1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 14
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147};
148
149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170};
171
172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND,
181 MGMT_STATUS_NOT_CONNECTED,
182 MGMT_STATUS_FAILED,
183 MGMT_STATUS_CONNECT_FAILED,
184 MGMT_STATUS_AUTH_FAILED,
185 MGMT_STATUS_AUTH_FAILED,
186 MGMT_STATUS_NO_RESOURCES,
187 MGMT_STATUS_TIMEOUT,
188 MGMT_STATUS_NO_RESOURCES,
189 MGMT_STATUS_NO_RESOURCES,
190 MGMT_STATUS_ALREADY_CONNECTED,
191 MGMT_STATUS_BUSY,
192 MGMT_STATUS_NO_RESOURCES,
193 MGMT_STATUS_REJECTED,
194 MGMT_STATUS_REJECTED,
195 MGMT_STATUS_TIMEOUT,
196 MGMT_STATUS_NOT_SUPPORTED,
197 MGMT_STATUS_INVALID_PARAMS,
198 MGMT_STATUS_DISCONNECTED,
199 MGMT_STATUS_NO_RESOURCES,
200 MGMT_STATUS_DISCONNECTED,
201 MGMT_STATUS_DISCONNECTED,
202 MGMT_STATUS_BUSY,
203 MGMT_STATUS_REJECTED,
204 MGMT_STATUS_FAILED,
205 MGMT_STATUS_NOT_SUPPORTED,
206 MGMT_STATUS_REJECTED,
207 MGMT_STATUS_REJECTED,
208 MGMT_STATUS_REJECTED,
209 MGMT_STATUS_INVALID_PARAMS,
210 MGMT_STATUS_FAILED,
211 MGMT_STATUS_NOT_SUPPORTED,
212 MGMT_STATUS_FAILED,
213 MGMT_STATUS_TIMEOUT,
214 MGMT_STATUS_FAILED,
215 MGMT_STATUS_FAILED,
216 MGMT_STATUS_REJECTED,
217 MGMT_STATUS_FAILED,
218 MGMT_STATUS_NOT_SUPPORTED,
219 MGMT_STATUS_TIMEOUT,
220 MGMT_STATUS_NOT_SUPPORTED,
221 MGMT_STATUS_FAILED,
222 MGMT_STATUS_INVALID_PARAMS,
223 MGMT_STATUS_REJECTED,
224 MGMT_STATUS_NOT_SUPPORTED,
225 MGMT_STATUS_REJECTED,
226 MGMT_STATUS_INVALID_PARAMS,
227 MGMT_STATUS_BUSY,
228 MGMT_STATUS_FAILED,
229 MGMT_STATUS_FAILED,
230 MGMT_STATUS_INVALID_PARAMS,
231 MGMT_STATUS_NOT_SUPPORTED,
232 MGMT_STATUS_BUSY,
233 MGMT_STATUS_REJECTED,
234 MGMT_STATUS_BUSY,
235 MGMT_STATUS_INVALID_PARAMS,
236 MGMT_STATUS_TIMEOUT,
237 MGMT_STATUS_AUTH_FAILED,
238 MGMT_STATUS_CONNECT_FAILED,
239 MGMT_STATUS_CONNECT_FAILED,
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255}
256
257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269}
270
271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298}
299
300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302{
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350}
351
352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354{
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386
387
388
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410}
411
412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446
447
448
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470}
471
472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 u16 count;
478 int err;
479
480 BT_DBG("sock %p", sk);
481
482 read_lock(&hci_dev_list_lock);
483
484 count = 0;
485 list_for_each_entry(d, &hci_dev_list, list) {
486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
487 count++;
488 }
489
490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
491 if (!rp) {
492 read_unlock(&hci_dev_list_lock);
493 return -ENOMEM;
494 }
495
496 count = 0;
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
501 continue;
502
503
504
505
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
507 continue;
508
509 if (d->dev_type == HCI_PRIMARY) {
510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
512 else
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
516 } else {
517 continue;
518 }
519
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
523 }
524
525 rp->num_controllers = cpu_to_le16(count);
526
527 read_unlock(&hci_dev_list_lock);
528
529
530
531
532
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
536
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
540
541 kfree(rp);
542
543 return err;
544}
545
546static bool is_configured(struct hci_dev *hdev)
547{
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
550 return false;
551
552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
554 !bacmp(&hdev->public_addr, BDADDR_ANY))
555 return false;
556
557 return true;
558}
559
560static __le32 get_missing_options(struct hci_dev *hdev)
561{
562 u32 options = 0;
563
564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
567
568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582}
583
584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590}
591
592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618}
619
620static u32 get_supported_phys(struct hci_dev *hdev)
621{
622 u32 supported_phys = 0;
623
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
626
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
629
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
632
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
635
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
638
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
641
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
644
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
647
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
650 }
651 }
652 }
653
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
657
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
661 }
662
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
666 }
667 }
668
669 return supported_phys;
670}
671
672static u32 get_selected_phys(struct hci_dev *hdev)
673{
674 u32 selected_phys = 0;
675
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
678
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
681
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
684
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
688
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
692
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
696
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
700
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
708 }
709 }
710 }
711
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
715
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
718
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
721
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
724
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
727
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
730 }
731
732 return selected_phys;
733}
734
735static u32 get_configurable_phys(struct hci_dev *hdev)
736{
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
739}
740
741static u32 get_supported_settings(struct hci_dev *hdev)
742{
743 u32 settings = 0;
744
745 settings |= MGMT_SETTING_POWERED;
746 settings |= MGMT_SETTING_BONDABLE;
747 settings |= MGMT_SETTING_DEBUG_KEYS;
748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
750
751 if (lmp_bredr_capable(hdev)) {
752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
756
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
760 }
761
762 if (lmp_sc_capable(hdev))
763 settings |= MGMT_SETTING_SECURE_CONN;
764 }
765
766 if (lmp_le_capable(hdev)) {
767 settings |= MGMT_SETTING_LE;
768 settings |= MGMT_SETTING_ADVERTISING;
769 settings |= MGMT_SETTING_SECURE_CONN;
770 settings |= MGMT_SETTING_PRIVACY;
771 settings |= MGMT_SETTING_STATIC_ADDRESS;
772 }
773
774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
775 hdev->set_bdaddr)
776 settings |= MGMT_SETTING_CONFIGURATION;
777
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
779
780 return settings;
781}
782
783static u32 get_current_settings(struct hci_dev *hdev)
784{
785 u32 settings = 0;
786
787 if (hdev_is_powered(hdev))
788 settings |= MGMT_SETTING_POWERED;
789
790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
791 settings |= MGMT_SETTING_CONNECTABLE;
792
793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
795
796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
797 settings |= MGMT_SETTING_DISCOVERABLE;
798
799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
800 settings |= MGMT_SETTING_BONDABLE;
801
802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
803 settings |= MGMT_SETTING_BREDR;
804
805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
806 settings |= MGMT_SETTING_LE;
807
808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
809 settings |= MGMT_SETTING_LINK_SECURITY;
810
811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
812 settings |= MGMT_SETTING_SSP;
813
814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
815 settings |= MGMT_SETTING_HS;
816
817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
818 settings |= MGMT_SETTING_ADVERTISING;
819
820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
821 settings |= MGMT_SETTING_SECURE_CONN;
822
823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
824 settings |= MGMT_SETTING_DEBUG_KEYS;
825
826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
827 settings |= MGMT_SETTING_PRIVACY;
828
829
830
831
832
833
834
835
836
837
838
839
840
841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
846 }
847
848 return settings;
849}
850
851static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
852{
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
854}
855
856static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
858 const void *data)
859{
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
861}
862
863u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
864{
865 struct mgmt_pending_cmd *cmd;
866
867
868
869
870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
871 if (cmd) {
872 struct mgmt_mode *cp = cmd->param;
873 if (cp->val == 0x01)
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
877 } else {
878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
879 return LE_AD_LIMITED;
880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
881 return LE_AD_GENERAL;
882 }
883
884 return 0;
885}
886
887bool mgmt_get_connectable(struct hci_dev *hdev)
888{
889 struct mgmt_pending_cmd *cmd;
890
891
892
893
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
895 if (cmd) {
896 struct mgmt_mode *cp = cmd->param;
897
898 return cp->val;
899 }
900
901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
902}
903
904static void service_cache_off(struct work_struct *work)
905{
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
907 service_cache.work);
908 struct hci_request req;
909
910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
911 return;
912
913 hci_req_init(&req, hdev);
914
915 hci_dev_lock(hdev);
916
917 __hci_req_update_eir(&req);
918 __hci_req_update_class(&req);
919
920 hci_dev_unlock(hdev);
921
922 hci_req_run(&req, NULL);
923}
924
925static void rpa_expired(struct work_struct *work)
926{
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
928 rpa_expired.work);
929 struct hci_request req;
930
931 BT_DBG("");
932
933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
934
935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
936 return;
937
938
939
940
941
942 hci_req_init(&req, hdev);
943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
945 else
946 __hci_req_enable_advertising(&req);
947 hci_req_run(&req, NULL);
948}
949
950static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
951{
952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
953 return;
954
955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
957
958
959
960
961
962
963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
964}
965
966static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
967 void *data, u16 data_len)
968{
969 struct mgmt_rp_read_info rp;
970
971 BT_DBG("sock %p %s", sk, hdev->name);
972
973 hci_dev_lock(hdev);
974
975 memset(&rp, 0, sizeof(rp));
976
977 bacpy(&rp.bdaddr, &hdev->bdaddr);
978
979 rp.version = hdev->hci_ver;
980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
981
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
984
985 memcpy(rp.dev_class, hdev->dev_class, 3);
986
987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
989
990 hci_dev_unlock(hdev);
991
992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
993 sizeof(rp));
994}
995
996static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
997{
998 u16 eir_len = 0;
999 size_t name_len;
1000
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1004
1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1007 hdev->appearance);
1008
1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1012
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1016
1017 return eir_len;
1018}
1019
1020static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1022{
1023 char buf[512];
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1025 u16 eir_len;
1026
1027 BT_DBG("sock %p %s", sk, hdev->name);
1028
1029 memset(&buf, 0, sizeof(buf));
1030
1031 hci_dev_lock(hdev);
1032
1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1034
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1037
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1040
1041
1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1043 rp->eir_len = cpu_to_le16(eir_len);
1044
1045 hci_dev_unlock(hdev);
1046
1047
1048
1049
1050
1051
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1055
1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
1058}
1059
1060static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1061{
1062 char buf[512];
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1064 u16 eir_len;
1065
1066 memset(buf, 0, sizeof(buf));
1067
1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
1070
1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
1074}
1075
1076static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1077{
1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1079
1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1081 sizeof(settings));
1082}
1083
1084static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1085{
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1087
1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1091 }
1092}
1093
1094void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1095{
1096 struct mgmt_ev_advertising_added ev;
1097
1098 ev.instance = instance;
1099
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1101}
1102
1103void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1104 u8 instance)
1105{
1106 struct mgmt_ev_advertising_removed ev;
1107
1108 ev.instance = instance;
1109
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1111}
1112
1113static void cancel_adv_timeout(struct hci_dev *hdev)
1114{
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1118 }
1119}
1120
1121static int clean_up_hci_state(struct hci_dev *hdev)
1122{
1123 struct hci_request req;
1124 struct hci_conn *conn;
1125 bool discov_stopped;
1126 int err;
1127
1128 hci_req_init(&req, hdev);
1129
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1132 u8 scan = 0x00;
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1134 }
1135
1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1137
1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1139 __hci_req_disable_advertising(&req);
1140
1141 discov_stopped = hci_req_stop_discovery(&req);
1142
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1144
1145 __hci_abort_conn(&req, conn, 0x15);
1146 }
1147
1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1151
1152 return err;
1153}
1154
1155static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1156 u16 len)
1157{
1158 struct mgmt_mode *cp = data;
1159 struct mgmt_pending_cmd *cmd;
1160 int err;
1161
1162 BT_DBG("request for %s", hdev->name);
1163
1164 if (cp->val != 0x00 && cp->val != 0x01)
1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
1167
1168 hci_dev_lock(hdev);
1169
1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1172 MGMT_STATUS_BUSY);
1173 goto failed;
1174 }
1175
1176 if (!!cp->val == hdev_is_powered(hdev)) {
1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1178 goto failed;
1179 }
1180
1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1182 if (!cmd) {
1183 err = -ENOMEM;
1184 goto failed;
1185 }
1186
1187 if (cp->val) {
1188 queue_work(hdev->req_workqueue, &hdev->power_on);
1189 err = 0;
1190 } else {
1191
1192 err = clean_up_hci_state(hdev);
1193 if (!err)
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
1196
1197
1198 if (err == -ENODATA) {
1199 cancel_delayed_work(&hdev->power_off);
1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1201 err = 0;
1202 }
1203 }
1204
1205failed:
1206 hci_dev_unlock(hdev);
1207 return err;
1208}
1209
1210static int new_settings(struct hci_dev *hdev, struct sock *skip)
1211{
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1213
1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1216}
1217
1218int mgmt_new_settings(struct hci_dev *hdev)
1219{
1220 return new_settings(hdev, NULL);
1221}
1222
1223struct cmd_lookup {
1224 struct sock *sk;
1225 struct hci_dev *hdev;
1226 u8 mgmt_status;
1227};
1228
1229static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1230{
1231 struct cmd_lookup *match = data;
1232
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1234
1235 list_del(&cmd->list);
1236
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1240 }
1241
1242 mgmt_pending_free(cmd);
1243}
1244
1245static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1246{
1247 u8 *status = data;
1248
1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1250 mgmt_pending_remove(cmd);
1251}
1252
1253static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1254{
1255 if (cmd->cmd_complete) {
1256 u8 *status = data;
1257
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1260
1261 return;
1262 }
1263
1264 cmd_status_rsp(cmd, data);
1265}
1266
1267static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1268{
1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
1271}
1272
1273static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1274{
1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
1277}
1278
1279static u8 mgmt_bredr_support(struct hci_dev *hdev)
1280{
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1284 return MGMT_STATUS_REJECTED;
1285 else
1286 return MGMT_STATUS_SUCCESS;
1287}
1288
1289static u8 mgmt_le_support(struct hci_dev *hdev)
1290{
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1294 return MGMT_STATUS_REJECTED;
1295 else
1296 return MGMT_STATUS_SUCCESS;
1297}
1298
1299void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1300{
1301 struct mgmt_pending_cmd *cmd;
1302
1303 BT_DBG("status 0x%02x", status);
1304
1305 hci_dev_lock(hdev);
1306
1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1308 if (!cmd)
1309 goto unlock;
1310
1311 if (status) {
1312 u8 mgmt_err = mgmt_status(status);
1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1315 goto remove_cmd;
1316 }
1317
1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1322 }
1323
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1325 new_settings(hdev, cmd->sk);
1326
1327remove_cmd:
1328 mgmt_pending_remove(cmd);
1329
1330unlock:
1331 hci_dev_unlock(hdev);
1332}
1333
1334static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1335 u16 len)
1336{
1337 struct mgmt_cp_set_discoverable *cp = data;
1338 struct mgmt_pending_cmd *cmd;
1339 u16 timeout;
1340 int err;
1341
1342 BT_DBG("request for %s", hdev->name);
1343
1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
1348
1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
1352
1353 timeout = __le16_to_cpu(cp->timeout);
1354
1355
1356
1357
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
1362
1363 hci_dev_lock(hdev);
1364
1365 if (!hdev_is_powered(hdev) && timeout > 0) {
1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
1368 goto failed;
1369 }
1370
1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1374 MGMT_STATUS_BUSY);
1375 goto failed;
1376 }
1377
1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
1381 goto failed;
1382 }
1383
1384 if (!hdev_is_powered(hdev)) {
1385 bool changed = false;
1386
1387
1388
1389
1390
1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1393 changed = true;
1394 }
1395
1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1397 if (err < 0)
1398 goto failed;
1399
1400 if (changed)
1401 err = new_settings(hdev, sk);
1402
1403 goto failed;
1404 }
1405
1406
1407
1408
1409
1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
1415
1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
1420 }
1421
1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1423 goto failed;
1424 }
1425
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1427 if (!cmd) {
1428 err = -ENOMEM;
1429 goto failed;
1430 }
1431
1432
1433
1434
1435
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1438
1439 if (cp->val)
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1441 else
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1443
1444
1445 if (cp->val == 0x02)
1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1447 else
1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1449
1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1451 err = 0;
1452
1453failed:
1454 hci_dev_unlock(hdev);
1455 return err;
1456}
1457
1458void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1459{
1460 struct mgmt_pending_cmd *cmd;
1461
1462 BT_DBG("status 0x%02x", status);
1463
1464 hci_dev_lock(hdev);
1465
1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1467 if (!cmd)
1468 goto unlock;
1469
1470 if (status) {
1471 u8 mgmt_err = mgmt_status(status);
1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1473 goto remove_cmd;
1474 }
1475
1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1477 new_settings(hdev, cmd->sk);
1478
1479remove_cmd:
1480 mgmt_pending_remove(cmd);
1481
1482unlock:
1483 hci_dev_unlock(hdev);
1484}
1485
1486static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1488{
1489 bool changed = false;
1490 int err;
1491
1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1493 changed = true;
1494
1495 if (val) {
1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1497 } else {
1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1500 }
1501
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1503 if (err < 0)
1504 return err;
1505
1506 if (changed) {
1507 hci_req_update_scan(hdev);
1508 hci_update_background_scan(hdev);
1509 return new_settings(hdev, sk);
1510 }
1511
1512 return 0;
1513}
1514
1515static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1516 u16 len)
1517{
1518 struct mgmt_mode *cp = data;
1519 struct mgmt_pending_cmd *cmd;
1520 int err;
1521
1522 BT_DBG("request for %s", hdev->name);
1523
1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
1528
1529 if (cp->val != 0x00 && cp->val != 0x01)
1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
1532
1533 hci_dev_lock(hdev);
1534
1535 if (!hdev_is_powered(hdev)) {
1536 err = set_connectable_update_settings(hdev, sk, cp->val);
