1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 14
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147};
148
149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170};
171
172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND,
181 MGMT_STATUS_NOT_CONNECTED,
182 MGMT_STATUS_FAILED,
183 MGMT_STATUS_CONNECT_FAILED,
184 MGMT_STATUS_AUTH_FAILED,
185 MGMT_STATUS_AUTH_FAILED,
186 MGMT_STATUS_NO_RESOURCES,
187 MGMT_STATUS_TIMEOUT,
188 MGMT_STATUS_NO_RESOURCES,
189 MGMT_STATUS_NO_RESOURCES,
190 MGMT_STATUS_ALREADY_CONNECTED,
191 MGMT_STATUS_BUSY,
192 MGMT_STATUS_NO_RESOURCES,
193 MGMT_STATUS_REJECTED,
194 MGMT_STATUS_REJECTED,
195 MGMT_STATUS_TIMEOUT,
196 MGMT_STATUS_NOT_SUPPORTED,
197 MGMT_STATUS_INVALID_PARAMS,
198 MGMT_STATUS_DISCONNECTED,
199 MGMT_STATUS_NO_RESOURCES,
200 MGMT_STATUS_DISCONNECTED,
201 MGMT_STATUS_DISCONNECTED,
202 MGMT_STATUS_BUSY,
203 MGMT_STATUS_REJECTED,
204 MGMT_STATUS_FAILED,
205 MGMT_STATUS_NOT_SUPPORTED,
206 MGMT_STATUS_REJECTED,
207 MGMT_STATUS_REJECTED,
208 MGMT_STATUS_REJECTED,
209 MGMT_STATUS_INVALID_PARAMS,
210 MGMT_STATUS_FAILED,
211 MGMT_STATUS_NOT_SUPPORTED,
212 MGMT_STATUS_FAILED,
213 MGMT_STATUS_TIMEOUT,
214 MGMT_STATUS_FAILED,
215 MGMT_STATUS_FAILED,
216 MGMT_STATUS_REJECTED,
217 MGMT_STATUS_FAILED,
218 MGMT_STATUS_NOT_SUPPORTED,
219 MGMT_STATUS_TIMEOUT,
220 MGMT_STATUS_NOT_SUPPORTED,
221 MGMT_STATUS_FAILED,
222 MGMT_STATUS_INVALID_PARAMS,
223 MGMT_STATUS_REJECTED,
224 MGMT_STATUS_NOT_SUPPORTED,
225 MGMT_STATUS_REJECTED,
226 MGMT_STATUS_INVALID_PARAMS,
227 MGMT_STATUS_BUSY,
228 MGMT_STATUS_FAILED,
229 MGMT_STATUS_FAILED,
230 MGMT_STATUS_INVALID_PARAMS,
231 MGMT_STATUS_NOT_SUPPORTED,
232 MGMT_STATUS_BUSY,
233 MGMT_STATUS_REJECTED,
234 MGMT_STATUS_BUSY,
235 MGMT_STATUS_INVALID_PARAMS,
236 MGMT_STATUS_TIMEOUT,
237 MGMT_STATUS_AUTH_FAILED,
238 MGMT_STATUS_CONNECT_FAILED,
239 MGMT_STATUS_CONNECT_FAILED,
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255}
256
257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269}
270
271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298}
299
300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302{
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350}
351
352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354{
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386
387
388
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410}
411
412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446
447
448
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470}
471
472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
488 count++;
489 }
490
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) {
494 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM;
496 }
497
498 count = 0;
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 continue;
504
505
506
507
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 continue;
510
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
514 else
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
518 } else {
519 continue;
520 }
521
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
525 }
526
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529
530 read_unlock(&hci_dev_list_lock);
531
532
533
534
535
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
542
543 kfree(rp);
544
545 return err;
546}
547
548static bool is_configured(struct hci_dev *hdev)
549{
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 return false;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559}
560
561static __le32 get_missing_options(struct hci_dev *hdev)
562{
563 u32 options = 0;
564
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582}
583
584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590}
591
592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618}
619
620static u32 get_supported_settings(struct hci_dev *hdev)
621{
622 u32 settings = 0;
623
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
629
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
635
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
639 }
640
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
643 }
644
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
651 }
652
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
654 hdev->set_bdaddr)
655 settings |= MGMT_SETTING_CONFIGURATION;
656
657 return settings;
658}
659
660static u32 get_current_settings(struct hci_dev *hdev)
661{
662 u32 settings = 0;
663
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
666
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
669
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
672
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
675
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
678
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
681
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
684
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
687
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
690
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
693
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
696
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
699
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
702
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
705
706
707
708
709
710
711
712
713
714
715
716
717
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 }
724
725 return settings;
726}
727
728static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
729{
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
731}
732
733static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
735 const void *data)
736{
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
738}
739
740u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
741{
742 struct mgmt_pending_cmd *cmd;
743
744
745
746
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
748 if (cmd) {
749 struct mgmt_mode *cp = cmd->param;
750 if (cp->val == 0x01)
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
754 } else {
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
759 }
760
761 return 0;
762}
763
764bool mgmt_get_connectable(struct hci_dev *hdev)
765{
766 struct mgmt_pending_cmd *cmd;
767
768
769
770
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
772 if (cmd) {
773 struct mgmt_mode *cp = cmd->param;
774
775 return cp->val;
776 }
777
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
779}
780
781static void service_cache_off(struct work_struct *work)
782{
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
784 service_cache.work);
785 struct hci_request req;
786
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
788 return;
789
790 hci_req_init(&req, hdev);
791
792 hci_dev_lock(hdev);
793
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
796
797 hci_dev_unlock(hdev);
798
799 hci_req_run(&req, NULL);
800}
801
802static void rpa_expired(struct work_struct *work)
803{
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
805 rpa_expired.work);
806 struct hci_request req;
807
808 BT_DBG("");
809
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
811
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
813 return;
814
815
816
817
818
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
822}
823
824static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
825{
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
827 return;
828
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
831
832
833
834
835
836
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
838}
839
840static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
842{
843 struct mgmt_rp_read_info rp;
844
845 BT_DBG("sock %p %s", sk, hdev->name);
846
847 hci_dev_lock(hdev);
848
849 memset(&rp, 0, sizeof(rp));
850
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
852
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
855
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
858
859 memcpy(rp.dev_class, hdev->dev_class, 3);
860
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
863
864 hci_dev_unlock(hdev);
865
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
867 sizeof(rp));
868}
869
870static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
871{
872 u16 eir_len = 0;
873 size_t name_len;
874
875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
877 hdev->dev_class, 3);
878
879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
881 hdev->appearance);
882
883 name_len = strlen(hdev->dev_name);
884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
885 hdev->dev_name, name_len);
886
887 name_len = strlen(hdev->short_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
889 hdev->short_name, name_len);
890
891 return eir_len;
892}
893
894static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
895 void *data, u16 data_len)
896{
897 char buf[512];
898 struct mgmt_rp_read_ext_info *rp = (void *)buf;
899 u16 eir_len;
900
901 BT_DBG("sock %p %s", sk, hdev->name);
902
903 memset(&buf, 0, sizeof(buf));
904
905 hci_dev_lock(hdev);
906
907 bacpy(&rp->bdaddr, &hdev->bdaddr);
908
909 rp->version = hdev->hci_ver;
910 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
911
912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
913 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
914
915
916 eir_len = append_eir_data_to_buf(hdev, rp->eir);
917 rp->eir_len = cpu_to_le16(eir_len);
918
919 hci_dev_unlock(hdev);
920
921
922
923
924
925
926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
929
930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
931 sizeof(*rp) + eir_len);
932}
933
934static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
935{
936 char buf[512];
937 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
938 u16 eir_len;
939
940 memset(buf, 0, sizeof(buf));
941
942 eir_len = append_eir_data_to_buf(hdev, ev->eir);
943 ev->eir_len = cpu_to_le16(eir_len);
944
945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
946 sizeof(*ev) + eir_len,
947 HCI_MGMT_EXT_INFO_EVENTS, skip);
948}
949
950static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
951{
952 __le32 settings = cpu_to_le32(get_current_settings(hdev));
953
954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
955 sizeof(settings));
956}
957
958static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
959{
960 BT_DBG("%s status 0x%02x", hdev->name, status);
961
962 if (hci_conn_count(hdev) == 0) {
963 cancel_delayed_work(&hdev->power_off);
964 queue_work(hdev->req_workqueue, &hdev->power_off.work);
965 }
966}
967
968void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
969{
970 struct mgmt_ev_advertising_added ev;
971
972 ev.instance = instance;
973
974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
975}
976
977void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
978 u8 instance)
979{
980 struct mgmt_ev_advertising_removed ev;
981
982 ev.instance = instance;
983
984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
985}
986
987static void cancel_adv_timeout(struct hci_dev *hdev)
988{
989 if (hdev->adv_instance_timeout) {
990 hdev->adv_instance_timeout = 0;
991 cancel_delayed_work(&hdev->adv_instance_expire);
992 }
993}
994
995static int clean_up_hci_state(struct hci_dev *hdev)
996{
997 struct hci_request req;
998 struct hci_conn *conn;
999 bool discov_stopped;
1000 int err;
1001
1002 hci_req_init(&req, hdev);
1003
1004 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1005 test_bit(HCI_PSCAN, &hdev->flags)) {
1006 u8 scan = 0x00;
1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 }
1009
1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1011
1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1013 __hci_req_disable_advertising(&req);
1014
1015 discov_stopped = hci_req_stop_discovery(&req);
1016
1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1018
1019 __hci_abort_conn(&req, conn, 0x15);
1020 }
1021
1022 err = hci_req_run(&req, clean_up_hci_complete);
1023 if (!err && discov_stopped)
1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1025
1026 return err;
1027}
1028
1029static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1030 u16 len)
1031{
1032 struct mgmt_mode *cp = data;
1033 struct mgmt_pending_cmd *cmd;
1034 int err;
1035
1036 BT_DBG("request for %s", hdev->name);
1037
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
1042 hci_dev_lock(hdev);
1043
1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 MGMT_STATUS_BUSY);
1047 goto failed;
1048 }
1049
1050 if (!!cp->val == hdev_is_powered(hdev)) {
1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1052 goto failed;
1053 }
1054
1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1056 if (!cmd) {
1057 err = -ENOMEM;
1058 goto failed;
1059 }
1060
1061 if (cp->val) {
1062 queue_work(hdev->req_workqueue, &hdev->power_on);
1063 err = 0;
1064 } else {
1065
1066 err = clean_up_hci_state(hdev);
1067 if (!err)
1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1069 HCI_POWER_OFF_TIMEOUT);
1070
1071
1072 if (err == -ENODATA) {
1073 cancel_delayed_work(&hdev->power_off);
1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1075 err = 0;
1076 }
1077 }
1078
1079failed:
1080 hci_dev_unlock(hdev);
1081 return err;
1082}
1083
1084static int new_settings(struct hci_dev *hdev, struct sock *skip)
1085{
1086 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1087
1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1090}
1091
1092int mgmt_new_settings(struct hci_dev *hdev)
1093{
1094 return new_settings(hdev, NULL);
1095}
1096
1097struct cmd_lookup {
1098 struct sock *sk;
1099 struct hci_dev *hdev;
1100 u8 mgmt_status;
1101};
1102
1103static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1104{
1105 struct cmd_lookup *match = data;
1106
1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1108
1109 list_del(&cmd->list);
1110
1111 if (match->sk == NULL) {
1112 match->sk = cmd->sk;
1113 sock_hold(match->sk);
1114 }
1115
1116 mgmt_pending_free(cmd);
1117}
1118
1119static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1120{
1121 u8 *status = data;
1122
1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1124 mgmt_pending_remove(cmd);
1125}
1126
1127static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1128{
1129 if (cmd->cmd_complete) {
1130 u8 *status = data;
1131
1132 cmd->cmd_complete(cmd, *status);
1133 mgmt_pending_remove(cmd);
1134
1135 return;
1136 }
1137
1138 cmd_status_rsp(cmd, data);
1139}
1140
1141static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1142{
1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1144 cmd->param, cmd->param_len);
1145}
1146
1147static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1148{
1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1150 cmd->param, sizeof(struct mgmt_addr_info));
1151}
1152
1153static u8 mgmt_bredr_support(struct hci_dev *hdev)
1154{
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1158 return MGMT_STATUS_REJECTED;
1159 else
1160 return MGMT_STATUS_SUCCESS;
1161}
1162
1163static u8 mgmt_le_support(struct hci_dev *hdev)
1164{
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1168 return MGMT_STATUS_REJECTED;
1169 else
1170 return MGMT_STATUS_SUCCESS;
1171}
1172
1173void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1174{
1175 struct mgmt_pending_cmd *cmd;
1176
1177 BT_DBG("status 0x%02x", status);
1178
1179 hci_dev_lock(hdev);
1180
1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1182 if (!cmd)
1183 goto unlock;
1184
1185 if (status) {
1186 u8 mgmt_err = mgmt_status(status);
1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1189 goto remove_cmd;
1190 }
1191
1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1193 hdev->discov_timeout > 0) {
1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1196 }
1197
1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1199 new_settings(hdev, cmd->sk);
1200
1201remove_cmd:
1202 mgmt_pending_remove(cmd);
1203
1204unlock:
1205 hci_dev_unlock(hdev);
1206}
1207
1208static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1209 u16 len)
1210{
1211 struct mgmt_cp_set_discoverable *cp = data;
1212 struct mgmt_pending_cmd *cmd;
1213 u16 timeout;
1214 int err;
1215
1216 BT_DBG("request for %s", hdev->name);
1217
1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_REJECTED);
1222
1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_INVALID_PARAMS);
1226
1227 timeout = __le16_to_cpu(cp->timeout);
1228
1229
1230
1231
1232 if ((cp->val == 0x00 && timeout > 0) ||
1233 (cp->val == 0x02 && timeout == 0))
1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1235 MGMT_STATUS_INVALID_PARAMS);
1236
1237 hci_dev_lock(hdev);
1238
1239 if (!hdev_is_powered(hdev) && timeout > 0) {
1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1241 MGMT_STATUS_NOT_POWERED);
1242 goto failed;
1243 }
1244
1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1248 MGMT_STATUS_BUSY);
1249 goto failed;
1250 }
1251
1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1254 MGMT_STATUS_REJECTED);
1255 goto failed;
1256 }
1257
1258 if (!hdev_is_powered(hdev)) {
1259 bool changed = false;
1260
1261
1262
1263
1264
1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1267 changed = true;
1268 }
1269
1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1271 if (err < 0)
1272 goto failed;
1273
1274 if (changed)
1275 err = new_settings(hdev, sk);
1276
1277 goto failed;
1278 }
1279
1280
1281
1282
1283
1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1285 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1286 HCI_LIMITED_DISCOVERABLE)) {
1287 cancel_delayed_work(&hdev->discov_off);
1288 hdev->discov_timeout = timeout;
1289
1290 if (cp->val && hdev->discov_timeout > 0) {
1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1292 queue_delayed_work(hdev->req_workqueue,
1293 &hdev->discov_off, to);
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1301 if (!cmd) {
1302 err = -ENOMEM;
1303 goto failed;
1304 }
1305
1306
1307
1308
1309
1310 cancel_delayed_work(&hdev->discov_off);
1311 hdev->discov_timeout = timeout;
1312
1313 if (cp->val)
1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1315 else
1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1317
1318
1319 if (cp->val == 0x02)
1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1321 else
1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1323
1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1325 err = 0;
1326
1327failed:
1328 hci_dev_unlock(hdev);
1329 return err;
1330}
1331
1332void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1333{
1334 struct mgmt_pending_cmd *cmd;
1335
1336 BT_DBG("status 0x%02x", status);
1337
1338 hci_dev_lock(hdev);
1339
1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1341 if (!cmd)
1342 goto unlock;
1343
1344 if (status) {
1345 u8 mgmt_err = mgmt_status(status);
1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1347 goto remove_cmd;
1348 }
1349
1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1351 new_settings(hdev, cmd->sk);
1352
1353remove_cmd:
1354 mgmt_pending_remove(cmd);
1355
1356unlock:
1357 hci_dev_unlock(hdev);
1358}
1359
1360static int set_connectable_update_settings(struct hci_dev *hdev,
1361 struct sock *sk, u8 val)
1362{
1363 bool changed = false;
1364 int err;
1365
1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1367 changed = true;
1368
1369 if (val) {
1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1371 } else {
1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1374 }
1375
1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1377 if (err < 0)
1378 return err;
1379
1380 if (changed) {
1381 hci_req_update_scan(hdev);
1382 hci_update_background_scan(hdev);
1383 return new_settings(hdev, sk);
1384 }
1385
1386 return 0;
1387}
1388
1389static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1390 u16 len)
1391{
1392 struct mgmt_mode *cp = data;
1393 struct mgmt_pending_cmd *cmd;
1394 int err;
1395
1396 BT_DBG("request for %s", hdev->name);
1397
1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_REJECTED);
1402
1403 if (cp->val != 0x00 && cp->val != 0x01)
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_INVALID_PARAMS);
1406
1407 hci_dev_lock(hdev);
1408
1409 if (!hdev_is_powered(hdev)) {
1410 err = set_connectable_update_settings(hdev, sk, cp->val);
1411 goto failed;
1412 }
1413
1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1417 MGMT_STATUS_BUSY);
1418 goto failed;
1419 }
1420
1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1422 if (!cmd) {
1423 err = -ENOMEM;
1424 goto failed;
1425 }
1426
1427 if (cp->val) {
1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1429 } else {
1430 if (hdev->discov_timeout > 0)
1431 cancel_delayed_work(&hdev->discov_off);
1432
1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1436 }
1437
1438 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1439 err = 0;
1440
1441failed:
1442 hci_dev_unlock(hdev);
1443 return err;
1444}
1445
1446static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1447 u16 len)
1448{
1449 struct mgmt_mode *cp = data;
1450 bool changed;
1451 int err;
1452
1453 BT_DBG("request for %s", hdev->name);
1454
1455 if (cp->val != 0x00 && cp->val != 0x01)
1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1457 MGMT_STATUS_INVALID_PARAMS);
1458
1459 hci_dev_lock(hdev);
1460
1461 if (cp->val)
1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1463 else
1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1465
1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1467 if (err < 0)
1468 goto unlock;
1469
1470 if (changed) {
