tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / bluetooth / mgmt.c
at v6.4-rc7 10571 lines 272 kB view raw
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/module.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/hci_sock.h> 33#include <net/bluetooth/l2cap.h> 34#include <net/bluetooth/mgmt.h> 35 36#include "hci_request.h" 37#include "smp.h" 38#include "mgmt_util.h" 39#include "mgmt_config.h" 40#include "msft.h" 41#include "eir.h" 42#include "aosp.h" 43 44#define MGMT_VERSION 1 45#define MGMT_REVISION 22 46 47static const u16 mgmt_commands[] = { 48 MGMT_OP_READ_INDEX_LIST, 49 MGMT_OP_READ_INFO, 50 MGMT_OP_SET_POWERED, 51 MGMT_OP_SET_DISCOVERABLE, 52 MGMT_OP_SET_CONNECTABLE, 53 MGMT_OP_SET_FAST_CONNECTABLE, 54 MGMT_OP_SET_BONDABLE, 55 MGMT_OP_SET_LINK_SECURITY, 56 MGMT_OP_SET_SSP, 57 MGMT_OP_SET_HS, 58 MGMT_OP_SET_LE, 59 MGMT_OP_SET_DEV_CLASS, 60 MGMT_OP_SET_LOCAL_NAME, 61 MGMT_OP_ADD_UUID, 62 MGMT_OP_REMOVE_UUID, 63 MGMT_OP_LOAD_LINK_KEYS, 64 MGMT_OP_LOAD_LONG_TERM_KEYS, 65 MGMT_OP_DISCONNECT, 66 MGMT_OP_GET_CONNECTIONS, 67 MGMT_OP_PIN_CODE_REPLY, 68 MGMT_OP_PIN_CODE_NEG_REPLY, 69 MGMT_OP_SET_IO_CAPABILITY, 70 MGMT_OP_PAIR_DEVICE, 71 MGMT_OP_CANCEL_PAIR_DEVICE, 72 MGMT_OP_UNPAIR_DEVICE, 73 MGMT_OP_USER_CONFIRM_REPLY, 74 MGMT_OP_USER_CONFIRM_NEG_REPLY, 75 MGMT_OP_USER_PASSKEY_REPLY, 76 MGMT_OP_USER_PASSKEY_NEG_REPLY, 77 MGMT_OP_READ_LOCAL_OOB_DATA, 78 MGMT_OP_ADD_REMOTE_OOB_DATA, 79 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 80 MGMT_OP_START_DISCOVERY, 81 MGMT_OP_STOP_DISCOVERY, 82 MGMT_OP_CONFIRM_NAME, 83 MGMT_OP_BLOCK_DEVICE, 84 MGMT_OP_UNBLOCK_DEVICE, 85 MGMT_OP_SET_DEVICE_ID, 86 MGMT_OP_SET_ADVERTISING, 87 MGMT_OP_SET_BREDR, 88 MGMT_OP_SET_STATIC_ADDRESS, 89 MGMT_OP_SET_SCAN_PARAMS, 90 MGMT_OP_SET_SECURE_CONN, 91 MGMT_OP_SET_DEBUG_KEYS, 92 MGMT_OP_SET_PRIVACY, 93 MGMT_OP_LOAD_IRKS, 94 MGMT_OP_GET_CONN_INFO, 95 MGMT_OP_GET_CLOCK_INFO, 96 MGMT_OP_ADD_DEVICE, 97 MGMT_OP_REMOVE_DEVICE, 98 MGMT_OP_LOAD_CONN_PARAM, 99 MGMT_OP_READ_UNCONF_INDEX_LIST, 100 MGMT_OP_READ_CONFIG_INFO, 101 MGMT_OP_SET_EXTERNAL_CONFIG, 102 MGMT_OP_SET_PUBLIC_ADDRESS, 103 MGMT_OP_START_SERVICE_DISCOVERY, 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 105 MGMT_OP_READ_EXT_INDEX_LIST, 106 MGMT_OP_READ_ADV_FEATURES, 107 MGMT_OP_ADD_ADVERTISING, 108 MGMT_OP_REMOVE_ADVERTISING, 109 MGMT_OP_GET_ADV_SIZE_INFO, 110 MGMT_OP_START_LIMITED_DISCOVERY, 111 MGMT_OP_READ_EXT_INFO, 112 MGMT_OP_SET_APPEARANCE, 113 MGMT_OP_GET_PHY_CONFIGURATION, 114 MGMT_OP_SET_PHY_CONFIGURATION, 115 MGMT_OP_SET_BLOCKED_KEYS, 116 MGMT_OP_SET_WIDEBAND_SPEECH, 117 MGMT_OP_READ_CONTROLLER_CAP, 118 MGMT_OP_READ_EXP_FEATURES_INFO, 119 MGMT_OP_SET_EXP_FEATURE, 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 121 MGMT_OP_SET_DEF_SYSTEM_CONFIG, 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 123 MGMT_OP_SET_DEF_RUNTIME_CONFIG, 124 MGMT_OP_GET_DEVICE_FLAGS, 125 MGMT_OP_SET_DEVICE_FLAGS, 126 MGMT_OP_READ_ADV_MONITOR_FEATURES, 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 128 MGMT_OP_REMOVE_ADV_MONITOR, 129 MGMT_OP_ADD_EXT_ADV_PARAMS, 130 MGMT_OP_ADD_EXT_ADV_DATA, 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, 132 MGMT_OP_SET_MESH_RECEIVER, 133 MGMT_OP_MESH_READ_FEATURES, 134 MGMT_OP_MESH_SEND, 135 MGMT_OP_MESH_SEND_CANCEL, 136}; 137 138static const u16 mgmt_events[] = { 139 MGMT_EV_CONTROLLER_ERROR, 140 MGMT_EV_INDEX_ADDED, 141 MGMT_EV_INDEX_REMOVED, 142 MGMT_EV_NEW_SETTINGS, 143 MGMT_EV_CLASS_OF_DEV_CHANGED, 144 MGMT_EV_LOCAL_NAME_CHANGED, 145 MGMT_EV_NEW_LINK_KEY, 146 MGMT_EV_NEW_LONG_TERM_KEY, 147 MGMT_EV_DEVICE_CONNECTED, 148 MGMT_EV_DEVICE_DISCONNECTED, 149 MGMT_EV_CONNECT_FAILED, 150 MGMT_EV_PIN_CODE_REQUEST, 151 MGMT_EV_USER_CONFIRM_REQUEST, 152 MGMT_EV_USER_PASSKEY_REQUEST, 153 MGMT_EV_AUTH_FAILED, 154 MGMT_EV_DEVICE_FOUND, 155 MGMT_EV_DISCOVERING, 156 MGMT_EV_DEVICE_BLOCKED, 157 MGMT_EV_DEVICE_UNBLOCKED, 158 MGMT_EV_DEVICE_UNPAIRED, 159 MGMT_EV_PASSKEY_NOTIFY, 160 MGMT_EV_NEW_IRK, 161 MGMT_EV_NEW_CSRK, 162 MGMT_EV_DEVICE_ADDED, 163 MGMT_EV_DEVICE_REMOVED, 164 MGMT_EV_NEW_CONN_PARAM, 165 MGMT_EV_UNCONF_INDEX_ADDED, 166 MGMT_EV_UNCONF_INDEX_REMOVED, 167 MGMT_EV_NEW_CONFIG_OPTIONS, 168 MGMT_EV_EXT_INDEX_ADDED, 169 MGMT_EV_EXT_INDEX_REMOVED, 170 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 171 MGMT_EV_ADVERTISING_ADDED, 172 MGMT_EV_ADVERTISING_REMOVED, 173 MGMT_EV_EXT_INFO_CHANGED, 174 MGMT_EV_PHY_CONFIGURATION_CHANGED, 175 MGMT_EV_EXP_FEATURE_CHANGED, 176 MGMT_EV_DEVICE_FLAGS_CHANGED, 177 MGMT_EV_ADV_MONITOR_ADDED, 178 MGMT_EV_ADV_MONITOR_REMOVED, 179 MGMT_EV_CONTROLLER_SUSPEND, 180 MGMT_EV_CONTROLLER_RESUME, 181 MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 182 MGMT_EV_ADV_MONITOR_DEVICE_LOST, 183}; 184 185static const u16 mgmt_untrusted_commands[] = { 186 MGMT_OP_READ_INDEX_LIST, 187 MGMT_OP_READ_INFO, 188 MGMT_OP_READ_UNCONF_INDEX_LIST, 189 MGMT_OP_READ_CONFIG_INFO, 190 MGMT_OP_READ_EXT_INDEX_LIST, 191 MGMT_OP_READ_EXT_INFO, 192 MGMT_OP_READ_CONTROLLER_CAP, 193 MGMT_OP_READ_EXP_FEATURES_INFO, 194 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 195 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 196}; 197 198static const u16 mgmt_untrusted_events[] = { 199 MGMT_EV_INDEX_ADDED, 200 MGMT_EV_INDEX_REMOVED, 201 MGMT_EV_NEW_SETTINGS, 202 MGMT_EV_CLASS_OF_DEV_CHANGED, 203 MGMT_EV_LOCAL_NAME_CHANGED, 204 MGMT_EV_UNCONF_INDEX_ADDED, 205 MGMT_EV_UNCONF_INDEX_REMOVED, 206 MGMT_EV_NEW_CONFIG_OPTIONS, 207 MGMT_EV_EXT_INDEX_ADDED, 208 MGMT_EV_EXT_INDEX_REMOVED, 209 MGMT_EV_EXT_INFO_CHANGED, 210 MGMT_EV_EXP_FEATURE_CHANGED, 211}; 212 213#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 214 215#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 216 "\x00\x00\x00\x00\x00\x00\x00\x00" 217 218/* HCI to MGMT error code conversion table */ 219static const u8 mgmt_status_table[] = { 220 MGMT_STATUS_SUCCESS, 221 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 222 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 223 MGMT_STATUS_FAILED, /* Hardware Failure */ 224 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 225 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 226 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 227 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 228 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 229 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 230 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 231 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 232 MGMT_STATUS_BUSY, /* Command Disallowed */ 233 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 234 MGMT_STATUS_REJECTED, /* Rejected Security */ 235 MGMT_STATUS_REJECTED, /* Rejected Personal */ 236 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 237 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 238 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 239 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 240 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 241 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 242 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 243 MGMT_STATUS_BUSY, /* Repeated Attempts */ 244 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 245 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 247 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 248 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 249 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 250 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 251 MGMT_STATUS_FAILED, /* Unspecified Error */ 252 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 253 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 254 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 255 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 256 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 257 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 258 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 259 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 260 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 261 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 262 MGMT_STATUS_FAILED, /* Transaction Collision */ 263 MGMT_STATUS_FAILED, /* Reserved for future use */ 264 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 265 MGMT_STATUS_REJECTED, /* QoS Rejected */ 266 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 267 MGMT_STATUS_REJECTED, /* Insufficient Security */ 268 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 269 MGMT_STATUS_FAILED, /* Reserved for future use */ 270 MGMT_STATUS_BUSY, /* Role Switch Pending */ 271 MGMT_STATUS_FAILED, /* Reserved for future use */ 272 MGMT_STATUS_FAILED, /* Slot Violation */ 273 MGMT_STATUS_FAILED, /* Role Switch Failed */ 274 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 275 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 276 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 277 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 278 MGMT_STATUS_BUSY, /* Controller Busy */ 279 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 280 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 281 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 282 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 283 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 284}; 285 286static u8 mgmt_errno_status(int err) 287{ 288 switch (err) { 289 case 0: 290 return MGMT_STATUS_SUCCESS; 291 case -EPERM: 292 return MGMT_STATUS_REJECTED; 293 case -EINVAL: 294 return MGMT_STATUS_INVALID_PARAMS; 295 case -EOPNOTSUPP: 296 return MGMT_STATUS_NOT_SUPPORTED; 297 case -EBUSY: 298 return MGMT_STATUS_BUSY; 299 case -ETIMEDOUT: 300 return MGMT_STATUS_AUTH_FAILED; 301 case -ENOMEM: 302 return MGMT_STATUS_NO_RESOURCES; 303 case -EISCONN: 304 return MGMT_STATUS_ALREADY_CONNECTED; 305 case -ENOTCONN: 306 return MGMT_STATUS_DISCONNECTED; 307 } 308 309 return MGMT_STATUS_FAILED; 310} 311 312static u8 mgmt_status(int err) 313{ 314 if (err < 0) 315 return mgmt_errno_status(err); 316 317 if (err < ARRAY_SIZE(mgmt_status_table)) 318 return mgmt_status_table[err]; 319 320 return MGMT_STATUS_FAILED; 321} 322 323static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 324 u16 len, int flag) 325{ 326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 327 flag, NULL); 328} 329 330static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 331 u16 len, int flag, struct sock *skip_sk) 332{ 333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 334 flag, skip_sk); 335} 336 337static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 338 struct sock *skip_sk) 339{ 340 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 341 HCI_SOCK_TRUSTED, skip_sk); 342} 343 344static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk) 345{ 346 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED, 347 skip_sk); 348} 349 350static u8 le_addr_type(u8 mgmt_addr_type) 351{ 352 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 353 return ADDR_LE_DEV_PUBLIC; 354 else 355 return ADDR_LE_DEV_RANDOM; 356} 357 358void mgmt_fill_version_info(void *ver) 359{ 360 struct mgmt_rp_read_version *rp = ver; 361 362 rp->version = MGMT_VERSION; 363 rp->revision = cpu_to_le16(MGMT_REVISION); 364} 365 366static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 367 u16 data_len) 368{ 369 struct mgmt_rp_read_version rp; 370 371 bt_dev_dbg(hdev, "sock %p", sk); 372 373 mgmt_fill_version_info(&rp); 374 375 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 376 &rp, sizeof(rp)); 377} 378 379static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 380 u16 data_len) 381{ 382 struct mgmt_rp_read_commands *rp; 383 u16 num_commands, num_events; 384 size_t rp_size; 385 int i, err; 386 387 bt_dev_dbg(hdev, "sock %p", sk); 388 389 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 390 num_commands = ARRAY_SIZE(mgmt_commands); 391 num_events = ARRAY_SIZE(mgmt_events); 392 } else { 393 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 394 num_events = ARRAY_SIZE(mgmt_untrusted_events); 395 } 396 397 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 398 399 rp = kmalloc(rp_size, GFP_KERNEL); 400 if (!rp) 401 return -ENOMEM; 402 403 rp->num_commands = cpu_to_le16(num_commands); 404 rp->num_events = cpu_to_le16(num_events); 405 406 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 407 __le16 *opcode = rp->opcodes; 408 409 for (i = 0; i < num_commands; i++, opcode++) 410 put_unaligned_le16(mgmt_commands[i], opcode); 411 412 for (i = 0; i < num_events; i++, opcode++) 413 put_unaligned_le16(mgmt_events[i], opcode); 414 } else { 415 __le16 *opcode = rp->opcodes; 416 417 for (i = 0; i < num_commands; i++, opcode++) 418 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 419 420 for (i = 0; i < num_events; i++, opcode++) 421 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 422 } 423 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 425 rp, rp_size); 426 kfree(rp); 427 428 return err; 429} 430 431static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 432 u16 data_len) 433{ 434 struct mgmt_rp_read_index_list *rp; 435 struct hci_dev *d; 436 size_t rp_len; 437 u16 count; 438 int err; 439 440 bt_dev_dbg(hdev, "sock %p", sk); 441 442 read_lock(&hci_dev_list_lock); 443 444 count = 0; 445 list_for_each_entry(d, &hci_dev_list, list) { 446 if (d->dev_type == HCI_PRIMARY && 447 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 448 count++; 449 } 450 451 rp_len = sizeof(*rp) + (2 * count); 452 rp = kmalloc(rp_len, GFP_ATOMIC); 453 if (!rp) { 454 read_unlock(&hci_dev_list_lock); 455 return -ENOMEM; 456 } 457 458 count = 0; 459 list_for_each_entry(d, &hci_dev_list, list) { 460 if (hci_dev_test_flag(d, HCI_SETUP) || 461 hci_dev_test_flag(d, HCI_CONFIG) || 462 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 463 continue; 464 465 /* Devices marked as raw-only are neither configured 466 * nor unconfigured controllers. 467 */ 468 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 469 continue; 470 471 if (d->dev_type == HCI_PRIMARY && 472 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 473 rp->index[count++] = cpu_to_le16(d->id); 474 bt_dev_dbg(hdev, "Added hci%u", d->id); 475 } 476 } 477 478 rp->num_controllers = cpu_to_le16(count); 479 rp_len = sizeof(*rp) + (2 * count); 480 481 read_unlock(&hci_dev_list_lock); 482 483 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 484 0, rp, rp_len); 485 486 kfree(rp); 487 488 return err; 489} 490 491static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 492 void *data, u16 data_len) 493{ 494 struct mgmt_rp_read_unconf_index_list *rp; 495 struct hci_dev *d; 496 size_t rp_len; 497 u16 count; 498 int err; 499 500 bt_dev_dbg(hdev, "sock %p", sk); 501 502 read_lock(&hci_dev_list_lock); 503 504 count = 0; 505 list_for_each_entry(d, &hci_dev_list, list) { 506 if (d->dev_type == HCI_PRIMARY && 507 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 508 count++; 509 } 510 511 rp_len = sizeof(*rp) + (2 * count); 512 rp = kmalloc(rp_len, GFP_ATOMIC); 513 if (!rp) { 514 read_unlock(&hci_dev_list_lock); 515 return -ENOMEM; 516 } 517 518 count = 0; 519 list_for_each_entry(d, &hci_dev_list, list) { 520 if (hci_dev_test_flag(d, HCI_SETUP) || 521 hci_dev_test_flag(d, HCI_CONFIG) || 522 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 523 continue; 524 525 /* Devices marked as raw-only are neither configured 526 * nor unconfigured controllers. 527 */ 528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 529 continue; 530 531 if (d->dev_type == HCI_PRIMARY && 532 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 533 rp->index[count++] = cpu_to_le16(d->id); 534 bt_dev_dbg(hdev, "Added hci%u", d->id); 535 } 536 } 537 538 rp->num_controllers = cpu_to_le16(count); 539 rp_len = sizeof(*rp) + (2 * count); 540 541 read_unlock(&hci_dev_list_lock); 542 543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 544 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 545 546 kfree(rp); 547 548 return err; 549} 550 551static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 552 void *data, u16 data_len) 553{ 554 struct mgmt_rp_read_ext_index_list *rp; 555 struct hci_dev *d; 556 u16 count; 557 int err; 558 559 bt_dev_dbg(hdev, "sock %p", sk); 560 561 read_lock(&hci_dev_list_lock); 562 563 count = 0; 564 list_for_each_entry(d, &hci_dev_list, list) { 565 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 566 count++; 567 } 568 569 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 570 if (!rp) { 571 read_unlock(&hci_dev_list_lock); 572 return -ENOMEM; 573 } 574 575 count = 0; 576 list_for_each_entry(d, &hci_dev_list, list) { 577 if (hci_dev_test_flag(d, HCI_SETUP) || 578 hci_dev_test_flag(d, HCI_CONFIG) || 579 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 580 continue; 581 582 /* Devices marked as raw-only are neither configured 583 * nor unconfigured controllers. 584 */ 585 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 586 continue; 587 588 if (d->dev_type == HCI_PRIMARY) { 589 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 590 rp->entry[count].type = 0x01; 591 else 592 rp->entry[count].type = 0x00; 593 } else if (d->dev_type == HCI_AMP) { 594 rp->entry[count].type = 0x02; 595 } else { 596 continue; 597 } 598 599 rp->entry[count].bus = d->bus; 600 rp->entry[count++].index = cpu_to_le16(d->id); 601 bt_dev_dbg(hdev, "Added hci%u", d->id); 602 } 603 604 rp->num_controllers = cpu_to_le16(count); 605 606 read_unlock(&hci_dev_list_lock); 607 608 /* If this command is called at least once, then all the 609 * default index and unconfigured index events are disabled 610 * and from now on only extended index events are used. 611 */ 612 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 613 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 614 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 615 616 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 617 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 618 struct_size(rp, entry, count)); 619 620 kfree(rp); 621 622 return err; 623} 624 625static bool is_configured(struct hci_dev *hdev) 626{ 627 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 628 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 629 return false; 630 631 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 632 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 633 !bacmp(&hdev->public_addr, BDADDR_ANY)) 634 return false; 635 636 return true; 637} 638 639static __le32 get_missing_options(struct hci_dev *hdev) 640{ 641 u32 options = 0; 642 643 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 644 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 645 options |= MGMT_OPTION_EXTERNAL_CONFIG; 646 647 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 648 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 649 !bacmp(&hdev->public_addr, BDADDR_ANY)) 650 options |= MGMT_OPTION_PUBLIC_ADDRESS; 651 652 return cpu_to_le32(options); 653} 654 655static int new_options(struct hci_dev *hdev, struct sock *skip) 656{ 657 __le32 options = get_missing_options(hdev); 658 659 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 660 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 661} 662 663static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 664{ 665 __le32 options = get_missing_options(hdev); 666 667 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 668 sizeof(options)); 669} 670 671static int read_config_info(struct sock *sk, struct hci_dev *hdev, 672 void *data, u16 data_len) 673{ 674 struct mgmt_rp_read_config_info rp; 675 u32 options = 0; 676 677 bt_dev_dbg(hdev, "sock %p", sk); 678 679 hci_dev_lock(hdev); 680 681 memset(&rp, 0, sizeof(rp)); 682 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 683 684 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 685 options |= MGMT_OPTION_EXTERNAL_CONFIG; 686 687 if (hdev->set_bdaddr) 688 options |= MGMT_OPTION_PUBLIC_ADDRESS; 689 690 rp.supported_options = cpu_to_le32(options); 691 rp.missing_options = get_missing_options(hdev); 692 693 hci_dev_unlock(hdev); 694 695 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 696 &rp, sizeof(rp)); 697} 698 699static u32 get_supported_phys(struct hci_dev *hdev) 700{ 701 u32 supported_phys = 0; 702 703 if (lmp_bredr_capable(hdev)) { 704 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 705 706 if (hdev->features[0][0] & LMP_3SLOT) 707 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 708 709 if (hdev->features[0][0] & LMP_5SLOT) 710 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 711 712 if (lmp_edr_2m_capable(hdev)) { 713 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 714 715 if (lmp_edr_3slot_capable(hdev)) 716 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 717 718 if (lmp_edr_5slot_capable(hdev)) 719 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 720 721 if (lmp_edr_3m_capable(hdev)) { 722 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 723 724 if (lmp_edr_3slot_capable(hdev)) 725 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 726 727 if (lmp_edr_5slot_capable(hdev)) 728 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 729 } 730 } 731 } 732 733 if (lmp_le_capable(hdev)) { 734 supported_phys |= MGMT_PHY_LE_1M_TX; 735 supported_phys |= MGMT_PHY_LE_1M_RX; 736 737 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 738 supported_phys |= MGMT_PHY_LE_2M_TX; 739 supported_phys |= MGMT_PHY_LE_2M_RX; 740 } 741 742 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 743 supported_phys |= MGMT_PHY_LE_CODED_TX; 744 supported_phys |= MGMT_PHY_LE_CODED_RX; 745 } 746 } 747 748 return supported_phys; 749} 750 751static u32 get_selected_phys(struct hci_dev *hdev) 752{ 753 u32 selected_phys = 0; 754 755 if (lmp_bredr_capable(hdev)) { 756 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 757 758 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 759 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 760 761 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 762 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 763 764 if (lmp_edr_2m_capable(hdev)) { 765 if (!(hdev->pkt_type & HCI_2DH1)) 766 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 767 768 if (lmp_edr_3slot_capable(hdev) && 769 !(hdev->pkt_type & HCI_2DH3)) 770 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 771 772 if (lmp_edr_5slot_capable(hdev) && 773 !(hdev->pkt_type & HCI_2DH5)) 774 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 775 776 if (lmp_edr_3m_capable(hdev)) { 777 if (!(hdev->pkt_type & HCI_3DH1)) 778 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 779 780 if (lmp_edr_3slot_capable(hdev) && 781 !(hdev->pkt_type & HCI_3DH3)) 782 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 783 784 if (lmp_edr_5slot_capable(hdev) && 785 !(hdev->pkt_type & HCI_3DH5)) 786 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 787 } 788 } 789 } 790 791 if (lmp_le_capable(hdev)) { 792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 793 selected_phys |= MGMT_PHY_LE_1M_TX; 794 795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 796 selected_phys |= MGMT_PHY_LE_1M_RX; 797 798 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 799 selected_phys |= MGMT_PHY_LE_2M_TX; 800 801 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 802 selected_phys |= MGMT_PHY_LE_2M_RX; 803 804 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 805 selected_phys |= MGMT_PHY_LE_CODED_TX; 806 807 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 808 selected_phys |= MGMT_PHY_LE_CODED_RX; 809 } 810 811 return selected_phys; 812} 813 814static u32 get_configurable_phys(struct hci_dev *hdev) 815{ 816 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 817 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 818} 819 820static u32 get_supported_settings(struct hci_dev *hdev) 821{ 822 u32 settings = 0; 823 824 settings |= MGMT_SETTING_POWERED; 825 settings |= MGMT_SETTING_BONDABLE; 826 settings |= MGMT_SETTING_DEBUG_KEYS; 827 settings |= MGMT_SETTING_CONNECTABLE; 828 settings |= MGMT_SETTING_DISCOVERABLE; 829 830 if (lmp_bredr_capable(hdev)) { 831 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 832 settings |= MGMT_SETTING_FAST_CONNECTABLE; 833 settings |= MGMT_SETTING_BREDR; 834 settings |= MGMT_SETTING_LINK_SECURITY; 835 836 if (lmp_ssp_capable(hdev)) { 837 settings |= MGMT_SETTING_SSP; 838 if (IS_ENABLED(CONFIG_BT_HS)) 839 settings |= MGMT_SETTING_HS; 840 } 841 842 if (lmp_sc_capable(hdev)) 843 settings |= MGMT_SETTING_SECURE_CONN; 844 845 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 846 &hdev->quirks)) 847 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 848 } 849 850 if (lmp_le_capable(hdev)) { 851 settings |= MGMT_SETTING_LE; 852 settings |= MGMT_SETTING_SECURE_CONN; 853 settings |= MGMT_SETTING_PRIVACY; 854 settings |= MGMT_SETTING_STATIC_ADDRESS; 855 settings |= MGMT_SETTING_ADVERTISING; 856 } 857 858 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 859 hdev->set_bdaddr) 860 settings |= MGMT_SETTING_CONFIGURATION; 861 862 if (cis_central_capable(hdev)) 863 settings |= MGMT_SETTING_CIS_CENTRAL; 864 865 if (cis_peripheral_capable(hdev)) 866 settings |= MGMT_SETTING_CIS_PERIPHERAL; 867 868 settings |= MGMT_SETTING_PHY_CONFIGURATION; 869 870 return settings; 871} 872 873static u32 get_current_settings(struct hci_dev *hdev) 874{ 875 u32 settings = 0; 876 877 if (hdev_is_powered(hdev)) 878 settings |= MGMT_SETTING_POWERED; 879 880 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 881 settings |= MGMT_SETTING_CONNECTABLE; 882 883 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 884 settings |= MGMT_SETTING_FAST_CONNECTABLE; 885 886 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 887 settings |= MGMT_SETTING_DISCOVERABLE; 888 889 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 890 settings |= MGMT_SETTING_BONDABLE; 891 892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 893 settings |= MGMT_SETTING_BREDR; 894 895 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 896 settings |= MGMT_SETTING_LE; 897 898 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 899 settings |= MGMT_SETTING_LINK_SECURITY; 900 901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 902 settings |= MGMT_SETTING_SSP; 903 904 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 905 settings |= MGMT_SETTING_HS; 906 907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 908 settings |= MGMT_SETTING_ADVERTISING; 909 910 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 911 settings |= MGMT_SETTING_SECURE_CONN; 912 913 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 914 settings |= MGMT_SETTING_DEBUG_KEYS; 915 916 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 917 settings |= MGMT_SETTING_PRIVACY; 918 919 /* The current setting for static address has two purposes. The 920 * first is to indicate if the static address will be used and 921 * the second is to indicate if it is actually set. 922 * 923 * This means if the static address is not configured, this flag 924 * will never be set. If the address is configured, then if the 925 * address is actually used decides if the flag is set or not. 926 * 927 * For single mode LE only controllers and dual-mode controllers 928 * with BR/EDR disabled, the existence of the static address will 929 * be evaluated. 930 */ 931 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 932 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 933 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 934 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 935 settings |= MGMT_SETTING_STATIC_ADDRESS; 936 } 937 938 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED)) 939 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 940 941 if (cis_central_capable(hdev)) 942 settings |= MGMT_SETTING_CIS_CENTRAL; 943 944 if (cis_peripheral_capable(hdev)) 945 settings |= MGMT_SETTING_CIS_PERIPHERAL; 946 947 return settings; 948} 949 950static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 951{ 952 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 953} 954 955u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 956{ 957 struct mgmt_pending_cmd *cmd; 958 959 /* If there's a pending mgmt command the flags will not yet have 960 * their final values, so check for this first. 961 */ 962 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 963 if (cmd) { 964 struct mgmt_mode *cp = cmd->param; 965 if (cp->val == 0x01) 966 return LE_AD_GENERAL; 967 else if (cp->val == 0x02) 968 return LE_AD_LIMITED; 969 } else { 970 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 971 return LE_AD_LIMITED; 972 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 973 return LE_AD_GENERAL; 974 } 975 976 return 0; 977} 978 979bool mgmt_get_connectable(struct hci_dev *hdev) 980{ 981 struct mgmt_pending_cmd *cmd; 982 983 /* If there's a pending mgmt command the flag will not yet have 984 * it's final value, so check for this first. 985 */ 986 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 987 if (cmd) { 988 struct mgmt_mode *cp = cmd->param; 989 990 return cp->val; 991 } 992 993 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 994} 995 996static int service_cache_sync(struct hci_dev *hdev, void *data) 997{ 998 hci_update_eir_sync(hdev); 999 hci_update_class_sync(hdev); 1000 1001 return 0; 1002} 1003 1004static void service_cache_off(struct work_struct *work) 1005{ 1006 struct hci_dev *hdev = container_of(work, struct hci_dev, 1007 service_cache.work); 1008 1009 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 1010 return; 1011 1012 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL); 1013} 1014 1015static int rpa_expired_sync(struct hci_dev *hdev, void *data) 1016{ 1017 /* The generation of a new RPA and programming it into the 1018 * controller happens in the hci_req_enable_advertising() 1019 * function. 1020 */ 1021 if (ext_adv_capable(hdev)) 1022 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance); 1023 else 1024 return hci_enable_advertising_sync(hdev); 1025} 1026 1027static void rpa_expired(struct work_struct *work) 1028{ 1029 struct hci_dev *hdev = container_of(work, struct hci_dev, 1030 rpa_expired.work); 1031 1032 bt_dev_dbg(hdev, ""); 1033 1034 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1035 1036 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1037 return; 1038 1039 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL); 1040} 1041 1042static void discov_off(struct work_struct *work) 1043{ 1044 struct hci_dev *hdev = container_of(work, struct hci_dev, 1045 discov_off.work); 1046 1047 bt_dev_dbg(hdev, ""); 1048 1049 hci_dev_lock(hdev); 1050 1051 /* When discoverable timeout triggers, then just make sure 1052 * the limited discoverable flag is cleared. Even in the case 1053 * of a timeout triggered from general discoverable, it is 1054 * safe to unconditionally clear the flag. 1055 */ 1056 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1057 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1058 hdev->discov_timeout = 0; 1059 1060 hci_update_discoverable(hdev); 1061 1062 mgmt_new_settings(hdev); 1063 1064 hci_dev_unlock(hdev); 1065} 1066 1067static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev); 1068 1069static void mesh_send_complete(struct hci_dev *hdev, 1070 struct mgmt_mesh_tx *mesh_tx, bool silent) 1071{ 1072 u8 handle = mesh_tx->handle; 1073 1074 if (!silent) 1075 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle, 1076 sizeof(handle), NULL); 1077 1078 mgmt_mesh_remove(mesh_tx); 1079} 1080 1081static int mesh_send_done_sync(struct hci_dev *hdev, void *data) 1082{ 1083 struct mgmt_mesh_tx *mesh_tx; 1084 1085 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 1086 hci_disable_advertising_sync(hdev); 1087 mesh_tx = mgmt_mesh_next(hdev, NULL); 1088 1089 if (mesh_tx) 1090 mesh_send_complete(hdev, mesh_tx, false); 1091 1092 return 0; 1093} 1094 1095static int mesh_send_sync(struct hci_dev *hdev, void *data); 1096static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err); 1097static void mesh_next(struct hci_dev *hdev, void *data, int err) 1098{ 1099 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL); 1100 1101 if (!mesh_tx) 1102 return; 1103 1104 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 1105 mesh_send_start_complete); 1106 1107 if (err < 0) 1108 mesh_send_complete(hdev, mesh_tx, false); 1109 else 1110 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 1111} 1112 1113static void mesh_send_done(struct work_struct *work) 1114{ 1115 struct hci_dev *hdev = container_of(work, struct hci_dev, 1116 mesh_send_done.work); 1117 1118 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING)) 1119 return; 1120 1121 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next); 1122} 1123 1124static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 1125{ 1126 if (hci_dev_test_flag(hdev, HCI_MGMT)) 1127 return; 1128 1129 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION); 1130 1131 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 1132 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 1133 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 1134 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done); 1135 1136 /* Non-mgmt controlled devices get this bit set 1137 * implicitly so that pairing works for them, however 1138 * for mgmt we require user-space to explicitly enable 1139 * it 1140 */ 1141 hci_dev_clear_flag(hdev, HCI_BONDABLE); 1142 1143 hci_dev_set_flag(hdev, HCI_MGMT); 1144} 1145 1146static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1147 void *data, u16 data_len) 1148{ 1149 struct mgmt_rp_read_info rp; 1150 1151 bt_dev_dbg(hdev, "sock %p", sk); 1152 1153 hci_dev_lock(hdev); 1154 1155 memset(&rp, 0, sizeof(rp)); 1156 1157 bacpy(&rp.bdaddr, &hdev->bdaddr); 1158 1159 rp.version = hdev->hci_ver; 1160 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 1161 1162 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1163 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 1164 1165 memcpy(rp.dev_class, hdev->dev_class, 3); 1166 1167 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 1168 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 1169 1170 hci_dev_unlock(hdev); 1171 1172 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 1173 sizeof(rp)); 1174} 1175 1176static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 1177{ 1178 u16 eir_len = 0; 1179 size_t name_len; 1180 1181 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1182 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1183 hdev->dev_class, 3); 1184 1185 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1186 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1187 hdev->appearance); 1188 1189 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name)); 1190 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1191 hdev->dev_name, name_len); 1192 1193 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name)); 1194 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1195 hdev->short_name, name_len); 1196 1197 return eir_len; 1198} 1199 1200static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1201 void *data, u16 data_len) 1202{ 1203 char buf[512]; 1204 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1205 u16 eir_len; 1206 1207 bt_dev_dbg(hdev, "sock %p", sk); 1208 1209 memset(&buf, 0, sizeof(buf)); 1210 1211 hci_dev_lock(hdev); 1212 1213 bacpy(&rp->bdaddr, &hdev->bdaddr); 1214 1215 rp->version = hdev->hci_ver; 1216 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1217 1218 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1219 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1220 1221 1222 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1223 rp->eir_len = cpu_to_le16(eir_len); 1224 1225 hci_dev_unlock(hdev); 1226 1227 /* If this command is called at least once, then the events 1228 * for class of device and local name changes are disabled 1229 * and only the new extended controller information event 1230 * is used. 1231 */ 1232 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1233 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1234 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1235 1236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1237 sizeof(*rp) + eir_len); 1238} 1239 1240static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1241{ 1242 char buf[512]; 1243 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1244 u16 eir_len; 1245 1246 memset(buf, 0, sizeof(buf)); 1247 1248 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1249 ev->eir_len = cpu_to_le16(eir_len); 1250 1251 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1252 sizeof(*ev) + eir_len, 1253 HCI_MGMT_EXT_INFO_EVENTS, skip); 1254} 1255 1256static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1257{ 1258 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1259 1260 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1261 sizeof(settings)); 1262} 1263 1264void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1265{ 1266 struct mgmt_ev_advertising_added ev; 1267 1268 ev.instance = instance; 1269 1270 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1271} 1272 1273void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1274 u8 instance) 1275{ 1276 struct mgmt_ev_advertising_removed ev; 1277 1278 ev.instance = instance; 1279 1280 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1281} 1282 1283static void cancel_adv_timeout(struct hci_dev *hdev) 1284{ 1285 if (hdev->adv_instance_timeout) { 1286 hdev->adv_instance_timeout = 0; 1287 cancel_delayed_work(&hdev->adv_instance_expire); 1288 } 1289} 1290 1291/* This function requires the caller holds hdev->lock */ 1292static void restart_le_actions(struct hci_dev *hdev) 1293{ 1294 struct hci_conn_params *p; 1295 1296 list_for_each_entry(p, &hdev->le_conn_params, list) { 1297 /* Needed for AUTO_OFF case where might not "really" 1298 * have been powered off. 1299 */ 1300 list_del_init(&p->action); 1301 1302 switch (p->auto_connect) { 1303 case HCI_AUTO_CONN_DIRECT: 1304 case HCI_AUTO_CONN_ALWAYS: 1305 list_add(&p->action, &hdev->pend_le_conns); 1306 break; 1307 case HCI_AUTO_CONN_REPORT: 1308 list_add(&p->action, &hdev->pend_le_reports); 1309 break; 1310 default: 1311 break; 1312 } 1313 } 1314} 1315 1316static int new_settings(struct hci_dev *hdev, struct sock *skip) 1317{ 1318 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1319 1320 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1321 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1322} 1323 1324static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err) 1325{ 1326 struct mgmt_pending_cmd *cmd = data; 1327 struct mgmt_mode *cp; 1328 1329 /* Make sure cmd still outstanding. */ 1330 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev)) 1331 return; 1332 1333 cp = cmd->param; 1334 1335 bt_dev_dbg(hdev, "err %d", err); 1336 1337 if (!err) { 1338 if (cp->val) { 1339 hci_dev_lock(hdev); 1340 restart_le_actions(hdev); 1341 hci_update_passive_scan(hdev); 1342 hci_dev_unlock(hdev); 1343 } 1344 1345 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 1346 1347 /* Only call new_setting for power on as power off is deferred 1348 * to hdev->power_off work which does call hci_dev_do_close. 