1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 10
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
129 MGMT_EV_NEW_IRK,
130 MGMT_EV_NEW_CSRK,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
142};
143
144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
166
167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
170
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND,
174 MGMT_STATUS_NOT_CONNECTED,
175 MGMT_STATUS_FAILED,
176 MGMT_STATUS_CONNECT_FAILED,
177 MGMT_STATUS_AUTH_FAILED,
178 MGMT_STATUS_AUTH_FAILED,
179 MGMT_STATUS_NO_RESOURCES,
180 MGMT_STATUS_TIMEOUT,
181 MGMT_STATUS_NO_RESOURCES,
182 MGMT_STATUS_NO_RESOURCES,
183 MGMT_STATUS_ALREADY_CONNECTED,
184 MGMT_STATUS_BUSY,
185 MGMT_STATUS_NO_RESOURCES,
186 MGMT_STATUS_REJECTED,
187 MGMT_STATUS_REJECTED,
188 MGMT_STATUS_TIMEOUT,
189 MGMT_STATUS_NOT_SUPPORTED,
190 MGMT_STATUS_INVALID_PARAMS,
191 MGMT_STATUS_DISCONNECTED,
192 MGMT_STATUS_NO_RESOURCES,
193 MGMT_STATUS_DISCONNECTED,
194 MGMT_STATUS_DISCONNECTED,
195 MGMT_STATUS_BUSY,
196 MGMT_STATUS_REJECTED,
197 MGMT_STATUS_FAILED,
198 MGMT_STATUS_NOT_SUPPORTED,
199 MGMT_STATUS_REJECTED,
200 MGMT_STATUS_REJECTED,
201 MGMT_STATUS_REJECTED,
202 MGMT_STATUS_INVALID_PARAMS,
203 MGMT_STATUS_FAILED,
204 MGMT_STATUS_NOT_SUPPORTED,
205 MGMT_STATUS_FAILED,
206 MGMT_STATUS_TIMEOUT,
207 MGMT_STATUS_FAILED,
208 MGMT_STATUS_FAILED,
209 MGMT_STATUS_REJECTED,
210 MGMT_STATUS_FAILED,
211 MGMT_STATUS_NOT_SUPPORTED,
212 MGMT_STATUS_TIMEOUT,
213 MGMT_STATUS_NOT_SUPPORTED,
214 MGMT_STATUS_FAILED,
215 MGMT_STATUS_INVALID_PARAMS,
216 MGMT_STATUS_REJECTED,
217 MGMT_STATUS_NOT_SUPPORTED,
218 MGMT_STATUS_REJECTED,
219 MGMT_STATUS_INVALID_PARAMS,
220 MGMT_STATUS_BUSY,
221 MGMT_STATUS_FAILED,
222 MGMT_STATUS_FAILED,
223 MGMT_STATUS_INVALID_PARAMS,
224 MGMT_STATUS_NOT_SUPPORTED,
225 MGMT_STATUS_BUSY,
226 MGMT_STATUS_REJECTED,
227 MGMT_STATUS_BUSY,
228 MGMT_STATUS_INVALID_PARAMS,
229 MGMT_STATUS_TIMEOUT,
230 MGMT_STATUS_AUTH_FAILED,
231 MGMT_STATUS_CONNECT_FAILED,
232 MGMT_STATUS_CONNECT_FAILED,
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
245{
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
248}
249
250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269}
270
271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
280
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
282 &rp, sizeof(rp));
283}
284
285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
287{
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
290 size_t rp_size;
291 int i, err;
292
293 BT_DBG("sock %p", sk);
294
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
298 } else {
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
301 }
302
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
304
305 rp = kmalloc(rp_size, GFP_KERNEL);
306 if (!rp)
307 return -ENOMEM;
308
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
311
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
314
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
317
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
320 } else {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
325
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
328 }
329
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
331 rp, rp_size);
332 kfree(rp);
333
334 return err;
335}
336
337static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
338 u16 data_len)
339{
340 struct mgmt_rp_read_index_list *rp;
341 struct hci_dev *d;
342 size_t rp_len;
343 u16 count;
344 int err;
345
346 BT_DBG("sock %p", sk);
347
348 read_lock(&hci_dev_list_lock);
349
350 count = 0;
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
354 count++;
355 }
356
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
359 if (!rp) {
360 read_unlock(&hci_dev_list_lock);
361 return -ENOMEM;
362 }
363
364 count = 0;
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
369 continue;
370
371
372
373
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
375 continue;
376
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
381 }
382 }
383
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
386
387 read_unlock(&hci_dev_list_lock);
388
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
390 0, rp, rp_len);
391
392 kfree(rp);
393
394 return err;
395}
396
397static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
399{
400 struct mgmt_rp_read_unconf_index_list *rp;
401 struct hci_dev *d;
402 size_t rp_len;
403 u16 count;
404 int err;
405
406 BT_DBG("sock %p", sk);
407
408 read_lock(&hci_dev_list_lock);
409
410 count = 0;
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
414 count++;
415 }
416
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
419 if (!rp) {
420 read_unlock(&hci_dev_list_lock);
421 return -ENOMEM;
422 }
423
424 count = 0;
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
429 continue;
430
431
432
433
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
435 continue;
436
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
441 }
442 }
443
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
446
447 read_unlock(&hci_dev_list_lock);
448
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
451
452 kfree(rp);
453
454 return err;
455}
456
457static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
459{
460 struct mgmt_rp_read_ext_index_list *rp;
461 struct hci_dev *d;
462 size_t rp_len;
463 u16 count;
464 int err;
465
466 BT_DBG("sock %p", sk);
467
468 read_lock(&hci_dev_list_lock);
469
470 count = 0;
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
473 count++;
474 }
475
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
478 if (!rp) {
479 read_unlock(&hci_dev_list_lock);
480 return -ENOMEM;
481 }
482
483 count = 0;
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
488 continue;
489
490
491
492
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
494 continue;
495
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
499 else
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
503 } else {
504 continue;
505 }
506
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
510 }
511
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
514
515 read_unlock(&hci_dev_list_lock);
516
517
518
519
520
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
524
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
527
528 kfree(rp);
529
530 return err;
531}
532
533static bool is_configured(struct hci_dev *hdev)
534{
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
537 return false;
538
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
541 return false;
542
543 return true;
544}
545
546static __le32 get_missing_options(struct hci_dev *hdev)
547{
548 u32 options = 0;
549
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
557
558 return cpu_to_le32(options);
559}
560
561static int new_options(struct hci_dev *hdev, struct sock *skip)
562{
563 __le32 options = get_missing_options(hdev);
564
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
567}
568
569static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
570{
571 __le32 options = get_missing_options(hdev);
572
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
574 sizeof(options));
575}
576
577static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
579{
580 struct mgmt_rp_read_config_info rp;
581 u32 options = 0;
582
583 BT_DBG("sock %p %s", sk, hdev->name);
584
585 hci_dev_lock(hdev);
586
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
589
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
592
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
595
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
598
599 hci_dev_unlock(hdev);
600
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
602 &rp, sizeof(rp));
603}
604
605static u32 get_supported_settings(struct hci_dev *hdev)
606{
607 u32 settings = 0;
608
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
614
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
620
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
624 }
625
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
628 }
629
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
636 }
637
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
639 hdev->set_bdaddr)
640 settings |= MGMT_SETTING_CONFIGURATION;
641
642 return settings;
643}
644
645static u32 get_current_settings(struct hci_dev *hdev)
646{
647 u32 settings = 0;
648
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
651
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
654
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
657
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
660
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
663
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
666
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
669
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
672
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
675
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
678
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
681
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
684
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
687
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
690
691
692
693
694
695
696
697
698
699
700
701
702
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
708 }
709
710 return settings;
711}
712
713#define PNP_INFO_SVCLASS_ID 0x1200
714
715static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716{
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
719
720 if (len < 4)
721 return ptr;
722
723 list_for_each_entry(uuid, &hdev->uuids, list) {
724 u16 uuid16;
725
726 if (uuid->size != 16)
727 continue;
728
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
730 if (uuid16 < 0x1100)
731 continue;
732
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
734 continue;
735
736 if (!uuids_start) {
737 uuids_start = ptr;
738 uuids_start[0] = 1;
739 uuids_start[1] = EIR_UUID16_ALL;
740 ptr += 2;
741 }
742
743
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
746 break;
747 }
748
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
752 }
753
754 return ptr;
755}
756
757static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
758{
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
761
762 if (len < 6)
763 return ptr;
764
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
767 continue;
768
769 if (!uuids_start) {
770 uuids_start = ptr;
771 uuids_start[0] = 1;
772 uuids_start[1] = EIR_UUID32_ALL;
773 ptr += 2;
774 }
775
776
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
779 break;
780 }
781
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
783 ptr += sizeof(u32);
784 uuids_start[0] += sizeof(u32);
785 }
786
787 return ptr;
788}
789
790static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
791{
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
794
795 if (len < 18)
796 return ptr;
797
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
800 continue;
801
802 if (!uuids_start) {
803 uuids_start = ptr;
804 uuids_start[0] = 1;
805 uuids_start[1] = EIR_UUID128_ALL;
806 ptr += 2;
807 }
808
809
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
812 break;
813 }
814
815 memcpy(ptr, uuid->uuid, 16);
816 ptr += 16;
817 uuids_start[0] += 16;
818 }
819
820 return ptr;
821}
822
823static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
824{
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
826}
827
828static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
830 const void *data)
831{
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
833}
834
835static u8 get_current_adv_instance(struct hci_dev *hdev)
836{
837
838
839
840
841
842 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
843 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
844 return hdev->cur_adv_instance;
845
846 return 0x00;
847}
848
849static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
850{
851 u8 ad_len = 0;
852 size_t name_len;
853
854 name_len = strlen(hdev->dev_name);
855 if (name_len > 0) {
856 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
857
858 if (name_len > max_len) {
859 name_len = max_len;
860 ptr[1] = EIR_NAME_SHORT;
861 } else
862 ptr[1] = EIR_NAME_COMPLETE;
863
864 ptr[0] = name_len + 1;
865
866 memcpy(ptr + 2, hdev->dev_name, name_len);
867
868 ad_len += (name_len + 2);
869 ptr += (name_len + 2);
870 }
871
872 return ad_len;
873}
874
875static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
876 u8 *ptr)
877{
878 struct adv_info *adv_instance;
879
880 adv_instance = hci_find_adv_instance(hdev, instance);
881 if (!adv_instance)
882 return 0;
883
884
885
886
887 memcpy(ptr, adv_instance->scan_rsp_data,
888 adv_instance->scan_rsp_len);
889
890 return adv_instance->scan_rsp_len;
891}
892
893static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
894{
895 struct hci_dev *hdev = req->hdev;
896 struct hci_cp_le_set_scan_rsp_data cp;
897 u8 len;
898
899 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
900 return;
901
902 memset(&cp, 0, sizeof(cp));
903
904 if (instance)
905 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
906 else
907 len = create_default_scan_rsp_data(hdev, cp.data);
908
909 if (hdev->scan_rsp_data_len == len &&
910 !memcmp(cp.data, hdev->scan_rsp_data, len))
911 return;
912
913 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
914 hdev->scan_rsp_data_len = len;
915
916 cp.length = len;
917
918 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
919}
920
921static void update_scan_rsp_data(struct hci_request *req)
922{
923 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
924}
925
926static u8 get_adv_discov_flags(struct hci_dev *hdev)
927{
928 struct mgmt_pending_cmd *cmd;
929
930
931
932
933 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
934 if (cmd) {
935 struct mgmt_mode *cp = cmd->param;
936 if (cp->val == 0x01)
937 return LE_AD_GENERAL;
938 else if (cp->val == 0x02)
939 return LE_AD_LIMITED;
940 } else {
941 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
942 return LE_AD_LIMITED;
943 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
944 return LE_AD_GENERAL;
945 }
946
947 return 0;
948}
949
950static bool get_connectable(struct hci_dev *hdev)
951{
952 struct mgmt_pending_cmd *cmd;
953
954
955
956
957 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
958 if (cmd) {
959 struct mgmt_mode *cp = cmd->param;
960
961 return cp->val;
962 }
963
964 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
965}
966
967static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
968{
969 u32 flags;
970 struct adv_info *adv_instance;
971
972 if (instance == 0x00) {
973
974
975
976 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
977
978
979
980
981 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
982 flags |= MGMT_ADV_FLAG_CONNECTABLE;
983
984 return flags;
985 }
986
987 adv_instance = hci_find_adv_instance(hdev, instance);
988
989
990 if (!adv_instance)
991 return 0;
992
993 return adv_instance->flags;
994}
995
996static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
997{
998 u8 instance = get_current_adv_instance(hdev);
999 struct adv_info *adv_instance;
1000
1001
1002 if (instance == 0x00)
1003 return 0;
1004
1005 adv_instance = hci_find_adv_instance(hdev, instance);
1006 if (!adv_instance)
1007 return 0;
1008
1009
1010
1011
1012 return adv_instance->scan_rsp_len;
1013}
1014
1015static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1016{
1017 struct adv_info *adv_instance = NULL;
1018 u8 ad_len = 0, flags = 0;
1019 u32 instance_flags;
1020
1021
1022 if (instance) {
1023 adv_instance = hci_find_adv_instance(hdev, instance);
1024 if (!adv_instance)
1025 return 0;
1026 }
1027
1028 instance_flags = get_adv_instance_flags(hdev, instance);
1029
1030
1031
1032
1033 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1034 flags |= LE_AD_GENERAL;
1035
1036 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1037 flags |= LE_AD_LIMITED;
1038
1039 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1040
1041
1042
1043 if (!flags)
1044 flags |= get_adv_discov_flags(hdev);
1045
1046 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1047 flags |= LE_AD_NO_BREDR;
1048
1049
1050
1051
1052 if (flags) {
1053 ptr[0] = 0x02;
1054 ptr[1] = EIR_FLAGS;
1055 ptr[2] = flags;
1056
1057 ad_len += 3;
1058 ptr += 3;
1059 }
1060 }
1061
1062 if (adv_instance) {
1063 memcpy(ptr, adv_instance->adv_data,
1064 adv_instance->adv_data_len);
1065 ad_len += adv_instance->adv_data_len;
1066 ptr += adv_instance->adv_data_len;
1067 }
1068
1069
1070 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1071 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1072 ptr[0] = 0x02;
1073 ptr[1] = EIR_TX_POWER;
1074 ptr[2] = (u8)hdev->adv_tx_power;
1075
1076 ad_len += 3;
1077 ptr += 3;
1078 }
1079
1080 return ad_len;
1081}
1082
1083static void update_inst_adv_data(struct hci_request *req, u8 instance)
1084{
1085 struct hci_dev *hdev = req->hdev;
1086 struct hci_cp_le_set_adv_data cp;
1087 u8 len;
1088
1089 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1090 return;
1091
1092 memset(&cp, 0, sizeof(cp));
1093
1094 len = create_instance_adv_data(hdev, instance, cp.data);
1095
1096
1097 if (hdev->adv_data_len == len &&
1098 memcmp(cp.data, hdev->adv_data, len) == 0)
1099 return;
1100
1101 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1102 hdev->adv_data_len = len;
1103
1104 cp.length = len;
1105
1106 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1107}
1108
1109static void update_adv_data(struct hci_request *req)
1110{
1111 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
1112}
1113
1114int mgmt_update_adv_data(struct hci_dev *hdev)
1115{
1116 struct hci_request req;
1117
1118 hci_req_init(&req, hdev);
1119 update_adv_data(&req);
1120
1121 return hci_req_run(&req, NULL);
1122}
1123
1124static void create_eir(struct hci_dev *hdev, u8 *data)
1125{
1126 u8 *ptr = data;
1127 size_t name_len;
1128
1129 name_len = strlen(hdev->dev_name);
1130
1131 if (name_len > 0) {
1132
1133 if (name_len > 48) {
1134 name_len = 48;
1135 ptr[1] = EIR_NAME_SHORT;
1136 } else
1137 ptr[1] = EIR_NAME_COMPLETE;
1138
1139
1140 ptr[0] = name_len + 1;
1141
1142 memcpy(ptr + 2, hdev->dev_name, name_len);
1143
1144 ptr += (name_len + 2);
1145 }
1146
1147 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1148 ptr[0] = 2;
1149 ptr[1] = EIR_TX_POWER;
1150 ptr[2] = (u8) hdev->inq_tx_power;
1151
1152 ptr += 3;
1153 }
1154
1155 if (hdev->devid_source > 0) {
1156 ptr[0] = 9;
1157 ptr[1] = EIR_DEVICE_ID;
1158
1159 put_unaligned_le16(hdev->devid_source, ptr + 2);
1160 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1161 put_unaligned_le16(hdev->devid_product, ptr + 6);
1162 put_unaligned_le16(hdev->devid_version, ptr + 8);
1163
1164 ptr += 10;
1165 }
1166
1167 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1168 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1169 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1170}
1171
1172static void update_eir(struct hci_request *req)
1173{
1174 struct hci_dev *hdev = req->hdev;
1175 struct hci_cp_write_eir cp;
1176
1177 if (!hdev_is_powered(hdev))
1178 return;
1179
1180 if (!lmp_ext_inq_capable(hdev))
1181 return;
1182
1183 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1184 return;
1185
1186 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1187 return;
1188
1189 memset(&cp, 0, sizeof(cp));
1190
1191 create_eir(hdev, cp.data);
1192
1193 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1194 return;
1195
1196 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1197
1198 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1199}
1200
1201static u8 get_service_classes(struct hci_dev *hdev)
1202{
1203 struct bt_uuid *uuid;
1204 u8 val = 0;
1205
1206 list_for_each_entry(uuid, &hdev->uuids, list)
1207 val |= uuid->svc_hint;
1208
1209 return val;
1210}
1211
1212static void update_class(struct hci_request *req)
1213{
1214 struct hci_dev *hdev = req->hdev;
1215 u8 cod[3];
1216
1217 BT_DBG("%s", hdev->name);
1218
1219 if (!hdev_is_powered(hdev))
1220 return;
1221
1222 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1223 return;
1224
1225 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1226 return;
1227
1228 cod[0] = hdev->minor_class;
1229 cod[1] = hdev->major_class;
1230 cod[2] = get_service_classes(hdev);
1231
1232 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1233 cod[1] |= 0x20;
1234
1235 if (memcmp(cod, hdev->dev_class, 3) == 0)
1236 return;
1237
1238 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1239}
1240
1241static void disable_advertising(struct hci_request *req)
1242{
1243 u8 enable = 0x00;
1244
1245 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1246}
1247
1248static void enable_advertising(struct hci_request *req)
1249{
1250 struct hci_dev *hdev = req->hdev;
1251 struct hci_cp_le_set_adv_param cp;
1252 u8 own_addr_type, enable = 0x01;
1253 bool connectable;
1254 u8 instance;
1255 u32 flags;
1256
1257 if (hci_conn_num(hdev, LE_LINK) > 0)
1258 return;
1259
1260 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1261 disable_advertising(req);
1262
1263
1264
1265
1266
1267
1268 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1269
1270 instance = get_current_adv_instance(hdev);
1271 flags = get_adv_instance_flags(hdev, instance);
1272
1273
1274
1275
1276 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1277 get_connectable(hdev);
1278
1279
1280
1281
1282
1283 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1284 return;
1285
1286 memset(&cp, 0, sizeof(cp));
1287 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1288 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1289
1290 if (connectable)
1291 cp.type = LE_ADV_IND;
1292 else if (get_cur_adv_instance_scan_rsp_len(hdev))
1293 cp.type = LE_ADV_SCAN_IND;
1294 else
1295 cp.type = LE_ADV_NONCONN_IND;
1296
1297 cp.own_address_type = own_addr_type;
1298 cp.channel_map = hdev->le_adv_channel_map;
1299
1300 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1301
1302 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1303}
1304
1305static void service_cache_off(struct work_struct *work)
1306{
1307 struct hci_dev *hdev = container_of(work, struct hci_dev,
1308 service_cache.work);
1309 struct hci_request req;
1310
1311 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1312 return;
1313
1314 hci_req_init(&req, hdev);
1315
1316 hci_dev_lock(hdev);
1317
1318 update_eir(&req);
1319 update_class(&req);
1320
1321 hci_dev_unlock(hdev);
1322
1323 hci_req_run(&req, NULL);
1324}
1325
1326static void rpa_expired(struct work_struct *work)
1327{
1328 struct hci_dev *hdev = container_of(work, struct hci_dev,
1329 rpa_expired.work);
1330 struct hci_request req;
1331
1332 BT_DBG("");
1333
1334 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1335
1336 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1337 return;
1338
1339
1340
1341
1342 hci_req_init(&req, hdev);
1343 enable_advertising(&req);
1344 hci_req_run(&req, NULL);
1345}
1346
1347static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1348{
1349 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1350 return;
1351
1352 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1353 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1354
1355
1356
1357
1358
1359
1360 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1361}
1362
1363static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1364 void *data, u16 data_len)
1365{
1366 struct mgmt_rp_read_info rp;
1367
1368 BT_DBG("sock %p %s", sk, hdev->name);
1369
1370 hci_dev_lock(hdev);
1371
1372 memset(&rp, 0, sizeof(rp));
1373
1374 bacpy(&rp.bdaddr, &hdev->bdaddr);
1375
1376 rp.version = hdev->hci_ver;
1377 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1378
1379 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1380 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1381
1382 memcpy(rp.dev_class, hdev->dev_class, 3);
1383
1384 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1385 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1386
1387 hci_dev_unlock(hdev);
1388
1389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1390 sizeof(rp));
1391}
1392
1393static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1394{
1395 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1396
1397 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1398 sizeof(settings));
1399}
1400
1401static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1402{
1403 BT_DBG("%s status 0x%02x", hdev->name, status);
1404
1405 if (hci_conn_count(hdev) == 0) {
1406 cancel_delayed_work(&hdev->power_off);
1407 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1408 }
1409}
1410
1411static bool hci_stop_discovery(struct hci_request *req)
1412{
1413 struct hci_dev *hdev = req->hdev;
1414 struct hci_cp_remote_name_req_cancel cp;
1415 struct inquiry_entry *e;
1416
1417 switch (hdev->discovery.state) {
1418 case DISCOVERY_FINDING:
1419 if (test_bit(HCI_INQUIRY, &hdev->flags))
1420 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1421
1422 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1423 cancel_delayed_work(&hdev->le_scan_disable);
1424 hci_req_add_le_scan_disable(req);
1425 }
1426
1427 return true;
1428
1429 case DISCOVERY_RESOLVING:
1430 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1431 NAME_PENDING);
1432 if (!e)
1433 break;
1434
1435 bacpy(&cp.bdaddr, &e->data.bdaddr);
1436 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1437 &cp);