1471
1472
1473
1474 if (hdev_is_powered(hdev) &&
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1478 queue_work(hdev->req_workqueue,
1479 &hdev->discoverable_update);
1480
1481 err = new_settings(hdev, sk);
1482 }
1483
1484unlock:
1485 hci_dev_unlock(hdev);
1486 return err;
1487}
1488
1489static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1490 u16 len)
1491{
1492 struct mgmt_mode *cp = data;
1493 struct mgmt_pending_cmd *cmd;
1494 u8 val, status;
1495 int err;
1496
1497 BT_DBG("request for %s", hdev->name);
1498
1499 status = mgmt_bredr_support(hdev);
1500 if (status)
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1502 status);
1503
1504 if (cp->val != 0x00 && cp->val != 0x01)
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1506 MGMT_STATUS_INVALID_PARAMS);
1507
1508 hci_dev_lock(hdev);
1509
1510 if (!hdev_is_powered(hdev)) {
1511 bool changed = false;
1512
1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1515 changed = true;
1516 }
1517
1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1519 if (err < 0)
1520 goto failed;
1521
1522 if (changed)
1523 err = new_settings(hdev, sk);
1524
1525 goto failed;
1526 }
1527
1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1530 MGMT_STATUS_BUSY);
1531 goto failed;
1532 }
1533
1534 val = !!cp->val;
1535
1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1538 goto failed;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1542 if (!cmd) {
1543 err = -ENOMEM;
1544 goto failed;
1545 }
1546
1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1548 if (err < 0) {
1549 mgmt_pending_remove(cmd);
1550 goto failed;
1551 }
1552
1553failed:
1554 hci_dev_unlock(hdev);
1555 return err;
1556}
1557
1558static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1559{
1560 struct mgmt_mode *cp = data;
1561 struct mgmt_pending_cmd *cmd;
1562 u8 status;
1563 int err;
1564
1565 BT_DBG("request for %s", hdev->name);
1566
1567 status = mgmt_bredr_support(hdev);
1568 if (status)
1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1570
1571 if (!lmp_ssp_capable(hdev))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_NOT_SUPPORTED);
1574
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_INVALID_PARAMS);
1578
1579 hci_dev_lock(hdev);
1580
1581 if (!hdev_is_powered(hdev)) {
1582 bool changed;
1583
1584 if (cp->val) {
1585 changed = !hci_dev_test_and_set_flag(hdev,
1586 HCI_SSP_ENABLED);
1587 } else {
1588 changed = hci_dev_test_and_clear_flag(hdev,
1589 HCI_SSP_ENABLED);
1590 if (!changed)
1591 changed = hci_dev_test_and_clear_flag(hdev,
1592 HCI_HS_ENABLED);
1593 else
1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1595 }
1596
1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1598 if (err < 0)
1599 goto failed;
1600
1601 if (changed)
1602 err = new_settings(hdev, sk);
1603
1604 goto failed;
1605 }
1606
1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1609 MGMT_STATUS_BUSY);
1610 goto failed;
1611 }
1612
1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1615 goto failed;
1616 }
1617
1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1619 if (!cmd) {
1620 err = -ENOMEM;
1621 goto failed;
1622 }
1623
1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1626 sizeof(cp->val), &cp->val);
1627
1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1629 if (err < 0) {
1630 mgmt_pending_remove(cmd);
1631 goto failed;
1632 }
1633
1634failed:
1635 hci_dev_unlock(hdev);
1636 return err;
1637}
1638
1639static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1640{
1641 struct mgmt_mode *cp = data;
1642 bool changed;
1643 u8 status;
1644 int err;
1645
1646 BT_DBG("request for %s", hdev->name);
1647
1648 status = mgmt_bredr_support(hdev);
1649 if (status)
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1651
1652 if (!lmp_ssp_capable(hdev))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1655
1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_REJECTED);
1659
1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_INVALID_PARAMS);
1663
1664 hci_dev_lock(hdev);
1665
1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1668 MGMT_STATUS_BUSY);
1669 goto unlock;
1670 }
1671
1672 if (cp->val) {
1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1674 } else {
1675 if (hdev_is_powered(hdev)) {
1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1677 MGMT_STATUS_REJECTED);
1678 goto unlock;
1679 }
1680
1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1682 }
1683
1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1685 if (err < 0)
1686 goto unlock;
1687
1688 if (changed)
1689 err = new_settings(hdev, sk);
1690
1691unlock:
1692 hci_dev_unlock(hdev);
1693 return err;
1694}
1695
1696static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1697{
1698 struct cmd_lookup match = { NULL, hdev };
1699
1700 hci_dev_lock(hdev);
1701
1702 if (status) {
1703 u8 mgmt_err = mgmt_status(status);
1704
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1706 &mgmt_err);
1707 goto unlock;
1708 }
1709
1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1711
1712 new_settings(hdev, match.sk);
1713
1714 if (match.sk)
1715 sock_put(match.sk);
1716
1717
1718
1719
1720
1721
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req;
1724
1725 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00);
1727 __hci_req_update_scan_rsp_data(&req, 0x00);
1728 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev);
1730 }
1731
1732unlock:
1733 hci_dev_unlock(hdev);
1734}
1735
1736static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1737{
1738 struct mgmt_mode *cp = data;
1739 struct hci_cp_write_le_host_supported hci_cp;
1740 struct mgmt_pending_cmd *cmd;
1741 struct hci_request req;
1742 int err;
1743 u8 val, enabled;
1744
1745 BT_DBG("request for %s", hdev->name);
1746
1747 if (!lmp_le_capable(hdev))
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_NOT_SUPPORTED);
1750
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1753 MGMT_STATUS_INVALID_PARAMS);
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1765 if (cp->val == 0x01)
1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1767
1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1769 MGMT_STATUS_REJECTED);
1770 }
1771
1772 hci_dev_lock(hdev);
1773
1774 val = !!cp->val;
1775 enabled = lmp_host_le_capable(hdev);
1776
1777 if (!val)
1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1779
1780 if (!hdev_is_powered(hdev) || val == enabled) {
1781 bool changed = false;
1782
1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1785 changed = true;
1786 }
1787
1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1790 changed = true;
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1794 if (err < 0)
1795 goto unlock;
1796
1797 if (changed)
1798 err = new_settings(hdev, sk);
1799
1800 goto unlock;
1801 }
1802
1803 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1806 MGMT_STATUS_BUSY);
1807 goto unlock;
1808 }
1809
1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1811 if (!cmd) {
1812 err = -ENOMEM;
1813 goto unlock;
1814 }
1815
1816 hci_req_init(&req, hdev);
1817
1818 memset(&hci_cp, 0, sizeof(hci_cp));
1819
1820 if (val) {
1821 hci_cp.le = val;
1822 hci_cp.simul = 0x00;
1823 } else {
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req);
1826 }
1827
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1829 &hci_cp);
1830
1831 err = hci_req_run(&req, le_enable_complete);
1832 if (err < 0)
1833 mgmt_pending_remove(cmd);
1834
1835unlock:
1836 hci_dev_unlock(hdev);
1837 return err;
1838}
1839
1840
1841
1842
1843
1844
1845
1846static bool pending_eir_or_class(struct hci_dev *hdev)
1847{
1848 struct mgmt_pending_cmd *cmd;
1849
1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1851 switch (cmd->opcode) {
1852 case MGMT_OP_ADD_UUID:
1853 case MGMT_OP_REMOVE_UUID:
1854 case MGMT_OP_SET_DEV_CLASS:
1855 case MGMT_OP_SET_POWERED:
1856 return true;
1857 }
1858 }
1859
1860 return false;
1861}
1862
1863static const u8 bluetooth_base_uuid[] = {
1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1866};
1867
1868static u8 get_uuid_size(const u8 *uuid)
1869{
1870 u32 val;
1871
1872 if (memcmp(uuid, bluetooth_base_uuid, 12))
1873 return 128;
1874
1875 val = get_unaligned_le32(&uuid[12]);
1876 if (val > 0xffff)
1877 return 32;
1878
1879 return 16;
1880}
1881
1882static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1883{
1884 struct mgmt_pending_cmd *cmd;
1885
1886 hci_dev_lock(hdev);
1887
1888 cmd = pending_find(mgmt_op, hdev);
1889 if (!cmd)
1890 goto unlock;
1891
1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1893 mgmt_status(status), hdev->dev_class, 3);
1894
1895 mgmt_pending_remove(cmd);
1896
1897unlock:
1898 hci_dev_unlock(hdev);
1899}
1900
1901static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1902{
1903 BT_DBG("status 0x%02x", status);
1904
1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1906}
1907
1908static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1909{
1910 struct mgmt_cp_add_uuid *cp = data;
1911 struct mgmt_pending_cmd *cmd;
1912 struct hci_request req;
1913 struct bt_uuid *uuid;
1914 int err;
1915
1916 BT_DBG("request for %s", hdev->name);
1917
1918 hci_dev_lock(hdev);
1919
1920 if (pending_eir_or_class(hdev)) {
1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1922 MGMT_STATUS_BUSY);
1923 goto failed;
1924 }
1925
1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1927 if (!uuid) {
1928 err = -ENOMEM;
1929 goto failed;
1930 }
1931
1932 memcpy(uuid->uuid, cp->uuid, 16);
1933 uuid->svc_hint = cp->svc_hint;
1934 uuid->size = get_uuid_size(cp->uuid);
1935
1936 list_add_tail(&uuid->list, &hdev->uuids);
1937
1938 hci_req_init(&req, hdev);
1939
1940 __hci_req_update_class(&req);
1941 __hci_req_update_eir(&req);
1942
1943 err = hci_req_run(&req, add_uuid_complete);
1944 if (err < 0) {
1945 if (err != -ENODATA)
1946 goto failed;
1947
1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1949 hdev->dev_class, 3);
1950 goto failed;
1951 }
1952
1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1954 if (!cmd) {
1955 err = -ENOMEM;
1956 goto failed;
1957 }
1958
1959 err = 0;
1960
1961failed:
1962 hci_dev_unlock(hdev);
1963 return err;
1964}
1965
1966static bool enable_service_cache(struct hci_dev *hdev)
1967{
1968 if (!hdev_is_powered(hdev))
1969 return false;
1970
1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1973 CACHE_TIMEOUT);
1974 return true;
1975 }
1976
1977 return false;
1978}
1979
1980static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1981{
1982 BT_DBG("status 0x%02x", status);
1983
1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1985}
1986
1987static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1988 u16 len)
1989{
1990 struct mgmt_cp_remove_uuid *cp = data;
1991 struct mgmt_pending_cmd *cmd;
1992 struct bt_uuid *match, *tmp;
1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1994 struct hci_request req;
1995 int err, found;
1996
1997 BT_DBG("request for %s", hdev->name);
1998
1999 hci_dev_lock(hdev);
2000
2001 if (pending_eir_or_class(hdev)) {
2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2003 MGMT_STATUS_BUSY);
2004 goto unlock;
2005 }
2006
2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2008 hci_uuids_clear(hdev);
2009
2010 if (enable_service_cache(hdev)) {
2011 err = mgmt_cmd_complete(sk, hdev->id,
2012 MGMT_OP_REMOVE_UUID,
2013 0, hdev->dev_class, 3);
2014 goto unlock;
2015 }
2016
2017 goto update_class;
2018 }
2019
2020 found = 0;
2021
2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2023 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2024 continue;
2025
2026 list_del(&match->list);
2027 kfree(match);
2028 found++;
2029 }
2030
2031 if (found == 0) {
2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2033 MGMT_STATUS_INVALID_PARAMS);
2034 goto unlock;
2035 }
2036
2037update_class:
2038 hci_req_init(&req, hdev);
2039
2040 __hci_req_update_class(&req);
2041 __hci_req_update_eir(&req);
2042
2043 err = hci_req_run(&req, remove_uuid_complete);
2044 if (err < 0) {
2045 if (err != -ENODATA)
2046 goto unlock;
2047
2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2049 hdev->dev_class, 3);
2050 goto unlock;
2051 }
2052
2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2054 if (!cmd) {
2055 err = -ENOMEM;
2056 goto unlock;
2057 }
2058
2059 err = 0;
2060
2061unlock:
2062 hci_dev_unlock(hdev);
2063 return err;
2064}
2065
2066static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2067{
2068 BT_DBG("status 0x%02x", status);
2069
2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2071}
2072
2073static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2074 u16 len)
2075{
2076 struct mgmt_cp_set_dev_class *cp = data;
2077 struct mgmt_pending_cmd *cmd;
2078 struct hci_request req;
2079 int err;
2080
2081 BT_DBG("request for %s", hdev->name);
2082
2083 if (!lmp_bredr_capable(hdev))
2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 hci_dev_lock(hdev);
2088
2089 if (pending_eir_or_class(hdev)) {
2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2091 MGMT_STATUS_BUSY);
2092 goto unlock;
2093 }
2094
2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2097 MGMT_STATUS_INVALID_PARAMS);
2098 goto unlock;
2099 }
2100
2101 hdev->major_class = cp->major;
2102 hdev->minor_class = cp->minor;
2103
2104 if (!hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2106 hdev->dev_class, 3);
2107 goto unlock;
2108 }
2109
2110 hci_req_init(&req, hdev);
2111
2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2113 hci_dev_unlock(hdev);
2114 cancel_delayed_work_sync(&hdev->service_cache);
2115 hci_dev_lock(hdev);
2116 __hci_req_update_eir(&req);
2117 }
2118
2119 __hci_req_update_class(&req);
2120
2121 err = hci_req_run(&req, set_class_complete);
2122 if (err < 0) {
2123 if (err != -ENODATA)
2124 goto unlock;
2125
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2128 goto unlock;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto unlock;
2135 }
2136
2137 err = 0;
2138
2139unlock:
2140 hci_dev_unlock(hdev);
2141 return err;
2142}
2143
2144static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2145 u16 len)
2146{
2147 struct mgmt_cp_load_link_keys *cp = data;
2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2149 sizeof(struct mgmt_link_key_info));
2150 u16 key_count, expected_len;
2151 bool changed;
2152 int i;
2153
2154 BT_DBG("request for %s", hdev->name);
2155
2156 if (!lmp_bredr_capable(hdev))
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2159
2160 key_count = __le16_to_cpu(cp->key_count);
2161 if (key_count > max_key_count) {
2162 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2163 key_count);
2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2165 MGMT_STATUS_INVALID_PARAMS);
2166 }
2167
2168 expected_len = sizeof(*cp) + key_count *
2169 sizeof(struct mgmt_link_key_info);
2170 if (expected_len != len) {
2171 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2172 expected_len, len);
2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
2175 }
2176
2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_INVALID_PARAMS);
2180
2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2182 key_count);
2183
2184 for (i = 0; i < key_count; i++) {
2185 struct mgmt_link_key_info *key = &cp->keys[i];
2186
2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2188 return mgmt_cmd_status(sk, hdev->id,
2189 MGMT_OP_LOAD_LINK_KEYS,
2190 MGMT_STATUS_INVALID_PARAMS);
2191 }
2192
2193 hci_dev_lock(hdev);
2194
2195 hci_link_keys_clear(hdev);
2196
2197 if (cp->debug_keys)
2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2199 else
2200 changed = hci_dev_test_and_clear_flag(hdev,
2201 HCI_KEEP_DEBUG_KEYS);
2202
2203 if (changed)
2204 new_settings(hdev, NULL);
2205
2206 for (i = 0; i < key_count; i++) {
2207 struct mgmt_link_key_info *key = &cp->keys[i];
2208
2209
2210
2211
2212 if (key->type == HCI_LK_DEBUG_COMBINATION)
2213 continue;
2214
2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2216 key->type, key->pin_len, NULL);
2217 }
2218
2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2220
2221 hci_dev_unlock(hdev);
2222
2223 return 0;
2224}
2225
2226static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2227 u8 addr_type, struct sock *skip_sk)
2228{
2229 struct mgmt_ev_device_unpaired ev;
2230
2231 bacpy(&ev.addr.bdaddr, bdaddr);
2232 ev.addr.type = addr_type;
2233
2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2235 skip_sk);
2236}
2237
2238static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2239 u16 len)
2240{
2241 struct mgmt_cp_unpair_device *cp = data;
2242 struct mgmt_rp_unpair_device rp;
2243 struct hci_conn_params *params;
2244 struct mgmt_pending_cmd *cmd;
2245 struct hci_conn *conn;
2246 u8 addr_type;
2247 int err;
2248
2249 memset(&rp, 0, sizeof(rp));
2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2251 rp.addr.type = cp->addr.type;
2252
2253 if (!bdaddr_type_is_valid(cp->addr.type))
2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2256 &rp, sizeof(rp));
2257
2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2260 MGMT_STATUS_INVALID_PARAMS,
2261 &rp, sizeof(rp));
2262
2263 hci_dev_lock(hdev);
2264
2265 if (!hdev_is_powered(hdev)) {
2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2267 MGMT_STATUS_NOT_POWERED, &rp,
2268 sizeof(rp));
2269 goto unlock;
2270 }
2271
2272 if (cp->addr.type == BDADDR_BREDR) {
2273
2274
2275
2276
2277
2278
2279
2280 if (cp->disconnect)
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2282 &cp->addr.bdaddr);
2283 else
2284 conn = NULL;
2285
2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2287 if (err < 0) {
2288 err = mgmt_cmd_complete(sk, hdev->id,
2289 MGMT_OP_UNPAIR_DEVICE,
2290 MGMT_STATUS_NOT_PAIRED, &rp,
2291 sizeof(rp));
2292 goto unlock;
2293 }
2294
2295 goto done;
2296 }
2297
2298
2299 addr_type = le_addr_type(cp->addr.type);
2300
2301 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2302
2303 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2304 if (err < 0) {
2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2306 MGMT_STATUS_NOT_PAIRED, &rp,
2307 sizeof(rp));
2308 goto unlock;
2309 }
2310
2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2312 if (!conn) {
2313 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2314 goto done;
2315 }
2316
2317
2318 smp_cancel_pairing(conn);
2319
2320
2321
2322
2323 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2324
2325
2326 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2327 if (params) {
2328 if (params->explicit_connect)
2329 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2330 else
2331 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2332 }
2333
2334
2335
2336
2337 if (!cp->disconnect)
2338 conn = NULL;
2339
2340done:
2341
2342
2343
2344 if (!conn) {
2345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2346 &rp, sizeof(rp));
2347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2348 goto unlock;
2349 }
2350
2351 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2352 sizeof(*cp));
2353 if (!cmd) {
2354 err = -ENOMEM;
2355 goto unlock;
2356 }
2357
2358 cmd->cmd_complete = addr_cmd_complete;
2359
2360 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2361 if (err < 0)
2362 mgmt_pending_remove(cmd);
2363
2364unlock:
2365 hci_dev_unlock(hdev);
2366 return err;
2367}
2368
2369static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2370 u16 len)
2371{
2372 struct mgmt_cp_disconnect *cp = data;
2373 struct mgmt_rp_disconnect rp;
2374 struct mgmt_pending_cmd *cmd;
2375 struct hci_conn *conn;
2376 int err;
2377
2378 BT_DBG("");
2379
2380 memset(&rp, 0, sizeof(rp));
2381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2382 rp.addr.type = cp->addr.type;
2383
2384 if (!bdaddr_type_is_valid(cp->addr.type))
2385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2386 MGMT_STATUS_INVALID_PARAMS,
2387 &rp, sizeof(rp));
2388
2389 hci_dev_lock(hdev);
2390
2391 if (!test_bit(HCI_UP, &hdev->flags)) {
2392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2393 MGMT_STATUS_NOT_POWERED, &rp,
2394 sizeof(rp));
2395 goto failed;
2396 }
2397
2398 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2400 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2401 goto failed;
2402 }
2403
2404 if (cp->addr.type == BDADDR_BREDR)
2405 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2406 &cp->addr.bdaddr);
2407 else
2408 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2409 le_addr_type(cp->addr.type));
2410
2411 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2412 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2413 MGMT_STATUS_NOT_CONNECTED, &rp,
2414 sizeof(rp));
2415 goto failed;
2416 }
2417
2418 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2419 if (!cmd) {
2420 err = -ENOMEM;
2421 goto failed;
2422 }
2423
2424 cmd->cmd_complete = generic_cmd_complete;
2425
2426 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2427 if (err < 0)
2428 mgmt_pending_remove(cmd);
2429
2430failed:
2431 hci_dev_unlock(hdev);
2432 return err;
2433}
2434
2435static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2436{
2437 switch (link_type) {
2438 case LE_LINK:
2439 switch (addr_type) {
2440 case ADDR_LE_DEV_PUBLIC:
2441 return BDADDR_LE_PUBLIC;
2442
2443 default:
2444
2445 return BDADDR_LE_RANDOM;
2446 }
2447
2448 default:
2449
2450 return BDADDR_BREDR;
2451 }
2452}
2453
2454static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2455 u16 data_len)
2456{
2457 struct mgmt_rp_get_connections *rp;
2458 struct hci_conn *c;