1537 goto failed;
1538 }
1539
1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1543 MGMT_STATUS_BUSY);
1544 goto failed;
1545 }
1546
1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1548 if (!cmd) {
1549 err = -ENOMEM;
1550 goto failed;
1551 }
1552
1553 if (cp->val) {
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1555 } else {
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
1558
1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1562 }
1563
1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1565 err = 0;
1566
1567failed:
1568 hci_dev_unlock(hdev);
1569 return err;
1570}
1571
1572static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1573 u16 len)
1574{
1575 struct mgmt_mode *cp = data;
1576 bool changed;
1577 int err;
1578
1579 BT_DBG("request for %s", hdev->name);
1580
1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1584
1585 hci_dev_lock(hdev);
1586
1587 if (cp->val)
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1589 else
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1591
1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1593 if (err < 0)
1594 goto unlock;
1595
1596 if (changed) {
1597
1598
1599
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1606
1607 err = new_settings(hdev, sk);
1608 }
1609
1610unlock:
1611 hci_dev_unlock(hdev);
1612 return err;
1613}
1614
1615static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1616 u16 len)
1617{
1618 struct mgmt_mode *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1620 u8 val, status;
1621 int err;
1622
1623 BT_DBG("request for %s", hdev->name);
1624
1625 status = mgmt_bredr_support(hdev);
1626 if (status)
1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1628 status);
1629
1630 if (cp->val != 0x00 && cp->val != 0x01)
1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
1633
1634 hci_dev_lock(hdev);
1635
1636 if (!hdev_is_powered(hdev)) {
1637 bool changed = false;
1638
1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1641 changed = true;
1642 }
1643
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
1651 goto failed;
1652 }
1653
1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1656 MGMT_STATUS_BUSY);
1657 goto failed;
1658 }
1659
1660 val = !!cp->val;
1661
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1664 goto failed;
1665 }
1666
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1668 if (!cmd) {
1669 err = -ENOMEM;
1670 goto failed;
1671 }
1672
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1674 if (err < 0) {
1675 mgmt_pending_remove(cmd);
1676 goto failed;
1677 }
1678
1679failed:
1680 hci_dev_unlock(hdev);
1681 return err;
1682}
1683
1684static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1685{
1686 struct mgmt_mode *cp = data;
1687 struct mgmt_pending_cmd *cmd;
1688 u8 status;
1689 int err;
1690
1691 BT_DBG("request for %s", hdev->name);
1692
1693 status = mgmt_bredr_support(hdev);
1694 if (status)
1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1696
1697 if (!lmp_ssp_capable(hdev))
1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
1700
1701 if (cp->val != 0x00 && cp->val != 0x01)
1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
1704
1705 hci_dev_lock(hdev);
1706
1707 if (!hdev_is_powered(hdev)) {
1708 bool changed;
1709
1710 if (cp->val) {
1711 changed = !hci_dev_test_and_set_flag(hdev,
1712 HCI_SSP_ENABLED);
1713 } else {
1714 changed = hci_dev_test_and_clear_flag(hdev,
1715 HCI_SSP_ENABLED);
1716 if (!changed)
1717 changed = hci_dev_test_and_clear_flag(hdev,
1718 HCI_HS_ENABLED);
1719 else
1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1721 }
1722
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1724 if (err < 0)
1725 goto failed;
1726
1727 if (changed)
1728 err = new_settings(hdev, sk);
1729
1730 goto failed;
1731 }
1732
1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1735 MGMT_STATUS_BUSY);
1736 goto failed;
1737 }
1738
1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1741 goto failed;
1742 }
1743
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1745 if (!cmd) {
1746 err = -ENOMEM;
1747 goto failed;
1748 }
1749
1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1753
1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1755 if (err < 0) {
1756 mgmt_pending_remove(cmd);
1757 goto failed;
1758 }
1759
1760failed:
1761 hci_dev_unlock(hdev);
1762 return err;
1763}
1764
1765static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1766{
1767 struct mgmt_mode *cp = data;
1768 bool changed;
1769 u8 status;
1770 int err;
1771
1772 BT_DBG("request for %s", hdev->name);
1773
1774 status = mgmt_bredr_support(hdev);
1775 if (status)
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1777
1778 if (!lmp_ssp_capable(hdev))
1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
1781
1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
1785
1786 if (cp->val != 0x00 && cp->val != 0x01)
1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
1789
1790 hci_dev_lock(hdev);
1791
1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1794 MGMT_STATUS_BUSY);
1795 goto unlock;
1796 }
1797
1798 if (cp->val) {
1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1800 } else {
1801 if (hdev_is_powered(hdev)) {
1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
1804 goto unlock;
1805 }
1806
1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1808 }
1809
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1811 if (err < 0)
1812 goto unlock;
1813
1814 if (changed)
1815 err = new_settings(hdev, sk);
1816
1817unlock:
1818 hci_dev_unlock(hdev);
1819 return err;
1820}
1821
1822static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1823{
1824 struct cmd_lookup match = { NULL, hdev };
1825
1826 hci_dev_lock(hdev);
1827
1828 if (status) {
1829 u8 mgmt_err = mgmt_status(status);
1830
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1832 &mgmt_err);
1833 goto unlock;
1834 }
1835
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1837
1838 new_settings(hdev, match.sk);
1839
1840 if (match.sk)
1841 sock_put(match.sk);
1842
1843
1844
1845
1846
1847
1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1849 struct hci_request req;
1850 hci_req_init(&req, hdev);
1851 if (ext_adv_capable(hdev)) {
1852 int err;
1853
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1855 if (!err)
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1857 } else {
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1860 }
1861 hci_req_run(&req, NULL);
1862 hci_update_background_scan(hdev);
1863 }
1864
1865unlock:
1866 hci_dev_unlock(hdev);
1867}
1868
1869static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1870{
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
1873 struct mgmt_pending_cmd *cmd;
1874 struct hci_request req;
1875 int err;
1876 u8 val, enabled;
1877
1878 BT_DBG("request for %s", hdev->name);
1879
1880 if (!lmp_le_capable(hdev))
1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1883
1884 if (cp->val != 0x00 && cp->val != 0x01)
1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1900
1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
1903 }
1904
1905 hci_dev_lock(hdev);
1906
1907 val = !!cp->val;
1908 enabled = lmp_host_le_capable(hdev);
1909
1910 if (!val)
1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1912
1913 if (!hdev_is_powered(hdev) || val == enabled) {
1914 bool changed = false;
1915
1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1918 changed = true;
1919 }
1920
1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1923 changed = true;
1924 }
1925
1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1927 if (err < 0)
1928 goto unlock;
1929
1930 if (changed)
1931 err = new_settings(hdev, sk);
1932
1933 goto unlock;
1934 }
1935
1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1939 MGMT_STATUS_BUSY);
1940 goto unlock;
1941 }
1942
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1944 if (!cmd) {
1945 err = -ENOMEM;
1946 goto unlock;
1947 }
1948
1949 hci_req_init(&req, hdev);
1950
1951 memset(&hci_cp, 0, sizeof(hci_cp));
1952
1953 if (val) {
1954 hci_cp.le = val;
1955 hci_cp.simul = 0x00;
1956 } else {
1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1958 __hci_req_disable_advertising(&req);
1959
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1962 }
1963
1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1965 &hci_cp);
1966
1967 err = hci_req_run(&req, le_enable_complete);
1968 if (err < 0)
1969 mgmt_pending_remove(cmd);
1970
1971unlock:
1972 hci_dev_unlock(hdev);
1973 return err;
1974}
1975
1976
1977
1978
1979
1980
1981
1982static bool pending_eir_or_class(struct hci_dev *hdev)
1983{
1984 struct mgmt_pending_cmd *cmd;
1985
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1992 return true;
1993 }
1994 }
1995
1996 return false;
1997}
1998
1999static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2002};
2003
2004static u8 get_uuid_size(const u8 *uuid)
2005{
2006 u32 val;
2007
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2009 return 128;
2010
2011 val = get_unaligned_le32(&uuid[12]);
2012 if (val > 0xffff)
2013 return 32;
2014
2015 return 16;
2016}
2017
2018static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2019{
2020 struct mgmt_pending_cmd *cmd;
2021
2022 hci_dev_lock(hdev);
2023
2024 cmd = pending_find(mgmt_op, hdev);
2025 if (!cmd)
2026 goto unlock;
2027
2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
2030
2031 mgmt_pending_remove(cmd);
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
2037static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2038{
2039 BT_DBG("status 0x%02x", status);
2040
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2042}
2043
2044static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2045{
2046 struct mgmt_cp_add_uuid *cp = data;
2047 struct mgmt_pending_cmd *cmd;
2048 struct hci_request req;
2049 struct bt_uuid *uuid;
2050 int err;
2051
2052 BT_DBG("request for %s", hdev->name);
2053
2054 hci_dev_lock(hdev);
2055
2056 if (pending_eir_or_class(hdev)) {
2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2058 MGMT_STATUS_BUSY);
2059 goto failed;
2060 }
2061
2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2063 if (!uuid) {
2064 err = -ENOMEM;
2065 goto failed;
2066 }
2067
2068 memcpy(uuid->uuid, cp->uuid, 16);
2069 uuid->svc_hint = cp->svc_hint;
2070 uuid->size = get_uuid_size(cp->uuid);
2071
2072 list_add_tail(&uuid->list, &hdev->uuids);
2073
2074 hci_req_init(&req, hdev);
2075
2076 __hci_req_update_class(&req);
2077 __hci_req_update_eir(&req);
2078
2079 err = hci_req_run(&req, add_uuid_complete);
2080 if (err < 0) {
2081 if (err != -ENODATA)
2082 goto failed;
2083
2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
2086 goto failed;
2087 }
2088
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2090 if (!cmd) {
2091 err = -ENOMEM;
2092 goto failed;
2093 }
2094
2095 err = 0;
2096
2097failed:
2098 hci_dev_unlock(hdev);
2099 return err;
2100}
2101
2102static bool enable_service_cache(struct hci_dev *hdev)
2103{
2104 if (!hdev_is_powered(hdev))
2105 return false;
2106
2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2109 CACHE_TIMEOUT);
2110 return true;
2111 }
2112
2113 return false;
2114}
2115
2116static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2117{
2118 BT_DBG("status 0x%02x", status);
2119
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2121}
2122
2123static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2124 u16 len)
2125{
2126 struct mgmt_cp_remove_uuid *cp = data;
2127 struct mgmt_pending_cmd *cmd;
2128 struct bt_uuid *match, *tmp;
2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2130 struct hci_request req;
2131 int err, found;
2132
2133 BT_DBG("request for %s", hdev->name);
2134
2135 hci_dev_lock(hdev);
2136
2137 if (pending_eir_or_class(hdev)) {
2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_BUSY);
2140 goto unlock;
2141 }
2142
2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2144 hci_uuids_clear(hdev);
2145
2146 if (enable_service_cache(hdev)) {
2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
2150 goto unlock;
2151 }
2152
2153 goto update_class;
2154 }
2155
2156 found = 0;
2157
2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2160 continue;
2161
2162 list_del(&match->list);
2163 kfree(match);
2164 found++;
2165 }
2166
2167 if (found == 0) {
2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2170 goto unlock;
2171 }
2172
2173update_class:
2174 hci_req_init(&req, hdev);
2175
2176 __hci_req_update_class(&req);
2177 __hci_req_update_eir(&req);
2178
2179 err = hci_req_run(&req, remove_uuid_complete);
2180 if (err < 0) {
2181 if (err != -ENODATA)
2182 goto unlock;
2183
2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
2186 goto unlock;
2187 }
2188
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2190 if (!cmd) {
2191 err = -ENOMEM;
2192 goto unlock;
2193 }
2194
2195 err = 0;
2196
2197unlock:
2198 hci_dev_unlock(hdev);
2199 return err;
2200}
2201
2202static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2203{
2204 BT_DBG("status 0x%02x", status);
2205
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2207}
2208
2209static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2210 u16 len)
2211{
2212 struct mgmt_cp_set_dev_class *cp = data;
2213 struct mgmt_pending_cmd *cmd;
2214 struct hci_request req;
2215 int err;
2216
2217 BT_DBG("request for %s", hdev->name);
2218
2219 if (!lmp_bredr_capable(hdev))
2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2222
2223 hci_dev_lock(hdev);
2224
2225 if (pending_eir_or_class(hdev)) {
2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2227 MGMT_STATUS_BUSY);
2228 goto unlock;
2229 }
2230
2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
2234 goto unlock;
2235 }
2236
2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2239
2240 if (!hdev_is_powered(hdev)) {
2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
2243 goto unlock;
2244 }
2245
2246 hci_req_init(&req, hdev);
2247
2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2251 hci_dev_lock(hdev);
2252 __hci_req_update_eir(&req);
2253 }
2254
2255 __hci_req_update_class(&req);
2256
2257 err = hci_req_run(&req, set_class_complete);
2258 if (err < 0) {
2259 if (err != -ENODATA)
2260 goto unlock;
2261
2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
2264 goto unlock;
2265 }
2266
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2268 if (!cmd) {
2269 err = -ENOMEM;
2270 goto unlock;
2271 }
2272
2273 err = 0;
2274
2275unlock:
2276 hci_dev_unlock(hdev);
2277 return err;
2278}
2279
2280static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2281 u16 len)
2282{
2283 struct mgmt_cp_load_link_keys *cp = data;
2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
2286 u16 key_count, expected_len;
2287 bool changed;
2288 int i;
2289
2290 BT_DBG("request for %s", hdev->name);
2291
2292 if (!lmp_bredr_capable(hdev))
2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
2295
2296 key_count = __le16_to_cpu(cp->key_count);
2297 if (key_count > max_key_count) {
2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2299 key_count);
2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
2302 }
2303
2304 expected_len = struct_size(cp, keys, key_count);
2305 if (expected_len != len) {
2306 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2307 expected_len, len);
2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_INVALID_PARAMS);
2310 }
2311
2312 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2314 MGMT_STATUS_INVALID_PARAMS);
2315
2316 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2317 key_count);
2318
2319 for (i = 0; i < key_count; i++) {
2320 struct mgmt_link_key_info *key = &cp->keys[i];
2321
2322 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2323 return mgmt_cmd_status(sk, hdev->id,
2324 MGMT_OP_LOAD_LINK_KEYS,
2325 MGMT_STATUS_INVALID_PARAMS);
2326 }
2327
2328 hci_dev_lock(hdev);
2329
2330 hci_link_keys_clear(hdev);
2331
2332 if (cp->debug_keys)
2333 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2334 else
2335 changed = hci_dev_test_and_clear_flag(hdev,
2336 HCI_KEEP_DEBUG_KEYS);
2337
2338 if (changed)
2339 new_settings(hdev, NULL);
2340
2341 for (i = 0; i < key_count; i++) {
2342 struct mgmt_link_key_info *key = &cp->keys[i];
2343
2344
2345
2346
2347 if (key->type == HCI_LK_DEBUG_COMBINATION)
2348 continue;
2349
2350 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2351 key->type, key->pin_len, NULL);
2352 }
2353
2354 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2355
2356 hci_dev_unlock(hdev);
2357
2358 return 0;
2359}
2360
2361static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2362 u8 addr_type, struct sock *skip_sk)
2363{
2364 struct mgmt_ev_device_unpaired ev;
2365
2366 bacpy(&ev.addr.bdaddr, bdaddr);
2367 ev.addr.type = addr_type;
2368
2369 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2370 skip_sk);
2371}
2372
2373static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2374 u16 len)
2375{
2376 struct mgmt_cp_unpair_device *cp = data;
2377 struct mgmt_rp_unpair_device rp;
2378 struct hci_conn_params *params;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2381 u8 addr_type;
2382 int err;
2383
2384 memset(&rp, 0, sizeof(rp));
2385 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2386 rp.addr.type = cp->addr.type;
2387
2388 if (!bdaddr_type_is_valid(cp->addr.type))
2389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS,
2391 &rp, sizeof(rp));
2392
2393 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2394 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2395 MGMT_STATUS_INVALID_PARAMS,
2396 &rp, sizeof(rp));
2397
2398 hci_dev_lock(hdev);
2399
2400 if (!hdev_is_powered(hdev)) {
2401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2402 MGMT_STATUS_NOT_POWERED, &rp,
2403 sizeof(rp));
2404 goto unlock;
2405 }
2406
2407 if (cp->addr.type == BDADDR_BREDR) {
2408
2409
2410
2411
2412
2413
2414
2415 if (cp->disconnect)
2416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2417 &cp->addr.bdaddr);
2418 else
2419 conn = NULL;
2420
2421 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2422 if (err < 0) {
2423 err = mgmt_cmd_complete(sk, hdev->id,
2424 MGMT_OP_UNPAIR_DEVICE,
2425 MGMT_STATUS_NOT_PAIRED, &rp,
2426 sizeof(rp));
2427 goto unlock;
2428 }
2429
2430 goto done;
2431 }
2432
2433
2434 addr_type = le_addr_type(cp->addr.type);
2435
2436
2437 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2438 if (err < 0) {
2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2440 MGMT_STATUS_NOT_PAIRED, &rp,
2441 sizeof(rp));
2442 goto unlock;
2443 }
2444
2445 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2446 if (!conn) {
2447 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2448 goto done;
2449 }
2450
2451
2452
2453
2454
2455 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2456
2457
2458 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2459 if (params) {
2460 if (params->explicit_connect)
2461 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2462 else
2463 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2464 }
2465
2466
2467
2468
2469 if (!cp->disconnect)
2470 conn = NULL;
2471
2472done:
2473
2474
2475
2476 if (!conn) {
2477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2478 &rp, sizeof(rp));
2479 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2480 goto unlock;
2481 }
2482
2483 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2484 sizeof(*cp));
2485 if (!cmd) {
2486 err = -ENOMEM;
2487 goto unlock;
2488 }
2489
2490 cmd->cmd_complete = addr_cmd_complete;
2491
2492 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2493 if (err < 0)
2494 mgmt_pending_remove(cmd);
2495
2496unlock:
2497 hci_dev_unlock(hdev);
2498 return err;
2499}
2500
2501static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2502 u16 len)
2503{
2504 struct mgmt_cp_disconnect *cp = data;
2505 struct mgmt_rp_disconnect rp;
2506 struct mgmt_pending_cmd *cmd;
2507 struct hci_conn *conn;
2508 int err;
2509
2510 BT_DBG("");
2511
2512 memset(&rp, 0, sizeof(rp));
2513 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2514 rp.addr.type = cp->addr.type;
2515
2516 if (!bdaddr_type_is_valid(cp->addr.type))
2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2518 MGMT_STATUS_INVALID_PARAMS,
2519 &rp, sizeof(rp));
2520
2521 hci_dev_lock(hdev);
2522
2523 if (!test_bit(HCI_UP, &hdev->flags)) {
2524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2525 MGMT_STATUS_NOT_POWERED, &rp,
2526 sizeof(rp));
2527 goto failed;
2528 }
2529
2530 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2531 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2532 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2533 goto failed;
2534 }
2535
2536 if (cp->addr.type == BDADDR_BREDR)
2537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2538 &cp->addr.bdaddr);
2539 else
2540 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2541 le_addr_type(cp->addr.type));
2542
2543 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2545 MGMT_STATUS_NOT_CONNECTED, &rp,
2546 sizeof(rp));
2547 goto failed;
2548 }
2549
2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2551 if (!cmd) {
2552 err = -ENOMEM;
2553 goto failed;
2554 }
2555
2556 cmd->cmd_complete = generic_cmd_complete;
2557
2558 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2559 if (err < 0)
2560 mgmt_pending_remove(cmd);
2561
2562failed:
2563 hci_dev_unlock(hdev);
2564 return err;
2565}
2566
2567static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2568{
2569 switch (link_type) {
2570 case LE_LINK:
2571 switch (addr_type) {
2572 case ADDR_LE_DEV_PUBLIC:
2573 return BDADDR_LE_PUBLIC;
2574
2575 default:
2576
2577 return BDADDR_LE_RANDOM;
2578 }
2579
2580 default:
2581
2582 return BDADDR_BREDR;
2583 }
2584}
2585
2586static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2587 u16 data_len)
2588{
2589 struct mgmt_rp_get_connections *rp;
2590 struct hci_conn *c;
2591 size_t rp_len;
2592 int err;
2593 u16 i;
2594
2595 BT_DBG("");
2596
2597 hci_dev_lock(hdev);
2598
2599 if (!hdev_is_powered(hdev)) {
2600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2601 MGMT_STATUS_NOT_POWERED);
2602 goto unlock;
2603 }
2604
2605 i = 0;
2606 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2607 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2608 i++;
2609 }
2610
2611 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2612 rp = kmalloc(rp_len, GFP_KERNEL);
2613 if (!rp) {
2614 err = -ENOMEM;
2615 goto unlock;
2616 }
2617
2618 i = 0;