1349 */ 1350 if (cp->val) 1351 new_settings(hdev, cmd->sk); 1352 } else { 1353 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, 1354 mgmt_status(err)); 1355 } 1356 1357 mgmt_pending_remove(cmd); 1358} 1359 1360static int set_powered_sync(struct hci_dev *hdev, void *data) 1361{ 1362 struct mgmt_pending_cmd *cmd = data; 1363 struct mgmt_mode *cp = cmd->param; 1364 1365 BT_DBG("%s", hdev->name); 1366 1367 return hci_set_powered_sync(hdev, cp->val); 1368} 1369 1370static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1371 u16 len) 1372{ 1373 struct mgmt_mode *cp = data; 1374 struct mgmt_pending_cmd *cmd; 1375 int err; 1376 1377 bt_dev_dbg(hdev, "sock %p", sk); 1378 1379 if (cp->val != 0x00 && cp->val != 0x01) 1380 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1381 MGMT_STATUS_INVALID_PARAMS); 1382 1383 hci_dev_lock(hdev); 1384 1385 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1386 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1387 MGMT_STATUS_BUSY); 1388 goto failed; 1389 } 1390 1391 if (!!cp->val == hdev_is_powered(hdev)) { 1392 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1393 goto failed; 1394 } 1395 1396 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1397 if (!cmd) { 1398 err = -ENOMEM; 1399 goto failed; 1400 } 1401 1402 /* Cancel potentially blocking sync operation before power off */ 1403 if (cp->val == 0x00) { 1404 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN); 1405 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd, 1406 mgmt_set_powered_complete); 1407 } else { 1408 /* Use hci_cmd_sync_submit since hdev might not be running */ 1409 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd, 1410 mgmt_set_powered_complete); 1411 } 1412 1413 if (err < 0) 1414 mgmt_pending_remove(cmd); 1415 1416failed: 1417 hci_dev_unlock(hdev); 1418 return err; 1419} 1420 1421int mgmt_new_settings(struct hci_dev *hdev) 1422{ 1423 return new_settings(hdev, NULL); 1424} 1425 1426struct cmd_lookup { 1427 struct sock *sk; 1428 struct hci_dev *hdev; 1429 u8 mgmt_status; 1430}; 1431 1432static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1433{ 1434 struct cmd_lookup *match = data; 1435 1436 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1437 1438 list_del(&cmd->list); 1439 1440 if (match->sk == NULL) { 1441 match->sk = cmd->sk; 1442 sock_hold(match->sk); 1443 } 1444 1445 mgmt_pending_free(cmd); 1446} 1447 1448static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1449{ 1450 u8 *status = data; 1451 1452 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1453 mgmt_pending_remove(cmd); 1454} 1455 1456static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1457{ 1458 if (cmd->cmd_complete) { 1459 u8 *status = data; 1460 1461 cmd->cmd_complete(cmd, *status); 1462 mgmt_pending_remove(cmd); 1463 1464 return; 1465 } 1466 1467 cmd_status_rsp(cmd, data); 1468} 1469 1470static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1471{ 1472 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1473 cmd->param, cmd->param_len); 1474} 1475 1476static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1477{ 1478 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1479 cmd->param, sizeof(struct mgmt_addr_info)); 1480} 1481 1482static u8 mgmt_bredr_support(struct hci_dev *hdev) 1483{ 1484 if (!lmp_bredr_capable(hdev)) 1485 return MGMT_STATUS_NOT_SUPPORTED; 1486 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1487 return MGMT_STATUS_REJECTED; 1488 else 1489 return MGMT_STATUS_SUCCESS; 1490} 1491 1492static u8 mgmt_le_support(struct hci_dev *hdev) 1493{ 1494 if (!lmp_le_capable(hdev)) 1495 return MGMT_STATUS_NOT_SUPPORTED; 1496 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1497 return MGMT_STATUS_REJECTED; 1498 else 1499 return MGMT_STATUS_SUCCESS; 1500} 1501 1502static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data, 1503 int err) 1504{ 1505 struct mgmt_pending_cmd *cmd = data; 1506 1507 bt_dev_dbg(hdev, "err %d", err); 1508 1509 /* Make sure cmd still outstanding. */ 1510 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 1511 return; 1512 1513 hci_dev_lock(hdev); 1514 1515 if (err) { 1516 u8 mgmt_err = mgmt_status(err); 1517 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1518 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1519 goto done; 1520 } 1521 1522 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1523 hdev->discov_timeout > 0) { 1524 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1525 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1526 } 1527 1528 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1529 new_settings(hdev, cmd->sk); 1530 1531done: 1532 mgmt_pending_remove(cmd); 1533 hci_dev_unlock(hdev); 1534} 1535 1536static int set_discoverable_sync(struct hci_dev *hdev, void *data) 1537{ 1538 BT_DBG("%s", hdev->name); 1539 1540 return hci_update_discoverable_sync(hdev); 1541} 1542 1543static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1544 u16 len) 1545{ 1546 struct mgmt_cp_set_discoverable *cp = data; 1547 struct mgmt_pending_cmd *cmd; 1548 u16 timeout; 1549 int err; 1550 1551 bt_dev_dbg(hdev, "sock %p", sk); 1552 1553 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1554 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1556 MGMT_STATUS_REJECTED); 1557 1558 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1560 MGMT_STATUS_INVALID_PARAMS); 1561 1562 timeout = __le16_to_cpu(cp->timeout); 1563 1564 /* Disabling discoverable requires that no timeout is set, 1565 * and enabling limited discoverable requires a timeout. 1566 */ 1567 if ((cp->val == 0x00 && timeout > 0) || 1568 (cp->val == 0x02 && timeout == 0)) 1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1570 MGMT_STATUS_INVALID_PARAMS); 1571 1572 hci_dev_lock(hdev); 1573 1574 if (!hdev_is_powered(hdev) && timeout > 0) { 1575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1576 MGMT_STATUS_NOT_POWERED); 1577 goto failed; 1578 } 1579 1580 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1581 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1583 MGMT_STATUS_BUSY); 1584 goto failed; 1585 } 1586 1587 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1589 MGMT_STATUS_REJECTED); 1590 goto failed; 1591 } 1592 1593 if (hdev->advertising_paused) { 1594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1595 MGMT_STATUS_BUSY); 1596 goto failed; 1597 } 1598 1599 if (!hdev_is_powered(hdev)) { 1600 bool changed = false; 1601 1602 /* Setting limited discoverable when powered off is 1603 * not a valid operation since it requires a timeout 1604 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1605 */ 1606 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1607 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1608 changed = true; 1609 } 1610 1611 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1612 if (err < 0) 1613 goto failed; 1614 1615 if (changed) 1616 err = new_settings(hdev, sk); 1617 1618 goto failed; 1619 } 1620 1621 /* If the current mode is the same, then just update the timeout 1622 * value with the new value. And if only the timeout gets updated, 1623 * then no need for any HCI transactions. 1624 */ 1625 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1626 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1627 HCI_LIMITED_DISCOVERABLE)) { 1628 cancel_delayed_work(&hdev->discov_off); 1629 hdev->discov_timeout = timeout; 1630 1631 if (cp->val && hdev->discov_timeout > 0) { 1632 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1633 queue_delayed_work(hdev->req_workqueue, 1634 &hdev->discov_off, to); 1635 } 1636 1637 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1638 goto failed; 1639 } 1640 1641 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1642 if (!cmd) { 1643 err = -ENOMEM; 1644 goto failed; 1645 } 1646 1647 /* Cancel any potential discoverable timeout that might be 1648 * still active and store new timeout value. The arming of 1649 * the timeout happens in the complete handler. 1650 */ 1651 cancel_delayed_work(&hdev->discov_off); 1652 hdev->discov_timeout = timeout; 1653 1654 if (cp->val) 1655 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1656 else 1657 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1658 1659 /* Limited discoverable mode */ 1660 if (cp->val == 0x02) 1661 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1662 else 1663 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1664 1665 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd, 1666 mgmt_set_discoverable_complete); 1667 1668 if (err < 0) 1669 mgmt_pending_remove(cmd); 1670 1671failed: 1672 hci_dev_unlock(hdev); 1673 return err; 1674} 1675 1676static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data, 1677 int err) 1678{ 1679 struct mgmt_pending_cmd *cmd = data; 1680 1681 bt_dev_dbg(hdev, "err %d", err); 1682 1683 /* Make sure cmd still outstanding. */ 1684 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 1685 return; 1686 1687 hci_dev_lock(hdev); 1688 1689 if (err) { 1690 u8 mgmt_err = mgmt_status(err); 1691 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1692 goto done; 1693 } 1694 1695 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1696 new_settings(hdev, cmd->sk); 1697 1698done: 1699 if (cmd) 1700 mgmt_pending_remove(cmd); 1701 1702 hci_dev_unlock(hdev); 1703} 1704 1705static int set_connectable_update_settings(struct hci_dev *hdev, 1706 struct sock *sk, u8 val) 1707{ 1708 bool changed = false; 1709 int err; 1710 1711 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1712 changed = true; 1713 1714 if (val) { 1715 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1716 } else { 1717 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1718 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1719 } 1720 1721 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1722 if (err < 0) 1723 return err; 1724 1725 if (changed) { 1726 hci_update_scan(hdev); 1727 hci_update_passive_scan(hdev); 1728 return new_settings(hdev, sk); 1729 } 1730 1731 return 0; 1732} 1733 1734static int set_connectable_sync(struct hci_dev *hdev, void *data) 1735{ 1736 BT_DBG("%s", hdev->name); 1737 1738 return hci_update_connectable_sync(hdev); 1739} 1740 1741static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1742 u16 len) 1743{ 1744 struct mgmt_mode *cp = data; 1745 struct mgmt_pending_cmd *cmd; 1746 int err; 1747 1748 bt_dev_dbg(hdev, "sock %p", sk); 1749 1750 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1751 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1753 MGMT_STATUS_REJECTED); 1754 1755 if (cp->val != 0x00 && cp->val != 0x01) 1756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1757 MGMT_STATUS_INVALID_PARAMS); 1758 1759 hci_dev_lock(hdev); 1760 1761 if (!hdev_is_powered(hdev)) { 1762 err = set_connectable_update_settings(hdev, sk, cp->val); 1763 goto failed; 1764 } 1765 1766 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1767 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1768 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1769 MGMT_STATUS_BUSY); 1770 goto failed; 1771 } 1772 1773 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1774 if (!cmd) { 1775 err = -ENOMEM; 1776 goto failed; 1777 } 1778 1779 if (cp->val) { 1780 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1781 } else { 1782 if (hdev->discov_timeout > 0) 1783 cancel_delayed_work(&hdev->discov_off); 1784 1785 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1786 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1787 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1788 } 1789 1790 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd, 1791 mgmt_set_connectable_complete); 1792 1793 if (err < 0) 1794 mgmt_pending_remove(cmd); 1795 1796failed: 1797 hci_dev_unlock(hdev); 1798 return err; 1799} 1800 1801static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1802 u16 len) 1803{ 1804 struct mgmt_mode *cp = data; 1805 bool changed; 1806 int err; 1807 1808 bt_dev_dbg(hdev, "sock %p", sk); 1809 1810 if (cp->val != 0x00 && cp->val != 0x01) 1811 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1812 MGMT_STATUS_INVALID_PARAMS); 1813 1814 hci_dev_lock(hdev); 1815 1816 if (cp->val) 1817 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1818 else 1819 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1820 1821 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1822 if (err < 0) 1823 goto unlock; 1824 1825 if (changed) { 1826 /* In limited privacy mode the change of bondable mode 1827 * may affect the local advertising address. 1828 */ 1829 hci_update_discoverable(hdev); 1830 1831 err = new_settings(hdev, sk); 1832 } 1833 1834unlock: 1835 hci_dev_unlock(hdev); 1836 return err; 1837} 1838 1839static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1840 u16 len) 1841{ 1842 struct mgmt_mode *cp = data; 1843 struct mgmt_pending_cmd *cmd; 1844 u8 val, status; 1845 int err; 1846 1847 bt_dev_dbg(hdev, "sock %p", sk); 1848 1849 status = mgmt_bredr_support(hdev); 1850 if (status) 1851 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1852 status); 1853 1854 if (cp->val != 0x00 && cp->val != 0x01) 1855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1856 MGMT_STATUS_INVALID_PARAMS); 1857 1858 hci_dev_lock(hdev); 1859 1860 if (!hdev_is_powered(hdev)) { 1861 bool changed = false; 1862 1863 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1864 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1865 changed = true; 1866 } 1867 1868 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1869 if (err < 0) 1870 goto failed; 1871 1872 if (changed) 1873 err = new_settings(hdev, sk); 1874 1875 goto failed; 1876 } 1877 1878 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1879 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1880 MGMT_STATUS_BUSY); 1881 goto failed; 1882 } 1883 1884 val = !!cp->val; 1885 1886 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1887 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1888 goto failed; 1889 } 1890 1891 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1892 if (!cmd) { 1893 err = -ENOMEM; 1894 goto failed; 1895 } 1896 1897 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1898 if (err < 0) { 1899 mgmt_pending_remove(cmd); 1900 goto failed; 1901 } 1902 1903failed: 1904 hci_dev_unlock(hdev); 1905 return err; 1906} 1907 1908static void set_ssp_complete(struct hci_dev *hdev, void *data, int err) 1909{ 1910 struct cmd_lookup match = { NULL, hdev }; 1911 struct mgmt_pending_cmd *cmd = data; 1912 struct mgmt_mode *cp = cmd->param; 1913 u8 enable = cp->val; 1914 bool changed; 1915 1916 /* Make sure cmd still outstanding. */ 1917 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev)) 1918 return; 1919 1920 if (err) { 1921 u8 mgmt_err = mgmt_status(err); 1922 1923 if (enable && hci_dev_test_and_clear_flag(hdev, 1924 HCI_SSP_ENABLED)) { 1925 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1926 new_settings(hdev, NULL); 1927 } 1928 1929 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 1930 &mgmt_err); 1931 return; 1932 } 1933 1934 if (enable) { 1935 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1936 } else { 1937 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 1938 1939 if (!changed) 1940 changed = hci_dev_test_and_clear_flag(hdev, 1941 HCI_HS_ENABLED); 1942 else 1943 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1944 } 1945 1946 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 1947 1948 if (changed) 1949 new_settings(hdev, match.sk); 1950 1951 if (match.sk) 1952 sock_put(match.sk); 1953 1954 hci_update_eir_sync(hdev); 1955} 1956 1957static int set_ssp_sync(struct hci_dev *hdev, void *data) 1958{ 1959 struct mgmt_pending_cmd *cmd = data; 1960 struct mgmt_mode *cp = cmd->param; 1961 bool changed = false; 1962 int err; 1963 1964 if (cp->val) 1965 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1966 1967 err = hci_write_ssp_mode_sync(hdev, cp->val); 1968 1969 if (!err && changed) 1970 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 1971 1972 return err; 1973} 1974 1975static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1976{ 1977 struct mgmt_mode *cp = data; 1978 struct mgmt_pending_cmd *cmd; 1979 u8 status; 1980 int err; 1981 1982 bt_dev_dbg(hdev, "sock %p", sk); 1983 1984 status = mgmt_bredr_support(hdev); 1985 if (status) 1986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1987 1988 if (!lmp_ssp_capable(hdev)) 1989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1990 MGMT_STATUS_NOT_SUPPORTED); 1991 1992 if (cp->val != 0x00 && cp->val != 0x01) 1993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1994 MGMT_STATUS_INVALID_PARAMS); 1995 1996 hci_dev_lock(hdev); 1997 1998 if (!hdev_is_powered(hdev)) { 1999 bool changed; 2000 2001 if (cp->val) { 2002 changed = !hci_dev_test_and_set_flag(hdev, 2003 HCI_SSP_ENABLED); 2004 } else { 2005 changed = hci_dev_test_and_clear_flag(hdev, 2006 HCI_SSP_ENABLED); 2007 if (!changed) 2008 changed = hci_dev_test_and_clear_flag(hdev, 2009 HCI_HS_ENABLED); 2010 else 2011 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 2012 } 2013 2014 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2015 if (err < 0) 2016 goto failed; 2017 2018 if (changed) 2019 err = new_settings(hdev, sk); 2020 2021 goto failed; 2022 } 2023 2024 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2026 MGMT_STATUS_BUSY); 2027 goto failed; 2028 } 2029 2030 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 2031 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2032 goto failed; 2033 } 2034 2035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 2036 if (!cmd) 2037 err = -ENOMEM; 2038 else 2039 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd, 2040 set_ssp_complete); 2041 2042 if (err < 0) { 2043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2044 MGMT_STATUS_FAILED); 2045 2046 if (cmd) 2047 mgmt_pending_remove(cmd); 2048 } 2049 2050failed: 2051 hci_dev_unlock(hdev); 2052 return err; 2053} 2054 2055static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2056{ 2057 struct mgmt_mode *cp = data; 2058 bool changed; 2059 u8 status; 2060 int err; 2061 2062 bt_dev_dbg(hdev, "sock %p", sk); 2063 2064 if (!IS_ENABLED(CONFIG_BT_HS)) 2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2066 MGMT_STATUS_NOT_SUPPORTED); 2067 2068 status = mgmt_bredr_support(hdev); 2069 if (status) 2070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 2071 2072 if (!lmp_ssp_capable(hdev)) 2073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2074 MGMT_STATUS_NOT_SUPPORTED); 2075 2076 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 2077 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2078 MGMT_STATUS_REJECTED); 2079 2080 if (cp->val != 0x00 && cp->val != 0x01) 2081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2082 MGMT_STATUS_INVALID_PARAMS); 2083 2084 hci_dev_lock(hdev); 2085 2086 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2087 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2088 MGMT_STATUS_BUSY); 2089 goto unlock; 2090 } 2091 2092 if (cp->val) { 2093 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 2094 } else { 2095 if (hdev_is_powered(hdev)) { 2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2097 MGMT_STATUS_REJECTED); 2098 goto unlock; 2099 } 2100 2101 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 2102 } 2103 2104 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 2105 if (err < 0) 2106 goto unlock; 2107 2108 if (changed) 2109 err = new_settings(hdev, sk); 2110 2111unlock: 2112 hci_dev_unlock(hdev); 2113 return err; 2114} 2115 2116static void set_le_complete(struct hci_dev *hdev, void *data, int err) 2117{ 2118 struct cmd_lookup match = { NULL, hdev }; 2119 u8 status = mgmt_status(err); 2120 2121 bt_dev_dbg(hdev, "err %d", err); 2122 2123 if (status) { 2124 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 2125 &status); 2126 return; 2127 } 2128 2129 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 2130 2131 new_settings(hdev, match.sk); 2132 2133 if (match.sk) 2134 sock_put(match.sk); 2135} 2136 2137static int set_le_sync(struct hci_dev *hdev, void *data) 2138{ 2139 struct mgmt_pending_cmd *cmd = data; 2140 struct mgmt_mode *cp = cmd->param; 2141 u8 val = !!cp->val; 2142 int err; 2143 2144 if (!val) { 2145 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true); 2146 2147 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2148 hci_disable_advertising_sync(hdev); 2149 2150 if (ext_adv_capable(hdev)) 2151 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk); 2152 } else { 2153 hci_dev_set_flag(hdev, HCI_LE_ENABLED); 2154 } 2155 2156 err = hci_write_le_host_supported_sync(hdev, val, 0); 2157 2158 /* Make sure the controller has a good default for 2159 * advertising data. Restrict the update to when LE 2160 * has actually been enabled. During power on, the 2161 * update in powered_update_hci will take care of it. 2162 */ 2163 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2164 if (ext_adv_capable(hdev)) { 2165 int status; 2166 2167 status = hci_setup_ext_adv_instance_sync(hdev, 0x00); 2168 if (!status) 2169 hci_update_scan_rsp_data_sync(hdev, 0x00); 2170 } else { 2171 hci_update_adv_data_sync(hdev, 0x00); 2172 hci_update_scan_rsp_data_sync(hdev, 0x00); 2173 } 2174 2175 hci_update_passive_scan(hdev); 2176 } 2177 2178 return err; 2179} 2180 2181static void set_mesh_complete(struct hci_dev *hdev, void *data, int err) 2182{ 2183 struct mgmt_pending_cmd *cmd = data; 2184 u8 status = mgmt_status(err); 2185 struct sock *sk = cmd->sk; 2186 2187 if (status) { 2188 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev, 2189 cmd_status_rsp, &status); 2190 return; 2191 } 2192 2193 mgmt_pending_remove(cmd); 2194 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0); 2195} 2196 2197static int set_mesh_sync(struct hci_dev *hdev, void *data) 2198{ 2199 struct mgmt_pending_cmd *cmd = data; 2200 struct mgmt_cp_set_mesh *cp = cmd->param; 2201 size_t len = cmd->param_len; 2202 2203 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types)); 2204 2205 if (cp->enable) 2206 hci_dev_set_flag(hdev, HCI_MESH); 2207 else 2208 hci_dev_clear_flag(hdev, HCI_MESH); 2209 2210 len -= sizeof(*cp); 2211 2212 /* If filters don't fit, forward all adv pkts */ 2213 if (len <= sizeof(hdev->mesh_ad_types)) 2214 memcpy(hdev->mesh_ad_types, cp->ad_types, len); 2215 2216 hci_update_passive_scan_sync(hdev); 2217 return 0; 2218} 2219 2220static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2221{ 2222 struct mgmt_cp_set_mesh *cp = data; 2223 struct mgmt_pending_cmd *cmd; 2224 int err = 0; 2225 2226 bt_dev_dbg(hdev, "sock %p", sk); 2227 2228 if (!lmp_le_capable(hdev) || 2229 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2230 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2231 MGMT_STATUS_NOT_SUPPORTED); 2232 2233 if (cp->enable != 0x00 && cp->enable != 0x01) 2234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2235 MGMT_STATUS_INVALID_PARAMS); 2236 2237 hci_dev_lock(hdev); 2238 2239 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len); 2240 if (!cmd) 2241 err = -ENOMEM; 2242 else 2243 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd, 2244 set_mesh_complete); 2245 2246 if (err < 0) { 2247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2248 MGMT_STATUS_FAILED); 2249 2250 if (cmd) 2251 mgmt_pending_remove(cmd); 2252 } 2253 2254 hci_dev_unlock(hdev); 2255 return err; 2256} 2257 2258static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err) 2259{ 2260 struct mgmt_mesh_tx *mesh_tx = data; 2261 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2262 unsigned long mesh_send_interval; 2263 u8 mgmt_err = mgmt_status(err); 2264 2265 /* Report any errors here, but don't report completion */ 2266 2267 if (mgmt_err) { 2268 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 2269 /* Send Complete Error Code for handle */ 2270 mesh_send_complete(hdev, mesh_tx, false); 2271 return; 2272 } 2273 2274 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25); 2275 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done, 2276 mesh_send_interval); 2277} 2278 2279static int mesh_send_sync(struct hci_dev *hdev, void *data) 2280{ 2281 struct mgmt_mesh_tx *mesh_tx = data; 2282 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2283 struct adv_info *adv, *next_instance; 2284 u8 instance = hdev->le_num_of_adv_sets + 1; 2285 u16 timeout, duration; 2286 int err = 0; 2287 2288 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt) 2289 return MGMT_STATUS_BUSY; 2290 2291 timeout = 1000; 2292 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval); 2293 adv = hci_add_adv_instance(hdev, instance, 0, 2294 send->adv_data_len, send->adv_data, 2295 0, NULL, 2296 timeout, duration, 2297 HCI_ADV_TX_POWER_NO_PREFERENCE, 2298 hdev->le_adv_min_interval, 2299 hdev->le_adv_max_interval, 2300 mesh_tx->handle); 2301 2302 if (!IS_ERR(adv)) 2303 mesh_tx->instance = instance; 2304 else 2305 err = PTR_ERR(adv); 2306 2307 if (hdev->cur_adv_instance == instance) { 2308 /* If the currently advertised instance is being changed then 2309 * cancel the current advertising and schedule the next 2310 * instance. If there is only one instance then the overridden 2311 * advertising data will be visible right away. 2312 */ 2313 cancel_adv_timeout(hdev); 2314 2315 next_instance = hci_get_next_instance(hdev, instance); 2316 if (next_instance) 2317 instance = next_instance->instance; 2318 else 2319 instance = 0; 2320 } else if (hdev->adv_instance_timeout) { 2321 /* Immediately advertise the new instance if no other, or 2322 * let it go naturally from queue if ADV is already happening 2323 */ 2324 instance = 0; 2325 } 2326 2327 if (instance) 2328 return hci_schedule_adv_instance_sync(hdev, instance, true); 2329 2330 return err; 2331} 2332 2333static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data) 2334{ 2335 struct mgmt_rp_mesh_read_features *rp = data; 2336 2337 if (rp->used_handles >= rp->max_handles) 2338 return; 2339 2340 rp->handles[rp->used_handles++] = mesh_tx->handle; 2341} 2342 2343static int mesh_features(struct sock *sk, struct hci_dev *hdev, 2344 void *data, u16 len) 2345{ 2346 struct mgmt_rp_mesh_read_features rp; 2347 2348 if (!lmp_le_capable(hdev) || 2349 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 2351 MGMT_STATUS_NOT_SUPPORTED); 2352 2353 memset(&rp, 0, sizeof(rp)); 2354 rp.index = cpu_to_le16(hdev->id); 2355 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2356 rp.max_handles = MESH_HANDLES_MAX; 2357 2358 hci_dev_lock(hdev); 2359 2360 if (rp.max_handles) 2361 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2362 2363 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp, 2364 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX); 2365 2366 hci_dev_unlock(hdev); 2367 return 0; 2368} 2369 2370static int send_cancel(struct hci_dev *hdev, void *data) 2371{ 2372 struct mgmt_pending_cmd *cmd = data; 2373 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param; 2374 struct mgmt_mesh_tx *mesh_tx; 2375 2376 if (!cancel->handle) { 2377 do { 2378 mesh_tx = mgmt_mesh_next(hdev, cmd->sk); 2379 2380 if (mesh_tx) 2381 mesh_send_complete(hdev, mesh_tx, false); 2382 } while (mesh_tx); 2383 } else { 2384 mesh_tx = mgmt_mesh_find(hdev, cancel->handle); 2385 2386 if (mesh_tx && mesh_tx->sk == cmd->sk) 2387 mesh_send_complete(hdev, mesh_tx, false); 2388 } 2389 2390 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2391 0, NULL, 0); 2392 mgmt_pending_free(cmd); 2393 2394 return 0; 2395} 2396 2397static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev, 2398 void *data, u16 len) 2399{ 2400 struct mgmt_pending_cmd *cmd; 2401 int err; 2402 2403 if (!lmp_le_capable(hdev) || 2404 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2406 MGMT_STATUS_NOT_SUPPORTED); 2407 2408 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2410 MGMT_STATUS_REJECTED); 2411 2412 hci_dev_lock(hdev); 2413 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len); 2414 if (!cmd) 2415 err = -ENOMEM; 2416 else 2417 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL); 2418 2419 if (err < 0) { 2420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2421 MGMT_STATUS_FAILED); 2422 2423 if (cmd) 2424 mgmt_pending_free(cmd); 2425 } 2426 2427 hci_dev_unlock(hdev); 2428 return err; 2429} 2430 2431static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2432{ 2433 struct mgmt_mesh_tx *mesh_tx; 2434 struct mgmt_cp_mesh_send *send = data; 2435 struct mgmt_rp_mesh_read_features rp; 2436 bool sending; 2437 int err = 0; 2438 2439 if (!lmp_le_capable(hdev) || 2440 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2442 MGMT_STATUS_NOT_SUPPORTED); 2443 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) || 2444 len <= MGMT_MESH_SEND_SIZE || 2445 len > (MGMT_MESH_SEND_SIZE + 31)) 2446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2447 MGMT_STATUS_REJECTED); 2448 2449 hci_dev_lock(hdev); 2450 2451 memset(&rp, 0, sizeof(rp)); 2452 rp.max_handles = MESH_HANDLES_MAX; 2453 2454 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2455 2456 if (rp.max_handles <= rp.used_handles) { 2457 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2458 MGMT_STATUS_BUSY); 2459 goto done; 2460 } 2461 2462 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING); 2463 mesh_tx = mgmt_mesh_add(sk, hdev, send, len); 2464 2465 if (!mesh_tx) 2466 err = -ENOMEM; 2467 else if (!sending) 2468 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 2469 mesh_send_start_complete); 2470 2471 if (err < 0) { 2472 bt_dev_err(hdev, "Send Mesh Failed %d", err); 2473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2474 MGMT_STATUS_FAILED); 2475 2476 if (mesh_tx) { 2477 if (sending) 2478 mgmt_mesh_remove(mesh_tx); 2479 } 2480 } else { 2481 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 2482 2483 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0, 2484 &mesh_tx->handle, 1); 2485 } 2486 2487done: 2488 hci_dev_unlock(hdev); 2489 return err; 2490} 2491 2492static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2493{ 2494 struct mgmt_mode *cp = data; 2495 struct mgmt_pending_cmd *cmd; 2496 int err; 2497 u8 val, enabled; 2498 2499 bt_dev_dbg(hdev, "sock %p", sk); 2500 2501 if (!lmp_le_capable(hdev)) 2502 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2503 MGMT_STATUS_NOT_SUPPORTED); 2504 2505 if (cp->val != 0x00 && cp->val != 0x01) 2506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2507 MGMT_STATUS_INVALID_PARAMS); 2508 2509 /* Bluetooth single mode LE only controllers or dual-mode 2510 * controllers configured as LE only devices, do not allow 2511 * switching LE off. These have either LE enabled explicitly 2512 * or BR/EDR has been previously switched off. 2513 * 2514 * When trying to enable an already enabled LE, then gracefully 2515 * send a positive response. Trying to disable it however will 2516 * result into rejection. 2517 */ 2518 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 2519 if (cp->val == 0x01) 2520 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2521 2522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2523 MGMT_STATUS_REJECTED); 2524 } 2525 2526 hci_dev_lock(hdev); 2527 2528 val = !!cp->val; 2529 enabled = lmp_host_le_capable(hdev); 2530 2531 if (!hdev_is_powered(hdev) || val == enabled) { 2532 bool changed = false; 2533 2534 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2535 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 2536 changed = true; 2537 } 2538 2539 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 2540 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 2541 changed = true; 2542 } 2543 2544 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2545 if (err < 0) 2546 goto unlock; 2547 2548 if (changed) 2549 err = new_settings(hdev, sk); 2550 2551 goto unlock; 2552 } 2553 2554 if (pending_find(MGMT_OP_SET_LE, hdev) || 2555 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 2556 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2557 MGMT_STATUS_BUSY); 2558 goto unlock; 2559 } 2560 2561 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 2562 if (!cmd) 2563 err = -ENOMEM; 2564 else 2565 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd, 2566 set_le_complete); 2567 2568 if (err < 0) { 2569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2570 MGMT_STATUS_FAILED); 2571 2572 if (cmd) 2573 mgmt_pending_remove(cmd); 2574 } 2575 2576unlock: 2577 hci_dev_unlock(hdev); 2578 return err; 2579} 2580 2581/* This is a helper function to test for pending mgmt commands that can 2582 * cause CoD or EIR HCI commands. We can only allow one such pending 2583 * mgmt command at a time since otherwise we cannot easily track what 2584 * the current values are, will be, and based on that calculate if a new 2585 * HCI command needs to be sent and if yes with what value. 