2459 size_t rp_len;
2460 int err;
2461 u16 i;
2462
2463 BT_DBG("");
2464
2465 hci_dev_lock(hdev);
2466
2467 if (!hdev_is_powered(hdev)) {
2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2469 MGMT_STATUS_NOT_POWERED);
2470 goto unlock;
2471 }
2472
2473 i = 0;
2474 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2475 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2476 i++;
2477 }
2478
2479 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2480 rp = kmalloc(rp_len, GFP_KERNEL);
2481 if (!rp) {
2482 err = -ENOMEM;
2483 goto unlock;
2484 }
2485
2486 i = 0;
2487 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2488 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2489 continue;
2490 bacpy(&rp->addr[i].bdaddr, &c->dst);
2491 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2492 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2493 continue;
2494 i++;
2495 }
2496
2497 rp->conn_count = cpu_to_le16(i);
2498
2499
2500 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2501
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2503 rp_len);
2504
2505 kfree(rp);
2506
2507unlock:
2508 hci_dev_unlock(hdev);
2509 return err;
2510}
2511
2512static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2513 struct mgmt_cp_pin_code_neg_reply *cp)
2514{
2515 struct mgmt_pending_cmd *cmd;
2516 int err;
2517
2518 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2519 sizeof(*cp));
2520 if (!cmd)
2521 return -ENOMEM;
2522
2523 cmd->cmd_complete = addr_cmd_complete;
2524
2525 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2526 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2527 if (err < 0)
2528 mgmt_pending_remove(cmd);
2529
2530 return err;
2531}
2532
2533static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2534 u16 len)
2535{
2536 struct hci_conn *conn;
2537 struct mgmt_cp_pin_code_reply *cp = data;
2538 struct hci_cp_pin_code_reply reply;
2539 struct mgmt_pending_cmd *cmd;
2540 int err;
2541
2542 BT_DBG("");
2543
2544 hci_dev_lock(hdev);
2545
2546 if (!hdev_is_powered(hdev)) {
2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2548 MGMT_STATUS_NOT_POWERED);
2549 goto failed;
2550 }
2551
2552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2553 if (!conn) {
2554 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2555 MGMT_STATUS_NOT_CONNECTED);
2556 goto failed;
2557 }
2558
2559 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2560 struct mgmt_cp_pin_code_neg_reply ncp;
2561
2562 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2563
2564 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2565
2566 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2567 if (err >= 0)
2568 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2569 MGMT_STATUS_INVALID_PARAMS);
2570
2571 goto failed;
2572 }
2573
2574 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2575 if (!cmd) {
2576 err = -ENOMEM;
2577 goto failed;
2578 }
2579
2580 cmd->cmd_complete = addr_cmd_complete;
2581
2582 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2583 reply.pin_len = cp->pin_len;
2584 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2585
2586 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2587 if (err < 0)
2588 mgmt_pending_remove(cmd);
2589
2590failed:
2591 hci_dev_unlock(hdev);
2592 return err;
2593}
2594
2595static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2596 u16 len)
2597{
2598 struct mgmt_cp_set_io_capability *cp = data;
2599
2600 BT_DBG("");
2601
2602 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2604 MGMT_STATUS_INVALID_PARAMS);
2605
2606 hci_dev_lock(hdev);
2607
2608 hdev->io_capability = cp->io_capability;
2609
2610 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2611 hdev->io_capability);
2612
2613 hci_dev_unlock(hdev);
2614
2615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2616 NULL, 0);
2617}
2618
2619static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2620{
2621 struct hci_dev *hdev = conn->hdev;
2622 struct mgmt_pending_cmd *cmd;
2623
2624 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2625 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2626 continue;
2627
2628 if (cmd->user_data != conn)
2629 continue;
2630
2631 return cmd;
2632 }
2633
2634 return NULL;
2635}
2636
2637static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2638{
2639 struct mgmt_rp_pair_device rp;
2640 struct hci_conn *conn = cmd->user_data;
2641 int err;
2642
2643 bacpy(&rp.addr.bdaddr, &conn->dst);
2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2645
2646 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2647 status, &rp, sizeof(rp));
2648
2649
2650 conn->connect_cfm_cb = NULL;
2651 conn->security_cfm_cb = NULL;
2652 conn->disconn_cfm_cb = NULL;
2653
2654 hci_conn_drop(conn);
2655
2656
2657
2658
2659 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2660
2661 hci_conn_put(conn);
2662
2663 return err;
2664}
2665
2666void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2667{
2668 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2669 struct mgmt_pending_cmd *cmd;
2670
2671 cmd = find_pairing(conn);
2672 if (cmd) {
2673 cmd->cmd_complete(cmd, status);
2674 mgmt_pending_remove(cmd);
2675 }
2676}
2677
2678static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2679{
2680 struct mgmt_pending_cmd *cmd;
2681
2682 BT_DBG("status %u", status);
2683
2684 cmd = find_pairing(conn);
2685 if (!cmd) {
2686 BT_DBG("Unable to find a pending command");
2687 return;
2688 }
2689
2690 cmd->cmd_complete(cmd, mgmt_status(status));
2691 mgmt_pending_remove(cmd);
2692}
2693
2694static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2695{
2696 struct mgmt_pending_cmd *cmd;
2697
2698 BT_DBG("status %u", status);
2699
2700 if (!status)
2701 return;
2702
2703 cmd = find_pairing(conn);
2704 if (!cmd) {
2705 BT_DBG("Unable to find a pending command");
2706 return;
2707 }
2708
2709 cmd->cmd_complete(cmd, mgmt_status(status));
2710 mgmt_pending_remove(cmd);
2711}
2712
2713static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2714 u16 len)
2715{
2716 struct mgmt_cp_pair_device *cp = data;
2717 struct mgmt_rp_pair_device rp;
2718 struct mgmt_pending_cmd *cmd;
2719 u8 sec_level, auth_type;
2720 struct hci_conn *conn;
2721 int err;
2722
2723 BT_DBG("");
2724
2725 memset(&rp, 0, sizeof(rp));
2726 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2727 rp.addr.type = cp->addr.type;
2728
2729 if (!bdaddr_type_is_valid(cp->addr.type))
2730 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2731 MGMT_STATUS_INVALID_PARAMS,
2732 &rp, sizeof(rp));
2733
2734 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2737 &rp, sizeof(rp));
2738
2739 hci_dev_lock(hdev);
2740
2741 if (!hdev_is_powered(hdev)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2743 MGMT_STATUS_NOT_POWERED, &rp,
2744 sizeof(rp));
2745 goto unlock;
2746 }
2747
2748 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2750 MGMT_STATUS_ALREADY_PAIRED, &rp,
2751 sizeof(rp));
2752 goto unlock;
2753 }
2754
2755 sec_level = BT_SECURITY_MEDIUM;
2756 auth_type = HCI_AT_DEDICATED_BONDING;
2757
2758 if (cp->addr.type == BDADDR_BREDR) {
2759 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2760 auth_type);
2761 } else {
2762 u8 addr_type = le_addr_type(cp->addr.type);
2763 struct hci_conn_params *p;
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2775
2776 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2777 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2778
2779 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2780 addr_type, sec_level,
2781 HCI_LE_CONN_TIMEOUT);
2782 }
2783
2784 if (IS_ERR(conn)) {
2785 int status;
2786
2787 if (PTR_ERR(conn) == -EBUSY)
2788 status = MGMT_STATUS_BUSY;
2789 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2790 status = MGMT_STATUS_NOT_SUPPORTED;
2791 else if (PTR_ERR(conn) == -ECONNREFUSED)
2792 status = MGMT_STATUS_REJECTED;
2793 else
2794 status = MGMT_STATUS_CONNECT_FAILED;
2795
2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2797 status, &rp, sizeof(rp));
2798 goto unlock;
2799 }
2800
2801 if (conn->connect_cfm_cb) {
2802 hci_conn_drop(conn);
2803 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2804 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2805 goto unlock;
2806 }
2807
2808 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2809 if (!cmd) {
2810 err = -ENOMEM;
2811 hci_conn_drop(conn);
2812 goto unlock;
2813 }
2814
2815 cmd->cmd_complete = pairing_complete;
2816
2817
2818 if (cp->addr.type == BDADDR_BREDR) {
2819 conn->connect_cfm_cb = pairing_complete_cb;
2820 conn->security_cfm_cb = pairing_complete_cb;
2821 conn->disconn_cfm_cb = pairing_complete_cb;
2822 } else {
2823 conn->connect_cfm_cb = le_pairing_complete_cb;
2824 conn->security_cfm_cb = le_pairing_complete_cb;
2825 conn->disconn_cfm_cb = le_pairing_complete_cb;
2826 }
2827
2828 conn->io_capability = cp->io_cap;
2829 cmd->user_data = hci_conn_get(conn);
2830
2831 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2832 hci_conn_security(conn, sec_level, auth_type, true)) {
2833 cmd->cmd_complete(cmd, 0);
2834 mgmt_pending_remove(cmd);
2835 }
2836
2837 err = 0;
2838
2839unlock:
2840 hci_dev_unlock(hdev);
2841 return err;
2842}
2843
2844static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2845 u16 len)
2846{
2847 struct mgmt_addr_info *addr = data;
2848 struct mgmt_pending_cmd *cmd;
2849 struct hci_conn *conn;
2850 int err;
2851
2852 BT_DBG("");
2853
2854 hci_dev_lock(hdev);
2855
2856 if (!hdev_is_powered(hdev)) {
2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2858 MGMT_STATUS_NOT_POWERED);
2859 goto unlock;
2860 }
2861
2862 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2863 if (!cmd) {
2864 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2865 MGMT_STATUS_INVALID_PARAMS);
2866 goto unlock;
2867 }
2868
2869 conn = cmd->user_data;
2870
2871 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2872 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2873 MGMT_STATUS_INVALID_PARAMS);
2874 goto unlock;
2875 }
2876
2877 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2878 mgmt_pending_remove(cmd);
2879
2880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2881 addr, sizeof(*addr));
2882unlock:
2883 hci_dev_unlock(hdev);
2884 return err;
2885}
2886
2887static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2888 struct mgmt_addr_info *addr, u16 mgmt_op,
2889 u16 hci_op, __le32 passkey)
2890{
2891 struct mgmt_pending_cmd *cmd;
2892 struct hci_conn *conn;
2893 int err;
2894
2895 hci_dev_lock(hdev);
2896
2897 if (!hdev_is_powered(hdev)) {
2898 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2899 MGMT_STATUS_NOT_POWERED, addr,
2900 sizeof(*addr));
2901 goto done;
2902 }
2903
2904 if (addr->type == BDADDR_BREDR)
2905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2906 else
2907 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2908 le_addr_type(addr->type));
2909
2910 if (!conn) {
2911 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2912 MGMT_STATUS_NOT_CONNECTED, addr,
2913 sizeof(*addr));
2914 goto done;
2915 }
2916
2917 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2918 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2919 if (!err)
2920 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2921 MGMT_STATUS_SUCCESS, addr,
2922 sizeof(*addr));
2923 else
2924 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2925 MGMT_STATUS_FAILED, addr,
2926 sizeof(*addr));
2927
2928 goto done;
2929 }
2930
2931 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2932 if (!cmd) {
2933 err = -ENOMEM;
2934 goto done;
2935 }
2936
2937 cmd->cmd_complete = addr_cmd_complete;
2938
2939
2940 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2941 struct hci_cp_user_passkey_reply cp;
2942
2943 bacpy(&cp.bdaddr, &addr->bdaddr);
2944 cp.passkey = passkey;
2945 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2946 } else
2947 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2948 &addr->bdaddr);
2949
2950 if (err < 0)
2951 mgmt_pending_remove(cmd);
2952
2953done:
2954 hci_dev_unlock(hdev);
2955 return err;
2956}
2957
2958static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2959 void *data, u16 len)
2960{
2961 struct mgmt_cp_pin_code_neg_reply *cp = data;
2962
2963 BT_DBG("");
2964
2965 return user_pairing_resp(sk, hdev, &cp->addr,
2966 MGMT_OP_PIN_CODE_NEG_REPLY,
2967 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2968}
2969
2970static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2971 u16 len)
2972{
2973 struct mgmt_cp_user_confirm_reply *cp = data;
2974
2975 BT_DBG("");
2976
2977 if (len != sizeof(*cp))
2978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2979 MGMT_STATUS_INVALID_PARAMS);
2980
2981 return user_pairing_resp(sk, hdev, &cp->addr,
2982 MGMT_OP_USER_CONFIRM_REPLY,
2983 HCI_OP_USER_CONFIRM_REPLY, 0);
2984}
2985
2986static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2987 void *data, u16 len)
2988{
2989 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2990
2991 BT_DBG("");
2992
2993 return user_pairing_resp(sk, hdev, &cp->addr,
2994 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2995 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2996}
2997
2998static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2999 u16 len)
3000{
3001 struct mgmt_cp_user_passkey_reply *cp = data;
3002
3003 BT_DBG("");
3004
3005 return user_pairing_resp(sk, hdev, &cp->addr,
3006 MGMT_OP_USER_PASSKEY_REPLY,
3007 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3008}
3009
3010static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3011 void *data, u16 len)
3012{
3013 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3014
3015 BT_DBG("");
3016
3017 return user_pairing_resp(sk, hdev, &cp->addr,
3018 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3019 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3020}
3021
3022static void adv_expire(struct hci_dev *hdev, u32 flags)
3023{
3024 struct adv_info *adv_instance;
3025 struct hci_request req;
3026 int err;
3027
3028 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3029 if (!adv_instance)
3030 return;
3031
3032
3033 if (!(adv_instance->flags & flags))
3034 return;
3035
3036 cancel_adv_timeout(hdev);
3037
3038 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3039 if (!adv_instance)
3040 return;
3041
3042 hci_req_init(&req, hdev);
3043 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3044 true);
3045 if (err)
3046 return;
3047
3048 hci_req_run(&req, NULL);
3049}
3050
3051static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3052{
3053 struct mgmt_cp_set_local_name *cp;
3054 struct mgmt_pending_cmd *cmd;
3055
3056 BT_DBG("status 0x%02x", status);
3057
3058 hci_dev_lock(hdev);
3059
3060 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3061 if (!cmd)
3062 goto unlock;
3063
3064 cp = cmd->param;
3065
3066 if (status) {
3067 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3068 mgmt_status(status));
3069 } else {
3070 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3071 cp, sizeof(*cp));
3072
3073 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3074 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3075 }
3076
3077 mgmt_pending_remove(cmd);
3078
3079unlock:
3080 hci_dev_unlock(hdev);
3081}
3082
3083static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3084 u16 len)
3085{
3086 struct mgmt_cp_set_local_name *cp = data;
3087 struct mgmt_pending_cmd *cmd;
3088 struct hci_request req;
3089 int err;
3090
3091 BT_DBG("");
3092
3093 hci_dev_lock(hdev);
3094
3095
3096
3097
3098 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3099 !memcmp(hdev->short_name, cp->short_name,
3100 sizeof(hdev->short_name))) {
3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3102 data, len);
3103 goto failed;
3104 }
3105
3106 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3107
3108 if (!hdev_is_powered(hdev)) {
3109 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3110
3111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3112 data, len);
3113 if (err < 0)
3114 goto failed;
3115
3116 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3117 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3118 ext_info_changed(hdev, sk);
3119
3120 goto failed;
3121 }
3122
3123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3124 if (!cmd) {
3125 err = -ENOMEM;
3126 goto failed;
3127 }
3128
3129 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3130
3131 hci_req_init(&req, hdev);
3132
3133 if (lmp_bredr_capable(hdev)) {
3134 __hci_req_update_name(&req);
3135 __hci_req_update_eir(&req);
3136 }
3137
3138
3139
3140
3141 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3142 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3143
3144 err = hci_req_run(&req, set_name_complete);
3145 if (err < 0)
3146 mgmt_pending_remove(cmd);
3147
3148failed:
3149 hci_dev_unlock(hdev);
3150 return err;
3151}
3152
3153static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3154 u16 len)
3155{
3156 struct mgmt_cp_set_appearance *cp = data;
3157 u16 apperance;
3158 int err;
3159
3160 BT_DBG("");
3161
3162 if (!lmp_le_capable(hdev))
3163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3164 MGMT_STATUS_NOT_SUPPORTED);
3165
3166 apperance = le16_to_cpu(cp->appearance);
3167
3168 hci_dev_lock(hdev);
3169
3170 if (hdev->appearance != apperance) {
3171 hdev->appearance = apperance;
3172
3173 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3174 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3175
3176 ext_info_changed(hdev, sk);
3177 }
3178
3179 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3180 0);
3181
3182 hci_dev_unlock(hdev);
3183
3184 return err;
3185}
3186
3187static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3188 u16 opcode, struct sk_buff *skb)
3189{
3190 struct mgmt_rp_read_local_oob_data mgmt_rp;
3191 size_t rp_size = sizeof(mgmt_rp);
3192 struct mgmt_pending_cmd *cmd;
3193
3194 BT_DBG("%s status %u", hdev->name, status);
3195
3196 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3197 if (!cmd)
3198 return;
3199
3200 if (status || !skb) {
3201 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3202 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3203 goto remove;
3204 }
3205
3206 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3207
3208 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3209 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3210
3211 if (skb->len < sizeof(*rp)) {
3212 mgmt_cmd_status(cmd->sk, hdev->id,
3213 MGMT_OP_READ_LOCAL_OOB_DATA,
3214 MGMT_STATUS_FAILED);
3215 goto remove;
3216 }
3217
3218 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3219 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3220
3221 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3222 } else {
3223 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3224
3225 if (skb->len < sizeof(*rp)) {
3226 mgmt_cmd_status(cmd->sk, hdev->id,
3227 MGMT_OP_READ_LOCAL_OOB_DATA,
3228 MGMT_STATUS_FAILED);
3229 goto remove;
3230 }
3231
3232 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3233 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3234
3235 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3236 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3237 }
3238
3239 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3240 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3241
3242remove:
3243 mgmt_pending_remove(cmd);
3244}
3245
3246static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3247 void *data, u16 data_len)
3248{
3249 struct mgmt_pending_cmd *cmd;
3250 struct hci_request req;
3251 int err;
3252
3253 BT_DBG("%s", hdev->name);
3254
3255 hci_dev_lock(hdev);
3256
3257 if (!hdev_is_powered(hdev)) {
3258 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3259 MGMT_STATUS_NOT_POWERED);
3260 goto unlock;
3261 }
3262
3263 if (!lmp_ssp_capable(hdev)) {
3264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3265 MGMT_STATUS_NOT_SUPPORTED);
3266 goto unlock;
3267 }
3268
3269 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3271 MGMT_STATUS_BUSY);
3272 goto unlock;
3273 }
3274
3275 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3276 if (!cmd) {
3277 err = -ENOMEM;
3278 goto unlock;
3279 }
3280
3281 hci_req_init(&req, hdev);
3282
3283 if (bredr_sc_enabled(hdev))
3284 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3285 else
3286 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3287
3288 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3289 if (err < 0)
3290 mgmt_pending_remove(cmd);
3291
3292unlock:
3293 hci_dev_unlock(hdev);
3294 return err;
3295}
3296
3297static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3299{
3300 struct mgmt_addr_info *addr = data;
3301 int err;
3302
3303 BT_DBG("%s ", hdev->name);
3304
3305 if (!bdaddr_type_is_valid(addr->type))
3306 return mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 addr, sizeof(*addr));
3310
3311 hci_dev_lock(hdev);
3312
3313 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3314 struct mgmt_cp_add_remote_oob_data *cp = data;
3315 u8 status;
3316
3317 if (cp->addr.type != BDADDR_BREDR) {
3318 err = mgmt_cmd_complete(sk, hdev->id,
3319 MGMT_OP_ADD_REMOTE_OOB_DATA,
3320 MGMT_STATUS_INVALID_PARAMS,
3321 &cp->addr, sizeof(cp->addr));
3322 goto unlock;
3323 }
3324
3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3326 cp->addr.type, cp->hash,
3327 cp->rand, NULL, NULL);
3328 if (err < 0)
3329 status = MGMT_STATUS_FAILED;
3330 else
