tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / bluetooth / mgmt.c
at v6.3-rc7 10563 lines 271 kB view raw
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/module.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/hci_sock.h> 33#include <net/bluetooth/l2cap.h> 34#include <net/bluetooth/mgmt.h> 35 36#include "hci_request.h" 37#include "smp.h" 38#include "mgmt_util.h" 39#include "mgmt_config.h" 40#include "msft.h" 41#include "eir.h" 42#include "aosp.h" 43 44#define MGMT_VERSION 1 45#define MGMT_REVISION 22 46 47static const u16 mgmt_commands[] = { 48 MGMT_OP_READ_INDEX_LIST, 49 MGMT_OP_READ_INFO, 50 MGMT_OP_SET_POWERED, 51 MGMT_OP_SET_DISCOVERABLE, 52 MGMT_OP_SET_CONNECTABLE, 53 MGMT_OP_SET_FAST_CONNECTABLE, 54 MGMT_OP_SET_BONDABLE, 55 MGMT_OP_SET_LINK_SECURITY, 56 MGMT_OP_SET_SSP, 57 MGMT_OP_SET_HS, 58 MGMT_OP_SET_LE, 59 MGMT_OP_SET_DEV_CLASS, 60 MGMT_OP_SET_LOCAL_NAME, 61 MGMT_OP_ADD_UUID, 62 MGMT_OP_REMOVE_UUID, 63 MGMT_OP_LOAD_LINK_KEYS, 64 MGMT_OP_LOAD_LONG_TERM_KEYS, 65 MGMT_OP_DISCONNECT, 66 MGMT_OP_GET_CONNECTIONS, 67 MGMT_OP_PIN_CODE_REPLY, 68 MGMT_OP_PIN_CODE_NEG_REPLY, 69 MGMT_OP_SET_IO_CAPABILITY, 70 MGMT_OP_PAIR_DEVICE, 71 MGMT_OP_CANCEL_PAIR_DEVICE, 72 MGMT_OP_UNPAIR_DEVICE, 73 MGMT_OP_USER_CONFIRM_REPLY, 74 MGMT_OP_USER_CONFIRM_NEG_REPLY, 75 MGMT_OP_USER_PASSKEY_REPLY, 76 MGMT_OP_USER_PASSKEY_NEG_REPLY, 77 MGMT_OP_READ_LOCAL_OOB_DATA, 78 MGMT_OP_ADD_REMOTE_OOB_DATA, 79 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 80 MGMT_OP_START_DISCOVERY, 81 MGMT_OP_STOP_DISCOVERY, 82 MGMT_OP_CONFIRM_NAME, 83 MGMT_OP_BLOCK_DEVICE, 84 MGMT_OP_UNBLOCK_DEVICE, 85 MGMT_OP_SET_DEVICE_ID, 86 MGMT_OP_SET_ADVERTISING, 87 MGMT_OP_SET_BREDR, 88 MGMT_OP_SET_STATIC_ADDRESS, 89 MGMT_OP_SET_SCAN_PARAMS, 90 MGMT_OP_SET_SECURE_CONN, 91 MGMT_OP_SET_DEBUG_KEYS, 92 MGMT_OP_SET_PRIVACY, 93 MGMT_OP_LOAD_IRKS, 94 MGMT_OP_GET_CONN_INFO, 95 MGMT_OP_GET_CLOCK_INFO, 96 MGMT_OP_ADD_DEVICE, 97 MGMT_OP_REMOVE_DEVICE, 98 MGMT_OP_LOAD_CONN_PARAM, 99 MGMT_OP_READ_UNCONF_INDEX_LIST, 100 MGMT_OP_READ_CONFIG_INFO, 101 MGMT_OP_SET_EXTERNAL_CONFIG, 102 MGMT_OP_SET_PUBLIC_ADDRESS, 103 MGMT_OP_START_SERVICE_DISCOVERY, 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 105 MGMT_OP_READ_EXT_INDEX_LIST, 106 MGMT_OP_READ_ADV_FEATURES, 107 MGMT_OP_ADD_ADVERTISING, 108 MGMT_OP_REMOVE_ADVERTISING, 109 MGMT_OP_GET_ADV_SIZE_INFO, 110 MGMT_OP_START_LIMITED_DISCOVERY, 111 MGMT_OP_READ_EXT_INFO, 112 MGMT_OP_SET_APPEARANCE, 113 MGMT_OP_GET_PHY_CONFIGURATION, 114 MGMT_OP_SET_PHY_CONFIGURATION, 115 MGMT_OP_SET_BLOCKED_KEYS, 116 MGMT_OP_SET_WIDEBAND_SPEECH, 117 MGMT_OP_READ_CONTROLLER_CAP, 118 MGMT_OP_READ_EXP_FEATURES_INFO, 119 MGMT_OP_SET_EXP_FEATURE, 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 121 MGMT_OP_SET_DEF_SYSTEM_CONFIG, 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 123 MGMT_OP_SET_DEF_RUNTIME_CONFIG, 124 MGMT_OP_GET_DEVICE_FLAGS, 125 MGMT_OP_SET_DEVICE_FLAGS, 126 MGMT_OP_READ_ADV_MONITOR_FEATURES, 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 128 MGMT_OP_REMOVE_ADV_MONITOR, 129 MGMT_OP_ADD_EXT_ADV_PARAMS, 130 MGMT_OP_ADD_EXT_ADV_DATA, 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, 132 MGMT_OP_SET_MESH_RECEIVER, 133 MGMT_OP_MESH_READ_FEATURES, 134 MGMT_OP_MESH_SEND, 135 MGMT_OP_MESH_SEND_CANCEL, 136}; 137 138static const u16 mgmt_events[] = { 139 MGMT_EV_CONTROLLER_ERROR, 140 MGMT_EV_INDEX_ADDED, 141 MGMT_EV_INDEX_REMOVED, 142 MGMT_EV_NEW_SETTINGS, 143 MGMT_EV_CLASS_OF_DEV_CHANGED, 144 MGMT_EV_LOCAL_NAME_CHANGED, 145 MGMT_EV_NEW_LINK_KEY, 146 MGMT_EV_NEW_LONG_TERM_KEY, 147 MGMT_EV_DEVICE_CONNECTED, 148 MGMT_EV_DEVICE_DISCONNECTED, 149 MGMT_EV_CONNECT_FAILED, 150 MGMT_EV_PIN_CODE_REQUEST, 151 MGMT_EV_USER_CONFIRM_REQUEST, 152 MGMT_EV_USER_PASSKEY_REQUEST, 153 MGMT_EV_AUTH_FAILED, 154 MGMT_EV_DEVICE_FOUND, 155 MGMT_EV_DISCOVERING, 156 MGMT_EV_DEVICE_BLOCKED, 157 MGMT_EV_DEVICE_UNBLOCKED, 158 MGMT_EV_DEVICE_UNPAIRED, 159 MGMT_EV_PASSKEY_NOTIFY, 160 MGMT_EV_NEW_IRK, 161 MGMT_EV_NEW_CSRK, 162 MGMT_EV_DEVICE_ADDED, 163 MGMT_EV_DEVICE_REMOVED, 164 MGMT_EV_NEW_CONN_PARAM, 165 MGMT_EV_UNCONF_INDEX_ADDED, 166 MGMT_EV_UNCONF_INDEX_REMOVED, 167 MGMT_EV_NEW_CONFIG_OPTIONS, 168 MGMT_EV_EXT_INDEX_ADDED, 169 MGMT_EV_EXT_INDEX_REMOVED, 170 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 171 MGMT_EV_ADVERTISING_ADDED, 172 MGMT_EV_ADVERTISING_REMOVED, 173 MGMT_EV_EXT_INFO_CHANGED, 174 MGMT_EV_PHY_CONFIGURATION_CHANGED, 175 MGMT_EV_EXP_FEATURE_CHANGED, 176 MGMT_EV_DEVICE_FLAGS_CHANGED, 177 MGMT_EV_ADV_MONITOR_ADDED, 178 MGMT_EV_ADV_MONITOR_REMOVED, 179 MGMT_EV_CONTROLLER_SUSPEND, 180 MGMT_EV_CONTROLLER_RESUME, 181 MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 182 MGMT_EV_ADV_MONITOR_DEVICE_LOST, 183}; 184 185static const u16 mgmt_untrusted_commands[] = { 186 MGMT_OP_READ_INDEX_LIST, 187 MGMT_OP_READ_INFO, 188 MGMT_OP_READ_UNCONF_INDEX_LIST, 189 MGMT_OP_READ_CONFIG_INFO, 190 MGMT_OP_READ_EXT_INDEX_LIST, 191 MGMT_OP_READ_EXT_INFO, 192 MGMT_OP_READ_CONTROLLER_CAP, 193 MGMT_OP_READ_EXP_FEATURES_INFO, 194 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 195 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 196}; 197 198static const u16 mgmt_untrusted_events[] = { 199 MGMT_EV_INDEX_ADDED, 200 MGMT_EV_INDEX_REMOVED, 201 MGMT_EV_NEW_SETTINGS, 202 MGMT_EV_CLASS_OF_DEV_CHANGED, 203 MGMT_EV_LOCAL_NAME_CHANGED, 204 MGMT_EV_UNCONF_INDEX_ADDED, 205 MGMT_EV_UNCONF_INDEX_REMOVED, 206 MGMT_EV_NEW_CONFIG_OPTIONS, 207 MGMT_EV_EXT_INDEX_ADDED, 208 MGMT_EV_EXT_INDEX_REMOVED, 209 MGMT_EV_EXT_INFO_CHANGED, 210 MGMT_EV_EXP_FEATURE_CHANGED, 211}; 212 213#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 214 215#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 216 "\x00\x00\x00\x00\x00\x00\x00\x00" 217 218/* HCI to MGMT error code conversion table */ 219static const u8 mgmt_status_table[] = { 220 MGMT_STATUS_SUCCESS, 221 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 222 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 223 MGMT_STATUS_FAILED, /* Hardware Failure */ 224 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 225 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 226 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 227 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 228 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 229 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 230 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 231 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 232 MGMT_STATUS_BUSY, /* Command Disallowed */ 233 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 234 MGMT_STATUS_REJECTED, /* Rejected Security */ 235 MGMT_STATUS_REJECTED, /* Rejected Personal */ 236 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 237 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 238 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 239 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 240 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 241 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 242 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 243 MGMT_STATUS_BUSY, /* Repeated Attempts */ 244 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 245 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 247 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 248 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 249 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 250 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 251 MGMT_STATUS_FAILED, /* Unspecified Error */ 252 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 253 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 254 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 255 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 256 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 257 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 258 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 259 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 260 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 261 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 262 MGMT_STATUS_FAILED, /* Transaction Collision */ 263 MGMT_STATUS_FAILED, /* Reserved for future use */ 264 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 265 MGMT_STATUS_REJECTED, /* QoS Rejected */ 266 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 267 MGMT_STATUS_REJECTED, /* Insufficient Security */ 268 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 269 MGMT_STATUS_FAILED, /* Reserved for future use */ 270 MGMT_STATUS_BUSY, /* Role Switch Pending */ 271 MGMT_STATUS_FAILED, /* Reserved for future use */ 272 MGMT_STATUS_FAILED, /* Slot Violation */ 273 MGMT_STATUS_FAILED, /* Role Switch Failed */ 274 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 275 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 276 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 277 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 278 MGMT_STATUS_BUSY, /* Controller Busy */ 279 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 280 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 281 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 282 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 283 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 284}; 285 286static u8 mgmt_errno_status(int err) 287{ 288 switch (err) { 289 case 0: 290 return MGMT_STATUS_SUCCESS; 291 case -EPERM: 292 return MGMT_STATUS_REJECTED; 293 case -EINVAL: 294 return MGMT_STATUS_INVALID_PARAMS; 295 case -EOPNOTSUPP: 296 return MGMT_STATUS_NOT_SUPPORTED; 297 case -EBUSY: 298 return MGMT_STATUS_BUSY; 299 case -ETIMEDOUT: 300 return MGMT_STATUS_AUTH_FAILED; 301 case -ENOMEM: 302 return MGMT_STATUS_NO_RESOURCES; 303 case -EISCONN: 304 return MGMT_STATUS_ALREADY_CONNECTED; 305 case -ENOTCONN: 306 return MGMT_STATUS_DISCONNECTED; 307 } 308 309 return MGMT_STATUS_FAILED; 310} 311 312static u8 mgmt_status(int err) 313{ 314 if (err < 0) 315 return mgmt_errno_status(err); 316 317 if (err < ARRAY_SIZE(mgmt_status_table)) 318 return mgmt_status_table[err]; 319 320 return MGMT_STATUS_FAILED; 321} 322 323static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 324 u16 len, int flag) 325{ 326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 327 flag, NULL); 328} 329 330static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 331 u16 len, int flag, struct sock *skip_sk) 332{ 333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 334 flag, skip_sk); 335} 336 337static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 338 struct sock *skip_sk) 339{ 340 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 341 HCI_SOCK_TRUSTED, skip_sk); 342} 343 344static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk) 345{ 346 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED, 347 skip_sk); 348} 349 350static u8 le_addr_type(u8 mgmt_addr_type) 351{ 352 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 353 return ADDR_LE_DEV_PUBLIC; 354 else 355 return ADDR_LE_DEV_RANDOM; 356} 357 358void mgmt_fill_version_info(void *ver) 359{ 360 struct mgmt_rp_read_version *rp = ver; 361 362 rp->version = MGMT_VERSION; 363 rp->revision = cpu_to_le16(MGMT_REVISION); 364} 365 366static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 367 u16 data_len) 368{ 369 struct mgmt_rp_read_version rp; 370 371 bt_dev_dbg(hdev, "sock %p", sk); 372 373 mgmt_fill_version_info(&rp); 374 375 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 376 &rp, sizeof(rp)); 377} 378 379static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 380 u16 data_len) 381{ 382 struct mgmt_rp_read_commands *rp; 383 u16 num_commands, num_events; 384 size_t rp_size; 385 int i, err; 386 387 bt_dev_dbg(hdev, "sock %p", sk); 388 389 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 390 num_commands = ARRAY_SIZE(mgmt_commands); 391 num_events = ARRAY_SIZE(mgmt_events); 392 } else { 393 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 394 num_events = ARRAY_SIZE(mgmt_untrusted_events); 395 } 396 397 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 398 399 rp = kmalloc(rp_size, GFP_KERNEL); 400 if (!rp) 401 return -ENOMEM; 402 403 rp->num_commands = cpu_to_le16(num_commands); 404 rp->num_events = cpu_to_le16(num_events); 405 406 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 407 __le16 *opcode = rp->opcodes; 408 409 for (i = 0; i < num_commands; i++, opcode++) 410 put_unaligned_le16(mgmt_commands[i], opcode); 411 412 for (i = 0; i < num_events; i++, opcode++) 413 put_unaligned_le16(mgmt_events[i], opcode); 414 } else { 415 __le16 *opcode = rp->opcodes; 416 417 for (i = 0; i < num_commands; i++, opcode++) 418 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 419 420 for (i = 0; i < num_events; i++, opcode++) 421 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 422 } 423 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 425 rp, rp_size); 426 kfree(rp); 427 428 return err; 429} 430 431static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 432 u16 data_len) 433{ 434 struct mgmt_rp_read_index_list *rp; 435 struct hci_dev *d; 436 size_t rp_len; 437 u16 count; 438 int err; 439 440 bt_dev_dbg(hdev, "sock %p", sk); 441 442 read_lock(&hci_dev_list_lock); 443 444 count = 0; 445 list_for_each_entry(d, &hci_dev_list, list) { 446 if (d->dev_type == HCI_PRIMARY && 447 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 448 count++; 449 } 450 451 rp_len = sizeof(*rp) + (2 * count); 452 rp = kmalloc(rp_len, GFP_ATOMIC); 453 if (!rp) { 454 read_unlock(&hci_dev_list_lock); 455 return -ENOMEM; 456 } 457 458 count = 0; 459 list_for_each_entry(d, &hci_dev_list, list) { 460 if (hci_dev_test_flag(d, HCI_SETUP) || 461 hci_dev_test_flag(d, HCI_CONFIG) || 462 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 463 continue; 464 465 /* Devices marked as raw-only are neither configured 466 * nor unconfigured controllers. 467 */ 468 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 469 continue; 470 471 if (d->dev_type == HCI_PRIMARY && 472 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 473 rp->index[count++] = cpu_to_le16(d->id); 474 bt_dev_dbg(hdev, "Added hci%u", d->id); 475 } 476 } 477 478 rp->num_controllers = cpu_to_le16(count); 479 rp_len = sizeof(*rp) + (2 * count); 480 481 read_unlock(&hci_dev_list_lock); 482 483 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 484 0, rp, rp_len); 485 486 kfree(rp); 487 488 return err; 489} 490 491static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 492 void *data, u16 data_len) 493{ 494 struct mgmt_rp_read_unconf_index_list *rp; 495 struct hci_dev *d; 496 size_t rp_len; 497 u16 count; 498 int err; 499 500 bt_dev_dbg(hdev, "sock %p", sk); 501 502 read_lock(&hci_dev_list_lock); 503 504 count = 0; 505 list_for_each_entry(d, &hci_dev_list, list) { 506 if (d->dev_type == HCI_PRIMARY && 507 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 508 count++; 509 } 510 511 rp_len = sizeof(*rp) + (2 * count); 512 rp = kmalloc(rp_len, GFP_ATOMIC); 513 if (!rp) { 514 read_unlock(&hci_dev_list_lock); 515 return -ENOMEM; 516 } 517 518 count = 0; 519 list_for_each_entry(d, &hci_dev_list, list) { 520 if (hci_dev_test_flag(d, HCI_SETUP) || 521 hci_dev_test_flag(d, HCI_CONFIG) || 522 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 523 continue; 524 525 /* Devices marked as raw-only are neither configured 526 * nor unconfigured controllers. 527 */ 528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 529 continue; 530 531 if (d->dev_type == HCI_PRIMARY && 532 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 533 rp->index[count++] = cpu_to_le16(d->id); 534 bt_dev_dbg(hdev, "Added hci%u", d->id); 535 } 536 } 537 538 rp->num_controllers = cpu_to_le16(count); 539 rp_len = sizeof(*rp) + (2 * count); 540 541 read_unlock(&hci_dev_list_lock); 542 543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 544 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 545 546 kfree(rp); 547 548 return err; 549} 550 551static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 552 void *data, u16 data_len) 553{ 554 struct mgmt_rp_read_ext_index_list *rp; 555 struct hci_dev *d; 556 u16 count; 557 int err; 558 559 bt_dev_dbg(hdev, "sock %p", sk); 560 561 read_lock(&hci_dev_list_lock); 562 563 count = 0; 564 list_for_each_entry(d, &hci_dev_list, list) { 565 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 566 count++; 567 } 568 569 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 570 if (!rp) { 571 read_unlock(&hci_dev_list_lock); 572 return -ENOMEM; 573 } 574 575 count = 0; 576 list_for_each_entry(d, &hci_dev_list, list) { 577 if (hci_dev_test_flag(d, HCI_SETUP) || 578 hci_dev_test_flag(d, HCI_CONFIG) || 579 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 580 continue; 581 582 /* Devices marked as raw-only are neither configured 583 * nor unconfigured controllers. 584 */ 585 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 586 continue; 587 588 if (d->dev_type == HCI_PRIMARY) { 589 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 590 rp->entry[count].type = 0x01; 591 else 592 rp->entry[count].type = 0x00; 593 } else if (d->dev_type == HCI_AMP) { 594 rp->entry[count].type = 0x02; 595 } else { 596 continue; 597 } 598 599 rp->entry[count].bus = d->bus; 600 rp->entry[count++].index = cpu_to_le16(d->id); 601 bt_dev_dbg(hdev, "Added hci%u", d->id); 602 } 603 604 rp->num_controllers = cpu_to_le16(count); 605 606 read_unlock(&hci_dev_list_lock); 607 608 /* If this command is called at least once, then all the 609 * default index and unconfigured index events are disabled 610 * and from now on only extended index events are used. 611 */ 612 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 613 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 614 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 615 616 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 617 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 618 struct_size(rp, entry, count)); 619 620 kfree(rp); 621 622 return err; 623} 624 625static bool is_configured(struct hci_dev *hdev) 626{ 627 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 628 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 629 return false; 630 631 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 632 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 633 !bacmp(&hdev->public_addr, BDADDR_ANY)) 634 return false; 635 636 return true; 637} 638 639static __le32 get_missing_options(struct hci_dev *hdev) 640{ 641 u32 options = 0; 642 643 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 644 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 645 options |= MGMT_OPTION_EXTERNAL_CONFIG; 646 647 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 648 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 649 !bacmp(&hdev->public_addr, BDADDR_ANY)) 650 options |= MGMT_OPTION_PUBLIC_ADDRESS; 651 652 return cpu_to_le32(options); 653} 654 655static int new_options(struct hci_dev *hdev, struct sock *skip) 656{ 657 __le32 options = get_missing_options(hdev); 658 659 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 660 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 661} 662 663static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 664{ 665 __le32 options = get_missing_options(hdev); 666 667 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 668 sizeof(options)); 669} 670 671static int read_config_info(struct sock *sk, struct hci_dev *hdev, 672 void *data, u16 data_len) 673{ 674 struct mgmt_rp_read_config_info rp; 675 u32 options = 0; 676 677 bt_dev_dbg(hdev, "sock %p", sk); 678 679 hci_dev_lock(hdev); 680 681 memset(&rp, 0, sizeof(rp)); 682 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 683 684 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 685 options |= MGMT_OPTION_EXTERNAL_CONFIG; 686 687 if (hdev->set_bdaddr) 688 options |= MGMT_OPTION_PUBLIC_ADDRESS; 689 690 rp.supported_options = cpu_to_le32(options); 691 rp.missing_options = get_missing_options(hdev); 692 693 hci_dev_unlock(hdev); 694 695 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 696 &rp, sizeof(rp)); 697} 698 699static u32 get_supported_phys(struct hci_dev *hdev) 700{ 701 u32 supported_phys = 0; 702 703 if (lmp_bredr_capable(hdev)) { 704 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 705 706 if (hdev->features[0][0] & LMP_3SLOT) 707 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 708 709 if (hdev->features[0][0] & LMP_5SLOT) 710 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 711 712 if (lmp_edr_2m_capable(hdev)) { 713 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 714 715 if (lmp_edr_3slot_capable(hdev)) 716 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 717 718 if (lmp_edr_5slot_capable(hdev)) 719 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 720 721 if (lmp_edr_3m_capable(hdev)) { 722 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 723 724 if (lmp_edr_3slot_capable(hdev)) 725 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 726 727 if (lmp_edr_5slot_capable(hdev)) 728 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 729 } 730 } 731 } 732 733 if (lmp_le_capable(hdev)) { 734 supported_phys |= MGMT_PHY_LE_1M_TX; 735 supported_phys |= MGMT_PHY_LE_1M_RX; 736 737 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 738 supported_phys |= MGMT_PHY_LE_2M_TX; 739 supported_phys |= MGMT_PHY_LE_2M_RX; 740 } 741 742 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 743 supported_phys |= MGMT_PHY_LE_CODED_TX; 744 supported_phys |= MGMT_PHY_LE_CODED_RX; 745 } 746 } 747 748 return supported_phys; 749} 750 751static u32 get_selected_phys(struct hci_dev *hdev) 752{ 753 u32 selected_phys = 0; 754 755 if (lmp_bredr_capable(hdev)) { 756 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 757 758 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 759 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 760 761 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 762 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 763 764 if (lmp_edr_2m_capable(hdev)) { 765 if (!(hdev->pkt_type & HCI_2DH1)) 766 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 767 768 if (lmp_edr_3slot_capable(hdev) && 769 !(hdev->pkt_type & HCI_2DH3)) 770 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 771 772 if (lmp_edr_5slot_capable(hdev) && 773 !(hdev->pkt_type & HCI_2DH5)) 774 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 775 776 if (lmp_edr_3m_capable(hdev)) { 777 if (!(hdev->pkt_type & HCI_3DH1)) 778 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 779 780 if (lmp_edr_3slot_capable(hdev) && 781 !(hdev->pkt_type & HCI_3DH3)) 782 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 783 784 if (lmp_edr_5slot_capable(hdev) && 785 !(hdev->pkt_type & HCI_3DH5)) 786 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 787 } 788 } 789 } 790 791 if (lmp_le_capable(hdev)) { 792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 793 selected_phys |= MGMT_PHY_LE_1M_TX; 794 795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 796 selected_phys |= MGMT_PHY_LE_1M_RX; 797 798 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 799 selected_phys |= MGMT_PHY_LE_2M_TX; 800 801 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 802 selected_phys |= MGMT_PHY_LE_2M_RX; 803 804 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 805 selected_phys |= MGMT_PHY_LE_CODED_TX; 806 807 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 808 selected_phys |= MGMT_PHY_LE_CODED_RX; 809 } 810 811 return selected_phys; 812} 813 814static u32 get_configurable_phys(struct hci_dev *hdev) 815{ 816 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 817 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 818} 819 820static u32 get_supported_settings(struct hci_dev *hdev) 821{ 822 u32 settings = 0; 823 824 settings |= MGMT_SETTING_POWERED; 825 settings |= MGMT_SETTING_BONDABLE; 826 settings |= MGMT_SETTING_DEBUG_KEYS; 827 settings |= MGMT_SETTING_CONNECTABLE; 828 settings |= MGMT_SETTING_DISCOVERABLE; 829 830 if (lmp_bredr_capable(hdev)) { 831 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 832 settings |= MGMT_SETTING_FAST_CONNECTABLE; 833 settings |= MGMT_SETTING_BREDR; 834 settings |= MGMT_SETTING_LINK_SECURITY; 835 836 if (lmp_ssp_capable(hdev)) { 837 settings |= MGMT_SETTING_SSP; 838 if (IS_ENABLED(CONFIG_BT_HS)) 839 settings |= MGMT_SETTING_HS; 840 } 841 842 if (lmp_sc_capable(hdev)) 843 settings |= MGMT_SETTING_SECURE_CONN; 844 845 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 846 &hdev->quirks)) 847 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 848 } 849 850 if (lmp_le_capable(hdev)) { 851 settings |= MGMT_SETTING_LE; 852 settings |= MGMT_SETTING_SECURE_CONN; 853 settings |= MGMT_SETTING_PRIVACY; 854 settings |= MGMT_SETTING_STATIC_ADDRESS; 855 settings |= MGMT_SETTING_ADVERTISING; 856 } 857 858 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 859 hdev->set_bdaddr) 860 settings |= MGMT_SETTING_CONFIGURATION; 861 862 if (cis_central_capable(hdev)) 863 settings |= MGMT_SETTING_CIS_CENTRAL; 864 865 if (cis_peripheral_capable(hdev)) 866 settings |= MGMT_SETTING_CIS_PERIPHERAL; 867 868 settings |= MGMT_SETTING_PHY_CONFIGURATION; 869 870 return settings; 871} 872 873static u32 get_current_settings(struct hci_dev *hdev) 874{ 875 u32 settings = 0; 876 877 if (hdev_is_powered(hdev)) 878 settings |= MGMT_SETTING_POWERED; 879 880 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 881 settings |= MGMT_SETTING_CONNECTABLE; 882 883 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 884 settings |= MGMT_SETTING_FAST_CONNECTABLE; 885 886 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 887 settings |= MGMT_SETTING_DISCOVERABLE; 888 889 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 890 settings |= MGMT_SETTING_BONDABLE; 891 892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 893 settings |= MGMT_SETTING_BREDR; 894 895 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 896 settings |= MGMT_SETTING_LE; 897 898 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 899 settings |= MGMT_SETTING_LINK_SECURITY; 900 901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 902 settings |= MGMT_SETTING_SSP; 903 904 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 905 settings |= MGMT_SETTING_HS; 906 907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 908 settings |= MGMT_SETTING_ADVERTISING; 909 910 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 911 settings |= MGMT_SETTING_SECURE_CONN; 912 913 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 914 settings |= MGMT_SETTING_DEBUG_KEYS; 915 916 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 917 settings |= MGMT_SETTING_PRIVACY; 918 919 /* The current setting for static address has two purposes. The 920 * first is to indicate if the static address will be used and 921 * the second is to indicate if it is actually set. 922 * 923 * This means if the static address is not configured, this flag 924 * will never be set. If the address is configured, then if the 925 * address is actually used decides if the flag is set or not. 926 * 927 * For single mode LE only controllers and dual-mode controllers 928 * with BR/EDR disabled, the existence of the static address will 929 * be evaluated. 930 */ 931 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 932 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 933 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 934 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 935 settings |= MGMT_SETTING_STATIC_ADDRESS; 936 } 937 938 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED)) 939 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 940 941 if (cis_central_capable(hdev)) 942 settings |= MGMT_SETTING_CIS_CENTRAL; 943 944 if (cis_peripheral_capable(hdev)) 945 settings |= MGMT_SETTING_CIS_PERIPHERAL; 946 947 return settings; 948} 949 950static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 951{ 952 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 953} 954 955u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 956{ 957 struct mgmt_pending_cmd *cmd; 958 959 /* If there's a pending mgmt command the flags will not yet have 960 * their final values, so check for this first. 961 */ 962 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 963 if (cmd) { 964 struct mgmt_mode *cp = cmd->param; 965 if (cp->val == 0x01) 966 return LE_AD_GENERAL; 967 else if (cp->val == 0x02) 968 return LE_AD_LIMITED; 969 } else { 970 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 971 return LE_AD_LIMITED; 972 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 973 return LE_AD_GENERAL; 974 } 975 976 return 0; 977} 978 979bool mgmt_get_connectable(struct hci_dev *hdev) 980{ 981 struct mgmt_pending_cmd *cmd; 982 983 /* If there's a pending mgmt command the flag will not yet have 984 * it's final value, so check for this first. 985 */ 986 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 987 if (cmd) { 988 struct mgmt_mode *cp = cmd->param; 989 990 return cp->val; 991 } 992 993 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 994} 995 996static int service_cache_sync(struct hci_dev *hdev, void *data) 997{ 998 hci_update_eir_sync(hdev); 999 hci_update_class_sync(hdev); 1000 1001 return 0; 1002} 1003 1004static void service_cache_off(struct work_struct *work) 1005{ 1006 struct hci_dev *hdev = container_of(work, struct hci_dev, 1007 service_cache.work); 1008 1009 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 1010 return; 1011 1012 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL); 1013} 1014 1015static int rpa_expired_sync(struct hci_dev *hdev, void *data) 1016{ 1017 /* The generation of a new RPA and programming it into the 1018 * controller happens in the hci_req_enable_advertising() 1019 * function. 1020 */ 1021 if (ext_adv_capable(hdev)) 1022 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance); 1023 else 1024 return hci_enable_advertising_sync(hdev); 1025} 1026 1027static void rpa_expired(struct work_struct *work) 1028{ 1029 struct hci_dev *hdev = container_of(work, struct hci_dev, 1030 rpa_expired.work); 1031 1032 bt_dev_dbg(hdev, ""); 1033 1034 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1035 1036 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1037 return; 1038 1039 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL); 1040} 1041 1042static void discov_off(struct work_struct *work) 1043{ 1044 struct hci_dev *hdev = container_of(work, struct hci_dev, 1045 discov_off.work); 1046 1047 bt_dev_dbg(hdev, ""); 1048 1049 hci_dev_lock(hdev); 1050 1051 /* When discoverable timeout triggers, then just make sure 1052 * the limited discoverable flag is cleared. Even in the case 1053 * of a timeout triggered from general discoverable, it is 1054 * safe to unconditionally clear the flag. 1055 */ 1056 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1057 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1058 hdev->discov_timeout = 0; 1059 1060 hci_update_discoverable(hdev); 1061 1062 mgmt_new_settings(hdev); 1063 1064 hci_dev_unlock(hdev); 1065} 1066 1067static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev); 1068 1069static void mesh_send_complete(struct hci_dev *hdev, 1070 struct mgmt_mesh_tx *mesh_tx, bool silent) 1071{ 1072 u8 handle = mesh_tx->handle; 1073 1074 if (!silent) 1075 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle, 1076 sizeof(handle), NULL); 1077 1078 mgmt_mesh_remove(mesh_tx); 1079} 1080 1081static int mesh_send_done_sync(struct hci_dev *hdev, void *data) 1082{ 1083 struct mgmt_mesh_tx *mesh_tx; 1084 1085 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 1086 hci_disable_advertising_sync(hdev); 1087 mesh_tx = mgmt_mesh_next(hdev, NULL); 1088 1089 if (mesh_tx) 1090 mesh_send_complete(hdev, mesh_tx, false); 1091 1092 return 0; 1093} 1094 1095static int mesh_send_sync(struct hci_dev *hdev, void *data); 1096static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err); 1097static void mesh_next(struct hci_dev *hdev, void *data, int err) 1098{ 1099 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL); 1100 1101 if (!mesh_tx) 1102 return; 1103 1104 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 1105 mesh_send_start_complete); 1106 1107 if (err < 0) 1108 mesh_send_complete(hdev, mesh_tx, false); 1109 else 1110 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 1111} 1112 1113static void mesh_send_done(struct work_struct *work) 1114{ 1115 struct hci_dev *hdev = container_of(work, struct hci_dev, 1116 mesh_send_done.work); 1117 1118 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING)) 1119 return; 1120 1121 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next); 1122} 1123 1124static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 1125{ 1126 if (hci_dev_test_flag(hdev, HCI_MGMT)) 1127 return; 1128 1129 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION); 1130 1131 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 1132 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 1133 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 1134 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done); 1135 1136 /* Non-mgmt controlled devices get this bit set 1137 * implicitly so that pairing works for them, however 1138 * for mgmt we require user-space to explicitly enable 1139 * it 1140 */ 1141 hci_dev_clear_flag(hdev, HCI_BONDABLE); 1142 1143 hci_dev_set_flag(hdev, HCI_MGMT); 1144} 1145 1146static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1147 void *data, u16 data_len) 1148{ 1149 struct mgmt_rp_read_info rp; 1150 1151 bt_dev_dbg(hdev, "sock %p", sk); 1152 1153 hci_dev_lock(hdev); 1154 1155 memset(&rp, 0, sizeof(rp)); 1156 1157 bacpy(&rp.bdaddr, &hdev->bdaddr); 1158 1159 rp.version = hdev->hci_ver; 1160 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 1161 1162 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1163 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 1164 1165 memcpy(rp.dev_class, hdev->dev_class, 3); 1166 1167 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 1168 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 1169 1170 hci_dev_unlock(hdev); 1171 1172 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 1173 sizeof(rp)); 1174} 1175 1176static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 1177{ 1178 u16 eir_len = 0; 1179 size_t name_len; 1180 1181 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1182 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1183 hdev->dev_class, 3); 1184 1185 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1186 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1187 hdev->appearance); 1188 1189 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name)); 1190 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1191 hdev->dev_name, name_len); 1192 1193 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name)); 1194 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1195 hdev->short_name, name_len); 1196 1197 return eir_len; 1198} 1199 1200static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1201 void *data, u16 data_len) 1202{ 1203 char buf[512]; 1204 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1205 u16 eir_len; 1206 1207 bt_dev_dbg(hdev, "sock %p", sk); 1208 1209 memset(&buf, 0, sizeof(buf)); 1210 1211 hci_dev_lock(hdev); 1212 1213 bacpy(&rp->bdaddr, &hdev->bdaddr); 1214 1215 rp->version = hdev->hci_ver; 1216 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1217 1218 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1219 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1220 1221 1222 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1223 rp->eir_len = cpu_to_le16(eir_len); 1224 1225 hci_dev_unlock(hdev); 1226 1227 /* If this command is called at least once, then the events 1228 * for class of device and local name changes are disabled 1229 * and only the new extended controller information event 1230 * is used. 1231 */ 1232 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1233 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1234 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1235 1236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1237 sizeof(*rp) + eir_len); 1238} 1239 1240static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1241{ 1242 char buf[512]; 1243 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1244 u16 eir_len; 1245 1246 memset(buf, 0, sizeof(buf)); 1247 1248 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1249 ev->eir_len = cpu_to_le16(eir_len); 1250 1251 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1252 sizeof(*ev) + eir_len, 1253 HCI_MGMT_EXT_INFO_EVENTS, skip); 1254} 1255 1256static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1257{ 1258 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1259 1260 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1261 sizeof(settings)); 1262} 1263 1264void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1265{ 1266 struct mgmt_ev_advertising_added ev; 1267 1268 ev.instance = instance; 1269 1270 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1271} 1272 1273void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1274 u8 instance) 1275{ 1276 struct mgmt_ev_advertising_removed ev; 1277 1278 ev.instance = instance; 1279 1280 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1281} 1282 1283static void cancel_adv_timeout(struct hci_dev *hdev) 1284{ 1285 if (hdev->adv_instance_timeout) { 1286 hdev->adv_instance_timeout = 0; 1287 cancel_delayed_work(&hdev->adv_instance_expire); 1288 } 1289} 1290 1291/* This function requires the caller holds hdev->lock */ 1292static void restart_le_actions(struct hci_dev *hdev) 1293{ 1294 struct hci_conn_params *p; 1295 1296 list_for_each_entry(p, &hdev->le_conn_params, list) { 1297 /* Needed for AUTO_OFF case where might not "really" 1298 * have been powered off. 1299 */ 1300 list_del_init(&p->action); 1301 1302 switch (p->auto_connect) { 1303 case HCI_AUTO_CONN_DIRECT: 1304 case HCI_AUTO_CONN_ALWAYS: 1305 list_add(&p->action, &hdev->pend_le_conns); 1306 break; 1307 case HCI_AUTO_CONN_REPORT: 1308 list_add(&p->action, &hdev->pend_le_reports); 1309 break; 1310 default: 1311 break; 1312 } 1313 } 1314} 1315 1316static int new_settings(struct hci_dev *hdev, struct sock *skip) 1317{ 1318 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1319 1320 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1321 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1322} 1323 1324static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err) 1325{ 1326 struct mgmt_pending_cmd *cmd = data; 1327 struct mgmt_mode *cp; 1328 1329 /* Make sure cmd still outstanding. */ 1330 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev)) 1331 return; 1332 1333 cp = cmd->param; 1334 1335 bt_dev_dbg(hdev, "err %d", err); 1336 1337 if (!err) { 1338 if (cp->val) { 1339 hci_dev_lock(hdev); 1340 restart_le_actions(hdev); 1341 hci_update_passive_scan(hdev); 1342 hci_dev_unlock(hdev); 1343 } 1344 1345 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 1346 1347 /* Only call new_setting for power on as power off is deferred 1348 * to hdev->power_off work which does call hci_dev_do_close. 