1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
33#include <net/bluetooth/mgmt.h>
34
35#include "hci_request.h"
36#include "smp.h"
37
38#define MGMT_VERSION 1
39#define MGMT_REVISION 8
40
41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_BONDABLE,
49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
79 MGMT_OP_SET_DEVICE_ID,
80 MGMT_OP_SET_ADVERTISING,
81 MGMT_OP_SET_BREDR,
82 MGMT_OP_SET_STATIC_ADDRESS,
83 MGMT_OP_SET_SCAN_PARAMS,
84 MGMT_OP_SET_SECURE_CONN,
85 MGMT_OP_SET_DEBUG_KEYS,
86 MGMT_OP_SET_PRIVACY,
87 MGMT_OP_LOAD_IRKS,
88 MGMT_OP_GET_CONN_INFO,
89 MGMT_OP_GET_CLOCK_INFO,
90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
92 MGMT_OP_LOAD_CONN_PARAM,
93 MGMT_OP_READ_UNCONF_INDEX_LIST,
94 MGMT_OP_READ_CONFIG_INFO,
95 MGMT_OP_SET_EXTERNAL_CONFIG,
96 MGMT_OP_SET_PUBLIC_ADDRESS,
97 MGMT_OP_START_SERVICE_DISCOVERY,
98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
121 MGMT_EV_PASSKEY_NOTIFY,
122 MGMT_EV_NEW_IRK,
123 MGMT_EV_NEW_CSRK,
124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
126 MGMT_EV_NEW_CONN_PARAM,
127 MGMT_EV_UNCONF_INDEX_ADDED,
128 MGMT_EV_UNCONF_INDEX_REMOVED,
129 MGMT_EV_NEW_CONFIG_OPTIONS,
130};
131
132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
133
134#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
135 "\x00\x00\x00\x00\x00\x00\x00\x00"
136
137struct pending_cmd {
138 struct list_head list;
139 u16 opcode;
140 int index;
141 void *param;
142 size_t param_len;
143 struct sock *sk;
144 void *user_data;
145 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
146};
147
148
149static u8 mgmt_status_table[] = {
150 MGMT_STATUS_SUCCESS,
151 MGMT_STATUS_UNKNOWN_COMMAND,
152 MGMT_STATUS_NOT_CONNECTED,
153 MGMT_STATUS_FAILED,
154 MGMT_STATUS_CONNECT_FAILED,
155 MGMT_STATUS_AUTH_FAILED,
156 MGMT_STATUS_AUTH_FAILED,
157 MGMT_STATUS_NO_RESOURCES,
158 MGMT_STATUS_TIMEOUT,
159 MGMT_STATUS_NO_RESOURCES,
160 MGMT_STATUS_NO_RESOURCES,
161 MGMT_STATUS_ALREADY_CONNECTED,
162 MGMT_STATUS_BUSY,
163 MGMT_STATUS_NO_RESOURCES,
164 MGMT_STATUS_REJECTED,
165 MGMT_STATUS_REJECTED,
166 MGMT_STATUS_TIMEOUT,
167 MGMT_STATUS_NOT_SUPPORTED,
168 MGMT_STATUS_INVALID_PARAMS,
169 MGMT_STATUS_DISCONNECTED,
170 MGMT_STATUS_NO_RESOURCES,
171 MGMT_STATUS_DISCONNECTED,
172 MGMT_STATUS_DISCONNECTED,
173 MGMT_STATUS_BUSY,
174 MGMT_STATUS_REJECTED,
175 MGMT_STATUS_FAILED,
176 MGMT_STATUS_NOT_SUPPORTED,
177 MGMT_STATUS_REJECTED,
178 MGMT_STATUS_REJECTED,
179 MGMT_STATUS_REJECTED,
180 MGMT_STATUS_INVALID_PARAMS,
181 MGMT_STATUS_FAILED,
182 MGMT_STATUS_NOT_SUPPORTED,
183 MGMT_STATUS_FAILED,
184 MGMT_STATUS_TIMEOUT,
185 MGMT_STATUS_FAILED,
186 MGMT_STATUS_FAILED,
187 MGMT_STATUS_REJECTED,
188 MGMT_STATUS_FAILED,
189 MGMT_STATUS_NOT_SUPPORTED,
190 MGMT_STATUS_TIMEOUT,
191 MGMT_STATUS_NOT_SUPPORTED,
192 MGMT_STATUS_FAILED,
193 MGMT_STATUS_INVALID_PARAMS,
194 MGMT_STATUS_REJECTED,
195 MGMT_STATUS_NOT_SUPPORTED,
196 MGMT_STATUS_REJECTED,
197 MGMT_STATUS_INVALID_PARAMS,
198 MGMT_STATUS_BUSY,
199 MGMT_STATUS_FAILED,
200 MGMT_STATUS_FAILED,
201 MGMT_STATUS_INVALID_PARAMS,
202 MGMT_STATUS_NOT_SUPPORTED,
203 MGMT_STATUS_BUSY,
204 MGMT_STATUS_REJECTED,
205 MGMT_STATUS_BUSY,
206 MGMT_STATUS_INVALID_PARAMS,
207 MGMT_STATUS_TIMEOUT,
208 MGMT_STATUS_AUTH_FAILED,
209 MGMT_STATUS_CONNECT_FAILED,
210 MGMT_STATUS_CONNECT_FAILED,
211};
212
213static u8 mgmt_status(u8 hci_status)
214{
215 if (hci_status < ARRAY_SIZE(mgmt_status_table))
216 return mgmt_status_table[hci_status];
217
218 return MGMT_STATUS_FAILED;
219}
220
221static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
222 struct sock *skip_sk)
223{
224 struct sk_buff *skb;
225 struct mgmt_hdr *hdr;
226
227 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
228 if (!skb)
229 return -ENOMEM;
230
231 hdr = (void *) skb_put(skb, sizeof(*hdr));
232 hdr->opcode = cpu_to_le16(event);
233 if (hdev)
234 hdr->index = cpu_to_le16(hdev->id);
235 else
236 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
237 hdr->len = cpu_to_le16(data_len);
238
239 if (data)
240 memcpy(skb_put(skb, data_len), data, data_len);
241
242
243 __net_timestamp(skb);
244
245 hci_send_to_control(skb, skip_sk);
246 kfree_skb(skb);
247
248 return 0;
249}
250
251static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
252{
253 struct sk_buff *skb;
254 struct mgmt_hdr *hdr;
255 struct mgmt_ev_cmd_status *ev;
256 int err;
257
258 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
259
260 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
261 if (!skb)
262 return -ENOMEM;
263
264 hdr = (void *) skb_put(skb, sizeof(*hdr));
265
266 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
267 hdr->index = cpu_to_le16(index);
268 hdr->len = cpu_to_le16(sizeof(*ev));
269
270 ev = (void *) skb_put(skb, sizeof(*ev));
271 ev->status = status;
272 ev->opcode = cpu_to_le16(cmd);
273
274 err = sock_queue_rcv_skb(sk, skb);
275 if (err < 0)
276 kfree_skb(skb);
277
278 return err;
279}
280
281static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
282 void *rp, size_t rp_len)
283{
284 struct sk_buff *skb;
285 struct mgmt_hdr *hdr;
286 struct mgmt_ev_cmd_complete *ev;
287 int err;
288
289 BT_DBG("sock %p", sk);
290
291 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
292 if (!skb)
293 return -ENOMEM;
294
295 hdr = (void *) skb_put(skb, sizeof(*hdr));
296
297 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
298 hdr->index = cpu_to_le16(index);
299 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
300
301 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
302 ev->opcode = cpu_to_le16(cmd);
303 ev->status = status;
304
305 if (rp)
306 memcpy(ev->data, rp, rp_len);
307
308 err = sock_queue_rcv_skb(sk, skb);
309 if (err < 0)
310 kfree_skb(skb);
311
312 return err;
313}
314
315static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
317{
318 struct mgmt_rp_read_version rp;
319
320 BT_DBG("sock %p", sk);
321
322 rp.version = MGMT_VERSION;
323 rp.revision = cpu_to_le16(MGMT_REVISION);
324
325 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
326 sizeof(rp));
327}
328
329static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
330 u16 data_len)
331{
332 struct mgmt_rp_read_commands *rp;
333 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
334 const u16 num_events = ARRAY_SIZE(mgmt_events);
335 __le16 *opcode;
336 size_t rp_size;
337 int i, err;
338
339 BT_DBG("sock %p", sk);
340
341 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
342
343 rp = kmalloc(rp_size, GFP_KERNEL);
344 if (!rp)
345 return -ENOMEM;
346
347 rp->num_commands = cpu_to_le16(num_commands);
348 rp->num_events = cpu_to_le16(num_events);
349
350 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
351 put_unaligned_le16(mgmt_commands[i], opcode);
352
353 for (i = 0; i < num_events; i++, opcode++)
354 put_unaligned_le16(mgmt_events[i], opcode);
355
356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
357 rp_size);
358 kfree(rp);
359
360 return err;
361}
362
363static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
364 u16 data_len)
365{
366 struct mgmt_rp_read_index_list *rp;
367 struct hci_dev *d;
368 size_t rp_len;
369 u16 count;
370 int err;
371
372 BT_DBG("sock %p", sk);
373
374 read_lock(&hci_dev_list_lock);
375
376 count = 0;
377 list_for_each_entry(d, &hci_dev_list, list) {
378 if (d->dev_type == HCI_BREDR &&
379 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
380 count++;
381 }
382
383 rp_len = sizeof(*rp) + (2 * count);
384 rp = kmalloc(rp_len, GFP_ATOMIC);
385 if (!rp) {
386 read_unlock(&hci_dev_list_lock);
387 return -ENOMEM;
388 }
389
390 count = 0;
391 list_for_each_entry(d, &hci_dev_list, list) {
392 if (test_bit(HCI_SETUP, &d->dev_flags) ||
393 test_bit(HCI_CONFIG, &d->dev_flags) ||
394 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
395 continue;
396
397
398
399
400 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
401 continue;
402
403 if (d->dev_type == HCI_BREDR &&
404 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
405 rp->index[count++] = cpu_to_le16(d->id);
406 BT_DBG("Added hci%u", d->id);
407 }
408 }
409
410 rp->num_controllers = cpu_to_le16(count);
411 rp_len = sizeof(*rp) + (2 * count);
412
413 read_unlock(&hci_dev_list_lock);
414
415 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
416 rp_len);
417
418 kfree(rp);
419
420 return err;
421}
422
423static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
424 void *data, u16 data_len)
425{
426 struct mgmt_rp_read_unconf_index_list *rp;
427 struct hci_dev *d;
428 size_t rp_len;
429 u16 count;
430 int err;
431
432 BT_DBG("sock %p", sk);
433
434 read_lock(&hci_dev_list_lock);
435
436 count = 0;
437 list_for_each_entry(d, &hci_dev_list, list) {
438 if (d->dev_type == HCI_BREDR &&
439 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
440 count++;
441 }
442
443 rp_len = sizeof(*rp) + (2 * count);
444 rp = kmalloc(rp_len, GFP_ATOMIC);
445 if (!rp) {
446 read_unlock(&hci_dev_list_lock);
447 return -ENOMEM;
448 }
449
450 count = 0;
451 list_for_each_entry(d, &hci_dev_list, list) {
452 if (test_bit(HCI_SETUP, &d->dev_flags) ||
453 test_bit(HCI_CONFIG, &d->dev_flags) ||
454 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
455 continue;
456
457
458
459
460 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
461 continue;
462
463 if (d->dev_type == HCI_BREDR &&
464 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
465 rp->index[count++] = cpu_to_le16(d->id);
466 BT_DBG("Added hci%u", d->id);
467 }
468 }
469
470 rp->num_controllers = cpu_to_le16(count);
471 rp_len = sizeof(*rp) + (2 * count);
472
473 read_unlock(&hci_dev_list_lock);
474
475 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 0, rp, rp_len);
477
478 kfree(rp);
479
480 return err;
481}
482
483static bool is_configured(struct hci_dev *hdev)
484{
485 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
486 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
487 return false;
488
489 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
490 !bacmp(&hdev->public_addr, BDADDR_ANY))
491 return false;
492
493 return true;
494}
495
496static __le32 get_missing_options(struct hci_dev *hdev)
497{
498 u32 options = 0;
499
500 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
501 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
502 options |= MGMT_OPTION_EXTERNAL_CONFIG;
503
504 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
505 !bacmp(&hdev->public_addr, BDADDR_ANY))
506 options |= MGMT_OPTION_PUBLIC_ADDRESS;
507
508 return cpu_to_le32(options);
509}
510
511static int new_options(struct hci_dev *hdev, struct sock *skip)
512{
513 __le32 options = get_missing_options(hdev);
514
515 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
516 sizeof(options), skip);
517}
518
519static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
520{
521 __le32 options = get_missing_options(hdev);
522
523 return cmd_complete(sk, hdev->id, opcode, 0, &options,
524 sizeof(options));
525}
526
527static int read_config_info(struct sock *sk, struct hci_dev *hdev,
528 void *data, u16 data_len)
529{
530 struct mgmt_rp_read_config_info rp;
531 u32 options = 0;
532
533 BT_DBG("sock %p %s", sk, hdev->name);
534
535 hci_dev_lock(hdev);
536
537 memset(&rp, 0, sizeof(rp));
538 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
539
540 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
541 options |= MGMT_OPTION_EXTERNAL_CONFIG;
542
543 if (hdev->set_bdaddr)
544 options |= MGMT_OPTION_PUBLIC_ADDRESS;
545
546 rp.supported_options = cpu_to_le32(options);
547 rp.missing_options = get_missing_options(hdev);
548
549 hci_dev_unlock(hdev);
550
551 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
552 sizeof(rp));
553}
554
555static u32 get_supported_settings(struct hci_dev *hdev)
556{
557 u32 settings = 0;
558
559 settings |= MGMT_SETTING_POWERED;
560 settings |= MGMT_SETTING_BONDABLE;
561 settings |= MGMT_SETTING_DEBUG_KEYS;
562 settings |= MGMT_SETTING_CONNECTABLE;
563 settings |= MGMT_SETTING_DISCOVERABLE;
564
565 if (lmp_bredr_capable(hdev)) {
566 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
567 settings |= MGMT_SETTING_FAST_CONNECTABLE;
568 settings |= MGMT_SETTING_BREDR;
569 settings |= MGMT_SETTING_LINK_SECURITY;
570
571 if (lmp_ssp_capable(hdev)) {
572 settings |= MGMT_SETTING_SSP;
573 settings |= MGMT_SETTING_HS;
574 }
575
576 if (lmp_sc_capable(hdev))
577 settings |= MGMT_SETTING_SECURE_CONN;
578 }
579
580 if (lmp_le_capable(hdev)) {
581 settings |= MGMT_SETTING_LE;
582 settings |= MGMT_SETTING_ADVERTISING;
583 settings |= MGMT_SETTING_SECURE_CONN;
584 settings |= MGMT_SETTING_PRIVACY;
585 }
586
587 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
588 hdev->set_bdaddr)
589 settings |= MGMT_SETTING_CONFIGURATION;
590
591 return settings;
592}
593
594static u32 get_current_settings(struct hci_dev *hdev)
595{
596 u32 settings = 0;
597
598 if (hdev_is_powered(hdev))
599 settings |= MGMT_SETTING_POWERED;
600
601 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_CONNECTABLE;
603
604 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
605 settings |= MGMT_SETTING_FAST_CONNECTABLE;
606
607 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
608 settings |= MGMT_SETTING_DISCOVERABLE;
609
610 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
611 settings |= MGMT_SETTING_BONDABLE;
612
613 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
614 settings |= MGMT_SETTING_BREDR;
615
616 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
617 settings |= MGMT_SETTING_LE;
618
619 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
620 settings |= MGMT_SETTING_LINK_SECURITY;
621
622 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_SSP;
624
625 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
626 settings |= MGMT_SETTING_HS;
627
628 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
629 settings |= MGMT_SETTING_ADVERTISING;
630
631 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
632 settings |= MGMT_SETTING_SECURE_CONN;
633
634 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
635 settings |= MGMT_SETTING_DEBUG_KEYS;
636
637 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
638 settings |= MGMT_SETTING_PRIVACY;
639
640 return settings;
641}
642
643#define PNP_INFO_SVCLASS_ID 0x1200
644
645static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
646{
647 u8 *ptr = data, *uuids_start = NULL;
648 struct bt_uuid *uuid;
649
650 if (len < 4)
651 return ptr;
652
653 list_for_each_entry(uuid, &hdev->uuids, list) {
654 u16 uuid16;
655
656 if (uuid->size != 16)
657 continue;
658
659 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
660 if (uuid16 < 0x1100)
661 continue;
662
663 if (uuid16 == PNP_INFO_SVCLASS_ID)
664 continue;
665
666 if (!uuids_start) {
667 uuids_start = ptr;
668 uuids_start[0] = 1;
669 uuids_start[1] = EIR_UUID16_ALL;
670 ptr += 2;
671 }
672
673
674 if ((ptr - data) + sizeof(u16) > len) {
675 uuids_start[1] = EIR_UUID16_SOME;
676 break;
677 }
678
679 *ptr++ = (uuid16 & 0x00ff);
680 *ptr++ = (uuid16 & 0xff00) >> 8;
681 uuids_start[0] += sizeof(uuid16);
682 }
683
684 return ptr;
685}
686
687static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
688{
689 u8 *ptr = data, *uuids_start = NULL;
690 struct bt_uuid *uuid;
691
692 if (len < 6)
693 return ptr;
694
695 list_for_each_entry(uuid, &hdev->uuids, list) {
696 if (uuid->size != 32)
697 continue;
698
699 if (!uuids_start) {
700 uuids_start = ptr;
701 uuids_start[0] = 1;
702 uuids_start[1] = EIR_UUID32_ALL;
703 ptr += 2;
704 }
705
706
707 if ((ptr - data) + sizeof(u32) > len) {
708 uuids_start[1] = EIR_UUID32_SOME;
709 break;
710 }
711
712 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
713 ptr += sizeof(u32);
714 uuids_start[0] += sizeof(u32);
715 }
716
717 return ptr;
718}
719
720static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
721{
722 u8 *ptr = data, *uuids_start = NULL;
723 struct bt_uuid *uuid;
724
725 if (len < 18)
726 return ptr;
727
728 list_for_each_entry(uuid, &hdev->uuids, list) {
729 if (uuid->size != 128)
730 continue;
731
732 if (!uuids_start) {
733 uuids_start = ptr;
734 uuids_start[0] = 1;
735 uuids_start[1] = EIR_UUID128_ALL;
736 ptr += 2;
737 }
738
739
740 if ((ptr - data) + 16 > len) {
741 uuids_start[1] = EIR_UUID128_SOME;
742 break;
743 }
744
745 memcpy(ptr, uuid->uuid, 16);
746 ptr += 16;
747 uuids_start[0] += 16;
748 }
749
750 return ptr;
751}
752
753static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
754{
755 struct pending_cmd *cmd;
756
757 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
758 if (cmd->opcode == opcode)
759 return cmd;
760 }
761
762 return NULL;
763}
764
765static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
766 struct hci_dev *hdev,
767 const void *data)
768{
769 struct pending_cmd *cmd;
770
771 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
772 if (cmd->user_data != data)
773 continue;
774 if (cmd->opcode == opcode)
775 return cmd;
776 }
777
778 return NULL;
779}
780
781static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
782{
783 u8 ad_len = 0;
784 size_t name_len;
785
786 name_len = strlen(hdev->dev_name);
787 if (name_len > 0) {
788 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
789
790 if (name_len > max_len) {
791 name_len = max_len;
792 ptr[1] = EIR_NAME_SHORT;
793 } else
794 ptr[1] = EIR_NAME_COMPLETE;
795
796 ptr[0] = name_len + 1;
797
798 memcpy(ptr + 2, hdev->dev_name, name_len);
799
800 ad_len += (name_len + 2);
801 ptr += (name_len + 2);
802 }
803
804 return ad_len;
805}
806
807static void update_scan_rsp_data(struct hci_request *req)
808{
809 struct hci_dev *hdev = req->hdev;
810 struct hci_cp_le_set_scan_rsp_data cp;
811 u8 len;
812
813 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
814 return;
815
816 memset(&cp, 0, sizeof(cp));
817
818 len = create_scan_rsp_data(hdev, cp.data);
819
820 if (hdev->scan_rsp_data_len == len &&
821 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
822 return;
823
824 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
825 hdev->scan_rsp_data_len = len;
826
827 cp.length = len;
828
829 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
830}
831
832static u8 get_adv_discov_flags(struct hci_dev *hdev)
833{
834 struct pending_cmd *cmd;
835
836
837
838
839 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
840 if (cmd) {
841 struct mgmt_mode *cp = cmd->param;
842 if (cp->val == 0x01)
843 return LE_AD_GENERAL;
844 else if (cp->val == 0x02)
845 return LE_AD_LIMITED;
846 } else {
847 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
848 return LE_AD_LIMITED;
849 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
850 return LE_AD_GENERAL;
851 }
852
853 return 0;
854}
855
856static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
857{
858 u8 ad_len = 0, flags = 0;
859
860 flags |= get_adv_discov_flags(hdev);
861
862 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
863 flags |= LE_AD_NO_BREDR;
864
865 if (flags) {
866 BT_DBG("adv flags 0x%02x", flags);
867
868 ptr[0] = 2;
869 ptr[1] = EIR_FLAGS;
870 ptr[2] = flags;
871
872 ad_len += 3;
873 ptr += 3;
874 }
875
876 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
877 ptr[0] = 2;
878 ptr[1] = EIR_TX_POWER;
879 ptr[2] = (u8) hdev->adv_tx_power;
880
881 ad_len += 3;
882 ptr += 3;
883 }
884
885 return ad_len;
886}
887
888static void update_adv_data(struct hci_request *req)
889{
890 struct hci_dev *hdev = req->hdev;
891 struct hci_cp_le_set_adv_data cp;
892 u8 len;
893
894 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
895 return;
896
897 memset(&cp, 0, sizeof(cp));
898
899 len = create_adv_data(hdev, cp.data);
900
901 if (hdev->adv_data_len == len &&
902 memcmp(cp.data, hdev->adv_data, len) == 0)
903 return;
904
905 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
906 hdev->adv_data_len = len;
907
908 cp.length = len;
909
910 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
911}
912
913int mgmt_update_adv_data(struct hci_dev *hdev)
914{
915 struct hci_request req;
916
917 hci_req_init(&req, hdev);
918 update_adv_data(&req);
919
920 return hci_req_run(&req, NULL);
921}
922
923static void create_eir(struct hci_dev *hdev, u8 *data)
924{
925 u8 *ptr = data;
926 size_t name_len;
927
928 name_len = strlen(hdev->dev_name);
929
930 if (name_len > 0) {
931
932 if (name_len > 48) {
933 name_len = 48;
934 ptr[1] = EIR_NAME_SHORT;
935 } else
936 ptr[1] = EIR_NAME_COMPLETE;
937
938
939 ptr[0] = name_len + 1;
940
941 memcpy(ptr + 2, hdev->dev_name, name_len);
942
943 ptr += (name_len + 2);
944 }
945
946 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
947 ptr[0] = 2;
948 ptr[1] = EIR_TX_POWER;
949 ptr[2] = (u8) hdev->inq_tx_power;
950
951 ptr += 3;
952 }
953
954 if (hdev->devid_source > 0) {
955 ptr[0] = 9;
956 ptr[1] = EIR_DEVICE_ID;
957
958 put_unaligned_le16(hdev->devid_source, ptr + 2);
959 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
960 put_unaligned_le16(hdev->devid_product, ptr + 6);
961 put_unaligned_le16(hdev->devid_version, ptr + 8);
962
963 ptr += 10;
964 }
965
966 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
967 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
968 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
969}
970
971static void update_eir(struct hci_request *req)
972{
973 struct hci_dev *hdev = req->hdev;
974 struct hci_cp_write_eir cp;
975
976 if (!hdev_is_powered(hdev))
977 return;
978
979 if (!lmp_ext_inq_capable(hdev))
980 return;
981
982 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
983 return;
984
985 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
986 return;
987
988 memset(&cp, 0, sizeof(cp));
989
990 create_eir(hdev, cp.data);
991
992 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
993 return;
994
995 memcpy(hdev->eir, cp.data, sizeof(cp.data));
996
997 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
998}
999
1000static u8 get_service_classes(struct hci_dev *hdev)
1001{
1002 struct bt_uuid *uuid;
1003 u8 val = 0;
1004
1005 list_for_each_entry(uuid, &hdev->uuids, list)
1006 val |= uuid->svc_hint;
1007
1008 return val;
1009}
1010
1011static void update_class(struct hci_request *req)
1012{
1013 struct hci_dev *hdev = req->hdev;
1014 u8 cod[3];
1015
1016 BT_DBG("%s", hdev->name);
1017
1018 if (!hdev_is_powered(hdev))
1019 return;
1020
1021 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1022 return;
1023
1024 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1025 return;
1026
1027 cod[0] = hdev->minor_class;
1028 cod[1] = hdev->major_class;
1029 cod[2] = get_service_classes(hdev);
1030
1031 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1032 cod[1] |= 0x20;
1033
1034 if (memcmp(cod, hdev->dev_class, 3) == 0)
1035 return;
1036
1037 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1038}
1039
1040static bool get_connectable(struct hci_dev *hdev)