2586 */ 2587static bool pending_eir_or_class(struct hci_dev *hdev) 2588{ 2589 struct mgmt_pending_cmd *cmd; 2590 2591 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2592 switch (cmd->opcode) { 2593 case MGMT_OP_ADD_UUID: 2594 case MGMT_OP_REMOVE_UUID: 2595 case MGMT_OP_SET_DEV_CLASS: 2596 case MGMT_OP_SET_POWERED: 2597 return true; 2598 } 2599 } 2600 2601 return false; 2602} 2603 2604static const u8 bluetooth_base_uuid[] = { 2605 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2606 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2607}; 2608 2609static u8 get_uuid_size(const u8 *uuid) 2610{ 2611 u32 val; 2612 2613 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2614 return 128; 2615 2616 val = get_unaligned_le32(&uuid[12]); 2617 if (val > 0xffff) 2618 return 32; 2619 2620 return 16; 2621} 2622 2623static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err) 2624{ 2625 struct mgmt_pending_cmd *cmd = data; 2626 2627 bt_dev_dbg(hdev, "err %d", err); 2628 2629 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2630 mgmt_status(err), hdev->dev_class, 3); 2631 2632 mgmt_pending_free(cmd); 2633} 2634 2635static int add_uuid_sync(struct hci_dev *hdev, void *data) 2636{ 2637 int err; 2638 2639 err = hci_update_class_sync(hdev); 2640 if (err) 2641 return err; 2642 2643 return hci_update_eir_sync(hdev); 2644} 2645 2646static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2647{ 2648 struct mgmt_cp_add_uuid *cp = data; 2649 struct mgmt_pending_cmd *cmd; 2650 struct bt_uuid *uuid; 2651 int err; 2652 2653 bt_dev_dbg(hdev, "sock %p", sk); 2654 2655 hci_dev_lock(hdev); 2656 2657 if (pending_eir_or_class(hdev)) { 2658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2659 MGMT_STATUS_BUSY); 2660 goto failed; 2661 } 2662 2663 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2664 if (!uuid) { 2665 err = -ENOMEM; 2666 goto failed; 2667 } 2668 2669 memcpy(uuid->uuid, cp->uuid, 16); 2670 uuid->svc_hint = cp->svc_hint; 2671 uuid->size = get_uuid_size(cp->uuid); 2672 2673 list_add_tail(&uuid->list, &hdev->uuids); 2674 2675 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2676 if (!cmd) { 2677 err = -ENOMEM; 2678 goto failed; 2679 } 2680 2681 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete); 2682 if (err < 0) { 2683 mgmt_pending_free(cmd); 2684 goto failed; 2685 } 2686 2687failed: 2688 hci_dev_unlock(hdev); 2689 return err; 2690} 2691 2692static bool enable_service_cache(struct hci_dev *hdev) 2693{ 2694 if (!hdev_is_powered(hdev)) 2695 return false; 2696 2697 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2698 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2699 CACHE_TIMEOUT); 2700 return true; 2701 } 2702 2703 return false; 2704} 2705 2706static int remove_uuid_sync(struct hci_dev *hdev, void *data) 2707{ 2708 int err; 2709 2710 err = hci_update_class_sync(hdev); 2711 if (err) 2712 return err; 2713 2714 return hci_update_eir_sync(hdev); 2715} 2716 2717static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2718 u16 len) 2719{ 2720 struct mgmt_cp_remove_uuid *cp = data; 2721 struct mgmt_pending_cmd *cmd; 2722 struct bt_uuid *match, *tmp; 2723 static const u8 bt_uuid_any[] = { 2724 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 2725 }; 2726 int err, found; 2727 2728 bt_dev_dbg(hdev, "sock %p", sk); 2729 2730 hci_dev_lock(hdev); 2731 2732 if (pending_eir_or_class(hdev)) { 2733 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2734 MGMT_STATUS_BUSY); 2735 goto unlock; 2736 } 2737 2738 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2739 hci_uuids_clear(hdev); 2740 2741 if (enable_service_cache(hdev)) { 2742 err = mgmt_cmd_complete(sk, hdev->id, 2743 MGMT_OP_REMOVE_UUID, 2744 0, hdev->dev_class, 3); 2745 goto unlock; 2746 } 2747 2748 goto update_class; 2749 } 2750 2751 found = 0; 2752 2753 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2754 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2755 continue; 2756 2757 list_del(&match->list); 2758 kfree(match); 2759 found++; 2760 } 2761 2762 if (found == 0) { 2763 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2764 MGMT_STATUS_INVALID_PARAMS); 2765 goto unlock; 2766 } 2767 2768update_class: 2769 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2770 if (!cmd) { 2771 err = -ENOMEM; 2772 goto unlock; 2773 } 2774 2775 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd, 2776 mgmt_class_complete); 2777 if (err < 0) 2778 mgmt_pending_free(cmd); 2779 2780unlock: 2781 hci_dev_unlock(hdev); 2782 return err; 2783} 2784 2785static int set_class_sync(struct hci_dev *hdev, void *data) 2786{ 2787 int err = 0; 2788 2789 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2790 cancel_delayed_work_sync(&hdev->service_cache); 2791 err = hci_update_eir_sync(hdev); 2792 } 2793 2794 if (err) 2795 return err; 2796 2797 return hci_update_class_sync(hdev); 2798} 2799 2800static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2801 u16 len) 2802{ 2803 struct mgmt_cp_set_dev_class *cp = data; 2804 struct mgmt_pending_cmd *cmd; 2805 int err; 2806 2807 bt_dev_dbg(hdev, "sock %p", sk); 2808 2809 if (!lmp_bredr_capable(hdev)) 2810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2811 MGMT_STATUS_NOT_SUPPORTED); 2812 2813 hci_dev_lock(hdev); 2814 2815 if (pending_eir_or_class(hdev)) { 2816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2817 MGMT_STATUS_BUSY); 2818 goto unlock; 2819 } 2820 2821 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2822 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2823 MGMT_STATUS_INVALID_PARAMS); 2824 goto unlock; 2825 } 2826 2827 hdev->major_class = cp->major; 2828 hdev->minor_class = cp->minor; 2829 2830 if (!hdev_is_powered(hdev)) { 2831 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2832 hdev->dev_class, 3); 2833 goto unlock; 2834 } 2835 2836 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2837 if (!cmd) { 2838 err = -ENOMEM; 2839 goto unlock; 2840 } 2841 2842 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd, 2843 mgmt_class_complete); 2844 if (err < 0) 2845 mgmt_pending_free(cmd); 2846 2847unlock: 2848 hci_dev_unlock(hdev); 2849 return err; 2850} 2851 2852static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2853 u16 len) 2854{ 2855 struct mgmt_cp_load_link_keys *cp = data; 2856 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2857 sizeof(struct mgmt_link_key_info)); 2858 u16 key_count, expected_len; 2859 bool changed; 2860 int i; 2861 2862 bt_dev_dbg(hdev, "sock %p", sk); 2863 2864 if (!lmp_bredr_capable(hdev)) 2865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2866 MGMT_STATUS_NOT_SUPPORTED); 2867 2868 key_count = __le16_to_cpu(cp->key_count); 2869 if (key_count > max_key_count) { 2870 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2871 key_count); 2872 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2873 MGMT_STATUS_INVALID_PARAMS); 2874 } 2875 2876 expected_len = struct_size(cp, keys, key_count); 2877 if (expected_len != len) { 2878 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2879 expected_len, len); 2880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2881 MGMT_STATUS_INVALID_PARAMS); 2882 } 2883 2884 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2886 MGMT_STATUS_INVALID_PARAMS); 2887 2888 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys, 2889 key_count); 2890 2891 for (i = 0; i < key_count; i++) { 2892 struct mgmt_link_key_info *key = &cp->keys[i]; 2893 2894 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2895 return mgmt_cmd_status(sk, hdev->id, 2896 MGMT_OP_LOAD_LINK_KEYS, 2897 MGMT_STATUS_INVALID_PARAMS); 2898 } 2899 2900 hci_dev_lock(hdev); 2901 2902 hci_link_keys_clear(hdev); 2903 2904 if (cp->debug_keys) 2905 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2906 else 2907 changed = hci_dev_test_and_clear_flag(hdev, 2908 HCI_KEEP_DEBUG_KEYS); 2909 2910 if (changed) 2911 new_settings(hdev, NULL); 2912 2913 for (i = 0; i < key_count; i++) { 2914 struct mgmt_link_key_info *key = &cp->keys[i]; 2915 2916 if (hci_is_blocked_key(hdev, 2917 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2918 key->val)) { 2919 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2920 &key->addr.bdaddr); 2921 continue; 2922 } 2923 2924 /* Always ignore debug keys and require a new pairing if 2925 * the user wants to use them. 2926 */ 2927 if (key->type == HCI_LK_DEBUG_COMBINATION) 2928 continue; 2929 2930 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2931 key->type, key->pin_len, NULL); 2932 } 2933 2934 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2935 2936 hci_dev_unlock(hdev); 2937 2938 return 0; 2939} 2940 2941static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2942 u8 addr_type, struct sock *skip_sk) 2943{ 2944 struct mgmt_ev_device_unpaired ev; 2945 2946 bacpy(&ev.addr.bdaddr, bdaddr); 2947 ev.addr.type = addr_type; 2948 2949 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2950 skip_sk); 2951} 2952 2953static void unpair_device_complete(struct hci_dev *hdev, void *data, int err) 2954{ 2955 struct mgmt_pending_cmd *cmd = data; 2956 struct mgmt_cp_unpair_device *cp = cmd->param; 2957 2958 if (!err) 2959 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 2960 2961 cmd->cmd_complete(cmd, err); 2962 mgmt_pending_free(cmd); 2963} 2964 2965static int unpair_device_sync(struct hci_dev *hdev, void *data) 2966{ 2967 struct mgmt_pending_cmd *cmd = data; 2968 struct mgmt_cp_unpair_device *cp = cmd->param; 2969 struct hci_conn *conn; 2970 2971 if (cp->addr.type == BDADDR_BREDR) 2972 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2973 &cp->addr.bdaddr); 2974 else 2975 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2976 le_addr_type(cp->addr.type)); 2977 2978 if (!conn) 2979 return 0; 2980 2981 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM); 2982} 2983 2984static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2985 u16 len) 2986{ 2987 struct mgmt_cp_unpair_device *cp = data; 2988 struct mgmt_rp_unpair_device rp; 2989 struct hci_conn_params *params; 2990 struct mgmt_pending_cmd *cmd; 2991 struct hci_conn *conn; 2992 u8 addr_type; 2993 int err; 2994 2995 memset(&rp, 0, sizeof(rp)); 2996 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2997 rp.addr.type = cp->addr.type; 2998 2999 if (!bdaddr_type_is_valid(cp->addr.type)) 3000 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3001 MGMT_STATUS_INVALID_PARAMS, 3002 &rp, sizeof(rp)); 3003 3004 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 3005 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3006 MGMT_STATUS_INVALID_PARAMS, 3007 &rp, sizeof(rp)); 3008 3009 hci_dev_lock(hdev); 3010 3011 if (!hdev_is_powered(hdev)) { 3012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3013 MGMT_STATUS_NOT_POWERED, &rp, 3014 sizeof(rp)); 3015 goto unlock; 3016 } 3017 3018 if (cp->addr.type == BDADDR_BREDR) { 3019 /* If disconnection is requested, then look up the 3020 * connection. If the remote device is connected, it 3021 * will be later used to terminate the link. 3022 * 3023 * Setting it to NULL explicitly will cause no 3024 * termination of the link. 3025 */ 3026 if (cp->disconnect) 3027 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 3028 &cp->addr.bdaddr); 3029 else 3030 conn = NULL; 3031 3032 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 3033 if (err < 0) { 3034 err = mgmt_cmd_complete(sk, hdev->id, 3035 MGMT_OP_UNPAIR_DEVICE, 3036 MGMT_STATUS_NOT_PAIRED, &rp, 3037 sizeof(rp)); 3038 goto unlock; 3039 } 3040 3041 goto done; 3042 } 3043 3044 /* LE address type */ 3045 addr_type = le_addr_type(cp->addr.type); 3046 3047 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 3048 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 3049 if (err < 0) { 3050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3051 MGMT_STATUS_NOT_PAIRED, &rp, 3052 sizeof(rp)); 3053 goto unlock; 3054 } 3055 3056 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 3057 if (!conn) { 3058 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 3059 goto done; 3060 } 3061 3062 3063 /* Defer clearing up the connection parameters until closing to 3064 * give a chance of keeping them if a repairing happens. 3065 */ 3066 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3067 3068 /* Disable auto-connection parameters if present */ 3069 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 3070 if (params) { 3071 if (params->explicit_connect) 3072 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 3073 else 3074 params->auto_connect = HCI_AUTO_CONN_DISABLED; 3075 } 3076 3077 /* If disconnection is not requested, then clear the connection 3078 * variable so that the link is not terminated. 3079 */ 3080 if (!cp->disconnect) 3081 conn = NULL; 3082 3083done: 3084 /* If the connection variable is set, then termination of the 3085 * link is requested. 3086 */ 3087 if (!conn) { 3088 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 3089 &rp, sizeof(rp)); 3090 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 3091 goto unlock; 3092 } 3093 3094 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 3095 sizeof(*cp)); 3096 if (!cmd) { 3097 err = -ENOMEM; 3098 goto unlock; 3099 } 3100 3101 cmd->cmd_complete = addr_cmd_complete; 3102 3103 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd, 3104 unpair_device_complete); 3105 if (err < 0) 3106 mgmt_pending_free(cmd); 3107 3108unlock: 3109 hci_dev_unlock(hdev); 3110 return err; 3111} 3112 3113static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 3114 u16 len) 3115{ 3116 struct mgmt_cp_disconnect *cp = data; 3117 struct mgmt_rp_disconnect rp; 3118 struct mgmt_pending_cmd *cmd; 3119 struct hci_conn *conn; 3120 int err; 3121 3122 bt_dev_dbg(hdev, "sock %p", sk); 3123 3124 memset(&rp, 0, sizeof(rp)); 3125 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3126 rp.addr.type = cp->addr.type; 3127 3128 if (!bdaddr_type_is_valid(cp->addr.type)) 3129 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3130 MGMT_STATUS_INVALID_PARAMS, 3131 &rp, sizeof(rp)); 3132 3133 hci_dev_lock(hdev); 3134 3135 if (!test_bit(HCI_UP, &hdev->flags)) { 3136 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3137 MGMT_STATUS_NOT_POWERED, &rp, 3138 sizeof(rp)); 3139 goto failed; 3140 } 3141 3142 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 3143 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3144 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3145 goto failed; 3146 } 3147 3148 if (cp->addr.type == BDADDR_BREDR) 3149 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 3150 &cp->addr.bdaddr); 3151 else 3152 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 3153 le_addr_type(cp->addr.type)); 3154 3155 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 3156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3157 MGMT_STATUS_NOT_CONNECTED, &rp, 3158 sizeof(rp)); 3159 goto failed; 3160 } 3161 3162 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 3163 if (!cmd) { 3164 err = -ENOMEM; 3165 goto failed; 3166 } 3167 3168 cmd->cmd_complete = generic_cmd_complete; 3169 3170 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 3171 if (err < 0) 3172 mgmt_pending_remove(cmd); 3173 3174failed: 3175 hci_dev_unlock(hdev); 3176 return err; 3177} 3178 3179static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 3180{ 3181 switch (link_type) { 3182 case LE_LINK: 3183 switch (addr_type) { 3184 case ADDR_LE_DEV_PUBLIC: 3185 return BDADDR_LE_PUBLIC; 3186 3187 default: 3188 /* Fallback to LE Random address type */ 3189 return BDADDR_LE_RANDOM; 3190 } 3191 3192 default: 3193 /* Fallback to BR/EDR type */ 3194 return BDADDR_BREDR; 3195 } 3196} 3197 3198static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 3199 u16 data_len) 3200{ 3201 struct mgmt_rp_get_connections *rp; 3202 struct hci_conn *c; 3203 int err; 3204 u16 i; 3205 3206 bt_dev_dbg(hdev, "sock %p", sk); 3207 3208 hci_dev_lock(hdev); 3209 3210 if (!hdev_is_powered(hdev)) { 3211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 3212 MGMT_STATUS_NOT_POWERED); 3213 goto unlock; 3214 } 3215 3216 i = 0; 3217 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3218 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3219 i++; 3220 } 3221 3222 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 3223 if (!rp) { 3224 err = -ENOMEM; 3225 goto unlock; 3226 } 3227 3228 i = 0; 3229 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3230 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3231 continue; 3232 bacpy(&rp->addr[i].bdaddr, &c->dst); 3233 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 3234 if (c->type == SCO_LINK || c->type == ESCO_LINK) 3235 continue; 3236 i++; 3237 } 3238 3239 rp->conn_count = cpu_to_le16(i); 3240 3241 /* Recalculate length in case of filtered SCO connections, etc */ 3242 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 3243 struct_size(rp, addr, i)); 3244 3245 kfree(rp); 3246 3247unlock: 3248 hci_dev_unlock(hdev); 3249 return err; 3250} 3251 3252static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3253 struct mgmt_cp_pin_code_neg_reply *cp) 3254{ 3255 struct mgmt_pending_cmd *cmd; 3256 int err; 3257 3258 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 3259 sizeof(*cp)); 3260 if (!cmd) 3261 return -ENOMEM; 3262 3263 cmd->cmd_complete = addr_cmd_complete; 3264 3265 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 3266 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 3267 if (err < 0) 3268 mgmt_pending_remove(cmd); 3269 3270 return err; 3271} 3272 3273static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3274 u16 len) 3275{ 3276 struct hci_conn *conn; 3277 struct mgmt_cp_pin_code_reply *cp = data; 3278 struct hci_cp_pin_code_reply reply; 3279 struct mgmt_pending_cmd *cmd; 3280 int err; 3281 3282 bt_dev_dbg(hdev, "sock %p", sk); 3283 3284 hci_dev_lock(hdev); 3285 3286 if (!hdev_is_powered(hdev)) { 3287 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3288 MGMT_STATUS_NOT_POWERED); 3289 goto failed; 3290 } 3291 3292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 3293 if (!conn) { 3294 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3295 MGMT_STATUS_NOT_CONNECTED); 3296 goto failed; 3297 } 3298 3299 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 3300 struct mgmt_cp_pin_code_neg_reply ncp; 3301 3302 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 3303 3304 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 3305 3306 err = send_pin_code_neg_reply(sk, hdev, &ncp); 3307 if (err >= 0) 3308 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3309 MGMT_STATUS_INVALID_PARAMS); 3310 3311 goto failed; 3312 } 3313 3314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 3315 if (!cmd) { 3316 err = -ENOMEM; 3317 goto failed; 3318 } 3319 3320 cmd->cmd_complete = addr_cmd_complete; 3321 3322 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 3323 reply.pin_len = cp->pin_len; 3324 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 3325 3326 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 3327 if (err < 0) 3328 mgmt_pending_remove(cmd); 3329 3330failed: 3331 hci_dev_unlock(hdev); 3332 return err; 3333} 3334 3335static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 3336 u16 len) 3337{ 3338 struct mgmt_cp_set_io_capability *cp = data; 3339 3340 bt_dev_dbg(hdev, "sock %p", sk); 3341 3342 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 3343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 3344 MGMT_STATUS_INVALID_PARAMS); 3345 3346 hci_dev_lock(hdev); 3347 3348 hdev->io_capability = cp->io_capability; 3349 3350 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability); 3351 3352 hci_dev_unlock(hdev); 3353 3354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 3355 NULL, 0); 3356} 3357 3358static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 3359{ 3360 struct hci_dev *hdev = conn->hdev; 3361 struct mgmt_pending_cmd *cmd; 3362 3363 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 3364 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 3365 continue; 3366 3367 if (cmd->user_data != conn) 3368 continue; 3369 3370 return cmd; 3371 } 3372 3373 return NULL; 3374} 3375 3376static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 3377{ 3378 struct mgmt_rp_pair_device rp; 3379 struct hci_conn *conn = cmd->user_data; 3380 int err; 3381 3382 bacpy(&rp.addr.bdaddr, &conn->dst); 3383 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 3384 3385 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 3386 status, &rp, sizeof(rp)); 3387 3388 /* So we don't get further callbacks for this connection */ 3389 conn->connect_cfm_cb = NULL; 3390 conn->security_cfm_cb = NULL; 3391 conn->disconn_cfm_cb = NULL; 3392 3393 hci_conn_drop(conn); 3394 3395 /* The device is paired so there is no need to remove 3396 * its connection parameters anymore. 3397 */ 3398 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3399 3400 hci_conn_put(conn); 3401 3402 return err; 3403} 3404 3405void mgmt_smp_complete(struct hci_conn *conn, bool complete) 3406{ 3407 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 3408 struct mgmt_pending_cmd *cmd; 3409 3410 cmd = find_pairing(conn); 3411 if (cmd) { 3412 cmd->cmd_complete(cmd, status); 3413 mgmt_pending_remove(cmd); 3414 } 3415} 3416 3417static void pairing_complete_cb(struct hci_conn *conn, u8 status) 3418{ 3419 struct mgmt_pending_cmd *cmd; 3420 3421 BT_DBG("status %u", status); 3422 3423 cmd = find_pairing(conn); 3424 if (!cmd) { 3425 BT_DBG("Unable to find a pending command"); 3426 return; 3427 } 3428 3429 cmd->cmd_complete(cmd, mgmt_status(status)); 3430 mgmt_pending_remove(cmd); 3431} 3432 3433static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 3434{ 3435 struct mgmt_pending_cmd *cmd; 3436 3437 BT_DBG("status %u", status); 3438 3439 if (!status) 3440 return; 3441 3442 cmd = find_pairing(conn); 3443 if (!cmd) { 3444 BT_DBG("Unable to find a pending command"); 3445 return; 3446 } 3447 3448 cmd->cmd_complete(cmd, mgmt_status(status)); 3449 mgmt_pending_remove(cmd); 3450} 3451 3452static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3453 u16 len) 3454{ 3455 struct mgmt_cp_pair_device *cp = data; 3456 struct mgmt_rp_pair_device rp; 3457 struct mgmt_pending_cmd *cmd; 3458 u8 sec_level, auth_type; 3459 struct hci_conn *conn; 3460 int err; 3461 3462 bt_dev_dbg(hdev, "sock %p", sk); 3463 3464 memset(&rp, 0, sizeof(rp)); 3465 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3466 rp.addr.type = cp->addr.type; 3467 3468 if (!bdaddr_type_is_valid(cp->addr.type)) 3469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3470 MGMT_STATUS_INVALID_PARAMS, 3471 &rp, sizeof(rp)); 3472 3473 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 3474 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3475 MGMT_STATUS_INVALID_PARAMS, 3476 &rp, sizeof(rp)); 3477 3478 hci_dev_lock(hdev); 3479 3480 if (!hdev_is_powered(hdev)) { 3481 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3482 MGMT_STATUS_NOT_POWERED, &rp, 3483 sizeof(rp)); 3484 goto unlock; 3485 } 3486 3487 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 3488 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3489 MGMT_STATUS_ALREADY_PAIRED, &rp, 3490 sizeof(rp)); 3491 goto unlock; 3492 } 3493 3494 sec_level = BT_SECURITY_MEDIUM; 3495 auth_type = HCI_AT_DEDICATED_BONDING; 3496 3497 if (cp->addr.type == BDADDR_BREDR) { 3498 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 3499 auth_type, CONN_REASON_PAIR_DEVICE); 3500 } else { 3501 u8 addr_type = le_addr_type(cp->addr.type); 3502 struct hci_conn_params *p; 3503 3504 /* When pairing a new device, it is expected to remember 3505 * this device for future connections. Adding the connection 3506 * parameter information ahead of time allows tracking 3507 * of the peripheral preferred values and will speed up any 3508 * further connection establishment. 3509 * 3510 * If connection parameters already exist, then they 3511 * will be kept and this function does nothing. 3512 */ 3513 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 3514 3515 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 3516 p->auto_connect = HCI_AUTO_CONN_DISABLED; 3517 3518 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 3519 sec_level, HCI_LE_CONN_TIMEOUT, 3520 CONN_REASON_PAIR_DEVICE); 3521 } 3522 3523 if (IS_ERR(conn)) { 3524 int status; 3525 3526 if (PTR_ERR(conn) == -EBUSY) 3527 status = MGMT_STATUS_BUSY; 3528 else if (PTR_ERR(conn) == -EOPNOTSUPP) 3529 status = MGMT_STATUS_NOT_SUPPORTED; 3530 else if (PTR_ERR(conn) == -ECONNREFUSED) 3531 status = MGMT_STATUS_REJECTED; 3532 else 3533 status = MGMT_STATUS_CONNECT_FAILED; 3534 3535 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3536 status, &rp, sizeof(rp)); 3537 goto unlock; 3538 } 3539 3540 if (conn->connect_cfm_cb) { 3541 hci_conn_drop(conn); 3542 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3543 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3544 goto unlock; 3545 } 3546 3547 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 3548 if (!cmd) { 3549 err = -ENOMEM; 3550 hci_conn_drop(conn); 3551 goto unlock; 3552 } 3553 3554 cmd->cmd_complete = pairing_complete; 3555 3556 /* For LE, just connecting isn't a proof that the pairing finished */ 3557 if (cp->addr.type == BDADDR_BREDR) { 3558 conn->connect_cfm_cb = pairing_complete_cb; 3559 conn->security_cfm_cb = pairing_complete_cb; 3560 conn->disconn_cfm_cb = pairing_complete_cb; 3561 } else { 3562 conn->connect_cfm_cb = le_pairing_complete_cb; 3563 conn->security_cfm_cb = le_pairing_complete_cb; 3564 conn->disconn_cfm_cb = le_pairing_complete_cb; 3565 } 3566 3567 conn->io_capability = cp->io_cap; 3568 cmd->user_data = hci_conn_get(conn); 3569 3570 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3571 hci_conn_security(conn, sec_level, auth_type, true)) { 3572 cmd->cmd_complete(cmd, 0); 3573 mgmt_pending_remove(cmd); 3574 } 3575 3576 err = 0; 3577 3578unlock: 3579 hci_dev_unlock(hdev); 3580 return err; 3581} 3582 3583static int abort_conn_sync(struct hci_dev *hdev, void *data) 3584{ 3585 struct hci_conn *conn; 3586 u16 handle = PTR_ERR(data); 3587 3588 conn = hci_conn_hash_lookup_handle(hdev, handle); 3589 if (!conn) 3590 return 0; 3591 3592 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM); 3593} 3594 3595static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3596 u16 len) 3597{ 3598 struct mgmt_addr_info *addr = data; 3599 struct mgmt_pending_cmd *cmd; 3600 struct hci_conn *conn; 3601 int err; 3602 3603 bt_dev_dbg(hdev, "sock %p", sk); 3604 3605 hci_dev_lock(hdev); 3606 3607 if (!hdev_is_powered(hdev)) { 3608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3609 MGMT_STATUS_NOT_POWERED); 3610 goto unlock; 3611 } 3612 3613 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3614 if (!cmd) { 3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3616 MGMT_STATUS_INVALID_PARAMS); 3617 goto unlock; 3618 } 3619 3620 conn = cmd->user_data; 3621 3622 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3624 MGMT_STATUS_INVALID_PARAMS); 3625 goto unlock; 3626 } 3627 3628 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3629 mgmt_pending_remove(cmd); 3630 3631 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3632 addr, sizeof(*addr)); 3633 3634 /* Since user doesn't want to proceed with the connection, abort any 3635 * ongoing pairing and then terminate the link if it was created 3636 * because of the pair device action. 3637 */ 3638 if (addr->type == BDADDR_BREDR) 3639 hci_remove_link_key(hdev, &addr->bdaddr); 3640 else 3641 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3642 le_addr_type(addr->type)); 3643 3644 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3645 hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle), 3646 NULL); 3647 3648unlock: 3649 hci_dev_unlock(hdev); 3650 return err; 3651} 3652 3653static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3654 struct mgmt_addr_info *addr, u16 mgmt_op, 3655 u16 hci_op, __le32 passkey) 3656{ 3657 struct mgmt_pending_cmd *cmd; 3658 struct hci_conn *conn; 3659 int err; 3660 3661 hci_dev_lock(hdev); 3662 3663 if (!hdev_is_powered(hdev)) { 3664 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3665 MGMT_STATUS_NOT_POWERED, addr, 3666 sizeof(*addr)); 3667 goto done; 3668 } 3669 3670 if (addr->type == BDADDR_BREDR) 3671 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3672 else 3673 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3674 le_addr_type(addr->type)); 3675 3676 if (!conn) { 3677 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3678 MGMT_STATUS_NOT_CONNECTED, addr, 3679 sizeof(*addr)); 3680 goto done; 3681 } 3682 3683 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3684 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3685 if (!err) 3686 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3687 MGMT_STATUS_SUCCESS, addr, 3688 sizeof(*addr)); 3689 else 3690 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3691 MGMT_STATUS_FAILED, addr, 3692 sizeof(*addr)); 3693 3694 goto done; 3695 } 3696 3697 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3698 if (!cmd) { 3699 err = -ENOMEM; 3700 goto done; 3701 } 3702 3703 cmd->cmd_complete = addr_cmd_complete; 3704 3705 /* Continue with pairing via HCI */ 3706 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3707 struct hci_cp_user_passkey_reply cp; 3708 3709 bacpy(&cp.bdaddr, &addr->bdaddr); 3710 cp.passkey = passkey; 3711 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3712 } else 3713 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3714 &addr->bdaddr); 3715 3716 if (err < 0) 3717 mgmt_pending_remove(cmd); 3718 3719done: 3720 hci_dev_unlock(hdev); 3721 return err; 3722} 3723 3724static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3725 void *data, u16 len) 3726{ 3727 struct mgmt_cp_pin_code_neg_reply *cp = data; 3728 3729 bt_dev_dbg(hdev, "sock %p", sk); 3730 3731 return user_pairing_resp(sk, hdev, &cp->addr, 3732 MGMT_OP_PIN_CODE_NEG_REPLY, 3733 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3734} 3735 3736static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3737 u16 len) 3738{ 3739 struct mgmt_cp_user_confirm_reply *cp = data; 3740 3741 bt_dev_dbg(hdev, "sock %p", sk); 3742 3743 if (len != sizeof(*cp)) 3744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3745 MGMT_STATUS_INVALID_PARAMS); 3746 3747 return user_pairing_resp(sk, hdev, &cp->addr, 3748 MGMT_OP_USER_CONFIRM_REPLY, 3749 HCI_OP_USER_CONFIRM_REPLY, 0); 3750} 3751 3752static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3753 void *data, u16 len) 3754{ 3755 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3756 3757 bt_dev_dbg(hdev, "sock %p", sk); 3758 3759 return user_pairing_resp(sk, hdev, &cp->addr, 3760 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3761 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3762} 3763 3764static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3765 u16 len) 3766{ 3767 struct mgmt_cp_user_passkey_reply *cp = data; 3768 3769 bt_dev_dbg(hdev, "sock %p", sk); 3770 3771 return user_pairing_resp(sk, hdev, &cp->addr, 3772 MGMT_OP_USER_PASSKEY_REPLY, 3773 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3774} 3775 3776static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3777 void *data, u16 len) 3778{ 3779 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3780 3781 bt_dev_dbg(hdev, "sock %p", sk); 3782 3783 return user_pairing_resp(sk, hdev, &cp->addr, 3784 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3785 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3786} 3787 3788static int adv_expire_sync(struct hci_dev *hdev, u32 flags) 3789{ 3790 struct adv_info *adv_instance; 3791 3792 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3793 if (!adv_instance) 3794 return 0; 3795 3796 /* stop if current instance doesn't need to be changed */ 3797 if (!(adv_instance->flags & flags)) 3798 return 0; 3799 3800 cancel_adv_timeout(hdev); 3801 3802 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3803 if (!adv_instance) 3804 return 0; 3805 3806 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true); 3807 3808 return 0; 3809} 3810 3811static int name_changed_sync(struct hci_dev *hdev, void *data) 3812{ 3813 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3814} 3815 3816static void set_name_complete(struct hci_dev *hdev, void *data, int err) 3817{ 3818 struct mgmt_pending_cmd *cmd = data; 3819 struct mgmt_cp_set_local_name *cp = cmd->param; 3820 u8 status = mgmt_status(err); 3821 3822 bt_dev_dbg(hdev, "err %d", err); 3823 3824 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev)) 3825 return; 3826 3827 if (status) { 3828 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3829 status); 3830 } else { 3831 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3832 cp, sizeof(*cp)); 3833 3834 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3835 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL); 3836 } 3837 3838 mgmt_pending_remove(cmd); 3839} 3840 3841static int set_name_sync(struct hci_dev *hdev, void *data) 3842{ 3843 if (lmp_bredr_capable(hdev)) { 3844 hci_update_name_sync(hdev); 3845 hci_update_eir_sync(hdev); 3846 } 3847 3848 /* The name is stored in the scan response data and so 3849 * no need to update the advertising data here. 3850 */ 3851 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3852 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance); 3853 3854 return 0; 3855} 3856 3857static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3858 u16 len) 3859{ 3860 struct mgmt_cp_set_local_name *cp = data; 3861 struct mgmt_pending_cmd *cmd; 3862 int err; 3863 3864 bt_dev_dbg(hdev, "sock %p", sk); 3865 3866 hci_dev_lock(hdev); 3867 3868 /* If the old values are the same as the new ones just return a 3869 * direct command complete event. 3870 */ 3871 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3872 !memcmp(hdev->short_name, cp->short_name, 3873 sizeof(hdev->short_name))) { 3874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3875 data, len); 3876 goto failed; 3877 } 3878 3879 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3880 3881 if (!hdev_is_powered(hdev)) { 3882 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3883 3884 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3885 data, len); 3886 if (err < 0) 3887 goto failed; 3888 3889 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3890 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3891 ext_info_changed(hdev, sk); 3892 3893 goto failed; 3894 } 3895 3896 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3897 if (!cmd) 3898 err = -ENOMEM; 3899 else 3900 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd, 3901 set_name_complete); 3902 3903 if (err < 0) { 3904 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3905 MGMT_STATUS_FAILED); 3906 3907 if (cmd) 3908 mgmt_pending_remove(cmd); 3909 3910 goto failed; 3911 } 3912 3913 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3914 3915failed: 3916 hci_dev_unlock(hdev); 3917 return err; 3918} 3919 3920static int appearance_changed_sync(struct hci_dev *hdev, void *data) 3921{ 3922 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE); 3923} 3924 3925static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3926 u16 len) 3927{ 3928 struct mgmt_cp_set_appearance *cp = data; 3929 u16 appearance; 3930 int err; 3931 3932 bt_dev_dbg(hdev, "sock %p", sk); 3933 3934 if (!lmp_le_capable(hdev)) 3935 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3936 MGMT_STATUS_NOT_SUPPORTED); 3937 3938 appearance = le16_to_cpu(cp->appearance); 3939 3940 hci_dev_lock(hdev); 3941 3942 if (hdev->appearance != appearance) { 3943 hdev->appearance = appearance; 3944 3945 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3946 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL, 3947 NULL); 3948 3949 ext_info_changed(hdev, sk); 3950 } 3951 3952 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3953 0); 3954 3955 hci_dev_unlock(hdev); 3956 3957 return err; 3958} 3959 3960static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3961 void *data, u16 len) 3962{ 3963 struct mgmt_rp_get_phy_configuration rp; 3964 3965 bt_dev_dbg(hdev, "sock %p", sk); 3966 3967 hci_dev_lock(hdev); 3968 3969 memset(&rp, 0, sizeof(rp)); 3970 3971 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3972 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3973 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3974 3975 hci_dev_unlock(hdev); 3976 3977 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3978 &rp, sizeof(rp)); 3979} 3980 3981int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3982{ 3983 struct mgmt_ev_phy_configuration_changed ev; 3984 3985 memset(&ev, 0, sizeof(ev)); 3986 3987 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3988 3989 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3990 sizeof(ev), skip); 3991} 3992 3993static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err) 3994{ 3995 struct mgmt_pending_cmd *cmd = data; 3996 struct sk_buff *skb = cmd->skb; 3997 u8 status = mgmt_status(err); 3998 3999 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) 4000 return; 4001 4002 if (!status) { 4003 if (!skb) 4004 status = MGMT_STATUS_FAILED; 4005 else if (IS_ERR(skb)) 4006 status = mgmt_status(PTR_ERR(skb)); 4007 else 4008 status = mgmt_status(skb->data[0]); 4009 } 4010 4011 bt_dev_dbg(hdev, "status %d", status); 4012 4013 if (status) { 4014 mgmt_cmd_status(cmd->sk, hdev->id, 4015 MGMT_OP_SET_PHY_CONFIGURATION, status); 4016 } else { 4017 mgmt_cmd_complete(cmd->sk, hdev->id, 4018 MGMT_OP_SET_PHY_CONFIGURATION, 0, 4019 NULL, 0); 4020 4021 mgmt_phy_configuration_changed(hdev, cmd->sk); 4022 } 4023 4024 if (skb && !IS_ERR(skb)) 4025 kfree_skb(skb); 4026 4027 mgmt_pending_remove(cmd); 4028} 4029 4030static int set_default_phy_sync(struct hci_dev *hdev, void *data) 4031{ 4032 struct mgmt_pending_cmd *cmd = data; 4033 struct mgmt_cp_set_phy_configuration *cp = cmd->param; 4034 struct hci_cp_le_set_default_phy cp_phy; 4035 u32 selected_phys = __le32_to_cpu(cp->selected_phys); 4036 4037 memset(&cp_phy, 0, sizeof(cp_phy)); 4038 4039 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 4040 cp_phy.all_phys |= 0x01; 4041 4042 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 4043 cp_phy.all_phys |= 0x02; 4044 4045 if (selected_phys & MGMT_PHY_LE_1M_TX) 4046 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 4047 4048 if (selected_phys & MGMT_PHY_LE_2M_TX) 4049 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 4050 4051 if (selected_phys & MGMT_PHY_LE_CODED_TX) 4052 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 4053 4054 if (selected_phys & MGMT_PHY_LE_1M_RX) 4055 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 4056 4057 if (selected_phys & MGMT_PHY_LE_2M_RX) 4058 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 4059 4060 if (selected_phys & MGMT_PHY_LE_CODED_RX) 4061 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 4062 4063 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY, 4064 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT); 4065 4066 return 0; 4067} 4068 4069static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 4070 void *data, u16 len) 4071{ 4072 struct mgmt_cp_set_phy_configuration *cp = data; 4073 struct mgmt_pending_cmd *cmd; 4074 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 4075 u16 pkt_type = (HCI_DH1 | HCI_DM1); 4076 bool changed = false; 4077 int err; 4078 4079 bt_dev_dbg(hdev, "sock %p", sk); 