1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
35
36 #include "hci_request.h"
37 #include "smp.h"
38 #include "mgmt_util.h"
39
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
42
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_BONDABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_BREDR,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
88 MGMT_OP_SET_PRIVACY,
89 MGMT_OP_LOAD_IRKS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
109 };
110
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_NEW_IRK,
134 MGMT_EV_NEW_CSRK,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
147 };
148
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
156 };
157
158 static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170 };
171
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240 };
241
mgmt_status(u8 hci_status)242 static u8 mgmt_status(u8 hci_status)
243 {
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248 }
249
mgmt_index_event(u16 event,struct hci_dev * hdev,void * data,u16 len,int flag)250 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
252 {
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
255 }
256
mgmt_limited_event(u16 event,struct hci_dev * hdev,void * data,u16 len,int flag,struct sock * skip_sk)257 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259 {
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262 }
263
mgmt_event(u16 event,struct hci_dev * hdev,void * data,u16 len,struct sock * skip_sk)264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266 {
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
269 }
270
le_addr_type(u8 mgmt_addr_type)271 static u8 le_addr_type(u8 mgmt_addr_type)
272 {
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277 }
278
mgmt_fill_version_info(void * ver)279 void mgmt_fill_version_info(void *ver)
280 {
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285 }
286
read_version(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)287 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
289 {
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
294 mgmt_fill_version_info(&rp);
295
296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
298 }
299
read_commands(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)300 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
302 {
303 struct mgmt_rp_read_commands *rp;
304 u16 num_commands, num_events;
305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
326
327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
332
333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
344
345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
347 kfree(rp);
348
349 return err;
350 }
351
read_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)352 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
354 {
355 struct mgmt_rp_read_index_list *rp;
356 struct hci_dev *d;
357 size_t rp_len;
358 u16 count;
359 int err;
360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
366 list_for_each_entry(d, &hci_dev_list, list) {
367 if (d->dev_type == HCI_PRIMARY &&
368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
369 count++;
370 }
371
372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
375 read_unlock(&hci_dev_list_lock);
376 return -ENOMEM;
377 }
378
379 count = 0;
380 list_for_each_entry(d, &hci_dev_list, list) {
381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
384 continue;
385
386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
390 continue;
391
392 if (d->dev_type == HCI_PRIMARY &&
393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
397 }
398
399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
402 read_unlock(&hci_dev_list_lock);
403
404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
406
407 kfree(rp);
408
409 return err;
410 }
411
read_unconf_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)412 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414 {
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
427 if (d->dev_type == HCI_PRIMARY &&
428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
452 if (d->dev_type == HCI_PRIMARY &&
453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
466
467 kfree(rp);
468
469 return err;
470 }
471
read_ext_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)472 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474 {
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
488 count++;
489 }
490
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) {
494 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM;
496 }
497
498 count = 0;
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 continue;
504
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
507 */
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 continue;
510
511 if (d->dev_type == HCI_PRIMARY) {
512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
514 else
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
518 } else {
519 continue;
520 }
521
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
525 }
526
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529
530 read_unlock(&hci_dev_list_lock);
531
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
535 */
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
542
543 kfree(rp);
544
545 return err;
546 }
547
is_configured(struct hci_dev * hdev)548 static bool is_configured(struct hci_dev *hdev)
549 {
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 return false;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559 }
560
get_missing_options(struct hci_dev * hdev)561 static __le32 get_missing_options(struct hci_dev *hdev)
562 {
563 u32 options = 0;
564
565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574 }
575
new_options(struct hci_dev * hdev,struct sock * skip)576 static int new_options(struct hci_dev *hdev, struct sock *skip)
577 {
578 __le32 options = get_missing_options(hdev);
579
580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
582 }
583
send_options_rsp(struct sock * sk,u16 opcode,struct hci_dev * hdev)584 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585 {
586 __le32 options = get_missing_options(hdev);
587
588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
590 }
591
read_config_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)592 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594 {
595 struct mgmt_rp_read_config_info rp;
596 u32 options = 0;
597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
604
605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
608 if (hdev->set_bdaddr)
609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
613
614 hci_dev_unlock(hdev);
615
616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
618 }
619
get_supported_settings(struct hci_dev * hdev)620 static u32 get_supported_settings(struct hci_dev *hdev)
621 {
622 u32 settings = 0;
623
624 settings |= MGMT_SETTING_POWERED;
625 settings |= MGMT_SETTING_BONDABLE;
626 settings |= MGMT_SETTING_DEBUG_KEYS;
627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
629
630 if (lmp_bredr_capable(hdev)) {
631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
635
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
639 }
640
641 if (lmp_sc_capable(hdev))
642 settings |= MGMT_SETTING_SECURE_CONN;
643 }
644
645 if (lmp_le_capable(hdev)) {
646 settings |= MGMT_SETTING_LE;
647 settings |= MGMT_SETTING_ADVERTISING;
648 settings |= MGMT_SETTING_SECURE_CONN;
649 settings |= MGMT_SETTING_PRIVACY;
650 settings |= MGMT_SETTING_STATIC_ADDRESS;
651 }
652
653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
654 hdev->set_bdaddr)
655 settings |= MGMT_SETTING_CONFIGURATION;
656
657 return settings;
658 }
659
get_current_settings(struct hci_dev * hdev)660 static u32 get_current_settings(struct hci_dev *hdev)
661 {
662 u32 settings = 0;
663
664 if (hdev_is_powered(hdev))
665 settings |= MGMT_SETTING_POWERED;
666
667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
668 settings |= MGMT_SETTING_CONNECTABLE;
669
670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
672
673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
674 settings |= MGMT_SETTING_DISCOVERABLE;
675
676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
677 settings |= MGMT_SETTING_BONDABLE;
678
679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
680 settings |= MGMT_SETTING_BREDR;
681
682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
683 settings |= MGMT_SETTING_LE;
684
685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
686 settings |= MGMT_SETTING_LINK_SECURITY;
687
688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
689 settings |= MGMT_SETTING_SSP;
690
691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
692 settings |= MGMT_SETTING_HS;
693
694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
695 settings |= MGMT_SETTING_ADVERTISING;
696
697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
698 settings |= MGMT_SETTING_SECURE_CONN;
699
700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
701 settings |= MGMT_SETTING_DEBUG_KEYS;
702
703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
704 settings |= MGMT_SETTING_PRIVACY;
705
706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
709 *
710 * This means if the static address is not configured, this flag
711 * will never be set. If the address is configured, then if the
712 * address is actually used decides if the flag is set or not.
713 *
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
716 * be evaluated.
717 */
718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 }
724
725 return settings;
726 }
727
pending_find(u16 opcode,struct hci_dev * hdev)728 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
729 {
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
731 }
732
pending_find_data(u16 opcode,struct hci_dev * hdev,const void * data)733 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
735 const void *data)
736 {
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
738 }
739
mgmt_get_adv_discov_flags(struct hci_dev * hdev)740 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
741 {
742 struct mgmt_pending_cmd *cmd;
743
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
746 */
747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
748 if (cmd) {
749 struct mgmt_mode *cp = cmd->param;
750 if (cp->val == 0x01)
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
754 } else {
755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
756 return LE_AD_LIMITED;
757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
758 return LE_AD_GENERAL;
759 }
760
761 return 0;
762 }
763
mgmt_get_connectable(struct hci_dev * hdev)764 bool mgmt_get_connectable(struct hci_dev *hdev)
765 {
766 struct mgmt_pending_cmd *cmd;
767
768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
770 */
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
772 if (cmd) {
773 struct mgmt_mode *cp = cmd->param;
774
775 return cp->val;
776 }
777
778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
779 }
780
service_cache_off(struct work_struct * work)781 static void service_cache_off(struct work_struct *work)
782 {
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
784 service_cache.work);
785 struct hci_request req;
786
787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
788 return;
789
790 hci_req_init(&req, hdev);
791
792 hci_dev_lock(hdev);
793
794 __hci_req_update_eir(&req);
795 __hci_req_update_class(&req);
796
797 hci_dev_unlock(hdev);
798
799 hci_req_run(&req, NULL);
800 }
801
rpa_expired(struct work_struct * work)802 static void rpa_expired(struct work_struct *work)
803 {
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
805 rpa_expired.work);
806 struct hci_request req;
807
808 BT_DBG("");
809
810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
811
812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
813 return;
814
815 /* The generation of a new RPA and programming it into the
816 * controller happens in the hci_req_enable_advertising()
817 * function.
818 */
819 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL);
822 }
823
mgmt_init_hdev(struct sock * sk,struct hci_dev * hdev)824 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
825 {
826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
827 return;
828
829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
831
832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
835 * it
836 */
837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
838 }
839
read_controller_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)840 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
841 void *data, u16 data_len)
842 {
843 struct mgmt_rp_read_info rp;
844
845 BT_DBG("sock %p %s", sk, hdev->name);
846
847 hci_dev_lock(hdev);
848
849 memset(&rp, 0, sizeof(rp));
850
851 bacpy(&rp.bdaddr, &hdev->bdaddr);
852
853 rp.version = hdev->hci_ver;
854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
855
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
858
859 memcpy(rp.dev_class, hdev->dev_class, 3);
860
861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
863
864 hci_dev_unlock(hdev);
865
866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
867 sizeof(rp));
868 }
869
append_eir_data_to_buf(struct hci_dev * hdev,u8 * eir)870 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
871 {
872 u16 eir_len = 0;
873 size_t name_len;
874
875 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
876 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
877 hdev->dev_class, 3);
878
879 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
880 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
881 hdev->appearance);
882
883 name_len = strlen(hdev->dev_name);
884 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
885 hdev->dev_name, name_len);
886
887 name_len = strlen(hdev->short_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
889 hdev->short_name, name_len);
890
891 return eir_len;
892 }
893
read_ext_controller_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)894 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
895 void *data, u16 data_len)
896 {
897 char buf[512];
898 struct mgmt_rp_read_ext_info *rp = (void *)buf;
899 u16 eir_len;
900
901 BT_DBG("sock %p %s", sk, hdev->name);
902
903 memset(&buf, 0, sizeof(buf));
904
905 hci_dev_lock(hdev);
906
907 bacpy(&rp->bdaddr, &hdev->bdaddr);
908
909 rp->version = hdev->hci_ver;
910 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
911
912 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
913 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
914
915
916 eir_len = append_eir_data_to_buf(hdev, rp->eir);
917 rp->eir_len = cpu_to_le16(eir_len);
918
919 hci_dev_unlock(hdev);
920
921 /* If this command is called at least once, then the events
922 * for class of device and local name changes are disabled
923 * and only the new extended controller information event
924 * is used.
925 */
926 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
927 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
929
930 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
931 sizeof(*rp) + eir_len);
932 }
933
ext_info_changed(struct hci_dev * hdev,struct sock * skip)934 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
935 {
936 char buf[512];
937 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
938 u16 eir_len;
939
940 memset(buf, 0, sizeof(buf));
941
942 eir_len = append_eir_data_to_buf(hdev, ev->eir);
943 ev->eir_len = cpu_to_le16(eir_len);
944
945 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
946 sizeof(*ev) + eir_len,
947 HCI_MGMT_EXT_INFO_EVENTS, skip);
948 }
949
send_settings_rsp(struct sock * sk,u16 opcode,struct hci_dev * hdev)950 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
951 {
952 __le32 settings = cpu_to_le32(get_current_settings(hdev));
953
954 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
955 sizeof(settings));
956 }
957
clean_up_hci_complete(struct hci_dev * hdev,u8 status,u16 opcode)958 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
959 {
960 BT_DBG("%s status 0x%02x", hdev->name, status);
961
962 if (hci_conn_count(hdev) == 0) {
963 cancel_delayed_work(&hdev->power_off);
964 queue_work(hdev->req_workqueue, &hdev->power_off.work);
965 }
966 }
967
mgmt_advertising_added(struct sock * sk,struct hci_dev * hdev,u8 instance)968 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
969 {
970 struct mgmt_ev_advertising_added ev;
971
972 ev.instance = instance;
973
974 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
975 }
976
mgmt_advertising_removed(struct sock * sk,struct hci_dev * hdev,u8 instance)977 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
978 u8 instance)
979 {
980 struct mgmt_ev_advertising_removed ev;
981
982 ev.instance = instance;
983
984 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
985 }
986
cancel_adv_timeout(struct hci_dev * hdev)987 static void cancel_adv_timeout(struct hci_dev *hdev)
988 {
989 if (hdev->adv_instance_timeout) {
990 hdev->adv_instance_timeout = 0;
991 cancel_delayed_work(&hdev->adv_instance_expire);
992 }
993 }
994
clean_up_hci_state(struct hci_dev * hdev)995 static int clean_up_hci_state(struct hci_dev *hdev)
996 {
997 struct hci_request req;
998 struct hci_conn *conn;
999 bool discov_stopped;
1000 int err;
1001
1002 hci_req_init(&req, hdev);
1003
1004 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1005 test_bit(HCI_PSCAN, &hdev->flags)) {
1006 u8 scan = 0x00;
1007 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 }
1009
1010 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1011
1012 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1013 __hci_req_disable_advertising(&req);
1014
1015 discov_stopped = hci_req_stop_discovery(&req);
1016
1017 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1018 /* 0x15 == Terminated due to Power Off */
1019 __hci_abort_conn(&req, conn, 0x15);
1020 }
1021
1022 err = hci_req_run(&req, clean_up_hci_complete);
1023 if (!err && discov_stopped)
1024 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1025
1026 return err;
1027 }
1028
set_powered(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1029 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1030 u16 len)
1031 {
1032 struct mgmt_mode *cp = data;
1033 struct mgmt_pending_cmd *cmd;
1034 int err;
1035
1036 BT_DBG("request for %s", hdev->name);
1037
1038 if (cp->val != 0x00 && cp->val != 0x01)
1039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
1042 hci_dev_lock(hdev);
1043
1044 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1046 MGMT_STATUS_BUSY);
1047 goto failed;
1048 }
1049
1050 if (!!cp->val == hdev_is_powered(hdev)) {
1051 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1052 goto failed;
1053 }
1054
1055 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1056 if (!cmd) {
1057 err = -ENOMEM;
1058 goto failed;
1059 }
1060
1061 if (cp->val) {
1062 queue_work(hdev->req_workqueue, &hdev->power_on);
1063 err = 0;
1064 } else {
1065 /* Disconnect connections, stop scans, etc */
1066 err = clean_up_hci_state(hdev);
1067 if (!err)
1068 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1069 HCI_POWER_OFF_TIMEOUT);
1070
1071 /* ENODATA means there were no HCI commands queued */
1072 if (err == -ENODATA) {
1073 cancel_delayed_work(&hdev->power_off);
1074 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1075 err = 0;
1076 }
1077 }
1078
1079 failed:
1080 hci_dev_unlock(hdev);
1081 return err;
1082 }
1083
new_settings(struct hci_dev * hdev,struct sock * skip)1084 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1085 {
1086 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1087
1088 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1089 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1090 }
1091
mgmt_new_settings(struct hci_dev * hdev)1092 int mgmt_new_settings(struct hci_dev *hdev)
1093 {
1094 return new_settings(hdev, NULL);
1095 }
1096
1097 struct cmd_lookup {
1098 struct sock *sk;
1099 struct hci_dev *hdev;
1100 u8 mgmt_status;
1101 };
1102
settings_rsp(struct mgmt_pending_cmd * cmd,void * data)1103 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1104 {
1105 struct cmd_lookup *match = data;
1106
1107 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1108
1109 list_del(&cmd->list);
1110
1111 if (match->sk == NULL) {
1112 match->sk = cmd->sk;
1113 sock_hold(match->sk);
1114 }
1115
1116 mgmt_pending_free(cmd);
1117 }
1118
cmd_status_rsp(struct mgmt_pending_cmd * cmd,void * data)1119 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1120 {
1121 u8 *status = data;
1122
1123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1124 mgmt_pending_remove(cmd);
1125 }
1126
cmd_complete_rsp(struct mgmt_pending_cmd * cmd,void * data)1127 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1128 {
1129 if (cmd->cmd_complete) {
1130 u8 *status = data;
1131
1132 cmd->cmd_complete(cmd, *status);
1133 mgmt_pending_remove(cmd);
1134
1135 return;
1136 }
1137
1138 cmd_status_rsp(cmd, data);
1139 }
1140
generic_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)1141 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1142 {
1143 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1144 cmd->param, cmd->param_len);
1145 }
1146
addr_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)1147 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1148 {
1149 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1150 cmd->param, sizeof(struct mgmt_addr_info));
1151 }
1152
mgmt_bredr_support(struct hci_dev * hdev)1153 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1154 {
1155 if (!lmp_bredr_capable(hdev))
1156 return MGMT_STATUS_NOT_SUPPORTED;
1157 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1158 return MGMT_STATUS_REJECTED;
1159 else
1160 return MGMT_STATUS_SUCCESS;
1161 }
1162
mgmt_le_support(struct hci_dev * hdev)1163 static u8 mgmt_le_support(struct hci_dev *hdev)
1164 {
1165 if (!lmp_le_capable(hdev))
1166 return MGMT_STATUS_NOT_SUPPORTED;
1167 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1168 return MGMT_STATUS_REJECTED;
1169 else
1170 return MGMT_STATUS_SUCCESS;
1171 }
1172
mgmt_set_discoverable_complete(struct hci_dev * hdev,u8 status)1173 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1174 {
1175 struct mgmt_pending_cmd *cmd;
1176
1177 BT_DBG("status 0x%02x", status);
1178
1179 hci_dev_lock(hdev);
1180
1181 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1182 if (!cmd)
1183 goto unlock;
1184
1185 if (status) {
1186 u8 mgmt_err = mgmt_status(status);
1187 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1188 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1189 goto remove_cmd;
1190 }
1191
1192 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1193 hdev->discov_timeout > 0) {
1194 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1195 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1196 }
1197
1198 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1199 new_settings(hdev, cmd->sk);
1200
1201 remove_cmd:
1202 mgmt_pending_remove(cmd);
1203
1204 unlock:
1205 hci_dev_unlock(hdev);
1206 }
1207
set_discoverable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1208 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1209 u16 len)
1210 {
1211 struct mgmt_cp_set_discoverable *cp = data;
1212 struct mgmt_pending_cmd *cmd;
1213 u16 timeout;
1214 int err;
1215
1216 BT_DBG("request for %s", hdev->name);
1217
1218 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1219 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1221 MGMT_STATUS_REJECTED);
1222
1223 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_INVALID_PARAMS);
1226
1227 timeout = __le16_to_cpu(cp->timeout);
1228
1229 /* Disabling discoverable requires that no timeout is set,
1230 * and enabling limited discoverable requires a timeout.