3331 status = MGMT_STATUS_SUCCESS;
3332
3333 err = mgmt_cmd_complete(sk, hdev->id,
3334 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3335 &cp->addr, sizeof(cp->addr));
3336 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3337 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3338 u8 *rand192, *hash192, *rand256, *hash256;
3339 u8 status;
3340
3341 if (bdaddr_type_is_le(cp->addr.type)) {
3342
3343
3344
3345 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3346 memcmp(cp->hash192, ZERO_KEY, 16)) {
3347 err = mgmt_cmd_complete(sk, hdev->id,
3348 MGMT_OP_ADD_REMOTE_OOB_DATA,
3349 MGMT_STATUS_INVALID_PARAMS,
3350 addr, sizeof(*addr));
3351 goto unlock;
3352 }
3353
3354 rand192 = NULL;
3355 hash192 = NULL;
3356 } else {
3357
3358
3359
3360 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3361 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3362 rand192 = NULL;
3363 hash192 = NULL;
3364 } else {
3365 rand192 = cp->rand192;
3366 hash192 = cp->hash192;
3367 }
3368 }
3369
3370
3371
3372
3373 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3374 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3375 rand256 = NULL;
3376 hash256 = NULL;
3377 } else {
3378 rand256 = cp->rand256;
3379 hash256 = cp->hash256;
3380 }
3381
3382 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3383 cp->addr.type, hash192, rand192,
3384 hash256, rand256);
3385 if (err < 0)
3386 status = MGMT_STATUS_FAILED;
3387 else
3388 status = MGMT_STATUS_SUCCESS;
3389
3390 err = mgmt_cmd_complete(sk, hdev->id,
3391 MGMT_OP_ADD_REMOTE_OOB_DATA,
3392 status, &cp->addr, sizeof(cp->addr));
3393 } else {
3394 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3395 len);
3396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3397 MGMT_STATUS_INVALID_PARAMS);
3398 }
3399
3400unlock:
3401 hci_dev_unlock(hdev);
3402 return err;
3403}
3404
3405static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3406 void *data, u16 len)
3407{
3408 struct mgmt_cp_remove_remote_oob_data *cp = data;
3409 u8 status;
3410 int err;
3411
3412 BT_DBG("%s", hdev->name);
3413
3414 if (cp->addr.type != BDADDR_BREDR)
3415 return mgmt_cmd_complete(sk, hdev->id,
3416 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3417 MGMT_STATUS_INVALID_PARAMS,
3418 &cp->addr, sizeof(cp->addr));
3419
3420 hci_dev_lock(hdev);
3421
3422 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3423 hci_remote_oob_data_clear(hdev);
3424 status = MGMT_STATUS_SUCCESS;
3425 goto done;
3426 }
3427
3428 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3429 if (err < 0)
3430 status = MGMT_STATUS_INVALID_PARAMS;
3431 else
3432 status = MGMT_STATUS_SUCCESS;
3433
3434done:
3435 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3436 status, &cp->addr, sizeof(cp->addr));
3437
3438 hci_dev_unlock(hdev);
3439 return err;
3440}
3441
3442void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3443{
3444 struct mgmt_pending_cmd *cmd;
3445
3446 BT_DBG("status %d", status);
3447
3448 hci_dev_lock(hdev);
3449
3450 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3451 if (!cmd)
3452 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3453
3454 if (!cmd)
3455 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3456
3457 if (cmd) {
3458 cmd->cmd_complete(cmd, mgmt_status(status));
3459 mgmt_pending_remove(cmd);
3460 }
3461
3462 hci_dev_unlock(hdev);
3463}
3464
3465static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3466 uint8_t *mgmt_status)
3467{
3468 switch (type) {
3469 case DISCOV_TYPE_LE:
3470 *mgmt_status = mgmt_le_support(hdev);
3471 if (*mgmt_status)
3472 return false;
3473 break;
3474 case DISCOV_TYPE_INTERLEAVED:
3475 *mgmt_status = mgmt_le_support(hdev);
3476 if (*mgmt_status)
3477 return false;
3478
3479 case DISCOV_TYPE_BREDR:
3480 *mgmt_status = mgmt_bredr_support(hdev);
3481 if (*mgmt_status)
3482 return false;
3483 break;
3484 default:
3485 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3486 return false;
3487 }
3488
3489 return true;
3490}
3491
3492static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3493 u16 op, void *data, u16 len)
3494{
3495 struct mgmt_cp_start_discovery *cp = data;
3496 struct mgmt_pending_cmd *cmd;
3497 u8 status;
3498 int err;
3499
3500 BT_DBG("%s", hdev->name);
3501
3502 hci_dev_lock(hdev);
3503
3504 if (!hdev_is_powered(hdev)) {
3505 err = mgmt_cmd_complete(sk, hdev->id, op,
3506 MGMT_STATUS_NOT_POWERED,
3507 &cp->type, sizeof(cp->type));
3508 goto failed;
3509 }
3510
3511 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3512 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3513 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3514 &cp->type, sizeof(cp->type));
3515 goto failed;
3516 }
3517
3518 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3519 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3520 &cp->type, sizeof(cp->type));
3521 goto failed;
3522 }
3523
3524
3525
3526
3527 hci_discovery_filter_clear(hdev);
3528
3529 hdev->discovery.type = cp->type;
3530 hdev->discovery.report_invalid_rssi = false;
3531 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3532 hdev->discovery.limited = true;
3533 else
3534 hdev->discovery.limited = false;
3535
3536 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3537 if (!cmd) {
3538 err = -ENOMEM;
3539 goto failed;
3540 }
3541
3542 cmd->cmd_complete = generic_cmd_complete;
3543
3544 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3545 queue_work(hdev->req_workqueue, &hdev->discov_update);
3546 err = 0;
3547
3548failed:
3549 hci_dev_unlock(hdev);
3550 return err;
3551}
3552
3553static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3554 void *data, u16 len)
3555{
3556 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3557 data, len);
3558}
3559
3560static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3561 void *data, u16 len)
3562{
3563 return start_discovery_internal(sk, hdev,
3564 MGMT_OP_START_LIMITED_DISCOVERY,
3565 data, len);
3566}
3567
3568static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3569 u8 status)
3570{
3571 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3572 cmd->param, 1);
3573}
3574
3575static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3576 void *data, u16 len)
3577{
3578 struct mgmt_cp_start_service_discovery *cp = data;
3579 struct mgmt_pending_cmd *cmd;
3580 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3581 u16 uuid_count, expected_len;
3582 u8 status;
3583 int err;
3584
3585 BT_DBG("%s", hdev->name);
3586
3587 hci_dev_lock(hdev);
3588
3589 if (!hdev_is_powered(hdev)) {
3590 err = mgmt_cmd_complete(sk, hdev->id,
3591 MGMT_OP_START_SERVICE_DISCOVERY,
3592 MGMT_STATUS_NOT_POWERED,
3593 &cp->type, sizeof(cp->type));
3594 goto failed;
3595 }
3596
3597 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3598 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3599 err = mgmt_cmd_complete(sk, hdev->id,
3600 MGMT_OP_START_SERVICE_DISCOVERY,
3601 MGMT_STATUS_BUSY, &cp->type,
3602 sizeof(cp->type));
3603 goto failed;
3604 }
3605
3606 uuid_count = __le16_to_cpu(cp->uuid_count);
3607 if (uuid_count > max_uuid_count) {
3608 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3609 uuid_count);
3610 err = mgmt_cmd_complete(sk, hdev->id,
3611 MGMT_OP_START_SERVICE_DISCOVERY,
3612 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3613 sizeof(cp->type));
3614 goto failed;
3615 }
3616
3617 expected_len = sizeof(*cp) + uuid_count * 16;
3618 if (expected_len != len) {
3619 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3620 expected_len, len);
3621 err = mgmt_cmd_complete(sk, hdev->id,
3622 MGMT_OP_START_SERVICE_DISCOVERY,
3623 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3624 sizeof(cp->type));
3625 goto failed;
3626 }
3627
3628 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3629 err = mgmt_cmd_complete(sk, hdev->id,
3630 MGMT_OP_START_SERVICE_DISCOVERY,
3631 status, &cp->type, sizeof(cp->type));
3632 goto failed;
3633 }
3634
3635 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3636 hdev, data, len);
3637 if (!cmd) {
3638 err = -ENOMEM;
3639 goto failed;
3640 }
3641
3642 cmd->cmd_complete = service_discovery_cmd_complete;
3643
3644
3645
3646
3647 hci_discovery_filter_clear(hdev);
3648
3649 hdev->discovery.result_filtering = true;
3650 hdev->discovery.type = cp->type;
3651 hdev->discovery.rssi = cp->rssi;
3652 hdev->discovery.uuid_count = uuid_count;
3653
3654 if (uuid_count > 0) {
3655 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3656 GFP_KERNEL);
3657 if (!hdev->discovery.uuids) {
3658 err = mgmt_cmd_complete(sk, hdev->id,
3659 MGMT_OP_START_SERVICE_DISCOVERY,
3660 MGMT_STATUS_FAILED,
3661 &cp->type, sizeof(cp->type));
3662 mgmt_pending_remove(cmd);
3663 goto failed;
3664 }
3665 }
3666
3667 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3668 queue_work(hdev->req_workqueue, &hdev->discov_update);
3669 err = 0;
3670
3671failed:
3672 hci_dev_unlock(hdev);
3673 return err;
3674}
3675
3676void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3677{
3678 struct mgmt_pending_cmd *cmd;
3679
3680 BT_DBG("status %d", status);
3681
3682 hci_dev_lock(hdev);
3683
3684 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3685 if (cmd) {
3686 cmd->cmd_complete(cmd, mgmt_status(status));
3687 mgmt_pending_remove(cmd);
3688 }
3689
3690 hci_dev_unlock(hdev);
3691}
3692
3693static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3694 u16 len)
3695{
3696 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3697 struct mgmt_pending_cmd *cmd;
3698 int err;
3699
3700 BT_DBG("%s", hdev->name);
3701
3702 hci_dev_lock(hdev);
3703
3704 if (!hci_discovery_active(hdev)) {
3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3706 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3707 sizeof(mgmt_cp->type));
3708 goto unlock;
3709 }
3710
3711 if (hdev->discovery.type != mgmt_cp->type) {
3712 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &mgmt_cp->type, sizeof(mgmt_cp->type));
3715 goto unlock;
3716 }
3717
3718 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3719 if (!cmd) {
3720 err = -ENOMEM;
3721 goto unlock;
3722 }
3723
3724 cmd->cmd_complete = generic_cmd_complete;
3725
3726 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3727 queue_work(hdev->req_workqueue, &hdev->discov_update);
3728 err = 0;
3729
3730unlock:
3731 hci_dev_unlock(hdev);
3732 return err;
3733}
3734
3735static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3736 u16 len)
3737{
3738 struct mgmt_cp_confirm_name *cp = data;
3739 struct inquiry_entry *e;
3740 int err;
3741
3742 BT_DBG("%s", hdev->name);
3743
3744 hci_dev_lock(hdev);
3745
3746 if (!hci_discovery_active(hdev)) {
3747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3748 MGMT_STATUS_FAILED, &cp->addr,
3749 sizeof(cp->addr));
3750 goto failed;
3751 }
3752
3753 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3754 if (!e) {
3755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3756 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3757 sizeof(cp->addr));
3758 goto failed;
3759 }
3760
3761 if (cp->name_known) {
3762 e->name_state = NAME_KNOWN;
3763 list_del(&e->list);
3764 } else {
3765 e->name_state = NAME_NEEDED;
3766 hci_inquiry_cache_update_resolve(hdev, e);
3767 }
3768
3769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3770 &cp->addr, sizeof(cp->addr));
3771
3772failed:
3773 hci_dev_unlock(hdev);
3774 return err;
3775}
3776
3777static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3778 u16 len)
3779{
3780 struct mgmt_cp_block_device *cp = data;
3781 u8 status;
3782 int err;
3783
3784 BT_DBG("%s", hdev->name);
3785
3786 if (!bdaddr_type_is_valid(cp->addr.type))
3787 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3788 MGMT_STATUS_INVALID_PARAMS,
3789 &cp->addr, sizeof(cp->addr));
3790
3791 hci_dev_lock(hdev);
3792
3793 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3794 cp->addr.type);
3795 if (err < 0) {
3796 status = MGMT_STATUS_FAILED;
3797 goto done;
3798 }
3799
3800 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3801 sk);
3802 status = MGMT_STATUS_SUCCESS;
3803
3804done:
3805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3806 &cp->addr, sizeof(cp->addr));
3807
3808 hci_dev_unlock(hdev);
3809
3810 return err;
3811}
3812
3813static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3814 u16 len)
3815{
3816 struct mgmt_cp_unblock_device *cp = data;
3817 u8 status;
3818 int err;
3819
3820 BT_DBG("%s", hdev->name);
3821
3822 if (!bdaddr_type_is_valid(cp->addr.type))
3823 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 &cp->addr, sizeof(cp->addr));
3826
3827 hci_dev_lock(hdev);
3828
3829 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3830 cp->addr.type);
3831 if (err < 0) {
3832 status = MGMT_STATUS_INVALID_PARAMS;
3833 goto done;
3834 }
3835
3836 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3837 sk);
3838 status = MGMT_STATUS_SUCCESS;
3839
3840done:
3841 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3842 &cp->addr, sizeof(cp->addr));
3843
3844 hci_dev_unlock(hdev);
3845
3846 return err;
3847}
3848
3849static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3850 u16 len)
3851{
3852 struct mgmt_cp_set_device_id *cp = data;
3853 struct hci_request req;
3854 int err;
3855 __u16 source;
3856
3857 BT_DBG("%s", hdev->name);
3858
3859 source = __le16_to_cpu(cp->source);
3860
3861 if (source > 0x0002)
3862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3863 MGMT_STATUS_INVALID_PARAMS);
3864
3865 hci_dev_lock(hdev);
3866
3867 hdev->devid_source = source;
3868 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3869 hdev->devid_product = __le16_to_cpu(cp->product);
3870 hdev->devid_version = __le16_to_cpu(cp->version);
3871
3872 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3873 NULL, 0);
3874
3875 hci_req_init(&req, hdev);
3876 __hci_req_update_eir(&req);
3877 hci_req_run(&req, NULL);
3878
3879 hci_dev_unlock(hdev);
3880
3881 return err;
3882}
3883
3884static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3885 u16 opcode)
3886{
3887 BT_DBG("status %d", status);
3888}
3889
3890static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3891 u16 opcode)
3892{
3893 struct cmd_lookup match = { NULL, hdev };
3894 struct hci_request req;
3895 u8 instance;
3896 struct adv_info *adv_instance;
3897 int err;
3898
3899 hci_dev_lock(hdev);
3900
3901 if (status) {
3902 u8 mgmt_err = mgmt_status(status);
3903
3904 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3905 cmd_status_rsp, &mgmt_err);
3906 goto unlock;
3907 }
3908
3909 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3910 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3911 else
3912 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3913
3914 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3915 &match);
3916
3917 new_settings(hdev, match.sk);
3918
3919 if (match.sk)
3920 sock_put(match.sk);
3921
3922
3923
3924
3925 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3926 list_empty(&hdev->adv_instances))
3927 goto unlock;
3928
3929 instance = hdev->cur_adv_instance;
3930 if (!instance) {
3931 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3932 struct adv_info, list);
3933 if (!adv_instance)
3934 goto unlock;
3935
3936 instance = adv_instance->instance;
3937 }
3938
3939 hci_req_init(&req, hdev);
3940
3941 err = __hci_req_schedule_adv_instance(&req, instance, true);
3942
3943 if (!err)
3944 err = hci_req_run(&req, enable_advertising_instance);
3945
3946 if (err)
3947 bt_dev_err(hdev, "failed to re-configure advertising");
3948
3949unlock:
3950 hci_dev_unlock(hdev);
3951}
3952
3953static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3954 u16 len)
3955{
3956 struct mgmt_mode *cp = data;
3957 struct mgmt_pending_cmd *cmd;
3958 struct hci_request req;
3959 u8 val, status;
3960 int err;
3961
3962 BT_DBG("request for %s", hdev->name);
3963
3964 status = mgmt_le_support(hdev);
3965 if (status)
3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3967 status);
3968
3969 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3971 MGMT_STATUS_INVALID_PARAMS);
3972
3973 hci_dev_lock(hdev);
3974
3975 val = !!cp->val;
3976
3977
3978
3979
3980
3981
3982 if (!hdev_is_powered(hdev) ||
3983 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3984 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3985 hci_conn_num(hdev, LE_LINK) > 0 ||
3986 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3987 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3988 bool changed;
3989
3990 if (cp->val) {
3991 hdev->cur_adv_instance = 0x00;
3992 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3993 if (cp->val == 0x02)
3994 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3995 else
3996 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3997 } else {
3998 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3999 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4000 }
4001
4002 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4003 if (err < 0)
4004 goto unlock;
4005
4006 if (changed)
4007 err = new_settings(hdev, sk);
4008
4009 goto unlock;
4010 }
4011
4012 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4013 pending_find(MGMT_OP_SET_LE, hdev)) {
4014 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4015 MGMT_STATUS_BUSY);
4016 goto unlock;
4017 }
4018
4019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4020 if (!cmd) {
4021 err = -ENOMEM;
4022 goto unlock;
4023 }
4024
4025 hci_req_init(&req, hdev);
4026
4027 if (cp->val == 0x02)
4028 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4029 else
4030 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4031
4032 cancel_adv_timeout(hdev);
4033
4034 if (val) {
4035
4036
4037
4038
4039 hdev->cur_adv_instance = 0x00;
4040 __hci_req_update_adv_data(&req, 0x00);
4041 __hci_req_update_scan_rsp_data(&req, 0x00);
4042 __hci_req_enable_advertising(&req);
4043 } else {
4044 __hci_req_disable_advertising(&req);
4045 }
4046
4047 err = hci_req_run(&req, set_advertising_complete);
4048 if (err < 0)
4049 mgmt_pending_remove(cmd);
4050
4051unlock:
4052 hci_dev_unlock(hdev);
4053 return err;
4054}
4055
4056static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4057 void *data, u16 len)
4058{
4059 struct mgmt_cp_set_static_address *cp = data;
4060 int err;
4061
4062 BT_DBG("%s", hdev->name);
4063
4064 if (!lmp_le_capable(hdev))
4065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4066 MGMT_STATUS_NOT_SUPPORTED);
4067
4068 if (hdev_is_powered(hdev))
4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4070 MGMT_STATUS_REJECTED);
4071
4072 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4073 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4074 return mgmt_cmd_status(sk, hdev->id,
4075 MGMT_OP_SET_STATIC_ADDRESS,
4076 MGMT_STATUS_INVALID_PARAMS);
4077
4078
4079 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4080 return mgmt_cmd_status(sk, hdev->id,
4081 MGMT_OP_SET_STATIC_ADDRESS,
4082 MGMT_STATUS_INVALID_PARAMS);
4083 }
4084
4085 hci_dev_lock(hdev);
4086
4087 bacpy(&hdev->static_addr, &cp->bdaddr);
4088
4089 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4090 if (err < 0)
4091 goto unlock;
4092
4093 err = new_settings(hdev, sk);
4094
4095unlock:
4096 hci_dev_unlock(hdev);
4097 return err;
4098}
4099
4100static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4101 void *data, u16 len)
4102{
4103 struct mgmt_cp_set_scan_params *cp = data;
4104 __u16 interval, window;
4105 int err;
4106
4107 BT_DBG("%s", hdev->name);
4108
4109 if (!lmp_le_capable(hdev))
4110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4111 MGMT_STATUS_NOT_SUPPORTED);
4112
4113 interval = __le16_to_cpu(cp->interval);
4114
4115 if (interval < 0x0004 || interval > 0x4000)
4116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4117 MGMT_STATUS_INVALID_PARAMS);
4118
4119 window = __le16_to_cpu(cp->window);
4120
4121 if (window < 0x0004 || window > 0x4000)
4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4123 MGMT_STATUS_INVALID_PARAMS);
4124
4125 if (window > interval)
4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4128
4129 hci_dev_lock(hdev);
4130
4131 hdev->le_scan_interval = interval;
4132 hdev->le_scan_window = window;
4133
4134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4135 NULL, 0);
4136
4137
4138
4139
4140 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4141 hdev->discovery.state == DISCOVERY_STOPPED) {
4142 struct hci_request req;
4143
4144 hci_req_init(&req, hdev);
4145
4146 hci_req_add_le_scan_disable(&req);
4147 hci_req_add_le_passive_scan(&req);
4148
4149 hci_req_run(&req, NULL);
4150 }
4151
4152 hci_dev_unlock(hdev);
4153
4154 return err;
4155}
4156
4157static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4158 u16 opcode)
4159{
4160 struct mgmt_pending_cmd *cmd;
4161
4162 BT_DBG("status 0x%02x", status);
4163
4164 hci_dev_lock(hdev);
4165
4166 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4167 if (!cmd)
4168 goto unlock;
4169
4170 if (status) {
4171 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4172 mgmt_status(status));
4173 } else {
4174 struct mgmt_mode *cp = cmd->param;
4175
4176 if (cp->val)
4177 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4178 else
4179 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4180
4181 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4182 new_settings(hdev, cmd->sk);
4183 }
4184
4185 mgmt_pending_remove(cmd);
4186
4187unlock:
4188 hci_dev_unlock(hdev);
4189}
4190
