1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39#include "mgmt_config.h"
40#include "msft.h"
41
42#define MGMT_VERSION 1
43#define MGMT_REVISION 18
44
45static const u16 mgmt_commands[] = {
46 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_READ_INFO,
48 MGMT_OP_SET_POWERED,
49 MGMT_OP_SET_DISCOVERABLE,
50 MGMT_OP_SET_CONNECTABLE,
51 MGMT_OP_SET_FAST_CONNECTABLE,
52 MGMT_OP_SET_BONDABLE,
53 MGMT_OP_SET_LINK_SECURITY,
54 MGMT_OP_SET_SSP,
55 MGMT_OP_SET_HS,
56 MGMT_OP_SET_LE,
57 MGMT_OP_SET_DEV_CLASS,
58 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_ADD_UUID,
60 MGMT_OP_REMOVE_UUID,
61 MGMT_OP_LOAD_LINK_KEYS,
62 MGMT_OP_LOAD_LONG_TERM_KEYS,
63 MGMT_OP_DISCONNECT,
64 MGMT_OP_GET_CONNECTIONS,
65 MGMT_OP_PIN_CODE_REPLY,
66 MGMT_OP_PIN_CODE_NEG_REPLY,
67 MGMT_OP_SET_IO_CAPABILITY,
68 MGMT_OP_PAIR_DEVICE,
69 MGMT_OP_CANCEL_PAIR_DEVICE,
70 MGMT_OP_UNPAIR_DEVICE,
71 MGMT_OP_USER_CONFIRM_REPLY,
72 MGMT_OP_USER_CONFIRM_NEG_REPLY,
73 MGMT_OP_USER_PASSKEY_REPLY,
74 MGMT_OP_USER_PASSKEY_NEG_REPLY,
75 MGMT_OP_READ_LOCAL_OOB_DATA,
76 MGMT_OP_ADD_REMOTE_OOB_DATA,
77 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
78 MGMT_OP_START_DISCOVERY,
79 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_CONFIRM_NAME,
81 MGMT_OP_BLOCK_DEVICE,
82 MGMT_OP_UNBLOCK_DEVICE,
83 MGMT_OP_SET_DEVICE_ID,
84 MGMT_OP_SET_ADVERTISING,
85 MGMT_OP_SET_BREDR,
86 MGMT_OP_SET_STATIC_ADDRESS,
87 MGMT_OP_SET_SCAN_PARAMS,
88 MGMT_OP_SET_SECURE_CONN,
89 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_SET_PRIVACY,
91 MGMT_OP_LOAD_IRKS,
92 MGMT_OP_GET_CONN_INFO,
93 MGMT_OP_GET_CLOCK_INFO,
94 MGMT_OP_ADD_DEVICE,
95 MGMT_OP_REMOVE_DEVICE,
96 MGMT_OP_LOAD_CONN_PARAM,
97 MGMT_OP_READ_UNCONF_INDEX_LIST,
98 MGMT_OP_READ_CONFIG_INFO,
99 MGMT_OP_SET_EXTERNAL_CONFIG,
100 MGMT_OP_SET_PUBLIC_ADDRESS,
101 MGMT_OP_START_SERVICE_DISCOVERY,
102 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
103 MGMT_OP_READ_EXT_INDEX_LIST,
104 MGMT_OP_READ_ADV_FEATURES,
105 MGMT_OP_ADD_ADVERTISING,
106 MGMT_OP_REMOVE_ADVERTISING,
107 MGMT_OP_GET_ADV_SIZE_INFO,
108 MGMT_OP_START_LIMITED_DISCOVERY,
109 MGMT_OP_READ_EXT_INFO,
110 MGMT_OP_SET_APPEARANCE,
111 MGMT_OP_SET_BLOCKED_KEYS,
112 MGMT_OP_SET_WIDEBAND_SPEECH,
113 MGMT_OP_READ_SECURITY_INFO,
114 MGMT_OP_READ_EXP_FEATURES_INFO,
115 MGMT_OP_SET_EXP_FEATURE,
116 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
117 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
118 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
119 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
120 MGMT_OP_GET_DEVICE_FLAGS,
121 MGMT_OP_SET_DEVICE_FLAGS,
122 MGMT_OP_READ_ADV_MONITOR_FEATURES,
123 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
124 MGMT_OP_REMOVE_ADV_MONITOR,
125};
126
127static const u16 mgmt_events[] = {
128 MGMT_EV_CONTROLLER_ERROR,
129 MGMT_EV_INDEX_ADDED,
130 MGMT_EV_INDEX_REMOVED,
131 MGMT_EV_NEW_SETTINGS,
132 MGMT_EV_CLASS_OF_DEV_CHANGED,
133 MGMT_EV_LOCAL_NAME_CHANGED,
134 MGMT_EV_NEW_LINK_KEY,
135 MGMT_EV_NEW_LONG_TERM_KEY,
136 MGMT_EV_DEVICE_CONNECTED,
137 MGMT_EV_DEVICE_DISCONNECTED,
138 MGMT_EV_CONNECT_FAILED,
139 MGMT_EV_PIN_CODE_REQUEST,
140 MGMT_EV_USER_CONFIRM_REQUEST,
141 MGMT_EV_USER_PASSKEY_REQUEST,
142 MGMT_EV_AUTH_FAILED,
143 MGMT_EV_DEVICE_FOUND,
144 MGMT_EV_DISCOVERING,
145 MGMT_EV_DEVICE_BLOCKED,
146 MGMT_EV_DEVICE_UNBLOCKED,
147 MGMT_EV_DEVICE_UNPAIRED,
148 MGMT_EV_PASSKEY_NOTIFY,
149 MGMT_EV_NEW_IRK,
150 MGMT_EV_NEW_CSRK,
151 MGMT_EV_DEVICE_ADDED,
152 MGMT_EV_DEVICE_REMOVED,
153 MGMT_EV_NEW_CONN_PARAM,
154 MGMT_EV_UNCONF_INDEX_ADDED,
155 MGMT_EV_UNCONF_INDEX_REMOVED,
156 MGMT_EV_NEW_CONFIG_OPTIONS,
157 MGMT_EV_EXT_INDEX_ADDED,
158 MGMT_EV_EXT_INDEX_REMOVED,
159 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
160 MGMT_EV_ADVERTISING_ADDED,
161 MGMT_EV_ADVERTISING_REMOVED,
162 MGMT_EV_EXT_INFO_CHANGED,
163 MGMT_EV_PHY_CONFIGURATION_CHANGED,
164 MGMT_EV_EXP_FEATURE_CHANGED,
165 MGMT_EV_DEVICE_FLAGS_CHANGED,
166};
167
168static const u16 mgmt_untrusted_commands[] = {
169 MGMT_OP_READ_INDEX_LIST,
170 MGMT_OP_READ_INFO,
171 MGMT_OP_READ_UNCONF_INDEX_LIST,
172 MGMT_OP_READ_CONFIG_INFO,
173 MGMT_OP_READ_EXT_INDEX_LIST,
174 MGMT_OP_READ_EXT_INFO,
175 MGMT_OP_READ_SECURITY_INFO,
176 MGMT_OP_READ_EXP_FEATURES_INFO,
177 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
178 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
179};
180
181static const u16 mgmt_untrusted_events[] = {
182 MGMT_EV_INDEX_ADDED,
183 MGMT_EV_INDEX_REMOVED,
184 MGMT_EV_NEW_SETTINGS,
185 MGMT_EV_CLASS_OF_DEV_CHANGED,
186 MGMT_EV_LOCAL_NAME_CHANGED,
187 MGMT_EV_UNCONF_INDEX_ADDED,
188 MGMT_EV_UNCONF_INDEX_REMOVED,
189 MGMT_EV_NEW_CONFIG_OPTIONS,
190 MGMT_EV_EXT_INDEX_ADDED,
191 MGMT_EV_EXT_INDEX_REMOVED,
192 MGMT_EV_EXT_INFO_CHANGED,
193 MGMT_EV_EXP_FEATURE_CHANGED,
194 MGMT_EV_ADV_MONITOR_ADDED,
195 MGMT_EV_ADV_MONITOR_REMOVED,
196};
197
198#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
199
200#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
201 "\x00\x00\x00\x00\x00\x00\x00\x00"
202
203
204static const u8 mgmt_status_table[] = {
205 MGMT_STATUS_SUCCESS,
206 MGMT_STATUS_UNKNOWN_COMMAND,
207 MGMT_STATUS_NOT_CONNECTED,
208 MGMT_STATUS_FAILED,
209 MGMT_STATUS_CONNECT_FAILED,
210 MGMT_STATUS_AUTH_FAILED,
211 MGMT_STATUS_AUTH_FAILED,
212 MGMT_STATUS_NO_RESOURCES,
213 MGMT_STATUS_TIMEOUT,
214 MGMT_STATUS_NO_RESOURCES,
215 MGMT_STATUS_NO_RESOURCES,
216 MGMT_STATUS_ALREADY_CONNECTED,
217 MGMT_STATUS_BUSY,
218 MGMT_STATUS_NO_RESOURCES,
219 MGMT_STATUS_REJECTED,
220 MGMT_STATUS_REJECTED,
221 MGMT_STATUS_TIMEOUT,
222 MGMT_STATUS_NOT_SUPPORTED,
223 MGMT_STATUS_INVALID_PARAMS,
224 MGMT_STATUS_DISCONNECTED,
225 MGMT_STATUS_NO_RESOURCES,
226 MGMT_STATUS_DISCONNECTED,
227 MGMT_STATUS_DISCONNECTED,
228 MGMT_STATUS_BUSY,
229 MGMT_STATUS_REJECTED,
230 MGMT_STATUS_FAILED,
231 MGMT_STATUS_NOT_SUPPORTED,
232 MGMT_STATUS_REJECTED,
233 MGMT_STATUS_REJECTED,
234 MGMT_STATUS_REJECTED,
235 MGMT_STATUS_INVALID_PARAMS,
236 MGMT_STATUS_FAILED,
237 MGMT_STATUS_NOT_SUPPORTED,
238 MGMT_STATUS_FAILED,
239 MGMT_STATUS_TIMEOUT,
240 MGMT_STATUS_FAILED,
241 MGMT_STATUS_FAILED,
242 MGMT_STATUS_REJECTED,
243 MGMT_STATUS_FAILED,
244 MGMT_STATUS_NOT_SUPPORTED,
245 MGMT_STATUS_TIMEOUT,
246 MGMT_STATUS_NOT_SUPPORTED,
247 MGMT_STATUS_FAILED,
248 MGMT_STATUS_INVALID_PARAMS,
249 MGMT_STATUS_REJECTED,
250 MGMT_STATUS_NOT_SUPPORTED,
251 MGMT_STATUS_REJECTED,
252 MGMT_STATUS_INVALID_PARAMS,
253 MGMT_STATUS_BUSY,
254 MGMT_STATUS_FAILED,
255 MGMT_STATUS_FAILED,
256 MGMT_STATUS_INVALID_PARAMS,
257 MGMT_STATUS_NOT_SUPPORTED,
258 MGMT_STATUS_BUSY,
259 MGMT_STATUS_REJECTED,
260 MGMT_STATUS_BUSY,
261 MGMT_STATUS_INVALID_PARAMS,
262 MGMT_STATUS_TIMEOUT,
263 MGMT_STATUS_AUTH_FAILED,
264 MGMT_STATUS_CONNECT_FAILED,
265 MGMT_STATUS_CONNECT_FAILED,
266};
267
268static u8 mgmt_status(u8 hci_status)
269{
270 if (hci_status < ARRAY_SIZE(mgmt_status_table))
271 return mgmt_status_table[hci_status];
272
273 return MGMT_STATUS_FAILED;
274}
275
276static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
277 u16 len, int flag)
278{
279 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
280 flag, NULL);
281}
282
283static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
284 u16 len, int flag, struct sock *skip_sk)
285{
286 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
287 flag, skip_sk);
288}
289
290static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
291 struct sock *skip_sk)
292{
293 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
294 HCI_SOCK_TRUSTED, skip_sk);
295}
296
297static u8 le_addr_type(u8 mgmt_addr_type)
298{
299 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
300 return ADDR_LE_DEV_PUBLIC;
301 else
302 return ADDR_LE_DEV_RANDOM;
303}
304
305void mgmt_fill_version_info(void *ver)
306{
307 struct mgmt_rp_read_version *rp = ver;
308
309 rp->version = MGMT_VERSION;
310 rp->revision = cpu_to_le16(MGMT_REVISION);
311}
312
313static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
315{
316 struct mgmt_rp_read_version rp;
317
318 bt_dev_dbg(hdev, "sock %p", sk);
319
320 mgmt_fill_version_info(&rp);
321
322 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
323 &rp, sizeof(rp));
324}
325
326static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
328{
329 struct mgmt_rp_read_commands *rp;
330 u16 num_commands, num_events;
331 size_t rp_size;
332 int i, err;
333
334 bt_dev_dbg(hdev, "sock %p", sk);
335
336 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
337 num_commands = ARRAY_SIZE(mgmt_commands);
338 num_events = ARRAY_SIZE(mgmt_events);
339 } else {
340 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
341 num_events = ARRAY_SIZE(mgmt_untrusted_events);
342 }
343
344 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
345
346 rp = kmalloc(rp_size, GFP_KERNEL);
347 if (!rp)
348 return -ENOMEM;
349
350 rp->num_commands = cpu_to_le16(num_commands);
351 rp->num_events = cpu_to_le16(num_events);
352
353 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
354 __le16 *opcode = rp->opcodes;
355
356 for (i = 0; i < num_commands; i++, opcode++)
357 put_unaligned_le16(mgmt_commands[i], opcode);
358
359 for (i = 0; i < num_events; i++, opcode++)
360 put_unaligned_le16(mgmt_events[i], opcode);
361 } else {
362 __le16 *opcode = rp->opcodes;
363
364 for (i = 0; i < num_commands; i++, opcode++)
365 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
366
367 for (i = 0; i < num_events; i++, opcode++)
368 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
369 }
370
371 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
372 rp, rp_size);
373 kfree(rp);
374
375 return err;
376}
377
378static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
379 u16 data_len)
380{
381 struct mgmt_rp_read_index_list *rp;
382 struct hci_dev *d;
383 size_t rp_len;
384 u16 count;
385 int err;
386
387 bt_dev_dbg(hdev, "sock %p", sk);
388
389 read_lock(&hci_dev_list_lock);
390
391 count = 0;
392 list_for_each_entry(d, &hci_dev_list, list) {
393 if (d->dev_type == HCI_PRIMARY &&
394 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
395 count++;
396 }
397
398 rp_len = sizeof(*rp) + (2 * count);
399 rp = kmalloc(rp_len, GFP_ATOMIC);
400 if (!rp) {
401 read_unlock(&hci_dev_list_lock);
402 return -ENOMEM;
403 }
404
405 count = 0;
406 list_for_each_entry(d, &hci_dev_list, list) {
407 if (hci_dev_test_flag(d, HCI_SETUP) ||
408 hci_dev_test_flag(d, HCI_CONFIG) ||
409 hci_dev_test_flag(d, HCI_USER_CHANNEL))
410 continue;
411
412
413
414
415 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
416 continue;
417
418 if (d->dev_type == HCI_PRIMARY &&
419 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
420 rp->index[count++] = cpu_to_le16(d->id);
421 bt_dev_dbg(hdev, "Added hci%u", d->id);
422 }
423 }
424
425 rp->num_controllers = cpu_to_le16(count);
426 rp_len = sizeof(*rp) + (2 * count);
427
428 read_unlock(&hci_dev_list_lock);
429
430 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
431 0, rp, rp_len);
432
433 kfree(rp);
434
435 return err;
436}
437
438static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
439 void *data, u16 data_len)
440{
441 struct mgmt_rp_read_unconf_index_list *rp;
442 struct hci_dev *d;
443 size_t rp_len;
444 u16 count;
445 int err;
446
447 bt_dev_dbg(hdev, "sock %p", sk);
448
449 read_lock(&hci_dev_list_lock);
450
451 count = 0;
452 list_for_each_entry(d, &hci_dev_list, list) {
453 if (d->dev_type == HCI_PRIMARY &&
454 hci_dev_test_flag(d, HCI_UNCONFIGURED))
455 count++;
456 }
457
458 rp_len = sizeof(*rp) + (2 * count);
459 rp = kmalloc(rp_len, GFP_ATOMIC);
460 if (!rp) {
461 read_unlock(&hci_dev_list_lock);
462 return -ENOMEM;
463 }
464
465 count = 0;
466 list_for_each_entry(d, &hci_dev_list, list) {
467 if (hci_dev_test_flag(d, HCI_SETUP) ||
468 hci_dev_test_flag(d, HCI_CONFIG) ||
469 hci_dev_test_flag(d, HCI_USER_CHANNEL))
470 continue;
471
472
473
474
475 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
476 continue;
477
478 if (d->dev_type == HCI_PRIMARY &&
479 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
480 rp->index[count++] = cpu_to_le16(d->id);
481 bt_dev_dbg(hdev, "Added hci%u", d->id);
482 }
483 }
484
485 rp->num_controllers = cpu_to_le16(count);
486 rp_len = sizeof(*rp) + (2 * count);
487
488 read_unlock(&hci_dev_list_lock);
489
490 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
491 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
492
493 kfree(rp);
494
495 return err;
496}
497
498static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
499 void *data, u16 data_len)
500{
501 struct mgmt_rp_read_ext_index_list *rp;
502 struct hci_dev *d;
503 u16 count;
504 int err;
505
506 bt_dev_dbg(hdev, "sock %p", sk);
507
508 read_lock(&hci_dev_list_lock);
509
510 count = 0;
511 list_for_each_entry(d, &hci_dev_list, list) {
512 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
513 count++;
514 }
515
516 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
517 if (!rp) {
518 read_unlock(&hci_dev_list_lock);
519 return -ENOMEM;
520 }
521
522 count = 0;
523 list_for_each_entry(d, &hci_dev_list, list) {
524 if (hci_dev_test_flag(d, HCI_SETUP) ||
525 hci_dev_test_flag(d, HCI_CONFIG) ||
526 hci_dev_test_flag(d, HCI_USER_CHANNEL))
527 continue;
528
529
530
531
532 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
533 continue;
534
535 if (d->dev_type == HCI_PRIMARY) {
536 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
537 rp->entry[count].type = 0x01;
538 else
539 rp->entry[count].type = 0x00;
540 } else if (d->dev_type == HCI_AMP) {
541 rp->entry[count].type = 0x02;
542 } else {
543 continue;
544 }
545
546 rp->entry[count].bus = d->bus;
547 rp->entry[count++].index = cpu_to_le16(d->id);
548 bt_dev_dbg(hdev, "Added hci%u", d->id);
549 }
550
551 rp->num_controllers = cpu_to_le16(count);
552
553 read_unlock(&hci_dev_list_lock);
554
555
556
557
558
559 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
560 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
561 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
562
563 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
564 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
565 struct_size(rp, entry, count));
566
567 kfree(rp);
568
569 return err;
570}
571
572static bool is_configured(struct hci_dev *hdev)
573{
574 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
575 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
576 return false;
577
578 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
579 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
580 !bacmp(&hdev->public_addr, BDADDR_ANY))
581 return false;
582
583 return true;
584}
585
586static __le32 get_missing_options(struct hci_dev *hdev)
587{
588 u32 options = 0;
589
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
591 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
592 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593
594 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
595 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
596 !bacmp(&hdev->public_addr, BDADDR_ANY))
597 options |= MGMT_OPTION_PUBLIC_ADDRESS;
598
599 return cpu_to_le32(options);
600}
601
602static int new_options(struct hci_dev *hdev, struct sock *skip)
603{
604 __le32 options = get_missing_options(hdev);
605
606 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
607 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
608}
609
610static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
611{
612 __le32 options = get_missing_options(hdev);
613
614 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
615 sizeof(options));
616}
617
618static int read_config_info(struct sock *sk, struct hci_dev *hdev,
619 void *data, u16 data_len)
620{
621 struct mgmt_rp_read_config_info rp;
622 u32 options = 0;
623
624 bt_dev_dbg(hdev, "sock %p", sk);
625
626 hci_dev_lock(hdev);
627
628 memset(&rp, 0, sizeof(rp));
629 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
630
631 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
632 options |= MGMT_OPTION_EXTERNAL_CONFIG;
633
634 if (hdev->set_bdaddr)
635 options |= MGMT_OPTION_PUBLIC_ADDRESS;
636
637 rp.supported_options = cpu_to_le32(options);
638 rp.missing_options = get_missing_options(hdev);
639
640 hci_dev_unlock(hdev);
641
642 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
643 &rp, sizeof(rp));
644}
645
646static u32 get_supported_phys(struct hci_dev *hdev)
647{
648 u32 supported_phys = 0;
649
650 if (lmp_bredr_capable(hdev)) {
651 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
652
653 if (hdev->features[0][0] & LMP_3SLOT)
654 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
655
656 if (hdev->features[0][0] & LMP_5SLOT)
657 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
658
659 if (lmp_edr_2m_capable(hdev)) {
660 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
661
662 if (lmp_edr_3slot_capable(hdev))
663 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
664
665 if (lmp_edr_5slot_capable(hdev))
666 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
667
668 if (lmp_edr_3m_capable(hdev)) {
669 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
670
671 if (lmp_edr_3slot_capable(hdev))
672 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
673
674 if (lmp_edr_5slot_capable(hdev))
675 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
676 }
677 }
678 }
679
680 if (lmp_le_capable(hdev)) {
681 supported_phys |= MGMT_PHY_LE_1M_TX;
682 supported_phys |= MGMT_PHY_LE_1M_RX;
683
684 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
685 supported_phys |= MGMT_PHY_LE_2M_TX;
686 supported_phys |= MGMT_PHY_LE_2M_RX;
687 }
688
689 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
690 supported_phys |= MGMT_PHY_LE_CODED_TX;
691 supported_phys |= MGMT_PHY_LE_CODED_RX;
692 }
693 }
694
695 return supported_phys;
696}
697
698static u32 get_selected_phys(struct hci_dev *hdev)
699{
700 u32 selected_phys = 0;
701
702 if (lmp_bredr_capable(hdev)) {
703 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
704
705 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
706 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
707
708 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
709 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
710
711 if (lmp_edr_2m_capable(hdev)) {
712 if (!(hdev->pkt_type & HCI_2DH1))
713 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
714
715 if (lmp_edr_3slot_capable(hdev) &&
716 !(hdev->pkt_type & HCI_2DH3))
717 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
718
719 if (lmp_edr_5slot_capable(hdev) &&
720 !(hdev->pkt_type & HCI_2DH5))
721 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
722
723 if (lmp_edr_3m_capable(hdev)) {
724 if (!(hdev->pkt_type & HCI_3DH1))
725 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
726
727 if (lmp_edr_3slot_capable(hdev) &&
728 !(hdev->pkt_type & HCI_3DH3))
729 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
730
731 if (lmp_edr_5slot_capable(hdev) &&
732 !(hdev->pkt_type & HCI_3DH5))
733 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
734 }
735 }
736 }
737
738 if (lmp_le_capable(hdev)) {
739 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
740 selected_phys |= MGMT_PHY_LE_1M_TX;
741
742 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
743 selected_phys |= MGMT_PHY_LE_1M_RX;
744
745 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
746 selected_phys |= MGMT_PHY_LE_2M_TX;
747
748 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
749 selected_phys |= MGMT_PHY_LE_2M_RX;
750
751 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
752 selected_phys |= MGMT_PHY_LE_CODED_TX;
753
754 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
755 selected_phys |= MGMT_PHY_LE_CODED_RX;
756 }
757
758 return selected_phys;
759}
760
761static u32 get_configurable_phys(struct hci_dev *hdev)
762{
763 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
764 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
765}
766
767static u32 get_supported_settings(struct hci_dev *hdev)
768{
769 u32 settings = 0;
770
771 settings |= MGMT_SETTING_POWERED;
772 settings |= MGMT_SETTING_BONDABLE;
773 settings |= MGMT_SETTING_DEBUG_KEYS;
774 settings |= MGMT_SETTING_CONNECTABLE;
775 settings |= MGMT_SETTING_DISCOVERABLE;
776
777 if (lmp_bredr_capable(hdev)) {
778 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
779 settings |= MGMT_SETTING_FAST_CONNECTABLE;
780 settings |= MGMT_SETTING_BREDR;
781 settings |= MGMT_SETTING_LINK_SECURITY;
782
783 if (lmp_ssp_capable(hdev)) {
784 settings |= MGMT_SETTING_SSP;
785 settings |= MGMT_SETTING_HS;
786 }
787
788 if (lmp_sc_capable(hdev))
789 settings |= MGMT_SETTING_SECURE_CONN;
790
791 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
792 &hdev->quirks))
793 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
794 }
795
796 if (lmp_le_capable(hdev)) {
797 settings |= MGMT_SETTING_LE;
798 settings |= MGMT_SETTING_SECURE_CONN;
799 settings |= MGMT_SETTING_PRIVACY;
800 settings |= MGMT_SETTING_STATIC_ADDRESS;
801
802
803
804
805 if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
806 settings |= MGMT_SETTING_ADVERTISING;
807 }
808
809 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
810 hdev->set_bdaddr)
811 settings |= MGMT_SETTING_CONFIGURATION;
812
813 settings |= MGMT_SETTING_PHY_CONFIGURATION;
814
815 return settings;
816}
817
818static u32 get_current_settings(struct hci_dev *hdev)
819{
820 u32 settings = 0;
821
822 if (hdev_is_powered(hdev))
823 settings |= MGMT_SETTING_POWERED;
824
825 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
826 settings |= MGMT_SETTING_CONNECTABLE;
827
828 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
829 settings |= MGMT_SETTING_FAST_CONNECTABLE;
830
831 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
832 settings |= MGMT_SETTING_DISCOVERABLE;
833
834 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
835 settings |= MGMT_SETTING_BONDABLE;
836
837 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
838 settings |= MGMT_SETTING_BREDR;
839
840 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
841 settings |= MGMT_SETTING_LE;
842
843 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
844 settings |= MGMT_SETTING_LINK_SECURITY;
845
846 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
847 settings |= MGMT_SETTING_SSP;
848
849 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
850 settings |= MGMT_SETTING_HS;
851
852 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
853 settings |= MGMT_SETTING_ADVERTISING;
854
855 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
856 settings |= MGMT_SETTING_SECURE_CONN;
857
858 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
859 settings |= MGMT_SETTING_DEBUG_KEYS;
860
861 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
862 settings |= MGMT_SETTING_PRIVACY;
863
864
865
866
867
868
869
870
871
872
873
874
875
876 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
877 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
878 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
879 if (bacmp(&hdev->static_addr, BDADDR_ANY))
880 settings |= MGMT_SETTING_STATIC_ADDRESS;
881 }
882
883 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
884 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
885
886 return settings;
887}
888
889static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
890{
891 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
892}
893
894static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
895 struct hci_dev *hdev,
896 const void *data)
897{
898 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
899}
900
901u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
902{
903 struct mgmt_pending_cmd *cmd;
904
905
906
907
908 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
909 if (cmd) {
910 struct mgmt_mode *cp = cmd->param;
911 if (cp->val == 0x01)
912 return LE_AD_GENERAL;
913 else if (cp->val == 0x02)
914 return LE_AD_LIMITED;
915 } else {
916 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
917 return LE_AD_LIMITED;
918 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
919 return LE_AD_GENERAL;
920 }
921
922 return 0;
923}
924
925bool mgmt_get_connectable(struct hci_dev *hdev)
926{
927 struct mgmt_pending_cmd *cmd;
928
929
930
931
932 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
933 if (cmd) {
934 struct mgmt_mode *cp = cmd->param;
935
936 return cp->val;
937 }
938
939 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
940}
941
942static void service_cache_off(struct work_struct *work)
943{
944 struct hci_dev *hdev = container_of(work, struct hci_dev,
945 service_cache.work);
946 struct hci_request req;
947
948 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
949 return;
950
951 hci_req_init(&req, hdev);
952
953 hci_dev_lock(hdev);
954
955 __hci_req_update_eir(&req);
956 __hci_req_update_class(&req);
957
958 hci_dev_unlock(hdev);
959
960 hci_req_run(&req, NULL);
961}
962
963static void rpa_expired(struct work_struct *work)
964{
965 struct hci_dev *hdev = container_of(work, struct hci_dev,
966 rpa_expired.work);
967 struct hci_request req;
968
969 bt_dev_dbg(hdev, "");
970
971 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
972
973 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
974 return;
975
976
977
978
979
980 hci_req_init(&req, hdev);
981 if (ext_adv_capable(hdev))
982 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
983 else
984 __hci_req_enable_advertising(&req);
985 hci_req_run(&req, NULL);
986}
987
988static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
989{
990 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
991 return;
992
993 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
994 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
995
996
997
998
999
1000
1001 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1002}
1003
1004static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1005 void *data, u16 data_len)
1006{
1007 struct mgmt_rp_read_info rp;
1008
1009 bt_dev_dbg(hdev, "sock %p", sk);
1010
1011 hci_dev_lock(hdev);
1012
1013 memset(&rp, 0, sizeof(rp));
1014
1015 bacpy(&rp.bdaddr, &hdev->bdaddr);
1016
1017 rp.version = hdev->hci_ver;
1018 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1019
1020 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1021 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1022
1023 memcpy(rp.dev_class, hdev->dev_class, 3);
1024
1025 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1026 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1027
1028 hci_dev_unlock(hdev);
1029
1030 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1031 sizeof(rp));
1032}
1033
1034static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1035{
1036 u16 eir_len = 0;
1037 size_t name_len;
1038
1039 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1040 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1041 hdev->dev_class, 3);
1042
1043 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1044 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1045 hdev->appearance);
1046
1047 name_len = strlen(hdev->dev_name);
1048 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1049 hdev->dev_name, name_len);
1050
1051 name_len = strlen(hdev->short_name);
1052 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1053 hdev->short_name, name_len);
1054
1055 return eir_len;
1056}
1057
1058static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1059 void *data, u16 data_len)
1060{
1061 char buf[512];
1062 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1063 u16 eir_len;
1064
1065 bt_dev_dbg(hdev, "sock %p", sk);
1066
1067 memset(&buf, 0, sizeof(buf));
1068
1069 hci_dev_lock(hdev);
1070
1071 bacpy(&rp->bdaddr, &hdev->bdaddr);
1072
1073 rp->version = hdev->hci_ver;
1074 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1075
1076 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1077 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1078
1079
1080 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1081 rp->eir_len = cpu_to_le16(eir_len);
1082
1083 hci_dev_unlock(hdev);
1084
1085
1086
1087
1088
1089
1090 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1091 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1092 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1093
1094 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1095 sizeof(*rp) + eir_len);
1096}
1097