1349 */ 1350 if (cp->val) 1351 new_settings(hdev, cmd->sk); 1352 } else { 1353 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, 1354 mgmt_status(err)); 1355 } 1356 1357 mgmt_pending_remove(cmd); 1358} 1359 1360static int set_powered_sync(struct hci_dev *hdev, void *data) 1361{ 1362 struct mgmt_pending_cmd *cmd = data; 1363 struct mgmt_mode *cp = cmd->param; 1364 1365 BT_DBG("%s", hdev->name); 1366 1367 return hci_set_powered_sync(hdev, cp->val); 1368} 1369 1370static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1371 u16 len) 1372{ 1373 struct mgmt_mode *cp = data; 1374 struct mgmt_pending_cmd *cmd; 1375 int err; 1376 1377 bt_dev_dbg(hdev, "sock %p", sk); 1378 1379 if (cp->val != 0x00 && cp->val != 0x01) 1380 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1381 MGMT_STATUS_INVALID_PARAMS); 1382 1383 hci_dev_lock(hdev); 1384 1385 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1386 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1387 MGMT_STATUS_BUSY); 1388 goto failed; 1389 } 1390 1391 if (!!cp->val == hdev_is_powered(hdev)) { 1392 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1393 goto failed; 1394 } 1395 1396 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1397 if (!cmd) { 1398 err = -ENOMEM; 1399 goto failed; 1400 } 1401 1402 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd, 1403 mgmt_set_powered_complete); 1404 1405 if (err < 0) 1406 mgmt_pending_remove(cmd); 1407 1408failed: 1409 hci_dev_unlock(hdev); 1410 return err; 1411} 1412 1413int mgmt_new_settings(struct hci_dev *hdev) 1414{ 1415 return new_settings(hdev, NULL); 1416} 1417 1418struct cmd_lookup { 1419 struct sock *sk; 1420 struct hci_dev *hdev; 1421 u8 mgmt_status; 1422}; 1423 1424static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1425{ 1426 struct cmd_lookup *match = data; 1427 1428 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1429 1430 list_del(&cmd->list); 1431 1432 if (match->sk == NULL) { 1433 match->sk = cmd->sk; 1434 sock_hold(match->sk); 1435 } 1436 1437 mgmt_pending_free(cmd); 1438} 1439 1440static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1441{ 1442 u8 *status = data; 1443 1444 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1445 mgmt_pending_remove(cmd); 1446} 1447 1448static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1449{ 1450 if (cmd->cmd_complete) { 1451 u8 *status = data; 1452 1453 cmd->cmd_complete(cmd, *status); 1454 mgmt_pending_remove(cmd); 1455 1456 return; 1457 } 1458 1459 cmd_status_rsp(cmd, data); 1460} 1461 1462static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1463{ 1464 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1465 cmd->param, cmd->param_len); 1466} 1467 1468static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1469{ 1470 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1471 cmd->param, sizeof(struct mgmt_addr_info)); 1472} 1473 1474static u8 mgmt_bredr_support(struct hci_dev *hdev) 1475{ 1476 if (!lmp_bredr_capable(hdev)) 1477 return MGMT_STATUS_NOT_SUPPORTED; 1478 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1479 return MGMT_STATUS_REJECTED; 1480 else 1481 return MGMT_STATUS_SUCCESS; 1482} 1483 1484static u8 mgmt_le_support(struct hci_dev *hdev) 1485{ 1486 if (!lmp_le_capable(hdev)) 1487 return MGMT_STATUS_NOT_SUPPORTED; 1488 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1489 return MGMT_STATUS_REJECTED; 1490 else 1491 return MGMT_STATUS_SUCCESS; 1492} 1493 1494static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data, 1495 int err) 1496{ 1497 struct mgmt_pending_cmd *cmd = data; 1498 1499 bt_dev_dbg(hdev, "err %d", err); 1500 1501 /* Make sure cmd still outstanding. */ 1502 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 1503 return; 1504 1505 hci_dev_lock(hdev); 1506 1507 if (err) { 1508 u8 mgmt_err = mgmt_status(err); 1509 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1510 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1511 goto done; 1512 } 1513 1514 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1515 hdev->discov_timeout > 0) { 1516 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1517 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1518 } 1519 1520 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1521 new_settings(hdev, cmd->sk); 1522 1523done: 1524 mgmt_pending_remove(cmd); 1525 hci_dev_unlock(hdev); 1526} 1527 1528static int set_discoverable_sync(struct hci_dev *hdev, void *data) 1529{ 1530 BT_DBG("%s", hdev->name); 1531 1532 return hci_update_discoverable_sync(hdev); 1533} 1534 1535static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1536 u16 len) 1537{ 1538 struct mgmt_cp_set_discoverable *cp = data; 1539 struct mgmt_pending_cmd *cmd; 1540 u16 timeout; 1541 int err; 1542 1543 bt_dev_dbg(hdev, "sock %p", sk); 1544 1545 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1546 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1548 MGMT_STATUS_REJECTED); 1549 1550 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1551 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1552 MGMT_STATUS_INVALID_PARAMS); 1553 1554 timeout = __le16_to_cpu(cp->timeout); 1555 1556 /* Disabling discoverable requires that no timeout is set, 1557 * and enabling limited discoverable requires a timeout. 1558 */ 1559 if ((cp->val == 0x00 && timeout > 0) || 1560 (cp->val == 0x02 && timeout == 0)) 1561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1562 MGMT_STATUS_INVALID_PARAMS); 1563 1564 hci_dev_lock(hdev); 1565 1566 if (!hdev_is_powered(hdev) && timeout > 0) { 1567 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1568 MGMT_STATUS_NOT_POWERED); 1569 goto failed; 1570 } 1571 1572 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1573 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1574 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1575 MGMT_STATUS_BUSY); 1576 goto failed; 1577 } 1578 1579 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1580 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1581 MGMT_STATUS_REJECTED); 1582 goto failed; 1583 } 1584 1585 if (hdev->advertising_paused) { 1586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1587 MGMT_STATUS_BUSY); 1588 goto failed; 1589 } 1590 1591 if (!hdev_is_powered(hdev)) { 1592 bool changed = false; 1593 1594 /* Setting limited discoverable when powered off is 1595 * not a valid operation since it requires a timeout 1596 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1597 */ 1598 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1599 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1600 changed = true; 1601 } 1602 1603 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1604 if (err < 0) 1605 goto failed; 1606 1607 if (changed) 1608 err = new_settings(hdev, sk); 1609 1610 goto failed; 1611 } 1612 1613 /* If the current mode is the same, then just update the timeout 1614 * value with the new value. And if only the timeout gets updated, 1615 * then no need for any HCI transactions. 1616 */ 1617 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1618 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1619 HCI_LIMITED_DISCOVERABLE)) { 1620 cancel_delayed_work(&hdev->discov_off); 1621 hdev->discov_timeout = timeout; 1622 1623 if (cp->val && hdev->discov_timeout > 0) { 1624 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1625 queue_delayed_work(hdev->req_workqueue, 1626 &hdev->discov_off, to); 1627 } 1628 1629 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1630 goto failed; 1631 } 1632 1633 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1634 if (!cmd) { 1635 err = -ENOMEM; 1636 goto failed; 1637 } 1638 1639 /* Cancel any potential discoverable timeout that might be 1640 * still active and store new timeout value. The arming of 1641 * the timeout happens in the complete handler. 1642 */ 1643 cancel_delayed_work(&hdev->discov_off); 1644 hdev->discov_timeout = timeout; 1645 1646 if (cp->val) 1647 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1648 else 1649 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1650 1651 /* Limited discoverable mode */ 1652 if (cp->val == 0x02) 1653 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1654 else 1655 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1656 1657 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd, 1658 mgmt_set_discoverable_complete); 1659 1660 if (err < 0) 1661 mgmt_pending_remove(cmd); 1662 1663failed: 1664 hci_dev_unlock(hdev); 1665 return err; 1666} 1667 1668static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data, 1669 int err) 1670{ 1671 struct mgmt_pending_cmd *cmd = data; 1672 1673 bt_dev_dbg(hdev, "err %d", err); 1674 1675 /* Make sure cmd still outstanding. */ 1676 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 1677 return; 1678 1679 hci_dev_lock(hdev); 1680 1681 if (err) { 1682 u8 mgmt_err = mgmt_status(err); 1683 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1684 goto done; 1685 } 1686 1687 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1688 new_settings(hdev, cmd->sk); 1689 1690done: 1691 if (cmd) 1692 mgmt_pending_remove(cmd); 1693 1694 hci_dev_unlock(hdev); 1695} 1696 1697static int set_connectable_update_settings(struct hci_dev *hdev, 1698 struct sock *sk, u8 val) 1699{ 1700 bool changed = false; 1701 int err; 1702 1703 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1704 changed = true; 1705 1706 if (val) { 1707 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1708 } else { 1709 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1710 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1711 } 1712 1713 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1714 if (err < 0) 1715 return err; 1716 1717 if (changed) { 1718 hci_update_scan(hdev); 1719 hci_update_passive_scan(hdev); 1720 return new_settings(hdev, sk); 1721 } 1722 1723 return 0; 1724} 1725 1726static int set_connectable_sync(struct hci_dev *hdev, void *data) 1727{ 1728 BT_DBG("%s", hdev->name); 1729 1730 return hci_update_connectable_sync(hdev); 1731} 1732 1733static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1734 u16 len) 1735{ 1736 struct mgmt_mode *cp = data; 1737 struct mgmt_pending_cmd *cmd; 1738 int err; 1739 1740 bt_dev_dbg(hdev, "sock %p", sk); 1741 1742 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1743 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1745 MGMT_STATUS_REJECTED); 1746 1747 if (cp->val != 0x00 && cp->val != 0x01) 1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1749 MGMT_STATUS_INVALID_PARAMS); 1750 1751 hci_dev_lock(hdev); 1752 1753 if (!hdev_is_powered(hdev)) { 1754 err = set_connectable_update_settings(hdev, sk, cp->val); 1755 goto failed; 1756 } 1757 1758 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1759 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1760 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1761 MGMT_STATUS_BUSY); 1762 goto failed; 1763 } 1764 1765 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1766 if (!cmd) { 1767 err = -ENOMEM; 1768 goto failed; 1769 } 1770 1771 if (cp->val) { 1772 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1773 } else { 1774 if (hdev->discov_timeout > 0) 1775 cancel_delayed_work(&hdev->discov_off); 1776 1777 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1778 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1779 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1780 } 1781 1782 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd, 1783 mgmt_set_connectable_complete); 1784 1785 if (err < 0) 1786 mgmt_pending_remove(cmd); 1787 1788failed: 1789 hci_dev_unlock(hdev); 1790 return err; 1791} 1792 1793static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1794 u16 len) 1795{ 1796 struct mgmt_mode *cp = data; 1797 bool changed; 1798 int err; 1799 1800 bt_dev_dbg(hdev, "sock %p", sk); 1801 1802 if (cp->val != 0x00 && cp->val != 0x01) 1803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1804 MGMT_STATUS_INVALID_PARAMS); 1805 1806 hci_dev_lock(hdev); 1807 1808 if (cp->val) 1809 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1810 else 1811 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1812 1813 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1814 if (err < 0) 1815 goto unlock; 1816 1817 if (changed) { 1818 /* In limited privacy mode the change of bondable mode 1819 * may affect the local advertising address. 1820 */ 1821 hci_update_discoverable(hdev); 1822 1823 err = new_settings(hdev, sk); 1824 } 1825 1826unlock: 1827 hci_dev_unlock(hdev); 1828 return err; 1829} 1830 1831static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1832 u16 len) 1833{ 1834 struct mgmt_mode *cp = data; 1835 struct mgmt_pending_cmd *cmd; 1836 u8 val, status; 1837 int err; 1838 1839 bt_dev_dbg(hdev, "sock %p", sk); 1840 1841 status = mgmt_bredr_support(hdev); 1842 if (status) 1843 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1844 status); 1845 1846 if (cp->val != 0x00 && cp->val != 0x01) 1847 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1848 MGMT_STATUS_INVALID_PARAMS); 1849 1850 hci_dev_lock(hdev); 1851 1852 if (!hdev_is_powered(hdev)) { 1853 bool changed = false; 1854 1855 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1856 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1857 changed = true; 1858 } 1859 1860 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1861 if (err < 0) 1862 goto failed; 1863 1864 if (changed) 1865 err = new_settings(hdev, sk); 1866 1867 goto failed; 1868 } 1869 1870 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1872 MGMT_STATUS_BUSY); 1873 goto failed; 1874 } 1875 1876 val = !!cp->val; 1877 1878 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1879 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1880 goto failed; 1881 } 1882 1883 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1884 if (!cmd) { 1885 err = -ENOMEM; 1886 goto failed; 1887 } 1888 1889 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1890 if (err < 0) { 1891 mgmt_pending_remove(cmd); 1892 goto failed; 1893 } 1894 1895failed: 1896 hci_dev_unlock(hdev); 1897 return err; 1898} 1899 1900static void set_ssp_complete(struct hci_dev *hdev, void *data, int err) 1901{ 1902 struct cmd_lookup match = { NULL, hdev }; 1903 struct mgmt_pending_cmd *cmd = data; 1904 struct mgmt_mode *cp = cmd->param; 1905 u8 enable = cp->val; 1906 bool changed; 1907 1908 /* Make sure cmd still outstanding. */ 1909 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev)) 1910 return; 1911 1912 if (err) { 1913 u8 mgmt_err = mgmt_status(err); 1914 1915 if (enable && hci_dev_test_and_clear_flag(hdev, 1916 HCI_SSP_ENABLED)) { 1917 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1918 new_settings(hdev, NULL); 1919 } 1920 1921 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 1922 &mgmt_err); 1923 return; 1924 } 1925 1926 if (enable) { 1927 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1928 } else { 1929 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 1930 1931 if (!changed) 1932 changed = hci_dev_test_and_clear_flag(hdev, 1933 HCI_HS_ENABLED); 1934 else 1935 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1936 } 1937 1938 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 1939 1940 if (changed) 1941 new_settings(hdev, match.sk); 1942 1943 if (match.sk) 1944 sock_put(match.sk); 1945 1946 hci_update_eir_sync(hdev); 1947} 1948 1949static int set_ssp_sync(struct hci_dev *hdev, void *data) 1950{ 1951 struct mgmt_pending_cmd *cmd = data; 1952 struct mgmt_mode *cp = cmd->param; 1953 bool changed = false; 1954 int err; 1955 1956 if (cp->val) 1957 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1958 1959 err = hci_write_ssp_mode_sync(hdev, cp->val); 1960 1961 if (!err && changed) 1962 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 1963 1964 return err; 1965} 1966 1967static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1968{ 1969 struct mgmt_mode *cp = data; 1970 struct mgmt_pending_cmd *cmd; 1971 u8 status; 1972 int err; 1973 1974 bt_dev_dbg(hdev, "sock %p", sk); 1975 1976 status = mgmt_bredr_support(hdev); 1977 if (status) 1978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1979 1980 if (!lmp_ssp_capable(hdev)) 1981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1982 MGMT_STATUS_NOT_SUPPORTED); 1983 1984 if (cp->val != 0x00 && cp->val != 0x01) 1985 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1986 MGMT_STATUS_INVALID_PARAMS); 1987 1988 hci_dev_lock(hdev); 1989 1990 if (!hdev_is_powered(hdev)) { 1991 bool changed; 1992 1993 if (cp->val) { 1994 changed = !hci_dev_test_and_set_flag(hdev, 1995 HCI_SSP_ENABLED); 1996 } else { 1997 changed = hci_dev_test_and_clear_flag(hdev, 1998 HCI_SSP_ENABLED); 1999 if (!changed) 2000 changed = hci_dev_test_and_clear_flag(hdev, 2001 HCI_HS_ENABLED); 2002 else 2003 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 2004 } 2005 2006 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2007 if (err < 0) 2008 goto failed; 2009 2010 if (changed) 2011 err = new_settings(hdev, sk); 2012 2013 goto failed; 2014 } 2015 2016 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2018 MGMT_STATUS_BUSY); 2019 goto failed; 2020 } 2021 2022 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 2023 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2024 goto failed; 2025 } 2026 2027 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 2028 if (!cmd) 2029 err = -ENOMEM; 2030 else 2031 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd, 2032 set_ssp_complete); 2033 2034 if (err < 0) { 2035 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2036 MGMT_STATUS_FAILED); 2037 2038 if (cmd) 2039 mgmt_pending_remove(cmd); 2040 } 2041 2042failed: 2043 hci_dev_unlock(hdev); 2044 return err; 2045} 2046 2047static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2048{ 2049 struct mgmt_mode *cp = data; 2050 bool changed; 2051 u8 status; 2052 int err; 2053 2054 bt_dev_dbg(hdev, "sock %p", sk); 2055 2056 if (!IS_ENABLED(CONFIG_BT_HS)) 2057 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2058 MGMT_STATUS_NOT_SUPPORTED); 2059 2060 status = mgmt_bredr_support(hdev); 2061 if (status) 2062 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 2063 2064 if (!lmp_ssp_capable(hdev)) 2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2066 MGMT_STATUS_NOT_SUPPORTED); 2067 2068 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 2069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2070 MGMT_STATUS_REJECTED); 2071 2072 if (cp->val != 0x00 && cp->val != 0x01) 2073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2074 MGMT_STATUS_INVALID_PARAMS); 2075 2076 hci_dev_lock(hdev); 2077 2078 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2079 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2080 MGMT_STATUS_BUSY); 2081 goto unlock; 2082 } 2083 2084 if (cp->val) { 2085 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 2086 } else { 2087 if (hdev_is_powered(hdev)) { 2088 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2089 MGMT_STATUS_REJECTED); 2090 goto unlock; 2091 } 2092 2093 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 2094 } 2095 2096 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 2097 if (err < 0) 2098 goto unlock; 2099 2100 if (changed) 2101 err = new_settings(hdev, sk); 2102 2103unlock: 2104 hci_dev_unlock(hdev); 2105 return err; 2106} 2107 2108static void set_le_complete(struct hci_dev *hdev, void *data, int err) 2109{ 2110 struct cmd_lookup match = { NULL, hdev }; 2111 u8 status = mgmt_status(err); 2112 2113 bt_dev_dbg(hdev, "err %d", err); 2114 2115 if (status) { 2116 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 2117 &status); 2118 return; 2119 } 2120 2121 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 2122 2123 new_settings(hdev, match.sk); 2124 2125 if (match.sk) 2126 sock_put(match.sk); 2127} 2128 2129static int set_le_sync(struct hci_dev *hdev, void *data) 2130{ 2131 struct mgmt_pending_cmd *cmd = data; 2132 struct mgmt_mode *cp = cmd->param; 2133 u8 val = !!cp->val; 2134 int err; 2135 2136 if (!val) { 2137 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true); 2138 2139 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2140 hci_disable_advertising_sync(hdev); 2141 2142 if (ext_adv_capable(hdev)) 2143 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk); 2144 } else { 2145 hci_dev_set_flag(hdev, HCI_LE_ENABLED); 2146 } 2147 2148 err = hci_write_le_host_supported_sync(hdev, val, 0); 2149 2150 /* Make sure the controller has a good default for 2151 * advertising data. Restrict the update to when LE 2152 * has actually been enabled. During power on, the 2153 * update in powered_update_hci will take care of it. 2154 */ 2155 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2156 if (ext_adv_capable(hdev)) { 2157 int status; 2158 2159 status = hci_setup_ext_adv_instance_sync(hdev, 0x00); 2160 if (!status) 2161 hci_update_scan_rsp_data_sync(hdev, 0x00); 2162 } else { 2163 hci_update_adv_data_sync(hdev, 0x00); 2164 hci_update_scan_rsp_data_sync(hdev, 0x00); 2165 } 2166 2167 hci_update_passive_scan(hdev); 2168 } 2169 2170 return err; 2171} 2172 2173static void set_mesh_complete(struct hci_dev *hdev, void *data, int err) 2174{ 2175 struct mgmt_pending_cmd *cmd = data; 2176 u8 status = mgmt_status(err); 2177 struct sock *sk = cmd->sk; 2178 2179 if (status) { 2180 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev, 2181 cmd_status_rsp, &status); 2182 return; 2183 } 2184 2185 mgmt_pending_remove(cmd); 2186 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0); 2187} 2188 2189static int set_mesh_sync(struct hci_dev *hdev, void *data) 2190{ 2191 struct mgmt_pending_cmd *cmd = data; 2192 struct mgmt_cp_set_mesh *cp = cmd->param; 2193 size_t len = cmd->param_len; 2194 2195 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types)); 2196 2197 if (cp->enable) 2198 hci_dev_set_flag(hdev, HCI_MESH); 2199 else 2200 hci_dev_clear_flag(hdev, HCI_MESH); 2201 2202 len -= sizeof(*cp); 2203 2204 /* If filters don't fit, forward all adv pkts */ 2205 if (len <= sizeof(hdev->mesh_ad_types)) 2206 memcpy(hdev->mesh_ad_types, cp->ad_types, len); 2207 2208 hci_update_passive_scan_sync(hdev); 2209 return 0; 2210} 2211 2212static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2213{ 2214 struct mgmt_cp_set_mesh *cp = data; 2215 struct mgmt_pending_cmd *cmd; 2216 int err = 0; 2217 2218 bt_dev_dbg(hdev, "sock %p", sk); 2219 2220 if (!lmp_le_capable(hdev) || 2221 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2222 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2223 MGMT_STATUS_NOT_SUPPORTED); 2224 2225 if (cp->enable != 0x00 && cp->enable != 0x01) 2226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2227 MGMT_STATUS_INVALID_PARAMS); 2228 2229 hci_dev_lock(hdev); 2230 2231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len); 2232 if (!cmd) 2233 err = -ENOMEM; 2234 else 2235 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd, 2236 set_mesh_complete); 2237 2238 if (err < 0) { 2239 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2240 MGMT_STATUS_FAILED); 2241 2242 if (cmd) 2243 mgmt_pending_remove(cmd); 2244 } 2245 2246 hci_dev_unlock(hdev); 2247 return err; 2248} 2249 2250static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err) 2251{ 2252 struct mgmt_mesh_tx *mesh_tx = data; 2253 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2254 unsigned long mesh_send_interval; 2255 u8 mgmt_err = mgmt_status(err); 2256 2257 /* Report any errors here, but don't report completion */ 2258 2259 if (mgmt_err) { 2260 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 2261 /* Send Complete Error Code for handle */ 2262 mesh_send_complete(hdev, mesh_tx, false); 2263 return; 2264 } 2265 2266 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25); 2267 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done, 2268 mesh_send_interval); 2269} 2270 2271static int mesh_send_sync(struct hci_dev *hdev, void *data) 2272{ 2273 struct mgmt_mesh_tx *mesh_tx = data; 2274 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2275 struct adv_info *adv, *next_instance; 2276 u8 instance = hdev->le_num_of_adv_sets + 1; 2277 u16 timeout, duration; 2278 int err = 0; 2279 2280 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt) 2281 return MGMT_STATUS_BUSY; 2282 2283 timeout = 1000; 2284 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval); 2285 adv = hci_add_adv_instance(hdev, instance, 0, 2286 send->adv_data_len, send->adv_data, 2287 0, NULL, 2288 timeout, duration, 2289 HCI_ADV_TX_POWER_NO_PREFERENCE, 2290 hdev->le_adv_min_interval, 2291 hdev->le_adv_max_interval, 2292 mesh_tx->handle); 2293 2294 if (!IS_ERR(adv)) 2295 mesh_tx->instance = instance; 2296 else 2297 err = PTR_ERR(adv); 2298 2299 if (hdev->cur_adv_instance == instance) { 2300 /* If the currently advertised instance is being changed then 2301 * cancel the current advertising and schedule the next 2302 * instance. If there is only one instance then the overridden 2303 * advertising data will be visible right away. 2304 */ 2305 cancel_adv_timeout(hdev); 2306 2307 next_instance = hci_get_next_instance(hdev, instance); 2308 if (next_instance) 2309 instance = next_instance->instance; 2310 else 2311 instance = 0; 2312 } else if (hdev->adv_instance_timeout) { 2313 /* Immediately advertise the new instance if no other, or 2314 * let it go naturally from queue if ADV is already happening 2315 */ 2316 instance = 0; 2317 } 2318 2319 if (instance) 2320 return hci_schedule_adv_instance_sync(hdev, instance, true); 2321 2322 return err; 2323} 2324 2325static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data) 2326{ 2327 struct mgmt_rp_mesh_read_features *rp = data; 2328 2329 if (rp->used_handles >= rp->max_handles) 2330 return; 2331 2332 rp->handles[rp->used_handles++] = mesh_tx->handle; 2333} 2334 2335static int mesh_features(struct sock *sk, struct hci_dev *hdev, 2336 void *data, u16 len) 2337{ 2338 struct mgmt_rp_mesh_read_features rp; 2339 2340 if (!lmp_le_capable(hdev) || 2341 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2342 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 2343 MGMT_STATUS_NOT_SUPPORTED); 2344 2345 memset(&rp, 0, sizeof(rp)); 2346 rp.index = cpu_to_le16(hdev->id); 2347 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2348 rp.max_handles = MESH_HANDLES_MAX; 2349 2350 hci_dev_lock(hdev); 2351 2352 if (rp.max_handles) 2353 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2354 2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp, 2356 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX); 2357 2358 hci_dev_unlock(hdev); 2359 return 0; 2360} 2361 2362static int send_cancel(struct hci_dev *hdev, void *data) 2363{ 2364 struct mgmt_pending_cmd *cmd = data; 2365 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param; 2366 struct mgmt_mesh_tx *mesh_tx; 2367 2368 if (!cancel->handle) { 2369 do { 2370 mesh_tx = mgmt_mesh_next(hdev, cmd->sk); 2371 2372 if (mesh_tx) 2373 mesh_send_complete(hdev, mesh_tx, false); 2374 } while (mesh_tx); 2375 } else { 2376 mesh_tx = mgmt_mesh_find(hdev, cancel->handle); 2377 2378 if (mesh_tx && mesh_tx->sk == cmd->sk) 2379 mesh_send_complete(hdev, mesh_tx, false); 2380 } 2381 2382 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2383 0, NULL, 0); 2384 mgmt_pending_free(cmd); 2385 2386 return 0; 2387} 2388 2389static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev, 2390 void *data, u16 len) 2391{ 2392 struct mgmt_pending_cmd *cmd; 2393 int err; 2394 2395 if (!lmp_le_capable(hdev) || 2396 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2397 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2398 MGMT_STATUS_NOT_SUPPORTED); 2399 2400 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2402 MGMT_STATUS_REJECTED); 2403 2404 hci_dev_lock(hdev); 2405 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len); 2406 if (!cmd) 2407 err = -ENOMEM; 2408 else 2409 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL); 2410 2411 if (err < 0) { 2412 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2413 MGMT_STATUS_FAILED); 2414 2415 if (cmd) 2416 mgmt_pending_free(cmd); 2417 } 2418 2419 hci_dev_unlock(hdev); 2420 return err; 2421} 2422 2423static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2424{ 2425 struct mgmt_mesh_tx *mesh_tx; 2426 struct mgmt_cp_mesh_send *send = data; 2427 struct mgmt_rp_mesh_read_features rp; 2428 bool sending; 2429 int err = 0; 2430 2431 if (!lmp_le_capable(hdev) || 2432 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2433 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2434 MGMT_STATUS_NOT_SUPPORTED); 2435 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) || 2436 len <= MGMT_MESH_SEND_SIZE || 2437 len > (MGMT_MESH_SEND_SIZE + 31)) 2438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2439 MGMT_STATUS_REJECTED); 2440 2441 hci_dev_lock(hdev); 2442 2443 memset(&rp, 0, sizeof(rp)); 2444 rp.max_handles = MESH_HANDLES_MAX; 2445 2446 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2447 2448 if (rp.max_handles <= rp.used_handles) { 2449 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2450 MGMT_STATUS_BUSY); 2451 goto done; 2452 } 2453 2454 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING); 2455 mesh_tx = mgmt_mesh_add(sk, hdev, send, len); 2456 2457 if (!mesh_tx) 2458 err = -ENOMEM; 2459 else if (!sending) 2460 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 2461 mesh_send_start_complete); 2462 2463 if (err < 0) { 2464 bt_dev_err(hdev, "Send Mesh Failed %d", err); 2465 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2466 MGMT_STATUS_FAILED); 2467 2468 if (mesh_tx) { 2469 if (sending) 2470 mgmt_mesh_remove(mesh_tx); 2471 } 2472 } else { 2473 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 2474 2475 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0, 2476 &mesh_tx->handle, 1); 2477 } 2478 2479done: 2480 hci_dev_unlock(hdev); 2481 return err; 2482} 2483 2484static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2485{ 2486 struct mgmt_mode *cp = data; 2487 struct mgmt_pending_cmd *cmd; 2488 int err; 2489 u8 val, enabled; 2490 2491 bt_dev_dbg(hdev, "sock %p", sk); 2492 2493 if (!lmp_le_capable(hdev)) 2494 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2495 MGMT_STATUS_NOT_SUPPORTED); 2496 2497 if (cp->val != 0x00 && cp->val != 0x01) 2498 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2499 MGMT_STATUS_INVALID_PARAMS); 2500 2501 /* Bluetooth single mode LE only controllers or dual-mode 2502 * controllers configured as LE only devices, do not allow 2503 * switching LE off. These have either LE enabled explicitly 2504 * or BR/EDR has been previously switched off. 2505 * 2506 * When trying to enable an already enabled LE, then gracefully 2507 * send a positive response. Trying to disable it however will 2508 * result into rejection. 2509 */ 2510 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 2511 if (cp->val == 0x01) 2512 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2513 2514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2515 MGMT_STATUS_REJECTED); 2516 } 2517 2518 hci_dev_lock(hdev); 2519 2520 val = !!cp->val; 2521 enabled = lmp_host_le_capable(hdev); 2522 2523 if (!hdev_is_powered(hdev) || val == enabled) { 2524 bool changed = false; 2525 2526 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2527 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 2528 changed = true; 2529 } 2530 2531 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 2532 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 2533 changed = true; 2534 } 2535 2536 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2537 if (err < 0) 2538 goto unlock; 2539 2540 if (changed) 2541 err = new_settings(hdev, sk); 2542 2543 goto unlock; 2544 } 2545 2546 if (pending_find(MGMT_OP_SET_LE, hdev) || 2547 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 2548 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2549 MGMT_STATUS_BUSY); 2550 goto unlock; 2551 } 2552 2553 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 2554 if (!cmd) 2555 err = -ENOMEM; 2556 else 2557 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd, 2558 set_le_complete); 2559 2560 if (err < 0) { 2561 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2562 MGMT_STATUS_FAILED); 2563 2564 if (cmd) 2565 mgmt_pending_remove(cmd); 2566 } 2567 2568unlock: 2569 hci_dev_unlock(hdev); 2570 return err; 2571} 2572 2573/* This is a helper function to test for pending mgmt commands that can 2574 * cause CoD or EIR HCI commands. We can only allow one such pending 2575 * mgmt command at a time since otherwise we cannot easily track what 2576 * the current values are, will be, and based on that calculate if a new 2577 * HCI command needs to be sent and if yes with what value. 