1041{
1042 struct pending_cmd *cmd;
1043
1044
1045
1046
1047 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1048 if (cmd) {
1049 struct mgmt_mode *cp = cmd->param;
1050 return cp->val;
1051 }
1052
1053 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1054}
1055
1056static void disable_advertising(struct hci_request *req)
1057{
1058 u8 enable = 0x00;
1059
1060 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1061}
1062
1063static void enable_advertising(struct hci_request *req)
1064{
1065 struct hci_dev *hdev = req->hdev;
1066 struct hci_cp_le_set_adv_param cp;
1067 u8 own_addr_type, enable = 0x01;
1068 bool connectable;
1069
1070 if (hci_conn_num(hdev, LE_LINK) > 0)
1071 return;
1072
1073 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1074 disable_advertising(req);
1075
1076
1077
1078
1079
1080
1081 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1082
1083 connectable = get_connectable(hdev);
1084
1085
1086
1087
1088
1089 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1090 return;
1091
1092 memset(&cp, 0, sizeof(cp));
1093 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1094 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1095 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1096 cp.own_address_type = own_addr_type;
1097 cp.channel_map = hdev->le_adv_channel_map;
1098
1099 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1100
1101 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1102}
1103
1104static void service_cache_off(struct work_struct *work)
1105{
1106 struct hci_dev *hdev = container_of(work, struct hci_dev,
1107 service_cache.work);
1108 struct hci_request req;
1109
1110 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1111 return;
1112
1113 hci_req_init(&req, hdev);
1114
1115 hci_dev_lock(hdev);
1116
1117 update_eir(&req);
1118 update_class(&req);
1119
1120 hci_dev_unlock(hdev);
1121
1122 hci_req_run(&req, NULL);
1123}
1124
1125static void rpa_expired(struct work_struct *work)
1126{
1127 struct hci_dev *hdev = container_of(work, struct hci_dev,
1128 rpa_expired.work);
1129 struct hci_request req;
1130
1131 BT_DBG("");
1132
1133 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1134
1135 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1136 return;
1137
1138
1139
1140
1141 hci_req_init(&req, hdev);
1142 enable_advertising(&req);
1143 hci_req_run(&req, NULL);
1144}
1145
1146static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1147{
1148 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1149 return;
1150
1151 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1152 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1153
1154
1155
1156
1157
1158
1159 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1160}
1161
1162static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1163 void *data, u16 data_len)
1164{
1165 struct mgmt_rp_read_info rp;
1166
1167 BT_DBG("sock %p %s", sk, hdev->name);
1168
1169 hci_dev_lock(hdev);
1170
1171 memset(&rp, 0, sizeof(rp));
1172
1173 bacpy(&rp.bdaddr, &hdev->bdaddr);
1174
1175 rp.version = hdev->hci_ver;
1176 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1177
1178 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1179 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1180
1181 memcpy(rp.dev_class, hdev->dev_class, 3);
1182
1183 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1184 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1185
1186 hci_dev_unlock(hdev);
1187
1188 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1189 sizeof(rp));
1190}
1191
1192static void mgmt_pending_free(struct pending_cmd *cmd)
1193{
1194 sock_put(cmd->sk);
1195 kfree(cmd->param);
1196 kfree(cmd);
1197}
1198
1199static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1200 struct hci_dev *hdev, void *data,
1201 u16 len)
1202{
1203 struct pending_cmd *cmd;
1204
1205 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1206 if (!cmd)
1207 return NULL;
1208
1209 cmd->opcode = opcode;
1210 cmd->index = hdev->id;
1211
1212 cmd->param = kmemdup(data, len, GFP_KERNEL);
1213 if (!cmd->param) {
1214 kfree(cmd);
1215 return NULL;
1216 }
1217
1218 cmd->param_len = len;
1219
1220 cmd->sk = sk;
1221 sock_hold(sk);
1222
1223 list_add(&cmd->list, &hdev->mgmt_pending);
1224
1225 return cmd;
1226}
1227
1228static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1229 void (*cb)(struct pending_cmd *cmd,
1230 void *data),
1231 void *data)
1232{
1233 struct pending_cmd *cmd, *tmp;
1234
1235 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1236 if (opcode > 0 && cmd->opcode != opcode)
1237 continue;
1238
1239 cb(cmd, data);
1240 }
1241}
1242
1243static void mgmt_pending_remove(struct pending_cmd *cmd)
1244{
1245 list_del(&cmd->list);
1246 mgmt_pending_free(cmd);
1247}
1248
1249static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1250{
1251 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1252
1253 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1254 sizeof(settings));
1255}
1256
1257static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1258{
1259 BT_DBG("%s status 0x%02x", hdev->name, status);
1260
1261 if (hci_conn_count(hdev) == 0) {
1262 cancel_delayed_work(&hdev->power_off);
1263 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1264 }
1265}
1266
1267static bool hci_stop_discovery(struct hci_request *req)
1268{
1269 struct hci_dev *hdev = req->hdev;
1270 struct hci_cp_remote_name_req_cancel cp;
1271 struct inquiry_entry *e;
1272
1273 switch (hdev->discovery.state) {
1274 case DISCOVERY_FINDING:
1275 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1276 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1277 } else {
1278 cancel_delayed_work(&hdev->le_scan_disable);
1279 hci_req_add_le_scan_disable(req);
1280 }
1281
1282 return true;
1283
1284 case DISCOVERY_RESOLVING:
1285 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1286 NAME_PENDING);
1287 if (!e)
1288 break;
1289
1290 bacpy(&cp.bdaddr, &e->data.bdaddr);
1291 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1292 &cp);
1293
1294 return true;
1295
1296 default:
1297
1298 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1299 hci_req_add_le_scan_disable(req);
1300 return true;
1301 }
1302
1303 break;
1304 }
1305
1306 return false;
1307}
1308
1309static int clean_up_hci_state(struct hci_dev *hdev)
1310{
1311 struct hci_request req;
1312 struct hci_conn *conn;
1313 bool discov_stopped;
1314 int err;
1315
1316 hci_req_init(&req, hdev);
1317
1318 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1319 test_bit(HCI_PSCAN, &hdev->flags)) {
1320 u8 scan = 0x00;
1321 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1322 }
1323
1324 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1325 disable_advertising(&req);
1326
1327 discov_stopped = hci_stop_discovery(&req);
1328
1329 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1330 struct hci_cp_disconnect dc;
1331 struct hci_cp_reject_conn_req rej;
1332
1333 switch (conn->state) {
1334 case BT_CONNECTED:
1335 case BT_CONFIG:
1336 dc.handle = cpu_to_le16(conn->handle);
1337 dc.reason = 0x15;
1338 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1339 break;
1340 case BT_CONNECT:
1341 if (conn->type == LE_LINK)
1342 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1343 0, NULL);
1344 else if (conn->type == ACL_LINK)
1345 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1346 6, &conn->dst);
1347 break;
1348 case BT_CONNECT2:
1349 bacpy(&rej.bdaddr, &conn->dst);
1350 rej.reason = 0x15;
1351 if (conn->type == ACL_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1353 sizeof(rej), &rej);
1354 else if (conn->type == SCO_LINK)
1355 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1356 sizeof(rej), &rej);
1357 break;
1358 }
1359 }
1360
1361 err = hci_req_run(&req, clean_up_hci_complete);
1362 if (!err && discov_stopped)
1363 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1364
1365 return err;
1366}
1367
1368static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1369 u16 len)
1370{
1371 struct mgmt_mode *cp = data;
1372 struct pending_cmd *cmd;
1373 int err;
1374
1375 BT_DBG("request for %s", hdev->name);
1376
1377 if (cp->val != 0x00 && cp->val != 0x01)
1378 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1379 MGMT_STATUS_INVALID_PARAMS);
1380
1381 hci_dev_lock(hdev);
1382
1383 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1384 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1385 MGMT_STATUS_BUSY);
1386 goto failed;
1387 }
1388
1389 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1390 cancel_delayed_work(&hdev->power_off);
1391
1392 if (cp->val) {
1393 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1394 data, len);
1395 err = mgmt_powered(hdev, 1);
1396 goto failed;
1397 }
1398 }
1399
1400 if (!!cp->val == hdev_is_powered(hdev)) {
1401 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1402 goto failed;
1403 }
1404
1405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1406 if (!cmd) {
1407 err = -ENOMEM;
1408 goto failed;
1409 }
1410
1411 if (cp->val) {
1412 queue_work(hdev->req_workqueue, &hdev->power_on);
1413 err = 0;
1414 } else {
1415
1416 err = clean_up_hci_state(hdev);
1417 if (!err)
1418 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1419 HCI_POWER_OFF_TIMEOUT);
1420
1421
1422 if (err == -ENODATA) {
1423 cancel_delayed_work(&hdev->power_off);
1424 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1425 err = 0;
1426 }
1427 }
1428
1429failed:
1430 hci_dev_unlock(hdev);
1431 return err;
1432}
1433
1434static int new_settings(struct hci_dev *hdev, struct sock *skip)
1435{
1436 __le32 ev;
1437
1438 ev = cpu_to_le32(get_current_settings(hdev));
1439
1440 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1441}
1442
1443int mgmt_new_settings(struct hci_dev *hdev)
1444{
1445 return new_settings(hdev, NULL);
1446}
1447
1448struct cmd_lookup {
1449 struct sock *sk;
1450 struct hci_dev *hdev;
1451 u8 mgmt_status;
1452};
1453
1454static void settings_rsp(struct pending_cmd *cmd, void *data)
1455{
1456 struct cmd_lookup *match = data;
1457
1458 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1459
1460 list_del(&cmd->list);
1461
1462 if (match->sk == NULL) {
1463 match->sk = cmd->sk;
1464 sock_hold(match->sk);
1465 }
1466
1467 mgmt_pending_free(cmd);
1468}
1469
1470static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1471{
1472 u8 *status = data;
1473
1474 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1475 mgmt_pending_remove(cmd);
1476}
1477
1478static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1479{
1480 if (cmd->cmd_complete) {
1481 u8 *status = data;
1482
1483 cmd->cmd_complete(cmd, *status);
1484 mgmt_pending_remove(cmd);
1485
1486 return;
1487 }
1488
1489 cmd_status_rsp(cmd, data);
1490}
1491
1492static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1493{
1494 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1495 cmd->param, cmd->param_len);
1496}
1497
1498static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1499{
1500 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1501 sizeof(struct mgmt_addr_info));
1502}
1503
1504static u8 mgmt_bredr_support(struct hci_dev *hdev)
1505{
1506 if (!lmp_bredr_capable(hdev))
1507 return MGMT_STATUS_NOT_SUPPORTED;
1508 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1509 return MGMT_STATUS_REJECTED;
1510 else
1511 return MGMT_STATUS_SUCCESS;
1512}
1513
1514static u8 mgmt_le_support(struct hci_dev *hdev)
1515{
1516 if (!lmp_le_capable(hdev))
1517 return MGMT_STATUS_NOT_SUPPORTED;
1518 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1519 return MGMT_STATUS_REJECTED;
1520 else
1521 return MGMT_STATUS_SUCCESS;
1522}
1523
1524static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1525 u16 opcode)
1526{
1527 struct pending_cmd *cmd;
1528 struct mgmt_mode *cp;
1529 struct hci_request req;
1530 bool changed;
1531
1532 BT_DBG("status 0x%02x", status);
1533
1534 hci_dev_lock(hdev);
1535
1536 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1537 if (!cmd)
1538 goto unlock;
1539
1540 if (status) {
1541 u8 mgmt_err = mgmt_status(status);
1542 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1543 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1544 goto remove_cmd;
1545 }
1546
1547 cp = cmd->param;
1548 if (cp->val) {
1549 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1550 &hdev->dev_flags);
1551
1552 if (hdev->discov_timeout > 0) {
1553 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1554 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1555 to);
1556 }
1557 } else {
1558 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1559 &hdev->dev_flags);
1560 }
1561
1562 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1563
1564 if (changed)
1565 new_settings(hdev, cmd->sk);
1566
1567
1568
1569
1570
1571
1572 hci_req_init(&req, hdev);
1573 __hci_update_page_scan(&req);
1574 update_class(&req);
1575 hci_req_run(&req, NULL);
1576
1577remove_cmd:
1578 mgmt_pending_remove(cmd);
1579
1580unlock:
1581 hci_dev_unlock(hdev);
1582}
1583
1584static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1585 u16 len)
1586{
1587 struct mgmt_cp_set_discoverable *cp = data;
1588 struct pending_cmd *cmd;
1589 struct hci_request req;
1590 u16 timeout;
1591 u8 scan;
1592 int err;
1593
1594 BT_DBG("request for %s", hdev->name);
1595
1596 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1597 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_REJECTED);
1600
1601 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1602 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1603 MGMT_STATUS_INVALID_PARAMS);
1604
1605 timeout = __le16_to_cpu(cp->timeout);
1606
1607
1608
1609
1610 if ((cp->val == 0x00 && timeout > 0) ||
1611 (cp->val == 0x02 && timeout == 0))
1612 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1613 MGMT_STATUS_INVALID_PARAMS);
1614
1615 hci_dev_lock(hdev);
1616
1617 if (!hdev_is_powered(hdev) && timeout > 0) {
1618 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1619 MGMT_STATUS_NOT_POWERED);
1620 goto failed;
1621 }
1622
1623 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1624 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1625 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1626 MGMT_STATUS_BUSY);
1627 goto failed;
1628 }
1629
1630 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1631 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1632 MGMT_STATUS_REJECTED);
1633 goto failed;
1634 }
1635
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1638
1639
1640
1641
1642
1643 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1644 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1645 changed = true;
1646 }
1647
1648 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1649 if (err < 0)
1650 goto failed;
1651
1652 if (changed)
1653 err = new_settings(hdev, sk);
1654
1655 goto failed;
1656 }
1657
1658
1659
1660
1661
1662 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1663 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1664 &hdev->dev_flags)) {
1665 cancel_delayed_work(&hdev->discov_off);
1666 hdev->discov_timeout = timeout;
1667
1668 if (cp->val && hdev->discov_timeout > 0) {
1669 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1670 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1671 to);
1672 }
1673
1674 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1675 goto failed;
1676 }
1677
1678 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1679 if (!cmd) {
1680 err = -ENOMEM;
1681 goto failed;
1682 }
1683
1684
1685
1686
1687
1688 cancel_delayed_work(&hdev->discov_off);
1689 hdev->discov_timeout = timeout;
1690
1691
1692 if (cp->val == 0x02)
1693 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1694 else
1695 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1696
1697 hci_req_init(&req, hdev);
1698
1699
1700
1701
1702 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1703 goto update_ad;
1704
1705 scan = SCAN_PAGE;
1706
1707 if (cp->val) {
1708 struct hci_cp_write_current_iac_lap hci_cp;
1709
1710 if (cp->val == 0x02) {
1711
1712 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1713 hci_cp.iac_lap[0] = 0x00;
1714 hci_cp.iac_lap[1] = 0x8b;
1715 hci_cp.iac_lap[2] = 0x9e;
1716 hci_cp.iac_lap[3] = 0x33;
1717 hci_cp.iac_lap[4] = 0x8b;
1718 hci_cp.iac_lap[5] = 0x9e;
1719 } else {
1720
1721 hci_cp.num_iac = 1;
1722 hci_cp.iac_lap[0] = 0x33;
1723 hci_cp.iac_lap[1] = 0x8b;
1724 hci_cp.iac_lap[2] = 0x9e;
1725 }
1726
1727 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1728 (hci_cp.num_iac * 3) + 1, &hci_cp);
1729
1730 scan |= SCAN_INQUIRY;
1731 } else {
1732 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1733 }
1734
1735 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1736
1737update_ad:
1738 update_adv_data(&req);
1739
1740 err = hci_req_run(&req, set_discoverable_complete);
1741 if (err < 0)
1742 mgmt_pending_remove(cmd);
1743
1744failed:
1745 hci_dev_unlock(hdev);
1746 return err;
1747}
1748
1749static void write_fast_connectable(struct hci_request *req, bool enable)
1750{
1751 struct hci_dev *hdev = req->hdev;
1752 struct hci_cp_write_page_scan_activity acp;
1753 u8 type;
1754
1755 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1756 return;
1757
1758 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1759 return;
1760
1761 if (enable) {
1762 type = PAGE_SCAN_TYPE_INTERLACED;
1763
1764
1765 acp.interval = cpu_to_le16(0x0100);
1766 } else {
1767 type = PAGE_SCAN_TYPE_STANDARD;
1768
1769
1770 acp.interval = cpu_to_le16(0x0800);
1771 }
1772
1773 acp.window = cpu_to_le16(0x0012);
1774
1775 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1776 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1777 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1778 sizeof(acp), &acp);
1779
1780 if (hdev->page_scan_type != type)
1781 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1782}
1783
1784static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1785 u16 opcode)
1786{
1787 struct pending_cmd *cmd;
1788 struct mgmt_mode *cp;
1789 bool conn_changed, discov_changed;
1790
1791 BT_DBG("status 0x%02x", status);
1792
1793 hci_dev_lock(hdev);
1794
1795 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1796 if (!cmd)
1797 goto unlock;
1798
1799 if (status) {
1800 u8 mgmt_err = mgmt_status(status);
1801 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1802 goto remove_cmd;
1803 }
1804
1805 cp = cmd->param;
1806 if (cp->val) {
1807 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1808 &hdev->dev_flags);
1809 discov_changed = false;
1810 } else {
1811 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1812 &hdev->dev_flags);
1813 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1814 &hdev->dev_flags);
1815 }
1816
1817 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1818
1819 if (conn_changed || discov_changed) {
1820 new_settings(hdev, cmd->sk);
1821 hci_update_page_scan(hdev);
1822 if (discov_changed)
1823 mgmt_update_adv_data(hdev);
1824 hci_update_background_scan(hdev);
1825 }
1826
1827remove_cmd:
1828 mgmt_pending_remove(cmd);
1829
1830unlock:
1831 hci_dev_unlock(hdev);
1832}
1833
1834static int set_connectable_update_settings(struct hci_dev *hdev,
1835 struct sock *sk, u8 val)
1836{
1837 bool changed = false;
1838 int err;
1839
1840 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1841 changed = true;
1842
1843 if (val) {
1844 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1845 } else {
1846 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1847 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1848 }
1849
1850 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1851 if (err < 0)
1852 return err;
1853
1854 if (changed) {
1855 hci_update_page_scan(hdev);
1856 hci_update_background_scan(hdev);
1857 return new_settings(hdev, sk);
1858 }
1859
1860 return 0;
1861}
1862
1863static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1864 u16 len)
1865{
1866 struct mgmt_mode *cp = data;
1867 struct pending_cmd *cmd;
1868 struct hci_request req;
1869 u8 scan;
1870 int err;
1871
1872 BT_DBG("request for %s", hdev->name);
1873
1874 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1875 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1877 MGMT_STATUS_REJECTED);
1878
1879 if (cp->val != 0x00 && cp->val != 0x01)
1880 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1881 MGMT_STATUS_INVALID_PARAMS);
1882
1883 hci_dev_lock(hdev);
1884
1885 if (!hdev_is_powered(hdev)) {
1886 err = set_connectable_update_settings(hdev, sk, cp->val);
1887 goto failed;
1888 }
1889
1890 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1891 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1893 MGMT_STATUS_BUSY);
1894 goto failed;
1895 }
1896
1897 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1898 if (!cmd) {
1899 err = -ENOMEM;
1900 goto failed;
1901 }
1902
1903 hci_req_init(&req, hdev);
1904
1905
1906
1907
1908
1909 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1910 if (!cp->val) {
1911 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1912 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1913 }
1914 update_adv_data(&req);
1915 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1916 if (cp->val) {
1917 scan = SCAN_PAGE;
1918 } else {
1919
1920
1921
1922
1923
1924
1925 if (list_empty(&hdev->whitelist))
1926 scan = SCAN_DISABLED;
1927 else if (test_bit(HCI_ISCAN, &hdev->flags))
1928 scan = SCAN_PAGE;
1929 else
1930 goto no_scan_update;
1931
1932 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1933 hdev->discov_timeout > 0)
1934 cancel_delayed_work(&hdev->discov_off);
1935 }
1936
1937 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1938 }
1939
1940no_scan_update:
1941
1942
1943
1944
1945
1946
1947 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1948 write_fast_connectable(&req, false);
1949
1950
1951 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1952 enable_advertising(&req);
1953
1954 err = hci_req_run(&req, set_connectable_complete);
1955 if (err < 0) {
1956 mgmt_pending_remove(cmd);
1957 if (err == -ENODATA)
1958 err = set_connectable_update_settings(hdev, sk,
1959 cp->val);
1960 goto failed;
1961 }
1962
1963failed:
1964 hci_dev_unlock(hdev);
1965 return err;
1966}
1967
1968static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1969 u16 len)
1970{
1971 struct mgmt_mode *cp = data;
1972 bool changed;
1973 int err;
1974
1975 BT_DBG("request for %s", hdev->name);
1976
1977 if (cp->val != 0x00 && cp->val != 0x01)
1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1979 MGMT_STATUS_INVALID_PARAMS);
1980
1981 hci_dev_lock(hdev);
1982
1983 if (cp->val)
1984 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1985 else
1986 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1987