4191static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4192 void *data, u16 len)
4193{
4194 struct mgmt_mode *cp = data;
4195 struct mgmt_pending_cmd *cmd;
4196 struct hci_request req;
4197 int err;
4198
4199 BT_DBG("%s", hdev->name);
4200
4201 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4202 hdev->hci_ver < BLUETOOTH_VER_1_2)
4203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4204 MGMT_STATUS_NOT_SUPPORTED);
4205
4206 if (cp->val != 0x00 && cp->val != 0x01)
4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4208 MGMT_STATUS_INVALID_PARAMS);
4209
4210 hci_dev_lock(hdev);
4211
4212 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4213 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4214 MGMT_STATUS_BUSY);
4215 goto unlock;
4216 }
4217
4218 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4219 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4220 hdev);
4221 goto unlock;
4222 }
4223
4224 if (!hdev_is_powered(hdev)) {
4225 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4226 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4227 hdev);
4228 new_settings(hdev, sk);
4229 goto unlock;
4230 }
4231
4232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4233 data, len);
4234 if (!cmd) {
4235 err = -ENOMEM;
4236 goto unlock;
4237 }
4238
4239 hci_req_init(&req, hdev);
4240
4241 __hci_req_write_fast_connectable(&req, cp->val);
4242
4243 err = hci_req_run(&req, fast_connectable_complete);
4244 if (err < 0) {
4245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4246 MGMT_STATUS_FAILED);
4247 mgmt_pending_remove(cmd);
4248 }
4249
4250unlock:
4251 hci_dev_unlock(hdev);
4252
4253 return err;
4254}
4255
4256static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4257{
4258 struct mgmt_pending_cmd *cmd;
4259
4260 BT_DBG("status 0x%02x", status);
4261
4262 hci_dev_lock(hdev);
4263
4264 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4265 if (!cmd)
4266 goto unlock;
4267
4268 if (status) {
4269 u8 mgmt_err = mgmt_status(status);
4270
4271
4272
4273
4274 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4275
4276 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4277 } else {
4278 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4279 new_settings(hdev, cmd->sk);
4280 }
4281
4282 mgmt_pending_remove(cmd);
4283
4284unlock:
4285 hci_dev_unlock(hdev);
4286}
4287
4288static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4289{
4290 struct mgmt_mode *cp = data;
4291 struct mgmt_pending_cmd *cmd;
4292 struct hci_request req;
4293 int err;
4294
4295 BT_DBG("request for %s", hdev->name);
4296
4297 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4299 MGMT_STATUS_NOT_SUPPORTED);
4300
4301 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_REJECTED);
4304
4305 if (cp->val != 0x00 && cp->val != 0x01)
4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4307 MGMT_STATUS_INVALID_PARAMS);
4308
4309 hci_dev_lock(hdev);
4310
4311 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4312 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4313 goto unlock;
4314 }
4315
4316 if (!hdev_is_powered(hdev)) {
4317 if (!cp->val) {
4318 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4319 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4320 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4321 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4322 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4323 }
4324
4325 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4326
4327 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4328 if (err < 0)
4329 goto unlock;
4330
4331 err = new_settings(hdev, sk);
4332 goto unlock;
4333 }
4334
4335
4336 if (!cp->val) {
4337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4338 MGMT_STATUS_REJECTED);
4339 goto unlock;
4340 } else {
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4356 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4357 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4359 MGMT_STATUS_REJECTED);
4360 goto unlock;
4361 }
4362 }
4363
4364 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4366 MGMT_STATUS_BUSY);
4367 goto unlock;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto unlock;
4374 }
4375
4376
4377
4378
4379 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4380
4381 hci_req_init(&req, hdev);
4382
4383 __hci_req_write_fast_connectable(&req, false);
4384 __hci_req_update_scan(&req);
4385
4386
4387
4388
4389 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4390
4391 err = hci_req_run(&req, set_bredr_complete);
4392 if (err < 0)
4393 mgmt_pending_remove(cmd);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
4400static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4401{
4402 struct mgmt_pending_cmd *cmd;
4403 struct mgmt_mode *cp;
4404
4405 BT_DBG("%s status %u", hdev->name, status);
4406
4407 hci_dev_lock(hdev);
4408
4409 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4410 if (!cmd)
4411 goto unlock;
4412
4413 if (status) {
4414 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4415 mgmt_status(status));
4416 goto remove;
4417 }
4418
4419 cp = cmd->param;
4420
4421 switch (cp->val) {
4422 case 0x00:
4423 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4424 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4425 break;
4426 case 0x01:
4427 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4429 break;
4430 case 0x02:
4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4432 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4433 break;
4434 }
4435
4436 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4437 new_settings(hdev, cmd->sk);
4438
4439remove:
4440 mgmt_pending_remove(cmd);
4441unlock:
4442 hci_dev_unlock(hdev);
4443}
4444
4445static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4446 void *data, u16 len)
4447{
4448 struct mgmt_mode *cp = data;
4449 struct mgmt_pending_cmd *cmd;
4450 struct hci_request req;
4451 u8 val;
4452 int err;
4453
4454 BT_DBG("request for %s", hdev->name);
4455
4456 if (!lmp_sc_capable(hdev) &&
4457 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4459 MGMT_STATUS_NOT_SUPPORTED);
4460
4461 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4462 lmp_sc_capable(hdev) &&
4463 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4464 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 MGMT_STATUS_REJECTED);
4466
4467 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 MGMT_STATUS_INVALID_PARAMS);
4470
4471 hci_dev_lock(hdev);
4472
4473 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4474 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4475 bool changed;
4476
4477 if (cp->val) {
4478 changed = !hci_dev_test_and_set_flag(hdev,
4479 HCI_SC_ENABLED);
4480 if (cp->val == 0x02)
4481 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4482 else
4483 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4484 } else {
4485 changed = hci_dev_test_and_clear_flag(hdev,
4486 HCI_SC_ENABLED);
4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4488 }
4489
4490 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4491 if (err < 0)
4492 goto failed;
4493
4494 if (changed)
4495 err = new_settings(hdev, sk);
4496
4497 goto failed;
4498 }
4499
4500 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4502 MGMT_STATUS_BUSY);
4503 goto failed;
4504 }
4505
4506 val = !!cp->val;
4507
4508 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4509 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4510 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4511 goto failed;
4512 }
4513
4514 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4515 if (!cmd) {
4516 err = -ENOMEM;
4517 goto failed;
4518 }
4519
4520 hci_req_init(&req, hdev);
4521 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4522 err = hci_req_run(&req, sc_enable_complete);
4523 if (err < 0) {
4524 mgmt_pending_remove(cmd);
4525 goto failed;
4526 }
4527
4528failed:
4529 hci_dev_unlock(hdev);
4530 return err;
4531}
4532
4533static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4534 void *data, u16 len)
4535{
4536 struct mgmt_mode *cp = data;
4537 bool changed, use_changed;
4538 int err;
4539
4540 BT_DBG("request for %s", hdev->name);
4541
4542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4543 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4544 MGMT_STATUS_INVALID_PARAMS);
4545
4546 hci_dev_lock(hdev);
4547
4548 if (cp->val)
4549 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4550 else
4551 changed = hci_dev_test_and_clear_flag(hdev,
4552 HCI_KEEP_DEBUG_KEYS);
4553
4554 if (cp->val == 0x02)
4555 use_changed = !hci_dev_test_and_set_flag(hdev,
4556 HCI_USE_DEBUG_KEYS);
4557 else
4558 use_changed = hci_dev_test_and_clear_flag(hdev,
4559 HCI_USE_DEBUG_KEYS);
4560
4561 if (hdev_is_powered(hdev) && use_changed &&
4562 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4563 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4564 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4565 sizeof(mode), &mode);
4566 }
4567
4568 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4569 if (err < 0)
4570 goto unlock;
4571
4572 if (changed)
4573 err = new_settings(hdev, sk);
4574
4575unlock:
4576 hci_dev_unlock(hdev);
4577 return err;
4578}
4579
4580static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4581 u16 len)
4582{
4583 struct mgmt_cp_set_privacy *cp = cp_data;
4584 bool changed;
4585 int err;
4586
4587 BT_DBG("request for %s", hdev->name);
4588
4589 if (!lmp_le_capable(hdev))
4590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4591 MGMT_STATUS_NOT_SUPPORTED);
4592
4593 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_INVALID_PARAMS);
4596
4597 if (hdev_is_powered(hdev))
4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_REJECTED);
4600
4601 hci_dev_lock(hdev);
4602
4603
4604
4605
4606 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4607
4608 if (cp->privacy) {
4609 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4610 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4611 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4612 if (cp->privacy == 0x02)
4613 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4614 else
4615 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4616 } else {
4617 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4618 memset(hdev->irk, 0, sizeof(hdev->irk));
4619 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4620 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4621 }
4622
4623 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4624 if (err < 0)
4625 goto unlock;
4626
4627 if (changed)
4628 err = new_settings(hdev, sk);
4629
4630unlock:
4631 hci_dev_unlock(hdev);
4632 return err;
4633}
4634
4635static bool irk_is_valid(struct mgmt_irk_info *irk)
4636{
4637 switch (irk->addr.type) {
4638 case BDADDR_LE_PUBLIC:
4639 return true;
4640
4641 case BDADDR_LE_RANDOM:
4642
4643 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4644 return false;
4645 return true;
4646 }
4647
4648 return false;
4649}
4650
4651static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4652 u16 len)
4653{
4654 struct mgmt_cp_load_irks *cp = cp_data;
4655 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4656 sizeof(struct mgmt_irk_info));
4657 u16 irk_count, expected_len;
4658 int i, err;
4659
4660 BT_DBG("request for %s", hdev->name);
4661
4662 if (!lmp_le_capable(hdev))
4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4664 MGMT_STATUS_NOT_SUPPORTED);
4665
4666 irk_count = __le16_to_cpu(cp->irk_count);
4667 if (irk_count > max_irk_count) {
4668 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
4669 irk_count);
4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4671 MGMT_STATUS_INVALID_PARAMS);
4672 }
4673
4674 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4675 if (expected_len != len) {
4676 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
4677 expected_len, len);
4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4679 MGMT_STATUS_INVALID_PARAMS);
4680 }
4681
4682 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4683
4684 for (i = 0; i < irk_count; i++) {
4685 struct mgmt_irk_info *key = &cp->irks[i];
4686
4687 if (!irk_is_valid(key))
4688 return mgmt_cmd_status(sk, hdev->id,
4689 MGMT_OP_LOAD_IRKS,
4690 MGMT_STATUS_INVALID_PARAMS);
4691 }
4692
4693 hci_dev_lock(hdev);
4694
4695 hci_smp_irks_clear(hdev);
4696
4697 for (i = 0; i < irk_count; i++) {
4698 struct mgmt_irk_info *irk = &cp->irks[i];
4699
4700 hci_add_irk(hdev, &irk->addr.bdaddr,
4701 le_addr_type(irk->addr.type), irk->val,
4702 BDADDR_ANY);
4703 }
4704
4705 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4706
4707 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4708
4709 hci_dev_unlock(hdev);
4710
4711 return err;
4712}
4713
4714static bool ltk_is_valid(struct mgmt_ltk_info *key)
4715{
4716 if (key->master != 0x00 && key->master != 0x01)
4717 return false;
4718
4719 switch (key->addr.type) {
4720 case BDADDR_LE_PUBLIC:
4721 return true;
4722
4723 case BDADDR_LE_RANDOM:
4724
4725 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4726 return false;
4727 return true;
4728 }
4729
4730 return false;
4731}
4732
4733static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4734 void *cp_data, u16 len)
4735{
4736 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4737 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4738 sizeof(struct mgmt_ltk_info));
4739 u16 key_count, expected_len;
4740 int i, err;
4741
4742 BT_DBG("request for %s", hdev->name);
4743
4744 if (!lmp_le_capable(hdev))
4745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4746 MGMT_STATUS_NOT_SUPPORTED);
4747
4748 key_count = __le16_to_cpu(cp->key_count);
4749 if (key_count > max_key_count) {
4750 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
4751 key_count);
4752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4753 MGMT_STATUS_INVALID_PARAMS);
4754 }
4755
4756 expected_len = sizeof(*cp) + key_count *
4757 sizeof(struct mgmt_ltk_info);
4758 if (expected_len != len) {
4759 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
4760 expected_len, len);
4761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4762 MGMT_STATUS_INVALID_PARAMS);
4763 }
4764
4765 BT_DBG("%s key_count %u", hdev->name, key_count);
4766
4767 for (i = 0; i < key_count; i++) {
4768 struct mgmt_ltk_info *key = &cp->keys[i];
4769
4770 if (!ltk_is_valid(key))
4771 return mgmt_cmd_status(sk, hdev->id,
4772 MGMT_OP_LOAD_LONG_TERM_KEYS,
4773 MGMT_STATUS_INVALID_PARAMS);
4774 }
4775
4776 hci_dev_lock(hdev);
4777
4778 hci_smp_ltks_clear(hdev);
4779
4780 for (i = 0; i < key_count; i++) {
4781 struct mgmt_ltk_info *key = &cp->keys[i];
4782 u8 type, authenticated;
4783
4784 switch (key->type) {
4785 case MGMT_LTK_UNAUTHENTICATED:
4786 authenticated = 0x00;
4787 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4788 break;
4789 case MGMT_LTK_AUTHENTICATED:
4790 authenticated = 0x01;
4791 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4792 break;
4793 case MGMT_LTK_P256_UNAUTH:
4794 authenticated = 0x00;
4795 type = SMP_LTK_P256;
4796 break;
4797 case MGMT_LTK_P256_AUTH:
4798 authenticated = 0x01;
4799 type = SMP_LTK_P256;
4800 break;
4801 case MGMT_LTK_P256_DEBUG:
4802 authenticated = 0x00;
4803 type = SMP_LTK_P256_DEBUG;
4804
4805 default:
4806 continue;
4807 }
4808
4809 hci_add_ltk(hdev, &key->addr.bdaddr,
4810 le_addr_type(key->addr.type), type, authenticated,
4811 key->val, key->enc_size, key->ediv, key->rand);
4812 }
4813
4814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4815 NULL, 0);
4816
4817 hci_dev_unlock(hdev);
4818
4819 return err;
4820}
4821
4822static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4823{
4824 struct hci_conn *conn = cmd->user_data;
4825 struct mgmt_rp_get_conn_info rp;
4826 int err;
4827
4828 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4829
4830 if (status == MGMT_STATUS_SUCCESS) {
4831 rp.rssi = conn->rssi;
4832 rp.tx_power = conn->tx_power;
4833 rp.max_tx_power = conn->max_tx_power;
4834 } else {
4835 rp.rssi = HCI_RSSI_INVALID;
4836 rp.tx_power = HCI_TX_POWER_INVALID;
4837 rp.max_tx_power = HCI_TX_POWER_INVALID;
4838 }
4839
4840 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4841 status, &rp, sizeof(rp));
4842
4843 hci_conn_drop(conn);
4844 hci_conn_put(conn);
4845
4846 return err;
4847}
4848
4849static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4850 u16 opcode)
4851{
4852 struct hci_cp_read_rssi *cp;
4853 struct mgmt_pending_cmd *cmd;
4854 struct hci_conn *conn;
4855 u16 handle;
4856 u8 status;
4857
4858 BT_DBG("status 0x%02x", hci_status);
4859
4860 hci_dev_lock(hdev);
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4872 if (!cp) {
4873 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4874 status = MGMT_STATUS_SUCCESS;
4875 } else {
4876 status = mgmt_status(hci_status);
4877 }
4878
4879 if (!cp) {
4880 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
4881 goto unlock;
4882 }
4883
4884 handle = __le16_to_cpu(cp->handle);
4885 conn = hci_conn_hash_lookup_handle(hdev, handle);
4886 if (!conn) {
4887 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
4888 handle);
4889 goto unlock;
4890 }
4891
4892 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4893 if (!cmd)
4894 goto unlock;
4895
4896 cmd->cmd_complete(cmd, status);
4897 mgmt_pending_remove(cmd);
4898
4899unlock:
4900 hci_dev_unlock(hdev);
4901}
4902
4903static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4904 u16 len)
4905{
4906 struct mgmt_cp_get_conn_info *cp = data;
4907 struct mgmt_rp_get_conn_info rp;
4908 struct hci_conn *conn;
4909 unsigned long conn_info_age;
4910 int err = 0;
4911
4912 BT_DBG("%s", hdev->name);
4913
4914 memset(&rp, 0, sizeof(rp));
4915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4916 rp.addr.type = cp->addr.type;
4917
4918 if (!bdaddr_type_is_valid(cp->addr.type))
4919 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4920 MGMT_STATUS_INVALID_PARAMS,
4921 &rp, sizeof(rp));
4922
4923 hci_dev_lock(hdev);
4924
4925 if (!hdev_is_powered(hdev)) {
4926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4927 MGMT_STATUS_NOT_POWERED, &rp,
4928 sizeof(rp));
4929 goto unlock;
4930 }
4931
4932 if (cp->addr.type == BDADDR_BREDR)
4933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4934 &cp->addr.bdaddr);
4935 else
4936 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4937
4938 if (!conn || conn->state != BT_CONNECTED) {
4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4940 MGMT_STATUS_NOT_CONNECTED, &rp,
4941 sizeof(rp));
4942 goto unlock;
4943 }
4944
4945 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4948 goto unlock;
4949 }
4950
4951
4952
4953
4954 conn_info_age = hdev->conn_info_min_age +
4955 prandom_u32_max(hdev->conn_info_max_age -
4956 hdev->conn_info_min_age);
4957
4958
4959
4960
4961 if (time_after(jiffies, conn->conn_info_timestamp +
4962 msecs_to_jiffies(conn_info_age)) ||
4963 !conn->conn_info_timestamp) {
4964 struct hci_request req;
4965 struct hci_cp_read_tx_power req_txp_cp;
4966 struct hci_cp_read_rssi req_rssi_cp;
4967 struct mgmt_pending_cmd *cmd;
4968
4969 hci_req_init(&req, hdev);
4970 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4971 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4972 &req_rssi_cp);
4973
4974
4975
4976
4977 if (!bdaddr_type_is_le(cp->addr.type) ||
4978 conn->tx_power == HCI_TX_POWER_INVALID) {
4979 req_txp_cp.handle = cpu_to_le16(conn->handle);
4980 req_txp_cp.type = 0x00;
4981 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4982 sizeof(req_txp_cp), &req_txp_cp);
4983 }
4984
4985
4986 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4987 req_txp_cp.handle = cpu_to_le16(conn->handle);
4988 req_txp_cp.type = 0x01;
4989 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4990 sizeof(req_txp_cp), &req_txp_cp);
4991 }
4992
4993 err = hci_req_run(&req, conn_info_refresh_complete);
4994 if (err < 0)
4995 goto unlock;
4996
4997 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4998 data, len);
4999 if (!cmd) {
5000 err = -ENOMEM;
5001 goto unlock;
5002 }
5003
5004 hci_conn_hold(conn);
5005 cmd->user_data = hci_conn_get(conn);
5006 cmd->cmd_complete = conn_info_cmd_complete;
5007
5008 conn->conn_info_timestamp = jiffies;
5009 } else {
5010
5011 rp.rssi = conn->rssi;
5012 rp.tx_power = conn->tx_power;
5013 rp.max_tx_power = conn->max_tx_power;
5014
5015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5016 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5017 }
5018
5019unlock:
5020 hci_dev_unlock(hdev);
5021 return err;
5022}
5023
5024static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5025{
5026 struct hci_conn *conn = cmd->user_data;
5027 struct mgmt_rp_get_clock_info rp;
5028 struct hci_dev *hdev;
5029 int err;
5030
5031 memset(&rp, 0, sizeof(rp));
5032 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5033
5034 if (status)
5035 goto complete;
5036
5037 hdev = hci_dev_get(cmd->index);
5038 if (hdev) {
5039 rp.local_clock = cpu_to_le32(hdev->clock);
5040 hci_dev_put(hdev);
5041 }
5042
5043 if (conn) {
5044 rp.piconet_clock = cpu_to_le32(conn->clock);
5045 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5046 }
5047
5048complete:
5049 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5050 sizeof(rp));
5051
5052 if (conn) {
5053 hci_conn_drop(conn);
5054 hci_conn_put(conn);
5055 }
5056
5057 return err;
5058}
5059
5060static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5061{
5062 struct hci_cp_read_clock *hci_cp;