1231 */
1232 if ((cp->val == 0x00 && timeout > 0) ||
1233 (cp->val == 0x02 && timeout == 0))
1234 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1235 MGMT_STATUS_INVALID_PARAMS);
1236
1237 hci_dev_lock(hdev);
1238
1239 if (!hdev_is_powered(hdev) && timeout > 0) {
1240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1241 MGMT_STATUS_NOT_POWERED);
1242 goto failed;
1243 }
1244
1245 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1246 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1248 MGMT_STATUS_BUSY);
1249 goto failed;
1250 }
1251
1252 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1254 MGMT_STATUS_REJECTED);
1255 goto failed;
1256 }
1257
1258 if (!hdev_is_powered(hdev)) {
1259 bool changed = false;
1260
1261 /* Setting limited discoverable when powered off is
1262 * not a valid operation since it requires a timeout
1263 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1264 */
1265 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1266 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1267 changed = true;
1268 }
1269
1270 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1271 if (err < 0)
1272 goto failed;
1273
1274 if (changed)
1275 err = new_settings(hdev, sk);
1276
1277 goto failed;
1278 }
1279
1280 /* If the current mode is the same, then just update the timeout
1281 * value with the new value. And if only the timeout gets updated,
1282 * then no need for any HCI transactions.
1283 */
1284 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1285 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1286 HCI_LIMITED_DISCOVERABLE)) {
1287 cancel_delayed_work(&hdev->discov_off);
1288 hdev->discov_timeout = timeout;
1289
1290 if (cp->val && hdev->discov_timeout > 0) {
1291 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1292 queue_delayed_work(hdev->req_workqueue,
1293 &hdev->discov_off, to);
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1301 if (!cmd) {
1302 err = -ENOMEM;
1303 goto failed;
1304 }
1305
1306 /* Cancel any potential discoverable timeout that might be
1307 * still active and store new timeout value. The arming of
1308 * the timeout happens in the complete handler.
1309 */
1310 cancel_delayed_work(&hdev->discov_off);
1311 hdev->discov_timeout = timeout;
1312
1313 if (cp->val)
1314 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1315 else
1316 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1317
1318 /* Limited discoverable mode */
1319 if (cp->val == 0x02)
1320 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1321 else
1322 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1323
1324 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1325 err = 0;
1326
1327 failed:
1328 hci_dev_unlock(hdev);
1329 return err;
1330 }
1331
mgmt_set_connectable_complete(struct hci_dev * hdev,u8 status)1332 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1333 {
1334 struct mgmt_pending_cmd *cmd;
1335
1336 BT_DBG("status 0x%02x", status);
1337
1338 hci_dev_lock(hdev);
1339
1340 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1341 if (!cmd)
1342 goto unlock;
1343
1344 if (status) {
1345 u8 mgmt_err = mgmt_status(status);
1346 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1347 goto remove_cmd;
1348 }
1349
1350 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1351 new_settings(hdev, cmd->sk);
1352
1353 remove_cmd:
1354 mgmt_pending_remove(cmd);
1355
1356 unlock:
1357 hci_dev_unlock(hdev);
1358 }
1359
set_connectable_update_settings(struct hci_dev * hdev,struct sock * sk,u8 val)1360 static int set_connectable_update_settings(struct hci_dev *hdev,
1361 struct sock *sk, u8 val)
1362 {
1363 bool changed = false;
1364 int err;
1365
1366 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1367 changed = true;
1368
1369 if (val) {
1370 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1371 } else {
1372 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1373 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1374 }
1375
1376 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1377 if (err < 0)
1378 return err;
1379
1380 if (changed) {
1381 hci_req_update_scan(hdev);
1382 hci_update_background_scan(hdev);
1383 return new_settings(hdev, sk);
1384 }
1385
1386 return 0;
1387 }
1388
set_connectable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1389 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1390 u16 len)
1391 {
1392 struct mgmt_mode *cp = data;
1393 struct mgmt_pending_cmd *cmd;
1394 int err;
1395
1396 BT_DBG("request for %s", hdev->name);
1397
1398 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1399 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1401 MGMT_STATUS_REJECTED);
1402
1403 if (cp->val != 0x00 && cp->val != 0x01)
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_INVALID_PARAMS);
1406
1407 hci_dev_lock(hdev);
1408
1409 if (!hdev_is_powered(hdev)) {
1410 err = set_connectable_update_settings(hdev, sk, cp->val);
1411 goto failed;
1412 }
1413
1414 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1415 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1416 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1417 MGMT_STATUS_BUSY);
1418 goto failed;
1419 }
1420
1421 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1422 if (!cmd) {
1423 err = -ENOMEM;
1424 goto failed;
1425 }
1426
1427 if (cp->val) {
1428 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1429 } else {
1430 if (hdev->discov_timeout > 0)
1431 cancel_delayed_work(&hdev->discov_off);
1432
1433 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1434 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1435 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1436 }
1437
1438 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1439 err = 0;
1440
1441 failed:
1442 hci_dev_unlock(hdev);
1443 return err;
1444 }
1445
set_bondable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1446 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1447 u16 len)
1448 {
1449 struct mgmt_mode *cp = data;
1450 bool changed;
1451 int err;
1452
1453 BT_DBG("request for %s", hdev->name);
1454
1455 if (cp->val != 0x00 && cp->val != 0x01)
1456 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1457 MGMT_STATUS_INVALID_PARAMS);
1458
1459 hci_dev_lock(hdev);
1460
1461 if (cp->val)
1462 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1463 else
1464 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1465
1466 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1467 if (err < 0)
1468 goto unlock;
1469
1470 if (changed) {
1471 /* In limited privacy mode the change of bondable mode
1472 * may affect the local advertising address.
1473 */
1474 if (hdev_is_powered(hdev) &&
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1476 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1477 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1478 queue_work(hdev->req_workqueue,
1479 &hdev->discoverable_update);
1480
1481 err = new_settings(hdev, sk);
1482 }
1483
1484 unlock:
1485 hci_dev_unlock(hdev);
1486 return err;
1487 }
1488
set_link_security(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1489 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1490 u16 len)
1491 {
1492 struct mgmt_mode *cp = data;
1493 struct mgmt_pending_cmd *cmd;
1494 u8 val, status;
1495 int err;
1496
1497 BT_DBG("request for %s", hdev->name);
1498
1499 status = mgmt_bredr_support(hdev);
1500 if (status)
1501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1502 status);
1503
1504 if (cp->val != 0x00 && cp->val != 0x01)
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1506 MGMT_STATUS_INVALID_PARAMS);
1507
1508 hci_dev_lock(hdev);
1509
1510 if (!hdev_is_powered(hdev)) {
1511 bool changed = false;
1512
1513 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1514 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1515 changed = true;
1516 }
1517
1518 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1519 if (err < 0)
1520 goto failed;
1521
1522 if (changed)
1523 err = new_settings(hdev, sk);
1524
1525 goto failed;
1526 }
1527
1528 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1530 MGMT_STATUS_BUSY);
1531 goto failed;
1532 }
1533
1534 val = !!cp->val;
1535
1536 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1537 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1538 goto failed;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1542 if (!cmd) {
1543 err = -ENOMEM;
1544 goto failed;
1545 }
1546
1547 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1548 if (err < 0) {
1549 mgmt_pending_remove(cmd);
1550 goto failed;
1551 }
1552
1553 failed:
1554 hci_dev_unlock(hdev);
1555 return err;
1556 }
1557
set_ssp(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1558 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1559 {
1560 struct mgmt_mode *cp = data;
1561 struct mgmt_pending_cmd *cmd;
1562 u8 status;
1563 int err;
1564
1565 BT_DBG("request for %s", hdev->name);
1566
1567 status = mgmt_bredr_support(hdev);
1568 if (status)
1569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1570
1571 if (!lmp_ssp_capable(hdev))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1573 MGMT_STATUS_NOT_SUPPORTED);
1574
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_INVALID_PARAMS);
1578
1579 hci_dev_lock(hdev);
1580
1581 if (!hdev_is_powered(hdev)) {
1582 bool changed;
1583
1584 if (cp->val) {
1585 changed = !hci_dev_test_and_set_flag(hdev,
1586 HCI_SSP_ENABLED);
1587 } else {
1588 changed = hci_dev_test_and_clear_flag(hdev,
1589 HCI_SSP_ENABLED);
1590 if (!changed)
1591 changed = hci_dev_test_and_clear_flag(hdev,
1592 HCI_HS_ENABLED);
1593 else
1594 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1595 }
1596
1597 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1598 if (err < 0)
1599 goto failed;
1600
1601 if (changed)
1602 err = new_settings(hdev, sk);
1603
1604 goto failed;
1605 }
1606
1607 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1609 MGMT_STATUS_BUSY);
1610 goto failed;
1611 }
1612
1613 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1614 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1615 goto failed;
1616 }
1617
1618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1619 if (!cmd) {
1620 err = -ENOMEM;
1621 goto failed;
1622 }
1623
1624 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1625 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1626 sizeof(cp->val), &cp->val);
1627
1628 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1629 if (err < 0) {
1630 mgmt_pending_remove(cmd);
1631 goto failed;
1632 }
1633
1634 failed:
1635 hci_dev_unlock(hdev);
1636 return err;
1637 }
1638
set_hs(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1639 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1640 {
1641 struct mgmt_mode *cp = data;
1642 bool changed;
1643 u8 status;
1644 int err;
1645
1646 BT_DBG("request for %s", hdev->name);
1647
1648 status = mgmt_bredr_support(hdev);
1649 if (status)
1650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1651
1652 if (!lmp_ssp_capable(hdev))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1655
1656 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1658 MGMT_STATUS_REJECTED);
1659
1660 if (cp->val != 0x00 && cp->val != 0x01)
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_INVALID_PARAMS);
1663
1664 hci_dev_lock(hdev);
1665
1666 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1667 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1668 MGMT_STATUS_BUSY);
1669 goto unlock;
1670 }
1671
1672 if (cp->val) {
1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1674 } else {
1675 if (hdev_is_powered(hdev)) {
1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1677 MGMT_STATUS_REJECTED);
1678 goto unlock;
1679 }
1680
1681 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1682 }
1683
1684 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1685 if (err < 0)
1686 goto unlock;
1687
1688 if (changed)
1689 err = new_settings(hdev, sk);
1690
1691 unlock:
1692 hci_dev_unlock(hdev);
1693 return err;
1694 }
1695
le_enable_complete(struct hci_dev * hdev,u8 status,u16 opcode)1696 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1697 {
1698 struct cmd_lookup match = { NULL, hdev };
1699
1700 hci_dev_lock(hdev);
1701
1702 if (status) {
1703 u8 mgmt_err = mgmt_status(status);
1704
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1706 &mgmt_err);
1707 goto unlock;
1708 }
1709
1710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1711
1712 new_settings(hdev, match.sk);
1713
1714 if (match.sk)
1715 sock_put(match.sk);
1716
1717 /* Make sure the controller has a good default for
1718 * advertising data. Restrict the update to when LE
1719 * has actually been enabled. During power on, the
1720 * update in powered_update_hci will take care of it.
1721 */
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req;
1724
1725 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00);
1727 __hci_req_update_scan_rsp_data(&req, 0x00);
1728 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev);
1730 }
1731
1732 unlock:
1733 hci_dev_unlock(hdev);
1734 }
1735
set_le(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1736 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1737 {
1738 struct mgmt_mode *cp = data;
1739 struct hci_cp_write_le_host_supported hci_cp;
1740 struct mgmt_pending_cmd *cmd;
1741 struct hci_request req;
1742 int err;
1743 u8 val, enabled;
1744
1745 BT_DBG("request for %s", hdev->name);
1746
1747 if (!lmp_le_capable(hdev))
1748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1749 MGMT_STATUS_NOT_SUPPORTED);
1750
1751 if (cp->val != 0x00 && cp->val != 0x01)
1752 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1753 MGMT_STATUS_INVALID_PARAMS);
1754
1755 /* Bluetooth single mode LE only controllers or dual-mode
1756 * controllers configured as LE only devices, do not allow
1757 * switching LE off. These have either LE enabled explicitly
1758 * or BR/EDR has been previously switched off.
1759 *
1760 * When trying to enable an already enabled LE, then gracefully
1761 * send a positive response. Trying to disable it however will
1762 * result into rejection.
1763 */
1764 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1765 if (cp->val == 0x01)
1766 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1767
1768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1769 MGMT_STATUS_REJECTED);
1770 }
1771
1772 hci_dev_lock(hdev);
1773
1774 val = !!cp->val;
1775 enabled = lmp_host_le_capable(hdev);
1776
1777 if (!val)
1778 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1779
1780 if (!hdev_is_powered(hdev) || val == enabled) {
1781 bool changed = false;
1782
1783 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1784 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1785 changed = true;
1786 }
1787
1788 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1789 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1790 changed = true;
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1794 if (err < 0)
1795 goto unlock;
1796
1797 if (changed)
1798 err = new_settings(hdev, sk);
1799
1800 goto unlock;
1801 }
1802
1803 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1804 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1806 MGMT_STATUS_BUSY);
1807 goto unlock;
1808 }
1809
1810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1811 if (!cmd) {
1812 err = -ENOMEM;
1813 goto unlock;
1814 }
1815
1816 hci_req_init(&req, hdev);
1817
1818 memset(&hci_cp, 0, sizeof(hci_cp));
1819
1820 if (val) {
1821 hci_cp.le = val;
1822 hci_cp.simul = 0x00;
1823 } else {
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req);
1826 }
1827
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1829 &hci_cp);
1830
1831 err = hci_req_run(&req, le_enable_complete);
1832 if (err < 0)
1833 mgmt_pending_remove(cmd);
1834
1835 unlock:
1836 hci_dev_unlock(hdev);
1837 return err;
1838 }
1839
1840 /* This is a helper function to test for pending mgmt commands that can
1841 * cause CoD or EIR HCI commands. We can only allow one such pending
1842 * mgmt command at a time since otherwise we cannot easily track what
1843 * the current values are, will be, and based on that calculate if a new
1844 * HCI command needs to be sent and if yes with what value.
