Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/hci_sock.h>
33#include <net/bluetooth/l2cap.h>
34#include <net/bluetooth/mgmt.h>
35
36#include "hci_request.h"
37#include "smp.h"
38#include "mgmt_util.h"
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 15
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 MGMT_OP_SET_BLOCKED_KEYS,
110};
111
112static const u16 mgmt_events[] = {
113 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_ADDED,
115 MGMT_EV_INDEX_REMOVED,
116 MGMT_EV_NEW_SETTINGS,
117 MGMT_EV_CLASS_OF_DEV_CHANGED,
118 MGMT_EV_LOCAL_NAME_CHANGED,
119 MGMT_EV_NEW_LINK_KEY,
120 MGMT_EV_NEW_LONG_TERM_KEY,
121 MGMT_EV_DEVICE_CONNECTED,
122 MGMT_EV_DEVICE_DISCONNECTED,
123 MGMT_EV_CONNECT_FAILED,
124 MGMT_EV_PIN_CODE_REQUEST,
125 MGMT_EV_USER_CONFIRM_REQUEST,
126 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_AUTH_FAILED,
128 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DISCOVERING,
130 MGMT_EV_DEVICE_BLOCKED,
131 MGMT_EV_DEVICE_UNBLOCKED,
132 MGMT_EV_DEVICE_UNPAIRED,
133 MGMT_EV_PASSKEY_NOTIFY,
134 MGMT_EV_NEW_IRK,
135 MGMT_EV_NEW_CSRK,
136 MGMT_EV_DEVICE_ADDED,
137 MGMT_EV_DEVICE_REMOVED,
138 MGMT_EV_NEW_CONN_PARAM,
139 MGMT_EV_UNCONF_INDEX_ADDED,
140 MGMT_EV_UNCONF_INDEX_REMOVED,
141 MGMT_EV_NEW_CONFIG_OPTIONS,
142 MGMT_EV_EXT_INDEX_ADDED,
143 MGMT_EV_EXT_INDEX_REMOVED,
144 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
145 MGMT_EV_ADVERTISING_ADDED,
146 MGMT_EV_ADVERTISING_REMOVED,
147 MGMT_EV_EXT_INFO_CHANGED,
148};
149
150static const u16 mgmt_untrusted_commands[] = {
151 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_INFO,
153 MGMT_OP_READ_UNCONF_INDEX_LIST,
154 MGMT_OP_READ_CONFIG_INFO,
155 MGMT_OP_READ_EXT_INDEX_LIST,
156 MGMT_OP_READ_EXT_INFO,
157};
158
159static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_ADDED,
161 MGMT_EV_INDEX_REMOVED,
162 MGMT_EV_NEW_SETTINGS,
163 MGMT_EV_CLASS_OF_DEV_CHANGED,
164 MGMT_EV_LOCAL_NAME_CHANGED,
165 MGMT_EV_UNCONF_INDEX_ADDED,
166 MGMT_EV_UNCONF_INDEX_REMOVED,
167 MGMT_EV_NEW_CONFIG_OPTIONS,
168 MGMT_EV_EXT_INDEX_ADDED,
169 MGMT_EV_EXT_INDEX_REMOVED,
170 MGMT_EV_EXT_INFO_CHANGED,
171};
172
173#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174
175#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
176 "\x00\x00\x00\x00\x00\x00\x00\x00"
177
178/* HCI to MGMT error code conversion table */
179static const u8 mgmt_status_table[] = {
180 MGMT_STATUS_SUCCESS,
181 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
182 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
183 MGMT_STATUS_FAILED, /* Hardware Failure */
184 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
185 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
186 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
187 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
188 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
190 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
191 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
192 MGMT_STATUS_BUSY, /* Command Disallowed */
193 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
194 MGMT_STATUS_REJECTED, /* Rejected Security */
195 MGMT_STATUS_REJECTED, /* Rejected Personal */
196 MGMT_STATUS_TIMEOUT, /* Host Timeout */
197 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
198 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
199 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
200 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
201 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
202 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
203 MGMT_STATUS_BUSY, /* Repeated Attempts */
204 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
205 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
207 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
208 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
209 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
210 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
211 MGMT_STATUS_FAILED, /* Unspecified Error */
212 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
213 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
214 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
215 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
216 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
217 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
218 MGMT_STATUS_FAILED, /* Unit Link Key Used */
219 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
220 MGMT_STATUS_TIMEOUT, /* Instant Passed */
221 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
222 MGMT_STATUS_FAILED, /* Transaction Collision */
223 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
224 MGMT_STATUS_REJECTED, /* QoS Rejected */
225 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
226 MGMT_STATUS_REJECTED, /* Insufficient Security */
227 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
228 MGMT_STATUS_BUSY, /* Role Switch Pending */
229 MGMT_STATUS_FAILED, /* Slot Violation */
230 MGMT_STATUS_FAILED, /* Role Switch Failed */
231 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
232 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
233 MGMT_STATUS_BUSY, /* Host Busy Pairing */
234 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
235 MGMT_STATUS_BUSY, /* Controller Busy */
236 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
237 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
238 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
239 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
240 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
241};
242
243static u8 mgmt_status(u8 hci_status)
244{
245 if (hci_status < ARRAY_SIZE(mgmt_status_table))
246 return mgmt_status_table[hci_status];
247
248 return MGMT_STATUS_FAILED;
249}
250
251static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, NULL);
256}
257
258static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, int flag, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 flag, skip_sk);
263}
264
265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
269 HCI_SOCK_TRUSTED, skip_sk);
270}
271
272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
280void mgmt_fill_version_info(void *ver)
281{
282 struct mgmt_rp_read_version *rp = ver;
283
284 rp->version = MGMT_VERSION;
285 rp->revision = cpu_to_le16(MGMT_REVISION);
286}
287
288static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290{
291 struct mgmt_rp_read_version rp;
292
293 BT_DBG("sock %p", sk);
294
295 mgmt_fill_version_info(&rp);
296
297 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
298 &rp, sizeof(rp));
299}
300
301static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
302 u16 data_len)
303{
304 struct mgmt_rp_read_commands *rp;
305 u16 num_commands, num_events;
306 size_t rp_size;
307 int i, err;
308
309 BT_DBG("sock %p", sk);
310
311 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
312 num_commands = ARRAY_SIZE(mgmt_commands);
313 num_events = ARRAY_SIZE(mgmt_events);
314 } else {
315 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
316 num_events = ARRAY_SIZE(mgmt_untrusted_events);
317 }
318
319 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
320
321 rp = kmalloc(rp_size, GFP_KERNEL);
322 if (!rp)
323 return -ENOMEM;
324
325 rp->num_commands = cpu_to_le16(num_commands);
326 rp->num_events = cpu_to_le16(num_events);
327
328 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
329 __le16 *opcode = rp->opcodes;
330
331 for (i = 0; i < num_commands; i++, opcode++)
332 put_unaligned_le16(mgmt_commands[i], opcode);
333
334 for (i = 0; i < num_events; i++, opcode++)
335 put_unaligned_le16(mgmt_events[i], opcode);
336 } else {
337 __le16 *opcode = rp->opcodes;
338
339 for (i = 0; i < num_commands; i++, opcode++)
340 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
341
342 for (i = 0; i < num_events; i++, opcode++)
343 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
344 }
345
346 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
347 rp, rp_size);
348 kfree(rp);
349
350 return err;
351}
352
353static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
354 u16 data_len)
355{
356 struct mgmt_rp_read_index_list *rp;
357 struct hci_dev *d;
358 size_t rp_len;
359 u16 count;
360 int err;
361
362 BT_DBG("sock %p", sk);
363
364 read_lock(&hci_dev_list_lock);
365
366 count = 0;
367 list_for_each_entry(d, &hci_dev_list, list) {
368 if (d->dev_type == HCI_PRIMARY &&
369 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
370 count++;
371 }
372
373 rp_len = sizeof(*rp) + (2 * count);
374 rp = kmalloc(rp_len, GFP_ATOMIC);
375 if (!rp) {
376 read_unlock(&hci_dev_list_lock);
377 return -ENOMEM;
378 }
379
380 count = 0;
381 list_for_each_entry(d, &hci_dev_list, list) {
382 if (hci_dev_test_flag(d, HCI_SETUP) ||
383 hci_dev_test_flag(d, HCI_CONFIG) ||
384 hci_dev_test_flag(d, HCI_USER_CHANNEL))
385 continue;
386
387 /* Devices marked as raw-only are neither configured
388 * nor unconfigured controllers.
389 */
390 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
391 continue;
392
393 if (d->dev_type == HCI_PRIMARY &&
394 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
395 rp->index[count++] = cpu_to_le16(d->id);
396 BT_DBG("Added hci%u", d->id);
397 }
398 }
399
400 rp->num_controllers = cpu_to_le16(count);
401 rp_len = sizeof(*rp) + (2 * count);
402
403 read_unlock(&hci_dev_list_lock);
404
405 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
406 0, rp, rp_len);
407
408 kfree(rp);
409
410 return err;
411}
412
413static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
414 void *data, u16 data_len)
415{
416 struct mgmt_rp_read_unconf_index_list *rp;
417 struct hci_dev *d;
418 size_t rp_len;
419 u16 count;
420 int err;
421
422 BT_DBG("sock %p", sk);
423
424 read_lock(&hci_dev_list_lock);
425
426 count = 0;
427 list_for_each_entry(d, &hci_dev_list, list) {
428 if (d->dev_type == HCI_PRIMARY &&
429 hci_dev_test_flag(d, HCI_UNCONFIGURED))
430 count++;
431 }
432
433 rp_len = sizeof(*rp) + (2 * count);
434 rp = kmalloc(rp_len, GFP_ATOMIC);
435 if (!rp) {
436 read_unlock(&hci_dev_list_lock);
437 return -ENOMEM;
438 }
439
440 count = 0;
441 list_for_each_entry(d, &hci_dev_list, list) {
442 if (hci_dev_test_flag(d, HCI_SETUP) ||
443 hci_dev_test_flag(d, HCI_CONFIG) ||
444 hci_dev_test_flag(d, HCI_USER_CHANNEL))
445 continue;
446
447 /* Devices marked as raw-only are neither configured
448 * nor unconfigured controllers.
449 */
450 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
451 continue;
452
453 if (d->dev_type == HCI_PRIMARY &&
454 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
455 rp->index[count++] = cpu_to_le16(d->id);
456 BT_DBG("Added hci%u", d->id);
457 }
458 }
459
460 rp->num_controllers = cpu_to_le16(count);
461 rp_len = sizeof(*rp) + (2 * count);
462
463 read_unlock(&hci_dev_list_lock);
464
465 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
466 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
467
468 kfree(rp);
469
470 return err;
471}
472
473static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
474 void *data, u16 data_len)
475{
476 struct mgmt_rp_read_ext_index_list *rp;
477 struct hci_dev *d;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
488 count++;
489 }
490
491 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
492 if (!rp) {
493 read_unlock(&hci_dev_list_lock);
494 return -ENOMEM;
495 }
496
497 count = 0;
498 list_for_each_entry(d, &hci_dev_list, list) {
499 if (hci_dev_test_flag(d, HCI_SETUP) ||
500 hci_dev_test_flag(d, HCI_CONFIG) ||
501 hci_dev_test_flag(d, HCI_USER_CHANNEL))
502 continue;
503
504 /* Devices marked as raw-only are neither configured
505 * nor unconfigured controllers.
506 */
507 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
508 continue;
509
510 if (d->dev_type == HCI_PRIMARY) {
511 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
512 rp->entry[count].type = 0x01;
513 else
514 rp->entry[count].type = 0x00;
515 } else if (d->dev_type == HCI_AMP) {
516 rp->entry[count].type = 0x02;
517 } else {
518 continue;
519 }
520
521 rp->entry[count].bus = d->bus;
522 rp->entry[count++].index = cpu_to_le16(d->id);
523 BT_DBG("Added hci%u", d->id);
524 }
525
526 rp->num_controllers = cpu_to_le16(count);
527
528 read_unlock(&hci_dev_list_lock);
529
530 /* If this command is called at least once, then all the
531 * default index and unconfigured index events are disabled
532 * and from now on only extended index events are used.
533 */
534 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
536 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
537
538 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
539 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
540 struct_size(rp, entry, count));
541
542 kfree(rp);
543
544 return err;
545}
546
547static bool is_configured(struct hci_dev *hdev)
548{
549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
550 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
551 return false;
552
553 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
554 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559}
560
561static __le32 get_missing_options(struct hci_dev *hdev)
562{
563 u32 options = 0;
564
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
569 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
570 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
571 !bacmp(&hdev->public_addr, BDADDR_ANY))
572 options |= MGMT_OPTION_PUBLIC_ADDRESS;
573
574 return cpu_to_le32(options);
575}
576
577static int new_options(struct hci_dev *hdev, struct sock *skip)
578{
579 __le32 options = get_missing_options(hdev);
580
581 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
582 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
583}
584
585static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
586{
587 __le32 options = get_missing_options(hdev);
588
589 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
590 sizeof(options));
591}
592
593static int read_config_info(struct sock *sk, struct hci_dev *hdev,
594 void *data, u16 data_len)
595{
596 struct mgmt_rp_read_config_info rp;
597 u32 options = 0;
598
599 BT_DBG("sock %p %s", sk, hdev->name);
600
601 hci_dev_lock(hdev);
602
603 memset(&rp, 0, sizeof(rp));
604 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
605
606 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
607 options |= MGMT_OPTION_EXTERNAL_CONFIG;
608
609 if (hdev->set_bdaddr)
610 options |= MGMT_OPTION_PUBLIC_ADDRESS;
611
612 rp.supported_options = cpu_to_le32(options);
613 rp.missing_options = get_missing_options(hdev);
614
615 hci_dev_unlock(hdev);
616
617 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
618 &rp, sizeof(rp));
619}
620
621static u32 get_supported_phys(struct hci_dev *hdev)
622{
623 u32 supported_phys = 0;
624
625 if (lmp_bredr_capable(hdev)) {
626 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
627
628 if (hdev->features[0][0] & LMP_3SLOT)
629 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
630
631 if (hdev->features[0][0] & LMP_5SLOT)
632 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
633
634 if (lmp_edr_2m_capable(hdev)) {
635 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
636
637 if (lmp_edr_3slot_capable(hdev))
638 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
639
640 if (lmp_edr_5slot_capable(hdev))
641 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
642
643 if (lmp_edr_3m_capable(hdev)) {
644 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
645
646 if (lmp_edr_3slot_capable(hdev))
647 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
648
649 if (lmp_edr_5slot_capable(hdev))
650 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
651 }
652 }
653 }
654
655 if (lmp_le_capable(hdev)) {
656 supported_phys |= MGMT_PHY_LE_1M_TX;
657 supported_phys |= MGMT_PHY_LE_1M_RX;
658
659 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
660 supported_phys |= MGMT_PHY_LE_2M_TX;
661 supported_phys |= MGMT_PHY_LE_2M_RX;
662 }
663
664 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
665 supported_phys |= MGMT_PHY_LE_CODED_TX;
666 supported_phys |= MGMT_PHY_LE_CODED_RX;
667 }
668 }
669
670 return supported_phys;
671}
672
673static u32 get_selected_phys(struct hci_dev *hdev)
674{
675 u32 selected_phys = 0;
676
677 if (lmp_bredr_capable(hdev)) {
678 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
679
680 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
681 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
682
683 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
684 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
685
686 if (lmp_edr_2m_capable(hdev)) {
687 if (!(hdev->pkt_type & HCI_2DH1))
688 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
689
690 if (lmp_edr_3slot_capable(hdev) &&
691 !(hdev->pkt_type & HCI_2DH3))
692 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
693
694 if (lmp_edr_5slot_capable(hdev) &&
695 !(hdev->pkt_type & HCI_2DH5))
696 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
697
698 if (lmp_edr_3m_capable(hdev)) {
699 if (!(hdev->pkt_type & HCI_3DH1))
700 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
701
702 if (lmp_edr_3slot_capable(hdev) &&
703 !(hdev->pkt_type & HCI_3DH3))
704 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
705
706 if (lmp_edr_5slot_capable(hdev) &&
707 !(hdev->pkt_type & HCI_3DH5))
708 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
709 }
710 }
711 }
712
713 if (lmp_le_capable(hdev)) {
714 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
715 selected_phys |= MGMT_PHY_LE_1M_TX;
716
717 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
718 selected_phys |= MGMT_PHY_LE_1M_RX;
719
720 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
721 selected_phys |= MGMT_PHY_LE_2M_TX;
722
723 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
724 selected_phys |= MGMT_PHY_LE_2M_RX;
725
726 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
727 selected_phys |= MGMT_PHY_LE_CODED_TX;
728
729 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
730 selected_phys |= MGMT_PHY_LE_CODED_RX;
731 }
732
733 return selected_phys;
734}
735
736static u32 get_configurable_phys(struct hci_dev *hdev)
737{
738 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
739 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
740}
741
742static u32 get_supported_settings(struct hci_dev *hdev)
743{
744 u32 settings = 0;
745
746 settings |= MGMT_SETTING_POWERED;
747 settings |= MGMT_SETTING_BONDABLE;
748 settings |= MGMT_SETTING_DEBUG_KEYS;
749 settings |= MGMT_SETTING_CONNECTABLE;
750 settings |= MGMT_SETTING_DISCOVERABLE;
751
752 if (lmp_bredr_capable(hdev)) {
753 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
754 settings |= MGMT_SETTING_FAST_CONNECTABLE;
755 settings |= MGMT_SETTING_BREDR;
756 settings |= MGMT_SETTING_LINK_SECURITY;
757
758 if (lmp_ssp_capable(hdev)) {
759 settings |= MGMT_SETTING_SSP;
760 settings |= MGMT_SETTING_HS;
761 }
762
763 if (lmp_sc_capable(hdev))
764 settings |= MGMT_SETTING_SECURE_CONN;
765 }
766
767 if (lmp_le_capable(hdev)) {
768 settings |= MGMT_SETTING_LE;
769 settings |= MGMT_SETTING_ADVERTISING;
770 settings |= MGMT_SETTING_SECURE_CONN;
771 settings |= MGMT_SETTING_PRIVACY;
772 settings |= MGMT_SETTING_STATIC_ADDRESS;
773 }
774
775 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
776 hdev->set_bdaddr)
777 settings |= MGMT_SETTING_CONFIGURATION;
778
779 settings |= MGMT_SETTING_PHY_CONFIGURATION;
780
781 return settings;
782}
783
784static u32 get_current_settings(struct hci_dev *hdev)
785{
786 u32 settings = 0;
787
788 if (hdev_is_powered(hdev))
789 settings |= MGMT_SETTING_POWERED;
790
791 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
792 settings |= MGMT_SETTING_CONNECTABLE;
793
794 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
795 settings |= MGMT_SETTING_FAST_CONNECTABLE;
796
797 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
798 settings |= MGMT_SETTING_DISCOVERABLE;
799
800 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
801 settings |= MGMT_SETTING_BONDABLE;
802
803 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
804 settings |= MGMT_SETTING_BREDR;
805
806 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
807 settings |= MGMT_SETTING_LE;
808
809 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
810 settings |= MGMT_SETTING_LINK_SECURITY;
811
812 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
813 settings |= MGMT_SETTING_SSP;
814
815 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
816 settings |= MGMT_SETTING_HS;
817
818 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
819 settings |= MGMT_SETTING_ADVERTISING;
820
821 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
822 settings |= MGMT_SETTING_SECURE_CONN;
823
824 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
825 settings |= MGMT_SETTING_DEBUG_KEYS;
826
827 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
828 settings |= MGMT_SETTING_PRIVACY;
829
830 /* The current setting for static address has two purposes. The
831 * first is to indicate if the static address will be used and
832 * the second is to indicate if it is actually set.
833 *
834 * This means if the static address is not configured, this flag
835 * will never be set. If the address is configured, then if the
836 * address is actually used decides if the flag is set or not.
837 *
838 * For single mode LE only controllers and dual-mode controllers
839 * with BR/EDR disabled, the existence of the static address will
840 * be evaluated.
841 */
842 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
843 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
844 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
845 if (bacmp(&hdev->static_addr, BDADDR_ANY))
846 settings |= MGMT_SETTING_STATIC_ADDRESS;
847 }
848
849 return settings;
850}
851
852static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
853{
854 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
855}
856
857static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
858 struct hci_dev *hdev,
859 const void *data)
860{
861 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
862}
863
864u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
865{
866 struct mgmt_pending_cmd *cmd;
867
868 /* If there's a pending mgmt command the flags will not yet have
869 * their final values, so check for this first.
870 */
871 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
872 if (cmd) {
873 struct mgmt_mode *cp = cmd->param;
874 if (cp->val == 0x01)
875 return LE_AD_GENERAL;
876 else if (cp->val == 0x02)
877 return LE_AD_LIMITED;
878 } else {
879 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
880 return LE_AD_LIMITED;
881 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
882 return LE_AD_GENERAL;
883 }
884
885 return 0;
886}
887
888bool mgmt_get_connectable(struct hci_dev *hdev)
889{
890 struct mgmt_pending_cmd *cmd;
891
892 /* If there's a pending mgmt command the flag will not yet have
893 * it's final value, so check for this first.
894 */
895 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
896 if (cmd) {
897 struct mgmt_mode *cp = cmd->param;
898
899 return cp->val;
900 }
901
902 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
903}
904
905static void service_cache_off(struct work_struct *work)
906{
907 struct hci_dev *hdev = container_of(work, struct hci_dev,
908 service_cache.work);
909 struct hci_request req;
910
911 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
912 return;
913
914 hci_req_init(&req, hdev);
915
916 hci_dev_lock(hdev);
917
918 __hci_req_update_eir(&req);
919 __hci_req_update_class(&req);
920
921 hci_dev_unlock(hdev);
922
923 hci_req_run(&req, NULL);
924}
925
926static void rpa_expired(struct work_struct *work)
927{
928 struct hci_dev *hdev = container_of(work, struct hci_dev,
929 rpa_expired.work);
930 struct hci_request req;
931
932 BT_DBG("");
933
934 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
935
936 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
937 return;
938
939 /* The generation of a new RPA and programming it into the
940 * controller happens in the hci_req_enable_advertising()
941 * function.
942 */
943 hci_req_init(&req, hdev);
944 if (ext_adv_capable(hdev))
945 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
946 else
947 __hci_req_enable_advertising(&req);
948 hci_req_run(&req, NULL);
949}
950
951static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
952{
953 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
954 return;
955
956 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
957 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
958
959 /* Non-mgmt controlled devices get this bit set
960 * implicitly so that pairing works for them, however
961 * for mgmt we require user-space to explicitly enable
962 * it
963 */
964 hci_dev_clear_flag(hdev, HCI_BONDABLE);
965}
966
967static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
968 void *data, u16 data_len)
969{
970 struct mgmt_rp_read_info rp;
971
972 BT_DBG("sock %p %s", sk, hdev->name);
973
974 hci_dev_lock(hdev);
975
976 memset(&rp, 0, sizeof(rp));
977
978 bacpy(&rp.bdaddr, &hdev->bdaddr);
979
980 rp.version = hdev->hci_ver;
981 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
982
983 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
984 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
985
986 memcpy(rp.dev_class, hdev->dev_class, 3);
987
988 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
989 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
990
991 hci_dev_unlock(hdev);
992
993 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
994 sizeof(rp));
995}
996
997static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
998{
999 u16 eir_len = 0;
1000 size_t name_len;
1001
1002 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1003 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1004 hdev->dev_class, 3);
1005
1006 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1007 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1008 hdev->appearance);
1009
1010 name_len = strlen(hdev->dev_name);
1011 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1012 hdev->dev_name, name_len);
1013
1014 name_len = strlen(hdev->short_name);
1015 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1016 hdev->short_name, name_len);
1017
1018 return eir_len;
1019}
1020
1021static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1022 void *data, u16 data_len)
1023{
1024 char buf[512];
1025 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1026 u16 eir_len;
1027
1028 BT_DBG("sock %p %s", sk, hdev->name);
1029
1030 memset(&buf, 0, sizeof(buf));
1031
1032 hci_dev_lock(hdev);
1033
1034 bacpy(&rp->bdaddr, &hdev->bdaddr);
1035
1036 rp->version = hdev->hci_ver;
1037 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1038
1039 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1040 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1041
1042
1043 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1044 rp->eir_len = cpu_to_le16(eir_len);
1045
1046 hci_dev_unlock(hdev);
1047
1048 /* If this command is called at least once, then the events
1049 * for class of device and local name changes are disabled
1050 * and only the new extended controller information event
1051 * is used.
