mgmt.c revision a26f3dcff2cf5890f33d883c98d90cdfa51ed460
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/module.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/l2cap.h> 33#include <net/bluetooth/mgmt.h> 34 35#include "smp.h" 36 37#define MGMT_VERSION 1 38#define MGMT_REVISION 7 39 40static const u16 mgmt_commands[] = { 41 MGMT_OP_READ_INDEX_LIST, 42 MGMT_OP_READ_INFO, 43 MGMT_OP_SET_POWERED, 44 MGMT_OP_SET_DISCOVERABLE, 45 MGMT_OP_SET_CONNECTABLE, 46 MGMT_OP_SET_FAST_CONNECTABLE, 47 MGMT_OP_SET_PAIRABLE, 48 MGMT_OP_SET_LINK_SECURITY, 49 MGMT_OP_SET_SSP, 50 MGMT_OP_SET_HS, 51 MGMT_OP_SET_LE, 52 MGMT_OP_SET_DEV_CLASS, 53 MGMT_OP_SET_LOCAL_NAME, 54 MGMT_OP_ADD_UUID, 55 MGMT_OP_REMOVE_UUID, 56 MGMT_OP_LOAD_LINK_KEYS, 57 MGMT_OP_LOAD_LONG_TERM_KEYS, 58 MGMT_OP_DISCONNECT, 59 MGMT_OP_GET_CONNECTIONS, 60 MGMT_OP_PIN_CODE_REPLY, 61 MGMT_OP_PIN_CODE_NEG_REPLY, 62 MGMT_OP_SET_IO_CAPABILITY, 63 MGMT_OP_PAIR_DEVICE, 64 MGMT_OP_CANCEL_PAIR_DEVICE, 65 MGMT_OP_UNPAIR_DEVICE, 66 MGMT_OP_USER_CONFIRM_REPLY, 67 MGMT_OP_USER_CONFIRM_NEG_REPLY, 68 MGMT_OP_USER_PASSKEY_REPLY, 69 MGMT_OP_USER_PASSKEY_NEG_REPLY, 70 MGMT_OP_READ_LOCAL_OOB_DATA, 71 MGMT_OP_ADD_REMOTE_OOB_DATA, 72 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 73 MGMT_OP_START_DISCOVERY, 74 MGMT_OP_STOP_DISCOVERY, 75 MGMT_OP_CONFIRM_NAME, 76 MGMT_OP_BLOCK_DEVICE, 77 MGMT_OP_UNBLOCK_DEVICE, 78 MGMT_OP_SET_DEVICE_ID, 79 MGMT_OP_SET_ADVERTISING, 80 MGMT_OP_SET_BREDR, 81 MGMT_OP_SET_STATIC_ADDRESS, 82 MGMT_OP_SET_SCAN_PARAMS, 83 MGMT_OP_SET_SECURE_CONN, 84 MGMT_OP_SET_DEBUG_KEYS, 85 MGMT_OP_SET_PRIVACY, 86 MGMT_OP_LOAD_IRKS, 87 MGMT_OP_GET_CONN_INFO, 88 MGMT_OP_GET_CLOCK_INFO, 89 MGMT_OP_ADD_DEVICE, 90 MGMT_OP_REMOVE_DEVICE, 91 MGMT_OP_LOAD_CONN_PARAM, 92}; 93 94static const u16 mgmt_events[] = { 95 MGMT_EV_CONTROLLER_ERROR, 96 MGMT_EV_INDEX_ADDED, 97 MGMT_EV_INDEX_REMOVED, 98 MGMT_EV_NEW_SETTINGS, 99 MGMT_EV_CLASS_OF_DEV_CHANGED, 100 MGMT_EV_LOCAL_NAME_CHANGED, 101 MGMT_EV_NEW_LINK_KEY, 102 MGMT_EV_NEW_LONG_TERM_KEY, 103 MGMT_EV_DEVICE_CONNECTED, 104 MGMT_EV_DEVICE_DISCONNECTED, 105 MGMT_EV_CONNECT_FAILED, 106 MGMT_EV_PIN_CODE_REQUEST, 107 MGMT_EV_USER_CONFIRM_REQUEST, 108 MGMT_EV_USER_PASSKEY_REQUEST, 109 MGMT_EV_AUTH_FAILED, 110 MGMT_EV_DEVICE_FOUND, 111 MGMT_EV_DISCOVERING, 112 MGMT_EV_DEVICE_BLOCKED, 113 MGMT_EV_DEVICE_UNBLOCKED, 114 MGMT_EV_DEVICE_UNPAIRED, 115 MGMT_EV_PASSKEY_NOTIFY, 116 MGMT_EV_NEW_IRK, 117 MGMT_EV_NEW_CSRK, 118 MGMT_EV_DEVICE_ADDED, 119 MGMT_EV_DEVICE_REMOVED, 120 MGMT_EV_NEW_CONN_PARAM, 121}; 122 123#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 124 125#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 126 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 127 128struct pending_cmd { 129 struct list_head list; 130 u16 opcode; 131 int index; 132 void *param; 133 struct sock *sk; 134 void *user_data; 135}; 136 137/* HCI to MGMT error code conversion table */ 138static u8 mgmt_status_table[] = { 139 MGMT_STATUS_SUCCESS, 140 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 141 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 142 MGMT_STATUS_FAILED, /* Hardware Failure */ 143 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 144 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 145 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 146 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 147 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 148 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 149 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 150 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 151 MGMT_STATUS_BUSY, /* Command Disallowed */ 152 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 153 MGMT_STATUS_REJECTED, /* Rejected Security */ 154 MGMT_STATUS_REJECTED, /* Rejected Personal */ 155 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 157 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 158 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 159 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 160 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 161 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 162 MGMT_STATUS_BUSY, /* Repeated Attempts */ 163 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 164 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 166 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 167 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 168 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 169 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 170 MGMT_STATUS_FAILED, /* Unspecified Error */ 171 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 172 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 173 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 174 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 175 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 176 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 177 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 178 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 179 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 180 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 181 MGMT_STATUS_FAILED, /* Transaction Collision */ 182 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 183 MGMT_STATUS_REJECTED, /* QoS Rejected */ 184 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 185 MGMT_STATUS_REJECTED, /* Insufficient Security */ 186 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 187 MGMT_STATUS_BUSY, /* Role Switch Pending */ 188 MGMT_STATUS_FAILED, /* Slot Violation */ 189 MGMT_STATUS_FAILED, /* Role Switch Failed */ 190 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 191 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 192 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 193 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 194 MGMT_STATUS_BUSY, /* Controller Busy */ 195 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 196 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 197 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 198 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 199 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 200}; 201 202static u8 mgmt_status(u8 hci_status) 203{ 204 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 205 return mgmt_status_table[hci_status]; 206 207 return MGMT_STATUS_FAILED; 208} 209 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 211{ 212 struct sk_buff *skb; 213 struct mgmt_hdr *hdr; 214 struct mgmt_ev_cmd_status *ev; 215 int err; 216 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 218 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL); 220 if (!skb) 221 return -ENOMEM; 222 223 hdr = (void *) skb_put(skb, sizeof(*hdr)); 224 225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 226 hdr->index = cpu_to_le16(index); 227 hdr->len = cpu_to_le16(sizeof(*ev)); 228 229 ev = (void *) skb_put(skb, sizeof(*ev)); 230 ev->status = status; 231 ev->opcode = cpu_to_le16(cmd); 232 233 err = sock_queue_rcv_skb(sk, skb); 234 if (err < 0) 235 kfree_skb(skb); 236 237 return err; 238} 239 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, 241 void *rp, size_t rp_len) 242{ 243 struct sk_buff *skb; 244 struct mgmt_hdr *hdr; 245 struct mgmt_ev_cmd_complete *ev; 246 int err; 247 248 BT_DBG("sock %p", sk); 249 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL); 251 if (!skb) 252 return -ENOMEM; 253 254 hdr = (void *) skb_put(skb, sizeof(*hdr)); 255 256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 257 hdr->index = cpu_to_le16(index); 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 259 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 261 ev->opcode = cpu_to_le16(cmd); 262 ev->status = status; 263 264 if (rp) 265 memcpy(ev->data, rp, rp_len); 266 267 err = sock_queue_rcv_skb(sk, skb); 268 if (err < 0) 269 kfree_skb(skb); 270 271 return err; 272} 273 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 275 u16 data_len) 276{ 277 struct mgmt_rp_read_version rp; 278 279 BT_DBG("sock %p", sk); 280 281 rp.version = MGMT_VERSION; 282 rp.revision = cpu_to_le16(MGMT_REVISION); 283 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp, 285 sizeof(rp)); 286} 287 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 289 u16 data_len) 290{ 291 struct mgmt_rp_read_commands *rp; 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands); 293 const u16 num_events = ARRAY_SIZE(mgmt_events); 294 __le16 *opcode; 295 size_t rp_size; 296 int i, err; 297 298 BT_DBG("sock %p", sk); 299 300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 301 302 rp = kmalloc(rp_size, GFP_KERNEL); 303 if (!rp) 304 return -ENOMEM; 305 306 rp->num_commands = cpu_to_le16(num_commands); 307 rp->num_events = cpu_to_le16(num_events); 308 309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++) 310 put_unaligned_le16(mgmt_commands[i], opcode); 311 312 for (i = 0; i < num_events; i++, opcode++) 313 put_unaligned_le16(mgmt_events[i], opcode); 314 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp, 316 rp_size); 317 kfree(rp); 318 319 return err; 320} 321 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 323 u16 data_len) 324{ 325 struct mgmt_rp_read_index_list *rp; 326 struct hci_dev *d; 327 size_t rp_len; 328 u16 count; 329 int err; 330 331 BT_DBG("sock %p", sk); 332 333 read_lock(&hci_dev_list_lock); 334 335 count = 0; 336 list_for_each_entry(d, &hci_dev_list, list) { 337 if (d->dev_type == HCI_BREDR) 338 count++; 339 } 340 341 rp_len = sizeof(*rp) + (2 * count); 342 rp = kmalloc(rp_len, GFP_ATOMIC); 343 if (!rp) { 344 read_unlock(&hci_dev_list_lock); 345 return -ENOMEM; 346 } 347 348 count = 0; 349 list_for_each_entry(d, &hci_dev_list, list) { 350 if (test_bit(HCI_SETUP, &d->dev_flags)) 351 continue; 352 353 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags)) 354 continue; 355 356 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 357 continue; 358 359 if (d->dev_type == HCI_BREDR) { 360 rp->index[count++] = cpu_to_le16(d->id); 361 BT_DBG("Added hci%u", d->id); 362 } 363 } 364 365 rp->num_controllers = cpu_to_le16(count); 366 rp_len = sizeof(*rp) + (2 * count); 367 368 read_unlock(&hci_dev_list_lock); 369 370 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 371 rp_len); 372 373 kfree(rp); 374 375 return err; 376} 377 378static u32 get_supported_settings(struct hci_dev *hdev) 379{ 380 u32 settings = 0; 381 382 settings |= MGMT_SETTING_POWERED; 383 settings |= MGMT_SETTING_PAIRABLE; 384 settings |= MGMT_SETTING_DEBUG_KEYS; 385 386 if (lmp_bredr_capable(hdev)) { 387 settings |= MGMT_SETTING_CONNECTABLE; 388 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 389 settings |= MGMT_SETTING_FAST_CONNECTABLE; 390 settings |= MGMT_SETTING_DISCOVERABLE; 391 settings |= MGMT_SETTING_BREDR; 392 settings |= MGMT_SETTING_LINK_SECURITY; 393 394 if (lmp_ssp_capable(hdev)) { 395 settings |= MGMT_SETTING_SSP; 396 settings |= MGMT_SETTING_HS; 397 } 398 399 if (lmp_sc_capable(hdev) || 400 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) 401 settings |= MGMT_SETTING_SECURE_CONN; 402 } 403 404 if (lmp_le_capable(hdev)) { 405 settings |= MGMT_SETTING_LE; 406 settings |= MGMT_SETTING_ADVERTISING; 407 settings |= MGMT_SETTING_PRIVACY; 408 } 409 410 return settings; 411} 412 413static u32 get_current_settings(struct hci_dev *hdev) 414{ 415 u32 settings = 0; 416 417 if (hdev_is_powered(hdev)) 418 settings |= MGMT_SETTING_POWERED; 419 420 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 421 settings |= MGMT_SETTING_CONNECTABLE; 422 423 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) 424 settings |= MGMT_SETTING_FAST_CONNECTABLE; 425 426 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 427 settings |= MGMT_SETTING_DISCOVERABLE; 428 429 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 430 settings |= MGMT_SETTING_PAIRABLE; 431 432 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 433 settings |= MGMT_SETTING_BREDR; 434 435 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 436 settings |= MGMT_SETTING_LE; 437 438 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 439 settings |= MGMT_SETTING_LINK_SECURITY; 440 441 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 442 settings |= MGMT_SETTING_SSP; 443 444 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 445 settings |= MGMT_SETTING_HS; 446 447 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) 448 settings |= MGMT_SETTING_ADVERTISING; 449 450 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) 451 settings |= MGMT_SETTING_SECURE_CONN; 452 453 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) 454 settings |= MGMT_SETTING_DEBUG_KEYS; 455 456 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) 457 settings |= MGMT_SETTING_PRIVACY; 458 459 return settings; 460} 461 462#define PNP_INFO_SVCLASS_ID 0x1200 463 464static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 465{ 466 u8 *ptr = data, *uuids_start = NULL; 467 struct bt_uuid *uuid; 468 469 if (len < 4) 470 return ptr; 471 472 list_for_each_entry(uuid, &hdev->uuids, list) { 473 u16 uuid16; 474 475 if (uuid->size != 16) 476 continue; 477 478 uuid16 = get_unaligned_le16(&uuid->uuid[12]); 479 if (uuid16 < 0x1100) 480 continue; 481 482 if (uuid16 == PNP_INFO_SVCLASS_ID) 483 continue; 484 485 if (!uuids_start) { 486 uuids_start = ptr; 487 uuids_start[0] = 1; 488 uuids_start[1] = EIR_UUID16_ALL; 489 ptr += 2; 490 } 491 492 /* Stop if not enough space to put next UUID */ 493 if ((ptr - data) + sizeof(u16) > len) { 494 uuids_start[1] = EIR_UUID16_SOME; 495 break; 496 } 497 498 *ptr++ = (uuid16 & 0x00ff); 499 *ptr++ = (uuid16 & 0xff00) >> 8; 500 uuids_start[0] += sizeof(uuid16); 501 } 502 503 return ptr; 504} 505 506static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 507{ 508 u8 *ptr = data, *uuids_start = NULL; 509 struct bt_uuid *uuid; 510 511 if (len < 6) 512 return ptr; 513 514 list_for_each_entry(uuid, &hdev->uuids, list) { 515 if (uuid->size != 32) 516 continue; 517 518 if (!uuids_start) { 519 uuids_start = ptr; 520 uuids_start[0] = 1; 521 uuids_start[1] = EIR_UUID32_ALL; 522 ptr += 2; 523 } 524 525 /* Stop if not enough space to put next UUID */ 526 if ((ptr - data) + sizeof(u32) > len) { 527 uuids_start[1] = EIR_UUID32_SOME; 528 break; 529 } 530 531 memcpy(ptr, &uuid->uuid[12], sizeof(u32)); 532 ptr += sizeof(u32); 533 uuids_start[0] += sizeof(u32); 534 } 535 536 return ptr; 537} 538 539static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len) 540{ 541 u8 *ptr = data, *uuids_start = NULL; 542 struct bt_uuid *uuid; 543 544 if (len < 18) 545 return ptr; 546 547 list_for_each_entry(uuid, &hdev->uuids, list) { 548 if (uuid->size != 128) 549 continue; 550 551 if (!uuids_start) { 552 uuids_start = ptr; 553 uuids_start[0] = 1; 554 uuids_start[1] = EIR_UUID128_ALL; 555 ptr += 2; 556 } 557 558 /* Stop if not enough space to put next UUID */ 559 if ((ptr - data) + 16 > len) { 560 uuids_start[1] = EIR_UUID128_SOME; 561 break; 562 } 563 564 memcpy(ptr, uuid->uuid, 16); 565 ptr += 16; 566 uuids_start[0] += 16; 567 } 568 569 return ptr; 570} 571 572static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 573{ 574 struct pending_cmd *cmd; 575 576 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 577 if (cmd->opcode == opcode) 578 return cmd; 579 } 580 581 return NULL; 582} 583 584static struct pending_cmd *mgmt_pending_find_data(u16 opcode, 585 struct hci_dev *hdev, 586 const void *data) 587{ 588 struct pending_cmd *cmd; 589 590 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 591 if (cmd->user_data != data) 592 continue; 593 if (cmd->opcode == opcode) 594 return cmd; 595 } 596 597 return NULL; 598} 599 600static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr) 601{ 602 u8 ad_len = 0; 603 size_t name_len; 604 605 name_len = strlen(hdev->dev_name); 606 if (name_len > 0) { 607 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2; 608 609 if (name_len > max_len) { 610 name_len = max_len; 611 ptr[1] = EIR_NAME_SHORT; 612 } else 613 ptr[1] = EIR_NAME_COMPLETE; 614 615 ptr[0] = name_len + 1; 616 617 memcpy(ptr + 2, hdev->dev_name, name_len); 618 619 ad_len += (name_len + 2); 620 ptr += (name_len + 2); 621 } 622 623 return ad_len; 624} 625 626static void update_scan_rsp_data(struct hci_request *req) 627{ 628 struct hci_dev *hdev = req->hdev; 629 struct hci_cp_le_set_scan_rsp_data cp; 630 u8 len; 631 632 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 633 return; 634 635 memset(&cp, 0, sizeof(cp)); 636 637 len = create_scan_rsp_data(hdev, cp.data); 638 639 if (hdev->scan_rsp_data_len == len && 640 memcmp(cp.data, hdev->scan_rsp_data, len) == 0) 641 return; 642 643 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 644 hdev->scan_rsp_data_len = len; 645 646 cp.length = len; 647 648 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp); 649} 650 651static u8 get_adv_discov_flags(struct hci_dev *hdev) 652{ 653 struct pending_cmd *cmd; 654 655 /* If there's a pending mgmt command the flags will not yet have 656 * their final values, so check for this first. 657 */ 658 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 659 if (cmd) { 660 struct mgmt_mode *cp = cmd->param; 661 if (cp->val == 0x01) 662 return LE_AD_GENERAL; 663 else if (cp->val == 0x02) 664 return LE_AD_LIMITED; 665 } else { 666 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags)) 667 return LE_AD_LIMITED; 668 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 669 return LE_AD_GENERAL; 670 } 671 672 return 0; 673} 674 675static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr) 676{ 677 u8 ad_len = 0, flags = 0; 678 679 flags |= get_adv_discov_flags(hdev); 680 681 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 682 flags |= LE_AD_NO_BREDR; 683 684 if (flags) { 685 BT_DBG("adv flags 0x%02x", flags); 686 687 ptr[0] = 2; 688 ptr[1] = EIR_FLAGS; 689 ptr[2] = flags; 690 691 ad_len += 3; 692 ptr += 3; 693 } 694 695 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) { 696 ptr[0] = 2; 697 ptr[1] = EIR_TX_POWER; 698 ptr[2] = (u8) hdev->adv_tx_power; 699 700 ad_len += 3; 701 ptr += 3; 702 } 703 704 return ad_len; 705} 706 707static void update_adv_data(struct hci_request *req) 708{ 709 struct hci_dev *hdev = req->hdev; 710 struct hci_cp_le_set_adv_data cp; 711 u8 len; 712 713 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 714 return; 715 716 memset(&cp, 0, sizeof(cp)); 717 718 len = create_adv_data(hdev, cp.data); 719 720 if (hdev->adv_data_len == len && 721 memcmp(cp.data, hdev->adv_data, len) == 0) 722 return; 723 724 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 725 hdev->adv_data_len = len; 726 727 cp.length = len; 728 729 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 730} 731 732static void create_eir(struct hci_dev *hdev, u8 *data) 733{ 734 u8 *ptr = data; 735 size_t name_len; 736 737 name_len = strlen(hdev->dev_name); 738 739 if (name_len > 0) { 740 /* EIR Data type */ 741 if (name_len > 48) { 742 name_len = 48; 743 ptr[1] = EIR_NAME_SHORT; 744 } else 745 ptr[1] = EIR_NAME_COMPLETE; 746 747 /* EIR Data length */ 748 ptr[0] = name_len + 1; 749 750 memcpy(ptr + 2, hdev->dev_name, name_len); 751 752 ptr += (name_len + 2); 753 } 754 755 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) { 756 ptr[0] = 2; 757 ptr[1] = EIR_TX_POWER; 758 ptr[2] = (u8) hdev->inq_tx_power; 759 760 ptr += 3; 761 } 762 763 if (hdev->devid_source > 0) { 764 ptr[0] = 9; 765 ptr[1] = EIR_DEVICE_ID; 766 767 put_unaligned_le16(hdev->devid_source, ptr + 2); 768 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 769 put_unaligned_le16(hdev->devid_product, ptr + 6); 770 put_unaligned_le16(hdev->devid_version, ptr + 8); 771 772 ptr += 10; 773 } 774 775 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 776 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 777 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data)); 778} 779 780static void update_eir(struct hci_request *req) 781{ 782 struct hci_dev *hdev = req->hdev; 783 struct hci_cp_write_eir cp; 784 785 if (!hdev_is_powered(hdev)) 786 return; 787 788 if (!lmp_ext_inq_capable(hdev)) 789 return; 790 791 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 792 return; 793 794 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 795 return; 796 797 memset(&cp, 0, sizeof(cp)); 798 799 create_eir(hdev, cp.data); 800 801 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 802 return; 803 804 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 805 806 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 807} 808 809static u8 get_service_classes(struct hci_dev *hdev) 810{ 811 struct bt_uuid *uuid; 812 u8 val = 0; 813 814 list_for_each_entry(uuid, &hdev->uuids, list) 815 val |= uuid->svc_hint; 816 817 return val; 818} 819 820static void update_class(struct hci_request *req) 821{ 822 struct hci_dev *hdev = req->hdev; 823 u8 cod[3]; 824 825 BT_DBG("%s", hdev->name); 826 827 if (!hdev_is_powered(hdev)) 828 return; 829 830 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 831 return; 832 833 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 834 return; 835 836 cod[0] = hdev->minor_class; 837 cod[1] = hdev->major_class; 838 cod[2] = get_service_classes(hdev); 839 840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags)) 841 cod[1] |= 0x20; 842 843 if (memcmp(cod, hdev->dev_class, 3) == 0) 844 return; 845 846 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 847} 848 849static bool get_connectable(struct hci_dev *hdev) 850{ 851 struct pending_cmd *cmd; 852 853 /* If there's a pending mgmt command the flag will not yet have 854 * it's final value, so check for this first. 