2619 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2620 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2621 continue;
2622 bacpy(&rp->addr[i].bdaddr, &c->dst);
2623 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2624 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2625 continue;
2626 i++;
2627 }
2628
2629 rp->conn_count = cpu_to_le16(i);
2630
2631
2632 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2633
2634 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2635 rp_len);
2636
2637 kfree(rp);
2638
2639unlock:
2640 hci_dev_unlock(hdev);
2641 return err;
2642}
2643
2644static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2645 struct mgmt_cp_pin_code_neg_reply *cp)
2646{
2647 struct mgmt_pending_cmd *cmd;
2648 int err;
2649
2650 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2651 sizeof(*cp));
2652 if (!cmd)
2653 return -ENOMEM;
2654
2655 cmd->cmd_complete = addr_cmd_complete;
2656
2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663}
2664
2665static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2666 u16 len)
2667{
2668 struct hci_conn *conn;
2669 struct mgmt_cp_pin_code_reply *cp = data;
2670 struct hci_cp_pin_code_reply reply;
2671 struct mgmt_pending_cmd *cmd;
2672 int err;
2673
2674 BT_DBG("");
2675
2676 hci_dev_lock(hdev);
2677
2678 if (!hdev_is_powered(hdev)) {
2679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2680 MGMT_STATUS_NOT_POWERED);
2681 goto failed;
2682 }
2683
2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2685 if (!conn) {
2686 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2687 MGMT_STATUS_NOT_CONNECTED);
2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2695
2696 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2697
2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2699 if (err >= 0)
2700 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_INVALID_PARAMS);
2702
2703 goto failed;
2704 }
2705
2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2707 if (!cmd) {
2708 err = -ENOMEM;
2709 goto failed;
2710 }
2711
2712 cmd->cmd_complete = addr_cmd_complete;
2713
2714 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2715 reply.pin_len = cp->pin_len;
2716 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2717
2718 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 if (err < 0)
2720 mgmt_pending_remove(cmd);
2721
2722failed:
2723 hci_dev_unlock(hdev);
2724 return err;
2725}
2726
2727static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2728 u16 len)
2729{
2730 struct mgmt_cp_set_io_capability *cp = data;
2731
2732 BT_DBG("");
2733
2734 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2736 MGMT_STATUS_INVALID_PARAMS);
2737
2738 hci_dev_lock(hdev);
2739
2740 hdev->io_capability = cp->io_capability;
2741
2742 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2743 hdev->io_capability);
2744
2745 hci_dev_unlock(hdev);
2746
2747 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2748 NULL, 0);
2749}
2750
2751static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2752{
2753 struct hci_dev *hdev = conn->hdev;
2754 struct mgmt_pending_cmd *cmd;
2755
2756 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2757 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2758 continue;
2759
2760 if (cmd->user_data != conn)
2761 continue;
2762
2763 return cmd;
2764 }
2765
2766 return NULL;
2767}
2768
2769static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2770{
2771 struct mgmt_rp_pair_device rp;
2772 struct hci_conn *conn = cmd->user_data;
2773 int err;
2774
2775 bacpy(&rp.addr.bdaddr, &conn->dst);
2776 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2777
2778 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2779 status, &rp, sizeof(rp));
2780
2781
2782 conn->connect_cfm_cb = NULL;
2783 conn->security_cfm_cb = NULL;
2784 conn->disconn_cfm_cb = NULL;
2785
2786 hci_conn_drop(conn);
2787
2788
2789
2790
2791 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2792
2793 hci_conn_put(conn);
2794
2795 return err;
2796}
2797
2798void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2799{
2800 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2801 struct mgmt_pending_cmd *cmd;
2802
2803 cmd = find_pairing(conn);
2804 if (cmd) {
2805 cmd->cmd_complete(cmd, status);
2806 mgmt_pending_remove(cmd);
2807 }
2808}
2809
2810static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2811{
2812 struct mgmt_pending_cmd *cmd;
2813
2814 BT_DBG("status %u", status);
2815
2816 cmd = find_pairing(conn);
2817 if (!cmd) {
2818 BT_DBG("Unable to find a pending command");
2819 return;
2820 }
2821
2822 cmd->cmd_complete(cmd, mgmt_status(status));
2823 mgmt_pending_remove(cmd);
2824}
2825
2826static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2827{
2828 struct mgmt_pending_cmd *cmd;
2829
2830 BT_DBG("status %u", status);
2831
2832 if (!status)
2833 return;
2834
2835 cmd = find_pairing(conn);
2836 if (!cmd) {
2837 BT_DBG("Unable to find a pending command");
2838 return;
2839 }
2840
2841 cmd->cmd_complete(cmd, mgmt_status(status));
2842 mgmt_pending_remove(cmd);
2843}
2844
2845static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2846 u16 len)
2847{
2848 struct mgmt_cp_pair_device *cp = data;
2849 struct mgmt_rp_pair_device rp;
2850 struct mgmt_pending_cmd *cmd;
2851 u8 sec_level, auth_type;
2852 struct hci_conn *conn;
2853 int err;
2854
2855 BT_DBG("");
2856
2857 memset(&rp, 0, sizeof(rp));
2858 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2859 rp.addr.type = cp->addr.type;
2860
2861 if (!bdaddr_type_is_valid(cp->addr.type))
2862 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2863 MGMT_STATUS_INVALID_PARAMS,
2864 &rp, sizeof(rp));
2865
2866 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2867 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2868 MGMT_STATUS_INVALID_PARAMS,
2869 &rp, sizeof(rp));
2870
2871 hci_dev_lock(hdev);
2872
2873 if (!hdev_is_powered(hdev)) {
2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2875 MGMT_STATUS_NOT_POWERED, &rp,
2876 sizeof(rp));
2877 goto unlock;
2878 }
2879
2880 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2881 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2882 MGMT_STATUS_ALREADY_PAIRED, &rp,
2883 sizeof(rp));
2884 goto unlock;
2885 }
2886
2887 sec_level = BT_SECURITY_MEDIUM;
2888 auth_type = HCI_AT_DEDICATED_BONDING;
2889
2890 if (cp->addr.type == BDADDR_BREDR) {
2891 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2892 auth_type);
2893 } else {
2894 u8 addr_type = le_addr_type(cp->addr.type);
2895 struct hci_conn_params *p;
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2907
2908 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2909 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2910
2911 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2912 addr_type, sec_level,
2913 HCI_LE_CONN_TIMEOUT);
2914 }
2915
2916 if (IS_ERR(conn)) {
2917 int status;
2918
2919 if (PTR_ERR(conn) == -EBUSY)
2920 status = MGMT_STATUS_BUSY;
2921 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2922 status = MGMT_STATUS_NOT_SUPPORTED;
2923 else if (PTR_ERR(conn) == -ECONNREFUSED)
2924 status = MGMT_STATUS_REJECTED;
2925 else
2926 status = MGMT_STATUS_CONNECT_FAILED;
2927
2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 status, &rp, sizeof(rp));
2930 goto unlock;
2931 }
2932
2933 if (conn->connect_cfm_cb) {
2934 hci_conn_drop(conn);
2935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2937 goto unlock;
2938 }
2939
2940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2941 if (!cmd) {
2942 err = -ENOMEM;
2943 hci_conn_drop(conn);
2944 goto unlock;
2945 }
2946
2947 cmd->cmd_complete = pairing_complete;
2948
2949
2950 if (cp->addr.type == BDADDR_BREDR) {
2951 conn->connect_cfm_cb = pairing_complete_cb;
2952 conn->security_cfm_cb = pairing_complete_cb;
2953 conn->disconn_cfm_cb = pairing_complete_cb;
2954 } else {
2955 conn->connect_cfm_cb = le_pairing_complete_cb;
2956 conn->security_cfm_cb = le_pairing_complete_cb;
2957 conn->disconn_cfm_cb = le_pairing_complete_cb;
2958 }
2959
2960 conn->io_capability = cp->io_cap;
2961 cmd->user_data = hci_conn_get(conn);
2962
2963 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2964 hci_conn_security(conn, sec_level, auth_type, true)) {
2965 cmd->cmd_complete(cmd, 0);
2966 mgmt_pending_remove(cmd);
2967 }
2968
2969 err = 0;
2970
2971unlock:
2972 hci_dev_unlock(hdev);
2973 return err;
2974}
2975
2976static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2977 u16 len)
2978{
2979 struct mgmt_addr_info *addr = data;
2980 struct mgmt_pending_cmd *cmd;
2981 struct hci_conn *conn;
2982 int err;
2983
2984 BT_DBG("");
2985
2986 hci_dev_lock(hdev);
2987
2988 if (!hdev_is_powered(hdev)) {
2989 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2990 MGMT_STATUS_NOT_POWERED);
2991 goto unlock;
2992 }
2993
2994 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2995 if (!cmd) {
2996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2997 MGMT_STATUS_INVALID_PARAMS);
2998 goto unlock;
2999 }
3000
3001 conn = cmd->user_data;
3002
3003 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3005 MGMT_STATUS_INVALID_PARAMS);
3006 goto unlock;
3007 }
3008
3009 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3010 mgmt_pending_remove(cmd);
3011
3012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3013 addr, sizeof(*addr));
3014unlock:
3015 hci_dev_unlock(hdev);
3016 return err;
3017}
3018
3019static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3020 struct mgmt_addr_info *addr, u16 mgmt_op,
3021 u16 hci_op, __le32 passkey)
3022{
3023 struct mgmt_pending_cmd *cmd;
3024 struct hci_conn *conn;
3025 int err;
3026
3027 hci_dev_lock(hdev);
3028
3029 if (!hdev_is_powered(hdev)) {
3030 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3031 MGMT_STATUS_NOT_POWERED, addr,
3032 sizeof(*addr));
3033 goto done;
3034 }
3035
3036 if (addr->type == BDADDR_BREDR)
3037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3038 else
3039 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3040 le_addr_type(addr->type));
3041
3042 if (!conn) {
3043 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3044 MGMT_STATUS_NOT_CONNECTED, addr,
3045 sizeof(*addr));
3046 goto done;
3047 }
3048
3049 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3050 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3051 if (!err)
3052 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3053 MGMT_STATUS_SUCCESS, addr,
3054 sizeof(*addr));
3055 else
3056 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3057 MGMT_STATUS_FAILED, addr,
3058 sizeof(*addr));
3059
3060 goto done;
3061 }
3062
3063 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3064 if (!cmd) {
3065 err = -ENOMEM;
3066 goto done;
3067 }
3068
3069 cmd->cmd_complete = addr_cmd_complete;
3070
3071
3072 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3073 struct hci_cp_user_passkey_reply cp;
3074
3075 bacpy(&cp.bdaddr, &addr->bdaddr);
3076 cp.passkey = passkey;
3077 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3078 } else
3079 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3080 &addr->bdaddr);
3081
3082 if (err < 0)
3083 mgmt_pending_remove(cmd);
3084
3085done:
3086 hci_dev_unlock(hdev);
3087 return err;
3088}
3089
3090static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3091 void *data, u16 len)
3092{
3093 struct mgmt_cp_pin_code_neg_reply *cp = data;
3094
3095 BT_DBG("");
3096
3097 return user_pairing_resp(sk, hdev, &cp->addr,
3098 MGMT_OP_PIN_CODE_NEG_REPLY,
3099 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3100}
3101
3102static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3103 u16 len)
3104{
3105 struct mgmt_cp_user_confirm_reply *cp = data;
3106
3107 BT_DBG("");
3108
3109 if (len != sizeof(*cp))
3110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3111 MGMT_STATUS_INVALID_PARAMS);
3112
3113 return user_pairing_resp(sk, hdev, &cp->addr,
3114 MGMT_OP_USER_CONFIRM_REPLY,
3115 HCI_OP_USER_CONFIRM_REPLY, 0);
3116}
3117
3118static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3119 void *data, u16 len)
3120{
3121 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3122
3123 BT_DBG("");
3124
3125 return user_pairing_resp(sk, hdev, &cp->addr,
3126 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3127 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3128}
3129
3130static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3131 u16 len)
3132{
3133 struct mgmt_cp_user_passkey_reply *cp = data;
3134
3135 BT_DBG("");
3136
3137 return user_pairing_resp(sk, hdev, &cp->addr,
3138 MGMT_OP_USER_PASSKEY_REPLY,
3139 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3140}
3141
3142static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3143 void *data, u16 len)
3144{
3145 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3146
3147 BT_DBG("");
3148
3149 return user_pairing_resp(sk, hdev, &cp->addr,
3150 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3151 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3152}
3153
3154static void adv_expire(struct hci_dev *hdev, u32 flags)
3155{
3156 struct adv_info *adv_instance;
3157 struct hci_request req;
3158 int err;
3159
3160 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3161 if (!adv_instance)
3162 return;
3163
3164
3165 if (!(adv_instance->flags & flags))
3166 return;
3167
3168 cancel_adv_timeout(hdev);
3169
3170 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3171 if (!adv_instance)
3172 return;
3173
3174 hci_req_init(&req, hdev);
3175 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3176 true);
3177 if (err)
3178 return;
3179
3180 hci_req_run(&req, NULL);
3181}
3182
3183static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3184{
3185 struct mgmt_cp_set_local_name *cp;
3186 struct mgmt_pending_cmd *cmd;
3187
3188 BT_DBG("status 0x%02x", status);
3189
3190 hci_dev_lock(hdev);
3191
3192 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3193 if (!cmd)
3194 goto unlock;
3195
3196 cp = cmd->param;
3197
3198 if (status) {
3199 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3200 mgmt_status(status));
3201 } else {
3202 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3203 cp, sizeof(*cp));
3204
3205 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3206 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3207 }
3208
3209 mgmt_pending_remove(cmd);
3210
3211unlock:
3212 hci_dev_unlock(hdev);
3213}
3214
3215static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3216 u16 len)
3217{
3218 struct mgmt_cp_set_local_name *cp = data;
3219 struct mgmt_pending_cmd *cmd;
3220 struct hci_request req;
3221 int err;
3222
3223 BT_DBG("");
3224
3225 hci_dev_lock(hdev);
3226
3227
3228
3229
3230 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3231 !memcmp(hdev->short_name, cp->short_name,
3232 sizeof(hdev->short_name))) {
3233 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3234 data, len);
3235 goto failed;
3236 }
3237
3238 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3239
3240 if (!hdev_is_powered(hdev)) {
3241 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3242
3243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3244 data, len);
3245 if (err < 0)
3246 goto failed;
3247
3248 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3249 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3250 ext_info_changed(hdev, sk);
3251
3252 goto failed;
3253 }
3254
3255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3256 if (!cmd) {
3257 err = -ENOMEM;
3258 goto failed;
3259 }
3260
3261 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3262
3263 hci_req_init(&req, hdev);
3264
3265 if (lmp_bredr_capable(hdev)) {
3266 __hci_req_update_name(&req);
3267 __hci_req_update_eir(&req);
3268 }
3269
3270
3271
3272
3273 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3274 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3275
3276 err = hci_req_run(&req, set_name_complete);
3277 if (err < 0)
3278 mgmt_pending_remove(cmd);
3279
3280failed:
3281 hci_dev_unlock(hdev);
3282 return err;
3283}
3284
3285static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3286 u16 len)
3287{
3288 struct mgmt_cp_set_appearance *cp = data;
3289 u16 apperance;
3290 int err;
3291
3292 BT_DBG("");
3293
3294 if (!lmp_le_capable(hdev))
3295 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3296 MGMT_STATUS_NOT_SUPPORTED);
3297
3298 apperance = le16_to_cpu(cp->appearance);
3299
3300 hci_dev_lock(hdev);
3301
3302 if (hdev->appearance != apperance) {
3303 hdev->appearance = apperance;
3304
3305 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3306 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3307
3308 ext_info_changed(hdev, sk);
3309 }
3310
3311 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3312 0);
3313
3314 hci_dev_unlock(hdev);
3315
3316 return err;
3317}
3318
3319static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3320 void *data, u16 len)
3321{
3322 struct mgmt_rp_get_phy_confguration rp;
3323
3324 BT_DBG("sock %p %s", sk, hdev->name);
3325
3326 hci_dev_lock(hdev);
3327
3328 memset(&rp, 0, sizeof(rp));
3329
3330 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3331 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3332 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3333
3334 hci_dev_unlock(hdev);
3335
3336 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3337 &rp, sizeof(rp));
3338}
3339
3340int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3341{
3342 struct mgmt_ev_phy_configuration_changed ev;
3343
3344 memset(&ev, 0, sizeof(ev));
3345
3346 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3347
3348 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3349 sizeof(ev), skip);
3350}
3351
3352static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3353 u16 opcode, struct sk_buff *skb)
3354{
3355 struct mgmt_pending_cmd *cmd;
3356
3357 BT_DBG("status 0x%02x", status);
3358
3359 hci_dev_lock(hdev);
3360
3361 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3362 if (!cmd)
3363 goto unlock;
3364
3365 if (status) {
3366 mgmt_cmd_status(cmd->sk, hdev->id,
3367 MGMT_OP_SET_PHY_CONFIGURATION,
3368 mgmt_status(status));
3369 } else {
3370 mgmt_cmd_complete(cmd->sk, hdev->id,
3371 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3372 NULL, 0);
3373
3374 mgmt_phy_configuration_changed(hdev, cmd->sk);
3375 }
3376
3377 mgmt_pending_remove(cmd);
3378
3379unlock:
3380 hci_dev_unlock(hdev);
3381}
3382
3383static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3384 void *data, u16 len)
3385{
3386 struct mgmt_cp_set_phy_confguration *cp = data;
3387 struct hci_cp_le_set_default_phy cp_phy;
3388 struct mgmt_pending_cmd *cmd;
3389 struct hci_request req;
3390 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3391 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3392 bool changed = false;
3393 int err;
3394
3395 BT_DBG("sock %p %s", sk, hdev->name);
3396
3397 configurable_phys = get_configurable_phys(hdev);
3398 supported_phys = get_supported_phys(hdev);
3399 selected_phys = __le32_to_cpu(cp->selected_phys);
3400
3401 if (selected_phys & ~supported_phys)
3402 return mgmt_cmd_status(sk, hdev->id,
3403 MGMT_OP_SET_PHY_CONFIGURATION,
3404 MGMT_STATUS_INVALID_PARAMS);
3405
3406 unconfigure_phys = supported_phys & ~configurable_phys;
3407
3408 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3409 return mgmt_cmd_status(sk, hdev->id,
3410 MGMT_OP_SET_PHY_CONFIGURATION,
3411 MGMT_STATUS_INVALID_PARAMS);
3412
3413 if (selected_phys == get_selected_phys(hdev))
3414 return mgmt_cmd_complete(sk, hdev->id,
3415 MGMT_OP_SET_PHY_CONFIGURATION,
3416 0, NULL, 0);
3417
3418 hci_dev_lock(hdev);
3419
3420 if (!hdev_is_powered(hdev)) {
3421 err = mgmt_cmd_status(sk, hdev->id,
3422 MGMT_OP_SET_PHY_CONFIGURATION,
3423 MGMT_STATUS_REJECTED);
3424 goto unlock;
3425 }
3426
3427 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3428 err = mgmt_cmd_status(sk, hdev->id,
3429 MGMT_OP_SET_PHY_CONFIGURATION,
3430 MGMT_STATUS_BUSY);
3431 goto unlock;
3432 }
3433
3434 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3435 pkt_type |= (HCI_DH3 | HCI_DM3);
3436 else
3437 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3438
3439 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3440 pkt_type |= (HCI_DH5 | HCI_DM5);
3441 else
3442 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3443
3444 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3445 pkt_type &= ~HCI_2DH1;
3446 else
3447 pkt_type |= HCI_2DH1;
3448
3449 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3450 pkt_type &= ~HCI_2DH3;
3451 else
3452 pkt_type |= HCI_2DH3;
3453
3454 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3455 pkt_type &= ~HCI_2DH5;
3456 else
3457 pkt_type |= HCI_2DH5;
3458
3459 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3460 pkt_type &= ~HCI_3DH1;
3461 else
3462 pkt_type |= HCI_3DH1;
3463
3464 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3465 pkt_type &= ~HCI_3DH3;
3466 else
3467 pkt_type |= HCI_3DH3;
3468
3469 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3470 pkt_type &= ~HCI_3DH5;
3471 else
3472 pkt_type |= HCI_3DH5;
3473
3474 if (pkt_type != hdev->pkt_type) {
3475 hdev->pkt_type = pkt_type;
3476 changed = true;
3477 }
3478
3479 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3480 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3481 if (changed)
3482 mgmt_phy_configuration_changed(hdev, sk);
3483
3484 err = mgmt_cmd_complete(sk, hdev->id,
3485 MGMT_OP_SET_PHY_CONFIGURATION,
3486 0, NULL, 0);
3487
3488 goto unlock;
3489 }
3490
3491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3492 len);
3493 if (!cmd) {
3494 err = -ENOMEM;
3495 goto unlock;
3496 }
3497
3498 hci_req_init(&req, hdev);
3499
3500 memset(&cp_phy, 0, sizeof(cp_phy));
3501
3502 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3503 cp_phy.all_phys |= 0x01;
3504
3505 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3506 cp_phy.all_phys |= 0x02;
3507
3508 if (selected_phys & MGMT_PHY_LE_1M_TX)
3509 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3510
3511 if (selected_phys & MGMT_PHY_LE_2M_TX)
3512 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3513
3514 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3515 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3516
3517 if (selected_phys & MGMT_PHY_LE_1M_RX)
3518 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3519
3520 if (selected_phys & MGMT_PHY_LE_2M_RX)
3521 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3522
