || 2706 (!handler->var_len && len != handler->data_len)) { 2707 err = cmd_status(sk, index, opcode, 2708 MGMT_STATUS_INVALID_PARAMS); 2709 goto done; 2710 } 2711 2712 if (hdev) 2713 mgmt_init_hdev(sk, hdev); 2714 2715 cp = buf + sizeof(*hdr); 2716 2717 err = handler->func(sk, hdev, cp, len); 2718 if (err < 0) 2719 goto done; 2720 2721 err = msglen; 2722 2723done: 2724 if (hdev) 2725 hci_dev_put(hdev); 2726 2727 kfree(buf); 2728 return err; 2729} 2730 2731static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2732{ 2733 u8 *status = data; 2734 2735 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 2736 mgmt_pending_remove(cmd); 2737} 2738 2739int mgmt_index_added(struct hci_dev *hdev) 2740{ 2741 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 2742} 2743 2744int mgmt_index_removed(struct hci_dev *hdev) 2745{ 2746 u8 status = MGMT_STATUS_INVALID_INDEX; 2747 2748 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2749 2750 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 2751} 2752 2753struct cmd_lookup { 2754 struct sock *sk; 2755 struct hci_dev *hdev; 2756 u8 mgmt_status; 2757}; 2758 2759static void settings_rsp(struct pending_cmd *cmd, void *data) 2760{ 2761 struct cmd_lookup *match = data; 2762 2763 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 2764 2765 list_del(&cmd->list); 2766 2767 if (match->sk == NULL) { 2768 match->sk = cmd->sk; 2769 sock_hold(match->sk); 2770 } 2771 2772 mgmt_pending_free(cmd); 2773} 2774 2775int mgmt_powered(struct hci_dev *hdev, u8 powered) 2776{ 2777 struct cmd_lookup match = { NULL, hdev }; 2778 int err; 2779 2780 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2781 return 0; 2782 2783 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2784 2785 if (powered) { 2786 u8 scan = 0; 2787 2788 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2789 scan |= SCAN_PAGE; 2790 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2791 scan |= SCAN_INQUIRY; 2792 2793 if (scan) 2794 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 2795 2796 update_class(hdev); 2797 update_eir(hdev); 2798 } else { 2799 u8 status = MGMT_STATUS_NOT_POWERED; 2800 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2801 } 2802 2803 err = new_settings(hdev, match.sk); 2804 2805 if (match.sk) 2806 sock_put(match.sk); 2807 2808 return err; 2809} 2810 2811int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2812{ 2813 struct cmd_lookup match = { NULL, hdev }; 2814 bool changed = false; 2815 int err = 0; 2816 2817 if (discoverable) { 2818 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2819 changed = true; 2820 } else { 2821 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2822 changed = true; 2823 } 2824 2825 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, 2826 &match); 2827 2828 if (changed) 2829 err = new_settings(hdev, match.sk); 2830 2831 if (match.sk) 2832 sock_put(match.sk); 2833 2834 return err; 2835} 2836 2837int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2838{ 2839 struct cmd_lookup match = { NULL, hdev }; 2840 bool changed = false; 2841 int err = 0; 2842 2843 if (connectable) { 2844 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2845 changed = true; 2846 } else { 2847 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2848 changed = true; 2849 } 2850 2851 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2852 &match); 2853 2854 if (changed) 2855 err = new_settings(hdev, match.sk); 2856 2857 if (match.sk) 2858 sock_put(match.sk); 2859 2860 return err; 2861} 2862 2863int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2864{ 2865 u8 mgmt_err = mgmt_status(status); 2866 2867 if (scan & SCAN_PAGE) 2868 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2869 cmd_status_rsp, &mgmt_err); 2870 2871 if (scan & SCAN_INQUIRY) 2872 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2873 cmd_status_rsp, &mgmt_err); 2874 2875 return 0; 2876} 2877 2878int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2879 u8 persistent) 2880{ 2881 struct mgmt_ev_new_link_key ev; 2882 2883 memset(&ev, 0, sizeof(ev)); 2884 2885 ev.store_hint = persistent; 2886 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2887 ev.key.addr.type = MGMT_ADDR_BREDR; 2888 ev.key.type = key->type; 2889 memcpy(ev.key.val, key->val, 16); 2890 ev.key.pin_len = key->pin_len; 2891 2892 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2893} 2894 2895int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent) 2896{ 2897 struct mgmt_ev_new_long_term_key ev; 2898 2899 memset(&ev, 0, sizeof(ev)); 2900 2901 ev.store_hint = persistent; 2902 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2903 ev.key.addr.type = key->bdaddr_type; 2904 ev.key.authenticated = key->authenticated; 2905 ev.key.enc_size = key->enc_size; 2906 ev.key.ediv = key->ediv; 2907 2908 if (key->type == HCI_SMP_LTK) 2909 ev.key.master = 1; 2910 2911 memcpy(ev.key.rand, key->rand, sizeof(key->rand)); 2912 memcpy(ev.key.val, key->val, sizeof(key->val)); 2913 2914 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, 2915 &ev, sizeof(ev), NULL); 2916} 2917 2918int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2919 u8 addr_type, u32 flags, u8 *name, 2920 u8 name_len, u8 *dev_class) 2921{ 2922 char buf[512]; 2923 struct mgmt_ev_device_connected *ev = (void *) buf; 2924 u16 eir_len = 0; 2925 2926 bacpy(&ev->addr.bdaddr, bdaddr); 2927 ev->addr.type = link_to_mgmt(link_type, addr_type); 2928 2929 ev->flags = __cpu_to_le32(flags); 2930 2931 if (name_len > 0) 2932 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 2933 name, name_len); 2934 2935 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 2936 eir_len = eir_append_data(&ev->eir[eir_len], eir_len, 2937 EIR_CLASS_OF_DEV, dev_class, 3); 2938 2939 put_unaligned_le16(eir_len, &ev->eir_len); 2940 2941 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 2942 sizeof(*ev) + eir_len, NULL); 2943} 2944 2945static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2946{ 2947 struct mgmt_cp_disconnect *cp = cmd->param; 2948 struct sock **sk = data; 2949 struct mgmt_rp_disconnect rp; 2950 2951 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2952 rp.addr.type = cp->addr.type; 2953 2954 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp, 2955 sizeof(rp)); 2956 2957 *sk = cmd->sk; 2958 sock_hold(*sk); 2959 2960 mgmt_pending_remove(cmd); 2961} 2962 2963static void unpair_device_rsp(struct pending_cmd *cmd, void *data) 2964{ 2965 struct hci_dev *hdev = data; 2966 struct mgmt_cp_unpair_device *cp = cmd->param; 2967 struct mgmt_rp_unpair_device rp; 2968 2969 memset(&rp, 0, sizeof(rp)); 2970 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2971 rp.addr.type = cp->addr.type; 2972 2973 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 2974 2975 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 2976 2977 mgmt_pending_remove(cmd); 2978} 2979 2980int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 2981 u8 link_type, u8 addr_type) 2982{ 2983 struct mgmt_addr_info ev; 2984 struct sock *sk = NULL; 2985 int err; 2986 2987 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 2988 2989 bacpy(&ev.bdaddr, bdaddr); 2990 ev.type = link_to_mgmt(link_type, addr_type); 2991 2992 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 2993 sk); 2994 2995 if (sk) 2996 sock_put(sk); 2997 2998 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 2999 hdev); 3000 3001 return err; 3002} 3003 3004int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 3005 u8 link_type, u8 addr_type, u8 status) 3006{ 3007 struct mgmt_rp_disconnect rp; 3008 struct pending_cmd *cmd; 3009 int err; 3010 3011 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3012 if (!cmd) 3013 return -ENOENT; 3014 3015 bacpy(&rp.addr.bdaddr, bdaddr); 3016 rp.addr.type = link_to_mgmt(link_type, addr_type); 3017 3018 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 3019 mgmt_status(status), &rp, sizeof(rp)); 3020 3021 mgmt_pending_remove(cmd); 3022 3023 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3024 hdev); 3025 return err; 3026} 3027 3028int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3029 u8 addr_type, u8 status) 3030{ 3031 struct mgmt_ev_connect_failed ev; 3032 3033 bacpy(&ev.addr.bdaddr, bdaddr); 3034 ev.addr.type = link_to_mgmt(link_type, addr_type); 3035 ev.status = mgmt_status(status); 3036 3037 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 3038} 3039 3040int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 3041{ 3042 struct mgmt_ev_pin_code_request ev; 3043 3044 bacpy(&ev.addr.bdaddr, bdaddr); 3045 ev.addr.type = MGMT_ADDR_BREDR; 3046 ev.secure = secure; 3047 3048 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 3049 NULL); 3050} 3051 3052int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3053 u8 status) 3054{ 3055 struct pending_cmd *cmd; 3056 struct mgmt_rp_pin_code_reply rp; 3057 int err; 3058 3059 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 3060 if (!cmd) 3061 return -ENOENT; 3062 3063 bacpy(&rp.addr.bdaddr, bdaddr); 3064 rp.addr.type = MGMT_ADDR_BREDR; 3065 3066 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3067 