1438
1439 return true;
1440
1441 default:
1442
1443 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1444 hci_req_add_le_scan_disable(req);
1445 return true;
1446 }
1447
1448 break;
1449 }
1450
1451 return false;
1452}
1453
1454static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1455 u8 instance)
1456{
1457 struct mgmt_ev_advertising_added ev;
1458
1459 ev.instance = instance;
1460
1461 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1462}
1463
1464static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1465 u8 instance)
1466{
1467 struct mgmt_ev_advertising_removed ev;
1468
1469 ev.instance = instance;
1470
1471 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1472}
1473
1474static int schedule_adv_instance(struct hci_request *req, u8 instance,
1475 bool force) {
1476 struct hci_dev *hdev = req->hdev;
1477 struct adv_info *adv_instance = NULL;
1478 u16 timeout;
1479
1480 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1481 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1482 return -EPERM;
1483
1484 if (hdev->adv_instance_timeout)
1485 return -EBUSY;
1486
1487 adv_instance = hci_find_adv_instance(hdev, instance);
1488 if (!adv_instance)
1489 return -ENOENT;
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499 if (adv_instance->timeout == 0 ||
1500 adv_instance->duration <= adv_instance->remaining_time)
1501 timeout = adv_instance->duration;
1502 else
1503 timeout = adv_instance->remaining_time;
1504
1505
1506
1507
1508 if (adv_instance->timeout)
1509 adv_instance->remaining_time =
1510 adv_instance->remaining_time - timeout;
1511
1512 hdev->adv_instance_timeout = timeout;
1513 queue_delayed_work(hdev->workqueue,
1514 &hdev->adv_instance_expire,
1515 msecs_to_jiffies(timeout * 1000));
1516
1517
1518
1519
1520
1521 if (!force && hdev->cur_adv_instance == instance &&
1522 hci_dev_test_flag(hdev, HCI_LE_ADV))
1523 return 0;
1524
1525 hdev->cur_adv_instance = instance;
1526 update_adv_data(req);
1527 update_scan_rsp_data(req);
1528 enable_advertising(req);
1529
1530 return 0;
1531}
1532
1533static void cancel_adv_timeout(struct hci_dev *hdev)
1534{
1535 if (hdev->adv_instance_timeout) {
1536 hdev->adv_instance_timeout = 0;
1537 cancel_delayed_work(&hdev->adv_instance_expire);
1538 }
1539}
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552static void clear_adv_instance(struct hci_dev *hdev, struct hci_request *req,
1553 u8 instance, bool force)
1554{
1555 struct adv_info *adv_instance, *n, *next_instance = NULL;
1556 int err;
1557 u8 rem_inst;
1558
1559
1560 if (!instance || hdev->cur_adv_instance == instance)
1561 cancel_adv_timeout(hdev);
1562
1563
1564
1565
1566
1567 if (instance && hdev->cur_adv_instance == instance)
1568 next_instance = hci_get_next_instance(hdev, instance);
1569
1570 if (instance == 0x00) {
1571 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances,
1572 list) {
1573 if (!(force || adv_instance->timeout))
1574 continue;
1575
1576 rem_inst = adv_instance->instance;
1577 err = hci_remove_adv_instance(hdev, rem_inst);
1578 if (!err)
1579 advertising_removed(NULL, hdev, rem_inst);
1580 }
1581 hdev->cur_adv_instance = 0x00;
1582 } else {
1583 adv_instance = hci_find_adv_instance(hdev, instance);
1584
1585 if (force || (adv_instance && adv_instance->timeout &&
1586 !adv_instance->remaining_time)) {
1587
1588 if (next_instance &&
1589 next_instance->instance == instance)
1590 next_instance = NULL;
1591
1592 err = hci_remove_adv_instance(hdev, instance);
1593 if (!err)
1594 advertising_removed(NULL, hdev, instance);
1595 }
1596 }
1597
1598 if (list_empty(&hdev->adv_instances)) {
1599 hdev->cur_adv_instance = 0x00;
1600 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1601 }
1602
1603 if (!req || !hdev_is_powered(hdev) ||
1604 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1605 return;
1606
1607 if (next_instance)
1608 schedule_adv_instance(req, next_instance->instance, false);
1609}
1610
1611static int clean_up_hci_state(struct hci_dev *hdev)
1612{
1613 struct hci_request req;
1614 struct hci_conn *conn;
1615 bool discov_stopped;
1616 int err;
1617
1618 hci_req_init(&req, hdev);
1619
1620 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1621 test_bit(HCI_PSCAN, &hdev->flags)) {
1622 u8 scan = 0x00;
1623 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1624 }
1625
1626 clear_adv_instance(hdev, NULL, 0x00, false);
1627
1628 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1629 disable_advertising(&req);
1630
1631 discov_stopped = hci_stop_discovery(&req);
1632
1633 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1634 struct hci_cp_disconnect dc;
1635 struct hci_cp_reject_conn_req rej;
1636
1637 switch (conn->state) {
1638 case BT_CONNECTED:
1639 case BT_CONFIG:
1640 dc.handle = cpu_to_le16(conn->handle);
1641 dc.reason = 0x15;
1642 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1643 break;
1644 case BT_CONNECT:
1645 if (conn->type == LE_LINK)
1646 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1647 0, NULL);
1648 else if (conn->type == ACL_LINK)
1649 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1650 6, &conn->dst);
1651 break;
1652 case BT_CONNECT2:
1653 bacpy(&rej.bdaddr, &conn->dst);
1654 rej.reason = 0x15;
1655 if (conn->type == ACL_LINK)
1656 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1657 sizeof(rej), &rej);
1658 else if (conn->type == SCO_LINK)
1659 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1660 sizeof(rej), &rej);
1661 break;
1662 }
1663 }
1664
1665 err = hci_req_run(&req, clean_up_hci_complete);
1666 if (!err && discov_stopped)
1667 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1668
1669 return err;
1670}
1671
1672static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1673 u16 len)
1674{
1675 struct mgmt_mode *cp = data;
1676 struct mgmt_pending_cmd *cmd;
1677 int err;
1678
1679 BT_DBG("request for %s", hdev->name);
1680
1681 if (cp->val != 0x00 && cp->val != 0x01)
1682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1683 MGMT_STATUS_INVALID_PARAMS);
1684
1685 hci_dev_lock(hdev);
1686
1687 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1689 MGMT_STATUS_BUSY);
1690 goto failed;
1691 }
1692
1693 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1694 cancel_delayed_work(&hdev->power_off);
1695
1696 if (cp->val) {
1697 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1698 data, len);
1699 err = mgmt_powered(hdev, 1);
1700 goto failed;
1701 }
1702 }
1703
1704 if (!!cp->val == hdev_is_powered(hdev)) {
1705 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1706 goto failed;
1707 }
1708
1709 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1710 if (!cmd) {
1711 err = -ENOMEM;
1712 goto failed;
1713 }
1714
1715 if (cp->val) {
1716 queue_work(hdev->req_workqueue, &hdev->power_on);
1717 err = 0;
1718 } else {
1719
1720 err = clean_up_hci_state(hdev);
1721 if (!err)
1722 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1723 HCI_POWER_OFF_TIMEOUT);
1724
1725
1726 if (err == -ENODATA) {
1727 cancel_delayed_work(&hdev->power_off);
1728 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1729 err = 0;
1730 }
1731 }
1732
1733failed:
1734 hci_dev_unlock(hdev);
1735 return err;
1736}
1737
1738static int new_settings(struct hci_dev *hdev, struct sock *skip)
1739{
1740 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1741
1742 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1743 sizeof(ev), skip);
1744}
1745
1746int mgmt_new_settings(struct hci_dev *hdev)
1747{
1748 return new_settings(hdev, NULL);
1749}
1750
1751struct cmd_lookup {
1752 struct sock *sk;
1753 struct hci_dev *hdev;
1754 u8 mgmt_status;
1755};
1756
1757static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1758{
1759 struct cmd_lookup *match = data;
1760
1761 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1762
1763 list_del(&cmd->list);
1764
1765 if (match->sk == NULL) {
1766 match->sk = cmd->sk;
1767 sock_hold(match->sk);
1768 }
1769
1770 mgmt_pending_free(cmd);
1771}
1772
1773static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1774{
1775 u8 *status = data;
1776
1777 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1778 mgmt_pending_remove(cmd);
1779}
1780
1781static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1782{
1783 if (cmd->cmd_complete) {
1784 u8 *status = data;
1785
1786 cmd->cmd_complete(cmd, *status);
1787 mgmt_pending_remove(cmd);
1788
1789 return;
1790 }
1791
1792 cmd_status_rsp(cmd, data);
1793}
1794
1795static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1796{
1797 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1798 cmd->param, cmd->param_len);
1799}
1800
1801static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1802{
1803 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1804 cmd->param, sizeof(struct mgmt_addr_info));
1805}
1806
1807static u8 mgmt_bredr_support(struct hci_dev *hdev)
1808{
1809 if (!lmp_bredr_capable(hdev))
1810 return MGMT_STATUS_NOT_SUPPORTED;
1811 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1812 return MGMT_STATUS_REJECTED;
1813 else
1814 return MGMT_STATUS_SUCCESS;
1815}
1816
1817static u8 mgmt_le_support(struct hci_dev *hdev)
1818{
1819 if (!lmp_le_capable(hdev))
1820 return MGMT_STATUS_NOT_SUPPORTED;
1821 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1822 return MGMT_STATUS_REJECTED;
1823 else
1824 return MGMT_STATUS_SUCCESS;
1825}
1826
1827static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1828 u16 opcode)
1829{
1830 struct mgmt_pending_cmd *cmd;
1831 struct mgmt_mode *cp;
1832 struct hci_request req;
1833 bool changed;
1834
1835 BT_DBG("status 0x%02x", status);
1836
1837 hci_dev_lock(hdev);
1838
1839 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1840 if (!cmd)
1841 goto unlock;
1842
1843 if (status) {
1844 u8 mgmt_err = mgmt_status(status);
1845 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1846 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1847 goto remove_cmd;
1848 }
1849
1850 cp = cmd->param;
1851 if (cp->val) {
1852 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1853
1854 if (hdev->discov_timeout > 0) {
1855 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1856 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1857 to);
1858 }
1859 } else {
1860 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1861 }
1862
1863 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1864
1865 if (changed)
1866 new_settings(hdev, cmd->sk);
1867
1868
1869
1870
1871
1872
1873 hci_req_init(&req, hdev);
1874 __hci_update_page_scan(&req);
1875 update_class(&req);
1876 hci_req_run(&req, NULL);
1877
1878remove_cmd:
1879 mgmt_pending_remove(cmd);
1880
1881unlock:
1882 hci_dev_unlock(hdev);
1883}
1884
1885static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1886 u16 len)
1887{
1888 struct mgmt_cp_set_discoverable *cp = data;
1889 struct mgmt_pending_cmd *cmd;
1890 struct hci_request req;
1891 u16 timeout;
1892 u8 scan;
1893 int err;
1894
1895 BT_DBG("request for %s", hdev->name);
1896
1897 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1898 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1900 MGMT_STATUS_REJECTED);
1901
1902 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1904 MGMT_STATUS_INVALID_PARAMS);
1905
1906 timeout = __le16_to_cpu(cp->timeout);
1907
1908
1909
1910
1911 if ((cp->val == 0x00 && timeout > 0) ||
1912 (cp->val == 0x02 && timeout == 0))
1913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1914 MGMT_STATUS_INVALID_PARAMS);
1915
1916 hci_dev_lock(hdev);
1917
1918 if (!hdev_is_powered(hdev) && timeout > 0) {
1919 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1920 MGMT_STATUS_NOT_POWERED);
1921 goto failed;
1922 }
1923
1924 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1925 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1926 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1927 MGMT_STATUS_BUSY);
1928 goto failed;
1929 }
1930
1931 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1932 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1933 MGMT_STATUS_REJECTED);
1934 goto failed;
1935 }
1936
1937 if (!hdev_is_powered(hdev)) {
1938 bool changed = false;
1939
1940
1941
1942
1943
1944 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1945 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1946 changed = true;
1947 }
1948
1949 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1950 if (err < 0)
1951 goto failed;
1952
1953 if (changed)
1954 err = new_settings(hdev, sk);
1955
1956 goto failed;
1957 }
1958
1959
1960
1961
1962
1963 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1964 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1965 HCI_LIMITED_DISCOVERABLE)) {
1966 cancel_delayed_work(&hdev->discov_off);
1967 hdev->discov_timeout = timeout;
1968
1969 if (cp->val && hdev->discov_timeout > 0) {
1970 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1971 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1972 to);
1973 }
1974
1975 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1976 goto failed;
1977 }
1978
1979 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1980 if (!cmd) {
1981 err = -ENOMEM;
1982 goto failed;
1983 }
1984
1985
1986
1987
1988
1989 cancel_delayed_work(&hdev->discov_off);
1990 hdev->discov_timeout = timeout;
1991
1992
1993 if (cp->val == 0x02)
1994 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1995 else
1996 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1997
1998 hci_req_init(&req, hdev);
1999
2000
2001
2002
2003 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2004 goto update_ad;
2005
2006 scan = SCAN_PAGE;
2007
2008 if (cp->val) {
2009 struct hci_cp_write_current_iac_lap hci_cp;
2010
2011 if (cp->val == 0x02) {
2012
2013 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
2014 hci_cp.iac_lap[0] = 0x00;
2015 hci_cp.iac_lap[1] = 0x8b;
2016 hci_cp.iac_lap[2] = 0x9e;
2017 hci_cp.iac_lap[3] = 0x33;
2018 hci_cp.iac_lap[4] = 0x8b;
2019 hci_cp.iac_lap[5] = 0x9e;
2020 } else {
2021
2022 hci_cp.num_iac = 1;
2023 hci_cp.iac_lap[0] = 0x33;
2024 hci_cp.iac_lap[1] = 0x8b;
2025 hci_cp.iac_lap[2] = 0x9e;
2026 }
2027
2028 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
2029 (hci_cp.num_iac * 3) + 1, &hci_cp);
2030
2031 scan |= SCAN_INQUIRY;
2032 } else {
2033 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2034 }
2035
2036 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
2037
2038update_ad:
2039 update_adv_data(&req);
2040
2041 err = hci_req_run(&req, set_discoverable_complete);
2042 if (err < 0)
2043 mgmt_pending_remove(cmd);
2044
2045failed:
2046 hci_dev_unlock(hdev);
2047 return err;
2048}
2049
2050static void write_fast_connectable(struct hci_request *req, bool enable)
2051{
2052 struct hci_dev *hdev = req->hdev;
2053 struct hci_cp_write_page_scan_activity acp;
2054 u8 type;
2055
2056 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2057 return;
2058
2059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
2060 return;
2061
2062 if (enable) {
2063 type = PAGE_SCAN_TYPE_INTERLACED;
2064
2065
2066 acp.interval = cpu_to_le16(0x0100);
2067 } else {
2068 type = PAGE_SCAN_TYPE_STANDARD;
2069
2070
2071 acp.interval = cpu_to_le16(0x0800);
2072 }
2073
2074 acp.window = cpu_to_le16(0x0012);
2075
2076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
2077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
2078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2079 sizeof(acp), &acp);
2080
2081 if (hdev->page_scan_type != type)
2082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2083}
2084
2085static void set_connectable_complete(struct hci_dev *hdev, u8 status,
2086 u16 opcode)
2087{
2088 struct mgmt_pending_cmd *cmd;
2089 struct mgmt_mode *cp;
2090 bool conn_changed, discov_changed;
2091
2092 BT_DBG("status 0x%02x", status);
2093
2094 hci_dev_lock(hdev);
2095
2096 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2097 if (!cmd)
2098 goto unlock;
2099
2100 if (status) {
2101 u8 mgmt_err = mgmt_status(status);
2102 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
2103 goto remove_cmd;
2104 }
2105
2106 cp = cmd->param;
2107 if (cp->val) {
2108 conn_changed = !hci_dev_test_and_set_flag(hdev,
2109 HCI_CONNECTABLE);
2110 discov_changed = false;
2111 } else {
2112 conn_changed = hci_dev_test_and_clear_flag(hdev,
2113 HCI_CONNECTABLE);
2114 discov_changed = hci_dev_test_and_clear_flag(hdev,
2115 HCI_DISCOVERABLE);
2116 }
2117
2118 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
2119
2120 if (conn_changed || discov_changed) {
2121 new_settings(hdev, cmd->sk);
2122 hci_update_page_scan(hdev);
2123 if (discov_changed)
2124 mgmt_update_adv_data(hdev);
2125 hci_update_background_scan(hdev);
2126 }
2127
2128remove_cmd:
2129 mgmt_pending_remove(cmd);
2130
2131unlock:
2132 hci_dev_unlock(hdev);
2133}
2134
2135static int set_connectable_update_settings(struct hci_dev *hdev,
2136 struct sock *sk, u8 val)
2137{
2138 bool changed = false;
2139 int err;
2140
2141 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2142 changed = true;
2143
2144 if (val) {
2145 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2146 } else {
2147 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2148 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2149 }
2150
2151 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2152 if (err < 0)
2153 return err;
2154
2155 if (changed) {
2156 hci_update_page_scan(hdev);
2157 hci_update_background_scan(hdev);
2158 return new_settings(hdev, sk);
2159 }
2160
2161 return 0;
2162}
2163
2164static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2165 u16 len)
2166{
2167 struct mgmt_mode *cp = data;
2168 struct mgmt_pending_cmd *cmd;
2169 struct hci_request req;
2170 u8 scan;
2171 int err;
2172
2173 BT_DBG("request for %s", hdev->name);
2174
2175 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2176 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2178 MGMT_STATUS_REJECTED);
2179
2180 if (cp->val != 0x00 && cp->val != 0x01)
2181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2182 MGMT_STATUS_INVALID_PARAMS);
2183
2184 hci_dev_lock(hdev);
2185
2186 if (!hdev_is_powered(hdev)) {
2187 err = set_connectable_update_settings(hdev, sk, cp->val);
2188 goto failed;
2189 }
2190
2191 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2192 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2193 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2194 MGMT_STATUS_BUSY);
2195 goto failed;
2196 }
2197
2198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2199 if (!cmd) {
2200 err = -ENOMEM;
2201 goto failed;
2202 }
2203
2204 hci_req_init(&req, hdev);
2205
2206
2207
2208
2209
2210 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2211 if (!cp->val) {
2212 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2213 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2214 }
2215 update_adv_data(&req);
2216 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2217 if (cp->val) {
2218 scan = SCAN_PAGE;
2219 } else {
2220
2221
2222
2223
2224
2225
2226 if (list_empty(&hdev->whitelist))
2227 scan = SCAN_DISABLED;
2228 else if (test_bit(HCI_ISCAN, &hdev->flags))
2229 scan = SCAN_PAGE;
2230 else
2231 goto no_scan_update;
2232
2233 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2234 hdev->discov_timeout > 0)
2235 cancel_delayed_work(&hdev->discov_off);
2236 }
2237
2238 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2239 }
2240
2241no_scan_update:
2242
2243 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2244 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2245 enable_advertising(&req);
2246
2247 err = hci_req_run(&req, set_connectable_complete);
2248 if (err < 0) {
2249 mgmt_pending_remove(cmd);
2250 if (err == -ENODATA)
2251 err = set_connectable_update_settings(hdev, sk,
2252 cp->val);
2253 goto failed;
2254 }
2255
2256failed:
2257 hci_dev_unlock(hdev);
2258 return err;
2259}
2260
2261static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2262 u16 len)
2263{
2264 struct mgmt_mode *cp = data;
2265 bool changed;
2266 int err;
2267
2268 BT_DBG("request for %s", hdev->name);
2269
2270 if (cp->val != 0x00 && cp->val != 0x01)
2271 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2272 MGMT_STATUS_INVALID_PARAMS);
2273
2274 hci_dev_lock(hdev);
2275
2276 if (cp->val)
2277 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2278 else
2279 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2280
2281 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2282 if (err < 0)
2283 goto unlock;
2284
2285 if (changed)
2286 err = new_settings(hdev, sk);
2287
2288unlock:
2289 hci_dev_unlock(hdev);
2290 return err;
2291}
2292
2293static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2294 u16 len)
2295{
2296 struct mgmt_mode *cp = data;
2297 struct mgmt_pending_cmd *cmd;
2298 u8 val, status;
2299 int err;
2300
2301 BT_DBG("request for %s", hdev->name);
2302
2303 status = mgmt_bredr_support(hdev);
2304 if (status)
2305 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2306 status);
2307
2308 if (cp->val != 0x00 && cp->val != 0x01)
2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2310 MGMT_STATUS_INVALID_PARAMS);
2311
2312 hci_dev_lock(hdev);
2313
2314 if (!hdev_is_powered(hdev)) {
2315 bool changed = false;
2316
2317 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2318 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2319 changed = true;
2320 }
2321
2322 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2323 if (err < 0)
2324 goto failed;
2325
2326 if (changed)
2327 err = new_settings(hdev, sk);
2328
2329 goto failed;
2330 }
2331
2332 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2333 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2334 MGMT_STATUS_BUSY);
2335 goto failed;
2336 }
2337
2338 val = !!cp->val;
2339
2340 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2341 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2342 goto failed;
2343 }
2344
2345 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2346 if (!cmd) {
2347 err = -ENOMEM;
2348 goto failed;
2349 }
2350
2351 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2352 if (err < 0) {
2353 mgmt_pending_remove(cmd);
2354 goto failed;
2355 }
2356
2357failed:
2358 hci_dev_unlock(hdev);
2359 return err;
2360}
2361
2362static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2363{
2364 struct mgmt_mode *cp = data;
2365 struct mgmt_pending_cmd *cmd;
2366 u8 status;
2367 int err;
2368
2369 BT_DBG("request for %s", hdev->name);
2370
2371 status = mgmt_bredr_support(hdev);
2372 if (status)
2373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2374
2375 if (!lmp_ssp_capable(hdev))
2376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2377 MGMT_STATUS_NOT_SUPPORTED);
2378
2379 if (cp->val != 0x00 && cp->val != 0x01)
2380 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2381 MGMT_STATUS_INVALID_PARAMS);
2382
2383 hci_dev_lock(hdev);
2384
2385 if (!hdev_is_powered(hdev)) {
2386 bool changed;
2387
2388 if (cp->val) {
2389 changed = !hci_dev_test_and_set_flag(hdev,
2390 HCI_SSP_ENABLED);
2391 } else {
2392 changed = hci_dev_test_and_clear_flag(hdev,
2393 HCI_SSP_ENABLED);
2394 if (!changed)
2395 changed = hci_dev_test_and_clear_flag(hdev,
2396 HCI_HS_ENABLED);
2397 else
2398 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2399 }
2400
2401 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2402 if (err < 0)
2403 goto failed;
2404
2405 if (changed)
2406 err = new_settings(hdev, sk);
2407
2408 goto failed;
2409 }
2410
2411 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2413 MGMT_STATUS_BUSY);
2414 goto failed;
2415 }
2416
2417 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2418 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2419 goto failed;
2420 }
2421
2422 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2423 if (!cmd) {
2424 err = -ENOMEM;
2425 goto failed;
2426 }
2427
2428 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2429 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2430 sizeof(cp->val), &cp->val);
2431
2432 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2433 if (err < 0) {
2434 mgmt_pending_remove(cmd);
2435 goto failed;
2436 }
2437
2438failed:
2439 hci_dev_unlock(hdev);
2440 return err;
2441}
2442
2443static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2444{
2445 struct mgmt_mode *cp = data;
2446 bool changed;
2447 u8 status;
2448 int err;
2449
2450 BT_DBG("request for %s", hdev->name);
2451
2452 status = mgmt_bredr_support(hdev);
2453 if (status)
2454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2455
2456 if (!lmp_ssp_capable(hdev))
2457 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2458 MGMT_STATUS_NOT_SUPPORTED);
2459
2460 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2461 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2462 MGMT_STATUS_REJECTED);
2463
2464 if (cp->val != 0x00 && cp->val != 0x01)
2465 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2466 MGMT_STATUS_INVALID_PARAMS);
2467
2468 hci_dev_lock(hdev);
2469
2470 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2471 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2472 MGMT_STATUS_BUSY);
2473 goto unlock;
2474 }
2475
2476 if (cp->val) {
2477 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2478 } else {
2479 if (hdev_is_powered(hdev)) {
2480 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2481 MGMT_STATUS_REJECTED);
2482 goto unlock;
2483 }
2484
2485 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2486 }