3523 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3524 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3525
3526 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3527
3528 err = hci_req_run_skb(&req, set_default_phy_complete);
3529 if (err < 0)
3530 mgmt_pending_remove(cmd);
3531
3532unlock:
3533 hci_dev_unlock(hdev);
3534
3535 return err;
3536}
3537
3538static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3539 u16 opcode, struct sk_buff *skb)
3540{
3541 struct mgmt_rp_read_local_oob_data mgmt_rp;
3542 size_t rp_size = sizeof(mgmt_rp);
3543 struct mgmt_pending_cmd *cmd;
3544
3545 BT_DBG("%s status %u", hdev->name, status);
3546
3547 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3548 if (!cmd)
3549 return;
3550
3551 if (status || !skb) {
3552 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3553 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3554 goto remove;
3555 }
3556
3557 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3558
3559 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3560 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3561
3562 if (skb->len < sizeof(*rp)) {
3563 mgmt_cmd_status(cmd->sk, hdev->id,
3564 MGMT_OP_READ_LOCAL_OOB_DATA,
3565 MGMT_STATUS_FAILED);
3566 goto remove;
3567 }
3568
3569 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3570 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3571
3572 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3573 } else {
3574 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3575
3576 if (skb->len < sizeof(*rp)) {
3577 mgmt_cmd_status(cmd->sk, hdev->id,
3578 MGMT_OP_READ_LOCAL_OOB_DATA,
3579 MGMT_STATUS_FAILED);
3580 goto remove;
3581 }
3582
3583 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3584 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3585
3586 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3587 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3588 }
3589
3590 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3591 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3592
3593remove:
3594 mgmt_pending_remove(cmd);
3595}
3596
3597static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3598 void *data, u16 data_len)
3599{
3600 struct mgmt_pending_cmd *cmd;
3601 struct hci_request req;
3602 int err;
3603
3604 BT_DBG("%s", hdev->name);
3605
3606 hci_dev_lock(hdev);
3607
3608 if (!hdev_is_powered(hdev)) {
3609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3610 MGMT_STATUS_NOT_POWERED);
3611 goto unlock;
3612 }
3613
3614 if (!lmp_ssp_capable(hdev)) {
3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3616 MGMT_STATUS_NOT_SUPPORTED);
3617 goto unlock;
3618 }
3619
3620 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3622 MGMT_STATUS_BUSY);
3623 goto unlock;
3624 }
3625
3626 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3627 if (!cmd) {
3628 err = -ENOMEM;
3629 goto unlock;
3630 }
3631
3632 hci_req_init(&req, hdev);
3633
3634 if (bredr_sc_enabled(hdev))
3635 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3636 else
3637 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3638
3639 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3640 if (err < 0)
3641 mgmt_pending_remove(cmd);
3642
3643unlock:
3644 hci_dev_unlock(hdev);
3645 return err;
3646}
3647
3648static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3649 void *data, u16 len)
3650{
3651 struct mgmt_addr_info *addr = data;
3652 int err;
3653
3654 BT_DBG("%s ", hdev->name);
3655
3656 if (!bdaddr_type_is_valid(addr->type))
3657 return mgmt_cmd_complete(sk, hdev->id,
3658 MGMT_OP_ADD_REMOTE_OOB_DATA,
3659 MGMT_STATUS_INVALID_PARAMS,
3660 addr, sizeof(*addr));
3661
3662 hci_dev_lock(hdev);
3663
3664 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3665 struct mgmt_cp_add_remote_oob_data *cp = data;
3666 u8 status;
3667
3668 if (cp->addr.type != BDADDR_BREDR) {
3669 err = mgmt_cmd_complete(sk, hdev->id,
3670 MGMT_OP_ADD_REMOTE_OOB_DATA,
3671 MGMT_STATUS_INVALID_PARAMS,
3672 &cp->addr, sizeof(cp->addr));
3673 goto unlock;
3674 }
3675
3676 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3677 cp->addr.type, cp->hash,
3678 cp->rand, NULL, NULL);
3679 if (err < 0)
3680 status = MGMT_STATUS_FAILED;
3681 else
3682 status = MGMT_STATUS_SUCCESS;
3683
3684 err = mgmt_cmd_complete(sk, hdev->id,
3685 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3686 &cp->addr, sizeof(cp->addr));
3687 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3688 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3689 u8 *rand192, *hash192, *rand256, *hash256;
3690 u8 status;
3691
3692 if (bdaddr_type_is_le(cp->addr.type)) {
3693
3694
3695
3696 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3697 memcmp(cp->hash192, ZERO_KEY, 16)) {
3698 err = mgmt_cmd_complete(sk, hdev->id,
3699 MGMT_OP_ADD_REMOTE_OOB_DATA,
3700 MGMT_STATUS_INVALID_PARAMS,
3701 addr, sizeof(*addr));
3702 goto unlock;
3703 }
3704
3705 rand192 = NULL;
3706 hash192 = NULL;
3707 } else {
3708
3709
3710
3711 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3712 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3713 rand192 = NULL;
3714 hash192 = NULL;
3715 } else {
3716 rand192 = cp->rand192;
3717 hash192 = cp->hash192;
3718 }
3719 }
3720
3721
3722
3723
3724 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3725 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3726 rand256 = NULL;
3727 hash256 = NULL;
3728 } else {
3729 rand256 = cp->rand256;
3730 hash256 = cp->hash256;
3731 }
3732
3733 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3734 cp->addr.type, hash192, rand192,
3735 hash256, rand256);
3736 if (err < 0)
3737 status = MGMT_STATUS_FAILED;
3738 else
3739 status = MGMT_STATUS_SUCCESS;
3740
3741 err = mgmt_cmd_complete(sk, hdev->id,
3742 MGMT_OP_ADD_REMOTE_OOB_DATA,
3743 status, &cp->addr, sizeof(cp->addr));
3744 } else {
3745 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3746 len);
3747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3748 MGMT_STATUS_INVALID_PARAMS);
3749 }
3750
3751unlock:
3752 hci_dev_unlock(hdev);
3753 return err;
3754}
3755
3756static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3757 void *data, u16 len)
3758{
3759 struct mgmt_cp_remove_remote_oob_data *cp = data;
3760 u8 status;
3761 int err;
3762
3763 BT_DBG("%s", hdev->name);
3764
3765 if (cp->addr.type != BDADDR_BREDR)
3766 return mgmt_cmd_complete(sk, hdev->id,
3767 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3768 MGMT_STATUS_INVALID_PARAMS,
3769 &cp->addr, sizeof(cp->addr));
3770
3771 hci_dev_lock(hdev);
3772
3773 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3774 hci_remote_oob_data_clear(hdev);
3775 status = MGMT_STATUS_SUCCESS;
3776 goto done;
3777 }
3778
3779 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3780 if (err < 0)
3781 status = MGMT_STATUS_INVALID_PARAMS;
3782 else
3783 status = MGMT_STATUS_SUCCESS;
3784
3785done:
3786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3787 status, &cp->addr, sizeof(cp->addr));
3788
3789 hci_dev_unlock(hdev);
3790 return err;
3791}
3792
3793void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3794{
3795 struct mgmt_pending_cmd *cmd;
3796
3797 BT_DBG("status %d", status);
3798
3799 hci_dev_lock(hdev);
3800
3801 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3802 if (!cmd)
3803 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3804
3805 if (!cmd)
3806 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3807
3808 if (cmd) {
3809 cmd->cmd_complete(cmd, mgmt_status(status));
3810 mgmt_pending_remove(cmd);
3811 }
3812
3813 hci_dev_unlock(hdev);
3814}
3815
3816static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3817 uint8_t *mgmt_status)
3818{
3819 switch (type) {
3820 case DISCOV_TYPE_LE:
3821 *mgmt_status = mgmt_le_support(hdev);
3822 if (*mgmt_status)
3823 return false;
3824 break;
3825 case DISCOV_TYPE_INTERLEAVED:
3826 *mgmt_status = mgmt_le_support(hdev);
3827 if (*mgmt_status)
3828 return false;
3829
3830 case DISCOV_TYPE_BREDR:
3831 *mgmt_status = mgmt_bredr_support(hdev);
3832 if (*mgmt_status)
3833 return false;
3834 break;
3835 default:
3836 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3837 return false;
3838 }
3839
3840 return true;
3841}
3842
3843static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3844 u16 op, void *data, u16 len)
3845{
3846 struct mgmt_cp_start_discovery *cp = data;
3847 struct mgmt_pending_cmd *cmd;
3848 u8 status;
3849 int err;
3850
3851 BT_DBG("%s", hdev->name);
3852
3853 hci_dev_lock(hdev);
3854
3855 if (!hdev_is_powered(hdev)) {
3856 err = mgmt_cmd_complete(sk, hdev->id, op,
3857 MGMT_STATUS_NOT_POWERED,
3858 &cp->type, sizeof(cp->type));
3859 goto failed;
3860 }
3861
3862 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3863 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3864 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3865 &cp->type, sizeof(cp->type));
3866 goto failed;
3867 }
3868
3869 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3870 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3871 &cp->type, sizeof(cp->type));
3872 goto failed;
3873 }
3874
3875
3876
3877
3878 hci_discovery_filter_clear(hdev);
3879
3880 hdev->discovery.type = cp->type;
3881 hdev->discovery.report_invalid_rssi = false;
3882 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3883 hdev->discovery.limited = true;
3884 else
3885 hdev->discovery.limited = false;
3886
3887 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3888 if (!cmd) {
3889 err = -ENOMEM;
3890 goto failed;
3891 }
3892
3893 cmd->cmd_complete = generic_cmd_complete;
3894
3895 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3896 queue_work(hdev->req_workqueue, &hdev->discov_update);
3897 err = 0;
3898
3899failed:
3900 hci_dev_unlock(hdev);
3901 return err;
3902}
3903
3904static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3905 void *data, u16 len)
3906{
3907 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3908 data, len);
3909}
3910
3911static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3912 void *data, u16 len)
3913{
3914 return start_discovery_internal(sk, hdev,
3915 MGMT_OP_START_LIMITED_DISCOVERY,
3916 data, len);
3917}
3918
3919static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3920 u8 status)
3921{
3922 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3923 cmd->param, 1);
3924}
3925
3926static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3927 void *data, u16 len)
3928{
3929 struct mgmt_cp_start_service_discovery *cp = data;
3930 struct mgmt_pending_cmd *cmd;
3931 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3932 u16 uuid_count, expected_len;
3933 u8 status;
3934 int err;
3935
3936 BT_DBG("%s", hdev->name);
3937
3938 hci_dev_lock(hdev);
3939
3940 if (!hdev_is_powered(hdev)) {
3941 err = mgmt_cmd_complete(sk, hdev->id,
3942 MGMT_OP_START_SERVICE_DISCOVERY,
3943 MGMT_STATUS_NOT_POWERED,
3944 &cp->type, sizeof(cp->type));
3945 goto failed;
3946 }
3947
3948 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3949 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3950 err = mgmt_cmd_complete(sk, hdev->id,
3951 MGMT_OP_START_SERVICE_DISCOVERY,
3952 MGMT_STATUS_BUSY, &cp->type,
3953 sizeof(cp->type));
3954 goto failed;
3955 }
3956
3957 uuid_count = __le16_to_cpu(cp->uuid_count);
3958 if (uuid_count > max_uuid_count) {
3959 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3960 uuid_count);
3961 err = mgmt_cmd_complete(sk, hdev->id,
3962 MGMT_OP_START_SERVICE_DISCOVERY,
3963 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3964 sizeof(cp->type));
3965 goto failed;
3966 }
3967
3968 expected_len = sizeof(*cp) + uuid_count * 16;
3969 if (expected_len != len) {
3970 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3971 expected_len, len);
3972 err = mgmt_cmd_complete(sk, hdev->id,
3973 MGMT_OP_START_SERVICE_DISCOVERY,
3974 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3975 sizeof(cp->type));
3976 goto failed;
3977 }
3978
3979 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3980 err = mgmt_cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 status, &cp->type, sizeof(cp->type));
3983 goto failed;
3984 }
3985
3986 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3987 hdev, data, len);
3988 if (!cmd) {
3989 err = -ENOMEM;
3990 goto failed;
3991 }
3992
3993 cmd->cmd_complete = service_discovery_cmd_complete;
3994
3995
3996
3997
3998 hci_discovery_filter_clear(hdev);
3999
4000 hdev->discovery.result_filtering = true;
4001 hdev->discovery.type = cp->type;
4002 hdev->discovery.rssi = cp->rssi;
4003 hdev->discovery.uuid_count = uuid_count;
4004
4005 if (uuid_count > 0) {
4006 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4007 GFP_KERNEL);
4008 if (!hdev->discovery.uuids) {
4009 err = mgmt_cmd_complete(sk, hdev->id,
4010 MGMT_OP_START_SERVICE_DISCOVERY,
4011 MGMT_STATUS_FAILED,
4012 &cp->type, sizeof(cp->type));
4013 mgmt_pending_remove(cmd);
4014 goto failed;
4015 }
4016 }
4017
4018 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4019 queue_work(hdev->req_workqueue, &hdev->discov_update);
4020 err = 0;
4021
4022failed:
4023 hci_dev_unlock(hdev);
4024 return err;
4025}
4026
4027void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4028{
4029 struct mgmt_pending_cmd *cmd;
4030
4031 BT_DBG("status %d", status);
4032
4033 hci_dev_lock(hdev);
4034
4035 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4036 if (cmd) {
4037 cmd->cmd_complete(cmd, mgmt_status(status));
4038 mgmt_pending_remove(cmd);
4039 }
4040
4041 hci_dev_unlock(hdev);
4042}
4043
4044static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4045 u16 len)
4046{
4047 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4048 struct mgmt_pending_cmd *cmd;
4049 int err;
4050
4051 BT_DBG("%s", hdev->name);
4052
4053 hci_dev_lock(hdev);
4054
4055 if (!hci_discovery_active(hdev)) {
4056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4057 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4058 sizeof(mgmt_cp->type));
4059 goto unlock;
4060 }
4061
4062 if (hdev->discovery.type != mgmt_cp->type) {
4063 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4064 MGMT_STATUS_INVALID_PARAMS,
4065 &mgmt_cp->type, sizeof(mgmt_cp->type));
4066 goto unlock;
4067 }
4068
4069 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4070 if (!cmd) {
4071 err = -ENOMEM;
4072 goto unlock;
4073 }
4074
4075 cmd->cmd_complete = generic_cmd_complete;
4076
4077 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4078 queue_work(hdev->req_workqueue, &hdev->discov_update);
4079 err = 0;
4080
4081unlock:
4082 hci_dev_unlock(hdev);
4083 return err;
4084}
4085
4086static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4087 u16 len)
4088{
4089 struct mgmt_cp_confirm_name *cp = data;
4090 struct inquiry_entry *e;
4091 int err;
4092
4093 BT_DBG("%s", hdev->name);
4094
4095 hci_dev_lock(hdev);
4096
4097 if (!hci_discovery_active(hdev)) {
4098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4099 MGMT_STATUS_FAILED, &cp->addr,
4100 sizeof(cp->addr));
4101 goto failed;
4102 }
4103
4104 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4105 if (!e) {
4106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4107 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4108 sizeof(cp->addr));
4109 goto failed;
4110 }
4111
4112 if (cp->name_known) {
4113 e->name_state = NAME_KNOWN;
4114 list_del(&e->list);
4115 } else {
4116 e->name_state = NAME_NEEDED;
4117 hci_inquiry_cache_update_resolve(hdev, e);
4118 }
4119
4120 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4121 &cp->addr, sizeof(cp->addr));
4122
4123failed:
4124 hci_dev_unlock(hdev);
4125 return err;
4126}
4127
4128static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4129 u16 len)
4130{
4131 struct mgmt_cp_block_device *cp = data;
4132 u8 status;
4133 int err;
4134
4135 BT_DBG("%s", hdev->name);
4136
4137 if (!bdaddr_type_is_valid(cp->addr.type))
4138 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4139 MGMT_STATUS_INVALID_PARAMS,
4140 &cp->addr, sizeof(cp->addr));
4141
4142 hci_dev_lock(hdev);
4143
4144 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4145 cp->addr.type);
4146 if (err < 0) {
4147 status = MGMT_STATUS_FAILED;
4148 goto done;
4149 }
4150
4151 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4152 sk);
4153 status = MGMT_STATUS_SUCCESS;
4154
4155done:
4156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4157 &cp->addr, sizeof(cp->addr));
4158
4159 hci_dev_unlock(hdev);
4160
4161 return err;
4162}
4163
4164static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4165 u16 len)
4166{
4167 struct mgmt_cp_unblock_device *cp = data;
4168 u8 status;
4169 int err;
4170
4171 BT_DBG("%s", hdev->name);
4172
4173 if (!bdaddr_type_is_valid(cp->addr.type))
4174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4175 MGMT_STATUS_INVALID_PARAMS,
4176 &cp->addr, sizeof(cp->addr));
4177
4178 hci_dev_lock(hdev);
4179
4180 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4181 cp->addr.type);
4182 if (err < 0) {
4183 status = MGMT_STATUS_INVALID_PARAMS;
4184 goto done;
4185 }
4186
4187 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4188 sk);
4189 status = MGMT_STATUS_SUCCESS;
4190
4191done:
4192 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4193 &cp->addr, sizeof(cp->addr));
4194
4195 hci_dev_unlock(hdev);
4196
4197 return err;
4198}
4199
4200static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4201 u16 len)
4202{
4203 struct mgmt_cp_set_device_id *cp = data;
4204 struct hci_request req;
4205 int err;
4206 __u16 source;
4207
4208 BT_DBG("%s", hdev->name);
4209
4210 source = __le16_to_cpu(cp->source);
4211
4212 if (source > 0x0002)
4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4214 MGMT_STATUS_INVALID_PARAMS);
4215
4216 hci_dev_lock(hdev);
4217
4218 hdev->devid_source = source;
4219 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4220 hdev->devid_product = __le16_to_cpu(cp->product);
4221 hdev->devid_version = __le16_to_cpu(cp->version);
4222
4223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4224 NULL, 0);
4225
4226 hci_req_init(&req, hdev);
4227 __hci_req_update_eir(&req);
4228 hci_req_run(&req, NULL);
4229
4230 hci_dev_unlock(hdev);
4231
4232 return err;
4233}
4234
4235static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4236 u16 opcode)
4237{
4238 BT_DBG("status %d", status);
4239}
4240
4241static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4242 u16 opcode)
4243{
4244 struct cmd_lookup match = { NULL, hdev };
4245 struct hci_request req;
4246 u8 instance;
4247 struct adv_info *adv_instance;
4248 int err;
4249
4250 hci_dev_lock(hdev);
4251
4252 if (status) {
4253 u8 mgmt_err = mgmt_status(status);
4254
4255 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4256 cmd_status_rsp, &mgmt_err);
4257 goto unlock;
4258 }
4259
4260 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4261 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4262 else
4263 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4264
4265 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4266 &match);
4267
4268 new_settings(hdev, match.sk);
4269
4270 if (match.sk)
4271 sock_put(match.sk);
4272
4273
4274
4275
4276 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4277 list_empty(&hdev->adv_instances))
4278 goto unlock;
4279
4280 instance = hdev->cur_adv_instance;
4281 if (!instance) {
4282 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4283 struct adv_info, list);
4284 if (!adv_instance)
4285 goto unlock;
4286
4287 instance = adv_instance->instance;
4288 }
4289
4290 hci_req_init(&req, hdev);
4291
4292 err = __hci_req_schedule_adv_instance(&req, instance, true);
4293
4294 if (!err)
4295 err = hci_req_run(&req, enable_advertising_instance);
4296
4297 if (err)
4298 bt_dev_err(hdev, "failed to re-configure advertising");
4299
4300unlock:
4301 hci_dev_unlock(hdev);
4302}
4303
4304static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4305 u16 len)
4306{
4307 struct mgmt_mode *cp = data;
4308 struct mgmt_pending_cmd *cmd;
4309 struct hci_request req;
4310 u8 val, status;
4311 int err;
4312
4313 BT_DBG("request for %s", hdev->name);
4314
4315 status = mgmt_le_support(hdev);
4316 if (status)
4317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4318 status);
4319
4320 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4322 MGMT_STATUS_INVALID_PARAMS);
4323
4324 hci_dev_lock(hdev);
4325
4326 val = !!cp->val;
4327
4328
4329
4330
4331
4332
4333 if (!hdev_is_powered(hdev) ||
4334 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4335 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4336 hci_conn_num(hdev, LE_LINK) > 0 ||
4337 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4338 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4339 bool changed;
4340
4341 if (cp->val) {
4342 hdev->cur_adv_instance = 0x00;
4343 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4344 if (cp->val == 0x02)
4345 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4346 else
4347 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4348 } else {
4349 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4350 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4351 }
4352
4353 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4354 if (err < 0)
4355 goto unlock;
4356
4357 if (changed)
4358 err = new_settings(hdev, sk);
4359
4360 goto unlock;
4361 }
4362
4363 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4364 pending_find(MGMT_OP_SET_LE, hdev)) {
4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4366 MGMT_STATUS_BUSY);
4367 goto unlock;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto unlock;
4374 }
4375
4376 hci_req_init(&req, hdev);
4377
4378 if (cp->val == 0x02)
4379 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4380 else
4381 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4382
4383 cancel_adv_timeout(hdev);
4384
4385 if (val) {
4386
4387
4388
4389
4390 hdev->cur_adv_instance = 0x00;
4391
4392 if (ext_adv_capable(hdev)) {
4393 __hci_req_start_ext_adv(&req, 0x00);
4394 } else {
4395 __hci_req_update_adv_data(&req, 0x00);
4396 __hci_req_update_scan_rsp_data(&req, 0x00);
4397 __hci_req_enable_advertising(&req);
4398 }
4399 } else {
4400 __hci_req_disable_advertising(&req);
4401 }
4402
4403 err = hci_req_run(&req, set_advertising_complete);
4404 if (err < 0)
4405 mgmt_pending_remove(cmd);
4406
4407unlock:
4408 hci_dev_unlock(hdev);
4409 return err;
4410}
4411
4412static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4413 void *data, u16 len)
4414{