4080 4081 configurable_phys = get_configurable_phys(hdev); 4082 supported_phys = get_supported_phys(hdev); 4083 selected_phys = __le32_to_cpu(cp->selected_phys); 4084 4085 if (selected_phys & ~supported_phys) 4086 return mgmt_cmd_status(sk, hdev->id, 4087 MGMT_OP_SET_PHY_CONFIGURATION, 4088 MGMT_STATUS_INVALID_PARAMS); 4089 4090 unconfigure_phys = supported_phys & ~configurable_phys; 4091 4092 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 4093 return mgmt_cmd_status(sk, hdev->id, 4094 MGMT_OP_SET_PHY_CONFIGURATION, 4095 MGMT_STATUS_INVALID_PARAMS); 4096 4097 if (selected_phys == get_selected_phys(hdev)) 4098 return mgmt_cmd_complete(sk, hdev->id, 4099 MGMT_OP_SET_PHY_CONFIGURATION, 4100 0, NULL, 0); 4101 4102 hci_dev_lock(hdev); 4103 4104 if (!hdev_is_powered(hdev)) { 4105 err = mgmt_cmd_status(sk, hdev->id, 4106 MGMT_OP_SET_PHY_CONFIGURATION, 4107 MGMT_STATUS_REJECTED); 4108 goto unlock; 4109 } 4110 4111 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 4112 err = mgmt_cmd_status(sk, hdev->id, 4113 MGMT_OP_SET_PHY_CONFIGURATION, 4114 MGMT_STATUS_BUSY); 4115 goto unlock; 4116 } 4117 4118 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 4119 pkt_type |= (HCI_DH3 | HCI_DM3); 4120 else 4121 pkt_type &= ~(HCI_DH3 | HCI_DM3); 4122 4123 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 4124 pkt_type |= (HCI_DH5 | HCI_DM5); 4125 else 4126 pkt_type &= ~(HCI_DH5 | HCI_DM5); 4127 4128 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 4129 pkt_type &= ~HCI_2DH1; 4130 else 4131 pkt_type |= HCI_2DH1; 4132 4133 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 4134 pkt_type &= ~HCI_2DH3; 4135 else 4136 pkt_type |= HCI_2DH3; 4137 4138 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 4139 pkt_type &= ~HCI_2DH5; 4140 else 4141 pkt_type |= HCI_2DH5; 4142 4143 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 4144 pkt_type &= ~HCI_3DH1; 4145 else 4146 pkt_type |= HCI_3DH1; 4147 4148 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 4149 pkt_type &= ~HCI_3DH3; 4150 else 4151 pkt_type |= HCI_3DH3; 4152 4153 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 4154 pkt_type &= ~HCI_3DH5; 4155 else 4156 pkt_type |= HCI_3DH5; 4157 4158 if (pkt_type != hdev->pkt_type) { 4159 hdev->pkt_type = pkt_type; 4160 changed = true; 4161 } 4162 4163 if ((selected_phys & MGMT_PHY_LE_MASK) == 4164 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 4165 if (changed) 4166 mgmt_phy_configuration_changed(hdev, sk); 4167 4168 err = mgmt_cmd_complete(sk, hdev->id, 4169 MGMT_OP_SET_PHY_CONFIGURATION, 4170 0, NULL, 0); 4171 4172 goto unlock; 4173 } 4174 4175 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 4176 len); 4177 if (!cmd) 4178 err = -ENOMEM; 4179 else 4180 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd, 4181 set_default_phy_complete); 4182 4183 if (err < 0) { 4184 err = mgmt_cmd_status(sk, hdev->id, 4185 MGMT_OP_SET_PHY_CONFIGURATION, 4186 MGMT_STATUS_FAILED); 4187 4188 if (cmd) 4189 mgmt_pending_remove(cmd); 4190 } 4191 4192unlock: 4193 hci_dev_unlock(hdev); 4194 4195 return err; 4196} 4197 4198static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 4199 u16 len) 4200{ 4201 int err = MGMT_STATUS_SUCCESS; 4202 struct mgmt_cp_set_blocked_keys *keys = data; 4203 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 4204 sizeof(struct mgmt_blocked_key_info)); 4205 u16 key_count, expected_len; 4206 int i; 4207 4208 bt_dev_dbg(hdev, "sock %p", sk); 4209 4210 key_count = __le16_to_cpu(keys->key_count); 4211 if (key_count > max_key_count) { 4212 bt_dev_err(hdev, "too big key_count value %u", key_count); 4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4214 MGMT_STATUS_INVALID_PARAMS); 4215 } 4216 4217 expected_len = struct_size(keys, keys, key_count); 4218 if (expected_len != len) { 4219 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 4220 expected_len, len); 4221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4222 MGMT_STATUS_INVALID_PARAMS); 4223 } 4224 4225 hci_dev_lock(hdev); 4226 4227 hci_blocked_keys_clear(hdev); 4228 4229 for (i = 0; i < key_count; ++i) { 4230 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 4231 4232 if (!b) { 4233 err = MGMT_STATUS_NO_RESOURCES; 4234 break; 4235 } 4236 4237 b->type = keys->keys[i].type; 4238 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 4239 list_add_rcu(&b->list, &hdev->blocked_keys); 4240 } 4241 hci_dev_unlock(hdev); 4242 4243 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4244 err, NULL, 0); 4245} 4246 4247static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, 4248 void *data, u16 len) 4249{ 4250 struct mgmt_mode *cp = data; 4251 int err; 4252 bool changed = false; 4253 4254 bt_dev_dbg(hdev, "sock %p", sk); 4255 4256 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks)) 4257 return mgmt_cmd_status(sk, hdev->id, 4258 MGMT_OP_SET_WIDEBAND_SPEECH, 4259 MGMT_STATUS_NOT_SUPPORTED); 4260 4261 if (cp->val != 0x00 && cp->val != 0x01) 4262 return mgmt_cmd_status(sk, hdev->id, 4263 MGMT_OP_SET_WIDEBAND_SPEECH, 4264 MGMT_STATUS_INVALID_PARAMS); 4265 4266 hci_dev_lock(hdev); 4267 4268 if (hdev_is_powered(hdev) && 4269 !!cp->val != hci_dev_test_flag(hdev, 4270 HCI_WIDEBAND_SPEECH_ENABLED)) { 4271 err = mgmt_cmd_status(sk, hdev->id, 4272 MGMT_OP_SET_WIDEBAND_SPEECH, 4273 MGMT_STATUS_REJECTED); 4274 goto unlock; 4275 } 4276 4277 if (cp->val) 4278 changed = !hci_dev_test_and_set_flag(hdev, 4279 HCI_WIDEBAND_SPEECH_ENABLED); 4280 else 4281 changed = hci_dev_test_and_clear_flag(hdev, 4282 HCI_WIDEBAND_SPEECH_ENABLED); 4283 4284 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev); 4285 if (err < 0) 4286 goto unlock; 4287 4288 if (changed) 4289 err = new_settings(hdev, sk); 4290 4291unlock: 4292 hci_dev_unlock(hdev); 4293 return err; 4294} 4295 4296static int read_controller_cap(struct sock *sk, struct hci_dev *hdev, 4297 void *data, u16 data_len) 4298{ 4299 char buf[20]; 4300 struct mgmt_rp_read_controller_cap *rp = (void *)buf; 4301 u16 cap_len = 0; 4302 u8 flags = 0; 4303 u8 tx_power_range[2]; 4304 4305 bt_dev_dbg(hdev, "sock %p", sk); 4306 4307 memset(&buf, 0, sizeof(buf)); 4308 4309 hci_dev_lock(hdev); 4310 4311 /* When the Read Simple Pairing Options command is supported, then 4312 * the remote public key validation is supported. 4313 * 4314 * Alternatively, when Microsoft extensions are available, they can 4315 * indicate support for public key validation as well. 4316 */ 4317 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev)) 4318 flags |= 0x01; /* Remote public key validation (BR/EDR) */ 4319 4320 flags |= 0x02; /* Remote public key validation (LE) */ 4321 4322 /* When the Read Encryption Key Size command is supported, then the 4323 * encryption key size is enforced. 4324 */ 4325 if (hdev->commands[20] & 0x10) 4326 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ 4327 4328 flags |= 0x08; /* Encryption key size enforcement (LE) */ 4329 4330 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS, 4331 &flags, 1); 4332 4333 /* When the Read Simple Pairing Options command is supported, then 4334 * also max encryption key size information is provided. 4335 */ 4336 if (hdev->commands[41] & 0x08) 4337 cap_len = eir_append_le16(rp->cap, cap_len, 4338 MGMT_CAP_MAX_ENC_KEY_SIZE, 4339 hdev->max_enc_key_size); 4340 4341 cap_len = eir_append_le16(rp->cap, cap_len, 4342 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE, 4343 SMP_MAX_ENC_KEY_SIZE); 4344 4345 /* Append the min/max LE tx power parameters if we were able to fetch 4346 * it from the controller 4347 */ 4348 if (hdev->commands[38] & 0x80) { 4349 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1); 4350 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1); 4351 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR, 4352 tx_power_range, 2); 4353 } 4354 4355 rp->cap_len = cpu_to_le16(cap_len); 4356 4357 hci_dev_unlock(hdev); 4358 4359 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0, 4360 rp, sizeof(*rp) + cap_len); 4361} 4362 4363#ifdef CONFIG_BT_FEATURE_DEBUG 4364/* d4992530-b9ec-469f-ab01-6c481c47da1c */ 4365static const u8 debug_uuid[16] = { 4366 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab, 4367 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4, 4368}; 4369#endif 4370 4371/* 330859bc-7506-492d-9370-9a6f0614037f */ 4372static const u8 quality_report_uuid[16] = { 4373 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93, 4374 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33, 4375}; 4376 4377/* a6695ace-ee7f-4fb9-881a-5fac66c629af */ 4378static const u8 offload_codecs_uuid[16] = { 4379 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88, 4380 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6, 4381}; 4382 4383/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 4384static const u8 le_simultaneous_roles_uuid[16] = { 4385 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 4386 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 4387}; 4388 4389/* 15c0a148-c273-11ea-b3de-0242ac130004 */ 4390static const u8 rpa_resolution_uuid[16] = { 4391 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 4392 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 4393}; 4394 4395/* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */ 4396static const u8 iso_socket_uuid[16] = { 4397 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98, 4398 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f, 4399}; 4400 4401/* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */ 4402static const u8 mgmt_mesh_uuid[16] = { 4403 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf, 4404 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c, 4405}; 4406 4407static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 4408 void *data, u16 data_len) 4409{ 4410 struct mgmt_rp_read_exp_features_info *rp; 4411 size_t len; 4412 u16 idx = 0; 4413 u32 flags; 4414 int status; 4415 4416 bt_dev_dbg(hdev, "sock %p", sk); 4417 4418 /* Enough space for 7 features */ 4419 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7); 4420 rp = kzalloc(len, GFP_KERNEL); 4421 if (!rp) 4422 return -ENOMEM; 4423 4424#ifdef CONFIG_BT_FEATURE_DEBUG 4425 if (!hdev) { 4426 flags = bt_dbg_get() ? BIT(0) : 0; 4427 4428 memcpy(rp->features[idx].uuid, debug_uuid, 16); 4429 rp->features[idx].flags = cpu_to_le32(flags); 4430 idx++; 4431 } 4432#endif 4433 4434 if (hdev && hci_dev_le_state_simultaneous(hdev)) { 4435 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) 4436 flags = BIT(0); 4437 else 4438 flags = 0; 4439 4440 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16); 4441 rp->features[idx].flags = cpu_to_le32(flags); 4442 idx++; 4443 } 4444 4445 if (hdev && ll_privacy_capable(hdev)) { 4446 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 4447 flags = BIT(0) | BIT(1); 4448 else 4449 flags = BIT(1); 4450 4451 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 4452 rp->features[idx].flags = cpu_to_le32(flags); 4453 idx++; 4454 } 4455 4456 if (hdev && (aosp_has_quality_report(hdev) || 4457 hdev->set_quality_report)) { 4458 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)) 4459 flags = BIT(0); 4460 else 4461 flags = 0; 4462 4463 memcpy(rp->features[idx].uuid, quality_report_uuid, 16); 4464 rp->features[idx].flags = cpu_to_le32(flags); 4465 idx++; 4466 } 4467 4468 if (hdev && hdev->get_data_path_id) { 4469 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) 4470 flags = BIT(0); 4471 else 4472 flags = 0; 4473 4474 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16); 4475 rp->features[idx].flags = cpu_to_le32(flags); 4476 idx++; 4477 } 4478 4479 if (IS_ENABLED(CONFIG_BT_LE)) { 4480 flags = iso_enabled() ? BIT(0) : 0; 4481 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16); 4482 rp->features[idx].flags = cpu_to_le32(flags); 4483 idx++; 4484 } 4485 4486 if (hdev && lmp_le_capable(hdev)) { 4487 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 4488 flags = BIT(0); 4489 else 4490 flags = 0; 4491 4492 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16); 4493 rp->features[idx].flags = cpu_to_le32(flags); 4494 idx++; 4495 } 4496 4497 rp->feature_count = cpu_to_le16(idx); 4498 4499 /* After reading the experimental features information, enable 4500 * the events to update client on any future change. 4501 */ 4502 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4503 4504 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4505 MGMT_OP_READ_EXP_FEATURES_INFO, 4506 0, rp, sizeof(*rp) + (20 * idx)); 4507 4508 kfree(rp); 4509 return status; 4510} 4511 4512static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 4513 struct sock *skip) 4514{ 4515 struct mgmt_ev_exp_feature_changed ev; 4516 4517 memset(&ev, 0, sizeof(ev)); 4518 memcpy(ev.uuid, rpa_resolution_uuid, 16); 4519 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 4520 4521 // Do we need to be atomic with the conn_flags? 4522 if (enabled && privacy_mode_capable(hdev)) 4523 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY; 4524 else 4525 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY; 4526 4527 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4528 &ev, sizeof(ev), 4529 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4530 4531} 4532 4533static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid, 4534 bool enabled, struct sock *skip) 4535{ 4536 struct mgmt_ev_exp_feature_changed ev; 4537 4538 memset(&ev, 0, sizeof(ev)); 4539 memcpy(ev.uuid, uuid, 16); 4540 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0); 4541 4542 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4543 &ev, sizeof(ev), 4544 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4545} 4546 4547#define EXP_FEAT(_uuid, _set_func) \ 4548{ \ 4549 .uuid = _uuid, \ 4550 .set_func = _set_func, \ 4551} 4552 4553/* The zero key uuid is special. Multiple exp features are set through it. */ 4554static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev, 4555 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4556{ 4557 struct mgmt_rp_set_exp_feature rp; 4558 4559 memset(rp.uuid, 0, 16); 4560 rp.flags = cpu_to_le32(0); 4561 4562#ifdef CONFIG_BT_FEATURE_DEBUG 4563 if (!hdev) { 4564 bool changed = bt_dbg_get(); 4565 4566 bt_dbg_set(false); 4567 4568 if (changed) 4569 exp_feature_changed(NULL, ZERO_KEY, false, sk); 4570 } 4571#endif 4572 4573 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 4574 bool changed; 4575 4576 changed = hci_dev_test_and_clear_flag(hdev, 4577 HCI_ENABLE_LL_PRIVACY); 4578 if (changed) 4579 exp_feature_changed(hdev, rpa_resolution_uuid, false, 4580 sk); 4581 } 4582 4583 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4584 4585 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4586 MGMT_OP_SET_EXP_FEATURE, 0, 4587 &rp, sizeof(rp)); 4588} 4589 4590#ifdef CONFIG_BT_FEATURE_DEBUG 4591static int set_debug_func(struct sock *sk, struct hci_dev *hdev, 4592 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4593{ 4594 struct mgmt_rp_set_exp_feature rp; 4595 4596 bool val, changed; 4597 int err; 4598 4599 /* Command requires to use the non-controller index */ 4600 if (hdev) 4601 return mgmt_cmd_status(sk, hdev->id, 4602 MGMT_OP_SET_EXP_FEATURE, 4603 MGMT_STATUS_INVALID_INDEX); 4604 4605 /* Parameters are limited to a single octet */ 4606 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4607 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4608 MGMT_OP_SET_EXP_FEATURE, 4609 MGMT_STATUS_INVALID_PARAMS); 4610 4611 /* Only boolean on/off is supported */ 4612 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4613 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4614 MGMT_OP_SET_EXP_FEATURE, 4615 MGMT_STATUS_INVALID_PARAMS); 4616 4617 val = !!cp->param[0]; 4618 changed = val ? !bt_dbg_get() : bt_dbg_get(); 4619 bt_dbg_set(val); 4620 4621 memcpy(rp.uuid, debug_uuid, 16); 4622 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4623 4624 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4625 4626 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4627 MGMT_OP_SET_EXP_FEATURE, 0, 4628 &rp, sizeof(rp)); 4629 4630 if (changed) 4631 exp_feature_changed(hdev, debug_uuid, val, sk); 4632 4633 return err; 4634} 4635#endif 4636 4637static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev, 4638 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4639{ 4640 struct mgmt_rp_set_exp_feature rp; 4641 bool val, changed; 4642 int err; 4643 4644 /* Command requires to use the controller index */ 4645 if (!hdev) 4646 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4647 MGMT_OP_SET_EXP_FEATURE, 4648 MGMT_STATUS_INVALID_INDEX); 4649 4650 /* Parameters are limited to a single octet */ 4651 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4652 return mgmt_cmd_status(sk, hdev->id, 4653 MGMT_OP_SET_EXP_FEATURE, 4654 MGMT_STATUS_INVALID_PARAMS); 4655 4656 /* Only boolean on/off is supported */ 4657 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4658 return mgmt_cmd_status(sk, hdev->id, 4659 MGMT_OP_SET_EXP_FEATURE, 4660 MGMT_STATUS_INVALID_PARAMS); 4661 4662 val = !!cp->param[0]; 4663 4664 if (val) { 4665 changed = !hci_dev_test_and_set_flag(hdev, 4666 HCI_MESH_EXPERIMENTAL); 4667 } else { 4668 hci_dev_clear_flag(hdev, HCI_MESH); 4669 changed = hci_dev_test_and_clear_flag(hdev, 4670 HCI_MESH_EXPERIMENTAL); 4671 } 4672 4673 memcpy(rp.uuid, mgmt_mesh_uuid, 16); 4674 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4675 4676 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4677 4678 err = mgmt_cmd_complete(sk, hdev->id, 4679 MGMT_OP_SET_EXP_FEATURE, 0, 4680 &rp, sizeof(rp)); 4681 4682 if (changed) 4683 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk); 4684 4685 return err; 4686} 4687 4688static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev, 4689 struct mgmt_cp_set_exp_feature *cp, 4690 u16 data_len) 4691{ 4692 struct mgmt_rp_set_exp_feature rp; 4693 bool val, changed; 4694 int err; 4695 u32 flags; 4696 4697 /* Command requires to use the controller index */ 4698 if (!hdev) 4699 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4700 MGMT_OP_SET_EXP_FEATURE, 4701 MGMT_STATUS_INVALID_INDEX); 4702 4703 /* Changes can only be made when controller is powered down */ 4704 if (hdev_is_powered(hdev)) 4705 return mgmt_cmd_status(sk, hdev->id, 4706 MGMT_OP_SET_EXP_FEATURE, 4707 MGMT_STATUS_REJECTED); 4708 4709 /* Parameters are limited to a single octet */ 4710 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4711 return mgmt_cmd_status(sk, hdev->id, 4712 MGMT_OP_SET_EXP_FEATURE, 4713 MGMT_STATUS_INVALID_PARAMS); 4714 4715 /* Only boolean on/off is supported */ 4716 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4717 return mgmt_cmd_status(sk, hdev->id, 4718 MGMT_OP_SET_EXP_FEATURE, 4719 MGMT_STATUS_INVALID_PARAMS); 4720 4721 val = !!cp->param[0]; 4722 4723 if (val) { 4724 changed = !hci_dev_test_and_set_flag(hdev, 4725 HCI_ENABLE_LL_PRIVACY); 4726 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4727 4728 /* Enable LL privacy + supported settings changed */ 4729 flags = BIT(0) | BIT(1); 4730 } else { 4731 changed = hci_dev_test_and_clear_flag(hdev, 4732 HCI_ENABLE_LL_PRIVACY); 4733 4734 /* Disable LL privacy + supported settings changed */ 4735 flags = BIT(1); 4736 } 4737 4738 memcpy(rp.uuid, rpa_resolution_uuid, 16); 4739 rp.flags = cpu_to_le32(flags); 4740 4741 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4742 4743 err = mgmt_cmd_complete(sk, hdev->id, 4744 MGMT_OP_SET_EXP_FEATURE, 0, 4745 &rp, sizeof(rp)); 4746 4747 if (changed) 4748 exp_ll_privacy_feature_changed(val, hdev, sk); 4749 4750 return err; 4751} 4752 4753static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev, 4754 struct mgmt_cp_set_exp_feature *cp, 4755 u16 data_len) 4756{ 4757 struct mgmt_rp_set_exp_feature rp; 4758 bool val, changed; 4759 int err; 4760 4761 /* Command requires to use a valid controller index */ 4762 if (!hdev) 4763 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4764 MGMT_OP_SET_EXP_FEATURE, 4765 MGMT_STATUS_INVALID_INDEX); 4766 4767 /* Parameters are limited to a single octet */ 4768 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4769 return mgmt_cmd_status(sk, hdev->id, 4770 MGMT_OP_SET_EXP_FEATURE, 4771 MGMT_STATUS_INVALID_PARAMS); 4772 4773 /* Only boolean on/off is supported */ 4774 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4775 return mgmt_cmd_status(sk, hdev->id, 4776 MGMT_OP_SET_EXP_FEATURE, 4777 MGMT_STATUS_INVALID_PARAMS); 4778 4779 hci_req_sync_lock(hdev); 4780 4781 val = !!cp->param[0]; 4782 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)); 4783 4784 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) { 4785 err = mgmt_cmd_status(sk, hdev->id, 4786 MGMT_OP_SET_EXP_FEATURE, 4787 MGMT_STATUS_NOT_SUPPORTED); 4788 goto unlock_quality_report; 4789 } 4790 4791 if (changed) { 4792 if (hdev->set_quality_report) 4793 err = hdev->set_quality_report(hdev, val); 4794 else 4795 err = aosp_set_quality_report(hdev, val); 4796 4797 if (err) { 4798 err = mgmt_cmd_status(sk, hdev->id, 4799 MGMT_OP_SET_EXP_FEATURE, 4800 MGMT_STATUS_FAILED); 4801 goto unlock_quality_report; 4802 } 4803 4804 if (val) 4805 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT); 4806 else 4807 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 4808 } 4809 4810 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed); 4811 4812 memcpy(rp.uuid, quality_report_uuid, 16); 4813 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4814 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4815 4816 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0, 4817 &rp, sizeof(rp)); 4818 4819 if (changed) 4820 exp_feature_changed(hdev, quality_report_uuid, val, sk); 4821 4822unlock_quality_report: 4823 hci_req_sync_unlock(hdev); 4824 return err; 4825} 4826 4827static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev, 4828 struct mgmt_cp_set_exp_feature *cp, 4829 u16 data_len) 4830{ 4831 bool val, changed; 4832 int err; 4833 struct mgmt_rp_set_exp_feature rp; 4834 4835 /* Command requires to use a valid controller index */ 4836 if (!hdev) 4837 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4838 MGMT_OP_SET_EXP_FEATURE, 4839 MGMT_STATUS_INVALID_INDEX); 4840 4841 /* Parameters are limited to a single octet */ 4842 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4843 return mgmt_cmd_status(sk, hdev->id, 4844 MGMT_OP_SET_EXP_FEATURE, 4845 MGMT_STATUS_INVALID_PARAMS); 4846 4847 /* Only boolean on/off is supported */ 4848 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4849 return mgmt_cmd_status(sk, hdev->id, 4850 MGMT_OP_SET_EXP_FEATURE, 4851 MGMT_STATUS_INVALID_PARAMS); 4852 4853 val = !!cp->param[0]; 4854 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)); 4855 4856 if (!hdev->get_data_path_id) { 4857 return mgmt_cmd_status(sk, hdev->id, 4858 MGMT_OP_SET_EXP_FEATURE, 4859 MGMT_STATUS_NOT_SUPPORTED); 4860 } 4861 4862 if (changed) { 4863 if (val) 4864 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4865 else 4866 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4867 } 4868 4869 bt_dev_info(hdev, "offload codecs enable %d changed %d", 4870 val, changed); 4871 4872 memcpy(rp.uuid, offload_codecs_uuid, 16); 4873 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4874 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4875 err = mgmt_cmd_complete(sk, hdev->id, 4876 MGMT_OP_SET_EXP_FEATURE, 0, 4877 &rp, sizeof(rp)); 4878 4879 if (changed) 4880 exp_feature_changed(hdev, offload_codecs_uuid, val, sk); 4881 4882 return err; 4883} 4884 4885static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev, 4886 struct mgmt_cp_set_exp_feature *cp, 4887 u16 data_len) 4888{ 4889 bool val, changed; 4890 int err; 4891 struct mgmt_rp_set_exp_feature rp; 4892 4893 /* Command requires to use a valid controller index */ 4894 if (!hdev) 4895 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4896 MGMT_OP_SET_EXP_FEATURE, 4897 MGMT_STATUS_INVALID_INDEX); 4898 4899 /* Parameters are limited to a single octet */ 4900 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4901 return mgmt_cmd_status(sk, hdev->id, 4902 MGMT_OP_SET_EXP_FEATURE, 4903 MGMT_STATUS_INVALID_PARAMS); 4904 4905 /* Only boolean on/off is supported */ 4906 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4907 return mgmt_cmd_status(sk, hdev->id, 4908 MGMT_OP_SET_EXP_FEATURE, 4909 MGMT_STATUS_INVALID_PARAMS); 4910 4911 val = !!cp->param[0]; 4912 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)); 4913 4914 if (!hci_dev_le_state_simultaneous(hdev)) { 4915 return mgmt_cmd_status(sk, hdev->id, 4916 MGMT_OP_SET_EXP_FEATURE, 4917 MGMT_STATUS_NOT_SUPPORTED); 4918 } 4919 4920 if (changed) { 4921 if (val) 4922 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4923 else 4924 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4925 } 4926 4927 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d", 4928 val, changed); 4929 4930 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16); 4931 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4932 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4933 err = mgmt_cmd_complete(sk, hdev->id, 4934 MGMT_OP_SET_EXP_FEATURE, 0, 4935 &rp, sizeof(rp)); 4936 4937 if (changed) 4938 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk); 4939 4940 return err; 4941} 4942 4943#ifdef CONFIG_BT_LE 4944static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev, 4945 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4946{ 4947 struct mgmt_rp_set_exp_feature rp; 4948 bool val, changed = false; 4949 int err; 4950 4951 /* Command requires to use the non-controller index */ 4952 if (hdev) 4953 return mgmt_cmd_status(sk, hdev->id, 4954 MGMT_OP_SET_EXP_FEATURE, 4955 MGMT_STATUS_INVALID_INDEX); 4956 4957 /* Parameters are limited to a single octet */ 4958 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4959 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4960 MGMT_OP_SET_EXP_FEATURE, 4961 MGMT_STATUS_INVALID_PARAMS); 4962 4963 /* Only boolean on/off is supported */ 4964 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4965 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4966 MGMT_OP_SET_EXP_FEATURE, 4967 MGMT_STATUS_INVALID_PARAMS); 4968 4969 val = cp->param[0] ? true : false; 4970 if (val) 4971 err = iso_init(); 4972 else 4973 err = iso_exit(); 4974 4975 if (!err) 4976 changed = true; 4977 4978 memcpy(rp.uuid, iso_socket_uuid, 16); 4979 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4980 4981 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4982 4983 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4984 MGMT_OP_SET_EXP_FEATURE, 0, 4985 &rp, sizeof(rp)); 4986 4987 if (changed) 4988 exp_feature_changed(hdev, iso_socket_uuid, val, sk); 4989 4990 return err; 4991} 4992#endif 4993 4994static const struct mgmt_exp_feature { 4995 const u8 *uuid; 4996 int (*set_func)(struct sock *sk, struct hci_dev *hdev, 4997 struct mgmt_cp_set_exp_feature *cp, u16 data_len); 4998} exp_features[] = { 4999 EXP_FEAT(ZERO_KEY, set_zero_key_func), 5000#ifdef CONFIG_BT_FEATURE_DEBUG 5001 EXP_FEAT(debug_uuid, set_debug_func), 5002#endif 5003 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func), 5004 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func), 5005 EXP_FEAT(quality_report_uuid, set_quality_report_func), 5006 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func), 5007 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func), 5008#ifdef CONFIG_BT_LE 5009 EXP_FEAT(iso_socket_uuid, set_iso_socket_func), 5010#endif 5011 5012 /* end with a null feature */ 5013 EXP_FEAT(NULL, NULL) 5014}; 5015 5016static int set_exp_feature(struct sock *sk, struct hci_dev *hdev, 5017 void *data, u16 data_len) 5018{ 5019 struct mgmt_cp_set_exp_feature *cp = data; 5020 size_t i = 0; 5021 5022 bt_dev_dbg(hdev, "sock %p", sk); 5023 5024 for (i = 0; exp_features[i].uuid; i++) { 5025 if (!memcmp(cp->uuid, exp_features[i].uuid, 16)) 5026 return exp_features[i].set_func(sk, hdev, cp, data_len); 5027 } 5028 5029 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 5030 MGMT_OP_SET_EXP_FEATURE, 5031 MGMT_STATUS_NOT_SUPPORTED); 5032} 5033 5034static u32 get_params_flags(struct hci_dev *hdev, 5035 struct hci_conn_params *params) 5036{ 5037 u32 flags = hdev->conn_flags; 5038 5039 /* Devices using RPAs can only be programmed in the acceptlist if 5040 * LL Privacy has been enable otherwise they cannot mark 5041 * HCI_CONN_FLAG_REMOTE_WAKEUP. 5042 */ 5043 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) && 5044 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type)) 5045 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP; 5046 5047 return flags; 5048} 5049 5050static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5051 u16 data_len) 5052{ 5053 struct mgmt_cp_get_device_flags *cp = data; 5054 struct mgmt_rp_get_device_flags rp; 5055 struct bdaddr_list_with_flags *br_params; 5056 struct hci_conn_params *params; 5057 u32 supported_flags; 5058 u32 current_flags = 0; 5059 u8 status = MGMT_STATUS_INVALID_PARAMS; 5060 5061 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 5062 &cp->addr.bdaddr, cp->addr.type); 5063 5064 hci_dev_lock(hdev); 5065 5066 supported_flags = hdev->conn_flags; 5067 5068 memset(&rp, 0, sizeof(rp)); 5069 5070 if (cp->addr.type == BDADDR_BREDR) { 5071 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5072 &cp->addr.bdaddr, 5073 cp->addr.type); 5074 if (!br_params) 5075 goto done; 5076 5077 current_flags = br_params->flags; 5078 } else { 5079 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5080 le_addr_type(cp->addr.type)); 5081 if (!params) 5082 goto done; 5083 5084 supported_flags = get_params_flags(hdev, params); 5085 current_flags = params->flags; 5086 } 5087 5088 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5089 rp.addr.type = cp->addr.type; 5090 rp.supported_flags = cpu_to_le32(supported_flags); 5091 rp.current_flags = cpu_to_le32(current_flags); 5092 5093 status = MGMT_STATUS_SUCCESS; 5094 5095done: 5096 hci_dev_unlock(hdev); 5097 5098 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 5099 &rp, sizeof(rp)); 5100} 5101 5102static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 5103 bdaddr_t *bdaddr, u8 bdaddr_type, 5104 u32 supported_flags, u32 current_flags) 5105{ 5106 struct mgmt_ev_device_flags_changed ev; 5107 5108 bacpy(&ev.addr.bdaddr, bdaddr); 5109 ev.addr.type = bdaddr_type; 5110 ev.supported_flags = cpu_to_le32(supported_flags); 5111 ev.current_flags = cpu_to_le32(current_flags); 5112 5113 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 5114} 5115 5116static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5117 u16 len) 5118{ 5119 struct mgmt_cp_set_device_flags *cp = data; 5120 struct bdaddr_list_with_flags *br_params; 5121 struct hci_conn_params *params; 5122 u8 status = MGMT_STATUS_INVALID_PARAMS; 5123 u32 supported_flags; 5124 u32 current_flags = __le32_to_cpu(cp->current_flags); 5125 5126 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 5127 &cp->addr.bdaddr, cp->addr.type, current_flags); 5128 5129 // We should take hci_dev_lock() early, I think.. conn_flags can change 5130 supported_flags = hdev->conn_flags; 5131 5132 if ((supported_flags | current_flags) != supported_flags) { 5133 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5134 current_flags, supported_flags); 5135 goto done; 5136 } 5137 5138 hci_dev_lock(hdev); 5139 5140 if (cp->addr.type == BDADDR_BREDR) { 5141 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5142 &cp->addr.bdaddr, 5143 cp->addr.type); 5144 5145 if (br_params) { 5146 br_params->flags = current_flags; 5147 status = MGMT_STATUS_SUCCESS; 5148 } else { 5149 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 5150 &cp->addr.bdaddr, cp->addr.type); 5151 } 5152 5153 goto unlock; 5154 } 5155 5156 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5157 le_addr_type(cp->addr.type)); 5158 if (!params) { 5159 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 5160 &cp->addr.bdaddr, le_addr_type(cp->addr.type)); 5161 goto unlock; 5162 } 5163 5164 supported_flags = get_params_flags(hdev, params); 5165 5166 if ((supported_flags | current_flags) != supported_flags) { 5167 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5168 current_flags, supported_flags); 5169 goto unlock; 5170 } 5171 5172 params->flags = current_flags; 5173 status = MGMT_STATUS_SUCCESS; 5174 5175 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY 5176 * has been set. 5177 */ 5178 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY) 5179 hci_update_passive_scan(hdev); 5180 5181unlock: 5182 hci_dev_unlock(hdev); 5183 5184done: 5185 if (status == MGMT_STATUS_SUCCESS) 5186 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 5187 supported_flags, current_flags); 5188 5189 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 5190 &cp->addr, sizeof(cp->addr)); 5191} 5192 5193static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 5194 u16 handle) 5195{ 5196 struct mgmt_ev_adv_monitor_added ev; 5197 5198 ev.monitor_handle = cpu_to_le16(handle); 5199 5200 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 5201} 5202 5203void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle) 5204{ 5205 struct mgmt_ev_adv_monitor_removed ev; 5206 struct mgmt_pending_cmd *cmd; 5207 struct sock *sk_skip = NULL; 5208 struct mgmt_cp_remove_adv_monitor *cp; 5209 5210 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev); 5211 if (cmd) { 5212 cp = cmd->param; 5213 5214 if (cp->monitor_handle) 5215 sk_skip = cmd->sk; 5216 } 5217 5218 ev.monitor_handle = cpu_to_le16(handle); 5219 5220 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip); 5221} 5222 5223static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 5224 void *data, u16 len) 5225{ 5226 struct adv_monitor *monitor = NULL; 5227 struct mgmt_rp_read_adv_monitor_features *rp = NULL; 5228 int handle, err; 5229 size_t rp_size = 0; 5230 __u32 supported = 0; 5231 __u32 enabled = 0; 5232 __u16 num_handles = 0; 5233 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 5234 5235 BT_DBG("request for %s", hdev->name); 5236 5237 hci_dev_lock(hdev); 5238 5239 if (msft_monitor_supported(hdev)) 5240 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 5241 5242 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) 5243 handles[num_handles++] = monitor->handle; 5244 5245 hci_dev_unlock(hdev); 5246 5247 rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 5248 rp = kmalloc(rp_size, GFP_KERNEL); 5249 if (!rp) 5250 return -ENOMEM; 5251 5252 /* All supported features are currently enabled */ 5253 enabled = supported; 5254 5255 rp->supported_features = cpu_to_le32(supported); 5256 rp->enabled_features = cpu_to_le32(enabled); 5257 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 5258 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 5259 rp->num_handles = cpu_to_le16(num_handles); 5260 if (num_handles) 5261 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 5262 5263 err = mgmt_cmd_complete(sk, hdev->id, 5264 MGMT_OP_READ_ADV_MONITOR_FEATURES, 5265 MGMT_STATUS_SUCCESS, rp, rp_size); 5266 5267 kfree(rp); 5268 5269 return err; 5270} 5271 5272static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, 5273 void *data, int status) 5274{ 5275 struct mgmt_rp_add_adv_patterns_monitor rp; 5276 struct mgmt_pending_cmd *cmd = data; 5277 struct adv_monitor *monitor = cmd->user_data; 5278 5279 hci_dev_lock(hdev); 5280 5281 rp.monitor_handle = cpu_to_le16(monitor->handle); 5282 5283 if (!status) { 5284 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle); 5285 hdev->adv_monitors_cnt++; 5286 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED) 5287 monitor->state = ADV_MONITOR_STATE_REGISTERED; 5288 hci_update_passive_scan(hdev); 5289 } 5290 5291 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5292 mgmt_status(status), &rp, sizeof(rp)); 5293 mgmt_pending_remove(cmd); 5294 5295 hci_dev_unlock(hdev); 5296 bt_dev_dbg(hdev, "add monitor %d complete, status %d", 5297 rp.monitor_handle, status); 5298} 5299 5300static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data) 5301{ 5302 struct mgmt_pending_cmd *cmd = data; 5303 struct adv_monitor *monitor = cmd->user_data; 5304 5305 return hci_add_adv_monitor(hdev, monitor); 5306} 5307 5308static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5309 struct adv_monitor *m, u8 status, 5310 void *data, u16 len, u16 op) 5311{ 5312 struct mgmt_pending_cmd *cmd; 5313 int err; 5314 5315 hci_dev_lock(hdev); 5316 5317 if (status) 5318 goto unlock; 5319 5320 if (pending_find(MGMT_OP_SET_LE, hdev) || 5321 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5322 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) || 5323 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) { 5324 status = MGMT_STATUS_BUSY; 5325 goto unlock; 5326 } 5327 5328 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5329 if (!cmd) { 5330 status = MGMT_STATUS_NO_RESOURCES; 5331 goto unlock; 5332 } 5333 5334 cmd->user_data = m; 5335 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd, 5336 mgmt_add_adv_patterns_monitor_complete); 5337 if (err) { 5338 if (err == -ENOMEM) 5339 status = MGMT_STATUS_NO_RESOURCES; 5340 else 5341 status = MGMT_STATUS_FAILED; 5342 5343 goto unlock; 5344 } 5345 5346 hci_dev_unlock(hdev); 5347 5348 return 0; 5349 5350unlock: 5351 hci_free_adv_monitor(hdev, m); 5352 hci_dev_unlock(hdev); 5353 return mgmt_cmd_status(sk, hdev->id, op, status); 5354} 5355 5356static void parse_adv_monitor_rssi(struct adv_monitor *m, 5357 struct mgmt_adv_rssi_thresholds *rssi) 5358{ 5359 if (rssi) { 5360 m->rssi.low_threshold = rssi->low_threshold; 5361 m->rssi.low_threshold_timeout = 5362 __le16_to_cpu(rssi->low_threshold_timeout); 5363 m->rssi.high_threshold = rssi->high_threshold; 5364 m->rssi.high_threshold_timeout = 5365 __le16_to_cpu(rssi->high_threshold_timeout); 5366 m->rssi.sampling_period = rssi->sampling_period; 5367 } else { 5368 /* Default values. These numbers are the least constricting 5369 * parameters for MSFT API to work, so it behaves as if there 5370 * are no rssi parameter to consider. May need to be changed 5371 * if other API are to be supported. 