2578 */ 2579static bool pending_eir_or_class(struct hci_dev *hdev) 2580{ 2581 struct mgmt_pending_cmd *cmd; 2582 2583 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2584 switch (cmd->opcode) { 2585 case MGMT_OP_ADD_UUID: 2586 case MGMT_OP_REMOVE_UUID: 2587 case MGMT_OP_SET_DEV_CLASS: 2588 case MGMT_OP_SET_POWERED: 2589 return true; 2590 } 2591 } 2592 2593 return false; 2594} 2595 2596static const u8 bluetooth_base_uuid[] = { 2597 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2598 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2599}; 2600 2601static u8 get_uuid_size(const u8 *uuid) 2602{ 2603 u32 val; 2604 2605 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2606 return 128; 2607 2608 val = get_unaligned_le32(&uuid[12]); 2609 if (val > 0xffff) 2610 return 32; 2611 2612 return 16; 2613} 2614 2615static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err) 2616{ 2617 struct mgmt_pending_cmd *cmd = data; 2618 2619 bt_dev_dbg(hdev, "err %d", err); 2620 2621 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2622 mgmt_status(err), hdev->dev_class, 3); 2623 2624 mgmt_pending_free(cmd); 2625} 2626 2627static int add_uuid_sync(struct hci_dev *hdev, void *data) 2628{ 2629 int err; 2630 2631 err = hci_update_class_sync(hdev); 2632 if (err) 2633 return err; 2634 2635 return hci_update_eir_sync(hdev); 2636} 2637 2638static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2639{ 2640 struct mgmt_cp_add_uuid *cp = data; 2641 struct mgmt_pending_cmd *cmd; 2642 struct bt_uuid *uuid; 2643 int err; 2644 2645 bt_dev_dbg(hdev, "sock %p", sk); 2646 2647 hci_dev_lock(hdev); 2648 2649 if (pending_eir_or_class(hdev)) { 2650 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2651 MGMT_STATUS_BUSY); 2652 goto failed; 2653 } 2654 2655 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2656 if (!uuid) { 2657 err = -ENOMEM; 2658 goto failed; 2659 } 2660 2661 memcpy(uuid->uuid, cp->uuid, 16); 2662 uuid->svc_hint = cp->svc_hint; 2663 uuid->size = get_uuid_size(cp->uuid); 2664 2665 list_add_tail(&uuid->list, &hdev->uuids); 2666 2667 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2668 if (!cmd) { 2669 err = -ENOMEM; 2670 goto failed; 2671 } 2672 2673 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete); 2674 if (err < 0) { 2675 mgmt_pending_free(cmd); 2676 goto failed; 2677 } 2678 2679failed: 2680 hci_dev_unlock(hdev); 2681 return err; 2682} 2683 2684static bool enable_service_cache(struct hci_dev *hdev) 2685{ 2686 if (!hdev_is_powered(hdev)) 2687 return false; 2688 2689 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2690 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2691 CACHE_TIMEOUT); 2692 return true; 2693 } 2694 2695 return false; 2696} 2697 2698static int remove_uuid_sync(struct hci_dev *hdev, void *data) 2699{ 2700 int err; 2701 2702 err = hci_update_class_sync(hdev); 2703 if (err) 2704 return err; 2705 2706 return hci_update_eir_sync(hdev); 2707} 2708 2709static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2710 u16 len) 2711{ 2712 struct mgmt_cp_remove_uuid *cp = data; 2713 struct mgmt_pending_cmd *cmd; 2714 struct bt_uuid *match, *tmp; 2715 static const u8 bt_uuid_any[] = { 2716 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 2717 }; 2718 int err, found; 2719 2720 bt_dev_dbg(hdev, "sock %p", sk); 2721 2722 hci_dev_lock(hdev); 2723 2724 if (pending_eir_or_class(hdev)) { 2725 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2726 MGMT_STATUS_BUSY); 2727 goto unlock; 2728 } 2729 2730 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2731 hci_uuids_clear(hdev); 2732 2733 if (enable_service_cache(hdev)) { 2734 err = mgmt_cmd_complete(sk, hdev->id, 2735 MGMT_OP_REMOVE_UUID, 2736 0, hdev->dev_class, 3); 2737 goto unlock; 2738 } 2739 2740 goto update_class; 2741 } 2742 2743 found = 0; 2744 2745 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2746 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2747 continue; 2748 2749 list_del(&match->list); 2750 kfree(match); 2751 found++; 2752 } 2753 2754 if (found == 0) { 2755 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2756 MGMT_STATUS_INVALID_PARAMS); 2757 goto unlock; 2758 } 2759 2760update_class: 2761 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2762 if (!cmd) { 2763 err = -ENOMEM; 2764 goto unlock; 2765 } 2766 2767 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd, 2768 mgmt_class_complete); 2769 if (err < 0) 2770 mgmt_pending_free(cmd); 2771 2772unlock: 2773 hci_dev_unlock(hdev); 2774 return err; 2775} 2776 2777static int set_class_sync(struct hci_dev *hdev, void *data) 2778{ 2779 int err = 0; 2780 2781 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2782 cancel_delayed_work_sync(&hdev->service_cache); 2783 err = hci_update_eir_sync(hdev); 2784 } 2785 2786 if (err) 2787 return err; 2788 2789 return hci_update_class_sync(hdev); 2790} 2791 2792static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2793 u16 len) 2794{ 2795 struct mgmt_cp_set_dev_class *cp = data; 2796 struct mgmt_pending_cmd *cmd; 2797 int err; 2798 2799 bt_dev_dbg(hdev, "sock %p", sk); 2800 2801 if (!lmp_bredr_capable(hdev)) 2802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2803 MGMT_STATUS_NOT_SUPPORTED); 2804 2805 hci_dev_lock(hdev); 2806 2807 if (pending_eir_or_class(hdev)) { 2808 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2809 MGMT_STATUS_BUSY); 2810 goto unlock; 2811 } 2812 2813 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2814 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2815 MGMT_STATUS_INVALID_PARAMS); 2816 goto unlock; 2817 } 2818 2819 hdev->major_class = cp->major; 2820 hdev->minor_class = cp->minor; 2821 2822 if (!hdev_is_powered(hdev)) { 2823 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2824 hdev->dev_class, 3); 2825 goto unlock; 2826 } 2827 2828 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2829 if (!cmd) { 2830 err = -ENOMEM; 2831 goto unlock; 2832 } 2833 2834 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd, 2835 mgmt_class_complete); 2836 if (err < 0) 2837 mgmt_pending_free(cmd); 2838 2839unlock: 2840 hci_dev_unlock(hdev); 2841 return err; 2842} 2843 2844static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2845 u16 len) 2846{ 2847 struct mgmt_cp_load_link_keys *cp = data; 2848 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2849 sizeof(struct mgmt_link_key_info)); 2850 u16 key_count, expected_len; 2851 bool changed; 2852 int i; 2853 2854 bt_dev_dbg(hdev, "sock %p", sk); 2855 2856 if (!lmp_bredr_capable(hdev)) 2857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2858 MGMT_STATUS_NOT_SUPPORTED); 2859 2860 key_count = __le16_to_cpu(cp->key_count); 2861 if (key_count > max_key_count) { 2862 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2863 key_count); 2864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2865 MGMT_STATUS_INVALID_PARAMS); 2866 } 2867 2868 expected_len = struct_size(cp, keys, key_count); 2869 if (expected_len != len) { 2870 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2871 expected_len, len); 2872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2873 MGMT_STATUS_INVALID_PARAMS); 2874 } 2875 2876 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2878 MGMT_STATUS_INVALID_PARAMS); 2879 2880 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys, 2881 key_count); 2882 2883 for (i = 0; i < key_count; i++) { 2884 struct mgmt_link_key_info *key = &cp->keys[i]; 2885 2886 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2887 return mgmt_cmd_status(sk, hdev->id, 2888 MGMT_OP_LOAD_LINK_KEYS, 2889 MGMT_STATUS_INVALID_PARAMS); 2890 } 2891 2892 hci_dev_lock(hdev); 2893 2894 hci_link_keys_clear(hdev); 2895 2896 if (cp->debug_keys) 2897 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2898 else 2899 changed = hci_dev_test_and_clear_flag(hdev, 2900 HCI_KEEP_DEBUG_KEYS); 2901 2902 if (changed) 2903 new_settings(hdev, NULL); 2904 2905 for (i = 0; i < key_count; i++) { 2906 struct mgmt_link_key_info *key = &cp->keys[i]; 2907 2908 if (hci_is_blocked_key(hdev, 2909 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2910 key->val)) { 2911 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2912 &key->addr.bdaddr); 2913 continue; 2914 } 2915 2916 /* Always ignore debug keys and require a new pairing if 2917 * the user wants to use them. 2918 */ 2919 if (key->type == HCI_LK_DEBUG_COMBINATION) 2920 continue; 2921 2922 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2923 key->type, key->pin_len, NULL); 2924 } 2925 2926 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2927 2928 hci_dev_unlock(hdev); 2929 2930 return 0; 2931} 2932 2933static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2934 u8 addr_type, struct sock *skip_sk) 2935{ 2936 struct mgmt_ev_device_unpaired ev; 2937 2938 bacpy(&ev.addr.bdaddr, bdaddr); 2939 ev.addr.type = addr_type; 2940 2941 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2942 skip_sk); 2943} 2944 2945static void unpair_device_complete(struct hci_dev *hdev, void *data, int err) 2946{ 2947 struct mgmt_pending_cmd *cmd = data; 2948 struct mgmt_cp_unpair_device *cp = cmd->param; 2949 2950 if (!err) 2951 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 2952 2953 cmd->cmd_complete(cmd, err); 2954 mgmt_pending_free(cmd); 2955} 2956 2957static int unpair_device_sync(struct hci_dev *hdev, void *data) 2958{ 2959 struct mgmt_pending_cmd *cmd = data; 2960 struct mgmt_cp_unpair_device *cp = cmd->param; 2961 struct hci_conn *conn; 2962 2963 if (cp->addr.type == BDADDR_BREDR) 2964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2965 &cp->addr.bdaddr); 2966 else 2967 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2968 le_addr_type(cp->addr.type)); 2969 2970 if (!conn) 2971 return 0; 2972 2973 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM); 2974} 2975 2976static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2977 u16 len) 2978{ 2979 struct mgmt_cp_unpair_device *cp = data; 2980 struct mgmt_rp_unpair_device rp; 2981 struct hci_conn_params *params; 2982 struct mgmt_pending_cmd *cmd; 2983 struct hci_conn *conn; 2984 u8 addr_type; 2985 int err; 2986 2987 memset(&rp, 0, sizeof(rp)); 2988 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2989 rp.addr.type = cp->addr.type; 2990 2991 if (!bdaddr_type_is_valid(cp->addr.type)) 2992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2993 MGMT_STATUS_INVALID_PARAMS, 2994 &rp, sizeof(rp)); 2995 2996 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2997 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2998 MGMT_STATUS_INVALID_PARAMS, 2999 &rp, sizeof(rp)); 3000 3001 hci_dev_lock(hdev); 3002 3003 if (!hdev_is_powered(hdev)) { 3004 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3005 MGMT_STATUS_NOT_POWERED, &rp, 3006 sizeof(rp)); 3007 goto unlock; 3008 } 3009 3010 if (cp->addr.type == BDADDR_BREDR) { 3011 /* If disconnection is requested, then look up the 3012 * connection. If the remote device is connected, it 3013 * will be later used to terminate the link. 3014 * 3015 * Setting it to NULL explicitly will cause no 3016 * termination of the link. 3017 */ 3018 if (cp->disconnect) 3019 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 3020 &cp->addr.bdaddr); 3021 else 3022 conn = NULL; 3023 3024 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 3025 if (err < 0) { 3026 err = mgmt_cmd_complete(sk, hdev->id, 3027 MGMT_OP_UNPAIR_DEVICE, 3028 MGMT_STATUS_NOT_PAIRED, &rp, 3029 sizeof(rp)); 3030 goto unlock; 3031 } 3032 3033 goto done; 3034 } 3035 3036 /* LE address type */ 3037 addr_type = le_addr_type(cp->addr.type); 3038 3039 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 3040 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 3041 if (err < 0) { 3042 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3043 MGMT_STATUS_NOT_PAIRED, &rp, 3044 sizeof(rp)); 3045 goto unlock; 3046 } 3047 3048 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 3049 if (!conn) { 3050 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 3051 goto done; 3052 } 3053 3054 3055 /* Defer clearing up the connection parameters until closing to 3056 * give a chance of keeping them if a repairing happens. 3057 */ 3058 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3059 3060 /* Disable auto-connection parameters if present */ 3061 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 3062 if (params) { 3063 if (params->explicit_connect) 3064 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 3065 else 3066 params->auto_connect = HCI_AUTO_CONN_DISABLED; 3067 } 3068 3069 /* If disconnection is not requested, then clear the connection 3070 * variable so that the link is not terminated. 3071 */ 3072 if (!cp->disconnect) 3073 conn = NULL; 3074 3075done: 3076 /* If the connection variable is set, then termination of the 3077 * link is requested. 3078 */ 3079 if (!conn) { 3080 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 3081 &rp, sizeof(rp)); 3082 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 3083 goto unlock; 3084 } 3085 3086 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 3087 sizeof(*cp)); 3088 if (!cmd) { 3089 err = -ENOMEM; 3090 goto unlock; 3091 } 3092 3093 cmd->cmd_complete = addr_cmd_complete; 3094 3095 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd, 3096 unpair_device_complete); 3097 if (err < 0) 3098 mgmt_pending_free(cmd); 3099 3100unlock: 3101 hci_dev_unlock(hdev); 3102 return err; 3103} 3104 3105static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 3106 u16 len) 3107{ 3108 struct mgmt_cp_disconnect *cp = data; 3109 struct mgmt_rp_disconnect rp; 3110 struct mgmt_pending_cmd *cmd; 3111 struct hci_conn *conn; 3112 int err; 3113 3114 bt_dev_dbg(hdev, "sock %p", sk); 3115 3116 memset(&rp, 0, sizeof(rp)); 3117 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3118 rp.addr.type = cp->addr.type; 3119 3120 if (!bdaddr_type_is_valid(cp->addr.type)) 3121 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3122 MGMT_STATUS_INVALID_PARAMS, 3123 &rp, sizeof(rp)); 3124 3125 hci_dev_lock(hdev); 3126 3127 if (!test_bit(HCI_UP, &hdev->flags)) { 3128 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3129 MGMT_STATUS_NOT_POWERED, &rp, 3130 sizeof(rp)); 3131 goto failed; 3132 } 3133 3134 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 3135 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3136 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3137 goto failed; 3138 } 3139 3140 if (cp->addr.type == BDADDR_BREDR) 3141 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 3142 &cp->addr.bdaddr); 3143 else 3144 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 3145 le_addr_type(cp->addr.type)); 3146 3147 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 3148 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3149 MGMT_STATUS_NOT_CONNECTED, &rp, 3150 sizeof(rp)); 3151 goto failed; 3152 } 3153 3154 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 3155 if (!cmd) { 3156 err = -ENOMEM; 3157 goto failed; 3158 } 3159 3160 cmd->cmd_complete = generic_cmd_complete; 3161 3162 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 3163 if (err < 0) 3164 mgmt_pending_remove(cmd); 3165 3166failed: 3167 hci_dev_unlock(hdev); 3168 return err; 3169} 3170 3171static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 3172{ 3173 switch (link_type) { 3174 case LE_LINK: 3175 switch (addr_type) { 3176 case ADDR_LE_DEV_PUBLIC: 3177 return BDADDR_LE_PUBLIC; 3178 3179 default: 3180 /* Fallback to LE Random address type */ 3181 return BDADDR_LE_RANDOM; 3182 } 3183 3184 default: 3185 /* Fallback to BR/EDR type */ 3186 return BDADDR_BREDR; 3187 } 3188} 3189 3190static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 3191 u16 data_len) 3192{ 3193 struct mgmt_rp_get_connections *rp; 3194 struct hci_conn *c; 3195 int err; 3196 u16 i; 3197 3198 bt_dev_dbg(hdev, "sock %p", sk); 3199 3200 hci_dev_lock(hdev); 3201 3202 if (!hdev_is_powered(hdev)) { 3203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 3204 MGMT_STATUS_NOT_POWERED); 3205 goto unlock; 3206 } 3207 3208 i = 0; 3209 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3210 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3211 i++; 3212 } 3213 3214 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 3215 if (!rp) { 3216 err = -ENOMEM; 3217 goto unlock; 3218 } 3219 3220 i = 0; 3221 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3222 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3223 continue; 3224 bacpy(&rp->addr[i].bdaddr, &c->dst); 3225 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 3226 if (c->type == SCO_LINK || c->type == ESCO_LINK) 3227 continue; 3228 i++; 3229 } 3230 3231 rp->conn_count = cpu_to_le16(i); 3232 3233 /* Recalculate length in case of filtered SCO connections, etc */ 3234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 3235 struct_size(rp, addr, i)); 3236 3237 kfree(rp); 3238 3239unlock: 3240 hci_dev_unlock(hdev); 3241 return err; 3242} 3243 3244static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3245 struct mgmt_cp_pin_code_neg_reply *cp) 3246{ 3247 struct mgmt_pending_cmd *cmd; 3248 int err; 3249 3250 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 3251 sizeof(*cp)); 3252 if (!cmd) 3253 return -ENOMEM; 3254 3255 cmd->cmd_complete = addr_cmd_complete; 3256 3257 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 3258 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 3259 if (err < 0) 3260 mgmt_pending_remove(cmd); 3261 3262 return err; 3263} 3264 3265static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3266 u16 len) 3267{ 3268 struct hci_conn *conn; 3269 struct mgmt_cp_pin_code_reply *cp = data; 3270 struct hci_cp_pin_code_reply reply; 3271 struct mgmt_pending_cmd *cmd; 3272 int err; 3273 3274 bt_dev_dbg(hdev, "sock %p", sk); 3275 3276 hci_dev_lock(hdev); 3277 3278 if (!hdev_is_powered(hdev)) { 3279 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3280 MGMT_STATUS_NOT_POWERED); 3281 goto failed; 3282 } 3283 3284 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 3285 if (!conn) { 3286 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3287 MGMT_STATUS_NOT_CONNECTED); 3288 goto failed; 3289 } 3290 3291 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 3292 struct mgmt_cp_pin_code_neg_reply ncp; 3293 3294 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 3295 3296 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 3297 3298 err = send_pin_code_neg_reply(sk, hdev, &ncp); 3299 if (err >= 0) 3300 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3301 MGMT_STATUS_INVALID_PARAMS); 3302 3303 goto failed; 3304 } 3305 3306 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 3307 if (!cmd) { 3308 err = -ENOMEM; 3309 goto failed; 3310 } 3311 3312 cmd->cmd_complete = addr_cmd_complete; 3313 3314 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 3315 reply.pin_len = cp->pin_len; 3316 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 3317 3318 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 3319 if (err < 0) 3320 mgmt_pending_remove(cmd); 3321 3322failed: 3323 hci_dev_unlock(hdev); 3324 return err; 3325} 3326 3327static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 3328 u16 len) 3329{ 3330 struct mgmt_cp_set_io_capability *cp = data; 3331 3332 bt_dev_dbg(hdev, "sock %p", sk); 3333 3334 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 3335 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 3336 MGMT_STATUS_INVALID_PARAMS); 3337 3338 hci_dev_lock(hdev); 3339 3340 hdev->io_capability = cp->io_capability; 3341 3342 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability); 3343 3344 hci_dev_unlock(hdev); 3345 3346 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 3347 NULL, 0); 3348} 3349 3350static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 3351{ 3352 struct hci_dev *hdev = conn->hdev; 3353 struct mgmt_pending_cmd *cmd; 3354 3355 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 3356 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 3357 continue; 3358 3359 if (cmd->user_data != conn) 3360 continue; 3361 3362 return cmd; 3363 } 3364 3365 return NULL; 3366} 3367 3368static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 3369{ 3370 struct mgmt_rp_pair_device rp; 3371 struct hci_conn *conn = cmd->user_data; 3372 int err; 3373 3374 bacpy(&rp.addr.bdaddr, &conn->dst); 3375 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 3376 3377 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 3378 status, &rp, sizeof(rp)); 3379 3380 /* So we don't get further callbacks for this connection */ 3381 conn->connect_cfm_cb = NULL; 3382 conn->security_cfm_cb = NULL; 3383 conn->disconn_cfm_cb = NULL; 3384 3385 hci_conn_drop(conn); 3386 3387 /* The device is paired so there is no need to remove 3388 * its connection parameters anymore. 3389 */ 3390 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3391 3392 hci_conn_put(conn); 3393 3394 return err; 3395} 3396 3397void mgmt_smp_complete(struct hci_conn *conn, bool complete) 3398{ 3399 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 3400 struct mgmt_pending_cmd *cmd; 3401 3402 cmd = find_pairing(conn); 3403 if (cmd) { 3404 cmd->cmd_complete(cmd, status); 3405 mgmt_pending_remove(cmd); 3406 } 3407} 3408 3409static void pairing_complete_cb(struct hci_conn *conn, u8 status) 3410{ 3411 struct mgmt_pending_cmd *cmd; 3412 3413 BT_DBG("status %u", status); 3414 3415 cmd = find_pairing(conn); 3416 if (!cmd) { 3417 BT_DBG("Unable to find a pending command"); 3418 return; 3419 } 3420 3421 cmd->cmd_complete(cmd, mgmt_status(status)); 3422 mgmt_pending_remove(cmd); 3423} 3424 3425static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 3426{ 3427 struct mgmt_pending_cmd *cmd; 3428 3429 BT_DBG("status %u", status); 3430 3431 if (!status) 3432 return; 3433 3434 cmd = find_pairing(conn); 3435 if (!cmd) { 3436 BT_DBG("Unable to find a pending command"); 3437 return; 3438 } 3439 3440 cmd->cmd_complete(cmd, mgmt_status(status)); 3441 mgmt_pending_remove(cmd); 3442} 3443 3444static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3445 u16 len) 3446{ 3447 struct mgmt_cp_pair_device *cp = data; 3448 struct mgmt_rp_pair_device rp; 3449 struct mgmt_pending_cmd *cmd; 3450 u8 sec_level, auth_type; 3451 struct hci_conn *conn; 3452 int err; 3453 3454 bt_dev_dbg(hdev, "sock %p", sk); 3455 3456 memset(&rp, 0, sizeof(rp)); 3457 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3458 rp.addr.type = cp->addr.type; 3459 3460 if (!bdaddr_type_is_valid(cp->addr.type)) 3461 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3462 MGMT_STATUS_INVALID_PARAMS, 3463 &rp, sizeof(rp)); 3464 3465 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 3466 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3467 MGMT_STATUS_INVALID_PARAMS, 3468 &rp, sizeof(rp)); 3469 3470 hci_dev_lock(hdev); 3471 3472 if (!hdev_is_powered(hdev)) { 3473 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3474 MGMT_STATUS_NOT_POWERED, &rp, 3475 sizeof(rp)); 3476 goto unlock; 3477 } 3478 3479 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 3480 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3481 MGMT_STATUS_ALREADY_PAIRED, &rp, 3482 sizeof(rp)); 3483 goto unlock; 3484 } 3485 3486 sec_level = BT_SECURITY_MEDIUM; 3487 auth_type = HCI_AT_DEDICATED_BONDING; 3488 3489 if (cp->addr.type == BDADDR_BREDR) { 3490 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 3491 auth_type, CONN_REASON_PAIR_DEVICE); 3492 } else { 3493 u8 addr_type = le_addr_type(cp->addr.type); 3494 struct hci_conn_params *p; 3495 3496 /* When pairing a new device, it is expected to remember 3497 * this device for future connections. Adding the connection 3498 * parameter information ahead of time allows tracking 3499 * of the peripheral preferred values and will speed up any 3500 * further connection establishment. 3501 * 3502 * If connection parameters already exist, then they 3503 * will be kept and this function does nothing. 3504 */ 3505 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 3506 3507 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 3508 p->auto_connect = HCI_AUTO_CONN_DISABLED; 3509 3510 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 3511 sec_level, HCI_LE_CONN_TIMEOUT, 3512 CONN_REASON_PAIR_DEVICE); 3513 } 3514 3515 if (IS_ERR(conn)) { 3516 int status; 3517 3518 if (PTR_ERR(conn) == -EBUSY) 3519 status = MGMT_STATUS_BUSY; 3520 else if (PTR_ERR(conn) == -EOPNOTSUPP) 3521 status = MGMT_STATUS_NOT_SUPPORTED; 3522 else if (PTR_ERR(conn) == -ECONNREFUSED) 3523 status = MGMT_STATUS_REJECTED; 3524 else 3525 status = MGMT_STATUS_CONNECT_FAILED; 3526 3527 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3528 status, &rp, sizeof(rp)); 3529 goto unlock; 3530 } 3531 3532 if (conn->connect_cfm_cb) { 3533 hci_conn_drop(conn); 3534 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3535 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3536 goto unlock; 3537 } 3538 3539 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 3540 if (!cmd) { 3541 err = -ENOMEM; 3542 hci_conn_drop(conn); 3543 goto unlock; 3544 } 3545 3546 cmd->cmd_complete = pairing_complete; 3547 3548 /* For LE, just connecting isn't a proof that the pairing finished */ 3549 if (cp->addr.type == BDADDR_BREDR) { 3550 conn->connect_cfm_cb = pairing_complete_cb; 3551 conn->security_cfm_cb = pairing_complete_cb; 3552 conn->disconn_cfm_cb = pairing_complete_cb; 3553 } else { 3554 conn->connect_cfm_cb = le_pairing_complete_cb; 3555 conn->security_cfm_cb = le_pairing_complete_cb; 3556 conn->disconn_cfm_cb = le_pairing_complete_cb; 3557 } 3558 3559 conn->io_capability = cp->io_cap; 3560 cmd->user_data = hci_conn_get(conn); 3561 3562 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3563 hci_conn_security(conn, sec_level, auth_type, true)) { 3564 cmd->cmd_complete(cmd, 0); 3565 mgmt_pending_remove(cmd); 3566 } 3567 3568 err = 0; 3569 3570unlock: 3571 hci_dev_unlock(hdev); 3572 return err; 3573} 3574 3575static int abort_conn_sync(struct hci_dev *hdev, void *data) 3576{ 3577 struct hci_conn *conn; 3578 u16 handle = PTR_ERR(data); 3579 3580 conn = hci_conn_hash_lookup_handle(hdev, handle); 3581 if (!conn) 3582 return 0; 3583 3584 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM); 3585} 3586 3587static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3588 u16 len) 3589{ 3590 struct mgmt_addr_info *addr = data; 3591 struct mgmt_pending_cmd *cmd; 3592 struct hci_conn *conn; 3593 int err; 3594 3595 bt_dev_dbg(hdev, "sock %p", sk); 3596 3597 hci_dev_lock(hdev); 3598 3599 if (!hdev_is_powered(hdev)) { 3600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3601 MGMT_STATUS_NOT_POWERED); 3602 goto unlock; 3603 } 3604 3605 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3606 if (!cmd) { 3607 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3608 MGMT_STATUS_INVALID_PARAMS); 3609 goto unlock; 3610 } 3611 3612 conn = cmd->user_data; 3613 3614 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3616 MGMT_STATUS_INVALID_PARAMS); 3617 goto unlock; 3618 } 3619 3620 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3621 mgmt_pending_remove(cmd); 3622 3623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3624 addr, sizeof(*addr)); 3625 3626 /* Since user doesn't want to proceed with the connection, abort any 3627 * ongoing pairing and then terminate the link if it was created 3628 * because of the pair device action. 3629 */ 3630 if (addr->type == BDADDR_BREDR) 3631 hci_remove_link_key(hdev, &addr->bdaddr); 3632 else 3633 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3634 le_addr_type(addr->type)); 3635 3636 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3637 hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle), 3638 NULL); 3639 3640unlock: 3641 hci_dev_unlock(hdev); 3642 return err; 3643} 3644 3645static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3646 struct mgmt_addr_info *addr, u16 mgmt_op, 3647 u16 hci_op, __le32 passkey) 3648{ 3649 struct mgmt_pending_cmd *cmd; 3650 struct hci_conn *conn; 3651 int err; 3652 3653 hci_dev_lock(hdev); 3654 3655 if (!hdev_is_powered(hdev)) { 3656 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3657 MGMT_STATUS_NOT_POWERED, addr, 3658 sizeof(*addr)); 3659 goto done; 3660 } 3661 3662 if (addr->type == BDADDR_BREDR) 3663 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3664 else 3665 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3666 le_addr_type(addr->type)); 3667 3668 if (!conn) { 3669 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3670 MGMT_STATUS_NOT_CONNECTED, addr, 3671 sizeof(*addr)); 3672 goto done; 3673 } 3674 3675 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3676 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3677 if (!err) 3678 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3679 MGMT_STATUS_SUCCESS, addr, 3680 sizeof(*addr)); 3681 else 3682 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3683 MGMT_STATUS_FAILED, addr, 3684 sizeof(*addr)); 3685 3686 goto done; 3687 } 3688 3689 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3690 if (!cmd) { 3691 err = -ENOMEM; 3692 goto done; 3693 } 3694 3695 cmd->cmd_complete = addr_cmd_complete; 3696 3697 /* Continue with pairing via HCI */ 3698 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3699 struct hci_cp_user_passkey_reply cp; 3700 3701 bacpy(&cp.bdaddr, &addr->bdaddr); 3702 cp.passkey = passkey; 3703 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3704 } else 3705 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3706 &addr->bdaddr); 3707 3708 if (err < 0) 3709 mgmt_pending_remove(cmd); 3710 3711done: 3712 hci_dev_unlock(hdev); 3713 return err; 3714} 3715 3716static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3717 void *data, u16 len) 3718{ 3719 struct mgmt_cp_pin_code_neg_reply *cp = data; 3720 3721 bt_dev_dbg(hdev, "sock %p", sk); 3722 3723 return user_pairing_resp(sk, hdev, &cp->addr, 3724 MGMT_OP_PIN_CODE_NEG_REPLY, 3725 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3726} 3727 3728static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3729 u16 len) 3730{ 3731 struct mgmt_cp_user_confirm_reply *cp = data; 3732 3733 bt_dev_dbg(hdev, "sock %p", sk); 3734 3735 if (len != sizeof(*cp)) 3736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3737 MGMT_STATUS_INVALID_PARAMS); 3738 3739 return user_pairing_resp(sk, hdev, &cp->addr, 3740 MGMT_OP_USER_CONFIRM_REPLY, 3741 HCI_OP_USER_CONFIRM_REPLY, 0); 3742} 3743 3744static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3745 void *data, u16 len) 3746{ 3747 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3748 3749 bt_dev_dbg(hdev, "sock %p", sk); 3750 3751 return user_pairing_resp(sk, hdev, &cp->addr, 3752 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3753 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3754} 3755 3756static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3757 u16 len) 3758{ 3759 struct mgmt_cp_user_passkey_reply *cp = data; 3760 3761 bt_dev_dbg(hdev, "sock %p", sk); 3762 3763 return user_pairing_resp(sk, hdev, &cp->addr, 3764 MGMT_OP_USER_PASSKEY_REPLY, 3765 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3766} 3767 3768static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3769 void *data, u16 len) 3770{ 3771 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3772 3773 bt_dev_dbg(hdev, "sock %p", sk); 3774 3775 return user_pairing_resp(sk, hdev, &cp->addr, 3776 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3777 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3778} 3779 3780static int adv_expire_sync(struct hci_dev *hdev, u32 flags) 3781{ 3782 struct adv_info *adv_instance; 3783 3784 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3785 if (!adv_instance) 3786 return 0; 3787 3788 /* stop if current instance doesn't need to be changed */ 3789 if (!(adv_instance->flags & flags)) 3790 return 0; 3791 3792 cancel_adv_timeout(hdev); 3793 3794 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3795 if (!adv_instance) 3796 return 0; 3797 3798 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true); 3799 3800 return 0; 3801} 3802 3803static int name_changed_sync(struct hci_dev *hdev, void *data) 3804{ 3805 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3806} 3807 3808static void set_name_complete(struct hci_dev *hdev, void *data, int err) 3809{ 3810 struct mgmt_pending_cmd *cmd = data; 3811 struct mgmt_cp_set_local_name *cp = cmd->param; 3812 u8 status = mgmt_status(err); 3813 3814 bt_dev_dbg(hdev, "err %d", err); 3815 3816 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev)) 3817 return; 3818 3819 if (status) { 3820 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3821 status); 3822 } else { 3823 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3824 cp, sizeof(*cp)); 3825 3826 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3827 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL); 3828 } 3829 3830 mgmt_pending_remove(cmd); 3831} 3832 3833static int set_name_sync(struct hci_dev *hdev, void *data) 3834{ 3835 if (lmp_bredr_capable(hdev)) { 3836 hci_update_name_sync(hdev); 3837 hci_update_eir_sync(hdev); 3838 } 3839 3840 /* The name is stored in the scan response data and so 3841 * no need to update the advertising data here. 3842 */ 3843 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3844 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance); 3845 3846 return 0; 3847} 3848 3849static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3850 u16 len) 3851{ 3852 struct mgmt_cp_set_local_name *cp = data; 3853 struct mgmt_pending_cmd *cmd; 3854 int err; 3855 3856 bt_dev_dbg(hdev, "sock %p", sk); 3857 3858 hci_dev_lock(hdev); 3859 3860 /* If the old values are the same as the new ones just return a 3861 * direct command complete event. 3862 */ 3863 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3864 !memcmp(hdev->short_name, cp->short_name, 3865 sizeof(hdev->short_name))) { 3866 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3867 data, len); 3868 goto failed; 3869 } 3870 3871 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3872 3873 if (!hdev_is_powered(hdev)) { 3874 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3875 3876 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3877 data, len); 3878 if (err < 0) 3879 goto failed; 3880 3881 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3882 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3883 ext_info_changed(hdev, sk); 3884 3885 goto failed; 3886 } 3887 3888 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3889 if (!cmd) 3890 err = -ENOMEM; 3891 else 3892 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd, 3893 set_name_complete); 3894 3895 if (err < 0) { 3896 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3897 MGMT_STATUS_FAILED); 3898 3899 if (cmd) 3900 mgmt_pending_remove(cmd); 3901 3902 goto failed; 3903 } 3904 3905 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3906 3907failed: 3908 hci_dev_unlock(hdev); 3909 return err; 3910} 3911 3912static int appearance_changed_sync(struct hci_dev *hdev, void *data) 3913{ 3914 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE); 3915} 3916 3917static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3918 u16 len) 3919{ 3920 struct mgmt_cp_set_appearance *cp = data; 3921 u16 appearance; 3922 int err; 3923 3924 bt_dev_dbg(hdev, "sock %p", sk); 3925 3926 if (!lmp_le_capable(hdev)) 3927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3928 MGMT_STATUS_NOT_SUPPORTED); 3929 3930 appearance = le16_to_cpu(cp->appearance); 3931 3932 hci_dev_lock(hdev); 3933 3934 if (hdev->appearance != appearance) { 3935 hdev->appearance = appearance; 3936 3937 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3938 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL, 3939 NULL); 3940 3941 ext_info_changed(hdev, sk); 3942 } 3943 3944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3945 0); 3946 3947 hci_dev_unlock(hdev); 3948 3949 return err; 3950} 3951 3952static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3953 void *data, u16 len) 3954{ 3955 struct mgmt_rp_get_phy_configuration rp; 3956 3957 bt_dev_dbg(hdev, "sock %p", sk); 3958 3959 hci_dev_lock(hdev); 3960 3961 memset(&rp, 0, sizeof(rp)); 3962 3963 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3964 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3965 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3966 3967 hci_dev_unlock(hdev); 3968 3969 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3970 &rp, sizeof(rp)); 3971} 3972 3973int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3974{ 3975 struct mgmt_ev_phy_configuration_changed ev; 3976 3977 memset(&ev, 0, sizeof(ev)); 3978 3979 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3980 3981 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3982 sizeof(ev), skip); 3983} 3984 3985static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err) 3986{ 3987 struct mgmt_pending_cmd *cmd = data; 3988 struct sk_buff *skb = cmd->skb; 3989 u8 status = mgmt_status(err); 3990 3991 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) 3992 return; 3993 3994 if (!status) { 3995 if (!skb) 3996 status = MGMT_STATUS_FAILED; 3997 else if (IS_ERR(skb)) 3998 status = mgmt_status(PTR_ERR(skb)); 3999 else 4000 status = mgmt_status(skb->data[0]); 4001 } 4002 4003 bt_dev_dbg(hdev, "status %d", status); 4004 4005 if (status) { 4006 mgmt_cmd_status(cmd->sk, hdev->id, 4007 MGMT_OP_SET_PHY_CONFIGURATION, status); 4008 } else { 4009 mgmt_cmd_complete(cmd->sk, hdev->id, 4010 MGMT_OP_SET_PHY_CONFIGURATION, 0, 4011 NULL, 0); 4012 4013 mgmt_phy_configuration_changed(hdev, cmd->sk); 4014 } 4015 4016 if (skb && !IS_ERR(skb)) 4017 kfree_skb(skb); 4018 4019 mgmt_pending_remove(cmd); 4020} 4021 4022static int set_default_phy_sync(struct hci_dev *hdev, void *data) 4023{ 4024 struct mgmt_pending_cmd *cmd = data; 4025 struct mgmt_cp_set_phy_configuration *cp = cmd->param; 4026 struct hci_cp_le_set_default_phy cp_phy; 4027 u32 selected_phys = __le32_to_cpu(cp->selected_phys); 4028 4029 memset(&cp_phy, 0, sizeof(cp_phy)); 4030 4031 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 4032 cp_phy.all_phys |= 0x01; 4033 4034 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 4035 cp_phy.all_phys |= 0x02; 4036 4037 if (selected_phys & MGMT_PHY_LE_1M_TX) 4038 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 4039 4040 if (selected_phys & MGMT_PHY_LE_2M_TX) 4041 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 4042 4043 if (selected_phys & MGMT_PHY_LE_CODED_TX) 4044 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 4045 4046 if (selected_phys & MGMT_PHY_LE_1M_RX) 4047 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 4048 4049 if (selected_phys & MGMT_PHY_LE_2M_RX) 4050 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 4051 4052 if (selected_phys & MGMT_PHY_LE_CODED_RX) 4053 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 4054 4055 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY, 4056 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT); 4057 4058 return 0; 4059} 4060 4061static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 4062 void *data, u16 len) 4063{ 4064 struct mgmt_cp_set_phy_configuration *cp = data; 4065 struct mgmt_pending_cmd *cmd; 4066 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 4067 u16 pkt_type = (HCI_DH1 | HCI_DM1); 4068 bool changed = false; 4069 int err; 4070 4071 bt_dev_dbg(hdev, "sock %p", sk); 4072 4073 configurable_phys = get_configurable_phys(hdev); 