4415 struct mgmt_cp_set_static_address *cp = data;
4416 int err;
4417
4418 BT_DBG("%s", hdev->name);
4419
4420 if (!lmp_le_capable(hdev))
4421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4422 MGMT_STATUS_NOT_SUPPORTED);
4423
4424 if (hdev_is_powered(hdev))
4425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4426 MGMT_STATUS_REJECTED);
4427
4428 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4429 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4430 return mgmt_cmd_status(sk, hdev->id,
4431 MGMT_OP_SET_STATIC_ADDRESS,
4432 MGMT_STATUS_INVALID_PARAMS);
4433
4434
4435 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4436 return mgmt_cmd_status(sk, hdev->id,
4437 MGMT_OP_SET_STATIC_ADDRESS,
4438 MGMT_STATUS_INVALID_PARAMS);
4439 }
4440
4441 hci_dev_lock(hdev);
4442
4443 bacpy(&hdev->static_addr, &cp->bdaddr);
4444
4445 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4446 if (err < 0)
4447 goto unlock;
4448
4449 err = new_settings(hdev, sk);
4450
4451unlock:
4452 hci_dev_unlock(hdev);
4453 return err;
4454}
4455
4456static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4457 void *data, u16 len)
4458{
4459 struct mgmt_cp_set_scan_params *cp = data;
4460 __u16 interval, window;
4461 int err;
4462
4463 BT_DBG("%s", hdev->name);
4464
4465 if (!lmp_le_capable(hdev))
4466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_NOT_SUPPORTED);
4468
4469 interval = __le16_to_cpu(cp->interval);
4470
4471 if (interval < 0x0004 || interval > 0x4000)
4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4473 MGMT_STATUS_INVALID_PARAMS);
4474
4475 window = __le16_to_cpu(cp->window);
4476
4477 if (window < 0x0004 || window > 0x4000)
4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4479 MGMT_STATUS_INVALID_PARAMS);
4480
4481 if (window > interval)
4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4483 MGMT_STATUS_INVALID_PARAMS);
4484
4485 hci_dev_lock(hdev);
4486
4487 hdev->le_scan_interval = interval;
4488 hdev->le_scan_window = window;
4489
4490 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4491 NULL, 0);
4492
4493
4494
4495
4496 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4497 hdev->discovery.state == DISCOVERY_STOPPED) {
4498 struct hci_request req;
4499
4500 hci_req_init(&req, hdev);
4501
4502 hci_req_add_le_scan_disable(&req);
4503 hci_req_add_le_passive_scan(&req);
4504
4505 hci_req_run(&req, NULL);
4506 }
4507
4508 hci_dev_unlock(hdev);
4509
4510 return err;
4511}
4512
4513static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4514 u16 opcode)
4515{
4516 struct mgmt_pending_cmd *cmd;
4517
4518 BT_DBG("status 0x%02x", status);
4519
4520 hci_dev_lock(hdev);
4521
4522 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4523 if (!cmd)
4524 goto unlock;
4525
4526 if (status) {
4527 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4528 mgmt_status(status));
4529 } else {
4530 struct mgmt_mode *cp = cmd->param;
4531
4532 if (cp->val)
4533 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4534 else
4535 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4536
4537 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4538 new_settings(hdev, cmd->sk);
4539 }
4540
4541 mgmt_pending_remove(cmd);
4542
4543unlock:
4544 hci_dev_unlock(hdev);
4545}
4546
4547static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4548 void *data, u16 len)
4549{
4550 struct mgmt_mode *cp = data;
4551 struct mgmt_pending_cmd *cmd;
4552 struct hci_request req;
4553 int err;
4554
4555 BT_DBG("%s", hdev->name);
4556
4557 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4558 hdev->hci_ver < BLUETOOTH_VER_1_2)
4559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_NOT_SUPPORTED);
4561
4562 if (cp->val != 0x00 && cp->val != 0x01)
4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4564 MGMT_STATUS_INVALID_PARAMS);
4565
4566 hci_dev_lock(hdev);
4567
4568 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4570 MGMT_STATUS_BUSY);
4571 goto unlock;
4572 }
4573
4574 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4575 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4576 hdev);
4577 goto unlock;
4578 }
4579
4580 if (!hdev_is_powered(hdev)) {
4581 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4582 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4583 hdev);
4584 new_settings(hdev, sk);
4585 goto unlock;
4586 }
4587
4588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4589 data, len);
4590 if (!cmd) {
4591 err = -ENOMEM;
4592 goto unlock;
4593 }
4594
4595 hci_req_init(&req, hdev);
4596
4597 __hci_req_write_fast_connectable(&req, cp->val);
4598
4599 err = hci_req_run(&req, fast_connectable_complete);
4600 if (err < 0) {
4601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4602 MGMT_STATUS_FAILED);
4603 mgmt_pending_remove(cmd);
4604 }
4605
4606unlock:
4607 hci_dev_unlock(hdev);
4608
4609 return err;
4610}
4611
4612static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4613{
4614 struct mgmt_pending_cmd *cmd;
4615
4616 BT_DBG("status 0x%02x", status);
4617
4618 hci_dev_lock(hdev);
4619
4620 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4621 if (!cmd)
4622 goto unlock;
4623
4624 if (status) {
4625 u8 mgmt_err = mgmt_status(status);
4626
4627
4628
4629
4630 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4631
4632 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4633 } else {
4634 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4635 new_settings(hdev, cmd->sk);
4636 }
4637
4638 mgmt_pending_remove(cmd);
4639
4640unlock:
4641 hci_dev_unlock(hdev);
4642}
4643
4644static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4645{
4646 struct mgmt_mode *cp = data;
4647 struct mgmt_pending_cmd *cmd;
4648 struct hci_request req;
4649 int err;
4650
4651 BT_DBG("request for %s", hdev->name);
4652
4653 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4655 MGMT_STATUS_NOT_SUPPORTED);
4656
4657 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4659 MGMT_STATUS_REJECTED);
4660
4661 if (cp->val != 0x00 && cp->val != 0x01)
4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4663 MGMT_STATUS_INVALID_PARAMS);
4664
4665 hci_dev_lock(hdev);
4666
4667 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4668 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4669 goto unlock;
4670 }
4671
4672 if (!hdev_is_powered(hdev)) {
4673 if (!cp->val) {
4674 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4675 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4676 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4677 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4678 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4679 }
4680
4681 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4682
4683 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4684 if (err < 0)
4685 goto unlock;
4686
4687 err = new_settings(hdev, sk);
4688 goto unlock;
4689 }
4690
4691
4692 if (!cp->val) {
4693 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4694 MGMT_STATUS_REJECTED);
4695 goto unlock;
4696 } else {
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4712 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4713 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4714 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4715 MGMT_STATUS_REJECTED);
4716 goto unlock;
4717 }
4718 }
4719
4720 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4722 MGMT_STATUS_BUSY);
4723 goto unlock;
4724 }
4725
4726 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4727 if (!cmd) {
4728 err = -ENOMEM;
4729 goto unlock;
4730 }
4731
4732
4733
4734
4735 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4736
4737 hci_req_init(&req, hdev);
4738
4739 __hci_req_write_fast_connectable(&req, false);
4740 __hci_req_update_scan(&req);
4741
4742
4743
4744
4745 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4746
4747 err = hci_req_run(&req, set_bredr_complete);
4748 if (err < 0)
4749 mgmt_pending_remove(cmd);
4750
4751unlock:
4752 hci_dev_unlock(hdev);
4753 return err;
4754}
4755
4756static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4757{
4758 struct mgmt_pending_cmd *cmd;
4759 struct mgmt_mode *cp;
4760
4761 BT_DBG("%s status %u", hdev->name, status);
4762
4763 hci_dev_lock(hdev);
4764
4765 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4766 if (!cmd)
4767 goto unlock;
4768
4769 if (status) {
4770 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4771 mgmt_status(status));
4772 goto remove;
4773 }
4774
4775 cp = cmd->param;
4776
4777 switch (cp->val) {
4778 case 0x00:
4779 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4780 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4781 break;
4782 case 0x01:
4783 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4784 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4785 break;
4786 case 0x02:
4787 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4788 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4789 break;
4790 }
4791
4792 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4793 new_settings(hdev, cmd->sk);
4794
4795remove:
4796 mgmt_pending_remove(cmd);
4797unlock:
4798 hci_dev_unlock(hdev);
4799}
4800
4801static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4802 void *data, u16 len)
4803{
4804 struct mgmt_mode *cp = data;
4805 struct mgmt_pending_cmd *cmd;
4806 struct hci_request req;
4807 u8 val;
4808 int err;
4809
4810 BT_DBG("request for %s", hdev->name);
4811
4812 if (!lmp_sc_capable(hdev) &&
4813 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4815 MGMT_STATUS_NOT_SUPPORTED);
4816
4817 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4818 lmp_sc_capable(hdev) &&
4819 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4821 MGMT_STATUS_REJECTED);
4822
4823 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4825 MGMT_STATUS_INVALID_PARAMS);
4826
4827 hci_dev_lock(hdev);
4828
4829 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4830 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4831 bool changed;
4832
4833 if (cp->val) {
4834 changed = !hci_dev_test_and_set_flag(hdev,
4835 HCI_SC_ENABLED);
4836 if (cp->val == 0x02)
4837 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4838 else
4839 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4840 } else {
4841 changed = hci_dev_test_and_clear_flag(hdev,
4842 HCI_SC_ENABLED);
4843 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4844 }
4845
4846 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4847 if (err < 0)
4848 goto failed;
4849
4850 if (changed)
4851 err = new_settings(hdev, sk);
4852
4853 goto failed;
4854 }
4855
4856 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4858 MGMT_STATUS_BUSY);
4859 goto failed;
4860 }
4861
4862 val = !!cp->val;
4863
4864 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4865 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4866 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4867 goto failed;
4868 }
4869
4870 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4871 if (!cmd) {
4872 err = -ENOMEM;
4873 goto failed;
4874 }
4875
4876 hci_req_init(&req, hdev);
4877 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4878 err = hci_req_run(&req, sc_enable_complete);
4879 if (err < 0) {
4880 mgmt_pending_remove(cmd);
4881 goto failed;
4882 }
4883
4884failed:
4885 hci_dev_unlock(hdev);
4886 return err;
4887}
4888
4889static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4890 void *data, u16 len)
4891{
4892 struct mgmt_mode *cp = data;
4893 bool changed, use_changed;
4894 int err;
4895
4896 BT_DBG("request for %s", hdev->name);
4897
4898 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4900 MGMT_STATUS_INVALID_PARAMS);
4901
4902 hci_dev_lock(hdev);
4903
4904 if (cp->val)
4905 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4906 else
4907 changed = hci_dev_test_and_clear_flag(hdev,
4908 HCI_KEEP_DEBUG_KEYS);
4909
4910 if (cp->val == 0x02)
4911 use_changed = !hci_dev_test_and_set_flag(hdev,
4912 HCI_USE_DEBUG_KEYS);
4913 else
4914 use_changed = hci_dev_test_and_clear_flag(hdev,
4915 HCI_USE_DEBUG_KEYS);
4916
4917 if (hdev_is_powered(hdev) && use_changed &&
4918 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4919 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4920 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4921 sizeof(mode), &mode);
4922 }
4923
4924 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4925 if (err < 0)
4926 goto unlock;
4927
4928 if (changed)
4929 err = new_settings(hdev, sk);
4930
4931unlock:
4932 hci_dev_unlock(hdev);
4933 return err;
4934}
4935
4936static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4937 u16 len)
4938{
4939 struct mgmt_cp_set_privacy *cp = cp_data;
4940 bool changed;
4941 int err;
4942
4943 BT_DBG("request for %s", hdev->name);
4944
4945 if (!lmp_le_capable(hdev))
4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4947 MGMT_STATUS_NOT_SUPPORTED);
4948
4949 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4951 MGMT_STATUS_INVALID_PARAMS);
4952
4953 if (hdev_is_powered(hdev))
4954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4955 MGMT_STATUS_REJECTED);
4956
4957 hci_dev_lock(hdev);
4958
4959
4960
4961
4962 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4963
4964 if (cp->privacy) {
4965 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4966 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4967 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4968 hci_adv_instances_set_rpa_expired(hdev, true);
4969 if (cp->privacy == 0x02)
4970 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4971 else
4972 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4973 } else {
4974 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4975 memset(hdev->irk, 0, sizeof(hdev->irk));
4976 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4977 hci_adv_instances_set_rpa_expired(hdev, false);
4978 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4979 }
4980
4981 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4982 if (err < 0)
4983 goto unlock;
4984
4985 if (changed)
4986 err = new_settings(hdev, sk);
4987
4988unlock:
4989 hci_dev_unlock(hdev);
4990 return err;
4991}
4992
4993static bool irk_is_valid(struct mgmt_irk_info *irk)
4994{
4995 switch (irk->addr.type) {
4996 case BDADDR_LE_PUBLIC:
4997 return true;
4998
4999 case BDADDR_LE_RANDOM:
5000
5001 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5002 return false;
5003 return true;
5004 }
5005
5006 return false;
5007}
5008
5009static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5010 u16 len)
5011{
5012 struct mgmt_cp_load_irks *cp = cp_data;
5013 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5014 sizeof(struct mgmt_irk_info));
5015 u16 irk_count, expected_len;
5016 int i, err;
5017
5018 BT_DBG("request for %s", hdev->name);
5019
5020 if (!lmp_le_capable(hdev))
5021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5022 MGMT_STATUS_NOT_SUPPORTED);
5023
5024 irk_count = __le16_to_cpu(cp->irk_count);
5025 if (irk_count > max_irk_count) {
5026 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5027 irk_count);
5028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5029 MGMT_STATUS_INVALID_PARAMS);
5030 }
5031
5032 expected_len = struct_size(cp, irks, irk_count);
5033 if (expected_len != len) {
5034 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5035 expected_len, len);
5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5037 MGMT_STATUS_INVALID_PARAMS);
5038 }
5039
5040 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5041
5042 for (i = 0; i < irk_count; i++) {
5043 struct mgmt_irk_info *key = &cp->irks[i];
5044
5045 if (!irk_is_valid(key))
5046 return mgmt_cmd_status(sk, hdev->id,
5047 MGMT_OP_LOAD_IRKS,
5048 MGMT_STATUS_INVALID_PARAMS);
5049 }
5050
5051 hci_dev_lock(hdev);
5052
5053 hci_smp_irks_clear(hdev);
5054
5055 for (i = 0; i < irk_count; i++) {
5056 struct mgmt_irk_info *irk = &cp->irks[i];
5057
5058 hci_add_irk(hdev, &irk->addr.bdaddr,
5059 le_addr_type(irk->addr.type), irk->val,
5060 BDADDR_ANY);
5061 }
5062
5063 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5064
5065 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5066
5067 hci_dev_unlock(hdev);
5068
5069 return err;
5070}
5071
5072static bool ltk_is_valid(struct mgmt_ltk_info *key)
5073{
5074 if (key->master != 0x00 && key->master != 0x01)
5075 return false;
5076
5077 switch (key->addr.type) {
5078 case BDADDR_LE_PUBLIC:
5079 return true;
5080
5081 case BDADDR_LE_RANDOM:
5082
5083 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5084 return false;
5085 return true;
5086 }
5087
5088 return false;
5089}
5090
5091static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5092 void *cp_data, u16 len)
5093{
5094 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5095 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5096 sizeof(struct mgmt_ltk_info));
5097 u16 key_count, expected_len;
5098 int i, err;
5099
5100 BT_DBG("request for %s", hdev->name);
5101
5102 if (!lmp_le_capable(hdev))
5103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5104 MGMT_STATUS_NOT_SUPPORTED);
5105
5106 key_count = __le16_to_cpu(cp->key_count);
5107 if (key_count > max_key_count) {
5108 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5109 key_count);
5110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5111 MGMT_STATUS_INVALID_PARAMS);
5112 }
5113
5114 expected_len = struct_size(cp, keys, key_count);
5115 if (expected_len != len) {
5116 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5117 expected_len, len);
5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5119 MGMT_STATUS_INVALID_PARAMS);
5120 }
5121
5122 BT_DBG("%s key_count %u", hdev->name, key_count);
5123
5124 for (i = 0; i < key_count; i++) {
5125 struct mgmt_ltk_info *key = &cp->keys[i];
5126
5127 if (!ltk_is_valid(key))
5128 return mgmt_cmd_status(sk, hdev->id,
5129 MGMT_OP_LOAD_LONG_TERM_KEYS,
5130 MGMT_STATUS_INVALID_PARAMS);
5131 }
5132
5133 hci_dev_lock(hdev);
5134
5135 hci_smp_ltks_clear(hdev);
5136
5137 for (i = 0; i < key_count; i++) {
5138 struct mgmt_ltk_info *key = &cp->keys[i];
5139 u8 type, authenticated;
5140
5141 switch (key->type) {
5142 case MGMT_LTK_UNAUTHENTICATED:
5143 authenticated = 0x00;
5144 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5145 break;
5146 case MGMT_LTK_AUTHENTICATED:
5147 authenticated = 0x01;
5148 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5149 break;
5150 case MGMT_LTK_P256_UNAUTH:
5151 authenticated = 0x00;
5152 type = SMP_LTK_P256;
5153 break;
5154 case MGMT_LTK_P256_AUTH:
5155 authenticated = 0x01;
5156 type = SMP_LTK_P256;
5157 break;
5158 case MGMT_LTK_P256_DEBUG:
5159 authenticated = 0x00;
5160 type = SMP_LTK_P256_DEBUG;
5161
5162 default:
5163 continue;
5164 }
5165
5166 hci_add_ltk(hdev, &key->addr.bdaddr,
5167 le_addr_type(key->addr.type), type, authenticated,
5168 key->val, key->enc_size, key->ediv, key->rand);
5169 }
5170
5171 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5172 NULL, 0);
5173
5174 hci_dev_unlock(hdev);
5175
5176 return err;
5177}
5178
5179static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5180{
5181 struct hci_conn *conn = cmd->user_data;
5182 struct mgmt_rp_get_conn_info rp;
5183 int err;
5184
5185 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5186
5187 if (status == MGMT_STATUS_SUCCESS) {
5188 rp.rssi = conn->rssi;
5189 rp.tx_power = conn->tx_power;
5190 rp.max_tx_power = conn->max_tx_power;
5191 } else {
5192 rp.rssi = HCI_RSSI_INVALID;
5193 rp.tx_power = HCI_TX_POWER_INVALID;
5194 rp.max_tx_power = HCI_TX_POWER_INVALID;
5195 }
5196
5197 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5198 status, &rp, sizeof(rp));
5199
5200 hci_conn_drop(conn);
5201 hci_conn_put(conn);
5202
5203 return err;
5204}
5205
5206static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5207 u16 opcode)
5208{
5209 struct hci_cp_read_rssi *cp;
5210 struct mgmt_pending_cmd *cmd;
5211 struct hci_conn *conn;
5212 u16 handle;
5213 u8 status;
5214
5215 BT_DBG("status 0x%02x", hci_status);
5216
5217 hci_dev_lock(hdev);
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5229 if (!cp) {
5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5231 status = MGMT_STATUS_SUCCESS;
5232 } else {
5233 status = mgmt_status(hci_status);
5234 }
5235
5236 if (!cp) {
5237 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5238 goto unlock;
5239 }
5240
5241 handle = __le16_to_cpu(cp->handle);
5242 conn = hci_conn_hash_lookup_handle(hdev, handle);
5243 if (!conn) {
5244 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5245 handle);
5246 goto unlock;
5247 }
5248
5249 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5250 if (!cmd)
5251 goto unlock;
5252
5253 cmd->cmd_complete(cmd, status);
5254 mgmt_pending_remove(cmd);
5255
5256unlock:
5257 hci_dev_unlock(hdev);
5258}
5259
5260static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5261 u16 len)
5262{
5263 struct mgmt_cp_get_conn_info *cp = data;
5264 struct mgmt_rp_get_conn_info rp;
5265 struct hci_conn *conn;
5266 unsigned long conn_info_age;
5267 int err = 0;
5268
5269 BT_DBG("%s", hdev->name);
5270
5271 memset(&rp, 0, sizeof(rp));
5272 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5273 rp.addr.type = cp->addr.type;
5274
5275 if (!bdaddr_type_is_valid(cp->addr.type))
5276 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5277 MGMT_STATUS_INVALID_PARAMS,
5278 &rp, sizeof(rp));
5279
5280 hci_dev_lock(hdev);
5281
5282 if (!hdev_is_powered(hdev)) {
5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5284 MGMT_STATUS_NOT_POWERED, &rp,
5285 sizeof(rp));
5286 goto unlock;
5287 }
5288
5289 if (cp->addr.type == BDADDR_BREDR)
5290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5291 &cp->addr.bdaddr);
5292 else
5293 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5294
5295 if (!conn || conn->state != BT_CONNECTED) {
5296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5297 MGMT_STATUS_NOT_CONNECTED, &rp,
5298 sizeof(rp));
5299 goto unlock;
5300 }
5301
5302 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5304 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5305 goto unlock;
5306 }
5307
5308
5309
5310
5311 conn_info_age = hdev->conn_info_min_age +
5312 prandom_u32_max(hdev->conn_info_max_age -
5313 hdev->conn_info_min_age);
5314
5315
5316
5317
5318 if (time_after(jiffies, conn->conn_info_timestamp +
5319 msecs_to_jiffies(conn_info_age)) ||
5320 !conn->conn_info_timestamp) {
5321 struct hci_request req;
5322 struct hci_cp_read_tx_power req_txp_cp;
5323 struct hci_cp_read_rssi req_rssi_cp;