855 */ 856 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 857 if (cmd) { 858 struct mgmt_mode *cp = cmd->param; 859 return cp->val; 860 } 861 862 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags); 863} 864 865static void enable_advertising(struct hci_request *req) 866{ 867 struct hci_dev *hdev = req->hdev; 868 struct hci_cp_le_set_adv_param cp; 869 u8 own_addr_type, enable = 0x01; 870 bool connectable; 871 872 /* Clear the HCI_ADVERTISING bit temporarily so that the 873 * hci_update_random_address knows that it's safe to go ahead 874 * and write a new random address. The flag will be set back on 875 * as soon as the SET_ADV_ENABLE HCI command completes. 876 */ 877 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 878 879 connectable = get_connectable(hdev); 880 881 /* Set require_privacy to true only when non-connectable 882 * advertising is used. In that case it is fine to use a 883 * non-resolvable private address. 884 */ 885 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0) 886 return; 887 888 memset(&cp, 0, sizeof(cp)); 889 cp.min_interval = cpu_to_le16(0x0800); 890 cp.max_interval = cpu_to_le16(0x0800); 891 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; 892 cp.own_address_type = own_addr_type; 893 cp.channel_map = hdev->le_adv_channel_map; 894 895 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); 896 897 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 898} 899 900static void disable_advertising(struct hci_request *req) 901{ 902 u8 enable = 0x00; 903 904 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 905} 906 907static void service_cache_off(struct work_struct *work) 908{ 909 struct hci_dev *hdev = container_of(work, struct hci_dev, 910 service_cache.work); 911 struct hci_request req; 912 913 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 914 return; 915 916 hci_req_init(&req, hdev); 917 918 hci_dev_lock(hdev); 919 920 update_eir(&req); 921 update_class(&req); 922 923 hci_dev_unlock(hdev); 924 925 hci_req_run(&req, NULL); 926} 927 928static void rpa_expired(struct work_struct *work) 929{ 930 struct hci_dev *hdev = container_of(work, struct hci_dev, 931 rpa_expired.work); 932 struct hci_request req; 933 934 BT_DBG(""); 935 936 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); 937 938 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) || 939 hci_conn_num(hdev, LE_LINK) > 0) 940 return; 941 942 /* The generation of a new RPA and programming it into the 943 * controller happens in the enable_advertising() function. 944 */ 945 946 hci_req_init(&req, hdev); 947 948 disable_advertising(&req); 949 enable_advertising(&req); 950 951 hci_req_run(&req, NULL); 952} 953 954static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 955{ 956 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) 957 return; 958 959 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 960 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 961 962 /* Non-mgmt controlled devices get this bit set 963 * implicitly so that pairing works for them, however 964 * for mgmt we require user-space to explicitly enable 965 * it 966 */ 967 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 968} 969 970static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 971 void *data, u16 data_len) 972{ 973 struct mgmt_rp_read_info rp; 974 975 BT_DBG("sock %p %s", sk, hdev->name); 976 977 hci_dev_lock(hdev); 978 979 memset(&rp, 0, sizeof(rp)); 980 981 bacpy(&rp.bdaddr, &hdev->bdaddr); 982 983 rp.version = hdev->hci_ver; 984 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 985 986 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 987 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 988 989 memcpy(rp.dev_class, hdev->dev_class, 3); 990 991 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 992 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 993 994 hci_dev_unlock(hdev); 995 996 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 997 sizeof(rp)); 998} 999 1000static void mgmt_pending_free(struct pending_cmd *cmd) 1001{ 1002 sock_put(cmd->sk); 1003 kfree(cmd->param); 1004 kfree(cmd); 1005} 1006 1007static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 1008 struct hci_dev *hdev, void *data, 1009 u16 len) 1010{ 1011 struct pending_cmd *cmd; 1012 1013 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 1014 if (!cmd) 1015 return NULL; 1016 1017 cmd->opcode = opcode; 1018 cmd->index = hdev->id; 1019 1020 cmd->param = kmalloc(len, GFP_KERNEL); 1021 if (!cmd->param) { 1022 kfree(cmd); 1023 return NULL; 1024 } 1025 1026 if (data) 1027 memcpy(cmd->param, data, len); 1028 1029 cmd->sk = sk; 1030 sock_hold(sk); 1031 1032 list_add(&cmd->list, &hdev->mgmt_pending); 1033 1034 return cmd; 1035} 1036 1037static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 1038 void (*cb)(struct pending_cmd *cmd, 1039 void *data), 1040 void *data) 1041{ 1042 struct pending_cmd *cmd, *tmp; 1043 1044 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) { 1045 if (opcode > 0 && cmd->opcode != opcode) 1046 continue; 1047 1048 cb(cmd, data); 1049 } 1050} 1051 1052static void mgmt_pending_remove(struct pending_cmd *cmd) 1053{ 1054 list_del(&cmd->list); 1055 mgmt_pending_free(cmd); 1056} 1057 1058static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1059{ 1060 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1061 1062 return cmd_complete(sk, hdev->id, opcode, 0, &settings, 1063 sizeof(settings)); 1064} 1065 1066static void clean_up_hci_complete(struct hci_dev *hdev, u8 status) 1067{ 1068 BT_DBG("%s status 0x%02x", hdev->name, status); 1069 1070 if (hci_conn_count(hdev) == 0) { 1071 cancel_delayed_work(&hdev->power_off); 1072 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1073 } 1074} 1075 1076static void hci_stop_discovery(struct hci_request *req) 1077{ 1078 struct hci_dev *hdev = req->hdev; 1079 struct hci_cp_remote_name_req_cancel cp; 1080 struct inquiry_entry *e; 1081 1082 switch (hdev->discovery.state) { 1083 case DISCOVERY_FINDING: 1084 if (test_bit(HCI_INQUIRY, &hdev->flags)) { 1085 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL); 1086 } else { 1087 cancel_delayed_work(&hdev->le_scan_disable); 1088 hci_req_add_le_scan_disable(req); 1089 } 1090 1091 break; 1092 1093 case DISCOVERY_RESOLVING: 1094 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 1095 NAME_PENDING); 1096 if (!e) 1097 return; 1098 1099 bacpy(&cp.bdaddr, &e->data.bdaddr); 1100 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp), 1101 &cp); 1102 1103 break; 1104 1105 default: 1106 /* Passive scanning */ 1107 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 1108 hci_req_add_le_scan_disable(req); 1109 break; 1110 } 1111} 1112 1113static int clean_up_hci_state(struct hci_dev *hdev) 1114{ 1115 struct hci_request req; 1116 struct hci_conn *conn; 1117 1118 hci_req_init(&req, hdev); 1119 1120 if (test_bit(HCI_ISCAN, &hdev->flags) || 1121 test_bit(HCI_PSCAN, &hdev->flags)) { 1122 u8 scan = 0x00; 1123 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1124 } 1125 1126 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) 1127 disable_advertising(&req); 1128 1129 hci_stop_discovery(&req); 1130 1131 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 1132 struct hci_cp_disconnect dc; 1133 struct hci_cp_reject_conn_req rej; 1134 1135 switch (conn->state) { 1136 case BT_CONNECTED: 1137 case BT_CONFIG: 1138 dc.handle = cpu_to_le16(conn->handle); 1139 dc.reason = 0x15; /* Terminated due to Power Off */ 1140 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1141 break; 1142 case BT_CONNECT: 1143 if (conn->type == LE_LINK) 1144 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL, 1145 0, NULL); 1146 else if (conn->type == ACL_LINK) 1147 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL, 1148 6, &conn->dst); 1149 break; 1150 case BT_CONNECT2: 1151 bacpy(&rej.bdaddr, &conn->dst); 1152 rej.reason = 0x15; /* Terminated due to Power Off */ 1153 if (conn->type == ACL_LINK) 1154 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ, 1155 sizeof(rej), &rej); 1156 else if (conn->type == SCO_LINK) 1157 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ, 1158 sizeof(rej), &rej); 1159 break; 1160 } 1161 } 1162 1163 return hci_req_run(&req, clean_up_hci_complete); 1164} 1165 1166static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1167 u16 len) 1168{ 1169 struct mgmt_mode *cp = data; 1170 struct pending_cmd *cmd; 1171 int err; 1172 1173 BT_DBG("request for %s", hdev->name); 1174 1175 if (cp->val != 0x00 && cp->val != 0x01) 1176 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1177 MGMT_STATUS_INVALID_PARAMS); 1178 1179 hci_dev_lock(hdev); 1180 1181 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 1182 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1183 MGMT_STATUS_BUSY); 1184 goto failed; 1185 } 1186 1187 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 1188 cancel_delayed_work(&hdev->power_off); 1189 1190 if (cp->val) { 1191 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, 1192 data, len); 1193 err = mgmt_powered(hdev, 1); 1194 goto failed; 1195 } 1196 } 1197 1198 if (!!cp->val == hdev_is_powered(hdev)) { 1199 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1200 goto failed; 1201 } 1202 1203 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1204 if (!cmd) { 1205 err = -ENOMEM; 1206 goto failed; 1207 } 1208 1209 if (cp->val) { 1210 queue_work(hdev->req_workqueue, &hdev->power_on); 1211 err = 0; 1212 } else { 1213 /* Disconnect connections, stop scans, etc */ 1214 err = clean_up_hci_state(hdev); 1215 if (!err) 1216 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1217 HCI_POWER_OFF_TIMEOUT); 1218 1219 /* ENODATA means there were no HCI commands queued */ 1220 if (err == -ENODATA) { 1221 cancel_delayed_work(&hdev->power_off); 1222 queue_work(hdev->req_workqueue, &hdev->power_off.work); 1223 err = 0; 1224 } 1225 } 1226 1227failed: 1228 hci_dev_unlock(hdev); 1229 return err; 1230} 1231 1232static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len, 1233 struct sock *skip_sk) 1234{ 1235 struct sk_buff *skb; 1236 struct mgmt_hdr *hdr; 1237 1238 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL); 1239 if (!skb) 1240 return -ENOMEM; 1241 1242 hdr = (void *) skb_put(skb, sizeof(*hdr)); 1243 hdr->opcode = cpu_to_le16(event); 1244 if (hdev) 1245 hdr->index = cpu_to_le16(hdev->id); 1246 else 1247 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 1248 hdr->len = cpu_to_le16(data_len); 1249 1250 if (data) 1251 memcpy(skb_put(skb, data_len), data, data_len); 1252 1253 /* Time stamp */ 1254 __net_timestamp(skb); 1255 1256 hci_send_to_control(skb, skip_sk); 1257 kfree_skb(skb); 1258 1259 return 0; 1260} 1261 1262static int new_settings(struct hci_dev *hdev, struct sock *skip) 1263{ 1264 __le32 ev; 1265 1266 ev = cpu_to_le32(get_current_settings(hdev)); 1267 1268 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip); 1269} 1270 1271struct cmd_lookup { 1272 struct sock *sk; 1273 struct hci_dev *hdev; 1274 u8 mgmt_status; 1275}; 1276 1277static void settings_rsp(struct pending_cmd *cmd, void *data) 1278{ 1279 struct cmd_lookup *match = data; 1280 1281 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1282 1283 list_del(&cmd->list); 1284 1285 if (match->sk == NULL) { 1286 match->sk = cmd->sk; 1287 sock_hold(match->sk); 1288 } 1289 1290 mgmt_pending_free(cmd); 1291} 1292 1293static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 1294{ 1295 u8 *status = data; 1296 1297 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1298 mgmt_pending_remove(cmd); 1299} 1300 1301static u8 mgmt_bredr_support(struct hci_dev *hdev) 1302{ 1303 if (!lmp_bredr_capable(hdev)) 1304 return MGMT_STATUS_NOT_SUPPORTED; 1305 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1306 return MGMT_STATUS_REJECTED; 1307 else 1308 return MGMT_STATUS_SUCCESS; 1309} 1310 1311static u8 mgmt_le_support(struct hci_dev *hdev) 1312{ 1313 if (!lmp_le_capable(hdev)) 1314 return MGMT_STATUS_NOT_SUPPORTED; 1315 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 1316 return MGMT_STATUS_REJECTED; 1317 else 1318 return MGMT_STATUS_SUCCESS; 1319} 1320 1321static void set_discoverable_complete(struct hci_dev *hdev, u8 status) 1322{ 1323 struct pending_cmd *cmd; 1324 struct mgmt_mode *cp; 1325 struct hci_request req; 1326 bool changed; 1327 1328 BT_DBG("status 0x%02x", status); 1329 1330 hci_dev_lock(hdev); 1331 1332 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1333 if (!cmd) 1334 goto unlock; 1335 1336 if (status) { 1337 u8 mgmt_err = mgmt_status(status); 1338 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1339 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1340 goto remove_cmd; 1341 } 1342 1343 cp = cmd->param; 1344 if (cp->val) { 1345 changed = !test_and_set_bit(HCI_DISCOVERABLE, 1346 &hdev->dev_flags); 1347 1348 if (hdev->discov_timeout > 0) { 1349 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1350 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 1351 to); 1352 } 1353 } else { 1354 changed = test_and_clear_bit(HCI_DISCOVERABLE, 1355 &hdev->dev_flags); 1356 } 1357 1358 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1359 1360 if (changed) 1361 new_settings(hdev, cmd->sk); 1362 1363 /* When the discoverable mode gets changed, make sure 1364 * that class of device has the limited discoverable 1365 * bit correctly set. 1366 */ 1367 hci_req_init(&req, hdev); 1368 update_class(&req); 1369 hci_req_run(&req, NULL); 1370 1371remove_cmd: 1372 mgmt_pending_remove(cmd); 1373 1374unlock: 1375 hci_dev_unlock(hdev); 1376} 1377 1378static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1379 u16 len) 1380{ 1381 struct mgmt_cp_set_discoverable *cp = data; 1382 struct pending_cmd *cmd; 1383 struct hci_request req; 1384 u16 timeout; 1385 u8 scan; 1386 int err; 1387 1388 BT_DBG("request for %s", hdev->name); 1389 1390 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && 1391 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1392 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1393 MGMT_STATUS_REJECTED); 1394 1395 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1396 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1397 MGMT_STATUS_INVALID_PARAMS); 1398 1399 timeout = __le16_to_cpu(cp->timeout); 1400 1401 /* Disabling discoverable requires that no timeout is set, 1402 * and enabling limited discoverable requires a timeout. 1403 */ 1404 if ((cp->val == 0x00 && timeout > 0) || 1405 (cp->val == 0x02 && timeout == 0)) 1406 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1407 MGMT_STATUS_INVALID_PARAMS); 1408 1409 hci_dev_lock(hdev); 1410 1411 if (!hdev_is_powered(hdev) && timeout > 0) { 1412 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1413 MGMT_STATUS_NOT_POWERED); 1414 goto failed; 1415 } 1416 1417 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1418 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1419 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1420 MGMT_STATUS_BUSY); 1421 goto failed; 1422 } 1423 1424 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) { 1425 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1426 MGMT_STATUS_REJECTED); 1427 goto failed; 1428 } 1429 1430 if (!hdev_is_powered(hdev)) { 1431 bool changed = false; 1432 1433 /* Setting limited discoverable when powered off is 1434 * not a valid operation since it requires a timeout 1435 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1436 */ 1437 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 1438 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1439 changed = true; 1440 } 1441 1442 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1443 if (err < 0) 1444 goto failed; 1445 1446 if (changed) 1447 err = new_settings(hdev, sk); 1448 1449 goto failed; 1450 } 1451 1452 /* If the current mode is the same, then just update the timeout 1453 * value with the new value. And if only the timeout gets updated, 1454 * then no need for any HCI transactions. 1455 */ 1456 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) && 1457 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE, 1458 &hdev->dev_flags)) { 1459 cancel_delayed_work(&hdev->discov_off); 1460 hdev->discov_timeout = timeout; 1461 1462 if (cp->val && hdev->discov_timeout > 0) { 1463 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1464 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 1465 to); 1466 } 1467 1468 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1469 goto failed; 1470 } 1471 1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1473 if (!cmd) { 1474 err = -ENOMEM; 1475 goto failed; 1476 } 1477 1478 /* Cancel any potential discoverable timeout that might be 1479 * still active and store new timeout value. The arming of 1480 * the timeout happens in the complete handler. 1481 */ 1482 cancel_delayed_work(&hdev->discov_off); 1483 hdev->discov_timeout = timeout; 1484 1485 /* Limited discoverable mode */ 1486 if (cp->val == 0x02) 1487 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1488 else 1489 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1490 1491 hci_req_init(&req, hdev); 1492 1493 /* The procedure for LE-only controllers is much simpler - just 1494 * update the advertising data. 1495 */ 1496 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1497 goto update_ad; 1498 1499 scan = SCAN_PAGE; 1500 1501 if (cp->val) { 1502 struct hci_cp_write_current_iac_lap hci_cp; 1503 1504 if (cp->val == 0x02) { 1505 /* Limited discoverable mode */ 1506 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2); 1507 hci_cp.iac_lap[0] = 0x00; /* LIAC */ 1508 hci_cp.iac_lap[1] = 0x8b; 1509 hci_cp.iac_lap[2] = 0x9e; 1510 hci_cp.iac_lap[3] = 0x33; /* GIAC */ 1511 hci_cp.iac_lap[4] = 0x8b; 1512 hci_cp.iac_lap[5] = 0x9e; 1513 } else { 1514 /* General discoverable mode */ 1515 hci_cp.num_iac = 1; 1516 hci_cp.iac_lap[0] = 0x33; /* GIAC */ 1517 hci_cp.iac_lap[1] = 0x8b; 1518 hci_cp.iac_lap[2] = 0x9e; 1519 } 1520 1521 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP, 1522 (hci_cp.num_iac * 3) + 1, &hci_cp); 1523 1524 scan |= SCAN_INQUIRY; 1525 } else { 1526 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1527 } 1528 1529 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan); 1530 1531update_ad: 1532 update_adv_data(&req); 1533 1534 err = hci_req_run(&req, set_discoverable_complete); 1535 if (err < 0) 1536 mgmt_pending_remove(cmd); 1537 1538failed: 1539 hci_dev_unlock(hdev); 1540 return err; 1541} 1542 1543static void write_fast_connectable(struct hci_request *req, bool enable) 1544{ 1545 struct hci_dev *hdev = req->hdev; 1546 struct hci_cp_write_page_scan_activity acp; 1547 u8 type; 1548 1549 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1550 return; 1551 1552 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 1553 return; 1554 1555 if (enable) { 1556 type = PAGE_SCAN_TYPE_INTERLACED; 1557 1558 /* 160 msec page scan interval */ 1559 acp.interval = cpu_to_le16(0x0100); 1560 } else { 1561 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 1562 1563 /* default 1.28 sec page scan */ 1564 acp.interval = cpu_to_le16(0x0800); 1565 } 1566 1567 acp.window = cpu_to_le16(0x0012); 1568 1569 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval || 1570 __cpu_to_le16(hdev->page_scan_window) != acp.window) 1571 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 1572 sizeof(acp), &acp); 1573 1574 if (hdev->page_scan_type != type) 1575 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1576} 1577 1578static void set_connectable_complete(struct hci_dev *hdev, u8 status) 1579{ 1580 struct pending_cmd *cmd; 1581 struct mgmt_mode *cp; 1582 bool changed; 1583 1584 BT_DBG("status 0x%02x", status); 1585 1586 hci_dev_lock(hdev); 1587 1588 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1589 if (!cmd) 1590 goto unlock; 1591 1592 if (status) { 1593 u8 mgmt_err = mgmt_status(status); 1594 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1595 goto remove_cmd; 1596 } 1597 1598 cp = cmd->param; 1599 if (cp->val) 1600 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1601 else 1602 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1603 1604 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1605 1606 if (changed) 1607 new_settings(hdev, cmd->sk); 1608 1609remove_cmd: 1610 mgmt_pending_remove(cmd); 1611 1612unlock: 1613 hci_dev_unlock(hdev); 1614} 1615 1616static int set_connectable_update_settings(struct hci_dev *hdev, 1617 struct sock *sk, u8 val) 1618{ 1619 bool changed = false; 1620 int err; 1621 1622 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 1623 changed = true; 1624 1625 if (val) { 1626 set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1627 } else { 1628 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 1629 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1630 } 1631 1632 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1633 if (err < 0) 1634 return err; 1635 1636 if (changed) 1637 return new_settings(hdev, sk); 1638 1639 return 0; 1640} 1641 1642static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1643 u16 len) 1644{ 1645 struct mgmt_mode *cp = data; 1646 struct pending_cmd *cmd; 1647 struct hci_request req; 1648 u8 scan; 1649 int err; 1650 1651 BT_DBG("request for %s", hdev->name); 1652 1653 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && 1654 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1655 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1656 MGMT_STATUS_REJECTED); 1657 1658 if (cp->val != 0x00 && cp->val != 0x01) 1659 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1660 MGMT_STATUS_INVALID_PARAMS); 1661 1662 hci_dev_lock(hdev); 1663 1664 if (!hdev_is_powered(hdev)) { 1665 err = set_connectable_update_settings(hdev, sk, cp->val); 1666 goto failed; 1667 } 1668 1669 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1670 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1671 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1672 MGMT_STATUS_BUSY); 1673 goto failed; 1674 } 1675 1676 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1677 if (!cmd) { 1678 err = -ENOMEM; 1679 goto failed; 1680 } 1681 1682 hci_req_init(&req, hdev); 1683 1684 /* If BR/EDR is not enabled and we disable advertising as a 1685 * by-product of disabling connectable, we need to update the 1686 * advertising flags. 