5372 */ 5373 m->rssi.low_threshold = -127; 5374 m->rssi.low_threshold_timeout = 60; 5375 m->rssi.high_threshold = -127; 5376 m->rssi.high_threshold_timeout = 0; 5377 m->rssi.sampling_period = 0; 5378 } 5379} 5380 5381static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count, 5382 struct mgmt_adv_pattern *patterns) 5383{ 5384 u8 offset = 0, length = 0; 5385 struct adv_pattern *p = NULL; 5386 int i; 5387 5388 for (i = 0; i < pattern_count; i++) { 5389 offset = patterns[i].offset; 5390 length = patterns[i].length; 5391 if (offset >= HCI_MAX_AD_LENGTH || 5392 length > HCI_MAX_AD_LENGTH || 5393 (offset + length) > HCI_MAX_AD_LENGTH) 5394 return MGMT_STATUS_INVALID_PARAMS; 5395 5396 p = kmalloc(sizeof(*p), GFP_KERNEL); 5397 if (!p) 5398 return MGMT_STATUS_NO_RESOURCES; 5399 5400 p->ad_type = patterns[i].ad_type; 5401 p->offset = patterns[i].offset; 5402 p->length = patterns[i].length; 5403 memcpy(p->value, patterns[i].value, p->length); 5404 5405 INIT_LIST_HEAD(&p->list); 5406 list_add(&p->list, &m->patterns); 5407 } 5408 5409 return MGMT_STATUS_SUCCESS; 5410} 5411 5412static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5413 void *data, u16 len) 5414{ 5415 struct mgmt_cp_add_adv_patterns_monitor *cp = data; 5416 struct adv_monitor *m = NULL; 5417 u8 status = MGMT_STATUS_SUCCESS; 5418 size_t expected_size = sizeof(*cp); 5419 5420 BT_DBG("request for %s", hdev->name); 5421 5422 if (len <= sizeof(*cp)) { 5423 status = MGMT_STATUS_INVALID_PARAMS; 5424 goto done; 5425 } 5426 5427 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5428 if (len != expected_size) { 5429 status = MGMT_STATUS_INVALID_PARAMS; 5430 goto done; 5431 } 5432 5433 m = kzalloc(sizeof(*m), GFP_KERNEL); 5434 if (!m) { 5435 status = MGMT_STATUS_NO_RESOURCES; 5436 goto done; 5437 } 5438 5439 INIT_LIST_HEAD(&m->patterns); 5440 5441 parse_adv_monitor_rssi(m, NULL); 5442 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5443 5444done: 5445 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5446 MGMT_OP_ADD_ADV_PATTERNS_MONITOR); 5447} 5448 5449static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev, 5450 void *data, u16 len) 5451{ 5452 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data; 5453 struct adv_monitor *m = NULL; 5454 u8 status = MGMT_STATUS_SUCCESS; 5455 size_t expected_size = sizeof(*cp); 5456 5457 BT_DBG("request for %s", hdev->name); 5458 5459 if (len <= sizeof(*cp)) { 5460 status = MGMT_STATUS_INVALID_PARAMS; 5461 goto done; 5462 } 5463 5464 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5465 if (len != expected_size) { 5466 status = MGMT_STATUS_INVALID_PARAMS; 5467 goto done; 5468 } 5469 5470 m = kzalloc(sizeof(*m), GFP_KERNEL); 5471 if (!m) { 5472 status = MGMT_STATUS_NO_RESOURCES; 5473 goto done; 5474 } 5475 5476 INIT_LIST_HEAD(&m->patterns); 5477 5478 parse_adv_monitor_rssi(m, &cp->rssi); 5479 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5480 5481done: 5482 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5483 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI); 5484} 5485 5486static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, 5487 void *data, int status) 5488{ 5489 struct mgmt_rp_remove_adv_monitor rp; 5490 struct mgmt_pending_cmd *cmd = data; 5491 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5492 5493 hci_dev_lock(hdev); 5494 5495 rp.monitor_handle = cp->monitor_handle; 5496 5497 if (!status) 5498 hci_update_passive_scan(hdev); 5499 5500 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5501 mgmt_status(status), &rp, sizeof(rp)); 5502 mgmt_pending_remove(cmd); 5503 5504 hci_dev_unlock(hdev); 5505 bt_dev_dbg(hdev, "remove monitor %d complete, status %d", 5506 rp.monitor_handle, status); 5507} 5508 5509static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data) 5510{ 5511 struct mgmt_pending_cmd *cmd = data; 5512 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5513 u16 handle = __le16_to_cpu(cp->monitor_handle); 5514 5515 if (!handle) 5516 return hci_remove_all_adv_monitor(hdev); 5517 5518 return hci_remove_single_adv_monitor(hdev, handle); 5519} 5520 5521static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 5522 void *data, u16 len) 5523{ 5524 struct mgmt_pending_cmd *cmd; 5525 int err, status; 5526 5527 hci_dev_lock(hdev); 5528 5529 if (pending_find(MGMT_OP_SET_LE, hdev) || 5530 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) || 5531 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5532 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) { 5533 status = MGMT_STATUS_BUSY; 5534 goto unlock; 5535 } 5536 5537 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len); 5538 if (!cmd) { 5539 status = MGMT_STATUS_NO_RESOURCES; 5540 goto unlock; 5541 } 5542 5543 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd, 5544 mgmt_remove_adv_monitor_complete); 5545 5546 if (err) { 5547 mgmt_pending_remove(cmd); 5548 5549 if (err == -ENOMEM) 5550 status = MGMT_STATUS_NO_RESOURCES; 5551 else 5552 status = MGMT_STATUS_FAILED; 5553 5554 goto unlock; 5555 } 5556 5557 hci_dev_unlock(hdev); 5558 5559 return 0; 5560 5561unlock: 5562 hci_dev_unlock(hdev); 5563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 5564 status); 5565} 5566 5567static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err) 5568{ 5569 struct mgmt_rp_read_local_oob_data mgmt_rp; 5570 size_t rp_size = sizeof(mgmt_rp); 5571 struct mgmt_pending_cmd *cmd = data; 5572 struct sk_buff *skb = cmd->skb; 5573 u8 status = mgmt_status(err); 5574 5575 if (!status) { 5576 if (!skb) 5577 status = MGMT_STATUS_FAILED; 5578 else if (IS_ERR(skb)) 5579 status = mgmt_status(PTR_ERR(skb)); 5580 else 5581 status = mgmt_status(skb->data[0]); 5582 } 5583 5584 bt_dev_dbg(hdev, "status %d", status); 5585 5586 if (status) { 5587 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status); 5588 goto remove; 5589 } 5590 5591 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 5592 5593 if (!bredr_sc_enabled(hdev)) { 5594 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 5595 5596 if (skb->len < sizeof(*rp)) { 5597 mgmt_cmd_status(cmd->sk, hdev->id, 5598 MGMT_OP_READ_LOCAL_OOB_DATA, 5599 MGMT_STATUS_FAILED); 5600 goto remove; 5601 } 5602 5603 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 5604 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 5605 5606 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 5607 } else { 5608 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 5609 5610 if (skb->len < sizeof(*rp)) { 5611 mgmt_cmd_status(cmd->sk, hdev->id, 5612 MGMT_OP_READ_LOCAL_OOB_DATA, 5613 MGMT_STATUS_FAILED); 5614 goto remove; 5615 } 5616 5617 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 5618 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 5619 5620 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 5621 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 5622 } 5623 5624 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5625 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 5626 5627remove: 5628 if (skb && !IS_ERR(skb)) 5629 kfree_skb(skb); 5630 5631 mgmt_pending_free(cmd); 5632} 5633 5634static int read_local_oob_data_sync(struct hci_dev *hdev, void *data) 5635{ 5636 struct mgmt_pending_cmd *cmd = data; 5637 5638 if (bredr_sc_enabled(hdev)) 5639 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk); 5640 else 5641 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk); 5642 5643 if (IS_ERR(cmd->skb)) 5644 return PTR_ERR(cmd->skb); 5645 else 5646 return 0; 5647} 5648 5649static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 5650 void *data, u16 data_len) 5651{ 5652 struct mgmt_pending_cmd *cmd; 5653 int err; 5654 5655 bt_dev_dbg(hdev, "sock %p", sk); 5656 5657 hci_dev_lock(hdev); 5658 5659 if (!hdev_is_powered(hdev)) { 5660 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5661 MGMT_STATUS_NOT_POWERED); 5662 goto unlock; 5663 } 5664 5665 if (!lmp_ssp_capable(hdev)) { 5666 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5667 MGMT_STATUS_NOT_SUPPORTED); 5668 goto unlock; 5669 } 5670 5671 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 5672 if (!cmd) 5673 err = -ENOMEM; 5674 else 5675 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 5676 read_local_oob_data_complete); 5677 5678 if (err < 0) { 5679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5680 MGMT_STATUS_FAILED); 5681 5682 if (cmd) 5683 mgmt_pending_free(cmd); 5684 } 5685 5686unlock: 5687 hci_dev_unlock(hdev); 5688 return err; 5689} 5690 5691static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5692 void *data, u16 len) 5693{ 5694 struct mgmt_addr_info *addr = data; 5695 int err; 5696 5697 bt_dev_dbg(hdev, "sock %p", sk); 5698 5699 if (!bdaddr_type_is_valid(addr->type)) 5700 return mgmt_cmd_complete(sk, hdev->id, 5701 MGMT_OP_ADD_REMOTE_OOB_DATA, 5702 MGMT_STATUS_INVALID_PARAMS, 5703 addr, sizeof(*addr)); 5704 5705 hci_dev_lock(hdev); 5706 5707 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 5708 struct mgmt_cp_add_remote_oob_data *cp = data; 5709 u8 status; 5710 5711 if (cp->addr.type != BDADDR_BREDR) { 5712 err = mgmt_cmd_complete(sk, hdev->id, 5713 MGMT_OP_ADD_REMOTE_OOB_DATA, 5714 MGMT_STATUS_INVALID_PARAMS, 5715 &cp->addr, sizeof(cp->addr)); 5716 goto unlock; 5717 } 5718 5719 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5720 cp->addr.type, cp->hash, 5721 cp->rand, NULL, NULL); 5722 if (err < 0) 5723 status = MGMT_STATUS_FAILED; 5724 else 5725 status = MGMT_STATUS_SUCCESS; 5726 5727 err = mgmt_cmd_complete(sk, hdev->id, 5728 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 5729 &cp->addr, sizeof(cp->addr)); 5730 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 5731 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 5732 u8 *rand192, *hash192, *rand256, *hash256; 5733 u8 status; 5734 5735 if (bdaddr_type_is_le(cp->addr.type)) { 5736 /* Enforce zero-valued 192-bit parameters as 5737 * long as legacy SMP OOB isn't implemented. 5738 */ 5739 if (memcmp(cp->rand192, ZERO_KEY, 16) || 5740 memcmp(cp->hash192, ZERO_KEY, 16)) { 5741 err = mgmt_cmd_complete(sk, hdev->id, 5742 MGMT_OP_ADD_REMOTE_OOB_DATA, 5743 MGMT_STATUS_INVALID_PARAMS, 5744 addr, sizeof(*addr)); 5745 goto unlock; 5746 } 5747 5748 rand192 = NULL; 5749 hash192 = NULL; 5750 } else { 5751 /* In case one of the P-192 values is set to zero, 5752 * then just disable OOB data for P-192. 5753 */ 5754 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 5755 !memcmp(cp->hash192, ZERO_KEY, 16)) { 5756 rand192 = NULL; 5757 hash192 = NULL; 5758 } else { 5759 rand192 = cp->rand192; 5760 hash192 = cp->hash192; 5761 } 5762 } 5763 5764 /* In case one of the P-256 values is set to zero, then just 5765 * disable OOB data for P-256. 5766 */ 5767 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 5768 !memcmp(cp->hash256, ZERO_KEY, 16)) { 5769 rand256 = NULL; 5770 hash256 = NULL; 5771 } else { 5772 rand256 = cp->rand256; 5773 hash256 = cp->hash256; 5774 } 5775 5776 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5777 cp->addr.type, hash192, rand192, 5778 hash256, rand256); 5779 if (err < 0) 5780 status = MGMT_STATUS_FAILED; 5781 else 5782 status = MGMT_STATUS_SUCCESS; 5783 5784 err = mgmt_cmd_complete(sk, hdev->id, 5785 MGMT_OP_ADD_REMOTE_OOB_DATA, 5786 status, &cp->addr, sizeof(cp->addr)); 5787 } else { 5788 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 5789 len); 5790 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 5791 MGMT_STATUS_INVALID_PARAMS); 5792 } 5793 5794unlock: 5795 hci_dev_unlock(hdev); 5796 return err; 5797} 5798 5799static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5800 void *data, u16 len) 5801{ 5802 struct mgmt_cp_remove_remote_oob_data *cp = data; 5803 u8 status; 5804 int err; 5805 5806 bt_dev_dbg(hdev, "sock %p", sk); 5807 5808 if (cp->addr.type != BDADDR_BREDR) 5809 return mgmt_cmd_complete(sk, hdev->id, 5810 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5811 MGMT_STATUS_INVALID_PARAMS, 5812 &cp->addr, sizeof(cp->addr)); 5813 5814 hci_dev_lock(hdev); 5815 5816 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5817 hci_remote_oob_data_clear(hdev); 5818 status = MGMT_STATUS_SUCCESS; 5819 goto done; 5820 } 5821 5822 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 5823 if (err < 0) 5824 status = MGMT_STATUS_INVALID_PARAMS; 5825 else 5826 status = MGMT_STATUS_SUCCESS; 5827 5828done: 5829 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5830 status, &cp->addr, sizeof(cp->addr)); 5831 5832 hci_dev_unlock(hdev); 5833 return err; 5834} 5835 5836void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 5837{ 5838 struct mgmt_pending_cmd *cmd; 5839 5840 bt_dev_dbg(hdev, "status %u", status); 5841 5842 hci_dev_lock(hdev); 5843 5844 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 5845 if (!cmd) 5846 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 5847 5848 if (!cmd) 5849 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 5850 5851 if (cmd) { 5852 cmd->cmd_complete(cmd, mgmt_status(status)); 5853 mgmt_pending_remove(cmd); 5854 } 5855 5856 hci_dev_unlock(hdev); 5857} 5858 5859static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 5860 uint8_t *mgmt_status) 5861{ 5862 switch (type) { 5863 case DISCOV_TYPE_LE: 5864 *mgmt_status = mgmt_le_support(hdev); 5865 if (*mgmt_status) 5866 return false; 5867 break; 5868 case DISCOV_TYPE_INTERLEAVED: 5869 *mgmt_status = mgmt_le_support(hdev); 5870 if (*mgmt_status) 5871 return false; 5872 fallthrough; 5873 case DISCOV_TYPE_BREDR: 5874 *mgmt_status = mgmt_bredr_support(hdev); 5875 if (*mgmt_status) 5876 return false; 5877 break; 5878 default: 5879 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 5880 return false; 5881 } 5882 5883 return true; 5884} 5885 5886static void start_discovery_complete(struct hci_dev *hdev, void *data, int err) 5887{ 5888 struct mgmt_pending_cmd *cmd = data; 5889 5890 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) && 5891 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) && 5892 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev)) 5893 return; 5894 5895 bt_dev_dbg(hdev, "err %d", err); 5896 5897 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5898 cmd->param, 1); 5899 mgmt_pending_remove(cmd); 5900 5901 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED: 5902 DISCOVERY_FINDING); 5903} 5904 5905static int start_discovery_sync(struct hci_dev *hdev, void *data) 5906{ 5907 return hci_start_discovery_sync(hdev); 5908} 5909 5910static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 5911 u16 op, void *data, u16 len) 5912{ 5913 struct mgmt_cp_start_discovery *cp = data; 5914 struct mgmt_pending_cmd *cmd; 5915 u8 status; 5916 int err; 5917 5918 bt_dev_dbg(hdev, "sock %p", sk); 5919 5920 hci_dev_lock(hdev); 5921 5922 if (!hdev_is_powered(hdev)) { 5923 err = mgmt_cmd_complete(sk, hdev->id, op, 5924 MGMT_STATUS_NOT_POWERED, 5925 &cp->type, sizeof(cp->type)); 5926 goto failed; 5927 } 5928 5929 if (hdev->discovery.state != DISCOVERY_STOPPED || 5930 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5931 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5932 &cp->type, sizeof(cp->type)); 5933 goto failed; 5934 } 5935 5936 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 5937 err = mgmt_cmd_complete(sk, hdev->id, op, status, 5938 &cp->type, sizeof(cp->type)); 5939 goto failed; 5940 } 5941 5942 /* Can't start discovery when it is paused */ 5943 if (hdev->discovery_paused) { 5944 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5945 &cp->type, sizeof(cp->type)); 5946 goto failed; 5947 } 5948 5949 /* Clear the discovery filter first to free any previously 5950 * allocated memory for the UUID list. 5951 */ 5952 hci_discovery_filter_clear(hdev); 5953 5954 hdev->discovery.type = cp->type; 5955 hdev->discovery.report_invalid_rssi = false; 5956 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 5957 hdev->discovery.limited = true; 5958 else 5959 hdev->discovery.limited = false; 5960 5961 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5962 if (!cmd) { 5963 err = -ENOMEM; 5964 goto failed; 5965 } 5966 5967 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5968 start_discovery_complete); 5969 if (err < 0) { 5970 mgmt_pending_remove(cmd); 5971 goto failed; 5972 } 5973 5974 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5975 5976failed: 5977 hci_dev_unlock(hdev); 5978 return err; 5979} 5980 5981static int start_discovery(struct sock *sk, struct hci_dev *hdev, 5982 void *data, u16 len) 5983{ 5984 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 5985 data, len); 5986} 5987 5988static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 5989 void *data, u16 len) 5990{ 5991 return start_discovery_internal(sk, hdev, 5992 MGMT_OP_START_LIMITED_DISCOVERY, 5993 data, len); 5994} 5995 5996static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 5997 void *data, u16 len) 5998{ 5999 struct mgmt_cp_start_service_discovery *cp = data; 6000 struct mgmt_pending_cmd *cmd; 6001 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 6002 u16 uuid_count, expected_len; 6003 u8 status; 6004 int err; 6005 6006 bt_dev_dbg(hdev, "sock %p", sk); 6007 6008 hci_dev_lock(hdev); 6009 6010 if (!hdev_is_powered(hdev)) { 6011 err = mgmt_cmd_complete(sk, hdev->id, 6012 MGMT_OP_START_SERVICE_DISCOVERY, 6013 MGMT_STATUS_NOT_POWERED, 6014 &cp->type, sizeof(cp->type)); 6015 goto failed; 6016 } 6017 6018 if (hdev->discovery.state != DISCOVERY_STOPPED || 6019 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 6020 err = mgmt_cmd_complete(sk, hdev->id, 6021 MGMT_OP_START_SERVICE_DISCOVERY, 6022 MGMT_STATUS_BUSY, &cp->type, 6023 sizeof(cp->type)); 6024 goto failed; 6025 } 6026 6027 if (hdev->discovery_paused) { 6028 err = mgmt_cmd_complete(sk, hdev->id, 6029 MGMT_OP_START_SERVICE_DISCOVERY, 6030 MGMT_STATUS_BUSY, &cp->type, 6031 sizeof(cp->type)); 6032 goto failed; 6033 } 6034 6035 uuid_count = __le16_to_cpu(cp->uuid_count); 6036 if (uuid_count > max_uuid_count) { 6037 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 6038 uuid_count); 6039 err = mgmt_cmd_complete(sk, hdev->id, 6040 MGMT_OP_START_SERVICE_DISCOVERY, 6041 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6042 sizeof(cp->type)); 6043 goto failed; 6044 } 6045 6046 expected_len = sizeof(*cp) + uuid_count * 16; 6047 if (expected_len != len) { 6048 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 6049 expected_len, len); 6050 err = mgmt_cmd_complete(sk, hdev->id, 6051 MGMT_OP_START_SERVICE_DISCOVERY, 6052 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6053 sizeof(cp->type)); 6054 goto failed; 6055 } 6056 6057 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 6058 err = mgmt_cmd_complete(sk, hdev->id, 6059 MGMT_OP_START_SERVICE_DISCOVERY, 6060 status, &cp->type, sizeof(cp->type)); 6061 goto failed; 6062 } 6063 6064 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 6065 hdev, data, len); 6066 if (!cmd) { 6067 err = -ENOMEM; 6068 goto failed; 6069 } 6070 6071 /* Clear the discovery filter first to free any previously 6072 * allocated memory for the UUID list. 6073 */ 6074 hci_discovery_filter_clear(hdev); 6075 6076 hdev->discovery.result_filtering = true; 6077 hdev->discovery.type = cp->type; 6078 hdev->discovery.rssi = cp->rssi; 6079 hdev->discovery.uuid_count = uuid_count; 6080 6081 if (uuid_count > 0) { 6082 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 6083 GFP_KERNEL); 6084 if (!hdev->discovery.uuids) { 6085 err = mgmt_cmd_complete(sk, hdev->id, 6086 MGMT_OP_START_SERVICE_DISCOVERY, 6087 MGMT_STATUS_FAILED, 6088 &cp->type, sizeof(cp->type)); 6089 mgmt_pending_remove(cmd); 6090 goto failed; 6091 } 6092 } 6093 6094 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 6095 start_discovery_complete); 6096 if (err < 0) { 6097 mgmt_pending_remove(cmd); 6098 goto failed; 6099 } 6100 6101 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 6102 6103failed: 6104 hci_dev_unlock(hdev); 6105 return err; 6106} 6107 6108void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 6109{ 6110 struct mgmt_pending_cmd *cmd; 6111 6112 bt_dev_dbg(hdev, "status %u", status); 6113 6114 hci_dev_lock(hdev); 6115 6116 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 6117 if (cmd) { 6118 cmd->cmd_complete(cmd, mgmt_status(status)); 6119 mgmt_pending_remove(cmd); 6120 } 6121 6122 hci_dev_unlock(hdev); 6123} 6124 6125static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err) 6126{ 6127 struct mgmt_pending_cmd *cmd = data; 6128 6129 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev)) 6130 return; 6131 6132 bt_dev_dbg(hdev, "err %d", err); 6133 6134 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 6135 cmd->param, 1); 6136 mgmt_pending_remove(cmd); 6137 6138 if (!err) 6139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 6140} 6141 6142static int stop_discovery_sync(struct hci_dev *hdev, void *data) 6143{ 6144 return hci_stop_discovery_sync(hdev); 6145} 6146 6147static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 6148 u16 len) 6149{ 6150 struct mgmt_cp_stop_discovery *mgmt_cp = data; 6151 struct mgmt_pending_cmd *cmd; 6152 int err; 6153 6154 bt_dev_dbg(hdev, "sock %p", sk); 6155 6156 hci_dev_lock(hdev); 6157 6158 if (!hci_discovery_active(hdev)) { 6159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6160 MGMT_STATUS_REJECTED, &mgmt_cp->type, 6161 sizeof(mgmt_cp->type)); 6162 goto unlock; 6163 } 6164 6165 if (hdev->discovery.type != mgmt_cp->type) { 6166 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6167 MGMT_STATUS_INVALID_PARAMS, 6168 &mgmt_cp->type, sizeof(mgmt_cp->type)); 6169 goto unlock; 6170 } 6171 6172 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 6173 if (!cmd) { 6174 err = -ENOMEM; 6175 goto unlock; 6176 } 6177 6178 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd, 6179 stop_discovery_complete); 6180 if (err < 0) { 6181 mgmt_pending_remove(cmd); 6182 goto unlock; 6183 } 6184 6185 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 6186 6187unlock: 6188 hci_dev_unlock(hdev); 6189 return err; 6190} 6191 6192static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 6193 u16 len) 6194{ 6195 struct mgmt_cp_confirm_name *cp = data; 6196 struct inquiry_entry *e; 6197 int err; 6198 6199 bt_dev_dbg(hdev, "sock %p", sk); 6200 6201 hci_dev_lock(hdev); 6202 6203 if (!hci_discovery_active(hdev)) { 6204 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6205 MGMT_STATUS_FAILED, &cp->addr, 6206 sizeof(cp->addr)); 6207 goto failed; 6208 } 6209 6210 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 6211 if (!e) { 6212 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6213 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 6214 sizeof(cp->addr)); 6215 goto failed; 6216 } 6217 6218 if (cp->name_known) { 6219 e->name_state = NAME_KNOWN; 6220 list_del(&e->list); 6221 } else { 6222 e->name_state = NAME_NEEDED; 6223 hci_inquiry_cache_update_resolve(hdev, e); 6224 } 6225 6226 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 6227 &cp->addr, sizeof(cp->addr)); 6228 6229failed: 6230 hci_dev_unlock(hdev); 6231 return err; 6232} 6233 6234static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 6235 u16 len) 6236{ 6237 struct mgmt_cp_block_device *cp = data; 6238 u8 status; 6239 int err; 6240 6241 bt_dev_dbg(hdev, "sock %p", sk); 6242 6243 if (!bdaddr_type_is_valid(cp->addr.type)) 6244 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 6245 MGMT_STATUS_INVALID_PARAMS, 6246 &cp->addr, sizeof(cp->addr)); 6247 6248 hci_dev_lock(hdev); 6249 6250 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr, 6251 cp->addr.type); 6252 if (err < 0) { 6253 status = MGMT_STATUS_FAILED; 6254 goto done; 6255 } 6256 6257 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6258 sk); 6259 status = MGMT_STATUS_SUCCESS; 6260 6261done: 6262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 6263 &cp->addr, sizeof(cp->addr)); 6264 6265 hci_dev_unlock(hdev); 6266 6267 return err; 6268} 6269 6270static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 6271 u16 len) 6272{ 6273 struct mgmt_cp_unblock_device *cp = data; 6274 u8 status; 6275 int err; 6276 6277 bt_dev_dbg(hdev, "sock %p", sk); 6278 6279 if (!bdaddr_type_is_valid(cp->addr.type)) 6280 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 6281 MGMT_STATUS_INVALID_PARAMS, 6282 &cp->addr, sizeof(cp->addr)); 6283 6284 hci_dev_lock(hdev); 6285 6286 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr, 6287 cp->addr.type); 6288 if (err < 0) { 6289 status = MGMT_STATUS_INVALID_PARAMS; 6290 goto done; 6291 } 6292 6293 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6294 sk); 6295 status = MGMT_STATUS_SUCCESS; 6296 6297done: 6298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 6299 &cp->addr, sizeof(cp->addr)); 6300 6301 hci_dev_unlock(hdev); 6302 6303 return err; 6304} 6305 6306static int set_device_id_sync(struct hci_dev *hdev, void *data) 6307{ 6308 return hci_update_eir_sync(hdev); 6309} 6310 6311static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 6312 u16 len) 6313{ 6314 struct mgmt_cp_set_device_id *cp = data; 6315 int err; 6316 __u16 source; 6317 6318 bt_dev_dbg(hdev, "sock %p", sk); 6319 6320 source = __le16_to_cpu(cp->source); 6321 6322 if (source > 0x0002) 6323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 6324 MGMT_STATUS_INVALID_PARAMS); 6325 6326 hci_dev_lock(hdev); 6327 6328 hdev->devid_source = source; 6329 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 6330 hdev->devid_product = __le16_to_cpu(cp->product); 6331 hdev->devid_version = __le16_to_cpu(cp->version); 6332 6333 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 6334 NULL, 0); 6335 6336 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL); 6337 6338 hci_dev_unlock(hdev); 6339 6340 return err; 6341} 6342 6343static void enable_advertising_instance(struct hci_dev *hdev, int err) 6344{ 6345 if (err) 6346 bt_dev_err(hdev, "failed to re-configure advertising %d", err); 6347 else 6348 bt_dev_dbg(hdev, "status %d", err); 6349} 6350 6351static void set_advertising_complete(struct hci_dev *hdev, void *data, int err) 6352{ 6353 struct cmd_lookup match = { NULL, hdev }; 6354 u8 instance; 6355 struct adv_info *adv_instance; 6356 u8 status = mgmt_status(err); 6357 6358 if (status) { 6359 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 6360 cmd_status_rsp, &status); 6361 return; 6362 } 6363 6364 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 6365 hci_dev_set_flag(hdev, HCI_ADVERTISING); 6366 else 6367 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 6368 6369 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 6370 &match); 6371 6372 new_settings(hdev, match.sk); 6373 6374 if (match.sk) 6375 sock_put(match.sk); 6376 6377 /* If "Set Advertising" was just disabled and instance advertising was 6378 * set up earlier, then re-enable multi-instance advertising. 6379 */ 6380 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6381 list_empty(&hdev->adv_instances)) 6382 return; 6383 6384 instance = hdev->cur_adv_instance; 6385 if (!instance) { 6386 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 6387 struct adv_info, list); 6388 if (!adv_instance) 6389 return; 6390 6391 instance = adv_instance->instance; 6392 } 6393 6394 err = hci_schedule_adv_instance_sync(hdev, instance, true); 6395 6396 enable_advertising_instance(hdev, err); 6397} 6398 6399static int set_adv_sync(struct hci_dev *hdev, void *data) 6400{ 6401 struct mgmt_pending_cmd *cmd = data; 6402 struct mgmt_mode *cp = cmd->param; 6403 u8 val = !!cp->val; 6404 6405 if (cp->val == 0x02) 6406 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6407 else 6408 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6409 6410 cancel_adv_timeout(hdev); 6411 6412 if (val) { 6413 /* Switch to instance "0" for the Set Advertising setting. 6414 * We cannot use update_[adv|scan_rsp]_data() here as the 6415 * HCI_ADVERTISING flag is not yet set. 6416 */ 6417 hdev->cur_adv_instance = 0x00; 6418 6419 if (ext_adv_capable(hdev)) { 6420 hci_start_ext_adv_sync(hdev, 0x00); 6421 } else { 6422 hci_update_adv_data_sync(hdev, 0x00); 6423 hci_update_scan_rsp_data_sync(hdev, 0x00); 6424 hci_enable_advertising_sync(hdev); 6425 } 6426 } else { 6427 hci_disable_advertising_sync(hdev); 6428 } 6429 6430 return 0; 6431} 6432 6433static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 6434 u16 len) 6435{ 6436 struct mgmt_mode *cp = data; 6437 struct mgmt_pending_cmd *cmd; 6438 u8 val, status; 6439 int err; 6440 6441 bt_dev_dbg(hdev, "sock %p", sk); 6442 6443 status = mgmt_le_support(hdev); 6444 if (status) 6445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6446 status); 6447 6448 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6449 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6450 MGMT_STATUS_INVALID_PARAMS); 6451 6452 if (hdev->advertising_paused) 6453 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6454 MGMT_STATUS_BUSY); 6455 6456 hci_dev_lock(hdev); 6457 6458 val = !!cp->val; 6459 6460 /* The following conditions are ones which mean that we should 6461 * not do any HCI communication but directly send a mgmt 6462 * response to user space (after toggling the flag if 6463 * necessary). 6464 */ 6465 if (!hdev_is_powered(hdev) || 6466 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 6467 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 6468 hci_dev_test_flag(hdev, HCI_MESH) || 6469 hci_conn_num(hdev, LE_LINK) > 0 || 6470 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6471 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 6472 bool changed; 6473 6474 if (cp->val) { 6475 hdev->cur_adv_instance = 0x00; 6476 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 6477 if (cp->val == 0x02) 6478 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6479 else 6480 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6481 } else { 6482 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 6483 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6484 } 6485 6486 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 6487 if (err < 0) 6488 goto unlock; 6489 6490 if (changed) 6491 err = new_settings(hdev, sk); 6492 6493 goto unlock; 6494 } 6495 6496 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 6497 pending_find(MGMT_OP_SET_LE, hdev)) { 6498 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6499 MGMT_STATUS_BUSY); 6500 goto unlock; 6501 } 6502 6503 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 6504 if (!cmd) 6505 err = -ENOMEM; 6506 else 6507 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd, 6508 set_advertising_complete); 6509 6510 if (err < 0 && cmd) 6511 mgmt_pending_remove(cmd); 6512 6513unlock: 6514 hci_dev_unlock(hdev); 6515 return err; 6516} 6517 6518static int set_static_address(struct sock *sk, struct hci_dev *hdev, 6519 void *data, u16 len) 6520{ 6521 struct mgmt_cp_set_static_address *cp = data; 6522 int err; 6523 6524 bt_dev_dbg(hdev, "sock %p", sk); 6525 6526 if (!lmp_le_capable(hdev)) 6527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6528 MGMT_STATUS_NOT_SUPPORTED); 6529 6530 if (hdev_is_powered(hdev)) 6531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6532 MGMT_STATUS_REJECTED); 6533 6534 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 6535 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 6536 return mgmt_cmd_status(sk, hdev->id, 6537 MGMT_OP_SET_STATIC_ADDRESS, 6538 MGMT_STATUS_INVALID_PARAMS); 6539 6540 /* Two most significant bits shall be set */ 6541 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 6542 return mgmt_cmd_status(sk, hdev->id, 6543 MGMT_OP_SET_STATIC_ADDRESS, 6544 MGMT_STATUS_INVALID_PARAMS); 6545 } 6546 6547 hci_dev_lock(hdev); 6548 6549 bacpy(&hdev->static_addr, &cp->bdaddr); 6550 6551 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 6552 if (err < 0) 6553 goto unlock; 6554 6555 err = new_settings(hdev, sk); 6556 6557unlock: 6558 hci_dev_unlock(hdev); 6559 return err; 6560} 6561 6562static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 6563 void *data, u16 len) 6564{ 6565 struct mgmt_cp_set_scan_params *cp = data; 6566 __u16 interval, window; 6567 int err; 6568 6569 bt_dev_dbg(hdev, "sock %p", sk); 6570 6571 if (!lmp_le_capable(hdev)) 6572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6573 MGMT_STATUS_NOT_SUPPORTED); 6574 6575 interval = __le16_to_cpu(cp->interval); 6576 6577 if (interval < 0x0004 || interval > 0x4000) 6578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6579 MGMT_STATUS_INVALID_PARAMS); 6580 6581 window = __le16_to_cpu(cp->window); 6582 6583 if (window < 0x0004 || window > 0x4000) 6584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6585 MGMT_STATUS_INVALID_PARAMS); 6586 6587 if (window > interval) 6588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6589 MGMT_STATUS_INVALID_PARAMS); 6590 6591 hci_dev_lock(hdev); 6592 6593 hdev->le_scan_interval = interval; 6594 hdev->le_scan_window = window; 6595 6596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 6597 NULL, 0); 6598 6599 /* If background scan is running, restart it so new parameters are 6600 * loaded. 6601 */ 6602 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6603 hdev->discovery.state == DISCOVERY_STOPPED) 6604 hci_update_passive_scan(hdev); 6605 6606 hci_dev_unlock(hdev); 6607 6608 return err; 6609} 6610 6611static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err) 6612{ 6613 struct mgmt_pending_cmd *cmd = data; 6614 6615 bt_dev_dbg(hdev, "err %d", err); 6616 6617 if (err) { 6618 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6619 mgmt_status(err)); 6620 } else { 6621 struct mgmt_mode *cp = cmd->param; 6622 6623 if (cp->val) 6624 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 6625 else 6626 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6627 6628 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6629 new_settings(hdev, cmd->sk); 6630 } 6631 6632 mgmt_pending_free(cmd); 6633} 6634 6635static int write_fast_connectable_sync(struct hci_dev *hdev, void *data) 6636{ 6637 struct mgmt_pending_cmd *cmd = data; 6638 struct mgmt_mode *cp = cmd->param; 6639 6640 return hci_write_fast_connectable_sync(hdev, cp->val); 6641} 6642 6643static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 6644 void *data, u16 len) 6645{ 6646 struct mgmt_mode *cp = data; 6647 struct mgmt_pending_cmd *cmd; 6648 int err; 6649 6650 bt_dev_dbg(hdev, "sock %p", sk); 6651 6652 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 6653 hdev->hci_ver < BLUETOOTH_VER_1_2) 6654 return mgmt_cmd_status(sk, hdev->id, 6655 MGMT_OP_SET_FAST_CONNECTABLE, 6656 MGMT_STATUS_NOT_SUPPORTED); 6657 6658 if (cp->val != 0x00 && cp->val != 0x01) 6659 return mgmt_cmd_status(sk, hdev->id, 6660 MGMT_OP_SET_FAST_CONNECTABLE, 6661 MGMT_STATUS_INVALID_PARAMS); 6662 6663 hci_dev_lock(hdev); 6664 6665 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 6666 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6667 goto unlock; 6668 } 6669 6670 if (!hdev_is_powered(hdev)) { 6671 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 6672 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6673 new_settings(hdev, sk); 6674 goto unlock; 6675 } 6676 6677 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data, 6678 len); 6679 if (!cmd) 6680 err = -ENOMEM; 6681 else 6682 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd, 6683 fast_connectable_complete); 6684 6685 if (err < 0) { 6686 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6687 MGMT_STATUS_FAILED); 6688 6689 if (cmd) 6690 mgmt_pending_free(cmd); 6691 } 6692 6693unlock: 6694 hci_dev_unlock(hdev); 6695 6696 return err; 6697} 6698 6699static void set_bredr_complete(struct hci_dev *hdev, void *data, int err) 6700{ 6701 struct mgmt_pending_cmd *cmd = data; 6702 6703 bt_dev_dbg(hdev, "err %d", err); 6704 6705 if (err) { 6706 u8 mgmt_err = mgmt_status(err); 6707 6708 /* We need to restore the flag if related HCI commands 6709 * failed. 