1098static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1099{
1100 char buf[512];
1101 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1102 u16 eir_len;
1103
1104 memset(buf, 0, sizeof(buf));
1105
1106 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1107 ev->eir_len = cpu_to_le16(eir_len);
1108
1109 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1110 sizeof(*ev) + eir_len,
1111 HCI_MGMT_EXT_INFO_EVENTS, skip);
1112}
1113
1114static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1115{
1116 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1117
1118 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1119 sizeof(settings));
1120}
1121
1122static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1123{
1124 bt_dev_dbg(hdev, "status 0x%02x", status);
1125
1126 if (hci_conn_count(hdev) == 0) {
1127 cancel_delayed_work(&hdev->power_off);
1128 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1129 }
1130}
1131
1132void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1133{
1134 struct mgmt_ev_advertising_added ev;
1135
1136 ev.instance = instance;
1137
1138 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1139}
1140
1141void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1142 u8 instance)
1143{
1144 struct mgmt_ev_advertising_removed ev;
1145
1146 ev.instance = instance;
1147
1148 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1149}
1150
1151static void cancel_adv_timeout(struct hci_dev *hdev)
1152{
1153 if (hdev->adv_instance_timeout) {
1154 hdev->adv_instance_timeout = 0;
1155 cancel_delayed_work(&hdev->adv_instance_expire);
1156 }
1157}
1158
1159static int clean_up_hci_state(struct hci_dev *hdev)
1160{
1161 struct hci_request req;
1162 struct hci_conn *conn;
1163 bool discov_stopped;
1164 int err;
1165
1166 hci_req_init(&req, hdev);
1167
1168 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1169 test_bit(HCI_PSCAN, &hdev->flags)) {
1170 u8 scan = 0x00;
1171 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1172 }
1173
1174 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1175
1176 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1177 __hci_req_disable_advertising(&req);
1178
1179 discov_stopped = hci_req_stop_discovery(&req);
1180
1181 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1182
1183 __hci_abort_conn(&req, conn, 0x15);
1184 }
1185
1186 err = hci_req_run(&req, clean_up_hci_complete);
1187 if (!err && discov_stopped)
1188 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1189
1190 return err;
1191}
1192
1193static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1194 u16 len)
1195{
1196 struct mgmt_mode *cp = data;
1197 struct mgmt_pending_cmd *cmd;
1198 int err;
1199
1200 bt_dev_dbg(hdev, "sock %p", sk);
1201
1202 if (cp->val != 0x00 && cp->val != 0x01)
1203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1204 MGMT_STATUS_INVALID_PARAMS);
1205
1206 hci_dev_lock(hdev);
1207
1208 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1210 MGMT_STATUS_BUSY);
1211 goto failed;
1212 }
1213
1214 if (!!cp->val == hdev_is_powered(hdev)) {
1215 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1216 goto failed;
1217 }
1218
1219 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1220 if (!cmd) {
1221 err = -ENOMEM;
1222 goto failed;
1223 }
1224
1225 if (cp->val) {
1226 queue_work(hdev->req_workqueue, &hdev->power_on);
1227 err = 0;
1228 } else {
1229
1230 err = clean_up_hci_state(hdev);
1231 if (!err)
1232 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1233 HCI_POWER_OFF_TIMEOUT);
1234
1235
1236 if (err == -ENODATA) {
1237 cancel_delayed_work(&hdev->power_off);
1238 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1239 err = 0;
1240 }
1241 }
1242
1243failed:
1244 hci_dev_unlock(hdev);
1245 return err;
1246}
1247
1248static int new_settings(struct hci_dev *hdev, struct sock *skip)
1249{
1250 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1251
1252 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1253 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1254}
1255
1256int mgmt_new_settings(struct hci_dev *hdev)
1257{
1258 return new_settings(hdev, NULL);
1259}
1260
1261struct cmd_lookup {
1262 struct sock *sk;
1263 struct hci_dev *hdev;
1264 u8 mgmt_status;
1265};
1266
1267static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1268{
1269 struct cmd_lookup *match = data;
1270
1271 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1272
1273 list_del(&cmd->list);
1274
1275 if (match->sk == NULL) {
1276 match->sk = cmd->sk;
1277 sock_hold(match->sk);
1278 }
1279
1280 mgmt_pending_free(cmd);
1281}
1282
1283static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1284{
1285 u8 *status = data;
1286
1287 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1288 mgmt_pending_remove(cmd);
1289}
1290
1291static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1292{
1293 if (cmd->cmd_complete) {
1294 u8 *status = data;
1295
1296 cmd->cmd_complete(cmd, *status);
1297 mgmt_pending_remove(cmd);
1298
1299 return;
1300 }
1301
1302 cmd_status_rsp(cmd, data);
1303}
1304
1305static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1306{
1307 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1308 cmd->param, cmd->param_len);
1309}
1310
1311static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1312{
1313 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1314 cmd->param, sizeof(struct mgmt_addr_info));
1315}
1316
1317static u8 mgmt_bredr_support(struct hci_dev *hdev)
1318{
1319 if (!lmp_bredr_capable(hdev))
1320 return MGMT_STATUS_NOT_SUPPORTED;
1321 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1322 return MGMT_STATUS_REJECTED;
1323 else
1324 return MGMT_STATUS_SUCCESS;
1325}
1326
1327static u8 mgmt_le_support(struct hci_dev *hdev)
1328{
1329 if (!lmp_le_capable(hdev))
1330 return MGMT_STATUS_NOT_SUPPORTED;
1331 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1332 return MGMT_STATUS_REJECTED;
1333 else
1334 return MGMT_STATUS_SUCCESS;
1335}
1336
1337void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1338{
1339 struct mgmt_pending_cmd *cmd;
1340
1341 bt_dev_dbg(hdev, "status 0x%02x", status);
1342
1343 hci_dev_lock(hdev);
1344
1345 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1346 if (!cmd)
1347 goto unlock;
1348
1349 if (status) {
1350 u8 mgmt_err = mgmt_status(status);
1351 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1352 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1353 goto remove_cmd;
1354 }
1355
1356 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1357 hdev->discov_timeout > 0) {
1358 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1359 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1360 }
1361
1362 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1363 new_settings(hdev, cmd->sk);
1364
1365remove_cmd:
1366 mgmt_pending_remove(cmd);
1367
1368unlock:
1369 hci_dev_unlock(hdev);
1370}
1371
1372static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1373 u16 len)
1374{
1375 struct mgmt_cp_set_discoverable *cp = data;
1376 struct mgmt_pending_cmd *cmd;
1377 u16 timeout;
1378 int err;
1379
1380 bt_dev_dbg(hdev, "sock %p", sk);
1381
1382 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1383 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1384 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1385 MGMT_STATUS_REJECTED);
1386
1387 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1388 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1389 MGMT_STATUS_INVALID_PARAMS);
1390
1391 timeout = __le16_to_cpu(cp->timeout);
1392
1393
1394
1395
1396 if ((cp->val == 0x00 && timeout > 0) ||
1397 (cp->val == 0x02 && timeout == 0))
1398 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1399 MGMT_STATUS_INVALID_PARAMS);
1400
1401 hci_dev_lock(hdev);
1402
1403 if (!hdev_is_powered(hdev) && timeout > 0) {
1404 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1405 MGMT_STATUS_NOT_POWERED);
1406 goto failed;
1407 }
1408
1409 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1410 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1411 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1412 MGMT_STATUS_BUSY);
1413 goto failed;
1414 }
1415
1416 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1418 MGMT_STATUS_REJECTED);
1419 goto failed;
1420 }
1421
1422 if (hdev->advertising_paused) {
1423 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1424 MGMT_STATUS_BUSY);
1425 goto failed;
1426 }
1427
1428 if (!hdev_is_powered(hdev)) {
1429 bool changed = false;
1430
1431
1432
1433
1434
1435 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1436 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1437 changed = true;
1438 }
1439
1440 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1441 if (err < 0)
1442 goto failed;
1443
1444 if (changed)
1445 err = new_settings(hdev, sk);
1446
1447 goto failed;
1448 }
1449
1450
1451
1452
1453
1454 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1455 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1456 HCI_LIMITED_DISCOVERABLE)) {
1457 cancel_delayed_work(&hdev->discov_off);
1458 hdev->discov_timeout = timeout;
1459
1460 if (cp->val && hdev->discov_timeout > 0) {
1461 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1462 queue_delayed_work(hdev->req_workqueue,
1463 &hdev->discov_off, to);
1464 }
1465
1466 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1467 goto failed;
1468 }
1469
1470 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1471 if (!cmd) {
1472 err = -ENOMEM;
1473 goto failed;
1474 }
1475
1476
1477
1478
1479
1480 cancel_delayed_work(&hdev->discov_off);
1481 hdev->discov_timeout = timeout;
1482
1483 if (cp->val)
1484 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1485 else
1486 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1487
1488
1489 if (cp->val == 0x02)
1490 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1491 else
1492 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1493
1494 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1495 err = 0;
1496
1497failed:
1498 hci_dev_unlock(hdev);
1499 return err;
1500}
1501
1502void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1503{
1504 struct mgmt_pending_cmd *cmd;
1505
1506 bt_dev_dbg(hdev, "status 0x%02x", status);
1507
1508 hci_dev_lock(hdev);
1509
1510 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1511 if (!cmd)
1512 goto unlock;
1513
1514 if (status) {
1515 u8 mgmt_err = mgmt_status(status);
1516 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1517 goto remove_cmd;
1518 }
1519
1520 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1521 new_settings(hdev, cmd->sk);
1522
1523remove_cmd:
1524 mgmt_pending_remove(cmd);
1525
1526unlock:
1527 hci_dev_unlock(hdev);
1528}
1529
1530static int set_connectable_update_settings(struct hci_dev *hdev,
1531 struct sock *sk, u8 val)
1532{
1533 bool changed = false;
1534 int err;
1535
1536 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1537 changed = true;
1538
1539 if (val) {
1540 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1541 } else {
1542 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1543 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1544 }
1545
1546 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1547 if (err < 0)
1548 return err;
1549
1550 if (changed) {
1551 hci_req_update_scan(hdev);
1552 hci_update_background_scan(hdev);
1553 return new_settings(hdev, sk);
1554 }
1555
1556 return 0;
1557}
1558
1559static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1560 u16 len)
1561{
1562 struct mgmt_mode *cp = data;
1563 struct mgmt_pending_cmd *cmd;
1564 int err;
1565
1566 bt_dev_dbg(hdev, "sock %p", sk);
1567
1568 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1569 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1571 MGMT_STATUS_REJECTED);
1572
1573 if (cp->val != 0x00 && cp->val != 0x01)
1574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1575 MGMT_STATUS_INVALID_PARAMS);
1576
1577 hci_dev_lock(hdev);
1578
1579 if (!hdev_is_powered(hdev)) {
1580 err = set_connectable_update_settings(hdev, sk, cp->val);
1581 goto failed;
1582 }
1583
1584 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1585 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1587 MGMT_STATUS_BUSY);
1588 goto failed;
1589 }
1590
1591 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1592 if (!cmd) {
1593 err = -ENOMEM;
1594 goto failed;
1595 }
1596
1597 if (cp->val) {
1598 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1599 } else {
1600 if (hdev->discov_timeout > 0)
1601 cancel_delayed_work(&hdev->discov_off);
1602
1603 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1604 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1605 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1606 }
1607
1608 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1609 err = 0;
1610
1611failed:
1612 hci_dev_unlock(hdev);
1613 return err;
1614}
1615
1616static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1617 u16 len)
1618{
1619 struct mgmt_mode *cp = data;
1620 bool changed;
1621 int err;
1622
1623 bt_dev_dbg(hdev, "sock %p", sk);
1624
1625 if (cp->val != 0x00 && cp->val != 0x01)
1626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1627 MGMT_STATUS_INVALID_PARAMS);
1628
1629 hci_dev_lock(hdev);
1630
1631 if (cp->val)
1632 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1633 else
1634 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1635
1636 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1637 if (err < 0)
1638 goto unlock;
1639
1640 if (changed) {
1641
1642
1643
1644 if (hdev_is_powered(hdev) &&
1645 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1646 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1647 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1648 queue_work(hdev->req_workqueue,
1649 &hdev->discoverable_update);
1650
1651 err = new_settings(hdev, sk);
1652 }
1653
1654unlock:
1655 hci_dev_unlock(hdev);
1656 return err;
1657}
1658
1659static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1660 u16 len)
1661{
1662 struct mgmt_mode *cp = data;
1663 struct mgmt_pending_cmd *cmd;
1664 u8 val, status;
1665 int err;
1666
1667 bt_dev_dbg(hdev, "sock %p", sk);
1668
1669 status = mgmt_bredr_support(hdev);
1670 if (status)
1671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1672 status);
1673
1674 if (cp->val != 0x00 && cp->val != 0x01)
1675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1676 MGMT_STATUS_INVALID_PARAMS);
1677
1678 hci_dev_lock(hdev);
1679
1680 if (!hdev_is_powered(hdev)) {
1681 bool changed = false;
1682
1683 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1684 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1685 changed = true;
1686 }
1687
1688 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1689 if (err < 0)
1690 goto failed;
1691
1692 if (changed)
1693 err = new_settings(hdev, sk);
1694
1695 goto failed;
1696 }
1697
1698 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1699 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1700 MGMT_STATUS_BUSY);
1701 goto failed;
1702 }
1703
1704 val = !!cp->val;
1705
1706 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1707 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1708 goto failed;
1709 }
1710
1711 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1712 if (!cmd) {
1713 err = -ENOMEM;
1714 goto failed;
1715 }
1716
1717 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1718 if (err < 0) {
1719 mgmt_pending_remove(cmd);
1720 goto failed;
1721 }
1722
1723failed:
1724 hci_dev_unlock(hdev);
1725 return err;
1726}
1727
1728static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1729{
1730 struct mgmt_mode *cp = data;
1731 struct mgmt_pending_cmd *cmd;
1732 u8 status;
1733 int err;
1734
1735 bt_dev_dbg(hdev, "sock %p", sk);
1736
1737 status = mgmt_bredr_support(hdev);
1738 if (status)
1739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1740
1741 if (!lmp_ssp_capable(hdev))
1742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1743 MGMT_STATUS_NOT_SUPPORTED);
1744
1745 if (cp->val != 0x00 && cp->val != 0x01)
1746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1747 MGMT_STATUS_INVALID_PARAMS);
1748
1749 hci_dev_lock(hdev);
1750
1751 if (!hdev_is_powered(hdev)) {
1752 bool changed;
1753
1754 if (cp->val) {
1755 changed = !hci_dev_test_and_set_flag(hdev,
1756 HCI_SSP_ENABLED);
1757 } else {
1758 changed = hci_dev_test_and_clear_flag(hdev,
1759 HCI_SSP_ENABLED);
1760 if (!changed)
1761 changed = hci_dev_test_and_clear_flag(hdev,
1762 HCI_HS_ENABLED);
1763 else
1764 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1765 }
1766
1767 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1768 if (err < 0)
1769 goto failed;
1770
1771 if (changed)
1772 err = new_settings(hdev, sk);
1773
1774 goto failed;
1775 }
1776
1777 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1778 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1779 MGMT_STATUS_BUSY);
1780 goto failed;
1781 }
1782
1783 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1784 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1785 goto failed;
1786 }
1787
1788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1789 if (!cmd) {
1790 err = -ENOMEM;
1791 goto failed;
1792 }
1793
1794 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1795 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1796 sizeof(cp->val), &cp->val);
1797
1798 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1799 if (err < 0) {
1800 mgmt_pending_remove(cmd);
1801 goto failed;
1802 }
1803
1804failed:
1805 hci_dev_unlock(hdev);
1806 return err;
1807}
1808
1809static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1810{
1811 struct mgmt_mode *cp = data;
1812 bool changed;
1813 u8 status;
1814 int err;
1815
1816 bt_dev_dbg(hdev, "sock %p", sk);
1817
1818 status = mgmt_bredr_support(hdev);
1819 if (status)
1820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1821
1822 if (!lmp_ssp_capable(hdev))
1823 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1824 MGMT_STATUS_NOT_SUPPORTED);
1825
1826 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1828 MGMT_STATUS_REJECTED);
1829
1830 if (cp->val != 0x00 && cp->val != 0x01)
1831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1832 MGMT_STATUS_INVALID_PARAMS);
1833
1834 hci_dev_lock(hdev);
1835
1836 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1837 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1838 MGMT_STATUS_BUSY);
1839 goto unlock;
1840 }
1841
1842 if (cp->val) {
1843 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1844 } else {
1845 if (hdev_is_powered(hdev)) {
1846 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1847 MGMT_STATUS_REJECTED);
1848 goto unlock;
1849 }
1850
1851 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1852 }
1853
1854 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1855 if (err < 0)
1856 goto unlock;
1857
1858 if (changed)
1859 err = new_settings(hdev, sk);
1860
1861unlock:
1862 hci_dev_unlock(hdev);
1863 return err;
1864}
1865
1866static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1867{
1868 struct cmd_lookup match = { NULL, hdev };
1869
1870 hci_dev_lock(hdev);
1871
1872 if (status) {
1873 u8 mgmt_err = mgmt_status(status);
1874
1875 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1876 &mgmt_err);
1877 goto unlock;
1878 }
1879
1880 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1881
1882 new_settings(hdev, match.sk);
1883
1884 if (match.sk)
1885 sock_put(match.sk);
1886
1887
1888
1889
1890
1891
1892 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1893 struct hci_request req;
1894 hci_req_init(&req, hdev);
1895 if (ext_adv_capable(hdev)) {
1896 int err;
1897
1898 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1899 if (!err)
1900 __hci_req_update_scan_rsp_data(&req, 0x00);
1901 } else {
1902 __hci_req_update_adv_data(&req, 0x00);
1903 __hci_req_update_scan_rsp_data(&req, 0x00);
1904 }
1905 hci_req_run(&req, NULL);
1906 hci_update_background_scan(hdev);
1907 }
1908
1909unlock:
1910 hci_dev_unlock(hdev);
1911}
1912
1913static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1914{
1915 struct mgmt_mode *cp = data;
1916 struct hci_cp_write_le_host_supported hci_cp;
1917 struct mgmt_pending_cmd *cmd;
1918 struct hci_request req;
1919 int err;
1920 u8 val, enabled;
1921
1922 bt_dev_dbg(hdev, "sock %p", sk);
1923
1924 if (!lmp_le_capable(hdev))
1925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1926 MGMT_STATUS_NOT_SUPPORTED);
1927
1928 if (cp->val != 0x00 && cp->val != 0x01)
1929 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1930 MGMT_STATUS_INVALID_PARAMS);
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1942 if (cp->val == 0x01)
1943 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1944
1945 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1946 MGMT_STATUS_REJECTED);
1947 }
1948
1949 hci_dev_lock(hdev);
1950
1951 val = !!cp->val;
1952 enabled = lmp_host_le_capable(hdev);
1953
1954 if (!val)
1955 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1956
1957 if (!hdev_is_powered(hdev) || val == enabled) {
1958 bool changed = false;
1959
1960 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1961 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1962 changed = true;
1963 }
1964
1965 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1966 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1967 changed = true;
1968 }
1969
1970 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1971 if (err < 0)
1972 goto unlock;
1973
1974 if (changed)
1975 err = new_settings(hdev, sk);
1976
1977 goto unlock;
1978 }
1979
1980 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1981 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1982 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1983 MGMT_STATUS_BUSY);
1984 goto unlock;
1985 }
1986
1987 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1988 if (!cmd) {
1989 err = -ENOMEM;
1990 goto unlock;
1991 }
1992
1993 hci_req_init(&req, hdev);
1994
1995 memset(&hci_cp, 0, sizeof(hci_cp));
1996
1997 if (val) {
1998 hci_cp.le = val;
1999 hci_cp.simul = 0x00;
2000 } else {
2001 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2002 __hci_req_disable_advertising(&req);
2003
2004 if (ext_adv_capable(hdev))
2005 __hci_req_clear_ext_adv_sets(&req);
2006 }
2007
2008 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2009 &hci_cp);
2010
2011 err = hci_req_run(&req, le_enable_complete);
2012 if (err < 0)
2013 mgmt_pending_remove(cmd);
2014
2015unlock:
2016 hci_dev_unlock(hdev);
2017 return err;
2018}
2019
2020
2021
2022
2023
2024
2025
2026static bool pending_eir_or_class(struct hci_dev *hdev)
2027{
2028 struct mgmt_pending_cmd *cmd;
2029
2030 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2031 switch (cmd->opcode) {
2032 case MGMT_OP_ADD_UUID:
2033 case MGMT_OP_REMOVE_UUID:
2034 case MGMT_OP_SET_DEV_CLASS:
2035 case MGMT_OP_SET_POWERED:
2036 return true;
2037 }
2038 }
2039
2040 return false;
2041}
2042
2043static const u8 bluetooth_base_uuid[] = {
2044 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2045 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2046};
2047
2048static u8 get_uuid_size(const u8 *uuid)
2049{
2050 u32 val;
2051
2052 if (memcmp(uuid, bluetooth_base_uuid, 12))
2053 return 128;
2054
2055 val = get_unaligned_le32(&uuid[12]);
2056 if (val > 0xffff)
2057 return 32;
2058
2059 return 16;
2060}
2061
2062static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2063{
2064 struct mgmt_pending_cmd *cmd;
2065
2066 hci_dev_lock(hdev);
2067
2068 cmd = pending_find(mgmt_op, hdev);
2069 if (!cmd)
2070 goto unlock;
2071
2072 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2073 mgmt_status(status), hdev->dev_class, 3);
2074
2075 mgmt_pending_remove(cmd);
2076
2077unlock:
2078 hci_dev_unlock(hdev);
2079}
2080
2081static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2082{
2083 bt_dev_dbg(hdev, "status 0x%02x", status);
2084
2085 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2086}
2087
2088static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2089{
2090 struct mgmt_cp_add_uuid *cp = data;
2091 struct mgmt_pending_cmd *cmd;
2092 struct hci_request req;
2093 struct bt_uuid *uuid;
2094 int err;
2095
2096 bt_dev_dbg(hdev, "sock %p", sk);
2097
2098 hci_dev_lock(hdev);
2099
2100 if (pending_eir_or_class(hdev)) {
2101 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2102 MGMT_STATUS_BUSY);
2103 goto failed;
2104 }
2105
2106 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2107 if (!uuid) {
2108 err = -ENOMEM;
2109 goto failed;
2110 }
2111
2112 memcpy(uuid->uuid, cp->uuid, 16);
2113 uuid->svc_hint = cp->svc_hint;
2114 uuid->size = get_uuid_size(cp->uuid);
2115
2116 list_add_tail(&uuid->list, &hdev->uuids);
2117
2118 hci_req_init(&req, hdev);
2119
2120 __hci_req_update_class(&req);
2121 __hci_req_update_eir(&req);
2122
2123 err = hci_req_run(&req, add_uuid_complete);
2124 if (err < 0) {
2125 if (err != -ENODATA)
2126 goto failed;
2127
2128 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2129 hdev->dev_class, 3);
2130 goto failed;
2131 }
2132
2133 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2134 if (!cmd) {
2135 err = -ENOMEM;
2136 goto failed;
2137 }
2138
2139 err = 0;
2140
2141failed:
2142 hci_dev_unlock(hdev);
2143 return err;
2144}
2145
2146static bool enable_service_cache(struct hci_dev *hdev)
2147{
2148 if (!hdev_is_powered(hdev))
2149 return false;
2150
2151 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2152 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2153 CACHE_TIMEOUT);
2154 return true;
2155 }
2156
2157 return false;
2158}
2159
2160static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2161{
2162 bt_dev_dbg(hdev, "status 0x%02x", status);
2163
2164 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2165}
2166
2167static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2168 u16 len)
2169{
2170 struct mgmt_cp_remove_uuid *cp = data;
2171 struct mgmt_pending_cmd *cmd;
2172 struct bt_uuid *match, *tmp;
2173 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2174 struct hci_request req;
2175 int err, found;
2176
2177 bt_dev_dbg(hdev, "sock %p", sk);
2178
2179 hci_dev_lock(hdev);
2180
2181 if (pending_eir_or_class(hdev)) {
2182 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2183 MGMT_STATUS_BUSY);
2184 goto unlock;
2185 }
2186
2187 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2188 hci_uuids_clear(hdev);
2189
2190 if (enable_service_cache(hdev)) {
2191 err = mgmt_cmd_complete(sk, hdev->id,
2192 MGMT_OP_REMOVE_UUID,
2193 0, hdev->dev_class, 3);
2194 goto unlock;
2195 }
2196
2197 goto update_class;
2198 }
2199
2200 found = 0;
2201
2202 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2203 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2204 continue;
2205
2206 list_del(&match->list);
2207 kfree(match);
2208 found++;
2209 }
2210
2211 if (found == 0) {
2212 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2213 MGMT_STATUS_INVALID_PARAMS);
2214 goto unlock;
2215 }
2216
2217update_class:
2218 hci_req_init(&req, hdev);
2219
2220 __hci_req_update_class(&req);
2221 __hci_req_update_eir(&req);
2222
2223 err = hci_req_run(&req, remove_uuid_complete);
2224 if (err < 0) {
2225 if (err != -ENODATA)
2226 goto unlock;
2227
2228 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2229 hdev->dev_class, 3);
2230 goto unlock;
2231 }
2232
2233 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2234 if (!cmd) {
2235 err = -ENOMEM;
2236 goto unlock;
2237 }
2238
2239 err = 0;
2240
2241unlock:
2242 hci_dev_unlock(hdev);
2243 return err;
2244}
2245
2246static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2247{
2248 bt_dev_dbg(hdev, "status 0x%02x", status);
2249
2250 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2251}
2252
2253static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2254 u16 len)
2255{
2256 struct mgmt_cp_set_dev_class *cp = data;
2257 struct mgmt_pending_cmd *cmd;
2258 struct hci_request req;
2259 int err;
2260
2261 bt_dev_dbg(hdev, "sock %p", sk);
2262
2263 if (!lmp_bredr_capable(hdev))
2264 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2265 MGMT_STATUS_NOT_SUPPORTED);
2266
2267 hci_dev_lock(hdev);
2268
2269 if (pending_eir_or_class(hdev)) {
2270 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2271 MGMT_STATUS_BUSY);
2272 goto unlock;
2273 }
2274