1052 */
1053 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1055 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1056
1057 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1058 sizeof(*rp) + eir_len);
1059}
1060
1061static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1062{
1063 char buf[512];
1064 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1065 u16 eir_len;
1066
1067 memset(buf, 0, sizeof(buf));
1068
1069 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1070 ev->eir_len = cpu_to_le16(eir_len);
1071
1072 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1073 sizeof(*ev) + eir_len,
1074 HCI_MGMT_EXT_INFO_EVENTS, skip);
1075}
1076
1077static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1078{
1079 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1080
1081 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1082 sizeof(settings));
1083}
1084
1085static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1086{
1087 BT_DBG("%s status 0x%02x", hdev->name, status);
1088
1089 if (hci_conn_count(hdev) == 0) {
1090 cancel_delayed_work(&hdev->power_off);
1091 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1092 }
1093}
1094
1095void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1096{
1097 struct mgmt_ev_advertising_added ev;
1098
1099 ev.instance = instance;
1100
1101 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1102}
1103
1104void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1105 u8 instance)
1106{
1107 struct mgmt_ev_advertising_removed ev;
1108
1109 ev.instance = instance;
1110
1111 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1112}
1113
1114static void cancel_adv_timeout(struct hci_dev *hdev)
1115{
1116 if (hdev->adv_instance_timeout) {
1117 hdev->adv_instance_timeout = 0;
1118 cancel_delayed_work(&hdev->adv_instance_expire);
1119 }
1120}
1121
1122static int clean_up_hci_state(struct hci_dev *hdev)
1123{
1124 struct hci_request req;
1125 struct hci_conn *conn;
1126 bool discov_stopped;
1127 int err;
1128
1129 hci_req_init(&req, hdev);
1130
1131 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1132 test_bit(HCI_PSCAN, &hdev->flags)) {
1133 u8 scan = 0x00;
1134 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1135 }
1136
1137 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1138
1139 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1140 __hci_req_disable_advertising(&req);
1141
1142 discov_stopped = hci_req_stop_discovery(&req);
1143
1144 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1145 /* 0x15 == Terminated due to Power Off */
1146 __hci_abort_conn(&req, conn, 0x15);
1147 }
1148
1149 err = hci_req_run(&req, clean_up_hci_complete);
1150 if (!err && discov_stopped)
1151 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1152
1153 return err;
1154}
1155
1156static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1157 u16 len)
1158{
1159 struct mgmt_mode *cp = data;
1160 struct mgmt_pending_cmd *cmd;
1161 int err;
1162
1163 BT_DBG("request for %s", hdev->name);
1164
1165 if (cp->val != 0x00 && cp->val != 0x01)
1166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1167 MGMT_STATUS_INVALID_PARAMS);
1168
1169 hci_dev_lock(hdev);
1170
1171 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1172 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1173 MGMT_STATUS_BUSY);
1174 goto failed;
1175 }
1176
1177 if (!!cp->val == hdev_is_powered(hdev)) {
1178 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1179 goto failed;
1180 }
1181
1182 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1183 if (!cmd) {
1184 err = -ENOMEM;
1185 goto failed;
1186 }
1187
1188 if (cp->val) {
1189 queue_work(hdev->req_workqueue, &hdev->power_on);
1190 err = 0;
1191 } else {
1192 /* Disconnect connections, stop scans, etc */
1193 err = clean_up_hci_state(hdev);
1194 if (!err)
1195 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1196 HCI_POWER_OFF_TIMEOUT);
1197
1198 /* ENODATA means there were no HCI commands queued */
1199 if (err == -ENODATA) {
1200 cancel_delayed_work(&hdev->power_off);
1201 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1202 err = 0;
1203 }
1204 }
1205
1206failed:
1207 hci_dev_unlock(hdev);
1208 return err;
1209}
1210
1211static int new_settings(struct hci_dev *hdev, struct sock *skip)
1212{
1213 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1214
1215 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1216 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1217}
1218
1219int mgmt_new_settings(struct hci_dev *hdev)
1220{
1221 return new_settings(hdev, NULL);
1222}
1223
1224struct cmd_lookup {
1225 struct sock *sk;
1226 struct hci_dev *hdev;
1227 u8 mgmt_status;
1228};
1229
1230static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1231{
1232 struct cmd_lookup *match = data;
1233
1234 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1235
1236 list_del(&cmd->list);
1237
1238 if (match->sk == NULL) {
1239 match->sk = cmd->sk;
1240 sock_hold(match->sk);
1241 }
1242
1243 mgmt_pending_free(cmd);
1244}
1245
1246static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1247{
1248 u8 *status = data;
1249
1250 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1251 mgmt_pending_remove(cmd);
1252}
1253
1254static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1255{
1256 if (cmd->cmd_complete) {
1257 u8 *status = data;
1258
1259 cmd->cmd_complete(cmd, *status);
1260 mgmt_pending_remove(cmd);
1261
1262 return;
1263 }
1264
1265 cmd_status_rsp(cmd, data);
1266}
1267
1268static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1269{
1270 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1271 cmd->param, cmd->param_len);
1272}
1273
1274static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1275{
1276 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1277 cmd->param, sizeof(struct mgmt_addr_info));
1278}
1279
1280static u8 mgmt_bredr_support(struct hci_dev *hdev)
1281{
1282 if (!lmp_bredr_capable(hdev))
1283 return MGMT_STATUS_NOT_SUPPORTED;
1284 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1285 return MGMT_STATUS_REJECTED;
1286 else
1287 return MGMT_STATUS_SUCCESS;
1288}
1289
1290static u8 mgmt_le_support(struct hci_dev *hdev)
1291{
1292 if (!lmp_le_capable(hdev))
1293 return MGMT_STATUS_NOT_SUPPORTED;
1294 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1295 return MGMT_STATUS_REJECTED;
1296 else
1297 return MGMT_STATUS_SUCCESS;
1298}
1299
1300void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1301{
1302 struct mgmt_pending_cmd *cmd;
1303
1304 BT_DBG("status 0x%02x", status);
1305
1306 hci_dev_lock(hdev);
1307
1308 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1309 if (!cmd)
1310 goto unlock;
1311
1312 if (status) {
1313 u8 mgmt_err = mgmt_status(status);
1314 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1315 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1316 goto remove_cmd;
1317 }
1318
1319 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1320 hdev->discov_timeout > 0) {
1321 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1322 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1323 }
1324
1325 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1326 new_settings(hdev, cmd->sk);
1327
1328remove_cmd:
1329 mgmt_pending_remove(cmd);
1330
1331unlock:
1332 hci_dev_unlock(hdev);
1333}
1334
1335static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1336 u16 len)
1337{
1338 struct mgmt_cp_set_discoverable *cp = data;
1339 struct mgmt_pending_cmd *cmd;
1340 u16 timeout;
1341 int err;
1342
1343 BT_DBG("request for %s", hdev->name);
1344
1345 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1346 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1347 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1348 MGMT_STATUS_REJECTED);
1349
1350 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1352 MGMT_STATUS_INVALID_PARAMS);
1353
1354 timeout = __le16_to_cpu(cp->timeout);
1355
1356 /* Disabling discoverable requires that no timeout is set,
1357 * and enabling limited discoverable requires a timeout.
1358 */
1359 if ((cp->val == 0x00 && timeout > 0) ||
1360 (cp->val == 0x02 && timeout == 0))
1361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1362 MGMT_STATUS_INVALID_PARAMS);
1363
1364 hci_dev_lock(hdev);
1365
1366 if (!hdev_is_powered(hdev) && timeout > 0) {
1367 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1368 MGMT_STATUS_NOT_POWERED);
1369 goto failed;
1370 }
1371
1372 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1373 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1375 MGMT_STATUS_BUSY);
1376 goto failed;
1377 }
1378
1379 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1380 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1381 MGMT_STATUS_REJECTED);
1382 goto failed;
1383 }
1384
1385 if (!hdev_is_powered(hdev)) {
1386 bool changed = false;
1387
1388 /* Setting limited discoverable when powered off is
1389 * not a valid operation since it requires a timeout
1390 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1391 */
1392 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1393 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1394 changed = true;
1395 }
1396
1397 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1398 if (err < 0)
1399 goto failed;
1400
1401 if (changed)
1402 err = new_settings(hdev, sk);
1403
1404 goto failed;
1405 }
1406
1407 /* If the current mode is the same, then just update the timeout
1408 * value with the new value. And if only the timeout gets updated,
1409 * then no need for any HCI transactions.
1410 */
1411 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1412 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1413 HCI_LIMITED_DISCOVERABLE)) {
1414 cancel_delayed_work(&hdev->discov_off);
1415 hdev->discov_timeout = timeout;
1416
1417 if (cp->val && hdev->discov_timeout > 0) {
1418 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1419 queue_delayed_work(hdev->req_workqueue,
1420 &hdev->discov_off, to);
1421 }
1422
1423 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1424 goto failed;
1425 }
1426
1427 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1428 if (!cmd) {
1429 err = -ENOMEM;
1430 goto failed;
1431 }
1432
1433 /* Cancel any potential discoverable timeout that might be
1434 * still active and store new timeout value. The arming of
1435 * the timeout happens in the complete handler.
1436 */
1437 cancel_delayed_work(&hdev->discov_off);
1438 hdev->discov_timeout = timeout;
1439
1440 if (cp->val)
1441 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1442 else
1443 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1444
1445 /* Limited discoverable mode */
1446 if (cp->val == 0x02)
1447 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1448 else
1449 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1450
1451 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1452 err = 0;
1453
1454failed:
1455 hci_dev_unlock(hdev);
1456 return err;
1457}
1458
1459void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1460{
1461 struct mgmt_pending_cmd *cmd;
1462
1463 BT_DBG("status 0x%02x", status);
1464
1465 hci_dev_lock(hdev);
1466
1467 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1468 if (!cmd)
1469 goto unlock;
1470
1471 if (status) {
1472 u8 mgmt_err = mgmt_status(status);
1473 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1474 goto remove_cmd;
1475 }
1476
1477 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1478 new_settings(hdev, cmd->sk);
1479
1480remove_cmd:
1481 mgmt_pending_remove(cmd);
1482
1483unlock:
1484 hci_dev_unlock(hdev);
1485}
1486
1487static int set_connectable_update_settings(struct hci_dev *hdev,
1488 struct sock *sk, u8 val)
1489{
1490 bool changed = false;
1491 int err;
1492
1493 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1494 changed = true;
1495
1496 if (val) {
1497 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1498 } else {
1499 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1500 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1501 }
1502
1503 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1504 if (err < 0)
1505 return err;
1506
1507 if (changed) {
1508 hci_req_update_scan(hdev);
1509 hci_update_background_scan(hdev);
1510 return new_settings(hdev, sk);
1511 }
1512
1513 return 0;
1514}
1515
1516static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1517 u16 len)
1518{
1519 struct mgmt_mode *cp = data;
1520 struct mgmt_pending_cmd *cmd;
1521 int err;
1522
1523 BT_DBG("request for %s", hdev->name);
1524
1525 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1526 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1528 MGMT_STATUS_REJECTED);
1529
1530 if (cp->val != 0x00 && cp->val != 0x01)
1531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1532 MGMT_STATUS_INVALID_PARAMS);
1533
1534 hci_dev_lock(hdev);
1535
1536 if (!hdev_is_powered(hdev)) {
1537 err = set_connectable_update_settings(hdev, sk, cp->val);
1538 goto failed;
1539 }
1540
1541 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1542 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1543 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1544 MGMT_STATUS_BUSY);
1545 goto failed;
1546 }
1547
1548 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1549 if (!cmd) {
1550 err = -ENOMEM;
1551 goto failed;
1552 }
1553
1554 if (cp->val) {
1555 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1556 } else {
1557 if (hdev->discov_timeout > 0)
1558 cancel_delayed_work(&hdev->discov_off);
1559
1560 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1562 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1563 }
1564
1565 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1566 err = 0;
1567
1568failed:
1569 hci_dev_unlock(hdev);
1570 return err;
1571}
1572
1573static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1574 u16 len)
1575{
1576 struct mgmt_mode *cp = data;
1577 bool changed;
1578 int err;
1579
1580 BT_DBG("request for %s", hdev->name);
1581
1582 if (cp->val != 0x00 && cp->val != 0x01)
1583 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1584 MGMT_STATUS_INVALID_PARAMS);
1585
1586 hci_dev_lock(hdev);
1587
1588 if (cp->val)
1589 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1590 else
1591 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1592
1593 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1594 if (err < 0)
1595 goto unlock;
1596
1597 if (changed) {
1598 /* In limited privacy mode the change of bondable mode
1599 * may affect the local advertising address.
1600 */
1601 if (hdev_is_powered(hdev) &&
1602 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1603 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1604 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1605 queue_work(hdev->req_workqueue,
1606 &hdev->discoverable_update);
1607
1608 err = new_settings(hdev, sk);
1609 }
1610
1611unlock:
1612 hci_dev_unlock(hdev);
1613 return err;
1614}
1615
1616static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1617 u16 len)
1618{
1619 struct mgmt_mode *cp = data;
1620 struct mgmt_pending_cmd *cmd;
1621 u8 val, status;
1622 int err;
1623
1624 BT_DBG("request for %s", hdev->name);
1625
1626 status = mgmt_bredr_support(hdev);
1627 if (status)
1628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1629 status);
1630
1631 if (cp->val != 0x00 && cp->val != 0x01)
1632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1633 MGMT_STATUS_INVALID_PARAMS);
1634
1635 hci_dev_lock(hdev);
1636
1637 if (!hdev_is_powered(hdev)) {
1638 bool changed = false;
1639
1640 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1641 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1642 changed = true;
1643 }
1644
1645 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1646 if (err < 0)
1647 goto failed;
1648
1649 if (changed)
1650 err = new_settings(hdev, sk);
1651
1652 goto failed;
1653 }
1654
1655 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1657 MGMT_STATUS_BUSY);
1658 goto failed;
1659 }
1660
1661 val = !!cp->val;
1662
1663 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1664 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1665 goto failed;
1666 }
1667
1668 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1669 if (!cmd) {
1670 err = -ENOMEM;
1671 goto failed;
1672 }
1673
1674 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1675 if (err < 0) {
1676 mgmt_pending_remove(cmd);
1677 goto failed;
1678 }
1679
1680failed:
1681 hci_dev_unlock(hdev);
1682 return err;
1683}
1684
1685static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1686{
1687 struct mgmt_mode *cp = data;
1688 struct mgmt_pending_cmd *cmd;
1689 u8 status;
1690 int err;
1691
1692 BT_DBG("request for %s", hdev->name);
1693
1694 status = mgmt_bredr_support(hdev);
1695 if (status)
1696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1697
1698 if (!lmp_ssp_capable(hdev))
1699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1700 MGMT_STATUS_NOT_SUPPORTED);
1701
1702 if (cp->val != 0x00 && cp->val != 0x01)
1703 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1704 MGMT_STATUS_INVALID_PARAMS);
1705
1706 hci_dev_lock(hdev);
1707
1708 if (!hdev_is_powered(hdev)) {
1709 bool changed;
1710
1711 if (cp->val) {
1712 changed = !hci_dev_test_and_set_flag(hdev,
1713 HCI_SSP_ENABLED);
1714 } else {
1715 changed = hci_dev_test_and_clear_flag(hdev,
1716 HCI_SSP_ENABLED);
1717 if (!changed)
1718 changed = hci_dev_test_and_clear_flag(hdev,
1719 HCI_HS_ENABLED);
1720 else
1721 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1722 }
1723
1724 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1725 if (err < 0)
1726 goto failed;
1727
1728 if (changed)
1729 err = new_settings(hdev, sk);
1730
1731 goto failed;
1732 }
1733
1734 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1736 MGMT_STATUS_BUSY);
1737 goto failed;
1738 }
1739
1740 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1741 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1742 goto failed;
1743 }
1744
1745 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1746 if (!cmd) {
1747 err = -ENOMEM;
1748 goto failed;
1749 }
1750
1751 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1752 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1753 sizeof(cp->val), &cp->val);
1754
1755 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1756 if (err < 0) {
1757 mgmt_pending_remove(cmd);
1758 goto failed;
1759 }
1760
1761failed:
1762 hci_dev_unlock(hdev);
1763 return err;
1764}
1765
1766static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1767{
1768 struct mgmt_mode *cp = data;
1769 bool changed;
1770 u8 status;
1771 int err;
1772
1773 BT_DBG("request for %s", hdev->name);
1774
1775 status = mgmt_bredr_support(hdev);
1776 if (status)
1777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1778
1779 if (!lmp_ssp_capable(hdev))
1780 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1781 MGMT_STATUS_NOT_SUPPORTED);
1782
1783 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1784 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1785 MGMT_STATUS_REJECTED);
1786
1787 if (cp->val != 0x00 && cp->val != 0x01)
1788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1789 MGMT_STATUS_INVALID_PARAMS);
1790
1791 hci_dev_lock(hdev);
1792
1793 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1794 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1795 MGMT_STATUS_BUSY);
1796 goto unlock;
1797 }
1798
1799 if (cp->val) {
1800 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1801 } else {
1802 if (hdev_is_powered(hdev)) {
1803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1804 MGMT_STATUS_REJECTED);
1805 goto unlock;
1806 }
1807
1808 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1809 }
1810
1811 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1812 if (err < 0)
1813 goto unlock;
1814
1815 if (changed)
1816 err = new_settings(hdev, sk);
1817
1818unlock:
1819 hci_dev_unlock(hdev);
1820 return err;
1821}
1822
1823static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1824{
1825 struct cmd_lookup match = { NULL, hdev };
1826
1827 hci_dev_lock(hdev);
1828
1829 if (status) {
1830 u8 mgmt_err = mgmt_status(status);
1831
1832 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1833 &mgmt_err);
1834 goto unlock;
1835 }
1836
1837 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1838
1839 new_settings(hdev, match.sk);
1840
1841 if (match.sk)
1842 sock_put(match.sk);
1843
1844 /* Make sure the controller has a good default for
1845 * advertising data. Restrict the update to when LE
1846 * has actually been enabled. During power on, the
1847 * update in powered_update_hci will take care of it.
1848 */
1849 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1850 struct hci_request req;
1851 hci_req_init(&req, hdev);
1852 if (ext_adv_capable(hdev)) {
1853 int err;
1854
1855 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1856 if (!err)
1857 __hci_req_update_scan_rsp_data(&req, 0x00);
1858 } else {
1859 __hci_req_update_adv_data(&req, 0x00);
1860 __hci_req_update_scan_rsp_data(&req, 0x00);
1861 }
1862 hci_req_run(&req, NULL);
1863 hci_update_background_scan(hdev);
1864 }
1865
1866unlock:
1867 hci_dev_unlock(hdev);
1868}
1869
1870static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1871{
1872 struct mgmt_mode *cp = data;
1873 struct hci_cp_write_le_host_supported hci_cp;
1874 struct mgmt_pending_cmd *cmd;
1875 struct hci_request req;
1876 int err;
1877 u8 val, enabled;
1878
1879 BT_DBG("request for %s", hdev->name);
1880
1881 if (!lmp_le_capable(hdev))
1882 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1883 MGMT_STATUS_NOT_SUPPORTED);
1884
1885 if (cp->val != 0x00 && cp->val != 0x01)
1886 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1887 MGMT_STATUS_INVALID_PARAMS);
1888
1889 /* Bluetooth single mode LE only controllers or dual-mode
1890 * controllers configured as LE only devices, do not allow
1891 * switching LE off. These have either LE enabled explicitly
1892 * or BR/EDR has been previously switched off.
1893 *
1894 * When trying to enable an already enabled LE, then gracefully
1895 * send a positive response. Trying to disable it however will
1896 * result into rejection.
1897 */
1898 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1899 if (cp->val == 0x01)
1900 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1901
1902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1903 MGMT_STATUS_REJECTED);
1904 }
1905
1906 hci_dev_lock(hdev);
1907
1908 val = !!cp->val;
1909 enabled = lmp_host_le_capable(hdev);
1910
1911 if (!val)
1912 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1913
1914 if (!hdev_is_powered(hdev) || val == enabled) {
1915 bool changed = false;
1916
1917 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1918 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1919 changed = true;
1920 }
1921
1922 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1923 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1924 changed = true;
1925 }
1926
1927 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1928 if (err < 0)
1929 goto unlock;
1930
1931 if (changed)
1932 err = new_settings(hdev, sk);
1933
1934 goto unlock;
1935 }
1936
1937 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1938 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1939 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1940 MGMT_STATUS_BUSY);
1941 goto unlock;
1942 }
1943
1944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1945 if (!cmd) {
1946 err = -ENOMEM;
1947 goto unlock;
1948 }
1949
1950 hci_req_init(&req, hdev);
1951
1952 memset(&hci_cp, 0, sizeof(hci_cp));
1953
1954 if (val) {
1955 hci_cp.le = val;
1956 hci_cp.simul = 0x00;
1957 } else {
1958 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1959 __hci_req_disable_advertising(&req);
1960
1961 if (ext_adv_capable(hdev))
1962 __hci_req_clear_ext_adv_sets(&req);
1963 }
1964
1965 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1966 &hci_cp);
1967
1968 err = hci_req_run(&req, le_enable_complete);
1969 if (err < 0)
1970 mgmt_pending_remove(cmd);
1971
1972unlock:
1973 hci_dev_unlock(hdev);
1974 return err;
1975}
1976
1977/* This is a helper function to test for pending mgmt commands that can
1978 * cause CoD or EIR HCI commands. We can only allow one such pending
1979 * mgmt command at a time since otherwise we cannot easily track what
1980 * the current values are, will be, and based on that calculate if a new
1981 * HCI command needs to be sent and if yes with what value.
1982 */
1983static bool pending_eir_or_class(struct hci_dev *hdev)
1984{
1985 struct mgmt_pending_cmd *cmd;
1986
1987 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1988 switch (cmd->opcode) {
1989 case MGMT_OP_ADD_UUID:
1990 case MGMT_OP_REMOVE_UUID:
1991 case MGMT_OP_SET_DEV_CLASS:
1992 case MGMT_OP_SET_POWERED:
1993 return true;
1994 }
1995 }
1996
1997 return false;
1998}
1999
2000static const u8 bluetooth_base_uuid[] = {
2001 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2002 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2003};
2004
2005static u8 get_uuid_size(const u8 *uuid)
2006{
2007 u32 val;
2008
2009 if (memcmp(uuid, bluetooth_base_uuid, 12))
2010 return 128;
2011
2012 val = get_unaligned_le32(&uuid[12]);
2013 if (val > 0xffff)
2014 return 32;
2015
2016 return 16;
2017}
2018
2019static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2020{
2021 struct mgmt_pending_cmd *cmd;
2022
2023 hci_dev_lock(hdev);
2024
2025 cmd = pending_find(mgmt_op, hdev);
2026 if (!cmd)
2027 goto unlock;
2028
2029 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2030 mgmt_status(status), hdev->dev_class, 3);
2031
2032 mgmt_pending_remove(cmd);
2033
2034unlock:
2035 hci_dev_unlock(hdev);
2036}
2037
2038static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2039{
2040 BT_DBG("status 0x%02x", status);
2041
2042 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2043}
2044
2045static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2046{
2047 struct mgmt_cp_add_uuid *cp = data;
2048 struct mgmt_pending_cmd *cmd;
2049 struct hci_request req;
2050 struct bt_uuid *uuid;
2051 int err;
2052
2053 BT_DBG("request for %s", hdev->name);
2054
2055 hci_dev_lock(hdev);
2056
2057 if (pending_eir_or_class(hdev)) {
2058 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2059 MGMT_STATUS_BUSY);
2060 goto failed;
2061 }
2062
2063 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2064 if (!uuid) {
2065 err = -ENOMEM;
2066 goto failed;
2067 }
2068
2069 memcpy(uuid->uuid, cp->uuid, 16);
2070 uuid->svc_hint = cp->svc_hint;
2071 uuid->size = get_uuid_size(cp->uuid);
2072
2073 list_add_tail(&uuid->list, &hdev->uuids);
2074
2075 hci_req_init(&req, hdev);
2076
2077 __hci_req_update_class(&req);
2078 __hci_req_update_eir(&req);
2079
2080 err = hci_req_run(&req, add_uuid_complete);
2081 if (err < 0) {
2082 if (err != -ENODATA)
2083 goto failed;
2084
2085 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2086 hdev->dev_class, 3);
2087 goto failed;
2088 }
2089
2090 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2091 if (!cmd) {
2092 err = -ENOMEM;
2093 goto failed;
2094 }
2095
2096 err = 0;
2097
2098failed:
2099 hci_dev_unlock(hdev);
2100 return err;
2101}
2102
2103static bool enable_service_cache(struct hci_dev *hdev)
2104{
2105 if (!hdev_is_powered(hdev))
2106 return false;
2107
2108 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2109 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2110 CACHE_TIMEOUT);
2111 return true;
2112 }
2113
2114 return false;
2115}
2116
2117static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2118{
2119 BT_DBG("status 0x%02x", status);
2120
2121 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2122}
2123
2124static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2125 u16 len)
2126{
2127 struct mgmt_cp_remove_uuid *cp = data;
2128 struct mgmt_pending_cmd *cmd;
2129 struct bt_uuid *match, *tmp;
2130 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2131 struct hci_request req;
2132 int err, found;
2133
2134 BT_DBG("request for %s", hdev->name);
2135
2136 hci_dev_lock(hdev);
2137
2138 if (pending_eir_or_class(hdev)) {
2139 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2140 MGMT_STATUS_BUSY);
2141 goto unlock;
2142 }
2143
2144 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2145 hci_uuids_clear(hdev);
2146
2147 if (enable_service_cache(hdev)) {
2148 err = mgmt_cmd_complete(sk, hdev->id,
2149 MGMT_OP_REMOVE_UUID,
2150 0, hdev->dev_class, 3);
2151 goto unlock;
2152 }
2153
2154 goto update_class;
2155 }
2156
2157 found = 0;
2158
2159 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2160 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2161 continue;
2162
2163 list_del(&match->list);
2164 kfree(match);
2165 found++;
2166 }
2167
2168 if (found == 0) {
2169 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2170 MGMT_STATUS_INVALID_PARAMS);
2171 goto unlock;
2172 }
2173
2174update_class:
2175 hci_req_init(&req, hdev);
2176
2177 __hci_req_update_class(&req);
2178 __hci_req_update_eir(&req);
2179
2180 err = hci_req_run(&req, remove_uuid_complete);
2181 if (err < 0) {
2182 if (err != -ENODATA)
2183 goto unlock;
2184
2185 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2186 hdev->dev_class, 3);
2187 goto unlock;
2188 }
2189
2190 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2191 if (!cmd) {
2192 err = -ENOMEM;
2193 goto unlock;
2194 }
2195
2196 err = 0;
2197
2198unlock:
2199 hci_dev_unlock(hdev);
2200 return err;
2201}
2202
2203static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2204{
2205 BT_DBG("status 0x%02x", status);
2206
2207 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2208}
2209
2210static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2211 u16 len)
2212{
2213 struct mgmt_cp_set_dev_class *cp = data;
2214 struct mgmt_pending_cmd *cmd;
2215 struct hci_request req;
2216 int err;
2217
2218 BT_DBG("request for %s", hdev->name);
2219
2220 if (!lmp_bredr_capable(hdev))
2221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2222 MGMT_STATUS_NOT_SUPPORTED);
2223
2224 hci_dev_lock(hdev);
2225
2226 if (pending_eir_or_class(hdev)) {
2227 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2228 MGMT_STATUS_BUSY);
2229 goto unlock;
2230 }
2231
2232 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2233 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2234 MGMT_STATUS_INVALID_PARAMS);
2235 goto unlock;
2236 }
2237
2238 hdev->major_class = cp->major;
2239 hdev->minor_class = cp->minor;
2240
2241 if (!hdev_is_powered(hdev)) {
2242 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2243 hdev->dev_class, 3);
2244 goto unlock;
2245 }
2246
2247 hci_req_init(&req, hdev);
2248
2249 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2250 hci_dev_unlock(hdev);
2251 cancel_delayed_work_sync(&hdev->service_cache);
2252 hci_dev_lock(hdev);
2253 __hci_req_update_eir(&req);
2254 }
2255
2256 __hci_req_update_class(&req);
2257
2258 err = hci_req_run(&req, set_class_complete);
2259 if (err < 0) {
2260 if (err != -ENODATA)
2261 goto unlock;
2262
2263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2264 hdev->dev_class, 3);
2265 goto unlock;
2266 }
2267
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2269 if (!cmd) {
2270 err = -ENOMEM;
2271 goto unlock;
2272 }
2273
2274 err = 0;
2275
2276unlock:
2277 hci_dev_unlock(hdev);
2278 return err;
2279}
2280
2281static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2282 u16 len)
2283{
2284 struct mgmt_cp_load_link_keys *cp = data;
2285 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2286 sizeof(struct mgmt_link_key_info));
2287 u16 key_count, expected_len;
2288 bool changed;
2289 int i;
2290
2291 BT_DBG("request for %s", hdev->name);
2292
2293 if (!lmp_bredr_capable(hdev))
2294 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2295 MGMT_STATUS_NOT_SUPPORTED);
2296
2297 key_count = __le16_to_cpu(cp->key_count);
2298 if (key_count > max_key_count) {
2299 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2300 key_count);
2301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2302 MGMT_STATUS_INVALID_PARAMS);
2303 }
2304
2305 expected_len = struct_size(cp, keys, key_count);
2306 if (expected_len != len) {
2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2308 expected_len, len);
2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2310 MGMT_STATUS_INVALID_PARAMS);
2311 }
2312
2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2315 MGMT_STATUS_INVALID_PARAMS);
2316
2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2318 key_count);
2319
2320 for (i = 0; i < key_count; i++) {
2321 struct mgmt_link_key_info *key = &cp->keys[i];
2322
2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2324 return mgmt_cmd_status(sk, hdev->id,
2325 MGMT_OP_LOAD_LINK_KEYS,
2326 MGMT_STATUS_INVALID_PARAMS);
2327 }
2328
2329 hci_dev_lock(hdev);
2330
2331 hci_link_keys_clear(hdev);
2332
2333 if (cp->debug_keys)
2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2335 else
2336 changed = hci_dev_test_and_clear_flag(hdev,
2337 HCI_KEEP_DEBUG_KEYS);
2338
2339 if (changed)
2340 new_settings(hdev, NULL);
2341
2342 for (i = 0; i < key_count; i++) {
2343 struct mgmt_link_key_info *key = &cp->keys[i];
2344
2345 if (hci_is_blocked_key(hdev,
2346 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2347 key->val)) {
2348 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2349 &key->addr.bdaddr);
2350 continue;
2351 }
2352
2353 /* Always ignore debug keys and require a new pairing if
2354 * the user wants to use them.