6710 */ 6711 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 6712 6713 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6714 } else { 6715 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 6716 new_settings(hdev, cmd->sk); 6717 } 6718 6719 mgmt_pending_free(cmd); 6720} 6721 6722static int set_bredr_sync(struct hci_dev *hdev, void *data) 6723{ 6724 int status; 6725 6726 status = hci_write_fast_connectable_sync(hdev, false); 6727 6728 if (!status) 6729 status = hci_update_scan_sync(hdev); 6730 6731 /* Since only the advertising data flags will change, there 6732 * is no need to update the scan response data. 6733 */ 6734 if (!status) 6735 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance); 6736 6737 return status; 6738} 6739 6740static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 6741{ 6742 struct mgmt_mode *cp = data; 6743 struct mgmt_pending_cmd *cmd; 6744 int err; 6745 6746 bt_dev_dbg(hdev, "sock %p", sk); 6747 6748 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 6749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6750 MGMT_STATUS_NOT_SUPPORTED); 6751 6752 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6753 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6754 MGMT_STATUS_REJECTED); 6755 6756 if (cp->val != 0x00 && cp->val != 0x01) 6757 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6758 MGMT_STATUS_INVALID_PARAMS); 6759 6760 hci_dev_lock(hdev); 6761 6762 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6763 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6764 goto unlock; 6765 } 6766 6767 if (!hdev_is_powered(hdev)) { 6768 if (!cp->val) { 6769 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 6770 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 6771 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 6772 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6773 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 6774 } 6775 6776 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 6777 6778 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6779 if (err < 0) 6780 goto unlock; 6781 6782 err = new_settings(hdev, sk); 6783 goto unlock; 6784 } 6785 6786 /* Reject disabling when powered on */ 6787 if (!cp->val) { 6788 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6789 MGMT_STATUS_REJECTED); 6790 goto unlock; 6791 } else { 6792 /* When configuring a dual-mode controller to operate 6793 * with LE only and using a static address, then switching 6794 * BR/EDR back on is not allowed. 6795 * 6796 * Dual-mode controllers shall operate with the public 6797 * address as its identity address for BR/EDR and LE. So 6798 * reject the attempt to create an invalid configuration. 6799 * 6800 * The same restrictions applies when secure connections 6801 * has been enabled. For BR/EDR this is a controller feature 6802 * while for LE it is a host stack feature. This means that 6803 * switching BR/EDR back on when secure connections has been 6804 * enabled is not a supported transaction. 6805 */ 6806 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6807 (bacmp(&hdev->static_addr, BDADDR_ANY) || 6808 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 6809 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6810 MGMT_STATUS_REJECTED); 6811 goto unlock; 6812 } 6813 } 6814 6815 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len); 6816 if (!cmd) 6817 err = -ENOMEM; 6818 else 6819 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd, 6820 set_bredr_complete); 6821 6822 if (err < 0) { 6823 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6824 MGMT_STATUS_FAILED); 6825 if (cmd) 6826 mgmt_pending_free(cmd); 6827 6828 goto unlock; 6829 } 6830 6831 /* We need to flip the bit already here so that 6832 * hci_req_update_adv_data generates the correct flags. 6833 */ 6834 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 6835 6836unlock: 6837 hci_dev_unlock(hdev); 6838 return err; 6839} 6840 6841static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err) 6842{ 6843 struct mgmt_pending_cmd *cmd = data; 6844 struct mgmt_mode *cp; 6845 6846 bt_dev_dbg(hdev, "err %d", err); 6847 6848 if (err) { 6849 u8 mgmt_err = mgmt_status(err); 6850 6851 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6852 goto done; 6853 } 6854 6855 cp = cmd->param; 6856 6857 switch (cp->val) { 6858 case 0x00: 6859 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 6860 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6861 break; 6862 case 0x01: 6863 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6864 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6865 break; 6866 case 0x02: 6867 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6868 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6869 break; 6870 } 6871 6872 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 6873 new_settings(hdev, cmd->sk); 6874 6875done: 6876 mgmt_pending_free(cmd); 6877} 6878 6879static int set_secure_conn_sync(struct hci_dev *hdev, void *data) 6880{ 6881 struct mgmt_pending_cmd *cmd = data; 6882 struct mgmt_mode *cp = cmd->param; 6883 u8 val = !!cp->val; 6884 6885 /* Force write of val */ 6886 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6887 6888 return hci_write_sc_support_sync(hdev, val); 6889} 6890 6891static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 6892 void *data, u16 len) 6893{ 6894 struct mgmt_mode *cp = data; 6895 struct mgmt_pending_cmd *cmd; 6896 u8 val; 6897 int err; 6898 6899 bt_dev_dbg(hdev, "sock %p", sk); 6900 6901 if (!lmp_sc_capable(hdev) && 6902 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6904 MGMT_STATUS_NOT_SUPPORTED); 6905 6906 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6907 lmp_sc_capable(hdev) && 6908 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 6909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6910 MGMT_STATUS_REJECTED); 6911 6912 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6914 MGMT_STATUS_INVALID_PARAMS); 6915 6916 hci_dev_lock(hdev); 6917 6918 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 6919 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6920 bool changed; 6921 6922 if (cp->val) { 6923 changed = !hci_dev_test_and_set_flag(hdev, 6924 HCI_SC_ENABLED); 6925 if (cp->val == 0x02) 6926 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6927 else 6928 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6929 } else { 6930 changed = hci_dev_test_and_clear_flag(hdev, 6931 HCI_SC_ENABLED); 6932 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6933 } 6934 6935 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6936 if (err < 0) 6937 goto failed; 6938 6939 if (changed) 6940 err = new_settings(hdev, sk); 6941 6942 goto failed; 6943 } 6944 6945 val = !!cp->val; 6946 6947 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6948 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6949 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6950 goto failed; 6951 } 6952 6953 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 6954 if (!cmd) 6955 err = -ENOMEM; 6956 else 6957 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd, 6958 set_secure_conn_complete); 6959 6960 if (err < 0) { 6961 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6962 MGMT_STATUS_FAILED); 6963 if (cmd) 6964 mgmt_pending_free(cmd); 6965 } 6966 6967failed: 6968 hci_dev_unlock(hdev); 6969 return err; 6970} 6971 6972static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 6973 void *data, u16 len) 6974{ 6975 struct mgmt_mode *cp = data; 6976 bool changed, use_changed; 6977 int err; 6978 6979 bt_dev_dbg(hdev, "sock %p", sk); 6980 6981 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 6983 MGMT_STATUS_INVALID_PARAMS); 6984 6985 hci_dev_lock(hdev); 6986 6987 if (cp->val) 6988 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 6989 else 6990 changed = hci_dev_test_and_clear_flag(hdev, 6991 HCI_KEEP_DEBUG_KEYS); 6992 6993 if (cp->val == 0x02) 6994 use_changed = !hci_dev_test_and_set_flag(hdev, 6995 HCI_USE_DEBUG_KEYS); 6996 else 6997 use_changed = hci_dev_test_and_clear_flag(hdev, 6998 HCI_USE_DEBUG_KEYS); 6999 7000 if (hdev_is_powered(hdev) && use_changed && 7001 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7002 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 7003 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 7004 sizeof(mode), &mode); 7005 } 7006 7007 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 7008 if (err < 0) 7009 goto unlock; 7010 7011 if (changed) 7012 err = new_settings(hdev, sk); 7013 7014unlock: 7015 hci_dev_unlock(hdev); 7016 return err; 7017} 7018 7019static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 7020 u16 len) 7021{ 7022 struct mgmt_cp_set_privacy *cp = cp_data; 7023 bool changed; 7024 int err; 7025 7026 bt_dev_dbg(hdev, "sock %p", sk); 7027 7028 if (!lmp_le_capable(hdev)) 7029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7030 MGMT_STATUS_NOT_SUPPORTED); 7031 7032 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 7033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7034 MGMT_STATUS_INVALID_PARAMS); 7035 7036 if (hdev_is_powered(hdev)) 7037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 7038 MGMT_STATUS_REJECTED); 7039 7040 hci_dev_lock(hdev); 7041 7042 /* If user space supports this command it is also expected to 7043 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 7044 */ 7045 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7046 7047 if (cp->privacy) { 7048 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 7049 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 7050 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 7051 hci_adv_instances_set_rpa_expired(hdev, true); 7052 if (cp->privacy == 0x02) 7053 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 7054 else 7055 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7056 } else { 7057 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 7058 memset(hdev->irk, 0, sizeof(hdev->irk)); 7059 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 7060 hci_adv_instances_set_rpa_expired(hdev, false); 7061 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7062 } 7063 7064 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 7065 if (err < 0) 7066 goto unlock; 7067 7068 if (changed) 7069 err = new_settings(hdev, sk); 7070 7071unlock: 7072 hci_dev_unlock(hdev); 7073 return err; 7074} 7075 7076static bool irk_is_valid(struct mgmt_irk_info *irk) 7077{ 7078 switch (irk->addr.type) { 7079 case BDADDR_LE_PUBLIC: 7080 return true; 7081 7082 case BDADDR_LE_RANDOM: 7083 /* Two most significant bits shall be set */ 7084 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7085 return false; 7086 return true; 7087 } 7088 7089 return false; 7090} 7091 7092static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 7093 u16 len) 7094{ 7095 struct mgmt_cp_load_irks *cp = cp_data; 7096 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 7097 sizeof(struct mgmt_irk_info)); 7098 u16 irk_count, expected_len; 7099 int i, err; 7100 7101 bt_dev_dbg(hdev, "sock %p", sk); 7102 7103 if (!lmp_le_capable(hdev)) 7104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7105 MGMT_STATUS_NOT_SUPPORTED); 7106 7107 irk_count = __le16_to_cpu(cp->irk_count); 7108 if (irk_count > max_irk_count) { 7109 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 7110 irk_count); 7111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7112 MGMT_STATUS_INVALID_PARAMS); 7113 } 7114 7115 expected_len = struct_size(cp, irks, irk_count); 7116 if (expected_len != len) { 7117 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 7118 expected_len, len); 7119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7120 MGMT_STATUS_INVALID_PARAMS); 7121 } 7122 7123 bt_dev_dbg(hdev, "irk_count %u", irk_count); 7124 7125 for (i = 0; i < irk_count; i++) { 7126 struct mgmt_irk_info *key = &cp->irks[i]; 7127 7128 if (!irk_is_valid(key)) 7129 return mgmt_cmd_status(sk, hdev->id, 7130 MGMT_OP_LOAD_IRKS, 7131 MGMT_STATUS_INVALID_PARAMS); 7132 } 7133 7134 hci_dev_lock(hdev); 7135 7136 hci_smp_irks_clear(hdev); 7137 7138 for (i = 0; i < irk_count; i++) { 7139 struct mgmt_irk_info *irk = &cp->irks[i]; 7140 7141 if (hci_is_blocked_key(hdev, 7142 HCI_BLOCKED_KEY_TYPE_IRK, 7143 irk->val)) { 7144 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 7145 &irk->addr.bdaddr); 7146 continue; 7147 } 7148 7149 hci_add_irk(hdev, &irk->addr.bdaddr, 7150 le_addr_type(irk->addr.type), irk->val, 7151 BDADDR_ANY); 7152 } 7153 7154 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7155 7156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 7157 7158 hci_dev_unlock(hdev); 7159 7160 return err; 7161} 7162 7163static bool ltk_is_valid(struct mgmt_ltk_info *key) 7164{ 7165 if (key->initiator != 0x00 && key->initiator != 0x01) 7166 return false; 7167 7168 switch (key->addr.type) { 7169 case BDADDR_LE_PUBLIC: 7170 return true; 7171 7172 case BDADDR_LE_RANDOM: 7173 /* Two most significant bits shall be set */ 7174 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7175 return false; 7176 return true; 7177 } 7178 7179 return false; 7180} 7181 7182static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 7183 void *cp_data, u16 len) 7184{ 7185 struct mgmt_cp_load_long_term_keys *cp = cp_data; 7186 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 7187 sizeof(struct mgmt_ltk_info)); 7188 u16 key_count, expected_len; 7189 int i, err; 7190 7191 bt_dev_dbg(hdev, "sock %p", sk); 7192 7193 if (!lmp_le_capable(hdev)) 7194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7195 MGMT_STATUS_NOT_SUPPORTED); 7196 7197 key_count = __le16_to_cpu(cp->key_count); 7198 if (key_count > max_key_count) { 7199 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 7200 key_count); 7201 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7202 MGMT_STATUS_INVALID_PARAMS); 7203 } 7204 7205 expected_len = struct_size(cp, keys, key_count); 7206 if (expected_len != len) { 7207 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 7208 expected_len, len); 7209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7210 MGMT_STATUS_INVALID_PARAMS); 7211 } 7212 7213 bt_dev_dbg(hdev, "key_count %u", key_count); 7214 7215 for (i = 0; i < key_count; i++) { 7216 struct mgmt_ltk_info *key = &cp->keys[i]; 7217 7218 if (!ltk_is_valid(key)) 7219 return mgmt_cmd_status(sk, hdev->id, 7220 MGMT_OP_LOAD_LONG_TERM_KEYS, 7221 MGMT_STATUS_INVALID_PARAMS); 7222 } 7223 7224 hci_dev_lock(hdev); 7225 7226 hci_smp_ltks_clear(hdev); 7227 7228 for (i = 0; i < key_count; i++) { 7229 struct mgmt_ltk_info *key = &cp->keys[i]; 7230 u8 type, authenticated; 7231 7232 if (hci_is_blocked_key(hdev, 7233 HCI_BLOCKED_KEY_TYPE_LTK, 7234 key->val)) { 7235 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 7236 &key->addr.bdaddr); 7237 continue; 7238 } 7239 7240 switch (key->type) { 7241 case MGMT_LTK_UNAUTHENTICATED: 7242 authenticated = 0x00; 7243 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7244 break; 7245 case MGMT_LTK_AUTHENTICATED: 7246 authenticated = 0x01; 7247 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7248 break; 7249 case MGMT_LTK_P256_UNAUTH: 7250 authenticated = 0x00; 7251 type = SMP_LTK_P256; 7252 break; 7253 case MGMT_LTK_P256_AUTH: 7254 authenticated = 0x01; 7255 type = SMP_LTK_P256; 7256 break; 7257 case MGMT_LTK_P256_DEBUG: 7258 authenticated = 0x00; 7259 type = SMP_LTK_P256_DEBUG; 7260 fallthrough; 7261 default: 7262 continue; 7263 } 7264 7265 hci_add_ltk(hdev, &key->addr.bdaddr, 7266 le_addr_type(key->addr.type), type, authenticated, 7267 key->val, key->enc_size, key->ediv, key->rand); 7268 } 7269 7270 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 7271 NULL, 0); 7272 7273 hci_dev_unlock(hdev); 7274 7275 return err; 7276} 7277 7278static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err) 7279{ 7280 struct mgmt_pending_cmd *cmd = data; 7281 struct hci_conn *conn = cmd->user_data; 7282 struct mgmt_cp_get_conn_info *cp = cmd->param; 7283 struct mgmt_rp_get_conn_info rp; 7284 u8 status; 7285 7286 bt_dev_dbg(hdev, "err %d", err); 7287 7288 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr)); 7289 7290 status = mgmt_status(err); 7291 if (status == MGMT_STATUS_SUCCESS) { 7292 rp.rssi = conn->rssi; 7293 rp.tx_power = conn->tx_power; 7294 rp.max_tx_power = conn->max_tx_power; 7295 } else { 7296 rp.rssi = HCI_RSSI_INVALID; 7297 rp.tx_power = HCI_TX_POWER_INVALID; 7298 rp.max_tx_power = HCI_TX_POWER_INVALID; 7299 } 7300 7301 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status, 7302 &rp, sizeof(rp)); 7303 7304 mgmt_pending_free(cmd); 7305} 7306 7307static int get_conn_info_sync(struct hci_dev *hdev, void *data) 7308{ 7309 struct mgmt_pending_cmd *cmd = data; 7310 struct mgmt_cp_get_conn_info *cp = cmd->param; 7311 struct hci_conn *conn; 7312 int err; 7313 __le16 handle; 7314 7315 /* Make sure we are still connected */ 7316 if (cp->addr.type == BDADDR_BREDR) 7317 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7318 &cp->addr.bdaddr); 7319 else 7320 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7321 7322 if (!conn || conn->state != BT_CONNECTED) 7323 return MGMT_STATUS_NOT_CONNECTED; 7324 7325 cmd->user_data = conn; 7326 handle = cpu_to_le16(conn->handle); 7327 7328 /* Refresh RSSI each time */ 7329 err = hci_read_rssi_sync(hdev, handle); 7330 7331 /* For LE links TX power does not change thus we don't need to 7332 * query for it once value is known. 7333 */ 7334 if (!err && (!bdaddr_type_is_le(cp->addr.type) || 7335 conn->tx_power == HCI_TX_POWER_INVALID)) 7336 err = hci_read_tx_power_sync(hdev, handle, 0x00); 7337 7338 /* Max TX power needs to be read only once per connection */ 7339 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID) 7340 err = hci_read_tx_power_sync(hdev, handle, 0x01); 7341 7342 return err; 7343} 7344 7345static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 7346 u16 len) 7347{ 7348 struct mgmt_cp_get_conn_info *cp = data; 7349 struct mgmt_rp_get_conn_info rp; 7350 struct hci_conn *conn; 7351 unsigned long conn_info_age; 7352 int err = 0; 7353 7354 bt_dev_dbg(hdev, "sock %p", sk); 7355 7356 memset(&rp, 0, sizeof(rp)); 7357 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7358 rp.addr.type = cp->addr.type; 7359 7360 if (!bdaddr_type_is_valid(cp->addr.type)) 7361 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7362 MGMT_STATUS_INVALID_PARAMS, 7363 &rp, sizeof(rp)); 7364 7365 hci_dev_lock(hdev); 7366 7367 if (!hdev_is_powered(hdev)) { 7368 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7369 MGMT_STATUS_NOT_POWERED, &rp, 7370 sizeof(rp)); 7371 goto unlock; 7372 } 7373 7374 if (cp->addr.type == BDADDR_BREDR) 7375 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7376 &cp->addr.bdaddr); 7377 else 7378 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7379 7380 if (!conn || conn->state != BT_CONNECTED) { 7381 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7382 MGMT_STATUS_NOT_CONNECTED, &rp, 7383 sizeof(rp)); 7384 goto unlock; 7385 } 7386 7387 /* To avoid client trying to guess when to poll again for information we 7388 * calculate conn info age as random value between min/max set in hdev. 7389 */ 7390 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age, 7391 hdev->conn_info_max_age - 1); 7392 7393 /* Query controller to refresh cached values if they are too old or were 7394 * never read. 7395 */ 7396 if (time_after(jiffies, conn->conn_info_timestamp + 7397 msecs_to_jiffies(conn_info_age)) || 7398 !conn->conn_info_timestamp) { 7399 struct mgmt_pending_cmd *cmd; 7400 7401 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data, 7402 len); 7403 if (!cmd) { 7404 err = -ENOMEM; 7405 } else { 7406 err = hci_cmd_sync_queue(hdev, get_conn_info_sync, 7407 cmd, get_conn_info_complete); 7408 } 7409 7410 if (err < 0) { 7411 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7412 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7413 7414 if (cmd) 7415 mgmt_pending_free(cmd); 7416 7417 goto unlock; 7418 } 7419 7420 conn->conn_info_timestamp = jiffies; 7421 } else { 7422 /* Cache is valid, just reply with values cached in hci_conn */ 7423 rp.rssi = conn->rssi; 7424 rp.tx_power = conn->tx_power; 7425 rp.max_tx_power = conn->max_tx_power; 7426 7427 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7428 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 7429 } 7430 7431unlock: 7432 hci_dev_unlock(hdev); 7433 return err; 7434} 7435 7436static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err) 7437{ 7438 struct mgmt_pending_cmd *cmd = data; 7439 struct mgmt_cp_get_clock_info *cp = cmd->param; 7440 struct mgmt_rp_get_clock_info rp; 7441 struct hci_conn *conn = cmd->user_data; 7442 u8 status = mgmt_status(err); 7443 7444 bt_dev_dbg(hdev, "err %d", err); 7445 7446 memset(&rp, 0, sizeof(rp)); 7447 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7448 rp.addr.type = cp->addr.type; 7449 7450 if (err) 7451 goto complete; 7452 7453 rp.local_clock = cpu_to_le32(hdev->clock); 7454 7455 if (conn) { 7456 rp.piconet_clock = cpu_to_le32(conn->clock); 7457 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 7458 } 7459 7460complete: 7461 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 7462 sizeof(rp)); 7463 7464 mgmt_pending_free(cmd); 7465} 7466 7467static int get_clock_info_sync(struct hci_dev *hdev, void *data) 7468{ 7469 struct mgmt_pending_cmd *cmd = data; 7470 struct mgmt_cp_get_clock_info *cp = cmd->param; 7471 struct hci_cp_read_clock hci_cp; 7472 struct hci_conn *conn; 7473 7474 memset(&hci_cp, 0, sizeof(hci_cp)); 7475 hci_read_clock_sync(hdev, &hci_cp); 7476 7477 /* Make sure connection still exists */ 7478 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 7479 if (!conn || conn->state != BT_CONNECTED) 7480 return MGMT_STATUS_NOT_CONNECTED; 7481 7482 cmd->user_data = conn; 7483 hci_cp.handle = cpu_to_le16(conn->handle); 7484 hci_cp.which = 0x01; /* Piconet clock */ 7485 7486 return hci_read_clock_sync(hdev, &hci_cp); 7487} 7488 7489static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 7490 u16 len) 7491{ 7492 struct mgmt_cp_get_clock_info *cp = data; 7493 struct mgmt_rp_get_clock_info rp; 7494 struct mgmt_pending_cmd *cmd; 7495 struct hci_conn *conn; 7496 int err; 7497 7498 bt_dev_dbg(hdev, "sock %p", sk); 7499 7500 memset(&rp, 0, sizeof(rp)); 7501 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7502 rp.addr.type = cp->addr.type; 7503 7504 if (cp->addr.type != BDADDR_BREDR) 7505 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7506 MGMT_STATUS_INVALID_PARAMS, 7507 &rp, sizeof(rp)); 7508 7509 hci_dev_lock(hdev); 7510 7511 if (!hdev_is_powered(hdev)) { 7512 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7513 MGMT_STATUS_NOT_POWERED, &rp, 7514 sizeof(rp)); 7515 goto unlock; 7516 } 7517 7518 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7520 &cp->addr.bdaddr); 7521 if (!conn || conn->state != BT_CONNECTED) { 7522 err = mgmt_cmd_complete(sk, hdev->id, 7523 MGMT_OP_GET_CLOCK_INFO, 7524 MGMT_STATUS_NOT_CONNECTED, 7525 &rp, sizeof(rp)); 7526 goto unlock; 7527 } 7528 } else { 7529 conn = NULL; 7530 } 7531 7532 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 7533 if (!cmd) 7534 err = -ENOMEM; 7535 else 7536 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd, 7537 get_clock_info_complete); 7538 7539 if (err < 0) { 7540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7541 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7542 7543 if (cmd) 7544 mgmt_pending_free(cmd); 7545 } 7546 7547 7548unlock: 7549 hci_dev_unlock(hdev); 7550 return err; 7551} 7552 7553static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 7554{ 7555 struct hci_conn *conn; 7556 7557 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 7558 if (!conn) 7559 return false; 7560 7561 if (conn->dst_type != type) 7562 return false; 7563 7564 if (conn->state != BT_CONNECTED) 7565 return false; 7566 7567 return true; 7568} 7569 7570/* This function requires the caller holds hdev->lock */ 7571static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 7572 u8 addr_type, u8 auto_connect) 7573{ 7574 struct hci_conn_params *params; 7575 7576 params = hci_conn_params_add(hdev, addr, addr_type); 7577 if (!params) 7578 return -EIO; 7579 7580 if (params->auto_connect == auto_connect) 7581 return 0; 7582 7583 list_del_init(&params->action); 7584 7585 switch (auto_connect) { 7586 case HCI_AUTO_CONN_DISABLED: 7587 case HCI_AUTO_CONN_LINK_LOSS: 7588 /* If auto connect is being disabled when we're trying to 7589 * connect to device, keep connecting. 7590 */ 7591 if (params->explicit_connect) 7592 list_add(&params->action, &hdev->pend_le_conns); 7593 break; 7594 case HCI_AUTO_CONN_REPORT: 7595 if (params->explicit_connect) 7596 list_add(&params->action, &hdev->pend_le_conns); 7597 else 7598 list_add(&params->action, &hdev->pend_le_reports); 7599 break; 7600 case HCI_AUTO_CONN_DIRECT: 7601 case HCI_AUTO_CONN_ALWAYS: 7602 if (!is_connected(hdev, addr, addr_type)) 7603 list_add(&params->action, &hdev->pend_le_conns); 7604 break; 7605 } 7606 7607 params->auto_connect = auto_connect; 7608 7609 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 7610 addr, addr_type, auto_connect); 7611 7612 return 0; 7613} 7614 7615static void device_added(struct sock *sk, struct hci_dev *hdev, 7616 bdaddr_t *bdaddr, u8 type, u8 action) 7617{ 7618 struct mgmt_ev_device_added ev; 7619 7620 bacpy(&ev.addr.bdaddr, bdaddr); 7621 ev.addr.type = type; 7622 ev.action = action; 7623 7624 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 7625} 7626 7627static int add_device_sync(struct hci_dev *hdev, void *data) 7628{ 7629 return hci_update_passive_scan_sync(hdev); 7630} 7631 7632static int add_device(struct sock *sk, struct hci_dev *hdev, 7633 void *data, u16 len) 7634{ 7635 struct mgmt_cp_add_device *cp = data; 7636 u8 auto_conn, addr_type; 7637 struct hci_conn_params *params; 7638 int err; 7639 u32 current_flags = 0; 7640 u32 supported_flags; 7641 7642 bt_dev_dbg(hdev, "sock %p", sk); 7643 7644 if (!bdaddr_type_is_valid(cp->addr.type) || 7645 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 7646 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7647 MGMT_STATUS_INVALID_PARAMS, 7648 &cp->addr, sizeof(cp->addr)); 7649 7650 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 7651 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7652 MGMT_STATUS_INVALID_PARAMS, 7653 &cp->addr, sizeof(cp->addr)); 7654 7655 hci_dev_lock(hdev); 7656 7657 if (cp->addr.type == BDADDR_BREDR) { 7658 /* Only incoming connections action is supported for now */ 7659 if (cp->action != 0x01) { 7660 err = mgmt_cmd_complete(sk, hdev->id, 7661 MGMT_OP_ADD_DEVICE, 7662 MGMT_STATUS_INVALID_PARAMS, 7663 &cp->addr, sizeof(cp->addr)); 7664 goto unlock; 7665 } 7666 7667 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list, 7668 &cp->addr.bdaddr, 7669 cp->addr.type, 0); 7670 if (err) 7671 goto unlock; 7672 7673 hci_update_scan(hdev); 7674 7675 goto added; 7676 } 7677 7678 addr_type = le_addr_type(cp->addr.type); 7679 7680 if (cp->action == 0x02) 7681 auto_conn = HCI_AUTO_CONN_ALWAYS; 7682 else if (cp->action == 0x01) 7683 auto_conn = HCI_AUTO_CONN_DIRECT; 7684 else 7685 auto_conn = HCI_AUTO_CONN_REPORT; 7686 7687 /* Kernel internally uses conn_params with resolvable private 7688 * address, but Add Device allows only identity addresses. 7689 * Make sure it is enforced before calling 7690 * hci_conn_params_lookup. 7691 */ 7692 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7694 MGMT_STATUS_INVALID_PARAMS, 7695 &cp->addr, sizeof(cp->addr)); 7696 goto unlock; 7697 } 7698 7699 /* If the connection parameters don't exist for this device, 7700 * they will be created and configured with defaults. 7701 */ 7702 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7703 auto_conn) < 0) { 7704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7705 MGMT_STATUS_FAILED, &cp->addr, 7706 sizeof(cp->addr)); 7707 goto unlock; 7708 } else { 7709 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7710 addr_type); 7711 if (params) 7712 current_flags = params->flags; 7713 } 7714 7715 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL); 7716 if (err < 0) 7717 goto unlock; 7718 7719added: 7720 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 7721 supported_flags = hdev->conn_flags; 7722 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 7723 supported_flags, current_flags); 7724 7725 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7726 MGMT_STATUS_SUCCESS, &cp->addr, 7727 sizeof(cp->addr)); 7728 7729unlock: 7730 hci_dev_unlock(hdev); 7731 return err; 7732} 7733 7734static void device_removed(struct sock *sk, struct hci_dev *hdev, 7735 bdaddr_t *bdaddr, u8 type) 7736{ 7737 struct mgmt_ev_device_removed ev; 7738 7739 bacpy(&ev.addr.bdaddr, bdaddr); 7740 ev.addr.type = type; 7741 7742 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 7743} 7744 7745static int remove_device_sync(struct hci_dev *hdev, void *data) 7746{ 7747 return hci_update_passive_scan_sync(hdev); 7748} 7749 7750static int remove_device(struct sock *sk, struct hci_dev *hdev, 7751 void *data, u16 len) 7752{ 7753 struct mgmt_cp_remove_device *cp = data; 7754 int err; 7755 7756 bt_dev_dbg(hdev, "sock %p", sk); 7757 7758 hci_dev_lock(hdev); 7759 7760 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7761 struct hci_conn_params *params; 7762 u8 addr_type; 7763 7764 if (!bdaddr_type_is_valid(cp->addr.type)) { 7765 err = mgmt_cmd_complete(sk, hdev->id, 7766 MGMT_OP_REMOVE_DEVICE, 7767 MGMT_STATUS_INVALID_PARAMS, 7768 &cp->addr, sizeof(cp->addr)); 7769 goto unlock; 7770 } 7771 7772 if (cp->addr.type == BDADDR_BREDR) { 7773 err = hci_bdaddr_list_del(&hdev->accept_list, 7774 &cp->addr.bdaddr, 7775 cp->addr.type); 7776 if (err) { 7777 err = mgmt_cmd_complete(sk, hdev->id, 7778 MGMT_OP_REMOVE_DEVICE, 7779 MGMT_STATUS_INVALID_PARAMS, 7780 &cp->addr, 7781 sizeof(cp->addr)); 7782 goto unlock; 7783 } 7784 7785 hci_update_scan(hdev); 7786 7787 device_removed(sk, hdev, &cp->addr.bdaddr, 7788 cp->addr.type); 7789 goto complete; 7790 } 7791 7792 addr_type = le_addr_type(cp->addr.type); 7793 7794 /* Kernel internally uses conn_params with resolvable private 7795 * address, but Remove Device allows only identity addresses. 7796 * Make sure it is enforced before calling 7797 * hci_conn_params_lookup. 7798 */ 7799 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7800 err = mgmt_cmd_complete(sk, hdev->id, 7801 MGMT_OP_REMOVE_DEVICE, 7802 MGMT_STATUS_INVALID_PARAMS, 7803 &cp->addr, sizeof(cp->addr)); 7804 goto unlock; 7805 } 7806 7807 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7808 addr_type); 7809 if (!params) { 7810 err = mgmt_cmd_complete(sk, hdev->id, 7811 MGMT_OP_REMOVE_DEVICE, 7812 MGMT_STATUS_INVALID_PARAMS, 7813 &cp->addr, sizeof(cp->addr)); 7814 goto unlock; 7815 } 7816 7817 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 7818 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 7819 err = mgmt_cmd_complete(sk, hdev->id, 7820 MGMT_OP_REMOVE_DEVICE, 7821 MGMT_STATUS_INVALID_PARAMS, 7822 &cp->addr, sizeof(cp->addr)); 7823 goto unlock; 7824 } 7825 7826 list_del(&params->action); 7827 list_del(&params->list); 7828 kfree(params); 7829 7830 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 7831 } else { 7832 struct hci_conn_params *p, *tmp; 7833 struct bdaddr_list *b, *btmp; 7834 7835 if (cp->addr.type) { 7836 err = mgmt_cmd_complete(sk, hdev->id, 7837 MGMT_OP_REMOVE_DEVICE, 7838 MGMT_STATUS_INVALID_PARAMS, 7839 &cp->addr, sizeof(cp->addr)); 7840 goto unlock; 7841 } 7842 7843 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) { 7844 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 7845 list_del(&b->list); 7846 kfree(b); 7847 } 7848 7849 hci_update_scan(hdev); 7850 7851 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 7852 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 7853 continue; 7854 device_removed(sk, hdev, &p->addr, p->addr_type); 7855 if (p->explicit_connect) { 7856 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 7857 continue; 7858 } 7859 list_del(&p->action); 7860 list_del(&p->list); 7861 kfree(p); 7862 } 7863 7864 bt_dev_dbg(hdev, "All LE connection parameters were removed"); 7865 } 7866 7867 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL); 7868 7869complete: 7870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 7871 MGMT_STATUS_SUCCESS, &cp->addr, 7872 sizeof(cp->addr)); 7873unlock: 7874 hci_dev_unlock(hdev); 7875 return err; 7876} 7877 7878static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 7879 u16 len) 7880{ 7881 struct mgmt_cp_load_conn_param *cp = data; 7882 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 7883 sizeof(struct mgmt_conn_param)); 7884 u16 param_count, expected_len; 7885 int i; 7886 7887 if (!lmp_le_capable(hdev)) 7888 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7889 MGMT_STATUS_NOT_SUPPORTED); 7890 7891 param_count = __le16_to_cpu(cp->param_count); 7892 if (param_count > max_param_count) { 7893 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 7894 param_count); 7895 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7896 MGMT_STATUS_INVALID_PARAMS); 7897 } 7898 7899 expected_len = struct_size(cp, params, param_count); 7900 if (expected_len != len) { 7901 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 7902 expected_len, len); 7903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7904 MGMT_STATUS_INVALID_PARAMS); 7905 } 7906 7907 bt_dev_dbg(hdev, "param_count %u", param_count); 7908 7909 hci_dev_lock(hdev); 7910 7911 hci_conn_params_clear_disabled(hdev); 7912 7913 for (i = 0; i < param_count; i++) { 7914 struct mgmt_conn_param *param = &cp->params[i]; 7915 struct hci_conn_params *hci_param; 7916 u16 min, max, latency, timeout; 7917 u8 addr_type; 7918 7919 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr, 7920 param->addr.type); 7921 7922 if (param->addr.type == BDADDR_LE_PUBLIC) { 7923 addr_type = ADDR_LE_DEV_PUBLIC; 7924 } else if (param->addr.type == BDADDR_LE_RANDOM) { 7925 addr_type = ADDR_LE_DEV_RANDOM; 7926 } else { 7927 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7928 continue; 7929 } 7930 7931 min = le16_to_cpu(param->min_interval); 7932 max = le16_to_cpu(param->max_interval); 7933 latency = le16_to_cpu(param->latency); 7934 timeout = le16_to_cpu(param->timeout); 7935 7936 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 7937 min, max, latency, timeout); 7938 7939 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 7940 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7941 continue; 7942 } 7943 7944 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr, 7945 addr_type); 7946 if (!hci_param) { 7947 bt_dev_err(hdev, "failed to add connection parameters"); 7948 continue; 7949 } 7950 7951 hci_param->conn_min_interval = min; 7952 hci_param->conn_max_interval = max; 7953 hci_param->conn_latency = latency; 7954 hci_param->supervision_timeout = timeout; 7955 } 7956 7957 hci_dev_unlock(hdev); 7958 7959 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 7960 NULL, 0); 7961} 7962 7963static int set_external_config(struct sock *sk, struct hci_dev *hdev, 7964 void *data, u16 len) 7965{ 7966 struct mgmt_cp_set_external_config *cp = data; 7967 bool changed; 7968 int err; 7969 7970 bt_dev_dbg(hdev, "sock %p", sk); 7971 7972 if (hdev_is_powered(hdev)) 7973 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7974 MGMT_STATUS_REJECTED); 7975 7976 if (cp->config != 0x00 && cp->config != 0x01) 7977 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7978 MGMT_STATUS_INVALID_PARAMS); 7979 7980 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 7981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7982 MGMT_STATUS_NOT_SUPPORTED); 7983 7984 hci_dev_lock(hdev); 7985 7986 if (cp->config) 7987 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 7988 else 7989 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 7990 7991 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 7992 if (err < 0) 7993 goto unlock; 7994 7995 if (!changed) 7996 goto unlock; 7997 7998 err = new_options(hdev, sk); 7999 8000 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 8001 mgmt_index_removed(hdev); 8002 8003 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 8004 hci_dev_set_flag(hdev, HCI_CONFIG); 8005 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 8006 8007 queue_work(hdev->req_workqueue, &hdev->power_on); 8008 } else { 8009 set_bit(HCI_RAW, &hdev->flags); 8010 mgmt_index_added(hdev); 8011 } 8012 } 8013 8014unlock: 8015 hci_dev_unlock(hdev); 8016 return err; 8017} 8018 8019static int set_public_address(struct sock *sk, struct hci_dev *hdev, 8020 void *data, u16 len) 8021{ 8022 struct mgmt_cp_set_public_address *cp = data; 8023 bool changed; 8024 int err; 8025 8026 bt_dev_dbg(hdev, "sock %p", sk); 8027 8028 if (hdev_is_powered(hdev)) 8029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8030 MGMT_STATUS_REJECTED); 8031 8032 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 8033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8034 MGMT_STATUS_INVALID_PARAMS); 8035 8036 if (!hdev->set_bdaddr) 8037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8038 MGMT_STATUS_NOT_SUPPORTED); 8039 8040 hci_dev_lock(hdev); 8041 8042 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 8043 bacpy(&hdev->public_addr, &cp->bdaddr); 8044 8045 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 8046 if (err < 0) 8047 goto unlock; 8048 8049 if (!changed) 8050 goto unlock; 8051 8052 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 8053 err = new_options(hdev, sk); 8054 8055 if (is_configured(hdev)) { 8056 mgmt_index_removed(hdev); 