4074 supported_phys = get_supported_phys(hdev); 4075 selected_phys = __le32_to_cpu(cp->selected_phys); 4076 4077 if (selected_phys & ~supported_phys) 4078 return mgmt_cmd_status(sk, hdev->id, 4079 MGMT_OP_SET_PHY_CONFIGURATION, 4080 MGMT_STATUS_INVALID_PARAMS); 4081 4082 unconfigure_phys = supported_phys & ~configurable_phys; 4083 4084 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 4085 return mgmt_cmd_status(sk, hdev->id, 4086 MGMT_OP_SET_PHY_CONFIGURATION, 4087 MGMT_STATUS_INVALID_PARAMS); 4088 4089 if (selected_phys == get_selected_phys(hdev)) 4090 return mgmt_cmd_complete(sk, hdev->id, 4091 MGMT_OP_SET_PHY_CONFIGURATION, 4092 0, NULL, 0); 4093 4094 hci_dev_lock(hdev); 4095 4096 if (!hdev_is_powered(hdev)) { 4097 err = mgmt_cmd_status(sk, hdev->id, 4098 MGMT_OP_SET_PHY_CONFIGURATION, 4099 MGMT_STATUS_REJECTED); 4100 goto unlock; 4101 } 4102 4103 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 4104 err = mgmt_cmd_status(sk, hdev->id, 4105 MGMT_OP_SET_PHY_CONFIGURATION, 4106 MGMT_STATUS_BUSY); 4107 goto unlock; 4108 } 4109 4110 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 4111 pkt_type |= (HCI_DH3 | HCI_DM3); 4112 else 4113 pkt_type &= ~(HCI_DH3 | HCI_DM3); 4114 4115 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 4116 pkt_type |= (HCI_DH5 | HCI_DM5); 4117 else 4118 pkt_type &= ~(HCI_DH5 | HCI_DM5); 4119 4120 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 4121 pkt_type &= ~HCI_2DH1; 4122 else 4123 pkt_type |= HCI_2DH1; 4124 4125 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 4126 pkt_type &= ~HCI_2DH3; 4127 else 4128 pkt_type |= HCI_2DH3; 4129 4130 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 4131 pkt_type &= ~HCI_2DH5; 4132 else 4133 pkt_type |= HCI_2DH5; 4134 4135 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 4136 pkt_type &= ~HCI_3DH1; 4137 else 4138 pkt_type |= HCI_3DH1; 4139 4140 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 4141 pkt_type &= ~HCI_3DH3; 4142 else 4143 pkt_type |= HCI_3DH3; 4144 4145 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 4146 pkt_type &= ~HCI_3DH5; 4147 else 4148 pkt_type |= HCI_3DH5; 4149 4150 if (pkt_type != hdev->pkt_type) { 4151 hdev->pkt_type = pkt_type; 4152 changed = true; 4153 } 4154 4155 if ((selected_phys & MGMT_PHY_LE_MASK) == 4156 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 4157 if (changed) 4158 mgmt_phy_configuration_changed(hdev, sk); 4159 4160 err = mgmt_cmd_complete(sk, hdev->id, 4161 MGMT_OP_SET_PHY_CONFIGURATION, 4162 0, NULL, 0); 4163 4164 goto unlock; 4165 } 4166 4167 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 4168 len); 4169 if (!cmd) 4170 err = -ENOMEM; 4171 else 4172 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd, 4173 set_default_phy_complete); 4174 4175 if (err < 0) { 4176 err = mgmt_cmd_status(sk, hdev->id, 4177 MGMT_OP_SET_PHY_CONFIGURATION, 4178 MGMT_STATUS_FAILED); 4179 4180 if (cmd) 4181 mgmt_pending_remove(cmd); 4182 } 4183 4184unlock: 4185 hci_dev_unlock(hdev); 4186 4187 return err; 4188} 4189 4190static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 4191 u16 len) 4192{ 4193 int err = MGMT_STATUS_SUCCESS; 4194 struct mgmt_cp_set_blocked_keys *keys = data; 4195 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 4196 sizeof(struct mgmt_blocked_key_info)); 4197 u16 key_count, expected_len; 4198 int i; 4199 4200 bt_dev_dbg(hdev, "sock %p", sk); 4201 4202 key_count = __le16_to_cpu(keys->key_count); 4203 if (key_count > max_key_count) { 4204 bt_dev_err(hdev, "too big key_count value %u", key_count); 4205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4206 MGMT_STATUS_INVALID_PARAMS); 4207 } 4208 4209 expected_len = struct_size(keys, keys, key_count); 4210 if (expected_len != len) { 4211 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 4212 expected_len, len); 4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4214 MGMT_STATUS_INVALID_PARAMS); 4215 } 4216 4217 hci_dev_lock(hdev); 4218 4219 hci_blocked_keys_clear(hdev); 4220 4221 for (i = 0; i < key_count; ++i) { 4222 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 4223 4224 if (!b) { 4225 err = MGMT_STATUS_NO_RESOURCES; 4226 break; 4227 } 4228 4229 b->type = keys->keys[i].type; 4230 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 4231 list_add_rcu(&b->list, &hdev->blocked_keys); 4232 } 4233 hci_dev_unlock(hdev); 4234 4235 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4236 err, NULL, 0); 4237} 4238 4239static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, 4240 void *data, u16 len) 4241{ 4242 struct mgmt_mode *cp = data; 4243 int err; 4244 bool changed = false; 4245 4246 bt_dev_dbg(hdev, "sock %p", sk); 4247 4248 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks)) 4249 return mgmt_cmd_status(sk, hdev->id, 4250 MGMT_OP_SET_WIDEBAND_SPEECH, 4251 MGMT_STATUS_NOT_SUPPORTED); 4252 4253 if (cp->val != 0x00 && cp->val != 0x01) 4254 return mgmt_cmd_status(sk, hdev->id, 4255 MGMT_OP_SET_WIDEBAND_SPEECH, 4256 MGMT_STATUS_INVALID_PARAMS); 4257 4258 hci_dev_lock(hdev); 4259 4260 if (hdev_is_powered(hdev) && 4261 !!cp->val != hci_dev_test_flag(hdev, 4262 HCI_WIDEBAND_SPEECH_ENABLED)) { 4263 err = mgmt_cmd_status(sk, hdev->id, 4264 MGMT_OP_SET_WIDEBAND_SPEECH, 4265 MGMT_STATUS_REJECTED); 4266 goto unlock; 4267 } 4268 4269 if (cp->val) 4270 changed = !hci_dev_test_and_set_flag(hdev, 4271 HCI_WIDEBAND_SPEECH_ENABLED); 4272 else 4273 changed = hci_dev_test_and_clear_flag(hdev, 4274 HCI_WIDEBAND_SPEECH_ENABLED); 4275 4276 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev); 4277 if (err < 0) 4278 goto unlock; 4279 4280 if (changed) 4281 err = new_settings(hdev, sk); 4282 4283unlock: 4284 hci_dev_unlock(hdev); 4285 return err; 4286} 4287 4288static int read_controller_cap(struct sock *sk, struct hci_dev *hdev, 4289 void *data, u16 data_len) 4290{ 4291 char buf[20]; 4292 struct mgmt_rp_read_controller_cap *rp = (void *)buf; 4293 u16 cap_len = 0; 4294 u8 flags = 0; 4295 u8 tx_power_range[2]; 4296 4297 bt_dev_dbg(hdev, "sock %p", sk); 4298 4299 memset(&buf, 0, sizeof(buf)); 4300 4301 hci_dev_lock(hdev); 4302 4303 /* When the Read Simple Pairing Options command is supported, then 4304 * the remote public key validation is supported. 4305 * 4306 * Alternatively, when Microsoft extensions are available, they can 4307 * indicate support for public key validation as well. 4308 */ 4309 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev)) 4310 flags |= 0x01; /* Remote public key validation (BR/EDR) */ 4311 4312 flags |= 0x02; /* Remote public key validation (LE) */ 4313 4314 /* When the Read Encryption Key Size command is supported, then the 4315 * encryption key size is enforced. 4316 */ 4317 if (hdev->commands[20] & 0x10) 4318 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ 4319 4320 flags |= 0x08; /* Encryption key size enforcement (LE) */ 4321 4322 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS, 4323 &flags, 1); 4324 4325 /* When the Read Simple Pairing Options command is supported, then 4326 * also max encryption key size information is provided. 4327 */ 4328 if (hdev->commands[41] & 0x08) 4329 cap_len = eir_append_le16(rp->cap, cap_len, 4330 MGMT_CAP_MAX_ENC_KEY_SIZE, 4331 hdev->max_enc_key_size); 4332 4333 cap_len = eir_append_le16(rp->cap, cap_len, 4334 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE, 4335 SMP_MAX_ENC_KEY_SIZE); 4336 4337 /* Append the min/max LE tx power parameters if we were able to fetch 4338 * it from the controller 4339 */ 4340 if (hdev->commands[38] & 0x80) { 4341 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1); 4342 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1); 4343 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR, 4344 tx_power_range, 2); 4345 } 4346 4347 rp->cap_len = cpu_to_le16(cap_len); 4348 4349 hci_dev_unlock(hdev); 4350 4351 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0, 4352 rp, sizeof(*rp) + cap_len); 4353} 4354 4355#ifdef CONFIG_BT_FEATURE_DEBUG 4356/* d4992530-b9ec-469f-ab01-6c481c47da1c */ 4357static const u8 debug_uuid[16] = { 4358 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab, 4359 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4, 4360}; 4361#endif 4362 4363/* 330859bc-7506-492d-9370-9a6f0614037f */ 4364static const u8 quality_report_uuid[16] = { 4365 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93, 4366 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33, 4367}; 4368 4369/* a6695ace-ee7f-4fb9-881a-5fac66c629af */ 4370static const u8 offload_codecs_uuid[16] = { 4371 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88, 4372 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6, 4373}; 4374 4375/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 4376static const u8 le_simultaneous_roles_uuid[16] = { 4377 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 4378 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 4379}; 4380 4381/* 15c0a148-c273-11ea-b3de-0242ac130004 */ 4382static const u8 rpa_resolution_uuid[16] = { 4383 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 4384 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 4385}; 4386 4387/* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */ 4388static const u8 iso_socket_uuid[16] = { 4389 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98, 4390 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f, 4391}; 4392 4393/* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */ 4394static const u8 mgmt_mesh_uuid[16] = { 4395 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf, 4396 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c, 4397}; 4398 4399static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 4400 void *data, u16 data_len) 4401{ 4402 struct mgmt_rp_read_exp_features_info *rp; 4403 size_t len; 4404 u16 idx = 0; 4405 u32 flags; 4406 int status; 4407 4408 bt_dev_dbg(hdev, "sock %p", sk); 4409 4410 /* Enough space for 7 features */ 4411 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7); 4412 rp = kzalloc(len, GFP_KERNEL); 4413 if (!rp) 4414 return -ENOMEM; 4415 4416#ifdef CONFIG_BT_FEATURE_DEBUG 4417 if (!hdev) { 4418 flags = bt_dbg_get() ? BIT(0) : 0; 4419 4420 memcpy(rp->features[idx].uuid, debug_uuid, 16); 4421 rp->features[idx].flags = cpu_to_le32(flags); 4422 idx++; 4423 } 4424#endif 4425 4426 if (hdev && hci_dev_le_state_simultaneous(hdev)) { 4427 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) 4428 flags = BIT(0); 4429 else 4430 flags = 0; 4431 4432 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16); 4433 rp->features[idx].flags = cpu_to_le32(flags); 4434 idx++; 4435 } 4436 4437 if (hdev && ll_privacy_capable(hdev)) { 4438 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 4439 flags = BIT(0) | BIT(1); 4440 else 4441 flags = BIT(1); 4442 4443 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 4444 rp->features[idx].flags = cpu_to_le32(flags); 4445 idx++; 4446 } 4447 4448 if (hdev && (aosp_has_quality_report(hdev) || 4449 hdev->set_quality_report)) { 4450 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)) 4451 flags = BIT(0); 4452 else 4453 flags = 0; 4454 4455 memcpy(rp->features[idx].uuid, quality_report_uuid, 16); 4456 rp->features[idx].flags = cpu_to_le32(flags); 4457 idx++; 4458 } 4459 4460 if (hdev && hdev->get_data_path_id) { 4461 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) 4462 flags = BIT(0); 4463 else 4464 flags = 0; 4465 4466 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16); 4467 rp->features[idx].flags = cpu_to_le32(flags); 4468 idx++; 4469 } 4470 4471 if (IS_ENABLED(CONFIG_BT_LE)) { 4472 flags = iso_enabled() ? BIT(0) : 0; 4473 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16); 4474 rp->features[idx].flags = cpu_to_le32(flags); 4475 idx++; 4476 } 4477 4478 if (hdev && lmp_le_capable(hdev)) { 4479 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 4480 flags = BIT(0); 4481 else 4482 flags = 0; 4483 4484 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16); 4485 rp->features[idx].flags = cpu_to_le32(flags); 4486 idx++; 4487 } 4488 4489 rp->feature_count = cpu_to_le16(idx); 4490 4491 /* After reading the experimental features information, enable 4492 * the events to update client on any future change. 4493 */ 4494 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4495 4496 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4497 MGMT_OP_READ_EXP_FEATURES_INFO, 4498 0, rp, sizeof(*rp) + (20 * idx)); 4499 4500 kfree(rp); 4501 return status; 4502} 4503 4504static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 4505 struct sock *skip) 4506{ 4507 struct mgmt_ev_exp_feature_changed ev; 4508 4509 memset(&ev, 0, sizeof(ev)); 4510 memcpy(ev.uuid, rpa_resolution_uuid, 16); 4511 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 4512 4513 // Do we need to be atomic with the conn_flags? 4514 if (enabled && privacy_mode_capable(hdev)) 4515 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY; 4516 else 4517 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY; 4518 4519 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4520 &ev, sizeof(ev), 4521 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4522 4523} 4524 4525static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid, 4526 bool enabled, struct sock *skip) 4527{ 4528 struct mgmt_ev_exp_feature_changed ev; 4529 4530 memset(&ev, 0, sizeof(ev)); 4531 memcpy(ev.uuid, uuid, 16); 4532 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0); 4533 4534 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4535 &ev, sizeof(ev), 4536 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4537} 4538 4539#define EXP_FEAT(_uuid, _set_func) \ 4540{ \ 4541 .uuid = _uuid, \ 4542 .set_func = _set_func, \ 4543} 4544 4545/* The zero key uuid is special. Multiple exp features are set through it. */ 4546static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev, 4547 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4548{ 4549 struct mgmt_rp_set_exp_feature rp; 4550 4551 memset(rp.uuid, 0, 16); 4552 rp.flags = cpu_to_le32(0); 4553 4554#ifdef CONFIG_BT_FEATURE_DEBUG 4555 if (!hdev) { 4556 bool changed = bt_dbg_get(); 4557 4558 bt_dbg_set(false); 4559 4560 if (changed) 4561 exp_feature_changed(NULL, ZERO_KEY, false, sk); 4562 } 4563#endif 4564 4565 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 4566 bool changed; 4567 4568 changed = hci_dev_test_and_clear_flag(hdev, 4569 HCI_ENABLE_LL_PRIVACY); 4570 if (changed) 4571 exp_feature_changed(hdev, rpa_resolution_uuid, false, 4572 sk); 4573 } 4574 4575 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4576 4577 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4578 MGMT_OP_SET_EXP_FEATURE, 0, 4579 &rp, sizeof(rp)); 4580} 4581 4582#ifdef CONFIG_BT_FEATURE_DEBUG 4583static int set_debug_func(struct sock *sk, struct hci_dev *hdev, 4584 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4585{ 4586 struct mgmt_rp_set_exp_feature rp; 4587 4588 bool val, changed; 4589 int err; 4590 4591 /* Command requires to use the non-controller index */ 4592 if (hdev) 4593 return mgmt_cmd_status(sk, hdev->id, 4594 MGMT_OP_SET_EXP_FEATURE, 4595 MGMT_STATUS_INVALID_INDEX); 4596 4597 /* Parameters are limited to a single octet */ 4598 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4599 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4600 MGMT_OP_SET_EXP_FEATURE, 4601 MGMT_STATUS_INVALID_PARAMS); 4602 4603 /* Only boolean on/off is supported */ 4604 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4605 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4606 MGMT_OP_SET_EXP_FEATURE, 4607 MGMT_STATUS_INVALID_PARAMS); 4608 4609 val = !!cp->param[0]; 4610 changed = val ? !bt_dbg_get() : bt_dbg_get(); 4611 bt_dbg_set(val); 4612 4613 memcpy(rp.uuid, debug_uuid, 16); 4614 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4615 4616 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4617 4618 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4619 MGMT_OP_SET_EXP_FEATURE, 0, 4620 &rp, sizeof(rp)); 4621 4622 if (changed) 4623 exp_feature_changed(hdev, debug_uuid, val, sk); 4624 4625 return err; 4626} 4627#endif 4628 4629static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev, 4630 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4631{ 4632 struct mgmt_rp_set_exp_feature rp; 4633 bool val, changed; 4634 int err; 4635 4636 /* Command requires to use the controller index */ 4637 if (!hdev) 4638 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4639 MGMT_OP_SET_EXP_FEATURE, 4640 MGMT_STATUS_INVALID_INDEX); 4641 4642 /* Parameters are limited to a single octet */ 4643 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4644 return mgmt_cmd_status(sk, hdev->id, 4645 MGMT_OP_SET_EXP_FEATURE, 4646 MGMT_STATUS_INVALID_PARAMS); 4647 4648 /* Only boolean on/off is supported */ 4649 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4650 return mgmt_cmd_status(sk, hdev->id, 4651 MGMT_OP_SET_EXP_FEATURE, 4652 MGMT_STATUS_INVALID_PARAMS); 4653 4654 val = !!cp->param[0]; 4655 4656 if (val) { 4657 changed = !hci_dev_test_and_set_flag(hdev, 4658 HCI_MESH_EXPERIMENTAL); 4659 } else { 4660 hci_dev_clear_flag(hdev, HCI_MESH); 4661 changed = hci_dev_test_and_clear_flag(hdev, 4662 HCI_MESH_EXPERIMENTAL); 4663 } 4664 4665 memcpy(rp.uuid, mgmt_mesh_uuid, 16); 4666 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4667 4668 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4669 4670 err = mgmt_cmd_complete(sk, hdev->id, 4671 MGMT_OP_SET_EXP_FEATURE, 0, 4672 &rp, sizeof(rp)); 4673 4674 if (changed) 4675 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk); 4676 4677 return err; 4678} 4679 4680static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev, 4681 struct mgmt_cp_set_exp_feature *cp, 4682 u16 data_len) 4683{ 4684 struct mgmt_rp_set_exp_feature rp; 4685 bool val, changed; 4686 int err; 4687 u32 flags; 4688 4689 /* Command requires to use the controller index */ 4690 if (!hdev) 4691 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4692 MGMT_OP_SET_EXP_FEATURE, 4693 MGMT_STATUS_INVALID_INDEX); 4694 4695 /* Changes can only be made when controller is powered down */ 4696 if (hdev_is_powered(hdev)) 4697 return mgmt_cmd_status(sk, hdev->id, 4698 MGMT_OP_SET_EXP_FEATURE, 4699 MGMT_STATUS_REJECTED); 4700 4701 /* Parameters are limited to a single octet */ 4702 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4703 return mgmt_cmd_status(sk, hdev->id, 4704 MGMT_OP_SET_EXP_FEATURE, 4705 MGMT_STATUS_INVALID_PARAMS); 4706 4707 /* Only boolean on/off is supported */ 4708 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4709 return mgmt_cmd_status(sk, hdev->id, 4710 MGMT_OP_SET_EXP_FEATURE, 4711 MGMT_STATUS_INVALID_PARAMS); 4712 4713 val = !!cp->param[0]; 4714 4715 if (val) { 4716 changed = !hci_dev_test_and_set_flag(hdev, 4717 HCI_ENABLE_LL_PRIVACY); 4718 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4719 4720 /* Enable LL privacy + supported settings changed */ 4721 flags = BIT(0) | BIT(1); 4722 } else { 4723 changed = hci_dev_test_and_clear_flag(hdev, 4724 HCI_ENABLE_LL_PRIVACY); 4725 4726 /* Disable LL privacy + supported settings changed */ 4727 flags = BIT(1); 4728 } 4729 4730 memcpy(rp.uuid, rpa_resolution_uuid, 16); 4731 rp.flags = cpu_to_le32(flags); 4732 4733 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4734 4735 err = mgmt_cmd_complete(sk, hdev->id, 4736 MGMT_OP_SET_EXP_FEATURE, 0, 4737 &rp, sizeof(rp)); 4738 4739 if (changed) 4740 exp_ll_privacy_feature_changed(val, hdev, sk); 4741 4742 return err; 4743} 4744 4745static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev, 4746 struct mgmt_cp_set_exp_feature *cp, 4747 u16 data_len) 4748{ 4749 struct mgmt_rp_set_exp_feature rp; 4750 bool val, changed; 4751 int err; 4752 4753 /* Command requires to use a valid controller index */ 4754 if (!hdev) 4755 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4756 MGMT_OP_SET_EXP_FEATURE, 4757 MGMT_STATUS_INVALID_INDEX); 4758 4759 /* Parameters are limited to a single octet */ 4760 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4761 return mgmt_cmd_status(sk, hdev->id, 4762 MGMT_OP_SET_EXP_FEATURE, 4763 MGMT_STATUS_INVALID_PARAMS); 4764 4765 /* Only boolean on/off is supported */ 4766 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4767 return mgmt_cmd_status(sk, hdev->id, 4768 MGMT_OP_SET_EXP_FEATURE, 4769 MGMT_STATUS_INVALID_PARAMS); 4770 4771 hci_req_sync_lock(hdev); 4772 4773 val = !!cp->param[0]; 4774 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)); 4775 4776 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) { 4777 err = mgmt_cmd_status(sk, hdev->id, 4778 MGMT_OP_SET_EXP_FEATURE, 4779 MGMT_STATUS_NOT_SUPPORTED); 4780 goto unlock_quality_report; 4781 } 4782 4783 if (changed) { 4784 if (hdev->set_quality_report) 4785 err = hdev->set_quality_report(hdev, val); 4786 else 4787 err = aosp_set_quality_report(hdev, val); 4788 4789 if (err) { 4790 err = mgmt_cmd_status(sk, hdev->id, 4791 MGMT_OP_SET_EXP_FEATURE, 4792 MGMT_STATUS_FAILED); 4793 goto unlock_quality_report; 4794 } 4795 4796 if (val) 4797 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT); 4798 else 4799 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 4800 } 4801 4802 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed); 4803 4804 memcpy(rp.uuid, quality_report_uuid, 16); 4805 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4806 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4807 4808 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0, 4809 &rp, sizeof(rp)); 4810 4811 if (changed) 4812 exp_feature_changed(hdev, quality_report_uuid, val, sk); 4813 4814unlock_quality_report: 4815 hci_req_sync_unlock(hdev); 4816 return err; 4817} 4818 4819static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev, 4820 struct mgmt_cp_set_exp_feature *cp, 4821 u16 data_len) 4822{ 4823 bool val, changed; 4824 int err; 4825 struct mgmt_rp_set_exp_feature rp; 4826 4827 /* Command requires to use a valid controller index */ 4828 if (!hdev) 4829 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4830 MGMT_OP_SET_EXP_FEATURE, 4831 MGMT_STATUS_INVALID_INDEX); 4832 4833 /* Parameters are limited to a single octet */ 4834 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4835 return mgmt_cmd_status(sk, hdev->id, 4836 MGMT_OP_SET_EXP_FEATURE, 4837 MGMT_STATUS_INVALID_PARAMS); 4838 4839 /* Only boolean on/off is supported */ 4840 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4841 return mgmt_cmd_status(sk, hdev->id, 4842 MGMT_OP_SET_EXP_FEATURE, 4843 MGMT_STATUS_INVALID_PARAMS); 4844 4845 val = !!cp->param[0]; 4846 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)); 4847 4848 if (!hdev->get_data_path_id) { 4849 return mgmt_cmd_status(sk, hdev->id, 4850 MGMT_OP_SET_EXP_FEATURE, 4851 MGMT_STATUS_NOT_SUPPORTED); 4852 } 4853 4854 if (changed) { 4855 if (val) 4856 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4857 else 4858 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4859 } 4860 4861 bt_dev_info(hdev, "offload codecs enable %d changed %d", 4862 val, changed); 4863 4864 memcpy(rp.uuid, offload_codecs_uuid, 16); 4865 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4866 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4867 err = mgmt_cmd_complete(sk, hdev->id, 4868 MGMT_OP_SET_EXP_FEATURE, 0, 4869 &rp, sizeof(rp)); 4870 4871 if (changed) 4872 exp_feature_changed(hdev, offload_codecs_uuid, val, sk); 4873 4874 return err; 4875} 4876 4877static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev, 4878 struct mgmt_cp_set_exp_feature *cp, 4879 u16 data_len) 4880{ 4881 bool val, changed; 4882 int err; 4883 struct mgmt_rp_set_exp_feature rp; 4884 4885 /* Command requires to use a valid controller index */ 4886 if (!hdev) 4887 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4888 MGMT_OP_SET_EXP_FEATURE, 4889 MGMT_STATUS_INVALID_INDEX); 4890 4891 /* Parameters are limited to a single octet */ 4892 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4893 return mgmt_cmd_status(sk, hdev->id, 4894 MGMT_OP_SET_EXP_FEATURE, 4895 MGMT_STATUS_INVALID_PARAMS); 4896 4897 /* Only boolean on/off is supported */ 4898 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4899 return mgmt_cmd_status(sk, hdev->id, 4900 MGMT_OP_SET_EXP_FEATURE, 4901 MGMT_STATUS_INVALID_PARAMS); 4902 4903 val = !!cp->param[0]; 4904 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)); 4905 4906 if (!hci_dev_le_state_simultaneous(hdev)) { 4907 return mgmt_cmd_status(sk, hdev->id, 4908 MGMT_OP_SET_EXP_FEATURE, 4909 MGMT_STATUS_NOT_SUPPORTED); 4910 } 4911 4912 if (changed) { 4913 if (val) 4914 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4915 else 4916 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4917 } 4918 4919 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d", 4920 val, changed); 4921 4922 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16); 4923 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4924 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4925 err = mgmt_cmd_complete(sk, hdev->id, 4926 MGMT_OP_SET_EXP_FEATURE, 0, 4927 &rp, sizeof(rp)); 4928 4929 if (changed) 4930 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk); 4931 4932 return err; 4933} 4934 4935#ifdef CONFIG_BT_LE 4936static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev, 4937 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4938{ 4939 struct mgmt_rp_set_exp_feature rp; 4940 bool val, changed = false; 4941 int err; 4942 4943 /* Command requires to use the non-controller index */ 4944 if (hdev) 4945 return mgmt_cmd_status(sk, hdev->id, 4946 MGMT_OP_SET_EXP_FEATURE, 4947 MGMT_STATUS_INVALID_INDEX); 4948 4949 /* Parameters are limited to a single octet */ 4950 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4951 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4952 MGMT_OP_SET_EXP_FEATURE, 4953 MGMT_STATUS_INVALID_PARAMS); 4954 4955 /* Only boolean on/off is supported */ 4956 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4957 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4958 MGMT_OP_SET_EXP_FEATURE, 4959 MGMT_STATUS_INVALID_PARAMS); 4960 4961 val = cp->param[0] ? true : false; 4962 if (val) 4963 err = iso_init(); 4964 else 4965 err = iso_exit(); 4966 4967 if (!err) 4968 changed = true; 4969 4970 memcpy(rp.uuid, iso_socket_uuid, 16); 4971 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4972 4973 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4974 4975 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4976 MGMT_OP_SET_EXP_FEATURE, 0, 4977 &rp, sizeof(rp)); 4978 4979 if (changed) 4980 exp_feature_changed(hdev, iso_socket_uuid, val, sk); 4981 4982 return err; 4983} 4984#endif 4985 4986static const struct mgmt_exp_feature { 4987 const u8 *uuid; 4988 int (*set_func)(struct sock *sk, struct hci_dev *hdev, 4989 struct mgmt_cp_set_exp_feature *cp, u16 data_len); 4990} exp_features[] = { 4991 EXP_FEAT(ZERO_KEY, set_zero_key_func), 4992#ifdef CONFIG_BT_FEATURE_DEBUG 4993 EXP_FEAT(debug_uuid, set_debug_func), 4994#endif 4995 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func), 4996 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func), 4997 EXP_FEAT(quality_report_uuid, set_quality_report_func), 4998 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func), 4999 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func), 5000#ifdef CONFIG_BT_LE 5001 EXP_FEAT(iso_socket_uuid, set_iso_socket_func), 5002#endif 5003 5004 /* end with a null feature */ 5005 EXP_FEAT(NULL, NULL) 5006}; 5007 5008static int set_exp_feature(struct sock *sk, struct hci_dev *hdev, 5009 void *data, u16 data_len) 5010{ 5011 struct mgmt_cp_set_exp_feature *cp = data; 5012 size_t i = 0; 5013 5014 bt_dev_dbg(hdev, "sock %p", sk); 5015 5016 for (i = 0; exp_features[i].uuid; i++) { 5017 if (!memcmp(cp->uuid, exp_features[i].uuid, 16)) 5018 return exp_features[i].set_func(sk, hdev, cp, data_len); 5019 } 5020 5021 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 5022 MGMT_OP_SET_EXP_FEATURE, 5023 MGMT_STATUS_NOT_SUPPORTED); 5024} 5025 5026static u32 get_params_flags(struct hci_dev *hdev, 5027 struct hci_conn_params *params) 5028{ 5029 u32 flags = hdev->conn_flags; 5030 5031 /* Devices using RPAs can only be programmed in the acceptlist if 5032 * LL Privacy has been enable otherwise they cannot mark 5033 * HCI_CONN_FLAG_REMOTE_WAKEUP. 5034 */ 5035 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) && 5036 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type)) 5037 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP; 5038 5039 return flags; 5040} 5041 5042static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5043 u16 data_len) 5044{ 5045 struct mgmt_cp_get_device_flags *cp = data; 5046 struct mgmt_rp_get_device_flags rp; 5047 struct bdaddr_list_with_flags *br_params; 5048 struct hci_conn_params *params; 5049 u32 supported_flags; 5050 u32 current_flags = 0; 5051 u8 status = MGMT_STATUS_INVALID_PARAMS; 5052 5053 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 5054 &cp->addr.bdaddr, cp->addr.type); 5055 5056 hci_dev_lock(hdev); 5057 5058 supported_flags = hdev->conn_flags; 5059 5060 memset(&rp, 0, sizeof(rp)); 5061 5062 if (cp->addr.type == BDADDR_BREDR) { 5063 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5064 &cp->addr.bdaddr, 5065 cp->addr.type); 5066 if (!br_params) 5067 goto done; 5068 5069 current_flags = br_params->flags; 5070 } else { 5071 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5072 le_addr_type(cp->addr.type)); 5073 if (!params) 5074 goto done; 5075 5076 supported_flags = get_params_flags(hdev, params); 5077 current_flags = params->flags; 5078 } 5079 5080 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5081 rp.addr.type = cp->addr.type; 5082 rp.supported_flags = cpu_to_le32(supported_flags); 5083 rp.current_flags = cpu_to_le32(current_flags); 5084 5085 status = MGMT_STATUS_SUCCESS; 5086 5087done: 5088 hci_dev_unlock(hdev); 5089 5090 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 5091 &rp, sizeof(rp)); 5092} 5093 5094static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 5095 bdaddr_t *bdaddr, u8 bdaddr_type, 5096 u32 supported_flags, u32 current_flags) 5097{ 5098 struct mgmt_ev_device_flags_changed ev; 5099 5100 bacpy(&ev.addr.bdaddr, bdaddr); 5101 ev.addr.type = bdaddr_type; 5102 ev.supported_flags = cpu_to_le32(supported_flags); 5103 ev.current_flags = cpu_to_le32(current_flags); 5104 5105 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 5106} 5107 5108static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5109 u16 len) 5110{ 5111 struct mgmt_cp_set_device_flags *cp = data; 5112 struct bdaddr_list_with_flags *br_params; 5113 struct hci_conn_params *params; 5114 u8 status = MGMT_STATUS_INVALID_PARAMS; 5115 u32 supported_flags; 5116 u32 current_flags = __le32_to_cpu(cp->current_flags); 5117 5118 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 5119 &cp->addr.bdaddr, cp->addr.type, current_flags); 5120 5121 // We should take hci_dev_lock() early, I think.. conn_flags can change 5122 supported_flags = hdev->conn_flags; 5123 5124 if ((supported_flags | current_flags) != supported_flags) { 5125 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5126 current_flags, supported_flags); 5127 goto done; 5128 } 5129 5130 hci_dev_lock(hdev); 5131 5132 if (cp->addr.type == BDADDR_BREDR) { 5133 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5134 &cp->addr.bdaddr, 5135 cp->addr.type); 5136 5137 if (br_params) { 5138 br_params->flags = current_flags; 5139 status = MGMT_STATUS_SUCCESS; 5140 } else { 5141 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 5142 &cp->addr.bdaddr, cp->addr.type); 5143 } 5144 5145 goto unlock; 5146 } 5147 5148 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5149 le_addr_type(cp->addr.type)); 5150 if (!params) { 5151 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 5152 &cp->addr.bdaddr, le_addr_type(cp->addr.type)); 5153 goto unlock; 5154 } 5155 5156 supported_flags = get_params_flags(hdev, params); 5157 5158 if ((supported_flags | current_flags) != supported_flags) { 5159 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5160 current_flags, supported_flags); 5161 goto unlock; 5162 } 5163 5164 params->flags = current_flags; 5165 status = MGMT_STATUS_SUCCESS; 5166 5167 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY 5168 * has been set. 5169 */ 5170 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY) 5171 hci_update_passive_scan(hdev); 5172 5173unlock: 5174 hci_dev_unlock(hdev); 5175 5176done: 5177 if (status == MGMT_STATUS_SUCCESS) 5178 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 5179 supported_flags, current_flags); 5180 5181 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 5182 &cp->addr, sizeof(cp->addr)); 5183} 5184 5185static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 5186 u16 handle) 5187{ 5188 struct mgmt_ev_adv_monitor_added ev; 5189 5190 ev.monitor_handle = cpu_to_le16(handle); 5191 5192 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 5193} 5194 5195void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle) 5196{ 5197 struct mgmt_ev_adv_monitor_removed ev; 5198 struct mgmt_pending_cmd *cmd; 5199 struct sock *sk_skip = NULL; 5200 struct mgmt_cp_remove_adv_monitor *cp; 5201 5202 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev); 5203 if (cmd) { 5204 cp = cmd->param; 5205 5206 if (cp->monitor_handle) 5207 sk_skip = cmd->sk; 5208 } 5209 5210 ev.monitor_handle = cpu_to_le16(handle); 5211 5212 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip); 5213} 5214 5215static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 5216 void *data, u16 len) 5217{ 5218 struct adv_monitor *monitor = NULL; 5219 struct mgmt_rp_read_adv_monitor_features *rp = NULL; 5220 int handle, err; 5221 size_t rp_size = 0; 5222 __u32 supported = 0; 5223 __u32 enabled = 0; 5224 __u16 num_handles = 0; 5225 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 5226 5227 BT_DBG("request for %s", hdev->name); 5228 5229 hci_dev_lock(hdev); 5230 5231 if (msft_monitor_supported(hdev)) 5232 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 5233 5234 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) 5235 handles[num_handles++] = monitor->handle; 5236 5237 hci_dev_unlock(hdev); 5238 5239 rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 5240 rp = kmalloc(rp_size, GFP_KERNEL); 5241 if (!rp) 5242 return -ENOMEM; 5243 5244 /* All supported features are currently enabled */ 5245 enabled = supported; 5246 5247 rp->supported_features = cpu_to_le32(supported); 5248 rp->enabled_features = cpu_to_le32(enabled); 5249 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 5250 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 5251 rp->num_handles = cpu_to_le16(num_handles); 5252 if (num_handles) 5253 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 5254 5255 err = mgmt_cmd_complete(sk, hdev->id, 5256 MGMT_OP_READ_ADV_MONITOR_FEATURES, 5257 MGMT_STATUS_SUCCESS, rp, rp_size); 5258 5259 kfree(rp); 5260 5261 return err; 5262} 5263 5264static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, 5265 void *data, int status) 5266{ 5267 struct mgmt_rp_add_adv_patterns_monitor rp; 5268 struct mgmt_pending_cmd *cmd = data; 5269 struct adv_monitor *monitor = cmd->user_data; 5270 5271 hci_dev_lock(hdev); 5272 5273 rp.monitor_handle = cpu_to_le16(monitor->handle); 5274 5275 if (!status) { 5276 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle); 5277 hdev->adv_monitors_cnt++; 5278 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED) 5279 monitor->state = ADV_MONITOR_STATE_REGISTERED; 5280 hci_update_passive_scan(hdev); 5281 } 5282 5283 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5284 mgmt_status(status), &rp, sizeof(rp)); 5285 mgmt_pending_remove(cmd); 5286 5287 hci_dev_unlock(hdev); 5288 bt_dev_dbg(hdev, "add monitor %d complete, status %d", 5289 rp.monitor_handle, status); 5290} 5291 5292static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data) 5293{ 5294 struct mgmt_pending_cmd *cmd = data; 5295 struct adv_monitor *monitor = cmd->user_data; 5296 5297 return hci_add_adv_monitor(hdev, monitor); 5298} 5299 5300static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5301 struct adv_monitor *m, u8 status, 5302 void *data, u16 len, u16 op) 5303{ 5304 struct mgmt_pending_cmd *cmd; 5305 int err; 5306 5307 hci_dev_lock(hdev); 5308 5309 if (status) 5310 goto unlock; 5311 5312 if (pending_find(MGMT_OP_SET_LE, hdev) || 5313 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5314 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) || 5315 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) { 5316 status = MGMT_STATUS_BUSY; 5317 goto unlock; 5318 } 5319 5320 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5321 if (!cmd) { 5322 status = MGMT_STATUS_NO_RESOURCES; 5323 goto unlock; 5324 } 5325 5326 cmd->user_data = m; 5327 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd, 5328 mgmt_add_adv_patterns_monitor_complete); 5329 if (err) { 5330 if (err == -ENOMEM) 5331 status = MGMT_STATUS_NO_RESOURCES; 5332 else 5333 status = MGMT_STATUS_FAILED; 5334 5335 goto unlock; 5336 } 5337 5338 hci_dev_unlock(hdev); 5339 5340 return 0; 5341 5342unlock: 5343 hci_free_adv_monitor(hdev, m); 5344 hci_dev_unlock(hdev); 5345 return mgmt_cmd_status(sk, hdev->id, op, status); 5346} 5347 5348static void parse_adv_monitor_rssi(struct adv_monitor *m, 5349 struct mgmt_adv_rssi_thresholds *rssi) 5350{ 5351 if (rssi) { 5352 m->rssi.low_threshold = rssi->low_threshold; 5353 m->rssi.low_threshold_timeout = 5354 __le16_to_cpu(rssi->low_threshold_timeout); 5355 m->rssi.high_threshold = rssi->high_threshold; 5356 m->rssi.high_threshold_timeout = 5357 __le16_to_cpu(rssi->high_threshold_timeout); 5358 m->rssi.sampling_period = rssi->sampling_period; 5359 } else { 5360 /* Default values. These numbers are the least constricting 5361 * parameters for MSFT API to work, so it behaves as if there 5362 * are no rssi parameter to consider. May need to be changed 5363 * if other API are to be supported. 