1687 */ 1688 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1689 if (!cp->val) { 1690 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 1691 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 1692 } 1693 update_adv_data(&req); 1694 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) { 1695 if (cp->val) { 1696 scan = SCAN_PAGE; 1697 } else { 1698 scan = 0; 1699 1700 if (test_bit(HCI_ISCAN, &hdev->flags) && 1701 hdev->discov_timeout > 0) 1702 cancel_delayed_work(&hdev->discov_off); 1703 } 1704 1705 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1706 } 1707 1708 /* If we're going from non-connectable to connectable or 1709 * vice-versa when fast connectable is enabled ensure that fast 1710 * connectable gets disabled. write_fast_connectable won't do 1711 * anything if the page scan parameters are already what they 1712 * should be. 1713 */ 1714 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) 1715 write_fast_connectable(&req, false); 1716 1717 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && 1718 hci_conn_num(hdev, LE_LINK) == 0) { 1719 disable_advertising(&req); 1720 enable_advertising(&req); 1721 } 1722 1723 err = hci_req_run(&req, set_connectable_complete); 1724 if (err < 0) { 1725 mgmt_pending_remove(cmd); 1726 if (err == -ENODATA) 1727 err = set_connectable_update_settings(hdev, sk, 1728 cp->val); 1729 goto failed; 1730 } 1731 1732failed: 1733 hci_dev_unlock(hdev); 1734 return err; 1735} 1736 1737static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, 1738 u16 len) 1739{ 1740 struct mgmt_mode *cp = data; 1741 bool changed; 1742 int err; 1743 1744 BT_DBG("request for %s", hdev->name); 1745 1746 if (cp->val != 0x00 && cp->val != 0x01) 1747 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE, 1748 MGMT_STATUS_INVALID_PARAMS); 1749 1750 hci_dev_lock(hdev); 1751 1752 if (cp->val) 1753 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1754 else 1755 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1756 1757 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1758 if (err < 0) 1759 goto unlock; 1760 1761 if (changed) 1762 err = new_settings(hdev, sk); 1763 1764unlock: 1765 hci_dev_unlock(hdev); 1766 return err; 1767} 1768 1769static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1770 u16 len) 1771{ 1772 struct mgmt_mode *cp = data; 1773 struct pending_cmd *cmd; 1774 u8 val, status; 1775 int err; 1776 1777 BT_DBG("request for %s", hdev->name); 1778 1779 status = mgmt_bredr_support(hdev); 1780 if (status) 1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1782 status); 1783 1784 if (cp->val != 0x00 && cp->val != 0x01) 1785 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1786 MGMT_STATUS_INVALID_PARAMS); 1787 1788 hci_dev_lock(hdev); 1789 1790 if (!hdev_is_powered(hdev)) { 1791 bool changed = false; 1792 1793 if (!!cp->val != test_bit(HCI_LINK_SECURITY, 1794 &hdev->dev_flags)) { 1795 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 1796 changed = true; 1797 } 1798 1799 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1800 if (err < 0) 1801 goto failed; 1802 1803 if (changed) 1804 err = new_settings(hdev, sk); 1805 1806 goto failed; 1807 } 1808 1809 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1811 MGMT_STATUS_BUSY); 1812 goto failed; 1813 } 1814 1815 val = !!cp->val; 1816 1817 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1818 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1819 goto failed; 1820 } 1821 1822 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1823 if (!cmd) { 1824 err = -ENOMEM; 1825 goto failed; 1826 } 1827 1828 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1829 if (err < 0) { 1830 mgmt_pending_remove(cmd); 1831 goto failed; 1832 } 1833 1834failed: 1835 hci_dev_unlock(hdev); 1836 return err; 1837} 1838 1839static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1840{ 1841 struct mgmt_mode *cp = data; 1842 struct pending_cmd *cmd; 1843 u8 status; 1844 int err; 1845 1846 BT_DBG("request for %s", hdev->name); 1847 1848 status = mgmt_bredr_support(hdev); 1849 if (status) 1850 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1851 1852 if (!lmp_ssp_capable(hdev)) 1853 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1854 MGMT_STATUS_NOT_SUPPORTED); 1855 1856 if (cp->val != 0x00 && cp->val != 0x01) 1857 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1858 MGMT_STATUS_INVALID_PARAMS); 1859 1860 hci_dev_lock(hdev); 1861 1862 if (!hdev_is_powered(hdev)) { 1863 bool changed; 1864 1865 if (cp->val) { 1866 changed = !test_and_set_bit(HCI_SSP_ENABLED, 1867 &hdev->dev_flags); 1868 } else { 1869 changed = test_and_clear_bit(HCI_SSP_ENABLED, 1870 &hdev->dev_flags); 1871 if (!changed) 1872 changed = test_and_clear_bit(HCI_HS_ENABLED, 1873 &hdev->dev_flags); 1874 else 1875 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1876 } 1877 1878 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1879 if (err < 0) 1880 goto failed; 1881 1882 if (changed) 1883 err = new_settings(hdev, sk); 1884 1885 goto failed; 1886 } 1887 1888 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) || 1889 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) { 1890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1891 MGMT_STATUS_BUSY); 1892 goto failed; 1893 } 1894 1895 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1896 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1897 goto failed; 1898 } 1899 1900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1901 if (!cmd) { 1902 err = -ENOMEM; 1903 goto failed; 1904 } 1905 1906 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) 1907 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1908 sizeof(cp->val), &cp->val); 1909 1910 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1911 if (err < 0) { 1912 mgmt_pending_remove(cmd); 1913 goto failed; 1914 } 1915 1916failed: 1917 hci_dev_unlock(hdev); 1918 return err; 1919} 1920 1921static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1922{ 1923 struct mgmt_mode *cp = data; 1924 bool changed; 1925 u8 status; 1926 int err; 1927 1928 BT_DBG("request for %s", hdev->name); 1929 1930 status = mgmt_bredr_support(hdev); 1931 if (status) 1932 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1933 1934 if (!lmp_ssp_capable(hdev)) 1935 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1936 MGMT_STATUS_NOT_SUPPORTED); 1937 1938 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 1939 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1940 MGMT_STATUS_REJECTED); 1941 1942 if (cp->val != 0x00 && cp->val != 0x01) 1943 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1944 MGMT_STATUS_INVALID_PARAMS); 1945 1946 hci_dev_lock(hdev); 1947 1948 if (cp->val) { 1949 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1950 } else { 1951 if (hdev_is_powered(hdev)) { 1952 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1953 MGMT_STATUS_REJECTED); 1954 goto unlock; 1955 } 1956 1957 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1958 } 1959 1960 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1961 if (err < 0) 1962 goto unlock; 1963 1964 if (changed) 1965 err = new_settings(hdev, sk); 1966 1967unlock: 1968 hci_dev_unlock(hdev); 1969 return err; 1970} 1971 1972static void le_enable_complete(struct hci_dev *hdev, u8 status) 1973{ 1974 struct cmd_lookup match = { NULL, hdev }; 1975 1976 if (status) { 1977 u8 mgmt_err = mgmt_status(status); 1978 1979 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1980 &mgmt_err); 1981 return; 1982 } 1983 1984 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1985 1986 new_settings(hdev, match.sk); 1987 1988 if (match.sk) 1989 sock_put(match.sk); 1990 1991 /* Make sure the controller has a good default for 1992 * advertising data. Restrict the update to when LE 1993 * has actually been enabled. During power on, the 1994 * update in powered_update_hci will take care of it. 1995 */ 1996 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1997 struct hci_request req; 1998 1999 hci_dev_lock(hdev); 2000 2001 hci_req_init(&req, hdev); 2002 update_adv_data(&req); 2003 update_scan_rsp_data(&req); 2004 hci_req_run(&req, NULL); 2005 2006 hci_dev_unlock(hdev); 2007 } 2008} 2009 2010static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2011{ 2012 struct mgmt_mode *cp = data; 2013 struct hci_cp_write_le_host_supported hci_cp; 2014 struct pending_cmd *cmd; 2015 struct hci_request req; 2016 int err; 2017 u8 val, enabled; 2018 2019 BT_DBG("request for %s", hdev->name); 2020 2021 if (!lmp_le_capable(hdev)) 2022 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2023 MGMT_STATUS_NOT_SUPPORTED); 2024 2025 if (cp->val != 0x00 && cp->val != 0x01) 2026 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2027 MGMT_STATUS_INVALID_PARAMS); 2028 2029 /* LE-only devices do not allow toggling LE on/off */ 2030 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 2031 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2032 MGMT_STATUS_REJECTED); 2033 2034 hci_dev_lock(hdev); 2035 2036 val = !!cp->val; 2037 enabled = lmp_host_le_capable(hdev); 2038 2039 if (!hdev_is_powered(hdev) || val == enabled) { 2040 bool changed = false; 2041 2042 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 2043 change_bit(HCI_LE_ENABLED, &hdev->dev_flags); 2044 changed = true; 2045 } 2046 2047 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) { 2048 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 2049 changed = true; 2050 } 2051 2052 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2053 if (err < 0) 2054 goto unlock; 2055 2056 if (changed) 2057 err = new_settings(hdev, sk); 2058 2059 goto unlock; 2060 } 2061 2062 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) || 2063 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 2064 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2065 MGMT_STATUS_BUSY); 2066 goto unlock; 2067 } 2068 2069 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 2070 if (!cmd) { 2071 err = -ENOMEM; 2072 goto unlock; 2073 } 2074 2075 hci_req_init(&req, hdev); 2076 2077 memset(&hci_cp, 0, sizeof(hci_cp)); 2078 2079 if (val) { 2080 hci_cp.le = val; 2081 hci_cp.simul = lmp_le_br_capable(hdev); 2082 } else { 2083 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) 2084 disable_advertising(&req); 2085 } 2086 2087 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 2088 &hci_cp); 2089 2090 err = hci_req_run(&req, le_enable_complete); 2091 if (err < 0) 2092 mgmt_pending_remove(cmd); 2093 2094unlock: 2095 hci_dev_unlock(hdev); 2096 return err; 2097} 2098 2099/* This is a helper function to test for pending mgmt commands that can 2100 * cause CoD or EIR HCI commands. We can only allow one such pending 2101 * mgmt command at a time since otherwise we cannot easily track what 2102 * the current values are, will be, and based on that calculate if a new 2103 * HCI command needs to be sent and if yes with what value. 2104 */ 2105static bool pending_eir_or_class(struct hci_dev *hdev) 2106{ 2107 struct pending_cmd *cmd; 2108 2109 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2110 switch (cmd->opcode) { 2111 case MGMT_OP_ADD_UUID: 2112 case MGMT_OP_REMOVE_UUID: 2113 case MGMT_OP_SET_DEV_CLASS: 2114 case MGMT_OP_SET_POWERED: 2115 return true; 2116 } 2117 } 2118 2119 return false; 2120} 2121 2122static const u8 bluetooth_base_uuid[] = { 2123 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2124 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2125}; 2126 2127static u8 get_uuid_size(const u8 *uuid) 2128{ 2129 u32 val; 2130 2131 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2132 return 128; 2133 2134 val = get_unaligned_le32(&uuid[12]); 2135 if (val > 0xffff) 2136 return 32; 2137 2138 return 16; 2139} 2140 2141static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 2142{ 2143 struct pending_cmd *cmd; 2144 2145 hci_dev_lock(hdev); 2146 2147 cmd = mgmt_pending_find(mgmt_op, hdev); 2148 if (!cmd) 2149 goto unlock; 2150 2151 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status), 2152 hdev->dev_class, 3); 2153 2154 mgmt_pending_remove(cmd); 2155 2156unlock: 2157 hci_dev_unlock(hdev); 2158} 2159 2160static void add_uuid_complete(struct hci_dev *hdev, u8 status) 2161{ 2162 BT_DBG("status 0x%02x", status); 2163 2164 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 2165} 2166 2167static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2168{ 2169 struct mgmt_cp_add_uuid *cp = data; 2170 struct pending_cmd *cmd; 2171 struct hci_request req; 2172 struct bt_uuid *uuid; 2173 int err; 2174 2175 BT_DBG("request for %s", hdev->name); 2176 2177 hci_dev_lock(hdev); 2178 2179 if (pending_eir_or_class(hdev)) { 2180 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2181 MGMT_STATUS_BUSY); 2182 goto failed; 2183 } 2184 2185 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2186 if (!uuid) { 2187 err = -ENOMEM; 2188 goto failed; 2189 } 2190 2191 memcpy(uuid->uuid, cp->uuid, 16); 2192 uuid->svc_hint = cp->svc_hint; 2193 uuid->size = get_uuid_size(cp->uuid); 2194 2195 list_add_tail(&uuid->list, &hdev->uuids); 2196 2197 hci_req_init(&req, hdev); 2198 2199 update_class(&req); 2200 update_eir(&req); 2201 2202 err = hci_req_run(&req, add_uuid_complete); 2203 if (err < 0) { 2204 if (err != -ENODATA) 2205 goto failed; 2206 2207 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 2208 hdev->dev_class, 3); 2209 goto failed; 2210 } 2211 2212 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2213 if (!cmd) { 2214 err = -ENOMEM; 2215 goto failed; 2216 } 2217 2218 err = 0; 2219 2220failed: 2221 hci_dev_unlock(hdev); 2222 return err; 2223} 2224 2225static bool enable_service_cache(struct hci_dev *hdev) 2226{ 2227 if (!hdev_is_powered(hdev)) 2228 return false; 2229 2230 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 2231 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2232 CACHE_TIMEOUT); 2233 return true; 2234 } 2235 2236 return false; 2237} 2238 2239static void remove_uuid_complete(struct hci_dev *hdev, u8 status) 2240{ 2241 BT_DBG("status 0x%02x", status); 2242 2243 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 2244} 2245 2246static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2247 u16 len) 2248{ 2249 struct mgmt_cp_remove_uuid *cp = data; 2250 struct pending_cmd *cmd; 2251 struct bt_uuid *match, *tmp; 2252 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 2253 struct hci_request req; 2254 int err, found; 2255 2256 BT_DBG("request for %s", hdev->name); 2257 2258 hci_dev_lock(hdev); 2259 2260 if (pending_eir_or_class(hdev)) { 2261 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2262 MGMT_STATUS_BUSY); 2263 goto unlock; 2264 } 2265 2266 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2267 hci_uuids_clear(hdev); 2268 2269 if (enable_service_cache(hdev)) { 2270 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2271 0, hdev->dev_class, 3); 2272 goto unlock; 2273 } 2274 2275 goto update_class; 2276 } 2277 2278 found = 0; 2279 2280 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2281 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2282 continue; 2283 2284 list_del(&match->list); 2285 kfree(match); 2286 found++; 2287 } 2288 2289 if (found == 0) { 2290 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2291 MGMT_STATUS_INVALID_PARAMS); 2292 goto unlock; 2293 } 2294 2295update_class: 2296 hci_req_init(&req, hdev); 2297 2298 update_class(&req); 2299 update_eir(&req); 2300 2301 err = hci_req_run(&req, remove_uuid_complete); 2302 if (err < 0) { 2303 if (err != -ENODATA) 2304 goto unlock; 2305 2306 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 2307 hdev->dev_class, 3); 2308 goto unlock; 2309 } 2310 2311 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2312 if (!cmd) { 2313 err = -ENOMEM; 2314 goto unlock; 2315 } 2316 2317 err = 0; 2318 2319unlock: 2320 hci_dev_unlock(hdev); 2321 return err; 2322} 2323 2324static void set_class_complete(struct hci_dev *hdev, u8 status) 2325{ 2326 BT_DBG("status 0x%02x", status); 2327 2328 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 2329} 2330 2331static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2332 u16 len) 2333{ 2334 struct mgmt_cp_set_dev_class *cp = data; 2335 struct pending_cmd *cmd; 2336 struct hci_request req; 2337 int err; 2338 2339 BT_DBG("request for %s", hdev->name); 2340 2341 if (!lmp_bredr_capable(hdev)) 2342 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2343 MGMT_STATUS_NOT_SUPPORTED); 2344 2345 hci_dev_lock(hdev); 2346 2347 if (pending_eir_or_class(hdev)) { 2348 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2349 MGMT_STATUS_BUSY); 2350 goto unlock; 2351 } 2352 2353 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2354 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2355 MGMT_STATUS_INVALID_PARAMS); 2356 goto unlock; 2357 } 2358 2359 hdev->major_class = cp->major; 2360 hdev->minor_class = cp->minor; 2361 2362 if (!hdev_is_powered(hdev)) { 2363 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2364 hdev->dev_class, 3); 2365 goto unlock; 2366 } 2367 2368 hci_req_init(&req, hdev); 2369 2370 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 2371 hci_dev_unlock(hdev); 2372 cancel_delayed_work_sync(&hdev->service_cache); 2373 hci_dev_lock(hdev); 2374 update_eir(&req); 2375 } 2376 2377 update_class(&req); 2378 2379 err = hci_req_run(&req, set_class_complete); 2380 if (err < 0) { 2381 if (err != -ENODATA) 2382 goto unlock; 2383 2384 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2385 hdev->dev_class, 3); 2386 goto unlock; 2387 } 2388 2389 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2390 if (!cmd) { 2391 err = -ENOMEM; 2392 goto unlock; 2393 } 2394 2395 err = 0; 2396 2397unlock: 2398 hci_dev_unlock(hdev); 2399 return err; 2400} 2401 2402static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2403 u16 len) 2404{ 2405 struct mgmt_cp_load_link_keys *cp = data; 2406 u16 key_count, expected_len; 2407 bool changed; 2408 int i; 2409 2410 BT_DBG("request for %s", hdev->name); 2411 2412 if (!lmp_bredr_capable(hdev)) 2413 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2414 MGMT_STATUS_NOT_SUPPORTED); 2415 2416 key_count = __le16_to_cpu(cp->key_count); 2417 2418 expected_len = sizeof(*cp) + key_count * 2419 sizeof(struct mgmt_link_key_info); 2420 if (expected_len != len) { 2421 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 2422 expected_len, len); 2423 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2424 MGMT_STATUS_INVALID_PARAMS); 2425 } 2426 2427 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2428 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2429 MGMT_STATUS_INVALID_PARAMS); 2430 2431 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2432 key_count); 2433 2434 for (i = 0; i < key_count; i++) { 2435 struct mgmt_link_key_info *key = &cp->keys[i]; 2436 2437 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2438 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2439 MGMT_STATUS_INVALID_PARAMS); 2440 } 2441 2442 hci_dev_lock(hdev); 2443 2444 hci_link_keys_clear(hdev); 2445 2446 if (cp->debug_keys) 2447 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS, 2448 &hdev->dev_flags); 2449 else 2450 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS, 2451 &hdev->dev_flags); 2452 2453 if (changed) 2454 new_settings(hdev, NULL); 2455 2456 for (i = 0; i < key_count; i++) { 2457 struct mgmt_link_key_info *key = &cp->keys[i]; 2458 2459 /* Always ignore debug keys and require a new pairing if 2460 * the user wants to use them. 2461 */ 2462 if (key->type == HCI_LK_DEBUG_COMBINATION) 2463 continue; 2464 2465 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2466 key->type, key->pin_len, NULL); 2467 } 2468 2469 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2470 2471 hci_dev_unlock(hdev); 2472 2473 return 0; 2474} 2475 2476static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2477 u8 addr_type, struct sock *skip_sk) 2478{ 2479 struct mgmt_ev_device_unpaired ev; 2480 2481 bacpy(&ev.addr.bdaddr, bdaddr); 2482 ev.addr.type = addr_type; 2483 2484 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2485 skip_sk); 2486} 2487 2488static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2489 u16 len) 2490{ 2491 struct mgmt_cp_unpair_device *cp = data; 2492 struct mgmt_rp_unpair_device rp; 2493 struct hci_cp_disconnect dc; 2494 struct pending_cmd *cmd; 2495 struct hci_conn *conn; 2496 int err; 2497 2498 memset(&rp, 0, sizeof(rp)); 2499 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2500 rp.addr.type = cp->addr.type; 2501 2502 if (!bdaddr_type_is_valid(cp->addr.type)) 2503 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2504 MGMT_STATUS_INVALID_PARAMS, 2505 &rp, sizeof(rp)); 2506 2507 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2508 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2509 MGMT_STATUS_INVALID_PARAMS, 2510 &rp, sizeof(rp)); 2511 2512 hci_dev_lock(hdev); 2513 2514 if (!hdev_is_powered(hdev)) { 2515 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2516 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 2517 goto unlock; 2518 } 2519 2520 if (cp->addr.type == BDADDR_BREDR) { 2521 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2522 } else { 2523 u8 addr_type; 2524 2525 if (cp->addr.type == BDADDR_LE_PUBLIC) 2526 addr_type = ADDR_LE_DEV_PUBLIC; 2527 else 2528 addr_type = ADDR_LE_DEV_RANDOM; 2529 2530 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2531 2532 