1988 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1989 if (err < 0)
1990 goto unlock;
1991
1992 if (changed)
1993 err = new_settings(hdev, sk);
1994
1995unlock:
1996 hci_dev_unlock(hdev);
1997 return err;
1998}
1999
2000static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2001 u16 len)
2002{
2003 struct mgmt_mode *cp = data;
2004 struct pending_cmd *cmd;
2005 u8 val, status;
2006 int err;
2007
2008 BT_DBG("request for %s", hdev->name);
2009
2010 status = mgmt_bredr_support(hdev);
2011 if (status)
2012 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2013 status);
2014
2015 if (cp->val != 0x00 && cp->val != 0x01)
2016 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2017 MGMT_STATUS_INVALID_PARAMS);
2018
2019 hci_dev_lock(hdev);
2020
2021 if (!hdev_is_powered(hdev)) {
2022 bool changed = false;
2023
2024 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2025 &hdev->dev_flags)) {
2026 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2027 changed = true;
2028 }
2029
2030 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2031 if (err < 0)
2032 goto failed;
2033
2034 if (changed)
2035 err = new_settings(hdev, sk);
2036
2037 goto failed;
2038 }
2039
2040 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2041 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2042 MGMT_STATUS_BUSY);
2043 goto failed;
2044 }
2045
2046 val = !!cp->val;
2047
2048 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2049 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2050 goto failed;
2051 }
2052
2053 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2054 if (!cmd) {
2055 err = -ENOMEM;
2056 goto failed;
2057 }
2058
2059 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2060 if (err < 0) {
2061 mgmt_pending_remove(cmd);
2062 goto failed;
2063 }
2064
2065failed:
2066 hci_dev_unlock(hdev);
2067 return err;
2068}
2069
2070static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2071{
2072 struct mgmt_mode *cp = data;
2073 struct pending_cmd *cmd;
2074 u8 status;
2075 int err;
2076
2077 BT_DBG("request for %s", hdev->name);
2078
2079 status = mgmt_bredr_support(hdev);
2080 if (status)
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2082
2083 if (!lmp_ssp_capable(hdev))
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 if (cp->val != 0x00 && cp->val != 0x01)
2088 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2089 MGMT_STATUS_INVALID_PARAMS);
2090
2091 hci_dev_lock(hdev);
2092
2093 if (!hdev_is_powered(hdev)) {
2094 bool changed;
2095
2096 if (cp->val) {
2097 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2098 &hdev->dev_flags);
2099 } else {
2100 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2101 &hdev->dev_flags);
2102 if (!changed)
2103 changed = test_and_clear_bit(HCI_HS_ENABLED,
2104 &hdev->dev_flags);
2105 else
2106 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2107 }
2108
2109 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2110 if (err < 0)
2111 goto failed;
2112
2113 if (changed)
2114 err = new_settings(hdev, sk);
2115
2116 goto failed;
2117 }
2118
2119 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2120 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2122 MGMT_STATUS_BUSY);
2123 goto failed;
2124 }
2125
2126 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2127 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2128 goto failed;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto failed;
2135 }
2136
2137 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2138 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2139 sizeof(cp->val), &cp->val);
2140
2141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2142 if (err < 0) {
2143 mgmt_pending_remove(cmd);
2144 goto failed;
2145 }
2146
2147failed:
2148 hci_dev_unlock(hdev);
2149 return err;
2150}
2151
2152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2153{
2154 struct mgmt_mode *cp = data;
2155 bool changed;
2156 u8 status;
2157 int err;
2158
2159 BT_DBG("request for %s", hdev->name);
2160
2161 status = mgmt_bredr_support(hdev);
2162 if (status)
2163 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2164
2165 if (!lmp_ssp_capable(hdev))
2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2167 MGMT_STATUS_NOT_SUPPORTED);
2168
2169 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2170 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2171 MGMT_STATUS_REJECTED);
2172
2173 if (cp->val != 0x00 && cp->val != 0x01)
2174 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2175 MGMT_STATUS_INVALID_PARAMS);
2176
2177 hci_dev_lock(hdev);
2178
2179 if (cp->val) {
2180 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2181 } else {
2182 if (hdev_is_powered(hdev)) {
2183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2184 MGMT_STATUS_REJECTED);
2185 goto unlock;
2186 }
2187
2188 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2189 }
2190
2191 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2192 if (err < 0)
2193 goto unlock;
2194
2195 if (changed)
2196 err = new_settings(hdev, sk);
2197
2198unlock:
2199 hci_dev_unlock(hdev);
2200 return err;
2201}
2202
2203static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2204{
2205 struct cmd_lookup match = { NULL, hdev };
2206
2207 hci_dev_lock(hdev);
2208
2209 if (status) {
2210 u8 mgmt_err = mgmt_status(status);
2211
2212 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2213 &mgmt_err);
2214 goto unlock;
2215 }
2216
2217 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2218
2219 new_settings(hdev, match.sk);
2220
2221 if (match.sk)
2222 sock_put(match.sk);
2223
2224
2225
2226
2227
2228
2229 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2230 struct hci_request req;
2231
2232 hci_req_init(&req, hdev);
2233 update_adv_data(&req);
2234 update_scan_rsp_data(&req);
2235 __hci_update_background_scan(&req);
2236 hci_req_run(&req, NULL);
2237 }
2238
2239unlock:
2240 hci_dev_unlock(hdev);
2241}
2242
2243static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2244{
2245 struct mgmt_mode *cp = data;
2246 struct hci_cp_write_le_host_supported hci_cp;
2247 struct pending_cmd *cmd;
2248 struct hci_request req;
2249 int err;
2250 u8 val, enabled;
2251
2252 BT_DBG("request for %s", hdev->name);
2253
2254 if (!lmp_le_capable(hdev))
2255 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2256 MGMT_STATUS_NOT_SUPPORTED);
2257
2258 if (cp->val != 0x00 && cp->val != 0x01)
2259 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2260 MGMT_STATUS_INVALID_PARAMS);
2261
2262
2263 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2264 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2265 MGMT_STATUS_REJECTED);
2266
2267 hci_dev_lock(hdev);
2268
2269 val = !!cp->val;
2270 enabled = lmp_host_le_capable(hdev);
2271
2272 if (!hdev_is_powered(hdev) || val == enabled) {
2273 bool changed = false;
2274
2275 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2276 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2277 changed = true;
2278 }
2279
2280 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2281 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2282 changed = true;
2283 }
2284
2285 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2286 if (err < 0)
2287 goto unlock;
2288
2289 if (changed)
2290 err = new_settings(hdev, sk);
2291
2292 goto unlock;
2293 }
2294
2295 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2296 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2297 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2298 MGMT_STATUS_BUSY);
2299 goto unlock;
2300 }
2301
2302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2303 if (!cmd) {
2304 err = -ENOMEM;
2305 goto unlock;
2306 }
2307
2308 hci_req_init(&req, hdev);
2309
2310 memset(&hci_cp, 0, sizeof(hci_cp));
2311
2312 if (val) {
2313 hci_cp.le = val;
2314 hci_cp.simul = 0x00;
2315 } else {
2316 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2317 disable_advertising(&req);
2318 }
2319
2320 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2321 &hci_cp);
2322
2323 err = hci_req_run(&req, le_enable_complete);
2324 if (err < 0)
2325 mgmt_pending_remove(cmd);
2326
2327unlock:
2328 hci_dev_unlock(hdev);
2329 return err;
2330}
2331
2332
2333
2334
2335
2336
2337
2338static bool pending_eir_or_class(struct hci_dev *hdev)
2339{
2340 struct pending_cmd *cmd;
2341
2342 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2343 switch (cmd->opcode) {
2344 case MGMT_OP_ADD_UUID:
2345 case MGMT_OP_REMOVE_UUID:
2346 case MGMT_OP_SET_DEV_CLASS:
2347 case MGMT_OP_SET_POWERED:
2348 return true;
2349 }
2350 }
2351
2352 return false;
2353}
2354
2355static const u8 bluetooth_base_uuid[] = {
2356 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2357 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2358};
2359
2360static u8 get_uuid_size(const u8 *uuid)
2361{
2362 u32 val;
2363
2364 if (memcmp(uuid, bluetooth_base_uuid, 12))
2365 return 128;
2366
2367 val = get_unaligned_le32(&uuid[12]);
2368 if (val > 0xffff)
2369 return 32;
2370
2371 return 16;
2372}
2373
2374static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2375{
2376 struct pending_cmd *cmd;
2377
2378 hci_dev_lock(hdev);
2379
2380 cmd = mgmt_pending_find(mgmt_op, hdev);
2381 if (!cmd)
2382 goto unlock;
2383
2384 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2385 hdev->dev_class, 3);
2386
2387 mgmt_pending_remove(cmd);
2388
2389unlock:
2390 hci_dev_unlock(hdev);
2391}
2392
2393static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2394{
2395 BT_DBG("status 0x%02x", status);
2396
2397 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2398}
2399
2400static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2401{
2402 struct mgmt_cp_add_uuid *cp = data;
2403 struct pending_cmd *cmd;
2404 struct hci_request req;
2405 struct bt_uuid *uuid;
2406 int err;
2407
2408 BT_DBG("request for %s", hdev->name);
2409
2410 hci_dev_lock(hdev);
2411
2412 if (pending_eir_or_class(hdev)) {
2413 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2414 MGMT_STATUS_BUSY);
2415 goto failed;
2416 }
2417
2418 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2419 if (!uuid) {
2420 err = -ENOMEM;
2421 goto failed;
2422 }
2423
2424 memcpy(uuid->uuid, cp->uuid, 16);
2425 uuid->svc_hint = cp->svc_hint;
2426 uuid->size = get_uuid_size(cp->uuid);
2427
2428 list_add_tail(&uuid->list, &hdev->uuids);
2429
2430 hci_req_init(&req, hdev);
2431
2432 update_class(&req);
2433 update_eir(&req);
2434
2435 err = hci_req_run(&req, add_uuid_complete);
2436 if (err < 0) {
2437 if (err != -ENODATA)
2438 goto failed;
2439
2440 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2441 hdev->dev_class, 3);
2442 goto failed;
2443 }
2444
2445 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2446 if (!cmd) {
2447 err = -ENOMEM;
2448 goto failed;
2449 }
2450
2451 err = 0;
2452
2453failed:
2454 hci_dev_unlock(hdev);
2455 return err;
2456}
2457
2458static bool enable_service_cache(struct hci_dev *hdev)
2459{
2460 if (!hdev_is_powered(hdev))
2461 return false;
2462
2463 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2464 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2465 CACHE_TIMEOUT);
2466 return true;
2467 }
2468
2469 return false;
2470}
2471
2472static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2473{
2474 BT_DBG("status 0x%02x", status);
2475
2476 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2477}
2478
2479static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2480 u16 len)
2481{
2482 struct mgmt_cp_remove_uuid *cp = data;
2483 struct pending_cmd *cmd;
2484 struct bt_uuid *match, *tmp;
2485 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2486 struct hci_request req;
2487 int err, found;
2488
2489 BT_DBG("request for %s", hdev->name);
2490
2491 hci_dev_lock(hdev);
2492
2493 if (pending_eir_or_class(hdev)) {
2494 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2495 MGMT_STATUS_BUSY);
2496 goto unlock;
2497 }
2498
2499 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2500 hci_uuids_clear(hdev);
2501
2502 if (enable_service_cache(hdev)) {
2503 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2504 0, hdev->dev_class, 3);
2505 goto unlock;
2506 }
2507
2508 goto update_class;
2509 }
2510
2511 found = 0;
2512
2513 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2514 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2515 continue;
2516
2517 list_del(&match->list);
2518 kfree(match);
2519 found++;
2520 }
2521
2522 if (found == 0) {
2523 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2524 MGMT_STATUS_INVALID_PARAMS);
2525 goto unlock;
2526 }
2527
2528update_class:
2529 hci_req_init(&req, hdev);
2530
2531 update_class(&req);
2532 update_eir(&req);
2533
2534 err = hci_req_run(&req, remove_uuid_complete);
2535 if (err < 0) {
2536 if (err != -ENODATA)
2537 goto unlock;
2538
2539 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2540 hdev->dev_class, 3);
2541 goto unlock;
2542 }
2543
2544 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2545 if (!cmd) {
2546 err = -ENOMEM;
2547 goto unlock;
2548 }
2549
2550 err = 0;
2551
2552unlock:
2553 hci_dev_unlock(hdev);
2554 return err;
2555}
2556
2557static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2558{
2559 BT_DBG("status 0x%02x", status);
2560
2561 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2562}
2563
2564static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2565 u16 len)
2566{
2567 struct mgmt_cp_set_dev_class *cp = data;
2568 struct pending_cmd *cmd;
2569 struct hci_request req;
2570 int err;
2571
2572 BT_DBG("request for %s", hdev->name);
2573
2574 if (!lmp_bredr_capable(hdev))
2575 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2576 MGMT_STATUS_NOT_SUPPORTED);
2577
2578 hci_dev_lock(hdev);
2579
2580 if (pending_eir_or_class(hdev)) {
2581 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2582 MGMT_STATUS_BUSY);
2583 goto unlock;
2584 }
2585
2586 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2587 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2588 MGMT_STATUS_INVALID_PARAMS);
2589 goto unlock;
2590 }
2591
2592 hdev->major_class = cp->major;
2593 hdev->minor_class = cp->minor;
2594
2595 if (!hdev_is_powered(hdev)) {
2596 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2597 hdev->dev_class, 3);
2598 goto unlock;
2599 }
2600
2601 hci_req_init(&req, hdev);
2602
2603 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2604 hci_dev_unlock(hdev);
2605 cancel_delayed_work_sync(&hdev->service_cache);
2606 hci_dev_lock(hdev);
2607 update_eir(&req);
2608 }
2609
2610 update_class(&req);
2611
2612 err = hci_req_run(&req, set_class_complete);
2613 if (err < 0) {
2614 if (err != -ENODATA)
2615 goto unlock;
2616
2617 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2618 hdev->dev_class, 3);
2619 goto unlock;
2620 }
2621
2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2623 if (!cmd) {
2624 err = -ENOMEM;
2625 goto unlock;
2626 }
2627
2628 err = 0;
2629
2630unlock:
2631 hci_dev_unlock(hdev);
2632 return err;
2633}
2634
2635static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2636 u16 len)
2637{
2638 struct mgmt_cp_load_link_keys *cp = data;
2639 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2640 sizeof(struct mgmt_link_key_info));
2641 u16 key_count, expected_len;
2642 bool changed;
2643 int i;
2644
2645 BT_DBG("request for %s", hdev->name);
2646
2647 if (!lmp_bredr_capable(hdev))
2648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2649 MGMT_STATUS_NOT_SUPPORTED);
2650
2651 key_count = __le16_to_cpu(cp->key_count);
2652 if (key_count > max_key_count) {
2653 BT_ERR("load_link_keys: too big key_count value %u",
2654 key_count);
2655 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2656 MGMT_STATUS_INVALID_PARAMS);
2657 }
2658
2659 expected_len = sizeof(*cp) + key_count *
2660 sizeof(struct mgmt_link_key_info);
2661 if (expected_len != len) {
2662 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2663 expected_len, len);
2664 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2665 MGMT_STATUS_INVALID_PARAMS);
2666 }
2667
2668 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2669 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2670 MGMT_STATUS_INVALID_PARAMS);
2671
2672 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2673 key_count);
2674
2675 for (i = 0; i < key_count; i++) {
2676 struct mgmt_link_key_info *key = &cp->keys[i];
2677
2678 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2679 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2680 MGMT_STATUS_INVALID_PARAMS);
2681 }
2682
2683 hci_dev_lock(hdev);
2684
2685 hci_link_keys_clear(hdev);
2686
2687 if (cp->debug_keys)
2688 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2689 &hdev->dev_flags);
2690 else
2691 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2692 &hdev->dev_flags);
2693
2694 if (changed)
2695 new_settings(hdev, NULL);
2696
2697 for (i = 0; i < key_count; i++) {
2698 struct mgmt_link_key_info *key = &cp->keys[i];
2699
2700
2701
2702
2703 if (key->type == HCI_LK_DEBUG_COMBINATION)
2704 continue;
2705
2706 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2707 key->type, key->pin_len, NULL);
2708 }
2709
2710 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2711
2712 hci_dev_unlock(hdev);
2713
2714 return 0;
2715}
2716
2717static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2718 u8 addr_type, struct sock *skip_sk)
2719{
2720 struct mgmt_ev_device_unpaired ev;
2721
2722 bacpy(&ev.addr.bdaddr, bdaddr);
2723 ev.addr.type = addr_type;
2724
2725 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2726 skip_sk);
2727}
2728
2729static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2730 u16 len)
2731{
2732 struct mgmt_cp_unpair_device *cp = data;
2733 struct mgmt_rp_unpair_device rp;
2734 struct hci_cp_disconnect dc;
2735 struct pending_cmd *cmd;
2736 struct hci_conn *conn;
2737 int err;
2738
2739 memset(&rp, 0, sizeof(rp));
2740 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2741 rp.addr.type = cp->addr.type;
2742
2743 if (!bdaddr_type_is_valid(cp->addr.type))
2744 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2745 MGMT_STATUS_INVALID_PARAMS,
2746 &rp, sizeof(rp));
2747
2748 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2749 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2750 MGMT_STATUS_INVALID_PARAMS,
2751 &rp, sizeof(rp));
2752
2753 hci_dev_lock(hdev);
2754
2755 if (!hdev_is_powered(hdev)) {
2756 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2757 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2758 goto unlock;
2759 }
2760
2761 if (cp->addr.type == BDADDR_BREDR) {
2762
2763
2764
2765
2766
2767
2768
2769 if (cp->disconnect)
2770 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2771 &cp->addr.bdaddr);
2772 else
2773 conn = NULL;
2774
2775 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2776 } else {
2777 u8 addr_type;
2778
2779 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2780 &cp->addr.bdaddr);
2781 if (conn) {
2782
2783
2784
2785
2786 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2787
2788
2789
2790
2791
2792 if (!cp->disconnect)
2793 conn = NULL;
2794 }
2795
2796 if (cp->addr.type == BDADDR_LE_PUBLIC)
2797 addr_type = ADDR_LE_DEV_PUBLIC;
2798 else
2799 addr_type = ADDR_LE_DEV_RANDOM;
2800
2801 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2802
2803 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2804 }
2805
2806 if (err < 0) {
2807 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2808 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2809 goto unlock;
2810 }
2811
2812
2813
2814
2815 if (!conn) {
2816 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2817 &rp, sizeof(rp));
2818 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2819 goto unlock;
2820 }
2821
2822 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2823 sizeof(*cp));
2824 if (!cmd) {
2825 err = -ENOMEM;
2826 goto unlock;
2827 }
2828
2829 cmd->cmd_complete = addr_cmd_complete;
2830
2831 dc.handle = cpu_to_le16(conn->handle);
2832 dc.reason = 0x13;
2833 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2834 if (err < 0)
2835 mgmt_pending_remove(cmd);
2836
2837unlock:
2838 hci_dev_unlock(hdev);
2839 return err;
2840}
2841
2842static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2843 u16 len)
2844{
2845 struct mgmt_cp_disconnect *cp = data;
2846 struct mgmt_rp_disconnect rp;
2847 struct pending_cmd *cmd;
2848 struct hci_conn *conn;
2849 int err;
2850
2851 BT_DBG("");
2852
2853 memset(&rp, 0, sizeof(rp));
2854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2855 rp.addr.type = cp->addr.type;
2856
2857 if (!bdaddr_type_is_valid(cp->addr.type))
2858 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2859 MGMT_STATUS_INVALID_PARAMS,
2860 &rp, sizeof(rp));
2861
2862 hci_dev_lock(hdev);
2863
2864 if (!test_bit(HCI_UP, &hdev->flags)) {
2865 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2866 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2867 goto failed;
2868 }
2869
2870 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2871 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2872 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2873 goto failed;
2874 }
2875
2876 if (cp->addr.type == BDADDR_BREDR)
2877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2878 &cp->addr.bdaddr);
2879 else
2880 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2881
2882 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2883 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2884 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2885 goto failed;
2886 }
2887
2888 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2889 if (!cmd) {
2890 err = -ENOMEM;
2891 goto failed;
2892 }
2893
2894 cmd->cmd_complete = generic_cmd_complete;
2895
2896 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2897 if (err < 0)
2898 mgmt_pending_remove(cmd);
2899
2900failed:
2901 hci_dev_unlock(hdev);
2902 return err;
2903}
2904
2905static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2906{
2907 switch (link_type) {
2908 case LE_LINK:
2909 switch (addr_type) {
2910 case ADDR_LE_DEV_PUBLIC:
2911 return BDADDR_LE_PUBLIC;
2912
2913 default:
2914
2915 return BDADDR_LE_RANDOM;
2916 }
2917
2918 default:
2919
2920 return BDADDR_BREDR;
2921 }
2922}
2923
2924static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2925 u16 data_len)
2926{
2927 struct mgmt_rp_get_connections *rp;
2928 struct hci_conn *c;
2929 size_t rp_len;
2930 int err;
2931 u16 i;
2932
2933 BT_DBG("");
2934
2935 hci_dev_lock(hdev);
2936
2937 if (!hdev_is_powered(hdev)) {
2938 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2939 MGMT_STATUS_NOT_POWERED);
2940 goto unlock;
2941 }
2942
2943 i = 0;