5364 */ 5365 m->rssi.low_threshold = -127; 5366 m->rssi.low_threshold_timeout = 60; 5367 m->rssi.high_threshold = -127; 5368 m->rssi.high_threshold_timeout = 0; 5369 m->rssi.sampling_period = 0; 5370 } 5371} 5372 5373static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count, 5374 struct mgmt_adv_pattern *patterns) 5375{ 5376 u8 offset = 0, length = 0; 5377 struct adv_pattern *p = NULL; 5378 int i; 5379 5380 for (i = 0; i < pattern_count; i++) { 5381 offset = patterns[i].offset; 5382 length = patterns[i].length; 5383 if (offset >= HCI_MAX_AD_LENGTH || 5384 length > HCI_MAX_AD_LENGTH || 5385 (offset + length) > HCI_MAX_AD_LENGTH) 5386 return MGMT_STATUS_INVALID_PARAMS; 5387 5388 p = kmalloc(sizeof(*p), GFP_KERNEL); 5389 if (!p) 5390 return MGMT_STATUS_NO_RESOURCES; 5391 5392 p->ad_type = patterns[i].ad_type; 5393 p->offset = patterns[i].offset; 5394 p->length = patterns[i].length; 5395 memcpy(p->value, patterns[i].value, p->length); 5396 5397 INIT_LIST_HEAD(&p->list); 5398 list_add(&p->list, &m->patterns); 5399 } 5400 5401 return MGMT_STATUS_SUCCESS; 5402} 5403 5404static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5405 void *data, u16 len) 5406{ 5407 struct mgmt_cp_add_adv_patterns_monitor *cp = data; 5408 struct adv_monitor *m = NULL; 5409 u8 status = MGMT_STATUS_SUCCESS; 5410 size_t expected_size = sizeof(*cp); 5411 5412 BT_DBG("request for %s", hdev->name); 5413 5414 if (len <= sizeof(*cp)) { 5415 status = MGMT_STATUS_INVALID_PARAMS; 5416 goto done; 5417 } 5418 5419 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5420 if (len != expected_size) { 5421 status = MGMT_STATUS_INVALID_PARAMS; 5422 goto done; 5423 } 5424 5425 m = kzalloc(sizeof(*m), GFP_KERNEL); 5426 if (!m) { 5427 status = MGMT_STATUS_NO_RESOURCES; 5428 goto done; 5429 } 5430 5431 INIT_LIST_HEAD(&m->patterns); 5432 5433 parse_adv_monitor_rssi(m, NULL); 5434 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5435 5436done: 5437 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5438 MGMT_OP_ADD_ADV_PATTERNS_MONITOR); 5439} 5440 5441static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev, 5442 void *data, u16 len) 5443{ 5444 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data; 5445 struct adv_monitor *m = NULL; 5446 u8 status = MGMT_STATUS_SUCCESS; 5447 size_t expected_size = sizeof(*cp); 5448 5449 BT_DBG("request for %s", hdev->name); 5450 5451 if (len <= sizeof(*cp)) { 5452 status = MGMT_STATUS_INVALID_PARAMS; 5453 goto done; 5454 } 5455 5456 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5457 if (len != expected_size) { 5458 status = MGMT_STATUS_INVALID_PARAMS; 5459 goto done; 5460 } 5461 5462 m = kzalloc(sizeof(*m), GFP_KERNEL); 5463 if (!m) { 5464 status = MGMT_STATUS_NO_RESOURCES; 5465 goto done; 5466 } 5467 5468 INIT_LIST_HEAD(&m->patterns); 5469 5470 parse_adv_monitor_rssi(m, &cp->rssi); 5471 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5472 5473done: 5474 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5475 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI); 5476} 5477 5478static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, 5479 void *data, int status) 5480{ 5481 struct mgmt_rp_remove_adv_monitor rp; 5482 struct mgmt_pending_cmd *cmd = data; 5483 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5484 5485 hci_dev_lock(hdev); 5486 5487 rp.monitor_handle = cp->monitor_handle; 5488 5489 if (!status) 5490 hci_update_passive_scan(hdev); 5491 5492 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5493 mgmt_status(status), &rp, sizeof(rp)); 5494 mgmt_pending_remove(cmd); 5495 5496 hci_dev_unlock(hdev); 5497 bt_dev_dbg(hdev, "remove monitor %d complete, status %d", 5498 rp.monitor_handle, status); 5499} 5500 5501static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data) 5502{ 5503 struct mgmt_pending_cmd *cmd = data; 5504 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5505 u16 handle = __le16_to_cpu(cp->monitor_handle); 5506 5507 if (!handle) 5508 return hci_remove_all_adv_monitor(hdev); 5509 5510 return hci_remove_single_adv_monitor(hdev, handle); 5511} 5512 5513static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 5514 void *data, u16 len) 5515{ 5516 struct mgmt_pending_cmd *cmd; 5517 int err, status; 5518 5519 hci_dev_lock(hdev); 5520 5521 if (pending_find(MGMT_OP_SET_LE, hdev) || 5522 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) || 5523 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5524 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) { 5525 status = MGMT_STATUS_BUSY; 5526 goto unlock; 5527 } 5528 5529 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len); 5530 if (!cmd) { 5531 status = MGMT_STATUS_NO_RESOURCES; 5532 goto unlock; 5533 } 5534 5535 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd, 5536 mgmt_remove_adv_monitor_complete); 5537 5538 if (err) { 5539 mgmt_pending_remove(cmd); 5540 5541 if (err == -ENOMEM) 5542 status = MGMT_STATUS_NO_RESOURCES; 5543 else 5544 status = MGMT_STATUS_FAILED; 5545 5546 goto unlock; 5547 } 5548 5549 hci_dev_unlock(hdev); 5550 5551 return 0; 5552 5553unlock: 5554 hci_dev_unlock(hdev); 5555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 5556 status); 5557} 5558 5559static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err) 5560{ 5561 struct mgmt_rp_read_local_oob_data mgmt_rp; 5562 size_t rp_size = sizeof(mgmt_rp); 5563 struct mgmt_pending_cmd *cmd = data; 5564 struct sk_buff *skb = cmd->skb; 5565 u8 status = mgmt_status(err); 5566 5567 if (!status) { 5568 if (!skb) 5569 status = MGMT_STATUS_FAILED; 5570 else if (IS_ERR(skb)) 5571 status = mgmt_status(PTR_ERR(skb)); 5572 else 5573 status = mgmt_status(skb->data[0]); 5574 } 5575 5576 bt_dev_dbg(hdev, "status %d", status); 5577 5578 if (status) { 5579 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status); 5580 goto remove; 5581 } 5582 5583 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 5584 5585 if (!bredr_sc_enabled(hdev)) { 5586 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 5587 5588 if (skb->len < sizeof(*rp)) { 5589 mgmt_cmd_status(cmd->sk, hdev->id, 5590 MGMT_OP_READ_LOCAL_OOB_DATA, 5591 MGMT_STATUS_FAILED); 5592 goto remove; 5593 } 5594 5595 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 5596 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 5597 5598 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 5599 } else { 5600 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 5601 5602 if (skb->len < sizeof(*rp)) { 5603 mgmt_cmd_status(cmd->sk, hdev->id, 5604 MGMT_OP_READ_LOCAL_OOB_DATA, 5605 MGMT_STATUS_FAILED); 5606 goto remove; 5607 } 5608 5609 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 5610 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 5611 5612 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 5613 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 5614 } 5615 5616 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5617 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 5618 5619remove: 5620 if (skb && !IS_ERR(skb)) 5621 kfree_skb(skb); 5622 5623 mgmt_pending_free(cmd); 5624} 5625 5626static int read_local_oob_data_sync(struct hci_dev *hdev, void *data) 5627{ 5628 struct mgmt_pending_cmd *cmd = data; 5629 5630 if (bredr_sc_enabled(hdev)) 5631 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk); 5632 else 5633 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk); 5634 5635 if (IS_ERR(cmd->skb)) 5636 return PTR_ERR(cmd->skb); 5637 else 5638 return 0; 5639} 5640 5641static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 5642 void *data, u16 data_len) 5643{ 5644 struct mgmt_pending_cmd *cmd; 5645 int err; 5646 5647 bt_dev_dbg(hdev, "sock %p", sk); 5648 5649 hci_dev_lock(hdev); 5650 5651 if (!hdev_is_powered(hdev)) { 5652 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5653 MGMT_STATUS_NOT_POWERED); 5654 goto unlock; 5655 } 5656 5657 if (!lmp_ssp_capable(hdev)) { 5658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5659 MGMT_STATUS_NOT_SUPPORTED); 5660 goto unlock; 5661 } 5662 5663 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 5664 if (!cmd) 5665 err = -ENOMEM; 5666 else 5667 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 5668 read_local_oob_data_complete); 5669 5670 if (err < 0) { 5671 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5672 MGMT_STATUS_FAILED); 5673 5674 if (cmd) 5675 mgmt_pending_free(cmd); 5676 } 5677 5678unlock: 5679 hci_dev_unlock(hdev); 5680 return err; 5681} 5682 5683static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5684 void *data, u16 len) 5685{ 5686 struct mgmt_addr_info *addr = data; 5687 int err; 5688 5689 bt_dev_dbg(hdev, "sock %p", sk); 5690 5691 if (!bdaddr_type_is_valid(addr->type)) 5692 return mgmt_cmd_complete(sk, hdev->id, 5693 MGMT_OP_ADD_REMOTE_OOB_DATA, 5694 MGMT_STATUS_INVALID_PARAMS, 5695 addr, sizeof(*addr)); 5696 5697 hci_dev_lock(hdev); 5698 5699 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 5700 struct mgmt_cp_add_remote_oob_data *cp = data; 5701 u8 status; 5702 5703 if (cp->addr.type != BDADDR_BREDR) { 5704 err = mgmt_cmd_complete(sk, hdev->id, 5705 MGMT_OP_ADD_REMOTE_OOB_DATA, 5706 MGMT_STATUS_INVALID_PARAMS, 5707 &cp->addr, sizeof(cp->addr)); 5708 goto unlock; 5709 } 5710 5711 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5712 cp->addr.type, cp->hash, 5713 cp->rand, NULL, NULL); 5714 if (err < 0) 5715 status = MGMT_STATUS_FAILED; 5716 else 5717 status = MGMT_STATUS_SUCCESS; 5718 5719 err = mgmt_cmd_complete(sk, hdev->id, 5720 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 5721 &cp->addr, sizeof(cp->addr)); 5722 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 5723 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 5724 u8 *rand192, *hash192, *rand256, *hash256; 5725 u8 status; 5726 5727 if (bdaddr_type_is_le(cp->addr.type)) { 5728 /* Enforce zero-valued 192-bit parameters as 5729 * long as legacy SMP OOB isn't implemented. 5730 */ 5731 if (memcmp(cp->rand192, ZERO_KEY, 16) || 5732 memcmp(cp->hash192, ZERO_KEY, 16)) { 5733 err = mgmt_cmd_complete(sk, hdev->id, 5734 MGMT_OP_ADD_REMOTE_OOB_DATA, 5735 MGMT_STATUS_INVALID_PARAMS, 5736 addr, sizeof(*addr)); 5737 goto unlock; 5738 } 5739 5740 rand192 = NULL; 5741 hash192 = NULL; 5742 } else { 5743 /* In case one of the P-192 values is set to zero, 5744 * then just disable OOB data for P-192. 5745 */ 5746 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 5747 !memcmp(cp->hash192, ZERO_KEY, 16)) { 5748 rand192 = NULL; 5749 hash192 = NULL; 5750 } else { 5751 rand192 = cp->rand192; 5752 hash192 = cp->hash192; 5753 } 5754 } 5755 5756 /* In case one of the P-256 values is set to zero, then just 5757 * disable OOB data for P-256. 5758 */ 5759 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 5760 !memcmp(cp->hash256, ZERO_KEY, 16)) { 5761 rand256 = NULL; 5762 hash256 = NULL; 5763 } else { 5764 rand256 = cp->rand256; 5765 hash256 = cp->hash256; 5766 } 5767 5768 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5769 cp->addr.type, hash192, rand192, 5770 hash256, rand256); 5771 if (err < 0) 5772 status = MGMT_STATUS_FAILED; 5773 else 5774 status = MGMT_STATUS_SUCCESS; 5775 5776 err = mgmt_cmd_complete(sk, hdev->id, 5777 MGMT_OP_ADD_REMOTE_OOB_DATA, 5778 status, &cp->addr, sizeof(cp->addr)); 5779 } else { 5780 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 5781 len); 5782 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 5783 MGMT_STATUS_INVALID_PARAMS); 5784 } 5785 5786unlock: 5787 hci_dev_unlock(hdev); 5788 return err; 5789} 5790 5791static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5792 void *data, u16 len) 5793{ 5794 struct mgmt_cp_remove_remote_oob_data *cp = data; 5795 u8 status; 5796 int err; 5797 5798 bt_dev_dbg(hdev, "sock %p", sk); 5799 5800 if (cp->addr.type != BDADDR_BREDR) 5801 return mgmt_cmd_complete(sk, hdev->id, 5802 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5803 MGMT_STATUS_INVALID_PARAMS, 5804 &cp->addr, sizeof(cp->addr)); 5805 5806 hci_dev_lock(hdev); 5807 5808 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5809 hci_remote_oob_data_clear(hdev); 5810 status = MGMT_STATUS_SUCCESS; 5811 goto done; 5812 } 5813 5814 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 5815 if (err < 0) 5816 status = MGMT_STATUS_INVALID_PARAMS; 5817 else 5818 status = MGMT_STATUS_SUCCESS; 5819 5820done: 5821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5822 status, &cp->addr, sizeof(cp->addr)); 5823 5824 hci_dev_unlock(hdev); 5825 return err; 5826} 5827 5828void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 5829{ 5830 struct mgmt_pending_cmd *cmd; 5831 5832 bt_dev_dbg(hdev, "status %u", status); 5833 5834 hci_dev_lock(hdev); 5835 5836 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 5837 if (!cmd) 5838 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 5839 5840 if (!cmd) 5841 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 5842 5843 if (cmd) { 5844 cmd->cmd_complete(cmd, mgmt_status(status)); 5845 mgmt_pending_remove(cmd); 5846 } 5847 5848 hci_dev_unlock(hdev); 5849} 5850 5851static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 5852 uint8_t *mgmt_status) 5853{ 5854 switch (type) { 5855 case DISCOV_TYPE_LE: 5856 *mgmt_status = mgmt_le_support(hdev); 5857 if (*mgmt_status) 5858 return false; 5859 break; 5860 case DISCOV_TYPE_INTERLEAVED: 5861 *mgmt_status = mgmt_le_support(hdev); 5862 if (*mgmt_status) 5863 return false; 5864 fallthrough; 5865 case DISCOV_TYPE_BREDR: 5866 *mgmt_status = mgmt_bredr_support(hdev); 5867 if (*mgmt_status) 5868 return false; 5869 break; 5870 default: 5871 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 5872 return false; 5873 } 5874 5875 return true; 5876} 5877 5878static void start_discovery_complete(struct hci_dev *hdev, void *data, int err) 5879{ 5880 struct mgmt_pending_cmd *cmd = data; 5881 5882 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) && 5883 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) && 5884 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev)) 5885 return; 5886 5887 bt_dev_dbg(hdev, "err %d", err); 5888 5889 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5890 cmd->param, 1); 5891 mgmt_pending_remove(cmd); 5892 5893 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED: 5894 DISCOVERY_FINDING); 5895} 5896 5897static int start_discovery_sync(struct hci_dev *hdev, void *data) 5898{ 5899 return hci_start_discovery_sync(hdev); 5900} 5901 5902static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 5903 u16 op, void *data, u16 len) 5904{ 5905 struct mgmt_cp_start_discovery *cp = data; 5906 struct mgmt_pending_cmd *cmd; 5907 u8 status; 5908 int err; 5909 5910 bt_dev_dbg(hdev, "sock %p", sk); 5911 5912 hci_dev_lock(hdev); 5913 5914 if (!hdev_is_powered(hdev)) { 5915 err = mgmt_cmd_complete(sk, hdev->id, op, 5916 MGMT_STATUS_NOT_POWERED, 5917 &cp->type, sizeof(cp->type)); 5918 goto failed; 5919 } 5920 5921 if (hdev->discovery.state != DISCOVERY_STOPPED || 5922 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5923 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5924 &cp->type, sizeof(cp->type)); 5925 goto failed; 5926 } 5927 5928 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 5929 err = mgmt_cmd_complete(sk, hdev->id, op, status, 5930 &cp->type, sizeof(cp->type)); 5931 goto failed; 5932 } 5933 5934 /* Can't start discovery when it is paused */ 5935 if (hdev->discovery_paused) { 5936 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5937 &cp->type, sizeof(cp->type)); 5938 goto failed; 5939 } 5940 5941 /* Clear the discovery filter first to free any previously 5942 * allocated memory for the UUID list. 5943 */ 5944 hci_discovery_filter_clear(hdev); 5945 5946 hdev->discovery.type = cp->type; 5947 hdev->discovery.report_invalid_rssi = false; 5948 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 5949 hdev->discovery.limited = true; 5950 else 5951 hdev->discovery.limited = false; 5952 5953 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5954 if (!cmd) { 5955 err = -ENOMEM; 5956 goto failed; 5957 } 5958 5959 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5960 start_discovery_complete); 5961 if (err < 0) { 5962 mgmt_pending_remove(cmd); 5963 goto failed; 5964 } 5965 5966 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5967 5968failed: 5969 hci_dev_unlock(hdev); 5970 return err; 5971} 5972 5973static int start_discovery(struct sock *sk, struct hci_dev *hdev, 5974 void *data, u16 len) 5975{ 5976 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 5977 data, len); 5978} 5979 5980static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 5981 void *data, u16 len) 5982{ 5983 return start_discovery_internal(sk, hdev, 5984 MGMT_OP_START_LIMITED_DISCOVERY, 5985 data, len); 5986} 5987 5988static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 5989 void *data, u16 len) 5990{ 5991 struct mgmt_cp_start_service_discovery *cp = data; 5992 struct mgmt_pending_cmd *cmd; 5993 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 5994 u16 uuid_count, expected_len; 5995 u8 status; 5996 int err; 5997 5998 bt_dev_dbg(hdev, "sock %p", sk); 5999 6000 hci_dev_lock(hdev); 6001 6002 if (!hdev_is_powered(hdev)) { 6003 err = mgmt_cmd_complete(sk, hdev->id, 6004 MGMT_OP_START_SERVICE_DISCOVERY, 6005 MGMT_STATUS_NOT_POWERED, 6006 &cp->type, sizeof(cp->type)); 6007 goto failed; 6008 } 6009 6010 if (hdev->discovery.state != DISCOVERY_STOPPED || 6011 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 6012 err = mgmt_cmd_complete(sk, hdev->id, 6013 MGMT_OP_START_SERVICE_DISCOVERY, 6014 MGMT_STATUS_BUSY, &cp->type, 6015 sizeof(cp->type)); 6016 goto failed; 6017 } 6018 6019 if (hdev->discovery_paused) { 6020 err = mgmt_cmd_complete(sk, hdev->id, 6021 MGMT_OP_START_SERVICE_DISCOVERY, 6022 MGMT_STATUS_BUSY, &cp->type, 6023 sizeof(cp->type)); 6024 goto failed; 6025 } 6026 6027 uuid_count = __le16_to_cpu(cp->uuid_count); 6028 if (uuid_count > max_uuid_count) { 6029 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 6030 uuid_count); 6031 err = mgmt_cmd_complete(sk, hdev->id, 6032 MGMT_OP_START_SERVICE_DISCOVERY, 6033 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6034 sizeof(cp->type)); 6035 goto failed; 6036 } 6037 6038 expected_len = sizeof(*cp) + uuid_count * 16; 6039 if (expected_len != len) { 6040 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 6041 expected_len, len); 6042 err = mgmt_cmd_complete(sk, hdev->id, 6043 MGMT_OP_START_SERVICE_DISCOVERY, 6044 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6045 sizeof(cp->type)); 6046 goto failed; 6047 } 6048 6049 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 6050 err = mgmt_cmd_complete(sk, hdev->id, 6051 MGMT_OP_START_SERVICE_DISCOVERY, 6052 status, &cp->type, sizeof(cp->type)); 6053 goto failed; 6054 } 6055 6056 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 6057 hdev, data, len); 6058 if (!cmd) { 6059 err = -ENOMEM; 6060 goto failed; 6061 } 6062 6063 /* Clear the discovery filter first to free any previously 6064 * allocated memory for the UUID list. 6065 */ 6066 hci_discovery_filter_clear(hdev); 6067 6068 hdev->discovery.result_filtering = true; 6069 hdev->discovery.type = cp->type; 6070 hdev->discovery.rssi = cp->rssi; 6071 hdev->discovery.uuid_count = uuid_count; 6072 6073 if (uuid_count > 0) { 6074 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 6075 GFP_KERNEL); 6076 if (!hdev->discovery.uuids) { 6077 err = mgmt_cmd_complete(sk, hdev->id, 6078 MGMT_OP_START_SERVICE_DISCOVERY, 6079 MGMT_STATUS_FAILED, 6080 &cp->type, sizeof(cp->type)); 6081 mgmt_pending_remove(cmd); 6082 goto failed; 6083 } 6084 } 6085 6086 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 6087 start_discovery_complete); 6088 if (err < 0) { 6089 mgmt_pending_remove(cmd); 6090 goto failed; 6091 } 6092 6093 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 6094 6095failed: 6096 hci_dev_unlock(hdev); 6097 return err; 6098} 6099 6100void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 6101{ 6102 struct mgmt_pending_cmd *cmd; 6103 6104 bt_dev_dbg(hdev, "status %u", status); 6105 6106 hci_dev_lock(hdev); 6107 6108 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 6109 if (cmd) { 6110 cmd->cmd_complete(cmd, mgmt_status(status)); 6111 mgmt_pending_remove(cmd); 6112 } 6113 6114 hci_dev_unlock(hdev); 6115} 6116 6117static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err) 6118{ 6119 struct mgmt_pending_cmd *cmd = data; 6120 6121 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev)) 6122 return; 6123 6124 bt_dev_dbg(hdev, "err %d", err); 6125 6126 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 6127 cmd->param, 1); 6128 mgmt_pending_remove(cmd); 6129 6130 if (!err) 6131 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 6132} 6133 6134static int stop_discovery_sync(struct hci_dev *hdev, void *data) 6135{ 6136 return hci_stop_discovery_sync(hdev); 6137} 6138 6139static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 6140 u16 len) 6141{ 6142 struct mgmt_cp_stop_discovery *mgmt_cp = data; 6143 struct mgmt_pending_cmd *cmd; 6144 int err; 6145 6146 bt_dev_dbg(hdev, "sock %p", sk); 6147 6148 hci_dev_lock(hdev); 6149 6150 if (!hci_discovery_active(hdev)) { 6151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6152 MGMT_STATUS_REJECTED, &mgmt_cp->type, 6153 sizeof(mgmt_cp->type)); 6154 goto unlock; 6155 } 6156 6157 if (hdev->discovery.type != mgmt_cp->type) { 6158 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6159 MGMT_STATUS_INVALID_PARAMS, 6160 &mgmt_cp->type, sizeof(mgmt_cp->type)); 6161 goto unlock; 6162 } 6163 6164 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 6165 if (!cmd) { 6166 err = -ENOMEM; 6167 goto unlock; 6168 } 6169 6170 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd, 6171 stop_discovery_complete); 6172 if (err < 0) { 6173 mgmt_pending_remove(cmd); 6174 goto unlock; 6175 } 6176 6177 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 6178 6179unlock: 6180 hci_dev_unlock(hdev); 6181 return err; 6182} 6183 6184static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 6185 u16 len) 6186{ 6187 struct mgmt_cp_confirm_name *cp = data; 6188 struct inquiry_entry *e; 6189 int err; 6190 6191 bt_dev_dbg(hdev, "sock %p", sk); 6192 6193 hci_dev_lock(hdev); 6194 6195 if (!hci_discovery_active(hdev)) { 6196 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6197 MGMT_STATUS_FAILED, &cp->addr, 6198 sizeof(cp->addr)); 6199 goto failed; 6200 } 6201 6202 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 6203 if (!e) { 6204 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6205 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 6206 sizeof(cp->addr)); 6207 goto failed; 6208 } 6209 6210 if (cp->name_known) { 6211 e->name_state = NAME_KNOWN; 6212 list_del(&e->list); 6213 } else { 6214 e->name_state = NAME_NEEDED; 6215 hci_inquiry_cache_update_resolve(hdev, e); 6216 } 6217 6218 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 6219 &cp->addr, sizeof(cp->addr)); 6220 6221failed: 6222 hci_dev_unlock(hdev); 6223 return err; 6224} 6225 6226static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 6227 u16 len) 6228{ 6229 struct mgmt_cp_block_device *cp = data; 6230 u8 status; 6231 int err; 6232 6233 bt_dev_dbg(hdev, "sock %p", sk); 6234 6235 if (!bdaddr_type_is_valid(cp->addr.type)) 6236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 6237 MGMT_STATUS_INVALID_PARAMS, 6238 &cp->addr, sizeof(cp->addr)); 6239 6240 hci_dev_lock(hdev); 6241 6242 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr, 6243 cp->addr.type); 6244 if (err < 0) { 6245 status = MGMT_STATUS_FAILED; 6246 goto done; 6247 } 6248 6249 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6250 sk); 6251 status = MGMT_STATUS_SUCCESS; 6252 6253done: 6254 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 6255 &cp->addr, sizeof(cp->addr)); 6256 6257 hci_dev_unlock(hdev); 6258 6259 return err; 6260} 6261 6262static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 6263 u16 len) 6264{ 6265 struct mgmt_cp_unblock_device *cp = data; 6266 u8 status; 6267 int err; 6268 6269 bt_dev_dbg(hdev, "sock %p", sk); 6270 6271 if (!bdaddr_type_is_valid(cp->addr.type)) 6272 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 6273 MGMT_STATUS_INVALID_PARAMS, 6274 &cp->addr, sizeof(cp->addr)); 6275 6276 hci_dev_lock(hdev); 6277 6278 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr, 6279 cp->addr.type); 6280 if (err < 0) { 6281 status = MGMT_STATUS_INVALID_PARAMS; 6282 goto done; 6283 } 6284 6285 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6286 sk); 6287 status = MGMT_STATUS_SUCCESS; 6288 6289done: 6290 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 6291 &cp->addr, sizeof(cp->addr)); 6292 6293 hci_dev_unlock(hdev); 6294 6295 return err; 6296} 6297 6298static int set_device_id_sync(struct hci_dev *hdev, void *data) 6299{ 6300 return hci_update_eir_sync(hdev); 6301} 6302 6303static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 6304 u16 len) 6305{ 6306 struct mgmt_cp_set_device_id *cp = data; 6307 int err; 6308 __u16 source; 6309 6310 bt_dev_dbg(hdev, "sock %p", sk); 6311 6312 source = __le16_to_cpu(cp->source); 6313 6314 if (source > 0x0002) 6315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 6316 MGMT_STATUS_INVALID_PARAMS); 6317 6318 hci_dev_lock(hdev); 6319 6320 hdev->devid_source = source; 6321 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 6322 hdev->devid_product = __le16_to_cpu(cp->product); 6323 hdev->devid_version = __le16_to_cpu(cp->version); 6324 6325 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 6326 NULL, 0); 6327 6328 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL); 6329 6330 hci_dev_unlock(hdev); 6331 6332 return err; 6333} 6334 6335static void enable_advertising_instance(struct hci_dev *hdev, int err) 6336{ 6337 if (err) 6338 bt_dev_err(hdev, "failed to re-configure advertising %d", err); 6339 else 6340 bt_dev_dbg(hdev, "status %d", err); 6341} 6342 6343static void set_advertising_complete(struct hci_dev *hdev, void *data, int err) 6344{ 6345 struct cmd_lookup match = { NULL, hdev }; 6346 u8 instance; 6347 struct adv_info *adv_instance; 6348 u8 status = mgmt_status(err); 6349 6350 if (status) { 6351 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 6352 cmd_status_rsp, &status); 6353 return; 6354 } 6355 6356 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 6357 hci_dev_set_flag(hdev, HCI_ADVERTISING); 6358 else 6359 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 6360 6361 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 6362 &match); 6363 6364 new_settings(hdev, match.sk); 6365 6366 if (match.sk) 6367 sock_put(match.sk); 6368 6369 /* If "Set Advertising" was just disabled and instance advertising was 6370 * set up earlier, then re-enable multi-instance advertising. 6371 */ 6372 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6373 list_empty(&hdev->adv_instances)) 6374 return; 6375 6376 instance = hdev->cur_adv_instance; 6377 if (!instance) { 6378 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 6379 struct adv_info, list); 6380 if (!adv_instance) 6381 return; 6382 6383 instance = adv_instance->instance; 6384 } 6385 6386 err = hci_schedule_adv_instance_sync(hdev, instance, true); 6387 6388 enable_advertising_instance(hdev, err); 6389} 6390 6391static int set_adv_sync(struct hci_dev *hdev, void *data) 6392{ 6393 struct mgmt_pending_cmd *cmd = data; 6394 struct mgmt_mode *cp = cmd->param; 6395 u8 val = !!cp->val; 6396 6397 if (cp->val == 0x02) 6398 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6399 else 6400 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6401 6402 cancel_adv_timeout(hdev); 6403 6404 if (val) { 6405 /* Switch to instance "0" for the Set Advertising setting. 6406 * We cannot use update_[adv|scan_rsp]_data() here as the 6407 * HCI_ADVERTISING flag is not yet set. 6408 */ 6409 hdev->cur_adv_instance = 0x00; 6410 6411 if (ext_adv_capable(hdev)) { 6412 hci_start_ext_adv_sync(hdev, 0x00); 6413 } else { 6414 hci_update_adv_data_sync(hdev, 0x00); 6415 hci_update_scan_rsp_data_sync(hdev, 0x00); 6416 hci_enable_advertising_sync(hdev); 6417 } 6418 } else { 6419 hci_disable_advertising_sync(hdev); 6420 } 6421 6422 return 0; 6423} 6424 6425static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 6426 u16 len) 6427{ 6428 struct mgmt_mode *cp = data; 6429 struct mgmt_pending_cmd *cmd; 6430 u8 val, status; 6431 int err; 6432 6433 bt_dev_dbg(hdev, "sock %p", sk); 6434 6435 status = mgmt_le_support(hdev); 6436 if (status) 6437 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6438 status); 6439 6440 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6442 MGMT_STATUS_INVALID_PARAMS); 6443 6444 if (hdev->advertising_paused) 6445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6446 MGMT_STATUS_BUSY); 6447 6448 hci_dev_lock(hdev); 6449 6450 val = !!cp->val; 6451 6452 /* The following conditions are ones which mean that we should 6453 * not do any HCI communication but directly send a mgmt 6454 * response to user space (after toggling the flag if 6455 * necessary). 6456 */ 6457 if (!hdev_is_powered(hdev) || 6458 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 6459 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 6460 hci_dev_test_flag(hdev, HCI_MESH) || 6461 hci_conn_num(hdev, LE_LINK) > 0 || 6462 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6463 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 6464 bool changed; 6465 6466 if (cp->val) { 6467 hdev->cur_adv_instance = 0x00; 6468 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 6469 if (cp->val == 0x02) 6470 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6471 else 6472 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6473 } else { 6474 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 6475 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6476 } 6477 6478 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 6479 if (err < 0) 6480 goto unlock; 6481 6482 if (changed) 6483 err = new_settings(hdev, sk); 6484 6485 goto unlock; 6486 } 6487 6488 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 6489 pending_find(MGMT_OP_SET_LE, hdev)) { 6490 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6491 MGMT_STATUS_BUSY); 6492 goto unlock; 6493 } 6494 6495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 6496 if (!cmd) 6497 err = -ENOMEM; 6498 else 6499 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd, 6500 set_advertising_complete); 6501 6502 if (err < 0 && cmd) 6503 mgmt_pending_remove(cmd); 6504 6505unlock: 6506 hci_dev_unlock(hdev); 6507 return err; 6508} 6509 6510static int set_static_address(struct sock *sk, struct hci_dev *hdev, 6511 void *data, u16 len) 6512{ 6513 struct mgmt_cp_set_static_address *cp = data; 6514 int err; 6515 6516 bt_dev_dbg(hdev, "sock %p", sk); 6517 6518 if (!lmp_le_capable(hdev)) 6519 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6520 MGMT_STATUS_NOT_SUPPORTED); 6521 6522 if (hdev_is_powered(hdev)) 6523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6524 MGMT_STATUS_REJECTED); 6525 6526 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 6527 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 6528 return mgmt_cmd_status(sk, hdev->id, 6529 MGMT_OP_SET_STATIC_ADDRESS, 6530 MGMT_STATUS_INVALID_PARAMS); 6531 6532 /* Two most significant bits shall be set */ 6533 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 6534 return mgmt_cmd_status(sk, hdev->id, 6535 MGMT_OP_SET_STATIC_ADDRESS, 6536 MGMT_STATUS_INVALID_PARAMS); 6537 } 6538 6539 hci_dev_lock(hdev); 6540 6541 bacpy(&hdev->static_addr, &cp->bdaddr); 6542 6543 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 6544 if (err < 0) 6545 goto unlock; 6546 6547 err = new_settings(hdev, sk); 6548 6549unlock: 6550 hci_dev_unlock(hdev); 6551 return err; 6552} 6553 6554static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 6555 void *data, u16 len) 6556{ 6557 struct mgmt_cp_set_scan_params *cp = data; 6558 __u16 interval, window; 6559 int err; 6560 6561 bt_dev_dbg(hdev, "sock %p", sk); 6562 6563 if (!lmp_le_capable(hdev)) 6564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6565 MGMT_STATUS_NOT_SUPPORTED); 6566 6567 interval = __le16_to_cpu(cp->interval); 6568 6569 if (interval < 0x0004 || interval > 0x4000) 6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6571 MGMT_STATUS_INVALID_PARAMS); 6572 6573 window = __le16_to_cpu(cp->window); 6574 6575 if (window < 0x0004 || window > 0x4000) 6576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6577 MGMT_STATUS_INVALID_PARAMS); 6578 6579 if (window > interval) 6580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6581 MGMT_STATUS_INVALID_PARAMS); 6582 6583 hci_dev_lock(hdev); 6584 6585 hdev->le_scan_interval = interval; 6586 hdev->le_scan_window = window; 6587 6588 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 6589 NULL, 0); 6590 6591 /* If background scan is running, restart it so new parameters are 6592 * loaded. 6593 */ 6594 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6595 hdev->discovery.state == DISCOVERY_STOPPED) 6596 hci_update_passive_scan(hdev); 6597 6598 hci_dev_unlock(hdev); 6599 6600 return err; 6601} 6602 6603static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err) 6604{ 6605 struct mgmt_pending_cmd *cmd = data; 6606 6607 bt_dev_dbg(hdev, "err %d", err); 6608 6609 if (err) { 6610 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6611 mgmt_status(err)); 6612 } else { 6613 struct mgmt_mode *cp = cmd->param; 6614 6615 if (cp->val) 6616 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 6617 else 6618 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6619 6620 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6621 new_settings(hdev, cmd->sk); 6622 } 6623 6624 mgmt_pending_free(cmd); 6625} 6626 6627static int write_fast_connectable_sync(struct hci_dev *hdev, void *data) 6628{ 6629 struct mgmt_pending_cmd *cmd = data; 6630 struct mgmt_mode *cp = cmd->param; 6631 6632 return hci_write_fast_connectable_sync(hdev, cp->val); 6633} 6634 6635static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 6636 void *data, u16 len) 6637{ 6638 struct mgmt_mode *cp = data; 6639 struct mgmt_pending_cmd *cmd; 6640 int err; 6641 6642 bt_dev_dbg(hdev, "sock %p", sk); 6643 6644 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 6645 hdev->hci_ver < BLUETOOTH_VER_1_2) 6646 return mgmt_cmd_status(sk, hdev->id, 6647 MGMT_OP_SET_FAST_CONNECTABLE, 6648 MGMT_STATUS_NOT_SUPPORTED); 6649 6650 if (cp->val != 0x00 && cp->val != 0x01) 6651 return mgmt_cmd_status(sk, hdev->id, 6652 MGMT_OP_SET_FAST_CONNECTABLE, 6653 MGMT_STATUS_INVALID_PARAMS); 6654 6655 hci_dev_lock(hdev); 6656 6657 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 6658 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6659 goto unlock; 6660 } 6661 6662 if (!hdev_is_powered(hdev)) { 6663 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 6664 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6665 new_settings(hdev, sk); 6666 goto unlock; 6667 } 6668 6669 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data, 6670 len); 6671 if (!cmd) 6672 err = -ENOMEM; 6673 else 6674 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd, 6675 fast_connectable_complete); 6676 6677 if (err < 0) { 6678 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6679 MGMT_STATUS_FAILED); 6680 6681 if (cmd) 6682 mgmt_pending_free(cmd); 6683 } 6684 6685unlock: 6686 hci_dev_unlock(hdev); 6687 6688 return err; 6689} 6690 6691static void set_bredr_complete(struct hci_dev *hdev, void *data, int err) 6692{ 6693 struct mgmt_pending_cmd *cmd = data; 6694 6695 bt_dev_dbg(hdev, "err %d", err); 6696 6697 if (err) { 6698 u8 mgmt_err = mgmt_status(err); 6699 6700 /* We need to restore the flag if related HCI commands 6701 * failed. 