5324 struct mgmt_pending_cmd *cmd;
5325
5326 hci_req_init(&req, hdev);
5327 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5328 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5329 &req_rssi_cp);
5330
5331
5332
5333
5334 if (!bdaddr_type_is_le(cp->addr.type) ||
5335 conn->tx_power == HCI_TX_POWER_INVALID) {
5336 req_txp_cp.handle = cpu_to_le16(conn->handle);
5337 req_txp_cp.type = 0x00;
5338 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5339 sizeof(req_txp_cp), &req_txp_cp);
5340 }
5341
5342
5343 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5344 req_txp_cp.handle = cpu_to_le16(conn->handle);
5345 req_txp_cp.type = 0x01;
5346 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5347 sizeof(req_txp_cp), &req_txp_cp);
5348 }
5349
5350 err = hci_req_run(&req, conn_info_refresh_complete);
5351 if (err < 0)
5352 goto unlock;
5353
5354 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5355 data, len);
5356 if (!cmd) {
5357 err = -ENOMEM;
5358 goto unlock;
5359 }
5360
5361 hci_conn_hold(conn);
5362 cmd->user_data = hci_conn_get(conn);
5363 cmd->cmd_complete = conn_info_cmd_complete;
5364
5365 conn->conn_info_timestamp = jiffies;
5366 } else {
5367
5368 rp.rssi = conn->rssi;
5369 rp.tx_power = conn->tx_power;
5370 rp.max_tx_power = conn->max_tx_power;
5371
5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5373 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5374 }
5375
5376unlock:
5377 hci_dev_unlock(hdev);
5378 return err;
5379}
5380
5381static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5382{
5383 struct hci_conn *conn = cmd->user_data;
5384 struct mgmt_rp_get_clock_info rp;
5385 struct hci_dev *hdev;
5386 int err;
5387
5388 memset(&rp, 0, sizeof(rp));
5389 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5390
5391 if (status)
5392 goto complete;
5393
5394 hdev = hci_dev_get(cmd->index);
5395 if (hdev) {
5396 rp.local_clock = cpu_to_le32(hdev->clock);
5397 hci_dev_put(hdev);
5398 }
5399
5400 if (conn) {
5401 rp.piconet_clock = cpu_to_le32(conn->clock);
5402 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5403 }
5404
5405complete:
5406 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5407 sizeof(rp));
5408
5409 if (conn) {
5410 hci_conn_drop(conn);
5411 hci_conn_put(conn);
5412 }
5413
5414 return err;
5415}
5416
5417static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5418{
5419 struct hci_cp_read_clock *hci_cp;
5420 struct mgmt_pending_cmd *cmd;
5421 struct hci_conn *conn;
5422
5423 BT_DBG("%s status %u", hdev->name, status);
5424
5425 hci_dev_lock(hdev);
5426
5427 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5428 if (!hci_cp)
5429 goto unlock;
5430
5431 if (hci_cp->which) {
5432 u16 handle = __le16_to_cpu(hci_cp->handle);
5433 conn = hci_conn_hash_lookup_handle(hdev, handle);
5434 } else {
5435 conn = NULL;
5436 }
5437
5438 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5439 if (!cmd)
5440 goto unlock;
5441
5442 cmd->cmd_complete(cmd, mgmt_status(status));
5443 mgmt_pending_remove(cmd);
5444
5445unlock:
5446 hci_dev_unlock(hdev);
5447}
5448
5449static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5450 u16 len)
5451{
5452 struct mgmt_cp_get_clock_info *cp = data;
5453 struct mgmt_rp_get_clock_info rp;
5454 struct hci_cp_read_clock hci_cp;
5455 struct mgmt_pending_cmd *cmd;
5456 struct hci_request req;
5457 struct hci_conn *conn;
5458 int err;
5459
5460 BT_DBG("%s", hdev->name);
5461
5462 memset(&rp, 0, sizeof(rp));
5463 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5464 rp.addr.type = cp->addr.type;
5465
5466 if (cp->addr.type != BDADDR_BREDR)
5467 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5468 MGMT_STATUS_INVALID_PARAMS,
5469 &rp, sizeof(rp));
5470
5471 hci_dev_lock(hdev);
5472
5473 if (!hdev_is_powered(hdev)) {
5474 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5475 MGMT_STATUS_NOT_POWERED, &rp,
5476 sizeof(rp));
5477 goto unlock;
5478 }
5479
5480 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5481 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5482 &cp->addr.bdaddr);
5483 if (!conn || conn->state != BT_CONNECTED) {
5484 err = mgmt_cmd_complete(sk, hdev->id,
5485 MGMT_OP_GET_CLOCK_INFO,
5486 MGMT_STATUS_NOT_CONNECTED,
5487 &rp, sizeof(rp));
5488 goto unlock;
5489 }
5490 } else {
5491 conn = NULL;
5492 }
5493
5494 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5495 if (!cmd) {
5496 err = -ENOMEM;
5497 goto unlock;
5498 }
5499
5500 cmd->cmd_complete = clock_info_cmd_complete;
5501
5502 hci_req_init(&req, hdev);
5503
5504 memset(&hci_cp, 0, sizeof(hci_cp));
5505 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5506
5507 if (conn) {
5508 hci_conn_hold(conn);
5509 cmd->user_data = hci_conn_get(conn);
5510
5511 hci_cp.handle = cpu_to_le16(conn->handle);
5512 hci_cp.which = 0x01;
5513 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5514 }
5515
5516 err = hci_req_run(&req, get_clock_info_complete);
5517 if (err < 0)
5518 mgmt_pending_remove(cmd);
5519
5520unlock:
5521 hci_dev_unlock(hdev);
5522 return err;
5523}
5524
5525static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5526{
5527 struct hci_conn *conn;
5528
5529 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5530 if (!conn)
5531 return false;
5532
5533 if (conn->dst_type != type)
5534 return false;
5535
5536 if (conn->state != BT_CONNECTED)
5537 return false;
5538
5539 return true;
5540}
5541
5542
5543static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5544 u8 addr_type, u8 auto_connect)
5545{
5546 struct hci_conn_params *params;
5547
5548 params = hci_conn_params_add(hdev, addr, addr_type);
5549 if (!params)
5550 return -EIO;
5551
5552 if (params->auto_connect == auto_connect)
5553 return 0;
5554
5555 list_del_init(¶ms->action);
5556
5557 switch (auto_connect) {
5558 case HCI_AUTO_CONN_DISABLED:
5559 case HCI_AUTO_CONN_LINK_LOSS:
5560
5561
5562
5563 if (params->explicit_connect)
5564 list_add(¶ms->action, &hdev->pend_le_conns);
5565 break;
5566 case HCI_AUTO_CONN_REPORT:
5567 if (params->explicit_connect)
5568 list_add(¶ms->action, &hdev->pend_le_conns);
5569 else
5570 list_add(¶ms->action, &hdev->pend_le_reports);
5571 break;
5572 case HCI_AUTO_CONN_DIRECT:
5573 case HCI_AUTO_CONN_ALWAYS:
5574 if (!is_connected(hdev, addr, addr_type))
5575 list_add(¶ms->action, &hdev->pend_le_conns);
5576 break;
5577 }
5578
5579 params->auto_connect = auto_connect;
5580
5581 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5582 auto_connect);
5583
5584 return 0;
5585}
5586
5587static void device_added(struct sock *sk, struct hci_dev *hdev,
5588 bdaddr_t *bdaddr, u8 type, u8 action)
5589{
5590 struct mgmt_ev_device_added ev;
5591
5592 bacpy(&ev.addr.bdaddr, bdaddr);
5593 ev.addr.type = type;
5594 ev.action = action;
5595
5596 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5597}
5598
5599static int add_device(struct sock *sk, struct hci_dev *hdev,
5600 void *data, u16 len)
5601{
5602 struct mgmt_cp_add_device *cp = data;
5603 u8 auto_conn, addr_type;
5604 int err;
5605
5606 BT_DBG("%s", hdev->name);
5607
5608 if (!bdaddr_type_is_valid(cp->addr.type) ||
5609 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5611 MGMT_STATUS_INVALID_PARAMS,
5612 &cp->addr, sizeof(cp->addr));
5613
5614 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5616 MGMT_STATUS_INVALID_PARAMS,
5617 &cp->addr, sizeof(cp->addr));
5618
5619 hci_dev_lock(hdev);
5620
5621 if (cp->addr.type == BDADDR_BREDR) {
5622
5623 if (cp->action != 0x01) {
5624 err = mgmt_cmd_complete(sk, hdev->id,
5625 MGMT_OP_ADD_DEVICE,
5626 MGMT_STATUS_INVALID_PARAMS,
5627 &cp->addr, sizeof(cp->addr));
5628 goto unlock;
5629 }
5630
5631 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5632 cp->addr.type);
5633 if (err)
5634 goto unlock;
5635
5636 hci_req_update_scan(hdev);
5637
5638 goto added;
5639 }
5640
5641 addr_type = le_addr_type(cp->addr.type);
5642
5643 if (cp->action == 0x02)
5644 auto_conn = HCI_AUTO_CONN_ALWAYS;
5645 else if (cp->action == 0x01)
5646 auto_conn = HCI_AUTO_CONN_DIRECT;
5647 else
5648 auto_conn = HCI_AUTO_CONN_REPORT;
5649
5650
5651
5652
5653
5654
5655 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5657 MGMT_STATUS_INVALID_PARAMS,
5658 &cp->addr, sizeof(cp->addr));
5659 goto unlock;
5660 }
5661
5662
5663
5664
5665 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5666 auto_conn) < 0) {
5667 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5668 MGMT_STATUS_FAILED, &cp->addr,
5669 sizeof(cp->addr));
5670 goto unlock;
5671 }
5672
5673 hci_update_background_scan(hdev);
5674
5675added:
5676 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5677
5678 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5679 MGMT_STATUS_SUCCESS, &cp->addr,
5680 sizeof(cp->addr));
5681
5682unlock:
5683 hci_dev_unlock(hdev);
5684 return err;
5685}
5686
5687static void device_removed(struct sock *sk, struct hci_dev *hdev,
5688 bdaddr_t *bdaddr, u8 type)
5689{
5690 struct mgmt_ev_device_removed ev;
5691
5692 bacpy(&ev.addr.bdaddr, bdaddr);
5693 ev.addr.type = type;
5694
5695 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5696}
5697
5698static int remove_device(struct sock *sk, struct hci_dev *hdev,
5699 void *data, u16 len)
5700{
5701 struct mgmt_cp_remove_device *cp = data;
5702 int err;
5703
5704 BT_DBG("%s", hdev->name);
5705
5706 hci_dev_lock(hdev);
5707
5708 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5709 struct hci_conn_params *params;
5710 u8 addr_type;
5711
5712 if (!bdaddr_type_is_valid(cp->addr.type)) {
5713 err = mgmt_cmd_complete(sk, hdev->id,
5714 MGMT_OP_REMOVE_DEVICE,
5715 MGMT_STATUS_INVALID_PARAMS,
5716 &cp->addr, sizeof(cp->addr));
5717 goto unlock;
5718 }
5719
5720 if (cp->addr.type == BDADDR_BREDR) {
5721 err = hci_bdaddr_list_del(&hdev->whitelist,
5722 &cp->addr.bdaddr,
5723 cp->addr.type);
5724 if (err) {
5725 err = mgmt_cmd_complete(sk, hdev->id,
5726 MGMT_OP_REMOVE_DEVICE,
5727 MGMT_STATUS_INVALID_PARAMS,
5728 &cp->addr,
5729 sizeof(cp->addr));
5730 goto unlock;
5731 }
5732
5733 hci_req_update_scan(hdev);
5734
5735 device_removed(sk, hdev, &cp->addr.bdaddr,
5736 cp->addr.type);
5737 goto complete;
5738 }
5739
5740 addr_type = le_addr_type(cp->addr.type);
5741
5742
5743
5744
5745
5746
5747 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5748 err = mgmt_cmd_complete(sk, hdev->id,
5749 MGMT_OP_REMOVE_DEVICE,
5750 MGMT_STATUS_INVALID_PARAMS,
5751 &cp->addr, sizeof(cp->addr));
5752 goto unlock;
5753 }
5754
5755 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5756 addr_type);
5757 if (!params) {
5758 err = mgmt_cmd_complete(sk, hdev->id,
5759 MGMT_OP_REMOVE_DEVICE,
5760 MGMT_STATUS_INVALID_PARAMS,
5761 &cp->addr, sizeof(cp->addr));
5762 goto unlock;
5763 }
5764
5765 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5766 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5767 err = mgmt_cmd_complete(sk, hdev->id,
5768 MGMT_OP_REMOVE_DEVICE,
5769 MGMT_STATUS_INVALID_PARAMS,
5770 &cp->addr, sizeof(cp->addr));
5771 goto unlock;
5772 }
5773
5774 list_del(¶ms->action);
5775 list_del(¶ms->list);
5776 kfree(params);
5777 hci_update_background_scan(hdev);
5778
5779 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5780 } else {
5781 struct hci_conn_params *p, *tmp;
5782 struct bdaddr_list *b, *btmp;
5783
5784 if (cp->addr.type) {
5785 err = mgmt_cmd_complete(sk, hdev->id,
5786 MGMT_OP_REMOVE_DEVICE,
5787 MGMT_STATUS_INVALID_PARAMS,
5788 &cp->addr, sizeof(cp->addr));
5789 goto unlock;
5790 }
5791
5792 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5793 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5794 list_del(&b->list);
5795 kfree(b);
5796 }
5797
5798 hci_req_update_scan(hdev);
5799
5800 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5801 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5802 continue;
5803 device_removed(sk, hdev, &p->addr, p->addr_type);
5804 if (p->explicit_connect) {
5805 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5806 continue;
5807 }
5808 list_del(&p->action);
5809 list_del(&p->list);
5810 kfree(p);
5811 }
5812
5813 BT_DBG("All LE connection parameters were removed");
5814
5815 hci_update_background_scan(hdev);
5816 }
5817
5818complete:
5819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5820 MGMT_STATUS_SUCCESS, &cp->addr,
5821 sizeof(cp->addr));
5822unlock:
5823 hci_dev_unlock(hdev);
5824 return err;
5825}
5826
5827static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5828 u16 len)
5829{
5830 struct mgmt_cp_load_conn_param *cp = data;
5831 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5832 sizeof(struct mgmt_conn_param));
5833 u16 param_count, expected_len;
5834 int i;
5835
5836 if (!lmp_le_capable(hdev))
5837 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5838 MGMT_STATUS_NOT_SUPPORTED);
5839
5840 param_count = __le16_to_cpu(cp->param_count);
5841 if (param_count > max_param_count) {
5842 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5843 param_count);
5844 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5845 MGMT_STATUS_INVALID_PARAMS);
5846 }
5847
5848 expected_len = struct_size(cp, params, param_count);
5849 if (expected_len != len) {
5850 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5851 expected_len, len);
5852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5853 MGMT_STATUS_INVALID_PARAMS);
5854 }
5855
5856 BT_DBG("%s param_count %u", hdev->name, param_count);
5857
5858 hci_dev_lock(hdev);
5859
5860 hci_conn_params_clear_disabled(hdev);
5861
5862 for (i = 0; i < param_count; i++) {
5863 struct mgmt_conn_param *param = &cp->params[i];
5864 struct hci_conn_params *hci_param;
5865 u16 min, max, latency, timeout;
5866 u8 addr_type;
5867
5868 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5869 param->addr.type);
5870
5871 if (param->addr.type == BDADDR_LE_PUBLIC) {
5872 addr_type = ADDR_LE_DEV_PUBLIC;
5873 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5874 addr_type = ADDR_LE_DEV_RANDOM;
5875 } else {
5876 bt_dev_err(hdev, "ignoring invalid connection parameters");
5877 continue;
5878 }
5879
5880 min = le16_to_cpu(param->min_interval);
5881 max = le16_to_cpu(param->max_interval);
5882 latency = le16_to_cpu(param->latency);
5883 timeout = le16_to_cpu(param->timeout);
5884
5885 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5886 min, max, latency, timeout);
5887
5888 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5889 bt_dev_err(hdev, "ignoring invalid connection parameters");
5890 continue;
5891 }
5892
5893 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5894 addr_type);
5895 if (!hci_param) {
5896 bt_dev_err(hdev, "failed to add connection parameters");
5897 continue;
5898 }
5899
5900 hci_param->conn_min_interval = min;
5901 hci_param->conn_max_interval = max;
5902 hci_param->conn_latency = latency;
5903 hci_param->supervision_timeout = timeout;
5904 }
5905
5906 hci_dev_unlock(hdev);
5907
5908 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5909 NULL, 0);
5910}
5911
5912static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5913 void *data, u16 len)
5914{
5915 struct mgmt_cp_set_external_config *cp = data;
5916 bool changed;
5917 int err;
5918
5919 BT_DBG("%s", hdev->name);
5920
5921 if (hdev_is_powered(hdev))
5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5923 MGMT_STATUS_REJECTED);
5924
5925 if (cp->config != 0x00 && cp->config != 0x01)
5926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5927 MGMT_STATUS_INVALID_PARAMS);
5928
5929 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5931 MGMT_STATUS_NOT_SUPPORTED);
5932
5933 hci_dev_lock(hdev);
5934
5935 if (cp->config)
5936 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5937 else
5938 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5939
5940 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5941 if (err < 0)
5942 goto unlock;
5943
5944 if (!changed)
5945 goto unlock;
5946
5947 err = new_options(hdev, sk);
5948
5949 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5950 mgmt_index_removed(hdev);
5951
5952 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5953 hci_dev_set_flag(hdev, HCI_CONFIG);
5954 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5955
5956 queue_work(hdev->req_workqueue, &hdev->power_on);
5957 } else {
5958 set_bit(HCI_RAW, &hdev->flags);
5959 mgmt_index_added(hdev);
5960 }
5961 }
5962
5963unlock:
5964 hci_dev_unlock(hdev);
5965 return err;
5966}
5967
5968static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5969 void *data, u16 len)
5970{
5971 struct mgmt_cp_set_public_address *cp = data;
5972 bool changed;
5973 int err;
5974
5975 BT_DBG("%s", hdev->name);
5976
5977 if (hdev_is_powered(hdev))
5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5979 MGMT_STATUS_REJECTED);
5980
5981 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5983 MGMT_STATUS_INVALID_PARAMS);
5984
5985 if (!hdev->set_bdaddr)
5986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5987 MGMT_STATUS_NOT_SUPPORTED);
5988
5989 hci_dev_lock(hdev);
5990
5991 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5992 bacpy(&hdev->public_addr, &cp->bdaddr);
5993
5994 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5995 if (err < 0)
5996 goto unlock;
5997
5998 if (!changed)
5999 goto unlock;
6000
6001 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6002 err = new_options(hdev, sk);
6003
6004 if (is_configured(hdev)) {
6005 mgmt_index_removed(hdev);
6006
6007 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6008
6009 hci_dev_set_flag(hdev, HCI_CONFIG);
6010 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6011
6012 queue_work(hdev->req_workqueue, &hdev->power_on);
6013 }
6014
6015unlock:
6016 hci_dev_unlock(hdev);
6017 return err;
6018}
6019
6020static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6021 u16 opcode, struct sk_buff *skb)
6022{
6023 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6024 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6025 u8 *h192, *r192, *h256, *r256;
6026 struct mgmt_pending_cmd *cmd;
6027 u16 eir_len;
6028 int err;
6029
6030 BT_DBG("%s status %u", hdev->name, status);
6031
6032 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6033 if (!cmd)
6034 return;
6035
6036 mgmt_cp = cmd->param;
6037
6038 if (status) {
6039 status = mgmt_status(status);
6040 eir_len = 0;
6041
6042 h192 = NULL;
6043 r192 = NULL;
6044 h256 = NULL;
6045 r256 = NULL;
6046 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6047 struct hci_rp_read_local_oob_data *rp;
6048
6049 if (skb->len != sizeof(*rp)) {
6050 status = MGMT_STATUS_FAILED;
6051 eir_len = 0;
6052 } else {
6053 status = MGMT_STATUS_SUCCESS;
6054 rp = (void *)skb->data;
6055
6056 eir_len = 5 + 18 + 18;
6057 h192 = rp->hash;
6058 r192 = rp->rand;
6059 h256 = NULL;
6060 r256 = NULL;
6061 }
6062 } else {
6063 struct hci_rp_read_local_oob_ext_data *rp;
6064
6065 if (skb->len != sizeof(*rp)) {
6066 status = MGMT_STATUS_FAILED;
6067 eir_len = 0;
6068 } else {
6069 status = MGMT_STATUS_SUCCESS;
6070 rp = (void *)skb->data;
6071
6072 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6073 eir_len = 5 + 18 + 18;
6074 h192 = NULL;
6075 r192 = NULL;
6076 } else {
6077 eir_len = 5 + 18 + 18 + 18 + 18;
6078 h192 = rp->hash192;
6079 r192 = rp->rand192;
6080 }
6081
6082 h256 = rp->hash256;
6083 r256 = rp->rand256;
6084 }
6085 }
6086
6087 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6088 if (!mgmt_rp)
6089 goto done;
6090
6091 if (status)
6092 goto send_rsp;
6093
6094 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6095 hdev->dev_class, 3);
6096
6097 if (h192 && r192) {
6098 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6099 EIR_SSP_HASH_C192, h192, 16);
6100 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6101 EIR_SSP_RAND_R192, r192, 16);
6102 }
6103
6104 if (h256 && r256) {
6105 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6106 EIR_SSP_HASH_C256, h256, 16);
6107 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6108 EIR_SSP_RAND_R256, r256, 16);
6109 }
6110
6111send_rsp:
6112 mgmt_rp->type = mgmt_cp->type;
6113 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6114
6115 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6116 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6117 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6118 if (err < 0 || status)
6119 goto done;
6120
6121 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6122
6123 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6124 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6125 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6126done:
6127 kfree(mgmt_rp);
6128 mgmt_pending_remove(cmd);
6129}
6130
6131static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6132 struct mgmt_cp_read_local_oob_ext_data *cp)
6133{
6134 struct mgmt_pending_cmd *cmd;
6135 struct hci_request req;
6136 int err;
6137
6138 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6139 cp, sizeof(*cp));
6140 if (!cmd)
6141 return -ENOMEM;
6142
6143 hci_req_init(&req, hdev);
6144
6145 if (bredr_sc_enabled(hdev))
6146 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6147 else
6148 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6149
6150 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6151 if (err < 0) {
6152 mgmt_pending_remove(cmd);
6153 return err;
6154 }
6155
6156 return 0;
6157}
6158
6159static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 data_len)
6161{
6162 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6163 struct mgmt_rp_read_local_oob_ext_data *rp;
6164 size_t rp_len;
6165 u16 eir_len;
6166 u8 status, flags, role, addr[7], hash[16], rand[16];
6167 int err;
6168
6169 BT_DBG("%s", hdev->name);
6170
6171 if (hdev_is_powered(hdev)) {
6172 switch (cp->type) {
6173 case BIT(BDADDR_BREDR):
6174 status = mgmt_bredr_support(hdev);
6175 if (status)
6176 eir_len = 0;
6177 else
6178 eir_len = 5;
6179 break;
6180 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6181 status = mgmt_le_support(hdev);
6182 if (status)
6183 eir_len = 0;
6184 else
6185 eir_len = 9 + 3 + 18 + 18 + 3;
6186 break;
6187 default:
6188 status = MGMT_STATUS_INVALID_PARAMS;
6189 eir_len = 0;
6190 break;
6191 }
6192 } else {
6193 status = MGMT_STATUS_NOT_POWERED;
6194 eir_len = 0;
6195 }
6196
6197 rp_len = sizeof(*rp) + eir_len;
6198 rp = kmalloc(rp_len, GFP_ATOMIC);
6199 if (!rp)
6200 return -ENOMEM;
6201
6202 if (status)
6203 goto complete;
6204
6205 hci_dev_lock(hdev);
6206
6207 eir_len = 0;
6208 switch (cp->type) {
6209 case BIT(BDADDR_BREDR):
6210 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6211 err = read_local_ssp_oob_req(hdev, sk, cp);