2944 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2945 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2946 i++;
2947 }
2948
2949 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2950 rp = kmalloc(rp_len, GFP_KERNEL);
2951 if (!rp) {
2952 err = -ENOMEM;
2953 goto unlock;
2954 }
2955
2956 i = 0;
2957 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2958 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2959 continue;
2960 bacpy(&rp->addr[i].bdaddr, &c->dst);
2961 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2962 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2963 continue;
2964 i++;
2965 }
2966
2967 rp->conn_count = cpu_to_le16(i);
2968
2969
2970 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2971
2972 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2973 rp_len);
2974
2975 kfree(rp);
2976
2977unlock:
2978 hci_dev_unlock(hdev);
2979 return err;
2980}
2981
2982static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2983 struct mgmt_cp_pin_code_neg_reply *cp)
2984{
2985 struct pending_cmd *cmd;
2986 int err;
2987
2988 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2989 sizeof(*cp));
2990 if (!cmd)
2991 return -ENOMEM;
2992
2993 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2994 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2995 if (err < 0)
2996 mgmt_pending_remove(cmd);
2997
2998 return err;
2999}
3000
3001static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3002 u16 len)
3003{
3004 struct hci_conn *conn;
3005 struct mgmt_cp_pin_code_reply *cp = data;
3006 struct hci_cp_pin_code_reply reply;
3007 struct pending_cmd *cmd;
3008 int err;
3009
3010 BT_DBG("");
3011
3012 hci_dev_lock(hdev);
3013
3014 if (!hdev_is_powered(hdev)) {
3015 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3016 MGMT_STATUS_NOT_POWERED);
3017 goto failed;
3018 }
3019
3020 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3021 if (!conn) {
3022 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3023 MGMT_STATUS_NOT_CONNECTED);
3024 goto failed;
3025 }
3026
3027 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3028 struct mgmt_cp_pin_code_neg_reply ncp;
3029
3030 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3031
3032 BT_ERR("PIN code is not 16 bytes long");
3033
3034 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3035 if (err >= 0)
3036 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3037 MGMT_STATUS_INVALID_PARAMS);
3038
3039 goto failed;
3040 }
3041
3042 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3043 if (!cmd) {
3044 err = -ENOMEM;
3045 goto failed;
3046 }
3047
3048 cmd->cmd_complete = addr_cmd_complete;
3049
3050 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3051 reply.pin_len = cp->pin_len;
3052 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3053
3054 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3055 if (err < 0)
3056 mgmt_pending_remove(cmd);
3057
3058failed:
3059 hci_dev_unlock(hdev);
3060 return err;
3061}
3062
3063static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3064 u16 len)
3065{
3066 struct mgmt_cp_set_io_capability *cp = data;
3067
3068 BT_DBG("");
3069
3070 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3071 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3072 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3073
3074 hci_dev_lock(hdev);
3075
3076 hdev->io_capability = cp->io_capability;
3077
3078 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3079 hdev->io_capability);
3080
3081 hci_dev_unlock(hdev);
3082
3083 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3084 0);
3085}
3086
3087static struct pending_cmd *find_pairing(struct hci_conn *conn)
3088{
3089 struct hci_dev *hdev = conn->hdev;
3090 struct pending_cmd *cmd;
3091
3092 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3093 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3094 continue;
3095
3096 if (cmd->user_data != conn)
3097 continue;
3098
3099 return cmd;
3100 }
3101
3102 return NULL;
3103}
3104
3105static int pairing_complete(struct pending_cmd *cmd, u8 status)
3106{
3107 struct mgmt_rp_pair_device rp;
3108 struct hci_conn *conn = cmd->user_data;
3109 int err;
3110
3111 bacpy(&rp.addr.bdaddr, &conn->dst);
3112 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3113
3114 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3115 &rp, sizeof(rp));
3116
3117
3118 conn->connect_cfm_cb = NULL;
3119 conn->security_cfm_cb = NULL;
3120 conn->disconn_cfm_cb = NULL;
3121
3122 hci_conn_drop(conn);
3123
3124
3125
3126
3127 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3128
3129 hci_conn_put(conn);
3130
3131 return err;
3132}
3133
3134void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3135{
3136 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3137 struct pending_cmd *cmd;
3138
3139 cmd = find_pairing(conn);
3140 if (cmd) {
3141 cmd->cmd_complete(cmd, status);
3142 mgmt_pending_remove(cmd);
3143 }
3144}
3145
3146static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3147{
3148 struct pending_cmd *cmd;
3149
3150 BT_DBG("status %u", status);
3151
3152 cmd = find_pairing(conn);
3153 if (!cmd) {
3154 BT_DBG("Unable to find a pending command");
3155 return;
3156 }
3157
3158 cmd->cmd_complete(cmd, mgmt_status(status));
3159 mgmt_pending_remove(cmd);
3160}
3161
3162static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3163{
3164 struct pending_cmd *cmd;
3165
3166 BT_DBG("status %u", status);
3167
3168 if (!status)
3169 return;
3170
3171 cmd = find_pairing(conn);
3172 if (!cmd) {
3173 BT_DBG("Unable to find a pending command");
3174 return;
3175 }
3176
3177 cmd->cmd_complete(cmd, mgmt_status(status));
3178 mgmt_pending_remove(cmd);
3179}
3180
3181static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3182 u16 len)
3183{
3184 struct mgmt_cp_pair_device *cp = data;
3185 struct mgmt_rp_pair_device rp;
3186 struct pending_cmd *cmd;
3187 u8 sec_level, auth_type;
3188 struct hci_conn *conn;
3189 int err;
3190
3191 BT_DBG("");
3192
3193 memset(&rp, 0, sizeof(rp));
3194 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3195 rp.addr.type = cp->addr.type;
3196
3197 if (!bdaddr_type_is_valid(cp->addr.type))
3198 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3199 MGMT_STATUS_INVALID_PARAMS,
3200 &rp, sizeof(rp));
3201
3202 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3203 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_INVALID_PARAMS,
3205 &rp, sizeof(rp));
3206
3207 hci_dev_lock(hdev);
3208
3209 if (!hdev_is_powered(hdev)) {
3210 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3211 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3212 goto unlock;
3213 }
3214
3215 sec_level = BT_SECURITY_MEDIUM;
3216 auth_type = HCI_AT_DEDICATED_BONDING;
3217
3218 if (cp->addr.type == BDADDR_BREDR) {
3219 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3220 auth_type);
3221 } else {
3222 u8 addr_type;
3223
3224
3225
3226 if (cp->addr.type == BDADDR_LE_PUBLIC)
3227 addr_type = ADDR_LE_DEV_PUBLIC;
3228 else
3229 addr_type = ADDR_LE_DEV_RANDOM;
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3241
3242 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3243 sec_level, HCI_LE_CONN_TIMEOUT,
3244 HCI_ROLE_MASTER);
3245 }
3246
3247 if (IS_ERR(conn)) {
3248 int status;
3249
3250 if (PTR_ERR(conn) == -EBUSY)
3251 status = MGMT_STATUS_BUSY;
3252 else
3253 status = MGMT_STATUS_CONNECT_FAILED;
3254
3255 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3256 status, &rp,
3257 sizeof(rp));
3258 goto unlock;
3259 }
3260
3261 if (conn->connect_cfm_cb) {
3262 hci_conn_drop(conn);
3263 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3264 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3265 goto unlock;
3266 }
3267
3268 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3269 if (!cmd) {
3270 err = -ENOMEM;
3271 hci_conn_drop(conn);
3272 goto unlock;
3273 }
3274
3275 cmd->cmd_complete = pairing_complete;
3276
3277
3278 if (cp->addr.type == BDADDR_BREDR) {
3279 conn->connect_cfm_cb = pairing_complete_cb;
3280 conn->security_cfm_cb = pairing_complete_cb;
3281 conn->disconn_cfm_cb = pairing_complete_cb;
3282 } else {
3283 conn->connect_cfm_cb = le_pairing_complete_cb;
3284 conn->security_cfm_cb = le_pairing_complete_cb;
3285 conn->disconn_cfm_cb = le_pairing_complete_cb;
3286 }
3287
3288 conn->io_capability = cp->io_cap;
3289 cmd->user_data = hci_conn_get(conn);
3290
3291 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3292 hci_conn_security(conn, sec_level, auth_type, true)) {
3293 cmd->cmd_complete(cmd, 0);
3294 mgmt_pending_remove(cmd);
3295 }
3296
3297 err = 0;
3298
3299unlock:
3300 hci_dev_unlock(hdev);
3301 return err;
3302}
3303
3304static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3305 u16 len)
3306{
3307 struct mgmt_addr_info *addr = data;
3308 struct pending_cmd *cmd;
3309 struct hci_conn *conn;
3310 int err;
3311
3312 BT_DBG("");
3313
3314 hci_dev_lock(hdev);
3315
3316 if (!hdev_is_powered(hdev)) {
3317 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3318 MGMT_STATUS_NOT_POWERED);
3319 goto unlock;
3320 }
3321
3322 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3323 if (!cmd) {
3324 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3325 MGMT_STATUS_INVALID_PARAMS);
3326 goto unlock;
3327 }
3328
3329 conn = cmd->user_data;
3330
3331 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3332 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3333 MGMT_STATUS_INVALID_PARAMS);
3334 goto unlock;
3335 }
3336
3337 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3338 mgmt_pending_remove(cmd);
3339
3340 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3341 addr, sizeof(*addr));
3342unlock:
3343 hci_dev_unlock(hdev);
3344 return err;
3345}
3346
3347static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3348 struct mgmt_addr_info *addr, u16 mgmt_op,
3349 u16 hci_op, __le32 passkey)
3350{
3351 struct pending_cmd *cmd;
3352 struct hci_conn *conn;
3353 int err;
3354
3355 hci_dev_lock(hdev);
3356
3357 if (!hdev_is_powered(hdev)) {
3358 err = cmd_complete(sk, hdev->id, mgmt_op,
3359 MGMT_STATUS_NOT_POWERED, addr,
3360 sizeof(*addr));
3361 goto done;
3362 }
3363
3364 if (addr->type == BDADDR_BREDR)
3365 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3366 else
3367 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3368
3369 if (!conn) {
3370 err = cmd_complete(sk, hdev->id, mgmt_op,
3371 MGMT_STATUS_NOT_CONNECTED, addr,
3372 sizeof(*addr));
3373 goto done;
3374 }
3375
3376 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3377 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3378 if (!err)
3379 err = cmd_complete(sk, hdev->id, mgmt_op,
3380 MGMT_STATUS_SUCCESS, addr,
3381 sizeof(*addr));
3382 else
3383 err = cmd_complete(sk, hdev->id, mgmt_op,
3384 MGMT_STATUS_FAILED, addr,
3385 sizeof(*addr));
3386
3387 goto done;
3388 }
3389
3390 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3391 if (!cmd) {
3392 err = -ENOMEM;
3393 goto done;
3394 }
3395
3396 cmd->cmd_complete = addr_cmd_complete;
3397
3398
3399 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3400 struct hci_cp_user_passkey_reply cp;
3401
3402 bacpy(&cp.bdaddr, &addr->bdaddr);
3403 cp.passkey = passkey;
3404 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3405 } else
3406 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3407 &addr->bdaddr);
3408
3409 if (err < 0)
3410 mgmt_pending_remove(cmd);
3411
3412done:
3413 hci_dev_unlock(hdev);
3414 return err;
3415}
3416
3417static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3418 void *data, u16 len)
3419{
3420 struct mgmt_cp_pin_code_neg_reply *cp = data;
3421
3422 BT_DBG("");
3423
3424 return user_pairing_resp(sk, hdev, &cp->addr,
3425 MGMT_OP_PIN_CODE_NEG_REPLY,
3426 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3427}
3428
3429static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3430 u16 len)
3431{
3432 struct mgmt_cp_user_confirm_reply *cp = data;
3433
3434 BT_DBG("");
3435
3436 if (len != sizeof(*cp))
3437 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3438 MGMT_STATUS_INVALID_PARAMS);
3439
3440 return user_pairing_resp(sk, hdev, &cp->addr,
3441 MGMT_OP_USER_CONFIRM_REPLY,
3442 HCI_OP_USER_CONFIRM_REPLY, 0);
3443}
3444
3445static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3446 void *data, u16 len)
3447{
3448 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3449
3450 BT_DBG("");
3451
3452 return user_pairing_resp(sk, hdev, &cp->addr,
3453 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3454 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3455}
3456
3457static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3458 u16 len)
3459{
3460 struct mgmt_cp_user_passkey_reply *cp = data;
3461
3462 BT_DBG("");
3463
3464 return user_pairing_resp(sk, hdev, &cp->addr,
3465 MGMT_OP_USER_PASSKEY_REPLY,
3466 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3467}
3468
3469static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3470 void *data, u16 len)
3471{
3472 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3473
3474 BT_DBG("");
3475
3476 return user_pairing_resp(sk, hdev, &cp->addr,
3477 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3478 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3479}
3480
3481static void update_name(struct hci_request *req)
3482{
3483 struct hci_dev *hdev = req->hdev;
3484 struct hci_cp_write_local_name cp;
3485
3486 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3487
3488 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3489}
3490
3491static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3492{
3493 struct mgmt_cp_set_local_name *cp;
3494 struct pending_cmd *cmd;
3495
3496 BT_DBG("status 0x%02x", status);
3497
3498 hci_dev_lock(hdev);
3499
3500 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3501 if (!cmd)
3502 goto unlock;
3503
3504 cp = cmd->param;
3505
3506 if (status)
3507 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3508 mgmt_status(status));
3509 else
3510 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3511 cp, sizeof(*cp));
3512
3513 mgmt_pending_remove(cmd);
3514
3515unlock:
3516 hci_dev_unlock(hdev);
3517}
3518
3519static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3520 u16 len)
3521{
3522 struct mgmt_cp_set_local_name *cp = data;
3523 struct pending_cmd *cmd;
3524 struct hci_request req;
3525 int err;
3526
3527 BT_DBG("");
3528
3529 hci_dev_lock(hdev);
3530
3531
3532
3533
3534 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3535 !memcmp(hdev->short_name, cp->short_name,
3536 sizeof(hdev->short_name))) {
3537 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3538 data, len);
3539 goto failed;
3540 }
3541
3542 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3543
3544 if (!hdev_is_powered(hdev)) {
3545 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3546
3547 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3548 data, len);
3549 if (err < 0)
3550 goto failed;
3551
3552 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3553 sk);
3554
3555 goto failed;
3556 }
3557
3558 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3559 if (!cmd) {
3560 err = -ENOMEM;
3561 goto failed;
3562 }
3563
3564 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3565
3566 hci_req_init(&req, hdev);
3567
3568 if (lmp_bredr_capable(hdev)) {
3569 update_name(&req);
3570 update_eir(&req);
3571 }
3572
3573
3574
3575
3576 if (lmp_le_capable(hdev))
3577 update_scan_rsp_data(&req);
3578
3579 err = hci_req_run(&req, set_name_complete);
3580 if (err < 0)
3581 mgmt_pending_remove(cmd);
3582
3583failed:
3584 hci_dev_unlock(hdev);
3585 return err;
3586}
3587
3588static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3589 void *data, u16 data_len)
3590{
3591 struct pending_cmd *cmd;
3592 int err;
3593
3594 BT_DBG("%s", hdev->name);
3595
3596 hci_dev_lock(hdev);
3597
3598 if (!hdev_is_powered(hdev)) {
3599 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3600 MGMT_STATUS_NOT_POWERED);
3601 goto unlock;
3602 }
3603
3604 if (!lmp_ssp_capable(hdev)) {
3605 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3606 MGMT_STATUS_NOT_SUPPORTED);
3607 goto unlock;
3608 }
3609
3610 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3611 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3612 MGMT_STATUS_BUSY);
3613 goto unlock;
3614 }
3615
3616 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3617 if (!cmd) {
3618 err = -ENOMEM;
3619 goto unlock;
3620 }
3621
3622 if (bredr_sc_enabled(hdev))
3623 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3624 0, NULL);
3625 else
3626 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3627
3628 if (err < 0)
3629 mgmt_pending_remove(cmd);
3630
3631unlock:
3632 hci_dev_unlock(hdev);
3633 return err;
3634}
3635
3636static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3637 void *data, u16 len)
3638{
3639 struct mgmt_addr_info *addr = data;
3640 int err;
3641
3642 BT_DBG("%s ", hdev->name);
3643
3644 if (!bdaddr_type_is_valid(addr->type))
3645 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3646 MGMT_STATUS_INVALID_PARAMS, addr,
3647 sizeof(*addr));
3648
3649 hci_dev_lock(hdev);
3650
3651 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3652 struct mgmt_cp_add_remote_oob_data *cp = data;
3653 u8 status;
3654
3655 if (cp->addr.type != BDADDR_BREDR) {
3656 err = cmd_complete(sk, hdev->id,
3657 MGMT_OP_ADD_REMOTE_OOB_DATA,
3658 MGMT_STATUS_INVALID_PARAMS,
3659 &cp->addr, sizeof(cp->addr));
3660 goto unlock;
3661 }
3662
3663 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3664 cp->addr.type, cp->hash,
3665 cp->rand, NULL, NULL);
3666 if (err < 0)
3667 status = MGMT_STATUS_FAILED;
3668 else
3669 status = MGMT_STATUS_SUCCESS;
3670
3671 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3672 status, &cp->addr, sizeof(cp->addr));
3673 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3674 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3675 u8 *rand192, *hash192, *rand256, *hash256;
3676 u8 status;
3677
3678 if (bdaddr_type_is_le(cp->addr.type)) {
3679
3680
3681
3682 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3683 memcmp(cp->hash192, ZERO_KEY, 16)) {
3684 err = cmd_complete(sk, hdev->id,
3685 MGMT_OP_ADD_REMOTE_OOB_DATA,
3686 MGMT_STATUS_INVALID_PARAMS,
3687 addr, sizeof(*addr));
3688 goto unlock;
3689 }
3690
3691 rand192 = NULL;
3692 hash192 = NULL;
3693 } else {
3694
3695
3696
3697 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3698 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3699 rand192 = NULL;
3700 hash192 = NULL;
3701 } else {
3702 rand192 = cp->rand192;
3703 hash192 = cp->hash192;
3704 }
3705 }
3706
3707
3708
3709
3710 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3711 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3712 rand256 = NULL;
3713 hash256 = NULL;
3714 } else {
3715 rand256 = cp->rand256;
3716 hash256 = cp->hash256;
3717 }
3718
3719 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3720 cp->addr.type, hash192, rand192,
3721 hash256, rand256);
3722 if (err < 0)
3723 status = MGMT_STATUS_FAILED;
3724 else
3725 status = MGMT_STATUS_SUCCESS;
3726
3727 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3728 status, &cp->addr, sizeof(cp->addr));
3729 } else {
3730 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3731 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3732 MGMT_STATUS_INVALID_PARAMS);
3733 }
3734
3735unlock:
3736 hci_dev_unlock(hdev);
3737 return err;
3738}
3739
3740static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3741 void *data, u16 len)
3742{
3743 struct mgmt_cp_remove_remote_oob_data *cp = data;
3744 u8 status;
3745 int err;
3746
3747 BT_DBG("%s", hdev->name);
3748
3749 if (cp->addr.type != BDADDR_BREDR)
3750 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3751 MGMT_STATUS_INVALID_PARAMS,
3752 &cp->addr, sizeof(cp->addr));
3753
3754 hci_dev_lock(hdev);
3755
3756 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3757 hci_remote_oob_data_clear(hdev);
3758 status = MGMT_STATUS_SUCCESS;
3759 goto done;
3760 }
3761
3762 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3763 if (err < 0)
3764 status = MGMT_STATUS_INVALID_PARAMS;
3765 else
3766 status = MGMT_STATUS_SUCCESS;
3767
3768done:
3769 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3770 status, &cp->addr, sizeof(cp->addr));
3771
3772 hci_dev_unlock(hdev);
3773 return err;
3774}
3775
3776static bool trigger_discovery(struct hci_request *req, u8 *status)
3777{
3778 struct hci_dev *hdev = req->hdev;
3779 struct hci_cp_le_set_scan_param param_cp;
3780 struct hci_cp_le_set_scan_enable enable_cp;
3781 struct hci_cp_inquiry inq_cp;
3782
3783 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3784 u8 own_addr_type;
3785 int err;
3786
3787 switch (hdev->discovery.type) {
3788 case DISCOV_TYPE_BREDR:
3789 *status = mgmt_bredr_support(hdev);
3790 if (*status)
3791 return false;
3792
3793 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3794 *status = MGMT_STATUS_BUSY;
3795 return false;
3796 }
3797
3798 hci_inquiry_cache_flush(hdev);
3799
3800 memset(&inq_cp, 0, sizeof(inq_cp));
3801 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3802 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3803 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3804 break;
3805
3806 case DISCOV_TYPE_LE:
3807 case DISCOV_TYPE_INTERLEAVED:
3808 *status = mgmt_le_support(hdev);
3809 if (*status)
3810 return false;
3811
3812 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3813 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3814 *status = MGMT_STATUS_NOT_SUPPORTED;
3815 return false;
3816 }
3817
3818 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3819
3820
3821
3822
3823 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3824 BT_CONNECT)) {
3825 *status = MGMT_STATUS_REJECTED;
3826 return false;
3827 }
3828
3829 disable_advertising(req);
3830 }
3831
3832
3833
3834
3835
3836 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3837 hci_req_add_le_scan_disable(req);
3838
3839 memset(¶m_cp, 0, sizeof(param_cp));
3840
3841
3842
3843
3844
3845 err = hci_update_random_address(req, true, &own_addr_type);
3846 if (err < 0) {
3847 *status = MGMT_STATUS_FAILED;
3848 return false;
3849 }
3850
3851 param_cp.type = LE_SCAN_ACTIVE;
3852 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3853 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3854 param_cp.own_address_type = own_addr_type;
3855 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3856 ¶m_cp);
3857
3858 memset(&enable_cp, 0, sizeof(enable_cp));
3859 enable_cp.enable = LE_SCAN_ENABLE;
3860 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3861 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3862 &enable_cp);
3863 break;
3864
3865 default:
3866 *status = MGMT_STATUS_INVALID_PARAMS;
3867 return false;