2487
2488 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2489 if (err < 0)
2490 goto unlock;
2491
2492 if (changed)
2493 err = new_settings(hdev, sk);
2494
2495unlock:
2496 hci_dev_unlock(hdev);
2497 return err;
2498}
2499
2500static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2501{
2502 struct cmd_lookup match = { NULL, hdev };
2503
2504 hci_dev_lock(hdev);
2505
2506 if (status) {
2507 u8 mgmt_err = mgmt_status(status);
2508
2509 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2510 &mgmt_err);
2511 goto unlock;
2512 }
2513
2514 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2515
2516 new_settings(hdev, match.sk);
2517
2518 if (match.sk)
2519 sock_put(match.sk);
2520
2521
2522
2523
2524
2525
2526 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2527 struct hci_request req;
2528
2529 hci_req_init(&req, hdev);
2530 update_adv_data(&req);
2531 update_scan_rsp_data(&req);
2532 __hci_update_background_scan(&req);
2533 hci_req_run(&req, NULL);
2534 }
2535
2536unlock:
2537 hci_dev_unlock(hdev);
2538}
2539
2540static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2541{
2542 struct mgmt_mode *cp = data;
2543 struct hci_cp_write_le_host_supported hci_cp;
2544 struct mgmt_pending_cmd *cmd;
2545 struct hci_request req;
2546 int err;
2547 u8 val, enabled;
2548
2549 BT_DBG("request for %s", hdev->name);
2550
2551 if (!lmp_le_capable(hdev))
2552 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2553 MGMT_STATUS_NOT_SUPPORTED);
2554
2555 if (cp->val != 0x00 && cp->val != 0x01)
2556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2557 MGMT_STATUS_INVALID_PARAMS);
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2569 if (cp->val == 0x01)
2570 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2571
2572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2573 MGMT_STATUS_REJECTED);
2574 }
2575
2576 hci_dev_lock(hdev);
2577
2578 val = !!cp->val;
2579 enabled = lmp_host_le_capable(hdev);
2580
2581 if (!val)
2582 clear_adv_instance(hdev, NULL, 0x00, true);
2583
2584 if (!hdev_is_powered(hdev) || val == enabled) {
2585 bool changed = false;
2586
2587 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2588 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2589 changed = true;
2590 }
2591
2592 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2593 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2594 changed = true;
2595 }
2596
2597 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2598 if (err < 0)
2599 goto unlock;
2600
2601 if (changed)
2602 err = new_settings(hdev, sk);
2603
2604 goto unlock;
2605 }
2606
2607 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2608 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2610 MGMT_STATUS_BUSY);
2611 goto unlock;
2612 }
2613
2614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2615 if (!cmd) {
2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2620 hci_req_init(&req, hdev);
2621
2622 memset(&hci_cp, 0, sizeof(hci_cp));
2623
2624 if (val) {
2625 hci_cp.le = val;
2626 hci_cp.simul = 0x00;
2627 } else {
2628 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2629 disable_advertising(&req);
2630 }
2631
2632 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2633 &hci_cp);
2634
2635 err = hci_req_run(&req, le_enable_complete);
2636 if (err < 0)
2637 mgmt_pending_remove(cmd);
2638
2639unlock:
2640 hci_dev_unlock(hdev);
2641 return err;
2642}
2643
2644
2645
2646
2647
2648
2649
2650static bool pending_eir_or_class(struct hci_dev *hdev)
2651{
2652 struct mgmt_pending_cmd *cmd;
2653
2654 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2655 switch (cmd->opcode) {
2656 case MGMT_OP_ADD_UUID:
2657 case MGMT_OP_REMOVE_UUID:
2658 case MGMT_OP_SET_DEV_CLASS:
2659 case MGMT_OP_SET_POWERED:
2660 return true;
2661 }
2662 }
2663
2664 return false;
2665}
2666
2667static const u8 bluetooth_base_uuid[] = {
2668 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2669 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2670};
2671
2672static u8 get_uuid_size(const u8 *uuid)
2673{
2674 u32 val;
2675
2676 if (memcmp(uuid, bluetooth_base_uuid, 12))
2677 return 128;
2678
2679 val = get_unaligned_le32(&uuid[12]);
2680 if (val > 0xffff)
2681 return 32;
2682
2683 return 16;
2684}
2685
2686static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2687{
2688 struct mgmt_pending_cmd *cmd;
2689
2690 hci_dev_lock(hdev);
2691
2692 cmd = pending_find(mgmt_op, hdev);
2693 if (!cmd)
2694 goto unlock;
2695
2696 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2697 mgmt_status(status), hdev->dev_class, 3);
2698
2699 mgmt_pending_remove(cmd);
2700
2701unlock:
2702 hci_dev_unlock(hdev);
2703}
2704
2705static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2706{
2707 BT_DBG("status 0x%02x", status);
2708
2709 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2710}
2711
2712static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2713{
2714 struct mgmt_cp_add_uuid *cp = data;
2715 struct mgmt_pending_cmd *cmd;
2716 struct hci_request req;
2717 struct bt_uuid *uuid;
2718 int err;
2719
2720 BT_DBG("request for %s", hdev->name);
2721
2722 hci_dev_lock(hdev);
2723
2724 if (pending_eir_or_class(hdev)) {
2725 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2726 MGMT_STATUS_BUSY);
2727 goto failed;
2728 }
2729
2730 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2731 if (!uuid) {
2732 err = -ENOMEM;
2733 goto failed;
2734 }
2735
2736 memcpy(uuid->uuid, cp->uuid, 16);
2737 uuid->svc_hint = cp->svc_hint;
2738 uuid->size = get_uuid_size(cp->uuid);
2739
2740 list_add_tail(&uuid->list, &hdev->uuids);
2741
2742 hci_req_init(&req, hdev);
2743
2744 update_class(&req);
2745 update_eir(&req);
2746
2747 err = hci_req_run(&req, add_uuid_complete);
2748 if (err < 0) {
2749 if (err != -ENODATA)
2750 goto failed;
2751
2752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2753 hdev->dev_class, 3);
2754 goto failed;
2755 }
2756
2757 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2758 if (!cmd) {
2759 err = -ENOMEM;
2760 goto failed;
2761 }
2762
2763 err = 0;
2764
2765failed:
2766 hci_dev_unlock(hdev);
2767 return err;
2768}
2769
2770static bool enable_service_cache(struct hci_dev *hdev)
2771{
2772 if (!hdev_is_powered(hdev))
2773 return false;
2774
2775 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2776 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2777 CACHE_TIMEOUT);
2778 return true;
2779 }
2780
2781 return false;
2782}
2783
2784static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2785{
2786 BT_DBG("status 0x%02x", status);
2787
2788 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2789}
2790
2791static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2792 u16 len)
2793{
2794 struct mgmt_cp_remove_uuid *cp = data;
2795 struct mgmt_pending_cmd *cmd;
2796 struct bt_uuid *match, *tmp;
2797 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2798 struct hci_request req;
2799 int err, found;
2800
2801 BT_DBG("request for %s", hdev->name);
2802
2803 hci_dev_lock(hdev);
2804
2805 if (pending_eir_or_class(hdev)) {
2806 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2807 MGMT_STATUS_BUSY);
2808 goto unlock;
2809 }
2810
2811 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2812 hci_uuids_clear(hdev);
2813
2814 if (enable_service_cache(hdev)) {
2815 err = mgmt_cmd_complete(sk, hdev->id,
2816 MGMT_OP_REMOVE_UUID,
2817 0, hdev->dev_class, 3);
2818 goto unlock;
2819 }
2820
2821 goto update_class;
2822 }
2823
2824 found = 0;
2825
2826 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2827 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2828 continue;
2829
2830 list_del(&match->list);
2831 kfree(match);
2832 found++;
2833 }
2834
2835 if (found == 0) {
2836 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2837 MGMT_STATUS_INVALID_PARAMS);
2838 goto unlock;
2839 }
2840
2841update_class:
2842 hci_req_init(&req, hdev);
2843
2844 update_class(&req);
2845 update_eir(&req);
2846
2847 err = hci_req_run(&req, remove_uuid_complete);
2848 if (err < 0) {
2849 if (err != -ENODATA)
2850 goto unlock;
2851
2852 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2853 hdev->dev_class, 3);
2854 goto unlock;
2855 }
2856
2857 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2858 if (!cmd) {
2859 err = -ENOMEM;
2860 goto unlock;
2861 }
2862
2863 err = 0;
2864
2865unlock:
2866 hci_dev_unlock(hdev);
2867 return err;
2868}
2869
2870static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2871{
2872 BT_DBG("status 0x%02x", status);
2873
2874 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2875}
2876
2877static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2878 u16 len)
2879{
2880 struct mgmt_cp_set_dev_class *cp = data;
2881 struct mgmt_pending_cmd *cmd;
2882 struct hci_request req;
2883 int err;
2884
2885 BT_DBG("request for %s", hdev->name);
2886
2887 if (!lmp_bredr_capable(hdev))
2888 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2889 MGMT_STATUS_NOT_SUPPORTED);
2890
2891 hci_dev_lock(hdev);
2892
2893 if (pending_eir_or_class(hdev)) {
2894 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2895 MGMT_STATUS_BUSY);
2896 goto unlock;
2897 }
2898
2899 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2901 MGMT_STATUS_INVALID_PARAMS);
2902 goto unlock;
2903 }
2904
2905 hdev->major_class = cp->major;
2906 hdev->minor_class = cp->minor;
2907
2908 if (!hdev_is_powered(hdev)) {
2909 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2910 hdev->dev_class, 3);
2911 goto unlock;
2912 }
2913
2914 hci_req_init(&req, hdev);
2915
2916 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2917 hci_dev_unlock(hdev);
2918 cancel_delayed_work_sync(&hdev->service_cache);
2919 hci_dev_lock(hdev);
2920 update_eir(&req);
2921 }
2922
2923 update_class(&req);
2924
2925 err = hci_req_run(&req, set_class_complete);
2926 if (err < 0) {
2927 if (err != -ENODATA)
2928 goto unlock;
2929
2930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2931 hdev->dev_class, 3);
2932 goto unlock;
2933 }
2934
2935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2936 if (!cmd) {
2937 err = -ENOMEM;
2938 goto unlock;
2939 }
2940
2941 err = 0;
2942
2943unlock:
2944 hci_dev_unlock(hdev);
2945 return err;
2946}
2947
2948static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2949 u16 len)
2950{
2951 struct mgmt_cp_load_link_keys *cp = data;
2952 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2953 sizeof(struct mgmt_link_key_info));
2954 u16 key_count, expected_len;
2955 bool changed;
2956 int i;
2957
2958 BT_DBG("request for %s", hdev->name);
2959
2960 if (!lmp_bredr_capable(hdev))
2961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2962 MGMT_STATUS_NOT_SUPPORTED);
2963
2964 key_count = __le16_to_cpu(cp->key_count);
2965 if (key_count > max_key_count) {
2966 BT_ERR("load_link_keys: too big key_count value %u",
2967 key_count);
2968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2969 MGMT_STATUS_INVALID_PARAMS);
2970 }
2971
2972 expected_len = sizeof(*cp) + key_count *
2973 sizeof(struct mgmt_link_key_info);
2974 if (expected_len != len) {
2975 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2976 expected_len, len);
2977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2978 MGMT_STATUS_INVALID_PARAMS);
2979 }
2980
2981 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2983 MGMT_STATUS_INVALID_PARAMS);
2984
2985 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2986 key_count);
2987
2988 for (i = 0; i < key_count; i++) {
2989 struct mgmt_link_key_info *key = &cp->keys[i];
2990
2991 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2992 return mgmt_cmd_status(sk, hdev->id,
2993 MGMT_OP_LOAD_LINK_KEYS,
2994 MGMT_STATUS_INVALID_PARAMS);
2995 }
2996
2997 hci_dev_lock(hdev);
2998
2999 hci_link_keys_clear(hdev);
3000
3001 if (cp->debug_keys)
3002 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
3003 else
3004 changed = hci_dev_test_and_clear_flag(hdev,
3005 HCI_KEEP_DEBUG_KEYS);
3006
3007 if (changed)
3008 new_settings(hdev, NULL);
3009
3010 for (i = 0; i < key_count; i++) {
3011 struct mgmt_link_key_info *key = &cp->keys[i];
3012
3013
3014
3015
3016 if (key->type == HCI_LK_DEBUG_COMBINATION)
3017 continue;
3018
3019 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
3020 key->type, key->pin_len, NULL);
3021 }
3022
3023 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
3024
3025 hci_dev_unlock(hdev);
3026
3027 return 0;
3028}
3029
3030static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
3031 u8 addr_type, struct sock *skip_sk)
3032{
3033 struct mgmt_ev_device_unpaired ev;
3034
3035 bacpy(&ev.addr.bdaddr, bdaddr);
3036 ev.addr.type = addr_type;
3037
3038 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
3039 skip_sk);
3040}
3041
3042static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3043 u16 len)
3044{
3045 struct mgmt_cp_unpair_device *cp = data;
3046 struct mgmt_rp_unpair_device rp;
3047 struct hci_cp_disconnect dc;
3048 struct mgmt_pending_cmd *cmd;
3049 struct hci_conn *conn;
3050 int err;
3051
3052 memset(&rp, 0, sizeof(rp));
3053 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3054 rp.addr.type = cp->addr.type;
3055
3056 if (!bdaddr_type_is_valid(cp->addr.type))
3057 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3058 MGMT_STATUS_INVALID_PARAMS,
3059 &rp, sizeof(rp));
3060
3061 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3062 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3063 MGMT_STATUS_INVALID_PARAMS,
3064 &rp, sizeof(rp));
3065
3066 hci_dev_lock(hdev);
3067
3068 if (!hdev_is_powered(hdev)) {
3069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3070 MGMT_STATUS_NOT_POWERED, &rp,
3071 sizeof(rp));
3072 goto unlock;
3073 }
3074
3075 if (cp->addr.type == BDADDR_BREDR) {
3076
3077
3078
3079
3080
3081
3082
3083 if (cp->disconnect)
3084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3085 &cp->addr.bdaddr);
3086 else
3087 conn = NULL;
3088
3089 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3090 } else {
3091 u8 addr_type;
3092
3093 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
3094 &cp->addr.bdaddr);
3095 if (conn) {
3096
3097
3098
3099
3100 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3101
3102
3103
3104
3105
3106 if (!cp->disconnect)
3107 conn = NULL;
3108 }
3109
3110 if (cp->addr.type == BDADDR_LE_PUBLIC)
3111 addr_type = ADDR_LE_DEV_PUBLIC;
3112 else
3113 addr_type = ADDR_LE_DEV_RANDOM;
3114
3115 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
3116
3117 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
3118 }
3119
3120 if (err < 0) {
3121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3122 MGMT_STATUS_NOT_PAIRED, &rp,
3123 sizeof(rp));
3124 goto unlock;
3125 }
3126
3127
3128
3129
3130 if (!conn) {
3131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3132 &rp, sizeof(rp));
3133 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3134 goto unlock;
3135 }
3136
3137 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3138 sizeof(*cp));
3139 if (!cmd) {
3140 err = -ENOMEM;
3141 goto unlock;
3142 }
3143
3144 cmd->cmd_complete = addr_cmd_complete;
3145
3146 dc.handle = cpu_to_le16(conn->handle);
3147 dc.reason = 0x13;
3148 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3149 if (err < 0)
3150 mgmt_pending_remove(cmd);
3151
3152unlock:
3153 hci_dev_unlock(hdev);
3154 return err;
3155}
3156
3157static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3158 u16 len)
3159{
3160 struct mgmt_cp_disconnect *cp = data;
3161 struct mgmt_rp_disconnect rp;
3162 struct mgmt_pending_cmd *cmd;
3163 struct hci_conn *conn;
3164 int err;
3165
3166 BT_DBG("");
3167
3168 memset(&rp, 0, sizeof(rp));
3169 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3170 rp.addr.type = cp->addr.type;
3171
3172 if (!bdaddr_type_is_valid(cp->addr.type))
3173 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3174 MGMT_STATUS_INVALID_PARAMS,
3175 &rp, sizeof(rp));
3176
3177 hci_dev_lock(hdev);
3178
3179 if (!test_bit(HCI_UP, &hdev->flags)) {
3180 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3181 MGMT_STATUS_NOT_POWERED, &rp,
3182 sizeof(rp));
3183 goto failed;
3184 }
3185
3186 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3187 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3188 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3189 goto failed;
3190 }
3191
3192 if (cp->addr.type == BDADDR_BREDR)
3193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3194 &cp->addr.bdaddr);
3195 else
3196 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3197
3198 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3199 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3200 MGMT_STATUS_NOT_CONNECTED, &rp,
3201 sizeof(rp));
3202 goto failed;
3203 }
3204
3205 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3206 if (!cmd) {
3207 err = -ENOMEM;
3208 goto failed;
3209 }
3210
3211 cmd->cmd_complete = generic_cmd_complete;
3212
3213 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3214 if (err < 0)
3215 mgmt_pending_remove(cmd);
3216
3217failed:
3218 hci_dev_unlock(hdev);
3219 return err;
3220}
3221
3222static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3223{
3224 switch (link_type) {
3225 case LE_LINK:
3226 switch (addr_type) {
3227 case ADDR_LE_DEV_PUBLIC:
3228 return BDADDR_LE_PUBLIC;
3229
3230 default:
3231
3232 return BDADDR_LE_RANDOM;
3233 }
3234
3235 default:
3236
3237 return BDADDR_BREDR;
3238 }
3239}
3240
3241static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3242 u16 data_len)
3243{
3244 struct mgmt_rp_get_connections *rp;
3245 struct hci_conn *c;
3246 size_t rp_len;
3247 int err;
3248 u16 i;
3249
3250 BT_DBG("");
3251
3252 hci_dev_lock(hdev);
3253
3254 if (!hdev_is_powered(hdev)) {
3255 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3256 MGMT_STATUS_NOT_POWERED);
3257 goto unlock;
3258 }
3259
3260 i = 0;
3261 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3262 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3263 i++;
3264 }
3265
3266 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3267 rp = kmalloc(rp_len, GFP_KERNEL);
3268 if (!rp) {
3269 err = -ENOMEM;
3270 goto unlock;
3271 }
3272
3273 i = 0;
3274 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3275 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3276 continue;
3277 bacpy(&rp->addr[i].bdaddr, &c->dst);
3278 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3279 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3280 continue;
3281 i++;
3282 }
3283
3284 rp->conn_count = cpu_to_le16(i);
3285
3286
3287 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3288
3289 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3290 rp_len);
3291
3292 kfree(rp);
3293
3294unlock:
3295 hci_dev_unlock(hdev);
3296 return err;
3297}
3298
3299static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3300 struct mgmt_cp_pin_code_neg_reply *cp)
3301{
3302 struct mgmt_pending_cmd *cmd;
3303 int err;
3304
3305 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3306 sizeof(*cp));
3307 if (!cmd)
3308 return -ENOMEM;
3309
3310 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3311 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3312 if (err < 0)
3313 mgmt_pending_remove(cmd);
3314
3315 return err;
3316}
3317
3318static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3319 u16 len)
3320{
3321 struct hci_conn *conn;
3322 struct mgmt_cp_pin_code_reply *cp = data;
3323 struct hci_cp_pin_code_reply reply;
3324 struct mgmt_pending_cmd *cmd;
3325 int err;
3326
3327 BT_DBG("");
3328
3329 hci_dev_lock(hdev);
3330
3331 if (!hdev_is_powered(hdev)) {
3332 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3333 MGMT_STATUS_NOT_POWERED);
3334 goto failed;
3335 }
3336
3337 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3338 if (!conn) {
3339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3340 MGMT_STATUS_NOT_CONNECTED);
3341 goto failed;
3342 }
3343
3344 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3345 struct mgmt_cp_pin_code_neg_reply ncp;
3346
3347 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3348
3349 BT_ERR("PIN code is not 16 bytes long");
3350
3351 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3352 if (err >= 0)
3353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3354 MGMT_STATUS_INVALID_PARAMS);
3355
3356 goto failed;
3357 }
3358
3359 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3360 if (!cmd) {
3361 err = -ENOMEM;
3362 goto failed;
3363 }
3364
3365 cmd->cmd_complete = addr_cmd_complete;
3366
3367 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3368 reply.pin_len = cp->pin_len;
3369 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3370
3371 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3372 if (err < 0)
3373 mgmt_pending_remove(cmd);
3374
3375failed:
3376 hci_dev_unlock(hdev);
3377 return err;
3378}
3379
3380static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3381 u16 len)
3382{
3383 struct mgmt_cp_set_io_capability *cp = data;
3384
3385 BT_DBG("");
3386
3387 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3388 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3389 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3390
3391 hci_dev_lock(hdev);
3392
3393 hdev->io_capability = cp->io_capability;
3394
3395 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3396 hdev->io_capability);
3397
3398 hci_dev_unlock(hdev);
3399
3400 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3401 NULL, 0);
3402}
3403
3404static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3405{
3406 struct hci_dev *hdev = conn->hdev;
3407 struct mgmt_pending_cmd *cmd;
3408
3409 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3410 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3411 continue;
3412
3413 if (cmd->user_data != conn)
3414 continue;
3415
3416 return cmd;
3417 }
3418
3419 return NULL;
3420}
3421
3422static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3423{
3424 struct mgmt_rp_pair_device rp;
3425 struct hci_conn *conn = cmd->user_data;
3426 int err;
3427
3428 bacpy(&rp.addr.bdaddr, &conn->dst);
3429 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3430
3431 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3432 status, &rp, sizeof(rp));
3433
3434
3435 conn->connect_cfm_cb = NULL;
3436 conn->security_cfm_cb = NULL;
3437 conn->disconn_cfm_cb = NULL;
3438
3439 hci_conn_drop(conn);
3440
3441
3442
3443
3444 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3445
3446 hci_conn_put(conn);
3447
3448 return err;
3449}
3450
3451void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3452{
3453 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3454 struct mgmt_pending_cmd *cmd;
3455
3456 cmd = find_pairing(conn);
3457 if (cmd) {
3458 cmd->cmd_complete(cmd, status);
3459 mgmt_pending_remove(cmd);
3460 }
3461}
3462
3463static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3464{
3465 struct mgmt_pending_cmd *cmd;
3466
3467 BT_DBG("status %u", status);
3468
3469 cmd = find_pairing(conn);
3470 if (!cmd) {
3471 BT_DBG("Unable to find a pending command");
3472 return;
3473 }
3474
3475 cmd->cmd_complete(cmd, mgmt_status(status));
3476 mgmt_pending_remove(cmd);
3477}
3478
3479static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3480{
3481 struct mgmt_pending_cmd *cmd;
3482
3483 BT_DBG("status %u", status);
3484
3485 if (!status)
3486 return;
3487
3488 cmd = find_pairing(conn);
3489 if (!cmd) {
3490 BT_DBG("Unable to find a pending command");
3491 return;
3492 }
3493
3494 cmd->cmd_complete(cmd, mgmt_status(status));
3495 mgmt_pending_remove(cmd);
3496}
3497
3498static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3499 u16 len)
3500{
3501 struct mgmt_cp_pair_device *cp = data;
3502 struct mgmt_rp_pair_device rp;
3503 struct mgmt_pending_cmd *cmd;
3504 u8 sec_level, auth_type;
3505 struct hci_conn *conn;
3506 int err;
3507
3508 BT_DBG("");
3509
3510 memset(&rp, 0, sizeof(rp));
3511 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3512 rp.addr.type = cp->addr.type;
3513
3514 if (!bdaddr_type_is_valid(cp->addr.type))
3515 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3516 MGMT_STATUS_INVALID_PARAMS,
3517 &rp, sizeof(rp));
3518
3519 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3520 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3521 MGMT_STATUS_INVALID_PARAMS,
3522 &rp, sizeof(rp));
3523
3524 hci_dev_lock(hdev);
3525
3526 if (!hdev_is_powered(hdev)) {
3527 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3528 MGMT_STATUS_NOT_POWERED, &rp,
3529 sizeof(rp));
3530 goto unlock;
3531 }
3532
3533 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3534 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3535 MGMT_STATUS_ALREADY_PAIRED, &rp,
3536 sizeof(rp));
3537 goto unlock;
3538 }
3539
3540 sec_level = BT_SECURITY_MEDIUM;
3541 auth_type = HCI_AT_DEDICATED_BONDING;
3542
3543 if (cp->addr.type == BDADDR_BREDR) {
3544 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3545 auth_type);
3546 } else {
3547 u8 addr_type;
3548
3549
3550
3551 if (cp->addr.type == BDADDR_LE_PUBLIC)
3552 addr_type = ADDR_LE_DEV_PUBLIC;
3553 else
3554 addr_type = ADDR_LE_DEV_RANDOM;
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3566
3567 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3568 sec_level, HCI_LE_CONN_TIMEOUT,
3569 HCI_ROLE_MASTER);
3570 }
3571
3572 if (IS_ERR(conn)) {
3573 int status;
3574
3575 if (PTR_ERR(conn) == -EBUSY)
3576 status = MGMT_STATUS_BUSY;