mgmt_status(status), &rp, sizeof(rp)); 3068 3069 mgmt_pending_remove(cmd); 3070 3071 return err; 3072} 3073 3074int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3075 u8 status) 3076{ 3077 struct pending_cmd *cmd; 3078 struct mgmt_rp_pin_code_reply rp; 3079 int err; 3080 3081 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 3082 if (!cmd) 3083 return -ENOENT; 3084 3085 bacpy(&rp.addr.bdaddr, bdaddr); 3086 rp.addr.type = MGMT_ADDR_BREDR; 3087 3088 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 3089 mgmt_status(status), &rp, sizeof(rp)); 3090 3091 mgmt_pending_remove(cmd); 3092 3093 return err; 3094} 3095 3096int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3097 u8 link_type, u8 addr_type, __le32 value, 3098 u8 confirm_hint) 3099{ 3100 struct mgmt_ev_user_confirm_request ev; 3101 3102 BT_DBG("%s", hdev->name); 3103 3104 bacpy(&ev.addr.bdaddr, bdaddr); 3105 ev.addr.type = link_to_mgmt(link_type, addr_type); 3106 ev.confirm_hint = confirm_hint; 3107 put_unaligned_le32(value, &ev.value); 3108 3109 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 3110 NULL); 3111} 3112 3113int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3114 u8 link_type, u8 addr_type) 3115{ 3116 struct mgmt_ev_user_passkey_request ev; 3117 3118 BT_DBG("%s", hdev->name); 3119 3120 bacpy(&ev.addr.bdaddr, bdaddr); 3121 ev.addr.type = link_to_mgmt(link_type, addr_type); 3122 3123 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 3124 NULL); 3125} 3126 3127static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3128 u8 link_type, u8 addr_type, u8 status, 3129 u8 opcode) 3130{ 3131 struct pending_cmd *cmd; 3132 struct mgmt_rp_user_confirm_reply rp; 3133 int err; 3134 3135 cmd = mgmt_pending_find(opcode, hdev); 3136 if (!cmd) 3137 return -ENOENT; 3138 3139 bacpy(&rp.addr.bdaddr, bdaddr); 3140 rp.addr.type = link_to_mgmt(link_type, addr_type); 3141 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status), 3142 &rp, sizeof(rp)); 3143 3144 mgmt_pending_remove(cmd); 3145 3146 return err; 3147} 3148 3149int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3150 u8 link_type, u8 addr_type, u8 status) 3151{ 3152 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3153 status, MGMT_OP_USER_CONFIRM_REPLY); 3154} 3155 3156int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3157 u8 link_type, u8 addr_type, u8 status) 3158{ 3159 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3160 status, MGMT_OP_USER_CONFIRM_NEG_REPLY); 3161} 3162 3163int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3164 u8 link_type, u8 addr_type, u8 status) 3165{ 3166 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3167 status, MGMT_OP_USER_PASSKEY_REPLY); 3168} 3169 3170int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3171 u8 link_type, u8 addr_type, u8 status) 3172{ 3173 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3174 status, MGMT_OP_USER_PASSKEY_NEG_REPLY); 3175} 3176 3177int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3178 u8 addr_type, u8 status) 3179{ 3180 struct mgmt_ev_auth_failed ev; 3181 3182 bacpy(&ev.addr.bdaddr, bdaddr); 3183 ev.addr.type = link_to_mgmt(link_type, addr_type); 3184 ev.status = mgmt_status(status); 3185 3186 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 3187} 3188 3189int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 3190{ 3191 struct cmd_lookup match = { NULL, hdev }; 3192 bool changed = false; 3193 int err = 0; 3194 3195 if (status) { 3196 u8 mgmt_err = mgmt_status(status); 3197 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 3198 cmd_status_rsp, &mgmt_err); 3199 return 0; 3200 } 3201 3202 if (test_bit(HCI_AUTH, &hdev->flags)) { 3203 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3204 changed = true; 3205 } else { 3206 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3207 changed = true; 3208 } 3209 3210 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 3211 &match); 3212 3213 if (changed) 3214 err = new_settings(hdev, match.sk); 3215 3216 if (match.sk) 3217 sock_put(match.sk); 3218 3219 return err; 3220} 3221 3222static int clear_eir(struct hci_dev *hdev) 3223{ 3224 struct hci_cp_write_eir cp; 3225 3226 if (!