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2533 2534 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2535 } 2536 2537 if (err < 0) { 2538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2539 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp)); 2540 goto unlock; 2541 } 2542 2543 if (cp->disconnect) { 2544 if (cp->addr.type == BDADDR_BREDR) 2545 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2546 &cp->addr.bdaddr); 2547 else 2548 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, 2549 &cp->addr.bdaddr); 2550 } else { 2551 conn = NULL; 2552 } 2553 2554 if (!conn) { 2555 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2556 &rp, sizeof(rp)); 2557 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2558 goto unlock; 2559 } 2560 2561 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2562 sizeof(*cp)); 2563 if (!cmd) { 2564 err = -ENOMEM; 2565 goto unlock; 2566 } 2567 2568 dc.handle = cpu_to_le16(conn->handle); 2569 dc.reason = 0x13; /* Remote User Terminated Connection */ 2570 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 2571 if (err < 0) 2572 mgmt_pending_remove(cmd); 2573 2574unlock: 2575 hci_dev_unlock(hdev); 2576 return err; 2577} 2578 2579static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2580 u16 len) 2581{ 2582 struct mgmt_cp_disconnect *cp = data; 2583 struct mgmt_rp_disconnect rp; 2584 struct hci_cp_disconnect dc; 2585 struct pending_cmd *cmd; 2586 struct hci_conn *conn; 2587 int err; 2588 2589 BT_DBG(""); 2590 2591 memset(&rp, 0, sizeof(rp)); 2592 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2593 rp.addr.type = cp->addr.type; 2594 2595 if (!bdaddr_type_is_valid(cp->addr.type)) 2596 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2597 MGMT_STATUS_INVALID_PARAMS, 2598 &rp, sizeof(rp)); 2599 2600 hci_dev_lock(hdev); 2601 2602 if (!test_bit(HCI_UP, &hdev->flags)) { 2603 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2604 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 2605 goto failed; 2606 } 2607 2608 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 2609 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2610 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2611 goto failed; 2612 } 2613 2614 if (cp->addr.type == BDADDR_BREDR) 2615 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2616 &cp->addr.bdaddr); 2617 else 2618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 2619 2620 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2621 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2622 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp)); 2623 goto failed; 2624 } 2625 2626 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2627 if (!cmd) { 2628 err = -ENOMEM; 2629 goto failed; 2630 } 2631 2632 dc.handle = cpu_to_le16(conn->handle); 2633 dc.reason = HCI_ERROR_REMOTE_USER_TERM; 2634 2635 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 2636 if (err < 0) 2637 mgmt_pending_remove(cmd); 2638 2639failed: 2640 hci_dev_unlock(hdev); 2641 return err; 2642} 2643 2644static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2645{ 2646 switch (link_type) { 2647 case LE_LINK: 2648 switch (addr_type) { 2649 case ADDR_LE_DEV_PUBLIC: 2650 return BDADDR_LE_PUBLIC; 2651 2652 default: 2653 /* Fallback to LE Random address type */ 2654 return BDADDR_LE_RANDOM; 2655 } 2656 2657 default: 2658 /* Fallback to BR/EDR type */ 2659 return BDADDR_BREDR; 2660 } 2661} 2662 2663static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2664 u16 data_len) 2665{ 2666 struct mgmt_rp_get_connections *rp; 2667 struct hci_conn *c; 2668 size_t rp_len; 2669 int err; 2670 u16 i; 2671 2672 BT_DBG(""); 2673 2674 hci_dev_lock(hdev); 2675 2676 if (!hdev_is_powered(hdev)) { 2677 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2678 MGMT_STATUS_NOT_POWERED); 2679 goto unlock; 2680 } 2681 2682 i = 0; 2683 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2684 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2685 i++; 2686 } 2687 2688 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2689 rp = kmalloc(rp_len, GFP_KERNEL); 2690 if (!rp) { 2691 err = -ENOMEM; 2692 goto unlock; 2693 } 2694 2695 i = 0; 2696 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2697 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2698 continue; 2699 bacpy(&rp->addr[i].bdaddr, &c->dst); 2700 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2701 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2702 continue; 2703 i++; 2704 } 2705 2706 rp->conn_count = cpu_to_le16(i); 2707 2708 /* Recalculate length in case of filtered SCO connections, etc */ 2709 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2710 2711 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2712 rp_len); 2713 2714 kfree(rp); 2715 2716unlock: 2717 hci_dev_unlock(hdev); 2718 return err; 2719} 2720 2721static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2722 struct mgmt_cp_pin_code_neg_reply *cp) 2723{ 2724 struct pending_cmd *cmd; 2725 int err; 2726 2727 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2728 sizeof(*cp)); 2729 if (!cmd) 2730 return -ENOMEM; 2731 2732 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2733 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2734 if (err < 0) 2735 mgmt_pending_remove(cmd); 2736 2737 return err; 2738} 2739 2740static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2741 u16 len) 2742{ 2743 struct hci_conn *conn; 2744 struct mgmt_cp_pin_code_reply *cp = data; 2745 struct hci_cp_pin_code_reply reply; 2746 struct pending_cmd *cmd; 2747 int err; 2748 2749 BT_DBG(""); 2750 2751 hci_dev_lock(hdev); 2752 2753 if (!hdev_is_powered(hdev)) { 2754 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2755 MGMT_STATUS_NOT_POWERED); 2756 goto failed; 2757 } 2758 2759 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2760 if (!conn) { 2761 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2762 MGMT_STATUS_NOT_CONNECTED); 2763 goto failed; 2764 } 2765 2766 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2767 struct mgmt_cp_pin_code_neg_reply ncp; 2768 2769 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2770 2771 BT_ERR("PIN code is not 16 bytes long"); 2772 2773 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2774 if (err >= 0) 2775 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2776 MGMT_STATUS_INVALID_PARAMS); 2777 2778 goto failed; 2779 } 2780 2781 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2782 if (!cmd) { 2783 err = -ENOMEM; 2784 goto failed; 2785 } 2786 2787 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2788 reply.pin_len = cp->pin_len; 2789 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2790 2791 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2792 if (err < 0) 2793 mgmt_pending_remove(cmd); 2794 2795failed: 2796 hci_dev_unlock(hdev); 2797 return err; 2798} 2799 2800static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2801 u16 len) 2802{ 2803 struct mgmt_cp_set_io_capability *cp = data; 2804 2805 BT_DBG(""); 2806 2807 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2808 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2809 MGMT_STATUS_INVALID_PARAMS, NULL, 0); 2810 2811 hci_dev_lock(hdev); 2812 2813 hdev->io_capability = cp->io_capability; 2814 2815 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2816 hdev->io_capability); 2817 2818 hci_dev_unlock(hdev); 2819 2820 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 2821 0); 2822} 2823 2824static struct pending_cmd *find_pairing(struct hci_conn *conn) 2825{ 2826 struct hci_dev *hdev = conn->hdev; 2827 struct pending_cmd *cmd; 2828 2829 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2830 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2831 continue; 2832 2833 if (cmd->user_data != conn) 2834 continue; 2835 2836 return cmd; 2837 } 2838 2839 return NULL; 2840} 2841 2842static void pairing_complete(struct pending_cmd *cmd, u8 status) 2843{ 2844 struct mgmt_rp_pair_device rp; 2845 struct hci_conn *conn = cmd->user_data; 2846 2847 bacpy(&rp.addr.bdaddr, &conn->dst); 2848 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2849 2850 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status, 2851 &rp, sizeof(rp)); 2852 2853 /* So we don't get further callbacks for this connection */ 2854 conn->connect_cfm_cb = NULL; 2855 conn->security_cfm_cb = NULL; 2856 conn->disconn_cfm_cb = NULL; 2857 2858 hci_conn_drop(conn); 2859 2860 mgmt_pending_remove(cmd); 2861} 2862 2863void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2864{ 2865 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2866 struct pending_cmd *cmd; 2867 2868 cmd = find_pairing(conn); 2869 if (cmd) 2870 pairing_complete(cmd, status); 2871} 2872 2873static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2874{ 2875 struct pending_cmd *cmd; 2876 2877 BT_DBG("status %u", status); 2878 2879 cmd = find_pairing(conn); 2880 if (!cmd) 2881 BT_DBG("Unable to find a pending command"); 2882 else 2883 pairing_complete(cmd, mgmt_status(status)); 2884} 2885 2886static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2887{ 2888 struct pending_cmd *cmd; 2889 2890 BT_DBG("status %u", status); 2891 2892 if (!status) 2893 return; 2894 2895 cmd = find_pairing(conn); 2896 if (!cmd) 2897 BT_DBG("Unable to find a pending command"); 2898 else 2899 pairing_complete(cmd, mgmt_status(status)); 2900} 2901 2902static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2903 u16 len) 2904{ 2905 struct mgmt_cp_pair_device *cp = data; 2906 struct mgmt_rp_pair_device rp; 2907 struct pending_cmd *cmd; 2908 u8 sec_level, auth_type; 2909 struct hci_conn *conn; 2910 int err; 2911 2912 BT_DBG(""); 2913 2914 memset(&rp, 0, sizeof(rp)); 2915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2916 rp.addr.type = cp->addr.type; 2917 2918 if (!bdaddr_type_is_valid(cp->addr.type)) 2919 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2920 MGMT_STATUS_INVALID_PARAMS, 2921 &rp, sizeof(rp)); 2922 2923 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2924 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2925 MGMT_STATUS_INVALID_PARAMS, 2926 &rp, sizeof(rp)); 2927 2928 hci_dev_lock(hdev); 2929 2930 if (!hdev_is_powered(hdev)) { 2931 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2932 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 2933 goto unlock; 2934 } 2935 2936 sec_level = BT_SECURITY_MEDIUM; 2937 auth_type = HCI_AT_DEDICATED_BONDING; 2938 2939 if (cp->addr.type == BDADDR_BREDR) { 2940 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2941 auth_type); 2942 } else { 2943 u8 addr_type; 2944 2945 /* Convert from L2CAP channel address type to HCI address type 2946 */ 2947 if (cp->addr.type == BDADDR_LE_PUBLIC) 2948 addr_type = ADDR_LE_DEV_PUBLIC; 2949 else 2950 addr_type = ADDR_LE_DEV_RANDOM; 2951 2952 /* When pairing a new device, it is expected to remember 2953 * this device for future connections. Adding the connection 2954 * parameter information ahead of time allows tracking 2955 * of the slave preferred values and will speed up any 2956 * further connection establishment. 2957 * 2958 * If connection parameters already exist, then they 2959 * will be kept and this function does nothing. 2960 */ 2961 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2962 2963 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type, 2964 sec_level, auth_type); 2965 } 2966 2967 if (IS_ERR(conn)) { 2968 int status; 2969 2970 if (PTR_ERR(conn) == -EBUSY) 2971 status = MGMT_STATUS_BUSY; 2972 else 2973 status = MGMT_STATUS_CONNECT_FAILED; 2974 2975 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2976 status, &rp, 2977 sizeof(rp)); 2978 goto unlock; 2979 } 2980 2981 if (conn->connect_cfm_cb) { 2982 hci_conn_drop(conn); 2983 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2984 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2985 goto unlock; 2986 } 2987 2988 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2989 if (!cmd) { 2990 err = -ENOMEM; 2991 hci_conn_drop(conn); 2992 goto unlock; 2993 } 2994 2995 /* For LE, just connecting isn't a proof that the pairing finished */ 2996 if (cp->addr.type == BDADDR_BREDR) { 2997 conn->connect_cfm_cb = pairing_complete_cb; 2998 conn->security_cfm_cb = pairing_complete_cb; 2999 conn->disconn_cfm_cb = pairing_complete_cb; 3000 } else { 3001 conn->connect_cfm_cb = le_pairing_complete_cb; 3002 conn->security_cfm_cb = le_pairing_complete_cb; 3003 conn->disconn_cfm_cb = le_pairing_complete_cb; 3004 } 3005 3006 conn->io_capability = cp->io_cap; 3007 cmd->user_data = conn; 3008 3009 if (conn->state == BT_CONNECTED && 3010 hci_conn_security(conn, sec_level, auth_type)) 3011 pairing_complete(cmd, 0); 3012 3013 err = 0; 3014 3015unlock: 3016 hci_dev_unlock(hdev); 3017 return err; 3018} 3019 3020static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3021 u16 len) 3022{ 3023 struct mgmt_addr_info *addr = data; 3024 struct pending_cmd *cmd; 3025 struct hci_conn *conn; 3026 int err; 3027 3028 BT_DBG(""); 3029 3030 hci_dev_lock(hdev); 3031 3032 if (!hdev_is_powered(hdev)) { 3033 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3034 MGMT_STATUS_NOT_POWERED); 3035 goto unlock; 3036 } 3037 3038 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3039 if (!cmd) { 3040 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3041 MGMT_STATUS_INVALID_PARAMS); 3042 goto unlock; 3043 } 3044 3045 conn = cmd->user_data; 3046 3047 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3048 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3049 MGMT_STATUS_INVALID_PARAMS); 3050 goto unlock; 3051 } 3052 3053 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 3054 3055 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3056 addr, sizeof(*addr)); 3057unlock: 3058 hci_dev_unlock(hdev); 3059 return err; 3060} 3061 3062static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3063 struct mgmt_addr_info *addr, u16 mgmt_op, 3064 u16 hci_op, __le32 passkey) 3065{ 3066 struct pending_cmd *cmd; 3067 struct hci_conn *conn; 3068 int err; 3069 3070 hci_dev_lock(hdev); 3071 3072 if (!hdev_is_powered(hdev)) { 3073 err = cmd_complete(sk, hdev->id, mgmt_op, 3074 MGMT_STATUS_NOT_POWERED, addr, 3075 sizeof(*addr)); 3076 goto done; 3077 } 3078 3079 if (addr->type == BDADDR_BREDR) 3080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3081 else 3082 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr); 3083 3084 if (!conn) { 3085 err = cmd_complete(sk, hdev->id, mgmt_op, 3086 MGMT_STATUS_NOT_CONNECTED, addr, 3087 sizeof(*addr)); 3088 goto done; 3089 } 3090 3091 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3092 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3093 if (!err) 3094 err = cmd_complete(sk, hdev->id, mgmt_op, 3095 MGMT_STATUS_SUCCESS, addr, 3096 sizeof(*addr)); 3097 else 3098 err = cmd_complete(sk, hdev->id, mgmt_op, 3099 MGMT_STATUS_FAILED, addr, 3100 sizeof(*addr)); 3101 3102 goto done; 3103 } 3104 3105 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3106 if (!cmd) { 3107 err = -ENOMEM; 3108 goto done; 3109 } 3110 3111 /* Continue with pairing via HCI */ 3112 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3113 struct hci_cp_user_passkey_reply cp; 3114 3115 bacpy(&cp.bdaddr, &addr->bdaddr); 3116 cp.passkey = passkey; 3117 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3118 } else 3119 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3120 &addr->bdaddr); 3121 3122 if (err < 0) 3123 mgmt_pending_remove(cmd); 3124 3125done: 3126 hci_dev_unlock(hdev); 3127 return err; 3128} 3129 3130static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3131 void *data, u16 len) 3132{ 3133 struct mgmt_cp_pin_code_neg_reply *cp = data; 3134 3135 BT_DBG(""); 3136 3137 return user_pairing_resp(sk, hdev, &cp->addr, 3138 MGMT_OP_PIN_CODE_NEG_REPLY, 3139 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3140} 3141 3142static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3143 u16 len) 3144{ 3145 struct mgmt_cp_user_confirm_reply *cp = data; 3146 3147 BT_DBG(""); 3148 3149 if (len != sizeof(*cp)) 3150 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3151 MGMT_STATUS_INVALID_PARAMS); 3152 3153 return user_pairing_resp(sk, hdev, &cp->addr, 3154 MGMT_OP_USER_CONFIRM_REPLY, 3155 HCI_OP_USER_CONFIRM_REPLY, 0); 3156} 3157 3158static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3159 void *data, u16 len) 3160{ 3161 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3162 3163 BT_DBG(""); 3164 3165 return user_pairing_resp(sk, hdev, &cp->addr, 3166 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3167 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3168} 3169 3170static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3171 u16 len) 3172{ 3173 struct mgmt_cp_user_passkey_reply *cp = data; 3174 3175 BT_DBG(""); 3176 3177 return user_pairing_resp(sk, hdev, &cp->addr, 3178 MGMT_OP_USER_PASSKEY_REPLY, 3179 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3180} 3181 3182static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3183 void *data, u16 len) 3184{ 3185 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3186 3187 BT_DBG(""); 3188 3189 return user_pairing_resp(sk, hdev, &cp->addr, 3190 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3191 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3192} 3193 3194static void update_name(struct hci_request *req) 3195{ 3196 struct hci_dev *hdev = req->hdev; 3197 struct hci_cp_write_local_name cp; 3198 3199 memcpy(cp.name, hdev->dev_name, sizeof(cp.name)); 3200 3201 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 3202} 3203 3204static void set_name_complete(struct hci_dev *hdev, u8 status) 3205{ 3206 struct mgmt_cp_set_local_name *cp; 3207 struct pending_cmd *cmd; 3208 3209 BT_DBG("status 0x%02x", status); 3210 3211 hci_dev_lock(hdev); 3212 3213 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3214 if (!cmd) 3215 goto unlock; 3216 3217 cp = cmd->param; 3218 3219 if (status) 3220 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3221 mgmt_status(status)); 3222 else 3223 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3224 cp, sizeof(*cp)); 3225 3226 mgmt_pending_remove(cmd); 3227 3228unlock: 3229 hci_dev_unlock(hdev); 3230} 3231 3232static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3233 u16 len) 3234{ 3235 struct mgmt_cp_set_local_name *cp = data; 3236 struct pending_cmd *cmd; 3237 struct hci_request req; 3238 int err; 3239 3240 BT_DBG(""); 3241 3242 hci_dev_lock(hdev); 3243 3244 /* If the old values are the same as the new ones just return a 3245 * direct command complete event. 