3577 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3578 status = MGMT_STATUS_NOT_SUPPORTED;
3579 else if (PTR_ERR(conn) == -ECONNREFUSED)
3580 status = MGMT_STATUS_REJECTED;
3581 else
3582 status = MGMT_STATUS_CONNECT_FAILED;
3583
3584 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3585 status, &rp, sizeof(rp));
3586 goto unlock;
3587 }
3588
3589 if (conn->connect_cfm_cb) {
3590 hci_conn_drop(conn);
3591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3592 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3593 goto unlock;
3594 }
3595
3596 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3597 if (!cmd) {
3598 err = -ENOMEM;
3599 hci_conn_drop(conn);
3600 goto unlock;
3601 }
3602
3603 cmd->cmd_complete = pairing_complete;
3604
3605
3606 if (cp->addr.type == BDADDR_BREDR) {
3607 conn->connect_cfm_cb = pairing_complete_cb;
3608 conn->security_cfm_cb = pairing_complete_cb;
3609 conn->disconn_cfm_cb = pairing_complete_cb;
3610 } else {
3611 conn->connect_cfm_cb = le_pairing_complete_cb;
3612 conn->security_cfm_cb = le_pairing_complete_cb;
3613 conn->disconn_cfm_cb = le_pairing_complete_cb;
3614 }
3615
3616 conn->io_capability = cp->io_cap;
3617 cmd->user_data = hci_conn_get(conn);
3618
3619 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3620 hci_conn_security(conn, sec_level, auth_type, true)) {
3621 cmd->cmd_complete(cmd, 0);
3622 mgmt_pending_remove(cmd);
3623 }
3624
3625 err = 0;
3626
3627unlock:
3628 hci_dev_unlock(hdev);
3629 return err;
3630}
3631
3632static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3633 u16 len)
3634{
3635 struct mgmt_addr_info *addr = data;
3636 struct mgmt_pending_cmd *cmd;
3637 struct hci_conn *conn;
3638 int err;
3639
3640 BT_DBG("");
3641
3642 hci_dev_lock(hdev);
3643
3644 if (!hdev_is_powered(hdev)) {
3645 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3646 MGMT_STATUS_NOT_POWERED);
3647 goto unlock;
3648 }
3649
3650 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3651 if (!cmd) {
3652 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3653 MGMT_STATUS_INVALID_PARAMS);
3654 goto unlock;
3655 }
3656
3657 conn = cmd->user_data;
3658
3659 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3661 MGMT_STATUS_INVALID_PARAMS);
3662 goto unlock;
3663 }
3664
3665 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3666 mgmt_pending_remove(cmd);
3667
3668 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3669 addr, sizeof(*addr));
3670unlock:
3671 hci_dev_unlock(hdev);
3672 return err;
3673}
3674
3675static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3676 struct mgmt_addr_info *addr, u16 mgmt_op,
3677 u16 hci_op, __le32 passkey)
3678{
3679 struct mgmt_pending_cmd *cmd;
3680 struct hci_conn *conn;
3681 int err;
3682
3683 hci_dev_lock(hdev);
3684
3685 if (!hdev_is_powered(hdev)) {
3686 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3687 MGMT_STATUS_NOT_POWERED, addr,
3688 sizeof(*addr));
3689 goto done;
3690 }
3691
3692 if (addr->type == BDADDR_BREDR)
3693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3694 else
3695 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3696
3697 if (!conn) {
3698 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3699 MGMT_STATUS_NOT_CONNECTED, addr,
3700 sizeof(*addr));
3701 goto done;
3702 }
3703
3704 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3705 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3706 if (!err)
3707 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3708 MGMT_STATUS_SUCCESS, addr,
3709 sizeof(*addr));
3710 else
3711 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3712 MGMT_STATUS_FAILED, addr,
3713 sizeof(*addr));
3714
3715 goto done;
3716 }
3717
3718 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3719 if (!cmd) {
3720 err = -ENOMEM;
3721 goto done;
3722 }
3723
3724 cmd->cmd_complete = addr_cmd_complete;
3725
3726
3727 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3728 struct hci_cp_user_passkey_reply cp;
3729
3730 bacpy(&cp.bdaddr, &addr->bdaddr);
3731 cp.passkey = passkey;
3732 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3733 } else
3734 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3735 &addr->bdaddr);
3736
3737 if (err < 0)
3738 mgmt_pending_remove(cmd);
3739
3740done:
3741 hci_dev_unlock(hdev);
3742 return err;
3743}
3744
3745static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3746 void *data, u16 len)
3747{
3748 struct mgmt_cp_pin_code_neg_reply *cp = data;
3749
3750 BT_DBG("");
3751
3752 return user_pairing_resp(sk, hdev, &cp->addr,
3753 MGMT_OP_PIN_CODE_NEG_REPLY,
3754 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3755}
3756
3757static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3758 u16 len)
3759{
3760 struct mgmt_cp_user_confirm_reply *cp = data;
3761
3762 BT_DBG("");
3763
3764 if (len != sizeof(*cp))
3765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3766 MGMT_STATUS_INVALID_PARAMS);
3767
3768 return user_pairing_resp(sk, hdev, &cp->addr,
3769 MGMT_OP_USER_CONFIRM_REPLY,
3770 HCI_OP_USER_CONFIRM_REPLY, 0);
3771}
3772
3773static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3774 void *data, u16 len)
3775{
3776 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3777
3778 BT_DBG("");
3779
3780 return user_pairing_resp(sk, hdev, &cp->addr,
3781 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3782 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3783}
3784
3785static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3786 u16 len)
3787{
3788 struct mgmt_cp_user_passkey_reply *cp = data;
3789
3790 BT_DBG("");
3791
3792 return user_pairing_resp(sk, hdev, &cp->addr,
3793 MGMT_OP_USER_PASSKEY_REPLY,
3794 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3795}
3796
3797static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3798 void *data, u16 len)
3799{
3800 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3801
3802 BT_DBG("");
3803
3804 return user_pairing_resp(sk, hdev, &cp->addr,
3805 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3806 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3807}
3808
3809static void update_name(struct hci_request *req)
3810{
3811 struct hci_dev *hdev = req->hdev;
3812 struct hci_cp_write_local_name cp;
3813
3814 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3815
3816 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3817}
3818
3819static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3820{
3821 struct mgmt_cp_set_local_name *cp;
3822 struct mgmt_pending_cmd *cmd;
3823
3824 BT_DBG("status 0x%02x", status);
3825
3826 hci_dev_lock(hdev);
3827
3828 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3829 if (!cmd)
3830 goto unlock;
3831
3832 cp = cmd->param;
3833
3834 if (status)
3835 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3836 mgmt_status(status));
3837 else
3838 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3839 cp, sizeof(*cp));
3840
3841 mgmt_pending_remove(cmd);
3842
3843unlock:
3844 hci_dev_unlock(hdev);
3845}
3846
3847static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3848 u16 len)
3849{
3850 struct mgmt_cp_set_local_name *cp = data;
3851 struct mgmt_pending_cmd *cmd;
3852 struct hci_request req;
3853 int err;
3854
3855 BT_DBG("");
3856
3857 hci_dev_lock(hdev);
3858
3859
3860
3861
3862 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3863 !memcmp(hdev->short_name, cp->short_name,
3864 sizeof(hdev->short_name))) {
3865 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3866 data, len);
3867 goto failed;
3868 }
3869
3870 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3871
3872 if (!hdev_is_powered(hdev)) {
3873 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3874
3875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3876 data, len);
3877 if (err < 0)
3878 goto failed;
3879
3880 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3881 data, len, sk);
3882
3883 goto failed;
3884 }
3885
3886 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3887 if (!cmd) {
3888 err = -ENOMEM;
3889 goto failed;
3890 }
3891
3892 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3893
3894 hci_req_init(&req, hdev);
3895
3896 if (lmp_bredr_capable(hdev)) {
3897 update_name(&req);
3898 update_eir(&req);
3899 }
3900
3901
3902
3903
3904 if (lmp_le_capable(hdev))
3905 update_scan_rsp_data(&req);
3906
3907 err = hci_req_run(&req, set_name_complete);
3908 if (err < 0)
3909 mgmt_pending_remove(cmd);
3910
3911failed:
3912 hci_dev_unlock(hdev);
3913 return err;
3914}
3915
3916static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3917 u16 opcode, struct sk_buff *skb)
3918{
3919 struct mgmt_rp_read_local_oob_data mgmt_rp;
3920 size_t rp_size = sizeof(mgmt_rp);
3921 struct mgmt_pending_cmd *cmd;
3922
3923 BT_DBG("%s status %u", hdev->name, status);
3924
3925 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3926 if (!cmd)
3927 return;
3928
3929 if (status || !skb) {
3930 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3931 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3932 goto remove;
3933 }
3934
3935 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3936
3937 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3938 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3939
3940 if (skb->len < sizeof(*rp)) {
3941 mgmt_cmd_status(cmd->sk, hdev->id,
3942 MGMT_OP_READ_LOCAL_OOB_DATA,
3943 MGMT_STATUS_FAILED);
3944 goto remove;
3945 }
3946
3947 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3948 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3949
3950 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3951 } else {
3952 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3953
3954 if (skb->len < sizeof(*rp)) {
3955 mgmt_cmd_status(cmd->sk, hdev->id,
3956 MGMT_OP_READ_LOCAL_OOB_DATA,
3957 MGMT_STATUS_FAILED);
3958 goto remove;
3959 }
3960
3961 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3962 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3963
3964 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3965 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3966 }
3967
3968 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3969 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3970
3971remove:
3972 mgmt_pending_remove(cmd);
3973}
3974
3975static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3976 void *data, u16 data_len)
3977{
3978 struct mgmt_pending_cmd *cmd;
3979 struct hci_request req;
3980 int err;
3981
3982 BT_DBG("%s", hdev->name);
3983
3984 hci_dev_lock(hdev);
3985
3986 if (!hdev_is_powered(hdev)) {
3987 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3988 MGMT_STATUS_NOT_POWERED);
3989 goto unlock;
3990 }
3991
3992 if (!lmp_ssp_capable(hdev)) {
3993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3994 MGMT_STATUS_NOT_SUPPORTED);
3995 goto unlock;
3996 }
3997
3998 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3999 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4000 MGMT_STATUS_BUSY);
4001 goto unlock;
4002 }
4003
4004 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4005 if (!cmd) {
4006 err = -ENOMEM;
4007 goto unlock;
4008 }
4009
4010 hci_req_init(&req, hdev);
4011
4012 if (bredr_sc_enabled(hdev))
4013 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4014 else
4015 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4016
4017 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4018 if (err < 0)
4019 mgmt_pending_remove(cmd);
4020
4021unlock:
4022 hci_dev_unlock(hdev);
4023 return err;
4024}
4025
4026static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4027 void *data, u16 len)
4028{
4029 struct mgmt_addr_info *addr = data;
4030 int err;
4031
4032 BT_DBG("%s ", hdev->name);
4033
4034 if (!bdaddr_type_is_valid(addr->type))
4035 return mgmt_cmd_complete(sk, hdev->id,
4036 MGMT_OP_ADD_REMOTE_OOB_DATA,
4037 MGMT_STATUS_INVALID_PARAMS,
4038 addr, sizeof(*addr));
4039
4040 hci_dev_lock(hdev);
4041
4042 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4043 struct mgmt_cp_add_remote_oob_data *cp = data;
4044 u8 status;
4045
4046 if (cp->addr.type != BDADDR_BREDR) {
4047 err = mgmt_cmd_complete(sk, hdev->id,
4048 MGMT_OP_ADD_REMOTE_OOB_DATA,
4049 MGMT_STATUS_INVALID_PARAMS,
4050 &cp->addr, sizeof(cp->addr));
4051 goto unlock;
4052 }
4053
4054 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4055 cp->addr.type, cp->hash,
4056 cp->rand, NULL, NULL);
4057 if (err < 0)
4058 status = MGMT_STATUS_FAILED;
4059 else
4060 status = MGMT_STATUS_SUCCESS;
4061
4062 err = mgmt_cmd_complete(sk, hdev->id,
4063 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4064 &cp->addr, sizeof(cp->addr));
4065 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4066 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4067 u8 *rand192, *hash192, *rand256, *hash256;
4068 u8 status;
4069
4070 if (bdaddr_type_is_le(cp->addr.type)) {
4071
4072
4073
4074 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4075 memcmp(cp->hash192, ZERO_KEY, 16)) {
4076 err = mgmt_cmd_complete(sk, hdev->id,
4077 MGMT_OP_ADD_REMOTE_OOB_DATA,
4078 MGMT_STATUS_INVALID_PARAMS,
4079 addr, sizeof(*addr));
4080 goto unlock;
4081 }
4082
4083 rand192 = NULL;
4084 hash192 = NULL;
4085 } else {
4086
4087
4088
4089 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4090 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4091 rand192 = NULL;
4092 hash192 = NULL;
4093 } else {
4094 rand192 = cp->rand192;
4095 hash192 = cp->hash192;
4096 }
4097 }
4098
4099
4100
4101
4102 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4103 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4104 rand256 = NULL;
4105 hash256 = NULL;
4106 } else {
4107 rand256 = cp->rand256;
4108 hash256 = cp->hash256;
4109 }
4110
4111 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4112 cp->addr.type, hash192, rand192,
4113 hash256, rand256);
4114 if (err < 0)
4115 status = MGMT_STATUS_FAILED;
4116 else
4117 status = MGMT_STATUS_SUCCESS;
4118
4119 err = mgmt_cmd_complete(sk, hdev->id,
4120 MGMT_OP_ADD_REMOTE_OOB_DATA,
4121 status, &cp->addr, sizeof(cp->addr));
4122 } else {
4123 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
4124 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4125 MGMT_STATUS_INVALID_PARAMS);
4126 }
4127
4128unlock:
4129 hci_dev_unlock(hdev);
4130 return err;
4131}
4132
4133static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4134 void *data, u16 len)
4135{
4136 struct mgmt_cp_remove_remote_oob_data *cp = data;
4137 u8 status;
4138 int err;
4139
4140 BT_DBG("%s", hdev->name);
4141
4142 if (cp->addr.type != BDADDR_BREDR)
4143 return mgmt_cmd_complete(sk, hdev->id,
4144 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4145 MGMT_STATUS_INVALID_PARAMS,
4146 &cp->addr, sizeof(cp->addr));
4147
4148 hci_dev_lock(hdev);
4149
4150 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4151 hci_remote_oob_data_clear(hdev);
4152 status = MGMT_STATUS_SUCCESS;
4153 goto done;
4154 }
4155
4156 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4157 if (err < 0)
4158 status = MGMT_STATUS_INVALID_PARAMS;
4159 else
4160 status = MGMT_STATUS_SUCCESS;
4161
4162done:
4163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4164 status, &cp->addr, sizeof(cp->addr));
4165
4166 hci_dev_unlock(hdev);
4167 return err;
4168}
4169
4170static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4171{
4172 struct hci_dev *hdev = req->hdev;
4173 struct hci_cp_inquiry cp;
4174
4175 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4176
4177 *status = mgmt_bredr_support(hdev);
4178 if (*status)
4179 return false;
4180
4181 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4182 *status = MGMT_STATUS_BUSY;
4183 return false;
4184 }
4185
4186 hci_inquiry_cache_flush(hdev);
4187
4188 memset(&cp, 0, sizeof(cp));
4189 memcpy(&cp.lap, lap, sizeof(cp.lap));
4190 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4191
4192 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4193
4194 return true;
4195}
4196
4197static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4198{
4199 struct hci_dev *hdev = req->hdev;
4200 struct hci_cp_le_set_scan_param param_cp;
4201 struct hci_cp_le_set_scan_enable enable_cp;
4202 u8 own_addr_type;
4203 int err;
4204
4205 *status = mgmt_le_support(hdev);
4206 if (*status)
4207 return false;
4208
4209 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4210
4211
4212
4213 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4214 *status = MGMT_STATUS_REJECTED;
4215 return false;
4216 }
4217
4218 cancel_adv_timeout(hdev);
4219 disable_advertising(req);
4220 }
4221
4222
4223
4224
4225
4226 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4227 hci_req_add_le_scan_disable(req);
4228
4229
4230
4231
4232
4233 err = hci_update_random_address(req, true, &own_addr_type);
4234 if (err < 0) {
4235 *status = MGMT_STATUS_FAILED;
4236 return false;
4237 }
4238
4239 memset(¶m_cp, 0, sizeof(param_cp));
4240 param_cp.type = LE_SCAN_ACTIVE;
4241 param_cp.interval = cpu_to_le16(interval);
4242 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4243 param_cp.own_address_type = own_addr_type;
4244
4245 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4246 ¶m_cp);
4247
4248 memset(&enable_cp, 0, sizeof(enable_cp));
4249 enable_cp.enable = LE_SCAN_ENABLE;
4250 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4251
4252 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4253 &enable_cp);
4254
4255 return true;
4256}
4257
4258static bool trigger_discovery(struct hci_request *req, u8 *status)
4259{
4260 struct hci_dev *hdev = req->hdev;
4261
4262 switch (hdev->discovery.type) {
4263 case DISCOV_TYPE_BREDR:
4264 if (!trigger_bredr_inquiry(req, status))
4265 return false;
4266 break;
4267
4268 case DISCOV_TYPE_INTERLEAVED:
4269 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4270 &hdev->quirks)) {
4271
4272
4273
4274
4275 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4276 status))
4277 return false;
4278
4279 if (!trigger_bredr_inquiry(req, status))
4280 return false;
4281
4282 return true;
4283 }
4284
4285 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4286 *status = MGMT_STATUS_NOT_SUPPORTED;
4287 return false;
4288 }
4289
4290
4291 case DISCOV_TYPE_LE:
4292 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4293 return false;
4294 break;
4295
4296 default:
4297 *status = MGMT_STATUS_INVALID_PARAMS;
4298 return false;
4299 }
4300
4301 return true;
4302}
4303
4304static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4305 u16 opcode)
4306{
4307 struct mgmt_pending_cmd *cmd;
4308 unsigned long timeout;
4309
4310 BT_DBG("status %d", status);
4311
4312 hci_dev_lock(hdev);
4313
4314 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4315 if (!cmd)
4316 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4317
4318 if (cmd) {
4319 cmd->cmd_complete(cmd, mgmt_status(status));
4320 mgmt_pending_remove(cmd);
4321 }
4322
4323 if (status) {
4324 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4325 goto unlock;
4326 }
4327
4328 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4329
4330
4331
4332
4333 switch (hdev->discovery.type) {
4334 case DISCOV_TYPE_LE:
4335 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4336 break;
4337 case DISCOV_TYPE_INTERLEAVED:
4338
4339
4340
4341
4342
4343
4344
4345
4346 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4347 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4348 else
4349 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4350 break;
4351 case DISCOV_TYPE_BREDR:
4352 timeout = 0;
4353 break;
4354 default:
4355 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4356 timeout = 0;
4357 break;
4358 }
4359
4360 if (timeout) {
4361
4362
4363
4364
4365
4366 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4367 &hdev->quirks) &&
4368 hdev->discovery.result_filtering) {
4369 hdev->discovery.scan_start = jiffies;
4370 hdev->discovery.scan_duration = timeout;
4371 }
4372
4373 queue_delayed_work(hdev->workqueue,
4374 &hdev->le_scan_disable, timeout);
4375 }
4376
4377unlock:
4378 hci_dev_unlock(hdev);
4379}
4380
4381static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4382 void *data, u16 len)
4383{
4384 struct mgmt_cp_start_discovery *cp = data;
4385 struct mgmt_pending_cmd *cmd;
4386 struct hci_request req;
4387 u8 status;
4388 int err;
4389
4390 BT_DBG("%s", hdev->name);
4391
4392 hci_dev_lock(hdev);
4393
4394 if (!hdev_is_powered(hdev)) {
4395 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4396 MGMT_STATUS_NOT_POWERED,
4397 &cp->type, sizeof(cp->type));
4398 goto failed;
4399 }
4400
4401 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4402 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4404 MGMT_STATUS_BUSY, &cp->type,
4405 sizeof(cp->type));
4406 goto failed;
4407 }
4408
4409 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4410 if (!cmd) {
4411 err = -ENOMEM;
4412 goto failed;
4413 }
4414
4415 cmd->cmd_complete = generic_cmd_complete;
4416
4417
4418
4419
4420 hci_discovery_filter_clear(hdev);
4421
4422 hdev->discovery.type = cp->type;
4423 hdev->discovery.report_invalid_rssi = false;
4424
4425 hci_req_init(&req, hdev);
4426
4427 if (!trigger_discovery(&req, &status)) {
4428 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4429 status, &cp->type, sizeof(cp->type));
4430 mgmt_pending_remove(cmd);
4431 goto failed;
4432 }
4433
4434 err = hci_req_run(&req, start_discovery_complete);
4435 if (err < 0) {
4436 mgmt_pending_remove(cmd);
4437 goto failed;
4438 }
4439
4440 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4441
4442failed:
4443 hci_dev_unlock(hdev);
4444 return err;
4445}
4446
4447static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4448 u8 status)
4449{
4450 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4451 cmd->param, 1);
4452}
4453
4454static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4455 void *data, u16 len)
4456{
4457 struct mgmt_cp_start_service_discovery *cp = data;
4458 struct mgmt_pending_cmd *cmd;
4459 struct hci_request req;
4460 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4461 u16 uuid_count, expected_len;
4462 u8 status;
4463 int err;
4464
4465 BT_DBG("%s", hdev->name);
4466
4467 hci_dev_lock(hdev);
4468
4469 if (!hdev_is_powered(hdev)) {
4470 err = mgmt_cmd_complete(sk, hdev->id,
4471 MGMT_OP_START_SERVICE_DISCOVERY,
4472 MGMT_STATUS_NOT_POWERED,
4473 &cp->type, sizeof(cp->type));
4474 goto failed;
4475 }
4476
4477 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4478 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4479 err = mgmt_cmd_complete(sk, hdev->id,
4480 MGMT_OP_START_SERVICE_DISCOVERY,
4481 MGMT_STATUS_BUSY, &cp->type,
4482 sizeof(cp->type));
4483 goto failed;
4484 }
4485
4486 uuid_count = __le16_to_cpu(cp->uuid_count);
4487 if (uuid_count > max_uuid_count) {
4488 BT_ERR("service_discovery: too big uuid_count value %u",
4489 uuid_count);
4490 err = mgmt_cmd_complete(sk, hdev->id,
4491 MGMT_OP_START_SERVICE_DISCOVERY,
4492 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4493 sizeof(cp->type));
4494 goto failed;
4495 }
4496
4497 expected_len = sizeof(*cp) + uuid_count * 16;
4498 if (expected_len != len) {
4499 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4500 expected_len, len);
4501 err = mgmt_cmd_complete(sk, hdev->id,
4502 MGMT_OP_START_SERVICE_DISCOVERY,
4503 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4504 sizeof(cp->type));
4505 goto failed;
4506 }
4507
4508 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4509 hdev, data, len);
4510 if (!cmd) {
4511 err = -ENOMEM;
4512 goto failed;
4513 }
4514
4515 cmd->cmd_complete = service_discovery_cmd_complete;
4516
4517
4518
4519
4520 hci_discovery_filter_clear(hdev);
4521
4522 hdev->discovery.result_filtering = true;
4523 hdev->discovery.type = cp->type;
4524 hdev->discovery.rssi = cp->rssi;
4525 hdev->discovery.uuid_count = uuid_count;
4526
4527 if (uuid_count > 0) {
4528 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4529 GFP_KERNEL);
4530 if (!hdev->discovery.uuids) {
4531 err = mgmt_cmd_complete(sk, hdev->id,
4532 MGMT_OP_START_SERVICE_DISCOVERY,
4533 MGMT_STATUS_FAILED,
4534 &cp->type, sizeof(cp->type));
4535 mgmt_pending_remove(cmd);
4536 goto failed;
4537 }
4538 }
4539
4540 hci_req_init(&req, hdev);
4541
4542 if (!trigger_discovery(&req, &status)) {
4543 err = mgmt_cmd_complete(sk, hdev->id,
4544 MGMT_OP_START_SERVICE_DISCOVERY,
4545 status, &cp->type, sizeof(cp->type));
4546 mgmt_pending_remove(cmd);
4547 goto failed;
4548 }
4549
4550 err = hci_req_run(&req, start_discovery_complete);
4551 if (err < 0) {
4552 mgmt_pending_remove(cmd);
4553 goto failed;
4554 }
4555
4556 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4557
4558failed:
4559 hci_dev_unlock(hdev);
4560 return err;
4561}
4562
4563static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4564{
4565 struct mgmt_pending_cmd *cmd;
4566
4567 BT_DBG("status %d", status);
4568
4569 hci_dev_lock(hdev);
4570
4571 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4572 if (cmd) {
4573 cmd->cmd_complete(cmd, mgmt_status(status));
4574 mgmt_pending_remove(cmd);
4575 }
4576
4577 if (!status)
4578 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4579
4580 hci_dev_unlock(hdev);
4581}
4582
4583static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4584 u16 len)
4585{
4586 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4587 struct mgmt_pending_cmd *cmd;
4588 struct hci_request req;
4589 int err;
4590
4591 BT_DBG("%s", hdev->name);
4592
4593 hci_dev_lock(hdev);
4594
4595 if (!hci_discovery_active(hdev)) {