2275 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2276 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2277 MGMT_STATUS_INVALID_PARAMS);
2278 goto unlock;
2279 }
2280
2281 hdev->major_class = cp->major;
2282 hdev->minor_class = cp->minor;
2283
2284 if (!hdev_is_powered(hdev)) {
2285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2286 hdev->dev_class, 3);
2287 goto unlock;
2288 }
2289
2290 hci_req_init(&req, hdev);
2291
2292 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2293 hci_dev_unlock(hdev);
2294 cancel_delayed_work_sync(&hdev->service_cache);
2295 hci_dev_lock(hdev);
2296 __hci_req_update_eir(&req);
2297 }
2298
2299 __hci_req_update_class(&req);
2300
2301 err = hci_req_run(&req, set_class_complete);
2302 if (err < 0) {
2303 if (err != -ENODATA)
2304 goto unlock;
2305
2306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2307 hdev->dev_class, 3);
2308 goto unlock;
2309 }
2310
2311 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2312 if (!cmd) {
2313 err = -ENOMEM;
2314 goto unlock;
2315 }
2316
2317 err = 0;
2318
2319unlock:
2320 hci_dev_unlock(hdev);
2321 return err;
2322}
2323
2324static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2325 u16 len)
2326{
2327 struct mgmt_cp_load_link_keys *cp = data;
2328 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2329 sizeof(struct mgmt_link_key_info));
2330 u16 key_count, expected_len;
2331 bool changed;
2332 int i;
2333
2334 bt_dev_dbg(hdev, "sock %p", sk);
2335
2336 if (!lmp_bredr_capable(hdev))
2337 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2338 MGMT_STATUS_NOT_SUPPORTED);
2339
2340 key_count = __le16_to_cpu(cp->key_count);
2341 if (key_count > max_key_count) {
2342 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2343 key_count);
2344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2345 MGMT_STATUS_INVALID_PARAMS);
2346 }
2347
2348 expected_len = struct_size(cp, keys, key_count);
2349 if (expected_len != len) {
2350 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2351 expected_len, len);
2352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2353 MGMT_STATUS_INVALID_PARAMS);
2354 }
2355
2356 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2358 MGMT_STATUS_INVALID_PARAMS);
2359
2360 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2361 key_count);
2362
2363 for (i = 0; i < key_count; i++) {
2364 struct mgmt_link_key_info *key = &cp->keys[i];
2365
2366 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2367 return mgmt_cmd_status(sk, hdev->id,
2368 MGMT_OP_LOAD_LINK_KEYS,
2369 MGMT_STATUS_INVALID_PARAMS);
2370 }
2371
2372 hci_dev_lock(hdev);
2373
2374 hci_link_keys_clear(hdev);
2375
2376 if (cp->debug_keys)
2377 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2378 else
2379 changed = hci_dev_test_and_clear_flag(hdev,
2380 HCI_KEEP_DEBUG_KEYS);
2381
2382 if (changed)
2383 new_settings(hdev, NULL);
2384
2385 for (i = 0; i < key_count; i++) {
2386 struct mgmt_link_key_info *key = &cp->keys[i];
2387
2388 if (hci_is_blocked_key(hdev,
2389 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2390 key->val)) {
2391 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2392 &key->addr.bdaddr);
2393 continue;
2394 }
2395
2396
2397
2398
2399 if (key->type == HCI_LK_DEBUG_COMBINATION)
2400 continue;
2401
2402 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2403 key->type, key->pin_len, NULL);
2404 }
2405
2406 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2407
2408 hci_dev_unlock(hdev);
2409
2410 return 0;
2411}
2412
2413static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2414 u8 addr_type, struct sock *skip_sk)
2415{
2416 struct mgmt_ev_device_unpaired ev;
2417
2418 bacpy(&ev.addr.bdaddr, bdaddr);
2419 ev.addr.type = addr_type;
2420
2421 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2422 skip_sk);
2423}
2424
2425static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2426 u16 len)
2427{
2428 struct mgmt_cp_unpair_device *cp = data;
2429 struct mgmt_rp_unpair_device rp;
2430 struct hci_conn_params *params;
2431 struct mgmt_pending_cmd *cmd;
2432 struct hci_conn *conn;
2433 u8 addr_type;
2434 int err;
2435
2436 memset(&rp, 0, sizeof(rp));
2437 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2438 rp.addr.type = cp->addr.type;
2439
2440 if (!bdaddr_type_is_valid(cp->addr.type))
2441 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2442 MGMT_STATUS_INVALID_PARAMS,
2443 &rp, sizeof(rp));
2444
2445 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2446 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2447 MGMT_STATUS_INVALID_PARAMS,
2448 &rp, sizeof(rp));
2449
2450 hci_dev_lock(hdev);
2451
2452 if (!hdev_is_powered(hdev)) {
2453 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2454 MGMT_STATUS_NOT_POWERED, &rp,
2455 sizeof(rp));
2456 goto unlock;
2457 }
2458
2459 if (cp->addr.type == BDADDR_BREDR) {
2460
2461
2462
2463
2464
2465
2466
2467 if (cp->disconnect)
2468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2469 &cp->addr.bdaddr);
2470 else
2471 conn = NULL;
2472
2473 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2474 if (err < 0) {
2475 err = mgmt_cmd_complete(sk, hdev->id,
2476 MGMT_OP_UNPAIR_DEVICE,
2477 MGMT_STATUS_NOT_PAIRED, &rp,
2478 sizeof(rp));
2479 goto unlock;
2480 }
2481
2482 goto done;
2483 }
2484
2485
2486 addr_type = le_addr_type(cp->addr.type);
2487
2488
2489 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2490 if (err < 0) {
2491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2492 MGMT_STATUS_NOT_PAIRED, &rp,
2493 sizeof(rp));
2494 goto unlock;
2495 }
2496
2497 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2498 if (!conn) {
2499 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2500 goto done;
2501 }
2502
2503
2504
2505
2506
2507 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2508
2509
2510 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2511 if (params) {
2512 if (params->explicit_connect)
2513 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2514 else
2515 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2516 }
2517
2518
2519
2520
2521 if (!cp->disconnect)
2522 conn = NULL;
2523
2524done:
2525
2526
2527
2528 if (!conn) {
2529 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2530 &rp, sizeof(rp));
2531 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2532 goto unlock;
2533 }
2534
2535 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2536 sizeof(*cp));
2537 if (!cmd) {
2538 err = -ENOMEM;
2539 goto unlock;
2540 }
2541
2542 cmd->cmd_complete = addr_cmd_complete;
2543
2544 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2545 if (err < 0)
2546 mgmt_pending_remove(cmd);
2547
2548unlock:
2549 hci_dev_unlock(hdev);
2550 return err;
2551}
2552
2553static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2554 u16 len)
2555{
2556 struct mgmt_cp_disconnect *cp = data;
2557 struct mgmt_rp_disconnect rp;
2558 struct mgmt_pending_cmd *cmd;
2559 struct hci_conn *conn;
2560 int err;
2561
2562 bt_dev_dbg(hdev, "sock %p", sk);
2563
2564 memset(&rp, 0, sizeof(rp));
2565 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2566 rp.addr.type = cp->addr.type;
2567
2568 if (!bdaddr_type_is_valid(cp->addr.type))
2569 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2570 MGMT_STATUS_INVALID_PARAMS,
2571 &rp, sizeof(rp));
2572
2573 hci_dev_lock(hdev);
2574
2575 if (!test_bit(HCI_UP, &hdev->flags)) {
2576 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2577 MGMT_STATUS_NOT_POWERED, &rp,
2578 sizeof(rp));
2579 goto failed;
2580 }
2581
2582 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2583 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2584 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2585 goto failed;
2586 }
2587
2588 if (cp->addr.type == BDADDR_BREDR)
2589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2590 &cp->addr.bdaddr);
2591 else
2592 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2593 le_addr_type(cp->addr.type));
2594
2595 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2597 MGMT_STATUS_NOT_CONNECTED, &rp,
2598 sizeof(rp));
2599 goto failed;
2600 }
2601
2602 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2603 if (!cmd) {
2604 err = -ENOMEM;
2605 goto failed;
2606 }
2607
2608 cmd->cmd_complete = generic_cmd_complete;
2609
2610 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2611 if (err < 0)
2612 mgmt_pending_remove(cmd);
2613
2614failed:
2615 hci_dev_unlock(hdev);
2616 return err;
2617}
2618
2619static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2620{
2621 switch (link_type) {
2622 case LE_LINK:
2623 switch (addr_type) {
2624 case ADDR_LE_DEV_PUBLIC:
2625 return BDADDR_LE_PUBLIC;
2626
2627 default:
2628
2629 return BDADDR_LE_RANDOM;
2630 }
2631
2632 default:
2633
2634 return BDADDR_BREDR;
2635 }
2636}
2637
2638static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2639 u16 data_len)
2640{
2641 struct mgmt_rp_get_connections *rp;
2642 struct hci_conn *c;
2643 int err;
2644 u16 i;
2645
2646 bt_dev_dbg(hdev, "sock %p", sk);
2647
2648 hci_dev_lock(hdev);
2649
2650 if (!hdev_is_powered(hdev)) {
2651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2652 MGMT_STATUS_NOT_POWERED);
2653 goto unlock;
2654 }
2655
2656 i = 0;
2657 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2658 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2659 i++;
2660 }
2661
2662 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2663 if (!rp) {
2664 err = -ENOMEM;
2665 goto unlock;
2666 }
2667
2668 i = 0;
2669 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2670 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2671 continue;
2672 bacpy(&rp->addr[i].bdaddr, &c->dst);
2673 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2674 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2675 continue;
2676 i++;
2677 }
2678
2679 rp->conn_count = cpu_to_le16(i);
2680
2681
2682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2683 struct_size(rp, addr, i));
2684
2685 kfree(rp);
2686
2687unlock:
2688 hci_dev_unlock(hdev);
2689 return err;
2690}
2691
2692static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2693 struct mgmt_cp_pin_code_neg_reply *cp)
2694{
2695 struct mgmt_pending_cmd *cmd;
2696 int err;
2697
2698 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2699 sizeof(*cp));
2700 if (!cmd)
2701 return -ENOMEM;
2702
2703 cmd->cmd_complete = addr_cmd_complete;
2704
2705 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2706 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2707 if (err < 0)
2708 mgmt_pending_remove(cmd);
2709
2710 return err;
2711}
2712
2713static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2714 u16 len)
2715{
2716 struct hci_conn *conn;
2717 struct mgmt_cp_pin_code_reply *cp = data;
2718 struct hci_cp_pin_code_reply reply;
2719 struct mgmt_pending_cmd *cmd;
2720 int err;
2721
2722 bt_dev_dbg(hdev, "sock %p", sk);
2723
2724 hci_dev_lock(hdev);
2725
2726 if (!hdev_is_powered(hdev)) {
2727 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2728 MGMT_STATUS_NOT_POWERED);
2729 goto failed;
2730 }
2731
2732 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2733 if (!conn) {
2734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2735 MGMT_STATUS_NOT_CONNECTED);
2736 goto failed;
2737 }
2738
2739 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2740 struct mgmt_cp_pin_code_neg_reply ncp;
2741
2742 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2743
2744 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2745
2746 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2747 if (err >= 0)
2748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2749 MGMT_STATUS_INVALID_PARAMS);
2750
2751 goto failed;
2752 }
2753
2754 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2755 if (!cmd) {
2756 err = -ENOMEM;
2757 goto failed;
2758 }
2759
2760 cmd->cmd_complete = addr_cmd_complete;
2761
2762 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2763 reply.pin_len = cp->pin_len;
2764 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2765
2766 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2767 if (err < 0)
2768 mgmt_pending_remove(cmd);
2769
2770failed:
2771 hci_dev_unlock(hdev);
2772 return err;
2773}
2774
2775static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2776 u16 len)
2777{
2778 struct mgmt_cp_set_io_capability *cp = data;
2779
2780 bt_dev_dbg(hdev, "sock %p", sk);
2781
2782 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2784 MGMT_STATUS_INVALID_PARAMS);
2785
2786 hci_dev_lock(hdev);
2787
2788 hdev->io_capability = cp->io_capability;
2789
2790 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2791
2792 hci_dev_unlock(hdev);
2793
2794 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2795 NULL, 0);
2796}
2797
2798static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2799{
2800 struct hci_dev *hdev = conn->hdev;
2801 struct mgmt_pending_cmd *cmd;
2802
2803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2804 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2805 continue;
2806
2807 if (cmd->user_data != conn)
2808 continue;
2809
2810 return cmd;
2811 }
2812
2813 return NULL;
2814}
2815
2816static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2817{
2818 struct mgmt_rp_pair_device rp;
2819 struct hci_conn *conn = cmd->user_data;
2820 int err;
2821
2822 bacpy(&rp.addr.bdaddr, &conn->dst);
2823 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2824
2825 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2826 status, &rp, sizeof(rp));
2827
2828
2829 conn->connect_cfm_cb = NULL;
2830 conn->security_cfm_cb = NULL;
2831 conn->disconn_cfm_cb = NULL;
2832
2833 hci_conn_drop(conn);
2834
2835
2836
2837
2838 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2839
2840 hci_conn_put(conn);
2841
2842 return err;
2843}
2844
2845void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2846{
2847 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2848 struct mgmt_pending_cmd *cmd;
2849
2850 cmd = find_pairing(conn);
2851 if (cmd) {
2852 cmd->cmd_complete(cmd, status);
2853 mgmt_pending_remove(cmd);
2854 }
2855}
2856
2857static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2858{
2859 struct mgmt_pending_cmd *cmd;
2860
2861 BT_DBG("status %u", status);
2862
2863 cmd = find_pairing(conn);
2864 if (!cmd) {
2865 BT_DBG("Unable to find a pending command");
2866 return;
2867 }
2868
2869 cmd->cmd_complete(cmd, mgmt_status(status));
2870 mgmt_pending_remove(cmd);
2871}
2872
2873static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2874{
2875 struct mgmt_pending_cmd *cmd;
2876
2877 BT_DBG("status %u", status);
2878
2879 if (!status)
2880 return;
2881
2882 cmd = find_pairing(conn);
2883 if (!cmd) {
2884 BT_DBG("Unable to find a pending command");
2885 return;
2886 }
2887
2888 cmd->cmd_complete(cmd, mgmt_status(status));
2889 mgmt_pending_remove(cmd);
2890}
2891
2892static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2893 u16 len)
2894{
2895 struct mgmt_cp_pair_device *cp = data;
2896 struct mgmt_rp_pair_device rp;
2897 struct mgmt_pending_cmd *cmd;
2898 u8 sec_level, auth_type;
2899 struct hci_conn *conn;
2900 int err;
2901
2902 bt_dev_dbg(hdev, "sock %p", sk);
2903
2904 memset(&rp, 0, sizeof(rp));
2905 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2906 rp.addr.type = cp->addr.type;
2907
2908 if (!bdaddr_type_is_valid(cp->addr.type))
2909 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2910 MGMT_STATUS_INVALID_PARAMS,
2911 &rp, sizeof(rp));
2912
2913 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2914 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2915 MGMT_STATUS_INVALID_PARAMS,
2916 &rp, sizeof(rp));
2917
2918 hci_dev_lock(hdev);
2919
2920 if (!hdev_is_powered(hdev)) {
2921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2922 MGMT_STATUS_NOT_POWERED, &rp,
2923 sizeof(rp));
2924 goto unlock;
2925 }
2926
2927 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 MGMT_STATUS_ALREADY_PAIRED, &rp,
2930 sizeof(rp));
2931 goto unlock;
2932 }
2933
2934 sec_level = BT_SECURITY_MEDIUM;
2935 auth_type = HCI_AT_DEDICATED_BONDING;
2936
2937 if (cp->addr.type == BDADDR_BREDR) {
2938 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2939 auth_type, CONN_REASON_PAIR_DEVICE);
2940 } else {
2941 u8 addr_type = le_addr_type(cp->addr.type);
2942 struct hci_conn_params *p;
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2954
2955 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2956 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2957
2958 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2959 sec_level, HCI_LE_CONN_TIMEOUT,
2960 CONN_REASON_PAIR_DEVICE);
2961 }
2962
2963 if (IS_ERR(conn)) {
2964 int status;
2965
2966 if (PTR_ERR(conn) == -EBUSY)
2967 status = MGMT_STATUS_BUSY;
2968 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2969 status = MGMT_STATUS_NOT_SUPPORTED;
2970 else if (PTR_ERR(conn) == -ECONNREFUSED)
2971 status = MGMT_STATUS_REJECTED;
2972 else
2973 status = MGMT_STATUS_CONNECT_FAILED;
2974
2975 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2976 status, &rp, sizeof(rp));
2977 goto unlock;
2978 }
2979
2980 if (conn->connect_cfm_cb) {
2981 hci_conn_drop(conn);
2982 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2983 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2984 goto unlock;
2985 }
2986
2987 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2988 if (!cmd) {
2989 err = -ENOMEM;
2990 hci_conn_drop(conn);
2991 goto unlock;
2992 }
2993
2994 cmd->cmd_complete = pairing_complete;
2995
2996
2997 if (cp->addr.type == BDADDR_BREDR) {
2998 conn->connect_cfm_cb = pairing_complete_cb;
2999 conn->security_cfm_cb = pairing_complete_cb;
3000 conn->disconn_cfm_cb = pairing_complete_cb;
3001 } else {
3002 conn->connect_cfm_cb = le_pairing_complete_cb;
3003 conn->security_cfm_cb = le_pairing_complete_cb;
3004 conn->disconn_cfm_cb = le_pairing_complete_cb;
3005 }
3006
3007 conn->io_capability = cp->io_cap;
3008 cmd->user_data = hci_conn_get(conn);
3009
3010 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3011 hci_conn_security(conn, sec_level, auth_type, true)) {
3012 cmd->cmd_complete(cmd, 0);
3013 mgmt_pending_remove(cmd);
3014 }
3015
3016 err = 0;
3017
3018unlock:
3019 hci_dev_unlock(hdev);
3020 return err;
3021}
3022
3023static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3024 u16 len)
3025{
3026 struct mgmt_addr_info *addr = data;
3027 struct mgmt_pending_cmd *cmd;
3028 struct hci_conn *conn;
3029 int err;
3030
3031 bt_dev_dbg(hdev, "sock %p", sk);
3032
3033 hci_dev_lock(hdev);
3034
3035 if (!hdev_is_powered(hdev)) {
3036 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3037 MGMT_STATUS_NOT_POWERED);
3038 goto unlock;
3039 }
3040
3041 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3042 if (!cmd) {
3043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3044 MGMT_STATUS_INVALID_PARAMS);
3045 goto unlock;
3046 }
3047
3048 conn = cmd->user_data;
3049
3050 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3051 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3052 MGMT_STATUS_INVALID_PARAMS);
3053 goto unlock;
3054 }
3055
3056 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3057 mgmt_pending_remove(cmd);
3058
3059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3060 addr, sizeof(*addr));
3061
3062
3063
3064
3065
3066 if (addr->type == BDADDR_BREDR)
3067 hci_remove_link_key(hdev, &addr->bdaddr);
3068 else
3069 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3070 le_addr_type(addr->type));
3071
3072 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3073 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3074
3075unlock:
3076 hci_dev_unlock(hdev);
3077 return err;
3078}
3079
3080static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3081 struct mgmt_addr_info *addr, u16 mgmt_op,
3082 u16 hci_op, __le32 passkey)
3083{
3084 struct mgmt_pending_cmd *cmd;
3085 struct hci_conn *conn;
3086 int err;
3087
3088 hci_dev_lock(hdev);
3089
3090 if (!hdev_is_powered(hdev)) {
3091 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3092 MGMT_STATUS_NOT_POWERED, addr,
3093 sizeof(*addr));
3094 goto done;
3095 }
3096
3097 if (addr->type == BDADDR_BREDR)
3098 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3099 else
3100 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3101 le_addr_type(addr->type));
3102
3103 if (!conn) {
3104 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3105 MGMT_STATUS_NOT_CONNECTED, addr,
3106 sizeof(*addr));
3107 goto done;
3108 }
3109
3110 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3111 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3112 if (!err)
3113 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3114 MGMT_STATUS_SUCCESS, addr,
3115 sizeof(*addr));
3116 else
3117 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3118 MGMT_STATUS_FAILED, addr,
3119 sizeof(*addr));
3120
3121 goto done;
3122 }
3123
3124 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3125 if (!cmd) {
3126 err = -ENOMEM;
3127 goto done;
3128 }
3129
3130 cmd->cmd_complete = addr_cmd_complete;
3131
3132
3133 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3134 struct hci_cp_user_passkey_reply cp;
3135
3136 bacpy(&cp.bdaddr, &addr->bdaddr);
3137 cp.passkey = passkey;
3138 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3139 } else
3140 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3141 &addr->bdaddr);
3142
3143 if (err < 0)
3144 mgmt_pending_remove(cmd);
3145
3146done:
3147 hci_dev_unlock(hdev);
3148 return err;
3149}
3150
3151static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3152 void *data, u16 len)
3153{
3154 struct mgmt_cp_pin_code_neg_reply *cp = data;
3155
3156 bt_dev_dbg(hdev, "sock %p", sk);
3157
3158 return user_pairing_resp(sk, hdev, &cp->addr,
3159 MGMT_OP_PIN_CODE_NEG_REPLY,
3160 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3161}
3162
3163static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3164 u16 len)
3165{
3166 struct mgmt_cp_user_confirm_reply *cp = data;
3167
3168 bt_dev_dbg(hdev, "sock %p", sk);
3169
3170 if (len != sizeof(*cp))
3171 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3172 MGMT_STATUS_INVALID_PARAMS);
3173
3174 return user_pairing_resp(sk, hdev, &cp->addr,
3175 MGMT_OP_USER_CONFIRM_REPLY,
3176 HCI_OP_USER_CONFIRM_REPLY, 0);
3177}
3178
3179static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3180 void *data, u16 len)
3181{
3182 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3183
3184 bt_dev_dbg(hdev, "sock %p", sk);
3185
3186 return user_pairing_resp(sk, hdev, &cp->addr,
3187 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3188 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3189}
3190
3191static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3192 u16 len)
3193{
3194 struct mgmt_cp_user_passkey_reply *cp = data;
3195
3196 bt_dev_dbg(hdev, "sock %p", sk);
3197
3198 return user_pairing_resp(sk, hdev, &cp->addr,
3199 MGMT_OP_USER_PASSKEY_REPLY,
3200 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3201}
3202
3203static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3204 void *data, u16 len)
3205{
3206 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3207
3208 bt_dev_dbg(hdev, "sock %p", sk);
3209
3210 return user_pairing_resp(sk, hdev, &cp->addr,
3211 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3212 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3213}
3214
3215static void adv_expire(struct hci_dev *hdev, u32 flags)
3216{
3217 struct adv_info *adv_instance;
3218 struct hci_request req;
3219 int err;
3220
3221 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3222 if (!adv_instance)
3223 return;
3224
3225
3226 if (!(adv_instance->flags & flags))
3227 return;
3228
3229 cancel_adv_timeout(hdev);
3230
3231 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3232 if (!adv_instance)
3233 return;
3234
3235 hci_req_init(&req, hdev);
3236 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3237 true);
3238 if (err)
3239 return;
3240
3241 hci_req_run(&req, NULL);
3242}
3243
3244static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3245{
3246 struct mgmt_cp_set_local_name *cp;
3247 struct mgmt_pending_cmd *cmd;
3248
3249 bt_dev_dbg(hdev, "status 0x%02x", status);
3250
3251 hci_dev_lock(hdev);
3252
3253 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3254 if (!cmd)
3255 goto unlock;
3256
3257 cp = cmd->param;
3258
3259 if (status) {
3260 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3261 mgmt_status(status));
3262 } else {
3263 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3264 cp, sizeof(*cp));
3265
3266 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3267 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3268 }
3269
3270 mgmt_pending_remove(cmd);
3271
3272unlock:
3273 hci_dev_unlock(hdev);
3274}
3275
3276static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3277 u16 len)
3278{
3279 struct mgmt_cp_set_local_name *cp = data;
3280 struct mgmt_pending_cmd *cmd;
3281 struct hci_request req;
3282 int err;
3283
3284 bt_dev_dbg(hdev, "sock %p", sk);
3285
3286 hci_dev_lock(hdev);
3287
3288
3289
3290
3291 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3292 !memcmp(hdev->short_name, cp->short_name,
3293 sizeof(hdev->short_name))) {
3294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3295 data, len);
3296 goto failed;
3297 }
3298
3299 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3300
3301 if (!hdev_is_powered(hdev)) {
3302 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3303
3304 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3305 data, len);
3306 if (err < 0)
3307 goto failed;
3308
3309 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3310 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3311 ext_info_changed(hdev, sk);
3312
3313 goto failed;
3314 }
3315
3316 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3317 if (!cmd) {
3318 err = -ENOMEM;
3319 goto failed;
3320 }
3321
3322 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3323
3324 hci_req_init(&req, hdev);
3325
3326 if (lmp_bredr_capable(hdev)) {
3327 __hci_req_update_name(&req);
3328 __hci_req_update_eir(&req);
3329 }
3330
3331
3332
3333
3334 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3335 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3336
3337 err = hci_req_run(&req, set_name_complete);
3338 if (err < 0)
3339 mgmt_pending_remove(cmd);
3340
3341failed:
3342 hci_dev_unlock(hdev);
3343 return err;
3344}
3345
3346static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3347 u16 len)
3348{
3349 struct mgmt_cp_set_appearance *cp = data;
3350 u16 appearance;
3351 int err;
3352
3353 bt_dev_dbg(hdev, "sock %p", sk);
3354
3355 if (!lmp_le_capable(hdev))
3356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3357 MGMT_STATUS_NOT_SUPPORTED);
3358
3359 appearance = le16_to_cpu(cp->appearance);
3360
3361 hci_dev_lock(hdev);
3362
3363 if (hdev->appearance != appearance) {
3364 hdev->appearance = appearance;
3365
3366 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3367 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3368
3369 ext_info_changed(hdev, sk);
3370 }
3371
3372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3373 0);
3374
3375 hci_dev_unlock(hdev);
3376
3377 return err;
3378}
3379
3380static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3381 void *data, u16 len)
3382{
3383 struct mgmt_rp_get_phy_confguration rp;
3384
3385 bt_dev_dbg(hdev, "sock %p", sk);
3386
3387 hci_dev_lock(hdev);
3388
3389 memset(&rp, 0, sizeof(rp));
3390
3391 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3392 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3393 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3394
3395 hci_dev_unlock(hdev);
3396
3397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3398 &rp, sizeof(rp));
3399}
3400
3401int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3402{
3403 struct mgmt_ev_phy_configuration_changed ev;
3404
3405 memset(&ev, 0, sizeof(ev));
3406
3407 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3408
3409 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3410 sizeof(ev), skip);
3411}
3412
3413static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3414 u16 opcode, struct sk_buff *skb)
3415{
3416 struct mgmt_pending_cmd *cmd;
3417
3418 bt_dev_dbg(hdev, "status 0x%02x", status);
3419
3420 hci_dev_lock(hdev);
3421
3422 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3423 if (!cmd)
3424 goto unlock;