3246 */ 3247 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3248 !memcmp(hdev->short_name, cp->short_name, 3249 sizeof(hdev->short_name))) { 3250 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3251 data, len); 3252 goto failed; 3253 } 3254 3255 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3256 3257 if (!hdev_is_powered(hdev)) { 3258 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3259 3260 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3261 data, len); 3262 if (err < 0) 3263 goto failed; 3264 3265 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len, 3266 sk); 3267 3268 goto failed; 3269 } 3270 3271 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3272 if (!cmd) { 3273 err = -ENOMEM; 3274 goto failed; 3275 } 3276 3277 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3278 3279 hci_req_init(&req, hdev); 3280 3281 if (lmp_bredr_capable(hdev)) { 3282 update_name(&req); 3283 update_eir(&req); 3284 } 3285 3286 /* The name is stored in the scan response data and so 3287 * no need to udpate the advertising data here. 3288 */ 3289 if (lmp_le_capable(hdev)) 3290 update_scan_rsp_data(&req); 3291 3292 err = hci_req_run(&req, set_name_complete); 3293 if (err < 0) 3294 mgmt_pending_remove(cmd); 3295 3296failed: 3297 hci_dev_unlock(hdev); 3298 return err; 3299} 3300 3301static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3302 void *data, u16 data_len) 3303{ 3304 struct pending_cmd *cmd; 3305 int err; 3306 3307 BT_DBG("%s", hdev->name); 3308 3309 hci_dev_lock(hdev); 3310 3311 if (!hdev_is_powered(hdev)) { 3312 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3313 MGMT_STATUS_NOT_POWERED); 3314 goto unlock; 3315 } 3316 3317 if (!lmp_ssp_capable(hdev)) { 3318 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3319 MGMT_STATUS_NOT_SUPPORTED); 3320 goto unlock; 3321 } 3322 3323 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3324 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3325 MGMT_STATUS_BUSY); 3326 goto unlock; 3327 } 3328 3329 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3330 if (!cmd) { 3331 err = -ENOMEM; 3332 goto unlock; 3333 } 3334 3335 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) 3336 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 3337 0, NULL); 3338 else 3339 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3340 3341 if (err < 0) 3342 mgmt_pending_remove(cmd); 3343 3344unlock: 3345 hci_dev_unlock(hdev); 3346 return err; 3347} 3348 3349static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3350 void *data, u16 len) 3351{ 3352 int err; 3353 3354 BT_DBG("%s ", hdev->name); 3355 3356 hci_dev_lock(hdev); 3357 3358 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3359 struct mgmt_cp_add_remote_oob_data *cp = data; 3360 u8 status; 3361 3362 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3363 cp->hash, cp->randomizer); 3364 if (err < 0) 3365 status = MGMT_STATUS_FAILED; 3366 else 3367 status = MGMT_STATUS_SUCCESS; 3368 3369 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3370 status, &cp->addr, sizeof(cp->addr)); 3371 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3372 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3373 u8 status; 3374 3375 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr, 3376 cp->hash192, 3377 cp->randomizer192, 3378 cp->hash256, 3379 cp->randomizer256); 3380 if (err < 0) 3381 status = MGMT_STATUS_FAILED; 3382 else 3383 status = MGMT_STATUS_SUCCESS; 3384 3385 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3386 status, &cp->addr, sizeof(cp->addr)); 3387 } else { 3388 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len); 3389 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3390 MGMT_STATUS_INVALID_PARAMS); 3391 } 3392 3393 hci_dev_unlock(hdev); 3394 return err; 3395} 3396 3397static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3398 void *data, u16 len) 3399{ 3400 struct mgmt_cp_remove_remote_oob_data *cp = data; 3401 u8 status; 3402 int err; 3403 3404 BT_DBG("%s", hdev->name); 3405 3406 hci_dev_lock(hdev); 3407 3408 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 3409 if (err < 0) 3410 status = MGMT_STATUS_INVALID_PARAMS; 3411 else 3412 status = MGMT_STATUS_SUCCESS; 3413 3414 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3415 status, &cp->addr, sizeof(cp->addr)); 3416 3417 hci_dev_unlock(hdev); 3418 return err; 3419} 3420 3421static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3422{ 3423 struct pending_cmd *cmd; 3424 u8 type; 3425 int err; 3426 3427 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3428 3429 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3430 if (!cmd) 3431 return -ENOENT; 3432 3433 type = hdev->discovery.type; 3434 3435 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3436 &type, sizeof(type)); 3437 mgmt_pending_remove(cmd); 3438 3439 return err; 3440} 3441 3442static void start_discovery_complete(struct hci_dev *hdev, u8 status) 3443{ 3444 unsigned long timeout = 0; 3445 3446 BT_DBG("status %d", status); 3447 3448 if (status) { 3449 hci_dev_lock(hdev); 3450 mgmt_start_discovery_failed(hdev, status); 3451 hci_dev_unlock(hdev); 3452 return; 3453 } 3454 3455 hci_dev_lock(hdev); 3456 hci_discovery_set_state(hdev, DISCOVERY_FINDING); 3457 hci_dev_unlock(hdev); 3458 3459 switch (hdev->discovery.type) { 3460 case DISCOV_TYPE_LE: 3461 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 3462 break; 3463 3464 case DISCOV_TYPE_INTERLEAVED: 3465 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 3466 break; 3467 3468 case DISCOV_TYPE_BREDR: 3469 break; 3470 3471 default: 3472 BT_ERR("Invalid discovery type %d", hdev->discovery.type); 3473 } 3474 3475 if (!timeout) 3476 return; 3477 3478 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout); 3479} 3480 3481static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3482 void *data, u16 len) 3483{ 3484 struct mgmt_cp_start_discovery *cp = data; 3485 struct pending_cmd *cmd; 3486 struct hci_cp_le_set_scan_param param_cp; 3487 struct hci_cp_le_set_scan_enable enable_cp; 3488 struct hci_cp_inquiry inq_cp; 3489 struct hci_request req; 3490 /* General inquiry access code (GIAC) */ 3491 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 3492 u8 status, own_addr_type; 3493 int err; 3494 3495 BT_DBG("%s", hdev->name); 3496 3497 hci_dev_lock(hdev); 3498 3499 if (!hdev_is_powered(hdev)) { 3500 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3501 MGMT_STATUS_NOT_POWERED); 3502 goto failed; 3503 } 3504 3505 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) { 3506 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3507 MGMT_STATUS_BUSY); 3508 goto failed; 3509 } 3510 3511 if (hdev->discovery.state != DISCOVERY_STOPPED) { 3512 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3513 MGMT_STATUS_BUSY); 3514 goto failed; 3515 } 3516 3517 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 3518 if (!cmd) { 3519 err = -ENOMEM; 3520 goto failed; 3521 } 3522 3523 hdev->discovery.type = cp->type; 3524 3525 hci_req_init(&req, hdev); 3526 3527 switch (hdev->discovery.type) { 3528 case DISCOV_TYPE_BREDR: 3529 status = mgmt_bredr_support(hdev); 3530 if (status) { 3531 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3532 status); 3533 mgmt_pending_remove(cmd); 3534 goto failed; 3535 } 3536 3537 if (test_bit(HCI_INQUIRY, &hdev->flags)) { 3538 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3539 MGMT_STATUS_BUSY); 3540 mgmt_pending_remove(cmd); 3541 goto failed; 3542 } 3543 3544 hci_inquiry_cache_flush(hdev); 3545 3546 memset(&inq_cp, 0, sizeof(inq_cp)); 3547 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap)); 3548 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN; 3549 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp); 3550 break; 3551 3552 case DISCOV_TYPE_LE: 3553 case DISCOV_TYPE_INTERLEAVED: 3554 status = mgmt_le_support(hdev); 3555 if (status) { 3556 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3557 status); 3558 mgmt_pending_remove(cmd); 3559 goto failed; 3560 } 3561 3562 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED && 3563 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 3564 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3565 MGMT_STATUS_NOT_SUPPORTED); 3566 mgmt_pending_remove(cmd); 3567 goto failed; 3568 } 3569 3570 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) { 3571 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3572 MGMT_STATUS_REJECTED); 3573 mgmt_pending_remove(cmd); 3574 goto failed; 3575 } 3576 3577 /* If controller is scanning, it means the background scanning 3578 * is running. Thus, we should temporarily stop it in order to 3579 * set the discovery scanning parameters. 3580 */ 3581 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) 3582 hci_req_add_le_scan_disable(&req); 3583 3584 memset(¶m_cp, 0, sizeof(param_cp)); 3585 3586 /* All active scans will be done with either a resolvable 3587 * private address (when privacy feature has been enabled) 3588 * or unresolvable private address. 3589 */ 3590 err = hci_update_random_address(&req, true, &own_addr_type); 3591 if (err < 0) { 3592 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3593 MGMT_STATUS_FAILED); 3594 mgmt_pending_remove(cmd); 3595 goto failed; 3596 } 3597 3598 param_cp.type = LE_SCAN_ACTIVE; 3599 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT); 3600 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); 3601 param_cp.own_address_type = own_addr_type; 3602 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 3603 ¶m_cp); 3604 3605 memset(&enable_cp, 0, sizeof(enable_cp)); 3606 enable_cp.enable = LE_SCAN_ENABLE; 3607 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 3608 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 3609 &enable_cp); 3610 break; 3611 3612 default: 3613 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3614 MGMT_STATUS_INVALID_PARAMS); 3615 mgmt_pending_remove(cmd); 3616 goto failed; 3617 } 3618 3619 err = hci_req_run(&req, start_discovery_complete); 3620 if (err < 0) 3621 mgmt_pending_remove(cmd); 3622 else 3623 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3624 3625failed: 3626 hci_dev_unlock(hdev); 3627 return err; 3628} 3629 3630static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 3631{ 3632 struct pending_cmd *cmd; 3633 int err; 3634 3635 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3636 if (!cmd) 3637 return -ENOENT; 3638 3639 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3640 &hdev->discovery.type, sizeof(hdev->discovery.type)); 3641 mgmt_pending_remove(cmd); 3642 3643 return err; 3644} 3645 3646static void stop_discovery_complete(struct hci_dev *hdev, u8 status) 3647{ 3648 BT_DBG("status %d", status); 3649 3650 hci_dev_lock(hdev); 3651 3652 if (status) { 3653 mgmt_stop_discovery_failed(hdev, status); 3654 goto unlock; 3655 } 3656 3657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3658 3659unlock: 3660 hci_dev_unlock(hdev); 3661} 3662 3663static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 3664 u16 len) 3665{ 3666 struct mgmt_cp_stop_discovery *mgmt_cp = data; 3667 struct pending_cmd *cmd; 3668 struct hci_request req; 3669 int err; 3670 3671 BT_DBG("%s", hdev->name); 3672 3673 hci_dev_lock(hdev); 3674 3675 if (!hci_discovery_active(hdev)) { 3676 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3677 MGMT_STATUS_REJECTED, &mgmt_cp->type, 3678 sizeof(mgmt_cp->type)); 3679 goto unlock; 3680 } 3681 3682 if (hdev->discovery.type != mgmt_cp->type) { 3683 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3684 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type, 3685 sizeof(mgmt_cp->type)); 3686 goto unlock; 3687 } 3688 3689 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 3690 if (!cmd) { 3691 err = -ENOMEM; 3692 goto unlock; 3693 } 3694 3695 hci_req_init(&req, hdev); 3696 3697 hci_stop_discovery(&req); 3698 3699 err = hci_req_run(&req, stop_discovery_complete); 3700 if (!err) { 3701 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 3702 goto unlock; 3703 } 3704 3705 mgmt_pending_remove(cmd); 3706 3707 /* If no HCI commands were sent we're done */ 3708 if (err == -ENODATA) { 3709 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0, 3710 &mgmt_cp->type, sizeof(mgmt_cp->type)); 3711 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3712 } 3713 3714unlock: 3715 hci_dev_unlock(hdev); 3716 return err; 3717} 3718 3719static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 3720 u16 len) 3721{ 3722 struct mgmt_cp_confirm_name *cp = data; 3723 struct inquiry_entry *e; 3724 int err; 3725 3726 BT_DBG("%s", hdev->name); 3727 3728 hci_dev_lock(hdev); 3729 3730 if (!hci_discovery_active(hdev)) { 3731 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3732 MGMT_STATUS_FAILED, &cp->addr, 3733 sizeof(cp->addr)); 3734 goto failed; 3735 } 3736 3737 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 3738 if (!e) { 3739 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3740 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 3741 sizeof(cp->addr)); 3742 goto failed; 3743 } 3744 3745 if (cp->name_known) { 3746 e->name_state = NAME_KNOWN; 3747 list_del(&e->list); 3748 } else { 3749 e->name_state = NAME_NEEDED; 3750 hci_inquiry_cache_update_resolve(hdev, e); 3751 } 3752 3753 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr, 3754 sizeof(cp->addr)); 3755 3756failed: 3757 hci_dev_unlock(hdev); 3758 return err; 3759} 3760 3761static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 3762 u16 len) 3763{ 3764 struct mgmt_cp_block_device *cp = data; 3765 u8 status; 3766 int err; 3767 3768 BT_DBG("%s", hdev->name); 3769 3770 if (!bdaddr_type_is_valid(cp->addr.type)) 3771 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 3772 MGMT_STATUS_INVALID_PARAMS, 3773 &cp->addr, sizeof(cp->addr)); 3774 3775 hci_dev_lock(hdev); 3776 3777 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type); 3778 if (err < 0) { 3779 status = MGMT_STATUS_FAILED; 3780 goto done; 3781 } 3782 3783 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3784 sk); 3785 status = MGMT_STATUS_SUCCESS; 3786 3787done: 3788 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 3789 &cp->addr, sizeof(cp->addr)); 3790 3791 hci_dev_unlock(hdev); 3792 3793 return err; 3794} 3795 3796static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 3797 u16 len) 3798{ 3799 struct mgmt_cp_unblock_device *cp = data; 3800 u8 status; 3801 int err; 3802 3803 BT_DBG("%s", hdev->name); 3804 3805 if (!bdaddr_type_is_valid(cp->addr.type)) 3806 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 3807 MGMT_STATUS_INVALID_PARAMS, 3808 &cp->addr, sizeof(cp->addr)); 3809 3810 hci_dev_lock(hdev); 3811 3812 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type); 3813 if (err < 0) { 3814 status = MGMT_STATUS_INVALID_PARAMS; 3815 goto done; 3816 } 3817 3818 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3819 sk); 3820 status = MGMT_STATUS_SUCCESS; 3821 3822done: 3823 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 3824 &cp->addr, sizeof(cp->addr)); 3825 3826 hci_dev_unlock(hdev); 3827 3828 return err; 3829} 3830 3831static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 3832 u16 len) 3833{ 3834 struct mgmt_cp_set_device_id *cp = data; 3835 struct hci_request req; 3836 int err; 3837 __u16 source; 3838 3839 BT_DBG("%s", hdev->name); 3840 3841 source = __le16_to_cpu(cp->source); 3842 3843 if (source > 0x0002) 3844 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 3845 MGMT_STATUS_INVALID_PARAMS); 3846 3847 hci_dev_lock(hdev); 3848 3849 hdev->devid_source = source; 3850 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 3851 hdev->devid_product = __le16_to_cpu(cp->product); 3852 hdev->devid_version = __le16_to_cpu(cp->version); 3853 3854 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0); 3855 3856 hci_req_init(&req, hdev); 3857 update_eir(&req); 3858 hci_req_run(&req, NULL); 3859 3860 hci_dev_unlock(hdev); 3861 3862 return err; 3863} 3864 3865static void set_advertising_complete(struct hci_dev *hdev, u8 status) 3866{ 3867 struct cmd_lookup match = { NULL, hdev }; 3868 3869 if (status) { 3870 u8 mgmt_err = mgmt_status(status); 3871 3872 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3873 cmd_status_rsp, &mgmt_err); 3874 return; 3875 } 3876 3877 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3878 &match); 3879 3880 new_settings(hdev, match.sk); 3881 3882 if (match.sk) 3883 sock_put(match.sk); 3884} 3885 3886static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 3887 u16 len) 3888{ 3889 struct mgmt_mode *cp = data; 3890 struct pending_cmd *cmd; 3891 struct hci_request req; 3892 u8 val, enabled, status; 3893 int err; 3894 3895 BT_DBG("request for %s", hdev->name); 3896 3897 status = mgmt_le_support(hdev); 3898 if (status) 3899 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3900 status); 3901 3902 if (cp->val != 0x00 && cp->val != 0x01) 3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3904 MGMT_STATUS_INVALID_PARAMS); 3905 3906 hci_dev_lock(hdev); 3907 3908 val = !!cp->val; 3909 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags); 3910 3911 /* The following conditions are ones which mean that we should 3912 * not do any HCI communication but directly send a mgmt 3913 * response to user space (after toggling the flag if 3914 * necessary). 3915 */ 3916 if (!hdev_is_powered(hdev) || val == enabled || 3917 hci_conn_num(hdev, LE_LINK) > 0) { 3918 bool changed = false; 3919 3920 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) { 3921 change_bit(HCI_ADVERTISING, &hdev->dev_flags); 3922 changed = true; 3923 } 3924 3925 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 3926 if (err < 0) 3927 goto unlock; 3928 3929 if (changed) 3930 err = new_settings(hdev, sk); 3931 3932 goto unlock; 3933 } 3934 3935 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 3936 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 3937 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3938 MGMT_STATUS_BUSY); 3939 goto unlock; 3940 } 3941 3942 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 3943 if (!cmd) { 3944 err = -ENOMEM; 3945 goto unlock; 3946 } 3947 3948 hci_req_init(&req, hdev); 3949 3950 if (val) 3951 enable_advertising(&req); 3952 else 3953 disable_advertising(&req); 3954 3955 err = hci_req_run(&req, set_advertising_complete); 3956 if (err < 0) 3957 mgmt_pending_remove(cmd); 3958 3959unlock: 3960 hci_dev_unlock(hdev); 3961 return err; 3962} 3963 3964static int set_static_address(struct sock *sk, struct hci_dev *hdev, 3965 void *data, u16 len) 3966{ 3967 struct mgmt_cp_set_static_address *cp = data; 3968 int err; 3969 3970 BT_DBG("%s", hdev->name); 3971 3972 if (!lmp_le_capable(hdev)) 3973 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3974 MGMT_STATUS_NOT_SUPPORTED); 3975 3976 if (hdev_is_powered(hdev)) 3977 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3978 MGMT_STATUS_REJECTED); 3979 3980 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 3981 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 3982 return cmd_status(sk, hdev->id, 3983 MGMT_OP_SET_STATIC_ADDRESS, 3984 MGMT_STATUS_INVALID_PARAMS); 3985 3986 /* Two most significant bits shall be set */ 3987 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 3988 return cmd_status(sk, hdev->id, 3989 MGMT_OP_SET_STATIC_ADDRESS, 3990 MGMT_STATUS_INVALID_PARAMS); 3991 } 3992 3993 hci_dev_lock(hdev); 3994 3995 bacpy(&hdev->static_addr, &cp->bdaddr); 3996 3997 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0); 3998 3999 hci_dev_unlock(hdev); 4000 4001 return err; 4002} 4003 4004static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 4005 void *data, u16 len) 4006{ 4007 struct mgmt_cp_set_scan_params *cp = data; 4008 __u16 interval, window; 4009 int err; 4010 4011 BT_DBG("%s", hdev->name); 4012 4013 if (!lmp_le_capable(hdev)) 4014 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4015 MGMT_STATUS_NOT_SUPPORTED); 4016 4017 interval = __le16_to_cpu(cp->interval); 4018 4019 if (interval < 0x0004 || interval > 0x4000) 4020 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4021 MGMT_STATUS_INVALID_PARAMS); 4022 4023 window = __le16_to_cpu(cp->window); 4024 4025 if (window < 0x0004 || window > 0x4000) 4026 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4027 MGMT_STATUS_INVALID_PARAMS); 4028 4029 if (window > interval) 4030 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 4031 MGMT_STATUS_INVALID_PARAMS); 4032 4033 hci_dev_lock(hdev); 4034 4035 hdev->le_scan_interval = interval; 4036 hdev->le_scan_window = window; 4037 4038 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0); 4039 4040 /* If background scan is running, restart it so new parameters are 4041 * loaded. 4042 */ 4043 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) && 4044 hdev->discovery.state == DISCOVERY_STOPPED) { 4045 struct hci_request req; 4046 4047 hci_req_init(&req, hdev); 4048 4049 hci_req_add_le_scan_disable(&req); 4050 hci_req_add_le_passive_scan(&req); 4051 4052 hci_req_run(&req, NULL); 4053 } 4054 4055 hci_dev_unlock(hdev); 4056 4057 return err; 4058} 4059 4060static void fast_connectable_complete(struct hci_dev *hdev, u8 status) 4061{ 4062 struct pending_cmd *cmd; 4063 4064 BT_DBG("status 0x%02x", status); 4065 4066 hci_dev_lock(hdev); 4067 4068 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4069 if (!cmd) 4070 goto unlock; 4071 4072 if (status) { 4073 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4074 mgmt_status(status)); 4075 } else { 4076 struct mgmt_mode *cp = cmd->param; 4077 4078 if (cp->val) 4079 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags); 4080 else 4081 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags); 4082 4083 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4084 new_settings(hdev, cmd->sk); 4085 } 4086 4087 mgmt_pending_remove(cmd); 4088 4089unlock: 4090 hci_dev_unlock(hdev); 4091} 4092 4093static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4094 void *data, u16 len) 4095{ 4096 struct mgmt_mode *cp = data; 4097 struct pending_cmd *cmd; 4098 struct hci_request req; 4099 int err; 4100 4101 BT_DBG("%s", hdev->name); 4102 4103 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) || 4104 hdev->hci_ver < BLUETOOTH_VER_1_2) 4105 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4106 MGMT_STATUS_NOT_SUPPORTED); 4107 4108 if (cp->val != 0x00 && cp->val != 0x01) 4109 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4110 MGMT_STATUS_INVALID_PARAMS); 4111 4112 if (!hdev_is_powered(hdev)) 4113 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4114 MGMT_STATUS_NOT_POWERED); 4115 4116 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 4117 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4118 MGMT_STATUS_REJECTED); 4119 4120 hci_dev_lock(hdev); 4121 4122 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4123 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4124 MGMT_STATUS_BUSY); 4125 goto unlock; 4126 } 4127 4128 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) { 4129 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4130 hdev); 4131 goto unlock; 4132 } 4133 4134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4135 data, len); 4136 if (!cmd) { 4137 err = -ENOMEM; 4138 goto unlock; 4139 } 4140 4141 hci_req_init(&req, hdev); 4142 4143 write_fast_connectable(&req, cp->val); 4144 4145 err = hci_req_run(&req, fast_connectable_complete); 4146 if (err < 0) { 4147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4148 MGMT_STATUS_FAILED); 4149 mgmt_pending_remove(cmd); 4150 } 4151 4152unlock: 4153 hci_dev_unlock(hdev); 4154 4155 return err; 4156} 4157 4158static void set_bredr_scan(struct hci_request *req) 4159{ 4160 struct hci_dev *hdev = req->hdev; 4161 u8 scan = 0; 4162 4163 /* Ensure that fast connectable is disabled. This function will 4164 * not do anything if the page scan parameters are already what 4165 * they should be. 4166 */ 4167 write_fast_connectable(req, false); 4168 4169 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 4170 scan |= SCAN_PAGE; 4171 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 4172 scan |= SCAN_INQUIRY; 4173 4174 if (scan) 4175 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 4176} 4177 4178static void set_bredr_complete(struct hci_dev *hdev, u8 status) 4179{ 4180 struct pending_cmd *cmd; 4181 4182 BT_DBG("status 0x%02x", status); 4183 4184 hci_dev_lock(hdev); 4185 4186 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev); 4187 if (!cmd) 4188 goto unlock; 4189 4190 if (status) { 4191 u8 mgmt_err = mgmt_status(status); 4192 4193 /* We need to restore the flag if related HCI commands 4194 * failed. 