4596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4597 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4598 sizeof(mgmt_cp->type));
4599 goto unlock;
4600 }
4601
4602 if (hdev->discovery.type != mgmt_cp->type) {
4603 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4604 MGMT_STATUS_INVALID_PARAMS,
4605 &mgmt_cp->type, sizeof(mgmt_cp->type));
4606 goto unlock;
4607 }
4608
4609 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4610 if (!cmd) {
4611 err = -ENOMEM;
4612 goto unlock;
4613 }
4614
4615 cmd->cmd_complete = generic_cmd_complete;
4616
4617 hci_req_init(&req, hdev);
4618
4619 hci_stop_discovery(&req);
4620
4621 err = hci_req_run(&req, stop_discovery_complete);
4622 if (!err) {
4623 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4624 goto unlock;
4625 }
4626
4627 mgmt_pending_remove(cmd);
4628
4629
4630 if (err == -ENODATA) {
4631 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4632 &mgmt_cp->type, sizeof(mgmt_cp->type));
4633 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4634 }
4635
4636unlock:
4637 hci_dev_unlock(hdev);
4638 return err;
4639}
4640
4641static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4642 u16 len)
4643{
4644 struct mgmt_cp_confirm_name *cp = data;
4645 struct inquiry_entry *e;
4646 int err;
4647
4648 BT_DBG("%s", hdev->name);
4649
4650 hci_dev_lock(hdev);
4651
4652 if (!hci_discovery_active(hdev)) {
4653 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4654 MGMT_STATUS_FAILED, &cp->addr,
4655 sizeof(cp->addr));
4656 goto failed;
4657 }
4658
4659 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4660 if (!e) {
4661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4662 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4663 sizeof(cp->addr));
4664 goto failed;
4665 }
4666
4667 if (cp->name_known) {
4668 e->name_state = NAME_KNOWN;
4669 list_del(&e->list);
4670 } else {
4671 e->name_state = NAME_NEEDED;
4672 hci_inquiry_cache_update_resolve(hdev, e);
4673 }
4674
4675 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4676 &cp->addr, sizeof(cp->addr));
4677
4678failed:
4679 hci_dev_unlock(hdev);
4680 return err;
4681}
4682
4683static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4684 u16 len)
4685{
4686 struct mgmt_cp_block_device *cp = data;
4687 u8 status;
4688 int err;
4689
4690 BT_DBG("%s", hdev->name);
4691
4692 if (!bdaddr_type_is_valid(cp->addr.type))
4693 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4694 MGMT_STATUS_INVALID_PARAMS,
4695 &cp->addr, sizeof(cp->addr));
4696
4697 hci_dev_lock(hdev);
4698
4699 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4700 cp->addr.type);
4701 if (err < 0) {
4702 status = MGMT_STATUS_FAILED;
4703 goto done;
4704 }
4705
4706 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4707 sk);
4708 status = MGMT_STATUS_SUCCESS;
4709
4710done:
4711 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4712 &cp->addr, sizeof(cp->addr));
4713
4714 hci_dev_unlock(hdev);
4715
4716 return err;
4717}
4718
4719static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4720 u16 len)
4721{
4722 struct mgmt_cp_unblock_device *cp = data;
4723 u8 status;
4724 int err;
4725
4726 BT_DBG("%s", hdev->name);
4727
4728 if (!bdaddr_type_is_valid(cp->addr.type))
4729 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4730 MGMT_STATUS_INVALID_PARAMS,
4731 &cp->addr, sizeof(cp->addr));
4732
4733 hci_dev_lock(hdev);
4734
4735 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4736 cp->addr.type);
4737 if (err < 0) {
4738 status = MGMT_STATUS_INVALID_PARAMS;
4739 goto done;
4740 }
4741
4742 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4743 sk);
4744 status = MGMT_STATUS_SUCCESS;
4745
4746done:
4747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4748 &cp->addr, sizeof(cp->addr));
4749
4750 hci_dev_unlock(hdev);
4751
4752 return err;
4753}
4754
4755static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4756 u16 len)
4757{
4758 struct mgmt_cp_set_device_id *cp = data;
4759 struct hci_request req;
4760 int err;
4761 __u16 source;
4762
4763 BT_DBG("%s", hdev->name);
4764
4765 source = __le16_to_cpu(cp->source);
4766
4767 if (source > 0x0002)
4768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4769 MGMT_STATUS_INVALID_PARAMS);
4770
4771 hci_dev_lock(hdev);
4772
4773 hdev->devid_source = source;
4774 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4775 hdev->devid_product = __le16_to_cpu(cp->product);
4776 hdev->devid_version = __le16_to_cpu(cp->version);
4777
4778 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4779 NULL, 0);
4780
4781 hci_req_init(&req, hdev);
4782 update_eir(&req);
4783 hci_req_run(&req, NULL);
4784
4785 hci_dev_unlock(hdev);
4786
4787 return err;
4788}
4789
4790static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4791 u16 opcode)
4792{
4793 BT_DBG("status %d", status);
4794}
4795
4796static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4797 u16 opcode)
4798{
4799 struct cmd_lookup match = { NULL, hdev };
4800 struct hci_request req;
4801 u8 instance;
4802 struct adv_info *adv_instance;
4803 int err;
4804
4805 hci_dev_lock(hdev);
4806
4807 if (status) {
4808 u8 mgmt_err = mgmt_status(status);
4809
4810 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4811 cmd_status_rsp, &mgmt_err);
4812 goto unlock;
4813 }
4814
4815 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4816 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4817 else
4818 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4819
4820 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4821 &match);
4822
4823 new_settings(hdev, match.sk);
4824
4825 if (match.sk)
4826 sock_put(match.sk);
4827
4828
4829
4830
4831 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4832 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4833 list_empty(&hdev->adv_instances))
4834 goto unlock;
4835
4836 instance = hdev->cur_adv_instance;
4837 if (!instance) {
4838 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4839 struct adv_info, list);
4840 if (!adv_instance)
4841 goto unlock;
4842
4843 instance = adv_instance->instance;
4844 }
4845
4846 hci_req_init(&req, hdev);
4847
4848 err = schedule_adv_instance(&req, instance, true);
4849
4850 if (!err)
4851 err = hci_req_run(&req, enable_advertising_instance);
4852
4853 if (err)
4854 BT_ERR("Failed to re-configure advertising");
4855
4856unlock:
4857 hci_dev_unlock(hdev);
4858}
4859
4860static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4861 u16 len)
4862{
4863 struct mgmt_mode *cp = data;
4864 struct mgmt_pending_cmd *cmd;
4865 struct hci_request req;
4866 u8 val, status;
4867 int err;
4868
4869 BT_DBG("request for %s", hdev->name);
4870
4871 status = mgmt_le_support(hdev);
4872 if (status)
4873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4874 status);
4875
4876 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4878 MGMT_STATUS_INVALID_PARAMS);
4879
4880 hci_dev_lock(hdev);
4881
4882 val = !!cp->val;
4883
4884
4885
4886
4887
4888
4889 if (!hdev_is_powered(hdev) ||
4890 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4891 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4892 hci_conn_num(hdev, LE_LINK) > 0 ||
4893 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4894 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4895 bool changed;
4896
4897 if (cp->val) {
4898 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4899 if (cp->val == 0x02)
4900 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4901 else
4902 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4903 } else {
4904 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4905 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4906 }
4907
4908 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4909 if (err < 0)
4910 goto unlock;
4911
4912 if (changed)
4913 err = new_settings(hdev, sk);
4914
4915 goto unlock;
4916 }
4917
4918 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4919 pending_find(MGMT_OP_SET_LE, hdev)) {
4920 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4921 MGMT_STATUS_BUSY);
4922 goto unlock;
4923 }
4924
4925 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4926 if (!cmd) {
4927 err = -ENOMEM;
4928 goto unlock;
4929 }
4930
4931 hci_req_init(&req, hdev);
4932
4933 if (cp->val == 0x02)
4934 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4935 else
4936 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4937
4938 cancel_adv_timeout(hdev);
4939
4940 if (val) {
4941
4942
4943
4944
4945 update_inst_adv_data(&req, 0x00);
4946 update_inst_scan_rsp_data(&req, 0x00);
4947 enable_advertising(&req);
4948 } else {
4949 disable_advertising(&req);
4950 }
4951
4952 err = hci_req_run(&req, set_advertising_complete);
4953 if (err < 0)
4954 mgmt_pending_remove(cmd);
4955
4956unlock:
4957 hci_dev_unlock(hdev);
4958 return err;
4959}
4960
4961static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4962 void *data, u16 len)
4963{
4964 struct mgmt_cp_set_static_address *cp = data;
4965 int err;
4966
4967 BT_DBG("%s", hdev->name);
4968
4969 if (!lmp_le_capable(hdev))
4970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4971 MGMT_STATUS_NOT_SUPPORTED);
4972
4973 if (hdev_is_powered(hdev))
4974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4975 MGMT_STATUS_REJECTED);
4976
4977 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4978 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4979 return mgmt_cmd_status(sk, hdev->id,
4980 MGMT_OP_SET_STATIC_ADDRESS,
4981 MGMT_STATUS_INVALID_PARAMS);
4982
4983
4984 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4985 return mgmt_cmd_status(sk, hdev->id,
4986 MGMT_OP_SET_STATIC_ADDRESS,
4987 MGMT_STATUS_INVALID_PARAMS);
4988 }
4989
4990 hci_dev_lock(hdev);
4991
4992 bacpy(&hdev->static_addr, &cp->bdaddr);
4993
4994 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4995 if (err < 0)
4996 goto unlock;
4997
4998 err = new_settings(hdev, sk);
4999
5000unlock:
5001 hci_dev_unlock(hdev);
5002 return err;
5003}
5004
5005static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5006 void *data, u16 len)
5007{
5008 struct mgmt_cp_set_scan_params *cp = data;
5009 __u16 interval, window;
5010 int err;
5011
5012 BT_DBG("%s", hdev->name);
5013
5014 if (!lmp_le_capable(hdev))
5015 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5016 MGMT_STATUS_NOT_SUPPORTED);
5017
5018 interval = __le16_to_cpu(cp->interval);
5019
5020 if (interval < 0x0004 || interval > 0x4000)
5021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5022 MGMT_STATUS_INVALID_PARAMS);
5023
5024 window = __le16_to_cpu(cp->window);
5025
5026 if (window < 0x0004 || window > 0x4000)
5027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5028 MGMT_STATUS_INVALID_PARAMS);
5029
5030 if (window > interval)
5031 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5032 MGMT_STATUS_INVALID_PARAMS);
5033
5034 hci_dev_lock(hdev);
5035
5036 hdev->le_scan_interval = interval;
5037 hdev->le_scan_window = window;
5038
5039 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5040 NULL, 0);
5041
5042
5043
5044
5045 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5046 hdev->discovery.state == DISCOVERY_STOPPED) {
5047 struct hci_request req;
5048
5049 hci_req_init(&req, hdev);
5050
5051 hci_req_add_le_scan_disable(&req);
5052 hci_req_add_le_passive_scan(&req);
5053
5054 hci_req_run(&req, NULL);
5055 }
5056
5057 hci_dev_unlock(hdev);
5058
5059 return err;
5060}
5061
5062static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5063 u16 opcode)
5064{
5065 struct mgmt_pending_cmd *cmd;
5066
5067 BT_DBG("status 0x%02x", status);
5068
5069 hci_dev_lock(hdev);
5070
5071 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5072 if (!cmd)
5073 goto unlock;
5074
5075 if (status) {
5076 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5077 mgmt_status(status));
5078 } else {
5079 struct mgmt_mode *cp = cmd->param;
5080
5081 if (cp->val)
5082 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5083 else
5084 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5085
5086 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5087 new_settings(hdev, cmd->sk);
5088 }
5089
5090 mgmt_pending_remove(cmd);
5091
5092unlock:
5093 hci_dev_unlock(hdev);
5094}
5095
5096static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5097 void *data, u16 len)
5098{
5099 struct mgmt_mode *cp = data;
5100 struct mgmt_pending_cmd *cmd;
5101 struct hci_request req;
5102 int err;
5103
5104 BT_DBG("%s", hdev->name);
5105
5106 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5107 hdev->hci_ver < BLUETOOTH_VER_1_2)
5108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5109 MGMT_STATUS_NOT_SUPPORTED);
5110
5111 if (cp->val != 0x00 && cp->val != 0x01)
5112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5113 MGMT_STATUS_INVALID_PARAMS);
5114
5115 hci_dev_lock(hdev);
5116
5117 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5118 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5119 MGMT_STATUS_BUSY);
5120 goto unlock;
5121 }
5122
5123 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5124 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5125 hdev);
5126 goto unlock;
5127 }
5128
5129 if (!hdev_is_powered(hdev)) {
5130 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5131 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5132 hdev);
5133 new_settings(hdev, sk);
5134 goto unlock;
5135 }
5136
5137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5138 data, len);
5139 if (!cmd) {
5140 err = -ENOMEM;
5141 goto unlock;
5142 }
5143
5144 hci_req_init(&req, hdev);
5145
5146 write_fast_connectable(&req, cp->val);
5147
5148 err = hci_req_run(&req, fast_connectable_complete);
5149 if (err < 0) {
5150 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5151 MGMT_STATUS_FAILED);
5152 mgmt_pending_remove(cmd);
5153 }
5154
5155unlock:
5156 hci_dev_unlock(hdev);
5157
5158 return err;
5159}
5160
5161static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5162{
5163 struct mgmt_pending_cmd *cmd;
5164
5165 BT_DBG("status 0x%02x", status);
5166
5167 hci_dev_lock(hdev);
5168
5169 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5170 if (!cmd)
5171 goto unlock;
5172
5173 if (status) {
5174 u8 mgmt_err = mgmt_status(status);
5175
5176
5177
5178
5179 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5180
5181 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5182 } else {
5183 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5184 new_settings(hdev, cmd->sk);
5185 }
5186
5187 mgmt_pending_remove(cmd);
5188
5189unlock:
5190 hci_dev_unlock(hdev);
5191}
5192
5193static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5194{
5195 struct mgmt_mode *cp = data;
5196 struct mgmt_pending_cmd *cmd;
5197 struct hci_request req;
5198 int err;
5199
5200 BT_DBG("request for %s", hdev->name);
5201
5202 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5204 MGMT_STATUS_NOT_SUPPORTED);
5205
5206 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5208 MGMT_STATUS_REJECTED);
5209
5210 if (cp->val != 0x00 && cp->val != 0x01)
5211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5212 MGMT_STATUS_INVALID_PARAMS);
5213
5214 hci_dev_lock(hdev);
5215
5216 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5217 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5218 goto unlock;
5219 }
5220
5221 if (!hdev_is_powered(hdev)) {
5222 if (!cp->val) {
5223 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5224 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5225 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5226 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5227 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5228 }
5229
5230 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5231
5232 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5233 if (err < 0)
5234 goto unlock;
5235
5236 err = new_settings(hdev, sk);
5237 goto unlock;
5238 }
5239
5240
5241 if (!cp->val) {
5242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5243 MGMT_STATUS_REJECTED);
5244 goto unlock;
5245 } else {
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5261 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5262 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5263 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5264 MGMT_STATUS_REJECTED);
5265 goto unlock;
5266 }
5267 }
5268
5269 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5271 MGMT_STATUS_BUSY);
5272 goto unlock;
5273 }
5274
5275 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5276 if (!cmd) {
5277 err = -ENOMEM;
5278 goto unlock;
5279 }
5280
5281
5282
5283
5284 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5285
5286 hci_req_init(&req, hdev);
5287
5288 write_fast_connectable(&req, false);
5289 __hci_update_page_scan(&req);
5290
5291
5292
5293
5294 update_adv_data(&req);
5295
5296 err = hci_req_run(&req, set_bredr_complete);
5297 if (err < 0)
5298 mgmt_pending_remove(cmd);
5299
5300unlock:
5301 hci_dev_unlock(hdev);
5302 return err;
5303}
5304
5305static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5306{
5307 struct mgmt_pending_cmd *cmd;
5308 struct mgmt_mode *cp;
5309
5310 BT_DBG("%s status %u", hdev->name, status);
5311
5312 hci_dev_lock(hdev);
5313
5314 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5315 if (!cmd)
5316 goto unlock;
5317
5318 if (status) {
5319 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5320 mgmt_status(status));
5321 goto remove;
5322 }
5323
5324 cp = cmd->param;
5325
5326 switch (cp->val) {
5327 case 0x00:
5328 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5329 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5330 break;
5331 case 0x01:
5332 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5333 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5334 break;
5335 case 0x02:
5336 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5337 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5338 break;
5339 }
5340
5341 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5342 new_settings(hdev, cmd->sk);
5343
5344remove:
5345 mgmt_pending_remove(cmd);
5346unlock:
5347 hci_dev_unlock(hdev);
5348}
5349
5350static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5351 void *data, u16 len)
5352{
5353 struct mgmt_mode *cp = data;
5354 struct mgmt_pending_cmd *cmd;
5355 struct hci_request req;
5356 u8 val;
5357 int err;
5358
5359 BT_DBG("request for %s", hdev->name);
5360
5361 if (!lmp_sc_capable(hdev) &&
5362 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5364 MGMT_STATUS_NOT_SUPPORTED);
5365
5366 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5367 lmp_sc_capable(hdev) &&
5368 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5369 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5370 MGMT_STATUS_REJECTED);
5371
5372 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5374 MGMT_STATUS_INVALID_PARAMS);
5375
5376 hci_dev_lock(hdev);
5377
5378 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5379 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5380 bool changed;
5381
5382 if (cp->val) {
5383 changed = !hci_dev_test_and_set_flag(hdev,
5384 HCI_SC_ENABLED);
5385 if (cp->val == 0x02)
5386 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5387 else
5388 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5389 } else {
5390 changed = hci_dev_test_and_clear_flag(hdev,
5391 HCI_SC_ENABLED);
5392 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5393 }
5394
5395 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5396 if (err < 0)
5397 goto failed;
5398
5399 if (changed)
5400 err = new_settings(hdev, sk);
5401
5402 goto failed;
5403 }
5404
5405 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5406 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5407 MGMT_STATUS_BUSY);
5408 goto failed;
5409 }
5410
5411 val = !!cp->val;
5412
5413 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5414 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5415 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5416 goto failed;
5417 }
5418
5419 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5420 if (!cmd) {
5421 err = -ENOMEM;
5422 goto failed;
5423 }
5424
5425 hci_req_init(&req, hdev);
5426 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5427 err = hci_req_run(&req, sc_enable_complete);
5428 if (err < 0) {
5429 mgmt_pending_remove(cmd);
5430 goto failed;
5431 }
5432
5433failed:
5434 hci_dev_unlock(hdev);
5435 return err;
5436}
5437
5438static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5439 void *data, u16 len)
5440{
5441 struct mgmt_mode *cp = data;
5442 bool changed, use_changed;
5443 int err;
5444
5445 BT_DBG("request for %s", hdev->name);
5446
5447 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5448 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5449 MGMT_STATUS_INVALID_PARAMS);
5450
5451 hci_dev_lock(hdev);
5452
5453 if (cp->val)
5454 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5455 else
5456 changed = hci_dev_test_and_clear_flag(hdev,
5457 HCI_KEEP_DEBUG_KEYS);
5458
5459 if (cp->val == 0x02)
5460 use_changed = !hci_dev_test_and_set_flag(hdev,
5461 HCI_USE_DEBUG_KEYS);
5462 else
5463 use_changed = hci_dev_test_and_clear_flag(hdev,
5464 HCI_USE_DEBUG_KEYS);
5465
5466 if (hdev_is_powered(hdev) && use_changed &&
5467 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5468 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5469 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5470 sizeof(mode), &mode);
5471 }
5472
5473 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5474 if (err < 0)
5475 goto unlock;
5476
5477 if (changed)
5478 err = new_settings(hdev, sk);
5479
5480unlock:
5481 hci_dev_unlock(hdev);
5482 return err;
5483}
5484
5485static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5486 u16 len)
5487{
5488 struct mgmt_cp_set_privacy *cp = cp_data;
5489 bool changed;
5490 int err;
5491
5492 BT_DBG("request for %s", hdev->name);
5493
5494 if (!lmp_le_capable(hdev))
5495 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5496 MGMT_STATUS_NOT_SUPPORTED);
5497
5498 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5499 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5500 MGMT_STATUS_INVALID_PARAMS);
5501
5502 if (hdev_is_powered(hdev))
5503 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5504 MGMT_STATUS_REJECTED);
5505
5506 hci_dev_lock(hdev);
5507
5508
5509
5510
5511 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5512
5513 if (cp->privacy) {
5514 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5515 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5516 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5517 } else {
5518 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5519 memset(hdev->irk, 0, sizeof(hdev->irk));
5520 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5521 }
5522
5523 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5524 if (err < 0)
5525 goto unlock;
5526
5527 if (changed)
5528 err = new_settings(hdev, sk);
5529
5530unlock:
5531 hci_dev_unlock(hdev);
5532 return err;
5533}
5534
5535static bool irk_is_valid(struct mgmt_irk_info *irk)
5536{
5537 switch (irk->addr.type) {
5538 case BDADDR_LE_PUBLIC:
5539 return true;
5540
5541 case BDADDR_LE_RANDOM:
5542
5543 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5544 return false;
5545 return true;
5546 }
5547
5548 return false;
5549}
5550
5551static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5552 u16 len)
5553{
5554 struct mgmt_cp_load_irks *cp = cp_data;
5555 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5556 sizeof(struct mgmt_irk_info));
5557 u16 irk_count, expected_len;
5558 int i, err;
5559
5560 BT_DBG("request for %s", hdev->name);
5561
5562 if (!lmp_le_capable(hdev))
5563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5564 MGMT_STATUS_NOT_SUPPORTED);
5565
5566 irk_count = __le16_to_cpu(cp->irk_count);
5567 if (irk_count > max_irk_count) {
5568 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5570 MGMT_STATUS_INVALID_PARAMS);
5571 }
5572
5573 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5574 if (expected_len != len) {
5575 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5576 expected_len, len);
5577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5578 MGMT_STATUS_INVALID_PARAMS);
5579 }
5580
5581 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5582
5583 for (i = 0; i < irk_count; i++) {
5584 struct mgmt_irk_info *key = &cp->irks[i];
5585
5586 if (!irk_is_valid(key))
5587 return mgmt_cmd_status(sk, hdev->id,
5588 MGMT_OP_LOAD_IRKS,
5589 MGMT_STATUS_INVALID_PARAMS);
5590 }
5591
5592 hci_dev_lock(hdev);
5593
5594 hci_smp_irks_clear(hdev);
5595
5596 for (i = 0; i < irk_count; i++) {
5597 struct mgmt_irk_info *irk = &cp->irks[i];
5598 u8 addr_type;
5599
5600 if (irk->addr.type == BDADDR_LE_PUBLIC)
5601 addr_type = ADDR_LE_DEV_PUBLIC;
5602 else
5603 addr_type = ADDR_LE_DEV_RANDOM;
5604
5605 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5606 BDADDR_ANY);
5607 }
5608
5609 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5610
5611 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5612
5613 hci_dev_unlock(hdev);
5614
5615 return err;
5616}
5617
5618static bool ltk_is_valid(struct mgmt_ltk_info *key)
5619{
5620 if (key->master != 0x00 && key->master != 0x01)
5621 return false;
5622
5623 switch (key->addr.type) {
5624 case BDADDR_LE_PUBLIC:
5625 return true;
5626
5627 case BDADDR_LE_RANDOM:
5628