2355 */
2356 if (key->type == HCI_LK_DEBUG_COMBINATION)
2357 continue;
2358
2359 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2360 key->type, key->pin_len, NULL);
2361 }
2362
2363 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2364
2365 hci_dev_unlock(hdev);
2366
2367 return 0;
2368}
2369
2370static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2371 u8 addr_type, struct sock *skip_sk)
2372{
2373 struct mgmt_ev_device_unpaired ev;
2374
2375 bacpy(&ev.addr.bdaddr, bdaddr);
2376 ev.addr.type = addr_type;
2377
2378 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2379 skip_sk);
2380}
2381
2382static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2383 u16 len)
2384{
2385 struct mgmt_cp_unpair_device *cp = data;
2386 struct mgmt_rp_unpair_device rp;
2387 struct hci_conn_params *params;
2388 struct mgmt_pending_cmd *cmd;
2389 struct hci_conn *conn;
2390 u8 addr_type;
2391 int err;
2392
2393 memset(&rp, 0, sizeof(rp));
2394 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2395 rp.addr.type = cp->addr.type;
2396
2397 if (!bdaddr_type_is_valid(cp->addr.type))
2398 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2399 MGMT_STATUS_INVALID_PARAMS,
2400 &rp, sizeof(rp));
2401
2402 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2403 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2404 MGMT_STATUS_INVALID_PARAMS,
2405 &rp, sizeof(rp));
2406
2407 hci_dev_lock(hdev);
2408
2409 if (!hdev_is_powered(hdev)) {
2410 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2411 MGMT_STATUS_NOT_POWERED, &rp,
2412 sizeof(rp));
2413 goto unlock;
2414 }
2415
2416 if (cp->addr.type == BDADDR_BREDR) {
2417 /* If disconnection is requested, then look up the
2418 * connection. If the remote device is connected, it
2419 * will be later used to terminate the link.
2420 *
2421 * Setting it to NULL explicitly will cause no
2422 * termination of the link.
2423 */
2424 if (cp->disconnect)
2425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2426 &cp->addr.bdaddr);
2427 else
2428 conn = NULL;
2429
2430 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2431 if (err < 0) {
2432 err = mgmt_cmd_complete(sk, hdev->id,
2433 MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_NOT_PAIRED, &rp,
2435 sizeof(rp));
2436 goto unlock;
2437 }
2438
2439 goto done;
2440 }
2441
2442 /* LE address type */
2443 addr_type = le_addr_type(cp->addr.type);
2444
2445 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2446 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2447 if (err < 0) {
2448 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2449 MGMT_STATUS_NOT_PAIRED, &rp,
2450 sizeof(rp));
2451 goto unlock;
2452 }
2453
2454 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2455 if (!conn) {
2456 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2457 goto done;
2458 }
2459
2460
2461 /* Defer clearing up the connection parameters until closing to
2462 * give a chance of keeping them if a repairing happens.
2463 */
2464 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2465
2466 /* Disable auto-connection parameters if present */
2467 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2468 if (params) {
2469 if (params->explicit_connect)
2470 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2471 else
2472 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2473 }
2474
2475 /* If disconnection is not requested, then clear the connection
2476 * variable so that the link is not terminated.
2477 */
2478 if (!cp->disconnect)
2479 conn = NULL;
2480
2481done:
2482 /* If the connection variable is set, then termination of the
2483 * link is requested.
2484 */
2485 if (!conn) {
2486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2487 &rp, sizeof(rp));
2488 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2489 goto unlock;
2490 }
2491
2492 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2493 sizeof(*cp));
2494 if (!cmd) {
2495 err = -ENOMEM;
2496 goto unlock;
2497 }
2498
2499 cmd->cmd_complete = addr_cmd_complete;
2500
2501 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2502 if (err < 0)
2503 mgmt_pending_remove(cmd);
2504
2505unlock:
2506 hci_dev_unlock(hdev);
2507 return err;
2508}
2509
2510static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2511 u16 len)
2512{
2513 struct mgmt_cp_disconnect *cp = data;
2514 struct mgmt_rp_disconnect rp;
2515 struct mgmt_pending_cmd *cmd;
2516 struct hci_conn *conn;
2517 int err;
2518
2519 BT_DBG("");
2520
2521 memset(&rp, 0, sizeof(rp));
2522 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2523 rp.addr.type = cp->addr.type;
2524
2525 if (!bdaddr_type_is_valid(cp->addr.type))
2526 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2527 MGMT_STATUS_INVALID_PARAMS,
2528 &rp, sizeof(rp));
2529
2530 hci_dev_lock(hdev);
2531
2532 if (!test_bit(HCI_UP, &hdev->flags)) {
2533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2534 MGMT_STATUS_NOT_POWERED, &rp,
2535 sizeof(rp));
2536 goto failed;
2537 }
2538
2539 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2541 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2542 goto failed;
2543 }
2544
2545 if (cp->addr.type == BDADDR_BREDR)
2546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2547 &cp->addr.bdaddr);
2548 else
2549 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2550 le_addr_type(cp->addr.type));
2551
2552 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2553 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2554 MGMT_STATUS_NOT_CONNECTED, &rp,
2555 sizeof(rp));
2556 goto failed;
2557 }
2558
2559 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2560 if (!cmd) {
2561 err = -ENOMEM;
2562 goto failed;
2563 }
2564
2565 cmd->cmd_complete = generic_cmd_complete;
2566
2567 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2568 if (err < 0)
2569 mgmt_pending_remove(cmd);
2570
2571failed:
2572 hci_dev_unlock(hdev);
2573 return err;
2574}
2575
2576static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2577{
2578 switch (link_type) {
2579 case LE_LINK:
2580 switch (addr_type) {
2581 case ADDR_LE_DEV_PUBLIC:
2582 return BDADDR_LE_PUBLIC;
2583
2584 default:
2585 /* Fallback to LE Random address type */
2586 return BDADDR_LE_RANDOM;
2587 }
2588
2589 default:
2590 /* Fallback to BR/EDR type */
2591 return BDADDR_BREDR;
2592 }
2593}
2594
2595static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2596 u16 data_len)
2597{
2598 struct mgmt_rp_get_connections *rp;
2599 struct hci_conn *c;
2600 int err;
2601 u16 i;
2602
2603 BT_DBG("");
2604
2605 hci_dev_lock(hdev);
2606
2607 if (!hdev_is_powered(hdev)) {
2608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2609 MGMT_STATUS_NOT_POWERED);
2610 goto unlock;
2611 }
2612
2613 i = 0;
2614 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2615 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2616 i++;
2617 }
2618
2619 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2620 if (!rp) {
2621 err = -ENOMEM;
2622 goto unlock;
2623 }
2624
2625 i = 0;
2626 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2627 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2628 continue;
2629 bacpy(&rp->addr[i].bdaddr, &c->dst);
2630 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2631 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2632 continue;
2633 i++;
2634 }
2635
2636 rp->conn_count = cpu_to_le16(i);
2637
2638 /* Recalculate length in case of filtered SCO connections, etc */
2639 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2640 struct_size(rp, addr, i));
2641
2642 kfree(rp);
2643
2644unlock:
2645 hci_dev_unlock(hdev);
2646 return err;
2647}
2648
2649static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2650 struct mgmt_cp_pin_code_neg_reply *cp)
2651{
2652 struct mgmt_pending_cmd *cmd;
2653 int err;
2654
2655 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2656 sizeof(*cp));
2657 if (!cmd)
2658 return -ENOMEM;
2659
2660 cmd->cmd_complete = addr_cmd_complete;
2661
2662 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2663 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2664 if (err < 0)
2665 mgmt_pending_remove(cmd);
2666
2667 return err;
2668}
2669
2670static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2671 u16 len)
2672{
2673 struct hci_conn *conn;
2674 struct mgmt_cp_pin_code_reply *cp = data;
2675 struct hci_cp_pin_code_reply reply;
2676 struct mgmt_pending_cmd *cmd;
2677 int err;
2678
2679 BT_DBG("");
2680
2681 hci_dev_lock(hdev);
2682
2683 if (!hdev_is_powered(hdev)) {
2684 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2685 MGMT_STATUS_NOT_POWERED);
2686 goto failed;
2687 }
2688
2689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2690 if (!conn) {
2691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2692 MGMT_STATUS_NOT_CONNECTED);
2693 goto failed;
2694 }
2695
2696 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2697 struct mgmt_cp_pin_code_neg_reply ncp;
2698
2699 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2700
2701 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2702
2703 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2704 if (err >= 0)
2705 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2706 MGMT_STATUS_INVALID_PARAMS);
2707
2708 goto failed;
2709 }
2710
2711 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2712 if (!cmd) {
2713 err = -ENOMEM;
2714 goto failed;
2715 }
2716
2717 cmd->cmd_complete = addr_cmd_complete;
2718
2719 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2720 reply.pin_len = cp->pin_len;
2721 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2722
2723 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2724 if (err < 0)
2725 mgmt_pending_remove(cmd);
2726
2727failed:
2728 hci_dev_unlock(hdev);
2729 return err;
2730}
2731
2732static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2733 u16 len)
2734{
2735 struct mgmt_cp_set_io_capability *cp = data;
2736
2737 BT_DBG("");
2738
2739 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2740 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2741 MGMT_STATUS_INVALID_PARAMS);
2742
2743 hci_dev_lock(hdev);
2744
2745 hdev->io_capability = cp->io_capability;
2746
2747 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2748 hdev->io_capability);
2749
2750 hci_dev_unlock(hdev);
2751
2752 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2753 NULL, 0);
2754}
2755
2756static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2757{
2758 struct hci_dev *hdev = conn->hdev;
2759 struct mgmt_pending_cmd *cmd;
2760
2761 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2762 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2763 continue;
2764
2765 if (cmd->user_data != conn)
2766 continue;
2767
2768 return cmd;
2769 }
2770
2771 return NULL;
2772}
2773
2774static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2775{
2776 struct mgmt_rp_pair_device rp;
2777 struct hci_conn *conn = cmd->user_data;
2778 int err;
2779
2780 bacpy(&rp.addr.bdaddr, &conn->dst);
2781 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2782
2783 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2784 status, &rp, sizeof(rp));
2785
2786 /* So we don't get further callbacks for this connection */
2787 conn->connect_cfm_cb = NULL;
2788 conn->security_cfm_cb = NULL;
2789 conn->disconn_cfm_cb = NULL;
2790
2791 hci_conn_drop(conn);
2792
2793 /* The device is paired so there is no need to remove
2794 * its connection parameters anymore.
2795 */
2796 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2797
2798 hci_conn_put(conn);
2799
2800 return err;
2801}
2802
2803void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2804{
2805 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2806 struct mgmt_pending_cmd *cmd;
2807
2808 cmd = find_pairing(conn);
2809 if (cmd) {
2810 cmd->cmd_complete(cmd, status);
2811 mgmt_pending_remove(cmd);
2812 }
2813}
2814
2815static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2816{
2817 struct mgmt_pending_cmd *cmd;
2818
2819 BT_DBG("status %u", status);
2820
2821 cmd = find_pairing(conn);
2822 if (!cmd) {
2823 BT_DBG("Unable to find a pending command");
2824 return;
2825 }
2826
2827 cmd->cmd_complete(cmd, mgmt_status(status));
2828 mgmt_pending_remove(cmd);
2829}
2830
2831static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2832{
2833 struct mgmt_pending_cmd *cmd;
2834
2835 BT_DBG("status %u", status);
2836
2837 if (!status)
2838 return;
2839
2840 cmd = find_pairing(conn);
2841 if (!cmd) {
2842 BT_DBG("Unable to find a pending command");
2843 return;
2844 }
2845
2846 cmd->cmd_complete(cmd, mgmt_status(status));
2847 mgmt_pending_remove(cmd);
2848}
2849
2850static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2851 u16 len)
2852{
2853 struct mgmt_cp_pair_device *cp = data;
2854 struct mgmt_rp_pair_device rp;
2855 struct mgmt_pending_cmd *cmd;
2856 u8 sec_level, auth_type;
2857 struct hci_conn *conn;
2858 int err;
2859
2860 BT_DBG("");
2861
2862 memset(&rp, 0, sizeof(rp));
2863 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2864 rp.addr.type = cp->addr.type;
2865
2866 if (!bdaddr_type_is_valid(cp->addr.type))
2867 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2868 MGMT_STATUS_INVALID_PARAMS,
2869 &rp, sizeof(rp));
2870
2871 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2872 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2873 MGMT_STATUS_INVALID_PARAMS,
2874 &rp, sizeof(rp));
2875
2876 hci_dev_lock(hdev);
2877
2878 if (!hdev_is_powered(hdev)) {
2879 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2880 MGMT_STATUS_NOT_POWERED, &rp,
2881 sizeof(rp));
2882 goto unlock;
2883 }
2884
2885 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2886 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2887 MGMT_STATUS_ALREADY_PAIRED, &rp,
2888 sizeof(rp));
2889 goto unlock;
2890 }
2891
2892 sec_level = BT_SECURITY_MEDIUM;
2893 auth_type = HCI_AT_DEDICATED_BONDING;
2894
2895 if (cp->addr.type == BDADDR_BREDR) {
2896 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2897 auth_type);
2898 } else {
2899 u8 addr_type = le_addr_type(cp->addr.type);
2900 struct hci_conn_params *p;
2901
2902 /* When pairing a new device, it is expected to remember
2903 * this device for future connections. Adding the connection
2904 * parameter information ahead of time allows tracking
2905 * of the slave preferred values and will speed up any
2906 * further connection establishment.
2907 *
2908 * If connection parameters already exist, then they
2909 * will be kept and this function does nothing.
2910 */
2911 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2912
2913 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2914 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2915
2916 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2917 addr_type, sec_level,
2918 HCI_LE_CONN_TIMEOUT);
2919 }
2920
2921 if (IS_ERR(conn)) {
2922 int status;
2923
2924 if (PTR_ERR(conn) == -EBUSY)
2925 status = MGMT_STATUS_BUSY;
2926 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2927 status = MGMT_STATUS_NOT_SUPPORTED;
2928 else if (PTR_ERR(conn) == -ECONNREFUSED)
2929 status = MGMT_STATUS_REJECTED;
2930 else
2931 status = MGMT_STATUS_CONNECT_FAILED;
2932
2933 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2934 status, &rp, sizeof(rp));
2935 goto unlock;
2936 }
2937
2938 if (conn->connect_cfm_cb) {
2939 hci_conn_drop(conn);
2940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2941 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2942 goto unlock;
2943 }
2944
2945 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2946 if (!cmd) {
2947 err = -ENOMEM;
2948 hci_conn_drop(conn);
2949 goto unlock;
2950 }
2951
2952 cmd->cmd_complete = pairing_complete;
2953
2954 /* For LE, just connecting isn't a proof that the pairing finished */
2955 if (cp->addr.type == BDADDR_BREDR) {
2956 conn->connect_cfm_cb = pairing_complete_cb;
2957 conn->security_cfm_cb = pairing_complete_cb;
2958 conn->disconn_cfm_cb = pairing_complete_cb;
2959 } else {
2960 conn->connect_cfm_cb = le_pairing_complete_cb;
2961 conn->security_cfm_cb = le_pairing_complete_cb;
2962 conn->disconn_cfm_cb = le_pairing_complete_cb;
2963 }
2964
2965 conn->io_capability = cp->io_cap;
2966 cmd->user_data = hci_conn_get(conn);
2967
2968 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2969 hci_conn_security(conn, sec_level, auth_type, true)) {
2970 cmd->cmd_complete(cmd, 0);
2971 mgmt_pending_remove(cmd);
2972 }
2973
2974 err = 0;
2975
2976unlock:
2977 hci_dev_unlock(hdev);
2978 return err;
2979}
2980
2981static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2982 u16 len)
2983{
2984 struct mgmt_addr_info *addr = data;
2985 struct mgmt_pending_cmd *cmd;
2986 struct hci_conn *conn;
2987 int err;
2988
2989 BT_DBG("");
2990
2991 hci_dev_lock(hdev);
2992
2993 if (!hdev_is_powered(hdev)) {
2994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2995 MGMT_STATUS_NOT_POWERED);
2996 goto unlock;
2997 }
2998
2999 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3000 if (!cmd) {
3001 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3002 MGMT_STATUS_INVALID_PARAMS);
3003 goto unlock;
3004 }
3005
3006 conn = cmd->user_data;
3007
3008 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3010 MGMT_STATUS_INVALID_PARAMS);
3011 goto unlock;
3012 }
3013
3014 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3015 mgmt_pending_remove(cmd);
3016
3017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3018 addr, sizeof(*addr));
3019unlock:
3020 hci_dev_unlock(hdev);
3021 return err;
3022}
3023
3024static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3025 struct mgmt_addr_info *addr, u16 mgmt_op,
3026 u16 hci_op, __le32 passkey)
3027{
3028 struct mgmt_pending_cmd *cmd;
3029 struct hci_conn *conn;
3030 int err;
3031
3032 hci_dev_lock(hdev);
3033
3034 if (!hdev_is_powered(hdev)) {
3035 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3036 MGMT_STATUS_NOT_POWERED, addr,
3037 sizeof(*addr));
3038 goto done;
3039 }
3040
3041 if (addr->type == BDADDR_BREDR)
3042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3043 else
3044 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3045 le_addr_type(addr->type));
3046
3047 if (!conn) {
3048 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3049 MGMT_STATUS_NOT_CONNECTED, addr,
3050 sizeof(*addr));
3051 goto done;
3052 }
3053
3054 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3055 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3056 if (!err)
3057 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3058 MGMT_STATUS_SUCCESS, addr,
3059 sizeof(*addr));
3060 else
3061 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3062 MGMT_STATUS_FAILED, addr,
3063 sizeof(*addr));
3064
3065 goto done;
3066 }
3067
3068 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3069 if (!cmd) {
3070 err = -ENOMEM;
3071 goto done;
3072 }
3073
3074 cmd->cmd_complete = addr_cmd_complete;
3075
3076 /* Continue with pairing via HCI */
3077 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3078 struct hci_cp_user_passkey_reply cp;
3079
3080 bacpy(&cp.bdaddr, &addr->bdaddr);
3081 cp.passkey = passkey;
3082 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3083 } else
3084 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3085 &addr->bdaddr);
3086
3087 if (err < 0)
3088 mgmt_pending_remove(cmd);
3089
3090done:
3091 hci_dev_unlock(hdev);
3092 return err;
3093}
3094
3095static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3096 void *data, u16 len)
3097{
3098 struct mgmt_cp_pin_code_neg_reply *cp = data;
3099
3100 BT_DBG("");
3101
3102 return user_pairing_resp(sk, hdev, &cp->addr,
3103 MGMT_OP_PIN_CODE_NEG_REPLY,
3104 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3105}
3106
3107static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3108 u16 len)
3109{
3110 struct mgmt_cp_user_confirm_reply *cp = data;
3111
3112 BT_DBG("");
3113
3114 if (len != sizeof(*cp))
3115 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3116 MGMT_STATUS_INVALID_PARAMS);
3117
3118 return user_pairing_resp(sk, hdev, &cp->addr,
3119 MGMT_OP_USER_CONFIRM_REPLY,
3120 HCI_OP_USER_CONFIRM_REPLY, 0);
3121}
3122
3123static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3124 void *data, u16 len)
3125{
3126 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3127
3128 BT_DBG("");
3129
3130 return user_pairing_resp(sk, hdev, &cp->addr,
3131 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3132 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3133}
3134
3135static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3136 u16 len)
3137{
3138 struct mgmt_cp_user_passkey_reply *cp = data;
3139
3140 BT_DBG("");
3141
3142 return user_pairing_resp(sk, hdev, &cp->addr,
3143 MGMT_OP_USER_PASSKEY_REPLY,
3144 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3145}
3146
3147static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3148 void *data, u16 len)
3149{
3150 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3151
3152 BT_DBG("");
3153
3154 return user_pairing_resp(sk, hdev, &cp->addr,
3155 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3156 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3157}
3158
3159static void adv_expire(struct hci_dev *hdev, u32 flags)
3160{
3161 struct adv_info *adv_instance;
3162 struct hci_request req;
3163 int err;
3164
3165 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3166 if (!adv_instance)
3167 return;
3168
3169 /* stop if current instance doesn't need to be changed */
3170 if (!(adv_instance->flags & flags))
3171 return;
3172
3173 cancel_adv_timeout(hdev);
3174
3175 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3176 if (!adv_instance)
3177 return;
3178
3179 hci_req_init(&req, hdev);
3180 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3181 true);
3182 if (err)
3183 return;
3184
3185 hci_req_run(&req, NULL);
3186}
3187
3188static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3189{
3190 struct mgmt_cp_set_local_name *cp;
3191 struct mgmt_pending_cmd *cmd;
3192
3193 BT_DBG("status 0x%02x", status);
3194
3195 hci_dev_lock(hdev);
3196
3197 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3198 if (!cmd)
3199 goto unlock;
3200
3201 cp = cmd->param;
3202
3203 if (status) {
3204 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3205 mgmt_status(status));
3206 } else {
3207 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3208 cp, sizeof(*cp));
3209
3210 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3211 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3212 }
3213
3214 mgmt_pending_remove(cmd);
3215
3216unlock:
3217 hci_dev_unlock(hdev);
3218}
3219
3220static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3221 u16 len)
3222{
3223 struct mgmt_cp_set_local_name *cp = data;
3224 struct mgmt_pending_cmd *cmd;
3225 struct hci_request req;
3226 int err;
3227
3228 BT_DBG("");
3229
3230 hci_dev_lock(hdev);
3231
3232 /* If the old values are the same as the new ones just return a
3233 * direct command complete event.