8057 8058 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 8059 8060 hci_dev_set_flag(hdev, HCI_CONFIG); 8061 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 8062 8063 queue_work(hdev->req_workqueue, &hdev->power_on); 8064 } 8065 8066unlock: 8067 hci_dev_unlock(hdev); 8068 return err; 8069} 8070 8071static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data, 8072 int err) 8073{ 8074 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 8075 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 8076 u8 *h192, *r192, *h256, *r256; 8077 struct mgmt_pending_cmd *cmd = data; 8078 struct sk_buff *skb = cmd->skb; 8079 u8 status = mgmt_status(err); 8080 u16 eir_len; 8081 8082 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev)) 8083 return; 8084 8085 if (!status) { 8086 if (!skb) 8087 status = MGMT_STATUS_FAILED; 8088 else if (IS_ERR(skb)) 8089 status = mgmt_status(PTR_ERR(skb)); 8090 else 8091 status = mgmt_status(skb->data[0]); 8092 } 8093 8094 bt_dev_dbg(hdev, "status %u", status); 8095 8096 mgmt_cp = cmd->param; 8097 8098 if (status) { 8099 status = mgmt_status(status); 8100 eir_len = 0; 8101 8102 h192 = NULL; 8103 r192 = NULL; 8104 h256 = NULL; 8105 r256 = NULL; 8106 } else if (!bredr_sc_enabled(hdev)) { 8107 struct hci_rp_read_local_oob_data *rp; 8108 8109 if (skb->len != sizeof(*rp)) { 8110 status = MGMT_STATUS_FAILED; 8111 eir_len = 0; 8112 } else { 8113 status = MGMT_STATUS_SUCCESS; 8114 rp = (void *)skb->data; 8115 8116 eir_len = 5 + 18 + 18; 8117 h192 = rp->hash; 8118 r192 = rp->rand; 8119 h256 = NULL; 8120 r256 = NULL; 8121 } 8122 } else { 8123 struct hci_rp_read_local_oob_ext_data *rp; 8124 8125 if (skb->len != sizeof(*rp)) { 8126 status = MGMT_STATUS_FAILED; 8127 eir_len = 0; 8128 } else { 8129 status = MGMT_STATUS_SUCCESS; 8130 rp = (void *)skb->data; 8131 8132 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 8133 eir_len = 5 + 18 + 18; 8134 h192 = NULL; 8135 r192 = NULL; 8136 } else { 8137 eir_len = 5 + 18 + 18 + 18 + 18; 8138 h192 = rp->hash192; 8139 r192 = rp->rand192; 8140 } 8141 8142 h256 = rp->hash256; 8143 r256 = rp->rand256; 8144 } 8145 } 8146 8147 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 8148 if (!mgmt_rp) 8149 goto done; 8150 8151 if (eir_len == 0) 8152 goto send_rsp; 8153 8154 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 8155 hdev->dev_class, 3); 8156 8157 if (h192 && r192) { 8158 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8159 EIR_SSP_HASH_C192, h192, 16); 8160 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8161 EIR_SSP_RAND_R192, r192, 16); 8162 } 8163 8164 if (h256 && r256) { 8165 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8166 EIR_SSP_HASH_C256, h256, 16); 8167 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8168 EIR_SSP_RAND_R256, r256, 16); 8169 } 8170 8171send_rsp: 8172 mgmt_rp->type = mgmt_cp->type; 8173 mgmt_rp->eir_len = cpu_to_le16(eir_len); 8174 8175 err = mgmt_cmd_complete(cmd->sk, hdev->id, 8176 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 8177 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 8178 if (err < 0 || status) 8179 goto done; 8180 8181 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 8182 8183 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8184 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 8185 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 8186done: 8187 if (skb && !IS_ERR(skb)) 8188 kfree_skb(skb); 8189 8190 kfree(mgmt_rp); 8191 mgmt_pending_remove(cmd); 8192} 8193 8194static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 8195 struct mgmt_cp_read_local_oob_ext_data *cp) 8196{ 8197 struct mgmt_pending_cmd *cmd; 8198 int err; 8199 8200 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 8201 cp, sizeof(*cp)); 8202 if (!cmd) 8203 return -ENOMEM; 8204 8205 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 8206 read_local_oob_ext_data_complete); 8207 8208 if (err < 0) { 8209 mgmt_pending_remove(cmd); 8210 return err; 8211 } 8212 8213 return 0; 8214} 8215 8216static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 8217 void *data, u16 data_len) 8218{ 8219 struct mgmt_cp_read_local_oob_ext_data *cp = data; 8220 struct mgmt_rp_read_local_oob_ext_data *rp; 8221 size_t rp_len; 8222 u16 eir_len; 8223 u8 status, flags, role, addr[7], hash[16], rand[16]; 8224 int err; 8225 8226 bt_dev_dbg(hdev, "sock %p", sk); 8227 8228 if (hdev_is_powered(hdev)) { 8229 switch (cp->type) { 8230 case BIT(BDADDR_BREDR): 8231 status = mgmt_bredr_support(hdev); 8232 if (status) 8233 eir_len = 0; 8234 else 8235 eir_len = 5; 8236 break; 8237 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8238 status = mgmt_le_support(hdev); 8239 if (status) 8240 eir_len = 0; 8241 else 8242 eir_len = 9 + 3 + 18 + 18 + 3; 8243 break; 8244 default: 8245 status = MGMT_STATUS_INVALID_PARAMS; 8246 eir_len = 0; 8247 break; 8248 } 8249 } else { 8250 status = MGMT_STATUS_NOT_POWERED; 8251 eir_len = 0; 8252 } 8253 8254 rp_len = sizeof(*rp) + eir_len; 8255 rp = kmalloc(rp_len, GFP_ATOMIC); 8256 if (!rp) 8257 return -ENOMEM; 8258 8259 if (!status && !lmp_ssp_capable(hdev)) { 8260 status = MGMT_STATUS_NOT_SUPPORTED; 8261 eir_len = 0; 8262 } 8263 8264 if (status) 8265 goto complete; 8266 8267 hci_dev_lock(hdev); 8268 8269 eir_len = 0; 8270 switch (cp->type) { 8271 case BIT(BDADDR_BREDR): 8272 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 8273 err = read_local_ssp_oob_req(hdev, sk, cp); 8274 hci_dev_unlock(hdev); 8275 if (!err) 8276 goto done; 8277 8278 status = MGMT_STATUS_FAILED; 8279 goto complete; 8280 } else { 8281 eir_len = eir_append_data(rp->eir, eir_len, 8282 EIR_CLASS_OF_DEV, 8283 hdev->dev_class, 3); 8284 } 8285 break; 8286 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8287 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 8288 smp_generate_oob(hdev, hash, rand) < 0) { 8289 hci_dev_unlock(hdev); 8290 status = MGMT_STATUS_FAILED; 8291 goto complete; 8292 } 8293 8294 /* This should return the active RPA, but since the RPA 8295 * is only programmed on demand, it is really hard to fill 8296 * this in at the moment. For now disallow retrieving 8297 * local out-of-band data when privacy is in use. 8298 * 8299 * Returning the identity address will not help here since 8300 * pairing happens before the identity resolving key is 8301 * known and thus the connection establishment happens 8302 * based on the RPA and not the identity address. 8303 */ 8304 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 8305 hci_dev_unlock(hdev); 8306 status = MGMT_STATUS_REJECTED; 8307 goto complete; 8308 } 8309 8310 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 8311 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 8312 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 8313 bacmp(&hdev->static_addr, BDADDR_ANY))) { 8314 memcpy(addr, &hdev->static_addr, 6); 8315 addr[6] = 0x01; 8316 } else { 8317 memcpy(addr, &hdev->bdaddr, 6); 8318 addr[6] = 0x00; 8319 } 8320 8321 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 8322 addr, sizeof(addr)); 8323 8324 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 8325 role = 0x02; 8326 else 8327 role = 0x01; 8328 8329 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 8330 &role, sizeof(role)); 8331 8332 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 8333 eir_len = eir_append_data(rp->eir, eir_len, 8334 EIR_LE_SC_CONFIRM, 8335 hash, sizeof(hash)); 8336 8337 eir_len = eir_append_data(rp->eir, eir_len, 8338 EIR_LE_SC_RANDOM, 8339 rand, sizeof(rand)); 8340 } 8341 8342 flags = mgmt_get_adv_discov_flags(hdev); 8343 8344 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 8345 flags |= LE_AD_NO_BREDR; 8346 8347 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 8348 &flags, sizeof(flags)); 8349 break; 8350 } 8351 8352 hci_dev_unlock(hdev); 8353 8354 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 8355 8356 status = MGMT_STATUS_SUCCESS; 8357 8358complete: 8359 rp->type = cp->type; 8360 rp->eir_len = cpu_to_le16(eir_len); 8361 8362 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 8363 status, rp, sizeof(*rp) + eir_len); 8364 if (err < 0 || status) 8365 goto done; 8366 8367 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8368 rp, sizeof(*rp) + eir_len, 8369 HCI_MGMT_OOB_DATA_EVENTS, sk); 8370 8371done: 8372 kfree(rp); 8373 8374 return err; 8375} 8376 8377static u32 get_supported_adv_flags(struct hci_dev *hdev) 8378{ 8379 u32 flags = 0; 8380 8381 flags |= MGMT_ADV_FLAG_CONNECTABLE; 8382 flags |= MGMT_ADV_FLAG_DISCOV; 8383 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 8384 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 8385 flags |= MGMT_ADV_FLAG_APPEARANCE; 8386 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 8387 flags |= MGMT_ADV_PARAM_DURATION; 8388 flags |= MGMT_ADV_PARAM_TIMEOUT; 8389 flags |= MGMT_ADV_PARAM_INTERVALS; 8390 flags |= MGMT_ADV_PARAM_TX_POWER; 8391 flags |= MGMT_ADV_PARAM_SCAN_RSP; 8392 8393 /* In extended adv TX_POWER returned from Set Adv Param 8394 * will be always valid. 8395 */ 8396 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev)) 8397 flags |= MGMT_ADV_FLAG_TX_POWER; 8398 8399 if (ext_adv_capable(hdev)) { 8400 flags |= MGMT_ADV_FLAG_SEC_1M; 8401 flags |= MGMT_ADV_FLAG_HW_OFFLOAD; 8402 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER; 8403 8404 if (le_2m_capable(hdev)) 8405 flags |= MGMT_ADV_FLAG_SEC_2M; 8406 8407 if (le_coded_capable(hdev)) 8408 flags |= MGMT_ADV_FLAG_SEC_CODED; 8409 } 8410 8411 return flags; 8412} 8413 8414static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 8415 void *data, u16 data_len) 8416{ 8417 struct mgmt_rp_read_adv_features *rp; 8418 size_t rp_len; 8419 int err; 8420 struct adv_info *adv_instance; 8421 u32 supported_flags; 8422 u8 *instance; 8423 8424 bt_dev_dbg(hdev, "sock %p", sk); 8425 8426 if (!lmp_le_capable(hdev)) 8427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8428 MGMT_STATUS_REJECTED); 8429 8430 hci_dev_lock(hdev); 8431 8432 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 8433 rp = kmalloc(rp_len, GFP_ATOMIC); 8434 if (!rp) { 8435 hci_dev_unlock(hdev); 8436 return -ENOMEM; 8437 } 8438 8439 supported_flags = get_supported_adv_flags(hdev); 8440 8441 rp->supported_flags = cpu_to_le32(supported_flags); 8442 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 8443 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 8444 rp->max_instances = hdev->le_num_of_adv_sets; 8445 rp->num_instances = hdev->adv_instance_cnt; 8446 8447 instance = rp->instance; 8448 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 8449 /* Only instances 1-le_num_of_adv_sets are externally visible */ 8450 if (adv_instance->instance <= hdev->adv_instance_cnt) { 8451 *instance = adv_instance->instance; 8452 instance++; 8453 } else { 8454 rp->num_instances--; 8455 rp_len--; 8456 } 8457 } 8458 8459 hci_dev_unlock(hdev); 8460 8461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8462 MGMT_STATUS_SUCCESS, rp, rp_len); 8463 8464 kfree(rp); 8465 8466 return err; 8467} 8468 8469static u8 calculate_name_len(struct hci_dev *hdev) 8470{ 8471 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 8472 8473 return eir_append_local_name(hdev, buf, 0); 8474} 8475 8476static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 8477 bool is_adv_data) 8478{ 8479 u8 max_len = HCI_MAX_AD_LENGTH; 8480 8481 if (is_adv_data) { 8482 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 8483 MGMT_ADV_FLAG_LIMITED_DISCOV | 8484 MGMT_ADV_FLAG_MANAGED_FLAGS)) 8485 max_len -= 3; 8486 8487 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 8488 max_len -= 3; 8489 } else { 8490 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 8491 max_len -= calculate_name_len(hdev); 8492 8493 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 8494 max_len -= 4; 8495 } 8496 8497 return max_len; 8498} 8499 8500static bool flags_managed(u32 adv_flags) 8501{ 8502 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 8503 MGMT_ADV_FLAG_LIMITED_DISCOV | 8504 MGMT_ADV_FLAG_MANAGED_FLAGS); 8505} 8506 8507static bool tx_power_managed(u32 adv_flags) 8508{ 8509 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 8510} 8511 8512static bool name_managed(u32 adv_flags) 8513{ 8514 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 8515} 8516 8517static bool appearance_managed(u32 adv_flags) 8518{ 8519 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 8520} 8521 8522static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 8523 u8 len, bool is_adv_data) 8524{ 8525 int i, cur_len; 8526 u8 max_len; 8527 8528 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 8529 8530 if (len > max_len) 8531 return false; 8532 8533 /* Make sure that the data is correctly formatted. */ 8534 for (i = 0; i < len; i += (cur_len + 1)) { 8535 cur_len = data[i]; 8536 8537 if (!cur_len) 8538 continue; 8539 8540 if (data[i + 1] == EIR_FLAGS && 8541 (!is_adv_data || flags_managed(adv_flags))) 8542 return false; 8543 8544 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 8545 return false; 8546 8547 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 8548 return false; 8549 8550 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 8551 return false; 8552 8553 if (data[i + 1] == EIR_APPEARANCE && 8554 appearance_managed(adv_flags)) 8555 return false; 8556 8557 /* If the current field length would exceed the total data 8558 * length, then it's invalid. 8559 */ 8560 if (i + cur_len >= len) 8561 return false; 8562 } 8563 8564 return true; 8565} 8566 8567static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags) 8568{ 8569 u32 supported_flags, phy_flags; 8570 8571 /* The current implementation only supports a subset of the specified 8572 * flags. Also need to check mutual exclusiveness of sec flags. 8573 */ 8574 supported_flags = get_supported_adv_flags(hdev); 8575 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK; 8576 if (adv_flags & ~supported_flags || 8577 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 8578 return false; 8579 8580 return true; 8581} 8582 8583static bool adv_busy(struct hci_dev *hdev) 8584{ 8585 return pending_find(MGMT_OP_SET_LE, hdev); 8586} 8587 8588static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance, 8589 int err) 8590{ 8591 struct adv_info *adv, *n; 8592 8593 bt_dev_dbg(hdev, "err %d", err); 8594 8595 hci_dev_lock(hdev); 8596 8597 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { 8598 u8 instance; 8599 8600 if (!adv->pending) 8601 continue; 8602 8603 if (!err) { 8604 adv->pending = false; 8605 continue; 8606 } 8607 8608 instance = adv->instance; 8609 8610 if (hdev->cur_adv_instance == instance) 8611 cancel_adv_timeout(hdev); 8612 8613 hci_remove_adv_instance(hdev, instance); 8614 mgmt_advertising_removed(sk, hdev, instance); 8615 } 8616 8617 hci_dev_unlock(hdev); 8618} 8619 8620static void add_advertising_complete(struct hci_dev *hdev, void *data, int err) 8621{ 8622 struct mgmt_pending_cmd *cmd = data; 8623 struct mgmt_cp_add_advertising *cp = cmd->param; 8624 struct mgmt_rp_add_advertising rp; 8625 8626 memset(&rp, 0, sizeof(rp)); 8627 8628 rp.instance = cp->instance; 8629 8630 if (err) 8631 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8632 mgmt_status(err)); 8633 else 8634 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8635 mgmt_status(err), &rp, sizeof(rp)); 8636 8637 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8638 8639 mgmt_pending_free(cmd); 8640} 8641 8642static int add_advertising_sync(struct hci_dev *hdev, void *data) 8643{ 8644 struct mgmt_pending_cmd *cmd = data; 8645 struct mgmt_cp_add_advertising *cp = cmd->param; 8646 8647 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8648} 8649 8650static int add_advertising(struct sock *sk, struct hci_dev *hdev, 8651 void *data, u16 data_len) 8652{ 8653 struct mgmt_cp_add_advertising *cp = data; 8654 struct mgmt_rp_add_advertising rp; 8655 u32 flags; 8656 u8 status; 8657 u16 timeout, duration; 8658 unsigned int prev_instance_cnt; 8659 u8 schedule_instance = 0; 8660 struct adv_info *adv, *next_instance; 8661 int err; 8662 struct mgmt_pending_cmd *cmd; 8663 8664 bt_dev_dbg(hdev, "sock %p", sk); 8665 8666 status = mgmt_le_support(hdev); 8667 if (status) 8668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8669 status); 8670 8671 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8673 MGMT_STATUS_INVALID_PARAMS); 8674 8675 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 8676 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8677 MGMT_STATUS_INVALID_PARAMS); 8678 8679 flags = __le32_to_cpu(cp->flags); 8680 timeout = __le16_to_cpu(cp->timeout); 8681 duration = __le16_to_cpu(cp->duration); 8682 8683 if (!requested_adv_flags_are_valid(hdev, flags)) 8684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8685 MGMT_STATUS_INVALID_PARAMS); 8686 8687 hci_dev_lock(hdev); 8688 8689 if (timeout && !hdev_is_powered(hdev)) { 8690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8691 MGMT_STATUS_REJECTED); 8692 goto unlock; 8693 } 8694 8695 if (adv_busy(hdev)) { 8696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8697 MGMT_STATUS_BUSY); 8698 goto unlock; 8699 } 8700 8701 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 8702 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 8703 cp->scan_rsp_len, false)) { 8704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8705 MGMT_STATUS_INVALID_PARAMS); 8706 goto unlock; 8707 } 8708 8709 prev_instance_cnt = hdev->adv_instance_cnt; 8710 8711 adv = hci_add_adv_instance(hdev, cp->instance, flags, 8712 cp->adv_data_len, cp->data, 8713 cp->scan_rsp_len, 8714 cp->data + cp->adv_data_len, 8715 timeout, duration, 8716 HCI_ADV_TX_POWER_NO_PREFERENCE, 8717 hdev->le_adv_min_interval, 8718 hdev->le_adv_max_interval, 0); 8719 if (IS_ERR(adv)) { 8720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8721 MGMT_STATUS_FAILED); 8722 goto unlock; 8723 } 8724 8725 /* Only trigger an advertising added event if a new instance was 8726 * actually added. 8727 */ 8728 if (hdev->adv_instance_cnt > prev_instance_cnt) 8729 mgmt_advertising_added(sk, hdev, cp->instance); 8730 8731 if (hdev->cur_adv_instance == cp->instance) { 8732 /* If the currently advertised instance is being changed then 8733 * cancel the current advertising and schedule the next 8734 * instance. If there is only one instance then the overridden 8735 * advertising data will be visible right away. 8736 */ 8737 cancel_adv_timeout(hdev); 8738 8739 next_instance = hci_get_next_instance(hdev, cp->instance); 8740 if (next_instance) 8741 schedule_instance = next_instance->instance; 8742 } else if (!hdev->adv_instance_timeout) { 8743 /* Immediately advertise the new instance if no other 8744 * instance is currently being advertised. 8745 */ 8746 schedule_instance = cp->instance; 8747 } 8748 8749 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 8750 * there is no instance to be advertised then we have no HCI 8751 * communication to make. Simply return. 8752 */ 8753 if (!hdev_is_powered(hdev) || 8754 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 8755 !schedule_instance) { 8756 rp.instance = cp->instance; 8757 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8758 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8759 goto unlock; 8760 } 8761 8762 /* We're good to go, update advertising data, parameters, and start 8763 * advertising. 8764 */ 8765 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 8766 data_len); 8767 if (!cmd) { 8768 err = -ENOMEM; 8769 goto unlock; 8770 } 8771 8772 cp->instance = schedule_instance; 8773 8774 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd, 8775 add_advertising_complete); 8776 if (err < 0) 8777 mgmt_pending_free(cmd); 8778 8779unlock: 8780 hci_dev_unlock(hdev); 8781 8782 return err; 8783} 8784 8785static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data, 8786 int err) 8787{ 8788 struct mgmt_pending_cmd *cmd = data; 8789 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8790 struct mgmt_rp_add_ext_adv_params rp; 8791 struct adv_info *adv; 8792 u32 flags; 8793 8794 BT_DBG("%s", hdev->name); 8795 8796 hci_dev_lock(hdev); 8797 8798 adv = hci_find_adv_instance(hdev, cp->instance); 8799 if (!adv) 8800 goto unlock; 8801 8802 rp.instance = cp->instance; 8803 rp.tx_power = adv->tx_power; 8804 8805 /* While we're at it, inform userspace of the available space for this 8806 * advertisement, given the flags that will be used. 8807 */ 8808 flags = __le32_to_cpu(cp->flags); 8809 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8810 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8811 8812 if (err) { 8813 /* If this advertisement was previously advertising and we 8814 * failed to update it, we signal that it has been removed and 8815 * delete its structure 8816 */ 8817 if (!adv->pending) 8818 mgmt_advertising_removed(cmd->sk, hdev, cp->instance); 8819 8820 hci_remove_adv_instance(hdev, cp->instance); 8821 8822 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8823 mgmt_status(err)); 8824 } else { 8825 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8826 mgmt_status(err), &rp, sizeof(rp)); 8827 } 8828 8829unlock: 8830 if (cmd) 8831 mgmt_pending_free(cmd); 8832 8833 hci_dev_unlock(hdev); 8834} 8835 8836static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data) 8837{ 8838 struct mgmt_pending_cmd *cmd = data; 8839 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8840 8841 return hci_setup_ext_adv_instance_sync(hdev, cp->instance); 8842} 8843 8844static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev, 8845 void *data, u16 data_len) 8846{ 8847 struct mgmt_cp_add_ext_adv_params *cp = data; 8848 struct mgmt_rp_add_ext_adv_params rp; 8849 struct mgmt_pending_cmd *cmd = NULL; 8850 struct adv_info *adv; 8851 u32 flags, min_interval, max_interval; 8852 u16 timeout, duration; 8853 u8 status; 8854 s8 tx_power; 8855 int err; 8856 8857 BT_DBG("%s", hdev->name); 8858 8859 status = mgmt_le_support(hdev); 8860 if (status) 8861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8862 status); 8863 8864 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8866 MGMT_STATUS_INVALID_PARAMS); 8867 8868 /* The purpose of breaking add_advertising into two separate MGMT calls 8869 * for params and data is to allow more parameters to be added to this 8870 * structure in the future. For this reason, we verify that we have the 8871 * bare minimum structure we know of when the interface was defined. Any 8872 * extra parameters we don't know about will be ignored in this request. 8873 */ 8874 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE) 8875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8876 MGMT_STATUS_INVALID_PARAMS); 8877 8878 flags = __le32_to_cpu(cp->flags); 8879 8880 if (!requested_adv_flags_are_valid(hdev, flags)) 8881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8882 MGMT_STATUS_INVALID_PARAMS); 8883 8884 hci_dev_lock(hdev); 8885 8886 /* In new interface, we require that we are powered to register */ 8887 if (!hdev_is_powered(hdev)) { 8888 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8889 MGMT_STATUS_REJECTED); 8890 goto unlock; 8891 } 8892 8893 if (adv_busy(hdev)) { 8894 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8895 MGMT_STATUS_BUSY); 8896 goto unlock; 8897 } 8898 8899 /* Parse defined parameters from request, use defaults otherwise */ 8900 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ? 8901 __le16_to_cpu(cp->timeout) : 0; 8902 8903 duration = (flags & MGMT_ADV_PARAM_DURATION) ? 8904 __le16_to_cpu(cp->duration) : 8905 hdev->def_multi_adv_rotation_duration; 8906 8907 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8908 __le32_to_cpu(cp->min_interval) : 8909 hdev->le_adv_min_interval; 8910 8911 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8912 __le32_to_cpu(cp->max_interval) : 8913 hdev->le_adv_max_interval; 8914 8915 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ? 8916 cp->tx_power : 8917 HCI_ADV_TX_POWER_NO_PREFERENCE; 8918 8919 /* Create advertising instance with no advertising or response data */ 8920 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL, 8921 timeout, duration, tx_power, min_interval, 8922 max_interval, 0); 8923 8924 if (IS_ERR(adv)) { 8925 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8926 MGMT_STATUS_FAILED); 8927 goto unlock; 8928 } 8929 8930 /* Submit request for advertising params if ext adv available */ 8931 if (ext_adv_capable(hdev)) { 8932 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev, 8933 data, data_len); 8934 if (!cmd) { 8935 err = -ENOMEM; 8936 hci_remove_adv_instance(hdev, cp->instance); 8937 goto unlock; 8938 } 8939 8940 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd, 8941 add_ext_adv_params_complete); 8942 if (err < 0) 8943 mgmt_pending_free(cmd); 8944 } else { 8945 rp.instance = cp->instance; 8946 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 8947 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8948 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8949 err = mgmt_cmd_complete(sk, hdev->id, 8950 MGMT_OP_ADD_EXT_ADV_PARAMS, 8951 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8952 } 8953 8954unlock: 8955 hci_dev_unlock(hdev); 8956 8957 return err; 8958} 8959 8960static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err) 8961{ 8962 struct mgmt_pending_cmd *cmd = data; 8963 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8964 struct mgmt_rp_add_advertising rp; 8965 8966 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8967 8968 memset(&rp, 0, sizeof(rp)); 8969 8970 rp.instance = cp->instance; 8971 8972 if (err) 8973 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8974 mgmt_status(err)); 8975 else 8976 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8977 mgmt_status(err), &rp, sizeof(rp)); 8978 8979 mgmt_pending_free(cmd); 8980} 8981 8982static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data) 8983{ 8984 struct mgmt_pending_cmd *cmd = data; 8985 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8986 int err; 8987 8988 if (ext_adv_capable(hdev)) { 8989 err = hci_update_adv_data_sync(hdev, cp->instance); 8990 if (err) 8991 return err; 8992 8993 err = hci_update_scan_rsp_data_sync(hdev, cp->instance); 8994 if (err) 8995 return err; 8996 8997 return hci_enable_ext_advertising_sync(hdev, cp->instance); 8998 } 8999 9000 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 9001} 9002 9003static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data, 9004 u16 data_len) 9005{ 9006 struct mgmt_cp_add_ext_adv_data *cp = data; 9007 struct mgmt_rp_add_ext_adv_data rp; 9008 u8 schedule_instance = 0; 9009 struct adv_info *next_instance; 9010 struct adv_info *adv_instance; 9011 int err = 0; 9012 struct mgmt_pending_cmd *cmd; 9013 9014 BT_DBG("%s", hdev->name); 9015 9016 hci_dev_lock(hdev); 9017 9018 adv_instance = hci_find_adv_instance(hdev, cp->instance); 9019 9020 if (!adv_instance) { 9021 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9022 MGMT_STATUS_INVALID_PARAMS); 9023 goto unlock; 9024 } 9025 9026 /* In new interface, we require that we are powered to register */ 9027 if (!hdev_is_powered(hdev)) { 9028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9029 MGMT_STATUS_REJECTED); 9030 goto clear_new_instance; 9031 } 9032 9033 if (adv_busy(hdev)) { 9034 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9035 MGMT_STATUS_BUSY); 9036 goto clear_new_instance; 9037 } 9038 9039 /* Validate new data */ 9040 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data, 9041 cp->adv_data_len, true) || 9042 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data + 9043 cp->adv_data_len, cp->scan_rsp_len, false)) { 9044 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9045 MGMT_STATUS_INVALID_PARAMS); 9046 goto clear_new_instance; 9047 } 9048 9049 /* Set the data in the advertising instance */ 9050 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len, 9051 cp->data, cp->scan_rsp_len, 9052 cp->data + cp->adv_data_len); 9053 9054 /* If using software rotation, determine next instance to use */ 9055 if (hdev->cur_adv_instance == cp->instance) { 9056 /* If the currently advertised instance is being changed 9057 * then cancel the current advertising and schedule the 9058 * next instance. If there is only one instance then the 9059 * overridden advertising data will be visible right 9060 * away 9061 */ 9062 cancel_adv_timeout(hdev); 9063 9064 next_instance = hci_get_next_instance(hdev, cp->instance); 9065 if (next_instance) 9066 schedule_instance = next_instance->instance; 9067 } else if (!hdev->adv_instance_timeout) { 9068 /* Immediately advertise the new instance if no other 9069 * instance is currently being advertised. 9070 */ 9071 schedule_instance = cp->instance; 9072 } 9073 9074 /* If the HCI_ADVERTISING flag is set or there is no instance to 9075 * be advertised then we have no HCI communication to make. 9076 * Simply return. 9077 */ 9078 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) { 9079 if (adv_instance->pending) { 9080 mgmt_advertising_added(sk, hdev, cp->instance); 9081 adv_instance->pending = false; 9082 } 9083 rp.instance = cp->instance; 9084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9085 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9086 goto unlock; 9087 } 9088 9089 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data, 9090 data_len); 9091 if (!cmd) { 9092 err = -ENOMEM; 9093 goto clear_new_instance; 9094 } 9095 9096 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd, 9097 add_ext_adv_data_complete); 9098 if (err < 0) { 9099 mgmt_pending_free(cmd); 9100 goto clear_new_instance; 9101 } 9102 9103 /* We were successful in updating data, so trigger advertising_added 9104 * event if this is an instance that wasn't previously advertising. If 9105 * a failure occurs in the requests we initiated, we will remove the 9106 * instance again in add_advertising_complete 9107 */ 9108 if (adv_instance->pending) 9109 mgmt_advertising_added(sk, hdev, cp->instance); 9110 9111 goto unlock; 9112 9113clear_new_instance: 9114 hci_remove_adv_instance(hdev, cp->instance); 9115 9116unlock: 9117 hci_dev_unlock(hdev); 9118 9119 return err; 9120} 9121 9122static void remove_advertising_complete(struct hci_dev *hdev, void *data, 9123 int err) 9124{ 9125 struct mgmt_pending_cmd *cmd = data; 9126 struct mgmt_cp_remove_advertising *cp = cmd->param; 9127 struct mgmt_rp_remove_advertising rp; 9128 9129 bt_dev_dbg(hdev, "err %d", err); 9130 9131 memset(&rp, 0, sizeof(rp)); 9132 rp.instance = cp->instance; 9133 9134 if (err) 9135 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 9136 mgmt_status(err)); 9137 else 9138 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 9139 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9140 9141 mgmt_pending_free(cmd); 9142} 9143 9144static int remove_advertising_sync(struct hci_dev *hdev, void *data) 9145{ 9146 struct mgmt_pending_cmd *cmd = data; 9147 struct mgmt_cp_remove_advertising *cp = cmd->param; 9148 int err; 9149 9150 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true); 9151 if (err) 9152 return err; 9153 9154 if (list_empty(&hdev->adv_instances)) 9155 err = hci_disable_advertising_sync(hdev); 9156 9157 return err; 9158} 9159 9160static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 9161 void *data, u16 data_len) 9162{ 9163 struct mgmt_cp_remove_advertising *cp = data; 9164 struct mgmt_pending_cmd *cmd; 9165 int err; 9166 9167 bt_dev_dbg(hdev, "sock %p", sk); 9168 9169 hci_dev_lock(hdev); 9170 9171 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 9172 err = mgmt_cmd_status(sk, hdev->id, 9173 MGMT_OP_REMOVE_ADVERTISING, 9174 MGMT_STATUS_INVALID_PARAMS); 9175 goto unlock; 9176 } 9177 9178 if (pending_find(MGMT_OP_SET_LE, hdev)) { 9179 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9180 MGMT_STATUS_BUSY); 9181 goto unlock; 9182 } 9183 9184 if (list_empty(&hdev->adv_instances)) { 9185 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9186 MGMT_STATUS_INVALID_PARAMS); 9187 goto unlock; 9188 } 9189 9190 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 9191 data_len); 9192 if (!cmd) { 9193 err = -ENOMEM; 9194 goto unlock; 9195 } 9196 9197 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd, 9198 remove_advertising_complete); 9199 if (err < 0) 9200 mgmt_pending_free(cmd); 9201 9202unlock: 9203 hci_dev_unlock(hdev); 9204 9205 return err; 9206} 9207 9208static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 9209 void *data, u16 data_len) 9210{ 9211 struct mgmt_cp_get_adv_size_info *cp = data; 9212 struct mgmt_rp_get_adv_size_info rp; 9213 u32 flags, supported_flags; 9214 9215 bt_dev_dbg(hdev, "sock %p", sk); 9216 9217 if (!lmp_le_capable(hdev)) 9218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9219 MGMT_STATUS_REJECTED); 9220 9221 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 9222 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9223 MGMT_STATUS_INVALID_PARAMS); 9224 9225 flags = __le32_to_cpu(cp->flags); 9226 9227 /* The current implementation only supports a subset of the specified 9228 * flags. 