3425
3426 if (status) {
3427 mgmt_cmd_status(cmd->sk, hdev->id,
3428 MGMT_OP_SET_PHY_CONFIGURATION,
3429 mgmt_status(status));
3430 } else {
3431 mgmt_cmd_complete(cmd->sk, hdev->id,
3432 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3433 NULL, 0);
3434
3435 mgmt_phy_configuration_changed(hdev, cmd->sk);
3436 }
3437
3438 mgmt_pending_remove(cmd);
3439
3440unlock:
3441 hci_dev_unlock(hdev);
3442}
3443
3444static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3445 void *data, u16 len)
3446{
3447 struct mgmt_cp_set_phy_confguration *cp = data;
3448 struct hci_cp_le_set_default_phy cp_phy;
3449 struct mgmt_pending_cmd *cmd;
3450 struct hci_request req;
3451 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3452 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3453 bool changed = false;
3454 int err;
3455
3456 bt_dev_dbg(hdev, "sock %p", sk);
3457
3458 configurable_phys = get_configurable_phys(hdev);
3459 supported_phys = get_supported_phys(hdev);
3460 selected_phys = __le32_to_cpu(cp->selected_phys);
3461
3462 if (selected_phys & ~supported_phys)
3463 return mgmt_cmd_status(sk, hdev->id,
3464 MGMT_OP_SET_PHY_CONFIGURATION,
3465 MGMT_STATUS_INVALID_PARAMS);
3466
3467 unconfigure_phys = supported_phys & ~configurable_phys;
3468
3469 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3470 return mgmt_cmd_status(sk, hdev->id,
3471 MGMT_OP_SET_PHY_CONFIGURATION,
3472 MGMT_STATUS_INVALID_PARAMS);
3473
3474 if (selected_phys == get_selected_phys(hdev))
3475 return mgmt_cmd_complete(sk, hdev->id,
3476 MGMT_OP_SET_PHY_CONFIGURATION,
3477 0, NULL, 0);
3478
3479 hci_dev_lock(hdev);
3480
3481 if (!hdev_is_powered(hdev)) {
3482 err = mgmt_cmd_status(sk, hdev->id,
3483 MGMT_OP_SET_PHY_CONFIGURATION,
3484 MGMT_STATUS_REJECTED);
3485 goto unlock;
3486 }
3487
3488 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3489 err = mgmt_cmd_status(sk, hdev->id,
3490 MGMT_OP_SET_PHY_CONFIGURATION,
3491 MGMT_STATUS_BUSY);
3492 goto unlock;
3493 }
3494
3495 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3496 pkt_type |= (HCI_DH3 | HCI_DM3);
3497 else
3498 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3499
3500 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3501 pkt_type |= (HCI_DH5 | HCI_DM5);
3502 else
3503 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3504
3505 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3506 pkt_type &= ~HCI_2DH1;
3507 else
3508 pkt_type |= HCI_2DH1;
3509
3510 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3511 pkt_type &= ~HCI_2DH3;
3512 else
3513 pkt_type |= HCI_2DH3;
3514
3515 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3516 pkt_type &= ~HCI_2DH5;
3517 else
3518 pkt_type |= HCI_2DH5;
3519
3520 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3521 pkt_type &= ~HCI_3DH1;
3522 else
3523 pkt_type |= HCI_3DH1;
3524
3525 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3526 pkt_type &= ~HCI_3DH3;
3527 else
3528 pkt_type |= HCI_3DH3;
3529
3530 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3531 pkt_type &= ~HCI_3DH5;
3532 else
3533 pkt_type |= HCI_3DH5;
3534
3535 if (pkt_type != hdev->pkt_type) {
3536 hdev->pkt_type = pkt_type;
3537 changed = true;
3538 }
3539
3540 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3541 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3542 if (changed)
3543 mgmt_phy_configuration_changed(hdev, sk);
3544
3545 err = mgmt_cmd_complete(sk, hdev->id,
3546 MGMT_OP_SET_PHY_CONFIGURATION,
3547 0, NULL, 0);
3548
3549 goto unlock;
3550 }
3551
3552 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3553 len);
3554 if (!cmd) {
3555 err = -ENOMEM;
3556 goto unlock;
3557 }
3558
3559 hci_req_init(&req, hdev);
3560
3561 memset(&cp_phy, 0, sizeof(cp_phy));
3562
3563 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3564 cp_phy.all_phys |= 0x01;
3565
3566 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3567 cp_phy.all_phys |= 0x02;
3568
3569 if (selected_phys & MGMT_PHY_LE_1M_TX)
3570 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3571
3572 if (selected_phys & MGMT_PHY_LE_2M_TX)
3573 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3574
3575 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3576 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3577
3578 if (selected_phys & MGMT_PHY_LE_1M_RX)
3579 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3580
3581 if (selected_phys & MGMT_PHY_LE_2M_RX)
3582 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3583
3584 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3585 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3586
3587 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3588
3589 err = hci_req_run_skb(&req, set_default_phy_complete);
3590 if (err < 0)
3591 mgmt_pending_remove(cmd);
3592
3593unlock:
3594 hci_dev_unlock(hdev);
3595
3596 return err;
3597}
3598
3599static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3600 u16 len)
3601{
3602 int err = MGMT_STATUS_SUCCESS;
3603 struct mgmt_cp_set_blocked_keys *keys = data;
3604 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3605 sizeof(struct mgmt_blocked_key_info));
3606 u16 key_count, expected_len;
3607 int i;
3608
3609 bt_dev_dbg(hdev, "sock %p", sk);
3610
3611 key_count = __le16_to_cpu(keys->key_count);
3612 if (key_count > max_key_count) {
3613 bt_dev_err(hdev, "too big key_count value %u", key_count);
3614 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3615 MGMT_STATUS_INVALID_PARAMS);
3616 }
3617
3618 expected_len = struct_size(keys, keys, key_count);
3619 if (expected_len != len) {
3620 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3621 expected_len, len);
3622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3623 MGMT_STATUS_INVALID_PARAMS);
3624 }
3625
3626 hci_dev_lock(hdev);
3627
3628 hci_blocked_keys_clear(hdev);
3629
3630 for (i = 0; i < keys->key_count; ++i) {
3631 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3632
3633 if (!b) {
3634 err = MGMT_STATUS_NO_RESOURCES;
3635 break;
3636 }
3637
3638 b->type = keys->keys[i].type;
3639 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3640 list_add_rcu(&b->list, &hdev->blocked_keys);
3641 }
3642 hci_dev_unlock(hdev);
3643
3644 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3645 err, NULL, 0);
3646}
3647
3648static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3649 void *data, u16 len)
3650{
3651 struct mgmt_mode *cp = data;
3652 int err;
3653 bool changed = false;
3654
3655 bt_dev_dbg(hdev, "sock %p", sk);
3656
3657 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3658 return mgmt_cmd_status(sk, hdev->id,
3659 MGMT_OP_SET_WIDEBAND_SPEECH,
3660 MGMT_STATUS_NOT_SUPPORTED);
3661
3662 if (cp->val != 0x00 && cp->val != 0x01)
3663 return mgmt_cmd_status(sk, hdev->id,
3664 MGMT_OP_SET_WIDEBAND_SPEECH,
3665 MGMT_STATUS_INVALID_PARAMS);
3666
3667 hci_dev_lock(hdev);
3668
3669 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3670 err = mgmt_cmd_status(sk, hdev->id,
3671 MGMT_OP_SET_WIDEBAND_SPEECH,
3672 MGMT_STATUS_BUSY);
3673 goto unlock;
3674 }
3675
3676 if (hdev_is_powered(hdev) &&
3677 !!cp->val != hci_dev_test_flag(hdev,
3678 HCI_WIDEBAND_SPEECH_ENABLED)) {
3679 err = mgmt_cmd_status(sk, hdev->id,
3680 MGMT_OP_SET_WIDEBAND_SPEECH,
3681 MGMT_STATUS_REJECTED);
3682 goto unlock;
3683 }
3684
3685 if (cp->val)
3686 changed = !hci_dev_test_and_set_flag(hdev,
3687 HCI_WIDEBAND_SPEECH_ENABLED);
3688 else
3689 changed = hci_dev_test_and_clear_flag(hdev,
3690 HCI_WIDEBAND_SPEECH_ENABLED);
3691
3692 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3693 if (err < 0)
3694 goto unlock;
3695
3696 if (changed)
3697 err = new_settings(hdev, sk);
3698
3699unlock:
3700 hci_dev_unlock(hdev);
3701 return err;
3702}
3703
3704static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3705 void *data, u16 data_len)
3706{
3707 char buf[16];
3708 struct mgmt_rp_read_security_info *rp = (void *)buf;
3709 u16 sec_len = 0;
3710 u8 flags = 0;
3711
3712 bt_dev_dbg(hdev, "sock %p", sk);
3713
3714 memset(&buf, 0, sizeof(buf));
3715
3716 hci_dev_lock(hdev);
3717
3718
3719
3720
3721 if (hdev->commands[41] & 0x08)
3722 flags |= 0x01;
3723
3724 flags |= 0x02;
3725
3726
3727
3728
3729 if (hdev->commands[20] & 0x10)
3730 flags |= 0x04;
3731
3732 flags |= 0x08;
3733
3734 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3735
3736
3737
3738
3739 if (hdev->commands[41] & 0x08)
3740 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
3741 hdev->max_enc_key_size);
3742
3743 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3744
3745 rp->sec_len = cpu_to_le16(sec_len);
3746
3747 hci_dev_unlock(hdev);
3748
3749 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3750 rp, sizeof(*rp) + sec_len);
3751}
3752
3753#ifdef CONFIG_BT_FEATURE_DEBUG
3754
3755static const u8 debug_uuid[16] = {
3756 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3757 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3758};
3759#endif
3760
3761
3762static const u8 simult_central_periph_uuid[16] = {
3763 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3764 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3765};
3766
3767
3768static const u8 rpa_resolution_uuid[16] = {
3769 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3770 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3771};
3772
3773static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3774 void *data, u16 data_len)
3775{
3776 char buf[62];
3777 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3778 u16 idx = 0;
3779 u32 flags;
3780
3781 bt_dev_dbg(hdev, "sock %p", sk);
3782
3783 memset(&buf, 0, sizeof(buf));
3784
3785#ifdef CONFIG_BT_FEATURE_DEBUG
3786 if (!hdev) {
3787 flags = bt_dbg_get() ? BIT(0) : 0;
3788
3789 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3790 rp->features[idx].flags = cpu_to_le32(flags);
3791 idx++;
3792 }
3793#endif
3794
3795 if (hdev) {
3796 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3797 (hdev->le_states[4] & 0x08) &&
3798 (hdev->le_states[4] & 0x40) &&
3799 (hdev->le_states[3] & 0x10))
3800 flags = BIT(0);
3801 else
3802 flags = 0;
3803
3804 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3805 rp->features[idx].flags = cpu_to_le32(flags);
3806 idx++;
3807 }
3808
3809 if (hdev && use_ll_privacy(hdev)) {
3810 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3811 flags = BIT(0) | BIT(1);
3812 else
3813 flags = BIT(1);
3814
3815 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3816 rp->features[idx].flags = cpu_to_le32(flags);
3817 idx++;
3818 }
3819
3820 rp->feature_count = cpu_to_le16(idx);
3821
3822
3823
3824
3825 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3826
3827 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3828 MGMT_OP_READ_EXP_FEATURES_INFO,
3829 0, rp, sizeof(*rp) + (20 * idx));
3830}
3831
3832static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3833 struct sock *skip)
3834{
3835 struct mgmt_ev_exp_feature_changed ev;
3836
3837 memset(&ev, 0, sizeof(ev));
3838 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3839 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3840
3841 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3842 &ev, sizeof(ev),
3843 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3844
3845}
3846
3847#ifdef CONFIG_BT_FEATURE_DEBUG
3848static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3849{
3850 struct mgmt_ev_exp_feature_changed ev;
3851
3852 memset(&ev, 0, sizeof(ev));
3853 memcpy(ev.uuid, debug_uuid, 16);
3854 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3855
3856 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3857 &ev, sizeof(ev),
3858 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3859}
3860#endif
3861
3862static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3863 void *data, u16 data_len)
3864{
3865 struct mgmt_cp_set_exp_feature *cp = data;
3866 struct mgmt_rp_set_exp_feature rp;
3867
3868 bt_dev_dbg(hdev, "sock %p", sk);
3869
3870 if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3871 memset(rp.uuid, 0, 16);
3872 rp.flags = cpu_to_le32(0);
3873
3874#ifdef CONFIG_BT_FEATURE_DEBUG
3875 if (!hdev) {
3876 bool changed = bt_dbg_get();
3877
3878 bt_dbg_set(false);
3879
3880 if (changed)
3881 exp_debug_feature_changed(false, sk);
3882 }
3883#endif
3884
3885 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3886 bool changed = hci_dev_test_flag(hdev,
3887 HCI_ENABLE_LL_PRIVACY);
3888
3889 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3890
3891 if (changed)
3892 exp_ll_privacy_feature_changed(false, hdev, sk);
3893 }
3894
3895 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3896
3897 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3898 MGMT_OP_SET_EXP_FEATURE, 0,
3899 &rp, sizeof(rp));
3900 }
3901
3902#ifdef CONFIG_BT_FEATURE_DEBUG
3903 if (!memcmp(cp->uuid, debug_uuid, 16)) {
3904 bool val, changed;
3905 int err;
3906
3907
3908 if (hdev)
3909 return mgmt_cmd_status(sk, hdev->id,
3910 MGMT_OP_SET_EXP_FEATURE,
3911 MGMT_STATUS_INVALID_INDEX);
3912
3913
3914 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3915 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3916 MGMT_OP_SET_EXP_FEATURE,
3917 MGMT_STATUS_INVALID_PARAMS);
3918
3919
3920 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3921 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3922 MGMT_OP_SET_EXP_FEATURE,
3923 MGMT_STATUS_INVALID_PARAMS);
3924
3925 val = !!cp->param[0];
3926 changed = val ? !bt_dbg_get() : bt_dbg_get();
3927 bt_dbg_set(val);
3928
3929 memcpy(rp.uuid, debug_uuid, 16);
3930 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3931
3932 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3933
3934 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3935 MGMT_OP_SET_EXP_FEATURE, 0,
3936 &rp, sizeof(rp));
3937
3938 if (changed)
3939 exp_debug_feature_changed(val, sk);
3940
3941 return err;
3942 }
3943#endif
3944
3945 if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) {
3946 bool val, changed;
3947 int err;
3948 u32 flags;
3949
3950
3951 if (!hdev)
3952 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3953 MGMT_OP_SET_EXP_FEATURE,
3954 MGMT_STATUS_INVALID_INDEX);
3955
3956
3957 if (hdev_is_powered(hdev))
3958 return mgmt_cmd_status(sk, hdev->id,
3959 MGMT_OP_SET_EXP_FEATURE,
3960 MGMT_STATUS_NOT_POWERED);
3961
3962
3963 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3964 return mgmt_cmd_status(sk, hdev->id,
3965 MGMT_OP_SET_EXP_FEATURE,
3966 MGMT_STATUS_INVALID_PARAMS);
3967
3968
3969 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3970 return mgmt_cmd_status(sk, hdev->id,
3971 MGMT_OP_SET_EXP_FEATURE,
3972 MGMT_STATUS_INVALID_PARAMS);
3973
3974 val = !!cp->param[0];
3975
3976 if (val) {
3977 changed = !hci_dev_test_flag(hdev,
3978 HCI_ENABLE_LL_PRIVACY);
3979 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3980 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3981
3982
3983 flags = BIT(0) | BIT(1);
3984 } else {
3985 changed = hci_dev_test_flag(hdev,
3986 HCI_ENABLE_LL_PRIVACY);
3987 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3988
3989
3990 flags = BIT(1);
3991 }
3992
3993 memcpy(rp.uuid, rpa_resolution_uuid, 16);
3994 rp.flags = cpu_to_le32(flags);
3995
3996 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3997
3998 err = mgmt_cmd_complete(sk, hdev->id,
3999 MGMT_OP_SET_EXP_FEATURE, 0,
4000 &rp, sizeof(rp));
4001
4002 if (changed)
4003 exp_ll_privacy_feature_changed(val, hdev, sk);
4004
4005 return err;
4006 }
4007
4008 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4009 MGMT_OP_SET_EXP_FEATURE,
4010 MGMT_STATUS_NOT_SUPPORTED);
4011}
4012
4013#define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4014
4015static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4016 u16 data_len)
4017{
4018 struct mgmt_cp_get_device_flags *cp = data;
4019 struct mgmt_rp_get_device_flags rp;
4020 struct bdaddr_list_with_flags *br_params;
4021 struct hci_conn_params *params;
4022 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4023 u32 current_flags = 0;
4024 u8 status = MGMT_STATUS_INVALID_PARAMS;
4025
4026 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4027 &cp->addr.bdaddr, cp->addr.type);
4028
4029 hci_dev_lock(hdev);
4030
4031 if (cp->addr.type == BDADDR_BREDR) {
4032 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4033 &cp->addr.bdaddr,
4034 cp->addr.type);
4035 if (!br_params)
4036 goto done;
4037
4038 current_flags = br_params->current_flags;
4039 } else {
4040 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4041 le_addr_type(cp->addr.type));
4042
4043 if (!params)
4044 goto done;
4045
4046 current_flags = params->current_flags;
4047 }
4048
4049 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4050 rp.addr.type = cp->addr.type;
4051 rp.supported_flags = cpu_to_le32(supported_flags);
4052 rp.current_flags = cpu_to_le32(current_flags);
4053
4054 status = MGMT_STATUS_SUCCESS;
4055
4056done:
4057 hci_dev_unlock(hdev);
4058
4059 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4060 &rp, sizeof(rp));
4061}
4062
4063static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4064 bdaddr_t *bdaddr, u8 bdaddr_type,
4065 u32 supported_flags, u32 current_flags)
4066{
4067 struct mgmt_ev_device_flags_changed ev;
4068
4069 bacpy(&ev.addr.bdaddr, bdaddr);
4070 ev.addr.type = bdaddr_type;
4071 ev.supported_flags = cpu_to_le32(supported_flags);
4072 ev.current_flags = cpu_to_le32(current_flags);
4073
4074 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4075}
4076
4077static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4078 u16 len)
4079{
4080 struct mgmt_cp_set_device_flags *cp = data;
4081 struct bdaddr_list_with_flags *br_params;
4082 struct hci_conn_params *params;
4083 u8 status = MGMT_STATUS_INVALID_PARAMS;
4084 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4085 u32 current_flags = __le32_to_cpu(cp->current_flags);
4086
4087 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4088 &cp->addr.bdaddr, cp->addr.type,
4089 __le32_to_cpu(current_flags));
4090
4091 if ((supported_flags | current_flags) != supported_flags) {
4092 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4093 current_flags, supported_flags);
4094 goto done;
4095 }
4096
4097 hci_dev_lock(hdev);
4098
4099 if (cp->addr.type == BDADDR_BREDR) {
4100 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4101 &cp->addr.bdaddr,
4102 cp->addr.type);
4103
4104 if (br_params) {
4105 br_params->current_flags = current_flags;
4106 status = MGMT_STATUS_SUCCESS;
4107 } else {
4108 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4109 &cp->addr.bdaddr, cp->addr.type);
4110 }
4111 } else {
4112 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4113 le_addr_type(cp->addr.type));
4114 if (params) {
4115 params->current_flags = current_flags;
4116 status = MGMT_STATUS_SUCCESS;
4117 } else {
4118 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4119 &cp->addr.bdaddr,
4120 le_addr_type(cp->addr.type));
4121 }
4122 }
4123
4124done:
4125 hci_dev_unlock(hdev);
4126
4127 if (status == MGMT_STATUS_SUCCESS)
4128 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4129 supported_flags, current_flags);
4130
4131 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4132 &cp->addr, sizeof(cp->addr));
4133}
4134
4135static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4136 u16 handle)
4137{
4138 struct mgmt_ev_adv_monitor_added ev;
4139
4140 ev.monitor_handle = cpu_to_le16(handle);
4141
4142 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4143}
4144
4145static void mgmt_adv_monitor_removed(struct sock *sk, struct hci_dev *hdev,
4146 u16 handle)
4147{
4148 struct mgmt_ev_adv_monitor_added ev;
4149
4150 ev.monitor_handle = cpu_to_le16(handle);
4151
4152 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk);
4153}
4154
4155static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4156 void *data, u16 len)
4157{
4158 struct adv_monitor *monitor = NULL;
4159 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4160 int handle;
4161 size_t rp_size = 0;
4162 __u32 supported = 0;
4163 __u16 num_handles = 0;
4164 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4165
4166 BT_DBG("request for %s", hdev->name);
4167
4168 hci_dev_lock(hdev);
4169
4170 if (msft_get_features(hdev) & MSFT_FEATURE_MASK_LE_ADV_MONITOR)
4171 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4172
4173 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) {
4174 handles[num_handles++] = monitor->handle;
4175 }
4176
4177 hci_dev_unlock(hdev);
4178
4179 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4180 rp = kmalloc(rp_size, GFP_KERNEL);
4181 if (!rp)
4182 return -ENOMEM;
4183
4184
4185
4186
4187 rp->supported_features = cpu_to_le32(supported);
4188 rp->enabled_features = 0;
4189 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4190 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4191 rp->num_handles = cpu_to_le16(num_handles);
4192 if (num_handles)
4193 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4194
4195 return mgmt_cmd_complete(sk, hdev->id,
4196 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4197 MGMT_STATUS_SUCCESS, rp, rp_size);
4198}
4199
4200static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4201 void *data, u16 len)
4202{
4203 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4204 struct mgmt_rp_add_adv_patterns_monitor rp;
4205 struct adv_monitor *m = NULL;
4206 struct adv_pattern *p = NULL;
4207 unsigned int mp_cnt = 0, prev_adv_monitors_cnt;
4208 __u8 cp_ofst = 0, cp_len = 0;
4209 int err, i;
4210
4211 BT_DBG("request for %s", hdev->name);
4212
4213 if (len <= sizeof(*cp) || cp->pattern_count == 0) {
4214 err = mgmt_cmd_status(sk, hdev->id,
4215 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4216 MGMT_STATUS_INVALID_PARAMS);
4217 goto failed;
4218 }
4219
4220 m = kmalloc(sizeof(*m), GFP_KERNEL);
4221 if (!m) {
4222 err = -ENOMEM;
4223 goto failed;
4224 }
4225
4226 INIT_LIST_HEAD(&m->patterns);
4227 m->active = false;
4228
4229 for (i = 0; i < cp->pattern_count; i++) {
4230 if (++mp_cnt > HCI_MAX_ADV_MONITOR_NUM_PATTERNS) {
4231 err = mgmt_cmd_status(sk, hdev->id,
4232 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4233 MGMT_STATUS_INVALID_PARAMS);
4234 goto failed;
4235 }
4236
4237 cp_ofst = cp->patterns[i].offset;
4238 cp_len = cp->patterns[i].length;
4239 if (cp_ofst >= HCI_MAX_AD_LENGTH ||
4240 cp_len > HCI_MAX_AD_LENGTH ||
4241 (cp_ofst + cp_len) > HCI_MAX_AD_LENGTH) {
4242 err = mgmt_cmd_status(sk, hdev->id,
4243 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4244 MGMT_STATUS_INVALID_PARAMS);
4245 goto failed;
4246 }
4247
4248 p = kmalloc(sizeof(*p), GFP_KERNEL);
4249 if (!p) {
4250 err = -ENOMEM;
4251 goto failed;
4252 }
4253
4254 p->ad_type = cp->patterns[i].ad_type;
4255 p->offset = cp->patterns[i].offset;
4256 p->length = cp->patterns[i].length;
4257 memcpy(p->value, cp->patterns[i].value, p->length);
4258
4259 INIT_LIST_HEAD(&p->list);
4260 list_add(&p->list, &m->patterns);
4261 }
4262
4263 if (mp_cnt != cp->pattern_count) {
4264 err = mgmt_cmd_status(sk, hdev->id,
4265 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4266 MGMT_STATUS_INVALID_PARAMS);
4267 goto failed;
4268 }
4269
4270 hci_dev_lock(hdev);
4271
4272 prev_adv_monitors_cnt = hdev->adv_monitors_cnt;
4273
4274 err = hci_add_adv_monitor(hdev, m);
4275 if (err) {
4276 if (err == -ENOSPC) {
4277 mgmt_cmd_status(sk, hdev->id,
4278 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4279 MGMT_STATUS_NO_RESOURCES);
4280 }
4281 goto unlock;
4282 }
4283
4284 if (hdev->adv_monitors_cnt > prev_adv_monitors_cnt)
4285 mgmt_adv_monitor_added(sk, hdev, m->handle);
4286
4287 hci_dev_unlock(hdev);
4288
4289 rp.monitor_handle = cpu_to_le16(m->handle);
4290
4291 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4292 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4293
4294unlock:
4295 hci_dev_unlock(hdev);
4296
4297failed:
4298 hci_free_adv_monitor(m);
4299 return err;
4300}
4301
4302static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4303 void *data, u16 len)
4304{
4305 struct mgmt_cp_remove_adv_monitor *cp = data;
4306 struct mgmt_rp_remove_adv_monitor rp;
4307 unsigned int prev_adv_monitors_cnt;
4308 u16 handle;
4309 int err;
4310
4311 BT_DBG("request for %s", hdev->name);
4312
4313 hci_dev_lock(hdev);
4314
4315 handle = __le16_to_cpu(cp->monitor_handle);
4316 prev_adv_monitors_cnt = hdev->adv_monitors_cnt;
4317
4318 err = hci_remove_adv_monitor(hdev, handle);
4319 if (err == -ENOENT) {
4320 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4321 MGMT_STATUS_INVALID_INDEX);
4322 goto unlock;
4323 }
4324
4325 if (hdev->adv_monitors_cnt < prev_adv_monitors_cnt)
4326 mgmt_adv_monitor_removed(sk, hdev, handle);
4327
4328 hci_dev_unlock(hdev);
4329
4330 rp.monitor_handle = cp->monitor_handle;
4331
4332 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4333 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4334
4335unlock:
4336 hci_dev_unlock(hdev);
4337 return err;
4338}
4339
4340static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4341 u16 opcode, struct sk_buff *skb)
4342{
4343 struct mgmt_rp_read_local_oob_data mgmt_rp;
4344 size_t rp_size = sizeof(mgmt_rp);
4345 struct mgmt_pending_cmd *cmd;
4346
4347 bt_dev_dbg(hdev, "status %u", status);
4348
4349 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4350 if (!cmd)
4351 return;
4352
4353 if (status || !skb) {
4354 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4355 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4356 goto remove;
4357 }
4358
4359 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4360
4361 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4362 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4363
4364 if (skb->len < sizeof(*rp)) {
4365 mgmt_cmd_status(cmd->sk, hdev->id,
4366 MGMT_OP_READ_LOCAL_OOB_DATA,
4367 MGMT_STATUS_FAILED);
4368 goto remove;
4369 }
4370
4371 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4372 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4373
4374 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4375 } else {
4376 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4377
4378 if (skb->len < sizeof(*rp)) {
4379 mgmt_cmd_status(cmd->sk, hdev->id,
4380 MGMT_OP_READ_LOCAL_OOB_DATA,
4381 MGMT_STATUS_FAILED);
4382 goto remove;
4383 }
4384
4385 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4386 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4387
4388 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4389 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4390 }
4391
4392 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4393 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4394
4395remove:
4396 mgmt_pending_remove(cmd);
4397}
4398
4399static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
4400 void *data, u16 data_len)
4401{
4402 struct mgmt_pending_cmd *cmd;
4403 struct hci_request req;
4404 int err;
4405
4406 bt_dev_dbg(hdev, "sock %p", sk);
4407
4408 hci_dev_lock(hdev);
4409
4410 if (!hdev_is_powered(hdev)) {
4411 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4412 MGMT_STATUS_NOT_POWERED);
4413 goto unlock;
4414 }
4415
4416 if (!lmp_ssp_capable(hdev)) {
4417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4418 MGMT_STATUS_NOT_SUPPORTED);
4419 goto unlock;
4420 }
4421
4422 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
4423 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4424 MGMT_STATUS_BUSY);
4425 goto unlock;
4426 }
4427
4428 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4429 if (!cmd) {
4430 err = -ENOMEM;
4431 goto unlock;
4432 }
4433
4434 hci_req_init(&req, hdev);
4435
4436 if (bredr_sc_enabled(hdev))
4437 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4438 else
4439 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4440
4441 err = hci_req_run_skb(&req, read_local_oob_data_complete);
4442 if (err < 0)
4443 mgmt_pending_remove(cmd);
4444
4445unlock:
4446 hci_dev_unlock(hdev);
4447 return err;
4448}
4449
4450static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4451 void *data, u16 len)
4452{
4453 struct mgmt_addr_info *addr = data;
4454 int err;
4455
4456 bt_dev_dbg(hdev, "sock %p", sk);
4457
4458 if (!bdaddr_type_is_valid(addr->type))
4459 return mgmt_cmd_complete(sk, hdev->id,
4460 MGMT_OP_ADD_REMOTE_OOB_DATA,
4461 MGMT_STATUS_INVALID_PARAMS,
4462 addr, sizeof(*addr));
4463
4464 hci_dev_lock(hdev);
4465
4466 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4467 struct mgmt_cp_add_remote_oob_data *cp = data;