5629 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5630 return false;
5631 return true;
5632 }
5633
5634 return false;
5635}
5636
5637static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5638 void *cp_data, u16 len)
5639{
5640 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5641 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5642 sizeof(struct mgmt_ltk_info));
5643 u16 key_count, expected_len;
5644 int i, err;
5645
5646 BT_DBG("request for %s", hdev->name);
5647
5648 if (!lmp_le_capable(hdev))
5649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5650 MGMT_STATUS_NOT_SUPPORTED);
5651
5652 key_count = __le16_to_cpu(cp->key_count);
5653 if (key_count > max_key_count) {
5654 BT_ERR("load_ltks: too big key_count value %u", key_count);
5655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5656 MGMT_STATUS_INVALID_PARAMS);
5657 }
5658
5659 expected_len = sizeof(*cp) + key_count *
5660 sizeof(struct mgmt_ltk_info);
5661 if (expected_len != len) {
5662 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5663 expected_len, len);
5664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5665 MGMT_STATUS_INVALID_PARAMS);
5666 }
5667
5668 BT_DBG("%s key_count %u", hdev->name, key_count);
5669
5670 for (i = 0; i < key_count; i++) {
5671 struct mgmt_ltk_info *key = &cp->keys[i];
5672
5673 if (!ltk_is_valid(key))
5674 return mgmt_cmd_status(sk, hdev->id,
5675 MGMT_OP_LOAD_LONG_TERM_KEYS,
5676 MGMT_STATUS_INVALID_PARAMS);
5677 }
5678
5679 hci_dev_lock(hdev);
5680
5681 hci_smp_ltks_clear(hdev);
5682
5683 for (i = 0; i < key_count; i++) {
5684 struct mgmt_ltk_info *key = &cp->keys[i];
5685 u8 type, addr_type, authenticated;
5686
5687 if (key->addr.type == BDADDR_LE_PUBLIC)
5688 addr_type = ADDR_LE_DEV_PUBLIC;
5689 else
5690 addr_type = ADDR_LE_DEV_RANDOM;
5691
5692 switch (key->type) {
5693 case MGMT_LTK_UNAUTHENTICATED:
5694 authenticated = 0x00;
5695 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5696 break;
5697 case MGMT_LTK_AUTHENTICATED:
5698 authenticated = 0x01;
5699 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5700 break;
5701 case MGMT_LTK_P256_UNAUTH:
5702 authenticated = 0x00;
5703 type = SMP_LTK_P256;
5704 break;
5705 case MGMT_LTK_P256_AUTH:
5706 authenticated = 0x01;
5707 type = SMP_LTK_P256;
5708 break;
5709 case MGMT_LTK_P256_DEBUG:
5710 authenticated = 0x00;
5711 type = SMP_LTK_P256_DEBUG;
5712 default:
5713 continue;
5714 }
5715
5716 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5717 authenticated, key->val, key->enc_size, key->ediv,
5718 key->rand);
5719 }
5720
5721 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5722 NULL, 0);
5723
5724 hci_dev_unlock(hdev);
5725
5726 return err;
5727}
5728
5729static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5730{
5731 struct hci_conn *conn = cmd->user_data;
5732 struct mgmt_rp_get_conn_info rp;
5733 int err;
5734
5735 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5736
5737 if (status == MGMT_STATUS_SUCCESS) {
5738 rp.rssi = conn->rssi;
5739 rp.tx_power = conn->tx_power;
5740 rp.max_tx_power = conn->max_tx_power;
5741 } else {
5742 rp.rssi = HCI_RSSI_INVALID;
5743 rp.tx_power = HCI_TX_POWER_INVALID;
5744 rp.max_tx_power = HCI_TX_POWER_INVALID;
5745 }
5746
5747 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5748 status, &rp, sizeof(rp));
5749
5750 hci_conn_drop(conn);
5751 hci_conn_put(conn);
5752
5753 return err;
5754}
5755
5756static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5757 u16 opcode)
5758{
5759 struct hci_cp_read_rssi *cp;
5760 struct mgmt_pending_cmd *cmd;
5761 struct hci_conn *conn;
5762 u16 handle;
5763 u8 status;
5764
5765 BT_DBG("status 0x%02x", hci_status);
5766
5767 hci_dev_lock(hdev);
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5779 if (!cp) {
5780 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5781 status = MGMT_STATUS_SUCCESS;
5782 } else {
5783 status = mgmt_status(hci_status);
5784 }
5785
5786 if (!cp) {
5787 BT_ERR("invalid sent_cmd in conn_info response");
5788 goto unlock;
5789 }
5790
5791 handle = __le16_to_cpu(cp->handle);
5792 conn = hci_conn_hash_lookup_handle(hdev, handle);
5793 if (!conn) {
5794 BT_ERR("unknown handle (%d) in conn_info response", handle);
5795 goto unlock;
5796 }
5797
5798 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5799 if (!cmd)
5800 goto unlock;
5801
5802 cmd->cmd_complete(cmd, status);
5803 mgmt_pending_remove(cmd);
5804
5805unlock:
5806 hci_dev_unlock(hdev);
5807}
5808
5809static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5810 u16 len)
5811{
5812 struct mgmt_cp_get_conn_info *cp = data;
5813 struct mgmt_rp_get_conn_info rp;
5814 struct hci_conn *conn;
5815 unsigned long conn_info_age;
5816 int err = 0;
5817
5818 BT_DBG("%s", hdev->name);
5819
5820 memset(&rp, 0, sizeof(rp));
5821 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5822 rp.addr.type = cp->addr.type;
5823
5824 if (!bdaddr_type_is_valid(cp->addr.type))
5825 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5826 MGMT_STATUS_INVALID_PARAMS,
5827 &rp, sizeof(rp));
5828
5829 hci_dev_lock(hdev);
5830
5831 if (!hdev_is_powered(hdev)) {
5832 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5833 MGMT_STATUS_NOT_POWERED, &rp,
5834 sizeof(rp));
5835 goto unlock;
5836 }
5837
5838 if (cp->addr.type == BDADDR_BREDR)
5839 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5840 &cp->addr.bdaddr);
5841 else
5842 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5843
5844 if (!conn || conn->state != BT_CONNECTED) {
5845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5846 MGMT_STATUS_NOT_CONNECTED, &rp,
5847 sizeof(rp));
5848 goto unlock;
5849 }
5850
5851 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5852 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5853 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5854 goto unlock;
5855 }
5856
5857
5858
5859
5860 conn_info_age = hdev->conn_info_min_age +
5861 prandom_u32_max(hdev->conn_info_max_age -
5862 hdev->conn_info_min_age);
5863
5864
5865
5866
5867 if (time_after(jiffies, conn->conn_info_timestamp +
5868 msecs_to_jiffies(conn_info_age)) ||
5869 !conn->conn_info_timestamp) {
5870 struct hci_request req;
5871 struct hci_cp_read_tx_power req_txp_cp;
5872 struct hci_cp_read_rssi req_rssi_cp;
5873 struct mgmt_pending_cmd *cmd;
5874
5875 hci_req_init(&req, hdev);
5876 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5877 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5878 &req_rssi_cp);
5879
5880
5881
5882
5883 if (!bdaddr_type_is_le(cp->addr.type) ||
5884 conn->tx_power == HCI_TX_POWER_INVALID) {
5885 req_txp_cp.handle = cpu_to_le16(conn->handle);
5886 req_txp_cp.type = 0x00;
5887 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5888 sizeof(req_txp_cp), &req_txp_cp);
5889 }
5890
5891
5892 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5893 req_txp_cp.handle = cpu_to_le16(conn->handle);
5894 req_txp_cp.type = 0x01;
5895 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5896 sizeof(req_txp_cp), &req_txp_cp);
5897 }
5898
5899 err = hci_req_run(&req, conn_info_refresh_complete);
5900 if (err < 0)
5901 goto unlock;
5902
5903 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5904 data, len);
5905 if (!cmd) {
5906 err = -ENOMEM;
5907 goto unlock;
5908 }
5909
5910 hci_conn_hold(conn);
5911 cmd->user_data = hci_conn_get(conn);
5912 cmd->cmd_complete = conn_info_cmd_complete;
5913
5914 conn->conn_info_timestamp = jiffies;
5915 } else {
5916
5917 rp.rssi = conn->rssi;
5918 rp.tx_power = conn->tx_power;
5919 rp.max_tx_power = conn->max_tx_power;
5920
5921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5922 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5923 }
5924
5925unlock:
5926 hci_dev_unlock(hdev);
5927 return err;
5928}
5929
5930static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5931{
5932 struct hci_conn *conn = cmd->user_data;
5933 struct mgmt_rp_get_clock_info rp;
5934 struct hci_dev *hdev;
5935 int err;
5936
5937 memset(&rp, 0, sizeof(rp));
5938 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5939
5940 if (status)
5941 goto complete;
5942
5943 hdev = hci_dev_get(cmd->index);
5944 if (hdev) {
5945 rp.local_clock = cpu_to_le32(hdev->clock);
5946 hci_dev_put(hdev);
5947 }
5948
5949 if (conn) {
5950 rp.piconet_clock = cpu_to_le32(conn->clock);
5951 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5952 }
5953
5954complete:
5955 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5956 sizeof(rp));
5957
5958 if (conn) {
5959 hci_conn_drop(conn);
5960 hci_conn_put(conn);
5961 }
5962
5963 return err;
5964}
5965
5966static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5967{
5968 struct hci_cp_read_clock *hci_cp;
5969 struct mgmt_pending_cmd *cmd;
5970 struct hci_conn *conn;
5971
5972 BT_DBG("%s status %u", hdev->name, status);
5973
5974 hci_dev_lock(hdev);
5975
5976 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5977 if (!hci_cp)
5978 goto unlock;
5979
5980 if (hci_cp->which) {
5981 u16 handle = __le16_to_cpu(hci_cp->handle);
5982 conn = hci_conn_hash_lookup_handle(hdev, handle);
5983 } else {
5984 conn = NULL;
5985 }
5986
5987 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5988 if (!cmd)
5989 goto unlock;
5990
5991 cmd->cmd_complete(cmd, mgmt_status(status));
5992 mgmt_pending_remove(cmd);
5993
5994unlock:
5995 hci_dev_unlock(hdev);
5996}
5997
5998static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5999 u16 len)
6000{
6001 struct mgmt_cp_get_clock_info *cp = data;
6002 struct mgmt_rp_get_clock_info rp;
6003 struct hci_cp_read_clock hci_cp;
6004 struct mgmt_pending_cmd *cmd;
6005 struct hci_request req;
6006 struct hci_conn *conn;
6007 int err;
6008
6009 BT_DBG("%s", hdev->name);
6010
6011 memset(&rp, 0, sizeof(rp));
6012 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6013 rp.addr.type = cp->addr.type;
6014
6015 if (cp->addr.type != BDADDR_BREDR)
6016 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6017 MGMT_STATUS_INVALID_PARAMS,
6018 &rp, sizeof(rp));
6019
6020 hci_dev_lock(hdev);
6021
6022 if (!hdev_is_powered(hdev)) {
6023 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6024 MGMT_STATUS_NOT_POWERED, &rp,
6025 sizeof(rp));
6026 goto unlock;
6027 }
6028
6029 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6031 &cp->addr.bdaddr);
6032 if (!conn || conn->state != BT_CONNECTED) {
6033 err = mgmt_cmd_complete(sk, hdev->id,
6034 MGMT_OP_GET_CLOCK_INFO,
6035 MGMT_STATUS_NOT_CONNECTED,
6036 &rp, sizeof(rp));
6037 goto unlock;
6038 }
6039 } else {
6040 conn = NULL;
6041 }
6042
6043 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6044 if (!cmd) {
6045 err = -ENOMEM;
6046 goto unlock;
6047 }
6048
6049 cmd->cmd_complete = clock_info_cmd_complete;
6050
6051 hci_req_init(&req, hdev);
6052
6053 memset(&hci_cp, 0, sizeof(hci_cp));
6054 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6055
6056 if (conn) {
6057 hci_conn_hold(conn);
6058 cmd->user_data = hci_conn_get(conn);
6059
6060 hci_cp.handle = cpu_to_le16(conn->handle);
6061 hci_cp.which = 0x01;
6062 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6063 }
6064
6065 err = hci_req_run(&req, get_clock_info_complete);
6066 if (err < 0)
6067 mgmt_pending_remove(cmd);
6068
6069unlock:
6070 hci_dev_unlock(hdev);
6071 return err;
6072}
6073
6074static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6075{
6076 struct hci_conn *conn;
6077
6078 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6079 if (!conn)
6080 return false;
6081
6082 if (conn->dst_type != type)
6083 return false;
6084
6085 if (conn->state != BT_CONNECTED)
6086 return false;
6087
6088 return true;
6089}
6090
6091
6092static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
6093 u8 addr_type, u8 auto_connect)
6094{
6095 struct hci_dev *hdev = req->hdev;
6096 struct hci_conn_params *params;
6097
6098 params = hci_conn_params_add(hdev, addr, addr_type);
6099 if (!params)
6100 return -EIO;
6101
6102 if (params->auto_connect == auto_connect)
6103 return 0;
6104
6105 list_del_init(¶ms->action);
6106
6107 switch (auto_connect) {
6108 case HCI_AUTO_CONN_DISABLED:
6109 case HCI_AUTO_CONN_LINK_LOSS:
6110 __hci_update_background_scan(req);
6111 break;
6112 case HCI_AUTO_CONN_REPORT:
6113 list_add(¶ms->action, &hdev->pend_le_reports);
6114 __hci_update_background_scan(req);
6115 break;
6116 case HCI_AUTO_CONN_DIRECT:
6117 case HCI_AUTO_CONN_ALWAYS:
6118 if (!is_connected(hdev, addr, addr_type)) {
6119 list_add(¶ms->action, &hdev->pend_le_conns);
6120 __hci_update_background_scan(req);
6121 }
6122 break;
6123 }
6124
6125 params->auto_connect = auto_connect;
6126
6127 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
6128 auto_connect);
6129
6130 return 0;
6131}
6132
6133static void device_added(struct sock *sk, struct hci_dev *hdev,
6134 bdaddr_t *bdaddr, u8 type, u8 action)
6135{
6136 struct mgmt_ev_device_added ev;
6137
6138 bacpy(&ev.addr.bdaddr, bdaddr);
6139 ev.addr.type = type;
6140 ev.action = action;
6141
6142 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6143}
6144
6145static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6146{
6147 struct mgmt_pending_cmd *cmd;
6148
6149 BT_DBG("status 0x%02x", status);
6150
6151 hci_dev_lock(hdev);
6152
6153 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6154 if (!cmd)
6155 goto unlock;
6156
6157 cmd->cmd_complete(cmd, mgmt_status(status));
6158 mgmt_pending_remove(cmd);
6159
6160unlock:
6161 hci_dev_unlock(hdev);
6162}
6163
6164static int add_device(struct sock *sk, struct hci_dev *hdev,
6165 void *data, u16 len)
6166{
6167 struct mgmt_cp_add_device *cp = data;
6168 struct mgmt_pending_cmd *cmd;
6169 struct hci_request req;
6170 u8 auto_conn, addr_type;
6171 int err;
6172
6173 BT_DBG("%s", hdev->name);
6174
6175 if (!bdaddr_type_is_valid(cp->addr.type) ||
6176 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6177 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6178 MGMT_STATUS_INVALID_PARAMS,
6179 &cp->addr, sizeof(cp->addr));
6180
6181 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6182 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6183 MGMT_STATUS_INVALID_PARAMS,
6184 &cp->addr, sizeof(cp->addr));
6185
6186 hci_req_init(&req, hdev);
6187
6188 hci_dev_lock(hdev);
6189
6190 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6191 if (!cmd) {
6192 err = -ENOMEM;
6193 goto unlock;
6194 }
6195
6196 cmd->cmd_complete = addr_cmd_complete;
6197
6198 if (cp->addr.type == BDADDR_BREDR) {
6199
6200 if (cp->action != 0x01) {
6201 err = cmd->cmd_complete(cmd,
6202 MGMT_STATUS_INVALID_PARAMS);
6203 mgmt_pending_remove(cmd);
6204 goto unlock;
6205 }
6206
6207 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6208 cp->addr.type);
6209 if (err)
6210 goto unlock;
6211
6212 __hci_update_page_scan(&req);
6213
6214 goto added;
6215 }
6216
6217 if (cp->addr.type == BDADDR_LE_PUBLIC)
6218 addr_type = ADDR_LE_DEV_PUBLIC;
6219 else
6220 addr_type = ADDR_LE_DEV_RANDOM;
6221
6222 if (cp->action == 0x02)
6223 auto_conn = HCI_AUTO_CONN_ALWAYS;
6224 else if (cp->action == 0x01)
6225 auto_conn = HCI_AUTO_CONN_DIRECT;
6226 else
6227 auto_conn = HCI_AUTO_CONN_REPORT;
6228
6229
6230
6231
6232 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6233 auto_conn) < 0) {
6234 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6235 mgmt_pending_remove(cmd);
6236 goto unlock;
6237 }
6238
6239added:
6240 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6241
6242 err = hci_req_run(&req, add_device_complete);
6243 if (err < 0) {
6244
6245
6246
6247 if (err == -ENODATA)
6248 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6249 mgmt_pending_remove(cmd);
6250 }
6251
6252unlock:
6253 hci_dev_unlock(hdev);
6254 return err;
6255}
6256
6257static void device_removed(struct sock *sk, struct hci_dev *hdev,
6258 bdaddr_t *bdaddr, u8 type)
6259{
6260 struct mgmt_ev_device_removed ev;
6261
6262 bacpy(&ev.addr.bdaddr, bdaddr);
6263 ev.addr.type = type;
6264
6265 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6266}
6267
6268static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6269{
6270 struct mgmt_pending_cmd *cmd;
6271
6272 BT_DBG("status 0x%02x", status);
6273
6274 hci_dev_lock(hdev);
6275
6276 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6277 if (!cmd)
6278 goto unlock;
6279
6280 cmd->cmd_complete(cmd, mgmt_status(status));
6281 mgmt_pending_remove(cmd);
6282
6283unlock:
6284 hci_dev_unlock(hdev);
6285}
6286
6287static int remove_device(struct sock *sk, struct hci_dev *hdev,
6288 void *data, u16 len)
6289{
6290 struct mgmt_cp_remove_device *cp = data;
6291 struct mgmt_pending_cmd *cmd;
6292 struct hci_request req;
6293 int err;
6294
6295 BT_DBG("%s", hdev->name);
6296
6297 hci_req_init(&req, hdev);
6298
6299 hci_dev_lock(hdev);
6300
6301 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6302 if (!cmd) {
6303 err = -ENOMEM;
6304 goto unlock;
6305 }
6306
6307 cmd->cmd_complete = addr_cmd_complete;
6308
6309 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6310 struct hci_conn_params *params;
6311 u8 addr_type;
6312
6313 if (!bdaddr_type_is_valid(cp->addr.type)) {
6314 err = cmd->cmd_complete(cmd,
6315 MGMT_STATUS_INVALID_PARAMS);
6316 mgmt_pending_remove(cmd);
6317 goto unlock;
6318 }
6319
6320 if (cp->addr.type == BDADDR_BREDR) {
6321 err = hci_bdaddr_list_del(&hdev->whitelist,
6322 &cp->addr.bdaddr,
6323 cp->addr.type);
6324 if (err) {
6325 err = cmd->cmd_complete(cmd,
6326 MGMT_STATUS_INVALID_PARAMS);
6327 mgmt_pending_remove(cmd);
6328 goto unlock;
6329 }
6330
6331 __hci_update_page_scan(&req);
6332
6333 device_removed(sk, hdev, &cp->addr.bdaddr,
6334 cp->addr.type);
6335 goto complete;
6336 }
6337
6338 if (cp->addr.type == BDADDR_LE_PUBLIC)
6339 addr_type = ADDR_LE_DEV_PUBLIC;
6340 else
6341 addr_type = ADDR_LE_DEV_RANDOM;
6342
6343 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6344 addr_type);
6345 if (!params) {
6346 err = cmd->cmd_complete(cmd,
6347 MGMT_STATUS_INVALID_PARAMS);
6348 mgmt_pending_remove(cmd);
6349 goto unlock;
6350 }
6351
6352 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
6353 err = cmd->cmd_complete(cmd,
6354 MGMT_STATUS_INVALID_PARAMS);
6355 mgmt_pending_remove(cmd);
6356 goto unlock;
6357 }
6358
6359 list_del(¶ms->action);
6360 list_del(¶ms->list);
6361 kfree(params);
6362 __hci_update_background_scan(&req);
6363
6364 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6365 } else {
6366 struct hci_conn_params *p, *tmp;
6367 struct bdaddr_list *b, *btmp;
6368
6369 if (cp->addr.type) {
6370 err = cmd->cmd_complete(cmd,
6371 MGMT_STATUS_INVALID_PARAMS);
6372 mgmt_pending_remove(cmd);
6373 goto unlock;
6374 }
6375
6376 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6377 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6378 list_del(&b->list);
6379 kfree(b);
6380 }
6381
6382 __hci_update_page_scan(&req);
6383
6384 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6385 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6386 continue;
6387 device_removed(sk, hdev, &p->addr, p->addr_type);
6388 list_del(&p->action);
6389 list_del(&p->list);
6390 kfree(p);
6391 }
6392
6393 BT_DBG("All LE connection parameters were removed");
6394
6395 __hci_update_background_scan(&req);
6396 }
6397
6398complete:
6399 err = hci_req_run(&req, remove_device_complete);
6400 if (err < 0) {
6401
6402
6403
6404 if (err == -ENODATA)
6405 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6406 mgmt_pending_remove(cmd);
6407 }
6408
6409unlock:
6410 hci_dev_unlock(hdev);
6411 return err;
6412}
6413
6414static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6415 u16 len)
6416{
6417 struct mgmt_cp_load_conn_param *cp = data;
6418 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6419 sizeof(struct mgmt_conn_param));
6420 u16 param_count, expected_len;
6421 int i;
6422
6423 if (!lmp_le_capable(hdev))
6424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6425 MGMT_STATUS_NOT_SUPPORTED);
6426
6427 param_count = __le16_to_cpu(cp->param_count);
6428 if (param_count > max_param_count) {
6429 BT_ERR("load_conn_param: too big param_count value %u",
6430 param_count);
6431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6432 MGMT_STATUS_INVALID_PARAMS);
6433 }
6434
6435 expected_len = sizeof(*cp) + param_count *
6436 sizeof(struct mgmt_conn_param);
6437 if (expected_len != len) {
6438 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6439 expected_len, len);
6440 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6441 MGMT_STATUS_INVALID_PARAMS);
6442 }
6443
6444 BT_DBG("%s param_count %u", hdev->name, param_count);
6445
6446 hci_dev_lock(hdev);
6447
6448 hci_conn_params_clear_disabled(hdev);
6449
6450 for (i = 0; i < param_count; i++) {
6451 struct mgmt_conn_param *param = &cp->params[i];
6452 struct hci_conn_params *hci_param;
6453 u16 min, max, latency, timeout;
6454 u8 addr_type;
6455
6456 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6457 param->addr.type);
6458
6459 if (param->addr.type == BDADDR_LE_PUBLIC) {
6460 addr_type = ADDR_LE_DEV_PUBLIC;
6461 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6462 addr_type = ADDR_LE_DEV_RANDOM;
6463 } else {
6464 BT_ERR("Ignoring invalid connection parameters");
6465 continue;
6466 }
6467
6468 min = le16_to_cpu(param->min_interval);
6469 max = le16_to_cpu(param->max_interval);
6470 latency = le16_to_cpu(param->latency);
6471 timeout = le16_to_cpu(param->timeout);
6472
6473 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6474 min, max, latency, timeout);
6475
6476 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6477 BT_ERR("Ignoring invalid connection parameters");
6478 continue;
6479 }
6480
6481 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6482 addr_type);
6483 if (!hci_param) {
6484 BT_ERR("Failed to add connection parameters");
6485 continue;
6486 }
6487
6488 hci_param->conn_min_interval = min;
6489 hci_param->conn_max_interval = max;
6490 hci_param->conn_latency = latency;
6491 hci_param->supervision_timeout = timeout;
6492 }
6493
6494 hci_dev_unlock(hdev);
6495
6496 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6497 NULL, 0);
6498}
6499
6500static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6501 void *data, u16 len)
6502{
6503 struct mgmt_cp_set_external_config *cp = data;
6504 bool changed;
6505 int err;
6506
6507 BT_DBG("%s", hdev->name);
6508
6509 if (hdev_is_powered(hdev))
6510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6511 MGMT_STATUS_REJECTED);
6512
6513 if (cp->config != 0x00 && cp->config != 0x01)
6514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6515 MGMT_STATUS_INVALID_PARAMS);
6516
6517 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6518 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6519 MGMT_STATUS_NOT_SUPPORTED);
6520
6521 hci_dev_lock(hdev);
6522
6523 if (cp->config)
6524 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6525 else
6526 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6527
6528 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6529 if (err < 0)
6530 goto unlock;
6531
6532 if (!changed)
6533 goto unlock;
6534
6535 err = new_options(hdev, sk);
6536
6537 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6538 mgmt_index_removed(hdev);
6539
6540 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6541 hci_dev_set_flag(hdev, HCI_CONFIG);
6542 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6543
6544 queue_work(hdev->req_workqueue, &hdev->power_on);
6545 } else {
6546 set_bit(HCI_RAW, &hdev->flags);
6547 mgmt_index_added(hdev);
6548 }
6549 }
6550
6551unlock:
6552 hci_dev_unlock(hdev);
6553 return err;
6554}
6555
6556static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6557 void *data, u16 len)
6558{
6559 struct mgmt_cp_set_public_address *cp = data;
6560 bool changed;
6561 int err;
6562
6563 BT_DBG("%s", hdev->name);
6564
6565 if (hdev_is_powered(hdev))
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6567 MGMT_STATUS_REJECTED);
6568
6569 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6571 MGMT_STATUS_INVALID_PARAMS);
6572
6573 if (!hdev->set_bdaddr)
6574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6575 MGMT_STATUS_NOT_SUPPORTED);
6576
6577 hci_dev_lock(hdev);
6578
6579 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6580 bacpy(&hdev->public_addr, &cp->bdaddr);
6581
6582 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6583 if (err < 0)
6584 goto unlock;
6585
6586 if (!changed)
6587 goto unlock;
6588
6589 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6590 err = new_options(hdev, sk);
6591
6592 if (is_configured(hdev)) {
6593 mgmt_index_removed(hdev);
6594
6595 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6596
6597 hci_dev_set_flag(hdev, HCI_CONFIG);
6598 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6599
6600 queue_work(hdev->req_workqueue, &hdev->power_on);
6601 }
6602
6603unlock:
6604 hci_dev_unlock(hdev);
6605 return err;
6606}
6607
6608static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6609 u8 data_len)
6610{
6611 eir[eir_len++] = sizeof(type) + data_len;
6612 eir[eir_len++] = type;
6613 memcpy(&eir[eir_len], data, data_len);
6614 eir_len += data_len;
6615
6616 return eir_len;
6617}
6618
6619static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6620 u16 opcode, struct sk_buff *skb)
6621{
6622 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6623 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6624 u8 *h192, *r192, *h256, *r256;
6625 struct mgmt_pending_cmd *cmd;
6626 u16 eir_len;
6627 int err;
6628
6629 BT_DBG("%s status %u", hdev->name, status);