3234 */
3235 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3236 !memcmp(hdev->short_name, cp->short_name,
3237 sizeof(hdev->short_name))) {
3238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3239 data, len);
3240 goto failed;
3241 }
3242
3243 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3244
3245 if (!hdev_is_powered(hdev)) {
3246 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3247
3248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3249 data, len);
3250 if (err < 0)
3251 goto failed;
3252
3253 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3254 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3255 ext_info_changed(hdev, sk);
3256
3257 goto failed;
3258 }
3259
3260 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3261 if (!cmd) {
3262 err = -ENOMEM;
3263 goto failed;
3264 }
3265
3266 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3267
3268 hci_req_init(&req, hdev);
3269
3270 if (lmp_bredr_capable(hdev)) {
3271 __hci_req_update_name(&req);
3272 __hci_req_update_eir(&req);
3273 }
3274
3275 /* The name is stored in the scan response data and so
3276 * no need to udpate the advertising data here.
3277 */
3278 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3279 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3280
3281 err = hci_req_run(&req, set_name_complete);
3282 if (err < 0)
3283 mgmt_pending_remove(cmd);
3284
3285failed:
3286 hci_dev_unlock(hdev);
3287 return err;
3288}
3289
3290static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3291 u16 len)
3292{
3293 struct mgmt_cp_set_appearance *cp = data;
3294 u16 appearance;
3295 int err;
3296
3297 BT_DBG("");
3298
3299 if (!lmp_le_capable(hdev))
3300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3301 MGMT_STATUS_NOT_SUPPORTED);
3302
3303 appearance = le16_to_cpu(cp->appearance);
3304
3305 hci_dev_lock(hdev);
3306
3307 if (hdev->appearance != appearance) {
3308 hdev->appearance = appearance;
3309
3310 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3311 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3312
3313 ext_info_changed(hdev, sk);
3314 }
3315
3316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3317 0);
3318
3319 hci_dev_unlock(hdev);
3320
3321 return err;
3322}
3323
3324static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3325 void *data, u16 len)
3326{
3327 struct mgmt_rp_get_phy_confguration rp;
3328
3329 BT_DBG("sock %p %s", sk, hdev->name);
3330
3331 hci_dev_lock(hdev);
3332
3333 memset(&rp, 0, sizeof(rp));
3334
3335 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3336 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3337 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3338
3339 hci_dev_unlock(hdev);
3340
3341 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3342 &rp, sizeof(rp));
3343}
3344
3345int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3346{
3347 struct mgmt_ev_phy_configuration_changed ev;
3348
3349 memset(&ev, 0, sizeof(ev));
3350
3351 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3352
3353 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3354 sizeof(ev), skip);
3355}
3356
3357static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3358 u16 opcode, struct sk_buff *skb)
3359{
3360 struct mgmt_pending_cmd *cmd;
3361
3362 BT_DBG("status 0x%02x", status);
3363
3364 hci_dev_lock(hdev);
3365
3366 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3367 if (!cmd)
3368 goto unlock;
3369
3370 if (status) {
3371 mgmt_cmd_status(cmd->sk, hdev->id,
3372 MGMT_OP_SET_PHY_CONFIGURATION,
3373 mgmt_status(status));
3374 } else {
3375 mgmt_cmd_complete(cmd->sk, hdev->id,
3376 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3377 NULL, 0);
3378
3379 mgmt_phy_configuration_changed(hdev, cmd->sk);
3380 }
3381
3382 mgmt_pending_remove(cmd);
3383
3384unlock:
3385 hci_dev_unlock(hdev);
3386}
3387
3388static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3389 void *data, u16 len)
3390{
3391 struct mgmt_cp_set_phy_confguration *cp = data;
3392 struct hci_cp_le_set_default_phy cp_phy;
3393 struct mgmt_pending_cmd *cmd;
3394 struct hci_request req;
3395 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3396 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3397 bool changed = false;
3398 int err;
3399
3400 BT_DBG("sock %p %s", sk, hdev->name);
3401
3402 configurable_phys = get_configurable_phys(hdev);
3403 supported_phys = get_supported_phys(hdev);
3404 selected_phys = __le32_to_cpu(cp->selected_phys);
3405
3406 if (selected_phys & ~supported_phys)
3407 return mgmt_cmd_status(sk, hdev->id,
3408 MGMT_OP_SET_PHY_CONFIGURATION,
3409 MGMT_STATUS_INVALID_PARAMS);
3410
3411 unconfigure_phys = supported_phys & ~configurable_phys;
3412
3413 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3414 return mgmt_cmd_status(sk, hdev->id,
3415 MGMT_OP_SET_PHY_CONFIGURATION,
3416 MGMT_STATUS_INVALID_PARAMS);
3417
3418 if (selected_phys == get_selected_phys(hdev))
3419 return mgmt_cmd_complete(sk, hdev->id,
3420 MGMT_OP_SET_PHY_CONFIGURATION,
3421 0, NULL, 0);
3422
3423 hci_dev_lock(hdev);
3424
3425 if (!hdev_is_powered(hdev)) {
3426 err = mgmt_cmd_status(sk, hdev->id,
3427 MGMT_OP_SET_PHY_CONFIGURATION,
3428 MGMT_STATUS_REJECTED);
3429 goto unlock;
3430 }
3431
3432 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3433 err = mgmt_cmd_status(sk, hdev->id,
3434 MGMT_OP_SET_PHY_CONFIGURATION,
3435 MGMT_STATUS_BUSY);
3436 goto unlock;
3437 }
3438
3439 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3440 pkt_type |= (HCI_DH3 | HCI_DM3);
3441 else
3442 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3443
3444 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3445 pkt_type |= (HCI_DH5 | HCI_DM5);
3446 else
3447 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3448
3449 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3450 pkt_type &= ~HCI_2DH1;
3451 else
3452 pkt_type |= HCI_2DH1;
3453
3454 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3455 pkt_type &= ~HCI_2DH3;
3456 else
3457 pkt_type |= HCI_2DH3;
3458
3459 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3460 pkt_type &= ~HCI_2DH5;
3461 else
3462 pkt_type |= HCI_2DH5;
3463
3464 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3465 pkt_type &= ~HCI_3DH1;
3466 else
3467 pkt_type |= HCI_3DH1;
3468
3469 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3470 pkt_type &= ~HCI_3DH3;
3471 else
3472 pkt_type |= HCI_3DH3;
3473
3474 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3475 pkt_type &= ~HCI_3DH5;
3476 else
3477 pkt_type |= HCI_3DH5;
3478
3479 if (pkt_type != hdev->pkt_type) {
3480 hdev->pkt_type = pkt_type;
3481 changed = true;
3482 }
3483
3484 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3485 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3486 if (changed)
3487 mgmt_phy_configuration_changed(hdev, sk);
3488
3489 err = mgmt_cmd_complete(sk, hdev->id,
3490 MGMT_OP_SET_PHY_CONFIGURATION,
3491 0, NULL, 0);
3492
3493 goto unlock;
3494 }
3495
3496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3497 len);
3498 if (!cmd) {
3499 err = -ENOMEM;
3500 goto unlock;
3501 }
3502
3503 hci_req_init(&req, hdev);
3504
3505 memset(&cp_phy, 0, sizeof(cp_phy));
3506
3507 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3508 cp_phy.all_phys |= 0x01;
3509
3510 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3511 cp_phy.all_phys |= 0x02;
3512
3513 if (selected_phys & MGMT_PHY_LE_1M_TX)
3514 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3515
3516 if (selected_phys & MGMT_PHY_LE_2M_TX)
3517 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3518
3519 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3520 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3521
3522 if (selected_phys & MGMT_PHY_LE_1M_RX)
3523 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3524
3525 if (selected_phys & MGMT_PHY_LE_2M_RX)
3526 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3527
3528 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3529 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3530
3531 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3532
3533 err = hci_req_run_skb(&req, set_default_phy_complete);
3534 if (err < 0)
3535 mgmt_pending_remove(cmd);
3536
3537unlock:
3538 hci_dev_unlock(hdev);
3539
3540 return err;
3541}
3542
3543static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3544 u16 len)
3545{
3546 int err = MGMT_STATUS_SUCCESS;
3547 struct mgmt_cp_set_blocked_keys *keys = data;
3548 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3549 sizeof(struct mgmt_blocked_key_info));
3550 u16 key_count, expected_len;
3551 int i;
3552
3553 BT_DBG("request for %s", hdev->name);
3554
3555 key_count = __le16_to_cpu(keys->key_count);
3556 if (key_count > max_key_count) {
3557 bt_dev_err(hdev, "too big key_count value %u", key_count);
3558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3559 MGMT_STATUS_INVALID_PARAMS);
3560 }
3561
3562 expected_len = struct_size(keys, keys, key_count);
3563 if (expected_len != len) {
3564 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3565 expected_len, len);
3566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3567 MGMT_STATUS_INVALID_PARAMS);
3568 }
3569
3570 hci_dev_lock(hdev);
3571
3572 hci_blocked_keys_clear(hdev);
3573
3574 for (i = 0; i < keys->key_count; ++i) {
3575 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3576
3577 if (!b) {
3578 err = MGMT_STATUS_NO_RESOURCES;
3579 break;
3580 }
3581
3582 b->type = keys->keys[i].type;
3583 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3584 list_add_rcu(&b->list, &hdev->blocked_keys);
3585 }
3586 hci_dev_unlock(hdev);
3587
3588 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3589 err, NULL, 0);
3590}
3591
3592static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3593 u16 opcode, struct sk_buff *skb)
3594{
3595 struct mgmt_rp_read_local_oob_data mgmt_rp;
3596 size_t rp_size = sizeof(mgmt_rp);
3597 struct mgmt_pending_cmd *cmd;
3598
3599 BT_DBG("%s status %u", hdev->name, status);
3600
3601 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3602 if (!cmd)
3603 return;
3604
3605 if (status || !skb) {
3606 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3607 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3608 goto remove;
3609 }
3610
3611 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3612
3613 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3614 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3615
3616 if (skb->len < sizeof(*rp)) {
3617 mgmt_cmd_status(cmd->sk, hdev->id,
3618 MGMT_OP_READ_LOCAL_OOB_DATA,
3619 MGMT_STATUS_FAILED);
3620 goto remove;
3621 }
3622
3623 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3624 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3625
3626 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3627 } else {
3628 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3629
3630 if (skb->len < sizeof(*rp)) {
3631 mgmt_cmd_status(cmd->sk, hdev->id,
3632 MGMT_OP_READ_LOCAL_OOB_DATA,
3633 MGMT_STATUS_FAILED);
3634 goto remove;
3635 }
3636
3637 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3638 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3639
3640 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3641 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3642 }
3643
3644 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3645 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3646
3647remove:
3648 mgmt_pending_remove(cmd);
3649}
3650
3651static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3652 void *data, u16 data_len)
3653{
3654 struct mgmt_pending_cmd *cmd;
3655 struct hci_request req;
3656 int err;
3657
3658 BT_DBG("%s", hdev->name);
3659
3660 hci_dev_lock(hdev);
3661
3662 if (!hdev_is_powered(hdev)) {
3663 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3664 MGMT_STATUS_NOT_POWERED);
3665 goto unlock;
3666 }
3667
3668 if (!lmp_ssp_capable(hdev)) {
3669 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3670 MGMT_STATUS_NOT_SUPPORTED);
3671 goto unlock;
3672 }
3673
3674 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3676 MGMT_STATUS_BUSY);
3677 goto unlock;
3678 }
3679
3680 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3681 if (!cmd) {
3682 err = -ENOMEM;
3683 goto unlock;
3684 }
3685
3686 hci_req_init(&req, hdev);
3687
3688 if (bredr_sc_enabled(hdev))
3689 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3690 else
3691 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3692
3693 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3694 if (err < 0)
3695 mgmt_pending_remove(cmd);
3696
3697unlock:
3698 hci_dev_unlock(hdev);
3699 return err;
3700}
3701
3702static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3703 void *data, u16 len)
3704{
3705 struct mgmt_addr_info *addr = data;
3706 int err;
3707
3708 BT_DBG("%s ", hdev->name);
3709
3710 if (!bdaddr_type_is_valid(addr->type))
3711 return mgmt_cmd_complete(sk, hdev->id,
3712 MGMT_OP_ADD_REMOTE_OOB_DATA,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 addr, sizeof(*addr));
3715
3716 hci_dev_lock(hdev);
3717
3718 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3719 struct mgmt_cp_add_remote_oob_data *cp = data;
3720 u8 status;
3721
3722 if (cp->addr.type != BDADDR_BREDR) {
3723 err = mgmt_cmd_complete(sk, hdev->id,
3724 MGMT_OP_ADD_REMOTE_OOB_DATA,
3725 MGMT_STATUS_INVALID_PARAMS,
3726 &cp->addr, sizeof(cp->addr));
3727 goto unlock;
3728 }
3729
3730 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3731 cp->addr.type, cp->hash,
3732 cp->rand, NULL, NULL);
3733 if (err < 0)
3734 status = MGMT_STATUS_FAILED;
3735 else
3736 status = MGMT_STATUS_SUCCESS;
3737
3738 err = mgmt_cmd_complete(sk, hdev->id,
3739 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3740 &cp->addr, sizeof(cp->addr));
3741 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3742 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3743 u8 *rand192, *hash192, *rand256, *hash256;
3744 u8 status;
3745
3746 if (bdaddr_type_is_le(cp->addr.type)) {
3747 /* Enforce zero-valued 192-bit parameters as
3748 * long as legacy SMP OOB isn't implemented.
3749 */
3750 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3751 memcmp(cp->hash192, ZERO_KEY, 16)) {
3752 err = mgmt_cmd_complete(sk, hdev->id,
3753 MGMT_OP_ADD_REMOTE_OOB_DATA,
3754 MGMT_STATUS_INVALID_PARAMS,
3755 addr, sizeof(*addr));
3756 goto unlock;
3757 }
3758
3759 rand192 = NULL;
3760 hash192 = NULL;
3761 } else {
3762 /* In case one of the P-192 values is set to zero,
3763 * then just disable OOB data for P-192.
3764 */
3765 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3766 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3767 rand192 = NULL;
3768 hash192 = NULL;
3769 } else {
3770 rand192 = cp->rand192;
3771 hash192 = cp->hash192;
3772 }
3773 }
3774
3775 /* In case one of the P-256 values is set to zero, then just
3776 * disable OOB data for P-256.
3777 */
3778 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3779 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3780 rand256 = NULL;
3781 hash256 = NULL;
3782 } else {
3783 rand256 = cp->rand256;
3784 hash256 = cp->hash256;
3785 }
3786
3787 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3788 cp->addr.type, hash192, rand192,
3789 hash256, rand256);
3790 if (err < 0)
3791 status = MGMT_STATUS_FAILED;
3792 else
3793 status = MGMT_STATUS_SUCCESS;
3794
3795 err = mgmt_cmd_complete(sk, hdev->id,
3796 MGMT_OP_ADD_REMOTE_OOB_DATA,
3797 status, &cp->addr, sizeof(cp->addr));
3798 } else {
3799 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3800 len);
3801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3802 MGMT_STATUS_INVALID_PARAMS);
3803 }
3804
3805unlock:
3806 hci_dev_unlock(hdev);
3807 return err;
3808}
3809
3810static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3811 void *data, u16 len)
3812{
3813 struct mgmt_cp_remove_remote_oob_data *cp = data;
3814 u8 status;
3815 int err;
3816
3817 BT_DBG("%s", hdev->name);
3818
3819 if (cp->addr.type != BDADDR_BREDR)
3820 return mgmt_cmd_complete(sk, hdev->id,
3821 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3822 MGMT_STATUS_INVALID_PARAMS,
3823 &cp->addr, sizeof(cp->addr));
3824
3825 hci_dev_lock(hdev);
3826
3827 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3828 hci_remote_oob_data_clear(hdev);
3829 status = MGMT_STATUS_SUCCESS;
3830 goto done;
3831 }
3832
3833 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3834 if (err < 0)
3835 status = MGMT_STATUS_INVALID_PARAMS;
3836 else
3837 status = MGMT_STATUS_SUCCESS;
3838
3839done:
3840 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3841 status, &cp->addr, sizeof(cp->addr));
3842
3843 hci_dev_unlock(hdev);
3844 return err;
3845}
3846
3847void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3848{
3849 struct mgmt_pending_cmd *cmd;
3850
3851 BT_DBG("status %d", status);
3852
3853 hci_dev_lock(hdev);
3854
3855 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3856 if (!cmd)
3857 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3858
3859 if (!cmd)
3860 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3861
3862 if (cmd) {
3863 cmd->cmd_complete(cmd, mgmt_status(status));
3864 mgmt_pending_remove(cmd);
3865 }
3866
3867 hci_dev_unlock(hdev);
3868}
3869
3870static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3871 uint8_t *mgmt_status)
3872{
3873 switch (type) {
3874 case DISCOV_TYPE_LE:
3875 *mgmt_status = mgmt_le_support(hdev);
3876 if (*mgmt_status)
3877 return false;
3878 break;
3879 case DISCOV_TYPE_INTERLEAVED:
3880 *mgmt_status = mgmt_le_support(hdev);
3881 if (*mgmt_status)
3882 return false;
3883 /* Intentional fall-through */
3884 case DISCOV_TYPE_BREDR:
3885 *mgmt_status = mgmt_bredr_support(hdev);
3886 if (*mgmt_status)
3887 return false;
3888 break;
3889 default:
3890 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3891 return false;
3892 }
3893
3894 return true;
3895}
3896
3897static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3898 u16 op, void *data, u16 len)
3899{
3900 struct mgmt_cp_start_discovery *cp = data;
3901 struct mgmt_pending_cmd *cmd;
3902 u8 status;
3903 int err;
3904
3905 BT_DBG("%s", hdev->name);
3906
3907 hci_dev_lock(hdev);
3908
3909 if (!hdev_is_powered(hdev)) {
3910 err = mgmt_cmd_complete(sk, hdev->id, op,
3911 MGMT_STATUS_NOT_POWERED,
3912 &cp->type, sizeof(cp->type));
3913 goto failed;
3914 }
3915
3916 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3917 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3918 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3919 &cp->type, sizeof(cp->type));
3920 goto failed;
3921 }
3922
3923 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3924 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3925 &cp->type, sizeof(cp->type));
3926 goto failed;
3927 }
3928
3929 /* Clear the discovery filter first to free any previously
3930 * allocated memory for the UUID list.
3931 */
3932 hci_discovery_filter_clear(hdev);
3933
3934 hdev->discovery.type = cp->type;
3935 hdev->discovery.report_invalid_rssi = false;
3936 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3937 hdev->discovery.limited = true;
3938 else
3939 hdev->discovery.limited = false;
3940
3941 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3942 if (!cmd) {
3943 err = -ENOMEM;
3944 goto failed;
3945 }
3946
3947 cmd->cmd_complete = generic_cmd_complete;
3948
3949 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3950 queue_work(hdev->req_workqueue, &hdev->discov_update);
3951 err = 0;
3952
3953failed:
3954 hci_dev_unlock(hdev);
3955 return err;
3956}
3957
3958static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3959 void *data, u16 len)
3960{
3961 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3962 data, len);
3963}
3964
3965static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3966 void *data, u16 len)
3967{
3968 return start_discovery_internal(sk, hdev,
3969 MGMT_OP_START_LIMITED_DISCOVERY,
3970 data, len);
3971}
3972
3973static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3974 u8 status)
3975{
3976 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3977 cmd->param, 1);
3978}
3979
3980static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3981 void *data, u16 len)
3982{
3983 struct mgmt_cp_start_service_discovery *cp = data;
3984 struct mgmt_pending_cmd *cmd;
3985 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3986 u16 uuid_count, expected_len;
3987 u8 status;
3988 int err;
3989
3990 BT_DBG("%s", hdev->name);
3991
3992 hci_dev_lock(hdev);
3993
3994 if (!hdev_is_powered(hdev)) {
3995 err = mgmt_cmd_complete(sk, hdev->id,
3996 MGMT_OP_START_SERVICE_DISCOVERY,
3997 MGMT_STATUS_NOT_POWERED,
3998 &cp->type, sizeof(cp->type));
3999 goto failed;
4000 }
4001
4002 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4003 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4004 err = mgmt_cmd_complete(sk, hdev->id,
4005 MGMT_OP_START_SERVICE_DISCOVERY,
4006 MGMT_STATUS_BUSY, &cp->type,
4007 sizeof(cp->type));
4008 goto failed;
4009 }
4010
4011 uuid_count = __le16_to_cpu(cp->uuid_count);
4012 if (uuid_count > max_uuid_count) {
4013 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4014 uuid_count);
4015 err = mgmt_cmd_complete(sk, hdev->id,
4016 MGMT_OP_START_SERVICE_DISCOVERY,
4017 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4018 sizeof(cp->type));
4019 goto failed;
4020 }
4021
4022 expected_len = sizeof(*cp) + uuid_count * 16;
4023 if (expected_len != len) {
4024 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4025 expected_len, len);
4026 err = mgmt_cmd_complete(sk, hdev->id,
4027 MGMT_OP_START_SERVICE_DISCOVERY,
4028 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4029 sizeof(cp->type));
4030 goto failed;
4031 }
4032
4033 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4034 err = mgmt_cmd_complete(sk, hdev->id,
4035 MGMT_OP_START_SERVICE_DISCOVERY,
4036 status, &cp->type, sizeof(cp->type));
4037 goto failed;
4038 }
4039
4040 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4041 hdev, data, len);
4042 if (!cmd) {
4043 err = -ENOMEM;
4044 goto failed;
4045 }
4046
4047 cmd->cmd_complete = service_discovery_cmd_complete;
4048
4049 /* Clear the discovery filter first to free any previously
4050 * allocated memory for the UUID list.