1845 */
pending_eir_or_class(struct hci_dev * hdev)1846 static bool pending_eir_or_class(struct hci_dev *hdev)
1847 {
1848 struct mgmt_pending_cmd *cmd;
1849
1850 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1851 switch (cmd->opcode) {
1852 case MGMT_OP_ADD_UUID:
1853 case MGMT_OP_REMOVE_UUID:
1854 case MGMT_OP_SET_DEV_CLASS:
1855 case MGMT_OP_SET_POWERED:
1856 return true;
1857 }
1858 }
1859
1860 return false;
1861 }
1862
1863 static const u8 bluetooth_base_uuid[] = {
1864 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1865 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1866 };
1867
get_uuid_size(const u8 * uuid)1868 static u8 get_uuid_size(const u8 *uuid)
1869 {
1870 u32 val;
1871
1872 if (memcmp(uuid, bluetooth_base_uuid, 12))
1873 return 128;
1874
1875 val = get_unaligned_le32(&uuid[12]);
1876 if (val > 0xffff)
1877 return 32;
1878
1879 return 16;
1880 }
1881
mgmt_class_complete(struct hci_dev * hdev,u16 mgmt_op,u8 status)1882 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1883 {
1884 struct mgmt_pending_cmd *cmd;
1885
1886 hci_dev_lock(hdev);
1887
1888 cmd = pending_find(mgmt_op, hdev);
1889 if (!cmd)
1890 goto unlock;
1891
1892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1893 mgmt_status(status), hdev->dev_class, 3);
1894
1895 mgmt_pending_remove(cmd);
1896
1897 unlock:
1898 hci_dev_unlock(hdev);
1899 }
1900
add_uuid_complete(struct hci_dev * hdev,u8 status,u16 opcode)1901 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1902 {
1903 BT_DBG("status 0x%02x", status);
1904
1905 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1906 }
1907
add_uuid(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1908 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1909 {
1910 struct mgmt_cp_add_uuid *cp = data;
1911 struct mgmt_pending_cmd *cmd;
1912 struct hci_request req;
1913 struct bt_uuid *uuid;
1914 int err;
1915
1916 BT_DBG("request for %s", hdev->name);
1917
1918 hci_dev_lock(hdev);
1919
1920 if (pending_eir_or_class(hdev)) {
1921 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1922 MGMT_STATUS_BUSY);
1923 goto failed;
1924 }
1925
1926 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1927 if (!uuid) {
1928 err = -ENOMEM;
1929 goto failed;
1930 }
1931
1932 memcpy(uuid->uuid, cp->uuid, 16);
1933 uuid->svc_hint = cp->svc_hint;
1934 uuid->size = get_uuid_size(cp->uuid);
1935
1936 list_add_tail(&uuid->list, &hdev->uuids);
1937
1938 hci_req_init(&req, hdev);
1939
1940 __hci_req_update_class(&req);
1941 __hci_req_update_eir(&req);
1942
1943 err = hci_req_run(&req, add_uuid_complete);
1944 if (err < 0) {
1945 if (err != -ENODATA)
1946 goto failed;
1947
1948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1949 hdev->dev_class, 3);
1950 goto failed;
1951 }
1952
1953 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1954 if (!cmd) {
1955 err = -ENOMEM;
1956 goto failed;
1957 }
1958
1959 err = 0;
1960
1961 failed:
1962 hci_dev_unlock(hdev);
1963 return err;
1964 }
1965
enable_service_cache(struct hci_dev * hdev)1966 static bool enable_service_cache(struct hci_dev *hdev)
1967 {
1968 if (!hdev_is_powered(hdev))
1969 return false;
1970
1971 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1972 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1973 CACHE_TIMEOUT);
1974 return true;
1975 }
1976
1977 return false;
1978 }
1979
remove_uuid_complete(struct hci_dev * hdev,u8 status,u16 opcode)1980 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1981 {
1982 BT_DBG("status 0x%02x", status);
1983
1984 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1985 }
1986
remove_uuid(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1987 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1988 u16 len)
1989 {
1990 struct mgmt_cp_remove_uuid *cp = data;
1991 struct mgmt_pending_cmd *cmd;
1992 struct bt_uuid *match, *tmp;
1993 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1994 struct hci_request req;
1995 int err, found;
1996
1997 BT_DBG("request for %s", hdev->name);
1998
1999 hci_dev_lock(hdev);
2000
2001 if (pending_eir_or_class(hdev)) {
2002 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2003 MGMT_STATUS_BUSY);
2004 goto unlock;
2005 }
2006
2007 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2008 hci_uuids_clear(hdev);
2009
2010 if (enable_service_cache(hdev)) {
2011 err = mgmt_cmd_complete(sk, hdev->id,
2012 MGMT_OP_REMOVE_UUID,
2013 0, hdev->dev_class, 3);
2014 goto unlock;
2015 }
2016
2017 goto update_class;
2018 }
2019
2020 found = 0;
2021
2022 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2023 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2024 continue;
2025
2026 list_del(&match->list);
2027 kfree(match);
2028 found++;
2029 }
2030
2031 if (found == 0) {
2032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2033 MGMT_STATUS_INVALID_PARAMS);
2034 goto unlock;
2035 }
2036
2037 update_class:
2038 hci_req_init(&req, hdev);
2039
2040 __hci_req_update_class(&req);
2041 __hci_req_update_eir(&req);
2042
2043 err = hci_req_run(&req, remove_uuid_complete);
2044 if (err < 0) {
2045 if (err != -ENODATA)
2046 goto unlock;
2047
2048 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2049 hdev->dev_class, 3);
2050 goto unlock;
2051 }
2052
2053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2054 if (!cmd) {
2055 err = -ENOMEM;
2056 goto unlock;
2057 }
2058
2059 err = 0;
2060
2061 unlock:
2062 hci_dev_unlock(hdev);
2063 return err;
2064 }
2065
set_class_complete(struct hci_dev * hdev,u8 status,u16 opcode)2066 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2067 {
2068 BT_DBG("status 0x%02x", status);
2069
2070 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2071 }
2072
set_dev_class(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2073 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2074 u16 len)
2075 {
2076 struct mgmt_cp_set_dev_class *cp = data;
2077 struct mgmt_pending_cmd *cmd;
2078 struct hci_request req;
2079 int err;
2080
2081 BT_DBG("request for %s", hdev->name);
2082
2083 if (!lmp_bredr_capable(hdev))
2084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 hci_dev_lock(hdev);
2088
2089 if (pending_eir_or_class(hdev)) {
2090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2091 MGMT_STATUS_BUSY);
2092 goto unlock;
2093 }
2094
2095 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2097 MGMT_STATUS_INVALID_PARAMS);
2098 goto unlock;
2099 }
2100
2101 hdev->major_class = cp->major;
2102 hdev->minor_class = cp->minor;
2103
2104 if (!hdev_is_powered(hdev)) {
2105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2106 hdev->dev_class, 3);
2107 goto unlock;
2108 }
2109
2110 hci_req_init(&req, hdev);
2111
2112 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2113 hci_dev_unlock(hdev);
2114 cancel_delayed_work_sync(&hdev->service_cache);
2115 hci_dev_lock(hdev);
2116 __hci_req_update_eir(&req);
2117 }
2118
2119 __hci_req_update_class(&req);
2120
2121 err = hci_req_run(&req, set_class_complete);
2122 if (err < 0) {
2123 if (err != -ENODATA)
2124 goto unlock;
2125
2126 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2127 hdev->dev_class, 3);
2128 goto unlock;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto unlock;
2135 }
2136
2137 err = 0;
2138
2139 unlock:
2140 hci_dev_unlock(hdev);
2141 return err;
2142 }
2143
load_link_keys(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2144 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2145 u16 len)
2146 {
2147 struct mgmt_cp_load_link_keys *cp = data;
2148 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2149 sizeof(struct mgmt_link_key_info));
2150 u16 key_count, expected_len;
2151 bool changed;
2152 int i;
2153
2154 BT_DBG("request for %s", hdev->name);
2155
2156 if (!lmp_bredr_capable(hdev))
2157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2159
2160 key_count = __le16_to_cpu(cp->key_count);
2161 if (key_count > max_key_count) {
2162 BT_ERR("load_link_keys: too big key_count value %u",
2163 key_count);
2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2165 MGMT_STATUS_INVALID_PARAMS);
2166 }
2167
2168 expected_len = sizeof(*cp) + key_count *
2169 sizeof(struct mgmt_link_key_info);
2170 if (expected_len != len) {
2171 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2172 expected_len, len);
2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
2175 }
2176
2177 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2179 MGMT_STATUS_INVALID_PARAMS);
2180
2181 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2182 key_count);
2183
2184 for (i = 0; i < key_count; i++) {
2185 struct mgmt_link_key_info *key = &cp->keys[i];
2186
2187 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2188 return mgmt_cmd_status(sk, hdev->id,
2189 MGMT_OP_LOAD_LINK_KEYS,
2190 MGMT_STATUS_INVALID_PARAMS);
2191 }
2192
2193 hci_dev_lock(hdev);
2194
2195 hci_link_keys_clear(hdev);
2196
2197 if (cp->debug_keys)
2198 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2199 else
2200 changed = hci_dev_test_and_clear_flag(hdev,
2201 HCI_KEEP_DEBUG_KEYS);
2202
2203 if (changed)
2204 new_settings(hdev, NULL);
2205
2206 for (i = 0; i < key_count; i++) {
2207 struct mgmt_link_key_info *key = &cp->keys[i];
2208
2209 /* Always ignore debug keys and require a new pairing if
2210 * the user wants to use them.
2211 */
2212 if (key->type == HCI_LK_DEBUG_COMBINATION)
2213 continue;
2214
2215 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2216 key->type, key->pin_len, NULL);
2217 }
2218
2219 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2220
2221 hci_dev_unlock(hdev);
2222
2223 return 0;
2224 }
2225
device_unpaired(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 addr_type,struct sock * skip_sk)2226 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2227 u8 addr_type, struct sock *skip_sk)
2228 {
2229 struct mgmt_ev_device_unpaired ev;
2230
2231 bacpy(&ev.addr.bdaddr, bdaddr);
2232 ev.addr.type = addr_type;
2233
2234 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2235 skip_sk);
2236 }
2237
unpair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2238 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2239 u16 len)
2240 {
2241 struct mgmt_cp_unpair_device *cp = data;
2242 struct mgmt_rp_unpair_device rp;
2243 struct hci_conn_params *params;
2244 struct mgmt_pending_cmd *cmd;
2245 struct hci_conn *conn;
2246 u8 addr_type;
2247 int err;
2248
2249 memset(&rp, 0, sizeof(rp));
2250 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2251 rp.addr.type = cp->addr.type;
2252
2253 if (!bdaddr_type_is_valid(cp->addr.type))
2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2256 &rp, sizeof(rp));
2257
2258 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2259 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2260 MGMT_STATUS_INVALID_PARAMS,
2261 &rp, sizeof(rp));
2262
2263 hci_dev_lock(hdev);
2264
2265 if (!hdev_is_powered(hdev)) {
2266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2267 MGMT_STATUS_NOT_POWERED, &rp,
2268 sizeof(rp));
2269 goto unlock;
2270 }
2271
2272 if (cp->addr.type == BDADDR_BREDR) {
2273 /* If disconnection is requested, then look up the
2274 * connection. If the remote device is connected, it
2275 * will be later used to terminate the link.
2276 *
2277 * Setting it to NULL explicitly will cause no
2278 * termination of the link.
2279 */
2280 if (cp->disconnect)
2281 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2282 &cp->addr.bdaddr);
2283 else
2284 conn = NULL;
2285
2286 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2287 if (err < 0) {
2288 err = mgmt_cmd_complete(sk, hdev->id,
2289 MGMT_OP_UNPAIR_DEVICE,
2290 MGMT_STATUS_NOT_PAIRED, &rp,
2291 sizeof(rp));
2292 goto unlock;
2293 }
2294
2295 goto done;
2296 }
2297
2298 /* LE address type */
2299 addr_type = le_addr_type(cp->addr.type);
2300
2301 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2302 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2303 if (err < 0) {
2304 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2305 MGMT_STATUS_NOT_PAIRED, &rp,
2306 sizeof(rp));
2307 goto unlock;
2308 }
2309
2310 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2311 if (!conn) {
2312 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2313 goto done;
2314 }
2315
2316
2317 /* Defer clearing up the connection parameters until closing to
2318 * give a chance of keeping them if a repairing happens.
2319 */
2320 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2321
2322 /* Disable auto-connection parameters if present */
2323 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2324 if (params) {
2325 if (params->explicit_connect)
2326 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2327 else
2328 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2329 }
2330
2331 /* If disconnection is not requested, then clear the connection
2332 * variable so that the link is not terminated.
2333 */
2334 if (!cp->disconnect)
2335 conn = NULL;
2336
2337 done:
2338 /* If the connection variable is set, then termination of the
2339 * link is requested.
2340 */
2341 if (!conn) {
2342 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2343 &rp, sizeof(rp));
2344 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2345 goto unlock;
2346 }
2347
2348 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2349 sizeof(*cp));
2350 if (!cmd) {
2351 err = -ENOMEM;
2352 goto unlock;
2353 }
2354
2355 cmd->cmd_complete = addr_cmd_complete;
2356
2357 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2358 if (err < 0)
2359 mgmt_pending_remove(cmd);
2360
2361 unlock:
2362 hci_dev_unlock(hdev);
2363 return err;
2364 }
2365
disconnect(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2366 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2367 u16 len)
2368 {
2369 struct mgmt_cp_disconnect *cp = data;
2370 struct mgmt_rp_disconnect rp;
2371 struct mgmt_pending_cmd *cmd;
2372 struct hci_conn *conn;
2373 int err;
2374
2375 BT_DBG("");
2376
2377 memset(&rp, 0, sizeof(rp));
2378 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2379 rp.addr.type = cp->addr.type;
2380
2381 if (!bdaddr_type_is_valid(cp->addr.type))
2382 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2383 MGMT_STATUS_INVALID_PARAMS,
2384 &rp, sizeof(rp));
2385
2386 hci_dev_lock(hdev);
2387
2388 if (!test_bit(HCI_UP, &hdev->flags)) {
2389 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2390 MGMT_STATUS_NOT_POWERED, &rp,
2391 sizeof(rp));
2392 goto failed;
2393 }
2394
2395 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2396 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2397 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2398 goto failed;
2399 }
2400
2401 if (cp->addr.type == BDADDR_BREDR)
2402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2403 &cp->addr.bdaddr);
2404 else
2405 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2406 le_addr_type(cp->addr.type));
2407
2408 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2410 MGMT_STATUS_NOT_CONNECTED, &rp,
2411 sizeof(rp));
2412 goto failed;
2413 }
2414
2415 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2416 if (!cmd) {
2417 err = -ENOMEM;
2418 goto failed;
2419 }
2420
2421 cmd->cmd_complete = generic_cmd_complete;
2422
2423 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2424 if (err < 0)
2425 mgmt_pending_remove(cmd);
2426
2427 failed:
2428 hci_dev_unlock(hdev);
2429 return err;
2430 }
2431
link_to_bdaddr(u8 link_type,u8 addr_type)2432 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2433 {
2434 switch (link_type) {
2435 case LE_LINK:
2436 switch (addr_type) {
2437 case ADDR_LE_DEV_PUBLIC:
2438 return BDADDR_LE_PUBLIC;
2439
2440 default:
2441 /* Fallback to LE Random address type */
2442 return BDADDR_LE_RANDOM;
2443 }
2444
2445 default:
2446 /* Fallback to BR/EDR type */
2447 return BDADDR_BREDR;
2448 }
2449 }
2450
get_connections(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)2451 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2452 u16 data_len)
2453 {
2454 struct mgmt_rp_get_connections *rp;
2455 struct hci_conn *c;
2456 size_t rp_len;
2457 int err;
2458 u16 i;
2459
2460 BT_DBG("");
2461
2462 hci_dev_lock(hdev);
2463
2464 if (!hdev_is_powered(hdev)) {
2465 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2466 MGMT_STATUS_NOT_POWERED);
2467 goto unlock;
2468 }
2469
2470 i = 0;
2471 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2472 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2473 i++;
2474 }
2475
2476 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2477 rp = kmalloc(rp_len, GFP_KERNEL);
2478 if (!rp) {
2479 err = -ENOMEM;
2480 goto unlock;
2481 }
2482
2483 i = 0;
2484 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2485 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2486 continue;
2487 bacpy(&rp->addr[i].bdaddr, &c->dst);
2488 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2489 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2490 continue;
2491 i++;
2492 }
2493
2494 rp->conn_count = cpu_to_le16(i);
2495
2496 /* Recalculate length in case of filtered SCO connections, etc */
2497 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2498
2499 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2500 rp_len);
2501
2502 kfree(rp);
2503
2504 unlock:
2505 hci_dev_unlock(hdev);
2506 return err;
2507 }
2508
send_pin_code_neg_reply(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_pin_code_neg_reply * cp)2509 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2510 struct mgmt_cp_pin_code_neg_reply *cp)
2511 {
2512 struct mgmt_pending_cmd *cmd;
2513 int err;
2514
2515 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2516 sizeof(*cp));
2517 if (!cmd)
2518 return -ENOMEM;
2519
2520 cmd->cmd_complete = addr_cmd_complete;
2521
2522 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2523 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2524 if (err < 0)
2525 mgmt_pending_remove(cmd);
2526
2527 return err;
2528 }
2529
pin_code_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2530 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2531 u16 len)
2532 {
2533 struct hci_conn *conn;
2534 struct mgmt_cp_pin_code_reply *cp = data;
2535 struct hci_cp_pin_code_reply reply;
2536 struct mgmt_pending_cmd *cmd;
2537 int err;
2538
2539 BT_DBG("");
2540
2541 hci_dev_lock(hdev);
2542
2543 if (!hdev_is_powered(hdev)) {
2544 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2545 MGMT_STATUS_NOT_POWERED);
2546 goto failed;
2547 }
2548
2549 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2550 if (!conn) {
2551 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2552 MGMT_STATUS_NOT_CONNECTED);
2553 goto failed;
2554 }
2555
2556 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2557 struct mgmt_cp_pin_code_neg_reply ncp;
2558
2559 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2560
2561 BT_ERR("PIN code is not 16 bytes long");
2562
2563 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2564 if (err >= 0)
2565 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2566 MGMT_STATUS_INVALID_PARAMS);
2567
2568 goto failed;
2569 }
2570
2571 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2572 if (!cmd) {
2573 err = -ENOMEM;
2574 goto failed;
2575 }
2576
2577 cmd->cmd_complete = addr_cmd_complete;
2578
2579 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2580 reply.pin_len = cp->pin_len;
2581 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2582
2583 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2584 if (err < 0)
2585 mgmt_pending_remove(cmd);
2586
2587 failed:
2588 hci_dev_unlock(hdev);
2589 return err;
2590 }
2591
set_io_capability(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2592 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2593 u16 len)
2594 {
2595 struct mgmt_cp_set_io_capability *cp = data;
2596
2597 BT_DBG("");
2598
2599 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2600 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2601 MGMT_STATUS_INVALID_PARAMS);
2602
2603 hci_dev_lock(hdev);
2604
2605 hdev->io_capability = cp->io_capability;
2606
2607 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2608 hdev->io_capability);
2609
2610 hci_dev_unlock(hdev);
2611
2612 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2613 NULL, 0);
2614 }
2615
find_pairing(struct hci_conn * conn)2616 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2617 {
2618 struct hci_dev *hdev = conn->hdev;
2619 struct mgmt_pending_cmd *cmd;
2620
2621 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2622 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2623 continue;
2624
2625 if (cmd->user_data != conn)
2626 continue;
2627
2628 return cmd;
2629 }
2630
2631 return NULL;
2632 }
2633
pairing_complete(struct mgmt_pending_cmd * cmd,u8 status)2634 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2635 {
2636 struct mgmt_rp_pair_device rp;
2637 struct hci_conn *conn = cmd->user_data;
2638 int err;
2639
2640 bacpy(&rp.addr.bdaddr, &conn->dst);
2641 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2642
2643 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2644 status, &rp, sizeof(rp));
2645
2646 /* So we don't get further callbacks for this connection */
2647 conn->connect_cfm_cb = NULL;
2648 conn->security_cfm_cb = NULL;
2649 conn->disconn_cfm_cb = NULL;
2650
2651 hci_conn_drop(conn);
2652
2653 /* The device is paired so there is no need to remove
2654 * its connection parameters anymore.