6702 */ 6703 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 6704 6705 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6706 } else { 6707 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 6708 new_settings(hdev, cmd->sk); 6709 } 6710 6711 mgmt_pending_free(cmd); 6712} 6713 6714static int set_bredr_sync(struct hci_dev *hdev, void *data) 6715{ 6716 int status; 6717 6718 status = hci_write_fast_connectable_sync(hdev, false); 6719 6720 if (!status) 6721 status = hci_update_scan_sync(hdev); 6722 6723 /* Since only the advertising data flags will change, there 6724 * is no need to update the scan response data. 6725 */ 6726 if (!status) 6727 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance); 6728 6729 return status; 6730} 6731 6732static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 6733{ 6734 struct mgmt_mode *cp = data; 6735 struct mgmt_pending_cmd *cmd; 6736 int err; 6737 6738 bt_dev_dbg(hdev, "sock %p", sk); 6739 6740 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 6741 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6742 MGMT_STATUS_NOT_SUPPORTED); 6743 6744 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6746 MGMT_STATUS_REJECTED); 6747 6748 if (cp->val != 0x00 && cp->val != 0x01) 6749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6750 MGMT_STATUS_INVALID_PARAMS); 6751 6752 hci_dev_lock(hdev); 6753 6754 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6755 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6756 goto unlock; 6757 } 6758 6759 if (!hdev_is_powered(hdev)) { 6760 if (!cp->val) { 6761 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 6762 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 6763 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 6764 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6765 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 6766 } 6767 6768 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 6769 6770 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6771 if (err < 0) 6772 goto unlock; 6773 6774 err = new_settings(hdev, sk); 6775 goto unlock; 6776 } 6777 6778 /* Reject disabling when powered on */ 6779 if (!cp->val) { 6780 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6781 MGMT_STATUS_REJECTED); 6782 goto unlock; 6783 } else { 6784 /* When configuring a dual-mode controller to operate 6785 * with LE only and using a static address, then switching 6786 * BR/EDR back on is not allowed. 6787 * 6788 * Dual-mode controllers shall operate with the public 6789 * address as its identity address for BR/EDR and LE. So 6790 * reject the attempt to create an invalid configuration. 6791 * 6792 * The same restrictions applies when secure connections 6793 * has been enabled. For BR/EDR this is a controller feature 6794 * while for LE it is a host stack feature. This means that 6795 * switching BR/EDR back on when secure connections has been 6796 * enabled is not a supported transaction. 6797 */ 6798 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6799 (bacmp(&hdev->static_addr, BDADDR_ANY) || 6800 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 6801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6802 MGMT_STATUS_REJECTED); 6803 goto unlock; 6804 } 6805 } 6806 6807 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len); 6808 if (!cmd) 6809 err = -ENOMEM; 6810 else 6811 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd, 6812 set_bredr_complete); 6813 6814 if (err < 0) { 6815 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6816 MGMT_STATUS_FAILED); 6817 if (cmd) 6818 mgmt_pending_free(cmd); 6819 6820 goto unlock; 6821 } 6822 6823 /* We need to flip the bit already here so that 6824 * hci_req_update_adv_data generates the correct flags. 6825 */ 6826 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 6827 6828unlock: 6829 hci_dev_unlock(hdev); 6830 return err; 6831} 6832 6833static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err) 6834{ 6835 struct mgmt_pending_cmd *cmd = data; 6836 struct mgmt_mode *cp; 6837 6838 bt_dev_dbg(hdev, "err %d", err); 6839 6840 if (err) { 6841 u8 mgmt_err = mgmt_status(err); 6842 6843 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6844 goto done; 6845 } 6846 6847 cp = cmd->param; 6848 6849 switch (cp->val) { 6850 case 0x00: 6851 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 6852 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6853 break; 6854 case 0x01: 6855 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6856 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6857 break; 6858 case 0x02: 6859 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6860 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6861 break; 6862 } 6863 6864 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 6865 new_settings(hdev, cmd->sk); 6866 6867done: 6868 mgmt_pending_free(cmd); 6869} 6870 6871static int set_secure_conn_sync(struct hci_dev *hdev, void *data) 6872{ 6873 struct mgmt_pending_cmd *cmd = data; 6874 struct mgmt_mode *cp = cmd->param; 6875 u8 val = !!cp->val; 6876 6877 /* Force write of val */ 6878 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6879 6880 return hci_write_sc_support_sync(hdev, val); 6881} 6882 6883static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 6884 void *data, u16 len) 6885{ 6886 struct mgmt_mode *cp = data; 6887 struct mgmt_pending_cmd *cmd; 6888 u8 val; 6889 int err; 6890 6891 bt_dev_dbg(hdev, "sock %p", sk); 6892 6893 if (!lmp_sc_capable(hdev) && 6894 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6896 MGMT_STATUS_NOT_SUPPORTED); 6897 6898 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6899 lmp_sc_capable(hdev) && 6900 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 6901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6902 MGMT_STATUS_REJECTED); 6903 6904 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6905 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6906 MGMT_STATUS_INVALID_PARAMS); 6907 6908 hci_dev_lock(hdev); 6909 6910 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 6911 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6912 bool changed; 6913 6914 if (cp->val) { 6915 changed = !hci_dev_test_and_set_flag(hdev, 6916 HCI_SC_ENABLED); 6917 if (cp->val == 0x02) 6918 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6919 else 6920 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6921 } else { 6922 changed = hci_dev_test_and_clear_flag(hdev, 6923 HCI_SC_ENABLED); 6924 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6925 } 6926 6927 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6928 if (err < 0) 6929 goto failed; 6930 6931 if (changed) 6932 err = new_settings(hdev, sk); 6933 6934 goto failed; 6935 } 6936 6937 val = !!cp->val; 6938 6939 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6940 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6941 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6942 goto failed; 6943 } 6944 6945 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 6946 if (!cmd) 6947 err = -ENOMEM; 6948 else 6949 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd, 6950 set_secure_conn_complete); 6951 6952 if (err < 0) { 6953 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6954 MGMT_STATUS_FAILED); 6955 if (cmd) 6956 mgmt_pending_free(cmd); 6957 } 6958 6959failed: 6960 hci_dev_unlock(hdev); 6961 return err; 6962} 6963 6964static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 6965 void *data, u16 len) 6966{ 6967 struct mgmt_mode *cp = data; 6968 bool changed, use_changed; 6969 int err; 6970 6971 bt_dev_dbg(hdev, "sock %p", sk); 6972 6973 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 6975 MGMT_STATUS_INVALID_PARAMS); 6976 6977 hci_dev_lock(hdev); 6978 6979 if (cp->val) 6980 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 6981 else 6982 changed = hci_dev_test_and_clear_flag(hdev, 6983 HCI_KEEP_DEBUG_KEYS); 6984 6985 if (cp->val == 0x02) 6986 use_changed = !hci_dev_test_and_set_flag(hdev, 6987 HCI_USE_DEBUG_KEYS); 6988 else 6989 use_changed = hci_dev_test_and_clear_flag(hdev, 6990 HCI_USE_DEBUG_KEYS); 6991 6992 if (hdev_is_powered(hdev) && use_changed && 6993 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6994 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 6995 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 6996 sizeof(mode), &mode); 6997 } 6998 6999 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 7000 if (err < 0) 7001 goto unlock; 7002 7003 if (changed) 7004 err = new_settings(hdev, sk); 7005 7006unlock: 7007 hci_dev_unlock(hdev); 7008 return err; 7009} 7010 7011static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 7012 u16 len) 7013{ 7014 struct mgmt_cp_set_privacy *cp = cp_data; 7015 bool changed; 7016 int err; 7017 7018 bt_dev_dbg(hdev, "sock %p", sk); 7019 7020 if (!lmp_le_capable(hdev)) 7021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7022 MGMT_STATUS_NOT_SUPPORTED); 7023 7024 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 7025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7026 MGMT_STATUS_INVALID_PARAMS); 7027 7028 if (hdev_is_powered(hdev)) 7029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7030 MGMT_STATUS_REJECTED); 7031 7032 hci_dev_lock(hdev); 7033 7034 /* If user space supports this command it is also expected to 7035 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 7036 */ 7037 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7038 7039 if (cp->privacy) { 7040 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 7041 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 7042 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 7043 hci_adv_instances_set_rpa_expired(hdev, true); 7044 if (cp->privacy == 0x02) 7045 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 7046 else 7047 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7048 } else { 7049 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 7050 memset(hdev->irk, 0, sizeof(hdev->irk)); 7051 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 7052 hci_adv_instances_set_rpa_expired(hdev, false); 7053 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7054 } 7055 7056 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 7057 if (err < 0) 7058 goto unlock; 7059 7060 if (changed) 7061 err = new_settings(hdev, sk); 7062 7063unlock: 7064 hci_dev_unlock(hdev); 7065 return err; 7066} 7067 7068static bool irk_is_valid(struct mgmt_irk_info *irk) 7069{ 7070 switch (irk->addr.type) { 7071 case BDADDR_LE_PUBLIC: 7072 return true; 7073 7074 case BDADDR_LE_RANDOM: 7075 /* Two most significant bits shall be set */ 7076 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7077 return false; 7078 return true; 7079 } 7080 7081 return false; 7082} 7083 7084static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 7085 u16 len) 7086{ 7087 struct mgmt_cp_load_irks *cp = cp_data; 7088 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 7089 sizeof(struct mgmt_irk_info)); 7090 u16 irk_count, expected_len; 7091 int i, err; 7092 7093 bt_dev_dbg(hdev, "sock %p", sk); 7094 7095 if (!lmp_le_capable(hdev)) 7096 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7097 MGMT_STATUS_NOT_SUPPORTED); 7098 7099 irk_count = __le16_to_cpu(cp->irk_count); 7100 if (irk_count > max_irk_count) { 7101 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 7102 irk_count); 7103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7104 MGMT_STATUS_INVALID_PARAMS); 7105 } 7106 7107 expected_len = struct_size(cp, irks, irk_count); 7108 if (expected_len != len) { 7109 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 7110 expected_len, len); 7111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7112 MGMT_STATUS_INVALID_PARAMS); 7113 } 7114 7115 bt_dev_dbg(hdev, "irk_count %u", irk_count); 7116 7117 for (i = 0; i < irk_count; i++) { 7118 struct mgmt_irk_info *key = &cp->irks[i]; 7119 7120 if (!irk_is_valid(key)) 7121 return mgmt_cmd_status(sk, hdev->id, 7122 MGMT_OP_LOAD_IRKS, 7123 MGMT_STATUS_INVALID_PARAMS); 7124 } 7125 7126 hci_dev_lock(hdev); 7127 7128 hci_smp_irks_clear(hdev); 7129 7130 for (i = 0; i < irk_count; i++) { 7131 struct mgmt_irk_info *irk = &cp->irks[i]; 7132 7133 if (hci_is_blocked_key(hdev, 7134 HCI_BLOCKED_KEY_TYPE_IRK, 7135 irk->val)) { 7136 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 7137 &irk->addr.bdaddr); 7138 continue; 7139 } 7140 7141 hci_add_irk(hdev, &irk->addr.bdaddr, 7142 le_addr_type(irk->addr.type), irk->val, 7143 BDADDR_ANY); 7144 } 7145 7146 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7147 7148 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 7149 7150 hci_dev_unlock(hdev); 7151 7152 return err; 7153} 7154 7155static bool ltk_is_valid(struct mgmt_ltk_info *key) 7156{ 7157 if (key->initiator != 0x00 && key->initiator != 0x01) 7158 return false; 7159 7160 switch (key->addr.type) { 7161 case BDADDR_LE_PUBLIC: 7162 return true; 7163 7164 case BDADDR_LE_RANDOM: 7165 /* Two most significant bits shall be set */ 7166 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7167 return false; 7168 return true; 7169 } 7170 7171 return false; 7172} 7173 7174static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 7175 void *cp_data, u16 len) 7176{ 7177 struct mgmt_cp_load_long_term_keys *cp = cp_data; 7178 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 7179 sizeof(struct mgmt_ltk_info)); 7180 u16 key_count, expected_len; 7181 int i, err; 7182 7183 bt_dev_dbg(hdev, "sock %p", sk); 7184 7185 if (!lmp_le_capable(hdev)) 7186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7187 MGMT_STATUS_NOT_SUPPORTED); 7188 7189 key_count = __le16_to_cpu(cp->key_count); 7190 if (key_count > max_key_count) { 7191 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 7192 key_count); 7193 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7194 MGMT_STATUS_INVALID_PARAMS); 7195 } 7196 7197 expected_len = struct_size(cp, keys, key_count); 7198 if (expected_len != len) { 7199 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 7200 expected_len, len); 7201 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7202 MGMT_STATUS_INVALID_PARAMS); 7203 } 7204 7205 bt_dev_dbg(hdev, "key_count %u", key_count); 7206 7207 for (i = 0; i < key_count; i++) { 7208 struct mgmt_ltk_info *key = &cp->keys[i]; 7209 7210 if (!ltk_is_valid(key)) 7211 return mgmt_cmd_status(sk, hdev->id, 7212 MGMT_OP_LOAD_LONG_TERM_KEYS, 7213 MGMT_STATUS_INVALID_PARAMS); 7214 } 7215 7216 hci_dev_lock(hdev); 7217 7218 hci_smp_ltks_clear(hdev); 7219 7220 for (i = 0; i < key_count; i++) { 7221 struct mgmt_ltk_info *key = &cp->keys[i]; 7222 u8 type, authenticated; 7223 7224 if (hci_is_blocked_key(hdev, 7225 HCI_BLOCKED_KEY_TYPE_LTK, 7226 key->val)) { 7227 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 7228 &key->addr.bdaddr); 7229 continue; 7230 } 7231 7232 switch (key->type) { 7233 case MGMT_LTK_UNAUTHENTICATED: 7234 authenticated = 0x00; 7235 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7236 break; 7237 case MGMT_LTK_AUTHENTICATED: 7238 authenticated = 0x01; 7239 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7240 break; 7241 case MGMT_LTK_P256_UNAUTH: 7242 authenticated = 0x00; 7243 type = SMP_LTK_P256; 7244 break; 7245 case MGMT_LTK_P256_AUTH: 7246 authenticated = 0x01; 7247 type = SMP_LTK_P256; 7248 break; 7249 case MGMT_LTK_P256_DEBUG: 7250 authenticated = 0x00; 7251 type = SMP_LTK_P256_DEBUG; 7252 fallthrough; 7253 default: 7254 continue; 7255 } 7256 7257 hci_add_ltk(hdev, &key->addr.bdaddr, 7258 le_addr_type(key->addr.type), type, authenticated, 7259 key->val, key->enc_size, key->ediv, key->rand); 7260 } 7261 7262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 7263 NULL, 0); 7264 7265 hci_dev_unlock(hdev); 7266 7267 return err; 7268} 7269 7270static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err) 7271{ 7272 struct mgmt_pending_cmd *cmd = data; 7273 struct hci_conn *conn = cmd->user_data; 7274 struct mgmt_cp_get_conn_info *cp = cmd->param; 7275 struct mgmt_rp_get_conn_info rp; 7276 u8 status; 7277 7278 bt_dev_dbg(hdev, "err %d", err); 7279 7280 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr)); 7281 7282 status = mgmt_status(err); 7283 if (status == MGMT_STATUS_SUCCESS) { 7284 rp.rssi = conn->rssi; 7285 rp.tx_power = conn->tx_power; 7286 rp.max_tx_power = conn->max_tx_power; 7287 } else { 7288 rp.rssi = HCI_RSSI_INVALID; 7289 rp.tx_power = HCI_TX_POWER_INVALID; 7290 rp.max_tx_power = HCI_TX_POWER_INVALID; 7291 } 7292 7293 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status, 7294 &rp, sizeof(rp)); 7295 7296 mgmt_pending_free(cmd); 7297} 7298 7299static int get_conn_info_sync(struct hci_dev *hdev, void *data) 7300{ 7301 struct mgmt_pending_cmd *cmd = data; 7302 struct mgmt_cp_get_conn_info *cp = cmd->param; 7303 struct hci_conn *conn; 7304 int err; 7305 __le16 handle; 7306 7307 /* Make sure we are still connected */ 7308 if (cp->addr.type == BDADDR_BREDR) 7309 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7310 &cp->addr.bdaddr); 7311 else 7312 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7313 7314 if (!conn || conn->state != BT_CONNECTED) 7315 return MGMT_STATUS_NOT_CONNECTED; 7316 7317 cmd->user_data = conn; 7318 handle = cpu_to_le16(conn->handle); 7319 7320 /* Refresh RSSI each time */ 7321 err = hci_read_rssi_sync(hdev, handle); 7322 7323 /* For LE links TX power does not change thus we don't need to 7324 * query for it once value is known. 7325 */ 7326 if (!err && (!bdaddr_type_is_le(cp->addr.type) || 7327 conn->tx_power == HCI_TX_POWER_INVALID)) 7328 err = hci_read_tx_power_sync(hdev, handle, 0x00); 7329 7330 /* Max TX power needs to be read only once per connection */ 7331 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID) 7332 err = hci_read_tx_power_sync(hdev, handle, 0x01); 7333 7334 return err; 7335} 7336 7337static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 7338 u16 len) 7339{ 7340 struct mgmt_cp_get_conn_info *cp = data; 7341 struct mgmt_rp_get_conn_info rp; 7342 struct hci_conn *conn; 7343 unsigned long conn_info_age; 7344 int err = 0; 7345 7346 bt_dev_dbg(hdev, "sock %p", sk); 7347 7348 memset(&rp, 0, sizeof(rp)); 7349 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7350 rp.addr.type = cp->addr.type; 7351 7352 if (!bdaddr_type_is_valid(cp->addr.type)) 7353 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7354 MGMT_STATUS_INVALID_PARAMS, 7355 &rp, sizeof(rp)); 7356 7357 hci_dev_lock(hdev); 7358 7359 if (!hdev_is_powered(hdev)) { 7360 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7361 MGMT_STATUS_NOT_POWERED, &rp, 7362 sizeof(rp)); 7363 goto unlock; 7364 } 7365 7366 if (cp->addr.type == BDADDR_BREDR) 7367 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7368 &cp->addr.bdaddr); 7369 else 7370 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7371 7372 if (!conn || conn->state != BT_CONNECTED) { 7373 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7374 MGMT_STATUS_NOT_CONNECTED, &rp, 7375 sizeof(rp)); 7376 goto unlock; 7377 } 7378 7379 /* To avoid client trying to guess when to poll again for information we 7380 * calculate conn info age as random value between min/max set in hdev. 7381 */ 7382 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age, 7383 hdev->conn_info_max_age - 1); 7384 7385 /* Query controller to refresh cached values if they are too old or were 7386 * never read. 7387 */ 7388 if (time_after(jiffies, conn->conn_info_timestamp + 7389 msecs_to_jiffies(conn_info_age)) || 7390 !conn->conn_info_timestamp) { 7391 struct mgmt_pending_cmd *cmd; 7392 7393 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data, 7394 len); 7395 if (!cmd) { 7396 err = -ENOMEM; 7397 } else { 7398 err = hci_cmd_sync_queue(hdev, get_conn_info_sync, 7399 cmd, get_conn_info_complete); 7400 } 7401 7402 if (err < 0) { 7403 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7404 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7405 7406 if (cmd) 7407 mgmt_pending_free(cmd); 7408 7409 goto unlock; 7410 } 7411 7412 conn->conn_info_timestamp = jiffies; 7413 } else { 7414 /* Cache is valid, just reply with values cached in hci_conn */ 7415 rp.rssi = conn->rssi; 7416 rp.tx_power = conn->tx_power; 7417 rp.max_tx_power = conn->max_tx_power; 7418 7419 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7420 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 7421 } 7422 7423unlock: 7424 hci_dev_unlock(hdev); 7425 return err; 7426} 7427 7428static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err) 7429{ 7430 struct mgmt_pending_cmd *cmd = data; 7431 struct mgmt_cp_get_clock_info *cp = cmd->param; 7432 struct mgmt_rp_get_clock_info rp; 7433 struct hci_conn *conn = cmd->user_data; 7434 u8 status = mgmt_status(err); 7435 7436 bt_dev_dbg(hdev, "err %d", err); 7437 7438 memset(&rp, 0, sizeof(rp)); 7439 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7440 rp.addr.type = cp->addr.type; 7441 7442 if (err) 7443 goto complete; 7444 7445 rp.local_clock = cpu_to_le32(hdev->clock); 7446 7447 if (conn) { 7448 rp.piconet_clock = cpu_to_le32(conn->clock); 7449 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 7450 } 7451 7452complete: 7453 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 7454 sizeof(rp)); 7455 7456 mgmt_pending_free(cmd); 7457} 7458 7459static int get_clock_info_sync(struct hci_dev *hdev, void *data) 7460{ 7461 struct mgmt_pending_cmd *cmd = data; 7462 struct mgmt_cp_get_clock_info *cp = cmd->param; 7463 struct hci_cp_read_clock hci_cp; 7464 struct hci_conn *conn; 7465 7466 memset(&hci_cp, 0, sizeof(hci_cp)); 7467 hci_read_clock_sync(hdev, &hci_cp); 7468 7469 /* Make sure connection still exists */ 7470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 7471 if (!conn || conn->state != BT_CONNECTED) 7472 return MGMT_STATUS_NOT_CONNECTED; 7473 7474 cmd->user_data = conn; 7475 hci_cp.handle = cpu_to_le16(conn->handle); 7476 hci_cp.which = 0x01; /* Piconet clock */ 7477 7478 return hci_read_clock_sync(hdev, &hci_cp); 7479} 7480 7481static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 7482 u16 len) 7483{ 7484 struct mgmt_cp_get_clock_info *cp = data; 7485 struct mgmt_rp_get_clock_info rp; 7486 struct mgmt_pending_cmd *cmd; 7487 struct hci_conn *conn; 7488 int err; 7489 7490 bt_dev_dbg(hdev, "sock %p", sk); 7491 7492 memset(&rp, 0, sizeof(rp)); 7493 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7494 rp.addr.type = cp->addr.type; 7495 7496 if (cp->addr.type != BDADDR_BREDR) 7497 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7498 MGMT_STATUS_INVALID_PARAMS, 7499 &rp, sizeof(rp)); 7500 7501 hci_dev_lock(hdev); 7502 7503 if (!hdev_is_powered(hdev)) { 7504 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7505 MGMT_STATUS_NOT_POWERED, &rp, 7506 sizeof(rp)); 7507 goto unlock; 7508 } 7509 7510 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7511 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7512 &cp->addr.bdaddr); 7513 if (!conn || conn->state != BT_CONNECTED) { 7514 err = mgmt_cmd_complete(sk, hdev->id, 7515 MGMT_OP_GET_CLOCK_INFO, 7516 MGMT_STATUS_NOT_CONNECTED, 7517 &rp, sizeof(rp)); 7518 goto unlock; 7519 } 7520 } else { 7521 conn = NULL; 7522 } 7523 7524 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 7525 if (!cmd) 7526 err = -ENOMEM; 7527 else 7528 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd, 7529 get_clock_info_complete); 7530 7531 if (err < 0) { 7532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7533 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7534 7535 if (cmd) 7536 mgmt_pending_free(cmd); 7537 } 7538 7539 7540unlock: 7541 hci_dev_unlock(hdev); 7542 return err; 7543} 7544 7545static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 7546{ 7547 struct hci_conn *conn; 7548 7549 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 7550 if (!conn) 7551 return false; 7552 7553 if (conn->dst_type != type) 7554 return false; 7555 7556 if (conn->state != BT_CONNECTED) 7557 return false; 7558 7559 return true; 7560} 7561 7562/* This function requires the caller holds hdev->lock */ 7563static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 7564 u8 addr_type, u8 auto_connect) 7565{ 7566 struct hci_conn_params *params; 7567 7568 params = hci_conn_params_add(hdev, addr, addr_type); 7569 if (!params) 7570 return -EIO; 7571 7572 if (params->auto_connect == auto_connect) 7573 return 0; 7574 7575 list_del_init(&params->action); 7576 7577 switch (auto_connect) { 7578 case HCI_AUTO_CONN_DISABLED: 7579 case HCI_AUTO_CONN_LINK_LOSS: 7580 /* If auto connect is being disabled when we're trying to 7581 * connect to device, keep connecting. 7582 */ 7583 if (params->explicit_connect) 7584 list_add(&params->action, &hdev->pend_le_conns); 7585 break; 7586 case HCI_AUTO_CONN_REPORT: 7587 if (params->explicit_connect) 7588 list_add(&params->action, &hdev->pend_le_conns); 7589 else 7590 list_add(&params->action, &hdev->pend_le_reports); 7591 break; 7592 case HCI_AUTO_CONN_DIRECT: 7593 case HCI_AUTO_CONN_ALWAYS: 7594 if (!is_connected(hdev, addr, addr_type)) 7595 list_add(&params->action, &hdev->pend_le_conns); 7596 break; 7597 } 7598 7599 params->auto_connect = auto_connect; 7600 7601 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 7602 addr, addr_type, auto_connect); 7603 7604 return 0; 7605} 7606 7607static void device_added(struct sock *sk, struct hci_dev *hdev, 7608 bdaddr_t *bdaddr, u8 type, u8 action) 7609{ 7610 struct mgmt_ev_device_added ev; 7611 7612 bacpy(&ev.addr.bdaddr, bdaddr); 7613 ev.addr.type = type; 7614 ev.action = action; 7615 7616 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 7617} 7618 7619static int add_device_sync(struct hci_dev *hdev, void *data) 7620{ 7621 return hci_update_passive_scan_sync(hdev); 7622} 7623 7624static int add_device(struct sock *sk, struct hci_dev *hdev, 7625 void *data, u16 len) 7626{ 7627 struct mgmt_cp_add_device *cp = data; 7628 u8 auto_conn, addr_type; 7629 struct hci_conn_params *params; 7630 int err; 7631 u32 current_flags = 0; 7632 u32 supported_flags; 7633 7634 bt_dev_dbg(hdev, "sock %p", sk); 7635 7636 if (!bdaddr_type_is_valid(cp->addr.type) || 7637 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 7638 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7639 MGMT_STATUS_INVALID_PARAMS, 7640 &cp->addr, sizeof(cp->addr)); 7641 7642 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 7643 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7644 MGMT_STATUS_INVALID_PARAMS, 7645 &cp->addr, sizeof(cp->addr)); 7646 7647 hci_dev_lock(hdev); 7648 7649 if (cp->addr.type == BDADDR_BREDR) { 7650 /* Only incoming connections action is supported for now */ 7651 if (cp->action != 0x01) { 7652 err = mgmt_cmd_complete(sk, hdev->id, 7653 MGMT_OP_ADD_DEVICE, 7654 MGMT_STATUS_INVALID_PARAMS, 7655 &cp->addr, sizeof(cp->addr)); 7656 goto unlock; 7657 } 7658 7659 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list, 7660 &cp->addr.bdaddr, 7661 cp->addr.type, 0); 7662 if (err) 7663 goto unlock; 7664 7665 hci_update_scan(hdev); 7666 7667 goto added; 7668 } 7669 7670 addr_type = le_addr_type(cp->addr.type); 7671 7672 if (cp->action == 0x02) 7673 auto_conn = HCI_AUTO_CONN_ALWAYS; 7674 else if (cp->action == 0x01) 7675 auto_conn = HCI_AUTO_CONN_DIRECT; 7676 else 7677 auto_conn = HCI_AUTO_CONN_REPORT; 7678 7679 /* Kernel internally uses conn_params with resolvable private 7680 * address, but Add Device allows only identity addresses. 7681 * Make sure it is enforced before calling 7682 * hci_conn_params_lookup. 7683 */ 7684 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7685 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7686 MGMT_STATUS_INVALID_PARAMS, 7687 &cp->addr, sizeof(cp->addr)); 7688 goto unlock; 7689 } 7690 7691 /* If the connection parameters don't exist for this device, 7692 * they will be created and configured with defaults. 7693 */ 7694 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7695 auto_conn) < 0) { 7696 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7697 MGMT_STATUS_FAILED, &cp->addr, 7698 sizeof(cp->addr)); 7699 goto unlock; 7700 } else { 7701 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7702 addr_type); 7703 if (params) 7704 current_flags = params->flags; 7705 } 7706 7707 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL); 7708 if (err < 0) 7709 goto unlock; 7710 7711added: 7712 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 7713 supported_flags = hdev->conn_flags; 7714 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 7715 supported_flags, current_flags); 7716 7717 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7718 MGMT_STATUS_SUCCESS, &cp->addr, 7719 sizeof(cp->addr)); 7720 7721unlock: 7722 hci_dev_unlock(hdev); 7723 return err; 7724} 7725 7726static void device_removed(struct sock *sk, struct hci_dev *hdev, 7727 bdaddr_t *bdaddr, u8 type) 7728{ 7729 struct mgmt_ev_device_removed ev; 7730 7731 bacpy(&ev.addr.bdaddr, bdaddr); 7732 ev.addr.type = type; 7733 7734 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 7735} 7736 7737static int remove_device_sync(struct hci_dev *hdev, void *data) 7738{ 7739 return hci_update_passive_scan_sync(hdev); 7740} 7741 7742static int remove_device(struct sock *sk, struct hci_dev *hdev, 7743 void *data, u16 len) 7744{ 7745 struct mgmt_cp_remove_device *cp = data; 7746 int err; 7747 7748 bt_dev_dbg(hdev, "sock %p", sk); 7749 7750 hci_dev_lock(hdev); 7751 7752 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7753 struct hci_conn_params *params; 7754 u8 addr_type; 7755 7756 if (!bdaddr_type_is_valid(cp->addr.type)) { 7757 err = mgmt_cmd_complete(sk, hdev->id, 7758 MGMT_OP_REMOVE_DEVICE, 7759 MGMT_STATUS_INVALID_PARAMS, 7760 &cp->addr, sizeof(cp->addr)); 7761 goto unlock; 7762 } 7763 7764 if (cp->addr.type == BDADDR_BREDR) { 7765 err = hci_bdaddr_list_del(&hdev->accept_list, 7766 &cp->addr.bdaddr, 7767 cp->addr.type); 7768 if (err) { 7769 err = mgmt_cmd_complete(sk, hdev->id, 7770 MGMT_OP_REMOVE_DEVICE, 7771 MGMT_STATUS_INVALID_PARAMS, 7772 &cp->addr, 7773 sizeof(cp->addr)); 7774 goto unlock; 7775 } 7776 7777 hci_update_scan(hdev); 7778 7779 device_removed(sk, hdev, &cp->addr.bdaddr, 7780 cp->addr.type); 7781 goto complete; 7782 } 7783 7784 addr_type = le_addr_type(cp->addr.type); 7785 7786 /* Kernel internally uses conn_params with resolvable private 7787 * address, but Remove Device allows only identity addresses. 7788 * Make sure it is enforced before calling 7789 * hci_conn_params_lookup. 7790 */ 7791 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7792 err = mgmt_cmd_complete(sk, hdev->id, 7793 MGMT_OP_REMOVE_DEVICE, 7794 MGMT_STATUS_INVALID_PARAMS, 7795 &cp->addr, sizeof(cp->addr)); 7796 goto unlock; 7797 } 7798 7799 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7800 addr_type); 7801 if (!params) { 7802 err = mgmt_cmd_complete(sk, hdev->id, 7803 MGMT_OP_REMOVE_DEVICE, 7804 MGMT_STATUS_INVALID_PARAMS, 7805 &cp->addr, sizeof(cp->addr)); 7806 goto unlock; 7807 } 7808 7809 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 7810 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 7811 err = mgmt_cmd_complete(sk, hdev->id, 7812 MGMT_OP_REMOVE_DEVICE, 7813 MGMT_STATUS_INVALID_PARAMS, 7814 &cp->addr, sizeof(cp->addr)); 7815 goto unlock; 7816 } 7817 7818 list_del(&params->action); 7819 list_del(&params->list); 7820 kfree(params); 7821 7822 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 7823 } else { 7824 struct hci_conn_params *p, *tmp; 7825 struct bdaddr_list *b, *btmp; 7826 7827 if (cp->addr.type) { 7828 err = mgmt_cmd_complete(sk, hdev->id, 7829 MGMT_OP_REMOVE_DEVICE, 7830 MGMT_STATUS_INVALID_PARAMS, 7831 &cp->addr, sizeof(cp->addr)); 7832 goto unlock; 7833 } 7834 7835 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) { 7836 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 7837 list_del(&b->list); 7838 kfree(b); 7839 } 7840 7841 hci_update_scan(hdev); 7842 7843 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 7844 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 7845 continue; 7846 device_removed(sk, hdev, &p->addr, p->addr_type); 7847 if (p->explicit_connect) { 7848 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 7849 continue; 7850 } 7851 list_del(&p->action); 7852 list_del(&p->list); 7853 kfree(p); 7854 } 7855 7856 bt_dev_dbg(hdev, "All LE connection parameters were removed"); 7857 } 7858 7859 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL); 7860 7861complete: 7862 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 7863 MGMT_STATUS_SUCCESS, &cp->addr, 7864 sizeof(cp->addr)); 7865unlock: 7866 hci_dev_unlock(hdev); 7867 return err; 7868} 7869 7870static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 7871 u16 len) 7872{ 7873 struct mgmt_cp_load_conn_param *cp = data; 7874 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 7875 sizeof(struct mgmt_conn_param)); 7876 u16 param_count, expected_len; 7877 int i; 7878 7879 if (!lmp_le_capable(hdev)) 7880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7881 MGMT_STATUS_NOT_SUPPORTED); 7882 7883 param_count = __le16_to_cpu(cp->param_count); 7884 if (param_count > max_param_count) { 7885 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 7886 param_count); 7887 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7888 MGMT_STATUS_INVALID_PARAMS); 7889 } 7890 7891 expected_len = struct_size(cp, params, param_count); 7892 if (expected_len != len) { 7893 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 7894 expected_len, len); 7895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7896 MGMT_STATUS_INVALID_PARAMS); 7897 } 7898 7899 bt_dev_dbg(hdev, "param_count %u", param_count); 7900 7901 hci_dev_lock(hdev); 7902 7903 hci_conn_params_clear_disabled(hdev); 7904 7905 for (i = 0; i < param_count; i++) { 7906 struct mgmt_conn_param *param = &cp->params[i]; 7907 struct hci_conn_params *hci_param; 7908 u16 min, max, latency, timeout; 7909 u8 addr_type; 7910 7911 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr, 7912 param->addr.type); 7913 7914 if (param->addr.type == BDADDR_LE_PUBLIC) { 7915 addr_type = ADDR_LE_DEV_PUBLIC; 7916 } else if (param->addr.type == BDADDR_LE_RANDOM) { 7917 addr_type = ADDR_LE_DEV_RANDOM; 7918 } else { 7919 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7920 continue; 7921 } 7922 7923 min = le16_to_cpu(param->min_interval); 7924 max = le16_to_cpu(param->max_interval); 7925 latency = le16_to_cpu(param->latency); 7926 timeout = le16_to_cpu(param->timeout); 7927 7928 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 7929 min, max, latency, timeout); 7930 7931 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 7932 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7933 continue; 7934 } 7935 7936 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr, 7937 addr_type); 7938 if (!hci_param) { 7939 bt_dev_err(hdev, "failed to add connection parameters"); 7940 continue; 7941 } 7942 7943 hci_param->conn_min_interval = min; 7944 hci_param->conn_max_interval = max; 7945 hci_param->conn_latency = latency; 7946 hci_param->supervision_timeout = timeout; 7947 } 7948 7949 hci_dev_unlock(hdev); 7950 7951 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 7952 NULL, 0); 7953} 7954 7955static int set_external_config(struct sock *sk, struct hci_dev *hdev, 7956 void *data, u16 len) 7957{ 7958 struct mgmt_cp_set_external_config *cp = data; 7959 bool changed; 7960 int err; 7961 7962 bt_dev_dbg(hdev, "sock %p", sk); 7963 7964 if (hdev_is_powered(hdev)) 7965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7966 MGMT_STATUS_REJECTED); 7967 7968 if (cp->config != 0x00 && cp->config != 0x01) 7969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7970 MGMT_STATUS_INVALID_PARAMS); 7971 7972 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 7973 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7974 MGMT_STATUS_NOT_SUPPORTED); 7975 7976 hci_dev_lock(hdev); 7977 7978 if (cp->config) 7979 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 7980 else 7981 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 7982 7983 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 7984 if (err < 0) 7985 goto unlock; 7986 7987 if (!changed) 7988 goto unlock; 7989 7990 err = new_options(hdev, sk); 7991 7992 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 7993 mgmt_index_removed(hdev); 7994 7995 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 7996 hci_dev_set_flag(hdev, HCI_CONFIG); 7997 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 7998 7999 queue_work(hdev->req_workqueue, &hdev->power_on); 8000 } else { 8001 set_bit(HCI_RAW, &hdev->flags); 8002 mgmt_index_added(hdev); 8003 } 8004 } 8005 8006unlock: 8007 hci_dev_unlock(hdev); 8008 return err; 8009} 8010 8011static int set_public_address(struct sock *sk, struct hci_dev *hdev, 8012 void *data, u16 len) 8013{ 8014 struct mgmt_cp_set_public_address *cp = data; 8015 bool changed; 8016 int err; 8017 8018 bt_dev_dbg(hdev, "sock %p", sk); 8019 8020 if (hdev_is_powered(hdev)) 8021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8022 MGMT_STATUS_REJECTED); 8023 8024 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 8025 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8026 MGMT_STATUS_INVALID_PARAMS); 8027 8028 if (!hdev->set_bdaddr) 8029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8030 MGMT_STATUS_NOT_SUPPORTED); 8031 8032 hci_dev_lock(hdev); 8033 8034 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 8035 bacpy(&hdev->public_addr, &cp->bdaddr); 8036 8037 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 8038 if (err < 0) 8039 goto unlock; 8040 8041 if (!changed) 8042 goto unlock; 8043 8044 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 8045 err = new_options(hdev, sk); 8046 8047 if (is_configured(hdev)) { 8048 mgmt_index_removed(hdev); 8049 8050 