6630
6631 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6632 if (!cmd)
6633 return;
6634
6635 mgmt_cp = cmd->param;
6636
6637 if (status) {
6638 status = mgmt_status(status);
6639 eir_len = 0;
6640
6641 h192 = NULL;
6642 r192 = NULL;
6643 h256 = NULL;
6644 r256 = NULL;
6645 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6646 struct hci_rp_read_local_oob_data *rp;
6647
6648 if (skb->len != sizeof(*rp)) {
6649 status = MGMT_STATUS_FAILED;
6650 eir_len = 0;
6651 } else {
6652 status = MGMT_STATUS_SUCCESS;
6653 rp = (void *)skb->data;
6654
6655 eir_len = 5 + 18 + 18;
6656 h192 = rp->hash;
6657 r192 = rp->rand;
6658 h256 = NULL;
6659 r256 = NULL;
6660 }
6661 } else {
6662 struct hci_rp_read_local_oob_ext_data *rp;
6663
6664 if (skb->len != sizeof(*rp)) {
6665 status = MGMT_STATUS_FAILED;
6666 eir_len = 0;
6667 } else {
6668 status = MGMT_STATUS_SUCCESS;
6669 rp = (void *)skb->data;
6670
6671 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6672 eir_len = 5 + 18 + 18;
6673 h192 = NULL;
6674 r192 = NULL;
6675 } else {
6676 eir_len = 5 + 18 + 18 + 18 + 18;
6677 h192 = rp->hash192;
6678 r192 = rp->rand192;
6679 }
6680
6681 h256 = rp->hash256;
6682 r256 = rp->rand256;
6683 }
6684 }
6685
6686 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6687 if (!mgmt_rp)
6688 goto done;
6689
6690 if (status)
6691 goto send_rsp;
6692
6693 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6694 hdev->dev_class, 3);
6695
6696 if (h192 && r192) {
6697 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6698 EIR_SSP_HASH_C192, h192, 16);
6699 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6700 EIR_SSP_RAND_R192, r192, 16);
6701 }
6702
6703 if (h256 && r256) {
6704 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6705 EIR_SSP_HASH_C256, h256, 16);
6706 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6707 EIR_SSP_RAND_R256, r256, 16);
6708 }
6709
6710send_rsp:
6711 mgmt_rp->type = mgmt_cp->type;
6712 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6713
6714 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6715 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6716 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6717 if (err < 0 || status)
6718 goto done;
6719
6720 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6721
6722 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6723 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6724 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6725done:
6726 kfree(mgmt_rp);
6727 mgmt_pending_remove(cmd);
6728}
6729
6730static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6731 struct mgmt_cp_read_local_oob_ext_data *cp)
6732{
6733 struct mgmt_pending_cmd *cmd;
6734 struct hci_request req;
6735 int err;
6736
6737 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6738 cp, sizeof(*cp));
6739 if (!cmd)
6740 return -ENOMEM;
6741
6742 hci_req_init(&req, hdev);
6743
6744 if (bredr_sc_enabled(hdev))
6745 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6746 else
6747 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6748
6749 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6750 if (err < 0) {
6751 mgmt_pending_remove(cmd);
6752 return err;
6753 }
6754
6755 return 0;
6756}
6757
6758static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6759 void *data, u16 data_len)
6760{
6761 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6762 struct mgmt_rp_read_local_oob_ext_data *rp;
6763 size_t rp_len;
6764 u16 eir_len;
6765 u8 status, flags, role, addr[7], hash[16], rand[16];
6766 int err;
6767
6768 BT_DBG("%s", hdev->name);
6769
6770 if (hdev_is_powered(hdev)) {
6771 switch (cp->type) {
6772 case BIT(BDADDR_BREDR):
6773 status = mgmt_bredr_support(hdev);
6774 if (status)
6775 eir_len = 0;
6776 else
6777 eir_len = 5;
6778 break;
6779 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6780 status = mgmt_le_support(hdev);
6781 if (status)
6782 eir_len = 0;
6783 else
6784 eir_len = 9 + 3 + 18 + 18 + 3;
6785 break;
6786 default:
6787 status = MGMT_STATUS_INVALID_PARAMS;
6788 eir_len = 0;
6789 break;
6790 }
6791 } else {
6792 status = MGMT_STATUS_NOT_POWERED;
6793 eir_len = 0;
6794 }
6795
6796 rp_len = sizeof(*rp) + eir_len;
6797 rp = kmalloc(rp_len, GFP_ATOMIC);
6798 if (!rp)
6799 return -ENOMEM;
6800
6801 if (status)
6802 goto complete;
6803
6804 hci_dev_lock(hdev);
6805
6806 eir_len = 0;
6807 switch (cp->type) {
6808 case BIT(BDADDR_BREDR):
6809 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6810 err = read_local_ssp_oob_req(hdev, sk, cp);
6811 hci_dev_unlock(hdev);
6812 if (!err)
6813 goto done;
6814
6815 status = MGMT_STATUS_FAILED;
6816 goto complete;
6817 } else {
6818 eir_len = eir_append_data(rp->eir, eir_len,
6819 EIR_CLASS_OF_DEV,
6820 hdev->dev_class, 3);
6821 }
6822 break;
6823 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6824 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6825 smp_generate_oob(hdev, hash, rand) < 0) {
6826 hci_dev_unlock(hdev);
6827 status = MGMT_STATUS_FAILED;
6828 goto complete;
6829 }
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6842 hci_dev_unlock(hdev);
6843 status = MGMT_STATUS_REJECTED;
6844 goto complete;
6845 }
6846
6847 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6848 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6849 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6850 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6851 memcpy(addr, &hdev->static_addr, 6);
6852 addr[6] = 0x01;
6853 } else {
6854 memcpy(addr, &hdev->bdaddr, 6);
6855 addr[6] = 0x00;
6856 }
6857
6858 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6859 addr, sizeof(addr));
6860
6861 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6862 role = 0x02;
6863 else
6864 role = 0x01;
6865
6866 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6867 &role, sizeof(role));
6868
6869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6870 eir_len = eir_append_data(rp->eir, eir_len,
6871 EIR_LE_SC_CONFIRM,
6872 hash, sizeof(hash));
6873
6874 eir_len = eir_append_data(rp->eir, eir_len,
6875 EIR_LE_SC_RANDOM,
6876 rand, sizeof(rand));
6877 }
6878
6879 flags = get_adv_discov_flags(hdev);
6880
6881 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6882 flags |= LE_AD_NO_BREDR;
6883
6884 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6885 &flags, sizeof(flags));
6886 break;
6887 }
6888
6889 hci_dev_unlock(hdev);
6890
6891 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6892
6893 status = MGMT_STATUS_SUCCESS;
6894
6895complete:
6896 rp->type = cp->type;
6897 rp->eir_len = cpu_to_le16(eir_len);
6898
6899 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6900 status, rp, sizeof(*rp) + eir_len);
6901 if (err < 0 || status)
6902 goto done;
6903
6904 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6905 rp, sizeof(*rp) + eir_len,
6906 HCI_MGMT_OOB_DATA_EVENTS, sk);
6907
6908done:
6909 kfree(rp);
6910
6911 return err;
6912}
6913
6914static u32 get_supported_adv_flags(struct hci_dev *hdev)
6915{
6916 u32 flags = 0;
6917
6918 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6919 flags |= MGMT_ADV_FLAG_DISCOV;
6920 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6921 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6922
6923 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6924 flags |= MGMT_ADV_FLAG_TX_POWER;
6925
6926 return flags;
6927}
6928
6929static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6930 void *data, u16 data_len)
6931{
6932 struct mgmt_rp_read_adv_features *rp;
6933 size_t rp_len;
6934 int err, i;
6935 bool instance;
6936 struct adv_info *adv_instance;
6937 u32 supported_flags;
6938
6939 BT_DBG("%s", hdev->name);
6940
6941 if (!lmp_le_capable(hdev))
6942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6943 MGMT_STATUS_REJECTED);
6944
6945 hci_dev_lock(hdev);
6946
6947 rp_len = sizeof(*rp);
6948
6949 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6950 if (instance)
6951 rp_len += hdev->adv_instance_cnt;
6952
6953 rp = kmalloc(rp_len, GFP_ATOMIC);
6954 if (!rp) {
6955 hci_dev_unlock(hdev);
6956 return -ENOMEM;
6957 }
6958
6959 supported_flags = get_supported_adv_flags(hdev);
6960
6961 rp->supported_flags = cpu_to_le32(supported_flags);
6962 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6963 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6964 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6965
6966 if (instance) {
6967 i = 0;
6968 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6969 if (i >= hdev->adv_instance_cnt)
6970 break;
6971
6972 rp->instance[i] = adv_instance->instance;
6973 i++;
6974 }
6975 rp->num_instances = hdev->adv_instance_cnt;
6976 } else {
6977 rp->num_instances = 0;
6978 }
6979
6980 hci_dev_unlock(hdev);
6981
6982 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6983 MGMT_STATUS_SUCCESS, rp, rp_len);
6984
6985 kfree(rp);
6986
6987 return err;
6988}
6989
6990static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6991 u8 len, bool is_adv_data)
6992{
6993 u8 max_len = HCI_MAX_AD_LENGTH;
6994 int i, cur_len;
6995 bool flags_managed = false;
6996 bool tx_power_managed = false;
6997 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6998 MGMT_ADV_FLAG_MANAGED_FLAGS;
6999
7000 if (is_adv_data && (adv_flags & flags_params)) {
7001 flags_managed = true;
7002 max_len -= 3;
7003 }
7004
7005 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
7006 tx_power_managed = true;
7007 max_len -= 3;
7008 }
7009
7010 if (len > max_len)
7011 return false;
7012
7013
7014 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7015 cur_len = data[i];
7016
7017 if (flags_managed && data[i + 1] == EIR_FLAGS)
7018 return false;
7019
7020 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
7021 return false;
7022
7023
7024
7025
7026 if (i + cur_len >= len)
7027 return false;
7028 }
7029
7030 return true;
7031}
7032
7033static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7034 u16 opcode)
7035{
7036 struct mgmt_pending_cmd *cmd;
7037 struct mgmt_cp_add_advertising *cp;
7038 struct mgmt_rp_add_advertising rp;
7039 struct adv_info *adv_instance, *n;
7040 u8 instance;
7041
7042 BT_DBG("status %d", status);
7043
7044 hci_dev_lock(hdev);
7045
7046 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7047
7048 if (status)
7049 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7050
7051 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7052 if (!adv_instance->pending)
7053 continue;
7054
7055 if (!status) {
7056 adv_instance->pending = false;
7057 continue;
7058 }
7059
7060 instance = adv_instance->instance;
7061
7062 if (hdev->cur_adv_instance == instance)
7063 cancel_adv_timeout(hdev);
7064
7065 hci_remove_adv_instance(hdev, instance);
7066 advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7067 }
7068
7069 if (!cmd)
7070 goto unlock;
7071
7072 cp = cmd->param;
7073 rp.instance = cp->instance;
7074
7075 if (status)
7076 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7077 mgmt_status(status));
7078 else
7079 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7080 mgmt_status(status), &rp, sizeof(rp));
7081
7082 mgmt_pending_remove(cmd);
7083
7084unlock:
7085 hci_dev_unlock(hdev);
7086}
7087
7088void mgmt_adv_timeout_expired(struct hci_dev *hdev)
7089{
7090 u8 instance;
7091 struct hci_request req;
7092
7093 hdev->adv_instance_timeout = 0;
7094
7095 instance = get_current_adv_instance(hdev);
7096 if (instance == 0x00)
7097 return;
7098
7099 hci_dev_lock(hdev);
7100 hci_req_init(&req, hdev);
7101
7102 clear_adv_instance(hdev, &req, instance, false);
7103
7104 if (list_empty(&hdev->adv_instances))
7105 disable_advertising(&req);
7106
7107 if (!skb_queue_empty(&req.cmd_q))
7108 hci_req_run(&req, NULL);
7109
7110 hci_dev_unlock(hdev);
7111}
7112
7113static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7114 void *data, u16 data_len)
7115{
7116 struct mgmt_cp_add_advertising *cp = data;
7117 struct mgmt_rp_add_advertising rp;
7118 u32 flags;
7119 u32 supported_flags;
7120 u8 status;
7121 u16 timeout, duration;
7122 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7123 u8 schedule_instance = 0;
7124 struct adv_info *next_instance;
7125 int err;
7126 struct mgmt_pending_cmd *cmd;
7127 struct hci_request req;
7128
7129 BT_DBG("%s", hdev->name);
7130
7131 status = mgmt_le_support(hdev);
7132 if (status)
7133 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7134 status);
7135
7136 flags = __le32_to_cpu(cp->flags);
7137 timeout = __le16_to_cpu(cp->timeout);
7138 duration = __le16_to_cpu(cp->duration);
7139
7140
7141
7142
7143 supported_flags = get_supported_adv_flags(hdev);
7144 if (flags & ~supported_flags)
7145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7146 MGMT_STATUS_INVALID_PARAMS);
7147
7148 hci_dev_lock(hdev);
7149
7150 if (timeout && !hdev_is_powered(hdev)) {
7151 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7152 MGMT_STATUS_REJECTED);
7153 goto unlock;
7154 }
7155
7156 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7157 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7158 pending_find(MGMT_OP_SET_LE, hdev)) {
7159 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7160 MGMT_STATUS_BUSY);
7161 goto unlock;
7162 }
7163
7164 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7165 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7166 cp->scan_rsp_len, false)) {
7167 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7168 MGMT_STATUS_INVALID_PARAMS);
7169 goto unlock;
7170 }
7171
7172 err = hci_add_adv_instance(hdev, cp->instance, flags,
7173 cp->adv_data_len, cp->data,
7174 cp->scan_rsp_len,
7175 cp->data + cp->adv_data_len,
7176 timeout, duration);
7177 if (err < 0) {
7178 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7179 MGMT_STATUS_FAILED);
7180 goto unlock;
7181 }
7182
7183
7184
7185
7186 if (hdev->adv_instance_cnt > prev_instance_cnt)
7187 advertising_added(sk, hdev, cp->instance);
7188
7189 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
7190
7191 if (hdev->cur_adv_instance == cp->instance) {
7192
7193
7194
7195
7196
7197 cancel_adv_timeout(hdev);
7198
7199 next_instance = hci_get_next_instance(hdev, cp->instance);
7200 if (next_instance)
7201 schedule_instance = next_instance->instance;
7202 } else if (!hdev->adv_instance_timeout) {
7203
7204
7205
7206 schedule_instance = cp->instance;
7207 }
7208
7209
7210
7211
7212
7213 if (!hdev_is_powered(hdev) ||
7214 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7215 !schedule_instance) {
7216 rp.instance = cp->instance;
7217 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7218 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7219 goto unlock;
7220 }
7221
7222
7223
7224
7225 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7226 data_len);
7227 if (!cmd) {
7228 err = -ENOMEM;
7229 goto unlock;
7230 }
7231
7232 hci_req_init(&req, hdev);
7233
7234 err = schedule_adv_instance(&req, schedule_instance, true);
7235
7236 if (!err)
7237 err = hci_req_run(&req, add_advertising_complete);
7238
7239 if (err < 0)
7240 mgmt_pending_remove(cmd);
7241
7242unlock:
7243 hci_dev_unlock(hdev);
7244
7245 return err;
7246}
7247
7248static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7249 u16 opcode)
7250{
7251 struct mgmt_pending_cmd *cmd;
7252 struct mgmt_cp_remove_advertising *cp;
7253 struct mgmt_rp_remove_advertising rp;
7254
7255 BT_DBG("status %d", status);
7256
7257 hci_dev_lock(hdev);
7258
7259
7260
7261
7262
7263 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7264 if (!cmd)
7265 goto unlock;
7266
7267 cp = cmd->param;
7268 rp.instance = cp->instance;
7269
7270 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7271 &rp, sizeof(rp));
7272 mgmt_pending_remove(cmd);
7273
7274unlock:
7275 hci_dev_unlock(hdev);
7276}
7277
7278static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7279 void *data, u16 data_len)
7280{
7281 struct mgmt_cp_remove_advertising *cp = data;
7282 struct mgmt_rp_remove_advertising rp;
7283 struct mgmt_pending_cmd *cmd;
7284 struct hci_request req;
7285 int err;
7286
7287 BT_DBG("%s", hdev->name);
7288
7289 hci_dev_lock(hdev);
7290
7291 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7292 err = mgmt_cmd_status(sk, hdev->id,
7293 MGMT_OP_REMOVE_ADVERTISING,
7294 MGMT_STATUS_INVALID_PARAMS);
7295 goto unlock;
7296 }
7297
7298 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7299 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7300 pending_find(MGMT_OP_SET_LE, hdev)) {
7301 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7302 MGMT_STATUS_BUSY);
7303 goto unlock;
7304 }
7305
7306 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7307 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7308 MGMT_STATUS_INVALID_PARAMS);
7309 goto unlock;
7310 }
7311
7312 hci_req_init(&req, hdev);
7313
7314 clear_adv_instance(hdev, &req, cp->instance, true);
7315
7316 if (list_empty(&hdev->adv_instances))
7317 disable_advertising(&req);
7318
7319
7320
7321
7322
7323 if (skb_queue_empty(&req.cmd_q) ||
7324 !hdev_is_powered(hdev) ||
7325 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7326 rp.instance = cp->instance;
7327 err = mgmt_cmd_complete(sk, hdev->id,
7328 MGMT_OP_REMOVE_ADVERTISING,
7329 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7330 goto unlock;
7331 }
7332
7333 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7334 data_len);
7335 if (!cmd) {
7336 err = -ENOMEM;
7337 goto unlock;
7338 }
7339
7340 err = hci_req_run(&req, remove_advertising_complete);
7341 if (err < 0)
7342 mgmt_pending_remove(cmd);
7343
7344unlock:
7345 hci_dev_unlock(hdev);
7346
7347 return err;
7348}
7349
7350static const struct hci_mgmt_handler mgmt_handlers[] = {
7351 { NULL },
7352 { read_version, MGMT_READ_VERSION_SIZE,
7353 HCI_MGMT_NO_HDEV |
7354 HCI_MGMT_UNTRUSTED },
7355 { read_commands, MGMT_READ_COMMANDS_SIZE,
7356 HCI_MGMT_NO_HDEV |
7357 HCI_MGMT_UNTRUSTED },
7358 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7359 HCI_MGMT_NO_HDEV |
7360 HCI_MGMT_UNTRUSTED },
7361 { read_controller_info, MGMT_READ_INFO_SIZE,
7362 HCI_MGMT_UNTRUSTED },
7363 { set_powered, MGMT_SETTING_SIZE },
7364 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7365 { set_connectable, MGMT_SETTING_SIZE },
7366 { set_fast_connectable, MGMT_SETTING_SIZE },
7367 { set_bondable, MGMT_SETTING_SIZE },
7368 { set_link_security, MGMT_SETTING_SIZE },
7369 { set_ssp, MGMT_SETTING_SIZE },
7370 { set_hs, MGMT_SETTING_SIZE },
7371 { set_le, MGMT_SETTING_SIZE },
7372 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7373 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7374 { add_uuid, MGMT_ADD_UUID_SIZE },
7375 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7376 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7377 HCI_MGMT_VAR_LEN },
7378 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7379 HCI_MGMT_VAR_LEN },
7380 { disconnect, MGMT_DISCONNECT_SIZE },
7381 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7382 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7383 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7384 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7385 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7386 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7387 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7388 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7389 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7390 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7391 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7392 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7393 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7394 HCI_MGMT_VAR_LEN },
7395 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7396 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7397 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7398 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7399 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7400 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7401 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7402 { set_advertising, MGMT_SETTING_SIZE },
7403 { set_bredr, MGMT_SETTING_SIZE },
7404 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7405 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7406 { set_secure_conn, MGMT_SETTING_SIZE },
7407 { set_debug_keys, MGMT_SETTING_SIZE },
7408 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7409 { load_irks, MGMT_LOAD_IRKS_SIZE,
7410 HCI_MGMT_VAR_LEN },
7411 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7412 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7413 { add_device, MGMT_ADD_DEVICE_SIZE },
7414 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7415 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7416 HCI_MGMT_VAR_LEN },
7417 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7418 HCI_MGMT_NO_HDEV |
7419 HCI_MGMT_UNTRUSTED },
7420 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7421 HCI_MGMT_UNCONFIGURED |
7422 HCI_MGMT_UNTRUSTED },
7423 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7424 HCI_MGMT_UNCONFIGURED },
7425 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7426 HCI_MGMT_UNCONFIGURED },
7427 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7428 HCI_MGMT_VAR_LEN },
7429 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7430 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7431 HCI_MGMT_NO_HDEV |
7432 HCI_MGMT_UNTRUSTED },
7433 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7434 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7435 HCI_MGMT_VAR_LEN },
7436 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7437};
7438
7439void mgmt_index_added(struct hci_dev *hdev)
7440{
7441 struct mgmt_ev_ext_index ev;
7442
7443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7444 return;
7445
7446 switch (hdev->dev_type) {
7447 case HCI_BREDR:
7448 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7449 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7450 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7451 ev.type = 0x01;
7452 } else {
7453 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7454 HCI_MGMT_INDEX_EVENTS);
7455 ev.type = 0x00;
7456 }
7457 break;
7458 case HCI_AMP:
7459 ev.type = 0x02;
7460 break;
7461 default:
7462 return;
7463 }
7464
7465 ev.bus = hdev->bus;
7466
7467 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7468 HCI_MGMT_EXT_INDEX_EVENTS);
7469}
7470
7471void mgmt_index_removed(struct hci_dev *hdev)
7472{
7473 struct mgmt_ev_ext_index ev;
7474 u8 status = MGMT_STATUS_INVALID_INDEX;
7475
7476 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7477 return;
7478
7479 switch (hdev->dev_type) {
7480 case HCI_BREDR:
7481 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7482
7483 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7484 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7485 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7486 ev.type = 0x01;
7487 } else {
7488 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7489 HCI_MGMT_INDEX_EVENTS);
7490 ev.type = 0x00;
7491 }
7492 break;
7493 case HCI_AMP:
7494 ev.type = 0x02;
7495 break;
7496 default:
7497 return;
7498 }
7499
7500 ev.bus = hdev->bus;
7501
7502 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7503 HCI_MGMT_EXT_INDEX_EVENTS);
7504}
7505
7506
7507static void restart_le_actions(struct hci_request *req)
7508{
7509 struct hci_dev *hdev = req->hdev;
7510 struct hci_conn_params *p;
7511
7512 list_for_each_entry(p, &hdev->le_conn_params, list) {
7513
7514
7515
7516 list_del_init(&p->action);
7517
7518 switch (p->auto_connect) {
7519 case HCI_AUTO_CONN_DIRECT:
7520 case HCI_AUTO_CONN_ALWAYS:
7521 list_add(&p->action, &hdev->pend_le_conns);
7522 break;
7523 case HCI_AUTO_CONN_REPORT:
7524 list_add(&p->action, &hdev->pend_le_reports);
7525 break;
7526 default:
7527 break;
7528 }
7529 }
7530
7531 __hci_update_background_scan(req);
7532}
7533
7534static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7535{
7536 struct cmd_lookup match = { NULL, hdev };
7537
7538 BT_DBG("status 0x%02x", status);
7539
7540 if (!status) {
7541
7542
7543
7544
7545
7546 smp_register(hdev);
7547 }
7548
7549 hci_dev_lock(hdev);
7550
7551 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7552
7553 new_settings(hdev, match.sk);
7554
7555 hci_dev_unlock(hdev);
7556
7557 if (match.sk)
7558 sock_put(match.sk);
7559}
7560
7561static int powered_update_hci(struct hci_dev *hdev)
7562{
7563 struct hci_request req;
7564 struct adv_info *adv_instance;
7565 u8 link_sec;
7566
7567 hci_req_init(&req, hdev);
7568
7569 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7570 !lmp_host_ssp_capable(hdev)) {
7571 u8 mode = 0x01;
7572
7573 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7574
7575 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7576 u8 support = 0x01;
7577
7578 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7579 sizeof(support), &support);
7580 }
7581 }
7582
7583 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7584 lmp_bredr_capable(hdev)) {
7585 struct hci_cp_write_le_host_supported cp;
7586
7587 cp.le = 0x01;
7588 cp.simul = 0x00;
7589
7590
7591
7592
7593 if (cp.le != lmp_host_le_capable(hdev) ||
7594 cp.simul != lmp_host_le_br_capable(hdev))
7595 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7596 sizeof(cp), &cp);
7597 }
7598
7599 if (lmp_le_capable(hdev)) {
7600
7601
7602
7603