2655 */
2656 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2657
2658 hci_conn_put(conn);
2659
2660 return err;
2661 }
2662
mgmt_smp_complete(struct hci_conn * conn,bool complete)2663 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2664 {
2665 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2666 struct mgmt_pending_cmd *cmd;
2667
2668 cmd = find_pairing(conn);
2669 if (cmd) {
2670 cmd->cmd_complete(cmd, status);
2671 mgmt_pending_remove(cmd);
2672 }
2673 }
2674
pairing_complete_cb(struct hci_conn * conn,u8 status)2675 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2676 {
2677 struct mgmt_pending_cmd *cmd;
2678
2679 BT_DBG("status %u", status);
2680
2681 cmd = find_pairing(conn);
2682 if (!cmd) {
2683 BT_DBG("Unable to find a pending command");
2684 return;
2685 }
2686
2687 cmd->cmd_complete(cmd, mgmt_status(status));
2688 mgmt_pending_remove(cmd);
2689 }
2690
le_pairing_complete_cb(struct hci_conn * conn,u8 status)2691 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2692 {
2693 struct mgmt_pending_cmd *cmd;
2694
2695 BT_DBG("status %u", status);
2696
2697 if (!status)
2698 return;
2699
2700 cmd = find_pairing(conn);
2701 if (!cmd) {
2702 BT_DBG("Unable to find a pending command");
2703 return;
2704 }
2705
2706 cmd->cmd_complete(cmd, mgmt_status(status));
2707 mgmt_pending_remove(cmd);
2708 }
2709
pair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2710 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2711 u16 len)
2712 {
2713 struct mgmt_cp_pair_device *cp = data;
2714 struct mgmt_rp_pair_device rp;
2715 struct mgmt_pending_cmd *cmd;
2716 u8 sec_level, auth_type;
2717 struct hci_conn *conn;
2718 int err;
2719
2720 BT_DBG("");
2721
2722 memset(&rp, 0, sizeof(rp));
2723 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2724 rp.addr.type = cp->addr.type;
2725
2726 if (!bdaddr_type_is_valid(cp->addr.type))
2727 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2728 MGMT_STATUS_INVALID_PARAMS,
2729 &rp, sizeof(rp));
2730
2731 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2732 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2733 MGMT_STATUS_INVALID_PARAMS,
2734 &rp, sizeof(rp));
2735
2736 hci_dev_lock(hdev);
2737
2738 if (!hdev_is_powered(hdev)) {
2739 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2740 MGMT_STATUS_NOT_POWERED, &rp,
2741 sizeof(rp));
2742 goto unlock;
2743 }
2744
2745 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2747 MGMT_STATUS_ALREADY_PAIRED, &rp,
2748 sizeof(rp));
2749 goto unlock;
2750 }
2751
2752 sec_level = BT_SECURITY_MEDIUM;
2753 auth_type = HCI_AT_DEDICATED_BONDING;
2754
2755 if (cp->addr.type == BDADDR_BREDR) {
2756 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2757 auth_type);
2758 } else {
2759 u8 addr_type = le_addr_type(cp->addr.type);
2760 struct hci_conn_params *p;
2761
2762 /* When pairing a new device, it is expected to remember
2763 * this device for future connections. Adding the connection
2764 * parameter information ahead of time allows tracking
2765 * of the slave preferred values and will speed up any
2766 * further connection establishment.
2767 *
2768 * If connection parameters already exist, then they
2769 * will be kept and this function does nothing.
2770 */
2771 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2772
2773 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2774 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2775
2776 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2777 addr_type, sec_level,
2778 HCI_LE_CONN_TIMEOUT);
2779 }
2780
2781 if (IS_ERR(conn)) {
2782 int status;
2783
2784 if (PTR_ERR(conn) == -EBUSY)
2785 status = MGMT_STATUS_BUSY;
2786 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2787 status = MGMT_STATUS_NOT_SUPPORTED;
2788 else if (PTR_ERR(conn) == -ECONNREFUSED)
2789 status = MGMT_STATUS_REJECTED;
2790 else
2791 status = MGMT_STATUS_CONNECT_FAILED;
2792
2793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2794 status, &rp, sizeof(rp));
2795 goto unlock;
2796 }
2797
2798 if (conn->connect_cfm_cb) {
2799 hci_conn_drop(conn);
2800 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2801 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2802 goto unlock;
2803 }
2804
2805 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2806 if (!cmd) {
2807 err = -ENOMEM;
2808 hci_conn_drop(conn);
2809 goto unlock;
2810 }
2811
2812 cmd->cmd_complete = pairing_complete;
2813
2814 /* For LE, just connecting isn't a proof that the pairing finished */
2815 if (cp->addr.type == BDADDR_BREDR) {
2816 conn->connect_cfm_cb = pairing_complete_cb;
2817 conn->security_cfm_cb = pairing_complete_cb;
2818 conn->disconn_cfm_cb = pairing_complete_cb;
2819 } else {
2820 conn->connect_cfm_cb = le_pairing_complete_cb;
2821 conn->security_cfm_cb = le_pairing_complete_cb;
2822 conn->disconn_cfm_cb = le_pairing_complete_cb;
2823 }
2824
2825 conn->io_capability = cp->io_cap;
2826 cmd->user_data = hci_conn_get(conn);
2827
2828 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2829 hci_conn_security(conn, sec_level, auth_type, true)) {
2830 cmd->cmd_complete(cmd, 0);
2831 mgmt_pending_remove(cmd);
2832 }
2833
2834 err = 0;
2835
2836 unlock:
2837 hci_dev_unlock(hdev);
2838 return err;
2839 }
2840
cancel_pair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2841 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2842 u16 len)
2843 {
2844 struct mgmt_addr_info *addr = data;
2845 struct mgmt_pending_cmd *cmd;
2846 struct hci_conn *conn;
2847 int err;
2848
2849 BT_DBG("");
2850
2851 hci_dev_lock(hdev);
2852
2853 if (!hdev_is_powered(hdev)) {
2854 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2855 MGMT_STATUS_NOT_POWERED);
2856 goto unlock;
2857 }
2858
2859 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2860 if (!cmd) {
2861 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2862 MGMT_STATUS_INVALID_PARAMS);
2863 goto unlock;
2864 }
2865
2866 conn = cmd->user_data;
2867
2868 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2869 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2870 MGMT_STATUS_INVALID_PARAMS);
2871 goto unlock;
2872 }
2873
2874 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2875 mgmt_pending_remove(cmd);
2876
2877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2878 addr, sizeof(*addr));
2879 unlock:
2880 hci_dev_unlock(hdev);
2881 return err;
2882 }
2883
user_pairing_resp(struct sock * sk,struct hci_dev * hdev,struct mgmt_addr_info * addr,u16 mgmt_op,u16 hci_op,__le32 passkey)2884 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2885 struct mgmt_addr_info *addr, u16 mgmt_op,
2886 u16 hci_op, __le32 passkey)
2887 {
2888 struct mgmt_pending_cmd *cmd;
2889 struct hci_conn *conn;
2890 int err;
2891
2892 hci_dev_lock(hdev);
2893
2894 if (!hdev_is_powered(hdev)) {
2895 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2896 MGMT_STATUS_NOT_POWERED, addr,
2897 sizeof(*addr));
2898 goto done;
2899 }
2900
2901 if (addr->type == BDADDR_BREDR)
2902 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2903 else
2904 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2905 le_addr_type(addr->type));
2906
2907 if (!conn) {
2908 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2909 MGMT_STATUS_NOT_CONNECTED, addr,
2910 sizeof(*addr));
2911 goto done;
2912 }
2913
2914 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2915 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2916 if (!err)
2917 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2918 MGMT_STATUS_SUCCESS, addr,
2919 sizeof(*addr));
2920 else
2921 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2922 MGMT_STATUS_FAILED, addr,
2923 sizeof(*addr));
2924
2925 goto done;
2926 }
2927
2928 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2929 if (!cmd) {
2930 err = -ENOMEM;
2931 goto done;
2932 }
2933
2934 cmd->cmd_complete = addr_cmd_complete;
2935
2936 /* Continue with pairing via HCI */
2937 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2938 struct hci_cp_user_passkey_reply cp;
2939
2940 bacpy(&cp.bdaddr, &addr->bdaddr);
2941 cp.passkey = passkey;
2942 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2943 } else
2944 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2945 &addr->bdaddr);
2946
2947 if (err < 0)
2948 mgmt_pending_remove(cmd);
2949
2950 done:
2951 hci_dev_unlock(hdev);
2952 return err;
2953 }
2954
pin_code_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2955 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2956 void *data, u16 len)
2957 {
2958 struct mgmt_cp_pin_code_neg_reply *cp = data;
2959
2960 BT_DBG("");
2961
2962 return user_pairing_resp(sk, hdev, &cp->addr,
2963 MGMT_OP_PIN_CODE_NEG_REPLY,
2964 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2965 }
2966
user_confirm_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2967 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2968 u16 len)
2969 {
2970 struct mgmt_cp_user_confirm_reply *cp = data;
2971
2972 BT_DBG("");
2973
2974 if (len != sizeof(*cp))
2975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2976 MGMT_STATUS_INVALID_PARAMS);
2977
2978 return user_pairing_resp(sk, hdev, &cp->addr,
2979 MGMT_OP_USER_CONFIRM_REPLY,
2980 HCI_OP_USER_CONFIRM_REPLY, 0);
2981 }
2982
user_confirm_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2983 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2984 void *data, u16 len)
2985 {
2986 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2987
2988 BT_DBG("");
2989
2990 return user_pairing_resp(sk, hdev, &cp->addr,
2991 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2992 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2993 }
2994
user_passkey_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2995 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2996 u16 len)
2997 {
2998 struct mgmt_cp_user_passkey_reply *cp = data;
2999
3000 BT_DBG("");
3001
3002 return user_pairing_resp(sk, hdev, &cp->addr,
3003 MGMT_OP_USER_PASSKEY_REPLY,
3004 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3005 }
3006
user_passkey_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3007 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3008 void *data, u16 len)
3009 {
3010 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3011
3012 BT_DBG("");
3013
3014 return user_pairing_resp(sk, hdev, &cp->addr,
3015 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3016 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3017 }
3018
adv_expire(struct hci_dev * hdev,u32 flags)3019 static void adv_expire(struct hci_dev *hdev, u32 flags)
3020 {
3021 struct adv_info *adv_instance;
3022 struct hci_request req;
3023 int err;
3024
3025 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3026 if (!adv_instance)
3027 return;
3028
3029 /* stop if current instance doesn't need to be changed */
3030 if (!(adv_instance->flags & flags))
3031 return;
3032
3033 cancel_adv_timeout(hdev);
3034
3035 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3036 if (!adv_instance)
3037 return;
3038
3039 hci_req_init(&req, hdev);
3040 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3041 true);
3042 if (err)
3043 return;
3044
3045 hci_req_run(&req, NULL);
3046 }
3047
set_name_complete(struct hci_dev * hdev,u8 status,u16 opcode)3048 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3049 {
3050 struct mgmt_cp_set_local_name *cp;
3051 struct mgmt_pending_cmd *cmd;
3052
3053 BT_DBG("status 0x%02x", status);
3054
3055 hci_dev_lock(hdev);
3056
3057 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3058 if (!cmd)
3059 goto unlock;
3060
3061 cp = cmd->param;
3062
3063 if (status) {
3064 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3065 mgmt_status(status));
3066 } else {
3067 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3068 cp, sizeof(*cp));
3069
3070 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3071 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3072 }
3073
3074 mgmt_pending_remove(cmd);
3075
3076 unlock:
3077 hci_dev_unlock(hdev);
3078 }
3079
set_local_name(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3080 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3081 u16 len)
3082 {
3083 struct mgmt_cp_set_local_name *cp = data;
3084 struct mgmt_pending_cmd *cmd;
3085 struct hci_request req;
3086 int err;
3087
3088 BT_DBG("");
3089
3090 hci_dev_lock(hdev);
3091
3092 /* If the old values are the same as the new ones just return a
3093 * direct command complete event.
3094 */
3095 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3096 !memcmp(hdev->short_name, cp->short_name,
3097 sizeof(hdev->short_name))) {
3098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3099 data, len);
3100 goto failed;
3101 }
3102
3103 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3104
3105 if (!hdev_is_powered(hdev)) {
3106 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3107
3108 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3109 data, len);
3110 if (err < 0)
3111 goto failed;
3112
3113 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3114 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3115 ext_info_changed(hdev, sk);
3116
3117 goto failed;
3118 }
3119
3120 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3121 if (!cmd) {
3122 err = -ENOMEM;
3123 goto failed;
3124 }
3125
3126 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3127
3128 hci_req_init(&req, hdev);
3129
3130 if (lmp_bredr_capable(hdev)) {
3131 __hci_req_update_name(&req);
3132 __hci_req_update_eir(&req);
3133 }
3134
3135 /* The name is stored in the scan response data and so
3136 * no need to udpate the advertising data here.