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 8051 8052 hci_dev_set_flag(hdev, HCI_CONFIG); 8053 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 8054 8055 queue_work(hdev->req_workqueue, &hdev->power_on); 8056 } 8057 8058unlock: 8059 hci_dev_unlock(hdev); 8060 return err; 8061} 8062 8063static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data, 8064 int err) 8065{ 8066 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 8067 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 8068 u8 *h192, *r192, *h256, *r256; 8069 struct mgmt_pending_cmd *cmd = data; 8070 struct sk_buff *skb = cmd->skb; 8071 u8 status = mgmt_status(err); 8072 u16 eir_len; 8073 8074 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev)) 8075 return; 8076 8077 if (!status) { 8078 if (!skb) 8079 status = MGMT_STATUS_FAILED; 8080 else if (IS_ERR(skb)) 8081 status = mgmt_status(PTR_ERR(skb)); 8082 else 8083 status = mgmt_status(skb->data[0]); 8084 } 8085 8086 bt_dev_dbg(hdev, "status %u", status); 8087 8088 mgmt_cp = cmd->param; 8089 8090 if (status) { 8091 status = mgmt_status(status); 8092 eir_len = 0; 8093 8094 h192 = NULL; 8095 r192 = NULL; 8096 h256 = NULL; 8097 r256 = NULL; 8098 } else if (!bredr_sc_enabled(hdev)) { 8099 struct hci_rp_read_local_oob_data *rp; 8100 8101 if (skb->len != sizeof(*rp)) { 8102 status = MGMT_STATUS_FAILED; 8103 eir_len = 0; 8104 } else { 8105 status = MGMT_STATUS_SUCCESS; 8106 rp = (void *)skb->data; 8107 8108 eir_len = 5 + 18 + 18; 8109 h192 = rp->hash; 8110 r192 = rp->rand; 8111 h256 = NULL; 8112 r256 = NULL; 8113 } 8114 } else { 8115 struct hci_rp_read_local_oob_ext_data *rp; 8116 8117 if (skb->len != sizeof(*rp)) { 8118 status = MGMT_STATUS_FAILED; 8119 eir_len = 0; 8120 } else { 8121 status = MGMT_STATUS_SUCCESS; 8122 rp = (void *)skb->data; 8123 8124 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 8125 eir_len = 5 + 18 + 18; 8126 h192 = NULL; 8127 r192 = NULL; 8128 } else { 8129 eir_len = 5 + 18 + 18 + 18 + 18; 8130 h192 = rp->hash192; 8131 r192 = rp->rand192; 8132 } 8133 8134 h256 = rp->hash256; 8135 r256 = rp->rand256; 8136 } 8137 } 8138 8139 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 8140 if (!mgmt_rp) 8141 goto done; 8142 8143 if (eir_len == 0) 8144 goto send_rsp; 8145 8146 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 8147 hdev->dev_class, 3); 8148 8149 if (h192 && r192) { 8150 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8151 EIR_SSP_HASH_C192, h192, 16); 8152 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8153 EIR_SSP_RAND_R192, r192, 16); 8154 } 8155 8156 if (h256 && r256) { 8157 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8158 EIR_SSP_HASH_C256, h256, 16); 8159 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8160 EIR_SSP_RAND_R256, r256, 16); 8161 } 8162 8163send_rsp: 8164 mgmt_rp->type = mgmt_cp->type; 8165 mgmt_rp->eir_len = cpu_to_le16(eir_len); 8166 8167 err = mgmt_cmd_complete(cmd->sk, hdev->id, 8168 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 8169 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 8170 if (err < 0 || status) 8171 goto done; 8172 8173 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 8174 8175 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8176 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 8177 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 8178done: 8179 if (skb && !IS_ERR(skb)) 8180 kfree_skb(skb); 8181 8182 kfree(mgmt_rp); 8183 mgmt_pending_remove(cmd); 8184} 8185 8186static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 8187 struct mgmt_cp_read_local_oob_ext_data *cp) 8188{ 8189 struct mgmt_pending_cmd *cmd; 8190 int err; 8191 8192 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 8193 cp, sizeof(*cp)); 8194 if (!cmd) 8195 return -ENOMEM; 8196 8197 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 8198 read_local_oob_ext_data_complete); 8199 8200 if (err < 0) { 8201 mgmt_pending_remove(cmd); 8202 return err; 8203 } 8204 8205 return 0; 8206} 8207 8208static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 8209 void *data, u16 data_len) 8210{ 8211 struct mgmt_cp_read_local_oob_ext_data *cp = data; 8212 struct mgmt_rp_read_local_oob_ext_data *rp; 8213 size_t rp_len; 8214 u16 eir_len; 8215 u8 status, flags, role, addr[7], hash[16], rand[16]; 8216 int err; 8217 8218 bt_dev_dbg(hdev, "sock %p", sk); 8219 8220 if (hdev_is_powered(hdev)) { 8221 switch (cp->type) { 8222 case BIT(BDADDR_BREDR): 8223 status = mgmt_bredr_support(hdev); 8224 if (status) 8225 eir_len = 0; 8226 else 8227 eir_len = 5; 8228 break; 8229 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8230 status = mgmt_le_support(hdev); 8231 if (status) 8232 eir_len = 0; 8233 else 8234 eir_len = 9 + 3 + 18 + 18 + 3; 8235 break; 8236 default: 8237 status = MGMT_STATUS_INVALID_PARAMS; 8238 eir_len = 0; 8239 break; 8240 } 8241 } else { 8242 status = MGMT_STATUS_NOT_POWERED; 8243 eir_len = 0; 8244 } 8245 8246 rp_len = sizeof(*rp) + eir_len; 8247 rp = kmalloc(rp_len, GFP_ATOMIC); 8248 if (!rp) 8249 return -ENOMEM; 8250 8251 if (!status && !lmp_ssp_capable(hdev)) { 8252 status = MGMT_STATUS_NOT_SUPPORTED; 8253 eir_len = 0; 8254 } 8255 8256 if (status) 8257 goto complete; 8258 8259 hci_dev_lock(hdev); 8260 8261 eir_len = 0; 8262 switch (cp->type) { 8263 case BIT(BDADDR_BREDR): 8264 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 8265 err = read_local_ssp_oob_req(hdev, sk, cp); 8266 hci_dev_unlock(hdev); 8267 if (!err) 8268 goto done; 8269 8270 status = MGMT_STATUS_FAILED; 8271 goto complete; 8272 } else { 8273 eir_len = eir_append_data(rp->eir, eir_len, 8274 EIR_CLASS_OF_DEV, 8275 hdev->dev_class, 3); 8276 } 8277 break; 8278 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8279 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 8280 smp_generate_oob(hdev, hash, rand) < 0) { 8281 hci_dev_unlock(hdev); 8282 status = MGMT_STATUS_FAILED; 8283 goto complete; 8284 } 8285 8286 /* This should return the active RPA, but since the RPA 8287 * is only programmed on demand, it is really hard to fill 8288 * this in at the moment. For now disallow retrieving 8289 * local out-of-band data when privacy is in use. 8290 * 8291 * Returning the identity address will not help here since 8292 * pairing happens before the identity resolving key is 8293 * known and thus the connection establishment happens 8294 * based on the RPA and not the identity address. 8295 */ 8296 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 8297 hci_dev_unlock(hdev); 8298 status = MGMT_STATUS_REJECTED; 8299 goto complete; 8300 } 8301 8302 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 8303 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 8304 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 8305 bacmp(&hdev->static_addr, BDADDR_ANY))) { 8306 memcpy(addr, &hdev->static_addr, 6); 8307 addr[6] = 0x01; 8308 } else { 8309 memcpy(addr, &hdev->bdaddr, 6); 8310 addr[6] = 0x00; 8311 } 8312 8313 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 8314 addr, sizeof(addr)); 8315 8316 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 8317 role = 0x02; 8318 else 8319 role = 0x01; 8320 8321 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 8322 &role, sizeof(role)); 8323 8324 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 8325 eir_len = eir_append_data(rp->eir, eir_len, 8326 EIR_LE_SC_CONFIRM, 8327 hash, sizeof(hash)); 8328 8329 eir_len = eir_append_data(rp->eir, eir_len, 8330 EIR_LE_SC_RANDOM, 8331 rand, sizeof(rand)); 8332 } 8333 8334 flags = mgmt_get_adv_discov_flags(hdev); 8335 8336 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 8337 flags |= LE_AD_NO_BREDR; 8338 8339 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 8340 &flags, sizeof(flags)); 8341 break; 8342 } 8343 8344 hci_dev_unlock(hdev); 8345 8346 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 8347 8348 status = MGMT_STATUS_SUCCESS; 8349 8350complete: 8351 rp->type = cp->type; 8352 rp->eir_len = cpu_to_le16(eir_len); 8353 8354 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 8355 status, rp, sizeof(*rp) + eir_len); 8356 if (err < 0 || status) 8357 goto done; 8358 8359 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8360 rp, sizeof(*rp) + eir_len, 8361 HCI_MGMT_OOB_DATA_EVENTS, sk); 8362 8363done: 8364 kfree(rp); 8365 8366 return err; 8367} 8368 8369static u32 get_supported_adv_flags(struct hci_dev *hdev) 8370{ 8371 u32 flags = 0; 8372 8373 flags |= MGMT_ADV_FLAG_CONNECTABLE; 8374 flags |= MGMT_ADV_FLAG_DISCOV; 8375 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 8376 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 8377 flags |= MGMT_ADV_FLAG_APPEARANCE; 8378 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 8379 flags |= MGMT_ADV_PARAM_DURATION; 8380 flags |= MGMT_ADV_PARAM_TIMEOUT; 8381 flags |= MGMT_ADV_PARAM_INTERVALS; 8382 flags |= MGMT_ADV_PARAM_TX_POWER; 8383 flags |= MGMT_ADV_PARAM_SCAN_RSP; 8384 8385 /* In extended adv TX_POWER returned from Set Adv Param 8386 * will be always valid. 8387 */ 8388 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev)) 8389 flags |= MGMT_ADV_FLAG_TX_POWER; 8390 8391 if (ext_adv_capable(hdev)) { 8392 flags |= MGMT_ADV_FLAG_SEC_1M; 8393 flags |= MGMT_ADV_FLAG_HW_OFFLOAD; 8394 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER; 8395 8396 if (hdev->le_features[1] & HCI_LE_PHY_2M) 8397 flags |= MGMT_ADV_FLAG_SEC_2M; 8398 8399 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 8400 flags |= MGMT_ADV_FLAG_SEC_CODED; 8401 } 8402 8403 return flags; 8404} 8405 8406static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 8407 void *data, u16 data_len) 8408{ 8409 struct mgmt_rp_read_adv_features *rp; 8410 size_t rp_len; 8411 int err; 8412 struct adv_info *adv_instance; 8413 u32 supported_flags; 8414 u8 *instance; 8415 8416 bt_dev_dbg(hdev, "sock %p", sk); 8417 8418 if (!lmp_le_capable(hdev)) 8419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8420 MGMT_STATUS_REJECTED); 8421 8422 hci_dev_lock(hdev); 8423 8424 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 8425 rp = kmalloc(rp_len, GFP_ATOMIC); 8426 if (!rp) { 8427 hci_dev_unlock(hdev); 8428 return -ENOMEM; 8429 } 8430 8431 supported_flags = get_supported_adv_flags(hdev); 8432 8433 rp->supported_flags = cpu_to_le32(supported_flags); 8434 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 8435 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 8436 rp->max_instances = hdev->le_num_of_adv_sets; 8437 rp->num_instances = hdev->adv_instance_cnt; 8438 8439 instance = rp->instance; 8440 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 8441 /* Only instances 1-le_num_of_adv_sets are externally visible */ 8442 if (adv_instance->instance <= hdev->adv_instance_cnt) { 8443 *instance = adv_instance->instance; 8444 instance++; 8445 } else { 8446 rp->num_instances--; 8447 rp_len--; 8448 } 8449 } 8450 8451 hci_dev_unlock(hdev); 8452 8453 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8454 MGMT_STATUS_SUCCESS, rp, rp_len); 8455 8456 kfree(rp); 8457 8458 return err; 8459} 8460 8461static u8 calculate_name_len(struct hci_dev *hdev) 8462{ 8463 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 8464 8465 return eir_append_local_name(hdev, buf, 0); 8466} 8467 8468static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 8469 bool is_adv_data) 8470{ 8471 u8 max_len = HCI_MAX_AD_LENGTH; 8472 8473 if (is_adv_data) { 8474 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 8475 MGMT_ADV_FLAG_LIMITED_DISCOV | 8476 MGMT_ADV_FLAG_MANAGED_FLAGS)) 8477 max_len -= 3; 8478 8479 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 8480 max_len -= 3; 8481 } else { 8482 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 8483 max_len -= calculate_name_len(hdev); 8484 8485 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 8486 max_len -= 4; 8487 } 8488 8489 return max_len; 8490} 8491 8492static bool flags_managed(u32 adv_flags) 8493{ 8494 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 8495 MGMT_ADV_FLAG_LIMITED_DISCOV | 8496 MGMT_ADV_FLAG_MANAGED_FLAGS); 8497} 8498 8499static bool tx_power_managed(u32 adv_flags) 8500{ 8501 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 8502} 8503 8504static bool name_managed(u32 adv_flags) 8505{ 8506 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 8507} 8508 8509static bool appearance_managed(u32 adv_flags) 8510{ 8511 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 8512} 8513 8514static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 8515 u8 len, bool is_adv_data) 8516{ 8517 int i, cur_len; 8518 u8 max_len; 8519 8520 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 8521 8522 if (len > max_len) 8523 return false; 8524 8525 /* Make sure that the data is correctly formatted. */ 8526 for (i = 0; i < len; i += (cur_len + 1)) { 8527 cur_len = data[i]; 8528 8529 if (!cur_len) 8530 continue; 8531 8532 if (data[i + 1] == EIR_FLAGS && 8533 (!is_adv_data || flags_managed(adv_flags))) 8534 return false; 8535 8536 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 8537 return false; 8538 8539 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 8540 return false; 8541 8542 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 8543 return false; 8544 8545 if (data[i + 1] == EIR_APPEARANCE && 8546 appearance_managed(adv_flags)) 8547 return false; 8548 8549 /* If the current field length would exceed the total data 8550 * length, then it's invalid. 8551 */ 8552 if (i + cur_len >= len) 8553 return false; 8554 } 8555 8556 return true; 8557} 8558 8559static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags) 8560{ 8561 u32 supported_flags, phy_flags; 8562 8563 /* The current implementation only supports a subset of the specified 8564 * flags. Also need to check mutual exclusiveness of sec flags. 8565 */ 8566 supported_flags = get_supported_adv_flags(hdev); 8567 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK; 8568 if (adv_flags & ~supported_flags || 8569 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 8570 return false; 8571 8572 return true; 8573} 8574 8575static bool adv_busy(struct hci_dev *hdev) 8576{ 8577 return pending_find(MGMT_OP_SET_LE, hdev); 8578} 8579 8580static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance, 8581 int err) 8582{ 8583 struct adv_info *adv, *n; 8584 8585 bt_dev_dbg(hdev, "err %d", err); 8586 8587 hci_dev_lock(hdev); 8588 8589 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { 8590 u8 instance; 8591 8592 if (!adv->pending) 8593 continue; 8594 8595 if (!err) { 8596 adv->pending = false; 8597 continue; 8598 } 8599 8600 instance = adv->instance; 8601 8602 if (hdev->cur_adv_instance == instance) 8603 cancel_adv_timeout(hdev); 8604 8605 hci_remove_adv_instance(hdev, instance); 8606 mgmt_advertising_removed(sk, hdev, instance); 8607 } 8608 8609 hci_dev_unlock(hdev); 8610} 8611 8612static void add_advertising_complete(struct hci_dev *hdev, void *data, int err) 8613{ 8614 struct mgmt_pending_cmd *cmd = data; 8615 struct mgmt_cp_add_advertising *cp = cmd->param; 8616 struct mgmt_rp_add_advertising rp; 8617 8618 memset(&rp, 0, sizeof(rp)); 8619 8620 rp.instance = cp->instance; 8621 8622 if (err) 8623 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8624 mgmt_status(err)); 8625 else 8626 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8627 mgmt_status(err), &rp, sizeof(rp)); 8628 8629 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8630 8631 mgmt_pending_free(cmd); 8632} 8633 8634static int add_advertising_sync(struct hci_dev *hdev, void *data) 8635{ 8636 struct mgmt_pending_cmd *cmd = data; 8637 struct mgmt_cp_add_advertising *cp = cmd->param; 8638 8639 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8640} 8641 8642static int add_advertising(struct sock *sk, struct hci_dev *hdev, 8643 void *data, u16 data_len) 8644{ 8645 struct mgmt_cp_add_advertising *cp = data; 8646 struct mgmt_rp_add_advertising rp; 8647 u32 flags; 8648 u8 status; 8649 u16 timeout, duration; 8650 unsigned int prev_instance_cnt; 8651 u8 schedule_instance = 0; 8652 struct adv_info *adv, *next_instance; 8653 int err; 8654 struct mgmt_pending_cmd *cmd; 8655 8656 bt_dev_dbg(hdev, "sock %p", sk); 8657 8658 status = mgmt_le_support(hdev); 8659 if (status) 8660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8661 status); 8662 8663 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8665 MGMT_STATUS_INVALID_PARAMS); 8666 8667 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 8668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8669 MGMT_STATUS_INVALID_PARAMS); 8670 8671 flags = __le32_to_cpu(cp->flags); 8672 timeout = __le16_to_cpu(cp->timeout); 8673 duration = __le16_to_cpu(cp->duration); 8674 8675 if (!requested_adv_flags_are_valid(hdev, flags)) 8676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8677 MGMT_STATUS_INVALID_PARAMS); 8678 8679 hci_dev_lock(hdev); 8680 8681 if (timeout && !hdev_is_powered(hdev)) { 8682 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8683 MGMT_STATUS_REJECTED); 8684 goto unlock; 8685 } 8686 8687 if (adv_busy(hdev)) { 8688 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8689 MGMT_STATUS_BUSY); 8690 goto unlock; 8691 } 8692 8693 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 8694 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 8695 cp->scan_rsp_len, false)) { 8696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8697 MGMT_STATUS_INVALID_PARAMS); 8698 goto unlock; 8699 } 8700 8701 prev_instance_cnt = hdev->adv_instance_cnt; 8702 8703 adv = hci_add_adv_instance(hdev, cp->instance, flags, 8704 cp->adv_data_len, cp->data, 8705 cp->scan_rsp_len, 8706 cp->data + cp->adv_data_len, 8707 timeout, duration, 8708 HCI_ADV_TX_POWER_NO_PREFERENCE, 8709 hdev->le_adv_min_interval, 8710 hdev->le_adv_max_interval, 0); 8711 if (IS_ERR(adv)) { 8712 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8713 MGMT_STATUS_FAILED); 8714 goto unlock; 8715 } 8716 8717 /* Only trigger an advertising added event if a new instance was 8718 * actually added. 8719 */ 8720 if (hdev->adv_instance_cnt > prev_instance_cnt) 8721 mgmt_advertising_added(sk, hdev, cp->instance); 8722 8723 if (hdev->cur_adv_instance == cp->instance) { 8724 /* If the currently advertised instance is being changed then 8725 * cancel the current advertising and schedule the next 8726 * instance. If there is only one instance then the overridden 8727 * advertising data will be visible right away. 8728 */ 8729 cancel_adv_timeout(hdev); 8730 8731 next_instance = hci_get_next_instance(hdev, cp->instance); 8732 if (next_instance) 8733 schedule_instance = next_instance->instance; 8734 } else if (!hdev->adv_instance_timeout) { 8735 /* Immediately advertise the new instance if no other 8736 * instance is currently being advertised. 8737 */ 8738 schedule_instance = cp->instance; 8739 } 8740 8741 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 8742 * there is no instance to be advertised then we have no HCI 8743 * communication to make. Simply return. 8744 */ 8745 if (!hdev_is_powered(hdev) || 8746 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 8747 !schedule_instance) { 8748 rp.instance = cp->instance; 8749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8750 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8751 goto unlock; 8752 } 8753 8754 /* We're good to go, update advertising data, parameters, and start 8755 * advertising. 8756 */ 8757 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 8758 data_len); 8759 if (!cmd) { 8760 err = -ENOMEM; 8761 goto unlock; 8762 } 8763 8764 cp->instance = schedule_instance; 8765 8766 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd, 8767 add_advertising_complete); 8768 if (err < 0) 8769 mgmt_pending_free(cmd); 8770 8771unlock: 8772 hci_dev_unlock(hdev); 8773 8774 return err; 8775} 8776 8777static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data, 8778 int err) 8779{ 8780 struct mgmt_pending_cmd *cmd = data; 8781 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8782 struct mgmt_rp_add_ext_adv_params rp; 8783 struct adv_info *adv; 8784 u32 flags; 8785 8786 BT_DBG("%s", hdev->name); 8787 8788 hci_dev_lock(hdev); 8789 8790 adv = hci_find_adv_instance(hdev, cp->instance); 8791 if (!adv) 8792 goto unlock; 8793 8794 rp.instance = cp->instance; 8795 rp.tx_power = adv->tx_power; 8796 8797 /* While we're at it, inform userspace of the available space for this 8798 * advertisement, given the flags that will be used. 8799 */ 8800 flags = __le32_to_cpu(cp->flags); 8801 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8802 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8803 8804 if (err) { 8805 /* If this advertisement was previously advertising and we 8806 * failed to update it, we signal that it has been removed and 8807 * delete its structure 8808 */ 8809 if (!adv->pending) 8810 mgmt_advertising_removed(cmd->sk, hdev, cp->instance); 8811 8812 hci_remove_adv_instance(hdev, cp->instance); 8813 8814 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8815 mgmt_status(err)); 8816 } else { 8817 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8818 mgmt_status(err), &rp, sizeof(rp)); 8819 } 8820 8821unlock: 8822 if (cmd) 8823 mgmt_pending_free(cmd); 8824 8825 hci_dev_unlock(hdev); 8826} 8827 8828static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data) 8829{ 8830 struct mgmt_pending_cmd *cmd = data; 8831 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8832 8833 return hci_setup_ext_adv_instance_sync(hdev, cp->instance); 8834} 8835 8836static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev, 8837 void *data, u16 data_len) 8838{ 8839 struct mgmt_cp_add_ext_adv_params *cp = data; 8840 struct mgmt_rp_add_ext_adv_params rp; 8841 struct mgmt_pending_cmd *cmd = NULL; 8842 struct adv_info *adv; 8843 u32 flags, min_interval, max_interval; 8844 u16 timeout, duration; 8845 u8 status; 8846 s8 tx_power; 8847 int err; 8848 8849 BT_DBG("%s", hdev->name); 8850 8851 status = mgmt_le_support(hdev); 8852 if (status) 8853 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8854 status); 8855 8856 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8858 MGMT_STATUS_INVALID_PARAMS); 8859 8860 /* The purpose of breaking add_advertising into two separate MGMT calls 8861 * for params and data is to allow more parameters to be added to this 8862 * structure in the future. For this reason, we verify that we have the 8863 * bare minimum structure we know of when the interface was defined. Any 8864 * extra parameters we don't know about will be ignored in this request. 8865 */ 8866 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE) 8867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8868 MGMT_STATUS_INVALID_PARAMS); 8869 8870 flags = __le32_to_cpu(cp->flags); 8871 8872 if (!requested_adv_flags_are_valid(hdev, flags)) 8873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8874 MGMT_STATUS_INVALID_PARAMS); 8875 8876 hci_dev_lock(hdev); 8877 8878 /* In new interface, we require that we are powered to register */ 8879 if (!hdev_is_powered(hdev)) { 8880 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8881 MGMT_STATUS_REJECTED); 8882 goto unlock; 8883 } 8884 8885 if (adv_busy(hdev)) { 8886 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8887 MGMT_STATUS_BUSY); 8888 goto unlock; 8889 } 8890 8891 /* Parse defined parameters from request, use defaults otherwise */ 8892 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ? 8893 __le16_to_cpu(cp->timeout) : 0; 8894 8895 duration = (flags & MGMT_ADV_PARAM_DURATION) ? 8896 __le16_to_cpu(cp->duration) : 8897 hdev->def_multi_adv_rotation_duration; 8898 8899 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8900 __le32_to_cpu(cp->min_interval) : 8901 hdev->le_adv_min_interval; 8902 8903 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8904 __le32_to_cpu(cp->max_interval) : 8905 hdev->le_adv_max_interval; 8906 8907 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ? 8908 cp->tx_power : 8909 HCI_ADV_TX_POWER_NO_PREFERENCE; 8910 8911 /* Create advertising instance with no advertising or response data */ 8912 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL, 8913 timeout, duration, tx_power, min_interval, 8914 max_interval, 0); 8915 8916 if (IS_ERR(adv)) { 8917 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8918 MGMT_STATUS_FAILED); 8919 goto unlock; 8920 } 8921 8922 /* Submit request for advertising params if ext adv available */ 8923 if (ext_adv_capable(hdev)) { 8924 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev, 8925 data, data_len); 8926 if (!cmd) { 8927 err = -ENOMEM; 8928 hci_remove_adv_instance(hdev, cp->instance); 8929 goto unlock; 8930 } 8931 8932 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd, 8933 add_ext_adv_params_complete); 8934 if (err < 0) 8935 mgmt_pending_free(cmd); 8936 } else { 8937 rp.instance = cp->instance; 8938 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 8939 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8940 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8941 err = mgmt_cmd_complete(sk, hdev->id, 8942 MGMT_OP_ADD_EXT_ADV_PARAMS, 8943 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8944 } 8945 8946unlock: 8947 hci_dev_unlock(hdev); 8948 8949 return err; 8950} 8951 8952static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err) 8953{ 8954 struct mgmt_pending_cmd *cmd = data; 8955 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8956 struct mgmt_rp_add_advertising rp; 8957 8958 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8959 8960 memset(&rp, 0, sizeof(rp)); 8961 8962 rp.instance = cp->instance; 8963 8964 if (err) 8965 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8966 mgmt_status(err)); 8967 else 8968 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8969 mgmt_status(err), &rp, sizeof(rp)); 8970 8971 mgmt_pending_free(cmd); 8972} 8973 8974static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data) 8975{ 8976 struct mgmt_pending_cmd *cmd = data; 8977 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8978 int err; 8979 8980 if (ext_adv_capable(hdev)) { 8981 err = hci_update_adv_data_sync(hdev, cp->instance); 8982 if (err) 8983 return err; 8984 8985 err = hci_update_scan_rsp_data_sync(hdev, cp->instance); 8986 if (err) 8987 return err; 8988 8989 return hci_enable_ext_advertising_sync(hdev, cp->instance); 8990 } 8991 8992 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8993} 8994 8995static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data, 8996 u16 data_len) 8997{ 8998 struct mgmt_cp_add_ext_adv_data *cp = data; 8999 struct mgmt_rp_add_ext_adv_data rp; 9000 u8 schedule_instance = 0; 9001 struct adv_info *next_instance; 9002 struct adv_info *adv_instance; 9003 int err = 0; 9004 struct mgmt_pending_cmd *cmd; 9005 9006 BT_DBG("%s", hdev->name); 9007 9008 hci_dev_lock(hdev); 9009 9010 adv_instance = hci_find_adv_instance(hdev, cp->instance); 9011 9012 if (!adv_instance) { 9013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9014 MGMT_STATUS_INVALID_PARAMS); 9015 goto unlock; 9016 } 9017 9018 /* In new interface, we require that we are powered to register */ 9019 if (!hdev_is_powered(hdev)) { 9020 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9021 MGMT_STATUS_REJECTED); 9022 goto clear_new_instance; 9023 } 9024 9025 if (adv_busy(hdev)) { 9026 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9027 MGMT_STATUS_BUSY); 9028 goto clear_new_instance; 9029 } 9030 9031 /* Validate new data */ 9032 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data, 9033 cp->adv_data_len, true) || 9034 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data + 9035 cp->adv_data_len, cp->scan_rsp_len, false)) { 9036 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9037 MGMT_STATUS_INVALID_PARAMS); 9038 goto clear_new_instance; 9039 } 9040 9041 /* Set the data in the advertising instance */ 9042 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len, 9043 cp->data, cp->scan_rsp_len, 9044 cp->data + cp->adv_data_len); 9045 9046 /* If using software rotation, determine next instance to use */ 9047 if (hdev->cur_adv_instance == cp->instance) { 9048 /* If the currently advertised instance is being changed 9049 * then cancel the current advertising and schedule the 9050 * next instance. If there is only one instance then the 9051 * overridden advertising data will be visible right 9052 * away 9053 */ 9054 cancel_adv_timeout(hdev); 9055 9056 next_instance = hci_get_next_instance(hdev, cp->instance); 9057 if (next_instance) 9058 schedule_instance = next_instance->instance; 9059 } else if (!hdev->adv_instance_timeout) { 9060 /* Immediately advertise the new instance if no other 9061 * instance is currently being advertised. 9062 */ 9063 schedule_instance = cp->instance; 9064 } 9065 9066 /* If the HCI_ADVERTISING flag is set or there is no instance to 9067 * be advertised then we have no HCI communication to make. 9068 * Simply return. 9069 */ 9070 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) { 9071 if (adv_instance->pending) { 9072 mgmt_advertising_added(sk, hdev, cp->instance); 9073 adv_instance->pending = false; 9074 } 9075 rp.instance = cp->instance; 9076 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9077 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9078 goto unlock; 9079 } 9080 9081 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data, 9082 data_len); 9083 if (!cmd) { 9084 err = -ENOMEM; 9085 goto clear_new_instance; 9086 } 9087 9088 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd, 9089 add_ext_adv_data_complete); 9090 if (err < 0) { 9091 mgmt_pending_free(cmd); 9092 goto clear_new_instance; 9093 } 9094 9095 /* We were successful in updating data, so trigger advertising_added 9096 * event if this is an instance that wasn't previously advertising. If 9097 * a failure occurs in the requests we initiated, we will remove the 9098 * instance again in add_advertising_complete 9099 */ 9100 if (adv_instance->pending) 9101 mgmt_advertising_added(sk, hdev, cp->instance); 9102 9103 goto unlock; 9104 9105clear_new_instance: 9106 hci_remove_adv_instance(hdev, cp->instance); 9107 9108unlock: 9109 hci_dev_unlock(hdev); 9110 9111 return err; 9112} 9113 9114static void remove_advertising_complete(struct hci_dev *hdev, void *data, 9115 int err) 9116{ 9117 struct mgmt_pending_cmd *cmd = data; 9118 struct mgmt_cp_remove_advertising *cp = cmd->param; 9119 struct mgmt_rp_remove_advertising rp; 9120 9121 bt_dev_dbg(hdev, "err %d", err); 9122 9123 memset(&rp, 0, sizeof(rp)); 9124 rp.instance = cp->instance; 9125 9126 if (err) 9127 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 9128 mgmt_status(err)); 9129 else 9130 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 9131 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9132 9133 mgmt_pending_free(cmd); 9134} 9135 9136static int remove_advertising_sync(struct hci_dev *hdev, void *data) 9137{ 9138 struct mgmt_pending_cmd *cmd = data; 9139 struct mgmt_cp_remove_advertising *cp = cmd->param; 9140 int err; 9141 9142 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true); 9143 if (err) 9144 return err; 9145 9146 if (list_empty(&hdev->adv_instances)) 9147 err = hci_disable_advertising_sync(hdev); 9148 9149 return err; 9150} 9151 9152static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 9153 void *data, u16 data_len) 9154{ 9155 struct mgmt_cp_remove_advertising *cp = data; 9156 struct mgmt_pending_cmd *cmd; 9157 int err; 9158 9159 bt_dev_dbg(hdev, "sock %p", sk); 9160 9161 hci_dev_lock(hdev); 9162 9163 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 9164 err = mgmt_cmd_status(sk, hdev->id, 9165 MGMT_OP_REMOVE_ADVERTISING, 9166 MGMT_STATUS_INVALID_PARAMS); 9167 goto unlock; 9168 } 9169 9170 if (pending_find(MGMT_OP_SET_LE, hdev)) { 9171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9172 MGMT_STATUS_BUSY); 9173 goto unlock; 9174 } 9175 9176 if (list_empty(&hdev->adv_instances)) { 9177 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9178 MGMT_STATUS_INVALID_PARAMS); 9179 goto unlock; 9180 } 9181 9182 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 9183 data_len); 9184 if (!cmd) { 9185 err = -ENOMEM; 9186 goto unlock; 9187 } 9188 9189 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd, 9190 remove_advertising_complete); 9191 if (err < 0) 9192 mgmt_pending_free(cmd); 9193 9194unlock: 9195 hci_dev_unlock(hdev); 9196 9197 return err; 9198} 9199 9200static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 9201 void *data, u16 data_len) 9202{ 9203 struct mgmt_cp_get_adv_size_info *cp = data; 9204 struct mgmt_rp_get_adv_size_info rp; 9205 u32 flags, supported_flags; 9206 9207 bt_dev_dbg(hdev, "sock %p", sk); 9208 9209 if (!lmp_le_capable(hdev)) 9210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9211 MGMT_STATUS_REJECTED); 9212 9213 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 9214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9215 MGMT_STATUS_INVALID_PARAMS); 9216 9217 flags = __le32_to_cpu(cp->flags); 9218 9219 /* The current implementation only supports a subset of the specified 9220 * flags. 