4195 */ 4196 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 4197 4198 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4199 } else { 4200 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4201 new_settings(hdev, cmd->sk); 4202 } 4203 4204 mgmt_pending_remove(cmd); 4205 4206unlock: 4207 hci_dev_unlock(hdev); 4208} 4209 4210static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4211{ 4212 struct mgmt_mode *cp = data; 4213 struct pending_cmd *cmd; 4214 struct hci_request req; 4215 int err; 4216 4217 BT_DBG("request for %s", hdev->name); 4218 4219 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4220 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4221 MGMT_STATUS_NOT_SUPPORTED); 4222 4223 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 4224 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4225 MGMT_STATUS_REJECTED); 4226 4227 if (cp->val != 0x00 && cp->val != 0x01) 4228 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4229 MGMT_STATUS_INVALID_PARAMS); 4230 4231 hci_dev_lock(hdev); 4232 4233 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 4234 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4235 goto unlock; 4236 } 4237 4238 if (!hdev_is_powered(hdev)) { 4239 if (!cp->val) { 4240 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 4241 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 4242 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 4243 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags); 4244 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 4245 } 4246 4247 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 4248 4249 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4250 if (err < 0) 4251 goto unlock; 4252 4253 err = new_settings(hdev, sk); 4254 goto unlock; 4255 } 4256 4257 /* Reject disabling when powered on */ 4258 if (!cp->val) { 4259 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4260 MGMT_STATUS_REJECTED); 4261 goto unlock; 4262 } 4263 4264 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) { 4265 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4266 MGMT_STATUS_BUSY); 4267 goto unlock; 4268 } 4269 4270 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4271 if (!cmd) { 4272 err = -ENOMEM; 4273 goto unlock; 4274 } 4275 4276 /* We need to flip the bit already here so that update_adv_data 4277 * generates the correct flags. 4278 */ 4279 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 4280 4281 hci_req_init(&req, hdev); 4282 4283 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 4284 set_bredr_scan(&req); 4285 4286 /* Since only the advertising data flags will change, there 4287 * is no need to update the scan response data. 4288 */ 4289 update_adv_data(&req); 4290 4291 err = hci_req_run(&req, set_bredr_complete); 4292 if (err < 0) 4293 mgmt_pending_remove(cmd); 4294 4295unlock: 4296 hci_dev_unlock(hdev); 4297 return err; 4298} 4299 4300static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4301 void *data, u16 len) 4302{ 4303 struct mgmt_mode *cp = data; 4304 struct pending_cmd *cmd; 4305 u8 val, status; 4306 int err; 4307 4308 BT_DBG("request for %s", hdev->name); 4309 4310 status = mgmt_bredr_support(hdev); 4311 if (status) 4312 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4313 status); 4314 4315 if (!lmp_sc_capable(hdev) && 4316 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) 4317 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4318 MGMT_STATUS_NOT_SUPPORTED); 4319 4320 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4321 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4322 MGMT_STATUS_INVALID_PARAMS); 4323 4324 hci_dev_lock(hdev); 4325 4326 if (!hdev_is_powered(hdev)) { 4327 bool changed; 4328 4329 if (cp->val) { 4330 changed = !test_and_set_bit(HCI_SC_ENABLED, 4331 &hdev->dev_flags); 4332 if (cp->val == 0x02) 4333 set_bit(HCI_SC_ONLY, &hdev->dev_flags); 4334 else 4335 clear_bit(HCI_SC_ONLY, &hdev->dev_flags); 4336 } else { 4337 changed = test_and_clear_bit(HCI_SC_ENABLED, 4338 &hdev->dev_flags); 4339 clear_bit(HCI_SC_ONLY, &hdev->dev_flags); 4340 } 4341 4342 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4343 if (err < 0) 4344 goto failed; 4345 4346 if (changed) 4347 err = new_settings(hdev, sk); 4348 4349 goto failed; 4350 } 4351 4352 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4353 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4354 MGMT_STATUS_BUSY); 4355 goto failed; 4356 } 4357 4358 val = !!cp->val; 4359 4360 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && 4361 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) { 4362 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4363 goto failed; 4364 } 4365 4366 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4367 if (!cmd) { 4368 err = -ENOMEM; 4369 goto failed; 4370 } 4371 4372 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4373 if (err < 0) { 4374 mgmt_pending_remove(cmd); 4375 goto failed; 4376 } 4377 4378 if (cp->val == 0x02) 4379 set_bit(HCI_SC_ONLY, &hdev->dev_flags); 4380 else 4381 clear_bit(HCI_SC_ONLY, &hdev->dev_flags); 4382 4383failed: 4384 hci_dev_unlock(hdev); 4385 return err; 4386} 4387 4388static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4389 void *data, u16 len) 4390{ 4391 struct mgmt_mode *cp = data; 4392 bool changed, use_changed; 4393 int err; 4394 4395 BT_DBG("request for %s", hdev->name); 4396 4397 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4398 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4399 MGMT_STATUS_INVALID_PARAMS); 4400 4401 hci_dev_lock(hdev); 4402 4403 if (cp->val) 4404 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS, 4405 &hdev->dev_flags); 4406 else 4407 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS, 4408 &hdev->dev_flags); 4409 4410 if (cp->val == 0x02) 4411 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS, 4412 &hdev->dev_flags); 4413 else 4414 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS, 4415 &hdev->dev_flags); 4416 4417 if (hdev_is_powered(hdev) && use_changed && 4418 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 4419 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4420 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4421 sizeof(mode), &mode); 4422 } 4423 4424 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4425 if (err < 0) 4426 goto unlock; 4427 4428 if (changed) 4429 err = new_settings(hdev, sk); 4430 4431unlock: 4432 hci_dev_unlock(hdev); 4433 return err; 4434} 4435 4436static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4437 u16 len) 4438{ 4439 struct mgmt_cp_set_privacy *cp = cp_data; 4440 bool changed; 4441 int err; 4442 4443 BT_DBG("request for %s", hdev->name); 4444 4445 if (!lmp_le_capable(hdev)) 4446 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4447 MGMT_STATUS_NOT_SUPPORTED); 4448 4449 if (cp->privacy != 0x00 && cp->privacy != 0x01) 4450 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4451 MGMT_STATUS_INVALID_PARAMS); 4452 4453 if (hdev_is_powered(hdev)) 4454 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4455 MGMT_STATUS_REJECTED); 4456 4457 hci_dev_lock(hdev); 4458 4459 /* If user space supports this command it is also expected to 4460 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4461 */ 4462 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags); 4463 4464 if (cp->privacy) { 4465 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags); 4466 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4467 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); 4468 } else { 4469 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags); 4470 memset(hdev->irk, 0, sizeof(hdev->irk)); 4471 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); 4472 } 4473 4474 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4475 if (err < 0) 4476 goto unlock; 4477 4478 if (changed) 4479 err = new_settings(hdev, sk); 4480 4481unlock: 4482 hci_dev_unlock(hdev); 4483 return err; 4484} 4485 4486static bool irk_is_valid(struct mgmt_irk_info *irk) 4487{ 4488 switch (irk->addr.type) { 4489 case BDADDR_LE_PUBLIC: 4490 return true; 4491 4492 case BDADDR_LE_RANDOM: 4493 /* Two most significant bits shall be set */ 4494 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4495 return false; 4496 return true; 4497 } 4498 4499 return false; 4500} 4501 4502static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4503 u16 len) 4504{ 4505 struct mgmt_cp_load_irks *cp = cp_data; 4506 u16 irk_count, expected_len; 4507 int i, err; 4508 4509 BT_DBG("request for %s", hdev->name); 4510 4511 if (!lmp_le_capable(hdev)) 4512 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4513 MGMT_STATUS_NOT_SUPPORTED); 4514 4515 irk_count = __le16_to_cpu(cp->irk_count); 4516 4517 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 4518 if (expected_len != len) { 4519 BT_ERR("load_irks: expected %u bytes, got %u bytes", 4520 expected_len, len); 4521 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4522 MGMT_STATUS_INVALID_PARAMS); 4523 } 4524 4525 BT_DBG("%s irk_count %u", hdev->name, irk_count); 4526 4527 for (i = 0; i < irk_count; i++) { 4528 struct mgmt_irk_info *key = &cp->irks[i]; 4529 4530 if (!irk_is_valid(key)) 4531 return cmd_status(sk, hdev->id, 4532 MGMT_OP_LOAD_IRKS, 4533 MGMT_STATUS_INVALID_PARAMS); 4534 } 4535 4536 hci_dev_lock(hdev); 4537 4538 hci_smp_irks_clear(hdev); 4539 4540 for (i = 0; i < irk_count; i++) { 4541 struct mgmt_irk_info *irk = &cp->irks[i]; 4542 u8 addr_type; 4543 4544 if (irk->addr.type == BDADDR_LE_PUBLIC) 4545 addr_type = ADDR_LE_DEV_PUBLIC; 4546 else 4547 addr_type = ADDR_LE_DEV_RANDOM; 4548 4549 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val, 4550 BDADDR_ANY); 4551 } 4552 4553 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags); 4554 4555 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 4556 4557 hci_dev_unlock(hdev); 4558 4559 return err; 4560} 4561 4562static bool ltk_is_valid(struct mgmt_ltk_info *key) 4563{ 4564 if (key->master != 0x00 && key->master != 0x01) 4565 return false; 4566 4567 switch (key->addr.type) { 4568 case BDADDR_LE_PUBLIC: 4569 return true; 4570 4571 case BDADDR_LE_RANDOM: 4572 /* Two most significant bits shall be set */ 4573 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4574 return false; 4575 return true; 4576 } 4577 4578 return false; 4579} 4580 4581static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 4582 void *cp_data, u16 len) 4583{ 4584 struct mgmt_cp_load_long_term_keys *cp = cp_data; 4585 u16 key_count, expected_len; 4586 int i, err; 4587 4588 BT_DBG("request for %s", hdev->name); 4589 4590 if (!lmp_le_capable(hdev)) 4591 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4592 MGMT_STATUS_NOT_SUPPORTED); 4593 4594 key_count = __le16_to_cpu(cp->key_count); 4595 4596 expected_len = sizeof(*cp) + key_count * 4597 sizeof(struct mgmt_ltk_info); 4598 if (expected_len != len) { 4599 BT_ERR("load_keys: expected %u bytes, got %u bytes", 4600 expected_len, len); 4601 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4602 MGMT_STATUS_INVALID_PARAMS); 4603 } 4604 4605 BT_DBG("%s key_count %u", hdev->name, key_count); 4606 4607 for (i = 0; i < key_count; i++) { 4608 struct mgmt_ltk_info *key = &cp->keys[i]; 4609 4610 if (!ltk_is_valid(key)) 4611 return cmd_status(sk, hdev->id, 4612 MGMT_OP_LOAD_LONG_TERM_KEYS, 4613 MGMT_STATUS_INVALID_PARAMS); 4614 } 4615 4616 hci_dev_lock(hdev); 4617 4618 hci_smp_ltks_clear(hdev); 4619 4620 for (i = 0; i < key_count; i++) { 4621 struct mgmt_ltk_info *key = &cp->keys[i]; 4622 u8 type, addr_type, authenticated; 4623 4624 if (key->addr.type == BDADDR_LE_PUBLIC) 4625 addr_type = ADDR_LE_DEV_PUBLIC; 4626 else 4627 addr_type = ADDR_LE_DEV_RANDOM; 4628 4629 if (key->master) 4630 type = SMP_LTK; 4631 else 4632 type = SMP_LTK_SLAVE; 4633 4634 switch (key->type) { 4635 case MGMT_LTK_UNAUTHENTICATED: 4636 authenticated = 0x00; 4637 break; 4638 case MGMT_LTK_AUTHENTICATED: 4639 authenticated = 0x01; 4640 break; 4641 default: 4642 continue; 4643 } 4644 4645 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type, 4646 authenticated, key->val, key->enc_size, key->ediv, 4647 key->rand); 4648 } 4649 4650 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 4651 NULL, 0); 4652 4653 hci_dev_unlock(hdev); 4654 4655 return err; 4656} 4657 4658struct cmd_conn_lookup { 4659 struct hci_conn *conn; 4660 bool valid_tx_power; 4661 u8 mgmt_status; 4662}; 4663 4664static void get_conn_info_complete(struct pending_cmd *cmd, void *data) 4665{ 4666 struct cmd_conn_lookup *match = data; 4667 struct mgmt_cp_get_conn_info *cp; 4668 struct mgmt_rp_get_conn_info rp; 4669 struct hci_conn *conn = cmd->user_data; 4670 4671 if (conn != match->conn) 4672 return; 4673 4674 cp = (struct mgmt_cp_get_conn_info *) cmd->param; 4675 4676 memset(&rp, 0, sizeof(rp)); 4677 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4678 rp.addr.type = cp->addr.type; 4679 4680 if (!match->mgmt_status) { 4681 rp.rssi = conn->rssi; 4682 4683 if (match->valid_tx_power) { 4684 rp.tx_power = conn->tx_power; 4685 rp.max_tx_power = conn->max_tx_power; 4686 } else { 4687 rp.tx_power = HCI_TX_POWER_INVALID; 4688 rp.max_tx_power = HCI_TX_POWER_INVALID; 4689 } 4690 } 4691 4692 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4693 match->mgmt_status, &rp, sizeof(rp)); 4694 4695 hci_conn_drop(conn); 4696 4697 mgmt_pending_remove(cmd); 4698} 4699 4700static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status) 4701{ 4702 struct hci_cp_read_rssi *cp; 4703 struct hci_conn *conn; 4704 struct cmd_conn_lookup match; 4705 u16 handle; 4706 4707 BT_DBG("status 0x%02x", status); 4708 4709 hci_dev_lock(hdev); 4710 4711 /* TX power data is valid in case request completed successfully, 4712 * otherwise we assume it's not valid. At the moment we assume that 4713 * either both or none of current and max values are valid to keep code 4714 * simple. 4715 */ 4716 match.valid_tx_power = !status; 4717 4718 /* Commands sent in request are either Read RSSI or Read Transmit Power 4719 * Level so we check which one was last sent to retrieve connection 4720 * handle. Both commands have handle as first parameter so it's safe to 4721 * cast data on the same command struct. 4722 * 4723 * First command sent is always Read RSSI and we fail only if it fails. 4724 * In other case we simply override error to indicate success as we 4725 * already remembered if TX power value is actually valid. 4726 */ 4727 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4728 if (!cp) { 4729 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4730 status = 0; 4731 } 4732 4733 if (!cp) { 4734 BT_ERR("invalid sent_cmd in response"); 4735 goto unlock; 4736 } 4737 4738 handle = __le16_to_cpu(cp->handle); 4739 conn = hci_conn_hash_lookup_handle(hdev, handle); 4740 if (!conn) { 4741 BT_ERR("unknown handle (%d) in response", handle); 4742 goto unlock; 4743 } 4744 4745 match.conn = conn; 4746 match.mgmt_status = mgmt_status(status); 4747 4748 /* Cache refresh is complete, now reply for mgmt request for given 4749 * connection only. 4750 */ 4751 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev, 4752 get_conn_info_complete, &match); 4753 4754unlock: 4755 hci_dev_unlock(hdev); 4756} 4757 4758static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4759 u16 len) 4760{ 4761 struct mgmt_cp_get_conn_info *cp = data; 4762 struct mgmt_rp_get_conn_info rp; 4763 struct hci_conn *conn; 4764 unsigned long conn_info_age; 4765 int err = 0; 4766 4767 BT_DBG("%s", hdev->name); 4768 4769 memset(&rp, 0, sizeof(rp)); 4770 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4771 rp.addr.type = cp->addr.type; 4772 4773 if (!bdaddr_type_is_valid(cp->addr.type)) 4774 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4775 MGMT_STATUS_INVALID_PARAMS, 4776 &rp, sizeof(rp)); 4777 4778 hci_dev_lock(hdev); 4779 4780 if (!hdev_is_powered(hdev)) { 4781 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4782 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 4783 goto unlock; 4784 } 4785 4786 if (cp->addr.type == BDADDR_BREDR) 4787 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4788 &cp->addr.bdaddr); 4789 else 4790 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4791 4792 if (!conn || conn->state != BT_CONNECTED) { 4793 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4794 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp)); 4795 goto unlock; 4796 } 4797 4798 /* To avoid client trying to guess when to poll again for information we 4799 * calculate conn info age as random value between min/max set in hdev. 4800 */ 4801 conn_info_age = hdev->conn_info_min_age + 4802 prandom_u32_max(hdev->conn_info_max_age - 4803 hdev->conn_info_min_age); 4804 4805 /* Query controller to refresh cached values if they are too old or were 4806 * never read. 4807 */ 4808 if (time_after(jiffies, conn->conn_info_timestamp + 4809 msecs_to_jiffies(conn_info_age)) || 4810 !conn->conn_info_timestamp) { 4811 struct hci_request req; 4812 struct hci_cp_read_tx_power req_txp_cp; 4813 struct hci_cp_read_rssi req_rssi_cp; 4814 struct pending_cmd *cmd; 4815 4816 hci_req_init(&req, hdev); 4817 req_rssi_cp.handle = cpu_to_le16(conn->handle); 4818 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4819 &req_rssi_cp); 4820 4821 /* For LE links TX power does not change thus we don't need to 4822 * query for it once value is known. 4823 */ 4824 if (!bdaddr_type_is_le(cp->addr.type) || 4825 conn->tx_power == HCI_TX_POWER_INVALID) { 4826 req_txp_cp.handle = cpu_to_le16(conn->handle); 4827 req_txp_cp.type = 0x00; 4828 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4829 sizeof(req_txp_cp), &req_txp_cp); 4830 } 4831 4832 /* Max TX power needs to be read only once per connection */ 4833 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4834 req_txp_cp.handle = cpu_to_le16(conn->handle); 4835 req_txp_cp.type = 0x01; 4836 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4837 sizeof(req_txp_cp), &req_txp_cp); 4838 } 4839 4840 err = hci_req_run(&req, conn_info_refresh_complete); 4841 if (err < 0) 4842 goto unlock; 4843 4844 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4845 data, len); 4846 if (!cmd) { 4847 err = -ENOMEM; 4848 goto unlock; 4849 } 4850 4851 hci_conn_hold(conn); 4852 cmd->user_data = conn; 4853 4854 conn->conn_info_timestamp = jiffies; 4855 } else { 4856 /* Cache is valid, just reply with values cached in hci_conn */ 4857 rp.rssi = conn->rssi; 4858 rp.tx_power = conn->tx_power; 4859 rp.max_tx_power = conn->max_tx_power; 4860 4861 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4862 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4863 } 4864 4865unlock: 4866 hci_dev_unlock(hdev); 4867 return err; 4868} 4869 4870static void get_clock_info_complete(struct hci_dev *hdev, u8 status) 4871{ 4872 struct mgmt_cp_get_clock_info *cp; 4873 struct mgmt_rp_get_clock_info rp; 4874 struct hci_cp_read_clock *hci_cp; 4875 struct pending_cmd *cmd; 4876 struct hci_conn *conn; 4877 4878 BT_DBG("%s status %u", hdev->name, status); 4879 4880 hci_dev_lock(hdev); 4881 4882 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 4883 if (!hci_cp) 4884 goto unlock; 4885 4886 if (hci_cp->which) { 4887 u16 handle = __le16_to_cpu(hci_cp->handle); 4888 conn = hci_conn_hash_lookup_handle(hdev, handle); 4889 } else { 4890 conn = NULL; 4891 } 4892 4893 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 4894 if (!cmd) 4895 goto unlock; 4896 4897 cp = cmd->param; 4898 4899 memset(&rp, 0, sizeof(rp)); 4900 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr)); 4901 4902 if (status) 4903 goto send_rsp; 4904 4905 rp.local_clock = cpu_to_le32(hdev->clock); 4906 4907 if (conn) { 4908 rp.piconet_clock = cpu_to_le32(conn->clock); 4909 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 4910 } 4911 4912send_rsp: 4913 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status), 4914 &rp, sizeof(rp)); 4915 mgmt_pending_remove(cmd); 4916 if (conn) 4917 hci_conn_drop(conn); 4918 4919unlock: 4920 hci_dev_unlock(hdev); 4921} 4922 4923static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 4924 u16 len) 4925{ 4926 struct mgmt_cp_get_clock_info *cp = data; 4927 struct mgmt_rp_get_clock_info rp; 4928 struct hci_cp_read_clock hci_cp; 4929 struct pending_cmd *cmd; 4930 struct hci_request req; 4931 struct hci_conn *conn; 4932 int err; 4933 4934 BT_DBG("%s", hdev->name); 4935 4936 memset(&rp, 0, sizeof(rp)); 4937 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4938 rp.addr.type = cp->addr.type; 4939 4940 if (cp->addr.type != BDADDR_BREDR) 4941 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4942 MGMT_STATUS_INVALID_PARAMS, 4943 &rp, sizeof(rp)); 4944 4945 hci_dev_lock(hdev); 4946 4947 if (!hdev_is_powered(hdev)) { 4948 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4949 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 4950 goto unlock; 4951 } 4952 4953 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 4954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4955 &cp->addr.bdaddr); 4956 if (!conn || conn->state != BT_CONNECTED) { 4957 err = cmd_complete(sk, hdev->id, 4958 MGMT_OP_GET_CLOCK_INFO, 4959 MGMT_STATUS_NOT_CONNECTED, 4960 &rp, sizeof(rp)); 4961 goto unlock; 4962 } 4963 } else { 4964 conn = NULL; 4965 } 4966 4967 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 4968 if (!cmd) { 4969 err = -ENOMEM; 4970 goto unlock; 4971 } 4972 4973 hci_req_init(&req, hdev); 4974 4975 memset(&hci_cp, 0, sizeof(hci_cp)); 4976 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4977 4978 if (conn) { 4979 hci_conn_hold(conn); 4980 cmd->user_data = conn; 4981 4982 hci_cp.handle = cpu_to_le16(conn->handle); 4983 hci_cp.which = 0x01; /* Piconet clock */ 4984 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4985 } 4986 4987 err = hci_req_run(&req, get_clock_info_complete); 4988 if (err < 0) 4989 mgmt_pending_remove(cmd); 4990 4991unlock: 4992 hci_dev_unlock(hdev); 4993 return err; 4994} 4995 4996static void device_added(struct sock *sk, struct hci_dev *hdev, 4997 bdaddr_t *bdaddr, u8 type, u8 action) 4998{ 4999 struct mgmt_ev_device_added ev; 5000 5001 bacpy(&ev.addr.bdaddr, bdaddr); 5002 ev.addr.type = type; 5003 ev.action = action; 5004 5005 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5006} 5007 5008static int add_device(struct sock *sk, struct hci_dev *hdev, 5009 void *data, u16 len) 5010{ 5011 struct mgmt_cp_add_device *cp = data; 5012 u8 auto_conn, addr_type; 5013 int err; 5014 5015 BT_DBG("%s", hdev->name); 5016 5017 if (!bdaddr_type_is_le(cp->addr.type) || 5018 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5019 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5020 MGMT_STATUS_INVALID_PARAMS, 5021 &cp->addr, sizeof(cp->addr)); 5022 5023 if (cp->action != 0x00 && cp->action != 0x01) 5024 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5025 MGMT_STATUS_INVALID_PARAMS, 5026 &cp->addr, sizeof(cp->addr)); 5027 5028 hci_dev_lock(hdev); 5029 5030 if (cp->addr.type == BDADDR_LE_PUBLIC) 5031 addr_type = ADDR_LE_DEV_PUBLIC; 5032 else 5033 addr_type = ADDR_LE_DEV_RANDOM; 5034 5035 if (cp->action) 5036 auto_conn = HCI_AUTO_CONN_ALWAYS; 5037 else 5038 auto_conn = HCI_AUTO_CONN_REPORT; 5039 5040 /* If the connection parameters don't exist for this device, 5041 * they will be created and configured with defaults. 