3137 */
3138 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3139 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3140
3141 err = hci_req_run(&req, set_name_complete);
3142 if (err < 0)
3143 mgmt_pending_remove(cmd);
3144
3145 failed:
3146 hci_dev_unlock(hdev);
3147 return err;
3148 }
3149
set_appearance(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3150 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3151 u16 len)
3152 {
3153 struct mgmt_cp_set_appearance *cp = data;
3154 u16 apperance;
3155 int err;
3156
3157 BT_DBG("");
3158
3159 if (!lmp_le_capable(hdev))
3160 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3161 MGMT_STATUS_NOT_SUPPORTED);
3162
3163 apperance = le16_to_cpu(cp->appearance);
3164
3165 hci_dev_lock(hdev);
3166
3167 if (hdev->appearance != apperance) {
3168 hdev->appearance = apperance;
3169
3170 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3171 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3172
3173 ext_info_changed(hdev, sk);
3174 }
3175
3176 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3177 0);
3178
3179 hci_dev_unlock(hdev);
3180
3181 return err;
3182 }
3183
read_local_oob_data_complete(struct hci_dev * hdev,u8 status,u16 opcode,struct sk_buff * skb)3184 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3185 u16 opcode, struct sk_buff *skb)
3186 {
3187 struct mgmt_rp_read_local_oob_data mgmt_rp;
3188 size_t rp_size = sizeof(mgmt_rp);
3189 struct mgmt_pending_cmd *cmd;
3190
3191 BT_DBG("%s status %u", hdev->name, status);
3192
3193 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3194 if (!cmd)
3195 return;
3196
3197 if (status || !skb) {
3198 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3199 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3200 goto remove;
3201 }
3202
3203 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3204
3205 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3206 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3207
3208 if (skb->len < sizeof(*rp)) {
3209 mgmt_cmd_status(cmd->sk, hdev->id,
3210 MGMT_OP_READ_LOCAL_OOB_DATA,
3211 MGMT_STATUS_FAILED);
3212 goto remove;
3213 }
3214
3215 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3216 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3217
3218 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3219 } else {
3220 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3221
3222 if (skb->len < sizeof(*rp)) {
3223 mgmt_cmd_status(cmd->sk, hdev->id,
3224 MGMT_OP_READ_LOCAL_OOB_DATA,
3225 MGMT_STATUS_FAILED);
3226 goto remove;
3227 }
3228
3229 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3230 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3231
3232 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3233 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3234 }
3235
3236 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3237 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3238
3239 remove:
3240 mgmt_pending_remove(cmd);
3241 }
3242
read_local_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)3243 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3244 void *data, u16 data_len)
3245 {
3246 struct mgmt_pending_cmd *cmd;
3247 struct hci_request req;
3248 int err;
3249
3250 BT_DBG("%s", hdev->name);
3251
3252 hci_dev_lock(hdev);
3253
3254 if (!hdev_is_powered(hdev)) {
3255 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3256 MGMT_STATUS_NOT_POWERED);
3257 goto unlock;
3258 }
3259
3260 if (!lmp_ssp_capable(hdev)) {
3261 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3262 MGMT_STATUS_NOT_SUPPORTED);
3263 goto unlock;
3264 }
3265
3266 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3267 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3268 MGMT_STATUS_BUSY);
3269 goto unlock;
3270 }
3271
3272 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3273 if (!cmd) {
3274 err = -ENOMEM;
3275 goto unlock;
3276 }
3277
3278 hci_req_init(&req, hdev);
3279
3280 if (bredr_sc_enabled(hdev))
3281 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3282 else
3283 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3284
3285 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3286 if (err < 0)
3287 mgmt_pending_remove(cmd);
3288
3289 unlock:
3290 hci_dev_unlock(hdev);
3291 return err;
3292 }
3293
add_remote_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3294 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3295 void *data, u16 len)
3296 {
3297 struct mgmt_addr_info *addr = data;
3298 int err;
3299
3300 BT_DBG("%s ", hdev->name);
3301
3302 if (!bdaddr_type_is_valid(addr->type))
3303 return mgmt_cmd_complete(sk, hdev->id,
3304 MGMT_OP_ADD_REMOTE_OOB_DATA,
3305 MGMT_STATUS_INVALID_PARAMS,
3306 addr, sizeof(*addr));
3307
3308 hci_dev_lock(hdev);
3309
3310 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3311 struct mgmt_cp_add_remote_oob_data *cp = data;
3312 u8 status;
3313
3314 if (cp->addr.type != BDADDR_BREDR) {
3315 err = mgmt_cmd_complete(sk, hdev->id,
3316 MGMT_OP_ADD_REMOTE_OOB_DATA,
3317 MGMT_STATUS_INVALID_PARAMS,
3318 &cp->addr, sizeof(cp->addr));
3319 goto unlock;
3320 }
3321
3322 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3323 cp->addr.type, cp->hash,
3324 cp->rand, NULL, NULL);
3325 if (err < 0)
3326 status = MGMT_STATUS_FAILED;
3327 else
3328 status = MGMT_STATUS_SUCCESS;
3329
3330 err = mgmt_cmd_complete(sk, hdev->id,
3331 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3332 &cp->addr, sizeof(cp->addr));
3333 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3334 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3335 u8 *rand192, *hash192, *rand256, *hash256;
3336 u8 status;
3337
3338 if (bdaddr_type_is_le(cp->addr.type)) {
3339 /* Enforce zero-valued 192-bit parameters as
3340 * long as legacy SMP OOB isn't implemented.
3341 */
3342 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3343 memcmp(cp->hash192, ZERO_KEY, 16)) {
3344 err = mgmt_cmd_complete(sk, hdev->id,
3345 MGMT_OP_ADD_REMOTE_OOB_DATA,
3346 MGMT_STATUS_INVALID_PARAMS,
3347 addr, sizeof(*addr));
3348 goto unlock;
3349 }
3350
3351 rand192 = NULL;
3352 hash192 = NULL;
3353 } else {
3354 /* In case one of the P-192 values is set to zero,
3355 * then just disable OOB data for P-192.
3356 */
3357 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3358 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3359 rand192 = NULL;
3360 hash192 = NULL;
3361 } else {
3362 rand192 = cp->rand192;
3363 hash192 = cp->hash192;
3364 }
3365 }
3366
3367 /* In case one of the P-256 values is set to zero, then just
3368 * disable OOB data for P-256.
3369 */
3370 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3371 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3372 rand256 = NULL;
3373 hash256 = NULL;
3374 } else {
3375 rand256 = cp->rand256;
3376 hash256 = cp->hash256;
3377 }
3378
3379 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3380 cp->addr.type, hash192, rand192,
3381 hash256, rand256);
3382 if (err < 0)
3383 status = MGMT_STATUS_FAILED;
3384 else
3385 status = MGMT_STATUS_SUCCESS;
3386
3387 err = mgmt_cmd_complete(sk, hdev->id,
3388 MGMT_OP_ADD_REMOTE_OOB_DATA,
3389 status, &cp->addr, sizeof(cp->addr));
3390 } else {
3391 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3392 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3393 MGMT_STATUS_INVALID_PARAMS);
3394 }
3395
3396 unlock:
3397 hci_dev_unlock(hdev);
3398 return err;
3399 }
3400
remove_remote_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3401 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3402 void *data, u16 len)
3403 {
3404 struct mgmt_cp_remove_remote_oob_data *cp = data;
3405 u8 status;
3406 int err;
3407
3408 BT_DBG("%s", hdev->name);
3409
3410 if (cp->addr.type != BDADDR_BREDR)
3411 return mgmt_cmd_complete(sk, hdev->id,
3412 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3413 MGMT_STATUS_INVALID_PARAMS,
3414 &cp->addr, sizeof(cp->addr));
3415
3416 hci_dev_lock(hdev);
3417
3418 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3419 hci_remote_oob_data_clear(hdev);
3420 status = MGMT_STATUS_SUCCESS;
3421 goto done;
3422 }
3423
3424 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3425 if (err < 0)
3426 status = MGMT_STATUS_INVALID_PARAMS;
3427 else
3428 status = MGMT_STATUS_SUCCESS;
3429
3430 done:
3431 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3432 status, &cp->addr, sizeof(cp->addr));
3433
3434 hci_dev_unlock(hdev);
3435 return err;
3436 }
3437
mgmt_start_discovery_complete(struct hci_dev * hdev,u8 status)3438 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3439 {
3440 struct mgmt_pending_cmd *cmd;
3441
3442 BT_DBG("status %d", status);
3443
3444 hci_dev_lock(hdev);
3445
3446 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3447 if (!cmd)
3448 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3449
3450 if (!cmd)
3451 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3452
3453 if (cmd) {
3454 cmd->cmd_complete(cmd, mgmt_status(status));
3455 mgmt_pending_remove(cmd);
3456 }
3457
3458 hci_dev_unlock(hdev);
3459 }
3460
discovery_type_is_valid(struct hci_dev * hdev,uint8_t type,uint8_t * mgmt_status)3461 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3462 uint8_t *mgmt_status)
3463 {
3464 switch (type) {
3465 case DISCOV_TYPE_LE:
3466 *mgmt_status = mgmt_le_support(hdev);
3467 if (*mgmt_status)
3468 return false;
3469 break;
3470 case DISCOV_TYPE_INTERLEAVED:
3471 *mgmt_status = mgmt_le_support(hdev);
3472 if (*mgmt_status)
3473 return false;
3474 /* Intentional fall-through */
3475 case DISCOV_TYPE_BREDR:
3476 *mgmt_status = mgmt_bredr_support(hdev);
3477 if (*mgmt_status)
3478 return false;
3479 break;
3480 default:
3481 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3482 return false;
3483 }
3484
3485 return true;
3486 }
3487
start_discovery_internal(struct sock * sk,struct hci_dev * hdev,u16 op,void * data,u16 len)3488 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3489 u16 op, void *data, u16 len)
3490 {
3491 struct mgmt_cp_start_discovery *cp = data;
3492 struct mgmt_pending_cmd *cmd;
3493 u8 status;
3494 int err;
3495
3496 BT_DBG("%s", hdev->name);
3497
3498 hci_dev_lock(hdev);
3499
3500 if (!hdev_is_powered(hdev)) {
3501 err = mgmt_cmd_complete(sk, hdev->id, op,
3502 MGMT_STATUS_NOT_POWERED,
3503 &cp->type, sizeof(cp->type));
3504 goto failed;
3505 }
3506
3507 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3508 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3509 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3510 &cp->type, sizeof(cp->type));
3511 goto failed;
3512 }
3513
3514 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3515 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3516 &cp->type, sizeof(cp->type));
3517 goto failed;
3518 }
3519
3520 /* Clear the discovery filter first to free any previously
3521 * allocated memory for the UUID list.
3522 */
3523 hci_discovery_filter_clear(hdev);
3524
3525 hdev->discovery.type = cp->type;
3526 hdev->discovery.report_invalid_rssi = false;
3527 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3528 hdev->discovery.limited = true;
3529 else
3530 hdev->discovery.limited = false;
3531
3532 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3533 if (!cmd) {
3534 err = -ENOMEM;
3535 goto failed;
3536 }
3537
3538 cmd->cmd_complete = generic_cmd_complete;
3539
3540 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3541 queue_work(hdev->req_workqueue, &hdev->discov_update);
3542 err = 0;
3543
3544 failed:
3545 hci_dev_unlock(hdev);
3546 return err;
3547 }
3548
start_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3549 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3550 void *data, u16 len)
3551 {
3552 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3553 data, len);
3554 }
3555
start_limited_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3556 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3557 void *data, u16 len)
3558 {
3559 return start_discovery_internal(sk, hdev,
3560 MGMT_OP_START_LIMITED_DISCOVERY,
3561 data, len);
3562 }
3563
service_discovery_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)3564 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3565 u8 status)
3566 {
3567 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3568 cmd->param, 1);
3569 }
3570
start_service_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3571 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3572 void *data, u16 len)
3573 {
3574 struct mgmt_cp_start_service_discovery *cp = data;
3575 struct mgmt_pending_cmd *cmd;
3576 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3577 u16 uuid_count, expected_len;
3578 u8 status;
3579 int err;
3580
3581 BT_DBG("%s", hdev->name);
3582
3583 hci_dev_lock(hdev);
3584
3585 if (!hdev_is_powered(hdev)) {
3586 err = mgmt_cmd_complete(sk, hdev->id,
3587 MGMT_OP_START_SERVICE_DISCOVERY,
3588 MGMT_STATUS_NOT_POWERED,
3589 &cp->type, sizeof(cp->type));
3590 goto failed;
3591 }
3592
3593 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3594 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3595 err = mgmt_cmd_complete(sk, hdev->id,
3596 MGMT_OP_START_SERVICE_DISCOVERY,
3597 MGMT_STATUS_BUSY, &cp->type,
3598 sizeof(cp->type));
3599 goto failed;
3600 }
3601
3602 uuid_count = __le16_to_cpu(cp->uuid_count);
3603 if (uuid_count > max_uuid_count) {
3604 BT_ERR("service_discovery: too big uuid_count value %u",
3605 uuid_count);
3606 err = mgmt_cmd_complete(sk, hdev->id,
3607 MGMT_OP_START_SERVICE_DISCOVERY,
3608 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3609 sizeof(cp->type));
3610 goto failed;
3611 }
3612
3613 expected_len = sizeof(*cp) + uuid_count * 16;
3614 if (expected_len != len) {
3615 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3616 expected_len, len);
3617 err = mgmt_cmd_complete(sk, hdev->id,
3618 MGMT_OP_START_SERVICE_DISCOVERY,
3619 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3620 sizeof(cp->type));
3621 goto failed;
3622 }
3623
3624 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3625 err = mgmt_cmd_complete(sk, hdev->id,
3626 MGMT_OP_START_SERVICE_DISCOVERY,
3627 status, &cp->type, sizeof(cp->type));
3628 goto failed;
3629 }
3630
3631 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3632 hdev, data, len);
3633 if (!cmd) {
3634 err = -ENOMEM;
3635 goto failed;
3636 }
3637
3638 cmd->cmd_complete = service_discovery_cmd_complete;
3639
3640 /* Clear the discovery filter first to free any previously
3641 * allocated memory for the UUID list.