6212 hci_dev_unlock(hdev);
6213 if (!err)
6214 goto done;
6215
6216 status = MGMT_STATUS_FAILED;
6217 goto complete;
6218 } else {
6219 eir_len = eir_append_data(rp->eir, eir_len,
6220 EIR_CLASS_OF_DEV,
6221 hdev->dev_class, 3);
6222 }
6223 break;
6224 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6225 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6226 smp_generate_oob(hdev, hash, rand) < 0) {
6227 hci_dev_unlock(hdev);
6228 status = MGMT_STATUS_FAILED;
6229 goto complete;
6230 }
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6243 hci_dev_unlock(hdev);
6244 status = MGMT_STATUS_REJECTED;
6245 goto complete;
6246 }
6247
6248 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6249 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6250 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6251 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6252 memcpy(addr, &hdev->static_addr, 6);
6253 addr[6] = 0x01;
6254 } else {
6255 memcpy(addr, &hdev->bdaddr, 6);
6256 addr[6] = 0x00;
6257 }
6258
6259 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6260 addr, sizeof(addr));
6261
6262 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6263 role = 0x02;
6264 else
6265 role = 0x01;
6266
6267 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6268 &role, sizeof(role));
6269
6270 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6271 eir_len = eir_append_data(rp->eir, eir_len,
6272 EIR_LE_SC_CONFIRM,
6273 hash, sizeof(hash));
6274
6275 eir_len = eir_append_data(rp->eir, eir_len,
6276 EIR_LE_SC_RANDOM,
6277 rand, sizeof(rand));
6278 }
6279
6280 flags = mgmt_get_adv_discov_flags(hdev);
6281
6282 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6283 flags |= LE_AD_NO_BREDR;
6284
6285 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6286 &flags, sizeof(flags));
6287 break;
6288 }
6289
6290 hci_dev_unlock(hdev);
6291
6292 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6293
6294 status = MGMT_STATUS_SUCCESS;
6295
6296complete:
6297 rp->type = cp->type;
6298 rp->eir_len = cpu_to_le16(eir_len);
6299
6300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6301 status, rp, sizeof(*rp) + eir_len);
6302 if (err < 0 || status)
6303 goto done;
6304
6305 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6306 rp, sizeof(*rp) + eir_len,
6307 HCI_MGMT_OOB_DATA_EVENTS, sk);
6308
6309done:
6310 kfree(rp);
6311
6312 return err;
6313}
6314
6315static u32 get_supported_adv_flags(struct hci_dev *hdev)
6316{
6317 u32 flags = 0;
6318
6319 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6320 flags |= MGMT_ADV_FLAG_DISCOV;
6321 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6322 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6323 flags |= MGMT_ADV_FLAG_APPEARANCE;
6324 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6325
6326
6327
6328
6329 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6330 ext_adv_capable(hdev))
6331 flags |= MGMT_ADV_FLAG_TX_POWER;
6332
6333 if (ext_adv_capable(hdev)) {
6334 flags |= MGMT_ADV_FLAG_SEC_1M;
6335
6336 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6337 flags |= MGMT_ADV_FLAG_SEC_2M;
6338
6339 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6340 flags |= MGMT_ADV_FLAG_SEC_CODED;
6341 }
6342
6343 return flags;
6344}
6345
6346static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6347 void *data, u16 data_len)
6348{
6349 struct mgmt_rp_read_adv_features *rp;
6350 size_t rp_len;
6351 int err;
6352 struct adv_info *adv_instance;
6353 u32 supported_flags;
6354 u8 *instance;
6355
6356 BT_DBG("%s", hdev->name);
6357
6358 if (!lmp_le_capable(hdev))
6359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6360 MGMT_STATUS_REJECTED);
6361
6362 hci_dev_lock(hdev);
6363
6364 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6365 rp = kmalloc(rp_len, GFP_ATOMIC);
6366 if (!rp) {
6367 hci_dev_unlock(hdev);
6368 return -ENOMEM;
6369 }
6370
6371 supported_flags = get_supported_adv_flags(hdev);
6372
6373 rp->supported_flags = cpu_to_le32(supported_flags);
6374 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6375 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6376 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6377 rp->num_instances = hdev->adv_instance_cnt;
6378
6379 instance = rp->instance;
6380 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6381 *instance = adv_instance->instance;
6382 instance++;
6383 }
6384
6385 hci_dev_unlock(hdev);
6386
6387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6388 MGMT_STATUS_SUCCESS, rp, rp_len);
6389
6390 kfree(rp);
6391
6392 return err;
6393}
6394
6395static u8 calculate_name_len(struct hci_dev *hdev)
6396{
6397 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6398
6399 return append_local_name(hdev, buf, 0);
6400}
6401
6402static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6403 bool is_adv_data)
6404{
6405 u8 max_len = HCI_MAX_AD_LENGTH;
6406
6407 if (is_adv_data) {
6408 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6409 MGMT_ADV_FLAG_LIMITED_DISCOV |
6410 MGMT_ADV_FLAG_MANAGED_FLAGS))
6411 max_len -= 3;
6412
6413 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6414 max_len -= 3;
6415 } else {
6416 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6417 max_len -= calculate_name_len(hdev);
6418
6419 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6420 max_len -= 4;
6421 }
6422
6423 return max_len;
6424}
6425
6426static bool flags_managed(u32 adv_flags)
6427{
6428 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6429 MGMT_ADV_FLAG_LIMITED_DISCOV |
6430 MGMT_ADV_FLAG_MANAGED_FLAGS);
6431}
6432
6433static bool tx_power_managed(u32 adv_flags)
6434{
6435 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6436}
6437
6438static bool name_managed(u32 adv_flags)
6439{
6440 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6441}
6442
6443static bool appearance_managed(u32 adv_flags)
6444{
6445 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6446}
6447
6448static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6449 u8 len, bool is_adv_data)
6450{
6451 int i, cur_len;
6452 u8 max_len;
6453
6454 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6455
6456 if (len > max_len)
6457 return false;
6458
6459
6460 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6461 cur_len = data[i];
6462
6463 if (data[i + 1] == EIR_FLAGS &&
6464 (!is_adv_data || flags_managed(adv_flags)))
6465 return false;
6466
6467 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6468 return false;
6469
6470 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6471 return false;
6472
6473 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6474 return false;
6475
6476 if (data[i + 1] == EIR_APPEARANCE &&
6477 appearance_managed(adv_flags))
6478 return false;
6479
6480
6481
6482
6483 if (i + cur_len >= len)
6484 return false;
6485 }
6486
6487 return true;
6488}
6489
6490static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6491 u16 opcode)
6492{
6493 struct mgmt_pending_cmd *cmd;
6494 struct mgmt_cp_add_advertising *cp;
6495 struct mgmt_rp_add_advertising rp;
6496 struct adv_info *adv_instance, *n;
6497 u8 instance;
6498
6499 BT_DBG("status %d", status);
6500
6501 hci_dev_lock(hdev);
6502
6503 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6504
6505 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6506 if (!adv_instance->pending)
6507 continue;
6508
6509 if (!status) {
6510 adv_instance->pending = false;
6511 continue;
6512 }
6513
6514 instance = adv_instance->instance;
6515
6516 if (hdev->cur_adv_instance == instance)
6517 cancel_adv_timeout(hdev);
6518
6519 hci_remove_adv_instance(hdev, instance);
6520 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6521 }
6522
6523 if (!cmd)
6524 goto unlock;
6525
6526 cp = cmd->param;
6527 rp.instance = cp->instance;
6528
6529 if (status)
6530 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6531 mgmt_status(status));
6532 else
6533 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6534 mgmt_status(status), &rp, sizeof(rp));
6535
6536 mgmt_pending_remove(cmd);
6537
6538unlock:
6539 hci_dev_unlock(hdev);
6540}
6541
6542static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6543 void *data, u16 data_len)
6544{
6545 struct mgmt_cp_add_advertising *cp = data;
6546 struct mgmt_rp_add_advertising rp;
6547 u32 flags;
6548 u32 supported_flags, phy_flags;
6549 u8 status;
6550 u16 timeout, duration;
6551 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6552 u8 schedule_instance = 0;
6553 struct adv_info *next_instance;
6554 int err;
6555 struct mgmt_pending_cmd *cmd;
6556 struct hci_request req;
6557
6558 BT_DBG("%s", hdev->name);
6559
6560 status = mgmt_le_support(hdev);
6561 if (status)
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6563 status);
6564
6565 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6567 MGMT_STATUS_INVALID_PARAMS);
6568
6569 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6571 MGMT_STATUS_INVALID_PARAMS);
6572
6573 flags = __le32_to_cpu(cp->flags);
6574 timeout = __le16_to_cpu(cp->timeout);
6575 duration = __le16_to_cpu(cp->duration);
6576
6577
6578
6579
6580 supported_flags = get_supported_adv_flags(hdev);
6581 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6582 if (flags & ~supported_flags ||
6583 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6585 MGMT_STATUS_INVALID_PARAMS);
6586
6587 hci_dev_lock(hdev);
6588
6589 if (timeout && !hdev_is_powered(hdev)) {
6590 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6591 MGMT_STATUS_REJECTED);
6592 goto unlock;
6593 }
6594
6595 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6596 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6597 pending_find(MGMT_OP_SET_LE, hdev)) {
6598 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6599 MGMT_STATUS_BUSY);
6600 goto unlock;
6601 }
6602
6603 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6604 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6605 cp->scan_rsp_len, false)) {
6606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6607 MGMT_STATUS_INVALID_PARAMS);
6608 goto unlock;
6609 }
6610
6611 err = hci_add_adv_instance(hdev, cp->instance, flags,
6612 cp->adv_data_len, cp->data,
6613 cp->scan_rsp_len,
6614 cp->data + cp->adv_data_len,
6615 timeout, duration);
6616 if (err < 0) {
6617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6618 MGMT_STATUS_FAILED);
6619 goto unlock;
6620 }
6621
6622
6623
6624
6625 if (hdev->adv_instance_cnt > prev_instance_cnt)
6626 mgmt_advertising_added(sk, hdev, cp->instance);
6627
6628 if (hdev->cur_adv_instance == cp->instance) {
6629
6630
6631
6632
6633
6634 cancel_adv_timeout(hdev);
6635
6636 next_instance = hci_get_next_instance(hdev, cp->instance);
6637 if (next_instance)
6638 schedule_instance = next_instance->instance;
6639 } else if (!hdev->adv_instance_timeout) {
6640
6641
6642
6643 schedule_instance = cp->instance;
6644 }
6645
6646
6647
6648
6649
6650 if (!hdev_is_powered(hdev) ||
6651 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6652 !schedule_instance) {
6653 rp.instance = cp->instance;
6654 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6655 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6656 goto unlock;
6657 }
6658
6659
6660
6661
6662 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6663 data_len);
6664 if (!cmd) {
6665 err = -ENOMEM;
6666 goto unlock;
6667 }
6668
6669 hci_req_init(&req, hdev);
6670
6671 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6672
6673 if (!err)
6674 err = hci_req_run(&req, add_advertising_complete);
6675
6676 if (err < 0)
6677 mgmt_pending_remove(cmd);
6678
6679unlock:
6680 hci_dev_unlock(hdev);
6681
6682 return err;
6683}
6684
6685static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6686 u16 opcode)
6687{
6688 struct mgmt_pending_cmd *cmd;
6689 struct mgmt_cp_remove_advertising *cp;
6690 struct mgmt_rp_remove_advertising rp;
6691
6692 BT_DBG("status %d", status);
6693
6694 hci_dev_lock(hdev);
6695
6696
6697
6698
6699
6700 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6701 if (!cmd)
6702 goto unlock;
6703
6704 cp = cmd->param;
6705 rp.instance = cp->instance;
6706
6707 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6708 &rp, sizeof(rp));
6709 mgmt_pending_remove(cmd);
6710
6711unlock:
6712 hci_dev_unlock(hdev);
6713}
6714
6715static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6716 void *data, u16 data_len)
6717{
6718 struct mgmt_cp_remove_advertising *cp = data;
6719 struct mgmt_rp_remove_advertising rp;
6720 struct mgmt_pending_cmd *cmd;
6721 struct hci_request req;
6722 int err;
6723
6724 BT_DBG("%s", hdev->name);
6725
6726 hci_dev_lock(hdev);
6727
6728 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6729 err = mgmt_cmd_status(sk, hdev->id,
6730 MGMT_OP_REMOVE_ADVERTISING,
6731 MGMT_STATUS_INVALID_PARAMS);
6732 goto unlock;
6733 }
6734
6735 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6736 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6737 pending_find(MGMT_OP_SET_LE, hdev)) {
6738 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6739 MGMT_STATUS_BUSY);
6740 goto unlock;
6741 }
6742
6743 if (list_empty(&hdev->adv_instances)) {
6744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6745 MGMT_STATUS_INVALID_PARAMS);
6746 goto unlock;
6747 }
6748
6749 hci_req_init(&req, hdev);
6750
6751 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6752
6753 if (list_empty(&hdev->adv_instances))
6754 __hci_req_disable_advertising(&req);
6755
6756
6757
6758
6759
6760 if (skb_queue_empty(&req.cmd_q) ||
6761 !hdev_is_powered(hdev) ||
6762 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6763 hci_req_purge(&req);
6764 rp.instance = cp->instance;
6765 err = mgmt_cmd_complete(sk, hdev->id,
6766 MGMT_OP_REMOVE_ADVERTISING,
6767 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6768 goto unlock;
6769 }
6770
6771 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6772 data_len);
6773 if (!cmd) {
6774 err = -ENOMEM;
6775 goto unlock;
6776 }
6777
6778 err = hci_req_run(&req, remove_advertising_complete);
6779 if (err < 0)
6780 mgmt_pending_remove(cmd);
6781
6782unlock:
6783 hci_dev_unlock(hdev);
6784
6785 return err;
6786}
6787
6788static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6789 void *data, u16 data_len)
6790{
6791 struct mgmt_cp_get_adv_size_info *cp = data;
6792 struct mgmt_rp_get_adv_size_info rp;
6793 u32 flags, supported_flags;
6794 int err;
6795
6796 BT_DBG("%s", hdev->name);
6797
6798 if (!lmp_le_capable(hdev))
6799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6800 MGMT_STATUS_REJECTED);
6801
6802 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6804 MGMT_STATUS_INVALID_PARAMS);
6805
6806 flags = __le32_to_cpu(cp->flags);
6807
6808
6809
6810
6811 supported_flags = get_supported_adv_flags(hdev);
6812 if (flags & ~supported_flags)
6813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6814 MGMT_STATUS_INVALID_PARAMS);
6815
6816 rp.instance = cp->instance;
6817 rp.flags = cp->flags;
6818 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6819 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6820
6821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6822 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6823
6824 return err;
6825}
6826
6827static const struct hci_mgmt_handler mgmt_handlers[] = {
6828 { NULL },
6829 { read_version, MGMT_READ_VERSION_SIZE,
6830 HCI_MGMT_NO_HDEV |
6831 HCI_MGMT_UNTRUSTED },
6832 { read_commands, MGMT_READ_COMMANDS_SIZE,
6833 HCI_MGMT_NO_HDEV |
6834 HCI_MGMT_UNTRUSTED },
6835 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6836 HCI_MGMT_NO_HDEV |
6837 HCI_MGMT_UNTRUSTED },
6838 { read_controller_info, MGMT_READ_INFO_SIZE,
6839 HCI_MGMT_UNTRUSTED },
6840 { set_powered, MGMT_SETTING_SIZE },
6841 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6842 { set_connectable, MGMT_SETTING_SIZE },
6843 { set_fast_connectable, MGMT_SETTING_SIZE },
6844 { set_bondable, MGMT_SETTING_SIZE },
6845 { set_link_security, MGMT_SETTING_SIZE },
6846 { set_ssp, MGMT_SETTING_SIZE },
6847 { set_hs, MGMT_SETTING_SIZE },
6848 { set_le, MGMT_SETTING_SIZE },
6849 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6850 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6851 { add_uuid, MGMT_ADD_UUID_SIZE },
6852 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6853 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6854 HCI_MGMT_VAR_LEN },
6855 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6856 HCI_MGMT_VAR_LEN },
6857 { disconnect, MGMT_DISCONNECT_SIZE },
6858 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6859 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6860 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6861 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6862 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6863 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6864 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6865 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6866 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6867 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6868 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6869 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6870 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6871 HCI_MGMT_VAR_LEN },
6872 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6873 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6874 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6875 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6876 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6877 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6878 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6879 { set_advertising, MGMT_SETTING_SIZE },
6880 { set_bredr, MGMT_SETTING_SIZE },
6881 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6882 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6883 { set_secure_conn, MGMT_SETTING_SIZE },
6884 { set_debug_keys, MGMT_SETTING_SIZE },
6885 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6886 { load_irks, MGMT_LOAD_IRKS_SIZE,
6887 HCI_MGMT_VAR_LEN },
6888 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6889 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6890 { add_device, MGMT_ADD_DEVICE_SIZE },
6891 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6892 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6893 HCI_MGMT_VAR_LEN },
6894 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6895 HCI_MGMT_NO_HDEV |
6896 HCI_MGMT_UNTRUSTED },
6897 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6898 HCI_MGMT_UNCONFIGURED |
6899 HCI_MGMT_UNTRUSTED },
6900 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6901 HCI_MGMT_UNCONFIGURED },
6902 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6903 HCI_MGMT_UNCONFIGURED },
6904 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6905 HCI_MGMT_VAR_LEN },
6906 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6907 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6908 HCI_MGMT_NO_HDEV |
6909 HCI_MGMT_UNTRUSTED },
6910 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6911 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6912 HCI_MGMT_VAR_LEN },
6913 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6914 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6915 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6916 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6917 HCI_MGMT_UNTRUSTED },
6918 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6919 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6920 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6921};
6922
6923void mgmt_index_added(struct hci_dev *hdev)
6924{
6925 struct mgmt_ev_ext_index ev;
6926
6927 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6928 return;
6929
6930 switch (hdev->dev_type) {
6931 case HCI_PRIMARY:
6932 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6933 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6934 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6935 ev.type = 0x01;
6936 } else {
6937 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6938 HCI_MGMT_INDEX_EVENTS);
6939 ev.type = 0x00;
6940 }
6941 break;
6942 case HCI_AMP:
6943 ev.type = 0x02;
6944 break;
6945 default:
6946 return;
6947 }
6948
6949 ev.bus = hdev->bus;
6950
6951 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6952 HCI_MGMT_EXT_INDEX_EVENTS);
6953}
6954
6955void mgmt_index_removed(struct hci_dev *hdev)
6956{
6957 struct mgmt_ev_ext_index ev;
6958 u8 status = MGMT_STATUS_INVALID_INDEX;
6959
6960 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6961 return;
6962
6963 switch (hdev->dev_type) {
6964 case HCI_PRIMARY:
6965 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6966
6967 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6968 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6969 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6970 ev.type = 0x01;
6971 } else {
6972 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6973 HCI_MGMT_INDEX_EVENTS);
6974 ev.type = 0x00;
6975 }
6976 break;
6977 case HCI_AMP:
6978 ev.type = 0x02;
6979 break;
6980 default:
6981 return;
6982 }
6983
6984 ev.bus = hdev->bus;
6985
6986 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6987 HCI_MGMT_EXT_INDEX_EVENTS);
6988}
6989
6990
6991static void restart_le_actions(struct hci_dev *hdev)
6992{
6993 struct hci_conn_params *p;
6994
6995 list_for_each_entry(p, &hdev->le_conn_params, list) {
6996
6997
6998
6999 list_del_init(&p->action);
7000
7001 switch (p->auto_connect) {
7002 case HCI_AUTO_CONN_DIRECT:
7003 case HCI_AUTO_CONN_ALWAYS:
7004 list_add(&p->action, &hdev->pend_le_conns);
7005 break;
7006 case HCI_AUTO_CONN_REPORT:
7007 list_add(&p->action, &hdev->pend_le_reports);
7008 break;
7009 default:
7010 break;
7011 }
7012 }
7013}
7014
7015void mgmt_power_on(struct hci_dev *hdev, int err)
7016{
7017 struct cmd_lookup match = { NULL, hdev };
7018
7019 BT_DBG("err %d", err);
7020
7021 hci_dev_lock(hdev);
7022
7023 if (!err) {
7024 restart_le_actions(hdev);
7025 hci_update_background_scan(hdev);
7026 }
7027
7028 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7029
7030 new_settings(hdev, match.sk);
7031
7032 if (match.sk)
7033 sock_put(match.sk);
7034
7035 hci_dev_unlock(hdev);
7036}
7037
7038void __mgmt_power_off(struct hci_dev *hdev)
7039{
7040 struct cmd_lookup match = { NULL, hdev };
7041 u8 status, zero_cod[] = { 0, 0, 0 };
7042
7043 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7044