9229 */ 9230 supported_flags = get_supported_adv_flags(hdev); 9231 if (flags & ~supported_flags) 9232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9233 MGMT_STATUS_INVALID_PARAMS); 9234 9235 rp.instance = cp->instance; 9236 rp.flags = cp->flags; 9237 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 9238 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 9239 9240 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9241 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9242} 9243 9244static const struct hci_mgmt_handler mgmt_handlers[] = { 9245 { NULL }, /* 0x0000 (no command) */ 9246 { read_version, MGMT_READ_VERSION_SIZE, 9247 HCI_MGMT_NO_HDEV | 9248 HCI_MGMT_UNTRUSTED }, 9249 { read_commands, MGMT_READ_COMMANDS_SIZE, 9250 HCI_MGMT_NO_HDEV | 9251 HCI_MGMT_UNTRUSTED }, 9252 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 9253 HCI_MGMT_NO_HDEV | 9254 HCI_MGMT_UNTRUSTED }, 9255 { read_controller_info, MGMT_READ_INFO_SIZE, 9256 HCI_MGMT_UNTRUSTED }, 9257 { set_powered, MGMT_SETTING_SIZE }, 9258 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 9259 { set_connectable, MGMT_SETTING_SIZE }, 9260 { set_fast_connectable, MGMT_SETTING_SIZE }, 9261 { set_bondable, MGMT_SETTING_SIZE }, 9262 { set_link_security, MGMT_SETTING_SIZE }, 9263 { set_ssp, MGMT_SETTING_SIZE }, 9264 { set_hs, MGMT_SETTING_SIZE }, 9265 { set_le, MGMT_SETTING_SIZE }, 9266 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 9267 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 9268 { add_uuid, MGMT_ADD_UUID_SIZE }, 9269 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 9270 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 9271 HCI_MGMT_VAR_LEN }, 9272 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 9273 HCI_MGMT_VAR_LEN }, 9274 { disconnect, MGMT_DISCONNECT_SIZE }, 9275 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 9276 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 9277 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 9278 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 9279 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 9280 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 9281 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 9282 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 9283 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 9284 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 9285 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 9286 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 9287 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 9288 HCI_MGMT_VAR_LEN }, 9289 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 9290 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 9291 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 9292 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 9293 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 9294 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 9295 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 9296 { set_advertising, MGMT_SETTING_SIZE }, 9297 { set_bredr, MGMT_SETTING_SIZE }, 9298 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 9299 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 9300 { set_secure_conn, MGMT_SETTING_SIZE }, 9301 { set_debug_keys, MGMT_SETTING_SIZE }, 9302 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 9303 { load_irks, MGMT_LOAD_IRKS_SIZE, 9304 HCI_MGMT_VAR_LEN }, 9305 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 9306 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 9307 { add_device, MGMT_ADD_DEVICE_SIZE }, 9308 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 9309 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 9310 HCI_MGMT_VAR_LEN }, 9311 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 9312 HCI_MGMT_NO_HDEV | 9313 HCI_MGMT_UNTRUSTED }, 9314 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 9315 HCI_MGMT_UNCONFIGURED | 9316 HCI_MGMT_UNTRUSTED }, 9317 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 9318 HCI_MGMT_UNCONFIGURED }, 9319 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 9320 HCI_MGMT_UNCONFIGURED }, 9321 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 9322 HCI_MGMT_VAR_LEN }, 9323 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 9324 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 9325 HCI_MGMT_NO_HDEV | 9326 HCI_MGMT_UNTRUSTED }, 9327 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 9328 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 9329 HCI_MGMT_VAR_LEN }, 9330 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 9331 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 9332 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 9333 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 9334 HCI_MGMT_UNTRUSTED }, 9335 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 9336 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 9337 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 9338 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 9339 HCI_MGMT_VAR_LEN }, 9340 { set_wideband_speech, MGMT_SETTING_SIZE }, 9341 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE, 9342 HCI_MGMT_UNTRUSTED }, 9343 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE, 9344 HCI_MGMT_UNTRUSTED | 9345 HCI_MGMT_HDEV_OPTIONAL }, 9346 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 9347 HCI_MGMT_VAR_LEN | 9348 HCI_MGMT_HDEV_OPTIONAL }, 9349 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 9350 HCI_MGMT_UNTRUSTED }, 9351 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 9352 HCI_MGMT_VAR_LEN }, 9353 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 9354 HCI_MGMT_UNTRUSTED }, 9355 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 9356 HCI_MGMT_VAR_LEN }, 9357 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 9358 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 9359 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 9360 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 9361 HCI_MGMT_VAR_LEN }, 9362 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 9363 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE, 9364 HCI_MGMT_VAR_LEN }, 9365 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE, 9366 HCI_MGMT_VAR_LEN }, 9367 { add_adv_patterns_monitor_rssi, 9368 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE, 9369 HCI_MGMT_VAR_LEN }, 9370 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE, 9371 HCI_MGMT_VAR_LEN }, 9372 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE }, 9373 { mesh_send, MGMT_MESH_SEND_SIZE, 9374 HCI_MGMT_VAR_LEN }, 9375 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE }, 9376}; 9377 9378void mgmt_index_added(struct hci_dev *hdev) 9379{ 9380 struct mgmt_ev_ext_index ev; 9381 9382 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9383 return; 9384 9385 switch (hdev->dev_type) { 9386 case HCI_PRIMARY: 9387 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9388 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 9389 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 9390 ev.type = 0x01; 9391 } else { 9392 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 9393 HCI_MGMT_INDEX_EVENTS); 9394 ev.type = 0x00; 9395 } 9396 break; 9397 case HCI_AMP: 9398 ev.type = 0x02; 9399 break; 9400 default: 9401 return; 9402 } 9403 9404 ev.bus = hdev->bus; 9405 9406 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 9407 HCI_MGMT_EXT_INDEX_EVENTS); 9408} 9409 9410void mgmt_index_removed(struct hci_dev *hdev) 9411{ 9412 struct mgmt_ev_ext_index ev; 9413 u8 status = MGMT_STATUS_INVALID_INDEX; 9414 9415 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9416 return; 9417 9418 switch (hdev->dev_type) { 9419 case HCI_PRIMARY: 9420 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 9421 9422 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9423 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 9424 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 9425 ev.type = 0x01; 9426 } else { 9427 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 9428 HCI_MGMT_INDEX_EVENTS); 9429 ev.type = 0x00; 9430 } 9431 break; 9432 case HCI_AMP: 9433 ev.type = 0x02; 9434 break; 9435 default: 9436 return; 9437 } 9438 9439 ev.bus = hdev->bus; 9440 9441 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 9442 HCI_MGMT_EXT_INDEX_EVENTS); 9443 9444 /* Cancel any remaining timed work */ 9445 if (!hci_dev_test_flag(hdev, HCI_MGMT)) 9446 return; 9447 cancel_delayed_work_sync(&hdev->discov_off); 9448 cancel_delayed_work_sync(&hdev->service_cache); 9449 cancel_delayed_work_sync(&hdev->rpa_expired); 9450} 9451 9452void mgmt_power_on(struct hci_dev *hdev, int err) 9453{ 9454 struct cmd_lookup match = { NULL, hdev }; 9455 9456 bt_dev_dbg(hdev, "err %d", err); 9457 9458 hci_dev_lock(hdev); 9459 9460 if (!err) { 9461 restart_le_actions(hdev); 9462 hci_update_passive_scan(hdev); 9463 } 9464 9465 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9466 9467 new_settings(hdev, match.sk); 9468 9469 if (match.sk) 9470 sock_put(match.sk); 9471 9472 hci_dev_unlock(hdev); 9473} 9474 9475void __mgmt_power_off(struct hci_dev *hdev) 9476{ 9477 struct cmd_lookup match = { NULL, hdev }; 9478 u8 status, zero_cod[] = { 0, 0, 0 }; 9479 9480 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9481 9482 /* If the power off is because of hdev unregistration let 9483 * use the appropriate INVALID_INDEX status. Otherwise use 9484 * NOT_POWERED. We cover both scenarios here since later in 9485 * mgmt_index_removed() any hci_conn callbacks will have already 9486 * been triggered, potentially causing misleading DISCONNECTED 9487 * status responses. 9488 */ 9489 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 9490 status = MGMT_STATUS_INVALID_INDEX; 9491 else 9492 status = MGMT_STATUS_NOT_POWERED; 9493 9494 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 9495 9496 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 9497 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 9498 zero_cod, sizeof(zero_cod), 9499 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 9500 ext_info_changed(hdev, NULL); 9501 } 9502 9503 new_settings(hdev, match.sk); 9504 9505 if (match.sk) 9506 sock_put(match.sk); 9507} 9508 9509void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 9510{ 9511 struct mgmt_pending_cmd *cmd; 9512 u8 status; 9513 9514 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9515 if (!cmd) 9516 return; 9517 9518 if (err == -ERFKILL) 9519 status = MGMT_STATUS_RFKILLED; 9520 else 9521 status = MGMT_STATUS_FAILED; 9522 9523 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 9524 9525 mgmt_pending_remove(cmd); 9526} 9527 9528void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 9529 bool persistent) 9530{ 9531 struct mgmt_ev_new_link_key ev; 9532 9533 memset(&ev, 0, sizeof(ev)); 9534 9535 ev.store_hint = persistent; 9536 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9537 ev.key.addr.type = BDADDR_BREDR; 9538 ev.key.type = key->type; 9539 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 9540 ev.key.pin_len = key->pin_len; 9541 9542 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 9543} 9544 9545static u8 mgmt_ltk_type(struct smp_ltk *ltk) 9546{ 9547 switch (ltk->type) { 9548 case SMP_LTK: 9549 case SMP_LTK_RESPONDER: 9550 if (ltk->authenticated) 9551 return MGMT_LTK_AUTHENTICATED; 9552 return MGMT_LTK_UNAUTHENTICATED; 9553 case SMP_LTK_P256: 9554 if (ltk->authenticated) 9555 return MGMT_LTK_P256_AUTH; 9556 return MGMT_LTK_P256_UNAUTH; 9557 case SMP_LTK_P256_DEBUG: 9558 return MGMT_LTK_P256_DEBUG; 9559 } 9560 9561 return MGMT_LTK_UNAUTHENTICATED; 9562} 9563 9564void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 9565{ 9566 struct mgmt_ev_new_long_term_key ev; 9567 9568 memset(&ev, 0, sizeof(ev)); 9569 9570 /* Devices using resolvable or non-resolvable random addresses 9571 * without providing an identity resolving key don't require 9572 * to store long term keys. Their addresses will change the 9573 * next time around. 9574 * 9575 * Only when a remote device provides an identity address 9576 * make sure the long term key is stored. If the remote 9577 * identity is known, the long term keys are internally 9578 * mapped to the identity address. So allow static random 9579 * and public addresses here. 9580 */ 9581 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 9582 (key->bdaddr.b[5] & 0xc0) != 0xc0) 9583 ev.store_hint = 0x00; 9584 else 9585 ev.store_hint = persistent; 9586 9587 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9588 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 9589 ev.key.type = mgmt_ltk_type(key); 9590 ev.key.enc_size = key->enc_size; 9591 ev.key.ediv = key->ediv; 9592 ev.key.rand = key->rand; 9593 9594 if (key->type == SMP_LTK) 9595 ev.key.initiator = 1; 9596 9597 /* Make sure we copy only the significant bytes based on the 9598 * encryption key size, and set the rest of the value to zeroes. 9599 */ 9600 memcpy(ev.key.val, key->val, key->enc_size); 9601 memset(ev.key.val + key->enc_size, 0, 9602 sizeof(ev.key.val) - key->enc_size); 9603 9604 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 9605} 9606 9607void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 9608{ 9609 struct mgmt_ev_new_irk ev; 9610 9611 memset(&ev, 0, sizeof(ev)); 9612 9613 ev.store_hint = persistent; 9614 9615 bacpy(&ev.rpa, &irk->rpa); 9616 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 9617 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 9618 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 9619 9620 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 9621} 9622 9623void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 9624 bool persistent) 9625{ 9626 struct mgmt_ev_new_csrk ev; 9627 9628 memset(&ev, 0, sizeof(ev)); 9629 9630 /* Devices using resolvable or non-resolvable random addresses 9631 * without providing an identity resolving key don't require 9632 * to store signature resolving keys. Their addresses will change 9633 * the next time around. 9634 * 9635 * Only when a remote device provides an identity address 9636 * make sure the signature resolving key is stored. So allow 9637 * static random and public addresses here. 9638 */ 9639 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 9640 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 9641 ev.store_hint = 0x00; 9642 else 9643 ev.store_hint = persistent; 9644 9645 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 9646 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 9647 ev.key.type = csrk->type; 9648 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 9649 9650 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 9651} 9652 9653void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 9654 u8 bdaddr_type, u8 store_hint, u16 min_interval, 9655 u16 max_interval, u16 latency, u16 timeout) 9656{ 9657 struct mgmt_ev_new_conn_param ev; 9658 9659 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 9660 return; 9661 9662 memset(&ev, 0, sizeof(ev)); 9663 bacpy(&ev.addr.bdaddr, bdaddr); 9664 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 9665 ev.store_hint = store_hint; 9666 ev.min_interval = cpu_to_le16(min_interval); 9667 ev.max_interval = cpu_to_le16(max_interval); 9668 ev.latency = cpu_to_le16(latency); 9669 ev.timeout = cpu_to_le16(timeout); 9670 9671 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 9672} 9673 9674void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 9675 u8 *name, u8 name_len) 9676{ 9677 struct sk_buff *skb; 9678 struct mgmt_ev_device_connected *ev; 9679 u16 eir_len = 0; 9680 u32 flags = 0; 9681 9682 /* allocate buff for LE or BR/EDR adv */ 9683 if (conn->le_adv_data_len > 0) 9684 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9685 sizeof(*ev) + conn->le_adv_data_len); 9686 else 9687 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9688 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) + 9689 eir_precalc_len(sizeof(conn->dev_class))); 9690 9691 ev = skb_put(skb, sizeof(*ev)); 9692 bacpy(&ev->addr.bdaddr, &conn->dst); 9693 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9694 9695 if (conn->out) 9696 flags |= MGMT_DEV_FOUND_INITIATED_CONN; 9697 9698 ev->flags = __cpu_to_le32(flags); 9699 9700 /* We must ensure that the EIR Data fields are ordered and 9701 * unique. Keep it simple for now and avoid the problem by not 9702 * adding any BR/EDR data to the LE adv. 9703 */ 9704 if (conn->le_adv_data_len > 0) { 9705 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len); 9706 eir_len = conn->le_adv_data_len; 9707 } else { 9708 if (name) 9709 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 9710 9711 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class))) 9712 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV, 9713 conn->dev_class, sizeof(conn->dev_class)); 9714 } 9715 9716 ev->eir_len = cpu_to_le16(eir_len); 9717 9718 mgmt_event_skb(skb, NULL); 9719} 9720 9721static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 9722{ 9723 struct sock **sk = data; 9724 9725 cmd->cmd_complete(cmd, 0); 9726 9727 *sk = cmd->sk; 9728 sock_hold(*sk); 9729 9730 mgmt_pending_remove(cmd); 9731} 9732 9733static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 9734{ 9735 struct hci_dev *hdev = data; 9736 struct mgmt_cp_unpair_device *cp = cmd->param; 9737 9738 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 9739 9740 cmd->cmd_complete(cmd, 0); 9741 mgmt_pending_remove(cmd); 9742} 9743 9744bool mgmt_powering_down(struct hci_dev *hdev) 9745{ 9746 struct mgmt_pending_cmd *cmd; 9747 struct mgmt_mode *cp; 9748 9749 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9750 if (!cmd) 9751 return false; 9752 9753 cp = cmd->param; 9754 if (!cp->val) 9755 return true; 9756 9757 return false; 9758} 9759 9760void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 9761 u8 link_type, u8 addr_type, u8 reason, 9762 bool mgmt_connected) 9763{ 9764 struct mgmt_ev_device_disconnected ev; 9765 struct sock *sk = NULL; 9766 9767 /* The connection is still in hci_conn_hash so test for 1 9768 * instead of 0 to know if this is the last one. 9769 */ 9770 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9771 cancel_delayed_work(&hdev->power_off); 9772 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9773 } 9774 9775 if (!mgmt_connected) 9776 return; 9777 9778 if (link_type != ACL_LINK && link_type != LE_LINK) 9779 return; 9780 9781 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 9782 9783 bacpy(&ev.addr.bdaddr, bdaddr); 9784 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9785 ev.reason = reason; 9786 9787 /* Report disconnects due to suspend */ 9788 if (hdev->suspended) 9789 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND; 9790 9791 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 9792 9793 if (sk) 9794 sock_put(sk); 9795 9796 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9797 hdev); 9798} 9799 9800void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 9801 u8 link_type, u8 addr_type, u8 status) 9802{ 9803 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 9804 struct mgmt_cp_disconnect *cp; 9805 struct mgmt_pending_cmd *cmd; 9806 9807 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9808 hdev); 9809 9810 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 9811 if (!cmd) 9812 return; 9813 9814 cp = cmd->param; 9815 9816 if (bacmp(bdaddr, &cp->addr.bdaddr)) 9817 return; 9818 9819 if (cp->addr.type != bdaddr_type) 9820 return; 9821 9822 cmd->cmd_complete(cmd, mgmt_status(status)); 9823 mgmt_pending_remove(cmd); 9824} 9825 9826void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9827 u8 addr_type, u8 status) 9828{ 9829 struct mgmt_ev_connect_failed ev; 9830 9831 /* The connection is still in hci_conn_hash so test for 1 9832 * instead of 0 to know if this is the last one. 9833 */ 9834 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9835 cancel_delayed_work(&hdev->power_off); 9836 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9837 } 9838 9839 bacpy(&ev.addr.bdaddr, bdaddr); 9840 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9841 ev.status = mgmt_status(status); 9842 9843 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 9844} 9845 9846void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 9847{ 9848 struct mgmt_ev_pin_code_request ev; 9849 9850 bacpy(&ev.addr.bdaddr, bdaddr); 9851 ev.addr.type = BDADDR_BREDR; 9852 ev.secure = secure; 9853 9854 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 9855} 9856 9857void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9858 u8 status) 9859{ 9860 struct mgmt_pending_cmd *cmd; 9861 9862 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 9863 if (!cmd) 9864 return; 9865 9866 cmd->cmd_complete(cmd, mgmt_status(status)); 9867 mgmt_pending_remove(cmd); 9868} 9869 9870void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9871 u8 status) 9872{ 9873 struct mgmt_pending_cmd *cmd; 9874 9875 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 9876 if (!cmd) 9877 return; 9878 9879 cmd->cmd_complete(cmd, mgmt_status(status)); 9880 mgmt_pending_remove(cmd); 9881} 9882 9883int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9884 u8 link_type, u8 addr_type, u32 value, 9885 u8 confirm_hint) 9886{ 9887 struct mgmt_ev_user_confirm_request ev; 9888 9889 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9890 9891 bacpy(&ev.addr.bdaddr, bdaddr); 9892 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9893 ev.confirm_hint = confirm_hint; 9894 ev.value = cpu_to_le32(value); 9895 9896 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 9897 NULL); 9898} 9899 9900int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9901 u8 link_type, u8 addr_type) 9902{ 9903 struct mgmt_ev_user_passkey_request ev; 9904 9905 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9906 9907 bacpy(&ev.addr.bdaddr, bdaddr); 9908 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9909 9910 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 9911 NULL); 9912} 9913 9914static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9915 u8 link_type, u8 addr_type, u8 status, 9916 u8 opcode) 9917{ 9918 struct mgmt_pending_cmd *cmd; 9919 9920 cmd = pending_find(opcode, hdev); 9921 if (!cmd) 9922 return -ENOENT; 9923 9924 cmd->cmd_complete(cmd, mgmt_status(status)); 9925 mgmt_pending_remove(cmd); 9926 9927 return 0; 9928} 9929 9930int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9931 u8 link_type, u8 addr_type, u8 status) 9932{ 9933 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9934 status, MGMT_OP_USER_CONFIRM_REPLY); 9935} 9936 9937int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9938 u8 link_type, u8 addr_type, u8 status) 9939{ 9940 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9941 status, 9942 MGMT_OP_USER_CONFIRM_NEG_REPLY); 9943} 9944 9945int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9946 u8 link_type, u8 addr_type, u8 status) 9947{ 9948 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9949 status, MGMT_OP_USER_PASSKEY_REPLY); 9950} 9951 9952int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9953 u8 link_type, u8 addr_type, u8 status) 9954{ 9955 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9956 status, 9957 MGMT_OP_USER_PASSKEY_NEG_REPLY); 9958} 9959 9960int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 9961 u8 link_type, u8 addr_type, u32 passkey, 9962 u8 entered) 9963{ 9964 struct mgmt_ev_passkey_notify ev; 9965 9966 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9967 9968 bacpy(&ev.addr.bdaddr, bdaddr); 9969 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9970 ev.passkey = __cpu_to_le32(passkey); 9971 ev.entered = entered; 9972 9973 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 9974} 9975 9976void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 9977{ 9978 struct mgmt_ev_auth_failed ev; 9979 struct mgmt_pending_cmd *cmd; 9980 u8 status = mgmt_status(hci_status); 9981 9982 bacpy(&ev.addr.bdaddr, &conn->dst); 9983 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9984 ev.status = status; 9985 9986 cmd = find_pairing(conn); 9987 9988 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 9989 cmd ? cmd->sk : NULL); 9990 9991 if (cmd) { 9992 cmd->cmd_complete(cmd, status); 9993 mgmt_pending_remove(cmd); 9994 } 9995} 9996 9997void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 9998{ 9999 struct cmd_lookup match = { NULL, hdev }; 10000 bool changed; 10001 10002 if (status) { 10003 u8 mgmt_err = mgmt_status(status); 10004 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 10005 cmd_status_rsp, &mgmt_err); 10006 return; 10007 } 10008 10009 if (test_bit(HCI_AUTH, &hdev->flags)) 10010 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 10011 else 10012 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 10013 10014 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 10015 &match); 10016 10017 if (changed) 10018 new_settings(hdev, match.sk); 10019 10020 if (match.sk) 10021 sock_put(match.sk); 10022} 10023 10024static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 10025{ 10026 struct cmd_lookup *match = data; 10027 10028 if (match->sk == NULL) { 10029 match->sk = cmd->sk; 10030 sock_hold(match->sk); 10031 } 10032} 10033 10034void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 10035 u8 status) 10036{ 10037 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 10038 10039 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 10040 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 10041 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 10042 10043 if (!status) { 10044 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 10045 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 10046 ext_info_changed(hdev, NULL); 10047 } 10048 10049 if (match.sk) 10050 sock_put(match.sk); 10051} 10052 10053void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 10054{ 10055 struct mgmt_cp_set_local_name ev; 10056 struct mgmt_pending_cmd *cmd; 10057 10058 if (status) 10059 return; 10060 10061 memset(&ev, 0, sizeof(ev)); 10062 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 10063 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 10064 10065 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 10066 if (!cmd) { 10067 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 10068 10069 /* If this is a HCI command related to powering on the 10070 * HCI dev don't send any mgmt signals. 10071 */ 10072 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 10073 return; 10074 } 10075 10076 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 10077 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 10078 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 10079} 10080 10081static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 10082{ 10083 int i; 10084 10085 for (i = 0; i < uuid_count; i++) { 10086 if (!memcmp(uuid, uuids[i], 16)) 10087 return true; 10088 } 10089 10090 return false; 10091} 10092 10093static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 10094{ 10095 u16 parsed = 0; 10096 10097 while (parsed < eir_len) { 10098 u8 field_len = eir[0]; 10099 u8 uuid[16]; 10100 int i; 10101 10102 if (field_len == 0) 10103 break; 10104 10105 if (eir_len - parsed < field_len + 1) 10106 break; 10107 10108 switch (eir[1]) { 10109 case EIR_UUID16_ALL: 10110 case EIR_UUID16_SOME: 10111 for (i = 0; i + 3 <= field_len; i += 2) { 10112 memcpy(uuid, bluetooth_base_uuid, 16); 10113 uuid[13] = eir[i + 3]; 10114 uuid[12] = eir[i + 2]; 10115 if (has_uuid(uuid, uuid_count, uuids)) 10116 return true; 10117 } 10118 break; 10119 case EIR_UUID32_ALL: 10120 case EIR_UUID32_SOME: 10121 for (i = 0; i + 5 <= field_len; i += 4) { 10122 memcpy(uuid, bluetooth_base_uuid, 16); 10123 uuid[15] = eir[i + 5]; 10124 uuid[14] = eir[i + 4]; 10125 uuid[13] = eir[i + 3]; 10126 uuid[12] = eir[i + 2]; 10127 if (has_uuid(uuid, uuid_count, uuids)) 10128 return true; 10129 } 10130 break; 10131 case EIR_UUID128_ALL: 10132 case EIR_UUID128_SOME: 10133 for (i = 0; i + 17 <= field_len; i += 16) { 10134 memcpy(uuid, eir + i + 2, 16); 10135 if (has_uuid(uuid, uuid_count, uuids)) 10136 return true; 10137 } 10138 break; 10139 } 10140 10141 parsed += field_len + 1; 10142 eir += field_len + 1; 10143 } 10144 10145 return false; 10146} 10147 10148static void restart_le_scan(struct hci_dev *hdev) 10149{ 10150 /* If controller is not scanning we are done. */ 10151 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 10152 return; 10153 10154 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 10155 hdev->discovery.scan_start + 10156 hdev->discovery.scan_duration)) 10157 return; 10158 10159 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 10160 DISCOV_LE_RESTART_DELAY); 10161} 10162 10163static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 10164 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 10165{ 10166 /* If a RSSI threshold has been specified, and 10167 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 10168 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 10169 * is set, let it through for further processing, as we might need to 10170 * restart the scan. 10171 * 10172 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 10173 * the results are also dropped. 10174 */ 10175 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10176 (rssi == HCI_RSSI_INVALID || 10177 (rssi < hdev->discovery.rssi && 10178 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 10179 return false; 10180 10181 if (hdev->discovery.uuid_count != 0) { 10182 /* If a list of UUIDs is provided in filter, results with no 10183 * matching UUID should be dropped. 10184 */ 10185 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 10186 hdev->discovery.uuids) && 10187 !eir_has_uuids(scan_rsp, scan_rsp_len, 10188 hdev->discovery.uuid_count, 10189 hdev->discovery.uuids)) 10190 return false; 10191 } 10192 10193 /* If duplicate filtering does not report RSSI changes, then restart 10194 * scanning to ensure updated result with updated RSSI values. 10195 */ 10196 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 10197 restart_le_scan(hdev); 10198 10199 /* Validate RSSI value against the RSSI threshold once more. */ 10200 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10201 rssi < hdev->discovery.rssi) 10202 return false; 10203 } 10204 10205 return true; 10206} 10207 10208void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle, 10209 bdaddr_t *bdaddr, u8 addr_type) 10210{ 10211 struct mgmt_ev_adv_monitor_device_lost ev; 10212 10213 ev.monitor_handle = cpu_to_le16(handle); 10214 bacpy(&ev.addr.bdaddr, bdaddr); 10215 ev.addr.type = addr_type; 10216 10217 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev), 10218 NULL); 10219} 10220 10221static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev, 10222 struct sk_buff *skb, 10223 struct sock *skip_sk, 10224 u16 handle) 10225{ 10226 struct sk_buff *advmon_skb; 10227 size_t advmon_skb_len; 10228 __le16 *monitor_handle; 10229 10230 if (!skb) 10231 return; 10232 10233 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) - 10234 sizeof(struct mgmt_ev_device_found)) + skb->len; 10235 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 10236 advmon_skb_len); 10237 if (!advmon_skb) 10238 return; 10239 10240 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except 10241 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and 10242 * store monitor_handle of the matched monitor. 10243 */ 10244 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle)); 10245 *monitor_handle = cpu_to_le16(handle); 10246 skb_put_data(advmon_skb, skb->data, skb->len); 10247 10248 mgmt_event_skb(advmon_skb, skip_sk); 10249} 10250 10251static void mgmt_adv_monitor_device_found(struct hci_dev *hdev, 10252 bdaddr_t *bdaddr, bool report_device, 10253 struct sk_buff *skb, 10254 struct sock *skip_sk) 10255{ 10256 struct monitored_device *dev, *tmp; 10257 bool matched = false; 10258 bool notified = false; 10259 10260 /* We have received the Advertisement Report because: 10261 * 1. the kernel has initiated active discovery 10262 * 2. if not, we have pend_le_reports > 0 in which case we are doing 10263 * passive scanning 10264 * 3. if none of the above is true, we have one or more active 10265 * Advertisement Monitor 10266 * 10267 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND 10268 * and report ONLY one advertisement per device for the matched Monitor 10269 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10270 * 10271 * For case 3, since we are not active scanning and all advertisements 10272 * received are due to a matched Advertisement Monitor, report all 10273 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10274 */ 10275 if (report_device && !hdev->advmon_pend_notify) { 10276 mgmt_event_skb(skb, skip_sk); 10277 return; 10278 } 10279 10280 hdev->advmon_pend_notify = false; 10281 10282 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) { 10283 if (!bacmp(&dev->bdaddr, bdaddr)) { 10284 matched = true; 10285 10286 if (!dev->notified) { 10287 mgmt_send_adv_monitor_device_found(hdev, skb, 10288 skip_sk, 10289 dev->handle); 10290 notified = true; 10291 dev->notified = true; 10292 } 10293 } 10294 10295 if (!dev->notified) 10296 hdev->advmon_pend_notify = true; 10297 } 10298 10299 if (!report_device && 10300 ((matched && !notified) || !msft_monitor_supported(hdev))) { 10301 /* Handle 0 indicates that we are not active scanning and this 10302 * is a subsequent advertisement report for an already matched 10303 * Advertisement Monitor or the controller offloading support 10304 * is not available. 10305 */ 10306 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0); 10307 } 10308 10309 if (report_device) 10310 mgmt_event_skb(skb, skip_sk); 10311 else 10312 kfree_skb(skb); 10313} 10314 10315static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, 10316 u8 addr_type, s8 rssi, u32 flags, u8 *eir, 10317 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10318 u64 instant) 10319{ 10320 struct sk_buff *skb; 10321 struct mgmt_ev_mesh_device_found *ev; 10322 int i, j; 10323 10324 if (!hdev->mesh_ad_types[0]) 10325 goto accepted; 10326 10327 /* Scan for requested AD types */ 10328 if (eir_len > 0) { 10329 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) { 10330 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10331 if (!hdev->mesh_ad_types[j]) 10332 break; 10333 10334 if (hdev->mesh_ad_types[j] == eir[i + 1]) 10335 goto accepted; 10336 } 10337 } 10338 } 10339 10340 if (scan_rsp_len > 0) { 10341 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) { 10342 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10343 if (!hdev->mesh_ad_types[j]) 10344 break; 10345 10346 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1]) 10347 goto accepted; 10348 } 10349 } 10350 } 10351 10352 return; 10353 10354accepted: 10355 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND, 10356 sizeof(*ev) + eir_len + scan_rsp_len); 10357 if (!skb) 10358 return; 10359 10360 ev = skb_put(skb, sizeof(*ev)); 10361 10362 bacpy(&ev->addr.bdaddr, bdaddr); 10363 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type); 10364 ev->rssi = rssi; 10365 ev->flags = cpu_to_le32(flags); 10366 ev->instant = cpu_to_le64(instant); 10367 10368 if (eir_len > 0) 10369 /* Copy EIR or advertising data into event */ 10370 skb_put_data(skb, eir, eir_len); 10371 10372 if (scan_rsp_len > 0) 10373 /* Append scan response data to event */ 10374 skb_put_data(skb, scan_rsp, scan_rsp_len); 10375 10376 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10377 10378 mgmt_event_skb(skb, NULL); 10379} 10380 10381void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10382 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 10383 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10384 u64 instant) 10385{ 10386 struct sk_buff *skb; 10387 struct mgmt_ev_device_found *ev; 10388 bool report_device = hci_discovery_active(hdev); 10389 10390 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK) 10391 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags, 10392 eir, eir_len, scan_rsp, scan_rsp_len, 10393 instant); 10394 10395 /* Don't send events for a non-kernel initiated discovery. With 10396 * LE one exception is if we have pend_le_reports > 0 in which 10397 * case we're doing passive scanning and want these events. 10398 */ 10399 if (!hci_discovery_active(hdev)) { 10400 if (link_type == ACL_LINK) 10401 return; 10402 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports)) 10403 report_device = true; 10404 else if (!hci_is_adv_monitoring(hdev)) 10405 return; 10406 } 10407 10408 if (hdev->discovery.result_filtering) { 10409 /* We are using service discovery */ 10410 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 10411 scan_rsp_len)) 10412 return; 10413 } 10414 10415 if (hdev->discovery.limited) { 10416 /* Check for limited discoverable bit */ 10417 if (dev_class) { 10418 if (!(dev_class[1] & 0x20)) 10419 return; 10420 } else { 10421 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 10422 if (!flags || !(flags[0] & LE_AD_LIMITED)) 10423 return; 10424 } 10425 } 10426 10427 /* Allocate skb. The 5 extra bytes are for the potential CoD field */ 10428 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10429 sizeof(*ev) + eir_len + scan_rsp_len + 5); 10430 if (!skb) 10431 return; 10432 10433 ev = skb_put(skb, sizeof(*ev)); 10434 10435 /* In case of device discovery with BR/EDR devices (pre 1.2), the 10436 * RSSI value was reported as 0 when not available. This behavior 10437 * is kept when using device discovery. This is required for full 10438 * backwards compatibility with the API. 10439 * 10440 * However when using service discovery, the value 127 will be 10441 * returned when the RSSI is not available. 10442 */ 10443 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 10444 link_type == ACL_LINK) 10445 rssi = 0; 10446 10447 bacpy(&ev->addr.bdaddr, bdaddr); 10448 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10449 ev->rssi = rssi; 10450 ev->flags = cpu_to_le32(flags); 10451 10452 if (eir_len > 0) 10453 /* Copy EIR or advertising data into event */ 10454 skb_put_data(skb, eir, eir_len); 10455 10456 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) { 10457 u8 eir_cod[5]; 10458 10459 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV, 10460 dev_class, 3); 10461 skb_put_data(skb, eir_cod, sizeof(eir_cod)); 10462 } 10463 10464 if (scan_rsp_len > 0) 10465 /* Append scan response data to event */ 10466 skb_put_data(skb, scan_rsp, scan_rsp_len); 10467 10468 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10469 10470 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL); 10471} 10472 10473void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10474 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 10475{ 10476 struct sk_buff *skb; 10477 struct mgmt_ev_device_found *ev; 10478 u16 eir_len = 0; 10479 u32 flags = 0; 10480 10481 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10482 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0)); 10483 10484 ev = skb_put(skb, sizeof(*ev)); 10485 bacpy(&ev->addr.bdaddr, bdaddr); 10486 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10487 ev->rssi = rssi; 10488 10489 if (name) 10490 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 10491 else 10492 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED; 10493 10494 ev->eir_len = cpu_to_le16(eir_len); 10495 ev->flags = cpu_to_le32(flags); 10496 10497 mgmt_event_skb(skb, NULL); 10498} 10499 10500void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 10501{ 10502 struct mgmt_ev_discovering ev; 10503 10504 bt_dev_dbg(hdev, "discovering %u", discovering); 10505 10506 memset(&ev, 0, sizeof(ev)); 10507 ev.type = hdev->discovery.type; 10508 ev.discovering = discovering; 10509 10510 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 10511} 10512 10513void mgmt_suspending(struct hci_dev *hdev, u8 state) 10514{ 10515 struct mgmt_ev_controller_suspend ev; 10516 10517 ev.suspend_state = state; 10518 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL); 10519} 10520 10521void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr, 10522 u8 addr_type) 10523{ 10524 struct mgmt_ev_controller_resume ev; 10525 10526 ev.wake_reason = reason; 10527 if (bdaddr) { 10528 bacpy(&ev.addr.bdaddr, bdaddr); 10529 ev.addr.type = addr_type; 10530 } else { 10531 memset(&ev.addr, 0, sizeof(ev.addr)); 10532 } 10533 10534 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL); 10535} 10536 10537static struct hci_mgmt_chan chan = { 10538 .channel = HCI_CHANNEL_CONTROL, 10539 .handler_count = ARRAY_SIZE(mgmt_handlers), 10540 .handlers = mgmt_handlers, 10541 .hdev_init = mgmt_init_hdev, 10542}; 10543 10544int mgmt_init(void) 10545{ 10546 return hci_mgmt_chan_register(&chan); 10547} 10548 10549void mgmt_exit(void) 10550{ 10551 hci_mgmt_chan_unregister(&chan); 10552} 10553 10554void mgmt_cleanup(struct sock *sk) 10555{ 10556 struct mgmt_mesh_tx *mesh_tx; 10557 struct hci_dev *hdev; 10558 10559 read_lock(&hci_dev_list_lock); 10560 10561 list_for_each_entry(hdev, &hci_dev_list, list) { 10562 do { 10563 mesh_tx = mgmt_mesh_next(hdev, sk); 10564 10565 if (mesh_tx) 10566 mesh_send_complete(hdev, mesh_tx, true); 10567 } while (mesh_tx); 10568 } 10569 10570 read_unlock(&hci_dev_list_lock); 10571}