3642 */
3643 hci_discovery_filter_clear(hdev);
3644
3645 hdev->discovery.result_filtering = true;
3646 hdev->discovery.type = cp->type;
3647 hdev->discovery.rssi = cp->rssi;
3648 hdev->discovery.uuid_count = uuid_count;
3649
3650 if (uuid_count > 0) {
3651 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3652 GFP_KERNEL);
3653 if (!hdev->discovery.uuids) {
3654 err = mgmt_cmd_complete(sk, hdev->id,
3655 MGMT_OP_START_SERVICE_DISCOVERY,
3656 MGMT_STATUS_FAILED,
3657 &cp->type, sizeof(cp->type));
3658 mgmt_pending_remove(cmd);
3659 goto failed;
3660 }
3661 }
3662
3663 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3664 queue_work(hdev->req_workqueue, &hdev->discov_update);
3665 err = 0;
3666
3667 failed:
3668 hci_dev_unlock(hdev);
3669 return err;
3670 }
3671
mgmt_stop_discovery_complete(struct hci_dev * hdev,u8 status)3672 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3673 {
3674 struct mgmt_pending_cmd *cmd;
3675
3676 BT_DBG("status %d", status);
3677
3678 hci_dev_lock(hdev);
3679
3680 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3681 if (cmd) {
3682 cmd->cmd_complete(cmd, mgmt_status(status));
3683 mgmt_pending_remove(cmd);
3684 }
3685
3686 hci_dev_unlock(hdev);
3687 }
3688
stop_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3689 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3690 u16 len)
3691 {
3692 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3693 struct mgmt_pending_cmd *cmd;
3694 int err;
3695
3696 BT_DBG("%s", hdev->name);
3697
3698 hci_dev_lock(hdev);
3699
3700 if (!hci_discovery_active(hdev)) {
3701 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3702 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3703 sizeof(mgmt_cp->type));
3704 goto unlock;
3705 }
3706
3707 if (hdev->discovery.type != mgmt_cp->type) {
3708 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3709 MGMT_STATUS_INVALID_PARAMS,
3710 &mgmt_cp->type, sizeof(mgmt_cp->type));
3711 goto unlock;
3712 }
3713
3714 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3715 if (!cmd) {
3716 err = -ENOMEM;
3717 goto unlock;
3718 }
3719
3720 cmd->cmd_complete = generic_cmd_complete;
3721
3722 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3723 queue_work(hdev->req_workqueue, &hdev->discov_update);
3724 err = 0;
3725
3726 unlock:
3727 hci_dev_unlock(hdev);
3728 return err;
3729 }
3730
confirm_name(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3731 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3732 u16 len)
3733 {
3734 struct mgmt_cp_confirm_name *cp = data;
3735 struct inquiry_entry *e;
3736 int err;
3737
3738 BT_DBG("%s", hdev->name);
3739
3740 hci_dev_lock(hdev);
3741
3742 if (!hci_discovery_active(hdev)) {
3743 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3744 MGMT_STATUS_FAILED, &cp->addr,
3745 sizeof(cp->addr));
3746 goto failed;
3747 }
3748
3749 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3750 if (!e) {
3751 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3752 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3753 sizeof(cp->addr));
3754 goto failed;
3755 }
3756
3757 if (cp->name_known) {
3758 e->name_state = NAME_KNOWN;
3759 list_del(&e->list);
3760 } else {
3761 e->name_state = NAME_NEEDED;
3762 hci_inquiry_cache_update_resolve(hdev, e);
3763 }
3764
3765 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3766 &cp->addr, sizeof(cp->addr));
3767
3768 failed:
3769 hci_dev_unlock(hdev);
3770 return err;
3771 }
3772
block_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3773 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3774 u16 len)
3775 {
3776 struct mgmt_cp_block_device *cp = data;
3777 u8 status;
3778 int err;
3779
3780 BT_DBG("%s", hdev->name);
3781
3782 if (!bdaddr_type_is_valid(cp->addr.type))
3783 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3784 MGMT_STATUS_INVALID_PARAMS,
3785 &cp->addr, sizeof(cp->addr));
3786
3787 hci_dev_lock(hdev);
3788
3789 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3790 cp->addr.type);
3791 if (err < 0) {
3792 status = MGMT_STATUS_FAILED;
3793 goto done;
3794 }
3795
3796 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3797 sk);
3798 status = MGMT_STATUS_SUCCESS;
3799
3800 done:
3801 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3802 &cp->addr, sizeof(cp->addr));
3803
3804 hci_dev_unlock(hdev);
3805
3806 return err;
3807 }
3808
unblock_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3809 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3810 u16 len)
3811 {
3812 struct mgmt_cp_unblock_device *cp = data;
3813 u8 status;
3814 int err;
3815
3816 BT_DBG("%s", hdev->name);
3817
3818 if (!bdaddr_type_is_valid(cp->addr.type))
3819 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3820 MGMT_STATUS_INVALID_PARAMS,
3821 &cp->addr, sizeof(cp->addr));
3822
3823 hci_dev_lock(hdev);
3824
3825 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3826 cp->addr.type);
3827 if (err < 0) {
3828 status = MGMT_STATUS_INVALID_PARAMS;
3829 goto done;
3830 }
3831
3832 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3833 sk);
3834 status = MGMT_STATUS_SUCCESS;
3835
3836 done:
3837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3838 &cp->addr, sizeof(cp->addr));
3839
3840 hci_dev_unlock(hdev);
3841
3842 return err;
3843 }
3844
set_device_id(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3845 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3846 u16 len)
3847 {
3848 struct mgmt_cp_set_device_id *cp = data;
3849 struct hci_request req;
3850 int err;
3851 __u16 source;
3852
3853 BT_DBG("%s", hdev->name);
3854
3855 source = __le16_to_cpu(cp->source);
3856
3857 if (source > 0x0002)
3858 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3859 MGMT_STATUS_INVALID_PARAMS);
3860
3861 hci_dev_lock(hdev);
3862
3863 hdev->devid_source = source;
3864 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3865 hdev->devid_product = __le16_to_cpu(cp->product);
3866 hdev->devid_version = __le16_to_cpu(cp->version);
3867
3868 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3869 NULL, 0);
3870
3871 hci_req_init(&req, hdev);
3872 __hci_req_update_eir(&req);
3873 hci_req_run(&req, NULL);
3874
3875 hci_dev_unlock(hdev);
3876
3877 return err;
3878 }
3879
enable_advertising_instance(struct hci_dev * hdev,u8 status,u16 opcode)3880 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3881 u16 opcode)
3882 {
3883 BT_DBG("status %d", status);
3884 }
3885
set_advertising_complete(struct hci_dev * hdev,u8 status,u16 opcode)3886 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3887 u16 opcode)
3888 {
3889 struct cmd_lookup match = { NULL, hdev };
3890 struct hci_request req;
3891 u8 instance;
3892 struct adv_info *adv_instance;
3893 int err;
3894
3895 hci_dev_lock(hdev);
3896
3897 if (status) {
3898 u8 mgmt_err = mgmt_status(status);
3899
3900 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3901 cmd_status_rsp, &mgmt_err);
3902 goto unlock;
3903 }
3904
3905 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3906 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3907 else
3908 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3909
3910 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3911 &match);
3912
3913 new_settings(hdev, match.sk);
3914
3915 if (match.sk)
3916 sock_put(match.sk);
3917
3918 /* If "Set Advertising" was just disabled and instance advertising was
3919 * set up earlier, then re-enable multi-instance advertising.
3920 */
3921 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3922 list_empty(&hdev->adv_instances))
3923 goto unlock;
3924
3925 instance = hdev->cur_adv_instance;
3926 if (!instance) {
3927 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3928 struct adv_info, list);
3929 if (!adv_instance)
3930 goto unlock;
3931
3932 instance = adv_instance->instance;
3933 }
3934
3935 hci_req_init(&req, hdev);
3936
3937 err = __hci_req_schedule_adv_instance(&req, instance, true);
3938
3939 if (!err)
3940 err = hci_req_run(&req, enable_advertising_instance);
3941
3942 if (err)
3943 BT_ERR("Failed to re-configure advertising");
3944
3945 unlock:
3946 hci_dev_unlock(hdev);
3947 }
3948
set_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3949 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3950 u16 len)
3951 {
3952 struct mgmt_mode *cp = data;
3953 struct mgmt_pending_cmd *cmd;
3954 struct hci_request req;
3955 u8 val, status;
3956 int err;
3957
3958 BT_DBG("request for %s", hdev->name);
3959
3960 status = mgmt_le_support(hdev);
3961 if (status)
3962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3963 status);
3964
3965 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3967 MGMT_STATUS_INVALID_PARAMS);
3968
3969 hci_dev_lock(hdev);
3970
3971 val = !!cp->val;
3972
3973 /* The following conditions are ones which mean that we should
3974 * not do any HCI communication but directly send a mgmt
3975 * response to user space (after toggling the flag if
3976 * necessary).
3977 */
3978 if (!hdev_is_powered(hdev) ||
3979 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3980 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3981 hci_conn_num(hdev, LE_LINK) > 0 ||
3982 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3983 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3984 bool changed;
3985
3986 if (cp->val) {
3987 hdev->cur_adv_instance = 0x00;
3988 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3989 if (cp->val == 0x02)
3990 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3991 else
3992 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3993 } else {
3994 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3995 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3996 }
3997
3998 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3999 if (err < 0)
4000 goto unlock;
4001
4002 if (changed)
4003 err = new_settings(hdev, sk);
4004
4005 goto unlock;
4006 }
4007
4008 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4009 pending_find(MGMT_OP_SET_LE, hdev)) {
4010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4011 MGMT_STATUS_BUSY);
4012 goto unlock;
4013 }
4014
4015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4016 if (!cmd) {
4017 err = -ENOMEM;
4018 goto unlock;
4019 }
4020
4021 hci_req_init(&req, hdev);
4022
4023 if (cp->val == 0x02)
4024 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4025 else
4026 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4027
4028 cancel_adv_timeout(hdev);
4029
4030 if (val) {
4031 /* Switch to instance "0" for the Set Advertising setting.
4032 * We cannot use update_[adv|scan_rsp]_data() here as the
4033 * HCI_ADVERTISING flag is not yet set.
4034 */
4035 hdev->cur_adv_instance = 0x00;
4036 __hci_req_update_adv_data(&req, 0x00);
4037 __hci_req_update_scan_rsp_data(&req, 0x00);
4038 __hci_req_enable_advertising(&req);
4039 } else {
4040 __hci_req_disable_advertising(&req);
4041 }
4042
4043 err = hci_req_run(&req, set_advertising_complete);
4044 if (err < 0)
4045 mgmt_pending_remove(cmd);
4046
4047 unlock:
4048 hci_dev_unlock(hdev);
4049 return err;
4050 }
4051
set_static_address(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4052 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4053 void *data, u16 len)
4054 {
4055 struct mgmt_cp_set_static_address *cp = data;
4056 int err;
4057
4058 BT_DBG("%s", hdev->name);
4059
4060 if (!lmp_le_capable(hdev))
4061 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4062 MGMT_STATUS_NOT_SUPPORTED);
4063
4064 if (hdev_is_powered(hdev))
4065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4066 MGMT_STATUS_REJECTED);
4067
4068 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4069 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4070 return mgmt_cmd_status(sk, hdev->id,
4071 MGMT_OP_SET_STATIC_ADDRESS,
4072 MGMT_STATUS_INVALID_PARAMS);
4073
4074 /* Two most significant bits shall be set */
4075 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4076 return mgmt_cmd_status(sk, hdev->id,
4077 MGMT_OP_SET_STATIC_ADDRESS,
4078 MGMT_STATUS_INVALID_PARAMS);
4079 }
4080
4081 hci_dev_lock(hdev);
4082
4083 bacpy(&hdev->static_addr, &cp->bdaddr);
4084
4085 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4086 if (err < 0)
4087 goto unlock;
4088
4089 err = new_settings(hdev, sk);
4090
4091 unlock:
4092 hci_dev_unlock(hdev);
4093 return err;
4094 }
4095
set_scan_params(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4096 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4097 void *data, u16 len)
4098 {
4099 struct mgmt_cp_set_scan_params *cp = data;
4100 __u16 interval, window;
4101 int err;
4102
4103 BT_DBG("%s", hdev->name);
4104
4105 if (!lmp_le_capable(hdev))
4106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4107 MGMT_STATUS_NOT_SUPPORTED);
4108
4109 interval = __le16_to_cpu(cp->interval);
4110
4111 if (interval < 0x0004 || interval > 0x4000)
4112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4113 MGMT_STATUS_INVALID_PARAMS);
4114
4115 window = __le16_to_cpu(cp->window);
4116
4117 if (window < 0x0004 || window > 0x4000)
4118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4119 MGMT_STATUS_INVALID_PARAMS);
4120
4121 if (window > interval)
4122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4123 MGMT_STATUS_INVALID_PARAMS);
4124
4125 hci_dev_lock(hdev);
4126
4127 hdev->le_scan_interval = interval;
4128 hdev->le_scan_window = window;
4129
4130 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4131 NULL, 0);
4132
4133 /* If background scan is running, restart it so new parameters are
4134 * loaded.
4135 */
4136 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4137 hdev->discovery.state == DISCOVERY_STOPPED) {
4138 struct hci_request req;
4139
4140 hci_req_init(&req, hdev);
4141
4142 hci_req_add_le_scan_disable(&req);
4143 hci_req_add_le_passive_scan(&req);
4144
4145 hci_req_run(&req, NULL);
4146 }
4147
4148 hci_dev_unlock(hdev);
4149
4150 return err;
4151 }
4152
fast_connectable_complete(struct hci_dev * hdev,u8 status,u16 opcode)4153 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4154 u16 opcode)
4155 {
4156 struct mgmt_pending_cmd *cmd;
4157
4158 BT_DBG("status 0x%02x", status);
4159
4160 hci_dev_lock(hdev);
4161
4162 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4163 if (!cmd)
4164 goto unlock;
4165
4166 if (status) {
4167 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4168 mgmt_status(status));
4169 } else {
4170 struct mgmt_mode *cp = cmd->param;
4171
4172 if (cp->val)
4173 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4174 else
4175 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4176
4177 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4178 new_settings(hdev, cmd->sk);
4179 }
4180
4181 mgmt_pending_remove(cmd);
4182
4183 unlock:
4184 hci_dev_unlock(hdev);
4185 }
4186
set_fast_connectable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4187 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4188 void *data, u16 len)
4189 {
4190 struct mgmt_mode *cp = data;
4191 struct mgmt_pending_cmd *cmd;
4192 struct hci_request req;
4193 int err;
4194
4195 BT_DBG("%s", hdev->name);
4196
4197 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4198 hdev->hci_ver < BLUETOOTH_VER_1_2)
4199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4200 MGMT_STATUS_NOT_SUPPORTED);
4201
4202 if (cp->val != 0x00 && cp->val != 0x01)
4203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4204 MGMT_STATUS_INVALID_PARAMS);
4205
4206 hci_dev_lock(hdev);
4207
4208 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4210 MGMT_STATUS_BUSY);
4211 goto unlock;
4212 }
4213
4214 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4215 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4216 hdev);
4217 goto unlock;
4218 }
4219
4220 if (!hdev_is_powered(hdev)) {
4221 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4222 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4223 hdev);
4224 new_settings(hdev, sk);
4225 goto unlock;
4226 }
4227
4228 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4229 data, len);
4230 if (!cmd) {
4231 err = -ENOMEM;
4232 goto unlock;
4233 }
4234
4235 hci_req_init(&req, hdev);
4236
4237 __hci_req_write_fast_connectable(&req, cp->val);
4238
4239 err = hci_req_run(&req, fast_connectable_complete);
4240 if (err < 0) {
4241 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4242 MGMT_STATUS_FAILED);
4243 mgmt_pending_remove(cmd);
4244 }
4245
4246 unlock:
4247 hci_dev_unlock(hdev);
4248
4249 return err;
4250 }
4251
set_bredr_complete(struct hci_dev * hdev,u8 status,u16 opcode)4252 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4253 {
4254 struct mgmt_pending_cmd *cmd;
4255
4256 BT_DBG("status 0x%02x", status);
4257
4258 hci_dev_lock(hdev);
4259
4260 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4261 if (!cmd)
4262 goto unlock;
4263
4264 if (status) {
4265 u8 mgmt_err = mgmt_status(status);
4266
4267 /* We need to restore the flag if related HCI commands
4268 * failed.
4269 */
4270 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4271
4272 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4273 } else {
4274 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4275 new_settings(hdev, cmd->sk);
4276 }
4277
4278 mgmt_pending_remove(cmd);
4279
4280 unlock:
4281 hci_dev_unlock(hdev);
4282 }
4283
set_bredr(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4284 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4285 {
4286 struct mgmt_mode *cp = data;
4287 struct mgmt_pending_cmd *cmd;
4288 struct hci_request req;
4289 int err;
4290
4291 BT_DBG("request for %s", hdev->name);
4292
4293 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4294 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4295 MGMT_STATUS_NOT_SUPPORTED);
4296
4297 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4299 MGMT_STATUS_REJECTED);
4300
4301 if (cp->val != 0x00 && cp->val != 0x01)
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_INVALID_PARAMS);
4304
4305 hci_dev_lock(hdev);
4306
4307 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4308 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4309 goto unlock;
4310 }
4311
4312 if (!hdev_is_powered(hdev)) {
4313 if (!cp->val) {
4314 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4315 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4316 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4317 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4318 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4319 }
4320
4321 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4322
4323 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4324 if (err < 0)
4325 goto unlock;
4326
4327 err = new_settings(hdev, sk);
4328 goto unlock;
4329 }
4330
4331 /* Reject disabling when powered on */
4332 if (!cp->val) {
4333 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4334 MGMT_STATUS_REJECTED);
4335 goto unlock;
4336 } else {
4337 /* When configuring a dual-mode controller to operate
4338 * with LE only and using a static address, then switching
4339 * BR/EDR back on is not allowed.
4340 *
4341 * Dual-mode controllers shall operate with the public
4342 * address as its identity address for BR/EDR and LE. So
4343 * reject the attempt to create an invalid configuration.
4344 *
4345 * The same restrictions applies when secure connections
4346 * has been enabled. For BR/EDR this is a controller feature
4347 * while for LE it is a host stack feature. This means that
4348 * switching BR/EDR back on when secure connections has been
4349 * enabled is not a supported transaction.
4350 */
4351 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4352 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4353 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4354 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4355 MGMT_STATUS_REJECTED);
4356 goto unlock;
4357 }
4358 }
4359
4360 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4361 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4362 MGMT_STATUS_BUSY);
4363 goto unlock;
4364 }
4365
4366 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4367 if (!cmd) {
4368 err = -ENOMEM;
4369 goto unlock;
4370 }
4371
4372 /* We need to flip the bit already here so that
4373 * hci_req_update_adv_data generates the correct flags.
4374 */
4375 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4376
4377 hci_req_init(&req, hdev);
4378
4379 __hci_req_write_fast_connectable(&req, false);
4380 __hci_req_update_scan(&req);
4381
4382 /* Since only the advertising data flags will change, there
4383 * is no need to update the scan response data.