7045
7046
7047
7048
7049
7050
7051
7052 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7053 status = MGMT_STATUS_INVALID_INDEX;
7054 else
7055 status = MGMT_STATUS_NOT_POWERED;
7056
7057 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7058
7059 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7060 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7061 zero_cod, sizeof(zero_cod),
7062 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7063 ext_info_changed(hdev, NULL);
7064 }
7065
7066 new_settings(hdev, match.sk);
7067
7068 if (match.sk)
7069 sock_put(match.sk);
7070}
7071
7072void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7073{
7074 struct mgmt_pending_cmd *cmd;
7075 u8 status;
7076
7077 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7078 if (!cmd)
7079 return;
7080
7081 if (err == -ERFKILL)
7082 status = MGMT_STATUS_RFKILLED;
7083 else
7084 status = MGMT_STATUS_FAILED;
7085
7086 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7087
7088 mgmt_pending_remove(cmd);
7089}
7090
7091void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7092 bool persistent)
7093{
7094 struct mgmt_ev_new_link_key ev;
7095
7096 memset(&ev, 0, sizeof(ev));
7097
7098 ev.store_hint = persistent;
7099 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7100 ev.key.addr.type = BDADDR_BREDR;
7101 ev.key.type = key->type;
7102 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7103 ev.key.pin_len = key->pin_len;
7104
7105 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7106}
7107
7108static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7109{
7110 switch (ltk->type) {
7111 case SMP_LTK:
7112 case SMP_LTK_SLAVE:
7113 if (ltk->authenticated)
7114 return MGMT_LTK_AUTHENTICATED;
7115 return MGMT_LTK_UNAUTHENTICATED;
7116 case SMP_LTK_P256:
7117 if (ltk->authenticated)
7118 return MGMT_LTK_P256_AUTH;
7119 return MGMT_LTK_P256_UNAUTH;
7120 case SMP_LTK_P256_DEBUG:
7121 return MGMT_LTK_P256_DEBUG;
7122 }
7123
7124 return MGMT_LTK_UNAUTHENTICATED;
7125}
7126
7127void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7128{
7129 struct mgmt_ev_new_long_term_key ev;
7130
7131 memset(&ev, 0, sizeof(ev));
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7145 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7146 ev.store_hint = 0x00;
7147 else
7148 ev.store_hint = persistent;
7149
7150 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7151 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7152 ev.key.type = mgmt_ltk_type(key);
7153 ev.key.enc_size = key->enc_size;
7154 ev.key.ediv = key->ediv;
7155 ev.key.rand = key->rand;
7156
7157 if (key->type == SMP_LTK)
7158 ev.key.master = 1;
7159
7160
7161
7162
7163 memcpy(ev.key.val, key->val, key->enc_size);
7164 memset(ev.key.val + key->enc_size, 0,
7165 sizeof(ev.key.val) - key->enc_size);
7166
7167 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7168}
7169
7170void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7171{
7172 struct mgmt_ev_new_irk ev;
7173
7174 memset(&ev, 0, sizeof(ev));
7175
7176 ev.store_hint = persistent;
7177
7178 bacpy(&ev.rpa, &irk->rpa);
7179 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7180 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7181 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7182
7183 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7184}
7185
7186void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7187 bool persistent)
7188{
7189 struct mgmt_ev_new_csrk ev;
7190
7191 memset(&ev, 0, sizeof(ev));
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7203 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7204 ev.store_hint = 0x00;
7205 else
7206 ev.store_hint = persistent;
7207
7208 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7209 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7210 ev.key.type = csrk->type;
7211 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7212
7213 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7214}
7215
7216void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7217 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7218 u16 max_interval, u16 latency, u16 timeout)
7219{
7220 struct mgmt_ev_new_conn_param ev;
7221
7222 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7223 return;
7224
7225 memset(&ev, 0, sizeof(ev));
7226 bacpy(&ev.addr.bdaddr, bdaddr);
7227 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7228 ev.store_hint = store_hint;
7229 ev.min_interval = cpu_to_le16(min_interval);
7230 ev.max_interval = cpu_to_le16(max_interval);
7231 ev.latency = cpu_to_le16(latency);
7232 ev.timeout = cpu_to_le16(timeout);
7233
7234 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7235}
7236
7237void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7238 u32 flags, u8 *name, u8 name_len)
7239{
7240 char buf[512];
7241 struct mgmt_ev_device_connected *ev = (void *) buf;
7242 u16 eir_len = 0;
7243
7244 bacpy(&ev->addr.bdaddr, &conn->dst);
7245 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7246
7247 ev->flags = __cpu_to_le32(flags);
7248
7249
7250
7251
7252
7253 if (conn->le_adv_data_len > 0) {
7254 memcpy(&ev->eir[eir_len],
7255 conn->le_adv_data, conn->le_adv_data_len);
7256 eir_len = conn->le_adv_data_len;
7257 } else {
7258 if (name_len > 0)
7259 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7260 name, name_len);
7261
7262 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7263 eir_len = eir_append_data(ev->eir, eir_len,
7264 EIR_CLASS_OF_DEV,
7265 conn->dev_class, 3);
7266 }
7267
7268 ev->eir_len = cpu_to_le16(eir_len);
7269
7270 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7271 sizeof(*ev) + eir_len, NULL);
7272}
7273
7274static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7275{
7276 struct sock **sk = data;
7277
7278 cmd->cmd_complete(cmd, 0);
7279
7280 *sk = cmd->sk;
7281 sock_hold(*sk);
7282
7283 mgmt_pending_remove(cmd);
7284}
7285
7286static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7287{
7288 struct hci_dev *hdev = data;
7289 struct mgmt_cp_unpair_device *cp = cmd->param;
7290
7291 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7292
7293 cmd->cmd_complete(cmd, 0);
7294 mgmt_pending_remove(cmd);
7295}
7296
7297bool mgmt_powering_down(struct hci_dev *hdev)
7298{
7299 struct mgmt_pending_cmd *cmd;
7300 struct mgmt_mode *cp;
7301
7302 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7303 if (!cmd)
7304 return false;
7305
7306 cp = cmd->param;
7307 if (!cp->val)
7308 return true;
7309
7310 return false;
7311}
7312
7313void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7314 u8 link_type, u8 addr_type, u8 reason,
7315 bool mgmt_connected)
7316{
7317 struct mgmt_ev_device_disconnected ev;
7318 struct sock *sk = NULL;
7319
7320
7321
7322
7323 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7324 cancel_delayed_work(&hdev->power_off);
7325 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7326 }
7327
7328 if (!mgmt_connected)
7329 return;
7330
7331 if (link_type != ACL_LINK && link_type != LE_LINK)
7332 return;
7333
7334 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7335
7336 bacpy(&ev.addr.bdaddr, bdaddr);
7337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7338 ev.reason = reason;
7339
7340 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7341
7342 if (sk)
7343 sock_put(sk);
7344
7345 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7346 hdev);
7347}
7348
7349void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7350 u8 link_type, u8 addr_type, u8 status)
7351{
7352 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7353 struct mgmt_cp_disconnect *cp;
7354 struct mgmt_pending_cmd *cmd;
7355
7356 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7357 hdev);
7358
7359 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7360 if (!cmd)
7361 return;
7362
7363 cp = cmd->param;
7364
7365 if (bacmp(bdaddr, &cp->addr.bdaddr))
7366 return;
7367
7368 if (cp->addr.type != bdaddr_type)
7369 return;
7370
7371 cmd->cmd_complete(cmd, mgmt_status(status));
7372 mgmt_pending_remove(cmd);
7373}
7374
7375void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7376 u8 addr_type, u8 status)
7377{
7378 struct mgmt_ev_connect_failed ev;
7379
7380
7381
7382
7383 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7384 cancel_delayed_work(&hdev->power_off);
7385 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7386 }
7387
7388 bacpy(&ev.addr.bdaddr, bdaddr);
7389 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7390 ev.status = mgmt_status(status);
7391
7392 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7393}
7394
7395void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7396{
7397 struct mgmt_ev_pin_code_request ev;
7398
7399 bacpy(&ev.addr.bdaddr, bdaddr);
7400 ev.addr.type = BDADDR_BREDR;
7401 ev.secure = secure;
7402
7403 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7404}
7405
7406void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7407 u8 status)
7408{
7409 struct mgmt_pending_cmd *cmd;
7410
7411 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7412 if (!cmd)
7413 return;
7414
7415 cmd->cmd_complete(cmd, mgmt_status(status));
7416 mgmt_pending_remove(cmd);
7417}
7418
7419void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7420 u8 status)
7421{
7422 struct mgmt_pending_cmd *cmd;
7423
7424 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7425 if (!cmd)
7426 return;
7427
7428 cmd->cmd_complete(cmd, mgmt_status(status));
7429 mgmt_pending_remove(cmd);
7430}
7431
7432int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7433 u8 link_type, u8 addr_type, u32 value,
7434 u8 confirm_hint)
7435{
7436 struct mgmt_ev_user_confirm_request ev;
7437
7438 BT_DBG("%s", hdev->name);
7439
7440 bacpy(&ev.addr.bdaddr, bdaddr);
7441 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7442 ev.confirm_hint = confirm_hint;
7443 ev.value = cpu_to_le32(value);
7444
7445 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7446 NULL);
7447}
7448
7449int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7450 u8 link_type, u8 addr_type)
7451{
7452 struct mgmt_ev_user_passkey_request ev;
7453
7454 BT_DBG("%s", hdev->name);
7455
7456 bacpy(&ev.addr.bdaddr, bdaddr);
7457 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7458
7459 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7460 NULL);
7461}
7462
7463static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7464 u8 link_type, u8 addr_type, u8 status,
7465 u8 opcode)
7466{
7467 struct mgmt_pending_cmd *cmd;
7468
7469 cmd = pending_find(opcode, hdev);
7470 if (!cmd)
7471 return -ENOENT;
7472
7473 cmd->cmd_complete(cmd, mgmt_status(status));
7474 mgmt_pending_remove(cmd);
7475
7476 return 0;
7477}
7478
7479int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7480 u8 link_type, u8 addr_type, u8 status)
7481{
7482 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7483 status, MGMT_OP_USER_CONFIRM_REPLY);
7484}
7485
7486int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7487 u8 link_type, u8 addr_type, u8 status)
7488{
7489 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7490 status,
7491 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7492}
7493
7494int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7495 u8 link_type, u8 addr_type, u8 status)
7496{
7497 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7498 status, MGMT_OP_USER_PASSKEY_REPLY);
7499}
7500
7501int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7502 u8 link_type, u8 addr_type, u8 status)
7503{
7504 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7505 status,
7506 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7507}
7508
7509int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7510 u8 link_type, u8 addr_type, u32 passkey,
7511 u8 entered)
7512{
7513 struct mgmt_ev_passkey_notify ev;
7514
7515 BT_DBG("%s", hdev->name);
7516
7517 bacpy(&ev.addr.bdaddr, bdaddr);
7518 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7519 ev.passkey = __cpu_to_le32(passkey);
7520 ev.entered = entered;
7521
7522 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7523}
7524
7525void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7526{
7527 struct mgmt_ev_auth_failed ev;
7528 struct mgmt_pending_cmd *cmd;
7529 u8 status = mgmt_status(hci_status);
7530
7531 bacpy(&ev.addr.bdaddr, &conn->dst);
7532 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7533 ev.status = status;
7534
7535 cmd = find_pairing(conn);
7536
7537 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7538 cmd ? cmd->sk : NULL);
7539
7540 if (cmd) {
7541 cmd->cmd_complete(cmd, status);
7542 mgmt_pending_remove(cmd);
7543 }
7544}
7545
7546void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7547{
7548 struct cmd_lookup match = { NULL, hdev };
7549 bool changed;
7550
7551 if (status) {
7552 u8 mgmt_err = mgmt_status(status);
7553 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7554 cmd_status_rsp, &mgmt_err);
7555 return;
7556 }
7557
7558 if (test_bit(HCI_AUTH, &hdev->flags))
7559 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7560 else
7561 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7562
7563 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7564 &match);
7565
7566 if (changed)
7567 new_settings(hdev, match.sk);
7568
7569 if (match.sk)
7570 sock_put(match.sk);
7571}
7572
7573static void clear_eir(struct hci_request *req)
7574{
7575 struct hci_dev *hdev = req->hdev;
7576 struct hci_cp_write_eir cp;
7577
7578 if (!lmp_ext_inq_capable(hdev))
7579 return;
7580
7581 memset(hdev->eir, 0, sizeof(hdev->eir));
7582
7583 memset(&cp, 0, sizeof(cp));
7584
7585 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7586}
7587
7588void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7589{
7590 struct cmd_lookup match = { NULL, hdev };
7591 struct hci_request req;
7592 bool changed = false;
7593
7594 if (status) {
7595 u8 mgmt_err = mgmt_status(status);
7596
7597 if (enable && hci_dev_test_and_clear_flag(hdev,
7598 HCI_SSP_ENABLED)) {
7599 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7600 new_settings(hdev, NULL);
7601 }
7602
7603 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7604 &mgmt_err);
7605 return;
7606 }
7607
7608 if (enable) {
7609 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7610 } else {
7611 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7612 if (!changed)
7613 changed = hci_dev_test_and_clear_flag(hdev,
7614 HCI_HS_ENABLED);
7615 else
7616 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7617 }
7618
7619 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7620
7621 if (changed)
7622 new_settings(hdev, match.sk);
7623
7624 if (match.sk)
7625 sock_put(match.sk);
7626
7627 hci_req_init(&req, hdev);
7628
7629 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7630 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7631 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7632 sizeof(enable), &enable);
7633 __hci_req_update_eir(&req);
7634 } else {
7635 clear_eir(&req);
7636 }
7637
7638 hci_req_run(&req, NULL);
7639}
7640
7641static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7642{
7643 struct cmd_lookup *match = data;
7644
7645 if (match->sk == NULL) {
7646 match->sk = cmd->sk;
7647 sock_hold(match->sk);
7648 }
7649}
7650
7651void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7652 u8 status)
7653{
7654 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7655
7656 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7657 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7658 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7659
7660 if (!status) {
7661 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7662 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7663 ext_info_changed(hdev, NULL);
7664 }
7665
7666 if (match.sk)
7667 sock_put(match.sk);
7668}
7669
7670void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7671{
7672 struct mgmt_cp_set_local_name ev;
7673 struct mgmt_pending_cmd *cmd;
7674
7675 if (status)
7676 return;
7677
7678 memset(&ev, 0, sizeof(ev));
7679 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7680 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7681
7682 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7683 if (!cmd) {
7684 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7685
7686
7687
7688
7689 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7690 return;
7691 }
7692
7693 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7694 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7695 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7696}
7697
7698static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7699{
7700 int i;
7701
7702 for (i = 0; i < uuid_count; i++) {
7703 if (!memcmp(uuid, uuids[i], 16))
7704 return true;
7705 }
7706
7707 return false;
7708}
7709
7710static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7711{
7712 u16 parsed = 0;
7713
7714 while (parsed < eir_len) {
7715 u8 field_len = eir[0];
7716 u8 uuid[16];
7717 int i;
7718
7719 if (field_len == 0)
7720 break;
7721
7722 if (eir_len - parsed < field_len + 1)
7723 break;
7724
7725 switch (eir[1]) {
7726 case EIR_UUID16_ALL:
7727 case EIR_UUID16_SOME:
7728 for (i = 0; i + 3 <= field_len; i += 2) {
7729 memcpy(uuid, bluetooth_base_uuid, 16);
7730 uuid[13] = eir[i + 3];
7731 uuid[12] = eir[i + 2];
7732 if (has_uuid(uuid, uuid_count, uuids))
7733 return true;
7734 }
7735 break;
7736 case EIR_UUID32_ALL:
7737 case EIR_UUID32_SOME:
7738 for (i = 0; i + 5 <= field_len; i += 4) {
7739 memcpy(uuid, bluetooth_base_uuid, 16);
7740 uuid[15] = eir[i + 5];
7741 uuid[14] = eir[i + 4];
7742 uuid[13] = eir[i + 3];
7743 uuid[12] = eir[i + 2];
7744 if (has_uuid(uuid, uuid_count, uuids))
7745 return true;
7746 }
7747 break;
7748 case EIR_UUID128_ALL:
7749 case EIR_UUID128_SOME:
7750 for (i = 0; i + 17 <= field_len; i += 16) {
7751 memcpy(uuid, eir + i + 2, 16);
7752 if (has_uuid(uuid, uuid_count, uuids))
7753 return true;
7754 }
7755 break;
7756 }
7757
7758 parsed += field_len + 1;
7759 eir += field_len + 1;
7760 }
7761
7762 return false;
7763}
7764
7765static void restart_le_scan(struct hci_dev *hdev)
7766{
7767
7768 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7769 return;
7770
7771 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7772 hdev->discovery.scan_start +
7773 hdev->discovery.scan_duration))
7774 return;
7775
7776 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7777 DISCOV_LE_RESTART_DELAY);
7778}
7779
7780static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7781 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7782{
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7793 (rssi == HCI_RSSI_INVALID ||
7794 (rssi < hdev->discovery.rssi &&
7795 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7796 return false;
7797
7798 if (hdev->discovery.uuid_count != 0) {
7799
7800
7801
7802 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7803 hdev->discovery.uuids) &&
7804 !eir_has_uuids(scan_rsp, scan_rsp_len,
7805 hdev->discovery.uuid_count,
7806 hdev->discovery.uuids))
7807 return false;
7808 }
7809
7810
7811
7812
7813 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7814 restart_le_scan(hdev);
7815
7816
7817 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7818 rssi < hdev->discovery.rssi)
7819 return false;
7820 }
7821
7822 return true;
7823}
7824
7825void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7826 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7827 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7828{
7829 char buf[512];
7830 struct mgmt_ev_device_found *ev = (void *)buf;
7831 size_t ev_size;
7832
7833
7834
7835
7836
7837 if (!hci_discovery_active(hdev)) {
7838 if (link_type == ACL_LINK)
7839 return;
7840 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7841 return;
7842 }
7843
7844 if (hdev->discovery.result_filtering) {
7845
7846 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7847 scan_rsp_len))
7848 return;
7849 }
7850
7851 if (hdev->discovery.limited) {
7852
7853 if (dev_class) {
7854 if (!(dev_class[1] & 0x20))
7855 return;
7856 } else {
7857 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7858 if (!flags || !(flags[0] & LE_AD_LIMITED))
7859 return;
7860 }
7861 }
7862
7863
7864
7865
7866 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7867 return;
7868
7869 memset(buf, 0, sizeof(buf));
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7880 link_type == ACL_LINK)
7881 rssi = 0;
7882
7883 bacpy(&ev->addr.bdaddr, bdaddr);
7884 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7885 ev->rssi = rssi;
7886 ev->flags = cpu_to_le32(flags);
7887
7888 if (eir_len > 0)
7889
7890 memcpy(ev->eir, eir, eir_len);
7891
7892 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7893 NULL))
7894 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7895 dev_class, 3);
7896
7897 if (scan_rsp_len > 0)
7898
7899 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7900
7901 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7902 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7903
7904 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7905}
7906
7907void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7908 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7909{
7910 struct mgmt_ev_device_found *ev;
7911 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7912 u16 eir_len;
7913
7914 ev = (struct mgmt_ev_device_found *) buf;
7915
7916 memset(buf, 0, sizeof(buf));
7917
7918 bacpy(&ev->addr.bdaddr, bdaddr);
7919 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7920 ev->rssi = rssi;
7921
7922 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7923 name_len);
7924
7925 ev->eir_len = cpu_to_le16(eir_len);
7926
7927 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7928}
7929
7930void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7931{
7932 struct mgmt_ev_discovering ev;
7933
7934 BT_DBG("%s discovering %u", hdev->name, discovering);
7935
7936 memset(&ev, 0, sizeof(ev));
7937 ev.type = hdev->discovery.type;
7938 ev.discovering = discovering;
7939
7940 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7941}
7942
7943static struct hci_mgmt_chan chan = {
7944 .channel = HCI_CHANNEL_CONTROL,
7945 .handler_count = ARRAY_SIZE(mgmt_handlers),
7946 .handlers = mgmt_handlers,
7947 .hdev_init = mgmt_init_hdev,
7948};
7949
7950int mgmt_init(void)
7951{
7952 return hci_mgmt_chan_register(&chan);
7953}
7954
7955void mgmt_exit(void)
7956{
7957 hci_mgmt_chan_unregister(&chan);
7958}
7959