(hdev->features[6] & LMP_EXT_INQ)) 3227 return 0; 3228 3229 memset(hdev->eir, 0, sizeof(hdev->eir)); 3230 3231 memset(&cp, 0, sizeof(cp)); 3232 3233 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 3234} 3235 3236int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3237{ 3238 struct cmd_lookup match = { NULL, hdev }; 3239 bool changed = false; 3240 int err = 0; 3241 3242 if (status) { 3243 u8 mgmt_err = mgmt_status(status); 3244 3245 if (enable && test_and_clear_bit(HCI_SSP_ENABLED, 3246 &hdev->dev_flags)) 3247 err = new_settings(hdev, NULL); 3248 3249 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, 3250 cmd_status_rsp, &mgmt_err); 3251 3252 return err; 3253 } 3254 3255 if (enable) { 3256 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3257 changed = true; 3258 } else { 3259 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3260 changed = true; 3261 } 3262 3263 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 3264 3265 if (changed) 3266 err = new_settings(hdev, match.sk); 3267 3268 if (match.sk) 3269 sock_put(match.sk); 3270 3271 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3272 update_eir(hdev); 3273 else 3274 clear_eir(hdev); 3275 3276 return err; 3277} 3278 3279static void class_rsp(struct pending_cmd *cmd, void *data) 3280{ 3281 struct cmd_lookup *match = data; 3282 3283 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status, 3284 match->hdev->dev_class, 3); 3285 3286 list_del(&cmd->list); 3287 3288 if (match->sk == NULL) { 3289 match->sk = cmd->sk; 3290 sock_hold(match->sk); 3291 } 3292 3293 mgmt_pending_free(cmd); 3294} 3295 3296int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 3297 u8 status) 3298{ 3299 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 3300 int err = 0; 3301 3302 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 3303 3304 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match); 3305 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match); 3306 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match); 3307 3308 if (!status) 3309 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 3310 dev_class, 3, NULL); 3311 3312 if (match.sk) 3313 sock_put(match.sk); 3314 3315 return err; 3316} 3317 3318int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 3319{ 3320 struct pending_cmd *cmd; 3321 struct mgmt_cp_set_local_name ev; 3322 bool changed = false; 3323 int err = 0; 3324 3325 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) { 3326 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 3327 changed = true; 3328 } 3329 3330 memset(&ev, 0, sizeof(ev)); 3331 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3332 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 3333 3334 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3335 if (!cmd) 3336 goto send_event; 3337 3338 /* Always assume that either the short or the complete name has 3339 * changed if there was a pending mgmt command */ 3340 changed = true; 3341 3342 if (status) { 3343 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3344 mgmt_status(status)); 3345 goto failed; 3346 } 3347 3348 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev, 3349 sizeof(ev)); 3350 if (err < 0) 3351 goto failed; 3352 3353send_event: 3354 if (changed) 3355 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, 3356 sizeof(ev), cmd ? cmd->sk : NULL); 3357 3358 update_eir(hdev); 3359 3360failed: 3361 if (cmd) 3362 mgmt_pending_remove(cmd); 3363 return err; 3364} 3365 3366int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 3367 u8 *randomizer, u8 status) 3368{ 3369 struct pending_cmd *cmd; 3370 int err; 3371 3372 BT_DBG("%s status %u", hdev->name, status); 3373 3374 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3375 if (!cmd) 3376 return -ENOENT; 3377 3378 if (status) { 3379 err = cmd_status(cmd->sk, hdev->id, 3380 MGMT_OP_READ_LOCAL_OOB_DATA, 3381 mgmt_status(status)); 3382 } else { 3383 struct mgmt_rp_read_local_oob_data rp; 3384 3385 memcpy(rp.hash, hash, sizeof(rp.hash)); 3386 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 3387 3388 err = cmd_complete(cmd->sk, hdev->id, 3389 MGMT_OP_READ_LOCAL_OOB_DATA, 3390 0, &rp, sizeof(rp)); 3391 } 3392 3393 mgmt_pending_remove(cmd); 3394 3395 return err; 3396} 3397 3398int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3399{ 3400 struct cmd_lookup match = { NULL, hdev }; 3401 bool changed = false; 3402 int err = 0; 3403 3404 if (status) { 3405 u8 mgmt_err = mgmt_status(status); 3406 3407 if (enable && test_and_clear_bit(HCI_LE_ENABLED, 3408 &hdev->dev_flags)) 3409 err = new_settings(hdev, NULL); 3410 3411 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, 3412 cmd_status_rsp, &mgmt_err); 3413 3414 return err; 3415 } 3416 3417 if (enable) { 3418 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3419 changed = true; 3420 } else { 3421 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3422 changed = true; 3423 } 3424 3425 