5042 */ 5043 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5044 auto_conn) < 0) { 5045 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5046 MGMT_STATUS_FAILED, 5047 &cp->addr, sizeof(cp->addr)); 5048 goto unlock; 5049 } 5050 5051 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5052 5053 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5054 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr)); 5055 5056unlock: 5057 hci_dev_unlock(hdev); 5058 return err; 5059} 5060 5061static void device_removed(struct sock *sk, struct hci_dev *hdev, 5062 bdaddr_t *bdaddr, u8 type) 5063{ 5064 struct mgmt_ev_device_removed ev; 5065 5066 bacpy(&ev.addr.bdaddr, bdaddr); 5067 ev.addr.type = type; 5068 5069 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5070} 5071 5072static int remove_device(struct sock *sk, struct hci_dev *hdev, 5073 void *data, u16 len) 5074{ 5075 struct mgmt_cp_remove_device *cp = data; 5076 int err; 5077 5078 BT_DBG("%s", hdev->name); 5079 5080 hci_dev_lock(hdev); 5081 5082 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5083 struct hci_conn_params *params; 5084 u8 addr_type; 5085 5086 if (!bdaddr_type_is_le(cp->addr.type)) { 5087 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5088 MGMT_STATUS_INVALID_PARAMS, 5089 &cp->addr, sizeof(cp->addr)); 5090 goto unlock; 5091 } 5092 5093 if (cp->addr.type == BDADDR_LE_PUBLIC) 5094 addr_type = ADDR_LE_DEV_PUBLIC; 5095 else 5096 addr_type = ADDR_LE_DEV_RANDOM; 5097 5098 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5099 addr_type); 5100 if (!params) { 5101 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5102 MGMT_STATUS_INVALID_PARAMS, 5103 &cp->addr, sizeof(cp->addr)); 5104 goto unlock; 5105 } 5106 5107 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) { 5108 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5109 MGMT_STATUS_INVALID_PARAMS, 5110 &cp->addr, sizeof(cp->addr)); 5111 goto unlock; 5112 } 5113 5114 hci_pend_le_conn_del(hdev, &cp->addr.bdaddr, addr_type); 5115 list_del(¶ms->list); 5116 kfree(params); 5117 5118 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5119 } else { 5120 if (cp->addr.type) { 5121 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5122 MGMT_STATUS_INVALID_PARAMS, 5123 &cp->addr, sizeof(cp->addr)); 5124 goto unlock; 5125 } 5126 5127 hci_conn_params_clear_enabled(hdev); 5128 } 5129 5130 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5131 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr)); 5132 5133unlock: 5134 hci_dev_unlock(hdev); 5135 return err; 5136} 5137 5138static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5139 u16 len) 5140{ 5141 struct mgmt_cp_load_conn_param *cp = data; 5142 u16 param_count, expected_len; 5143 int i; 5144 5145 if (!lmp_le_capable(hdev)) 5146 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5147 MGMT_STATUS_NOT_SUPPORTED); 5148 5149 param_count = __le16_to_cpu(cp->param_count); 5150 5151 expected_len = sizeof(*cp) + param_count * 5152 sizeof(struct mgmt_conn_param); 5153 if (expected_len != len) { 5154 BT_ERR("load_conn_param: expected %u bytes, got %u bytes", 5155 expected_len, len); 5156 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5157 MGMT_STATUS_INVALID_PARAMS); 5158 } 5159 5160 BT_DBG("%s param_count %u", hdev->name, param_count); 5161 5162 hci_dev_lock(hdev); 5163 5164 hci_conn_params_clear_disabled(hdev); 5165 5166 for (i = 0; i < param_count; i++) { 5167 struct mgmt_conn_param *param = &cp->params[i]; 5168 struct hci_conn_params *hci_param; 5169 u16 min, max, latency, timeout; 5170 u8 addr_type; 5171 5172 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5173 param->addr.type); 5174 5175 if (param->addr.type == BDADDR_LE_PUBLIC) { 5176 addr_type = ADDR_LE_DEV_PUBLIC; 5177 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5178 addr_type = ADDR_LE_DEV_RANDOM; 5179 } else { 5180 BT_ERR("Ignoring invalid connection parameters"); 5181 continue; 5182 } 5183 5184 min = le16_to_cpu(param->min_interval); 5185 max = le16_to_cpu(param->max_interval); 5186 latency = le16_to_cpu(param->latency); 5187 timeout = le16_to_cpu(param->timeout); 5188 5189 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5190 min, max, latency, timeout); 5191 5192 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5193 BT_ERR("Ignoring invalid connection parameters"); 5194 continue; 5195 } 5196 5197 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5198 addr_type); 5199 if (!hci_param) { 5200 BT_ERR("Failed to add connection parameters"); 5201 continue; 5202 } 5203 5204 hci_param->conn_min_interval = min; 5205 hci_param->conn_max_interval = max; 5206 hci_param->conn_latency = latency; 5207 hci_param->supervision_timeout = timeout; 5208 } 5209 5210 hci_dev_unlock(hdev); 5211 5212 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0); 5213} 5214 5215static const struct mgmt_handler { 5216 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data, 5217 u16 data_len); 5218 bool var_len; 5219 size_t data_len; 5220} mgmt_handlers[] = { 5221 { NULL }, /* 0x0000 (no command) */ 5222 { read_version, false, MGMT_READ_VERSION_SIZE }, 5223 { read_commands, false, MGMT_READ_COMMANDS_SIZE }, 5224 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE }, 5225 { read_controller_info, false, MGMT_READ_INFO_SIZE }, 5226 { set_powered, false, MGMT_SETTING_SIZE }, 5227 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, 5228 { set_connectable, false, MGMT_SETTING_SIZE }, 5229 { set_fast_connectable, false, MGMT_SETTING_SIZE }, 5230 { set_pairable, false, MGMT_SETTING_SIZE }, 5231 { set_link_security, false, MGMT_SETTING_SIZE }, 5232 { set_ssp, false, MGMT_SETTING_SIZE }, 5233 { set_hs, false, MGMT_SETTING_SIZE }, 5234 { set_le, false, MGMT_SETTING_SIZE }, 5235 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE }, 5236 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE }, 5237 { add_uuid, false, MGMT_ADD_UUID_SIZE }, 5238 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE }, 5239 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE }, 5240 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE }, 5241 { disconnect, false, MGMT_DISCONNECT_SIZE }, 5242 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE }, 5243 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE }, 5244 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 5245 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE }, 5246 { pair_device, false, MGMT_PAIR_DEVICE_SIZE }, 5247 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 5248 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE }, 5249 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE }, 5250 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 5251 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, 5252 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 5253 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 5254 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, 5255 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 5256 { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, 5257 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, 5258 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE }, 5259 { block_device, false, MGMT_BLOCK_DEVICE_SIZE }, 5260 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE }, 5261 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE }, 5262 { set_advertising, false, MGMT_SETTING_SIZE }, 5263 { set_bredr, false, MGMT_SETTING_SIZE }, 5264 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE }, 5265 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE }, 5266 { set_secure_conn, false, MGMT_SETTING_SIZE }, 5267 { set_debug_keys, false, MGMT_SETTING_SIZE }, 5268 { set_privacy, false, MGMT_SET_PRIVACY_SIZE }, 5269 { load_irks, true, MGMT_LOAD_IRKS_SIZE }, 5270 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE }, 5271 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE }, 5272 { add_device, false, MGMT_ADD_DEVICE_SIZE }, 5273 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE }, 5274 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE }, 5275}; 5276 5277int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 5278{ 5279 void *buf; 5280 u8 *cp; 5281 struct mgmt_hdr *hdr; 5282 u16 opcode, index, len; 5283 struct hci_dev *hdev = NULL; 5284 const struct mgmt_handler *handler; 5285 int err; 5286 5287 BT_DBG("got %zu bytes", msglen); 5288 5289 if (msglen < sizeof(*hdr)) 5290 return -EINVAL; 5291 5292 buf = kmalloc(msglen, GFP_KERNEL); 5293 if (!buf) 5294 return -ENOMEM; 5295 5296 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 5297 err = -EFAULT; 5298 goto done; 5299 } 5300 5301 hdr = buf; 5302 opcode = __le16_to_cpu(hdr->opcode); 5303 index = __le16_to_cpu(hdr->index); 5304 len = __le16_to_cpu(hdr->len); 5305 5306 if (len != msglen - sizeof(*hdr)) { 5307 err = -EINVAL; 5308 goto done; 5309 } 5310 5311 if (index != MGMT_INDEX_NONE) { 5312 hdev = hci_dev_get(index); 5313 if (!hdev) { 5314 err = cmd_status(sk, index, opcode, 5315 MGMT_STATUS_INVALID_INDEX); 5316 goto done; 5317 } 5318 5319 if (test_bit(HCI_SETUP, &hdev->dev_flags) || 5320 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) || 5321 test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) { 5322 err = cmd_status(sk, index, opcode, 5323 MGMT_STATUS_INVALID_INDEX); 5324 goto done; 5325 } 5326 } 5327 5328 if (opcode >= ARRAY_SIZE(mgmt_handlers) || 5329 mgmt_handlers[opcode].func == NULL) { 5330 BT_DBG("Unknown op %u", opcode); 5331 err = cmd_status(sk, index, opcode, 5332 MGMT_STATUS_UNKNOWN_COMMAND); 5333 goto done; 5334 } 5335 5336 if ((hdev && opcode < MGMT_OP_READ_INFO) || 5337 (!hdev && opcode >= MGMT_OP_READ_INFO)) { 5338 err = cmd_status(sk, index, opcode, 5339 MGMT_STATUS_INVALID_INDEX); 5340 goto done; 5341 } 5342 5343 handler = &mgmt_handlers[opcode]; 5344 5345 if ((handler->var_len && len < handler->data_len) || 5346 (!handler->var_len && len != handler->data_len)) { 5347 err = cmd_status(sk, index, opcode, 5348 MGMT_STATUS_INVALID_PARAMS); 5349 goto done; 5350 } 5351 5352 if (hdev) 5353 mgmt_init_hdev(sk, hdev); 5354 5355 cp = buf + sizeof(*hdr); 5356 5357 err = handler->func(sk, hdev, cp, len); 5358 if (err < 0) 5359 goto done; 5360 5361 err = msglen; 5362 5363done: 5364 if (hdev) 5365 hci_dev_put(hdev); 5366 5367 kfree(buf); 5368 return err; 5369} 5370 5371void mgmt_index_added(struct hci_dev *hdev) 5372{ 5373 if (hdev->dev_type != HCI_BREDR) 5374 return; 5375 5376 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 5377} 5378 5379void mgmt_index_removed(struct hci_dev *hdev) 5380{ 5381 u8 status = MGMT_STATUS_INVALID_INDEX; 5382 5383 if (hdev->dev_type != HCI_BREDR) 5384 return; 5385 5386 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 5387 5388 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 5389} 5390 5391/* This function requires the caller holds hdev->lock */ 5392static void restart_le_auto_conns(struct hci_dev *hdev) 5393{ 5394 struct hci_conn_params *p; 5395 bool added = false; 5396 5397 list_for_each_entry(p, &hdev->le_conn_params, list) { 5398 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) { 5399 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type); 5400 added = true; 5401 } 5402 } 5403 5404 /* Calling hci_pend_le_conn_add will actually already trigger 5405 * background scanning when needed. So no need to trigger it 5406 * just another time. 5407 * 5408 * This check is here to avoid an unneeded restart of the 5409 * passive scanning. Since this is during the controller 5410 * power up phase the duplicate filtering is not an issue. 5411 */ 5412 if (added) 5413 return; 5414 5415 hci_update_background_scan(hdev); 5416} 5417 5418static void powered_complete(struct hci_dev *hdev, u8 status) 5419{ 5420 struct cmd_lookup match = { NULL, hdev }; 5421 5422 BT_DBG("status 0x%02x", status); 5423 5424 hci_dev_lock(hdev); 5425 5426 restart_le_auto_conns(hdev); 5427 5428 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 5429 5430 new_settings(hdev, match.sk); 5431 5432 hci_dev_unlock(hdev); 5433 5434 if (match.sk) 5435 sock_put(match.sk); 5436} 5437 5438static int powered_update_hci(struct hci_dev *hdev) 5439{ 5440 struct hci_request req; 5441 u8 link_sec; 5442 5443 hci_req_init(&req, hdev); 5444 5445 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) && 5446 !lmp_host_ssp_capable(hdev)) { 5447 u8 ssp = 1; 5448 5449 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp); 5450 } 5451 5452 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && 5453 lmp_bredr_capable(hdev)) { 5454 struct hci_cp_write_le_host_supported cp; 5455 5456 cp.le = 1; 5457 cp.simul = lmp_le_br_capable(hdev); 5458 5459 /* Check first if we already have the right 5460 * host state (host features set) 5461 */ 5462 if (cp.le != lmp_host_le_capable(hdev) || 5463 cp.simul != lmp_host_le_br_capable(hdev)) 5464 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, 5465 sizeof(cp), &cp); 5466 } 5467 5468 if (lmp_le_capable(hdev)) { 5469 /* Make sure the controller has a good default for 5470 * advertising data. This also applies to the case 5471 * where BR/EDR was toggled during the AUTO_OFF phase. 5472 */ 5473 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 5474 update_adv_data(&req); 5475 update_scan_rsp_data(&req); 5476 } 5477 5478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) 5479 enable_advertising(&req); 5480 } 5481 5482 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 5483 if (link_sec != test_bit(HCI_AUTH, &hdev->flags)) 5484 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE, 5485 sizeof(link_sec), &link_sec); 5486 5487 if (lmp_bredr_capable(hdev)) { 5488 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 5489 set_bredr_scan(&req); 5490 update_class(&req); 5491 update_name(&req); 5492 update_eir(&req); 5493 } 5494 5495 return hci_req_run(&req, powered_complete); 5496} 5497 5498int mgmt_powered(struct hci_dev *hdev, u8 powered) 5499{ 5500 struct cmd_lookup match = { NULL, hdev }; 5501 u8 status_not_powered = MGMT_STATUS_NOT_POWERED; 5502 u8 zero_cod[] = { 0, 0, 0 }; 5503 int err; 5504 5505 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 5506 return 0; 5507 5508 if (powered) { 5509 if (powered_update_hci(hdev) == 0) 5510 return 0; 5511 5512 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, 5513 &match); 5514 goto new_settings; 5515 } 5516 5517 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 5518 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered); 5519 5520 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 5521 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 5522 zero_cod, sizeof(zero_cod), NULL); 5523 5524new_settings: 5525 err = new_settings(hdev, match.sk); 5526 5527 if (match.sk) 5528 sock_put(match.sk); 5529 5530 return err; 5531} 5532 5533void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 5534{ 5535 struct pending_cmd *cmd; 5536 u8 status; 5537 5538 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); 5539 if (!cmd) 5540 return; 5541 5542 if (err == -ERFKILL) 5543 status = MGMT_STATUS_RFKILLED; 5544 else 5545 status = MGMT_STATUS_FAILED; 5546 5547 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 5548 5549 mgmt_pending_remove(cmd); 5550} 5551 5552void mgmt_discoverable_timeout(struct hci_dev *hdev) 5553{ 5554 struct hci_request req; 5555 5556 hci_dev_lock(hdev); 5557 5558 /* When discoverable timeout triggers, then just make sure 5559 * the limited discoverable flag is cleared. Even in the case 5560 * of a timeout triggered from general discoverable, it is 5561 * safe to unconditionally clear the flag. 5562 */ 5563 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 5564 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 5565 5566 hci_req_init(&req, hdev); 5567 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 5568 u8 scan = SCAN_PAGE; 5569 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 5570 sizeof(scan), &scan); 5571 } 5572 update_class(&req); 5573 update_adv_data(&req); 5574 hci_req_run(&req, NULL); 5575 5576 hdev->discov_timeout = 0; 5577 5578 new_settings(hdev, NULL); 5579 5580 hci_dev_unlock(hdev); 5581} 5582 5583void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 5584{ 5585 bool changed; 5586 5587 /* Nothing needed here if there's a pending command since that 5588 * commands request completion callback takes care of everything 5589 * necessary. 5590 */ 5591 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 5592 return; 5593 5594 /* Powering off may clear the scan mode - don't let that interfere */ 5595 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) 5596 return; 5597 5598 if (discoverable) { 5599 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 5600 } else { 5601 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags); 5602 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 5603 } 5604 5605 if (changed) { 5606 struct hci_request req; 5607 5608 /* In case this change in discoverable was triggered by 5609 * a disabling of connectable there could be a need to 5610 * update the advertising flags. 5611 */ 5612 hci_req_init(&req, hdev); 5613 update_adv_data(&req); 5614 hci_req_run(&req, NULL); 5615 5616 new_settings(hdev, NULL); 5617 } 5618} 5619 5620void mgmt_connectable(struct hci_dev *hdev, u8 connectable) 5621{ 5622 bool changed; 5623 5624 /* Nothing needed here if there's a pending command since that 5625 * commands request completion callback takes care of everything 5626 * necessary. 5627 */ 5628 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 5629 return; 5630 5631 /* Powering off may clear the scan mode - don't let that interfere */ 5632 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) 5633 return; 5634 5635 if (connectable) 5636 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 5637 else 5638 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 5639 5640 if (changed) 5641 new_settings(hdev, NULL); 5642} 5643 5644void mgmt_advertising(struct hci_dev *hdev, u8 advertising) 5645{ 5646 /* Powering off may stop advertising - don't let that interfere */ 5647 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) 5648 return; 5649 5650 if (advertising) 5651 set_bit(HCI_ADVERTISING, &hdev->dev_flags); 5652 else 5653 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 5654} 5655 5656void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 5657{ 5658 u8 mgmt_err = mgmt_status(status); 5659 5660 if (scan & SCAN_PAGE) 5661 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 5662 cmd_status_rsp, &mgmt_err); 5663 5664 if (scan & SCAN_INQUIRY) 5665 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 5666 cmd_status_rsp, &mgmt_err); 5667} 5668 5669void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 5670 bool persistent) 5671{ 5672 struct mgmt_ev_new_link_key ev; 5673 5674 memset(&ev, 0, sizeof(ev)); 5675 5676 ev.store_hint = persistent; 5677 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 5678 ev.key.addr.type = BDADDR_BREDR; 5679 ev.key.type = key->type; 5680 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 5681 ev.key.pin_len = key->pin_len; 5682 5683 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 5684} 5685 5686static u8 mgmt_ltk_type(struct smp_ltk *ltk) 5687{ 5688 if (ltk->authenticated) 5689 return MGMT_LTK_AUTHENTICATED; 5690 5691 return MGMT_LTK_UNAUTHENTICATED; 5692} 5693 5694void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 5695{ 5696 struct mgmt_ev_new_long_term_key ev; 5697 5698 memset(&ev, 0, sizeof(ev)); 5699 5700 /* Devices using resolvable or non-resolvable random addresses 5701 * without providing an indentity resolving key don't require 5702 * to store long term keys. Their addresses will change the 5703 * next time around. 5704 * 5705 * Only when a remote device provides an identity address 5706 * make sure the long term key is stored. If the remote 5707 * identity is known, the long term keys are internally 5708 * mapped to the identity address. So allow static random 5709 * and public addresses here. 5710 */ 5711 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 5712 (key->bdaddr.b[5] & 0xc0) != 0xc0) 5713 ev.store_hint = 0x00; 5714 else 5715 ev.store_hint = persistent; 5716 5717 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 5718 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 5719 ev.key.type = mgmt_ltk_type(key); 5720 ev.key.enc_size = key->enc_size; 5721 ev.key.ediv = key->ediv; 5722 ev.key.rand = key->rand; 5723 5724 if (key->type == SMP_LTK) 5725 ev.key.master = 1; 5726 5727 memcpy(ev.key.val, key->val, sizeof(key->val)); 5728 5729 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 5730} 5731 5732void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk) 5733{ 5734 struct mgmt_ev_new_irk ev; 5735 5736 memset(&ev, 0, sizeof(ev)); 5737 5738 /* For identity resolving keys from devices that are already 5739 * using a public address or static random address, do not 5740 * ask for storing this key. The identity resolving key really 5741 * is only mandatory for devices using resovlable random 5742 * addresses. 