7604 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7605 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7606 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
7607 update_adv_data(&req);
7608 update_scan_rsp_data(&req);
7609 }
7610
7611 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7612 hdev->cur_adv_instance == 0x00 &&
7613 !list_empty(&hdev->adv_instances)) {
7614 adv_instance = list_first_entry(&hdev->adv_instances,
7615 struct adv_info, list);
7616 hdev->cur_adv_instance = adv_instance->instance;
7617 }
7618
7619 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7620 enable_advertising(&req);
7621 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
7622 hdev->cur_adv_instance)
7623 schedule_adv_instance(&req, hdev->cur_adv_instance,
7624 true);
7625
7626 restart_le_actions(&req);
7627 }
7628
7629 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7630 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7631 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7632 sizeof(link_sec), &link_sec);
7633
7634 if (lmp_bredr_capable(hdev)) {
7635 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7636 write_fast_connectable(&req, true);
7637 else
7638 write_fast_connectable(&req, false);
7639 __hci_update_page_scan(&req);
7640 update_class(&req);
7641 update_name(&req);
7642 update_eir(&req);
7643 }
7644
7645 return hci_req_run(&req, powered_complete);
7646}
7647
7648int mgmt_powered(struct hci_dev *hdev, u8 powered)
7649{
7650 struct cmd_lookup match = { NULL, hdev };
7651 u8 status, zero_cod[] = { 0, 0, 0 };
7652 int err;
7653
7654 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7655 return 0;
7656
7657 if (powered) {
7658 if (powered_update_hci(hdev) == 0)
7659 return 0;
7660
7661 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7662 &match);
7663 goto new_settings;
7664 }
7665
7666 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7667
7668
7669
7670
7671
7672
7673
7674
7675 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7676 status = MGMT_STATUS_INVALID_INDEX;
7677 else
7678 status = MGMT_STATUS_NOT_POWERED;
7679
7680 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7681
7682 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7683 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7684 zero_cod, sizeof(zero_cod), NULL);
7685
7686new_settings:
7687 err = new_settings(hdev, match.sk);
7688
7689 if (match.sk)
7690 sock_put(match.sk);
7691
7692 return err;
7693}
7694
7695void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7696{
7697 struct mgmt_pending_cmd *cmd;
7698 u8 status;
7699
7700 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7701 if (!cmd)
7702 return;
7703
7704 if (err == -ERFKILL)
7705 status = MGMT_STATUS_RFKILLED;
7706 else
7707 status = MGMT_STATUS_FAILED;
7708
7709 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7710
7711 mgmt_pending_remove(cmd);
7712}
7713
7714void mgmt_discoverable_timeout(struct hci_dev *hdev)
7715{
7716 struct hci_request req;
7717
7718 hci_dev_lock(hdev);
7719
7720
7721
7722
7723
7724
7725 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7726 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7727
7728 hci_req_init(&req, hdev);
7729 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7730 u8 scan = SCAN_PAGE;
7731 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7732 sizeof(scan), &scan);
7733 }
7734 update_class(&req);
7735
7736
7737
7738
7739 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7740 update_adv_data(&req);
7741
7742 hci_req_run(&req, NULL);
7743
7744 hdev->discov_timeout = 0;
7745
7746 new_settings(hdev, NULL);
7747
7748 hci_dev_unlock(hdev);
7749}
7750
7751void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7752 bool persistent)
7753{
7754 struct mgmt_ev_new_link_key ev;
7755
7756 memset(&ev, 0, sizeof(ev));
7757
7758 ev.store_hint = persistent;
7759 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7760 ev.key.addr.type = BDADDR_BREDR;
7761 ev.key.type = key->type;
7762 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7763 ev.key.pin_len = key->pin_len;
7764
7765 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7766}
7767
7768static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7769{
7770 switch (ltk->type) {
7771 case SMP_LTK:
7772 case SMP_LTK_SLAVE:
7773 if (ltk->authenticated)
7774 return MGMT_LTK_AUTHENTICATED;
7775 return MGMT_LTK_UNAUTHENTICATED;
7776 case SMP_LTK_P256:
7777 if (ltk->authenticated)
7778 return MGMT_LTK_P256_AUTH;
7779 return MGMT_LTK_P256_UNAUTH;
7780 case SMP_LTK_P256_DEBUG:
7781 return MGMT_LTK_P256_DEBUG;
7782 }
7783
7784 return MGMT_LTK_UNAUTHENTICATED;
7785}
7786
7787void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7788{
7789 struct mgmt_ev_new_long_term_key ev;
7790
7791 memset(&ev, 0, sizeof(ev));
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7805 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7806 ev.store_hint = 0x00;
7807 else
7808 ev.store_hint = persistent;
7809
7810 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7811 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7812 ev.key.type = mgmt_ltk_type(key);
7813 ev.key.enc_size = key->enc_size;
7814 ev.key.ediv = key->ediv;
7815 ev.key.rand = key->rand;
7816
7817 if (key->type == SMP_LTK)
7818 ev.key.master = 1;
7819
7820
7821
7822
7823 memcpy(ev.key.val, key->val, key->enc_size);
7824 memset(ev.key.val + key->enc_size, 0,
7825 sizeof(ev.key.val) - key->enc_size);
7826
7827 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7828}
7829
7830void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7831{
7832 struct mgmt_ev_new_irk ev;
7833
7834 memset(&ev, 0, sizeof(ev));
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847 if (bacmp(&irk->rpa, BDADDR_ANY))
7848 ev.store_hint = 0x01;
7849 else
7850 ev.store_hint = 0x00;
7851
7852 bacpy(&ev.rpa, &irk->rpa);
7853 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7854 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7855 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7856
7857 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7858}
7859
7860void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7861 bool persistent)
7862{
7863 struct mgmt_ev_new_csrk ev;
7864
7865 memset(&ev, 0, sizeof(ev));
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7877 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7878 ev.store_hint = 0x00;
7879 else
7880 ev.store_hint = persistent;
7881
7882 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7883 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7884 ev.key.type = csrk->type;
7885 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7886
7887 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7888}
7889
7890void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7891 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7892 u16 max_interval, u16 latency, u16 timeout)
7893{
7894 struct mgmt_ev_new_conn_param ev;
7895
7896 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7897 return;
7898
7899 memset(&ev, 0, sizeof(ev));
7900 bacpy(&ev.addr.bdaddr, bdaddr);
7901 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7902 ev.store_hint = store_hint;
7903 ev.min_interval = cpu_to_le16(min_interval);
7904 ev.max_interval = cpu_to_le16(max_interval);
7905 ev.latency = cpu_to_le16(latency);
7906 ev.timeout = cpu_to_le16(timeout);
7907
7908 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7909}
7910
7911void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7912 u32 flags, u8 *name, u8 name_len)
7913{
7914 char buf[512];
7915 struct mgmt_ev_device_connected *ev = (void *) buf;
7916 u16 eir_len = 0;
7917
7918 bacpy(&ev->addr.bdaddr, &conn->dst);
7919 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7920
7921 ev->flags = __cpu_to_le32(flags);
7922
7923
7924
7925
7926
7927 if (conn->le_adv_data_len > 0) {
7928 memcpy(&ev->eir[eir_len],
7929 conn->le_adv_data, conn->le_adv_data_len);
7930 eir_len = conn->le_adv_data_len;
7931 } else {
7932 if (name_len > 0)
7933 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7934 name, name_len);
7935
7936 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7937 eir_len = eir_append_data(ev->eir, eir_len,
7938 EIR_CLASS_OF_DEV,
7939 conn->dev_class, 3);
7940 }
7941
7942 ev->eir_len = cpu_to_le16(eir_len);
7943
7944 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7945 sizeof(*ev) + eir_len, NULL);
7946}
7947
7948static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7949{
7950 struct sock **sk = data;
7951
7952 cmd->cmd_complete(cmd, 0);
7953
7954 *sk = cmd->sk;
7955 sock_hold(*sk);
7956
7957 mgmt_pending_remove(cmd);
7958}
7959
7960static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7961{
7962 struct hci_dev *hdev = data;
7963 struct mgmt_cp_unpair_device *cp = cmd->param;
7964
7965 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7966
7967 cmd->cmd_complete(cmd, 0);
7968 mgmt_pending_remove(cmd);
7969}
7970
7971bool mgmt_powering_down(struct hci_dev *hdev)
7972{
7973 struct mgmt_pending_cmd *cmd;
7974 struct mgmt_mode *cp;
7975
7976 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7977 if (!cmd)
7978 return false;
7979
7980 cp = cmd->param;
7981 if (!cp->val)
7982 return true;
7983
7984 return false;
7985}
7986
7987void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7988 u8 link_type, u8 addr_type, u8 reason,
7989 bool mgmt_connected)
7990{
7991 struct mgmt_ev_device_disconnected ev;
7992 struct sock *sk = NULL;
7993
7994
7995
7996
7997 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7998 cancel_delayed_work(&hdev->power_off);
7999 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8000 }
8001
8002 if (!mgmt_connected)
8003 return;
8004
8005 if (link_type != ACL_LINK && link_type != LE_LINK)
8006 return;
8007
8008 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8009
8010 bacpy(&ev.addr.bdaddr, bdaddr);
8011 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8012 ev.reason = reason;
8013
8014 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8015
8016 if (sk)
8017 sock_put(sk);
8018
8019 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8020 hdev);
8021}
8022
8023void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8024 u8 link_type, u8 addr_type, u8 status)
8025{
8026 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8027 struct mgmt_cp_disconnect *cp;
8028 struct mgmt_pending_cmd *cmd;
8029
8030 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8031 hdev);
8032
8033 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8034 if (!cmd)
8035 return;
8036
8037 cp = cmd->param;
8038
8039 if (bacmp(bdaddr, &cp->addr.bdaddr))
8040 return;
8041
8042 if (cp->addr.type != bdaddr_type)
8043 return;
8044
8045 cmd->cmd_complete(cmd, mgmt_status(status));
8046 mgmt_pending_remove(cmd);
8047}
8048
8049void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8050 u8 addr_type, u8 status)
8051{
8052 struct mgmt_ev_connect_failed ev;
8053
8054
8055
8056
8057 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8058 cancel_delayed_work(&hdev->power_off);
8059 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8060 }
8061
8062 bacpy(&ev.addr.bdaddr, bdaddr);
8063 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8064 ev.status = mgmt_status(status);
8065
8066 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8067}
8068
8069void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8070{
8071 struct mgmt_ev_pin_code_request ev;
8072
8073 bacpy(&ev.addr.bdaddr, bdaddr);
8074 ev.addr.type = BDADDR_BREDR;
8075 ev.secure = secure;
8076
8077 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8078}
8079
8080void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8081 u8 status)
8082{
8083 struct mgmt_pending_cmd *cmd;
8084
8085 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8086 if (!cmd)
8087 return;
8088
8089 cmd->cmd_complete(cmd, mgmt_status(status));
8090 mgmt_pending_remove(cmd);
8091}
8092
8093void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8094 u8 status)
8095{
8096 struct mgmt_pending_cmd *cmd;
8097
8098 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8099 if (!cmd)
8100 return;
8101
8102 cmd->cmd_complete(cmd, mgmt_status(status));
8103 mgmt_pending_remove(cmd);
8104}
8105
8106int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8107 u8 link_type, u8 addr_type, u32 value,
8108 u8 confirm_hint)
8109{
8110 struct mgmt_ev_user_confirm_request ev;
8111
8112 BT_DBG("%s", hdev->name);
8113
8114 bacpy(&ev.addr.bdaddr, bdaddr);
8115 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8116 ev.confirm_hint = confirm_hint;
8117 ev.value = cpu_to_le32(value);
8118
8119 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8120 NULL);
8121}
8122
8123int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8124 u8 link_type, u8 addr_type)
8125{
8126 struct mgmt_ev_user_passkey_request ev;
8127
8128 BT_DBG("%s", hdev->name);
8129
8130 bacpy(&ev.addr.bdaddr, bdaddr);
8131 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8132
8133 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8134 NULL);
8135}
8136
8137static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8138 u8 link_type, u8 addr_type, u8 status,
8139 u8 opcode)
8140{
8141 struct mgmt_pending_cmd *cmd;
8142
8143 cmd = pending_find(opcode, hdev);
8144 if (!cmd)
8145 return -ENOENT;
8146
8147 cmd->cmd_complete(cmd, mgmt_status(status));
8148 mgmt_pending_remove(cmd);
8149
8150 return 0;
8151}
8152
8153int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8154 u8 link_type, u8 addr_type, u8 status)
8155{
8156 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8157 status, MGMT_OP_USER_CONFIRM_REPLY);
8158}
8159
8160int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8161 u8 link_type, u8 addr_type, u8 status)
8162{
8163 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8164 status,
8165 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8166}
8167
8168int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8169 u8 link_type, u8 addr_type, u8 status)
8170{
8171 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8172 status, MGMT_OP_USER_PASSKEY_REPLY);
8173}
8174
8175int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8176 u8 link_type, u8 addr_type, u8 status)
8177{
8178 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8179 status,
8180 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8181}
8182
8183int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8184 u8 link_type, u8 addr_type, u32 passkey,
8185 u8 entered)
8186{
8187 struct mgmt_ev_passkey_notify ev;
8188
8189 BT_DBG("%s", hdev->name);
8190
8191 bacpy(&ev.addr.bdaddr, bdaddr);
8192 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8193 ev.passkey = __cpu_to_le32(passkey);
8194 ev.entered = entered;
8195
8196 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8197}
8198
8199void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8200{
8201 struct mgmt_ev_auth_failed ev;
8202 struct mgmt_pending_cmd *cmd;
8203 u8 status = mgmt_status(hci_status);
8204
8205 bacpy(&ev.addr.bdaddr, &conn->dst);
8206 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8207 ev.status = status;
8208
8209 cmd = find_pairing(conn);
8210
8211 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8212 cmd ? cmd->sk : NULL);
8213
8214 if (cmd) {
8215 cmd->cmd_complete(cmd, status);
8216 mgmt_pending_remove(cmd);
8217 }
8218}
8219
8220void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8221{
8222 struct cmd_lookup match = { NULL, hdev };
8223 bool changed;
8224
8225 if (status) {
8226 u8 mgmt_err = mgmt_status(status);
8227 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8228 cmd_status_rsp, &mgmt_err);
8229 return;
8230 }
8231
8232 if (test_bit(HCI_AUTH, &hdev->flags))
8233 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8234 else
8235 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8236
8237 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8238 &match);
8239
8240 if (changed)
8241 new_settings(hdev, match.sk);
8242
8243 if (match.sk)
8244 sock_put(match.sk);
8245}
8246
8247static void clear_eir(struct hci_request *req)
8248{
8249 struct hci_dev *hdev = req->hdev;
8250 struct hci_cp_write_eir cp;
8251
8252 if (!lmp_ext_inq_capable(hdev))
8253 return;
8254
8255 memset(hdev->eir, 0, sizeof(hdev->eir));
8256
8257 memset(&cp, 0, sizeof(cp));
8258
8259 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8260}
8261
8262void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8263{
8264 struct cmd_lookup match = { NULL, hdev };
8265 struct hci_request req;
8266 bool changed = false;
8267
8268 if (status) {
8269 u8 mgmt_err = mgmt_status(status);
8270
8271 if (enable && hci_dev_test_and_clear_flag(hdev,
8272 HCI_SSP_ENABLED)) {
8273 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8274 new_settings(hdev, NULL);
8275 }
8276
8277 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8278 &mgmt_err);
8279 return;
8280 }
8281
8282 if (enable) {
8283 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8284 } else {
8285 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8286 if (!changed)
8287 changed = hci_dev_test_and_clear_flag(hdev,
8288 HCI_HS_ENABLED);
8289 else
8290 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8291 }
8292
8293 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8294
8295 if (changed)
8296 new_settings(hdev, match.sk);
8297
8298 if (match.sk)
8299 sock_put(match.sk);
8300
8301 hci_req_init(&req, hdev);
8302
8303 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8304 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8305 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8306 sizeof(enable), &enable);
8307 update_eir(&req);
8308 } else {
8309 clear_eir(&req);
8310 }
8311
8312 hci_req_run(&req, NULL);
8313}
8314
8315static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8316{
8317 struct cmd_lookup *match = data;
8318
8319 if (match->sk == NULL) {
8320 match->sk = cmd->sk;
8321 sock_hold(match->sk);
8322 }
8323}
8324
8325void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8326 u8 status)
8327{
8328 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8329
8330 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8331 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8332 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8333
8334 if (!status)
8335 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8336 dev_class, 3, NULL);
8337
8338 if (match.sk)
8339 sock_put(match.sk);
8340}
8341
8342void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8343{
8344 struct mgmt_cp_set_local_name ev;
8345 struct mgmt_pending_cmd *cmd;
8346
8347 if (status)
8348 return;
8349
8350 memset(&ev, 0, sizeof(ev));
8351 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8352 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8353
8354 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8355 if (!cmd) {
8356 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8357
8358
8359
8360
8361 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8362 return;
8363 }
8364
8365 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8366 cmd ? cmd->sk : NULL);
8367}
8368
8369static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8370{
8371 int i;
8372
8373 for (i = 0; i < uuid_count; i++) {
8374 if (!memcmp(uuid, uuids[i], 16))
8375 return true;
8376 }
8377
8378 return false;
8379}
8380
8381static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8382{
8383 u16 parsed = 0;
8384
8385 while (parsed < eir_len) {
8386 u8 field_len = eir[0];
8387 u8 uuid[16];
8388 int i;
8389
8390 if (field_len == 0)
8391 break;
8392
8393 if (eir_len - parsed < field_len + 1)
8394 break;
8395
8396 switch (eir[1]) {
8397 case EIR_UUID16_ALL:
8398 case EIR_UUID16_SOME:
8399 for (i = 0; i + 3 <= field_len; i += 2) {
8400 memcpy(uuid, bluetooth_base_uuid, 16);
8401 uuid[13] = eir[i + 3];
8402 uuid[12] = eir[i + 2];
8403 if (has_uuid(uuid, uuid_count, uuids))
8404 return true;
8405 }
8406 break;
8407 case EIR_UUID32_ALL:
8408 case EIR_UUID32_SOME:
8409 for (i = 0; i + 5 <= field_len; i += 4) {
8410 memcpy(uuid, bluetooth_base_uuid, 16);
8411 uuid[15] = eir[i + 5];
8412 uuid[14] = eir[i + 4];
8413 uuid[13] = eir[i + 3];
8414 uuid[12] = eir[i + 2];
8415 if (has_uuid(uuid, uuid_count, uuids))
8416 return true;
8417 }
8418 break;
8419 case EIR_UUID128_ALL:
8420 case EIR_UUID128_SOME:
8421 for (i = 0; i + 17 <= field_len; i += 16) {
8422 memcpy(uuid, eir + i + 2, 16);
8423 if (has_uuid(uuid, uuid_count, uuids))
8424 return true;
8425 }
8426 break;
8427 }
8428
8429 parsed += field_len + 1;
8430 eir += field_len + 1;
8431 }
8432
8433 return false;
8434}
8435
8436static void restart_le_scan(struct hci_dev *hdev)
8437{
8438
8439 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8440 return;
8441
8442 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8443 hdev->discovery.scan_start +
8444 hdev->discovery.scan_duration))
8445 return;
8446
8447 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8448 DISCOV_LE_RESTART_DELAY);
8449}
8450
8451static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8452 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8453{
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8464 (rssi == HCI_RSSI_INVALID ||
8465 (rssi < hdev->discovery.rssi &&
8466 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8467 return false;
8468
8469 if (hdev->discovery.uuid_count != 0) {
8470
8471
8472
8473 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8474 hdev->discovery.uuids) &&
8475 !eir_has_uuids(scan_rsp, scan_rsp_len,
8476 hdev->discovery.uuid_count,
8477 hdev->discovery.uuids))
8478 return false;
8479 }
8480
8481
8482
8483
8484 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8485 restart_le_scan(hdev);
8486
8487
8488 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8489 rssi < hdev->discovery.rssi)
8490 return false;
8491 }
8492
8493 return true;
8494}
8495
8496void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8497 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8498 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8499{
8500 char buf[512];
8501 struct mgmt_ev_device_found *ev = (void *)buf;
8502 size_t ev_size;
8503
8504
8505
8506
8507
8508 if (!hci_discovery_active(hdev)) {
8509 if (link_type == ACL_LINK)
8510 return;
8511 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8512 return;
8513 }
8514
8515 if (hdev->discovery.result_filtering) {
8516
8517 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8518 scan_rsp_len))
8519 return;
8520 }
8521
8522
8523
8524
8525 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8526 return;
8527
8528 memset(buf, 0, sizeof(buf));
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8539 link_type == ACL_LINK)
8540 rssi = 0;
8541
8542 bacpy(&ev->addr.bdaddr, bdaddr);
8543 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8544 ev->rssi = rssi;
8545 ev->flags = cpu_to_le32(flags);
8546
8547 if (eir_len > 0)
8548
8549 memcpy(ev->eir, eir, eir_len);
8550
8551 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8552 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8553 dev_class, 3);
8554
8555 if (scan_rsp_len > 0)
8556
8557 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8558
8559 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8560 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8561
8562 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8563}
8564
8565void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8566 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8567{
8568 struct mgmt_ev_device_found *ev;
8569 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8570 u16 eir_len;
8571
8572 ev = (struct mgmt_ev_device_found *) buf;
8573
8574 memset(buf, 0, sizeof(buf));
8575
8576 bacpy(&ev->addr.bdaddr, bdaddr);
8577 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8578 ev->rssi = rssi;
8579
8580 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8581 name_len);
8582
8583 ev->eir_len = cpu_to_le16(eir_len);
8584
8585 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8586}
8587
8588void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8589{
8590 struct mgmt_ev_discovering ev;
8591
8592 BT_DBG("%s discovering %u", hdev->name, discovering);
8593
8594 memset(&ev, 0, sizeof(ev));
8595 ev.type = hdev->discovery.type;
8596 ev.discovering = discovering;
8597
8598 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8599}
8600
8601static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8602{
8603 BT_DBG("%s status %u", hdev->name, status);
8604}
8605
8606void mgmt_reenable_advertising(struct hci_dev *hdev)
8607{
8608 struct hci_request req;
8609 u8 instance;
8610
8611 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8612 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8613 return;
8614
8615 instance = get_current_adv_instance(hdev);
8616
8617 hci_req_init(&req, hdev);
8618
8619 if (instance) {
8620 schedule_adv_instance(&req, instance, true);
8621 } else {
8622 update_adv_data(&req);
8623 update_scan_rsp_data(&req);
8624 enable_advertising(&req);
8625 }
8626
8627 hci_req_run(&req, adv_enable_complete);
8628}
8629
8630static struct hci_mgmt_chan chan = {
8631 .channel = HCI_CHANNEL_CONTROL,
8632 .handler_count = ARRAY_SIZE(mgmt_handlers),
8633 .handlers = mgmt_handlers,
8634 .hdev_init = mgmt_init_hdev,
8635};
8636
8637int mgmt_init(void)
8638{
8639 return hci_mgmt_chan_register(&chan);
8640}
8641
8642void mgmt_exit(void)
8643{
8644 hci_mgmt_chan_unregister(&chan);
8645}
8646