4468 u8 status;
4469
4470 if (cp->addr.type != BDADDR_BREDR) {
4471 err = mgmt_cmd_complete(sk, hdev->id,
4472 MGMT_OP_ADD_REMOTE_OOB_DATA,
4473 MGMT_STATUS_INVALID_PARAMS,
4474 &cp->addr, sizeof(cp->addr));
4475 goto unlock;
4476 }
4477
4478 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4479 cp->addr.type, cp->hash,
4480 cp->rand, NULL, NULL);
4481 if (err < 0)
4482 status = MGMT_STATUS_FAILED;
4483 else
4484 status = MGMT_STATUS_SUCCESS;
4485
4486 err = mgmt_cmd_complete(sk, hdev->id,
4487 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4488 &cp->addr, sizeof(cp->addr));
4489 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4490 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
4491 u8 *rand192, *hash192, *rand256, *hash256;
4492 u8 status;
4493
4494 if (bdaddr_type_is_le(cp->addr.type)) {
4495
4496
4497
4498 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4499 memcmp(cp->hash192, ZERO_KEY, 16)) {
4500 err = mgmt_cmd_complete(sk, hdev->id,
4501 MGMT_OP_ADD_REMOTE_OOB_DATA,
4502 MGMT_STATUS_INVALID_PARAMS,
4503 addr, sizeof(*addr));
4504 goto unlock;
4505 }
4506
4507 rand192 = NULL;
4508 hash192 = NULL;
4509 } else {
4510
4511
4512
4513 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4514 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4515 rand192 = NULL;
4516 hash192 = NULL;
4517 } else {
4518 rand192 = cp->rand192;
4519 hash192 = cp->hash192;
4520 }
4521 }
4522
4523
4524
4525
4526 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4527 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4528 rand256 = NULL;
4529 hash256 = NULL;
4530 } else {
4531 rand256 = cp->rand256;
4532 hash256 = cp->hash256;
4533 }
4534
4535 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
4536 cp->addr.type, hash192, rand192,
4537 hash256, rand256);
4538 if (err < 0)
4539 status = MGMT_STATUS_FAILED;
4540 else
4541 status = MGMT_STATUS_SUCCESS;
4542
4543 err = mgmt_cmd_complete(sk, hdev->id,
4544 MGMT_OP_ADD_REMOTE_OOB_DATA,
4545 status, &cp->addr, sizeof(cp->addr));
4546 } else {
4547 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4548 len);
4549 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4550 MGMT_STATUS_INVALID_PARAMS);
4551 }
4552
4553unlock:
4554 hci_dev_unlock(hdev);
4555 return err;
4556}
4557
4558static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4559 void *data, u16 len)
4560{
4561 struct mgmt_cp_remove_remote_oob_data *cp = data;
4562 u8 status;
4563 int err;
4564
4565 bt_dev_dbg(hdev, "sock %p", sk);
4566
4567 if (cp->addr.type != BDADDR_BREDR)
4568 return mgmt_cmd_complete(sk, hdev->id,
4569 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4570 MGMT_STATUS_INVALID_PARAMS,
4571 &cp->addr, sizeof(cp->addr));
4572
4573 hci_dev_lock(hdev);
4574
4575 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4576 hci_remote_oob_data_clear(hdev);
4577 status = MGMT_STATUS_SUCCESS;
4578 goto done;
4579 }
4580
4581 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4582 if (err < 0)
4583 status = MGMT_STATUS_INVALID_PARAMS;
4584 else
4585 status = MGMT_STATUS_SUCCESS;
4586
4587done:
4588 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4589 status, &cp->addr, sizeof(cp->addr));
4590
4591 hci_dev_unlock(hdev);
4592 return err;
4593}
4594
4595void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
4596{
4597 struct mgmt_pending_cmd *cmd;
4598
4599 bt_dev_dbg(hdev, "status %d", status);
4600
4601 hci_dev_lock(hdev);
4602
4603 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4604 if (!cmd)
4605 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4606
4607 if (!cmd)
4608 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4609
4610 if (cmd) {
4611 cmd->cmd_complete(cmd, mgmt_status(status));
4612 mgmt_pending_remove(cmd);
4613 }
4614
4615 hci_dev_unlock(hdev);
4616
4617
4618 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4619 hdev->suspend_tasks)) {
4620 bt_dev_dbg(hdev, "Unpaused discovery");
4621 wake_up(&hdev->suspend_wait_q);
4622 }
4623}
4624
4625static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4626 uint8_t *mgmt_status)
4627{
4628 switch (type) {
4629 case DISCOV_TYPE_LE:
4630 *mgmt_status = mgmt_le_support(hdev);
4631 if (*mgmt_status)
4632 return false;
4633 break;
4634 case DISCOV_TYPE_INTERLEAVED:
4635 *mgmt_status = mgmt_le_support(hdev);
4636 if (*mgmt_status)
4637 return false;
4638 fallthrough;
4639 case DISCOV_TYPE_BREDR:
4640 *mgmt_status = mgmt_bredr_support(hdev);
4641 if (*mgmt_status)
4642 return false;
4643 break;
4644 default:
4645 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4646 return false;
4647 }
4648
4649 return true;
4650}
4651
4652static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4653 u16 op, void *data, u16 len)
4654{
4655 struct mgmt_cp_start_discovery *cp = data;
4656 struct mgmt_pending_cmd *cmd;
4657 u8 status;
4658 int err;
4659
4660 bt_dev_dbg(hdev, "sock %p", sk);
4661
4662 hci_dev_lock(hdev);
4663
4664 if (!hdev_is_powered(hdev)) {
4665 err = mgmt_cmd_complete(sk, hdev->id, op,
4666 MGMT_STATUS_NOT_POWERED,
4667 &cp->type, sizeof(cp->type));
4668 goto failed;
4669 }
4670
4671 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4672 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4673 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4674 &cp->type, sizeof(cp->type));
4675 goto failed;
4676 }
4677
4678 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4679 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4680 &cp->type, sizeof(cp->type));
4681 goto failed;
4682 }
4683
4684
4685 if (hdev->discovery_paused) {
4686 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4687 &cp->type, sizeof(cp->type));
4688 goto failed;
4689 }
4690
4691
4692
4693
4694 hci_discovery_filter_clear(hdev);
4695
4696 hdev->discovery.type = cp->type;
4697 hdev->discovery.report_invalid_rssi = false;
4698 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4699 hdev->discovery.limited = true;
4700 else
4701 hdev->discovery.limited = false;
4702
4703 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4704 if (!cmd) {
4705 err = -ENOMEM;
4706 goto failed;
4707 }
4708
4709 cmd->cmd_complete = generic_cmd_complete;
4710
4711 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4712 queue_work(hdev->req_workqueue, &hdev->discov_update);
4713 err = 0;
4714
4715failed:
4716 hci_dev_unlock(hdev);
4717 return err;
4718}
4719
4720static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4721 void *data, u16 len)
4722{
4723 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4724 data, len);
4725}
4726
4727static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4728 void *data, u16 len)
4729{
4730 return start_discovery_internal(sk, hdev,
4731 MGMT_OP_START_LIMITED_DISCOVERY,
4732 data, len);
4733}
4734
4735static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4736 u8 status)
4737{
4738 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4739 cmd->param, 1);
4740}
4741
4742static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4743 void *data, u16 len)
4744{
4745 struct mgmt_cp_start_service_discovery *cp = data;
4746 struct mgmt_pending_cmd *cmd;
4747 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4748 u16 uuid_count, expected_len;
4749 u8 status;
4750 int err;
4751
4752 bt_dev_dbg(hdev, "sock %p", sk);
4753
4754 hci_dev_lock(hdev);
4755
4756 if (!hdev_is_powered(hdev)) {
4757 err = mgmt_cmd_complete(sk, hdev->id,
4758 MGMT_OP_START_SERVICE_DISCOVERY,
4759 MGMT_STATUS_NOT_POWERED,
4760 &cp->type, sizeof(cp->type));
4761 goto failed;
4762 }
4763
4764 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4765 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4766 err = mgmt_cmd_complete(sk, hdev->id,
4767 MGMT_OP_START_SERVICE_DISCOVERY,
4768 MGMT_STATUS_BUSY, &cp->type,
4769 sizeof(cp->type));
4770 goto failed;
4771 }
4772
4773 uuid_count = __le16_to_cpu(cp->uuid_count);
4774 if (uuid_count > max_uuid_count) {
4775 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4776 uuid_count);
4777 err = mgmt_cmd_complete(sk, hdev->id,
4778 MGMT_OP_START_SERVICE_DISCOVERY,
4779 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4780 sizeof(cp->type));
4781 goto failed;
4782 }
4783
4784 expected_len = sizeof(*cp) + uuid_count * 16;
4785 if (expected_len != len) {
4786 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4787 expected_len, len);
4788 err = mgmt_cmd_complete(sk, hdev->id,
4789 MGMT_OP_START_SERVICE_DISCOVERY,
4790 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4791 sizeof(cp->type));
4792 goto failed;
4793 }
4794
4795 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4796 err = mgmt_cmd_complete(sk, hdev->id,
4797 MGMT_OP_START_SERVICE_DISCOVERY,
4798 status, &cp->type, sizeof(cp->type));
4799 goto failed;
4800 }
4801
4802 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4803 hdev, data, len);
4804 if (!cmd) {
4805 err = -ENOMEM;
4806 goto failed;
4807 }
4808
4809 cmd->cmd_complete = service_discovery_cmd_complete;
4810
4811
4812
4813
4814 hci_discovery_filter_clear(hdev);
4815
4816 hdev->discovery.result_filtering = true;
4817 hdev->discovery.type = cp->type;
4818 hdev->discovery.rssi = cp->rssi;
4819 hdev->discovery.uuid_count = uuid_count;
4820
4821 if (uuid_count > 0) {
4822 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4823 GFP_KERNEL);
4824 if (!hdev->discovery.uuids) {
4825 err = mgmt_cmd_complete(sk, hdev->id,
4826 MGMT_OP_START_SERVICE_DISCOVERY,
4827 MGMT_STATUS_FAILED,
4828 &cp->type, sizeof(cp->type));
4829 mgmt_pending_remove(cmd);
4830 goto failed;
4831 }
4832 }
4833
4834 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4835 queue_work(hdev->req_workqueue, &hdev->discov_update);
4836 err = 0;
4837
4838failed:
4839 hci_dev_unlock(hdev);
4840 return err;
4841}
4842
4843void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4844{
4845 struct mgmt_pending_cmd *cmd;
4846
4847 bt_dev_dbg(hdev, "status %d", status);
4848
4849 hci_dev_lock(hdev);
4850
4851 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4852 if (cmd) {
4853 cmd->cmd_complete(cmd, mgmt_status(status));
4854 mgmt_pending_remove(cmd);
4855 }
4856
4857 hci_dev_unlock(hdev);
4858
4859
4860 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
4861 bt_dev_dbg(hdev, "Paused discovery");
4862 wake_up(&hdev->suspend_wait_q);
4863 }
4864}
4865
4866static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4867 u16 len)
4868{
4869 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4870 struct mgmt_pending_cmd *cmd;
4871 int err;
4872
4873 bt_dev_dbg(hdev, "sock %p", sk);
4874
4875 hci_dev_lock(hdev);
4876
4877 if (!hci_discovery_active(hdev)) {
4878 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4879 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4880 sizeof(mgmt_cp->type));
4881 goto unlock;
4882 }
4883
4884 if (hdev->discovery.type != mgmt_cp->type) {
4885 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4886 MGMT_STATUS_INVALID_PARAMS,
4887 &mgmt_cp->type, sizeof(mgmt_cp->type));
4888 goto unlock;
4889 }
4890
4891 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4892 if (!cmd) {
4893 err = -ENOMEM;
4894 goto unlock;
4895 }
4896
4897 cmd->cmd_complete = generic_cmd_complete;
4898
4899 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4900 queue_work(hdev->req_workqueue, &hdev->discov_update);
4901 err = 0;
4902
4903unlock:
4904 hci_dev_unlock(hdev);
4905 return err;
4906}
4907
4908static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4909 u16 len)
4910{
4911 struct mgmt_cp_confirm_name *cp = data;
4912 struct inquiry_entry *e;
4913 int err;
4914
4915 bt_dev_dbg(hdev, "sock %p", sk);
4916
4917 hci_dev_lock(hdev);
4918
4919 if (!hci_discovery_active(hdev)) {
4920 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4921 MGMT_STATUS_FAILED, &cp->addr,
4922 sizeof(cp->addr));
4923 goto failed;
4924 }
4925
4926 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4927 if (!e) {
4928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4929 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4930 sizeof(cp->addr));
4931 goto failed;
4932 }
4933
4934 if (cp->name_known) {
4935 e->name_state = NAME_KNOWN;
4936 list_del(&e->list);
4937 } else {
4938 e->name_state = NAME_NEEDED;
4939 hci_inquiry_cache_update_resolve(hdev, e);
4940 }
4941
4942 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4943 &cp->addr, sizeof(cp->addr));
4944
4945failed:
4946 hci_dev_unlock(hdev);
4947 return err;
4948}
4949
4950static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4951 u16 len)
4952{
4953 struct mgmt_cp_block_device *cp = data;
4954 u8 status;
4955 int err;
4956
4957 bt_dev_dbg(hdev, "sock %p", sk);
4958
4959 if (!bdaddr_type_is_valid(cp->addr.type))
4960 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4961 MGMT_STATUS_INVALID_PARAMS,
4962 &cp->addr, sizeof(cp->addr));
4963
4964 hci_dev_lock(hdev);
4965
4966 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4967 cp->addr.type);
4968 if (err < 0) {
4969 status = MGMT_STATUS_FAILED;
4970 goto done;
4971 }
4972
4973 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4974 sk);
4975 status = MGMT_STATUS_SUCCESS;
4976
4977done:
4978 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4979 &cp->addr, sizeof(cp->addr));
4980
4981 hci_dev_unlock(hdev);
4982
4983 return err;
4984}
4985
4986static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4987 u16 len)
4988{
4989 struct mgmt_cp_unblock_device *cp = data;
4990 u8 status;
4991 int err;
4992
4993 bt_dev_dbg(hdev, "sock %p", sk);
4994
4995 if (!bdaddr_type_is_valid(cp->addr.type))
4996 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4997 MGMT_STATUS_INVALID_PARAMS,
4998 &cp->addr, sizeof(cp->addr));
4999
5000 hci_dev_lock(hdev);
5001
5002 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
5003 cp->addr.type);
5004 if (err < 0) {
5005 status = MGMT_STATUS_INVALID_PARAMS;
5006 goto done;
5007 }
5008
5009 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5010 sk);
5011 status = MGMT_STATUS_SUCCESS;
5012
5013done:
5014 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5015 &cp->addr, sizeof(cp->addr));
5016
5017 hci_dev_unlock(hdev);
5018
5019 return err;
5020}
5021
5022static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5023 u16 len)
5024{
5025 struct mgmt_cp_set_device_id *cp = data;
5026 struct hci_request req;
5027 int err;
5028 __u16 source;
5029
5030 bt_dev_dbg(hdev, "sock %p", sk);
5031
5032 source = __le16_to_cpu(cp->source);
5033
5034 if (source > 0x0002)
5035 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5036 MGMT_STATUS_INVALID_PARAMS);
5037
5038 hci_dev_lock(hdev);
5039
5040 hdev->devid_source = source;
5041 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5042 hdev->devid_product = __le16_to_cpu(cp->product);
5043 hdev->devid_version = __le16_to_cpu(cp->version);
5044
5045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5046 NULL, 0);
5047
5048 hci_req_init(&req, hdev);
5049 __hci_req_update_eir(&req);
5050 hci_req_run(&req, NULL);
5051
5052 hci_dev_unlock(hdev);
5053
5054 return err;
5055}
5056
5057static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5058 u16 opcode)
5059{
5060 bt_dev_dbg(hdev, "status %d", status);
5061}
5062
5063static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5064 u16 opcode)
5065{
5066 struct cmd_lookup match = { NULL, hdev };
5067 struct hci_request req;
5068 u8 instance;
5069 struct adv_info *adv_instance;
5070 int err;
5071
5072 hci_dev_lock(hdev);
5073
5074 if (status) {
5075 u8 mgmt_err = mgmt_status(status);
5076
5077 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5078 cmd_status_rsp, &mgmt_err);
5079 goto unlock;
5080 }
5081
5082 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5083 hci_dev_set_flag(hdev, HCI_ADVERTISING);
5084 else
5085 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
5086
5087 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5088 &match);
5089
5090 new_settings(hdev, match.sk);
5091
5092 if (match.sk)
5093 sock_put(match.sk);
5094
5095
5096 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5097 hdev->suspend_tasks)) {
5098 bt_dev_dbg(hdev, "Paused advertising");
5099 wake_up(&hdev->suspend_wait_q);
5100 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5101 hdev->suspend_tasks)) {
5102 bt_dev_dbg(hdev, "Unpaused advertising");
5103 wake_up(&hdev->suspend_wait_q);
5104 }
5105
5106
5107
5108
5109 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5110 list_empty(&hdev->adv_instances))
5111 goto unlock;
5112
5113 instance = hdev->cur_adv_instance;
5114 if (!instance) {
5115 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5116 struct adv_info, list);
5117 if (!adv_instance)
5118 goto unlock;
5119
5120 instance = adv_instance->instance;
5121 }
5122
5123 hci_req_init(&req, hdev);
5124
5125 err = __hci_req_schedule_adv_instance(&req, instance, true);
5126
5127 if (!err)
5128 err = hci_req_run(&req, enable_advertising_instance);
5129
5130 if (err)
5131 bt_dev_err(hdev, "failed to re-configure advertising");
5132
5133unlock:
5134 hci_dev_unlock(hdev);
5135}
5136
5137static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5138 u16 len)
5139{
5140 struct mgmt_mode *cp = data;
5141 struct mgmt_pending_cmd *cmd;
5142 struct hci_request req;
5143 u8 val, status;
5144 int err;
5145
5146 bt_dev_dbg(hdev, "sock %p", sk);
5147
5148 status = mgmt_le_support(hdev);
5149 if (status)
5150 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5151 status);
5152
5153
5154
5155
5156 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
5157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5158 MGMT_STATUS_NOT_SUPPORTED);
5159
5160 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5162 MGMT_STATUS_INVALID_PARAMS);
5163
5164 if (hdev->advertising_paused)
5165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5166 MGMT_STATUS_BUSY);
5167
5168 hci_dev_lock(hdev);
5169
5170 val = !!cp->val;
5171
5172
5173
5174
5175
5176
5177 if (!hdev_is_powered(hdev) ||
5178 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5179 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
5180 hci_conn_num(hdev, LE_LINK) > 0 ||
5181 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5182 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
5183 bool changed;
5184
5185 if (cp->val) {
5186 hdev->cur_adv_instance = 0x00;
5187 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
5188 if (cp->val == 0x02)
5189 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5190 else
5191 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5192 } else {
5193 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
5194 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5195 }
5196
5197 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5198 if (err < 0)
5199 goto unlock;
5200
5201 if (changed)
5202 err = new_settings(hdev, sk);
5203
5204 goto unlock;
5205 }
5206
5207 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5208 pending_find(MGMT_OP_SET_LE, hdev)) {
5209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5210 MGMT_STATUS_BUSY);
5211 goto unlock;
5212 }
5213
5214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5215 if (!cmd) {
5216 err = -ENOMEM;
5217 goto unlock;
5218 }
5219
5220 hci_req_init(&req, hdev);
5221
5222 if (cp->val == 0x02)
5223 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5224 else
5225 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5226
5227 cancel_adv_timeout(hdev);
5228
5229 if (val) {
5230
5231
5232
5233
5234 hdev->cur_adv_instance = 0x00;
5235
5236 if (ext_adv_capable(hdev)) {
5237 __hci_req_start_ext_adv(&req, 0x00);
5238 } else {
5239 __hci_req_update_adv_data(&req, 0x00);
5240 __hci_req_update_scan_rsp_data(&req, 0x00);
5241 __hci_req_enable_advertising(&req);
5242 }
5243 } else {
5244 __hci_req_disable_advertising(&req);
5245 }
5246
5247 err = hci_req_run(&req, set_advertising_complete);
5248 if (err < 0)
5249 mgmt_pending_remove(cmd);
5250
5251unlock:
5252 hci_dev_unlock(hdev);
5253 return err;
5254}
5255
5256static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5257 void *data, u16 len)
5258{
5259 struct mgmt_cp_set_static_address *cp = data;
5260 int err;
5261
5262 bt_dev_dbg(hdev, "sock %p", sk);
5263
5264 if (!lmp_le_capable(hdev))
5265 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5266 MGMT_STATUS_NOT_SUPPORTED);
5267
5268 if (hdev_is_powered(hdev))
5269 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5270 MGMT_STATUS_REJECTED);
5271
5272 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5273 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
5274 return mgmt_cmd_status(sk, hdev->id,
5275 MGMT_OP_SET_STATIC_ADDRESS,
5276 MGMT_STATUS_INVALID_PARAMS);
5277
5278
5279 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
5280 return mgmt_cmd_status(sk, hdev->id,
5281 MGMT_OP_SET_STATIC_ADDRESS,
5282 MGMT_STATUS_INVALID_PARAMS);
5283 }
5284
5285 hci_dev_lock(hdev);
5286
5287 bacpy(&hdev->static_addr, &cp->bdaddr);
5288
5289 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5290 if (err < 0)
5291 goto unlock;
5292
5293 err = new_settings(hdev, sk);
5294
5295unlock:
5296 hci_dev_unlock(hdev);
5297 return err;
5298}
5299
5300static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5301 void *data, u16 len)
5302{
5303 struct mgmt_cp_set_scan_params *cp = data;
5304 __u16 interval, window;
5305 int err;
5306
5307 bt_dev_dbg(hdev, "sock %p", sk);
5308
5309 if (!lmp_le_capable(hdev))
5310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5311 MGMT_STATUS_NOT_SUPPORTED);
5312
5313 interval = __le16_to_cpu(cp->interval);
5314
5315 if (interval < 0x0004 || interval > 0x4000)
5316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5317 MGMT_STATUS_INVALID_PARAMS);
5318
5319 window = __le16_to_cpu(cp->window);
5320
5321 if (window < 0x0004 || window > 0x4000)
5322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5323 MGMT_STATUS_INVALID_PARAMS);
5324
5325 if (window > interval)
5326 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5327 MGMT_STATUS_INVALID_PARAMS);
5328
5329 hci_dev_lock(hdev);
5330
5331 hdev->le_scan_interval = interval;
5332 hdev->le_scan_window = window;
5333
5334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5335 NULL, 0);
5336
5337
5338
5339
5340 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5341 hdev->discovery.state == DISCOVERY_STOPPED) {
5342 struct hci_request req;
5343
5344 hci_req_init(&req, hdev);
5345
5346 hci_req_add_le_scan_disable(&req, false);
5347 hci_req_add_le_passive_scan(&req);
5348
5349 hci_req_run(&req, NULL);
5350 }
5351
5352 hci_dev_unlock(hdev);
5353
5354 return err;
5355}
5356
5357static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5358 u16 opcode)
5359{
5360 struct mgmt_pending_cmd *cmd;
5361
5362 bt_dev_dbg(hdev, "status 0x%02x", status);
5363
5364 hci_dev_lock(hdev);
5365
5366 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5367 if (!cmd)
5368 goto unlock;
5369
5370 if (status) {
5371 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5372 mgmt_status(status));
5373 } else {
5374 struct mgmt_mode *cp = cmd->param;
5375
5376 if (cp->val)
5377 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
5378 else
5379 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5380
5381 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5382 new_settings(hdev, cmd->sk);
5383 }
5384
5385 mgmt_pending_remove(cmd);
5386
5387unlock:
5388 hci_dev_unlock(hdev);
5389}
5390
5391static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5392 void *data, u16 len)
5393{
5394 struct mgmt_mode *cp = data;
5395 struct mgmt_pending_cmd *cmd;
5396 struct hci_request req;
5397 int err;
5398
5399 bt_dev_dbg(hdev, "sock %p", sk);
5400
5401 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
5402 hdev->hci_ver < BLUETOOTH_VER_1_2)
5403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5404 MGMT_STATUS_NOT_SUPPORTED);
5405
5406 if (cp->val != 0x00 && cp->val != 0x01)
5407 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5408 MGMT_STATUS_INVALID_PARAMS);
5409
5410 hci_dev_lock(hdev);
5411
5412 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5413 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5414 MGMT_STATUS_BUSY);
5415 goto unlock;
5416 }
5417
5418 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
5419 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5420 hdev);
5421 goto unlock;
5422 }
5423
5424 if (!hdev_is_powered(hdev)) {
5425 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
5426 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5427 hdev);
5428 new_settings(hdev, sk);
5429 goto unlock;
5430 }
5431
5432 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5433 data, len);
5434 if (!cmd) {
5435 err = -ENOMEM;
5436 goto unlock;
5437 }
5438
5439 hci_req_init(&req, hdev);
5440
5441 __hci_req_write_fast_connectable(&req, cp->val);
5442
5443 err = hci_req_run(&req, fast_connectable_complete);
5444 if (err < 0) {
5445 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5446 MGMT_STATUS_FAILED);
5447 mgmt_pending_remove(cmd);
5448 }
5449
5450unlock:
5451 hci_dev_unlock(hdev);
5452
5453 return err;
5454}
5455
5456static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5457{
5458 struct mgmt_pending_cmd *cmd;
5459
5460 bt_dev_dbg(hdev, "status 0x%02x", status);
5461
5462 hci_dev_lock(hdev);
5463
5464 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5465 if (!cmd)
5466 goto unlock;
5467
5468 if (status) {
5469 u8 mgmt_err = mgmt_status(status);
5470
5471
5472
5473
5474 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5475
5476 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5477 } else {
5478 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5479 new_settings(hdev, cmd->sk);
5480 }
5481
5482 mgmt_pending_remove(cmd);
5483
5484unlock:
5485 hci_dev_unlock(hdev);
5486}
5487
5488static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5489{
5490 struct mgmt_mode *cp = data;
5491 struct mgmt_pending_cmd *cmd;
5492 struct hci_request req;
5493 int err;
5494
5495 bt_dev_dbg(hdev, "sock %p", sk);
5496
5497 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5498 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5499 MGMT_STATUS_NOT_SUPPORTED);
5500
5501 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5502 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5503 MGMT_STATUS_REJECTED);
5504
5505 if (cp->val != 0x00 && cp->val != 0x01)
5506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5507 MGMT_STATUS_INVALID_PARAMS);
5508
5509 hci_dev_lock(hdev);
5510
5511 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5512 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5513 goto unlock;
5514 }
5515
5516 if (!hdev_is_powered(hdev)) {
5517 if (!cp->val) {
5518 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5519 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5520 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5521 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5522 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5523 }
5524
5525 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5526
5527 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5528 if (err < 0)
5529 goto unlock;
5530
5531 err = new_settings(hdev, sk);
5532 goto unlock;
5533 }
5534
5535
5536 if (!cp->val) {
5537 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5538 MGMT_STATUS_REJECTED);
5539 goto unlock;
5540 } else {
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5556 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5557 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5558 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5559 MGMT_STATUS_REJECTED);
5560 goto unlock;
5561 }
5562 }
5563
5564 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5566 MGMT_STATUS_BUSY);
5567 goto unlock;
5568 }
5569
5570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5571 if (!cmd) {
5572 err = -ENOMEM;
5573 goto unlock;
5574 }
5575
5576
5577
5578
5579 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5580
5581 hci_req_init(&req, hdev);
5582
5583 __hci_req_write_fast_connectable(&req, false);
5584 __hci_req_update_scan(&req);
5585
5586
5587
5588
5589 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
5590
5591 err = hci_req_run(&req, set_bredr_complete);
5592 if (err < 0)
5593 mgmt_pending_remove(cmd);
5594
5595unlock:
5596 hci_dev_unlock(hdev);
5597 return err;
5598}
5599
5600static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5601{