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 3426 3427 if (changed) 3428 err = new_settings(hdev, match.sk); 3429 3430 if (match.sk) 3431 sock_put(match.sk); 3432 3433 return err; 3434} 3435 3436int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3437 u8 addr_type, u8 *dev_class, s8 rssi, 3438 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len) 3439{ 3440 char buf[512]; 3441 struct mgmt_ev_device_found *ev = (void *) buf; 3442 size_t ev_size; 3443 3444 /* Leave 5 bytes for a potential CoD field */ 3445 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 3446 return -EINVAL; 3447 3448 memset(buf, 0, sizeof(buf)); 3449 3450 bacpy(&ev->addr.bdaddr, bdaddr); 3451 ev->addr.type = link_to_mgmt(link_type, addr_type); 3452 ev->rssi = rssi; 3453 if (cfm_name) 3454 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME; 3455 if (!ssp) 3456 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING; 3457 3458 if (eir_len > 0) 3459 memcpy(ev->eir, eir, eir_len); 3460 3461 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 3462 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 3463 dev_class, 3); 3464 3465 put_unaligned_le16(eir_len, &ev->eir_len); 3466 3467 ev_size = sizeof(*ev) + eir_len; 3468 3469 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3470} 3471 3472int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3473 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 3474{ 3475 struct mgmt_ev_device_found *ev; 3476 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 3477 u16 eir_len; 3478 3479 ev = (struct mgmt_ev_device_found *) buf; 3480 3481 memset(buf, 0, sizeof(buf)); 3482 3483 bacpy(&ev->addr.bdaddr, bdaddr); 3484 ev->addr.type = link_to_mgmt(link_type, addr_type); 3485 ev->rssi = rssi; 3486 3487 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 3488 name_len); 3489 3490 put_unaligned_le16(eir_len, &ev->eir_len); 3491 3492 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, 3493 sizeof(*ev) + eir_len, NULL); 3494} 3495 3496int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3497{ 3498 struct pending_cmd *cmd; 3499 u8 type; 3500 int err; 3501 3502 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3503 3504 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3505 if (!cmd) 3506 return -ENOENT; 3507 3508 type = hdev->discovery.type; 3509 3510 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3511 &type, sizeof(type)); 3512 mgmt_pending_remove(cmd); 3513 3514 return err; 3515} 3516 3517int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 3518{ 3519 struct pending_cmd *cmd; 3520 int err; 3521 3522 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3523 if (!cmd) 3524 return -ENOENT; 3525 3526 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3527 &hdev->discovery.type, 3528 sizeof(hdev->discovery.type)); 3529 mgmt_pending_remove(cmd); 3530 3531 return err; 3532} 3533 3534int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 3535{ 3536 struct mgmt_ev_discovering ev; 3537 struct pending_cmd *cmd; 3538 3539 BT_DBG("%s discovering %u", hdev->name, discovering); 3540 3541 if (discovering) 3542 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3543 else 3544 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3545 3546 if (cmd != NULL) { 3547 u8 type = hdev->discovery.type; 3548 3549 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, 3550 &type, sizeof(type)); 3551 mgmt_pending_remove(cmd); 3552 } 3553 3554 memset(&ev, 0, sizeof(ev)); 3555 ev.type = hdev->discovery.type; 3556 ev.discovering = discovering; 3557 3558 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 3559} 3560 3561int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3562{ 3563 struct pending_cmd *cmd; 3564 struct mgmt_ev_device_blocked ev; 3565 3566 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 3567 3568 bacpy(&ev.addr.bdaddr, bdaddr); 3569 ev.addr.type = type; 3570 3571 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 3572 cmd ? cmd->sk : NULL); 3573} 3574 3575int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3576{ 3577 struct pending_cmd *cmd; 3578 struct mgmt_ev_device_unblocked ev; 3579 3580 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 3581 3582 bacpy(&ev.addr.bdaddr, bdaddr); 3583 ev.addr.type = type; 3584 3585 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 3586 cmd ? cmd->sk : NULL); 3587} 3588 3589module_param(enable_hs, bool, 0644); 3590MODULE_PARM_DESC(enable_hs, "Enable High Speed support"); 3591 3592module_param(enable_le, bool, 0644); 3593MODULE_PARM_DESC(enable_le, "Enable Low Energy support"); 3594