3868 }
3869
3870 return true;
3871}
3872
3873static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3874 u16 opcode)
3875{
3876 struct pending_cmd *cmd;
3877 unsigned long timeout;
3878
3879 BT_DBG("status %d", status);
3880
3881 hci_dev_lock(hdev);
3882
3883 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3884 if (!cmd)
3885 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3886
3887 if (cmd) {
3888 cmd->cmd_complete(cmd, mgmt_status(status));
3889 mgmt_pending_remove(cmd);
3890 }
3891
3892 if (status) {
3893 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3894 goto unlock;
3895 }
3896
3897 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3898
3899
3900
3901
3902 switch (hdev->discovery.type) {
3903 case DISCOV_TYPE_LE:
3904 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3905 break;
3906 case DISCOV_TYPE_INTERLEAVED:
3907 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3908 break;
3909 case DISCOV_TYPE_BREDR:
3910 timeout = 0;
3911 break;
3912 default:
3913 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3914 timeout = 0;
3915 break;
3916 }
3917
3918 if (timeout) {
3919
3920
3921
3922
3923
3924 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3925 &hdev->quirks) &&
3926 (hdev->discovery.uuid_count > 0 ||
3927 hdev->discovery.rssi != HCI_RSSI_INVALID)) {
3928 hdev->discovery.scan_start = jiffies;
3929 hdev->discovery.scan_duration = timeout;
3930 }
3931
3932 queue_delayed_work(hdev->workqueue,
3933 &hdev->le_scan_disable, timeout);
3934 }
3935
3936unlock:
3937 hci_dev_unlock(hdev);
3938}
3939
3940static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3941 void *data, u16 len)
3942{
3943 struct mgmt_cp_start_discovery *cp = data;
3944 struct pending_cmd *cmd;
3945 struct hci_request req;
3946 u8 status;
3947 int err;
3948
3949 BT_DBG("%s", hdev->name);
3950
3951 hci_dev_lock(hdev);
3952
3953 if (!hdev_is_powered(hdev)) {
3954 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3955 MGMT_STATUS_NOT_POWERED,
3956 &cp->type, sizeof(cp->type));
3957 goto failed;
3958 }
3959
3960 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3961 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3962 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3963 MGMT_STATUS_BUSY, &cp->type,
3964 sizeof(cp->type));
3965 goto failed;
3966 }
3967
3968 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3969 if (!cmd) {
3970 err = -ENOMEM;
3971 goto failed;
3972 }
3973
3974 cmd->cmd_complete = generic_cmd_complete;
3975
3976
3977
3978
3979 hci_discovery_filter_clear(hdev);
3980
3981 hdev->discovery.type = cp->type;
3982 hdev->discovery.report_invalid_rssi = false;
3983
3984 hci_req_init(&req, hdev);
3985
3986 if (!trigger_discovery(&req, &status)) {
3987 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3988 status, &cp->type, sizeof(cp->type));
3989 mgmt_pending_remove(cmd);
3990 goto failed;
3991 }
3992
3993 err = hci_req_run(&req, start_discovery_complete);
3994 if (err < 0) {
3995 mgmt_pending_remove(cmd);
3996 goto failed;
3997 }
3998
3999 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4000
4001failed:
4002 hci_dev_unlock(hdev);
4003 return err;
4004}
4005
4006static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4007{
4008 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4009 cmd->param, 1);
4010}
4011
4012static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4013 void *data, u16 len)
4014{
4015 struct mgmt_cp_start_service_discovery *cp = data;
4016 struct pending_cmd *cmd;
4017 struct hci_request req;
4018 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4019 u16 uuid_count, expected_len;
4020 u8 status;
4021 int err;
4022
4023 BT_DBG("%s", hdev->name);
4024
4025 hci_dev_lock(hdev);
4026
4027 if (!hdev_is_powered(hdev)) {
4028 err = cmd_complete(sk, hdev->id,
4029 MGMT_OP_START_SERVICE_DISCOVERY,
4030 MGMT_STATUS_NOT_POWERED,
4031 &cp->type, sizeof(cp->type));
4032 goto failed;
4033 }
4034
4035 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4036 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4037 err = cmd_complete(sk, hdev->id,
4038 MGMT_OP_START_SERVICE_DISCOVERY,
4039 MGMT_STATUS_BUSY, &cp->type,
4040 sizeof(cp->type));
4041 goto failed;
4042 }
4043
4044 uuid_count = __le16_to_cpu(cp->uuid_count);
4045 if (uuid_count > max_uuid_count) {
4046 BT_ERR("service_discovery: too big uuid_count value %u",
4047 uuid_count);
4048 err = cmd_complete(sk, hdev->id,
4049 MGMT_OP_START_SERVICE_DISCOVERY,
4050 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4051 sizeof(cp->type));
4052 goto failed;
4053 }
4054
4055 expected_len = sizeof(*cp) + uuid_count * 16;
4056 if (expected_len != len) {
4057 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4058 expected_len, len);
4059 err = cmd_complete(sk, hdev->id,
4060 MGMT_OP_START_SERVICE_DISCOVERY,
4061 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4062 sizeof(cp->type));
4063 goto failed;
4064 }
4065
4066 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4067 hdev, data, len);
4068 if (!cmd) {
4069 err = -ENOMEM;
4070 goto failed;
4071 }
4072
4073 cmd->cmd_complete = service_discovery_cmd_complete;
4074
4075
4076
4077
4078 hci_discovery_filter_clear(hdev);
4079
4080 hdev->discovery.type = cp->type;
4081 hdev->discovery.rssi = cp->rssi;
4082 hdev->discovery.uuid_count = uuid_count;
4083
4084 if (uuid_count > 0) {
4085 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4086 GFP_KERNEL);
4087 if (!hdev->discovery.uuids) {
4088 err = cmd_complete(sk, hdev->id,
4089 MGMT_OP_START_SERVICE_DISCOVERY,
4090 MGMT_STATUS_FAILED,
4091 &cp->type, sizeof(cp->type));
4092 mgmt_pending_remove(cmd);
4093 goto failed;
4094 }
4095 }
4096
4097 hci_req_init(&req, hdev);
4098
4099 if (!trigger_discovery(&req, &status)) {
4100 err = cmd_complete(sk, hdev->id,
4101 MGMT_OP_START_SERVICE_DISCOVERY,
4102 status, &cp->type, sizeof(cp->type));
4103 mgmt_pending_remove(cmd);
4104 goto failed;
4105 }
4106
4107 err = hci_req_run(&req, start_discovery_complete);
4108 if (err < 0) {
4109 mgmt_pending_remove(cmd);
4110 goto failed;
4111 }
4112
4113 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4114
4115failed:
4116 hci_dev_unlock(hdev);
4117 return err;
4118}
4119
4120static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4121{
4122 struct pending_cmd *cmd;
4123
4124 BT_DBG("status %d", status);
4125
4126 hci_dev_lock(hdev);
4127
4128 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4129 if (cmd) {
4130 cmd->cmd_complete(cmd, mgmt_status(status));
4131 mgmt_pending_remove(cmd);
4132 }
4133
4134 if (!status)
4135 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4136
4137 hci_dev_unlock(hdev);
4138}
4139
4140static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4141 u16 len)
4142{
4143 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4144 struct pending_cmd *cmd;
4145 struct hci_request req;
4146 int err;
4147
4148 BT_DBG("%s", hdev->name);
4149
4150 hci_dev_lock(hdev);
4151
4152 if (!hci_discovery_active(hdev)) {
4153 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4154 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4155 sizeof(mgmt_cp->type));
4156 goto unlock;
4157 }
4158
4159 if (hdev->discovery.type != mgmt_cp->type) {
4160 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4161 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4162 sizeof(mgmt_cp->type));
4163 goto unlock;
4164 }
4165
4166 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4167 if (!cmd) {
4168 err = -ENOMEM;
4169 goto unlock;
4170 }
4171
4172 cmd->cmd_complete = generic_cmd_complete;
4173
4174 hci_req_init(&req, hdev);
4175
4176 hci_stop_discovery(&req);
4177
4178 err = hci_req_run(&req, stop_discovery_complete);
4179 if (!err) {
4180 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4181 goto unlock;
4182 }
4183
4184 mgmt_pending_remove(cmd);
4185
4186
4187 if (err == -ENODATA) {
4188 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4189 &mgmt_cp->type, sizeof(mgmt_cp->type));
4190 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4191 }
4192
4193unlock:
4194 hci_dev_unlock(hdev);
4195 return err;
4196}
4197
4198static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4199 u16 len)
4200{
4201 struct mgmt_cp_confirm_name *cp = data;
4202 struct inquiry_entry *e;
4203 int err;
4204
4205 BT_DBG("%s", hdev->name);
4206
4207 hci_dev_lock(hdev);
4208
4209 if (!hci_discovery_active(hdev)) {
4210 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4211 MGMT_STATUS_FAILED, &cp->addr,
4212 sizeof(cp->addr));
4213 goto failed;
4214 }
4215
4216 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4217 if (!e) {
4218 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4219 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4220 sizeof(cp->addr));
4221 goto failed;
4222 }
4223
4224 if (cp->name_known) {
4225 e->name_state = NAME_KNOWN;
4226 list_del(&e->list);
4227 } else {
4228 e->name_state = NAME_NEEDED;
4229 hci_inquiry_cache_update_resolve(hdev, e);
4230 }
4231
4232 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4233 sizeof(cp->addr));
4234
4235failed:
4236 hci_dev_unlock(hdev);
4237 return err;
4238}
4239
4240static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4241 u16 len)
4242{
4243 struct mgmt_cp_block_device *cp = data;
4244 u8 status;
4245 int err;
4246
4247 BT_DBG("%s", hdev->name);
4248
4249 if (!bdaddr_type_is_valid(cp->addr.type))
4250 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4251 MGMT_STATUS_INVALID_PARAMS,
4252 &cp->addr, sizeof(cp->addr));
4253
4254 hci_dev_lock(hdev);
4255
4256 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4257 cp->addr.type);
4258 if (err < 0) {
4259 status = MGMT_STATUS_FAILED;
4260 goto done;
4261 }
4262
4263 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4264 sk);
4265 status = MGMT_STATUS_SUCCESS;
4266
4267done:
4268 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4269 &cp->addr, sizeof(cp->addr));
4270
4271 hci_dev_unlock(hdev);
4272
4273 return err;
4274}
4275
4276static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4277 u16 len)
4278{
4279 struct mgmt_cp_unblock_device *cp = data;
4280 u8 status;
4281 int err;
4282
4283 BT_DBG("%s", hdev->name);
4284
4285 if (!bdaddr_type_is_valid(cp->addr.type))
4286 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4287 MGMT_STATUS_INVALID_PARAMS,
4288 &cp->addr, sizeof(cp->addr));
4289
4290 hci_dev_lock(hdev);
4291
4292 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4293 cp->addr.type);
4294 if (err < 0) {
4295 status = MGMT_STATUS_INVALID_PARAMS;
4296 goto done;
4297 }
4298
4299 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4300 sk);
4301 status = MGMT_STATUS_SUCCESS;
4302
4303done:
4304 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4305 &cp->addr, sizeof(cp->addr));
4306
4307 hci_dev_unlock(hdev);
4308
4309 return err;
4310}
4311
4312static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4313 u16 len)
4314{
4315 struct mgmt_cp_set_device_id *cp = data;
4316 struct hci_request req;
4317 int err;
4318 __u16 source;
4319
4320 BT_DBG("%s", hdev->name);
4321
4322 source = __le16_to_cpu(cp->source);
4323
4324 if (source > 0x0002)
4325 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4326 MGMT_STATUS_INVALID_PARAMS);
4327
4328 hci_dev_lock(hdev);
4329
4330 hdev->devid_source = source;
4331 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4332 hdev->devid_product = __le16_to_cpu(cp->product);
4333 hdev->devid_version = __le16_to_cpu(cp->version);
4334
4335 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4336
4337 hci_req_init(&req, hdev);
4338 update_eir(&req);
4339 hci_req_run(&req, NULL);
4340
4341 hci_dev_unlock(hdev);
4342
4343 return err;
4344}
4345
4346static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4347 u16 opcode)
4348{
4349 struct cmd_lookup match = { NULL, hdev };
4350
4351 hci_dev_lock(hdev);
4352
4353 if (status) {
4354 u8 mgmt_err = mgmt_status(status);
4355
4356 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4357 cmd_status_rsp, &mgmt_err);
4358 goto unlock;
4359 }
4360
4361 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4362 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4363 else
4364 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4365
4366 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4367 &match);
4368
4369 new_settings(hdev, match.sk);
4370
4371 if (match.sk)
4372 sock_put(match.sk);
4373
4374unlock:
4375 hci_dev_unlock(hdev);
4376}
4377
4378static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4379 u16 len)
4380{
4381 struct mgmt_mode *cp = data;
4382 struct pending_cmd *cmd;
4383 struct hci_request req;
4384 u8 val, enabled, status;
4385 int err;
4386
4387 BT_DBG("request for %s", hdev->name);
4388
4389 status = mgmt_le_support(hdev);
4390 if (status)
4391 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4392 status);
4393
4394 if (cp->val != 0x00 && cp->val != 0x01)
4395 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4396 MGMT_STATUS_INVALID_PARAMS);
4397
4398 hci_dev_lock(hdev);
4399
4400 val = !!cp->val;
4401 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4402
4403
4404
4405
4406
4407
4408 if (!hdev_is_powered(hdev) || val == enabled ||
4409 hci_conn_num(hdev, LE_LINK) > 0 ||
4410 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4411 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4412 bool changed = false;
4413
4414 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4415 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4416 changed = true;
4417 }
4418
4419 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4420 if (err < 0)
4421 goto unlock;
4422
4423 if (changed)
4424 err = new_settings(hdev, sk);
4425
4426 goto unlock;
4427 }
4428
4429 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4430 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4431 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4432 MGMT_STATUS_BUSY);
4433 goto unlock;
4434 }
4435
4436 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4437 if (!cmd) {
4438 err = -ENOMEM;
4439 goto unlock;
4440 }
4441
4442 hci_req_init(&req, hdev);
4443
4444 if (val)
4445 enable_advertising(&req);
4446 else
4447 disable_advertising(&req);
4448
4449 err = hci_req_run(&req, set_advertising_complete);
4450 if (err < 0)
4451 mgmt_pending_remove(cmd);
4452
4453unlock:
4454 hci_dev_unlock(hdev);
4455 return err;
4456}
4457
4458static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4459 void *data, u16 len)
4460{
4461 struct mgmt_cp_set_static_address *cp = data;
4462 int err;
4463
4464 BT_DBG("%s", hdev->name);
4465
4466 if (!lmp_le_capable(hdev))
4467 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4468 MGMT_STATUS_NOT_SUPPORTED);
4469
4470 if (hdev_is_powered(hdev))
4471 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4472 MGMT_STATUS_REJECTED);
4473
4474 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4475 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4476 return cmd_status(sk, hdev->id,
4477 MGMT_OP_SET_STATIC_ADDRESS,
4478 MGMT_STATUS_INVALID_PARAMS);
4479
4480
4481 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4482 return cmd_status(sk, hdev->id,
4483 MGMT_OP_SET_STATIC_ADDRESS,
4484 MGMT_STATUS_INVALID_PARAMS);
4485 }
4486
4487 hci_dev_lock(hdev);
4488
4489 bacpy(&hdev->static_addr, &cp->bdaddr);
4490
4491 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4492
4493 hci_dev_unlock(hdev);
4494
4495 return err;
4496}
4497
4498static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4499 void *data, u16 len)
4500{
4501 struct mgmt_cp_set_scan_params *cp = data;
4502 __u16 interval, window;
4503 int err;
4504
4505 BT_DBG("%s", hdev->name);
4506
4507 if (!lmp_le_capable(hdev))
4508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4509 MGMT_STATUS_NOT_SUPPORTED);
4510
4511 interval = __le16_to_cpu(cp->interval);
4512
4513 if (interval < 0x0004 || interval > 0x4000)
4514 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4515 MGMT_STATUS_INVALID_PARAMS);
4516
4517 window = __le16_to_cpu(cp->window);
4518
4519 if (window < 0x0004 || window > 0x4000)
4520 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4521 MGMT_STATUS_INVALID_PARAMS);
4522
4523 if (window > interval)
4524 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4525 MGMT_STATUS_INVALID_PARAMS);
4526
4527 hci_dev_lock(hdev);
4528
4529 hdev->le_scan_interval = interval;
4530 hdev->le_scan_window = window;
4531
4532 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4533
4534
4535
4536
4537 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4538 hdev->discovery.state == DISCOVERY_STOPPED) {
4539 struct hci_request req;
4540
4541 hci_req_init(&req, hdev);
4542
4543 hci_req_add_le_scan_disable(&req);
4544 hci_req_add_le_passive_scan(&req);
4545
4546 hci_req_run(&req, NULL);
4547 }
4548
4549 hci_dev_unlock(hdev);
4550
4551 return err;
4552}
4553
4554static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4555 u16 opcode)
4556{
4557 struct pending_cmd *cmd;
4558
4559 BT_DBG("status 0x%02x", status);
4560
4561 hci_dev_lock(hdev);
4562
4563 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4564 if (!cmd)
4565 goto unlock;
4566
4567 if (status) {
4568 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4569 mgmt_status(status));
4570 } else {
4571 struct mgmt_mode *cp = cmd->param;
4572
4573 if (cp->val)
4574 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4575 else
4576 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4577
4578 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4579 new_settings(hdev, cmd->sk);
4580 }
4581
4582 mgmt_pending_remove(cmd);
4583
4584unlock:
4585 hci_dev_unlock(hdev);
4586}
4587
4588static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4589 void *data, u16 len)
4590{
4591 struct mgmt_mode *cp = data;
4592 struct pending_cmd *cmd;
4593 struct hci_request req;
4594 int err;
4595
4596 BT_DBG("%s", hdev->name);
4597
4598 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4599 hdev->hci_ver < BLUETOOTH_VER_1_2)
4600 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4601 MGMT_STATUS_NOT_SUPPORTED);
4602
4603 if (cp->val != 0x00 && cp->val != 0x01)
4604 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4605 MGMT_STATUS_INVALID_PARAMS);
4606
4607 if (!hdev_is_powered(hdev))
4608 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4609 MGMT_STATUS_NOT_POWERED);
4610
4611 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4612 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4613 MGMT_STATUS_REJECTED);
4614
4615 hci_dev_lock(hdev);
4616
4617 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4618 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4619 MGMT_STATUS_BUSY);
4620 goto unlock;
4621 }
4622
4623 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4624 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4625 hdev);
4626 goto unlock;
4627 }
4628
4629 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4630 data, len);
4631 if (!cmd) {
4632 err = -ENOMEM;
4633 goto unlock;
4634 }
4635
4636 hci_req_init(&req, hdev);
4637
4638 write_fast_connectable(&req, cp->val);
4639
4640 err = hci_req_run(&req, fast_connectable_complete);
4641 if (err < 0) {
4642 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4643 MGMT_STATUS_FAILED);
4644 mgmt_pending_remove(cmd);
4645 }
4646
4647unlock:
4648 hci_dev_unlock(hdev);
4649
4650 return err;
4651}
4652
4653static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4654{
4655 struct pending_cmd *cmd;
4656
4657 BT_DBG("status 0x%02x", status);
4658
4659 hci_dev_lock(hdev);
4660
4661 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4662 if (!cmd)
4663 goto unlock;
4664
4665 if (status) {
4666 u8 mgmt_err = mgmt_status(status);
4667
4668
4669
4670
4671 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4672
4673 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4674 } else {
4675 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4676 new_settings(hdev, cmd->sk);
4677 }
4678
4679 mgmt_pending_remove(cmd);
4680
4681unlock:
4682 hci_dev_unlock(hdev);
4683}
4684
4685static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4686{
4687 struct mgmt_mode *cp = data;
4688 struct pending_cmd *cmd;
4689 struct hci_request req;
4690 int err;
4691
4692 BT_DBG("request for %s", hdev->name);
4693
4694 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4695 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4696 MGMT_STATUS_NOT_SUPPORTED);
4697
4698 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4699 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4700 MGMT_STATUS_REJECTED);
4701
4702 if (cp->val != 0x00 && cp->val != 0x01)
4703 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4704 MGMT_STATUS_INVALID_PARAMS);
4705
4706 hci_dev_lock(hdev);
4707
4708 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4709 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4710 goto unlock;
4711 }
4712
4713 if (!hdev_is_powered(hdev)) {
4714 if (!cp->val) {
4715 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4716 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4717 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4718 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4719 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4720 }
4721
4722 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4723
4724 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4725 if (err < 0)
4726 goto unlock;
4727
4728 err = new_settings(hdev, sk);
4729 goto unlock;
4730 }
4731
4732
4733 if (!cp->val) {
4734 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4735 MGMT_STATUS_REJECTED);
4736 goto unlock;
4737 } else {
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
4753 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4754 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
4755 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4756 MGMT_STATUS_REJECTED);
4757 goto unlock;
4758 }
4759 }
4760
4761 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4762 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4763 MGMT_STATUS_BUSY);
4764 goto unlock;
4765 }
4766
4767 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4768 if (!cmd) {
4769 err = -ENOMEM;
4770 goto unlock;
4771 }
4772
4773
4774
4775
4776 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4777
4778 hci_req_init(&req, hdev);
4779
4780 write_fast_connectable(&req, false);
4781 __hci_update_page_scan(&req);
4782
4783
4784
4785
4786 update_adv_data(&req);
4787
4788 err = hci_req_run(&req, set_bredr_complete);
4789 if (err < 0)
4790 mgmt_pending_remove(cmd);
4791
4792unlock:
4793 hci_dev_unlock(hdev);
4794 return err;
4795}
4796
4797static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4798{
4799 struct pending_cmd *cmd;
4800 struct mgmt_mode *cp;