4384 */
4385 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4386
4387 err = hci_req_run(&req, set_bredr_complete);
4388 if (err < 0)
4389 mgmt_pending_remove(cmd);
4390
4391 unlock:
4392 hci_dev_unlock(hdev);
4393 return err;
4394 }
4395
sc_enable_complete(struct hci_dev * hdev,u8 status,u16 opcode)4396 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4397 {
4398 struct mgmt_pending_cmd *cmd;
4399 struct mgmt_mode *cp;
4400
4401 BT_DBG("%s status %u", hdev->name, status);
4402
4403 hci_dev_lock(hdev);
4404
4405 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4406 if (!cmd)
4407 goto unlock;
4408
4409 if (status) {
4410 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4411 mgmt_status(status));
4412 goto remove;
4413 }
4414
4415 cp = cmd->param;
4416
4417 switch (cp->val) {
4418 case 0x00:
4419 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4420 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4421 break;
4422 case 0x01:
4423 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4424 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4425 break;
4426 case 0x02:
4427 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4429 break;
4430 }
4431
4432 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4433 new_settings(hdev, cmd->sk);
4434
4435 remove:
4436 mgmt_pending_remove(cmd);
4437 unlock:
4438 hci_dev_unlock(hdev);
4439 }
4440
set_secure_conn(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4441 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4442 void *data, u16 len)
4443 {
4444 struct mgmt_mode *cp = data;
4445 struct mgmt_pending_cmd *cmd;
4446 struct hci_request req;
4447 u8 val;
4448 int err;
4449
4450 BT_DBG("request for %s", hdev->name);
4451
4452 if (!lmp_sc_capable(hdev) &&
4453 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4455 MGMT_STATUS_NOT_SUPPORTED);
4456
4457 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4458 lmp_sc_capable(hdev) &&
4459 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4460 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4461 MGMT_STATUS_REJECTED);
4462
4463 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4464 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 MGMT_STATUS_INVALID_PARAMS);
4466
4467 hci_dev_lock(hdev);
4468
4469 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4470 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4471 bool changed;
4472
4473 if (cp->val) {
4474 changed = !hci_dev_test_and_set_flag(hdev,
4475 HCI_SC_ENABLED);
4476 if (cp->val == 0x02)
4477 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4478 else
4479 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4480 } else {
4481 changed = hci_dev_test_and_clear_flag(hdev,
4482 HCI_SC_ENABLED);
4483 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4484 }
4485
4486 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4487 if (err < 0)
4488 goto failed;
4489
4490 if (changed)
4491 err = new_settings(hdev, sk);
4492
4493 goto failed;
4494 }
4495
4496 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4497 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4498 MGMT_STATUS_BUSY);
4499 goto failed;
4500 }
4501
4502 val = !!cp->val;
4503
4504 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4505 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4506 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4507 goto failed;
4508 }
4509
4510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4511 if (!cmd) {
4512 err = -ENOMEM;
4513 goto failed;
4514 }
4515
4516 hci_req_init(&req, hdev);
4517 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4518 err = hci_req_run(&req, sc_enable_complete);
4519 if (err < 0) {
4520 mgmt_pending_remove(cmd);
4521 goto failed;
4522 }
4523
4524 failed:
4525 hci_dev_unlock(hdev);
4526 return err;
4527 }
4528
set_debug_keys(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4529 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4530 void *data, u16 len)
4531 {
4532 struct mgmt_mode *cp = data;
4533 bool changed, use_changed;
4534 int err;
4535
4536 BT_DBG("request for %s", hdev->name);
4537
4538 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4539 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4540 MGMT_STATUS_INVALID_PARAMS);
4541
4542 hci_dev_lock(hdev);
4543
4544 if (cp->val)
4545 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4546 else
4547 changed = hci_dev_test_and_clear_flag(hdev,
4548 HCI_KEEP_DEBUG_KEYS);
4549
4550 if (cp->val == 0x02)
4551 use_changed = !hci_dev_test_and_set_flag(hdev,
4552 HCI_USE_DEBUG_KEYS);
4553 else
4554 use_changed = hci_dev_test_and_clear_flag(hdev,
4555 HCI_USE_DEBUG_KEYS);
4556
4557 if (hdev_is_powered(hdev) && use_changed &&
4558 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4559 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4560 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4561 sizeof(mode), &mode);
4562 }
4563
4564 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4565 if (err < 0)
4566 goto unlock;
4567
4568 if (changed)
4569 err = new_settings(hdev, sk);
4570
4571 unlock:
4572 hci_dev_unlock(hdev);
4573 return err;
4574 }
4575
set_privacy(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)4576 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4577 u16 len)
4578 {
4579 struct mgmt_cp_set_privacy *cp = cp_data;
4580 bool changed;
4581 int err;
4582
4583 BT_DBG("request for %s", hdev->name);
4584
4585 if (!lmp_le_capable(hdev))
4586 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4587 MGMT_STATUS_NOT_SUPPORTED);
4588
4589 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4590 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4591 MGMT_STATUS_INVALID_PARAMS);
4592
4593 if (hdev_is_powered(hdev))
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_REJECTED);
4596
4597 hci_dev_lock(hdev);
4598
4599 /* If user space supports this command it is also expected to
4600 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4601 */
4602 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4603
4604 if (cp->privacy) {
4605 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4606 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4607 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4608 if (cp->privacy == 0x02)
4609 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4610 else
4611 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4612 } else {
4613 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4614 memset(hdev->irk, 0, sizeof(hdev->irk));
4615 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4616 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4617 }
4618
4619 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4620 if (err < 0)
4621 goto unlock;
4622
4623 if (changed)
4624 err = new_settings(hdev, sk);
4625
4626 unlock:
4627 hci_dev_unlock(hdev);
4628 return err;
4629 }
4630
irk_is_valid(struct mgmt_irk_info * irk)4631 static bool irk_is_valid(struct mgmt_irk_info *irk)
4632 {
4633 switch (irk->addr.type) {
4634 case BDADDR_LE_PUBLIC:
4635 return true;
4636
4637 case BDADDR_LE_RANDOM:
4638 /* Two most significant bits shall be set */
4639 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4640 return false;
4641 return true;
4642 }
4643
4644 return false;
4645 }
4646
load_irks(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)4647 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4648 u16 len)
4649 {
4650 struct mgmt_cp_load_irks *cp = cp_data;
4651 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4652 sizeof(struct mgmt_irk_info));
4653 u16 irk_count, expected_len;
4654 int i, err;
4655
4656 BT_DBG("request for %s", hdev->name);
4657
4658 if (!lmp_le_capable(hdev))
4659 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4660 MGMT_STATUS_NOT_SUPPORTED);
4661
4662 irk_count = __le16_to_cpu(cp->irk_count);
4663 if (irk_count > max_irk_count) {
4664 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4666 MGMT_STATUS_INVALID_PARAMS);
4667 }
4668
4669 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4670 if (expected_len != len) {
4671 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4672 expected_len, len);
4673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4674 MGMT_STATUS_INVALID_PARAMS);
4675 }
4676
4677 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4678
4679 for (i = 0; i < irk_count; i++) {
4680 struct mgmt_irk_info *key = &cp->irks[i];
4681
4682 if (!irk_is_valid(key))
4683 return mgmt_cmd_status(sk, hdev->id,
4684 MGMT_OP_LOAD_IRKS,
4685 MGMT_STATUS_INVALID_PARAMS);
4686 }
4687
4688 hci_dev_lock(hdev);
4689
4690 hci_smp_irks_clear(hdev);
4691
4692 for (i = 0; i < irk_count; i++) {
4693 struct mgmt_irk_info *irk = &cp->irks[i];
4694
4695 hci_add_irk(hdev, &irk->addr.bdaddr,
4696 le_addr_type(irk->addr.type), irk->val,
4697 BDADDR_ANY);
4698 }
4699
4700 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4701
4702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4703
4704 hci_dev_unlock(hdev);
4705
4706 return err;
4707 }
4708
ltk_is_valid(struct mgmt_ltk_info * key)4709 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4710 {
4711 if (key->master != 0x00 && key->master != 0x01)
4712 return false;
4713
4714 switch (key->addr.type) {
4715 case BDADDR_LE_PUBLIC:
4716 return true;
4717
4718 case BDADDR_LE_RANDOM:
4719 /* Two most significant bits shall be set */
4720 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4721 return false;
4722 return true;
4723 }
4724
4725 return false;
4726 }
4727
load_long_term_keys(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)4728 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4729 void *cp_data, u16 len)
4730 {
4731 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4732 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4733 sizeof(struct mgmt_ltk_info));
4734 u16 key_count, expected_len;
4735 int i, err;
4736
4737 BT_DBG("request for %s", hdev->name);
4738
4739 if (!lmp_le_capable(hdev))
4740 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4741 MGMT_STATUS_NOT_SUPPORTED);
4742
4743 key_count = __le16_to_cpu(cp->key_count);
4744 if (key_count > max_key_count) {
4745 BT_ERR("load_ltks: too big key_count value %u", key_count);
4746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4747 MGMT_STATUS_INVALID_PARAMS);
4748 }
4749
4750 expected_len = sizeof(*cp) + key_count *
4751 sizeof(struct mgmt_ltk_info);
4752 if (expected_len != len) {
4753 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4754 expected_len, len);
4755 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4756 MGMT_STATUS_INVALID_PARAMS);
4757 }
4758
4759 BT_DBG("%s key_count %u", hdev->name, key_count);
4760
4761 for (i = 0; i < key_count; i++) {
4762 struct mgmt_ltk_info *key = &cp->keys[i];
4763
4764 if (!ltk_is_valid(key))
4765 return mgmt_cmd_status(sk, hdev->id,
4766 MGMT_OP_LOAD_LONG_TERM_KEYS,
4767 MGMT_STATUS_INVALID_PARAMS);
4768 }
4769
4770 hci_dev_lock(hdev);
4771
4772 hci_smp_ltks_clear(hdev);
4773
4774 for (i = 0; i < key_count; i++) {
4775 struct mgmt_ltk_info *key = &cp->keys[i];
4776 u8 type, authenticated;
4777
4778 switch (key->type) {
4779 case MGMT_LTK_UNAUTHENTICATED:
4780 authenticated = 0x00;
4781 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4782 break;
4783 case MGMT_LTK_AUTHENTICATED:
4784 authenticated = 0x01;
4785 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4786 break;
4787 case MGMT_LTK_P256_UNAUTH:
4788 authenticated = 0x00;
4789 type = SMP_LTK_P256;
4790 break;
4791 case MGMT_LTK_P256_AUTH:
4792 authenticated = 0x01;
4793 type = SMP_LTK_P256;
4794 break;
4795 case MGMT_LTK_P256_DEBUG:
4796 authenticated = 0x00;
4797 type = SMP_LTK_P256_DEBUG;
4798 default:
4799 continue;
4800 }
4801
4802 hci_add_ltk(hdev, &key->addr.bdaddr,
4803 le_addr_type(key->addr.type), type, authenticated,
4804 key->val, key->enc_size, key->ediv, key->rand);
4805 }
4806
4807 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4808 NULL, 0);
4809
4810 hci_dev_unlock(hdev);
4811
4812 return err;
4813 }
4814
conn_info_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)4815 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4816 {
4817 struct hci_conn *conn = cmd->user_data;
4818 struct mgmt_rp_get_conn_info rp;
4819 int err;
4820
4821 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4822
4823 if (status == MGMT_STATUS_SUCCESS) {
4824 rp.rssi = conn->rssi;
4825 rp.tx_power = conn->tx_power;
4826 rp.max_tx_power = conn->max_tx_power;
4827 } else {
4828 rp.rssi = HCI_RSSI_INVALID;
4829 rp.tx_power = HCI_TX_POWER_INVALID;
4830 rp.max_tx_power = HCI_TX_POWER_INVALID;
4831 }
4832
4833 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4834 status, &rp, sizeof(rp));
4835
4836 hci_conn_drop(conn);
4837 hci_conn_put(conn);
4838
4839 return err;
4840 }
4841
conn_info_refresh_complete(struct hci_dev * hdev,u8 hci_status,u16 opcode)4842 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4843 u16 opcode)
4844 {
4845 struct hci_cp_read_rssi *cp;
4846 struct mgmt_pending_cmd *cmd;
4847 struct hci_conn *conn;
4848 u16 handle;
4849 u8 status;
4850
4851 BT_DBG("status 0x%02x", hci_status);
4852
4853 hci_dev_lock(hdev);
4854
4855 /* Commands sent in request are either Read RSSI or Read Transmit Power
4856 * Level so we check which one was last sent to retrieve connection
4857 * handle. Both commands have handle as first parameter so it's safe to
4858 * cast data on the same command struct.
4859 *
4860 * First command sent is always Read RSSI and we fail only if it fails.
4861 * In other case we simply override error to indicate success as we
4862 * already remembered if TX power value is actually valid.
4863 */
4864 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4865 if (!cp) {
4866 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4867 status = MGMT_STATUS_SUCCESS;
4868 } else {
4869 status = mgmt_status(hci_status);
4870 }
4871
4872 if (!cp) {
4873 BT_ERR("invalid sent_cmd in conn_info response");
4874 goto unlock;
4875 }
4876
4877 handle = __le16_to_cpu(cp->handle);
4878 conn = hci_conn_hash_lookup_handle(hdev, handle);
4879 if (!conn) {
4880 BT_ERR("unknown handle (%d) in conn_info response", handle);
4881 goto unlock;
4882 }
4883
4884 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4885 if (!cmd)
4886 goto unlock;
4887
4888 cmd->cmd_complete(cmd, status);
4889 mgmt_pending_remove(cmd);
4890
4891 unlock:
4892 hci_dev_unlock(hdev);
4893 }
4894
get_conn_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4895 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4896 u16 len)
4897 {
4898 struct mgmt_cp_get_conn_info *cp = data;
4899 struct mgmt_rp_get_conn_info rp;
4900 struct hci_conn *conn;
4901 unsigned long conn_info_age;
4902 int err = 0;
4903
4904 BT_DBG("%s", hdev->name);
4905
4906 memset(&rp, 0, sizeof(rp));
4907 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4908 rp.addr.type = cp->addr.type;
4909
4910 if (!bdaddr_type_is_valid(cp->addr.type))
4911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4912 MGMT_STATUS_INVALID_PARAMS,
4913 &rp, sizeof(rp));
4914
4915 hci_dev_lock(hdev);
4916
4917 if (!hdev_is_powered(hdev)) {
4918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4919 MGMT_STATUS_NOT_POWERED, &rp,
4920 sizeof(rp));
4921 goto unlock;
4922 }
4923
4924 if (cp->addr.type == BDADDR_BREDR)
4925 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4926 &cp->addr.bdaddr);
4927 else
4928 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4929
4930 if (!conn || conn->state != BT_CONNECTED) {
4931 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4932 MGMT_STATUS_NOT_CONNECTED, &rp,
4933 sizeof(rp));
4934 goto unlock;
4935 }
4936
4937 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4938 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4939 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4940 goto unlock;
4941 }
4942
4943 /* To avoid client trying to guess when to poll again for information we
4944 * calculate conn info age as random value between min/max set in hdev.
4945 */
4946 conn_info_age = hdev->conn_info_min_age +
4947 prandom_u32_max(hdev->conn_info_max_age -
4948 hdev->conn_info_min_age);
4949
4950 /* Query controller to refresh cached values if they are too old or were
4951 * never read.
4952 */
4953 if (time_after(jiffies, conn->conn_info_timestamp +
4954 msecs_to_jiffies(conn_info_age)) ||
4955 !conn->conn_info_timestamp) {
4956 struct hci_request req;
4957 struct hci_cp_read_tx_power req_txp_cp;
4958 struct hci_cp_read_rssi req_rssi_cp;
4959 struct mgmt_pending_cmd *cmd;
4960
4961 hci_req_init(&req, hdev);
4962 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4963 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4964 &req_rssi_cp);
4965
4966 /* For LE links TX power does not change thus we don't need to
4967 * query for it once value is known.