4051 */
4052 hci_discovery_filter_clear(hdev);
4053
4054 hdev->discovery.result_filtering = true;
4055 hdev->discovery.type = cp->type;
4056 hdev->discovery.rssi = cp->rssi;
4057 hdev->discovery.uuid_count = uuid_count;
4058
4059 if (uuid_count > 0) {
4060 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4061 GFP_KERNEL);
4062 if (!hdev->discovery.uuids) {
4063 err = mgmt_cmd_complete(sk, hdev->id,
4064 MGMT_OP_START_SERVICE_DISCOVERY,
4065 MGMT_STATUS_FAILED,
4066 &cp->type, sizeof(cp->type));
4067 mgmt_pending_remove(cmd);
4068 goto failed;
4069 }
4070 }
4071
4072 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4073 queue_work(hdev->req_workqueue, &hdev->discov_update);
4074 err = 0;
4075
4076failed:
4077 hci_dev_unlock(hdev);
4078 return err;
4079}
4080
4081void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
4082{
4083 struct mgmt_pending_cmd *cmd;
4084
4085 BT_DBG("status %d", status);
4086
4087 hci_dev_lock(hdev);
4088
4089 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4090 if (cmd) {
4091 cmd->cmd_complete(cmd, mgmt_status(status));
4092 mgmt_pending_remove(cmd);
4093 }
4094
4095 hci_dev_unlock(hdev);
4096}
4097
4098static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4099 u16 len)
4100{
4101 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4102 struct mgmt_pending_cmd *cmd;
4103 int err;
4104
4105 BT_DBG("%s", hdev->name);
4106
4107 hci_dev_lock(hdev);
4108
4109 if (!hci_discovery_active(hdev)) {
4110 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4111 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4112 sizeof(mgmt_cp->type));
4113 goto unlock;
4114 }
4115
4116 if (hdev->discovery.type != mgmt_cp->type) {
4117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4118 MGMT_STATUS_INVALID_PARAMS,
4119 &mgmt_cp->type, sizeof(mgmt_cp->type));
4120 goto unlock;
4121 }
4122
4123 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4124 if (!cmd) {
4125 err = -ENOMEM;
4126 goto unlock;
4127 }
4128
4129 cmd->cmd_complete = generic_cmd_complete;
4130
4131 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4132 queue_work(hdev->req_workqueue, &hdev->discov_update);
4133 err = 0;
4134
4135unlock:
4136 hci_dev_unlock(hdev);
4137 return err;
4138}
4139
4140static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4141 u16 len)
4142{
4143 struct mgmt_cp_confirm_name *cp = data;
4144 struct inquiry_entry *e;
4145 int err;
4146
4147 BT_DBG("%s", hdev->name);
4148
4149 hci_dev_lock(hdev);
4150
4151 if (!hci_discovery_active(hdev)) {
4152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4153 MGMT_STATUS_FAILED, &cp->addr,
4154 sizeof(cp->addr));
4155 goto failed;
4156 }
4157
4158 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4159 if (!e) {
4160 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4161 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4162 sizeof(cp->addr));
4163 goto failed;
4164 }
4165
4166 if (cp->name_known) {
4167 e->name_state = NAME_KNOWN;
4168 list_del(&e->list);
4169 } else {
4170 e->name_state = NAME_NEEDED;
4171 hci_inquiry_cache_update_resolve(hdev, e);
4172 }
4173
4174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4175 &cp->addr, sizeof(cp->addr));
4176
4177failed:
4178 hci_dev_unlock(hdev);
4179 return err;
4180}
4181
4182static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4183 u16 len)
4184{
4185 struct mgmt_cp_block_device *cp = data;
4186 u8 status;
4187 int err;
4188
4189 BT_DBG("%s", hdev->name);
4190
4191 if (!bdaddr_type_is_valid(cp->addr.type))
4192 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4193 MGMT_STATUS_INVALID_PARAMS,
4194 &cp->addr, sizeof(cp->addr));
4195
4196 hci_dev_lock(hdev);
4197
4198 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4199 cp->addr.type);
4200 if (err < 0) {
4201 status = MGMT_STATUS_FAILED;
4202 goto done;
4203 }
4204
4205 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4206 sk);
4207 status = MGMT_STATUS_SUCCESS;
4208
4209done:
4210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4211 &cp->addr, sizeof(cp->addr));
4212
4213 hci_dev_unlock(hdev);
4214
4215 return err;
4216}
4217
4218static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4219 u16 len)
4220{
4221 struct mgmt_cp_unblock_device *cp = data;
4222 u8 status;
4223 int err;
4224
4225 BT_DBG("%s", hdev->name);
4226
4227 if (!bdaddr_type_is_valid(cp->addr.type))
4228 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4229 MGMT_STATUS_INVALID_PARAMS,
4230 &cp->addr, sizeof(cp->addr));
4231
4232 hci_dev_lock(hdev);
4233
4234 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4235 cp->addr.type);
4236 if (err < 0) {
4237 status = MGMT_STATUS_INVALID_PARAMS;
4238 goto done;
4239 }
4240
4241 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4242 sk);
4243 status = MGMT_STATUS_SUCCESS;
4244
4245done:
4246 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4247 &cp->addr, sizeof(cp->addr));
4248
4249 hci_dev_unlock(hdev);
4250
4251 return err;
4252}
4253
4254static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4255 u16 len)
4256{
4257 struct mgmt_cp_set_device_id *cp = data;
4258 struct hci_request req;
4259 int err;
4260 __u16 source;
4261
4262 BT_DBG("%s", hdev->name);
4263
4264 source = __le16_to_cpu(cp->source);
4265
4266 if (source > 0x0002)
4267 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4268 MGMT_STATUS_INVALID_PARAMS);
4269
4270 hci_dev_lock(hdev);
4271
4272 hdev->devid_source = source;
4273 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4274 hdev->devid_product = __le16_to_cpu(cp->product);
4275 hdev->devid_version = __le16_to_cpu(cp->version);
4276
4277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4278 NULL, 0);
4279
4280 hci_req_init(&req, hdev);
4281 __hci_req_update_eir(&req);
4282 hci_req_run(&req, NULL);
4283
4284 hci_dev_unlock(hdev);
4285
4286 return err;
4287}
4288
4289static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4290 u16 opcode)
4291{
4292 BT_DBG("status %d", status);
4293}
4294
4295static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4296 u16 opcode)
4297{
4298 struct cmd_lookup match = { NULL, hdev };
4299 struct hci_request req;
4300 u8 instance;
4301 struct adv_info *adv_instance;
4302 int err;
4303
4304 hci_dev_lock(hdev);
4305
4306 if (status) {
4307 u8 mgmt_err = mgmt_status(status);
4308
4309 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4310 cmd_status_rsp, &mgmt_err);
4311 goto unlock;
4312 }
4313
4314 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4315 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4316 else
4317 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4318
4319 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4320 &match);
4321
4322 new_settings(hdev, match.sk);
4323
4324 if (match.sk)
4325 sock_put(match.sk);
4326
4327 /* If "Set Advertising" was just disabled and instance advertising was
4328 * set up earlier, then re-enable multi-instance advertising.
4329 */
4330 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4331 list_empty(&hdev->adv_instances))
4332 goto unlock;
4333
4334 instance = hdev->cur_adv_instance;
4335 if (!instance) {
4336 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4337 struct adv_info, list);
4338 if (!adv_instance)
4339 goto unlock;
4340
4341 instance = adv_instance->instance;
4342 }
4343
4344 hci_req_init(&req, hdev);
4345
4346 err = __hci_req_schedule_adv_instance(&req, instance, true);
4347
4348 if (!err)
4349 err = hci_req_run(&req, enable_advertising_instance);
4350
4351 if (err)
4352 bt_dev_err(hdev, "failed to re-configure advertising");
4353
4354unlock:
4355 hci_dev_unlock(hdev);
4356}
4357
4358static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4359 u16 len)
4360{
4361 struct mgmt_mode *cp = data;
4362 struct mgmt_pending_cmd *cmd;
4363 struct hci_request req;
4364 u8 val, status;
4365 int err;
4366
4367 BT_DBG("request for %s", hdev->name);
4368
4369 status = mgmt_le_support(hdev);
4370 if (status)
4371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4372 status);
4373
4374 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4376 MGMT_STATUS_INVALID_PARAMS);
4377
4378 hci_dev_lock(hdev);
4379
4380 val = !!cp->val;
4381
4382 /* The following conditions are ones which mean that we should
4383 * not do any HCI communication but directly send a mgmt
4384 * response to user space (after toggling the flag if
4385 * necessary).
4386 */
4387 if (!hdev_is_powered(hdev) ||
4388 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4389 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4390 hci_conn_num(hdev, LE_LINK) > 0 ||
4391 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4392 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4393 bool changed;
4394
4395 if (cp->val) {
4396 hdev->cur_adv_instance = 0x00;
4397 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4398 if (cp->val == 0x02)
4399 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4400 else
4401 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4402 } else {
4403 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4404 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4405 }
4406
4407 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4408 if (err < 0)
4409 goto unlock;
4410
4411 if (changed)
4412 err = new_settings(hdev, sk);
4413
4414 goto unlock;
4415 }
4416
4417 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4418 pending_find(MGMT_OP_SET_LE, hdev)) {
4419 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4420 MGMT_STATUS_BUSY);
4421 goto unlock;
4422 }
4423
4424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4425 if (!cmd) {
4426 err = -ENOMEM;
4427 goto unlock;
4428 }
4429
4430 hci_req_init(&req, hdev);
4431
4432 if (cp->val == 0x02)
4433 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4434 else
4435 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4436
4437 cancel_adv_timeout(hdev);
4438
4439 if (val) {
4440 /* Switch to instance "0" for the Set Advertising setting.
4441 * We cannot use update_[adv|scan_rsp]_data() here as the
4442 * HCI_ADVERTISING flag is not yet set.
4443 */
4444 hdev->cur_adv_instance = 0x00;
4445
4446 if (ext_adv_capable(hdev)) {
4447 __hci_req_start_ext_adv(&req, 0x00);
4448 } else {
4449 __hci_req_update_adv_data(&req, 0x00);
4450 __hci_req_update_scan_rsp_data(&req, 0x00);
4451 __hci_req_enable_advertising(&req);
4452 }
4453 } else {
4454 __hci_req_disable_advertising(&req);
4455 }
4456
4457 err = hci_req_run(&req, set_advertising_complete);
4458 if (err < 0)
4459 mgmt_pending_remove(cmd);
4460
4461unlock:
4462 hci_dev_unlock(hdev);
4463 return err;
4464}
4465
4466static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4467 void *data, u16 len)
4468{
4469 struct mgmt_cp_set_static_address *cp = data;
4470 int err;
4471
4472 BT_DBG("%s", hdev->name);
4473
4474 if (!lmp_le_capable(hdev))
4475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4476 MGMT_STATUS_NOT_SUPPORTED);
4477
4478 if (hdev_is_powered(hdev))
4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4480 MGMT_STATUS_REJECTED);
4481
4482 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4483 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4484 return mgmt_cmd_status(sk, hdev->id,
4485 MGMT_OP_SET_STATIC_ADDRESS,
4486 MGMT_STATUS_INVALID_PARAMS);
4487
4488 /* Two most significant bits shall be set */
4489 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4490 return mgmt_cmd_status(sk, hdev->id,
4491 MGMT_OP_SET_STATIC_ADDRESS,
4492 MGMT_STATUS_INVALID_PARAMS);
4493 }
4494
4495 hci_dev_lock(hdev);
4496
4497 bacpy(&hdev->static_addr, &cp->bdaddr);
4498
4499 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4500 if (err < 0)
4501 goto unlock;
4502
4503 err = new_settings(hdev, sk);
4504
4505unlock:
4506 hci_dev_unlock(hdev);
4507 return err;
4508}
4509
4510static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4511 void *data, u16 len)
4512{
4513 struct mgmt_cp_set_scan_params *cp = data;
4514 __u16 interval, window;
4515 int err;
4516
4517 BT_DBG("%s", hdev->name);
4518
4519 if (!lmp_le_capable(hdev))
4520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4521 MGMT_STATUS_NOT_SUPPORTED);
4522
4523 interval = __le16_to_cpu(cp->interval);
4524
4525 if (interval < 0x0004 || interval > 0x4000)
4526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4527 MGMT_STATUS_INVALID_PARAMS);
4528
4529 window = __le16_to_cpu(cp->window);
4530
4531 if (window < 0x0004 || window > 0x4000)
4532 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4533 MGMT_STATUS_INVALID_PARAMS);
4534
4535 if (window > interval)
4536 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4537 MGMT_STATUS_INVALID_PARAMS);
4538
4539 hci_dev_lock(hdev);
4540
4541 hdev->le_scan_interval = interval;
4542 hdev->le_scan_window = window;
4543
4544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4545 NULL, 0);
4546
4547 /* If background scan is running, restart it so new parameters are
4548 * loaded.
4549 */
4550 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4551 hdev->discovery.state == DISCOVERY_STOPPED) {
4552 struct hci_request req;
4553
4554 hci_req_init(&req, hdev);
4555
4556 hci_req_add_le_scan_disable(&req);
4557 hci_req_add_le_passive_scan(&req);
4558
4559 hci_req_run(&req, NULL);
4560 }
4561
4562 hci_dev_unlock(hdev);
4563
4564 return err;
4565}
4566
4567static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4568 u16 opcode)
4569{
4570 struct mgmt_pending_cmd *cmd;
4571
4572 BT_DBG("status 0x%02x", status);
4573
4574 hci_dev_lock(hdev);
4575
4576 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4577 if (!cmd)
4578 goto unlock;
4579
4580 if (status) {
4581 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4582 mgmt_status(status));
4583 } else {
4584 struct mgmt_mode *cp = cmd->param;
4585
4586 if (cp->val)
4587 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4588 else
4589 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4590
4591 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4592 new_settings(hdev, cmd->sk);
4593 }
4594
4595 mgmt_pending_remove(cmd);
4596
4597unlock:
4598 hci_dev_unlock(hdev);
4599}
4600
4601static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4602 void *data, u16 len)
4603{
4604 struct mgmt_mode *cp = data;
4605 struct mgmt_pending_cmd *cmd;
4606 struct hci_request req;
4607 int err;
4608
4609 BT_DBG("%s", hdev->name);
4610
4611 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4612 hdev->hci_ver < BLUETOOTH_VER_1_2)
4613 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4614 MGMT_STATUS_NOT_SUPPORTED);
4615
4616 if (cp->val != 0x00 && cp->val != 0x01)
4617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4618 MGMT_STATUS_INVALID_PARAMS);
4619
4620 hci_dev_lock(hdev);
4621
4622 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4624 MGMT_STATUS_BUSY);
4625 goto unlock;
4626 }
4627
4628 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4629 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4630 hdev);
4631 goto unlock;
4632 }
4633
4634 if (!hdev_is_powered(hdev)) {
4635 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4636 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4637 hdev);
4638 new_settings(hdev, sk);
4639 goto unlock;
4640 }
4641
4642 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4643 data, len);
4644 if (!cmd) {
4645 err = -ENOMEM;
4646 goto unlock;
4647 }
4648
4649 hci_req_init(&req, hdev);
4650
4651 __hci_req_write_fast_connectable(&req, cp->val);
4652
4653 err = hci_req_run(&req, fast_connectable_complete);
4654 if (err < 0) {
4655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4656 MGMT_STATUS_FAILED);
4657 mgmt_pending_remove(cmd);
4658 }
4659
4660unlock:
4661 hci_dev_unlock(hdev);
4662
4663 return err;
4664}
4665
4666static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4667{
4668 struct mgmt_pending_cmd *cmd;
4669
4670 BT_DBG("status 0x%02x", status);
4671
4672 hci_dev_lock(hdev);
4673
4674 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4675 if (!cmd)
4676 goto unlock;
4677
4678 if (status) {
4679 u8 mgmt_err = mgmt_status(status);
4680
4681 /* We need to restore the flag if related HCI commands
4682 * failed.
4683 */
4684 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4685
4686 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4687 } else {
4688 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4689 new_settings(hdev, cmd->sk);
4690 }
4691
4692 mgmt_pending_remove(cmd);
4693
4694unlock:
4695 hci_dev_unlock(hdev);
4696}
4697
4698static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4699{
4700 struct mgmt_mode *cp = data;
4701 struct mgmt_pending_cmd *cmd;
4702 struct hci_request req;
4703 int err;
4704
4705 BT_DBG("request for %s", hdev->name);
4706
4707 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4708 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4709 MGMT_STATUS_NOT_SUPPORTED);
4710
4711 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4713 MGMT_STATUS_REJECTED);
4714
4715 if (cp->val != 0x00 && cp->val != 0x01)
4716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4717 MGMT_STATUS_INVALID_PARAMS);
4718
4719 hci_dev_lock(hdev);
4720
4721 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4722 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4723 goto unlock;
4724 }
4725
4726 if (!hdev_is_powered(hdev)) {
4727 if (!cp->val) {
4728 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4729 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4730 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4731 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4732 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4733 }
4734
4735 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4736
4737 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4738 if (err < 0)
4739 goto unlock;
4740
4741 err = new_settings(hdev, sk);
4742 goto unlock;
4743 }
4744
4745 /* Reject disabling when powered on */
4746 if (!cp->val) {
4747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4748 MGMT_STATUS_REJECTED);
4749 goto unlock;
4750 } else {
4751 /* When configuring a dual-mode controller to operate
4752 * with LE only and using a static address, then switching
4753 * BR/EDR back on is not allowed.
4754 *
4755 * Dual-mode controllers shall operate with the public
4756 * address as its identity address for BR/EDR and LE. So
4757 * reject the attempt to create an invalid configuration.
4758 *
4759 * The same restrictions applies when secure connections
4760 * has been enabled. For BR/EDR this is a controller feature
4761 * while for LE it is a host stack feature. This means that
4762 * switching BR/EDR back on when secure connections has been
4763 * enabled is not a supported transaction.
4764 */
4765 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4766 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4767 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4768 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4769 MGMT_STATUS_REJECTED);
4770 goto unlock;
4771 }
4772 }
4773
4774 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4776 MGMT_STATUS_BUSY);
4777 goto unlock;
4778 }
4779
4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4781 if (!cmd) {
4782 err = -ENOMEM;
4783 goto unlock;
4784 }
4785
4786 /* We need to flip the bit already here so that
4787 * hci_req_update_adv_data generates the correct flags.
4788 */
4789 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4790
4791 hci_req_init(&req, hdev);
4792
4793 __hci_req_write_fast_connectable(&req, false);
4794 __hci_req_update_scan(&req);
4795
4796 /* Since only the advertising data flags will change, there
4797 * is no need to update the scan response data.
4798 */
4799 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4800
4801 err = hci_req_run(&req, set_bredr_complete);
4802 if (err < 0)
4803 mgmt_pending_remove(cmd);
4804
4805unlock:
4806 hci_dev_unlock(hdev);
4807 return err;
4808}
4809
4810static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4811{
4812 struct mgmt_pending_cmd *cmd;
4813 struct mgmt_mode *cp;
4814
4815 BT_DBG("%s status %u", hdev->name, status);
4816
4817 hci_dev_lock(hdev);
4818
4819 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4820 if (!cmd)
4821 goto unlock;
4822
4823 if (status) {
4824 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4825 mgmt_status(status));
4826 goto remove;
4827 }
4828
4829 cp = cmd->param;
4830
4831 switch (cp->val) {
4832 case 0x00:
4833 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4834 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4835 break;
4836 case 0x01:
4837 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4838 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4839 break;
4840 case 0x02:
4841 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4842 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4843 break;
4844 }
4845
4846 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4847 new_settings(hdev, cmd->sk);
4848
4849remove:
4850 mgmt_pending_remove(cmd);
4851unlock:
4852 hci_dev_unlock(hdev);
4853}
4854
4855static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4856 void *data, u16 len)
4857{
4858 struct mgmt_mode *cp = data;
4859 struct mgmt_pending_cmd *cmd;
4860 struct hci_request req;
4861 u8 val;
4862 int err;
4863
4864 BT_DBG("request for %s", hdev->name);
4865
4866 if (!lmp_sc_capable(hdev) &&
4867 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4869 MGMT_STATUS_NOT_SUPPORTED);
4870
4871 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4872 lmp_sc_capable(hdev) &&
4873 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4875 MGMT_STATUS_REJECTED);
4876
4877 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4878 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4879 MGMT_STATUS_INVALID_PARAMS);
4880
4881 hci_dev_lock(hdev);
4882
4883 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4884 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4885 bool changed;
4886
4887 if (cp->val) {
4888 changed = !hci_dev_test_and_set_flag(hdev,
4889 HCI_SC_ENABLED);
4890 if (cp->val == 0x02)
4891 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4892 else
4893 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4894 } else {
4895 changed = hci_dev_test_and_clear_flag(hdev,
4896 HCI_SC_ENABLED);
4897 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4898 }
4899
4900 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4901 if (err < 0)
4902 goto failed;
4903
4904 if (changed)
4905 err = new_settings(hdev, sk);
4906
4907 goto failed;
4908 }
4909
4910 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4911 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4912 MGMT_STATUS_BUSY);
4913 goto failed;
4914 }
4915
4916 val = !!cp->val;
4917
4918 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4919 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4920 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4921 goto failed;
4922 }
4923
4924 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4925 if (!cmd) {
4926 err = -ENOMEM;
4927 goto failed;
4928 }
4929
4930 hci_req_init(&req, hdev);
4931 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4932 err = hci_req_run(&req, sc_enable_complete);
4933 if (err < 0) {
4934 mgmt_pending_remove(cmd);
4935 goto failed;
4936 }
4937
4938failed:
4939 hci_dev_unlock(hdev);
4940 return err;
4941}
4942
4943static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4944 void *data, u16 len)
4945{
4946 struct mgmt_mode *cp = data;
4947 bool changed, use_changed;
4948 int err;
4949
4950 BT_DBG("request for %s", hdev->name);
4951
4952 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4954 MGMT_STATUS_INVALID_PARAMS);
4955
4956 hci_dev_lock(hdev);
4957
4958 if (cp->val)
4959 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4960 else
4961 changed = hci_dev_test_and_clear_flag(hdev,
4962 HCI_KEEP_DEBUG_KEYS);
4963
4964 if (cp->val == 0x02)
4965 use_changed = !hci_dev_test_and_set_flag(hdev,
4966 HCI_USE_DEBUG_KEYS);
4967 else
4968 use_changed = hci_dev_test_and_clear_flag(hdev,
4969 HCI_USE_DEBUG_KEYS);
4970
4971 if (hdev_is_powered(hdev) && use_changed &&
4972 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4973 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4974 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4975 sizeof(mode), &mode);
4976 }
4977
4978 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4979 if (err < 0)
4980 goto unlock;
4981
4982 if (changed)
4983 err = new_settings(hdev, sk);
4984
4985unlock:
4986 hci_dev_unlock(hdev);
4987 return err;
4988}
4989
4990static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4991 u16 len)
4992{
4993 struct mgmt_cp_set_privacy *cp = cp_data;
4994 bool changed;
4995 int err;
4996
4997 BT_DBG("request for %s", hdev->name);
4998
4999 if (!lmp_le_capable(hdev))
5000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5001 MGMT_STATUS_NOT_SUPPORTED);
5002
5003 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
5004 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5005 MGMT_STATUS_INVALID_PARAMS);
5006
5007 if (hdev_is_powered(hdev))
5008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5009 MGMT_STATUS_REJECTED);
5010
5011 hci_dev_lock(hdev);
5012
5013 /* If user space supports this command it is also expected to
5014 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5015 */
5016 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5017
5018 if (cp->privacy) {
5019 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5020 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5021 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5022 hci_adv_instances_set_rpa_expired(hdev, true);
5023 if (cp->privacy == 0x02)
5024 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5025 else
5026 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5027 } else {
5028 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5029 memset(hdev->irk, 0, sizeof(hdev->irk));
5030 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5031 hci_adv_instances_set_rpa_expired(hdev, false);
5032 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
5033 }
5034
5035 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5036 if (err < 0)
5037 goto unlock;
5038
5039 if (changed)
5040 err = new_settings(hdev, sk);
5041
5042unlock:
5043 hci_dev_unlock(hdev);
5044 return err;
5045}
5046
5047static bool irk_is_valid(struct mgmt_irk_info *irk)
5048{
5049 switch (irk->addr.type) {
5050 case BDADDR_LE_PUBLIC:
5051 return true;
5052
5053 case BDADDR_LE_RANDOM:
5054 /* Two most significant bits shall be set */
5055 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5056 return false;
5057 return true;
5058 }
5059
5060 return false;
5061}
5062
5063static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5064 u16 len)
5065{
5066 struct mgmt_cp_load_irks *cp = cp_data;
5067 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5068 sizeof(struct mgmt_irk_info));
5069 u16 irk_count, expected_len;
5070 int i, err;
5071
5072 BT_DBG("request for %s", hdev->name);
5073
5074 if (!lmp_le_capable(hdev))
5075 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5076 MGMT_STATUS_NOT_SUPPORTED);
5077
5078 irk_count = __le16_to_cpu(cp->irk_count);
5079 if (irk_count > max_irk_count) {
5080 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5081 irk_count);
5082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5083 MGMT_STATUS_INVALID_PARAMS);
5084 }
5085
5086 expected_len = struct_size(cp, irks, irk_count);
5087 if (expected_len != len) {
5088 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5089 expected_len, len);
5090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5091 MGMT_STATUS_INVALID_PARAMS);
5092 }
5093
5094 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5095
5096 for (i = 0; i < irk_count; i++) {
5097 struct mgmt_irk_info *key = &cp->irks[i];
5098
5099 if (!irk_is_valid(key))
5100 return mgmt_cmd_status(sk, hdev->id,
5101 MGMT_OP_LOAD_IRKS,
5102 MGMT_STATUS_INVALID_PARAMS);
5103 }
5104
5105 hci_dev_lock(hdev);
5106
5107 hci_smp_irks_clear(hdev);
5108
5109 for (i = 0; i < irk_count; i++) {
5110 struct mgmt_irk_info *irk = &cp->irks[i];
5111
5112 if (hci_is_blocked_key(hdev,
5113 HCI_BLOCKED_KEY_TYPE_IRK,
5114 irk->val)) {
5115 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5116 &irk->addr.bdaddr);
5117 continue;
5118 }
5119
5120 hci_add_irk(hdev, &irk->addr.bdaddr,
5121 le_addr_type(irk->addr.type), irk->val,
5122 BDADDR_ANY);
5123 }
5124
5125 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5126
5127 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5128
5129 hci_dev_unlock(hdev);
5130
5131 return err;
5132}
5133
5134static bool ltk_is_valid(struct mgmt_ltk_info *key)
5135{
5136 if (key->master != 0x00 && key->master != 0x01)
5137 return false;
5138
5139 switch (key->addr.type) {
5140 case BDADDR_LE_PUBLIC:
5141 return true;
5142
5143 case BDADDR_LE_RANDOM:
5144 /* Two most significant bits shall be set */
5145 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5146 return false;
5147 return true;
5148 }
5149
5150 return false;
5151}
5152
5153static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5154 void *cp_data, u16 len)
5155{
5156 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5157 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5158 sizeof(struct mgmt_ltk_info));
5159 u16 key_count, expected_len;
5160 int i, err;
5161
5162 BT_DBG("request for %s", hdev->name);
5163
5164 if (!lmp_le_capable(hdev))
5165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5166 MGMT_STATUS_NOT_SUPPORTED);
5167
5168 key_count = __le16_to_cpu(cp->key_count);
5169 if (key_count > max_key_count) {
5170 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5171 key_count);
5172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5173 MGMT_STATUS_INVALID_PARAMS);
5174 }
5175
5176 expected_len = struct_size(cp, keys, key_count);
5177 if (expected_len != len) {
5178 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5179 expected_len, len);
5180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5181 MGMT_STATUS_INVALID_PARAMS);
5182 }
5183
5184 BT_DBG("%s key_count %u", hdev->name, key_count);
5185
5186 for (i = 0; i < key_count; i++) {
5187 struct mgmt_ltk_info *key = &cp->keys[i];
5188
5189 if (!ltk_is_valid(key))
5190 return mgmt_cmd_status(sk, hdev->id,
5191 MGMT_OP_LOAD_LONG_TERM_KEYS,
5192 MGMT_STATUS_INVALID_PARAMS);
5193 }
5194
5195 hci_dev_lock(hdev);
5196
5197 hci_smp_ltks_clear(hdev);
5198
5199 for (i = 0; i < key_count; i++) {
5200 struct mgmt_ltk_info *key = &cp->keys[i];
5201 u8 type, authenticated;
5202
5203 if (hci_is_blocked_key(hdev,
5204 HCI_BLOCKED_KEY_TYPE_LTK,
5205 key->val)) {
5206 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
5207 &key->addr.bdaddr);
5208 continue;
5209 }
5210
5211 switch (key->type) {
5212 case MGMT_LTK_UNAUTHENTICATED:
5213 authenticated = 0x00;
5214 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5215 break;
5216 case MGMT_LTK_AUTHENTICATED:
5217 authenticated = 0x01;
5218 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5219 break;
5220 case MGMT_LTK_P256_UNAUTH:
5221 authenticated = 0x00;
5222 type = SMP_LTK_P256;
5223 break;
5224 case MGMT_LTK_P256_AUTH:
5225 authenticated = 0x01;
5226 type = SMP_LTK_P256;
5227 break;
5228 case MGMT_LTK_P256_DEBUG:
5229 authenticated = 0x00;
5230 type = SMP_LTK_P256_DEBUG;
5231 /* fall through */
5232 default:
5233 continue;
5234 }
5235
5236 hci_add_ltk(hdev, &key->addr.bdaddr,
5237 le_addr_type(key->addr.type), type, authenticated,
5238 key->val, key->enc_size, key->ediv, key->rand);
5239 }
5240
5241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5242 NULL, 0);
5243
5244 hci_dev_unlock(hdev);
5245
5246 return err;
5247}
5248
5249static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5250{
5251 struct hci_conn *conn = cmd->user_data;
5252 struct mgmt_rp_get_conn_info rp;
5253 int err;
5254
5255 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5256
5257 if (status == MGMT_STATUS_SUCCESS) {
5258 rp.rssi = conn->rssi;
5259 rp.tx_power = conn->tx_power;
5260 rp.max_tx_power = conn->max_tx_power;
5261 } else {
5262 rp.rssi = HCI_RSSI_INVALID;
5263 rp.tx_power = HCI_TX_POWER_INVALID;
5264 rp.max_tx_power = HCI_TX_POWER_INVALID;
5265 }
5266
5267 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5268 status, &rp, sizeof(rp));
5269
5270 hci_conn_drop(conn);
5271 hci_conn_put(conn);
5272
5273 return err;
5274}
5275
5276static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5277 u16 opcode)
5278{
5279 struct hci_cp_read_rssi *cp;
5280 struct mgmt_pending_cmd *cmd;
5281 struct hci_conn *conn;
5282 u16 handle;
5283 u8 status;
5284
5285 BT_DBG("status 0x%02x", hci_status);
5286
5287 hci_dev_lock(hdev);
5288
5289 /* Commands sent in request are either Read RSSI or Read Transmit Power
5290 * Level so we check which one was last sent to retrieve connection
5291 * handle. Both commands have handle as first parameter so it's safe to
5292 * cast data on the same command struct.