9221 */ 9222 supported_flags = get_supported_adv_flags(hdev); 9223 if (flags & ~supported_flags) 9224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9225 MGMT_STATUS_INVALID_PARAMS); 9226 9227 rp.instance = cp->instance; 9228 rp.flags = cp->flags; 9229 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 9230 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 9231 9232 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9233 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9234} 9235 9236static const struct hci_mgmt_handler mgmt_handlers[] = { 9237 { NULL }, /* 0x0000 (no command) */ 9238 { read_version, MGMT_READ_VERSION_SIZE, 9239 HCI_MGMT_NO_HDEV | 9240 HCI_MGMT_UNTRUSTED }, 9241 { read_commands, MGMT_READ_COMMANDS_SIZE, 9242 HCI_MGMT_NO_HDEV | 9243 HCI_MGMT_UNTRUSTED }, 9244 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 9245 HCI_MGMT_NO_HDEV | 9246 HCI_MGMT_UNTRUSTED }, 9247 { read_controller_info, MGMT_READ_INFO_SIZE, 9248 HCI_MGMT_UNTRUSTED }, 9249 { set_powered, MGMT_SETTING_SIZE }, 9250 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 9251 { set_connectable, MGMT_SETTING_SIZE }, 9252 { set_fast_connectable, MGMT_SETTING_SIZE }, 9253 { set_bondable, MGMT_SETTING_SIZE }, 9254 { set_link_security, MGMT_SETTING_SIZE }, 9255 { set_ssp, MGMT_SETTING_SIZE }, 9256 { set_hs, MGMT_SETTING_SIZE }, 9257 { set_le, MGMT_SETTING_SIZE }, 9258 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 9259 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 9260 { add_uuid, MGMT_ADD_UUID_SIZE }, 9261 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 9262 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 9263 HCI_MGMT_VAR_LEN }, 9264 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 9265 HCI_MGMT_VAR_LEN }, 9266 { disconnect, MGMT_DISCONNECT_SIZE }, 9267 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 9268 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 9269 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 9270 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 9271 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 9272 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 9273 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 9274 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 9275 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 9276 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 9277 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 9278 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 9279 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 9280 HCI_MGMT_VAR_LEN }, 9281 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 9282 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 9283 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 9284 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 9285 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 9286 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 9287 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 9288 { set_advertising, MGMT_SETTING_SIZE }, 9289 { set_bredr, MGMT_SETTING_SIZE }, 9290 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 9291 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 9292 { set_secure_conn, MGMT_SETTING_SIZE }, 9293 { set_debug_keys, MGMT_SETTING_SIZE }, 9294 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 9295 { load_irks, MGMT_LOAD_IRKS_SIZE, 9296 HCI_MGMT_VAR_LEN }, 9297 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 9298 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 9299 { add_device, MGMT_ADD_DEVICE_SIZE }, 9300 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 9301 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 9302 HCI_MGMT_VAR_LEN }, 9303 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 9304 HCI_MGMT_NO_HDEV | 9305 HCI_MGMT_UNTRUSTED }, 9306 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 9307 HCI_MGMT_UNCONFIGURED | 9308 HCI_MGMT_UNTRUSTED }, 9309 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 9310 HCI_MGMT_UNCONFIGURED }, 9311 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 9312 HCI_MGMT_UNCONFIGURED }, 9313 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 9314 HCI_MGMT_VAR_LEN }, 9315 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 9316 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 9317 HCI_MGMT_NO_HDEV | 9318 HCI_MGMT_UNTRUSTED }, 9319 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 9320 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 9321 HCI_MGMT_VAR_LEN }, 9322 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 9323 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 9324 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 9325 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 9326 HCI_MGMT_UNTRUSTED }, 9327 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 9328 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 9329 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 9330 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 9331 HCI_MGMT_VAR_LEN }, 9332 { set_wideband_speech, MGMT_SETTING_SIZE }, 9333 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE, 9334 HCI_MGMT_UNTRUSTED }, 9335 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE, 9336 HCI_MGMT_UNTRUSTED | 9337 HCI_MGMT_HDEV_OPTIONAL }, 9338 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 9339 HCI_MGMT_VAR_LEN | 9340 HCI_MGMT_HDEV_OPTIONAL }, 9341 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 9342 HCI_MGMT_UNTRUSTED }, 9343 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 9344 HCI_MGMT_VAR_LEN }, 9345 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 9346 HCI_MGMT_UNTRUSTED }, 9347 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 9348 HCI_MGMT_VAR_LEN }, 9349 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 9350 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 9351 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 9352 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 9353 HCI_MGMT_VAR_LEN }, 9354 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 9355 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE, 9356 HCI_MGMT_VAR_LEN }, 9357 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE, 9358 HCI_MGMT_VAR_LEN }, 9359 { add_adv_patterns_monitor_rssi, 9360 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE, 9361 HCI_MGMT_VAR_LEN }, 9362 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE, 9363 HCI_MGMT_VAR_LEN }, 9364 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE }, 9365 { mesh_send, MGMT_MESH_SEND_SIZE, 9366 HCI_MGMT_VAR_LEN }, 9367 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE }, 9368}; 9369 9370void mgmt_index_added(struct hci_dev *hdev) 9371{ 9372 struct mgmt_ev_ext_index ev; 9373 9374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9375 return; 9376 9377 switch (hdev->dev_type) { 9378 case HCI_PRIMARY: 9379 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9380 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 9381 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 9382 ev.type = 0x01; 9383 } else { 9384 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 9385 HCI_MGMT_INDEX_EVENTS); 9386 ev.type = 0x00; 9387 } 9388 break; 9389 case HCI_AMP: 9390 ev.type = 0x02; 9391 break; 9392 default: 9393 return; 9394 } 9395 9396 ev.bus = hdev->bus; 9397 9398 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 9399 HCI_MGMT_EXT_INDEX_EVENTS); 9400} 9401 9402void mgmt_index_removed(struct hci_dev *hdev) 9403{ 9404 struct mgmt_ev_ext_index ev; 9405 u8 status = MGMT_STATUS_INVALID_INDEX; 9406 9407 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9408 return; 9409 9410 switch (hdev->dev_type) { 9411 case HCI_PRIMARY: 9412 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 9413 9414 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9415 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 9416 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 9417 ev.type = 0x01; 9418 } else { 9419 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 9420 HCI_MGMT_INDEX_EVENTS); 9421 ev.type = 0x00; 9422 } 9423 break; 9424 case HCI_AMP: 9425 ev.type = 0x02; 9426 break; 9427 default: 9428 return; 9429 } 9430 9431 ev.bus = hdev->bus; 9432 9433 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 9434 HCI_MGMT_EXT_INDEX_EVENTS); 9435 9436 /* Cancel any remaining timed work */ 9437 if (!hci_dev_test_flag(hdev, HCI_MGMT)) 9438 return; 9439 cancel_delayed_work_sync(&hdev->discov_off); 9440 cancel_delayed_work_sync(&hdev->service_cache); 9441 cancel_delayed_work_sync(&hdev->rpa_expired); 9442} 9443 9444void mgmt_power_on(struct hci_dev *hdev, int err) 9445{ 9446 struct cmd_lookup match = { NULL, hdev }; 9447 9448 bt_dev_dbg(hdev, "err %d", err); 9449 9450 hci_dev_lock(hdev); 9451 9452 if (!err) { 9453 restart_le_actions(hdev); 9454 hci_update_passive_scan(hdev); 9455 } 9456 9457 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9458 9459 new_settings(hdev, match.sk); 9460 9461 if (match.sk) 9462 sock_put(match.sk); 9463 9464 hci_dev_unlock(hdev); 9465} 9466 9467void __mgmt_power_off(struct hci_dev *hdev) 9468{ 9469 struct cmd_lookup match = { NULL, hdev }; 9470 u8 status, zero_cod[] = { 0, 0, 0 }; 9471 9472 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9473 9474 /* If the power off is because of hdev unregistration let 9475 * use the appropriate INVALID_INDEX status. Otherwise use 9476 * NOT_POWERED. We cover both scenarios here since later in 9477 * mgmt_index_removed() any hci_conn callbacks will have already 9478 * been triggered, potentially causing misleading DISCONNECTED 9479 * status responses. 9480 */ 9481 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 9482 status = MGMT_STATUS_INVALID_INDEX; 9483 else 9484 status = MGMT_STATUS_NOT_POWERED; 9485 9486 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 9487 9488 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 9489 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 9490 zero_cod, sizeof(zero_cod), 9491 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 9492 ext_info_changed(hdev, NULL); 9493 } 9494 9495 new_settings(hdev, match.sk); 9496 9497 if (match.sk) 9498 sock_put(match.sk); 9499} 9500 9501void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 9502{ 9503 struct mgmt_pending_cmd *cmd; 9504 u8 status; 9505 9506 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9507 if (!cmd) 9508 return; 9509 9510 if (err == -ERFKILL) 9511 status = MGMT_STATUS_RFKILLED; 9512 else 9513 status = MGMT_STATUS_FAILED; 9514 9515 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 9516 9517 mgmt_pending_remove(cmd); 9518} 9519 9520void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 9521 bool persistent) 9522{ 9523 struct mgmt_ev_new_link_key ev; 9524 9525 memset(&ev, 0, sizeof(ev)); 9526 9527 ev.store_hint = persistent; 9528 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9529 ev.key.addr.type = BDADDR_BREDR; 9530 ev.key.type = key->type; 9531 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 9532 ev.key.pin_len = key->pin_len; 9533 9534 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 9535} 9536 9537static u8 mgmt_ltk_type(struct smp_ltk *ltk) 9538{ 9539 switch (ltk->type) { 9540 case SMP_LTK: 9541 case SMP_LTK_RESPONDER: 9542 if (ltk->authenticated) 9543 return MGMT_LTK_AUTHENTICATED; 9544 return MGMT_LTK_UNAUTHENTICATED; 9545 case SMP_LTK_P256: 9546 if (ltk->authenticated) 9547 return MGMT_LTK_P256_AUTH; 9548 return MGMT_LTK_P256_UNAUTH; 9549 case SMP_LTK_P256_DEBUG: 9550 return MGMT_LTK_P256_DEBUG; 9551 } 9552 9553 return MGMT_LTK_UNAUTHENTICATED; 9554} 9555 9556void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 9557{ 9558 struct mgmt_ev_new_long_term_key ev; 9559 9560 memset(&ev, 0, sizeof(ev)); 9561 9562 /* Devices using resolvable or non-resolvable random addresses 9563 * without providing an identity resolving key don't require 9564 * to store long term keys. Their addresses will change the 9565 * next time around. 9566 * 9567 * Only when a remote device provides an identity address 9568 * make sure the long term key is stored. If the remote 9569 * identity is known, the long term keys are internally 9570 * mapped to the identity address. So allow static random 9571 * and public addresses here. 9572 */ 9573 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 9574 (key->bdaddr.b[5] & 0xc0) != 0xc0) 9575 ev.store_hint = 0x00; 9576 else 9577 ev.store_hint = persistent; 9578 9579 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9580 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 9581 ev.key.type = mgmt_ltk_type(key); 9582 ev.key.enc_size = key->enc_size; 9583 ev.key.ediv = key->ediv; 9584 ev.key.rand = key->rand; 9585 9586 if (key->type == SMP_LTK) 9587 ev.key.initiator = 1; 9588 9589 /* Make sure we copy only the significant bytes based on the 9590 * encryption key size, and set the rest of the value to zeroes. 9591 */ 9592 memcpy(ev.key.val, key->val, key->enc_size); 9593 memset(ev.key.val + key->enc_size, 0, 9594 sizeof(ev.key.val) - key->enc_size); 9595 9596 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 9597} 9598 9599void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 9600{ 9601 struct mgmt_ev_new_irk ev; 9602 9603 memset(&ev, 0, sizeof(ev)); 9604 9605 ev.store_hint = persistent; 9606 9607 bacpy(&ev.rpa, &irk->rpa); 9608 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 9609 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 9610 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 9611 9612 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 9613} 9614 9615void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 9616 bool persistent) 9617{ 9618 struct mgmt_ev_new_csrk ev; 9619 9620 memset(&ev, 0, sizeof(ev)); 9621 9622 /* Devices using resolvable or non-resolvable random addresses 9623 * without providing an identity resolving key don't require 9624 * to store signature resolving keys. Their addresses will change 9625 * the next time around. 9626 * 9627 * Only when a remote device provides an identity address 9628 * make sure the signature resolving key is stored. So allow 9629 * static random and public addresses here. 9630 */ 9631 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 9632 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 9633 ev.store_hint = 0x00; 9634 else 9635 ev.store_hint = persistent; 9636 9637 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 9638 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 9639 ev.key.type = csrk->type; 9640 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 9641 9642 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 9643} 9644 9645void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 9646 u8 bdaddr_type, u8 store_hint, u16 min_interval, 9647 u16 max_interval, u16 latency, u16 timeout) 9648{ 9649 struct mgmt_ev_new_conn_param ev; 9650 9651 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 9652 return; 9653 9654 memset(&ev, 0, sizeof(ev)); 9655 bacpy(&ev.addr.bdaddr, bdaddr); 9656 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 9657 ev.store_hint = store_hint; 9658 ev.min_interval = cpu_to_le16(min_interval); 9659 ev.max_interval = cpu_to_le16(max_interval); 9660 ev.latency = cpu_to_le16(latency); 9661 ev.timeout = cpu_to_le16(timeout); 9662 9663 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 9664} 9665 9666void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 9667 u8 *name, u8 name_len) 9668{ 9669 struct sk_buff *skb; 9670 struct mgmt_ev_device_connected *ev; 9671 u16 eir_len = 0; 9672 u32 flags = 0; 9673 9674 /* allocate buff for LE or BR/EDR adv */ 9675 if (conn->le_adv_data_len > 0) 9676 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9677 sizeof(*ev) + conn->le_adv_data_len); 9678 else 9679 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9680 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) + 9681 eir_precalc_len(sizeof(conn->dev_class))); 9682 9683 ev = skb_put(skb, sizeof(*ev)); 9684 bacpy(&ev->addr.bdaddr, &conn->dst); 9685 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9686 9687 if (conn->out) 9688 flags |= MGMT_DEV_FOUND_INITIATED_CONN; 9689 9690 ev->flags = __cpu_to_le32(flags); 9691 9692 /* We must ensure that the EIR Data fields are ordered and 9693 * unique. Keep it simple for now and avoid the problem by not 9694 * adding any BR/EDR data to the LE adv. 9695 */ 9696 if (conn->le_adv_data_len > 0) { 9697 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len); 9698 eir_len = conn->le_adv_data_len; 9699 } else { 9700 if (name) 9701 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 9702 9703 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class))) 9704 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV, 9705 conn->dev_class, sizeof(conn->dev_class)); 9706 } 9707 9708 ev->eir_len = cpu_to_le16(eir_len); 9709 9710 mgmt_event_skb(skb, NULL); 9711} 9712 9713static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 9714{ 9715 struct sock **sk = data; 9716 9717 cmd->cmd_complete(cmd, 0); 9718 9719 *sk = cmd->sk; 9720 sock_hold(*sk); 9721 9722 mgmt_pending_remove(cmd); 9723} 9724 9725static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 9726{ 9727 struct hci_dev *hdev = data; 9728 struct mgmt_cp_unpair_device *cp = cmd->param; 9729 9730 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 9731 9732 cmd->cmd_complete(cmd, 0); 9733 mgmt_pending_remove(cmd); 9734} 9735 9736bool mgmt_powering_down(struct hci_dev *hdev) 9737{ 9738 struct mgmt_pending_cmd *cmd; 9739 struct mgmt_mode *cp; 9740 9741 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9742 if (!cmd) 9743 return false; 9744 9745 cp = cmd->param; 9746 if (!cp->val) 9747 return true; 9748 9749 return false; 9750} 9751 9752void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 9753 u8 link_type, u8 addr_type, u8 reason, 9754 bool mgmt_connected) 9755{ 9756 struct mgmt_ev_device_disconnected ev; 9757 struct sock *sk = NULL; 9758 9759 /* The connection is still in hci_conn_hash so test for 1 9760 * instead of 0 to know if this is the last one. 9761 */ 9762 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9763 cancel_delayed_work(&hdev->power_off); 9764 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9765 } 9766 9767 if (!mgmt_connected) 9768 return; 9769 9770 if (link_type != ACL_LINK && link_type != LE_LINK) 9771 return; 9772 9773 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 9774 9775 bacpy(&ev.addr.bdaddr, bdaddr); 9776 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9777 ev.reason = reason; 9778 9779 /* Report disconnects due to suspend */ 9780 if (hdev->suspended) 9781 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND; 9782 9783 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 9784 9785 if (sk) 9786 sock_put(sk); 9787 9788 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9789 hdev); 9790} 9791 9792void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 9793 u8 link_type, u8 addr_type, u8 status) 9794{ 9795 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 9796 struct mgmt_cp_disconnect *cp; 9797 struct mgmt_pending_cmd *cmd; 9798 9799 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9800 hdev); 9801 9802 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 9803 if (!cmd) 9804 return; 9805 9806 cp = cmd->param; 9807 9808 if (bacmp(bdaddr, &cp->addr.bdaddr)) 9809 return; 9810 9811 if (cp->addr.type != bdaddr_type) 9812 return; 9813 9814 cmd->cmd_complete(cmd, mgmt_status(status)); 9815 mgmt_pending_remove(cmd); 9816} 9817 9818void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9819 u8 addr_type, u8 status) 9820{ 9821 struct mgmt_ev_connect_failed ev; 9822 9823 /* The connection is still in hci_conn_hash so test for 1 9824 * instead of 0 to know if this is the last one. 9825 */ 9826 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9827 cancel_delayed_work(&hdev->power_off); 9828 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9829 } 9830 9831 bacpy(&ev.addr.bdaddr, bdaddr); 9832 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9833 ev.status = mgmt_status(status); 9834 9835 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 9836} 9837 9838void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 9839{ 9840 struct mgmt_ev_pin_code_request ev; 9841 9842 bacpy(&ev.addr.bdaddr, bdaddr); 9843 ev.addr.type = BDADDR_BREDR; 9844 ev.secure = secure; 9845 9846 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 9847} 9848 9849void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9850 u8 status) 9851{ 9852 struct mgmt_pending_cmd *cmd; 9853 9854 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 9855 if (!cmd) 9856 return; 9857 9858 cmd->cmd_complete(cmd, mgmt_status(status)); 9859 mgmt_pending_remove(cmd); 9860} 9861 9862void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9863 u8 status) 9864{ 9865 struct mgmt_pending_cmd *cmd; 9866 9867 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 9868 if (!cmd) 9869 return; 9870 9871 cmd->cmd_complete(cmd, mgmt_status(status)); 9872 mgmt_pending_remove(cmd); 9873} 9874 9875int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9876 u8 link_type, u8 addr_type, u32 value, 9877 u8 confirm_hint) 9878{ 9879 struct mgmt_ev_user_confirm_request ev; 9880 9881 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9882 9883 bacpy(&ev.addr.bdaddr, bdaddr); 9884 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9885 ev.confirm_hint = confirm_hint; 9886 ev.value = cpu_to_le32(value); 9887 9888 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 9889 NULL); 9890} 9891 9892int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9893 u8 link_type, u8 addr_type) 9894{ 9895 struct mgmt_ev_user_passkey_request ev; 9896 9897 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9898 9899 bacpy(&ev.addr.bdaddr, bdaddr); 9900 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9901 9902 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 9903 NULL); 9904} 9905 9906static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9907 u8 link_type, u8 addr_type, u8 status, 9908 u8 opcode) 9909{ 9910 struct mgmt_pending_cmd *cmd; 9911 9912 cmd = pending_find(opcode, hdev); 9913 if (!cmd) 9914 return -ENOENT; 9915 9916 cmd->cmd_complete(cmd, mgmt_status(status)); 9917 mgmt_pending_remove(cmd); 9918 9919 return 0; 9920} 9921 9922int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9923 u8 link_type, u8 addr_type, u8 status) 9924{ 9925 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9926 status, MGMT_OP_USER_CONFIRM_REPLY); 9927} 9928 9929int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9930 u8 link_type, u8 addr_type, u8 status) 9931{ 9932 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9933 status, 9934 MGMT_OP_USER_CONFIRM_NEG_REPLY); 9935} 9936 9937int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9938 u8 link_type, u8 addr_type, u8 status) 9939{ 9940 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9941 status, MGMT_OP_USER_PASSKEY_REPLY); 9942} 9943 9944int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9945 u8 link_type, u8 addr_type, u8 status) 9946{ 9947 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9948 status, 9949 MGMT_OP_USER_PASSKEY_NEG_REPLY); 9950} 9951 9952int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 9953 u8 link_type, u8 addr_type, u32 passkey, 9954 u8 entered) 9955{ 9956 struct mgmt_ev_passkey_notify ev; 9957 9958 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9959 9960 bacpy(&ev.addr.bdaddr, bdaddr); 9961 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9962 ev.passkey = __cpu_to_le32(passkey); 9963 ev.entered = entered; 9964 9965 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 9966} 9967 9968void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 9969{ 9970 struct mgmt_ev_auth_failed ev; 9971 struct mgmt_pending_cmd *cmd; 9972 u8 status = mgmt_status(hci_status); 9973 9974 bacpy(&ev.addr.bdaddr, &conn->dst); 9975 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9976 ev.status = status; 9977 9978 cmd = find_pairing(conn); 9979 9980 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 9981 cmd ? cmd->sk : NULL); 9982 9983 if (cmd) { 9984 cmd->cmd_complete(cmd, status); 9985 mgmt_pending_remove(cmd); 9986 } 9987} 9988 9989void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 9990{ 9991 struct cmd_lookup match = { NULL, hdev }; 9992 bool changed; 9993 9994 if (status) { 9995 u8 mgmt_err = mgmt_status(status); 9996 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 9997 cmd_status_rsp, &mgmt_err); 9998 return; 9999 } 10000 10001 if (test_bit(HCI_AUTH, &hdev->flags)) 10002 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 10003 else 10004 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 10005 10006 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 10007 &match); 10008 10009 if (changed) 10010 new_settings(hdev, match.sk); 10011 10012 if (match.sk) 10013 sock_put(match.sk); 10014} 10015 10016static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 10017{ 10018 struct cmd_lookup *match = data; 10019 10020 if (match->sk == NULL) { 10021 match->sk = cmd->sk; 10022 sock_hold(match->sk); 10023 } 10024} 10025 10026void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 10027 u8 status) 10028{ 10029 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 10030 10031 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 10032 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 10033 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 10034 10035 if (!status) { 10036 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 10037 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 10038 ext_info_changed(hdev, NULL); 10039 } 10040 10041 if (match.sk) 10042 sock_put(match.sk); 10043} 10044 10045void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 10046{ 10047 struct mgmt_cp_set_local_name ev; 10048 struct mgmt_pending_cmd *cmd; 10049 10050 if (status) 10051 return; 10052 10053 memset(&ev, 0, sizeof(ev)); 10054 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 10055 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 10056 10057 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 10058 if (!cmd) { 10059 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 10060 10061 /* If this is a HCI command related to powering on the 10062 * HCI dev don't send any mgmt signals. 10063 */ 10064 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 10065 return; 10066 } 10067 10068 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 10069 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 10070 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 10071} 10072 10073static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 10074{ 10075 int i; 10076 10077 for (i = 0; i < uuid_count; i++) { 10078 if (!memcmp(uuid, uuids[i], 16)) 10079 return true; 10080 } 10081 10082 return false; 10083} 10084 10085static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 10086{ 10087 u16 parsed = 0; 10088 10089 while (parsed < eir_len) { 10090 u8 field_len = eir[0]; 10091 u8 uuid[16]; 10092 int i; 10093 10094 if (field_len == 0) 10095 break; 10096 10097 if (eir_len - parsed < field_len + 1) 10098 break; 10099 10100 switch (eir[1]) { 10101 case EIR_UUID16_ALL: 10102 case EIR_UUID16_SOME: 10103 for (i = 0; i + 3 <= field_len; i += 2) { 10104 memcpy(uuid, bluetooth_base_uuid, 16); 10105 uuid[13] = eir[i + 3]; 10106 uuid[12] = eir[i + 2]; 10107 if (has_uuid(uuid, uuid_count, uuids)) 10108 return true; 10109 } 10110 break; 10111 case EIR_UUID32_ALL: 10112 case EIR_UUID32_SOME: 10113 for (i = 0; i + 5 <= field_len; i += 4) { 10114 memcpy(uuid, bluetooth_base_uuid, 16); 10115 uuid[15] = eir[i + 5]; 10116 uuid[14] = eir[i + 4]; 10117 uuid[13] = eir[i + 3]; 10118 uuid[12] = eir[i + 2]; 10119 if (has_uuid(uuid, uuid_count, uuids)) 10120 return true; 10121 } 10122 break; 10123 case EIR_UUID128_ALL: 10124 case EIR_UUID128_SOME: 10125 for (i = 0; i + 17 <= field_len; i += 16) { 10126 memcpy(uuid, eir + i + 2, 16); 10127 if (has_uuid(uuid, uuid_count, uuids)) 10128 return true; 10129 } 10130 break; 10131 } 10132 10133 parsed += field_len + 1; 10134 eir += field_len + 1; 10135 } 10136 10137 return false; 10138} 10139 10140static void restart_le_scan(struct hci_dev *hdev) 10141{ 10142 /* If controller is not scanning we are done. */ 10143 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 10144 return; 10145 10146 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 10147 hdev->discovery.scan_start + 10148 hdev->discovery.scan_duration)) 10149 return; 10150 10151 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 10152 DISCOV_LE_RESTART_DELAY); 10153} 10154 10155static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 10156 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 10157{ 10158 /* If a RSSI threshold has been specified, and 10159 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 10160 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 10161 * is set, let it through for further processing, as we might need to 10162 * restart the scan. 10163 * 10164 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 10165 * the results are also dropped. 10166 */ 10167 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10168 (rssi == HCI_RSSI_INVALID || 10169 (rssi < hdev->discovery.rssi && 10170 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 10171 return false; 10172 10173 if (hdev->discovery.uuid_count != 0) { 10174 /* If a list of UUIDs is provided in filter, results with no 10175 * matching UUID should be dropped. 10176 */ 10177 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 10178 hdev->discovery.uuids) && 10179 !eir_has_uuids(scan_rsp, scan_rsp_len, 10180 hdev->discovery.uuid_count, 10181 hdev->discovery.uuids)) 10182 return false; 10183 } 10184 10185 /* If duplicate filtering does not report RSSI changes, then restart 10186 * scanning to ensure updated result with updated RSSI values. 10187 */ 10188 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 10189 restart_le_scan(hdev); 10190 10191 /* Validate RSSI value against the RSSI threshold once more. */ 10192 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10193 rssi < hdev->discovery.rssi) 10194 return false; 10195 } 10196 10197 return true; 10198} 10199 10200void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle, 10201 bdaddr_t *bdaddr, u8 addr_type) 10202{ 10203 struct mgmt_ev_adv_monitor_device_lost ev; 10204 10205 ev.monitor_handle = cpu_to_le16(handle); 10206 bacpy(&ev.addr.bdaddr, bdaddr); 10207 ev.addr.type = addr_type; 10208 10209 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev), 10210 NULL); 10211} 10212 10213static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev, 10214 struct sk_buff *skb, 10215 struct sock *skip_sk, 10216 u16 handle) 10217{ 10218 struct sk_buff *advmon_skb; 10219 size_t advmon_skb_len; 10220 __le16 *monitor_handle; 10221 10222 if (!skb) 10223 return; 10224 10225 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) - 10226 sizeof(struct mgmt_ev_device_found)) + skb->len; 10227 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 10228 advmon_skb_len); 10229 if (!advmon_skb) 10230 return; 10231 10232 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except 10233 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and 10234 * store monitor_handle of the matched monitor. 10235 */ 10236 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle)); 10237 *monitor_handle = cpu_to_le16(handle); 10238 skb_put_data(advmon_skb, skb->data, skb->len); 10239 10240 mgmt_event_skb(advmon_skb, skip_sk); 10241} 10242 10243static void mgmt_adv_monitor_device_found(struct hci_dev *hdev, 10244 bdaddr_t *bdaddr, bool report_device, 10245 struct sk_buff *skb, 10246 struct sock *skip_sk) 10247{ 10248 struct monitored_device *dev, *tmp; 10249 bool matched = false; 10250 bool notified = false; 10251 10252 /* We have received the Advertisement Report because: 10253 * 1. the kernel has initiated active discovery 10254 * 2. if not, we have pend_le_reports > 0 in which case we are doing 10255 * passive scanning 10256 * 3. if none of the above is true, we have one or more active 10257 * Advertisement Monitor 10258 * 10259 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND 10260 * and report ONLY one advertisement per device for the matched Monitor 10261 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10262 * 10263 * For case 3, since we are not active scanning and all advertisements 10264 * received are due to a matched Advertisement Monitor, report all 10265 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10266 */ 10267 if (report_device && !hdev->advmon_pend_notify) { 10268 mgmt_event_skb(skb, skip_sk); 10269 return; 10270 } 10271 10272 hdev->advmon_pend_notify = false; 10273 10274 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) { 10275 if (!bacmp(&dev->bdaddr, bdaddr)) { 10276 matched = true; 10277 10278 if (!dev->notified) { 10279 mgmt_send_adv_monitor_device_found(hdev, skb, 10280 skip_sk, 10281 dev->handle); 10282 notified = true; 10283 dev->notified = true; 10284 } 10285 } 10286 10287 if (!dev->notified) 10288 hdev->advmon_pend_notify = true; 10289 } 10290 10291 if (!report_device && 10292 ((matched && !notified) || !msft_monitor_supported(hdev))) { 10293 /* Handle 0 indicates that we are not active scanning and this 10294 * is a subsequent advertisement report for an already matched 10295 * Advertisement Monitor or the controller offloading support 10296 * is not available. 10297 */ 10298 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0); 10299 } 10300 10301 if (report_device) 10302 mgmt_event_skb(skb, skip_sk); 10303 else 10304 kfree_skb(skb); 10305} 10306 10307static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, 10308 u8 addr_type, s8 rssi, u32 flags, u8 *eir, 10309 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10310 u64 instant) 10311{ 10312 struct sk_buff *skb; 10313 struct mgmt_ev_mesh_device_found *ev; 10314 int i, j; 10315 10316 if (!hdev->mesh_ad_types[0]) 10317 goto accepted; 10318 10319 /* Scan for requested AD types */ 10320 if (eir_len > 0) { 10321 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) { 10322 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10323 if (!hdev->mesh_ad_types[j]) 10324 break; 10325 10326 if (hdev->mesh_ad_types[j] == eir[i + 1]) 10327 goto accepted; 10328 } 10329 } 10330 } 10331 10332 if (scan_rsp_len > 0) { 10333 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) { 10334 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10335 if (!hdev->mesh_ad_types[j]) 10336 break; 10337 10338 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1]) 10339 goto accepted; 10340 } 10341 } 10342 } 10343 10344 return; 10345 10346accepted: 10347 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND, 10348 sizeof(*ev) + eir_len + scan_rsp_len); 10349 if (!skb) 10350 return; 10351 10352 ev = skb_put(skb, sizeof(*ev)); 10353 10354 bacpy(&ev->addr.bdaddr, bdaddr); 10355 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type); 10356 ev->rssi = rssi; 10357 ev->flags = cpu_to_le32(flags); 10358 ev->instant = cpu_to_le64(instant); 10359 10360 if (eir_len > 0) 10361 /* Copy EIR or advertising data into event */ 10362 skb_put_data(skb, eir, eir_len); 10363 10364 if (scan_rsp_len > 0) 10365 /* Append scan response data to event */ 10366 skb_put_data(skb, scan_rsp, scan_rsp_len); 10367 10368 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10369 10370 mgmt_event_skb(skb, NULL); 10371} 10372 10373void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10374 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 10375 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10376 u64 instant) 10377{ 10378 struct sk_buff *skb; 10379 struct mgmt_ev_device_found *ev; 10380 bool report_device = hci_discovery_active(hdev); 10381 10382 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK) 10383 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags, 10384 eir, eir_len, scan_rsp, scan_rsp_len, 10385 instant); 10386 10387 /* Don't send events for a non-kernel initiated discovery. With 10388 * LE one exception is if we have pend_le_reports > 0 in which 10389 * case we're doing passive scanning and want these events. 10390 */ 10391 if (!hci_discovery_active(hdev)) { 10392 if (link_type == ACL_LINK) 10393 return; 10394 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports)) 10395 report_device = true; 10396 else if (!hci_is_adv_monitoring(hdev)) 10397 return; 10398 } 10399 10400 if (hdev->discovery.result_filtering) { 10401 /* We are using service discovery */ 10402 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 10403 scan_rsp_len)) 10404 return; 10405 } 10406 10407 if (hdev->discovery.limited) { 10408 /* Check for limited discoverable bit */ 10409 if (dev_class) { 10410 if (!(dev_class[1] & 0x20)) 10411 return; 10412 } else { 10413 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 10414 if (!flags || !(flags[0] & LE_AD_LIMITED)) 10415 return; 10416 } 10417 } 10418 10419 /* Allocate skb. The 5 extra bytes are for the potential CoD field */ 10420 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10421 sizeof(*ev) + eir_len + scan_rsp_len + 5); 10422 if (!skb) 10423 return; 10424 10425 ev = skb_put(skb, sizeof(*ev)); 10426 10427 /* In case of device discovery with BR/EDR devices (pre 1.2), the 10428 * RSSI value was reported as 0 when not available. This behavior 10429 * is kept when using device discovery. This is required for full 10430 * backwards compatibility with the API. 10431 * 10432 * However when using service discovery, the value 127 will be 10433 * returned when the RSSI is not available. 10434 */ 10435 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 10436 link_type == ACL_LINK) 10437 rssi = 0; 10438 10439 bacpy(&ev->addr.bdaddr, bdaddr); 10440 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10441 ev->rssi = rssi; 10442 ev->flags = cpu_to_le32(flags); 10443 10444 if (eir_len > 0) 10445 /* Copy EIR or advertising data into event */ 10446 skb_put_data(skb, eir, eir_len); 10447 10448 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) { 10449 u8 eir_cod[5]; 10450 10451 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV, 10452 dev_class, 3); 10453 skb_put_data(skb, eir_cod, sizeof(eir_cod)); 10454 } 10455 10456 if (scan_rsp_len > 0) 10457 /* Append scan response data to event */ 10458 skb_put_data(skb, scan_rsp, scan_rsp_len); 10459 10460 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10461 10462 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL); 10463} 10464 10465void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10466 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 10467{ 10468 struct sk_buff *skb; 10469 struct mgmt_ev_device_found *ev; 10470 u16 eir_len = 0; 10471 u32 flags = 0; 10472 10473 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10474 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0)); 10475 10476 ev = skb_put(skb, sizeof(*ev)); 10477 bacpy(&ev->addr.bdaddr, bdaddr); 10478 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10479 ev->rssi = rssi; 10480 10481 if (name) 10482 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 10483 else 10484 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED; 10485 10486 ev->eir_len = cpu_to_le16(eir_len); 10487 ev->flags = cpu_to_le32(flags); 10488 10489 mgmt_event_skb(skb, NULL); 10490} 10491 10492void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 10493{ 10494 struct mgmt_ev_discovering ev; 10495 10496 bt_dev_dbg(hdev, "discovering %u", discovering); 10497 10498 memset(&ev, 0, sizeof(ev)); 10499 ev.type = hdev->discovery.type; 10500 ev.discovering = discovering; 10501 10502 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 10503} 10504 10505void mgmt_suspending(struct hci_dev *hdev, u8 state) 10506{ 10507 struct mgmt_ev_controller_suspend ev; 10508 10509 ev.suspend_state = state; 10510 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL); 10511} 10512 10513void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr, 10514 u8 addr_type) 10515{ 10516 struct mgmt_ev_controller_resume ev; 10517 10518 ev.wake_reason = reason; 10519 if (bdaddr) { 10520 bacpy(&ev.addr.bdaddr, bdaddr); 10521 ev.addr.type = addr_type; 10522 } else { 10523 memset(&ev.addr, 0, sizeof(ev.addr)); 10524 } 10525 10526 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL); 10527} 10528 10529static struct hci_mgmt_chan chan = { 10530 .channel = HCI_CHANNEL_CONTROL, 10531 .handler_count = ARRAY_SIZE(mgmt_handlers), 10532 .handlers = mgmt_handlers, 10533 .hdev_init = mgmt_init_hdev, 10534}; 10535 10536int mgmt_init(void) 10537{ 10538 return hci_mgmt_chan_register(&chan); 10539} 10540 10541void mgmt_exit(void) 10542{ 10543 hci_mgmt_chan_unregister(&chan); 10544} 10545 10546void mgmt_cleanup(struct sock *sk) 10547{ 10548 struct mgmt_mesh_tx *mesh_tx; 10549 struct hci_dev *hdev; 10550 10551 read_lock(&hci_dev_list_lock); 10552 10553 list_for_each_entry(hdev, &hci_dev_list, list) { 10554 do { 10555 mesh_tx = mgmt_mesh_next(hdev, sk); 10556 10557 if (mesh_tx) 10558 mesh_send_complete(hdev, mesh_tx, true); 10559 } while (mesh_tx); 10560 } 10561 10562 read_unlock(&hci_dev_list_lock); 10563}