5743 * 5744 * Storing all identity resolving keys has the downside that 5745 * they will be also loaded on next boot of they system. More 5746 * identity resolving keys, means more time during scanning is 5747 * needed to actually resolve these addresses. 5748 */ 5749 if (bacmp(&irk->rpa, BDADDR_ANY)) 5750 ev.store_hint = 0x01; 5751 else 5752 ev.store_hint = 0x00; 5753 5754 bacpy(&ev.rpa, &irk->rpa); 5755 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 5756 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 5757 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 5758 5759 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 5760} 5761 5762void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 5763 bool persistent) 5764{ 5765 struct mgmt_ev_new_csrk ev; 5766 5767 memset(&ev, 0, sizeof(ev)); 5768 5769 /* Devices using resolvable or non-resolvable random addresses 5770 * without providing an indentity resolving key don't require 5771 * to store signature resolving keys. Their addresses will change 5772 * the next time around. 5773 * 5774 * Only when a remote device provides an identity address 5775 * make sure the signature resolving key is stored. So allow 5776 * static random and public addresses here. 5777 */ 5778 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 5779 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 5780 ev.store_hint = 0x00; 5781 else 5782 ev.store_hint = persistent; 5783 5784 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 5785 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 5786 ev.key.master = csrk->master; 5787 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 5788 5789 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 5790} 5791 5792void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 5793 u8 bdaddr_type, u16 min_interval, u16 max_interval, 5794 u16 latency, u16 timeout) 5795{ 5796 struct mgmt_ev_new_conn_param ev; 5797 5798 memset(&ev, 0, sizeof(ev)); 5799 bacpy(&ev.addr.bdaddr, bdaddr); 5800 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 5801 ev.store_hint = 0x00; 5802 ev.min_interval = cpu_to_le16(min_interval); 5803 ev.max_interval = cpu_to_le16(max_interval); 5804 ev.latency = cpu_to_le16(latency); 5805 ev.timeout = cpu_to_le16(timeout); 5806 5807 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 5808} 5809 5810static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, 5811 u8 data_len) 5812{ 5813 eir[eir_len++] = sizeof(type) + data_len; 5814 eir[eir_len++] = type; 5815 memcpy(&eir[eir_len], data, data_len); 5816 eir_len += data_len; 5817 5818 return eir_len; 5819} 5820 5821void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 5822 u8 addr_type, u32 flags, u8 *name, u8 name_len, 5823 u8 *dev_class) 5824{ 5825 char buf[512]; 5826 struct mgmt_ev_device_connected *ev = (void *) buf; 5827 u16 eir_len = 0; 5828 5829 bacpy(&ev->addr.bdaddr, bdaddr); 5830 ev->addr.type = link_to_bdaddr(link_type, addr_type); 5831 5832 ev->flags = __cpu_to_le32(flags); 5833 5834 if (name_len > 0) 5835 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 5836 name, name_len); 5837 5838 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 5839 eir_len = eir_append_data(ev->eir, eir_len, 5840 EIR_CLASS_OF_DEV, dev_class, 3); 5841 5842 ev->eir_len = cpu_to_le16(eir_len); 5843 5844 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 5845 sizeof(*ev) + eir_len, NULL); 5846} 5847 5848static void disconnect_rsp(struct pending_cmd *cmd, void *data) 5849{ 5850 struct mgmt_cp_disconnect *cp = cmd->param; 5851 struct sock **sk = data; 5852 struct mgmt_rp_disconnect rp; 5853 5854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5855 rp.addr.type = cp->addr.type; 5856 5857 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp, 5858 sizeof(rp)); 5859 5860 *sk = cmd->sk; 5861 sock_hold(*sk); 5862 5863 mgmt_pending_remove(cmd); 5864} 5865 5866static void unpair_device_rsp(struct pending_cmd *cmd, void *data) 5867{ 5868 struct hci_dev *hdev = data; 5869 struct mgmt_cp_unpair_device *cp = cmd->param; 5870 struct mgmt_rp_unpair_device rp; 5871 5872 memset(&rp, 0, sizeof(rp)); 5873 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5874 rp.addr.type = cp->addr.type; 5875 5876 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 5877 5878 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 5879 5880 mgmt_pending_remove(cmd); 5881} 5882 5883void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 5884 u8 link_type, u8 addr_type, u8 reason, 5885 bool mgmt_connected) 5886{ 5887 struct mgmt_ev_device_disconnected ev; 5888 struct pending_cmd *power_off; 5889 struct sock *sk = NULL; 5890 5891 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); 5892 if (power_off) { 5893 struct mgmt_mode *cp = power_off->param; 5894 5895 /* The connection is still in hci_conn_hash so test for 1 5896 * instead of 0 to know if this is the last one. 5897 */ 5898 if (!cp->val && hci_conn_count(hdev) == 1) { 5899 cancel_delayed_work(&hdev->power_off); 5900 queue_work(hdev->req_workqueue, &hdev->power_off.work); 5901 } 5902 } 5903 5904 if (!mgmt_connected) 5905 return; 5906 5907 if (link_type != ACL_LINK && link_type != LE_LINK) 5908 return; 5909 5910 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 5911 5912 bacpy(&ev.addr.bdaddr, bdaddr); 5913 ev.addr.type = link_to_bdaddr(link_type, addr_type); 5914 ev.reason = reason; 5915 5916 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 5917 5918 if (sk) 5919 sock_put(sk); 5920 5921 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 5922 hdev); 5923} 5924 5925void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 5926 u8 link_type, u8 addr_type, u8 status) 5927{ 5928 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 5929 struct mgmt_cp_disconnect *cp; 5930 struct mgmt_rp_disconnect rp; 5931 struct pending_cmd *cmd; 5932 5933 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 5934 hdev); 5935 5936 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 5937 if (!cmd) 5938 return; 5939 5940 cp = cmd->param; 5941 5942 if (bacmp(bdaddr, &cp->addr.bdaddr)) 5943 return; 5944 5945 if (cp->addr.type != bdaddr_type) 5946 return; 5947 5948 bacpy(&rp.addr.bdaddr, bdaddr); 5949 rp.addr.type = bdaddr_type; 5950 5951 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 5952 mgmt_status(status), &rp, sizeof(rp)); 5953 5954 mgmt_pending_remove(cmd); 5955} 5956 5957void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 5958 u8 addr_type, u8 status) 5959{ 5960 struct mgmt_ev_connect_failed ev; 5961 struct pending_cmd *power_off; 5962 5963 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); 5964 if (power_off) { 5965 struct mgmt_mode *cp = power_off->param; 5966 5967 /* The connection is still in hci_conn_hash so test for 1 5968 * instead of 0 to know if this is the last one. 5969 */ 5970 if (!cp->val && hci_conn_count(hdev) == 1) { 5971 cancel_delayed_work(&hdev->power_off); 5972 queue_work(hdev->req_workqueue, &hdev->power_off.work); 5973 } 5974 } 5975 5976 bacpy(&ev.addr.bdaddr, bdaddr); 5977 ev.addr.type = link_to_bdaddr(link_type, addr_type); 5978 ev.status = mgmt_status(status); 5979 5980 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 5981} 5982 5983void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 5984{ 5985 struct mgmt_ev_pin_code_request ev; 5986 5987 bacpy(&ev.addr.bdaddr, bdaddr); 5988 ev.addr.type = BDADDR_BREDR; 5989 ev.secure = secure; 5990 5991 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 5992} 5993 5994void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 5995 u8 status) 5996{ 5997 struct pending_cmd *cmd; 5998 struct mgmt_rp_pin_code_reply rp; 5999 6000 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 6001 if (!cmd) 6002 return; 6003 6004 bacpy(&rp.addr.bdaddr, bdaddr); 6005 rp.addr.type = BDADDR_BREDR; 6006 6007 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 6008 mgmt_status(status), &rp, sizeof(rp)); 6009 6010 mgmt_pending_remove(cmd); 6011} 6012 6013void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6014 u8 status) 6015{ 6016 struct pending_cmd *cmd; 6017 struct mgmt_rp_pin_code_reply rp; 6018 6019 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 6020 if (!cmd) 6021 return; 6022 6023 bacpy(&rp.addr.bdaddr, bdaddr); 6024 rp.addr.type = BDADDR_BREDR; 6025 6026 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 6027 mgmt_status(status), &rp, sizeof(rp)); 6028 6029 mgmt_pending_remove(cmd); 6030} 6031 6032int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6033 u8 link_type, u8 addr_type, u32 value, 6034 u8 confirm_hint) 6035{ 6036 struct mgmt_ev_user_confirm_request ev; 6037 6038 BT_DBG("%s", hdev->name); 6039 6040 bacpy(&ev.addr.bdaddr, bdaddr); 6041 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6042 ev.confirm_hint = confirm_hint; 6043 ev.value = cpu_to_le32(value); 6044 6045 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 6046 NULL); 6047} 6048 6049int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6050 u8 link_type, u8 addr_type) 6051{ 6052 struct mgmt_ev_user_passkey_request ev; 6053 6054 BT_DBG("%s", hdev->name); 6055 6056 bacpy(&ev.addr.bdaddr, bdaddr); 6057 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6058 6059 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 6060 NULL); 6061} 6062 6063static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6064 u8 link_type, u8 addr_type, u8 status, 6065 u8 opcode) 6066{ 6067 struct pending_cmd *cmd; 6068 struct mgmt_rp_user_confirm_reply rp; 6069 int err; 6070 6071 cmd = mgmt_pending_find(opcode, hdev); 6072 if (!cmd) 6073 return -ENOENT; 6074 6075 bacpy(&rp.addr.bdaddr, bdaddr); 6076 rp.addr.type = link_to_bdaddr(link_type, addr_type); 6077 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status), 6078 &rp, sizeof(rp)); 6079 6080 mgmt_pending_remove(cmd); 6081 6082 return err; 6083} 6084 6085int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6086 u8 link_type, u8 addr_type, u8 status) 6087{ 6088 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6089 status, MGMT_OP_USER_CONFIRM_REPLY); 6090} 6091 6092int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6093 u8 link_type, u8 addr_type, u8 status) 6094{ 6095 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6096 status, 6097 MGMT_OP_USER_CONFIRM_NEG_REPLY); 6098} 6099 6100int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6101 u8 link_type, u8 addr_type, u8 status) 6102{ 6103 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6104 status, MGMT_OP_USER_PASSKEY_REPLY); 6105} 6106 6107int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6108 u8 link_type, u8 addr_type, u8 status) 6109{ 6110 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6111 status, 6112 MGMT_OP_USER_PASSKEY_NEG_REPLY); 6113} 6114 6115int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 6116 u8 link_type, u8 addr_type, u32 passkey, 6117 u8 entered) 6118{ 6119 struct mgmt_ev_passkey_notify ev; 6120 6121 BT_DBG("%s", hdev->name); 6122 6123 bacpy(&ev.addr.bdaddr, bdaddr); 6124 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6125 ev.passkey = __cpu_to_le32(passkey); 6126 ev.entered = entered; 6127 6128 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 6129} 6130 6131void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6132 u8 addr_type, u8 status) 6133{ 6134 struct mgmt_ev_auth_failed ev; 6135 6136 bacpy(&ev.addr.bdaddr, bdaddr); 6137 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6138 ev.status = mgmt_status(status); 6139 6140 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 6141} 6142 6143void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 6144{ 6145 struct cmd_lookup match = { NULL, hdev }; 6146 bool changed; 6147 6148 if (status) { 6149 u8 mgmt_err = mgmt_status(status); 6150 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 6151 cmd_status_rsp, &mgmt_err); 6152 return; 6153 } 6154 6155 if (test_bit(HCI_AUTH, &hdev->flags)) 6156 changed = !test_and_set_bit(HCI_LINK_SECURITY, 6157 &hdev->dev_flags); 6158 else 6159 changed = test_and_clear_bit(HCI_LINK_SECURITY, 6160 &hdev->dev_flags); 6161 6162 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 6163 &match); 6164 6165 if (changed) 6166 new_settings(hdev, match.sk); 6167 6168 if (match.sk) 6169 sock_put(match.sk); 6170} 6171 6172static void clear_eir(struct hci_request *req) 6173{ 6174 struct hci_dev *hdev = req->hdev; 6175 struct hci_cp_write_eir cp; 6176 6177 if (!lmp_ext_inq_capable(hdev)) 6178 return; 6179 6180 memset(hdev->eir, 0, sizeof(hdev->eir)); 6181 6182 memset(&cp, 0, sizeof(cp)); 6183 6184 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 6185} 6186 6187void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 6188{ 6189 struct cmd_lookup match = { NULL, hdev }; 6190 struct hci_request req; 6191 bool changed = false; 6192 6193 if (status) { 6194 u8 mgmt_err = mgmt_status(status); 6195 6196 if (enable && test_and_clear_bit(HCI_SSP_ENABLED, 6197 &hdev->dev_flags)) { 6198 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 6199 new_settings(hdev, NULL); 6200 } 6201 6202 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 6203 &mgmt_err); 6204 return; 6205 } 6206 6207 if (enable) { 6208 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 6209 } else { 6210 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 6211 if (!changed) 6212 changed = test_and_clear_bit(HCI_HS_ENABLED, 6213 &hdev->dev_flags); 6214 else 6215 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 6216 } 6217 6218 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 6219 6220 if (changed) 6221 new_settings(hdev, match.sk); 6222 6223 if (match.sk) 6224 sock_put(match.sk); 6225 6226 hci_req_init(&req, hdev); 6227 6228 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 6229 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags)) 6230 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 6231 sizeof(enable), &enable); 6232 update_eir(&req); 6233 } else { 6234 clear_eir(&req); 6235 } 6236 6237 hci_req_run(&req, NULL); 6238} 6239 6240void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 6241{ 6242 struct cmd_lookup match = { NULL, hdev }; 6243 bool changed = false; 6244 6245 if (status) { 6246 u8 mgmt_err = mgmt_status(status); 6247 6248 if (enable) { 6249 if (test_and_clear_bit(HCI_SC_ENABLED, 6250 &hdev->dev_flags)) 6251 new_settings(hdev, NULL); 6252 clear_bit(HCI_SC_ONLY, &hdev->dev_flags); 6253 } 6254 6255 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev, 6256 cmd_status_rsp, &mgmt_err); 6257 return; 6258 } 6259 6260 if (enable) { 6261 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags); 6262 } else { 6263 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); 6264 clear_bit(HCI_SC_ONLY, &hdev->dev_flags); 6265 } 6266 6267 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev, 6268 settings_rsp, &match); 6269 6270 if (changed) 6271 new_settings(hdev, match.sk); 6272 6273 if (match.sk) 6274 sock_put(match.sk); 6275} 6276 6277static void sk_lookup(struct pending_cmd *cmd, void *data) 6278{ 6279 struct cmd_lookup *match = data; 6280 6281 if (match->sk == NULL) { 6282 match->sk = cmd->sk; 6283 sock_hold(match->sk); 6284 } 6285} 6286 6287void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 6288 u8 status) 6289{ 6290 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 6291 6292 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 6293 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 6294 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 6295 6296 if (!status) 6297 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3, 6298 NULL); 6299 6300 if (match.sk) 6301 sock_put(match.sk); 6302} 6303 6304void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 6305{ 6306 struct mgmt_cp_set_local_name ev; 6307 struct pending_cmd *cmd; 6308 6309 if (status) 6310 return; 6311 6312 memset(&ev, 0, sizeof(ev)); 6313 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 6314 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 6315 6316 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 6317 if (!cmd) { 6318 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 6319 6320 /* If this is a HCI command related to powering on the 6321 * HCI dev don't send any mgmt signals. 6322 */ 6323 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) 6324 return; 6325 } 6326 6327 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 6328 cmd ? cmd->sk : NULL); 6329} 6330 6331void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192, 6332 u8 *randomizer192, u8 *hash256, 6333 u8 *randomizer256, u8 status) 6334{ 6335 struct pending_cmd *cmd; 6336 6337 BT_DBG("%s status %u", hdev->name, status); 6338 6339 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 6340 if (!cmd) 6341 return; 6342 6343 if (status) { 6344 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 6345 mgmt_status(status)); 6346 } else { 6347 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && 6348 hash256 && randomizer256) { 6349 struct mgmt_rp_read_local_oob_ext_data rp; 6350 6351 memcpy(rp.hash192, hash192, sizeof(rp.hash192)); 6352 memcpy(rp.randomizer192, randomizer192, 6353 sizeof(rp.randomizer192)); 6354 6355 memcpy(rp.hash256, hash256, sizeof(rp.hash256)); 6356 memcpy(rp.randomizer256, randomizer256, 6357 sizeof(rp.randomizer256)); 6358 6359 cmd_complete(cmd->sk, hdev->id, 6360 MGMT_OP_READ_LOCAL_OOB_DATA, 0, 6361 &rp, sizeof(rp)); 6362 } else { 6363 struct mgmt_rp_read_local_oob_data rp; 6364 6365 memcpy(rp.hash, hash192, sizeof(rp.hash)); 6366 memcpy(rp.randomizer, randomizer192, 6367 sizeof(rp.randomizer)); 6368 6369 cmd_complete(cmd->sk, hdev->id, 6370 MGMT_OP_READ_LOCAL_OOB_DATA, 0, 6371 &rp, sizeof(rp)); 6372 } 6373 } 6374 6375 mgmt_pending_remove(cmd); 6376} 6377 6378void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6379 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 6380 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 6381{ 6382 char buf[512]; 6383 struct mgmt_ev_device_found *ev = (void *) buf; 6384 struct smp_irk *irk; 6385 size_t ev_size; 6386 6387 if (!hci_discovery_active(hdev)) 6388 return; 6389 6390 /* Make sure that the buffer is big enough. The 5 extra bytes 6391 * are for the potential CoD field. 6392 */ 6393 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 6394 return; 6395 6396 memset(buf, 0, sizeof(buf)); 6397 6398 irk = hci_get_irk(hdev, bdaddr, addr_type); 6399 if (irk) { 6400 bacpy(&ev->addr.bdaddr, &irk->bdaddr); 6401 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type); 6402 } else { 6403 bacpy(&ev->addr.bdaddr, bdaddr); 6404 ev->addr.type = link_to_bdaddr(link_type, addr_type); 6405 } 6406 6407 ev->rssi = rssi; 6408 ev->flags = cpu_to_le32(flags); 6409 6410 if (eir_len > 0) 6411 memcpy(ev->eir, eir, eir_len); 6412 6413 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 6414 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 6415 dev_class, 3); 6416 6417 if (scan_rsp_len > 0) 6418 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 6419 6420 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 6421 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 6422 6423 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 6424} 6425 6426void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6427 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 6428{ 6429 struct mgmt_ev_device_found *ev; 6430 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 6431 u16 eir_len; 6432 6433 ev = (struct mgmt_ev_device_found *) buf; 6434 6435 memset(buf, 0, sizeof(buf)); 6436 6437 bacpy(&ev->addr.bdaddr, bdaddr); 6438 ev->addr.type = link_to_bdaddr(link_type, addr_type); 6439 ev->rssi = rssi; 6440 6441 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 6442 name_len); 6443 6444 ev->eir_len = cpu_to_le16(eir_len); 6445 6446 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 6447} 6448 6449void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 6450{ 6451 struct mgmt_ev_discovering ev; 6452 struct pending_cmd *cmd; 6453 6454 BT_DBG("%s discovering %u", hdev->name, discovering); 6455 6456 if (discovering) 6457 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 6458 else 6459 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 6460 6461 if (cmd != NULL) { 6462 u8 type = hdev->discovery.type; 6463 6464 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type, 6465 sizeof(type)); 6466 mgmt_pending_remove(cmd); 6467 } 6468 6469 memset(&ev, 0, sizeof(ev)); 6470 ev.type = hdev->discovery.type; 6471 ev.discovering = discovering; 6472 6473 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 6474} 6475 6476static void adv_enable_complete(struct hci_dev *hdev, u8 status) 6477{ 6478 BT_DBG("%s status %u", hdev->name, status); 6479 6480 /* Clear the advertising mgmt setting if we failed to re-enable it */ 6481 if (status) { 6482 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 6483 new_settings(hdev, NULL); 6484 } 6485} 6486 6487void mgmt_reenable_advertising(struct hci_dev *hdev) 6488{ 6489 struct hci_request req; 6490 6491 if (hci_conn_num(hdev, LE_LINK) > 0) 6492 return; 6493 6494 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags)) 6495 return; 6496 6497 hci_req_init(&req, hdev); 6498 enable_advertising(&req); 6499 6500 /* If this fails we have no option but to let user space know 6501 * that we've disabled advertising. 6502 */ 6503 if (hci_req_run(&req, adv_enable_complete) < 0) { 6504 clear_bit(HCI_ADVERTISING, &hdev->dev_flags); 6505 new_settings(hdev, NULL); 6506 } 6507} 6508