5063 struct mgmt_pending_cmd *cmd;
5064 struct hci_conn *conn;
5065
5066 BT_DBG("%s status %u", hdev->name, status);
5067
5068 hci_dev_lock(hdev);
5069
5070 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5071 if (!hci_cp)
5072 goto unlock;
5073
5074 if (hci_cp->which) {
5075 u16 handle = __le16_to_cpu(hci_cp->handle);
5076 conn = hci_conn_hash_lookup_handle(hdev, handle);
5077 } else {
5078 conn = NULL;
5079 }
5080
5081 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5082 if (!cmd)
5083 goto unlock;
5084
5085 cmd->cmd_complete(cmd, mgmt_status(status));
5086 mgmt_pending_remove(cmd);
5087
5088unlock:
5089 hci_dev_unlock(hdev);
5090}
5091
5092static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5093 u16 len)
5094{
5095 struct mgmt_cp_get_clock_info *cp = data;
5096 struct mgmt_rp_get_clock_info rp;
5097 struct hci_cp_read_clock hci_cp;
5098 struct mgmt_pending_cmd *cmd;
5099 struct hci_request req;
5100 struct hci_conn *conn;
5101 int err;
5102
5103 BT_DBG("%s", hdev->name);
5104
5105 memset(&rp, 0, sizeof(rp));
5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5107 rp.addr.type = cp->addr.type;
5108
5109 if (cp->addr.type != BDADDR_BREDR)
5110 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5111 MGMT_STATUS_INVALID_PARAMS,
5112 &rp, sizeof(rp));
5113
5114 hci_dev_lock(hdev);
5115
5116 if (!hdev_is_powered(hdev)) {
5117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5118 MGMT_STATUS_NOT_POWERED, &rp,
5119 sizeof(rp));
5120 goto unlock;
5121 }
5122
5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5125 &cp->addr.bdaddr);
5126 if (!conn || conn->state != BT_CONNECTED) {
5127 err = mgmt_cmd_complete(sk, hdev->id,
5128 MGMT_OP_GET_CLOCK_INFO,
5129 MGMT_STATUS_NOT_CONNECTED,
5130 &rp, sizeof(rp));
5131 goto unlock;
5132 }
5133 } else {
5134 conn = NULL;
5135 }
5136
5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5138 if (!cmd) {
5139 err = -ENOMEM;
5140 goto unlock;
5141 }
5142
5143 cmd->cmd_complete = clock_info_cmd_complete;
5144
5145 hci_req_init(&req, hdev);
5146
5147 memset(&hci_cp, 0, sizeof(hci_cp));
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5149
5150 if (conn) {
5151 hci_conn_hold(conn);
5152 cmd->user_data = hci_conn_get(conn);
5153
5154 hci_cp.handle = cpu_to_le16(conn->handle);
5155 hci_cp.which = 0x01;
5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5157 }
5158
5159 err = hci_req_run(&req, get_clock_info_complete);
5160 if (err < 0)
5161 mgmt_pending_remove(cmd);
5162
5163unlock:
5164 hci_dev_unlock(hdev);
5165 return err;
5166}
5167
5168static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5169{
5170 struct hci_conn *conn;
5171
5172 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5173 if (!conn)
5174 return false;
5175
5176 if (conn->dst_type != type)
5177 return false;
5178
5179 if (conn->state != BT_CONNECTED)
5180 return false;
5181
5182 return true;
5183}
5184
5185
5186static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5187 u8 addr_type, u8 auto_connect)
5188{
5189 struct hci_conn_params *params;
5190
5191 params = hci_conn_params_add(hdev, addr, addr_type);
5192 if (!params)
5193 return -EIO;
5194
5195 if (params->auto_connect == auto_connect)
5196 return 0;
5197
5198 list_del_init(¶ms->action);
5199
5200 switch (auto_connect) {
5201 case HCI_AUTO_CONN_DISABLED:
5202 case HCI_AUTO_CONN_LINK_LOSS:
5203
5204
5205
5206 if (params->explicit_connect)
5207 list_add(¶ms->action, &hdev->pend_le_conns);
5208 break;
5209 case HCI_AUTO_CONN_REPORT:
5210 if (params->explicit_connect)
5211 list_add(¶ms->action, &hdev->pend_le_conns);
5212 else
5213 list_add(¶ms->action, &hdev->pend_le_reports);
5214 break;
5215 case HCI_AUTO_CONN_DIRECT:
5216 case HCI_AUTO_CONN_ALWAYS:
5217 if (!is_connected(hdev, addr, addr_type))
5218 list_add(¶ms->action, &hdev->pend_le_conns);
5219 break;
5220 }
5221
5222 params->auto_connect = auto_connect;
5223
5224 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5225 auto_connect);
5226
5227 return 0;
5228}
5229
5230static void device_added(struct sock *sk, struct hci_dev *hdev,
5231 bdaddr_t *bdaddr, u8 type, u8 action)
5232{
5233 struct mgmt_ev_device_added ev;
5234
5235 bacpy(&ev.addr.bdaddr, bdaddr);
5236 ev.addr.type = type;
5237 ev.action = action;
5238
5239 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5240}
5241
5242static int add_device(struct sock *sk, struct hci_dev *hdev,
5243 void *data, u16 len)
5244{
5245 struct mgmt_cp_add_device *cp = data;
5246 u8 auto_conn, addr_type;
5247 int err;
5248
5249 BT_DBG("%s", hdev->name);
5250
5251 if (!bdaddr_type_is_valid(cp->addr.type) ||
5252 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5256
5257 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5261
5262 hci_dev_lock(hdev);
5263
5264 if (cp->addr.type == BDADDR_BREDR) {
5265
5266 if (cp->action != 0x01) {
5267 err = mgmt_cmd_complete(sk, hdev->id,
5268 MGMT_OP_ADD_DEVICE,
5269 MGMT_STATUS_INVALID_PARAMS,
5270 &cp->addr, sizeof(cp->addr));
5271 goto unlock;
5272 }
5273
5274 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5275 cp->addr.type);
5276 if (err)
5277 goto unlock;
5278
5279 hci_req_update_scan(hdev);
5280
5281 goto added;
5282 }
5283
5284 addr_type = le_addr_type(cp->addr.type);
5285
5286 if (cp->action == 0x02)
5287 auto_conn = HCI_AUTO_CONN_ALWAYS;
5288 else if (cp->action == 0x01)
5289 auto_conn = HCI_AUTO_CONN_DIRECT;
5290 else
5291 auto_conn = HCI_AUTO_CONN_REPORT;
5292
5293
5294
5295
5296
5297
5298 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5300 MGMT_STATUS_INVALID_PARAMS,
5301 &cp->addr, sizeof(cp->addr));
5302 goto unlock;
5303 }
5304
5305
5306
5307
5308 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5309 auto_conn) < 0) {
5310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5311 MGMT_STATUS_FAILED, &cp->addr,
5312 sizeof(cp->addr));
5313 goto unlock;
5314 }
5315
5316 hci_update_background_scan(hdev);
5317
5318added:
5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5320
5321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5322 MGMT_STATUS_SUCCESS, &cp->addr,
5323 sizeof(cp->addr));
5324
5325unlock:
5326 hci_dev_unlock(hdev);
5327 return err;
5328}
5329
5330static void device_removed(struct sock *sk, struct hci_dev *hdev,
5331 bdaddr_t *bdaddr, u8 type)
5332{
5333 struct mgmt_ev_device_removed ev;
5334
5335 bacpy(&ev.addr.bdaddr, bdaddr);
5336 ev.addr.type = type;
5337
5338 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5339}
5340
5341static int remove_device(struct sock *sk, struct hci_dev *hdev,
5342 void *data, u16 len)
5343{
5344 struct mgmt_cp_remove_device *cp = data;
5345 int err;
5346
5347 BT_DBG("%s", hdev->name);
5348
5349 hci_dev_lock(hdev);
5350
5351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5352 struct hci_conn_params *params;
5353 u8 addr_type;
5354
5355 if (!bdaddr_type_is_valid(cp->addr.type)) {
5356 err = mgmt_cmd_complete(sk, hdev->id,
5357 MGMT_OP_REMOVE_DEVICE,
5358 MGMT_STATUS_INVALID_PARAMS,
5359 &cp->addr, sizeof(cp->addr));
5360 goto unlock;
5361 }
5362
5363 if (cp->addr.type == BDADDR_BREDR) {
5364 err = hci_bdaddr_list_del(&hdev->whitelist,
5365 &cp->addr.bdaddr,
5366 cp->addr.type);
5367 if (err) {
5368 err = mgmt_cmd_complete(sk, hdev->id,
5369 MGMT_OP_REMOVE_DEVICE,
5370 MGMT_STATUS_INVALID_PARAMS,
5371 &cp->addr,
5372 sizeof(cp->addr));
5373 goto unlock;
5374 }
5375
5376 hci_req_update_scan(hdev);
5377
5378 device_removed(sk, hdev, &cp->addr.bdaddr,
5379 cp->addr.type);
5380 goto complete;
5381 }
5382
5383 addr_type = le_addr_type(cp->addr.type);
5384
5385
5386
5387
5388
5389
5390 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5391 err = mgmt_cmd_complete(sk, hdev->id,
5392 MGMT_OP_REMOVE_DEVICE,
5393 MGMT_STATUS_INVALID_PARAMS,
5394 &cp->addr, sizeof(cp->addr));
5395 goto unlock;
5396 }
5397
5398 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5399 addr_type);
5400 if (!params) {
5401 err = mgmt_cmd_complete(sk, hdev->id,
5402 MGMT_OP_REMOVE_DEVICE,
5403 MGMT_STATUS_INVALID_PARAMS,
5404 &cp->addr, sizeof(cp->addr));
5405 goto unlock;
5406 }
5407
5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5409 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5410 err = mgmt_cmd_complete(sk, hdev->id,
5411 MGMT_OP_REMOVE_DEVICE,
5412 MGMT_STATUS_INVALID_PARAMS,
5413 &cp->addr, sizeof(cp->addr));
5414 goto unlock;
5415 }
5416
5417 list_del(¶ms->action);
5418 list_del(¶ms->list);
5419 kfree(params);
5420 hci_update_background_scan(hdev);
5421
5422 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5423 } else {
5424 struct hci_conn_params *p, *tmp;
5425 struct bdaddr_list *b, *btmp;
5426
5427 if (cp->addr.type) {
5428 err = mgmt_cmd_complete(sk, hdev->id,
5429 MGMT_OP_REMOVE_DEVICE,
5430 MGMT_STATUS_INVALID_PARAMS,
5431 &cp->addr, sizeof(cp->addr));
5432 goto unlock;
5433 }
5434
5435 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5436 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5437 list_del(&b->list);
5438 kfree(b);
5439 }
5440
5441 hci_req_update_scan(hdev);
5442
5443 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5444 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5445 continue;
5446 device_removed(sk, hdev, &p->addr, p->addr_type);
5447 if (p->explicit_connect) {
5448 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5449 continue;
5450 }
5451 list_del(&p->action);
5452 list_del(&p->list);
5453 kfree(p);
5454 }
5455
5456 BT_DBG("All LE connection parameters were removed");
5457
5458 hci_update_background_scan(hdev);
5459 }
5460
5461complete:
5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5463 MGMT_STATUS_SUCCESS, &cp->addr,
5464 sizeof(cp->addr));
5465unlock:
5466 hci_dev_unlock(hdev);
5467 return err;
5468}
5469
5470static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5471 u16 len)
5472{
5473 struct mgmt_cp_load_conn_param *cp = data;
5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5475 sizeof(struct mgmt_conn_param));
5476 u16 param_count, expected_len;
5477 int i;
5478
5479 if (!lmp_le_capable(hdev))
5480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_NOT_SUPPORTED);
5482
5483 param_count = __le16_to_cpu(cp->param_count);
5484 if (param_count > max_param_count) {
5485 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5486 param_count);
5487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5488 MGMT_STATUS_INVALID_PARAMS);
5489 }
5490
5491 expected_len = sizeof(*cp) + param_count *
5492 sizeof(struct mgmt_conn_param);
5493 if (expected_len != len) {
5494 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5495 expected_len, len);
5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_INVALID_PARAMS);
5498 }
5499
5500 BT_DBG("%s param_count %u", hdev->name, param_count);
5501
5502 hci_dev_lock(hdev);
5503
5504 hci_conn_params_clear_disabled(hdev);
5505
5506 for (i = 0; i < param_count; i++) {
5507 struct mgmt_conn_param *param = &cp->params[i];
5508 struct hci_conn_params *hci_param;
5509 u16 min, max, latency, timeout;
5510 u8 addr_type;
5511
5512 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5513 param->addr.type);
5514
5515 if (param->addr.type == BDADDR_LE_PUBLIC) {
5516 addr_type = ADDR_LE_DEV_PUBLIC;
5517 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5518 addr_type = ADDR_LE_DEV_RANDOM;
5519 } else {
5520 bt_dev_err(hdev, "ignoring invalid connection parameters");
5521 continue;
5522 }
5523
5524 min = le16_to_cpu(param->min_interval);
5525 max = le16_to_cpu(param->max_interval);
5526 latency = le16_to_cpu(param->latency);
5527 timeout = le16_to_cpu(param->timeout);
5528
5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5530 min, max, latency, timeout);
5531
5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5533 bt_dev_err(hdev, "ignoring invalid connection parameters");
5534 continue;
5535 }
5536
5537 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5538 addr_type);
5539 if (!hci_param) {
5540 bt_dev_err(hdev, "failed to add connection parameters");
5541 continue;
5542 }
5543
5544 hci_param->conn_min_interval = min;
5545 hci_param->conn_max_interval = max;
5546 hci_param->conn_latency = latency;
5547 hci_param->supervision_timeout = timeout;
5548 }
5549
5550 hci_dev_unlock(hdev);
5551
5552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5553 NULL, 0);
5554}
5555
5556static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5557 void *data, u16 len)
5558{
5559 struct mgmt_cp_set_external_config *cp = data;
5560 bool changed;
5561 int err;
5562
5563 BT_DBG("%s", hdev->name);
5564
5565 if (hdev_is_powered(hdev))
5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_REJECTED);
5568
5569 if (cp->config != 0x00 && cp->config != 0x01)
5570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5571 MGMT_STATUS_INVALID_PARAMS);
5572
5573 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5575 MGMT_STATUS_NOT_SUPPORTED);
5576
5577 hci_dev_lock(hdev);
5578
5579 if (cp->config)
5580 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5581 else
5582 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5583
5584 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5585 if (err < 0)
5586 goto unlock;
5587
5588 if (!changed)
5589 goto unlock;
5590
5591 err = new_options(hdev, sk);
5592
5593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5594 mgmt_index_removed(hdev);
5595
5596 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5597 hci_dev_set_flag(hdev, HCI_CONFIG);
5598 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5599
5600 queue_work(hdev->req_workqueue, &hdev->power_on);
5601 } else {
5602 set_bit(HCI_RAW, &hdev->flags);
5603 mgmt_index_added(hdev);
5604 }
5605 }
5606
5607unlock:
5608 hci_dev_unlock(hdev);
5609 return err;
5610}
5611
5612static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5613 void *data, u16 len)
5614{
5615 struct mgmt_cp_set_public_address *cp = data;
5616 bool changed;
5617 int err;
5618
5619 BT_DBG("%s", hdev->name);
5620
5621 if (hdev_is_powered(hdev))
5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5623 MGMT_STATUS_REJECTED);
5624
5625 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5627 MGMT_STATUS_INVALID_PARAMS);
5628
5629 if (!hdev->set_bdaddr)
5630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5631 MGMT_STATUS_NOT_SUPPORTED);
5632
5633 hci_dev_lock(hdev);
5634
5635 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5636 bacpy(&hdev->public_addr, &cp->bdaddr);
5637
5638 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5639 if (err < 0)
5640 goto unlock;
5641
5642 if (!changed)
5643 goto unlock;
5644
5645 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5646 err = new_options(hdev, sk);
5647
5648 if (is_configured(hdev)) {
5649 mgmt_index_removed(hdev);
5650
5651 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5652
5653 hci_dev_set_flag(hdev, HCI_CONFIG);
5654 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5655
5656 queue_work(hdev->req_workqueue, &hdev->power_on);
5657 }
5658
5659unlock:
5660 hci_dev_unlock(hdev);
5661 return err;
5662}
5663
5664static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5665 u16 opcode, struct sk_buff *skb)
5666{
5667 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5668 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5669 u8 *h192, *r192, *h256, *r256;
5670 struct mgmt_pending_cmd *cmd;
5671 u16 eir_len;
5672 int err;
5673
5674 BT_DBG("%s status %u", hdev->name, status);
5675
5676 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5677 if (!cmd)
5678 return;
5679
5680 mgmt_cp = cmd->param;
5681
5682 if (status) {
5683 status = mgmt_status(status);
5684 eir_len = 0;
5685
5686 h192 = NULL;
5687 r192 = NULL;
5688 h256 = NULL;
5689 r256 = NULL;
5690 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5691 struct hci_rp_read_local_oob_data *rp;
5692
5693 if (skb->len != sizeof(*rp)) {
5694 status = MGMT_STATUS_FAILED;
5695 eir_len = 0;
5696 } else {
5697 status = MGMT_STATUS_SUCCESS;
5698 rp = (void *)skb->data;
5699
5700 eir_len = 5 + 18 + 18;
5701 h192 = rp->hash;
5702 r192 = rp->rand;
5703 h256 = NULL;
5704 r256 = NULL;
5705 }
5706 } else {
5707 struct hci_rp_read_local_oob_ext_data *rp;
5708
5709 if (skb->len != sizeof(*rp)) {
5710 status = MGMT_STATUS_FAILED;
5711 eir_len = 0;
5712 } else {
5713 status = MGMT_STATUS_SUCCESS;
5714 rp = (void *)skb->data;
5715
5716 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5717 eir_len = 5 + 18 + 18;
5718 h192 = NULL;
5719 r192 = NULL;
5720 } else {
5721 eir_len = 5 + 18 + 18 + 18 + 18;
5722 h192 = rp->hash192;
5723 r192 = rp->rand192;
5724 }
5725
5726 h256 = rp->hash256;
5727 r256 = rp->rand256;
5728 }
5729 }
5730
5731 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5732 if (!mgmt_rp)
5733 goto done;
5734
5735 if (status)
5736 goto send_rsp;
5737
5738 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5739 hdev->dev_class, 3);
5740
5741 if (h192 && r192) {
5742 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5743 EIR_SSP_HASH_C192, h192, 16);
5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5745 EIR_SSP_RAND_R192, r192, 16);
5746 }
5747
5748 if (h256 && r256) {
5749 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5750 EIR_SSP_HASH_C256, h256, 16);
5751 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5752 EIR_SSP_RAND_R256, r256, 16);
5753 }
5754
5755send_rsp:
5756 mgmt_rp->type = mgmt_cp->type;
5757 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5758
5759 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5760 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5761 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5762 if (err < 0 || status)
5763 goto done;
5764
5765 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5766
5767 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5768 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5769 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5770done:
5771 kfree(mgmt_rp);
5772 mgmt_pending_remove(cmd);
5773}
5774
5775static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5776 struct mgmt_cp_read_local_oob_ext_data *cp)
5777{
5778 struct mgmt_pending_cmd *cmd;
5779 struct hci_request req;
5780 int err;
5781
5782 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5783 cp, sizeof(*cp));
5784 if (!cmd)
5785 return -ENOMEM;
5786
5787 hci_req_init(&req, hdev);
5788
5789 if (bredr_sc_enabled(hdev))
5790 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5791 else
5792 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5793
5794 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5795 if (err < 0) {
5796 mgmt_pending_remove(cmd);
5797 return err;
5798 }
5799
5800 return 0;
5801}
5802
5803static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5804 void *data, u16 data_len)
5805{
5806 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5807 struct mgmt_rp_read_local_oob_ext_data *rp;
5808 size_t rp_len;
5809 u16 eir_len;
5810 u8 status, flags, role, addr[7], hash[16], rand[16];
5811 int err;
5812
5813 BT_DBG("%s", hdev->name);
5814
5815 if (hdev_is_powered(hdev)) {
5816 switch (cp->type) {
5817 case BIT(BDADDR_BREDR):
5818 status = mgmt_bredr_support(hdev);
5819 if (status)
5820 eir_len = 0;
5821 else
5822 eir_len = 5;
5823 break;
5824 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5825 status = mgmt_le_support(hdev);
5826 if (status)
5827 eir_len = 0;
5828 else
5829 eir_len = 9 + 3 + 18 + 18 + 3;
5830 break;
5831 default:
5832 status = MGMT_STATUS_INVALID_PARAMS;
5833 eir_len = 0;
5834 break;
5835 }
5836 } else {
5837 status = MGMT_STATUS_NOT_POWERED;
5838 eir_len = 0;
5839 }
5840
5841 rp_len = sizeof(*rp) + eir_len;
5842 rp = kmalloc(rp_len, GFP_ATOMIC);
5843 if (!rp)
5844 return -ENOMEM;
5845
5846 if (status)
5847 goto complete;
5848
5849 hci_dev_lock(hdev);
5850
5851 eir_len = 0;
5852 switch (cp->type) {
5853 case BIT(BDADDR_BREDR):
5854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5855 err = read_local_ssp_oob_req(hdev, sk, cp);
5856 hci_dev_unlock(hdev);
5857 if (!err)
5858 goto done;
5859
5860 status = MGMT_STATUS_FAILED;
5861 goto complete;
5862 } else {
5863 eir_len = eir_append_data(rp->eir, eir_len,
5864 EIR_CLASS_OF_DEV,
5865 hdev->dev_class, 3);
5866 }
5867 break;
5868 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5870 smp_generate_oob(hdev, hash, rand) < 0) {
5871 hci_dev_unlock(hdev);
5872 status = MGMT_STATUS_FAILED;
5873 goto complete;
5874 }
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5887 hci_dev_unlock(hdev);
5888 status = MGMT_STATUS_REJECTED;
5889 goto complete;
5890 }
5891
5892 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5893 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5894 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5895 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5896 memcpy(addr, &hdev->static_addr, 6);
5897 addr[6] = 0x01;
5898 } else {
5899 memcpy(addr, &hdev->bdaddr, 6);
5900 addr[6] = 0x00;
5901 }
5902
5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5904 addr, sizeof(addr));
5905
5906 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5907 role = 0x02;
5908 else
5909 role = 0x01;
5910
5911 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5912 &role, sizeof(role));
5913
5914 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5915 eir_len = eir_append_data(rp->eir, eir_len,
5916 EIR_LE_SC_CONFIRM,
5917 hash, sizeof(hash));
5918
5919 eir_len = eir_append_data(rp->eir, eir_len,
5920 EIR_LE_SC_RANDOM,
5921 rand, sizeof(rand));
5922 }
5923
5924 flags = mgmt_get_adv_discov_flags(hdev);
5925