4801
4802 BT_DBG("%s status %u", hdev->name, status);
4803
4804 hci_dev_lock(hdev);
4805
4806 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4807 if (!cmd)
4808 goto unlock;
4809
4810 if (status) {
4811 cmd_status(cmd->sk, cmd->index, cmd->opcode,
4812 mgmt_status(status));
4813 goto remove;
4814 }
4815
4816 cp = cmd->param;
4817
4818 switch (cp->val) {
4819 case 0x00:
4820 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4821 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4822 break;
4823 case 0x01:
4824 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4825 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4826 break;
4827 case 0x02:
4828 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4829 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4830 break;
4831 }
4832
4833 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4834 new_settings(hdev, cmd->sk);
4835
4836remove:
4837 mgmt_pending_remove(cmd);
4838unlock:
4839 hci_dev_unlock(hdev);
4840}
4841
4842static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4843 void *data, u16 len)
4844{
4845 struct mgmt_mode *cp = data;
4846 struct pending_cmd *cmd;
4847 struct hci_request req;
4848 u8 val;
4849 int err;
4850
4851 BT_DBG("request for %s", hdev->name);
4852
4853 if (!lmp_sc_capable(hdev) &&
4854 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4855 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4856 MGMT_STATUS_NOT_SUPPORTED);
4857
4858 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
4859 lmp_sc_capable(hdev) &&
4860 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4861 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4862 MGMT_STATUS_REJECTED);
4863
4864 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4865 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4866 MGMT_STATUS_INVALID_PARAMS);
4867
4868 hci_dev_lock(hdev);
4869
4870 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4871 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4872 bool changed;
4873
4874 if (cp->val) {
4875 changed = !test_and_set_bit(HCI_SC_ENABLED,
4876 &hdev->dev_flags);
4877 if (cp->val == 0x02)
4878 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4879 else
4880 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4881 } else {
4882 changed = test_and_clear_bit(HCI_SC_ENABLED,
4883 &hdev->dev_flags);
4884 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4885 }
4886
4887 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4888 if (err < 0)
4889 goto failed;
4890
4891 if (changed)
4892 err = new_settings(hdev, sk);
4893
4894 goto failed;
4895 }
4896
4897 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4898 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4899 MGMT_STATUS_BUSY);
4900 goto failed;
4901 }
4902
4903 val = !!cp->val;
4904
4905 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4906 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4907 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4908 goto failed;
4909 }
4910
4911 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4912 if (!cmd) {
4913 err = -ENOMEM;
4914 goto failed;
4915 }
4916
4917 hci_req_init(&req, hdev);
4918 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4919 err = hci_req_run(&req, sc_enable_complete);
4920 if (err < 0) {
4921 mgmt_pending_remove(cmd);
4922 goto failed;
4923 }
4924
4925failed:
4926 hci_dev_unlock(hdev);
4927 return err;
4928}
4929
4930static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4931 void *data, u16 len)
4932{
4933 struct mgmt_mode *cp = data;
4934 bool changed, use_changed;
4935 int err;
4936
4937 BT_DBG("request for %s", hdev->name);
4938
4939 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4940 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4941 MGMT_STATUS_INVALID_PARAMS);
4942
4943 hci_dev_lock(hdev);
4944
4945 if (cp->val)
4946 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4947 &hdev->dev_flags);
4948 else
4949 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4950 &hdev->dev_flags);
4951
4952 if (cp->val == 0x02)
4953 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4954 &hdev->dev_flags);
4955 else
4956 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4957 &hdev->dev_flags);
4958
4959 if (hdev_is_powered(hdev) && use_changed &&
4960 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4961 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4962 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4963 sizeof(mode), &mode);
4964 }
4965
4966 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4967 if (err < 0)
4968 goto unlock;
4969
4970 if (changed)
4971 err = new_settings(hdev, sk);
4972
4973unlock:
4974 hci_dev_unlock(hdev);
4975 return err;
4976}
4977
4978static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4979 u16 len)
4980{
4981 struct mgmt_cp_set_privacy *cp = cp_data;
4982 bool changed;
4983 int err;
4984
4985 BT_DBG("request for %s", hdev->name);
4986
4987 if (!lmp_le_capable(hdev))
4988 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4989 MGMT_STATUS_NOT_SUPPORTED);
4990
4991 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4992 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4993 MGMT_STATUS_INVALID_PARAMS);
4994
4995 if (hdev_is_powered(hdev))
4996 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4997 MGMT_STATUS_REJECTED);
4998
4999 hci_dev_lock(hdev);
5000
5001
5002
5003
5004 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5005
5006 if (cp->privacy) {
5007 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5008 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5009 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5010 } else {
5011 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5012 memset(hdev->irk, 0, sizeof(hdev->irk));
5013 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5014 }
5015
5016 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5017 if (err < 0)
5018 goto unlock;
5019
5020 if (changed)
5021 err = new_settings(hdev, sk);
5022
5023unlock:
5024 hci_dev_unlock(hdev);
5025 return err;
5026}
5027
5028static bool irk_is_valid(struct mgmt_irk_info *irk)
5029{
5030 switch (irk->addr.type) {
5031 case BDADDR_LE_PUBLIC:
5032 return true;
5033
5034 case BDADDR_LE_RANDOM:
5035
5036 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5037 return false;
5038 return true;
5039 }
5040
5041 return false;
5042}
5043
5044static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5045 u16 len)
5046{
5047 struct mgmt_cp_load_irks *cp = cp_data;
5048 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5049 sizeof(struct mgmt_irk_info));
5050 u16 irk_count, expected_len;
5051 int i, err;
5052
5053 BT_DBG("request for %s", hdev->name);
5054
5055 if (!lmp_le_capable(hdev))
5056 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5057 MGMT_STATUS_NOT_SUPPORTED);
5058
5059 irk_count = __le16_to_cpu(cp->irk_count);
5060 if (irk_count > max_irk_count) {
5061 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5062 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5063 MGMT_STATUS_INVALID_PARAMS);
5064 }
5065
5066 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5067 if (expected_len != len) {
5068 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5069 expected_len, len);
5070 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5071 MGMT_STATUS_INVALID_PARAMS);
5072 }
5073
5074 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5075
5076 for (i = 0; i < irk_count; i++) {
5077 struct mgmt_irk_info *key = &cp->irks[i];
5078
5079 if (!irk_is_valid(key))
5080 return cmd_status(sk, hdev->id,
5081 MGMT_OP_LOAD_IRKS,
5082 MGMT_STATUS_INVALID_PARAMS);
5083 }
5084
5085 hci_dev_lock(hdev);
5086
5087 hci_smp_irks_clear(hdev);
5088
5089 for (i = 0; i < irk_count; i++) {
5090 struct mgmt_irk_info *irk = &cp->irks[i];
5091 u8 addr_type;
5092
5093 if (irk->addr.type == BDADDR_LE_PUBLIC)
5094 addr_type = ADDR_LE_DEV_PUBLIC;
5095 else
5096 addr_type = ADDR_LE_DEV_RANDOM;
5097
5098 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5099 BDADDR_ANY);
5100 }
5101
5102 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5103
5104 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5105
5106 hci_dev_unlock(hdev);
5107
5108 return err;
5109}
5110
5111static bool ltk_is_valid(struct mgmt_ltk_info *key)
5112{
5113 if (key->master != 0x00 && key->master != 0x01)
5114 return false;
5115
5116 switch (key->addr.type) {
5117 case BDADDR_LE_PUBLIC:
5118 return true;
5119
5120 case BDADDR_LE_RANDOM:
5121
5122 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5123 return false;
5124 return true;
5125 }
5126
5127 return false;
5128}
5129
5130static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5131 void *cp_data, u16 len)
5132{
5133 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5134 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5135 sizeof(struct mgmt_ltk_info));
5136 u16 key_count, expected_len;
5137 int i, err;
5138
5139 BT_DBG("request for %s", hdev->name);
5140
5141 if (!lmp_le_capable(hdev))
5142 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5143 MGMT_STATUS_NOT_SUPPORTED);
5144
5145 key_count = __le16_to_cpu(cp->key_count);
5146 if (key_count > max_key_count) {
5147 BT_ERR("load_ltks: too big key_count value %u", key_count);
5148 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5149 MGMT_STATUS_INVALID_PARAMS);
5150 }
5151
5152 expected_len = sizeof(*cp) + key_count *
5153 sizeof(struct mgmt_ltk_info);
5154 if (expected_len != len) {
5155 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5156 expected_len, len);
5157 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5158 MGMT_STATUS_INVALID_PARAMS);
5159 }
5160
5161 BT_DBG("%s key_count %u", hdev->name, key_count);
5162
5163 for (i = 0; i < key_count; i++) {
5164 struct mgmt_ltk_info *key = &cp->keys[i];
5165
5166 if (!ltk_is_valid(key))
5167 return cmd_status(sk, hdev->id,
5168 MGMT_OP_LOAD_LONG_TERM_KEYS,
5169 MGMT_STATUS_INVALID_PARAMS);
5170 }
5171
5172 hci_dev_lock(hdev);
5173
5174 hci_smp_ltks_clear(hdev);
5175
5176 for (i = 0; i < key_count; i++) {
5177 struct mgmt_ltk_info *key = &cp->keys[i];
5178 u8 type, addr_type, authenticated;
5179
5180 if (key->addr.type == BDADDR_LE_PUBLIC)
5181 addr_type = ADDR_LE_DEV_PUBLIC;
5182 else
5183 addr_type = ADDR_LE_DEV_RANDOM;
5184
5185 switch (key->type) {
5186 case MGMT_LTK_UNAUTHENTICATED:
5187 authenticated = 0x00;
5188 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5189 break;
5190 case MGMT_LTK_AUTHENTICATED:
5191 authenticated = 0x01;
5192 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5193 break;
5194 case MGMT_LTK_P256_UNAUTH:
5195 authenticated = 0x00;
5196 type = SMP_LTK_P256;
5197 break;
5198 case MGMT_LTK_P256_AUTH:
5199 authenticated = 0x01;
5200 type = SMP_LTK_P256;
5201 break;
5202 case MGMT_LTK_P256_DEBUG:
5203 authenticated = 0x00;
5204 type = SMP_LTK_P256_DEBUG;
5205 default:
5206 continue;
5207 }
5208
5209 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5210 authenticated, key->val, key->enc_size, key->ediv,
5211 key->rand);
5212 }
5213
5214 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5215 NULL, 0);
5216
5217 hci_dev_unlock(hdev);
5218
5219 return err;
5220}
5221
5222static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
5223{
5224 struct hci_conn *conn = cmd->user_data;
5225 struct mgmt_rp_get_conn_info rp;
5226 int err;
5227
5228 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5229
5230 if (status == MGMT_STATUS_SUCCESS) {
5231 rp.rssi = conn->rssi;
5232 rp.tx_power = conn->tx_power;
5233 rp.max_tx_power = conn->max_tx_power;
5234 } else {
5235 rp.rssi = HCI_RSSI_INVALID;
5236 rp.tx_power = HCI_TX_POWER_INVALID;
5237 rp.max_tx_power = HCI_TX_POWER_INVALID;
5238 }
5239
5240 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5241 &rp, sizeof(rp));
5242
5243 hci_conn_drop(conn);
5244 hci_conn_put(conn);
5245
5246 return err;
5247}
5248
5249static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5250 u16 opcode)
5251{
5252 struct hci_cp_read_rssi *cp;
5253 struct pending_cmd *cmd;
5254 struct hci_conn *conn;
5255 u16 handle;
5256 u8 status;
5257
5258 BT_DBG("status 0x%02x", hci_status);
5259
5260 hci_dev_lock(hdev);
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5272 if (!cp) {
5273 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5274 status = MGMT_STATUS_SUCCESS;
5275 } else {
5276 status = mgmt_status(hci_status);
5277 }
5278
5279 if (!cp) {
5280 BT_ERR("invalid sent_cmd in conn_info response");
5281 goto unlock;
5282 }
5283
5284 handle = __le16_to_cpu(cp->handle);
5285 conn = hci_conn_hash_lookup_handle(hdev, handle);
5286 if (!conn) {
5287 BT_ERR("unknown handle (%d) in conn_info response", handle);
5288 goto unlock;
5289 }
5290
5291 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5292 if (!cmd)
5293 goto unlock;
5294
5295 cmd->cmd_complete(cmd, status);
5296 mgmt_pending_remove(cmd);
5297
5298unlock:
5299 hci_dev_unlock(hdev);
5300}
5301
5302static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5303 u16 len)
5304{
5305 struct mgmt_cp_get_conn_info *cp = data;
5306 struct mgmt_rp_get_conn_info rp;
5307 struct hci_conn *conn;
5308 unsigned long conn_info_age;
5309 int err = 0;
5310
5311 BT_DBG("%s", hdev->name);
5312
5313 memset(&rp, 0, sizeof(rp));
5314 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5315 rp.addr.type = cp->addr.type;
5316
5317 if (!bdaddr_type_is_valid(cp->addr.type))
5318 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5319 MGMT_STATUS_INVALID_PARAMS,
5320 &rp, sizeof(rp));
5321
5322 hci_dev_lock(hdev);
5323
5324 if (!hdev_is_powered(hdev)) {
5325 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5326 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5327 goto unlock;
5328 }
5329
5330 if (cp->addr.type == BDADDR_BREDR)
5331 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5332 &cp->addr.bdaddr);
5333 else
5334 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5335
5336 if (!conn || conn->state != BT_CONNECTED) {
5337 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5338 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5339 goto unlock;
5340 }
5341
5342 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5343 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5344 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5345 goto unlock;
5346 }
5347
5348
5349
5350
5351 conn_info_age = hdev->conn_info_min_age +
5352 prandom_u32_max(hdev->conn_info_max_age -
5353 hdev->conn_info_min_age);
5354
5355
5356
5357
5358 if (time_after(jiffies, conn->conn_info_timestamp +
5359 msecs_to_jiffies(conn_info_age)) ||
5360 !conn->conn_info_timestamp) {
5361 struct hci_request req;
5362 struct hci_cp_read_tx_power req_txp_cp;
5363 struct hci_cp_read_rssi req_rssi_cp;
5364 struct pending_cmd *cmd;
5365
5366 hci_req_init(&req, hdev);
5367 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5368 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5369 &req_rssi_cp);
5370
5371
5372
5373
5374 if (!bdaddr_type_is_le(cp->addr.type) ||
5375 conn->tx_power == HCI_TX_POWER_INVALID) {
5376 req_txp_cp.handle = cpu_to_le16(conn->handle);
5377 req_txp_cp.type = 0x00;
5378 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5379 sizeof(req_txp_cp), &req_txp_cp);
5380 }
5381
5382
5383 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5384 req_txp_cp.handle = cpu_to_le16(conn->handle);
5385 req_txp_cp.type = 0x01;
5386 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5387 sizeof(req_txp_cp), &req_txp_cp);
5388 }
5389
5390 err = hci_req_run(&req, conn_info_refresh_complete);
5391 if (err < 0)
5392 goto unlock;
5393
5394 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5395 data, len);
5396 if (!cmd) {
5397 err = -ENOMEM;
5398 goto unlock;
5399 }
5400
5401 hci_conn_hold(conn);
5402 cmd->user_data = hci_conn_get(conn);
5403 cmd->cmd_complete = conn_info_cmd_complete;
5404
5405 conn->conn_info_timestamp = jiffies;
5406 } else {
5407
5408 rp.rssi = conn->rssi;
5409 rp.tx_power = conn->tx_power;
5410 rp.max_tx_power = conn->max_tx_power;
5411
5412 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5413 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5414 }
5415
5416unlock:
5417 hci_dev_unlock(hdev);
5418 return err;
5419}
5420
5421static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
5422{
5423 struct hci_conn *conn = cmd->user_data;
5424 struct mgmt_rp_get_clock_info rp;
5425 struct hci_dev *hdev;
5426 int err;
5427
5428 memset(&rp, 0, sizeof(rp));
5429 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5430
5431 if (status)
5432 goto complete;
5433
5434 hdev = hci_dev_get(cmd->index);
5435 if (hdev) {
5436 rp.local_clock = cpu_to_le32(hdev->clock);
5437 hci_dev_put(hdev);
5438 }
5439
5440 if (conn) {
5441 rp.piconet_clock = cpu_to_le32(conn->clock);
5442 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5443 }
5444
5445complete:
5446 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5447 sizeof(rp));
5448
5449 if (conn) {
5450 hci_conn_drop(conn);
5451 hci_conn_put(conn);
5452 }
5453
5454 return err;
5455}
5456
5457static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5458{
5459 struct hci_cp_read_clock *hci_cp;
5460 struct pending_cmd *cmd;
5461 struct hci_conn *conn;
5462
5463 BT_DBG("%s status %u", hdev->name, status);
5464
5465 hci_dev_lock(hdev);
5466
5467 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5468 if (!hci_cp)
5469 goto unlock;
5470
5471 if (hci_cp->which) {
5472 u16 handle = __le16_to_cpu(hci_cp->handle);
5473 conn = hci_conn_hash_lookup_handle(hdev, handle);
5474 } else {
5475 conn = NULL;
5476 }
5477
5478 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5479 if (!cmd)
5480 goto unlock;
5481
5482 cmd->cmd_complete(cmd, mgmt_status(status));
5483 mgmt_pending_remove(cmd);
5484
5485unlock:
5486 hci_dev_unlock(hdev);
5487}
5488
5489static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5490 u16 len)
5491{
5492 struct mgmt_cp_get_clock_info *cp = data;
5493 struct mgmt_rp_get_clock_info rp;
5494 struct hci_cp_read_clock hci_cp;
5495 struct pending_cmd *cmd;
5496 struct hci_request req;
5497 struct hci_conn *conn;
5498 int err;
5499
5500 BT_DBG("%s", hdev->name);
5501
5502 memset(&rp, 0, sizeof(rp));
5503 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5504 rp.addr.type = cp->addr.type;
5505
5506 if (cp->addr.type != BDADDR_BREDR)
5507 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5508 MGMT_STATUS_INVALID_PARAMS,
5509 &rp, sizeof(rp));
5510
5511 hci_dev_lock(hdev);
5512
5513 if (!hdev_is_powered(hdev)) {
5514 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5515 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5516 goto unlock;
5517 }
5518
5519 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5520 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5521 &cp->addr.bdaddr);
5522 if (!conn || conn->state != BT_CONNECTED) {
5523 err = cmd_complete(sk, hdev->id,
5524 MGMT_OP_GET_CLOCK_INFO,
5525 MGMT_STATUS_NOT_CONNECTED,
5526 &rp, sizeof(rp));
5527 goto unlock;
5528 }
5529 } else {
5530 conn = NULL;
5531 }
5532
5533 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5534 if (!cmd) {
5535 err = -ENOMEM;
5536 goto unlock;
5537 }
5538
5539 cmd->cmd_complete = clock_info_cmd_complete;
5540
5541 hci_req_init(&req, hdev);
5542
5543 memset(&hci_cp, 0, sizeof(hci_cp));
5544 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5545
5546 if (conn) {
5547 hci_conn_hold(conn);
5548 cmd->user_data = hci_conn_get(conn);
5549
5550 hci_cp.handle = cpu_to_le16(conn->handle);
5551 hci_cp.which = 0x01;
5552 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5553 }
5554
5555 err = hci_req_run(&req, get_clock_info_complete);
5556 if (err < 0)
5557 mgmt_pending_remove(cmd);
5558
5559unlock:
5560 hci_dev_unlock(hdev);
5561 return err;
5562}
5563
5564static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5565{
5566 struct hci_conn *conn;
5567
5568 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5569 if (!conn)
5570 return false;
5571
5572 if (conn->dst_type != type)
5573 return false;
5574
5575 if (conn->state != BT_CONNECTED)
5576 return false;
5577
5578 return true;
5579}
5580
5581
5582static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5583 u8 addr_type, u8 auto_connect)
5584{
5585 struct hci_dev *hdev = req->hdev;
5586 struct hci_conn_params *params;
5587
5588 params = hci_conn_params_add(hdev, addr, addr_type);
5589 if (!params)
5590 return -EIO;
5591
5592 if (params->auto_connect == auto_connect)
5593 return 0;
5594
5595 list_del_init(¶ms->action);
5596
5597 switch (auto_connect) {
5598 case HCI_AUTO_CONN_DISABLED:
5599 case HCI_AUTO_CONN_LINK_LOSS:
5600 __hci_update_background_scan(req);
5601 break;
5602 case HCI_AUTO_CONN_REPORT:
5603 list_add(¶ms->action, &hdev->pend_le_reports);
5604 __hci_update_background_scan(req);
5605 break;
5606 case HCI_AUTO_CONN_DIRECT:
5607 case HCI_AUTO_CONN_ALWAYS:
5608 if (!is_connected(hdev, addr, addr_type)) {
5609 list_add(¶ms->action, &hdev->pend_le_conns);
5610 __hci_update_background_scan(req);
5611 }
5612 break;
5613 }
5614
5615 params->auto_connect = auto_connect;
5616
5617 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5618 auto_connect);
5619
5620 return 0;
5621}
5622
5623static void device_added(struct sock *sk, struct hci_dev *hdev,
5624 bdaddr_t *bdaddr, u8 type, u8 action)
5625{
5626 struct mgmt_ev_device_added ev;
5627
5628 bacpy(&ev.addr.bdaddr, bdaddr);
5629 ev.addr.type = type;
5630 ev.action = action;
5631
5632 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5633}
5634
5635static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5636{
5637 struct pending_cmd *cmd;
5638
5639 BT_DBG("status 0x%02x", status);
5640
5641 hci_dev_lock(hdev);
5642
5643 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5644 if (!cmd)
5645 goto unlock;
5646
5647 cmd->cmd_complete(cmd, mgmt_status(status));
5648 mgmt_pending_remove(cmd);
5649
5650unlock:
5651 hci_dev_unlock(hdev);
5652}
5653
5654static int add_device(struct sock *sk, struct hci_dev *hdev,
5655 void *data, u16 len)
5656{
5657 struct mgmt_cp_add_device *cp = data;
5658 struct pending_cmd *cmd;
5659 struct hci_request req;
5660 u8 auto_conn, addr_type;
5661 int err;
5662
5663 BT_DBG("%s", hdev->name);
5664
5665 if (!bdaddr_type_is_valid(cp->addr.type) ||
5666 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5667 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5668 MGMT_STATUS_INVALID_PARAMS,
5669 &cp->addr, sizeof(cp->addr));
5670
5671 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5672 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5673 MGMT_STATUS_INVALID_PARAMS,
5674 &cp->addr, sizeof(cp->addr));
5675
5676 hci_req_init(&req, hdev);
5677
5678 hci_dev_lock(hdev);
5679