5602 struct mgmt_pending_cmd *cmd;
5603 struct mgmt_mode *cp;
5604
5605 bt_dev_dbg(hdev, "status %u", status);
5606
5607 hci_dev_lock(hdev);
5608
5609 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5610 if (!cmd)
5611 goto unlock;
5612
5613 if (status) {
5614 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5615 mgmt_status(status));
5616 goto remove;
5617 }
5618
5619 cp = cmd->param;
5620
5621 switch (cp->val) {
5622 case 0x00:
5623 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5624 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5625 break;
5626 case 0x01:
5627 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5628 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5629 break;
5630 case 0x02:
5631 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5632 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5633 break;
5634 }
5635
5636 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5637 new_settings(hdev, cmd->sk);
5638
5639remove:
5640 mgmt_pending_remove(cmd);
5641unlock:
5642 hci_dev_unlock(hdev);
5643}
5644
5645static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5646 void *data, u16 len)
5647{
5648 struct mgmt_mode *cp = data;
5649 struct mgmt_pending_cmd *cmd;
5650 struct hci_request req;
5651 u8 val;
5652 int err;
5653
5654 bt_dev_dbg(hdev, "sock %p", sk);
5655
5656 if (!lmp_sc_capable(hdev) &&
5657 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5659 MGMT_STATUS_NOT_SUPPORTED);
5660
5661 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5662 lmp_sc_capable(hdev) &&
5663 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5665 MGMT_STATUS_REJECTED);
5666
5667 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5669 MGMT_STATUS_INVALID_PARAMS);
5670
5671 hci_dev_lock(hdev);
5672
5673 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5674 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5675 bool changed;
5676
5677 if (cp->val) {
5678 changed = !hci_dev_test_and_set_flag(hdev,
5679 HCI_SC_ENABLED);
5680 if (cp->val == 0x02)
5681 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5682 else
5683 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5684 } else {
5685 changed = hci_dev_test_and_clear_flag(hdev,
5686 HCI_SC_ENABLED);
5687 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5688 }
5689
5690 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5691 if (err < 0)
5692 goto failed;
5693
5694 if (changed)
5695 err = new_settings(hdev, sk);
5696
5697 goto failed;
5698 }
5699
5700 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5702 MGMT_STATUS_BUSY);
5703 goto failed;
5704 }
5705
5706 val = !!cp->val;
5707
5708 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5709 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5710 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5711 goto failed;
5712 }
5713
5714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5715 if (!cmd) {
5716 err = -ENOMEM;
5717 goto failed;
5718 }
5719
5720 hci_req_init(&req, hdev);
5721 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5722 err = hci_req_run(&req, sc_enable_complete);
5723 if (err < 0) {
5724 mgmt_pending_remove(cmd);
5725 goto failed;
5726 }
5727
5728failed:
5729 hci_dev_unlock(hdev);
5730 return err;
5731}
5732
5733static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5734 void *data, u16 len)
5735{
5736 struct mgmt_mode *cp = data;
5737 bool changed, use_changed;
5738 int err;
5739
5740 bt_dev_dbg(hdev, "sock %p", sk);
5741
5742 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5744 MGMT_STATUS_INVALID_PARAMS);
5745
5746 hci_dev_lock(hdev);
5747
5748 if (cp->val)
5749 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5750 else
5751 changed = hci_dev_test_and_clear_flag(hdev,
5752 HCI_KEEP_DEBUG_KEYS);
5753
5754 if (cp->val == 0x02)
5755 use_changed = !hci_dev_test_and_set_flag(hdev,
5756 HCI_USE_DEBUG_KEYS);
5757 else
5758 use_changed = hci_dev_test_and_clear_flag(hdev,
5759 HCI_USE_DEBUG_KEYS);
5760
5761 if (hdev_is_powered(hdev) && use_changed &&
5762 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5763 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5764 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5765 sizeof(mode), &mode);
5766 }
5767
5768 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5769 if (err < 0)
5770 goto unlock;
5771
5772 if (changed)
5773 err = new_settings(hdev, sk);
5774
5775unlock:
5776 hci_dev_unlock(hdev);
5777 return err;
5778}
5779
5780static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5781 u16 len)
5782{
5783 struct mgmt_cp_set_privacy *cp = cp_data;
5784 bool changed;
5785 int err;
5786
5787 bt_dev_dbg(hdev, "sock %p", sk);
5788
5789 if (!lmp_le_capable(hdev))
5790 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5791 MGMT_STATUS_NOT_SUPPORTED);
5792
5793 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
5794 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5795 MGMT_STATUS_INVALID_PARAMS);
5796
5797 if (hdev_is_powered(hdev))
5798 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5799 MGMT_STATUS_REJECTED);
5800
5801 hci_dev_lock(hdev);
5802
5803
5804
5805
5806 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5807
5808 if (cp->privacy) {
5809 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5810 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5811 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5812 hci_adv_instances_set_rpa_expired(hdev, true);
5813 if (cp->privacy == 0x02)
5814 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5815 else
5816 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5817 } else {
5818 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5819 memset(hdev->irk, 0, sizeof(hdev->irk));
5820 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5821 hci_adv_instances_set_rpa_expired(hdev, false);
5822 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5823 }
5824
5825 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5826 if (err < 0)
5827 goto unlock;
5828
5829 if (changed)
5830 err = new_settings(hdev, sk);
5831
5832unlock:
5833 hci_dev_unlock(hdev);
5834 return err;
5835}
5836
5837static bool irk_is_valid(struct mgmt_irk_info *irk)
5838{
5839 switch (irk->addr.type) {
5840 case BDADDR_LE_PUBLIC:
5841 return true;
5842
5843 case BDADDR_LE_RANDOM:
5844
5845 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5846 return false;
5847 return true;
5848 }
5849
5850 return false;
5851}
5852
5853static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5854 u16 len)
5855{
5856 struct mgmt_cp_load_irks *cp = cp_data;
5857 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5858 sizeof(struct mgmt_irk_info));
5859 u16 irk_count, expected_len;
5860 int i, err;
5861
5862 bt_dev_dbg(hdev, "sock %p", sk);
5863
5864 if (!lmp_le_capable(hdev))
5865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5866 MGMT_STATUS_NOT_SUPPORTED);
5867
5868 irk_count = __le16_to_cpu(cp->irk_count);
5869 if (irk_count > max_irk_count) {
5870 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5871 irk_count);
5872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5873 MGMT_STATUS_INVALID_PARAMS);
5874 }
5875
5876 expected_len = struct_size(cp, irks, irk_count);
5877 if (expected_len != len) {
5878 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5879 expected_len, len);
5880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5881 MGMT_STATUS_INVALID_PARAMS);
5882 }
5883
5884 bt_dev_dbg(hdev, "irk_count %u", irk_count);
5885
5886 for (i = 0; i < irk_count; i++) {
5887 struct mgmt_irk_info *key = &cp->irks[i];
5888
5889 if (!irk_is_valid(key))
5890 return mgmt_cmd_status(sk, hdev->id,
5891 MGMT_OP_LOAD_IRKS,
5892 MGMT_STATUS_INVALID_PARAMS);
5893 }
5894
5895 hci_dev_lock(hdev);
5896
5897 hci_smp_irks_clear(hdev);
5898
5899 for (i = 0; i < irk_count; i++) {
5900 struct mgmt_irk_info *irk = &cp->irks[i];
5901
5902 if (hci_is_blocked_key(hdev,
5903 HCI_BLOCKED_KEY_TYPE_IRK,
5904 irk->val)) {
5905 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5906 &irk->addr.bdaddr);
5907 continue;
5908 }
5909
5910 hci_add_irk(hdev, &irk->addr.bdaddr,
5911 le_addr_type(irk->addr.type), irk->val,
5912 BDADDR_ANY);
5913 }
5914
5915 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5916
5917 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5918
5919 hci_dev_unlock(hdev);
5920
5921 return err;
5922}
5923
5924static bool ltk_is_valid(struct mgmt_ltk_info *key)
5925{
5926 if (key->master != 0x00 && key->master != 0x01)
5927 return false;
5928
5929 switch (key->addr.type) {
5930 case BDADDR_LE_PUBLIC:
5931 return true;
5932
5933 case BDADDR_LE_RANDOM:
5934
5935 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5936 return false;
5937 return true;
5938 }
5939
5940 return false;
5941}
5942
5943static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5944 void *cp_data, u16 len)
5945{
5946 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5947 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5948 sizeof(struct mgmt_ltk_info));
5949 u16 key_count, expected_len;
5950 int i, err;
5951
5952 bt_dev_dbg(hdev, "sock %p", sk);
5953
5954 if (!lmp_le_capable(hdev))
5955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5956 MGMT_STATUS_NOT_SUPPORTED);
5957
5958 key_count = __le16_to_cpu(cp->key_count);
5959 if (key_count > max_key_count) {
5960 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5961 key_count);
5962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5963 MGMT_STATUS_INVALID_PARAMS);
5964 }
5965
5966 expected_len = struct_size(cp, keys, key_count);
5967 if (expected_len != len) {
5968 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5969 expected_len, len);
5970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5971 MGMT_STATUS_INVALID_PARAMS);
5972 }
5973
5974 bt_dev_dbg(hdev, "key_count %u", key_count);
5975
5976 for (i = 0; i < key_count; i++) {
5977 struct mgmt_ltk_info *key = &cp->keys[i];
5978
5979 if (!ltk_is_valid(key))
5980 return mgmt_cmd_status(sk, hdev->id,
5981 MGMT_OP_LOAD_LONG_TERM_KEYS,
5982 MGMT_STATUS_INVALID_PARAMS);
5983 }
5984
5985 hci_dev_lock(hdev);
5986
5987 hci_smp_ltks_clear(hdev);
5988
5989 for (i = 0; i < key_count; i++) {
5990 struct mgmt_ltk_info *key = &cp->keys[i];
5991 u8 type, authenticated;
5992
5993 if (hci_is_blocked_key(hdev,
5994 HCI_BLOCKED_KEY_TYPE_LTK,
5995 key->val)) {
5996 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
5997 &key->addr.bdaddr);
5998 continue;
5999 }
6000
6001 switch (key->type) {
6002 case MGMT_LTK_UNAUTHENTICATED:
6003 authenticated = 0x00;
6004 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6005 break;
6006 case MGMT_LTK_AUTHENTICATED:
6007 authenticated = 0x01;
6008 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6009 break;
6010 case MGMT_LTK_P256_UNAUTH:
6011 authenticated = 0x00;
6012 type = SMP_LTK_P256;
6013 break;
6014 case MGMT_LTK_P256_AUTH:
6015 authenticated = 0x01;
6016 type = SMP_LTK_P256;
6017 break;
6018 case MGMT_LTK_P256_DEBUG:
6019 authenticated = 0x00;
6020 type = SMP_LTK_P256_DEBUG;
6021 fallthrough;
6022 default:
6023 continue;
6024 }
6025
6026 hci_add_ltk(hdev, &key->addr.bdaddr,
6027 le_addr_type(key->addr.type), type, authenticated,
6028 key->val, key->enc_size, key->ediv, key->rand);
6029 }
6030
6031 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6032 NULL, 0);
6033
6034 hci_dev_unlock(hdev);
6035
6036 return err;
6037}
6038
6039static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6040{
6041 struct hci_conn *conn = cmd->user_data;
6042 struct mgmt_rp_get_conn_info rp;
6043 int err;
6044
6045 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6046
6047 if (status == MGMT_STATUS_SUCCESS) {
6048 rp.rssi = conn->rssi;
6049 rp.tx_power = conn->tx_power;
6050 rp.max_tx_power = conn->max_tx_power;
6051 } else {
6052 rp.rssi = HCI_RSSI_INVALID;
6053 rp.tx_power = HCI_TX_POWER_INVALID;
6054 rp.max_tx_power = HCI_TX_POWER_INVALID;
6055 }
6056
6057 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6058 status, &rp, sizeof(rp));
6059
6060 hci_conn_drop(conn);
6061 hci_conn_put(conn);
6062
6063 return err;
6064}
6065
6066static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6067 u16 opcode)
6068{
6069 struct hci_cp_read_rssi *cp;
6070 struct mgmt_pending_cmd *cmd;
6071 struct hci_conn *conn;
6072 u16 handle;
6073 u8 status;
6074
6075 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
6076
6077 hci_dev_lock(hdev);
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6089 if (!cp) {
6090 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
6091 status = MGMT_STATUS_SUCCESS;
6092 } else {
6093 status = mgmt_status(hci_status);
6094 }
6095
6096 if (!cp) {
6097 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
6098 goto unlock;
6099 }
6100
6101 handle = __le16_to_cpu(cp->handle);
6102 conn = hci_conn_hash_lookup_handle(hdev, handle);
6103 if (!conn) {
6104 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
6105 handle);
6106 goto unlock;
6107 }
6108
6109 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
6110 if (!cmd)
6111 goto unlock;
6112
6113 cmd->cmd_complete(cmd, status);
6114 mgmt_pending_remove(cmd);
6115
6116unlock:
6117 hci_dev_unlock(hdev);
6118}
6119
6120static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6121 u16 len)
6122{
6123 struct mgmt_cp_get_conn_info *cp = data;
6124 struct mgmt_rp_get_conn_info rp;
6125 struct hci_conn *conn;
6126 unsigned long conn_info_age;
6127 int err = 0;
6128
6129 bt_dev_dbg(hdev, "sock %p", sk);
6130
6131 memset(&rp, 0, sizeof(rp));
6132 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6133 rp.addr.type = cp->addr.type;
6134
6135 if (!bdaddr_type_is_valid(cp->addr.type))
6136 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6137 MGMT_STATUS_INVALID_PARAMS,
6138 &rp, sizeof(rp));
6139
6140 hci_dev_lock(hdev);
6141
6142 if (!hdev_is_powered(hdev)) {
6143 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6144 MGMT_STATUS_NOT_POWERED, &rp,
6145 sizeof(rp));
6146 goto unlock;
6147 }
6148
6149 if (cp->addr.type == BDADDR_BREDR)
6150 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6151 &cp->addr.bdaddr);
6152 else
6153 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6154
6155 if (!conn || conn->state != BT_CONNECTED) {
6156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6157 MGMT_STATUS_NOT_CONNECTED, &rp,
6158 sizeof(rp));
6159 goto unlock;
6160 }
6161
6162 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
6163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6164 MGMT_STATUS_BUSY, &rp, sizeof(rp));
6165 goto unlock;
6166 }
6167
6168
6169
6170
6171 conn_info_age = hdev->conn_info_min_age +
6172 prandom_u32_max(hdev->conn_info_max_age -
6173 hdev->conn_info_min_age);
6174
6175
6176
6177
6178 if (time_after(jiffies, conn->conn_info_timestamp +
6179 msecs_to_jiffies(conn_info_age)) ||
6180 !conn->conn_info_timestamp) {
6181 struct hci_request req;
6182 struct hci_cp_read_tx_power req_txp_cp;
6183 struct hci_cp_read_rssi req_rssi_cp;
6184 struct mgmt_pending_cmd *cmd;
6185
6186 hci_req_init(&req, hdev);
6187 req_rssi_cp.handle = cpu_to_le16(conn->handle);
6188 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6189 &req_rssi_cp);
6190
6191
6192
6193
6194 if (!bdaddr_type_is_le(cp->addr.type) ||
6195 conn->tx_power == HCI_TX_POWER_INVALID) {
6196 req_txp_cp.handle = cpu_to_le16(conn->handle);
6197 req_txp_cp.type = 0x00;
6198 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6199 sizeof(req_txp_cp), &req_txp_cp);
6200 }
6201
6202
6203 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6204 req_txp_cp.handle = cpu_to_le16(conn->handle);
6205 req_txp_cp.type = 0x01;
6206 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6207 sizeof(req_txp_cp), &req_txp_cp);
6208 }
6209
6210 err = hci_req_run(&req, conn_info_refresh_complete);
6211 if (err < 0)
6212 goto unlock;
6213
6214 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6215 data, len);
6216 if (!cmd) {
6217 err = -ENOMEM;
6218 goto unlock;
6219 }
6220
6221 hci_conn_hold(conn);
6222 cmd->user_data = hci_conn_get(conn);
6223 cmd->cmd_complete = conn_info_cmd_complete;
6224
6225 conn->conn_info_timestamp = jiffies;
6226 } else {
6227
6228 rp.rssi = conn->rssi;
6229 rp.tx_power = conn->tx_power;
6230 rp.max_tx_power = conn->max_tx_power;
6231
6232 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6233 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6234 }
6235
6236unlock:
6237 hci_dev_unlock(hdev);
6238 return err;
6239}
6240
6241static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
6242{
6243 struct hci_conn *conn = cmd->user_data;
6244 struct mgmt_rp_get_clock_info rp;
6245 struct hci_dev *hdev;
6246 int err;
6247
6248 memset(&rp, 0, sizeof(rp));
6249 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
6250
6251 if (status)
6252 goto complete;
6253
6254 hdev = hci_dev_get(cmd->index);
6255 if (hdev) {
6256 rp.local_clock = cpu_to_le32(hdev->clock);
6257 hci_dev_put(hdev);
6258 }
6259
6260 if (conn) {
6261 rp.piconet_clock = cpu_to_le32(conn->clock);
6262 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6263 }
6264
6265complete:
6266 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6267 sizeof(rp));
6268
6269 if (conn) {
6270 hci_conn_drop(conn);
6271 hci_conn_put(conn);
6272 }
6273
6274 return err;
6275}
6276
6277static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6278{
6279 struct hci_cp_read_clock *hci_cp;
6280 struct mgmt_pending_cmd *cmd;
6281 struct hci_conn *conn;
6282
6283 bt_dev_dbg(hdev, "status %u", status);
6284
6285 hci_dev_lock(hdev);
6286
6287 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6288 if (!hci_cp)
6289 goto unlock;
6290
6291 if (hci_cp->which) {
6292 u16 handle = __le16_to_cpu(hci_cp->handle);
6293 conn = hci_conn_hash_lookup_handle(hdev, handle);
6294 } else {
6295 conn = NULL;
6296 }
6297
6298 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
6299 if (!cmd)
6300 goto unlock;
6301
6302 cmd->cmd_complete(cmd, mgmt_status(status));
6303 mgmt_pending_remove(cmd);
6304
6305unlock:
6306 hci_dev_unlock(hdev);
6307}
6308
6309static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6310 u16 len)
6311{
6312 struct mgmt_cp_get_clock_info *cp = data;
6313 struct mgmt_rp_get_clock_info rp;
6314 struct hci_cp_read_clock hci_cp;
6315 struct mgmt_pending_cmd *cmd;
6316 struct hci_request req;
6317 struct hci_conn *conn;
6318 int err;
6319
6320 bt_dev_dbg(hdev, "sock %p", sk);
6321
6322 memset(&rp, 0, sizeof(rp));
6323 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6324 rp.addr.type = cp->addr.type;
6325
6326 if (cp->addr.type != BDADDR_BREDR)
6327 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6328 MGMT_STATUS_INVALID_PARAMS,
6329 &rp, sizeof(rp));
6330
6331 hci_dev_lock(hdev);
6332
6333 if (!hdev_is_powered(hdev)) {
6334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6335 MGMT_STATUS_NOT_POWERED, &rp,
6336 sizeof(rp));
6337 goto unlock;
6338 }
6339
6340 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6341 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6342 &cp->addr.bdaddr);
6343 if (!conn || conn->state != BT_CONNECTED) {
6344 err = mgmt_cmd_complete(sk, hdev->id,
6345 MGMT_OP_GET_CLOCK_INFO,
6346 MGMT_STATUS_NOT_CONNECTED,
6347 &rp, sizeof(rp));
6348 goto unlock;
6349 }
6350 } else {
6351 conn = NULL;
6352 }
6353
6354 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6355 if (!cmd) {
6356 err = -ENOMEM;
6357 goto unlock;
6358 }
6359
6360 cmd->cmd_complete = clock_info_cmd_complete;
6361
6362 hci_req_init(&req, hdev);
6363
6364 memset(&hci_cp, 0, sizeof(hci_cp));
6365 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6366
6367 if (conn) {
6368 hci_conn_hold(conn);
6369 cmd->user_data = hci_conn_get(conn);
6370
6371 hci_cp.handle = cpu_to_le16(conn->handle);
6372 hci_cp.which = 0x01;
6373 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6374 }
6375
6376 err = hci_req_run(&req, get_clock_info_complete);
6377 if (err < 0)
6378 mgmt_pending_remove(cmd);
6379
6380unlock:
6381 hci_dev_unlock(hdev);
6382 return err;
6383}
6384
6385static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6386{
6387 struct hci_conn *conn;
6388
6389 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6390 if (!conn)
6391 return false;
6392
6393 if (conn->dst_type != type)
6394 return false;
6395
6396 if (conn->state != BT_CONNECTED)
6397 return false;
6398
6399 return true;
6400}
6401
6402
6403static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
6404 u8 addr_type, u8 auto_connect)
6405{
6406 struct hci_conn_params *params;
6407
6408 params = hci_conn_params_add(hdev, addr, addr_type);
6409 if (!params)
6410 return -EIO;
6411
6412 if (params->auto_connect == auto_connect)
6413 return 0;
6414
6415 list_del_init(¶ms->action);
6416
6417 switch (auto_connect) {
6418 case HCI_AUTO_CONN_DISABLED:
6419 case HCI_AUTO_CONN_LINK_LOSS:
6420
6421
6422
6423 if (params->explicit_connect)
6424 list_add(¶ms->action, &hdev->pend_le_conns);
6425 break;
6426 case HCI_AUTO_CONN_REPORT:
6427 if (params->explicit_connect)
6428 list_add(¶ms->action, &hdev->pend_le_conns);
6429 else
6430 list_add(¶ms->action, &hdev->pend_le_reports);
6431 break;
6432 case HCI_AUTO_CONN_DIRECT:
6433 case HCI_AUTO_CONN_ALWAYS:
6434 if (!is_connected(hdev, addr, addr_type))
6435 list_add(¶ms->action, &hdev->pend_le_conns);
6436 break;
6437 }
6438
6439 params->auto_connect = auto_connect;
6440
6441 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6442 addr, addr_type, auto_connect);
6443
6444 return 0;
6445}
6446
6447static void device_added(struct sock *sk, struct hci_dev *hdev,
6448 bdaddr_t *bdaddr, u8 type, u8 action)
6449{
6450 struct mgmt_ev_device_added ev;
6451
6452 bacpy(&ev.addr.bdaddr, bdaddr);
6453 ev.addr.type = type;
6454 ev.action = action;
6455
6456 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6457}
6458
6459static int add_device(struct sock *sk, struct hci_dev *hdev,
6460 void *data, u16 len)
6461{
6462 struct mgmt_cp_add_device *cp = data;
6463 u8 auto_conn, addr_type;
6464 struct hci_conn_params *params;
6465 int err;
6466 u32 current_flags = 0;
6467
6468 bt_dev_dbg(hdev, "sock %p", sk);
6469
6470 if (!bdaddr_type_is_valid(cp->addr.type) ||
6471 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6472 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6473 MGMT_STATUS_INVALID_PARAMS,
6474 &cp->addr, sizeof(cp->addr));
6475
6476 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6477 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6478 MGMT_STATUS_INVALID_PARAMS,
6479 &cp->addr, sizeof(cp->addr));
6480
6481 hci_dev_lock(hdev);
6482
6483 if (cp->addr.type == BDADDR_BREDR) {
6484
6485 if (cp->action != 0x01) {
6486 err = mgmt_cmd_complete(sk, hdev->id,
6487 MGMT_OP_ADD_DEVICE,
6488 MGMT_STATUS_INVALID_PARAMS,
6489 &cp->addr, sizeof(cp->addr));
6490 goto unlock;
6491 }
6492
6493 err = hci_bdaddr_list_add_with_flags(&hdev->whitelist,
6494 &cp->addr.bdaddr,
6495 cp->addr.type, 0);
6496 if (err)
6497 goto unlock;
6498
6499 hci_req_update_scan(hdev);
6500
6501 goto added;
6502 }
6503
6504 addr_type = le_addr_type(cp->addr.type);
6505
6506 if (cp->action == 0x02)
6507 auto_conn = HCI_AUTO_CONN_ALWAYS;
6508 else if (cp->action == 0x01)
6509 auto_conn = HCI_AUTO_CONN_DIRECT;
6510 else
6511 auto_conn = HCI_AUTO_CONN_REPORT;
6512
6513
6514
6515
6516
6517
6518 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6519 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6520 MGMT_STATUS_INVALID_PARAMS,
6521 &cp->addr, sizeof(cp->addr));
6522 goto unlock;
6523 }
6524
6525
6526
6527
6528 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
6529 auto_conn) < 0) {
6530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6531 MGMT_STATUS_FAILED, &cp->addr,
6532 sizeof(cp->addr));
6533 goto unlock;
6534 } else {
6535 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6536 addr_type);
6537 if (params)
6538 current_flags = params->current_flags;
6539 }
6540
6541 hci_update_background_scan(hdev);
6542
6543added:
6544 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6545 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
6546 SUPPORTED_DEVICE_FLAGS(), current_flags);
6547
6548 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6549 MGMT_STATUS_SUCCESS, &cp->addr,
6550 sizeof(cp->addr));
6551
6552unlock:
6553 hci_dev_unlock(hdev);
6554 return err;
6555}
6556
6557static void device_removed(struct sock *sk, struct hci_dev *hdev,
6558 bdaddr_t *bdaddr, u8 type)
6559{
6560 struct mgmt_ev_device_removed ev;
6561
6562 bacpy(&ev.addr.bdaddr, bdaddr);
6563 ev.addr.type = type;
6564
6565 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6566}
6567
6568static int remove_device(struct sock *sk, struct hci_dev *hdev,
6569 void *data, u16 len)
6570{
6571 struct mgmt_cp_remove_device *cp = data;
6572 int err;
6573
6574 bt_dev_dbg(hdev, "sock %p", sk);
6575
6576 hci_dev_lock(hdev);
6577
6578 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6579 struct hci_conn_params *params;
6580 u8 addr_type;
6581
6582 if (!bdaddr_type_is_valid(cp->addr.type)) {
6583 err = mgmt_cmd_complete(sk, hdev->id,
6584 MGMT_OP_REMOVE_DEVICE,
6585 MGMT_STATUS_INVALID_PARAMS,
6586 &cp->addr, sizeof(cp->addr));
6587 goto unlock;
6588 }
6589
6590 if (cp->addr.type == BDADDR_BREDR) {
6591 err = hci_bdaddr_list_del(&hdev->whitelist,
6592 &cp->addr.bdaddr,
6593 cp->addr.type);
6594 if (err) {
6595 err = mgmt_cmd_complete(sk, hdev->id,
6596 MGMT_OP_REMOVE_DEVICE,
6597 MGMT_STATUS_INVALID_PARAMS,
6598 &cp->addr,
6599 sizeof(cp->addr));
6600 goto unlock;
6601 }
6602
6603 hci_req_update_scan(hdev);
6604
6605 device_removed(sk, hdev, &cp->addr.bdaddr,
6606 cp->addr.type);
6607 goto complete;
6608 }
6609
6610 addr_type = le_addr_type(cp->addr.type);
6611
6612
6613
6614
6615
6616
6617 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
6618 err = mgmt_cmd_complete(sk, hdev->id,
6619 MGMT_OP_REMOVE_DEVICE,
6620 MGMT_STATUS_INVALID_PARAMS,
6621 &cp->addr, sizeof(cp->addr));
6622 goto unlock;
6623 }
6624
6625 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6626 addr_type);
6627 if (!params) {
6628 err = mgmt_cmd_complete(sk, hdev->id,
6629 MGMT_OP_REMOVE_DEVICE,
6630 MGMT_STATUS_INVALID_PARAMS,
6631 &cp->addr, sizeof(cp->addr));
6632 goto unlock;
6633 }
6634
6635 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6636 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
6637 err = mgmt_cmd_complete(sk, hdev->id,
6638 MGMT_OP_REMOVE_DEVICE,
6639 MGMT_STATUS_INVALID_PARAMS,
6640 &cp->addr, sizeof(cp->addr));
6641 goto unlock;
6642 }
6643
6644 list_del(¶ms->action);
6645 list_del(¶ms->list);
6646 kfree(params);
6647 hci_update_background_scan(hdev);
6648
6649 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6650 } else {
6651 struct hci_conn_params *p, *tmp;
6652 struct bdaddr_list *b, *btmp;
6653
6654 if (cp->addr.type) {
6655 err = mgmt_cmd_complete(sk, hdev->id,
6656 MGMT_OP_REMOVE_DEVICE,
6657 MGMT_STATUS_INVALID_PARAMS,
6658 &cp->addr, sizeof(cp->addr));
6659 goto unlock;
6660 }
6661
6662 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6663 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6664 list_del(&b->list);
6665 kfree(b);
6666 }
6667
6668 hci_req_update_scan(hdev);
6669
6670 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6671 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6672 continue;
6673 device_removed(sk, hdev, &p->addr, p->addr_type);
6674 if (p->explicit_connect) {
6675 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6676 continue;
6677 }
6678 list_del(&p->action);
6679 list_del(&p->list);
6680 kfree(p);
6681 }
6682
6683 bt_dev_dbg(hdev, "All LE connection parameters were removed");
6684
6685 hci_update_background_scan(hdev);
6686 }
6687
6688complete:
6689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6690 MGMT_STATUS_SUCCESS, &cp->addr,
6691 sizeof(cp->addr));
6692unlock:
6693 hci_dev_unlock(hdev);
6694 return err;
6695}
6696
6697static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6698 u16 len)
6699{
6700 struct mgmt_cp_load_conn_param *cp = data;
6701 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6702 sizeof(struct mgmt_conn_param));
6703 u16 param_count, expected_len;
6704 int i;
6705
6706 if (!lmp_le_capable(hdev))
6707 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6708 MGMT_STATUS_NOT_SUPPORTED);
6709
6710 param_count = __le16_to_cpu(cp->param_count);
6711 if (param_count > max_param_count) {