5926 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5927 flags |= LE_AD_NO_BREDR;
5928
5929 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5930 &flags, sizeof(flags));
5931 break;
5932 }
5933
5934 hci_dev_unlock(hdev);
5935
5936 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5937
5938 status = MGMT_STATUS_SUCCESS;
5939
5940complete:
5941 rp->type = cp->type;
5942 rp->eir_len = cpu_to_le16(eir_len);
5943
5944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5945 status, rp, sizeof(*rp) + eir_len);
5946 if (err < 0 || status)
5947 goto done;
5948
5949 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5950 rp, sizeof(*rp) + eir_len,
5951 HCI_MGMT_OOB_DATA_EVENTS, sk);
5952
5953done:
5954 kfree(rp);
5955
5956 return err;
5957}
5958
5959static u32 get_supported_adv_flags(struct hci_dev *hdev)
5960{
5961 u32 flags = 0;
5962
5963 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5964 flags |= MGMT_ADV_FLAG_DISCOV;
5965 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5966 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5967 flags |= MGMT_ADV_FLAG_APPEARANCE;
5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5969
5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5971 flags |= MGMT_ADV_FLAG_TX_POWER;
5972
5973 return flags;
5974}
5975
5976static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 data_len)
5978{
5979 struct mgmt_rp_read_adv_features *rp;
5980 size_t rp_len;
5981 int err;
5982 struct adv_info *adv_instance;
5983 u32 supported_flags;
5984 u8 *instance;
5985
5986 BT_DBG("%s", hdev->name);
5987
5988 if (!lmp_le_capable(hdev))
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5990 MGMT_STATUS_REJECTED);
5991
5992 hci_dev_lock(hdev);
5993
5994 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5995 rp = kmalloc(rp_len, GFP_ATOMIC);
5996 if (!rp) {
5997 hci_dev_unlock(hdev);
5998 return -ENOMEM;
5999 }
6000
6001 supported_flags = get_supported_adv_flags(hdev);
6002
6003 rp->supported_flags = cpu_to_le32(supported_flags);
6004 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6005 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6006 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6007 rp->num_instances = hdev->adv_instance_cnt;
6008
6009 instance = rp->instance;
6010 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6011 *instance = adv_instance->instance;
6012 instance++;
6013 }
6014
6015 hci_dev_unlock(hdev);
6016
6017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6018 MGMT_STATUS_SUCCESS, rp, rp_len);
6019
6020 kfree(rp);
6021
6022 return err;
6023}
6024
6025static u8 calculate_name_len(struct hci_dev *hdev)
6026{
6027 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6028
6029 return append_local_name(hdev, buf, 0);
6030}
6031
6032static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6033 bool is_adv_data)
6034{
6035 u8 max_len = HCI_MAX_AD_LENGTH;
6036
6037 if (is_adv_data) {
6038 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6039 MGMT_ADV_FLAG_LIMITED_DISCOV |
6040 MGMT_ADV_FLAG_MANAGED_FLAGS))
6041 max_len -= 3;
6042
6043 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6044 max_len -= 3;
6045 } else {
6046 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6047 max_len -= calculate_name_len(hdev);
6048
6049 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6050 max_len -= 4;
6051 }
6052
6053 return max_len;
6054}
6055
6056static bool flags_managed(u32 adv_flags)
6057{
6058 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6059 MGMT_ADV_FLAG_LIMITED_DISCOV |
6060 MGMT_ADV_FLAG_MANAGED_FLAGS);
6061}
6062
6063static bool tx_power_managed(u32 adv_flags)
6064{
6065 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6066}
6067
6068static bool name_managed(u32 adv_flags)
6069{
6070 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6071}
6072
6073static bool appearance_managed(u32 adv_flags)
6074{
6075 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6076}
6077
6078static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6079 u8 len, bool is_adv_data)
6080{
6081 int i, cur_len;
6082 u8 max_len;
6083
6084 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6085
6086 if (len > max_len)
6087 return false;
6088
6089
6090 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6091 cur_len = data[i];
6092
6093 if (data[i + 1] == EIR_FLAGS &&
6094 (!is_adv_data || flags_managed(adv_flags)))
6095 return false;
6096
6097 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6098 return false;
6099
6100 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6101 return false;
6102
6103 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6104 return false;
6105
6106 if (data[i + 1] == EIR_APPEARANCE &&
6107 appearance_managed(adv_flags))
6108 return false;
6109
6110
6111
6112
6113 if (i + cur_len >= len)
6114 return false;
6115 }
6116
6117 return true;
6118}
6119
6120static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6121 u16 opcode)
6122{
6123 struct mgmt_pending_cmd *cmd;
6124 struct mgmt_cp_add_advertising *cp;
6125 struct mgmt_rp_add_advertising rp;
6126 struct adv_info *adv_instance, *n;
6127 u8 instance;
6128
6129 BT_DBG("status %d", status);
6130
6131 hci_dev_lock(hdev);
6132
6133 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6134
6135 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6136 if (!adv_instance->pending)
6137 continue;
6138
6139 if (!status) {
6140 adv_instance->pending = false;
6141 continue;
6142 }
6143
6144 instance = adv_instance->instance;
6145
6146 if (hdev->cur_adv_instance == instance)
6147 cancel_adv_timeout(hdev);
6148
6149 hci_remove_adv_instance(hdev, instance);
6150 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6151 }
6152
6153 if (!cmd)
6154 goto unlock;
6155
6156 cp = cmd->param;
6157 rp.instance = cp->instance;
6158
6159 if (status)
6160 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6161 mgmt_status(status));
6162 else
6163 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6164 mgmt_status(status), &rp, sizeof(rp));
6165
6166 mgmt_pending_remove(cmd);
6167
6168unlock:
6169 hci_dev_unlock(hdev);
6170}
6171
6172static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6173 void *data, u16 data_len)
6174{
6175 struct mgmt_cp_add_advertising *cp = data;
6176 struct mgmt_rp_add_advertising rp;
6177 u32 flags;
6178 u32 supported_flags;
6179 u8 status;
6180 u16 timeout, duration;
6181 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6182 u8 schedule_instance = 0;
6183 struct adv_info *next_instance;
6184 int err;
6185 struct mgmt_pending_cmd *cmd;
6186 struct hci_request req;
6187
6188 BT_DBG("%s", hdev->name);
6189
6190 status = mgmt_le_support(hdev);
6191 if (status)
6192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6193 status);
6194
6195 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6196 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6197 MGMT_STATUS_INVALID_PARAMS);
6198
6199 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6200 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6201 MGMT_STATUS_INVALID_PARAMS);
6202
6203 flags = __le32_to_cpu(cp->flags);
6204 timeout = __le16_to_cpu(cp->timeout);
6205 duration = __le16_to_cpu(cp->duration);
6206
6207
6208
6209
6210 supported_flags = get_supported_adv_flags(hdev);
6211 if (flags & ~supported_flags)
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6213 MGMT_STATUS_INVALID_PARAMS);
6214
6215 hci_dev_lock(hdev);
6216
6217 if (timeout && !hdev_is_powered(hdev)) {
6218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6219 MGMT_STATUS_REJECTED);
6220 goto unlock;
6221 }
6222
6223 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6224 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6225 pending_find(MGMT_OP_SET_LE, hdev)) {
6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6227 MGMT_STATUS_BUSY);
6228 goto unlock;
6229 }
6230
6231 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6232 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6233 cp->scan_rsp_len, false)) {
6234 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6235 MGMT_STATUS_INVALID_PARAMS);
6236 goto unlock;
6237 }
6238
6239 err = hci_add_adv_instance(hdev, cp->instance, flags,
6240 cp->adv_data_len, cp->data,
6241 cp->scan_rsp_len,
6242 cp->data + cp->adv_data_len,
6243 timeout, duration);
6244 if (err < 0) {
6245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6246 MGMT_STATUS_FAILED);
6247 goto unlock;
6248 }
6249
6250
6251
6252
6253 if (hdev->adv_instance_cnt > prev_instance_cnt)
6254 mgmt_advertising_added(sk, hdev, cp->instance);
6255
6256 if (hdev->cur_adv_instance == cp->instance) {
6257
6258
6259
6260
6261
6262 cancel_adv_timeout(hdev);
6263
6264 next_instance = hci_get_next_instance(hdev, cp->instance);
6265 if (next_instance)
6266 schedule_instance = next_instance->instance;
6267 } else if (!hdev->adv_instance_timeout) {
6268
6269
6270
6271 schedule_instance = cp->instance;
6272 }
6273
6274
6275
6276
6277
6278 if (!hdev_is_powered(hdev) ||
6279 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6280 !schedule_instance) {
6281 rp.instance = cp->instance;
6282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6283 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6284 goto unlock;
6285 }
6286
6287
6288
6289
6290 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6291 data_len);
6292 if (!cmd) {
6293 err = -ENOMEM;
6294 goto unlock;
6295 }
6296
6297 hci_req_init(&req, hdev);
6298
6299 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6300
6301 if (!err)
6302 err = hci_req_run(&req, add_advertising_complete);
6303
6304 if (err < 0)
6305 mgmt_pending_remove(cmd);
6306
6307unlock:
6308 hci_dev_unlock(hdev);
6309
6310 return err;
6311}
6312
6313static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6314 u16 opcode)
6315{
6316 struct mgmt_pending_cmd *cmd;
6317 struct mgmt_cp_remove_advertising *cp;
6318 struct mgmt_rp_remove_advertising rp;
6319
6320 BT_DBG("status %d", status);
6321
6322 hci_dev_lock(hdev);
6323
6324
6325
6326
6327
6328 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6329 if (!cmd)
6330 goto unlock;
6331
6332 cp = cmd->param;
6333 rp.instance = cp->instance;
6334
6335 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6336 &rp, sizeof(rp));
6337 mgmt_pending_remove(cmd);
6338
6339unlock:
6340 hci_dev_unlock(hdev);
6341}
6342
6343static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6344 void *data, u16 data_len)
6345{
6346 struct mgmt_cp_remove_advertising *cp = data;
6347 struct mgmt_rp_remove_advertising rp;
6348 struct mgmt_pending_cmd *cmd;
6349 struct hci_request req;
6350 int err;
6351
6352 BT_DBG("%s", hdev->name);
6353
6354 hci_dev_lock(hdev);
6355
6356 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6357 err = mgmt_cmd_status(sk, hdev->id,
6358 MGMT_OP_REMOVE_ADVERTISING,
6359 MGMT_STATUS_INVALID_PARAMS);
6360 goto unlock;
6361 }
6362
6363 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6364 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6365 pending_find(MGMT_OP_SET_LE, hdev)) {
6366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6367 MGMT_STATUS_BUSY);
6368 goto unlock;
6369 }
6370
6371 if (list_empty(&hdev->adv_instances)) {
6372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6373 MGMT_STATUS_INVALID_PARAMS);
6374 goto unlock;
6375 }
6376
6377 hci_req_init(&req, hdev);
6378
6379 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6380
6381 if (list_empty(&hdev->adv_instances))
6382 __hci_req_disable_advertising(&req);
6383
6384
6385
6386
6387
6388 if (skb_queue_empty(&req.cmd_q) ||
6389 !hdev_is_powered(hdev) ||
6390 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6391 hci_req_purge(&req);
6392 rp.instance = cp->instance;
6393 err = mgmt_cmd_complete(sk, hdev->id,
6394 MGMT_OP_REMOVE_ADVERTISING,
6395 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6396 goto unlock;
6397 }
6398
6399 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6400 data_len);
6401 if (!cmd) {
6402 err = -ENOMEM;
6403 goto unlock;
6404 }
6405
6406 err = hci_req_run(&req, remove_advertising_complete);
6407 if (err < 0)
6408 mgmt_pending_remove(cmd);
6409
6410unlock:
6411 hci_dev_unlock(hdev);
6412
6413 return err;
6414}
6415
6416static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6417 void *data, u16 data_len)
6418{
6419 struct mgmt_cp_get_adv_size_info *cp = data;
6420 struct mgmt_rp_get_adv_size_info rp;
6421 u32 flags, supported_flags;
6422 int err;
6423
6424 BT_DBG("%s", hdev->name);
6425
6426 if (!lmp_le_capable(hdev))
6427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6428 MGMT_STATUS_REJECTED);
6429
6430 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6432 MGMT_STATUS_INVALID_PARAMS);
6433
6434 flags = __le32_to_cpu(cp->flags);
6435
6436
6437
6438
6439 supported_flags = get_supported_adv_flags(hdev);
6440 if (flags & ~supported_flags)
6441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6442 MGMT_STATUS_INVALID_PARAMS);
6443
6444 rp.instance = cp->instance;
6445 rp.flags = cp->flags;
6446 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6447 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6448
6449 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6450 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6451
6452 return err;
6453}
6454
6455static const struct hci_mgmt_handler mgmt_handlers[] = {
6456 { NULL },
6457 { read_version, MGMT_READ_VERSION_SIZE,
6458 HCI_MGMT_NO_HDEV |
6459 HCI_MGMT_UNTRUSTED },
6460 { read_commands, MGMT_READ_COMMANDS_SIZE,
6461 HCI_MGMT_NO_HDEV |
6462 HCI_MGMT_UNTRUSTED },
6463 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6464 HCI_MGMT_NO_HDEV |
6465 HCI_MGMT_UNTRUSTED },
6466 { read_controller_info, MGMT_READ_INFO_SIZE,
6467 HCI_MGMT_UNTRUSTED },
6468 { set_powered, MGMT_SETTING_SIZE },
6469 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6470 { set_connectable, MGMT_SETTING_SIZE },
6471 { set_fast_connectable, MGMT_SETTING_SIZE },
6472 { set_bondable, MGMT_SETTING_SIZE },
6473 { set_link_security, MGMT_SETTING_SIZE },
6474 { set_ssp, MGMT_SETTING_SIZE },
6475 { set_hs, MGMT_SETTING_SIZE },
6476 { set_le, MGMT_SETTING_SIZE },
6477 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6478 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6479 { add_uuid, MGMT_ADD_UUID_SIZE },
6480 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6481 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6482 HCI_MGMT_VAR_LEN },
6483 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6484 HCI_MGMT_VAR_LEN },
6485 { disconnect, MGMT_DISCONNECT_SIZE },
6486 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6487 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6488 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6489 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6490 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6491 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6492 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6493 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6494 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6495 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6496 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6497 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6498 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6499 HCI_MGMT_VAR_LEN },
6500 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6501 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6502 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6503 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6504 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6505 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6506 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6507 { set_advertising, MGMT_SETTING_SIZE },
6508 { set_bredr, MGMT_SETTING_SIZE },
6509 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6510 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6511 { set_secure_conn, MGMT_SETTING_SIZE },
6512 { set_debug_keys, MGMT_SETTING_SIZE },
6513 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6514 { load_irks, MGMT_LOAD_IRKS_SIZE,
6515 HCI_MGMT_VAR_LEN },
6516 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6517 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6518 { add_device, MGMT_ADD_DEVICE_SIZE },
6519 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6520 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6521 HCI_MGMT_VAR_LEN },
6522 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6523 HCI_MGMT_NO_HDEV |
6524 HCI_MGMT_UNTRUSTED },
6525 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6526 HCI_MGMT_UNCONFIGURED |
6527 HCI_MGMT_UNTRUSTED },
6528 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6529 HCI_MGMT_UNCONFIGURED },
6530 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6531 HCI_MGMT_UNCONFIGURED },
6532 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6533 HCI_MGMT_VAR_LEN },
6534 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6535 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6536 HCI_MGMT_NO_HDEV |
6537 HCI_MGMT_UNTRUSTED },
6538 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6539 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6540 HCI_MGMT_VAR_LEN },
6541 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6542 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6543 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6544 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6545 HCI_MGMT_UNTRUSTED },
6546 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6547};
6548
6549void mgmt_index_added(struct hci_dev *hdev)
6550{
6551 struct mgmt_ev_ext_index ev;
6552
6553 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6554 return;
6555
6556 switch (hdev->dev_type) {
6557 case HCI_PRIMARY:
6558 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6559 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6560 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6561 ev.type = 0x01;
6562 } else {
6563 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6564 HCI_MGMT_INDEX_EVENTS);
6565 ev.type = 0x00;
6566 }
6567 break;
6568 case HCI_AMP:
6569 ev.type = 0x02;
6570 break;
6571 default:
6572 return;
6573 }
6574
6575 ev.bus = hdev->bus;
6576
6577 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6578 HCI_MGMT_EXT_INDEX_EVENTS);
6579}
6580
6581void mgmt_index_removed(struct hci_dev *hdev)
6582{
6583 struct mgmt_ev_ext_index ev;
6584 u8 status = MGMT_STATUS_INVALID_INDEX;
6585
6586 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6587 return;
6588
6589 switch (hdev->dev_type) {
6590 case HCI_PRIMARY:
6591 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6592
6593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6594 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6595 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6596 ev.type = 0x01;
6597 } else {
6598 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6599 HCI_MGMT_INDEX_EVENTS);
6600 ev.type = 0x00;
6601 }
6602 break;
6603 case HCI_AMP:
6604 ev.type = 0x02;
6605 break;
6606 default:
6607 return;
6608 }
6609
6610 ev.bus = hdev->bus;
6611
6612 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6613 HCI_MGMT_EXT_INDEX_EVENTS);
6614}
6615
6616
6617static void restart_le_actions(struct hci_dev *hdev)
6618{
6619 struct hci_conn_params *p;
6620
6621 list_for_each_entry(p, &hdev->le_conn_params, list) {
6622
6623
6624
6625 list_del_init(&p->action);
6626
6627 switch (p->auto_connect) {
6628 case HCI_AUTO_CONN_DIRECT:
6629 case HCI_AUTO_CONN_ALWAYS:
6630 list_add(&p->action, &hdev->pend_le_conns);
6631 break;
6632 case HCI_AUTO_CONN_REPORT:
6633 list_add(&p->action, &hdev->pend_le_reports);
6634 break;
6635 default:
6636 break;
6637 }
6638 }
6639}
6640
6641void mgmt_power_on(struct hci_dev *hdev, int err)
6642{
6643 struct cmd_lookup match = { NULL, hdev };
6644
6645 BT_DBG("err %d", err);
6646
6647 hci_dev_lock(hdev);
6648
6649 if (!err) {
6650 restart_le_actions(hdev);
6651 hci_update_background_scan(hdev);
6652 }
6653
6654 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6655
6656 new_settings(hdev, match.sk);
6657
6658 if (match.sk)
6659 sock_put(match.sk);
6660
6661 hci_dev_unlock(hdev);
6662}
6663
6664void __mgmt_power_off(struct hci_dev *hdev)
6665{
6666 struct cmd_lookup match = { NULL, hdev };
6667 u8 status, zero_cod[] = { 0, 0, 0 };
6668
6669 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6670
6671
6672
6673
6674
6675
6676
6677
6678 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6679 status = MGMT_STATUS_INVALID_INDEX;
6680 else
6681 status = MGMT_STATUS_NOT_POWERED;
6682
6683 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6684
6685 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6686 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6687 zero_cod, sizeof(zero_cod),
6688 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6689 ext_info_changed(hdev, NULL);
6690 }
6691
6692 new_settings(hdev, match.sk);
6693
6694 if (match.sk)
6695 sock_put(match.sk);
6696}
6697
6698void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6699{
6700 struct mgmt_pending_cmd *cmd;
6701 u8 status;
6702
6703 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6704 if (!cmd)
6705 return;
6706
6707 if (err == -ERFKILL)
6708 status = MGMT_STATUS_RFKILLED;
6709 else
6710 status = MGMT_STATUS_FAILED;
6711
6712 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6713
6714 mgmt_pending_remove(cmd);
6715}