5680 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5681 if (!cmd) {
5682 err = -ENOMEM;
5683 goto unlock;
5684 }
5685
5686 cmd->cmd_complete = addr_cmd_complete;
5687
5688 if (cp->addr.type == BDADDR_BREDR) {
5689
5690 if (cp->action != 0x01) {
5691 err = cmd->cmd_complete(cmd,
5692 MGMT_STATUS_INVALID_PARAMS);
5693 mgmt_pending_remove(cmd);
5694 goto unlock;
5695 }
5696
5697 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5698 cp->addr.type);
5699 if (err)
5700 goto unlock;
5701
5702 __hci_update_page_scan(&req);
5703
5704 goto added;
5705 }
5706
5707 if (cp->addr.type == BDADDR_LE_PUBLIC)
5708 addr_type = ADDR_LE_DEV_PUBLIC;
5709 else
5710 addr_type = ADDR_LE_DEV_RANDOM;
5711
5712 if (cp->action == 0x02)
5713 auto_conn = HCI_AUTO_CONN_ALWAYS;
5714 else if (cp->action == 0x01)
5715 auto_conn = HCI_AUTO_CONN_DIRECT;
5716 else
5717 auto_conn = HCI_AUTO_CONN_REPORT;
5718
5719
5720
5721
5722 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5723 auto_conn) < 0) {
5724 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5725 mgmt_pending_remove(cmd);
5726 goto unlock;
5727 }
5728
5729added:
5730 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5731
5732 err = hci_req_run(&req, add_device_complete);
5733 if (err < 0) {
5734
5735
5736
5737 if (err == -ENODATA)
5738 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5739 mgmt_pending_remove(cmd);
5740 }
5741
5742unlock:
5743 hci_dev_unlock(hdev);
5744 return err;
5745}
5746
5747static void device_removed(struct sock *sk, struct hci_dev *hdev,
5748 bdaddr_t *bdaddr, u8 type)
5749{
5750 struct mgmt_ev_device_removed ev;
5751
5752 bacpy(&ev.addr.bdaddr, bdaddr);
5753 ev.addr.type = type;
5754
5755 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5756}
5757
5758static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5759{
5760 struct pending_cmd *cmd;
5761
5762 BT_DBG("status 0x%02x", status);
5763
5764 hci_dev_lock(hdev);
5765
5766 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5767 if (!cmd)
5768 goto unlock;
5769
5770 cmd->cmd_complete(cmd, mgmt_status(status));
5771 mgmt_pending_remove(cmd);
5772
5773unlock:
5774 hci_dev_unlock(hdev);
5775}
5776
5777static int remove_device(struct sock *sk, struct hci_dev *hdev,
5778 void *data, u16 len)
5779{
5780 struct mgmt_cp_remove_device *cp = data;
5781 struct pending_cmd *cmd;
5782 struct hci_request req;
5783 int err;
5784
5785 BT_DBG("%s", hdev->name);
5786
5787 hci_req_init(&req, hdev);
5788
5789 hci_dev_lock(hdev);
5790
5791 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5792 if (!cmd) {
5793 err = -ENOMEM;
5794 goto unlock;
5795 }
5796
5797 cmd->cmd_complete = addr_cmd_complete;
5798
5799 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5800 struct hci_conn_params *params;
5801 u8 addr_type;
5802
5803 if (!bdaddr_type_is_valid(cp->addr.type)) {
5804 err = cmd->cmd_complete(cmd,
5805 MGMT_STATUS_INVALID_PARAMS);
5806 mgmt_pending_remove(cmd);
5807 goto unlock;
5808 }
5809
5810 if (cp->addr.type == BDADDR_BREDR) {
5811 err = hci_bdaddr_list_del(&hdev->whitelist,
5812 &cp->addr.bdaddr,
5813 cp->addr.type);
5814 if (err) {
5815 err = cmd->cmd_complete(cmd,
5816 MGMT_STATUS_INVALID_PARAMS);
5817 mgmt_pending_remove(cmd);
5818 goto unlock;
5819 }
5820
5821 __hci_update_page_scan(&req);
5822
5823 device_removed(sk, hdev, &cp->addr.bdaddr,
5824 cp->addr.type);
5825 goto complete;
5826 }
5827
5828 if (cp->addr.type == BDADDR_LE_PUBLIC)
5829 addr_type = ADDR_LE_DEV_PUBLIC;
5830 else
5831 addr_type = ADDR_LE_DEV_RANDOM;
5832
5833 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5834 addr_type);
5835 if (!params) {
5836 err = cmd->cmd_complete(cmd,
5837 MGMT_STATUS_INVALID_PARAMS);
5838 mgmt_pending_remove(cmd);
5839 goto unlock;
5840 }
5841
5842 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5843 err = cmd->cmd_complete(cmd,
5844 MGMT_STATUS_INVALID_PARAMS);
5845 mgmt_pending_remove(cmd);
5846 goto unlock;
5847 }
5848
5849 list_del(¶ms->action);
5850 list_del(¶ms->list);
5851 kfree(params);
5852 __hci_update_background_scan(&req);
5853
5854 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5855 } else {
5856 struct hci_conn_params *p, *tmp;
5857 struct bdaddr_list *b, *btmp;
5858
5859 if (cp->addr.type) {
5860 err = cmd->cmd_complete(cmd,
5861 MGMT_STATUS_INVALID_PARAMS);
5862 mgmt_pending_remove(cmd);
5863 goto unlock;
5864 }
5865
5866 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5867 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5868 list_del(&b->list);
5869 kfree(b);
5870 }
5871
5872 __hci_update_page_scan(&req);
5873
5874 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5875 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5876 continue;
5877 device_removed(sk, hdev, &p->addr, p->addr_type);
5878 list_del(&p->action);
5879 list_del(&p->list);
5880 kfree(p);
5881 }
5882
5883 BT_DBG("All LE connection parameters were removed");
5884
5885 __hci_update_background_scan(&req);
5886 }
5887
5888complete:
5889 err = hci_req_run(&req, remove_device_complete);
5890 if (err < 0) {
5891
5892
5893
5894 if (err == -ENODATA)
5895 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5896 mgmt_pending_remove(cmd);
5897 }
5898
5899unlock:
5900 hci_dev_unlock(hdev);
5901 return err;
5902}
5903
5904static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5905 u16 len)
5906{
5907 struct mgmt_cp_load_conn_param *cp = data;
5908 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5909 sizeof(struct mgmt_conn_param));
5910 u16 param_count, expected_len;
5911 int i;
5912
5913 if (!lmp_le_capable(hdev))
5914 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5915 MGMT_STATUS_NOT_SUPPORTED);
5916
5917 param_count = __le16_to_cpu(cp->param_count);
5918 if (param_count > max_param_count) {
5919 BT_ERR("load_conn_param: too big param_count value %u",
5920 param_count);
5921 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5922 MGMT_STATUS_INVALID_PARAMS);
5923 }
5924
5925 expected_len = sizeof(*cp) + param_count *
5926 sizeof(struct mgmt_conn_param);
5927 if (expected_len != len) {
5928 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5929 expected_len, len);
5930 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5931 MGMT_STATUS_INVALID_PARAMS);
5932 }
5933
5934 BT_DBG("%s param_count %u", hdev->name, param_count);
5935
5936 hci_dev_lock(hdev);
5937
5938 hci_conn_params_clear_disabled(hdev);
5939
5940 for (i = 0; i < param_count; i++) {
5941 struct mgmt_conn_param *param = &cp->params[i];
5942 struct hci_conn_params *hci_param;
5943 u16 min, max, latency, timeout;
5944 u8 addr_type;
5945
5946 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5947 param->addr.type);
5948
5949 if (param->addr.type == BDADDR_LE_PUBLIC) {
5950 addr_type = ADDR_LE_DEV_PUBLIC;
5951 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5952 addr_type = ADDR_LE_DEV_RANDOM;
5953 } else {
5954 BT_ERR("Ignoring invalid connection parameters");
5955 continue;
5956 }
5957
5958 min = le16_to_cpu(param->min_interval);
5959 max = le16_to_cpu(param->max_interval);
5960 latency = le16_to_cpu(param->latency);
5961 timeout = le16_to_cpu(param->timeout);
5962
5963 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5964 min, max, latency, timeout);
5965
5966 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5967 BT_ERR("Ignoring invalid connection parameters");
5968 continue;
5969 }
5970
5971 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5972 addr_type);
5973 if (!hci_param) {
5974 BT_ERR("Failed to add connection parameters");
5975 continue;
5976 }
5977
5978 hci_param->conn_min_interval = min;
5979 hci_param->conn_max_interval = max;
5980 hci_param->conn_latency = latency;
5981 hci_param->supervision_timeout = timeout;
5982 }
5983
5984 hci_dev_unlock(hdev);
5985
5986 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5987}
5988
5989static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5990 void *data, u16 len)
5991{
5992 struct mgmt_cp_set_external_config *cp = data;
5993 bool changed;
5994 int err;
5995
5996 BT_DBG("%s", hdev->name);
5997
5998 if (hdev_is_powered(hdev))
5999 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6000 MGMT_STATUS_REJECTED);
6001
6002 if (cp->config != 0x00 && cp->config != 0x01)
6003 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6004 MGMT_STATUS_INVALID_PARAMS);
6005
6006 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6007 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6008 MGMT_STATUS_NOT_SUPPORTED);
6009
6010 hci_dev_lock(hdev);
6011
6012 if (cp->config)
6013 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6014 &hdev->dev_flags);
6015 else
6016 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6017 &hdev->dev_flags);
6018
6019 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6020 if (err < 0)
6021 goto unlock;
6022
6023 if (!changed)
6024 goto unlock;
6025
6026 err = new_options(hdev, sk);
6027
6028 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6029 mgmt_index_removed(hdev);
6030
6031 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6032 set_bit(HCI_CONFIG, &hdev->dev_flags);
6033 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6034
6035 queue_work(hdev->req_workqueue, &hdev->power_on);
6036 } else {
6037 set_bit(HCI_RAW, &hdev->flags);
6038 mgmt_index_added(hdev);
6039 }
6040 }
6041
6042unlock:
6043 hci_dev_unlock(hdev);
6044 return err;
6045}
6046
6047static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6048 void *data, u16 len)
6049{
6050 struct mgmt_cp_set_public_address *cp = data;
6051 bool changed;
6052 int err;
6053
6054 BT_DBG("%s", hdev->name);
6055
6056 if (hdev_is_powered(hdev))
6057 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6058 MGMT_STATUS_REJECTED);
6059
6060 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6061 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6062 MGMT_STATUS_INVALID_PARAMS);
6063
6064 if (!hdev->set_bdaddr)
6065 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6066 MGMT_STATUS_NOT_SUPPORTED);
6067
6068 hci_dev_lock(hdev);
6069
6070 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6071 bacpy(&hdev->public_addr, &cp->bdaddr);
6072
6073 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6074 if (err < 0)
6075 goto unlock;
6076
6077 if (!changed)
6078 goto unlock;
6079
6080 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6081 err = new_options(hdev, sk);
6082
6083 if (is_configured(hdev)) {
6084 mgmt_index_removed(hdev);
6085
6086 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6087
6088 set_bit(HCI_CONFIG, &hdev->dev_flags);
6089 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6090
6091 queue_work(hdev->req_workqueue, &hdev->power_on);
6092 }
6093
6094unlock:
6095 hci_dev_unlock(hdev);
6096 return err;
6097}
6098
6099static const struct mgmt_handler {
6100 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
6101 u16 data_len);
6102 bool var_len;
6103 size_t data_len;
6104} mgmt_handlers[] = {
6105 { NULL },
6106 { read_version, false, MGMT_READ_VERSION_SIZE },
6107 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
6108 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
6109 { read_controller_info, false, MGMT_READ_INFO_SIZE },
6110 { set_powered, false, MGMT_SETTING_SIZE },
6111 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
6112 { set_connectable, false, MGMT_SETTING_SIZE },
6113 { set_fast_connectable, false, MGMT_SETTING_SIZE },
6114 { set_bondable, false, MGMT_SETTING_SIZE },
6115 { set_link_security, false, MGMT_SETTING_SIZE },
6116 { set_ssp, false, MGMT_SETTING_SIZE },
6117 { set_hs, false, MGMT_SETTING_SIZE },
6118 { set_le, false, MGMT_SETTING_SIZE },
6119 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
6120 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
6121 { add_uuid, false, MGMT_ADD_UUID_SIZE },
6122 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
6123 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
6124 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
6125 { disconnect, false, MGMT_DISCONNECT_SIZE },
6126 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
6127 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6128 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6129 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6130 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6131 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6132 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6133 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6134 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6135 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6136 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6137 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6138 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
6139 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6140 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6141 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6142 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6143 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6144 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
6145 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
6146 { set_advertising, false, MGMT_SETTING_SIZE },
6147 { set_bredr, false, MGMT_SETTING_SIZE },
6148 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
6149 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
6150 { set_secure_conn, false, MGMT_SETTING_SIZE },
6151 { set_debug_keys, false, MGMT_SETTING_SIZE },
6152 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
6153 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
6154 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
6155 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
6156 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6157 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
6158 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6159 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
6160 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
6161 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
6162 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
6163 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
6164};
6165
6166int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6167{
6168 void *buf;
6169 u8 *cp;
6170 struct mgmt_hdr *hdr;
6171 u16 opcode, index, len;
6172 struct hci_dev *hdev = NULL;
6173 const struct mgmt_handler *handler;
6174 int err;
6175
6176 BT_DBG("got %zu bytes", msglen);
6177
6178 if (msglen < sizeof(*hdr))
6179 return -EINVAL;
6180
6181 buf = kmalloc(msglen, GFP_KERNEL);
6182 if (!buf)
6183 return -ENOMEM;
6184
6185 if (memcpy_from_msg(buf, msg, msglen)) {
6186 err = -EFAULT;
6187 goto done;
6188 }
6189
6190 hdr = buf;
6191 opcode = __le16_to_cpu(hdr->opcode);
6192 index = __le16_to_cpu(hdr->index);
6193 len = __le16_to_cpu(hdr->len);
6194
6195 if (len != msglen - sizeof(*hdr)) {
6196 err = -EINVAL;
6197 goto done;
6198 }
6199
6200 if (index != MGMT_INDEX_NONE) {
6201 hdev = hci_dev_get(index);
6202 if (!hdev) {
6203 err = cmd_status(sk, index, opcode,
6204 MGMT_STATUS_INVALID_INDEX);
6205 goto done;
6206 }
6207
6208 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
6209 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
6210 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
6211 err = cmd_status(sk, index, opcode,
6212 MGMT_STATUS_INVALID_INDEX);
6213 goto done;
6214 }
6215
6216 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
6217 opcode != MGMT_OP_READ_CONFIG_INFO &&
6218 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6219 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
6220 err = cmd_status(sk, index, opcode,
6221 MGMT_STATUS_INVALID_INDEX);
6222 goto done;
6223 }
6224 }
6225
6226 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
6227 mgmt_handlers[opcode].func == NULL) {
6228 BT_DBG("Unknown op %u", opcode);
6229 err = cmd_status(sk, index, opcode,
6230 MGMT_STATUS_UNKNOWN_COMMAND);
6231 goto done;
6232 }
6233
6234 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6235 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6236 err = cmd_status(sk, index, opcode,
6237 MGMT_STATUS_INVALID_INDEX);
6238 goto done;
6239 }
6240
6241 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6242 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6243 err = cmd_status(sk, index, opcode,
6244 MGMT_STATUS_INVALID_INDEX);
6245 goto done;
6246 }
6247
6248 handler = &mgmt_handlers[opcode];
6249
6250 if ((handler->var_len && len < handler->data_len) ||
6251 (!handler->var_len && len != handler->data_len)) {
6252 err = cmd_status(sk, index, opcode,
6253 MGMT_STATUS_INVALID_PARAMS);
6254 goto done;
6255 }
6256
6257 if (hdev)
6258 mgmt_init_hdev(sk, hdev);
6259
6260 cp = buf + sizeof(*hdr);
6261
6262 err = handler->func(sk, hdev, cp, len);
6263 if (err < 0)
6264 goto done;
6265
6266 err = msglen;
6267
6268done:
6269 if (hdev)
6270 hci_dev_put(hdev);
6271
6272 kfree(buf);
6273 return err;
6274}
6275
6276void mgmt_index_added(struct hci_dev *hdev)
6277{
6278 if (hdev->dev_type != HCI_BREDR)
6279 return;
6280
6281 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6282 return;
6283
6284 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6285 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6286 else
6287 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
6288}
6289
6290void mgmt_index_removed(struct hci_dev *hdev)
6291{
6292 u8 status = MGMT_STATUS_INVALID_INDEX;
6293
6294 if (hdev->dev_type != HCI_BREDR)
6295 return;
6296
6297 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6298 return;
6299
6300 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6301
6302 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6303 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6304 else
6305 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
6306}
6307
6308
6309static void restart_le_actions(struct hci_request *req)
6310{
6311 struct hci_dev *hdev = req->hdev;
6312 struct hci_conn_params *p;
6313
6314 list_for_each_entry(p, &hdev->le_conn_params, list) {
6315
6316
6317
6318 list_del_init(&p->action);
6319
6320 switch (p->auto_connect) {
6321 case HCI_AUTO_CONN_DIRECT:
6322 case HCI_AUTO_CONN_ALWAYS:
6323 list_add(&p->action, &hdev->pend_le_conns);
6324 break;
6325 case HCI_AUTO_CONN_REPORT:
6326 list_add(&p->action, &hdev->pend_le_reports);
6327 break;
6328 default:
6329 break;
6330 }
6331 }
6332
6333 __hci_update_background_scan(req);
6334}
6335
6336static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6337{
6338 struct cmd_lookup match = { NULL, hdev };
6339
6340 BT_DBG("status 0x%02x", status);
6341
6342 if (!status) {
6343
6344
6345
6346
6347
6348 smp_register(hdev);
6349 }
6350
6351 hci_dev_lock(hdev);
6352
6353 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6354
6355 new_settings(hdev, match.sk);
6356
6357 hci_dev_unlock(hdev);
6358
6359 if (match.sk)
6360 sock_put(match.sk);
6361}
6362
6363static int powered_update_hci(struct hci_dev *hdev)
6364{
6365 struct hci_request req;
6366 u8 link_sec;
6367
6368 hci_req_init(&req, hdev);
6369
6370 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6371 !lmp_host_ssp_capable(hdev)) {
6372 u8 mode = 0x01;
6373
6374 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6375
6376 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6377 u8 support = 0x01;
6378
6379 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6380 sizeof(support), &support);
6381 }
6382 }
6383
6384 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6385 lmp_bredr_capable(hdev)) {
6386 struct hci_cp_write_le_host_supported cp;
6387
6388 cp.le = 0x01;
6389 cp.simul = 0x00;
6390
6391
6392
6393
6394 if (cp.le != lmp_host_le_capable(hdev) ||
6395 cp.simul != lmp_host_le_br_capable(hdev))
6396 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6397 sizeof(cp), &cp);
6398 }
6399
6400 if (lmp_le_capable(hdev)) {
6401
6402
6403
6404
6405 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
6406 update_adv_data(&req);
6407 update_scan_rsp_data(&req);
6408 }
6409
6410 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6411 enable_advertising(&req);
6412
6413 restart_le_actions(&req);
6414 }
6415
6416 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6417 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
6418 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6419 sizeof(link_sec), &link_sec);
6420
6421 if (lmp_bredr_capable(hdev)) {
6422 write_fast_connectable(&req, false);
6423 __hci_update_page_scan(&req);
6424 update_class(&req);
6425 update_name(&req);
6426 update_eir(&req);
6427 }
6428
6429 return hci_req_run(&req, powered_complete);
6430}
6431
6432int mgmt_powered(struct hci_dev *hdev, u8 powered)
6433{
6434 struct cmd_lookup match = { NULL, hdev };
6435 u8 status, zero_cod[] = { 0, 0, 0 };
6436 int err;
6437
6438 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6439 return 0;
6440
6441 if (powered) {
6442 if (powered_update_hci(hdev) == 0)
6443 return 0;
6444
6445 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6446 &match);
6447 goto new_settings;
6448 }
6449
6450 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6451
6452
6453
6454
6455
6456
6457
6458
6459 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6460 status = MGMT_STATUS_INVALID_INDEX;
6461 else
6462 status = MGMT_STATUS_NOT_POWERED;
6463
6464 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6465
6466 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6467 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6468 zero_cod, sizeof(zero_cod), NULL);
6469
6470new_settings:
6471 err = new_settings(hdev, match.sk);
6472
6473 if (match.sk)
6474 sock_put(match.sk);
6475
6476 return err;
6477}
6478
6479void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6480{
6481 struct pending_cmd *cmd;
6482 u8 status;
6483
6484 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6485 if (!cmd)
6486 return;
6487
6488 if (err == -ERFKILL)
6489 status = MGMT_STATUS_RFKILLED;
6490 else
6491 status = MGMT_STATUS_FAILED;
6492
6493 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6494
6495 mgmt_pending_remove(cmd);
6496}
6497
6498void mgmt_discoverable_timeout(struct hci_dev *hdev)
6499{
6500 struct hci_request req;
6501
6502 hci_dev_lock(hdev);
6503
6504
6505
6506
6507
6508
6509 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6510 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6511
6512 hci_req_init(&req, hdev);
6513 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6514 u8 scan = SCAN_PAGE;
6515 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6516 sizeof(scan), &scan);
6517 }
6518 update_class(&req);
6519 update_adv_data(&req);
6520 hci_req_run(&req, NULL);
6521
6522 hdev->discov_timeout = 0;
6523
6524 new_settings(hdev, NULL);