6712 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6713 param_count);
6714 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6715 MGMT_STATUS_INVALID_PARAMS);
6716 }
6717
6718 expected_len = struct_size(cp, params, param_count);
6719 if (expected_len != len) {
6720 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6721 expected_len, len);
6722 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6723 MGMT_STATUS_INVALID_PARAMS);
6724 }
6725
6726 bt_dev_dbg(hdev, "param_count %u", param_count);
6727
6728 hci_dev_lock(hdev);
6729
6730 hci_conn_params_clear_disabled(hdev);
6731
6732 for (i = 0; i < param_count; i++) {
6733 struct mgmt_conn_param *param = &cp->params[i];
6734 struct hci_conn_params *hci_param;
6735 u16 min, max, latency, timeout;
6736 u8 addr_type;
6737
6738 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
6739 param->addr.type);
6740
6741 if (param->addr.type == BDADDR_LE_PUBLIC) {
6742 addr_type = ADDR_LE_DEV_PUBLIC;
6743 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6744 addr_type = ADDR_LE_DEV_RANDOM;
6745 } else {
6746 bt_dev_err(hdev, "ignoring invalid connection parameters");
6747 continue;
6748 }
6749
6750 min = le16_to_cpu(param->min_interval);
6751 max = le16_to_cpu(param->max_interval);
6752 latency = le16_to_cpu(param->latency);
6753 timeout = le16_to_cpu(param->timeout);
6754
6755 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6756 min, max, latency, timeout);
6757
6758 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6759 bt_dev_err(hdev, "ignoring invalid connection parameters");
6760 continue;
6761 }
6762
6763 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6764 addr_type);
6765 if (!hci_param) {
6766 bt_dev_err(hdev, "failed to add connection parameters");
6767 continue;
6768 }
6769
6770 hci_param->conn_min_interval = min;
6771 hci_param->conn_max_interval = max;
6772 hci_param->conn_latency = latency;
6773 hci_param->supervision_timeout = timeout;
6774 }
6775
6776 hci_dev_unlock(hdev);
6777
6778 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6779 NULL, 0);
6780}
6781
6782static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6783 void *data, u16 len)
6784{
6785 struct mgmt_cp_set_external_config *cp = data;
6786 bool changed;
6787 int err;
6788
6789 bt_dev_dbg(hdev, "sock %p", sk);
6790
6791 if (hdev_is_powered(hdev))
6792 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6793 MGMT_STATUS_REJECTED);
6794
6795 if (cp->config != 0x00 && cp->config != 0x01)
6796 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6797 MGMT_STATUS_INVALID_PARAMS);
6798
6799 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6800 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6801 MGMT_STATUS_NOT_SUPPORTED);
6802
6803 hci_dev_lock(hdev);
6804
6805 if (cp->config)
6806 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6807 else
6808 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6809
6810 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6811 if (err < 0)
6812 goto unlock;
6813
6814 if (!changed)
6815 goto unlock;
6816
6817 err = new_options(hdev, sk);
6818
6819 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6820 mgmt_index_removed(hdev);
6821
6822 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6823 hci_dev_set_flag(hdev, HCI_CONFIG);
6824 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6825
6826 queue_work(hdev->req_workqueue, &hdev->power_on);
6827 } else {
6828 set_bit(HCI_RAW, &hdev->flags);
6829 mgmt_index_added(hdev);
6830 }
6831 }
6832
6833unlock:
6834 hci_dev_unlock(hdev);
6835 return err;
6836}
6837
6838static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6839 void *data, u16 len)
6840{
6841 struct mgmt_cp_set_public_address *cp = data;
6842 bool changed;
6843 int err;
6844
6845 bt_dev_dbg(hdev, "sock %p", sk);
6846
6847 if (hdev_is_powered(hdev))
6848 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6849 MGMT_STATUS_REJECTED);
6850
6851 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6853 MGMT_STATUS_INVALID_PARAMS);
6854
6855 if (!hdev->set_bdaddr)
6856 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6857 MGMT_STATUS_NOT_SUPPORTED);
6858
6859 hci_dev_lock(hdev);
6860
6861 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6862 bacpy(&hdev->public_addr, &cp->bdaddr);
6863
6864 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6865 if (err < 0)
6866 goto unlock;
6867
6868 if (!changed)
6869 goto unlock;
6870
6871 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6872 err = new_options(hdev, sk);
6873
6874 if (is_configured(hdev)) {
6875 mgmt_index_removed(hdev);
6876
6877 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6878
6879 hci_dev_set_flag(hdev, HCI_CONFIG);
6880 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6881
6882 queue_work(hdev->req_workqueue, &hdev->power_on);
6883 }
6884
6885unlock:
6886 hci_dev_unlock(hdev);
6887 return err;
6888}
6889
6890static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6891 u16 opcode, struct sk_buff *skb)
6892{
6893 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6894 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6895 u8 *h192, *r192, *h256, *r256;
6896 struct mgmt_pending_cmd *cmd;
6897 u16 eir_len;
6898 int err;
6899
6900 bt_dev_dbg(hdev, "status %u", status);
6901
6902 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6903 if (!cmd)
6904 return;
6905
6906 mgmt_cp = cmd->param;
6907
6908 if (status) {
6909 status = mgmt_status(status);
6910 eir_len = 0;
6911
6912 h192 = NULL;
6913 r192 = NULL;
6914 h256 = NULL;
6915 r256 = NULL;
6916 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6917 struct hci_rp_read_local_oob_data *rp;
6918
6919 if (skb->len != sizeof(*rp)) {
6920 status = MGMT_STATUS_FAILED;
6921 eir_len = 0;
6922 } else {
6923 status = MGMT_STATUS_SUCCESS;
6924 rp = (void *)skb->data;
6925
6926 eir_len = 5 + 18 + 18;
6927 h192 = rp->hash;
6928 r192 = rp->rand;
6929 h256 = NULL;
6930 r256 = NULL;
6931 }
6932 } else {
6933 struct hci_rp_read_local_oob_ext_data *rp;
6934
6935 if (skb->len != sizeof(*rp)) {
6936 status = MGMT_STATUS_FAILED;
6937 eir_len = 0;
6938 } else {
6939 status = MGMT_STATUS_SUCCESS;
6940 rp = (void *)skb->data;
6941
6942 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6943 eir_len = 5 + 18 + 18;
6944 h192 = NULL;
6945 r192 = NULL;
6946 } else {
6947 eir_len = 5 + 18 + 18 + 18 + 18;
6948 h192 = rp->hash192;
6949 r192 = rp->rand192;
6950 }
6951
6952 h256 = rp->hash256;
6953 r256 = rp->rand256;
6954 }
6955 }
6956
6957 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6958 if (!mgmt_rp)
6959 goto done;
6960
6961 if (status)
6962 goto send_rsp;
6963
6964 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6965 hdev->dev_class, 3);
6966
6967 if (h192 && r192) {
6968 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6969 EIR_SSP_HASH_C192, h192, 16);
6970 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6971 EIR_SSP_RAND_R192, r192, 16);
6972 }
6973
6974 if (h256 && r256) {
6975 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6976 EIR_SSP_HASH_C256, h256, 16);
6977 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6978 EIR_SSP_RAND_R256, r256, 16);
6979 }
6980
6981send_rsp:
6982 mgmt_rp->type = mgmt_cp->type;
6983 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6984
6985 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6986 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6987 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6988 if (err < 0 || status)
6989 goto done;
6990
6991 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6992
6993 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6994 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6995 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6996done:
6997 kfree(mgmt_rp);
6998 mgmt_pending_remove(cmd);
6999}
7000
7001static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7002 struct mgmt_cp_read_local_oob_ext_data *cp)
7003{
7004 struct mgmt_pending_cmd *cmd;
7005 struct hci_request req;
7006 int err;
7007
7008 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7009 cp, sizeof(*cp));
7010 if (!cmd)
7011 return -ENOMEM;
7012
7013 hci_req_init(&req, hdev);
7014
7015 if (bredr_sc_enabled(hdev))
7016 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7017 else
7018 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7019
7020 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7021 if (err < 0) {
7022 mgmt_pending_remove(cmd);
7023 return err;
7024 }
7025
7026 return 0;
7027}
7028
7029static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7030 void *data, u16 data_len)
7031{
7032 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7033 struct mgmt_rp_read_local_oob_ext_data *rp;
7034 size_t rp_len;
7035 u16 eir_len;
7036 u8 status, flags, role, addr[7], hash[16], rand[16];
7037 int err;
7038
7039 bt_dev_dbg(hdev, "sock %p", sk);
7040
7041 if (hdev_is_powered(hdev)) {
7042 switch (cp->type) {
7043 case BIT(BDADDR_BREDR):
7044 status = mgmt_bredr_support(hdev);
7045 if (status)
7046 eir_len = 0;
7047 else
7048 eir_len = 5;
7049 break;
7050 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7051 status = mgmt_le_support(hdev);
7052 if (status)
7053 eir_len = 0;
7054 else
7055 eir_len = 9 + 3 + 18 + 18 + 3;
7056 break;
7057 default:
7058 status = MGMT_STATUS_INVALID_PARAMS;
7059 eir_len = 0;
7060 break;
7061 }
7062 } else {
7063 status = MGMT_STATUS_NOT_POWERED;
7064 eir_len = 0;
7065 }
7066
7067 rp_len = sizeof(*rp) + eir_len;
7068 rp = kmalloc(rp_len, GFP_ATOMIC);
7069 if (!rp)
7070 return -ENOMEM;
7071
7072 if (status)
7073 goto complete;
7074
7075 hci_dev_lock(hdev);
7076
7077 eir_len = 0;
7078 switch (cp->type) {
7079 case BIT(BDADDR_BREDR):
7080 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7081 err = read_local_ssp_oob_req(hdev, sk, cp);
7082 hci_dev_unlock(hdev);
7083 if (!err)
7084 goto done;
7085
7086 status = MGMT_STATUS_FAILED;
7087 goto complete;
7088 } else {
7089 eir_len = eir_append_data(rp->eir, eir_len,
7090 EIR_CLASS_OF_DEV,
7091 hdev->dev_class, 3);
7092 }
7093 break;
7094 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7095 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7096 smp_generate_oob(hdev, hash, rand) < 0) {
7097 hci_dev_unlock(hdev);
7098 status = MGMT_STATUS_FAILED;
7099 goto complete;
7100 }
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
7113 hci_dev_unlock(hdev);
7114 status = MGMT_STATUS_REJECTED;
7115 goto complete;
7116 }
7117
7118 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7119 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7120 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7121 bacmp(&hdev->static_addr, BDADDR_ANY))) {
7122 memcpy(addr, &hdev->static_addr, 6);
7123 addr[6] = 0x01;
7124 } else {
7125 memcpy(addr, &hdev->bdaddr, 6);
7126 addr[6] = 0x00;
7127 }
7128
7129 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7130 addr, sizeof(addr));
7131
7132 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7133 role = 0x02;
7134 else
7135 role = 0x01;
7136
7137 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7138 &role, sizeof(role));
7139
7140 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7141 eir_len = eir_append_data(rp->eir, eir_len,
7142 EIR_LE_SC_CONFIRM,
7143 hash, sizeof(hash));
7144
7145 eir_len = eir_append_data(rp->eir, eir_len,
7146 EIR_LE_SC_RANDOM,
7147 rand, sizeof(rand));
7148 }
7149
7150 flags = mgmt_get_adv_discov_flags(hdev);
7151
7152 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7153 flags |= LE_AD_NO_BREDR;
7154
7155 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7156 &flags, sizeof(flags));
7157 break;
7158 }
7159
7160 hci_dev_unlock(hdev);
7161
7162 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7163
7164 status = MGMT_STATUS_SUCCESS;
7165
7166complete:
7167 rp->type = cp->type;
7168 rp->eir_len = cpu_to_le16(eir_len);
7169
7170 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
7171 status, rp, sizeof(*rp) + eir_len);
7172 if (err < 0 || status)
7173 goto done;
7174
7175 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7176 rp, sizeof(*rp) + eir_len,
7177 HCI_MGMT_OOB_DATA_EVENTS, sk);
7178
7179done:
7180 kfree(rp);
7181
7182 return err;
7183}
7184
7185static u32 get_supported_adv_flags(struct hci_dev *hdev)
7186{
7187 u32 flags = 0;
7188
7189 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7190 flags |= MGMT_ADV_FLAG_DISCOV;
7191 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7192 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7193 flags |= MGMT_ADV_FLAG_APPEARANCE;
7194 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
7195
7196
7197
7198
7199 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7200 ext_adv_capable(hdev))
7201 flags |= MGMT_ADV_FLAG_TX_POWER;
7202
7203 if (ext_adv_capable(hdev)) {
7204 flags |= MGMT_ADV_FLAG_SEC_1M;
7205
7206 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7207 flags |= MGMT_ADV_FLAG_SEC_2M;
7208
7209 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7210 flags |= MGMT_ADV_FLAG_SEC_CODED;
7211 }
7212
7213 return flags;
7214}
7215
7216static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7217 void *data, u16 data_len)
7218{
7219 struct mgmt_rp_read_adv_features *rp;
7220 size_t rp_len;
7221 int err;
7222 struct adv_info *adv_instance;
7223 u32 supported_flags;
7224 u8 *instance;
7225
7226 bt_dev_dbg(hdev, "sock %p", sk);
7227
7228 if (!lmp_le_capable(hdev))
7229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7230 MGMT_STATUS_REJECTED);
7231
7232
7233
7234
7235 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7237 MGMT_STATUS_NOT_SUPPORTED);
7238
7239 hci_dev_lock(hdev);
7240
7241 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
7242 rp = kmalloc(rp_len, GFP_ATOMIC);
7243 if (!rp) {
7244 hci_dev_unlock(hdev);
7245 return -ENOMEM;
7246 }
7247
7248 supported_flags = get_supported_adv_flags(hdev);
7249
7250 rp->supported_flags = cpu_to_le32(supported_flags);
7251 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7252 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7253 rp->max_instances = HCI_MAX_ADV_INSTANCES;
7254 rp->num_instances = hdev->adv_instance_cnt;
7255
7256 instance = rp->instance;
7257 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7258 *instance = adv_instance->instance;
7259 instance++;
7260 }
7261
7262 hci_dev_unlock(hdev);
7263
7264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7265 MGMT_STATUS_SUCCESS, rp, rp_len);
7266
7267 kfree(rp);
7268
7269 return err;
7270}
7271
7272static u8 calculate_name_len(struct hci_dev *hdev)
7273{
7274 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7275
7276 return append_local_name(hdev, buf, 0);
7277}
7278
7279static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7280 bool is_adv_data)
7281{
7282 u8 max_len = HCI_MAX_AD_LENGTH;
7283
7284 if (is_adv_data) {
7285 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7286 MGMT_ADV_FLAG_LIMITED_DISCOV |
7287 MGMT_ADV_FLAG_MANAGED_FLAGS))
7288 max_len -= 3;
7289
7290 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
7291 max_len -= 3;
7292 } else {
7293 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
7294 max_len -= calculate_name_len(hdev);
7295
7296 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
7297 max_len -= 4;
7298 }
7299
7300 return max_len;
7301}
7302
7303static bool flags_managed(u32 adv_flags)
7304{
7305 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7306 MGMT_ADV_FLAG_LIMITED_DISCOV |
7307 MGMT_ADV_FLAG_MANAGED_FLAGS);
7308}
7309
7310static bool tx_power_managed(u32 adv_flags)
7311{
7312 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7313}
7314
7315static bool name_managed(u32 adv_flags)
7316{
7317 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7318}
7319
7320static bool appearance_managed(u32 adv_flags)
7321{
7322 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7323}
7324
7325static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7326 u8 len, bool is_adv_data)
7327{
7328 int i, cur_len;
7329 u8 max_len;
7330
7331 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
7332
7333 if (len > max_len)
7334 return false;
7335
7336
7337 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7338 cur_len = data[i];
7339
7340 if (data[i + 1] == EIR_FLAGS &&
7341 (!is_adv_data || flags_managed(adv_flags)))
7342 return false;
7343
7344 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7345 return false;
7346
7347 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7348 return false;
7349
7350 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
7351 return false;
7352
7353 if (data[i + 1] == EIR_APPEARANCE &&
7354 appearance_managed(adv_flags))
7355 return false;
7356
7357
7358
7359
7360 if (i + cur_len >= len)
7361 return false;
7362 }
7363
7364 return true;
7365}
7366
7367static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7368 u16 opcode)
7369{
7370 struct mgmt_pending_cmd *cmd;
7371 struct mgmt_cp_add_advertising *cp;
7372 struct mgmt_rp_add_advertising rp;
7373 struct adv_info *adv_instance, *n;
7374 u8 instance;
7375
7376 bt_dev_dbg(hdev, "status %d", status);
7377
7378 hci_dev_lock(hdev);
7379
7380 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7381
7382 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7383 if (!adv_instance->pending)
7384 continue;
7385
7386 if (!status) {
7387 adv_instance->pending = false;
7388 continue;
7389 }
7390
7391 instance = adv_instance->instance;
7392
7393 if (hdev->cur_adv_instance == instance)
7394 cancel_adv_timeout(hdev);
7395
7396 hci_remove_adv_instance(hdev, instance);
7397 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
7398 }
7399
7400 if (!cmd)
7401 goto unlock;
7402
7403 cp = cmd->param;
7404 rp.instance = cp->instance;
7405
7406 if (status)
7407 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7408 mgmt_status(status));
7409 else
7410 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7411 mgmt_status(status), &rp, sizeof(rp));
7412
7413 mgmt_pending_remove(cmd);
7414
7415unlock:
7416 hci_dev_unlock(hdev);
7417}
7418
7419static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7420 void *data, u16 data_len)
7421{
7422 struct mgmt_cp_add_advertising *cp = data;
7423 struct mgmt_rp_add_advertising rp;
7424 u32 flags;
7425 u32 supported_flags, phy_flags;
7426 u8 status;
7427 u16 timeout, duration;
7428 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7429 u8 schedule_instance = 0;
7430 struct adv_info *next_instance;
7431 int err;
7432 struct mgmt_pending_cmd *cmd;
7433 struct hci_request req;
7434
7435 bt_dev_dbg(hdev, "sock %p", sk);
7436
7437 status = mgmt_le_support(hdev);
7438 if (status)
7439 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7440 status);
7441
7442
7443
7444
7445 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7447 MGMT_STATUS_NOT_SUPPORTED);
7448
7449 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7451 MGMT_STATUS_INVALID_PARAMS);
7452
7453 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
7454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7455 MGMT_STATUS_INVALID_PARAMS);
7456
7457 flags = __le32_to_cpu(cp->flags);
7458 timeout = __le16_to_cpu(cp->timeout);
7459 duration = __le16_to_cpu(cp->duration);
7460
7461
7462
7463
7464 supported_flags = get_supported_adv_flags(hdev);
7465 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
7466 if (flags & ~supported_flags ||
7467 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7469 MGMT_STATUS_INVALID_PARAMS);
7470
7471 hci_dev_lock(hdev);
7472
7473 if (timeout && !hdev_is_powered(hdev)) {
7474 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7475 MGMT_STATUS_REJECTED);
7476 goto unlock;
7477 }
7478
7479 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7480 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7481 pending_find(MGMT_OP_SET_LE, hdev)) {
7482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7483 MGMT_STATUS_BUSY);
7484 goto unlock;
7485 }
7486
7487 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7488 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
7489 cp->scan_rsp_len, false)) {
7490 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7491 MGMT_STATUS_INVALID_PARAMS);
7492 goto unlock;
7493 }
7494
7495 err = hci_add_adv_instance(hdev, cp->instance, flags,
7496 cp->adv_data_len, cp->data,
7497 cp->scan_rsp_len,
7498 cp->data + cp->adv_data_len,
7499 timeout, duration);
7500 if (err < 0) {
7501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7502 MGMT_STATUS_FAILED);
7503 goto unlock;
7504 }
7505
7506
7507
7508
7509 if (hdev->adv_instance_cnt > prev_instance_cnt)
7510 mgmt_advertising_added(sk, hdev, cp->instance);
7511
7512 if (hdev->cur_adv_instance == cp->instance) {
7513
7514
7515
7516
7517
7518 cancel_adv_timeout(hdev);
7519
7520 next_instance = hci_get_next_instance(hdev, cp->instance);
7521 if (next_instance)
7522 schedule_instance = next_instance->instance;
7523 } else if (!hdev->adv_instance_timeout) {
7524
7525
7526
7527 schedule_instance = cp->instance;
7528 }
7529
7530
7531
7532
7533
7534 if (!hdev_is_powered(hdev) ||
7535 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7536 !schedule_instance) {
7537 rp.instance = cp->instance;
7538 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7539 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7540 goto unlock;
7541 }
7542
7543
7544
7545
7546 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7547 data_len);
7548 if (!cmd) {
7549 err = -ENOMEM;
7550 goto unlock;
7551 }
7552
7553 hci_req_init(&req, hdev);
7554
7555 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
7556
7557 if (!err)
7558 err = hci_req_run(&req, add_advertising_complete);
7559
7560 if (err < 0) {
7561 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7562 MGMT_STATUS_FAILED);
7563 mgmt_pending_remove(cmd);
7564 }
7565
7566unlock:
7567 hci_dev_unlock(hdev);
7568
7569 return err;
7570}
7571
7572static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7573 u16 opcode)
7574{
7575 struct mgmt_pending_cmd *cmd;
7576 struct mgmt_cp_remove_advertising *cp;
7577 struct mgmt_rp_remove_advertising rp;
7578
7579 bt_dev_dbg(hdev, "status %d", status);
7580
7581 hci_dev_lock(hdev);
7582
7583
7584
7585
7586
7587 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7588 if (!cmd)
7589 goto unlock;
7590
7591 cp = cmd->param;
7592 rp.instance = cp->instance;
7593
7594 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7595 &rp, sizeof(rp));
7596 mgmt_pending_remove(cmd);
7597
7598unlock:
7599 hci_dev_unlock(hdev);
7600}
7601
7602static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7603 void *data, u16 data_len)
7604{
7605 struct mgmt_cp_remove_advertising *cp = data;
7606 struct mgmt_rp_remove_advertising rp;
7607 struct mgmt_pending_cmd *cmd;
7608 struct hci_request req;
7609 int err;
7610
7611 bt_dev_dbg(hdev, "sock %p", sk);
7612
7613
7614
7615
7616 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7618 MGMT_STATUS_NOT_SUPPORTED);
7619
7620 hci_dev_lock(hdev);
7621
7622 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
7623 err = mgmt_cmd_status(sk, hdev->id,
7624 MGMT_OP_REMOVE_ADVERTISING,
7625 MGMT_STATUS_INVALID_PARAMS);
7626 goto unlock;
7627 }
7628
7629 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7630 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7631 pending_find(MGMT_OP_SET_LE, hdev)) {
7632 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7633 MGMT_STATUS_BUSY);
7634 goto unlock;
7635 }
7636
7637 if (list_empty(&hdev->adv_instances)) {
7638 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7639 MGMT_STATUS_INVALID_PARAMS);
7640 goto unlock;
7641 }
7642
7643 hci_req_init(&req, hdev);
7644
7645
7646 if (ext_adv_capable(hdev)) {
7647 __hci_req_disable_ext_adv_instance(&req, cp->instance);
7648 __hci_req_remove_ext_adv_instance(&req, cp->instance);
7649 }
7650
7651 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
7652
7653 if (list_empty(&hdev->adv_instances))
7654 __hci_req_disable_advertising(&req);
7655
7656
7657
7658
7659
7660 if (skb_queue_empty(&req.cmd_q) ||
7661 !hdev_is_powered(hdev) ||
7662 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7663 hci_req_purge(&req);
7664 rp.instance = cp->instance;
7665 err = mgmt_cmd_complete(sk, hdev->id,
7666 MGMT_OP_REMOVE_ADVERTISING,
7667 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7668 goto unlock;
7669 }
7670
7671 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7672 data_len);
7673 if (!cmd) {
7674 err = -ENOMEM;
7675 goto unlock;
7676 }
7677
7678 err = hci_req_run(&req, remove_advertising_complete);
7679 if (err < 0)
7680 mgmt_pending_remove(cmd);
7681
7682unlock:
7683 hci_dev_unlock(hdev);
7684
7685 return err;
7686}
7687
7688static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7689 void *data, u16 data_len)
7690{
7691 struct mgmt_cp_get_adv_size_info *cp = data;
7692 struct mgmt_rp_get_adv_size_info rp;
7693 u32 flags, supported_flags;
7694 int err;
7695
7696 bt_dev_dbg(hdev, "sock %p", sk);
7697
7698 if (!lmp_le_capable(hdev))
7699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7700 MGMT_STATUS_REJECTED);
7701
7702 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7703 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7704 MGMT_STATUS_INVALID_PARAMS);
7705
7706 flags = __le32_to_cpu(cp->flags);
7707
7708
7709
7710
7711 supported_flags = get_supported_adv_flags(hdev);
7712 if (flags & ~supported_flags)
7713 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7714 MGMT_STATUS_INVALID_PARAMS);
7715
7716 rp.instance = cp->instance;
7717 rp.flags = cp->flags;
7718 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7719 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
7720
7721 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7722 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7723
7724 return err;
7725}
7726
7727static const struct hci_mgmt_handler mgmt_handlers[] = {
7728 { NULL },
7729 { read_version, MGMT_READ_VERSION_SIZE,
7730 HCI_MGMT_NO_HDEV |
7731 HCI_MGMT_UNTRUSTED },
7732 { read_commands, MGMT_READ_COMMANDS_SIZE,
7733 HCI_MGMT_NO_HDEV |
7734 HCI_MGMT_UNTRUSTED },
7735 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7736 HCI_MGMT_NO_HDEV |
7737 HCI_MGMT_UNTRUSTED },
7738 { read_controller_info, MGMT_READ_INFO_SIZE,
7739 HCI_MGMT_UNTRUSTED },
7740 { set_powered, MGMT_SETTING_SIZE },
7741 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7742 { set_connectable, MGMT_SETTING_SIZE },
7743 { set_fast_connectable, MGMT_SETTING_SIZE },
7744 { set_bondable, MGMT_SETTING_SIZE },
7745 { set_link_security, MGMT_SETTING_SIZE },
7746 { set_ssp, MGMT_SETTING_SIZE },
7747 { set_hs, MGMT_SETTING_SIZE },
7748 { set_le, MGMT_SETTING_SIZE },
7749 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7750 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7751 { add_uuid, MGMT_ADD_UUID_SIZE },
7752 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7753 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7754 HCI_MGMT_VAR_LEN },
7755 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7756 HCI_MGMT_VAR_LEN },
7757 { disconnect, MGMT_DISCONNECT_SIZE },
7758 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7759 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7760 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7761 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7762 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7763 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7764 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7765 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7766 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7767 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7768 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7769 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7770 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7771 HCI_MGMT_VAR_LEN },
7772 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7773 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7774 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7775 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7776 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7777 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7778 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7779 { set_advertising, MGMT_SETTING_SIZE },
7780 { set_bredr, MGMT_SETTING_SIZE },
7781 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7782 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7783 { set_secure_conn, MGMT_SETTING_SIZE },