5293 *
5294 * First command sent is always Read RSSI and we fail only if it fails.
5295 * In other case we simply override error to indicate success as we
5296 * already remembered if TX power value is actually valid.
5297 */
5298 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5299 if (!cp) {
5300 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5301 status = MGMT_STATUS_SUCCESS;
5302 } else {
5303 status = mgmt_status(hci_status);
5304 }
5305
5306 if (!cp) {
5307 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
5308 goto unlock;
5309 }
5310
5311 handle = __le16_to_cpu(cp->handle);
5312 conn = hci_conn_hash_lookup_handle(hdev, handle);
5313 if (!conn) {
5314 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5315 handle);
5316 goto unlock;
5317 }
5318
5319 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5320 if (!cmd)
5321 goto unlock;
5322
5323 cmd->cmd_complete(cmd, status);
5324 mgmt_pending_remove(cmd);
5325
5326unlock:
5327 hci_dev_unlock(hdev);
5328}
5329
5330static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5331 u16 len)
5332{
5333 struct mgmt_cp_get_conn_info *cp = data;
5334 struct mgmt_rp_get_conn_info rp;
5335 struct hci_conn *conn;
5336 unsigned long conn_info_age;
5337 int err = 0;
5338
5339 BT_DBG("%s", hdev->name);
5340
5341 memset(&rp, 0, sizeof(rp));
5342 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5343 rp.addr.type = cp->addr.type;
5344
5345 if (!bdaddr_type_is_valid(cp->addr.type))
5346 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5347 MGMT_STATUS_INVALID_PARAMS,
5348 &rp, sizeof(rp));
5349
5350 hci_dev_lock(hdev);
5351
5352 if (!hdev_is_powered(hdev)) {
5353 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5354 MGMT_STATUS_NOT_POWERED, &rp,
5355 sizeof(rp));
5356 goto unlock;
5357 }
5358
5359 if (cp->addr.type == BDADDR_BREDR)
5360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5361 &cp->addr.bdaddr);
5362 else
5363 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5364
5365 if (!conn || conn->state != BT_CONNECTED) {
5366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5367 MGMT_STATUS_NOT_CONNECTED, &rp,
5368 sizeof(rp));
5369 goto unlock;
5370 }
5371
5372 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5374 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5375 goto unlock;
5376 }
5377
5378 /* To avoid client trying to guess when to poll again for information we
5379 * calculate conn info age as random value between min/max set in hdev.
5380 */
5381 conn_info_age = hdev->conn_info_min_age +
5382 prandom_u32_max(hdev->conn_info_max_age -
5383 hdev->conn_info_min_age);
5384
5385 /* Query controller to refresh cached values if they are too old or were
5386 * never read.
5387 */
5388 if (time_after(jiffies, conn->conn_info_timestamp +
5389 msecs_to_jiffies(conn_info_age)) ||
5390 !conn->conn_info_timestamp) {
5391 struct hci_request req;
5392 struct hci_cp_read_tx_power req_txp_cp;
5393 struct hci_cp_read_rssi req_rssi_cp;
5394 struct mgmt_pending_cmd *cmd;
5395
5396 hci_req_init(&req, hdev);
5397 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5398 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5399 &req_rssi_cp);
5400
5401 /* For LE links TX power does not change thus we don't need to
5402 * query for it once value is known.
5403 */
5404 if (!bdaddr_type_is_le(cp->addr.type) ||
5405 conn->tx_power == HCI_TX_POWER_INVALID) {
5406 req_txp_cp.handle = cpu_to_le16(conn->handle);
5407 req_txp_cp.type = 0x00;
5408 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5409 sizeof(req_txp_cp), &req_txp_cp);
5410 }
5411
5412 /* Max TX power needs to be read only once per connection */
5413 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5414 req_txp_cp.handle = cpu_to_le16(conn->handle);
5415 req_txp_cp.type = 0x01;
5416 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5417 sizeof(req_txp_cp), &req_txp_cp);
5418 }
5419
5420 err = hci_req_run(&req, conn_info_refresh_complete);
5421 if (err < 0)
5422 goto unlock;
5423
5424 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5425 data, len);
5426 if (!cmd) {
5427 err = -ENOMEM;
5428 goto unlock;
5429 }
5430
5431 hci_conn_hold(conn);
5432 cmd->user_data = hci_conn_get(conn);
5433 cmd->cmd_complete = conn_info_cmd_complete;
5434
5435 conn->conn_info_timestamp = jiffies;
5436 } else {
5437 /* Cache is valid, just reply with values cached in hci_conn */
5438 rp.rssi = conn->rssi;
5439 rp.tx_power = conn->tx_power;
5440 rp.max_tx_power = conn->max_tx_power;
5441
5442 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5443 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5444 }
5445
5446unlock:
5447 hci_dev_unlock(hdev);
5448 return err;
5449}
5450
5451static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5452{
5453 struct hci_conn *conn = cmd->user_data;
5454 struct mgmt_rp_get_clock_info rp;
5455 struct hci_dev *hdev;
5456 int err;
5457
5458 memset(&rp, 0, sizeof(rp));
5459 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5460
5461 if (status)
5462 goto complete;
5463
5464 hdev = hci_dev_get(cmd->index);
5465 if (hdev) {
5466 rp.local_clock = cpu_to_le32(hdev->clock);
5467 hci_dev_put(hdev);
5468 }
5469
5470 if (conn) {
5471 rp.piconet_clock = cpu_to_le32(conn->clock);
5472 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5473 }
5474
5475complete:
5476 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5477 sizeof(rp));
5478
5479 if (conn) {
5480 hci_conn_drop(conn);
5481 hci_conn_put(conn);
5482 }
5483
5484 return err;
5485}
5486
5487static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5488{
5489 struct hci_cp_read_clock *hci_cp;
5490 struct mgmt_pending_cmd *cmd;
5491 struct hci_conn *conn;
5492
5493 BT_DBG("%s status %u", hdev->name, status);
5494
5495 hci_dev_lock(hdev);
5496
5497 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5498 if (!hci_cp)
5499 goto unlock;
5500
5501 if (hci_cp->which) {
5502 u16 handle = __le16_to_cpu(hci_cp->handle);
5503 conn = hci_conn_hash_lookup_handle(hdev, handle);
5504 } else {
5505 conn = NULL;
5506 }
5507
5508 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5509 if (!cmd)
5510 goto unlock;
5511
5512 cmd->cmd_complete(cmd, mgmt_status(status));
5513 mgmt_pending_remove(cmd);
5514
5515unlock:
5516 hci_dev_unlock(hdev);
5517}
5518
5519static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5520 u16 len)
5521{
5522 struct mgmt_cp_get_clock_info *cp = data;
5523 struct mgmt_rp_get_clock_info rp;
5524 struct hci_cp_read_clock hci_cp;
5525 struct mgmt_pending_cmd *cmd;
5526 struct hci_request req;
5527 struct hci_conn *conn;
5528 int err;
5529
5530 BT_DBG("%s", hdev->name);
5531
5532 memset(&rp, 0, sizeof(rp));
5533 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5534 rp.addr.type = cp->addr.type;
5535
5536 if (cp->addr.type != BDADDR_BREDR)
5537 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5538 MGMT_STATUS_INVALID_PARAMS,
5539 &rp, sizeof(rp));
5540
5541 hci_dev_lock(hdev);
5542
5543 if (!hdev_is_powered(hdev)) {
5544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5545 MGMT_STATUS_NOT_POWERED, &rp,
5546 sizeof(rp));
5547 goto unlock;
5548 }
5549
5550 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5551 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5552 &cp->addr.bdaddr);
5553 if (!conn || conn->state != BT_CONNECTED) {
5554 err = mgmt_cmd_complete(sk, hdev->id,
5555 MGMT_OP_GET_CLOCK_INFO,
5556 MGMT_STATUS_NOT_CONNECTED,
5557 &rp, sizeof(rp));
5558 goto unlock;
5559 }
5560 } else {
5561 conn = NULL;
5562 }
5563
5564 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5565 if (!cmd) {
5566 err = -ENOMEM;
5567 goto unlock;
5568 }
5569
5570 cmd->cmd_complete = clock_info_cmd_complete;
5571
5572 hci_req_init(&req, hdev);
5573
5574 memset(&hci_cp, 0, sizeof(hci_cp));
5575 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5576
5577 if (conn) {
5578 hci_conn_hold(conn);
5579 cmd->user_data = hci_conn_get(conn);
5580
5581 hci_cp.handle = cpu_to_le16(conn->handle);
5582 hci_cp.which = 0x01; /* Piconet clock */
5583 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5584 }
5585
5586 err = hci_req_run(&req, get_clock_info_complete);
5587 if (err < 0)
5588 mgmt_pending_remove(cmd);
5589
5590unlock:
5591 hci_dev_unlock(hdev);
5592 return err;
5593}
5594
5595static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5596{
5597 struct hci_conn *conn;
5598
5599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5600 if (!conn)
5601 return false;
5602
5603 if (conn->dst_type != type)
5604 return false;
5605
5606 if (conn->state != BT_CONNECTED)
5607 return false;
5608
5609 return true;
5610}
5611
5612/* This function requires the caller holds hdev->lock */
5613static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5614 u8 addr_type, u8 auto_connect)
5615{
5616 struct hci_conn_params *params;
5617
5618 params = hci_conn_params_add(hdev, addr, addr_type);
5619 if (!params)
5620 return -EIO;
5621
5622 if (params->auto_connect == auto_connect)
5623 return 0;
5624
5625 list_del_init(¶ms->action);
5626
5627 switch (auto_connect) {
5628 case HCI_AUTO_CONN_DISABLED:
5629 case HCI_AUTO_CONN_LINK_LOSS:
5630 /* If auto connect is being disabled when we're trying to
5631 * connect to device, keep connecting.
5632 */
5633 if (params->explicit_connect)
5634 list_add(¶ms->action, &hdev->pend_le_conns);
5635 break;
5636 case HCI_AUTO_CONN_REPORT:
5637 if (params->explicit_connect)
5638 list_add(¶ms->action, &hdev->pend_le_conns);
5639 else
5640 list_add(¶ms->action, &hdev->pend_le_reports);
5641 break;
5642 case HCI_AUTO_CONN_DIRECT:
5643 case HCI_AUTO_CONN_ALWAYS:
5644 if (!is_connected(hdev, addr, addr_type))
5645 list_add(¶ms->action, &hdev->pend_le_conns);
5646 break;
5647 }
5648
5649 params->auto_connect = auto_connect;
5650
5651 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5652 auto_connect);
5653
5654 return 0;
5655}
5656
5657static void device_added(struct sock *sk, struct hci_dev *hdev,
5658 bdaddr_t *bdaddr, u8 type, u8 action)
5659{
5660 struct mgmt_ev_device_added ev;
5661
5662 bacpy(&ev.addr.bdaddr, bdaddr);
5663 ev.addr.type = type;
5664 ev.action = action;
5665
5666 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5667}
5668
5669static int add_device(struct sock *sk, struct hci_dev *hdev,
5670 void *data, u16 len)
5671{
5672 struct mgmt_cp_add_device *cp = data;
5673 u8 auto_conn, addr_type;
5674 int err;
5675
5676 BT_DBG("%s", hdev->name);
5677
5678 if (!bdaddr_type_is_valid(cp->addr.type) ||
5679 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5680 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5681 MGMT_STATUS_INVALID_PARAMS,
5682 &cp->addr, sizeof(cp->addr));
5683
5684 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5685 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5686 MGMT_STATUS_INVALID_PARAMS,
5687 &cp->addr, sizeof(cp->addr));
5688
5689 hci_dev_lock(hdev);
5690
5691 if (cp->addr.type == BDADDR_BREDR) {
5692 /* Only incoming connections action is supported for now */
5693 if (cp->action != 0x01) {
5694 err = mgmt_cmd_complete(sk, hdev->id,
5695 MGMT_OP_ADD_DEVICE,
5696 MGMT_STATUS_INVALID_PARAMS,
5697 &cp->addr, sizeof(cp->addr));
5698 goto unlock;
5699 }
5700
5701 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5702 cp->addr.type);
5703 if (err)
5704 goto unlock;
5705
5706 hci_req_update_scan(hdev);
5707
5708 goto added;
5709 }
5710
5711 addr_type = le_addr_type(cp->addr.type);
5712
5713 if (cp->action == 0x02)
5714 auto_conn = HCI_AUTO_CONN_ALWAYS;
5715 else if (cp->action == 0x01)
5716 auto_conn = HCI_AUTO_CONN_DIRECT;
5717 else
5718 auto_conn = HCI_AUTO_CONN_REPORT;
5719
5720 /* Kernel internally uses conn_params with resolvable private
5721 * address, but Add Device allows only identity addresses.
5722 * Make sure it is enforced before calling
5723 * hci_conn_params_lookup.
5724 */
5725 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5726 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5727 MGMT_STATUS_INVALID_PARAMS,
5728 &cp->addr, sizeof(cp->addr));
5729 goto unlock;
5730 }
5731
5732 /* If the connection parameters don't exist for this device,
5733 * they will be created and configured with defaults.
5734 */
5735 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5736 auto_conn) < 0) {
5737 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5738 MGMT_STATUS_FAILED, &cp->addr,
5739 sizeof(cp->addr));
5740 goto unlock;
5741 }
5742
5743 hci_update_background_scan(hdev);
5744
5745added:
5746 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5747
5748 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5749 MGMT_STATUS_SUCCESS, &cp->addr,
5750 sizeof(cp->addr));
5751
5752unlock:
5753 hci_dev_unlock(hdev);
5754 return err;
5755}
5756
5757static void device_removed(struct sock *sk, struct hci_dev *hdev,
5758 bdaddr_t *bdaddr, u8 type)
5759{
5760 struct mgmt_ev_device_removed ev;
5761
5762 bacpy(&ev.addr.bdaddr, bdaddr);
5763 ev.addr.type = type;
5764
5765 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5766}
5767
5768static int remove_device(struct sock *sk, struct hci_dev *hdev,
5769 void *data, u16 len)
5770{
5771 struct mgmt_cp_remove_device *cp = data;
5772 int err;
5773
5774 BT_DBG("%s", hdev->name);
5775
5776 hci_dev_lock(hdev);
5777
5778 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5779 struct hci_conn_params *params;
5780 u8 addr_type;
5781
5782 if (!bdaddr_type_is_valid(cp->addr.type)) {
5783 err = mgmt_cmd_complete(sk, hdev->id,
5784 MGMT_OP_REMOVE_DEVICE,
5785 MGMT_STATUS_INVALID_PARAMS,
5786 &cp->addr, sizeof(cp->addr));
5787 goto unlock;
5788 }
5789
5790 if (cp->addr.type == BDADDR_BREDR) {
5791 err = hci_bdaddr_list_del(&hdev->whitelist,
5792 &cp->addr.bdaddr,
5793 cp->addr.type);
5794 if (err) {
5795 err = mgmt_cmd_complete(sk, hdev->id,
5796 MGMT_OP_REMOVE_DEVICE,
5797 MGMT_STATUS_INVALID_PARAMS,
5798 &cp->addr,
5799 sizeof(cp->addr));
5800 goto unlock;
5801 }
5802
5803 hci_req_update_scan(hdev);
5804
5805 device_removed(sk, hdev, &cp->addr.bdaddr,
5806 cp->addr.type);
5807 goto complete;
5808 }
5809
5810 addr_type = le_addr_type(cp->addr.type);
5811
5812 /* Kernel internally uses conn_params with resolvable private
5813 * address, but Remove Device allows only identity addresses.
5814 * Make sure it is enforced before calling
5815 * hci_conn_params_lookup.
5816 */
5817 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5818 err = mgmt_cmd_complete(sk, hdev->id,
5819 MGMT_OP_REMOVE_DEVICE,
5820 MGMT_STATUS_INVALID_PARAMS,
5821 &cp->addr, sizeof(cp->addr));
5822 goto unlock;
5823 }
5824
5825 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5826 addr_type);
5827 if (!params) {
5828 err = mgmt_cmd_complete(sk, hdev->id,
5829 MGMT_OP_REMOVE_DEVICE,
5830 MGMT_STATUS_INVALID_PARAMS,
5831 &cp->addr, sizeof(cp->addr));
5832 goto unlock;
5833 }
5834
5835 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5836 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5837 err = mgmt_cmd_complete(sk, hdev->id,
5838 MGMT_OP_REMOVE_DEVICE,
5839 MGMT_STATUS_INVALID_PARAMS,
5840 &cp->addr, sizeof(cp->addr));
5841 goto unlock;
5842 }
5843
5844 list_del(¶ms->action);
5845 list_del(¶ms->list);
5846 kfree(params);
5847 hci_update_background_scan(hdev);
5848
5849 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5850 } else {
5851 struct hci_conn_params *p, *tmp;
5852 struct bdaddr_list *b, *btmp;
5853
5854 if (cp->addr.type) {
5855 err = mgmt_cmd_complete(sk, hdev->id,
5856 MGMT_OP_REMOVE_DEVICE,
5857 MGMT_STATUS_INVALID_PARAMS,
5858 &cp->addr, sizeof(cp->addr));
5859 goto unlock;
5860 }
5861
5862 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5863 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5864 list_del(&b->list);
5865 kfree(b);
5866 }
5867
5868 hci_req_update_scan(hdev);
5869
5870 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5871 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5872 continue;
5873 device_removed(sk, hdev, &p->addr, p->addr_type);
5874 if (p->explicit_connect) {
5875 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5876 continue;
5877 }
5878 list_del(&p->action);
5879 list_del(&p->list);
5880 kfree(p);
5881 }
5882
5883 BT_DBG("All LE connection parameters were removed");
5884
5885 hci_update_background_scan(hdev);
5886 }
5887
5888complete:
5889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5890 MGMT_STATUS_SUCCESS, &cp->addr,
5891 sizeof(cp->addr));
5892unlock:
5893 hci_dev_unlock(hdev);
5894 return err;
5895}
5896
5897static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5898 u16 len)
5899{
5900 struct mgmt_cp_load_conn_param *cp = data;
5901 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5902 sizeof(struct mgmt_conn_param));
5903 u16 param_count, expected_len;
5904 int i;
5905
5906 if (!lmp_le_capable(hdev))
5907 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5908 MGMT_STATUS_NOT_SUPPORTED);
5909
5910 param_count = __le16_to_cpu(cp->param_count);
5911 if (param_count > max_param_count) {
5912 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5913 param_count);
5914 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5915 MGMT_STATUS_INVALID_PARAMS);
5916 }
5917
5918 expected_len = struct_size(cp, params, param_count);
5919 if (expected_len != len) {
5920 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5921 expected_len, len);
5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5923 MGMT_STATUS_INVALID_PARAMS);
5924 }
5925
5926 BT_DBG("%s param_count %u", hdev->name, param_count);
5927
5928 hci_dev_lock(hdev);
5929
5930 hci_conn_params_clear_disabled(hdev);
5931
5932 for (i = 0; i < param_count; i++) {
5933 struct mgmt_conn_param *param = &cp->params[i];
5934 struct hci_conn_params *hci_param;
5935 u16 min, max, latency, timeout;
5936 u8 addr_type;
5937
5938 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5939 param->addr.type);
5940
5941 if (param->addr.type == BDADDR_LE_PUBLIC) {
5942 addr_type = ADDR_LE_DEV_PUBLIC;
5943 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5944 addr_type = ADDR_LE_DEV_RANDOM;
5945 } else {
5946 bt_dev_err(hdev, "ignoring invalid connection parameters");
5947 continue;
5948 }
5949
5950 min = le16_to_cpu(param->min_interval);
5951 max = le16_to_cpu(param->max_interval);
5952 latency = le16_to_cpu(param->latency);
5953 timeout = le16_to_cpu(param->timeout);
5954
5955 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5956 min, max, latency, timeout);
5957
5958 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5959 bt_dev_err(hdev, "ignoring invalid connection parameters");
5960 continue;
5961 }
5962
5963 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5964 addr_type);
5965 if (!hci_param) {
5966 bt_dev_err(hdev, "failed to add connection parameters");
5967 continue;
5968 }
5969
5970 hci_param->conn_min_interval = min;
5971 hci_param->conn_max_interval = max;
5972 hci_param->conn_latency = latency;
5973 hci_param->supervision_timeout = timeout;
5974 }
5975
5976 hci_dev_unlock(hdev);
5977
5978 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5979 NULL, 0);
5980}
5981
5982static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5983 void *data, u16 len)
5984{
5985 struct mgmt_cp_set_external_config *cp = data;
5986 bool changed;
5987 int err;
5988
5989 BT_DBG("%s", hdev->name);
5990
5991 if (hdev_is_powered(hdev))
5992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5993 MGMT_STATUS_REJECTED);
5994
5995 if (cp->config != 0x00 && cp->config != 0x01)
5996 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5997 MGMT_STATUS_INVALID_PARAMS);
5998
5999 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6001 MGMT_STATUS_NOT_SUPPORTED);
6002
6003 hci_dev_lock(hdev);
6004
6005 if (cp->config)
6006 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6007 else
6008 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6009
6010 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6011 if (err < 0)
6012 goto unlock;
6013
6014 if (!changed)
6015 goto unlock;
6016
6017 err = new_options(hdev, sk);
6018
6019 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6020 mgmt_index_removed(hdev);
6021
6022 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6023 hci_dev_set_flag(hdev, HCI_CONFIG);
6024 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6025
6026 queue_work(hdev->req_workqueue, &hdev->power_on);
6027 } else {
6028 set_bit(HCI_RAW, &hdev->flags);
6029 mgmt_index_added(hdev);
6030 }
6031 }
6032
6033unlock:
6034 hci_dev_unlock(hdev);
6035 return err;
6036}
6037
6038static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6039 void *data, u16 len)
6040{
6041 struct mgmt_cp_set_public_address *cp = data;
6042 bool changed;
6043 int err;
6044
6045 BT_DBG("%s", hdev->name);
6046
6047 if (hdev_is_powered(hdev))
6048 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6049 MGMT_STATUS_REJECTED);
6050
6051 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6053 MGMT_STATUS_INVALID_PARAMS);
6054
6055 if (!hdev->set_bdaddr)
6056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6057 MGMT_STATUS_NOT_SUPPORTED);
6058
6059 hci_dev_lock(hdev);
6060
6061 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6062 bacpy(&hdev->public_addr, &cp->bdaddr);
6063
6064 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6065 if (err < 0)
6066 goto unlock;
6067
6068 if (!changed)
6069 goto unlock;
6070
6071 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6072 err = new_options(hdev, sk);
6073
6074 if (is_configured(hdev)) {
6075 mgmt_index_removed(hdev);
6076
6077 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6078
6079 hci_dev_set_flag(hdev, HCI_CONFIG);
6080 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6081
6082 queue_work(hdev->req_workqueue, &hdev->power_on);
6083 }
6084
6085unlock:
6086 hci_dev_unlock(hdev);
6087 return err;
6088}
6089
6090static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6091 u16 opcode, struct sk_buff *skb)
6092{
6093 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6094 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6095 u8 *h192, *r192, *h256, *r256;
6096 struct mgmt_pending_cmd *cmd;
6097 u16 eir_len;
6098 int err;
6099
6100 BT_DBG("%s status %u", hdev->name, status);
6101
6102 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6103 if (!cmd)
6104 return;
6105
6106 mgmt_cp = cmd->param;
6107
6108 if (status) {
6109 status = mgmt_status(status);
6110 eir_len = 0;
6111
6112 h192 = NULL;
6113 r192 = NULL;
6114 h256 = NULL;
6115 r256 = NULL;
6116 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6117 struct hci_rp_read_local_oob_data *rp;
6118
6119 if (skb->len != sizeof(*rp)) {
6120 status = MGMT_STATUS_FAILED;
6121 eir_len = 0;
6122 } else {
6123 status = MGMT_STATUS_SUCCESS;
6124 rp = (void *)skb->data;
6125
6126 eir_len = 5 + 18 + 18;
6127 h192 = rp->hash;
6128 r192 = rp->rand;
6129 h256 = NULL;
6130 r256 = NULL;
6131 }
6132 } else {
6133 struct hci_rp_read_local_oob_ext_data *rp;
6134
6135 if (skb->len != sizeof(*rp)) {
6136 status = MGMT_STATUS_FAILED;
6137 eir_len = 0;
6138 } else {
6139 status = MGMT_STATUS_SUCCESS;
6140 rp = (void *)skb->data;
6141
6142 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6143 eir_len = 5 + 18 + 18;
6144 h192 = NULL;
6145 r192 = NULL;
6146 } else {
6147 eir_len = 5 + 18 + 18 + 18 + 18;
6148 h192 = rp->hash192;
6149 r192 = rp->rand192;
6150 }
6151
6152 h256 = rp->hash256;
6153 r256 = rp->rand256;
6154 }
6155 }
6156
6157 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6158 if (!mgmt_rp)
6159 goto done;
6160
6161 if (status)
6162 goto send_rsp;
6163
6164 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6165 hdev->dev_class, 3);
6166
6167 if (h192 && r192) {
6168 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6169 EIR_SSP_HASH_C192, h192, 16);
6170 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6171 EIR_SSP_RAND_R192, r192, 16);
6172 }
6173
6174 if (h256 && r256) {
6175 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6176 EIR_SSP_HASH_C256, h256, 16);
6177 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6178 EIR_SSP_RAND_R256, r256, 16);
6179 }
6180
6181send_rsp:
6182 mgmt_rp->type = mgmt_cp->type;
6183 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6184
6185 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6186 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6187 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6188 if (err < 0 || status)
6189 goto done;
6190
6191 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6192
6193 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6194 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6195 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6196done:
6197 kfree(mgmt_rp);
6198 mgmt_pending_remove(cmd);
6199}
6200
6201static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6202 struct mgmt_cp_read_local_oob_ext_data *cp)
6203{
6204 struct mgmt_pending_cmd *cmd;
6205 struct hci_request req;
6206 int err;
6207
6208 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6209 cp, sizeof(*cp));
6210 if (!cmd)
6211 return -ENOMEM;
6212
6213 hci_req_init(&req, hdev);
6214
6215 if (bredr_sc_enabled(hdev))
6216 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6217 else
6218 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6219
6220 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6221 if (err < 0) {
6222 mgmt_pending_remove(cmd);
6223 return err;
6224 }
6225
6226 return 0;
6227}
6228
6229static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6230 void *data, u16 data_len)
6231{
6232 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6233 struct mgmt_rp_read_local_oob_ext_data *rp;
6234 size_t rp_len;
6235 u16 eir_len;
6236 u8 status, flags, role, addr[7], hash[16], rand[16];
6237 int err;
6238
6239 BT_DBG("%s", hdev->name);
6240
6241 if (hdev_is_powered(hdev)) {
6242 switch (cp->type) {
6243 case BIT(BDADDR_BREDR):
6244 status = mgmt_bredr_support(hdev);
6245 if (status)
6246 eir_len = 0;
6247 else
6248 eir_len = 5;
6249 break;
6250 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6251 status = mgmt_le_support(hdev);
6252 if (status)
6253 eir_len = 0;
6254 else
6255 eir_len = 9 + 3 + 18 + 18 + 3;
6256 break;
6257 default:
6258 status = MGMT_STATUS_INVALID_PARAMS;
6259 eir_len = 0;
6260 break;
6261 }
6262 } else {
6263 status = MGMT_STATUS_NOT_POWERED;
6264 eir_len = 0;
6265 }
6266
6267 rp_len = sizeof(*rp) + eir_len;
6268 rp = kmalloc(rp_len, GFP_ATOMIC);
6269 if (!rp)
6270 return -ENOMEM;
6271
6272 if (status)
6273 goto complete;
6274
6275 hci_dev_lock(hdev);
6276
6277 eir_len = 0;
6278 switch (cp->type) {
6279 case BIT(BDADDR_BREDR):
6280 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6281 err = read_local_ssp_oob_req(hdev, sk, cp);
6282 hci_dev_unlock(hdev);
6283 if (!err)
6284 goto done;
6285
6286 status = MGMT_STATUS_FAILED;
6287 goto complete;
6288 } else {
6289 eir_len = eir_append_data(rp->eir, eir_len,
6290 EIR_CLASS_OF_DEV,
6291 hdev->dev_class, 3);
6292 }
6293 break;
6294 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6295 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6296 smp_generate_oob(hdev, hash, rand) < 0) {
6297 hci_dev_unlock(hdev);
6298 status = MGMT_STATUS_FAILED;
6299 goto complete;
6300 }
6301
6302 /* This should return the active RPA, but since the RPA
6303 * is only programmed on demand, it is really hard to fill
6304 * this in at the moment. For now disallow retrieving
6305 * local out-of-band data when privacy is in use.