6525
6526 hci_dev_unlock(hdev);
6527}
6528
6529void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6530 bool persistent)
6531{
6532 struct mgmt_ev_new_link_key ev;
6533
6534 memset(&ev, 0, sizeof(ev));
6535
6536 ev.store_hint = persistent;
6537 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6538 ev.key.addr.type = BDADDR_BREDR;
6539 ev.key.type = key->type;
6540 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6541 ev.key.pin_len = key->pin_len;
6542
6543 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6544}
6545
6546static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6547{
6548 switch (ltk->type) {
6549 case SMP_LTK:
6550 case SMP_LTK_SLAVE:
6551 if (ltk->authenticated)
6552 return MGMT_LTK_AUTHENTICATED;
6553 return MGMT_LTK_UNAUTHENTICATED;
6554 case SMP_LTK_P256:
6555 if (ltk->authenticated)
6556 return MGMT_LTK_P256_AUTH;
6557 return MGMT_LTK_P256_UNAUTH;
6558 case SMP_LTK_P256_DEBUG:
6559 return MGMT_LTK_P256_DEBUG;
6560 }
6561
6562 return MGMT_LTK_UNAUTHENTICATED;
6563}
6564
6565void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6566{
6567 struct mgmt_ev_new_long_term_key ev;
6568
6569 memset(&ev, 0, sizeof(ev));
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6583 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6584 ev.store_hint = 0x00;
6585 else
6586 ev.store_hint = persistent;
6587
6588 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6589 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6590 ev.key.type = mgmt_ltk_type(key);
6591 ev.key.enc_size = key->enc_size;
6592 ev.key.ediv = key->ediv;
6593 ev.key.rand = key->rand;
6594
6595 if (key->type == SMP_LTK)
6596 ev.key.master = 1;
6597
6598 memcpy(ev.key.val, key->val, sizeof(key->val));
6599
6600 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6601}
6602
6603void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6604{
6605 struct mgmt_ev_new_irk ev;
6606
6607 memset(&ev, 0, sizeof(ev));
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620 if (bacmp(&irk->rpa, BDADDR_ANY))
6621 ev.store_hint = 0x01;
6622 else
6623 ev.store_hint = 0x00;
6624
6625 bacpy(&ev.rpa, &irk->rpa);
6626 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6627 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6628 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6629
6630 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6631}
6632
6633void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6634 bool persistent)
6635{
6636 struct mgmt_ev_new_csrk ev;
6637
6638 memset(&ev, 0, sizeof(ev));
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6650 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6651 ev.store_hint = 0x00;
6652 else
6653 ev.store_hint = persistent;
6654
6655 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6656 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6657 ev.key.master = csrk->master;
6658 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6659
6660 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6661}
6662
6663void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6664 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6665 u16 max_interval, u16 latency, u16 timeout)
6666{
6667 struct mgmt_ev_new_conn_param ev;
6668
6669 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6670 return;
6671
6672 memset(&ev, 0, sizeof(ev));
6673 bacpy(&ev.addr.bdaddr, bdaddr);
6674 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6675 ev.store_hint = store_hint;
6676 ev.min_interval = cpu_to_le16(min_interval);
6677 ev.max_interval = cpu_to_le16(max_interval);
6678 ev.latency = cpu_to_le16(latency);
6679 ev.timeout = cpu_to_le16(timeout);
6680
6681 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6682}
6683
6684static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6685 u8 data_len)
6686{
6687 eir[eir_len++] = sizeof(type) + data_len;
6688 eir[eir_len++] = type;
6689 memcpy(&eir[eir_len], data, data_len);
6690 eir_len += data_len;
6691
6692 return eir_len;
6693}
6694
6695void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6696 u32 flags, u8 *name, u8 name_len)
6697{
6698 char buf[512];
6699 struct mgmt_ev_device_connected *ev = (void *) buf;
6700 u16 eir_len = 0;
6701
6702 bacpy(&ev->addr.bdaddr, &conn->dst);
6703 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6704
6705 ev->flags = __cpu_to_le32(flags);
6706
6707
6708
6709
6710
6711 if (conn->le_adv_data_len > 0) {
6712 memcpy(&ev->eir[eir_len],
6713 conn->le_adv_data, conn->le_adv_data_len);
6714 eir_len = conn->le_adv_data_len;
6715 } else {
6716 if (name_len > 0)
6717 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6718 name, name_len);
6719
6720 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6721 eir_len = eir_append_data(ev->eir, eir_len,
6722 EIR_CLASS_OF_DEV,
6723 conn->dev_class, 3);
6724 }
6725
6726 ev->eir_len = cpu_to_le16(eir_len);
6727
6728 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6729 sizeof(*ev) + eir_len, NULL);
6730}
6731
6732static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6733{
6734 struct sock **sk = data;
6735
6736 cmd->cmd_complete(cmd, 0);
6737
6738 *sk = cmd->sk;
6739 sock_hold(*sk);
6740
6741 mgmt_pending_remove(cmd);
6742}
6743
6744static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6745{
6746 struct hci_dev *hdev = data;
6747 struct mgmt_cp_unpair_device *cp = cmd->param;
6748
6749 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6750
6751 cmd->cmd_complete(cmd, 0);
6752 mgmt_pending_remove(cmd);
6753}
6754
6755bool mgmt_powering_down(struct hci_dev *hdev)
6756{
6757 struct pending_cmd *cmd;
6758 struct mgmt_mode *cp;
6759
6760 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6761 if (!cmd)
6762 return false;
6763
6764 cp = cmd->param;
6765 if (!cp->val)
6766 return true;
6767
6768 return false;
6769}
6770
6771void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6772 u8 link_type, u8 addr_type, u8 reason,
6773 bool mgmt_connected)
6774{
6775 struct mgmt_ev_device_disconnected ev;
6776 struct sock *sk = NULL;
6777
6778
6779
6780
6781 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6782 cancel_delayed_work(&hdev->power_off);
6783 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6784 }
6785
6786 if (!mgmt_connected)
6787 return;
6788
6789 if (link_type != ACL_LINK && link_type != LE_LINK)
6790 return;
6791
6792 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6793
6794 bacpy(&ev.addr.bdaddr, bdaddr);
6795 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6796 ev.reason = reason;
6797
6798 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6799
6800 if (sk)
6801 sock_put(sk);
6802
6803 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6804 hdev);
6805}
6806
6807void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6808 u8 link_type, u8 addr_type, u8 status)
6809{
6810 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6811 struct mgmt_cp_disconnect *cp;
6812 struct pending_cmd *cmd;
6813
6814 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6815 hdev);
6816
6817 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6818 if (!cmd)
6819 return;
6820
6821 cp = cmd->param;
6822
6823 if (bacmp(bdaddr, &cp->addr.bdaddr))
6824 return;
6825
6826 if (cp->addr.type != bdaddr_type)
6827 return;
6828
6829 cmd->cmd_complete(cmd, mgmt_status(status));
6830 mgmt_pending_remove(cmd);
6831}
6832
6833void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6834 u8 addr_type, u8 status)
6835{
6836 struct mgmt_ev_connect_failed ev;
6837
6838
6839
6840
6841 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6842 cancel_delayed_work(&hdev->power_off);
6843 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6844 }
6845
6846 bacpy(&ev.addr.bdaddr, bdaddr);
6847 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6848 ev.status = mgmt_status(status);
6849
6850 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6851}
6852
6853void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6854{
6855 struct mgmt_ev_pin_code_request ev;
6856
6857 bacpy(&ev.addr.bdaddr, bdaddr);
6858 ev.addr.type = BDADDR_BREDR;
6859 ev.secure = secure;
6860
6861 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6862}
6863
6864void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6865 u8 status)
6866{
6867 struct pending_cmd *cmd;
6868
6869 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6870 if (!cmd)
6871 return;
6872
6873 cmd->cmd_complete(cmd, mgmt_status(status));
6874 mgmt_pending_remove(cmd);
6875}
6876
6877void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6878 u8 status)
6879{
6880 struct pending_cmd *cmd;
6881
6882 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6883 if (!cmd)
6884 return;
6885
6886 cmd->cmd_complete(cmd, mgmt_status(status));
6887 mgmt_pending_remove(cmd);
6888}
6889
6890int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6891 u8 link_type, u8 addr_type, u32 value,
6892 u8 confirm_hint)
6893{
6894 struct mgmt_ev_user_confirm_request ev;
6895
6896 BT_DBG("%s", hdev->name);
6897
6898 bacpy(&ev.addr.bdaddr, bdaddr);
6899 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6900 ev.confirm_hint = confirm_hint;
6901 ev.value = cpu_to_le32(value);
6902
6903 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6904 NULL);
6905}
6906
6907int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6908 u8 link_type, u8 addr_type)
6909{
6910 struct mgmt_ev_user_passkey_request ev;
6911
6912 BT_DBG("%s", hdev->name);
6913
6914 bacpy(&ev.addr.bdaddr, bdaddr);
6915 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6916
6917 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6918 NULL);
6919}
6920
6921static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6922 u8 link_type, u8 addr_type, u8 status,
6923 u8 opcode)
6924{
6925 struct pending_cmd *cmd;
6926
6927 cmd = mgmt_pending_find(opcode, hdev);
6928 if (!cmd)
6929 return -ENOENT;
6930
6931 cmd->cmd_complete(cmd, mgmt_status(status));
6932 mgmt_pending_remove(cmd);
6933
6934 return 0;
6935}
6936
6937int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6938 u8 link_type, u8 addr_type, u8 status)
6939{
6940 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6941 status, MGMT_OP_USER_CONFIRM_REPLY);
6942}
6943
6944int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6945 u8 link_type, u8 addr_type, u8 status)
6946{
6947 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6948 status,
6949 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6950}
6951
6952int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6953 u8 link_type, u8 addr_type, u8 status)
6954{
6955 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6956 status, MGMT_OP_USER_PASSKEY_REPLY);
6957}
6958
6959int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6960 u8 link_type, u8 addr_type, u8 status)
6961{
6962 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6963 status,
6964 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6965}
6966
6967int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6968 u8 link_type, u8 addr_type, u32 passkey,
6969 u8 entered)
6970{
6971 struct mgmt_ev_passkey_notify ev;
6972
6973 BT_DBG("%s", hdev->name);
6974
6975 bacpy(&ev.addr.bdaddr, bdaddr);
6976 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6977 ev.passkey = __cpu_to_le32(passkey);
6978 ev.entered = entered;
6979
6980 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6981}
6982
6983void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6984{
6985 struct mgmt_ev_auth_failed ev;
6986 struct pending_cmd *cmd;
6987 u8 status = mgmt_status(hci_status);
6988
6989 bacpy(&ev.addr.bdaddr, &conn->dst);
6990 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6991 ev.status = status;
6992
6993 cmd = find_pairing(conn);
6994
6995 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6996 cmd ? cmd->sk : NULL);
6997
6998 if (cmd) {
6999 cmd->cmd_complete(cmd, status);
7000 mgmt_pending_remove(cmd);
7001 }
7002}
7003
7004void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7005{
7006 struct cmd_lookup match = { NULL, hdev };
7007 bool changed;
7008
7009 if (status) {
7010 u8 mgmt_err = mgmt_status(status);
7011 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7012 cmd_status_rsp, &mgmt_err);
7013 return;
7014 }
7015
7016 if (test_bit(HCI_AUTH, &hdev->flags))
7017 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7018 &hdev->dev_flags);
7019 else
7020 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7021 &hdev->dev_flags);
7022
7023 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7024 &match);
7025
7026 if (changed)
7027 new_settings(hdev, match.sk);
7028
7029 if (match.sk)
7030 sock_put(match.sk);
7031}
7032
7033static void clear_eir(struct hci_request *req)
7034{
7035 struct hci_dev *hdev = req->hdev;
7036 struct hci_cp_write_eir cp;
7037
7038 if (!lmp_ext_inq_capable(hdev))
7039 return;
7040
7041 memset(hdev->eir, 0, sizeof(hdev->eir));
7042
7043 memset(&cp, 0, sizeof(cp));
7044
7045 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7046}
7047
7048void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7049{
7050 struct cmd_lookup match = { NULL, hdev };
7051 struct hci_request req;
7052 bool changed = false;
7053
7054 if (status) {
7055 u8 mgmt_err = mgmt_status(status);
7056
7057 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
7058 &hdev->dev_flags)) {
7059 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
7060 new_settings(hdev, NULL);
7061 }
7062
7063 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7064 &mgmt_err);
7065 return;
7066 }
7067
7068 if (enable) {
7069 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7070 } else {
7071 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7072 if (!changed)
7073 changed = test_and_clear_bit(HCI_HS_ENABLED,
7074 &hdev->dev_flags);
7075 else
7076 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
7077 }
7078
7079 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7080
7081 if (changed)
7082 new_settings(hdev, match.sk);
7083
7084 if (match.sk)
7085 sock_put(match.sk);
7086
7087 hci_req_init(&req, hdev);
7088
7089 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7090 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7091 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7092 sizeof(enable), &enable);
7093 update_eir(&req);
7094 } else {
7095 clear_eir(&req);
7096 }
7097
7098 hci_req_run(&req, NULL);
7099}
7100
7101static void sk_lookup(struct pending_cmd *cmd, void *data)
7102{
7103 struct cmd_lookup *match = data;
7104
7105 if (match->sk == NULL) {
7106 match->sk = cmd->sk;
7107 sock_hold(match->sk);
7108 }
7109}
7110
7111void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7112 u8 status)
7113{
7114 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7115
7116 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7117 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7118 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7119
7120 if (!status)
7121 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7122 NULL);
7123
7124 if (match.sk)
7125 sock_put(match.sk);
7126}
7127
7128void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7129{
7130 struct mgmt_cp_set_local_name ev;
7131 struct pending_cmd *cmd;
7132
7133 if (status)
7134 return;
7135
7136 memset(&ev, 0, sizeof(ev));
7137 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7138 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7139
7140 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7141 if (!cmd) {
7142 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7143
7144
7145
7146
7147 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7148 return;
7149 }
7150
7151 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7152 cmd ? cmd->sk : NULL);
7153}
7154
7155void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7156 u8 *rand192, u8 *hash256, u8 *rand256,
7157 u8 status)
7158{
7159 struct pending_cmd *cmd;
7160
7161 BT_DBG("%s status %u", hdev->name, status);
7162
7163 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7164 if (!cmd)
7165 return;
7166
7167 if (status) {
7168 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7169 mgmt_status(status));
7170 } else {
7171 struct mgmt_rp_read_local_oob_data rp;
7172 size_t rp_size = sizeof(rp);
7173
7174 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7175 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7176
7177 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7178 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7179 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7180 } else {
7181 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7182 }
7183
7184 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7185 &rp, rp_size);
7186 }
7187
7188 mgmt_pending_remove(cmd);
7189}
7190
7191static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7192{
7193 int i;
7194
7195 for (i = 0; i < uuid_count; i++) {
7196 if (!memcmp(uuid, uuids[i], 16))
7197 return true;
7198 }
7199
7200 return false;
7201}
7202
7203static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7204{
7205 u16 parsed = 0;
7206
7207 while (parsed < eir_len) {
7208 u8 field_len = eir[0];
7209 u8 uuid[16];
7210 int i;
7211
7212 if (field_len == 0)
7213 break;
7214
7215 if (eir_len - parsed < field_len + 1)
7216 break;
7217
7218 switch (eir[1]) {
7219 case EIR_UUID16_ALL:
7220 case EIR_UUID16_SOME:
7221 for (i = 0; i + 3 <= field_len; i += 2) {
7222 memcpy(uuid, bluetooth_base_uuid, 16);
7223 uuid[13] = eir[i + 3];
7224 uuid[12] = eir[i + 2];
7225 if (has_uuid(uuid, uuid_count, uuids))
7226 return true;
7227 }
7228 break;
7229 case EIR_UUID32_ALL:
7230 case EIR_UUID32_SOME:
7231 for (i = 0; i + 5 <= field_len; i += 4) {
7232 memcpy(uuid, bluetooth_base_uuid, 16);
7233 uuid[15] = eir[i + 5];
7234 uuid[14] = eir[i + 4];
7235 uuid[13] = eir[i + 3];
7236 uuid[12] = eir[i + 2];
7237 if (has_uuid(uuid, uuid_count, uuids))
7238 return true;
7239 }
7240 break;
7241 case EIR_UUID128_ALL:
7242 case EIR_UUID128_SOME:
7243 for (i = 0; i + 17 <= field_len; i += 16) {
7244 memcpy(uuid, eir + i + 2, 16);
7245 if (has_uuid(uuid, uuid_count, uuids))
7246 return true;
7247 }
7248 break;
7249 }
7250
7251 parsed += field_len + 1;
7252 eir += field_len + 1;
7253 }
7254
7255 return false;
7256}
7257
7258static void restart_le_scan(struct hci_dev *hdev)
7259{
7260
7261 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7262 return;
7263
7264 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7265 hdev->discovery.scan_start +
7266 hdev->discovery.scan_duration))
7267 return;
7268
7269 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7270 DISCOV_LE_RESTART_DELAY);
7271}
7272
7273void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7274 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7275 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7276{
7277 char buf[512];
7278 struct mgmt_ev_device_found *ev = (void *) buf;
7279 size_t ev_size;
7280 bool match;
7281
7282
7283
7284
7285
7286 if (!hci_discovery_active(hdev)) {
7287 if (link_type == ACL_LINK)
7288 return;
7289 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7290 return;
7291 }
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7304 (rssi == HCI_RSSI_INVALID ||
7305 (rssi < hdev->discovery.rssi &&
7306 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7307 return;
7308
7309
7310
7311
7312 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7313 return;
7314
7315 memset(buf, 0, sizeof(buf));
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7326 link_type == ACL_LINK)
7327 rssi = 0;
7328
7329 bacpy(&ev->addr.bdaddr, bdaddr);
7330 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7331 ev->rssi = rssi;
7332 ev->flags = cpu_to_le32(flags);
7333
7334 if (eir_len > 0) {
7335
7336
7337
7338
7339
7340
7341 if (hdev->discovery.uuid_count > 0) {
7342 match = eir_has_uuids(eir, eir_len,
7343 hdev->discovery.uuid_count,
7344 hdev->discovery.uuids);
7345
7346
7347
7348
7349 if (match && test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
7350 &hdev->quirks))
7351 restart_le_scan(hdev);
7352 } else {
7353 match = true;
7354 }
7355
7356 if (!match && !scan_rsp_len)
7357 return;
7358
7359
7360 memcpy(ev->eir, eir, eir_len);
7361 } else {
7362
7363
7364
7365
7366 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
7367 return;
7368
7369 match = false;
7370 }
7371
7372 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7373 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7374 dev_class, 3);
7375
7376 if (scan_rsp_len > 0) {
7377
7378
7379
7380
7381
7382 if (hdev->discovery.uuid_count > 0) {
7383 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7384 hdev->discovery.uuid_count,
7385 hdev->discovery.uuids))
7386 return;
7387
7388
7389
7390
7391
7392 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
7393 &hdev->quirks))
7394 restart_le_scan(hdev);
7395 }
7396
7397
7398 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7399 } else {
7400
7401
7402
7403
7404 if (hdev->discovery.uuid_count > 0 && !match)
7405 return;
7406 }
7407
7408
7409
7410
7411
7412 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7413 rssi < hdev->discovery.rssi)
7414 return;
7415
7416 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7417 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7418
7419 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7420}
7421
7422void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7423 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7424{
7425 struct mgmt_ev_device_found *ev;
7426 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7427 u16 eir_len;
7428
7429 ev = (struct mgmt_ev_device_found *) buf;
7430
7431 memset(buf, 0, sizeof(buf));
7432
7433 bacpy(&ev->addr.bdaddr, bdaddr);
7434 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7435 ev->rssi = rssi;
7436
7437 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7438 name_len);
7439
7440 ev->eir_len = cpu_to_le16(eir_len);
7441
7442 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7443}
7444
7445void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7446{
7447 struct mgmt_ev_discovering ev;
7448
7449 BT_DBG("%s discovering %u", hdev->name, discovering);
7450
7451 memset(&ev, 0, sizeof(ev));
7452 ev.type = hdev->discovery.type;
7453 ev.discovering = discovering;
7454
7455 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7456}
7457
7458static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7459{
7460 BT_DBG("%s status %u", hdev->name, status);
7461}
7462
7463void mgmt_reenable_advertising(struct hci_dev *hdev)
7464{
7465 struct hci_request req;
7466
7467 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7468 return;
7469
7470 hci_req_init(&req, hdev);
7471 enable_advertising(&req);
7472 hci_req_run(&req, adv_enable_complete);
7473}
7474