7784 { set_debug_keys, MGMT_SETTING_SIZE },
7785 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7786 { load_irks, MGMT_LOAD_IRKS_SIZE,
7787 HCI_MGMT_VAR_LEN },
7788 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7789 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7790 { add_device, MGMT_ADD_DEVICE_SIZE },
7791 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7792 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7793 HCI_MGMT_VAR_LEN },
7794 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7795 HCI_MGMT_NO_HDEV |
7796 HCI_MGMT_UNTRUSTED },
7797 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7798 HCI_MGMT_UNCONFIGURED |
7799 HCI_MGMT_UNTRUSTED },
7800 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7801 HCI_MGMT_UNCONFIGURED },
7802 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7803 HCI_MGMT_UNCONFIGURED },
7804 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7805 HCI_MGMT_VAR_LEN },
7806 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7807 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7808 HCI_MGMT_NO_HDEV |
7809 HCI_MGMT_UNTRUSTED },
7810 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7811 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7812 HCI_MGMT_VAR_LEN },
7813 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7814 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
7815 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
7816 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7817 HCI_MGMT_UNTRUSTED },
7818 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
7819 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
7820 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
7821 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
7822 HCI_MGMT_VAR_LEN },
7823 { set_wideband_speech, MGMT_SETTING_SIZE },
7824 { read_security_info, MGMT_READ_SECURITY_INFO_SIZE,
7825 HCI_MGMT_UNTRUSTED },
7826 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
7827 HCI_MGMT_UNTRUSTED |
7828 HCI_MGMT_HDEV_OPTIONAL },
7829 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
7830 HCI_MGMT_VAR_LEN |
7831 HCI_MGMT_HDEV_OPTIONAL },
7832 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
7833 HCI_MGMT_UNTRUSTED },
7834 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
7835 HCI_MGMT_VAR_LEN },
7836 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
7837 HCI_MGMT_UNTRUSTED },
7838 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
7839 HCI_MGMT_VAR_LEN },
7840 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
7841 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
7842 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
7843 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
7844 HCI_MGMT_VAR_LEN },
7845 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
7846};
7847
7848void mgmt_index_added(struct hci_dev *hdev)
7849{
7850 struct mgmt_ev_ext_index ev;
7851
7852 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7853 return;
7854
7855 switch (hdev->dev_type) {
7856 case HCI_PRIMARY:
7857 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7858 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7859 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7860 ev.type = 0x01;
7861 } else {
7862 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7863 HCI_MGMT_INDEX_EVENTS);
7864 ev.type = 0x00;
7865 }
7866 break;
7867 case HCI_AMP:
7868 ev.type = 0x02;
7869 break;
7870 default:
7871 return;
7872 }
7873
7874 ev.bus = hdev->bus;
7875
7876 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7877 HCI_MGMT_EXT_INDEX_EVENTS);
7878}
7879
7880void mgmt_index_removed(struct hci_dev *hdev)
7881{
7882 struct mgmt_ev_ext_index ev;
7883 u8 status = MGMT_STATUS_INVALID_INDEX;
7884
7885 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7886 return;
7887
7888 switch (hdev->dev_type) {
7889 case HCI_PRIMARY:
7890 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7891
7892 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7893 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7894 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7895 ev.type = 0x01;
7896 } else {
7897 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7898 HCI_MGMT_INDEX_EVENTS);
7899 ev.type = 0x00;
7900 }
7901 break;
7902 case HCI_AMP:
7903 ev.type = 0x02;
7904 break;
7905 default:
7906 return;
7907 }
7908
7909 ev.bus = hdev->bus;
7910
7911 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7912 HCI_MGMT_EXT_INDEX_EVENTS);
7913}
7914
7915
7916static void restart_le_actions(struct hci_dev *hdev)
7917{
7918 struct hci_conn_params *p;
7919
7920 list_for_each_entry(p, &hdev->le_conn_params, list) {
7921
7922
7923
7924 list_del_init(&p->action);
7925
7926 switch (p->auto_connect) {
7927 case HCI_AUTO_CONN_DIRECT:
7928 case HCI_AUTO_CONN_ALWAYS:
7929 list_add(&p->action, &hdev->pend_le_conns);
7930 break;
7931 case HCI_AUTO_CONN_REPORT:
7932 list_add(&p->action, &hdev->pend_le_reports);
7933 break;
7934 default:
7935 break;
7936 }
7937 }
7938}
7939
7940void mgmt_power_on(struct hci_dev *hdev, int err)
7941{
7942 struct cmd_lookup match = { NULL, hdev };
7943
7944 bt_dev_dbg(hdev, "err %d", err);
7945
7946 hci_dev_lock(hdev);
7947
7948 if (!err) {
7949 restart_le_actions(hdev);
7950 hci_update_background_scan(hdev);
7951 }
7952
7953 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7954
7955 new_settings(hdev, match.sk);
7956
7957 if (match.sk)
7958 sock_put(match.sk);
7959
7960 hci_dev_unlock(hdev);
7961}
7962
7963void __mgmt_power_off(struct hci_dev *hdev)
7964{
7965 struct cmd_lookup match = { NULL, hdev };
7966 u8 status, zero_cod[] = { 0, 0, 0 };
7967
7968 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7969
7970
7971
7972
7973
7974
7975
7976
7977 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7978 status = MGMT_STATUS_INVALID_INDEX;
7979 else
7980 status = MGMT_STATUS_NOT_POWERED;
7981
7982 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7983
7984 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7985 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7986 zero_cod, sizeof(zero_cod),
7987 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7988 ext_info_changed(hdev, NULL);
7989 }
7990
7991 new_settings(hdev, match.sk);
7992
7993 if (match.sk)
7994 sock_put(match.sk);
7995}
7996
7997void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7998{
7999 struct mgmt_pending_cmd *cmd;
8000 u8 status;
8001
8002 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8003 if (!cmd)
8004 return;
8005
8006 if (err == -ERFKILL)
8007 status = MGMT_STATUS_RFKILLED;
8008 else
8009 status = MGMT_STATUS_FAILED;
8010
8011 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8012
8013 mgmt_pending_remove(cmd);
8014}
8015
8016void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8017 bool persistent)
8018{
8019 struct mgmt_ev_new_link_key ev;
8020
8021 memset(&ev, 0, sizeof(ev));
8022
8023 ev.store_hint = persistent;
8024 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8025 ev.key.addr.type = BDADDR_BREDR;
8026 ev.key.type = key->type;
8027 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8028 ev.key.pin_len = key->pin_len;
8029
8030 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8031}
8032
8033static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8034{
8035 switch (ltk->type) {
8036 case SMP_LTK:
8037 case SMP_LTK_SLAVE:
8038 if (ltk->authenticated)
8039 return MGMT_LTK_AUTHENTICATED;
8040 return MGMT_LTK_UNAUTHENTICATED;
8041 case SMP_LTK_P256:
8042 if (ltk->authenticated)
8043 return MGMT_LTK_P256_AUTH;
8044 return MGMT_LTK_P256_UNAUTH;
8045 case SMP_LTK_P256_DEBUG:
8046 return MGMT_LTK_P256_DEBUG;
8047 }
8048
8049 return MGMT_LTK_UNAUTHENTICATED;
8050}
8051
8052void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8053{
8054 struct mgmt_ev_new_long_term_key ev;
8055
8056 memset(&ev, 0, sizeof(ev));
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8070 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8071 ev.store_hint = 0x00;
8072 else
8073 ev.store_hint = persistent;
8074
8075 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8076 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8077 ev.key.type = mgmt_ltk_type(key);
8078 ev.key.enc_size = key->enc_size;
8079 ev.key.ediv = key->ediv;
8080 ev.key.rand = key->rand;
8081
8082 if (key->type == SMP_LTK)
8083 ev.key.master = 1;
8084
8085
8086
8087
8088 memcpy(ev.key.val, key->val, key->enc_size);
8089 memset(ev.key.val + key->enc_size, 0,
8090 sizeof(ev.key.val) - key->enc_size);
8091
8092 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8093}
8094
8095void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
8096{
8097 struct mgmt_ev_new_irk ev;
8098
8099 memset(&ev, 0, sizeof(ev));
8100
8101 ev.store_hint = persistent;
8102
8103 bacpy(&ev.rpa, &irk->rpa);
8104 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8105 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8106 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8107
8108 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8109}
8110
8111void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8112 bool persistent)
8113{
8114 struct mgmt_ev_new_csrk ev;
8115
8116 memset(&ev, 0, sizeof(ev));
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8128 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8129 ev.store_hint = 0x00;
8130 else
8131 ev.store_hint = persistent;
8132
8133 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8134 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8135 ev.key.type = csrk->type;
8136 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8137
8138 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8139}
8140
8141void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8142 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8143 u16 max_interval, u16 latency, u16 timeout)
8144{
8145 struct mgmt_ev_new_conn_param ev;
8146
8147 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8148 return;
8149
8150 memset(&ev, 0, sizeof(ev));
8151 bacpy(&ev.addr.bdaddr, bdaddr);
8152 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8153 ev.store_hint = store_hint;
8154 ev.min_interval = cpu_to_le16(min_interval);
8155 ev.max_interval = cpu_to_le16(max_interval);
8156 ev.latency = cpu_to_le16(latency);
8157 ev.timeout = cpu_to_le16(timeout);
8158
8159 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8160}
8161
8162void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8163 u32 flags, u8 *name, u8 name_len)
8164{
8165 char buf[512];
8166 struct mgmt_ev_device_connected *ev = (void *) buf;
8167 u16 eir_len = 0;
8168
8169 bacpy(&ev->addr.bdaddr, &conn->dst);
8170 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8171
8172 ev->flags = __cpu_to_le32(flags);
8173
8174
8175
8176
8177
8178 if (conn->le_adv_data_len > 0) {
8179 memcpy(&ev->eir[eir_len],
8180 conn->le_adv_data, conn->le_adv_data_len);
8181 eir_len = conn->le_adv_data_len;
8182 } else {
8183 if (name_len > 0)
8184 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8185 name, name_len);
8186
8187 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8188 eir_len = eir_append_data(ev->eir, eir_len,
8189 EIR_CLASS_OF_DEV,
8190 conn->dev_class, 3);
8191 }
8192
8193 ev->eir_len = cpu_to_le16(eir_len);
8194
8195 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8196 sizeof(*ev) + eir_len, NULL);
8197}
8198
8199static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8200{
8201 struct sock **sk = data;
8202
8203 cmd->cmd_complete(cmd, 0);
8204
8205 *sk = cmd->sk;
8206 sock_hold(*sk);
8207
8208 mgmt_pending_remove(cmd);
8209}
8210
8211static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
8212{
8213 struct hci_dev *hdev = data;
8214 struct mgmt_cp_unpair_device *cp = cmd->param;
8215
8216 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8217
8218 cmd->cmd_complete(cmd, 0);
8219 mgmt_pending_remove(cmd);
8220}
8221
8222bool mgmt_powering_down(struct hci_dev *hdev)
8223{
8224 struct mgmt_pending_cmd *cmd;
8225 struct mgmt_mode *cp;
8226
8227 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
8228 if (!cmd)
8229 return false;
8230
8231 cp = cmd->param;
8232 if (!cp->val)
8233 return true;
8234
8235 return false;
8236}
8237
8238void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8239 u8 link_type, u8 addr_type, u8 reason,
8240 bool mgmt_connected)
8241{
8242 struct mgmt_ev_device_disconnected ev;
8243 struct sock *sk = NULL;
8244
8245
8246
8247
8248 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8249 cancel_delayed_work(&hdev->power_off);
8250 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8251 }
8252
8253 if (!mgmt_connected)
8254 return;
8255
8256 if (link_type != ACL_LINK && link_type != LE_LINK)
8257 return;
8258
8259 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8260
8261 bacpy(&ev.addr.bdaddr, bdaddr);
8262 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8263 ev.reason = reason;
8264
8265 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8266
8267 if (sk)
8268 sock_put(sk);
8269
8270 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8271 hdev);
8272}
8273
8274void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8275 u8 link_type, u8 addr_type, u8 status)
8276{
8277 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8278 struct mgmt_cp_disconnect *cp;
8279 struct mgmt_pending_cmd *cmd;
8280
8281 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8282 hdev);
8283
8284 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8285 if (!cmd)
8286 return;
8287
8288 cp = cmd->param;
8289
8290 if (bacmp(bdaddr, &cp->addr.bdaddr))
8291 return;
8292
8293 if (cp->addr.type != bdaddr_type)
8294 return;
8295
8296 cmd->cmd_complete(cmd, mgmt_status(status));
8297 mgmt_pending_remove(cmd);
8298}
8299
8300void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8301 u8 addr_type, u8 status)
8302{
8303 struct mgmt_ev_connect_failed ev;
8304
8305
8306
8307
8308 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8309 cancel_delayed_work(&hdev->power_off);
8310 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8311 }
8312
8313 bacpy(&ev.addr.bdaddr, bdaddr);
8314 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8315 ev.status = mgmt_status(status);
8316
8317 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8318}
8319
8320void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8321{
8322 struct mgmt_ev_pin_code_request ev;
8323
8324 bacpy(&ev.addr.bdaddr, bdaddr);
8325 ev.addr.type = BDADDR_BREDR;
8326 ev.secure = secure;
8327
8328 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8329}
8330
8331void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8332 u8 status)
8333{
8334 struct mgmt_pending_cmd *cmd;
8335
8336 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8337 if (!cmd)
8338 return;
8339
8340 cmd->cmd_complete(cmd, mgmt_status(status));
8341 mgmt_pending_remove(cmd);
8342}
8343
8344void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8345 u8 status)
8346{
8347 struct mgmt_pending_cmd *cmd;
8348
8349 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8350 if (!cmd)
8351 return;
8352
8353 cmd->cmd_complete(cmd, mgmt_status(status));
8354 mgmt_pending_remove(cmd);
8355}
8356
8357int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8358 u8 link_type, u8 addr_type, u32 value,
8359 u8 confirm_hint)
8360{
8361 struct mgmt_ev_user_confirm_request ev;
8362
8363 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8364
8365 bacpy(&ev.addr.bdaddr, bdaddr);
8366 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8367 ev.confirm_hint = confirm_hint;
8368 ev.value = cpu_to_le32(value);
8369
8370 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8371 NULL);
8372}
8373
8374int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8375 u8 link_type, u8 addr_type)
8376{
8377 struct mgmt_ev_user_passkey_request ev;
8378
8379 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8380
8381 bacpy(&ev.addr.bdaddr, bdaddr);
8382 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8383
8384 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8385 NULL);
8386}
8387
8388static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8389 u8 link_type, u8 addr_type, u8 status,
8390 u8 opcode)
8391{
8392 struct mgmt_pending_cmd *cmd;
8393
8394 cmd = pending_find(opcode, hdev);
8395 if (!cmd)
8396 return -ENOENT;
8397
8398 cmd->cmd_complete(cmd, mgmt_status(status));
8399 mgmt_pending_remove(cmd);
8400
8401 return 0;
8402}
8403
8404int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8405 u8 link_type, u8 addr_type, u8 status)
8406{
8407 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8408 status, MGMT_OP_USER_CONFIRM_REPLY);
8409}
8410
8411int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8412 u8 link_type, u8 addr_type, u8 status)
8413{
8414 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8415 status,
8416 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8417}
8418
8419int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8420 u8 link_type, u8 addr_type, u8 status)
8421{
8422 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8423 status, MGMT_OP_USER_PASSKEY_REPLY);
8424}
8425
8426int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8427 u8 link_type, u8 addr_type, u8 status)
8428{
8429 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8430 status,
8431 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8432}
8433
8434int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8435 u8 link_type, u8 addr_type, u32 passkey,
8436 u8 entered)
8437{
8438 struct mgmt_ev_passkey_notify ev;
8439
8440 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
8441
8442 bacpy(&ev.addr.bdaddr, bdaddr);
8443 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8444 ev.passkey = __cpu_to_le32(passkey);
8445 ev.entered = entered;
8446
8447 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8448}
8449
8450void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8451{
8452 struct mgmt_ev_auth_failed ev;
8453 struct mgmt_pending_cmd *cmd;
8454 u8 status = mgmt_status(hci_status);
8455
8456 bacpy(&ev.addr.bdaddr, &conn->dst);
8457 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8458 ev.status = status;
8459
8460 cmd = find_pairing(conn);
8461
8462 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8463 cmd ? cmd->sk : NULL);
8464
8465 if (cmd) {
8466 cmd->cmd_complete(cmd, status);
8467 mgmt_pending_remove(cmd);
8468 }
8469}
8470
8471void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8472{
8473 struct cmd_lookup match = { NULL, hdev };
8474 bool changed;
8475
8476 if (status) {
8477 u8 mgmt_err = mgmt_status(status);
8478 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8479 cmd_status_rsp, &mgmt_err);
8480 return;
8481 }
8482
8483 if (test_bit(HCI_AUTH, &hdev->flags))
8484 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8485 else
8486 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8487
8488 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8489 &match);
8490
8491 if (changed)
8492 new_settings(hdev, match.sk);
8493
8494 if (match.sk)
8495 sock_put(match.sk);
8496}
8497
8498static void clear_eir(struct hci_request *req)
8499{
8500 struct hci_dev *hdev = req->hdev;
8501 struct hci_cp_write_eir cp;
8502
8503 if (!lmp_ext_inq_capable(hdev))
8504 return;
8505
8506 memset(hdev->eir, 0, sizeof(hdev->eir));
8507
8508 memset(&cp, 0, sizeof(cp));
8509
8510 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8511}
8512
8513void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8514{
8515 struct cmd_lookup match = { NULL, hdev };
8516 struct hci_request req;
8517 bool changed = false;
8518
8519 if (status) {
8520 u8 mgmt_err = mgmt_status(status);
8521
8522 if (enable && hci_dev_test_and_clear_flag(hdev,
8523 HCI_SSP_ENABLED)) {
8524 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8525 new_settings(hdev, NULL);
8526 }
8527
8528 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8529 &mgmt_err);
8530 return;
8531 }
8532
8533 if (enable) {
8534 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8535 } else {
8536 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8537 if (!changed)
8538 changed = hci_dev_test_and_clear_flag(hdev,
8539 HCI_HS_ENABLED);
8540 else
8541 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8542 }
8543
8544 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8545
8546 if (changed)
8547 new_settings(hdev, match.sk);
8548
8549 if (match.sk)
8550 sock_put(match.sk);
8551
8552 hci_req_init(&req, hdev);
8553
8554 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8555 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8556 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8557 sizeof(enable), &enable);
8558 __hci_req_update_eir(&req);
8559 } else {
8560 clear_eir(&req);
8561 }
8562
8563 hci_req_run(&req, NULL);
8564}
8565
8566static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8567{
8568 struct cmd_lookup *match = data;
8569
8570 if (match->sk == NULL) {
8571 match->sk = cmd->sk;
8572 sock_hold(match->sk);
8573 }
8574}
8575
8576void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8577 u8 status)
8578{
8579 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8580
8581 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8582 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8583 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8584
8585 if (!status) {
8586 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
8587 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
8588 ext_info_changed(hdev, NULL);
8589 }
8590
8591 if (match.sk)
8592 sock_put(match.sk);
8593}
8594
8595void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8596{
8597 struct mgmt_cp_set_local_name ev;
8598 struct mgmt_pending_cmd *cmd;
8599
8600 if (status)
8601 return;
8602
8603 memset(&ev, 0, sizeof(ev));
8604 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8605 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8606
8607 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8608 if (!cmd) {
8609 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8610
8611
8612
8613
8614 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8615 return;
8616 }
8617
8618 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8619 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
8620 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
8621}
8622
8623static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8624{
8625 int i;
8626
8627 for (i = 0; i < uuid_count; i++) {
8628 if (!memcmp(uuid, uuids[i], 16))
8629 return true;
8630 }
8631
8632 return false;
8633}
8634
8635static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8636{
8637 u16 parsed = 0;
8638
8639 while (parsed < eir_len) {
8640 u8 field_len = eir[0];
8641 u8 uuid[16];
8642 int i;
8643
8644 if (field_len == 0)
8645 break;
8646
8647 if (eir_len - parsed < field_len + 1)
8648 break;
8649
8650 switch (eir[1]) {
8651 case EIR_UUID16_ALL:
8652 case EIR_UUID16_SOME:
8653 for (i = 0; i + 3 <= field_len; i += 2) {
8654 memcpy(uuid, bluetooth_base_uuid, 16);
8655 uuid[13] = eir[i + 3];
8656 uuid[12] = eir[i + 2];
8657 if (has_uuid(uuid, uuid_count, uuids))
8658 return true;
8659 }
8660 break;
8661 case EIR_UUID32_ALL:
8662 case EIR_UUID32_SOME:
8663 for (i = 0; i + 5 <= field_len; i += 4) {
8664 memcpy(uuid, bluetooth_base_uuid, 16);
8665 uuid[15] = eir[i + 5];
8666 uuid[14] = eir[i + 4];
8667 uuid[13] = eir[i + 3];
8668 uuid[12] = eir[i + 2];
8669 if (has_uuid(uuid, uuid_count, uuids))
8670 return true;
8671 }
8672 break;
8673 case EIR_UUID128_ALL:
8674 case EIR_UUID128_SOME:
8675 for (i = 0; i + 17 <= field_len; i += 16) {
8676 memcpy(uuid, eir + i + 2, 16);
8677 if (has_uuid(uuid, uuid_count, uuids))
8678 return true;
8679 }
8680 break;
8681 }
8682
8683 parsed += field_len + 1;
8684 eir += field_len + 1;
8685 }
8686
8687 return false;
8688}
8689
8690static void restart_le_scan(struct hci_dev *hdev)
8691{
8692
8693 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8694 return;
8695
8696 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8697 hdev->discovery.scan_start +
8698 hdev->discovery.scan_duration))
8699 return;
8700
8701 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
8702 DISCOV_LE_RESTART_DELAY);
8703}
8704
8705static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8706 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8707{
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8718 (rssi == HCI_RSSI_INVALID ||
8719 (rssi < hdev->discovery.rssi &&
8720 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8721 return false;
8722
8723 if (hdev->discovery.uuid_count != 0) {
8724
8725
8726
8727 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8728 hdev->discovery.uuids) &&
8729 !eir_has_uuids(scan_rsp, scan_rsp_len,
8730 hdev->discovery.uuid_count,
8731 hdev->discovery.uuids))
8732 return false;
8733 }
8734
8735
8736
8737
8738 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8739 restart_le_scan(hdev);
8740
8741
8742 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8743 rssi < hdev->discovery.rssi)
8744 return false;
8745 }
8746
8747 return true;
8748}
8749
8750void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8751 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8752 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8753{
8754 char buf[512];
8755 struct mgmt_ev_device_found *ev = (void *)buf;
8756 size_t ev_size;
8757
8758
8759
8760
8761
8762 if (!hci_discovery_active(hdev)) {
8763 if (link_type == ACL_LINK)
8764 return;
8765 if (link_type == LE_LINK &&
8766 list_empty(&hdev->pend_le_reports) &&
8767 !hci_is_adv_monitoring(hdev)) {
8768 return;
8769 }
8770 }
8771
8772 if (hdev->discovery.result_filtering) {
8773
8774 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8775 scan_rsp_len))
8776 return;
8777 }
8778
8779 if (hdev->discovery.limited) {
8780
8781 if (dev_class) {
8782 if (!(dev_class[1] & 0x20))
8783 return;
8784 } else {
8785 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
8786 if (!flags || !(flags[0] & LE_AD_LIMITED))
8787 return;
8788 }
8789 }
8790
8791
8792
8793
8794 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8795 return;
8796
8797 memset(buf, 0, sizeof(buf));
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8808 link_type == ACL_LINK)
8809 rssi = 0;
8810
8811 bacpy(&ev->addr.bdaddr, bdaddr);
8812 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8813 ev->rssi = rssi;
8814 ev->flags = cpu_to_le32(flags);
8815
8816 if (eir_len > 0)
8817
8818 memcpy(ev->eir, eir, eir_len);
8819
8820 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8821 NULL))
8822 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8823 dev_class, 3);
8824
8825 if (scan_rsp_len > 0)
8826
8827 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8828
8829 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8830 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8831
8832 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8833}
8834
8835void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8836 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8837{
8838 struct mgmt_ev_device_found *ev;
8839 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8840 u16 eir_len;
8841
8842 ev = (struct mgmt_ev_device_found *) buf;
8843
8844 memset(buf, 0, sizeof(buf));
8845
8846 bacpy(&ev->addr.bdaddr, bdaddr);
8847 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8848 ev->rssi = rssi;
8849
8850 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8851 name_len);
8852
8853 ev->eir_len = cpu_to_le16(eir_len);
8854
8855 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8856}
8857
8858void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8859{
8860 struct mgmt_ev_discovering ev;
8861
8862 bt_dev_dbg(hdev, "discovering %u", discovering);
8863
8864 memset(&ev, 0, sizeof(ev));
8865 ev.type = hdev->discovery.type;
8866 ev.discovering = discovering;
8867
8868 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8869}
8870
8871static struct hci_mgmt_chan chan = {
8872 .channel = HCI_CHANNEL_CONTROL,
8873 .handler_count = ARRAY_SIZE(mgmt_handlers),
8874 .handlers = mgmt_handlers,
8875 .hdev_init = mgmt_init_hdev,
8876};
8877
8878int mgmt_init(void)
8879{
8880 return hci_mgmt_chan_register(&chan);
8881}
8882
8883void mgmt_exit(void)
8884{
8885 hci_mgmt_chan_unregister(&chan);
8886}
8887