6306 *
6307 * Returning the identity address will not help here since
6308 * pairing happens before the identity resolving key is
6309 * known and thus the connection establishment happens
6310 * based on the RPA and not the identity address.
6311 */
6312 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6313 hci_dev_unlock(hdev);
6314 status = MGMT_STATUS_REJECTED;
6315 goto complete;
6316 }
6317
6318 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6319 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6320 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6321 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6322 memcpy(addr, &hdev->static_addr, 6);
6323 addr[6] = 0x01;
6324 } else {
6325 memcpy(addr, &hdev->bdaddr, 6);
6326 addr[6] = 0x00;
6327 }
6328
6329 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6330 addr, sizeof(addr));
6331
6332 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6333 role = 0x02;
6334 else
6335 role = 0x01;
6336
6337 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6338 &role, sizeof(role));
6339
6340 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6341 eir_len = eir_append_data(rp->eir, eir_len,
6342 EIR_LE_SC_CONFIRM,
6343 hash, sizeof(hash));
6344
6345 eir_len = eir_append_data(rp->eir, eir_len,
6346 EIR_LE_SC_RANDOM,
6347 rand, sizeof(rand));
6348 }
6349
6350 flags = mgmt_get_adv_discov_flags(hdev);
6351
6352 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6353 flags |= LE_AD_NO_BREDR;
6354
6355 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6356 &flags, sizeof(flags));
6357 break;
6358 }
6359
6360 hci_dev_unlock(hdev);
6361
6362 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6363
6364 status = MGMT_STATUS_SUCCESS;
6365
6366complete:
6367 rp->type = cp->type;
6368 rp->eir_len = cpu_to_le16(eir_len);
6369
6370 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6371 status, rp, sizeof(*rp) + eir_len);
6372 if (err < 0 || status)
6373 goto done;
6374
6375 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6376 rp, sizeof(*rp) + eir_len,
6377 HCI_MGMT_OOB_DATA_EVENTS, sk);
6378
6379done:
6380 kfree(rp);
6381
6382 return err;
6383}
6384
6385static u32 get_supported_adv_flags(struct hci_dev *hdev)
6386{
6387 u32 flags = 0;
6388
6389 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6390 flags |= MGMT_ADV_FLAG_DISCOV;
6391 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6392 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6393 flags |= MGMT_ADV_FLAG_APPEARANCE;
6394 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6395
6396 /* In extended adv TX_POWER returned from Set Adv Param
6397 * will be always valid.
6398 */
6399 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6400 ext_adv_capable(hdev))
6401 flags |= MGMT_ADV_FLAG_TX_POWER;
6402
6403 if (ext_adv_capable(hdev)) {
6404 flags |= MGMT_ADV_FLAG_SEC_1M;
6405
6406 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6407 flags |= MGMT_ADV_FLAG_SEC_2M;
6408
6409 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6410 flags |= MGMT_ADV_FLAG_SEC_CODED;
6411 }
6412
6413 return flags;
6414}
6415
6416static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6417 void *data, u16 data_len)
6418{
6419 struct mgmt_rp_read_adv_features *rp;
6420 size_t rp_len;
6421 int err;
6422 struct adv_info *adv_instance;
6423 u32 supported_flags;
6424 u8 *instance;
6425
6426 BT_DBG("%s", hdev->name);
6427
6428 if (!lmp_le_capable(hdev))
6429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6430 MGMT_STATUS_REJECTED);
6431
6432 hci_dev_lock(hdev);
6433
6434 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6435 rp = kmalloc(rp_len, GFP_ATOMIC);
6436 if (!rp) {
6437 hci_dev_unlock(hdev);
6438 return -ENOMEM;
6439 }
6440
6441 supported_flags = get_supported_adv_flags(hdev);
6442
6443 rp->supported_flags = cpu_to_le32(supported_flags);
6444 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6445 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6446 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6447 rp->num_instances = hdev->adv_instance_cnt;
6448
6449 instance = rp->instance;
6450 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6451 *instance = adv_instance->instance;
6452 instance++;
6453 }
6454
6455 hci_dev_unlock(hdev);
6456
6457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6458 MGMT_STATUS_SUCCESS, rp, rp_len);
6459
6460 kfree(rp);
6461
6462 return err;
6463}
6464
6465static u8 calculate_name_len(struct hci_dev *hdev)
6466{
6467 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6468
6469 return append_local_name(hdev, buf, 0);
6470}
6471
6472static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6473 bool is_adv_data)
6474{
6475 u8 max_len = HCI_MAX_AD_LENGTH;
6476
6477 if (is_adv_data) {
6478 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6479 MGMT_ADV_FLAG_LIMITED_DISCOV |
6480 MGMT_ADV_FLAG_MANAGED_FLAGS))
6481 max_len -= 3;
6482
6483 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6484 max_len -= 3;
6485 } else {
6486 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6487 max_len -= calculate_name_len(hdev);
6488
6489 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6490 max_len -= 4;
6491 }
6492
6493 return max_len;
6494}
6495
6496static bool flags_managed(u32 adv_flags)
6497{
6498 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6499 MGMT_ADV_FLAG_LIMITED_DISCOV |
6500 MGMT_ADV_FLAG_MANAGED_FLAGS);
6501}
6502
6503static bool tx_power_managed(u32 adv_flags)
6504{
6505 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6506}
6507
6508static bool name_managed(u32 adv_flags)
6509{
6510 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6511}
6512
6513static bool appearance_managed(u32 adv_flags)
6514{
6515 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6516}
6517
6518static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6519 u8 len, bool is_adv_data)
6520{
6521 int i, cur_len;
6522 u8 max_len;
6523
6524 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6525
6526 if (len > max_len)
6527 return false;
6528
6529 /* Make sure that the data is correctly formatted. */
6530 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6531 cur_len = data[i];
6532
6533 if (data[i + 1] == EIR_FLAGS &&
6534 (!is_adv_data || flags_managed(adv_flags)))
6535 return false;
6536
6537 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6538 return false;
6539
6540 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6541 return false;
6542
6543 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6544 return false;
6545
6546 if (data[i + 1] == EIR_APPEARANCE &&
6547 appearance_managed(adv_flags))
6548 return false;
6549
6550 /* If the current field length would exceed the total data
6551 * length, then it's invalid.
6552 */
6553 if (i + cur_len >= len)
6554 return false;
6555 }
6556
6557 return true;
6558}
6559
6560static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6561 u16 opcode)
6562{
6563 struct mgmt_pending_cmd *cmd;
6564 struct mgmt_cp_add_advertising *cp;
6565 struct mgmt_rp_add_advertising rp;
6566 struct adv_info *adv_instance, *n;
6567 u8 instance;
6568
6569 BT_DBG("status %d", status);
6570
6571 hci_dev_lock(hdev);
6572
6573 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6574
6575 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6576 if (!adv_instance->pending)
6577 continue;
6578
6579 if (!status) {
6580 adv_instance->pending = false;
6581 continue;
6582 }
6583
6584 instance = adv_instance->instance;
6585
6586 if (hdev->cur_adv_instance == instance)
6587 cancel_adv_timeout(hdev);
6588
6589 hci_remove_adv_instance(hdev, instance);
6590 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6591 }
6592
6593 if (!cmd)
6594 goto unlock;
6595
6596 cp = cmd->param;
6597 rp.instance = cp->instance;
6598
6599 if (status)
6600 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6601 mgmt_status(status));
6602 else
6603 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6604 mgmt_status(status), &rp, sizeof(rp));
6605
6606 mgmt_pending_remove(cmd);
6607
6608unlock:
6609 hci_dev_unlock(hdev);
6610}
6611
6612static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6613 void *data, u16 data_len)
6614{
6615 struct mgmt_cp_add_advertising *cp = data;
6616 struct mgmt_rp_add_advertising rp;
6617 u32 flags;
6618 u32 supported_flags, phy_flags;
6619 u8 status;
6620 u16 timeout, duration;
6621 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6622 u8 schedule_instance = 0;
6623 struct adv_info *next_instance;
6624 int err;
6625 struct mgmt_pending_cmd *cmd;
6626 struct hci_request req;
6627
6628 BT_DBG("%s", hdev->name);
6629
6630 status = mgmt_le_support(hdev);
6631 if (status)
6632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6633 status);
6634
6635 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6636 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6637 MGMT_STATUS_INVALID_PARAMS);
6638
6639 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6640 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6641 MGMT_STATUS_INVALID_PARAMS);
6642
6643 flags = __le32_to_cpu(cp->flags);
6644 timeout = __le16_to_cpu(cp->timeout);
6645 duration = __le16_to_cpu(cp->duration);
6646
6647 /* The current implementation only supports a subset of the specified
6648 * flags. Also need to check mutual exclusiveness of sec flags.
6649 */
6650 supported_flags = get_supported_adv_flags(hdev);
6651 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6652 if (flags & ~supported_flags ||
6653 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6655 MGMT_STATUS_INVALID_PARAMS);
6656
6657 hci_dev_lock(hdev);
6658
6659 if (timeout && !hdev_is_powered(hdev)) {
6660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6661 MGMT_STATUS_REJECTED);
6662 goto unlock;
6663 }
6664
6665 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6666 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6667 pending_find(MGMT_OP_SET_LE, hdev)) {
6668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6669 MGMT_STATUS_BUSY);
6670 goto unlock;
6671 }
6672
6673 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6674 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6675 cp->scan_rsp_len, false)) {
6676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6677 MGMT_STATUS_INVALID_PARAMS);
6678 goto unlock;
6679 }
6680
6681 err = hci_add_adv_instance(hdev, cp->instance, flags,
6682 cp->adv_data_len, cp->data,
6683 cp->scan_rsp_len,
6684 cp->data + cp->adv_data_len,
6685 timeout, duration);
6686 if (err < 0) {
6687 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6688 MGMT_STATUS_FAILED);
6689 goto unlock;
6690 }
6691
6692 /* Only trigger an advertising added event if a new instance was
6693 * actually added.
6694 */
6695 if (hdev->adv_instance_cnt > prev_instance_cnt)
6696 mgmt_advertising_added(sk, hdev, cp->instance);
6697
6698 if (hdev->cur_adv_instance == cp->instance) {
6699 /* If the currently advertised instance is being changed then
6700 * cancel the current advertising and schedule the next
6701 * instance. If there is only one instance then the overridden
6702 * advertising data will be visible right away.
6703 */
6704 cancel_adv_timeout(hdev);
6705
6706 next_instance = hci_get_next_instance(hdev, cp->instance);
6707 if (next_instance)
6708 schedule_instance = next_instance->instance;
6709 } else if (!hdev->adv_instance_timeout) {
6710 /* Immediately advertise the new instance if no other
6711 * instance is currently being advertised.
6712 */
6713 schedule_instance = cp->instance;
6714 }
6715
6716 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6717 * there is no instance to be advertised then we have no HCI
6718 * communication to make. Simply return.
6719 */
6720 if (!hdev_is_powered(hdev) ||
6721 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6722 !schedule_instance) {
6723 rp.instance = cp->instance;
6724 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6725 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6726 goto unlock;
6727 }
6728
6729 /* We're good to go, update advertising data, parameters, and start
6730 * advertising.
6731 */
6732 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6733 data_len);
6734 if (!cmd) {
6735 err = -ENOMEM;
6736 goto unlock;
6737 }
6738
6739 hci_req_init(&req, hdev);
6740
6741 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6742
6743 if (!err)
6744 err = hci_req_run(&req, add_advertising_complete);
6745
6746 if (err < 0)
6747 mgmt_pending_remove(cmd);
6748
6749unlock:
6750 hci_dev_unlock(hdev);
6751
6752 return err;
6753}
6754
6755static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6756 u16 opcode)
6757{
6758 struct mgmt_pending_cmd *cmd;
6759 struct mgmt_cp_remove_advertising *cp;
6760 struct mgmt_rp_remove_advertising rp;
6761
6762 BT_DBG("status %d", status);
6763
6764 hci_dev_lock(hdev);
6765
6766 /* A failure status here only means that we failed to disable
6767 * advertising. Otherwise, the advertising instance has been removed,
6768 * so report success.
6769 */
6770 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6771 if (!cmd)
6772 goto unlock;
6773
6774 cp = cmd->param;
6775 rp.instance = cp->instance;
6776
6777 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6778 &rp, sizeof(rp));
6779 mgmt_pending_remove(cmd);
6780
6781unlock:
6782 hci_dev_unlock(hdev);
6783}
6784
6785static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6786 void *data, u16 data_len)
6787{
6788 struct mgmt_cp_remove_advertising *cp = data;
6789 struct mgmt_rp_remove_advertising rp;
6790 struct mgmt_pending_cmd *cmd;
6791 struct hci_request req;
6792 int err;
6793
6794 BT_DBG("%s", hdev->name);
6795
6796 hci_dev_lock(hdev);
6797
6798 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6799 err = mgmt_cmd_status(sk, hdev->id,
6800 MGMT_OP_REMOVE_ADVERTISING,
6801 MGMT_STATUS_INVALID_PARAMS);
6802 goto unlock;
6803 }
6804
6805 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6806 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6807 pending_find(MGMT_OP_SET_LE, hdev)) {
6808 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6809 MGMT_STATUS_BUSY);
6810 goto unlock;
6811 }
6812
6813 if (list_empty(&hdev->adv_instances)) {
6814 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6815 MGMT_STATUS_INVALID_PARAMS);
6816 goto unlock;
6817 }
6818
6819 hci_req_init(&req, hdev);
6820
6821 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6822
6823 if (list_empty(&hdev->adv_instances))
6824 __hci_req_disable_advertising(&req);
6825
6826 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6827 * flag is set or the device isn't powered then we have no HCI
6828 * communication to make. Simply return.
6829 */
6830 if (skb_queue_empty(&req.cmd_q) ||
6831 !hdev_is_powered(hdev) ||
6832 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6833 hci_req_purge(&req);
6834 rp.instance = cp->instance;
6835 err = mgmt_cmd_complete(sk, hdev->id,
6836 MGMT_OP_REMOVE_ADVERTISING,
6837 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6838 goto unlock;
6839 }
6840
6841 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6842 data_len);
6843 if (!cmd) {
6844 err = -ENOMEM;
6845 goto unlock;
6846 }
6847
6848 err = hci_req_run(&req, remove_advertising_complete);
6849 if (err < 0)
6850 mgmt_pending_remove(cmd);
6851
6852unlock:
6853 hci_dev_unlock(hdev);
6854
6855 return err;
6856}
6857
6858static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6859 void *data, u16 data_len)
6860{
6861 struct mgmt_cp_get_adv_size_info *cp = data;
6862 struct mgmt_rp_get_adv_size_info rp;
6863 u32 flags, supported_flags;
6864 int err;
6865
6866 BT_DBG("%s", hdev->name);
6867
6868 if (!lmp_le_capable(hdev))
6869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6870 MGMT_STATUS_REJECTED);
6871
6872 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6874 MGMT_STATUS_INVALID_PARAMS);
6875
6876 flags = __le32_to_cpu(cp->flags);
6877
6878 /* The current implementation only supports a subset of the specified
6879 * flags.
6880 */
6881 supported_flags = get_supported_adv_flags(hdev);
6882 if (flags & ~supported_flags)
6883 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6884 MGMT_STATUS_INVALID_PARAMS);
6885
6886 rp.instance = cp->instance;
6887 rp.flags = cp->flags;
6888 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6889 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6890
6891 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6892 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6893
6894 return err;
6895}
6896
6897static const struct hci_mgmt_handler mgmt_handlers[] = {
6898 { NULL }, /* 0x0000 (no command) */
6899 { read_version, MGMT_READ_VERSION_SIZE,
6900 HCI_MGMT_NO_HDEV |
6901 HCI_MGMT_UNTRUSTED },
6902 { read_commands, MGMT_READ_COMMANDS_SIZE,
6903 HCI_MGMT_NO_HDEV |
6904 HCI_MGMT_UNTRUSTED },
6905 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6906 HCI_MGMT_NO_HDEV |
6907 HCI_MGMT_UNTRUSTED },
6908 { read_controller_info, MGMT_READ_INFO_SIZE,
6909 HCI_MGMT_UNTRUSTED },
6910 { set_powered, MGMT_SETTING_SIZE },
6911 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6912 { set_connectable, MGMT_SETTING_SIZE },
6913 { set_fast_connectable, MGMT_SETTING_SIZE },
6914 { set_bondable, MGMT_SETTING_SIZE },
6915 { set_link_security, MGMT_SETTING_SIZE },
6916 { set_ssp, MGMT_SETTING_SIZE },
6917 { set_hs, MGMT_SETTING_SIZE },
6918 { set_le, MGMT_SETTING_SIZE },
6919 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6920 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6921 { add_uuid, MGMT_ADD_UUID_SIZE },
6922 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6923 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6924 HCI_MGMT_VAR_LEN },
6925 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6926 HCI_MGMT_VAR_LEN },
6927 { disconnect, MGMT_DISCONNECT_SIZE },
6928 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6929 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6930 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6931 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6932 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6933 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6934 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6935 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6936 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6937 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6938 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6939 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6940 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6941 HCI_MGMT_VAR_LEN },
6942 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6943 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6944 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6945 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6946 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6947 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6948 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6949 { set_advertising, MGMT_SETTING_SIZE },
6950 { set_bredr, MGMT_SETTING_SIZE },
6951 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6952 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6953 { set_secure_conn, MGMT_SETTING_SIZE },
6954 { set_debug_keys, MGMT_SETTING_SIZE },
6955 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6956 { load_irks, MGMT_LOAD_IRKS_SIZE,
6957 HCI_MGMT_VAR_LEN },
6958 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6959 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6960 { add_device, MGMT_ADD_DEVICE_SIZE },
6961 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6962 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6963 HCI_MGMT_VAR_LEN },
6964 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6965 HCI_MGMT_NO_HDEV |
6966 HCI_MGMT_UNTRUSTED },
6967 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6968 HCI_MGMT_UNCONFIGURED |
6969 HCI_MGMT_UNTRUSTED },
6970 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6971 HCI_MGMT_UNCONFIGURED },
6972 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6973 HCI_MGMT_UNCONFIGURED },
6974 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6975 HCI_MGMT_VAR_LEN },
6976 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6977 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6978 HCI_MGMT_NO_HDEV |
6979 HCI_MGMT_UNTRUSTED },
6980 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6981 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6982 HCI_MGMT_VAR_LEN },
6983 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6984 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6985 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6986 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6987 HCI_MGMT_UNTRUSTED },
6988 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6989 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6990 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6991 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
6992 HCI_MGMT_VAR_LEN },
6993};
6994
6995void mgmt_index_added(struct hci_dev *hdev)
6996{
6997 struct mgmt_ev_ext_index ev;
6998
6999 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7000 return;
7001
7002 switch (hdev->dev_type) {
7003 case HCI_PRIMARY:
7004 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7005 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7006 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7007 ev.type = 0x01;
7008 } else {
7009 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7010 HCI_MGMT_INDEX_EVENTS);
7011 ev.type = 0x00;
7012 }
7013 break;
7014 case HCI_AMP:
7015 ev.type = 0x02;
7016 break;
7017 default:
7018 return;
7019 }
7020
7021 ev.bus = hdev->bus;
7022
7023 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7024 HCI_MGMT_EXT_INDEX_EVENTS);
7025}
7026
7027void mgmt_index_removed(struct hci_dev *hdev)
7028{
7029 struct mgmt_ev_ext_index ev;
7030 u8 status = MGMT_STATUS_INVALID_INDEX;
7031
7032 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7033 return;
7034
7035 switch (hdev->dev_type) {
7036 case HCI_PRIMARY:
7037 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7038
7039 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7040 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7041 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7042 ev.type = 0x01;
7043 } else {
7044 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7045 HCI_MGMT_INDEX_EVENTS);
7046 ev.type = 0x00;
7047 }
7048 break;
7049 case HCI_AMP:
7050 ev.type = 0x02;
7051 break;
7052 default:
7053 return;
7054 }
7055
7056 ev.bus = hdev->bus;
7057
7058 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7059 HCI_MGMT_EXT_INDEX_EVENTS);
7060}
7061
7062/* This function requires the caller holds hdev->lock */
7063static void restart_le_actions(struct hci_dev *hdev)
7064{
7065 struct hci_conn_params *p;
7066
7067 list_for_each_entry(p, &hdev->le_conn_params, list) {
7068 /* Needed for AUTO_OFF case where might not "really"
7069 * have been powered off.