6716
6717void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6718 bool persistent)
6719{
6720 struct mgmt_ev_new_link_key ev;
6721
6722 memset(&ev, 0, sizeof(ev));
6723
6724 ev.store_hint = persistent;
6725 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6726 ev.key.addr.type = BDADDR_BREDR;
6727 ev.key.type = key->type;
6728 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6729 ev.key.pin_len = key->pin_len;
6730
6731 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6732}
6733
6734static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6735{
6736 switch (ltk->type) {
6737 case SMP_LTK:
6738 case SMP_LTK_SLAVE:
6739 if (ltk->authenticated)
6740 return MGMT_LTK_AUTHENTICATED;
6741 return MGMT_LTK_UNAUTHENTICATED;
6742 case SMP_LTK_P256:
6743 if (ltk->authenticated)
6744 return MGMT_LTK_P256_AUTH;
6745 return MGMT_LTK_P256_UNAUTH;
6746 case SMP_LTK_P256_DEBUG:
6747 return MGMT_LTK_P256_DEBUG;
6748 }
6749
6750 return MGMT_LTK_UNAUTHENTICATED;
6751}
6752
6753void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6754{
6755 struct mgmt_ev_new_long_term_key ev;
6756
6757 memset(&ev, 0, sizeof(ev));
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6771 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6772 ev.store_hint = 0x00;
6773 else
6774 ev.store_hint = persistent;
6775
6776 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6777 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6778 ev.key.type = mgmt_ltk_type(key);
6779 ev.key.enc_size = key->enc_size;
6780 ev.key.ediv = key->ediv;
6781 ev.key.rand = key->rand;
6782
6783 if (key->type == SMP_LTK)
6784 ev.key.master = 1;
6785
6786
6787
6788
6789 memcpy(ev.key.val, key->val, key->enc_size);
6790 memset(ev.key.val + key->enc_size, 0,
6791 sizeof(ev.key.val) - key->enc_size);
6792
6793 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6794}
6795
6796void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6797{
6798 struct mgmt_ev_new_irk ev;
6799
6800 memset(&ev, 0, sizeof(ev));
6801
6802 ev.store_hint = persistent;
6803
6804 bacpy(&ev.rpa, &irk->rpa);
6805 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6806 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6807 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6808
6809 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6810}
6811
6812void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6813 bool persistent)
6814{
6815 struct mgmt_ev_new_csrk ev;
6816
6817 memset(&ev, 0, sizeof(ev));
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6829 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6830 ev.store_hint = 0x00;
6831 else
6832 ev.store_hint = persistent;
6833
6834 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6835 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6836 ev.key.type = csrk->type;
6837 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6838
6839 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6840}
6841
6842void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6843 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6844 u16 max_interval, u16 latency, u16 timeout)
6845{
6846 struct mgmt_ev_new_conn_param ev;
6847
6848 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6849 return;
6850
6851 memset(&ev, 0, sizeof(ev));
6852 bacpy(&ev.addr.bdaddr, bdaddr);
6853 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6854 ev.store_hint = store_hint;
6855 ev.min_interval = cpu_to_le16(min_interval);
6856 ev.max_interval = cpu_to_le16(max_interval);
6857 ev.latency = cpu_to_le16(latency);
6858 ev.timeout = cpu_to_le16(timeout);
6859
6860 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6861}
6862
6863void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6864 u32 flags, u8 *name, u8 name_len)
6865{
6866 char buf[512];
6867 struct mgmt_ev_device_connected *ev = (void *) buf;
6868 u16 eir_len = 0;
6869
6870 bacpy(&ev->addr.bdaddr, &conn->dst);
6871 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6872
6873 ev->flags = __cpu_to_le32(flags);
6874
6875
6876
6877
6878
6879 if (conn->le_adv_data_len > 0) {
6880 memcpy(&ev->eir[eir_len],
6881 conn->le_adv_data, conn->le_adv_data_len);
6882 eir_len = conn->le_adv_data_len;
6883 } else {
6884 if (name_len > 0)
6885 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6886 name, name_len);
6887
6888 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6889 eir_len = eir_append_data(ev->eir, eir_len,
6890 EIR_CLASS_OF_DEV,
6891 conn->dev_class, 3);
6892 }
6893
6894 ev->eir_len = cpu_to_le16(eir_len);
6895
6896 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6897 sizeof(*ev) + eir_len, NULL);
6898}
6899
6900static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6901{
6902 struct sock **sk = data;
6903
6904 cmd->cmd_complete(cmd, 0);
6905
6906 *sk = cmd->sk;
6907 sock_hold(*sk);
6908
6909 mgmt_pending_remove(cmd);
6910}
6911
6912static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6913{
6914 struct hci_dev *hdev = data;
6915 struct mgmt_cp_unpair_device *cp = cmd->param;
6916
6917 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6918
6919 cmd->cmd_complete(cmd, 0);
6920 mgmt_pending_remove(cmd);
6921}
6922
6923bool mgmt_powering_down(struct hci_dev *hdev)
6924{
6925 struct mgmt_pending_cmd *cmd;
6926 struct mgmt_mode *cp;
6927
6928 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6929 if (!cmd)
6930 return false;
6931
6932 cp = cmd->param;
6933 if (!cp->val)
6934 return true;
6935
6936 return false;
6937}
6938
6939void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6940 u8 link_type, u8 addr_type, u8 reason,
6941 bool mgmt_connected)
6942{
6943 struct mgmt_ev_device_disconnected ev;
6944 struct sock *sk = NULL;
6945
6946
6947
6948
6949 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6950 cancel_delayed_work(&hdev->power_off);
6951 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6952 }
6953
6954 if (!mgmt_connected)
6955 return;
6956
6957 if (link_type != ACL_LINK && link_type != LE_LINK)
6958 return;
6959
6960 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6961
6962 bacpy(&ev.addr.bdaddr, bdaddr);
6963 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6964 ev.reason = reason;
6965
6966 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6967
6968 if (sk)
6969 sock_put(sk);
6970
6971 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6972 hdev);
6973}
6974
6975void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6976 u8 link_type, u8 addr_type, u8 status)
6977{
6978 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6979 struct mgmt_cp_disconnect *cp;
6980 struct mgmt_pending_cmd *cmd;
6981
6982 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6983 hdev);
6984
6985 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6986 if (!cmd)
6987 return;
6988
6989 cp = cmd->param;
6990
6991 if (bacmp(bdaddr, &cp->addr.bdaddr))
6992 return;
6993
6994 if (cp->addr.type != bdaddr_type)
6995 return;
6996
6997 cmd->cmd_complete(cmd, mgmt_status(status));
6998 mgmt_pending_remove(cmd);
6999}
7000
7001void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7002 u8 addr_type, u8 status)
7003{
7004 struct mgmt_ev_connect_failed ev;
7005
7006
7007
7008
7009 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7010 cancel_delayed_work(&hdev->power_off);
7011 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7012 }
7013
7014 bacpy(&ev.addr.bdaddr, bdaddr);
7015 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7016 ev.status = mgmt_status(status);
7017
7018 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7019}
7020
7021void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7022{
7023 struct mgmt_ev_pin_code_request ev;
7024
7025 bacpy(&ev.addr.bdaddr, bdaddr);
7026 ev.addr.type = BDADDR_BREDR;
7027 ev.secure = secure;
7028
7029 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7030}
7031
7032void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7033 u8 status)
7034{
7035 struct mgmt_pending_cmd *cmd;
7036
7037 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7038 if (!cmd)
7039 return;
7040
7041 cmd->cmd_complete(cmd, mgmt_status(status));
7042 mgmt_pending_remove(cmd);
7043}
7044
7045void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7046 u8 status)
7047{
7048 struct mgmt_pending_cmd *cmd;
7049
7050 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7051 if (!cmd)
7052 return;
7053
7054 cmd->cmd_complete(cmd, mgmt_status(status));
7055 mgmt_pending_remove(cmd);
7056}
7057
7058int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7059 u8 link_type, u8 addr_type, u32 value,
7060 u8 confirm_hint)
7061{
7062 struct mgmt_ev_user_confirm_request ev;
7063
7064 BT_DBG("%s", hdev->name);
7065
7066 bacpy(&ev.addr.bdaddr, bdaddr);
7067 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7068 ev.confirm_hint = confirm_hint;
7069 ev.value = cpu_to_le32(value);
7070
7071 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7072 NULL);
7073}
7074
7075int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7076 u8 link_type, u8 addr_type)
7077{
7078 struct mgmt_ev_user_passkey_request ev;
7079
7080 BT_DBG("%s", hdev->name);
7081
7082 bacpy(&ev.addr.bdaddr, bdaddr);
7083 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7084
7085 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7086 NULL);
7087}
7088
7089static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7090 u8 link_type, u8 addr_type, u8 status,
7091 u8 opcode)
7092{
7093 struct mgmt_pending_cmd *cmd;
7094
7095 cmd = pending_find(opcode, hdev);
7096 if (!cmd)
7097 return -ENOENT;
7098
7099 cmd->cmd_complete(cmd, mgmt_status(status));
7100 mgmt_pending_remove(cmd);
7101
7102 return 0;
7103}
7104
7105int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7106 u8 link_type, u8 addr_type, u8 status)
7107{
7108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7109 status, MGMT_OP_USER_CONFIRM_REPLY);
7110}
7111
7112int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7113 u8 link_type, u8 addr_type, u8 status)
7114{
7115 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7116 status,
7117 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7118}
7119
7120int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7121 u8 link_type, u8 addr_type, u8 status)
7122{
7123 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7124 status, MGMT_OP_USER_PASSKEY_REPLY);
7125}
7126
7127int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7128 u8 link_type, u8 addr_type, u8 status)
7129{
7130 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7131 status,
7132 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7133}
7134
7135int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7136 u8 link_type, u8 addr_type, u32 passkey,
7137 u8 entered)
7138{
7139 struct mgmt_ev_passkey_notify ev;
7140
7141 BT_DBG("%s", hdev->name);
7142
7143 bacpy(&ev.addr.bdaddr, bdaddr);
7144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7145 ev.passkey = __cpu_to_le32(passkey);
7146 ev.entered = entered;
7147
7148 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7149}
7150
7151void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7152{
7153 struct mgmt_ev_auth_failed ev;
7154 struct mgmt_pending_cmd *cmd;
7155 u8 status = mgmt_status(hci_status);
7156
7157 bacpy(&ev.addr.bdaddr, &conn->dst);
7158 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7159 ev.status = status;
7160
7161 cmd = find_pairing(conn);
7162
7163 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7164 cmd ? cmd->sk : NULL);
7165
7166 if (cmd) {
7167 cmd->cmd_complete(cmd, status);
7168 mgmt_pending_remove(cmd);
7169 }
7170}
7171
7172void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7173{
7174 struct cmd_lookup match = { NULL, hdev };
7175 bool changed;
7176
7177 if (status) {
7178 u8 mgmt_err = mgmt_status(status);
7179 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7180 cmd_status_rsp, &mgmt_err);
7181 return;
7182 }
7183
7184 if (test_bit(HCI_AUTH, &hdev->flags))
7185 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7186 else
7187 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7188
7189 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7190 &match);
7191
7192 if (changed)
7193 new_settings(hdev, match.sk);
7194
7195 if (match.sk)
7196 sock_put(match.sk);
7197}
7198
7199static void clear_eir(struct hci_request *req)
7200{
7201 struct hci_dev *hdev = req->hdev;
7202 struct hci_cp_write_eir cp;
7203
7204 if (!lmp_ext_inq_capable(hdev))
7205 return;
7206
7207 memset(hdev->eir, 0, sizeof(hdev->eir));
7208
7209 memset(&cp, 0, sizeof(cp));
7210
7211 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7212}
7213
7214void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7215{
7216 struct cmd_lookup match = { NULL, hdev };
7217 struct hci_request req;
7218 bool changed = false;
7219
7220 if (status) {
7221 u8 mgmt_err = mgmt_status(status);
7222
7223 if (enable && hci_dev_test_and_clear_flag(hdev,
7224 HCI_SSP_ENABLED)) {
7225 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7226 new_settings(hdev, NULL);
7227 }
7228
7229 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7230 &mgmt_err);
7231 return;
7232 }
7233
7234 if (enable) {
7235 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7236 } else {
7237 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7238 if (!changed)
7239 changed = hci_dev_test_and_clear_flag(hdev,
7240 HCI_HS_ENABLED);
7241 else
7242 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7243 }
7244
7245 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7246
7247 if (changed)
7248 new_settings(hdev, match.sk);
7249
7250 if (match.sk)
7251 sock_put(match.sk);
7252
7253 hci_req_init(&req, hdev);
7254
7255 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7256 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7257 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7258 sizeof(enable), &enable);
7259 __hci_req_update_eir(&req);
7260 } else {
7261 clear_eir(&req);
7262 }
7263
7264 hci_req_run(&req, NULL);
7265}
7266
7267static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7268{
7269 struct cmd_lookup *match = data;
7270
7271 if (match->sk == NULL) {
7272 match->sk = cmd->sk;
7273 sock_hold(match->sk);
7274 }
7275}
7276
7277void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7278 u8 status)
7279{
7280 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7281
7282 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7283 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7284 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7285
7286 if (!status) {
7287 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7288 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7289 ext_info_changed(hdev, NULL);
7290 }
7291
7292 if (match.sk)
7293 sock_put(match.sk);
7294}
7295
7296void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7297{
7298 struct mgmt_cp_set_local_name ev;
7299 struct mgmt_pending_cmd *cmd;
7300
7301 if (status)
7302 return;
7303
7304 memset(&ev, 0, sizeof(ev));
7305 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7306 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7307
7308 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7309 if (!cmd) {
7310 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7311
7312
7313
7314
7315 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7316 return;
7317 }
7318
7319 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7320 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7321 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7322}
7323
7324static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7325{
7326 int i;
7327
7328 for (i = 0; i < uuid_count; i++) {
7329 if (!memcmp(uuid, uuids[i], 16))
7330 return true;
7331 }
7332
7333 return false;
7334}
7335
7336static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7337{
7338 u16 parsed = 0;
7339
7340 while (parsed < eir_len) {
7341 u8 field_len = eir[0];
7342 u8 uuid[16];
7343 int i;
7344
7345 if (field_len == 0)
7346 break;
7347
7348 if (eir_len - parsed < field_len + 1)
7349 break;
7350
7351 switch (eir[1]) {
7352 case EIR_UUID16_ALL:
7353 case EIR_UUID16_SOME:
7354 for (i = 0; i + 3 <= field_len; i += 2) {
7355 memcpy(uuid, bluetooth_base_uuid, 16);
7356 uuid[13] = eir[i + 3];
7357 uuid[12] = eir[i + 2];
7358 if (has_uuid(uuid, uuid_count, uuids))
7359 return true;
7360 }
7361 break;
7362 case EIR_UUID32_ALL:
7363 case EIR_UUID32_SOME:
7364 for (i = 0; i + 5 <= field_len; i += 4) {
7365 memcpy(uuid, bluetooth_base_uuid, 16);
7366 uuid[15] = eir[i + 5];
7367 uuid[14] = eir[i + 4];
7368 uuid[13] = eir[i + 3];
7369 uuid[12] = eir[i + 2];
7370 if (has_uuid(uuid, uuid_count, uuids))
7371 return true;
7372 }
7373 break;
7374 case EIR_UUID128_ALL:
7375 case EIR_UUID128_SOME:
7376 for (i = 0; i + 17 <= field_len; i += 16) {
7377 memcpy(uuid, eir + i + 2, 16);
7378 if (has_uuid(uuid, uuid_count, uuids))
7379 return true;
7380 }
7381 break;
7382 }
7383
7384 parsed += field_len + 1;
7385 eir += field_len + 1;
7386 }
7387
7388 return false;
7389}
7390
7391static void restart_le_scan(struct hci_dev *hdev)
7392{
7393
7394 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7395 return;
7396
7397 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7398 hdev->discovery.scan_start +
7399 hdev->discovery.scan_duration))
7400 return;
7401
7402 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7403 DISCOV_LE_RESTART_DELAY);
7404}
7405
7406static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7407 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7408{
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7419 (rssi == HCI_RSSI_INVALID ||
7420 (rssi < hdev->discovery.rssi &&
7421 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7422 return false;
7423
7424 if (hdev->discovery.uuid_count != 0) {
7425
7426
7427
7428 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7429 hdev->discovery.uuids) &&
7430 !eir_has_uuids(scan_rsp, scan_rsp_len,
7431 hdev->discovery.uuid_count,
7432 hdev->discovery.uuids))
7433 return false;
7434 }
7435
7436
7437
7438
7439 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7440 restart_le_scan(hdev);
7441
7442
7443 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7444 rssi < hdev->discovery.rssi)
7445 return false;
7446 }
7447
7448 return true;
7449}
7450
7451void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7452 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7453 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7454{
7455 char buf[512];
7456 struct mgmt_ev_device_found *ev = (void *)buf;
7457 size_t ev_size;
7458
7459
7460
7461
7462
7463 if (!hci_discovery_active(hdev)) {
7464 if (link_type == ACL_LINK)
7465 return;
7466 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7467 return;
7468 }
7469
7470 if (hdev->discovery.result_filtering) {
7471
7472 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7473 scan_rsp_len))
7474 return;
7475 }
7476
7477 if (hdev->discovery.limited) {
7478
7479 if (dev_class) {
7480 if (!(dev_class[1] & 0x20))
7481 return;
7482 } else {
7483 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7484 if (!flags || !(flags[0] & LE_AD_LIMITED))
7485 return;
7486 }
7487 }
7488
7489
7490
7491
7492 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7493 return;
7494
7495 memset(buf, 0, sizeof(buf));
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7506 link_type == ACL_LINK)
7507 rssi = 0;
7508
7509 bacpy(&ev->addr.bdaddr, bdaddr);
7510 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7511 ev->rssi = rssi;
7512 ev->flags = cpu_to_le32(flags);
7513
7514 if (eir_len > 0)
7515
7516 memcpy(ev->eir, eir, eir_len);
7517
7518 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7519 NULL))
7520 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7521 dev_class, 3);
7522
7523 if (scan_rsp_len > 0)
7524
7525 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7526
7527 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7528 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7529
7530 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7531}
7532
7533void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7534 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7535{
7536 struct mgmt_ev_device_found *ev;
7537 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7538 u16 eir_len;
7539
7540 ev = (struct mgmt_ev_device_found *) buf;
7541
7542 memset(buf, 0, sizeof(buf));
7543
7544 bacpy(&ev->addr.bdaddr, bdaddr);
7545 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7546 ev->rssi = rssi;
7547
7548 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7549 name_len);
7550
7551 ev->eir_len = cpu_to_le16(eir_len);
7552
7553 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7554}
7555
7556void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7557{
7558 struct mgmt_ev_discovering ev;
7559
7560 BT_DBG("%s discovering %u", hdev->name, discovering);
7561
7562 memset(&ev, 0, sizeof(ev));
7563 ev.type = hdev->discovery.type;
7564 ev.discovering = discovering;
7565
7566 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7567}
7568
7569static struct hci_mgmt_chan chan = {
7570 .channel = HCI_CHANNEL_CONTROL,
7571 .handler_count = ARRAY_SIZE(mgmt_handlers),
7572 .handlers = mgmt_handlers,
7573 .hdev_init = mgmt_init_hdev,
7574};
7575
7576int mgmt_init(void)
7577{
7578 return hci_mgmt_chan_register(&chan);
7579}
7580
7581void mgmt_exit(void)
7582{
7583 hci_mgmt_chan_unregister(&chan);
7584}
7585