7070 */
7071 list_del_init(&p->action);
7072
7073 switch (p->auto_connect) {
7074 case HCI_AUTO_CONN_DIRECT:
7075 case HCI_AUTO_CONN_ALWAYS:
7076 list_add(&p->action, &hdev->pend_le_conns);
7077 break;
7078 case HCI_AUTO_CONN_REPORT:
7079 list_add(&p->action, &hdev->pend_le_reports);
7080 break;
7081 default:
7082 break;
7083 }
7084 }
7085}
7086
7087void mgmt_power_on(struct hci_dev *hdev, int err)
7088{
7089 struct cmd_lookup match = { NULL, hdev };
7090
7091 BT_DBG("err %d", err);
7092
7093 hci_dev_lock(hdev);
7094
7095 if (!err) {
7096 restart_le_actions(hdev);
7097 hci_update_background_scan(hdev);
7098 }
7099
7100 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7101
7102 new_settings(hdev, match.sk);
7103
7104 if (match.sk)
7105 sock_put(match.sk);
7106
7107 hci_dev_unlock(hdev);
7108}
7109
7110void __mgmt_power_off(struct hci_dev *hdev)
7111{
7112 struct cmd_lookup match = { NULL, hdev };
7113 u8 status, zero_cod[] = { 0, 0, 0 };
7114
7115 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7116
7117 /* If the power off is because of hdev unregistration let
7118 * use the appropriate INVALID_INDEX status. Otherwise use
7119 * NOT_POWERED. We cover both scenarios here since later in
7120 * mgmt_index_removed() any hci_conn callbacks will have already
7121 * been triggered, potentially causing misleading DISCONNECTED
7122 * status responses.
7123 */
7124 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7125 status = MGMT_STATUS_INVALID_INDEX;
7126 else
7127 status = MGMT_STATUS_NOT_POWERED;
7128
7129 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7130
7131 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7132 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7133 zero_cod, sizeof(zero_cod),
7134 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7135 ext_info_changed(hdev, NULL);
7136 }
7137
7138 new_settings(hdev, match.sk);
7139
7140 if (match.sk)
7141 sock_put(match.sk);
7142}
7143
7144void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7145{
7146 struct mgmt_pending_cmd *cmd;
7147 u8 status;
7148
7149 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7150 if (!cmd)
7151 return;
7152
7153 if (err == -ERFKILL)
7154 status = MGMT_STATUS_RFKILLED;
7155 else
7156 status = MGMT_STATUS_FAILED;
7157
7158 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7159
7160 mgmt_pending_remove(cmd);
7161}
7162
7163void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7164 bool persistent)
7165{
7166 struct mgmt_ev_new_link_key ev;
7167
7168 memset(&ev, 0, sizeof(ev));
7169
7170 ev.store_hint = persistent;
7171 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7172 ev.key.addr.type = BDADDR_BREDR;
7173 ev.key.type = key->type;
7174 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7175 ev.key.pin_len = key->pin_len;
7176
7177 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7178}
7179
7180static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7181{
7182 switch (ltk->type) {
7183 case SMP_LTK:
7184 case SMP_LTK_SLAVE:
7185 if (ltk->authenticated)
7186 return MGMT_LTK_AUTHENTICATED;
7187 return MGMT_LTK_UNAUTHENTICATED;
7188 case SMP_LTK_P256:
7189 if (ltk->authenticated)
7190 return MGMT_LTK_P256_AUTH;
7191 return MGMT_LTK_P256_UNAUTH;
7192 case SMP_LTK_P256_DEBUG:
7193 return MGMT_LTK_P256_DEBUG;
7194 }
7195
7196 return MGMT_LTK_UNAUTHENTICATED;
7197}
7198
7199void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7200{
7201 struct mgmt_ev_new_long_term_key ev;
7202
7203 memset(&ev, 0, sizeof(ev));
7204
7205 /* Devices using resolvable or non-resolvable random addresses
7206 * without providing an identity resolving key don't require
7207 * to store long term keys. Their addresses will change the
7208 * next time around.
7209 *
7210 * Only when a remote device provides an identity address
7211 * make sure the long term key is stored. If the remote
7212 * identity is known, the long term keys are internally
7213 * mapped to the identity address. So allow static random
7214 * and public addresses here.
7215 */
7216 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7217 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7218 ev.store_hint = 0x00;
7219 else
7220 ev.store_hint = persistent;
7221
7222 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7223 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7224 ev.key.type = mgmt_ltk_type(key);
7225 ev.key.enc_size = key->enc_size;
7226 ev.key.ediv = key->ediv;
7227 ev.key.rand = key->rand;
7228
7229 if (key->type == SMP_LTK)
7230 ev.key.master = 1;
7231
7232 /* Make sure we copy only the significant bytes based on the
7233 * encryption key size, and set the rest of the value to zeroes.
7234 */
7235 memcpy(ev.key.val, key->val, key->enc_size);
7236 memset(ev.key.val + key->enc_size, 0,
7237 sizeof(ev.key.val) - key->enc_size);
7238
7239 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7240}
7241
7242void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7243{
7244 struct mgmt_ev_new_irk ev;
7245
7246 memset(&ev, 0, sizeof(ev));
7247
7248 ev.store_hint = persistent;
7249
7250 bacpy(&ev.rpa, &irk->rpa);
7251 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7252 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7253 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7254
7255 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7256}
7257
7258void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7259 bool persistent)
7260{
7261 struct mgmt_ev_new_csrk ev;
7262
7263 memset(&ev, 0, sizeof(ev));
7264
7265 /* Devices using resolvable or non-resolvable random addresses
7266 * without providing an identity resolving key don't require
7267 * to store signature resolving keys. Their addresses will change
7268 * the next time around.
7269 *
7270 * Only when a remote device provides an identity address
7271 * make sure the signature resolving key is stored. So allow
7272 * static random and public addresses here.
7273 */
7274 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7275 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7276 ev.store_hint = 0x00;
7277 else
7278 ev.store_hint = persistent;
7279
7280 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7281 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7282 ev.key.type = csrk->type;
7283 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7284
7285 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7286}
7287
7288void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7289 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7290 u16 max_interval, u16 latency, u16 timeout)
7291{
7292 struct mgmt_ev_new_conn_param ev;
7293
7294 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7295 return;
7296
7297 memset(&ev, 0, sizeof(ev));
7298 bacpy(&ev.addr.bdaddr, bdaddr);
7299 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7300 ev.store_hint = store_hint;
7301 ev.min_interval = cpu_to_le16(min_interval);
7302 ev.max_interval = cpu_to_le16(max_interval);
7303 ev.latency = cpu_to_le16(latency);
7304 ev.timeout = cpu_to_le16(timeout);
7305
7306 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7307}
7308
7309void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7310 u32 flags, u8 *name, u8 name_len)
7311{
7312 char buf[512];
7313 struct mgmt_ev_device_connected *ev = (void *) buf;
7314 u16 eir_len = 0;
7315
7316 bacpy(&ev->addr.bdaddr, &conn->dst);
7317 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7318
7319 ev->flags = __cpu_to_le32(flags);
7320
7321 /* We must ensure that the EIR Data fields are ordered and
7322 * unique. Keep it simple for now and avoid the problem by not
7323 * adding any BR/EDR data to the LE adv.
7324 */
7325 if (conn->le_adv_data_len > 0) {
7326 memcpy(&ev->eir[eir_len],
7327 conn->le_adv_data, conn->le_adv_data_len);
7328 eir_len = conn->le_adv_data_len;
7329 } else {
7330 if (name_len > 0)
7331 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7332 name, name_len);
7333
7334 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7335 eir_len = eir_append_data(ev->eir, eir_len,
7336 EIR_CLASS_OF_DEV,
7337 conn->dev_class, 3);
7338 }
7339
7340 ev->eir_len = cpu_to_le16(eir_len);
7341
7342 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7343 sizeof(*ev) + eir_len, NULL);
7344}
7345
7346static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7347{
7348 struct sock **sk = data;
7349
7350 cmd->cmd_complete(cmd, 0);
7351
7352 *sk = cmd->sk;
7353 sock_hold(*sk);
7354
7355 mgmt_pending_remove(cmd);
7356}
7357
7358static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7359{
7360 struct hci_dev *hdev = data;
7361 struct mgmt_cp_unpair_device *cp = cmd->param;
7362
7363 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7364
7365 cmd->cmd_complete(cmd, 0);
7366 mgmt_pending_remove(cmd);
7367}
7368
7369bool mgmt_powering_down(struct hci_dev *hdev)
7370{
7371 struct mgmt_pending_cmd *cmd;
7372 struct mgmt_mode *cp;
7373
7374 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7375 if (!cmd)
7376 return false;
7377
7378 cp = cmd->param;
7379 if (!cp->val)
7380 return true;
7381
7382 return false;
7383}
7384
7385void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7386 u8 link_type, u8 addr_type, u8 reason,
7387 bool mgmt_connected)
7388{
7389 struct mgmt_ev_device_disconnected ev;
7390 struct sock *sk = NULL;
7391
7392 /* The connection is still in hci_conn_hash so test for 1
7393 * instead of 0 to know if this is the last one.
7394 */
7395 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7396 cancel_delayed_work(&hdev->power_off);
7397 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7398 }
7399
7400 if (!mgmt_connected)
7401 return;
7402
7403 if (link_type != ACL_LINK && link_type != LE_LINK)
7404 return;
7405
7406 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7407
7408 bacpy(&ev.addr.bdaddr, bdaddr);
7409 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7410 ev.reason = reason;
7411
7412 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7413
7414 if (sk)
7415 sock_put(sk);
7416
7417 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7418 hdev);
7419}
7420
7421void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7422 u8 link_type, u8 addr_type, u8 status)
7423{
7424 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7425 struct mgmt_cp_disconnect *cp;
7426 struct mgmt_pending_cmd *cmd;
7427
7428 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7429 hdev);
7430
7431 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7432 if (!cmd)
7433 return;
7434
7435 cp = cmd->param;
7436
7437 if (bacmp(bdaddr, &cp->addr.bdaddr))
7438 return;
7439
7440 if (cp->addr.type != bdaddr_type)
7441 return;
7442
7443 cmd->cmd_complete(cmd, mgmt_status(status));
7444 mgmt_pending_remove(cmd);
7445}
7446
7447void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7448 u8 addr_type, u8 status)
7449{
7450 struct mgmt_ev_connect_failed ev;
7451
7452 /* The connection is still in hci_conn_hash so test for 1
7453 * instead of 0 to know if this is the last one.
7454 */
7455 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7456 cancel_delayed_work(&hdev->power_off);
7457 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7458 }
7459
7460 bacpy(&ev.addr.bdaddr, bdaddr);
7461 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7462 ev.status = mgmt_status(status);
7463
7464 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7465}
7466
7467void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7468{
7469 struct mgmt_ev_pin_code_request ev;
7470
7471 bacpy(&ev.addr.bdaddr, bdaddr);
7472 ev.addr.type = BDADDR_BREDR;
7473 ev.secure = secure;
7474
7475 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7476}
7477
7478void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7479 u8 status)
7480{
7481 struct mgmt_pending_cmd *cmd;
7482
7483 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7484 if (!cmd)
7485 return;
7486
7487 cmd->cmd_complete(cmd, mgmt_status(status));
7488 mgmt_pending_remove(cmd);
7489}
7490
7491void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7492 u8 status)
7493{
7494 struct mgmt_pending_cmd *cmd;
7495
7496 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7497 if (!cmd)
7498 return;
7499
7500 cmd->cmd_complete(cmd, mgmt_status(status));
7501 mgmt_pending_remove(cmd);
7502}
7503
7504int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7505 u8 link_type, u8 addr_type, u32 value,
7506 u8 confirm_hint)
7507{
7508 struct mgmt_ev_user_confirm_request ev;
7509
7510 BT_DBG("%s", hdev->name);
7511
7512 bacpy(&ev.addr.bdaddr, bdaddr);
7513 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7514 ev.confirm_hint = confirm_hint;
7515 ev.value = cpu_to_le32(value);
7516
7517 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7518 NULL);
7519}
7520
7521int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7522 u8 link_type, u8 addr_type)
7523{
7524 struct mgmt_ev_user_passkey_request ev;
7525
7526 BT_DBG("%s", hdev->name);
7527
7528 bacpy(&ev.addr.bdaddr, bdaddr);
7529 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7530
7531 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7532 NULL);
7533}
7534
7535static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7536 u8 link_type, u8 addr_type, u8 status,
7537 u8 opcode)
7538{
7539 struct mgmt_pending_cmd *cmd;
7540
7541 cmd = pending_find(opcode, hdev);
7542 if (!cmd)
7543 return -ENOENT;
7544
7545 cmd->cmd_complete(cmd, mgmt_status(status));
7546 mgmt_pending_remove(cmd);
7547
7548 return 0;
7549}
7550
7551int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7552 u8 link_type, u8 addr_type, u8 status)
7553{
7554 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7555 status, MGMT_OP_USER_CONFIRM_REPLY);
7556}
7557
7558int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7559 u8 link_type, u8 addr_type, u8 status)
7560{
7561 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7562 status,
7563 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7564}
7565
7566int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7567 u8 link_type, u8 addr_type, u8 status)
7568{
7569 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7570 status, MGMT_OP_USER_PASSKEY_REPLY);
7571}
7572
7573int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7574 u8 link_type, u8 addr_type, u8 status)
7575{
7576 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7577 status,
7578 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7579}
7580
7581int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7582 u8 link_type, u8 addr_type, u32 passkey,
7583 u8 entered)
7584{
7585 struct mgmt_ev_passkey_notify ev;
7586
7587 BT_DBG("%s", hdev->name);
7588
7589 bacpy(&ev.addr.bdaddr, bdaddr);
7590 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7591 ev.passkey = __cpu_to_le32(passkey);
7592 ev.entered = entered;
7593
7594 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7595}
7596
7597void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7598{
7599 struct mgmt_ev_auth_failed ev;
7600 struct mgmt_pending_cmd *cmd;
7601 u8 status = mgmt_status(hci_status);
7602
7603 bacpy(&ev.addr.bdaddr, &conn->dst);
7604 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7605 ev.status = status;
7606
7607 cmd = find_pairing(conn);
7608
7609 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7610 cmd ? cmd->sk : NULL);
7611
7612 if (cmd) {
7613 cmd->cmd_complete(cmd, status);
7614 mgmt_pending_remove(cmd);
7615 }
7616}
7617
7618void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7619{
7620 struct cmd_lookup match = { NULL, hdev };
7621 bool changed;
7622
7623 if (status) {
7624 u8 mgmt_err = mgmt_status(status);
7625 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7626 cmd_status_rsp, &mgmt_err);
7627 return;
7628 }
7629
7630 if (test_bit(HCI_AUTH, &hdev->flags))
7631 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7632 else
7633 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7634
7635 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7636 &match);
7637
7638 if (changed)
7639 new_settings(hdev, match.sk);
7640
7641 if (match.sk)
7642 sock_put(match.sk);
7643}
7644
7645static void clear_eir(struct hci_request *req)
7646{
7647 struct hci_dev *hdev = req->hdev;
7648 struct hci_cp_write_eir cp;
7649
7650 if (!lmp_ext_inq_capable(hdev))
7651 return;
7652
7653 memset(hdev->eir, 0, sizeof(hdev->eir));
7654
7655 memset(&cp, 0, sizeof(cp));
7656
7657 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7658}
7659
7660void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7661{
7662 struct cmd_lookup match = { NULL, hdev };
7663 struct hci_request req;
7664 bool changed = false;
7665
7666 if (status) {
7667 u8 mgmt_err = mgmt_status(status);
7668
7669 if (enable && hci_dev_test_and_clear_flag(hdev,
7670 HCI_SSP_ENABLED)) {
7671 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7672 new_settings(hdev, NULL);
7673 }
7674
7675 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7676 &mgmt_err);
7677 return;
7678 }
7679
7680 if (enable) {
7681 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7682 } else {
7683 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7684 if (!changed)
7685 changed = hci_dev_test_and_clear_flag(hdev,
7686 HCI_HS_ENABLED);
7687 else
7688 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7689 }
7690
7691 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7692
7693 if (changed)
7694 new_settings(hdev, match.sk);
7695
7696 if (match.sk)
7697 sock_put(match.sk);
7698
7699 hci_req_init(&req, hdev);
7700
7701 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7702 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7703 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7704 sizeof(enable), &enable);
7705 __hci_req_update_eir(&req);
7706 } else {
7707 clear_eir(&req);
7708 }
7709
7710 hci_req_run(&req, NULL);
7711}
7712
7713static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7714{
7715 struct cmd_lookup *match = data;
7716
7717 if (match->sk == NULL) {
7718 match->sk = cmd->sk;
7719 sock_hold(match->sk);
7720 }
7721}
7722
7723void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7724 u8 status)
7725{
7726 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7727
7728 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7729 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7730 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7731
7732 if (!status) {
7733 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7734 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7735 ext_info_changed(hdev, NULL);
7736 }
7737
7738 if (match.sk)
7739 sock_put(match.sk);
7740}
7741
7742void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7743{
7744 struct mgmt_cp_set_local_name ev;
7745 struct mgmt_pending_cmd *cmd;
7746
7747 if (status)
7748 return;
7749
7750 memset(&ev, 0, sizeof(ev));
7751 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7752 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7753
7754 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7755 if (!cmd) {
7756 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7757
7758 /* If this is a HCI command related to powering on the
7759 * HCI dev don't send any mgmt signals.
7760 */
7761 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7762 return;
7763 }
7764
7765 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7766 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7767 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7768}
7769
7770static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7771{
7772 int i;
7773
7774 for (i = 0; i < uuid_count; i++) {
7775 if (!memcmp(uuid, uuids[i], 16))
7776 return true;
7777 }
7778
7779 return false;
7780}
7781
7782static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7783{
7784 u16 parsed = 0;
7785
7786 while (parsed < eir_len) {
7787 u8 field_len = eir[0];
7788 u8 uuid[16];
7789 int i;
7790
7791 if (field_len == 0)
7792 break;
7793
7794 if (eir_len - parsed < field_len + 1)
7795 break;
7796
7797 switch (eir[1]) {
7798 case EIR_UUID16_ALL:
7799 case EIR_UUID16_SOME:
7800 for (i = 0; i + 3 <= field_len; i += 2) {
7801 memcpy(uuid, bluetooth_base_uuid, 16);
7802 uuid[13] = eir[i + 3];
7803 uuid[12] = eir[i + 2];
7804 if (has_uuid(uuid, uuid_count, uuids))
7805 return true;
7806 }
7807 break;
7808 case EIR_UUID32_ALL:
7809 case EIR_UUID32_SOME:
7810 for (i = 0; i + 5 <= field_len; i += 4) {
7811 memcpy(uuid, bluetooth_base_uuid, 16);
7812 uuid[15] = eir[i + 5];
7813 uuid[14] = eir[i + 4];
7814 uuid[13] = eir[i + 3];
7815 uuid[12] = eir[i + 2];
7816 if (has_uuid(uuid, uuid_count, uuids))
7817 return true;
7818 }
7819 break;
7820 case EIR_UUID128_ALL:
7821 case EIR_UUID128_SOME:
7822 for (i = 0; i + 17 <= field_len; i += 16) {
7823 memcpy(uuid, eir + i + 2, 16);
7824 if (has_uuid(uuid, uuid_count, uuids))
7825 return true;
7826 }
7827 break;
7828 }
7829
7830 parsed += field_len + 1;
7831 eir += field_len + 1;
7832 }
7833
7834 return false;
7835}
7836
7837static void restart_le_scan(struct hci_dev *hdev)
7838{
7839 /* If controller is not scanning we are done. */
7840 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7841 return;
7842
7843 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7844 hdev->discovery.scan_start +
7845 hdev->discovery.scan_duration))
7846 return;
7847
7848 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7849 DISCOV_LE_RESTART_DELAY);
7850}
7851
7852static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7853 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7854{
7855 /* If a RSSI threshold has been specified, and
7856 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7857 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7858 * is set, let it through for further processing, as we might need to
7859 * restart the scan.
7860 *
7861 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7862 * the results are also dropped.
7863 */
7864 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7865 (rssi == HCI_RSSI_INVALID ||
7866 (rssi < hdev->discovery.rssi &&
7867 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7868 return false;
7869
7870 if (hdev->discovery.uuid_count != 0) {
7871 /* If a list of UUIDs is provided in filter, results with no
7872 * matching UUID should be dropped.
7873 */
7874 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7875 hdev->discovery.uuids) &&
7876 !eir_has_uuids(scan_rsp, scan_rsp_len,
7877 hdev->discovery.uuid_count,
7878 hdev->discovery.uuids))
7879 return false;
7880 }
7881
7882 /* If duplicate filtering does not report RSSI changes, then restart
7883 * scanning to ensure updated result with updated RSSI values.
7884 */
7885 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7886 restart_le_scan(hdev);
7887
7888 /* Validate RSSI value against the RSSI threshold once more. */
7889 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7890 rssi < hdev->discovery.rssi)
7891 return false;
7892 }
7893
7894 return true;
7895}
7896
7897void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7898 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7899 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7900{
7901 char buf[512];
7902 struct mgmt_ev_device_found *ev = (void *)buf;
7903 size_t ev_size;
7904
7905 /* Don't send events for a non-kernel initiated discovery. With
7906 * LE one exception is if we have pend_le_reports > 0 in which
7907 * case we're doing passive scanning and want these events.
7908 */
7909 if (!hci_discovery_active(hdev)) {
7910 if (link_type == ACL_LINK)
7911 return;
7912 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7913 return;
7914 }
7915
7916 if (hdev->discovery.result_filtering) {
7917 /* We are using service discovery */
7918 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7919 scan_rsp_len))
7920 return;
7921 }
7922
7923 if (hdev->discovery.limited) {
7924 /* Check for limited discoverable bit */
7925 if (dev_class) {
7926 if (!(dev_class[1] & 0x20))
7927 return;
7928 } else {
7929 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7930 if (!flags || !(flags[0] & LE_AD_LIMITED))
7931 return;
7932 }
7933 }
7934
7935 /* Make sure that the buffer is big enough. The 5 extra bytes
7936 * are for the potential CoD field.
7937 */
7938 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7939 return;
7940
7941 memset(buf, 0, sizeof(buf));
7942
7943 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7944 * RSSI value was reported as 0 when not available. This behavior
7945 * is kept when using device discovery. This is required for full
7946 * backwards compatibility with the API.
7947 *
7948 * However when using service discovery, the value 127 will be
7949 * returned when the RSSI is not available.
7950 */
7951 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7952 link_type == ACL_LINK)
7953 rssi = 0;
7954
7955 bacpy(&ev->addr.bdaddr, bdaddr);
7956 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7957 ev->rssi = rssi;
7958 ev->flags = cpu_to_le32(flags);
7959
7960 if (eir_len > 0)
7961 /* Copy EIR or advertising data into event */
7962 memcpy(ev->eir, eir, eir_len);
7963
7964 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7965 NULL))
7966 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7967 dev_class, 3);
7968
7969 if (scan_rsp_len > 0)
7970 /* Append scan response data to event */
7971 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7972
7973 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7974 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7975
7976 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7977}
7978
7979void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7980 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7981{
7982 struct mgmt_ev_device_found *ev;
7983 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7984 u16 eir_len;
7985
7986 ev = (struct mgmt_ev_device_found *) buf;
7987
7988 memset(buf, 0, sizeof(buf));
7989
7990 bacpy(&ev->addr.bdaddr, bdaddr);
7991 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7992 ev->rssi = rssi;
7993
7994 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7995 name_len);
7996
7997 ev->eir_len = cpu_to_le16(eir_len);
7998
7999 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8000}
8001
8002void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8003{
8004 struct mgmt_ev_discovering ev;
8005
8006 BT_DBG("%s discovering %u", hdev->name, discovering);
8007
8008 memset(&ev, 0, sizeof(ev));
8009 ev.type = hdev->discovery.type;
8010 ev.discovering = discovering;
8011
8012 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8013}
8014
8015static struct hci_mgmt_chan chan = {
8016 .channel = HCI_CHANNEL_CONTROL,
8017 .handler_count = ARRAY_SIZE(mgmt_handlers),
8018 .handlers = mgmt_handlers,
8019 .hdev_init = mgmt_init_hdev,
8020};
8021
8022int mgmt_init(void)
8023{
8024 return hci_mgmt_chan_register(&chan);
8025}
8026
8027void mgmt_exit(void)
8028{
8029 hci_mgmt_chan_unregister(&chan);
8030}