4968 */
4969 if (!bdaddr_type_is_le(cp->addr.type) ||
4970 conn->tx_power == HCI_TX_POWER_INVALID) {
4971 req_txp_cp.handle = cpu_to_le16(conn->handle);
4972 req_txp_cp.type = 0x00;
4973 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4974 sizeof(req_txp_cp), &req_txp_cp);
4975 }
4976
4977 /* Max TX power needs to be read only once per connection */
4978 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4979 req_txp_cp.handle = cpu_to_le16(conn->handle);
4980 req_txp_cp.type = 0x01;
4981 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4982 sizeof(req_txp_cp), &req_txp_cp);
4983 }
4984
4985 err = hci_req_run(&req, conn_info_refresh_complete);
4986 if (err < 0)
4987 goto unlock;
4988
4989 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4990 data, len);
4991 if (!cmd) {
4992 err = -ENOMEM;
4993 goto unlock;
4994 }
4995
4996 hci_conn_hold(conn);
4997 cmd->user_data = hci_conn_get(conn);
4998 cmd->cmd_complete = conn_info_cmd_complete;
4999
5000 conn->conn_info_timestamp = jiffies;
5001 } else {
5002 /* Cache is valid, just reply with values cached in hci_conn */
5003 rp.rssi = conn->rssi;
5004 rp.tx_power = conn->tx_power;
5005 rp.max_tx_power = conn->max_tx_power;
5006
5007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5008 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5009 }
5010
5011 unlock:
5012 hci_dev_unlock(hdev);
5013 return err;
5014 }
5015
clock_info_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)5016 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5017 {
5018 struct hci_conn *conn = cmd->user_data;
5019 struct mgmt_rp_get_clock_info rp;
5020 struct hci_dev *hdev;
5021 int err;
5022
5023 memset(&rp, 0, sizeof(rp));
5024 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5025
5026 if (status)
5027 goto complete;
5028
5029 hdev = hci_dev_get(cmd->index);
5030 if (hdev) {
5031 rp.local_clock = cpu_to_le32(hdev->clock);
5032 hci_dev_put(hdev);
5033 }
5034
5035 if (conn) {
5036 rp.piconet_clock = cpu_to_le32(conn->clock);
5037 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5038 }
5039
5040 complete:
5041 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5042 sizeof(rp));
5043
5044 if (conn) {
5045 hci_conn_drop(conn);
5046 hci_conn_put(conn);
5047 }
5048
5049 return err;
5050 }
5051
get_clock_info_complete(struct hci_dev * hdev,u8 status,u16 opcode)5052 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5053 {
5054 struct hci_cp_read_clock *hci_cp;
5055 struct mgmt_pending_cmd *cmd;
5056 struct hci_conn *conn;
5057
5058 BT_DBG("%s status %u", hdev->name, status);
5059
5060 hci_dev_lock(hdev);
5061
5062 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5063 if (!hci_cp)
5064 goto unlock;
5065
5066 if (hci_cp->which) {
5067 u16 handle = __le16_to_cpu(hci_cp->handle);
5068 conn = hci_conn_hash_lookup_handle(hdev, handle);
5069 } else {
5070 conn = NULL;
5071 }
5072
5073 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5074 if (!cmd)
5075 goto unlock;
5076
5077 cmd->cmd_complete(cmd, mgmt_status(status));
5078 mgmt_pending_remove(cmd);
5079
5080 unlock:
5081 hci_dev_unlock(hdev);
5082 }
5083
get_clock_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5084 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5085 u16 len)
5086 {
5087 struct mgmt_cp_get_clock_info *cp = data;
5088 struct mgmt_rp_get_clock_info rp;
5089 struct hci_cp_read_clock hci_cp;
5090 struct mgmt_pending_cmd *cmd;
5091 struct hci_request req;
5092 struct hci_conn *conn;
5093 int err;
5094
5095 BT_DBG("%s", hdev->name);
5096
5097 memset(&rp, 0, sizeof(rp));
5098 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5099 rp.addr.type = cp->addr.type;
5100
5101 if (cp->addr.type != BDADDR_BREDR)
5102 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5103 MGMT_STATUS_INVALID_PARAMS,
5104 &rp, sizeof(rp));
5105
5106 hci_dev_lock(hdev);
5107
5108 if (!hdev_is_powered(hdev)) {
5109 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5110 MGMT_STATUS_NOT_POWERED, &rp,
5111 sizeof(rp));
5112 goto unlock;
5113 }
5114
5115 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5116 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5117 &cp->addr.bdaddr);
5118 if (!conn || conn->state != BT_CONNECTED) {
5119 err = mgmt_cmd_complete(sk, hdev->id,
5120 MGMT_OP_GET_CLOCK_INFO,
5121 MGMT_STATUS_NOT_CONNECTED,
5122 &rp, sizeof(rp));
5123 goto unlock;
5124 }
5125 } else {
5126 conn = NULL;
5127 }
5128
5129 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5130 if (!cmd) {
5131 err = -ENOMEM;
5132 goto unlock;
5133 }
5134
5135 cmd->cmd_complete = clock_info_cmd_complete;
5136
5137 hci_req_init(&req, hdev);
5138
5139 memset(&hci_cp, 0, sizeof(hci_cp));
5140 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5141
5142 if (conn) {
5143 hci_conn_hold(conn);
5144 cmd->user_data = hci_conn_get(conn);
5145
5146 hci_cp.handle = cpu_to_le16(conn->handle);
5147 hci_cp.which = 0x01; /* Piconet clock */
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5149 }
5150
5151 err = hci_req_run(&req, get_clock_info_complete);
5152 if (err < 0)
5153 mgmt_pending_remove(cmd);
5154
5155 unlock:
5156 hci_dev_unlock(hdev);
5157 return err;
5158 }
5159
is_connected(struct hci_dev * hdev,bdaddr_t * addr,u8 type)5160 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5161 {
5162 struct hci_conn *conn;
5163
5164 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5165 if (!conn)
5166 return false;
5167
5168 if (conn->dst_type != type)
5169 return false;
5170
5171 if (conn->state != BT_CONNECTED)
5172 return false;
5173
5174 return true;
5175 }
5176
5177 /* This function requires the caller holds hdev->lock */
hci_conn_params_set(struct hci_dev * hdev,bdaddr_t * addr,u8 addr_type,u8 auto_connect)5178 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5179 u8 addr_type, u8 auto_connect)
5180 {
5181 struct hci_conn_params *params;
5182
5183 params = hci_conn_params_add(hdev, addr, addr_type);
5184 if (!params)
5185 return -EIO;
5186
5187 if (params->auto_connect == auto_connect)
5188 return 0;
5189
5190 list_del_init(¶ms->action);
5191
5192 switch (auto_connect) {
5193 case HCI_AUTO_CONN_DISABLED:
5194 case HCI_AUTO_CONN_LINK_LOSS:
5195 /* If auto connect is being disabled when we're trying to
5196 * connect to device, keep connecting.
5197 */
5198 if (params->explicit_connect)
5199 list_add(¶ms->action, &hdev->pend_le_conns);
5200 break;
5201 case HCI_AUTO_CONN_REPORT:
5202 if (params->explicit_connect)
5203 list_add(¶ms->action, &hdev->pend_le_conns);
5204 else
5205 list_add(¶ms->action, &hdev->pend_le_reports);
5206 break;
5207 case HCI_AUTO_CONN_DIRECT:
5208 case HCI_AUTO_CONN_ALWAYS:
5209 if (!is_connected(hdev, addr, addr_type))
5210 list_add(¶ms->action, &hdev->pend_le_conns);
5211 break;
5212 }
5213
5214 params->auto_connect = auto_connect;
5215
5216 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5217 auto_connect);
5218
5219 return 0;
5220 }
5221
device_added(struct sock * sk,struct hci_dev * hdev,bdaddr_t * bdaddr,u8 type,u8 action)5222 static void device_added(struct sock *sk, struct hci_dev *hdev,
5223 bdaddr_t *bdaddr, u8 type, u8 action)
5224 {
5225 struct mgmt_ev_device_added ev;
5226
5227 bacpy(&ev.addr.bdaddr, bdaddr);
5228 ev.addr.type = type;
5229 ev.action = action;
5230
5231 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5232 }
5233
add_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5234 static int add_device(struct sock *sk, struct hci_dev *hdev,
5235 void *data, u16 len)
5236 {
5237 struct mgmt_cp_add_device *cp = data;
5238 u8 auto_conn, addr_type;
5239 int err;
5240
5241 BT_DBG("%s", hdev->name);
5242
5243 if (!bdaddr_type_is_valid(cp->addr.type) ||
5244 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5245 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5246 MGMT_STATUS_INVALID_PARAMS,
5247 &cp->addr, sizeof(cp->addr));
5248
5249 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5250 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5251 MGMT_STATUS_INVALID_PARAMS,
5252 &cp->addr, sizeof(cp->addr));
5253
5254 hci_dev_lock(hdev);
5255
5256 if (cp->addr.type == BDADDR_BREDR) {
5257 /* Only incoming connections action is supported for now */
5258 if (cp->action != 0x01) {
5259 err = mgmt_cmd_complete(sk, hdev->id,
5260 MGMT_OP_ADD_DEVICE,
5261 MGMT_STATUS_INVALID_PARAMS,
5262 &cp->addr, sizeof(cp->addr));
5263 goto unlock;
5264 }
5265
5266 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5267 cp->addr.type);
5268 if (err)
5269 goto unlock;
5270
5271 hci_req_update_scan(hdev);
5272
5273 goto added;
5274 }
5275
5276 addr_type = le_addr_type(cp->addr.type);
5277
5278 if (cp->action == 0x02)
5279 auto_conn = HCI_AUTO_CONN_ALWAYS;
5280 else if (cp->action == 0x01)
5281 auto_conn = HCI_AUTO_CONN_DIRECT;
5282 else
5283 auto_conn = HCI_AUTO_CONN_REPORT;
5284
5285 /* Kernel internally uses conn_params with resolvable private
5286 * address, but Add Device allows only identity addresses.
5287 * Make sure it is enforced before calling
5288 * hci_conn_params_lookup.
5289 */
5290 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5291 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5292 MGMT_STATUS_INVALID_PARAMS,
5293 &cp->addr, sizeof(cp->addr));
5294 goto unlock;
5295 }
5296
5297 /* If the connection parameters don't exist for this device,
5298 * they will be created and configured with defaults.
5299 */
5300 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5301 auto_conn) < 0) {
5302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5303 MGMT_STATUS_FAILED, &cp->addr,
5304 sizeof(cp->addr));
5305 goto unlock;
5306 }
5307
5308 hci_update_background_scan(hdev);
5309
5310 added:
5311 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5312
5313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5314 MGMT_STATUS_SUCCESS, &cp->addr,
5315 sizeof(cp->addr));
5316
5317 unlock:
5318 hci_dev_unlock(hdev);
5319 return err;
5320 }
5321
device_removed(struct sock * sk,struct hci_dev * hdev,bdaddr_t * bdaddr,u8 type)5322 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5323 bdaddr_t *bdaddr, u8 type)
5324 {
5325 struct mgmt_ev_device_removed ev;
5326
5327 bacpy(&ev.addr.bdaddr, bdaddr);
5328 ev.addr.type = type;
5329
5330 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5331 }
5332
remove_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5333 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5334 void *data, u16 len)
5335 {
5336 struct mgmt_cp_remove_device *cp = data;
5337 int err;
5338
5339 BT_DBG("%s", hdev->name);
5340
5341 hci_dev_lock(hdev);
5342
5343 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5344 struct hci_conn_params *params;
5345 u8 addr_type;
5346
5347 if (!bdaddr_type_is_valid(cp->addr.type)) {
5348 err = mgmt_cmd_complete(sk, hdev->id,
5349 MGMT_OP_REMOVE_DEVICE,
5350 MGMT_STATUS_INVALID_PARAMS,
5351 &cp->addr, sizeof(cp->addr));
5352 goto unlock;
5353 }
5354
5355 if (cp->addr.type == BDADDR_BREDR) {
5356 err = hci_bdaddr_list_del(&hdev->whitelist,
5357 &cp->addr.bdaddr,
5358 cp->addr.type);
5359 if (err) {
5360 err = mgmt_cmd_complete(sk, hdev->id,
5361 MGMT_OP_REMOVE_DEVICE,
5362 MGMT_STATUS_INVALID_PARAMS,
5363 &cp->addr,
5364 sizeof(cp->addr));
5365 goto unlock;
5366 }
5367
5368 hci_req_update_scan(hdev);
5369
5370 device_removed(sk, hdev, &cp->addr.bdaddr,
5371 cp->addr.type);
5372 goto complete;
5373 }
5374
5375 addr_type = le_addr_type(cp->addr.type);
5376
5377 /* Kernel internally uses conn_params with resolvable private
5378 * address, but Remove Device allows only identity addresses.
5379 * Make sure it is enforced before calling
5380 * hci_conn_params_lookup.
5381 */
5382 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5383 err = mgmt_cmd_complete(sk, hdev->id,
5384 MGMT_OP_REMOVE_DEVICE,
5385 MGMT_STATUS_INVALID_PARAMS,
5386 &cp->addr, sizeof(cp->addr));
5387 goto unlock;
5388 }
5389
5390 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5391 addr_type);
5392 if (!params) {
5393 err = mgmt_cmd_complete(sk, hdev->id,
5394 MGMT_OP_REMOVE_DEVICE,
5395 MGMT_STATUS_INVALID_PARAMS,
5396 &cp->addr, sizeof(cp->addr));
5397 goto unlock;
5398 }
5399
5400 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5401 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5402 err = mgmt_cmd_complete(sk, hdev->id,
5403 MGMT_OP_REMOVE_DEVICE,
5404 MGMT_STATUS_INVALID_PARAMS,
5405 &cp->addr, sizeof(cp->addr));
5406 goto unlock;
5407 }
5408
5409 list_del(¶ms->action);
5410 list_del(¶ms->list);
5411 kfree(params);
5412 hci_update_background_scan(hdev);
5413
5414 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5415 } else {
5416 struct hci_conn_params *p, *tmp;
5417 struct bdaddr_list *b, *btmp;
5418
5419 if (cp->addr.type) {
5420 err = mgmt_cmd_complete(sk, hdev->id,
5421 MGMT_OP_REMOVE_DEVICE,
5422 MGMT_STATUS_INVALID_PARAMS,
5423 &cp->addr, sizeof(cp->addr));
5424 goto unlock;
5425 }
5426
5427 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5428 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5429 list_del(&b->list);
5430 kfree(b);
5431 }
5432
5433 hci_req_update_scan(hdev);
5434
5435 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5436 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5437 continue;
5438 device_removed(sk, hdev, &p->addr, p->addr_type);
5439 if (p->explicit_connect) {
5440 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5441 continue;
5442 }
5443 list_del(&p->action);
5444 list_del(&p->list);
5445 kfree(p);
5446 }
5447
5448 BT_DBG("All LE connection parameters were removed");
5449
5450 hci_update_background_scan(hdev);
5451 }
5452
5453 complete:
5454 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5455 MGMT_STATUS_SUCCESS, &cp->addr,
5456 sizeof(cp->addr));
5457 unlock:
5458 hci_dev_unlock(hdev);
5459 return err;
5460 }
5461
load_conn_param(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5462 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5463 u16 len)
5464 {
5465 struct mgmt_cp_load_conn_param *cp = data;
5466 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5467 sizeof(struct mgmt_conn_param));
5468 u16 param_count, expected_len;
5469 int i;
5470
5471 if (!lmp_le_capable(hdev))
5472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5473 MGMT_STATUS_NOT_SUPPORTED);
5474
5475 param_count = __le16_to_cpu(cp->param_count);
5476 if (param_count > max_param_count) {
5477 BT_ERR("load_conn_param: too big param_count value %u",
5478 param_count);
5479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5480 MGMT_STATUS_INVALID_PARAMS);
5481 }
5482
5483 expected_len = sizeof(*cp) + param_count *
5484 sizeof(struct mgmt_conn_param);
5485 if (expected_len != len) {
5486 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5487 expected_len, len);
5488 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5489 MGMT_STATUS_INVALID_PARAMS);
5490 }
5491
5492 BT_DBG("%s param_count %u", hdev->name, param_count);
5493
5494 hci_dev_lock(hdev);
5495
5496 hci_conn_params_clear_disabled(hdev);
5497
5498 for (i = 0; i < param_count; i++) {
5499 struct mgmt_conn_param *param = &cp->params[i];
5500 struct hci_conn_params *hci_param;
5501 u16 min, max, latency, timeout;
5502 u8 addr_type;
5503
5504 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5505 param->addr.type);
5506
5507 if (param->addr.type == BDADDR_LE_PUBLIC) {
5508 addr_type = ADDR_LE_DEV_PUBLIC;
5509 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5510 addr_type = ADDR_LE_DEV_RANDOM;
5511 } else {
5512 BT_ERR("Ignoring invalid connection parameters");
5513 continue;
5514 }
5515
5516 min = le16_to_cpu(param->min_interval);
5517 max = le16_to_cpu(param->max_interval);
5518 latency = le16_to_cpu(param->latency);
5519 timeout = le16_to_cpu(param->timeout);
5520
5521 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5522 min, max, latency, timeout);
5523
5524 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5525 BT_ERR("Ignoring invalid connection parameters");
5526 continue;
5527 }
5528
5529 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5530 addr_type);
5531 if (!hci_param) {
5532 BT_ERR("Failed to add connection parameters");
5533 continue;
5534 }
5535
5536 hci_param->conn_min_interval = min;
5537 hci_param->conn_max_interval = max;
5538 hci_param->conn_latency = latency;
5539 hci_param->supervision_timeout = timeout;
5540 }
5541
5542 hci_dev_unlock(hdev);
5543
5544 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5545 NULL, 0);
5546 }
5547
set_external_config(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5548 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5549 void *data, u16 len)
5550 {
5551 struct mgmt_cp_set_external_config *cp = data;
5552 bool changed;
5553 int err;
5554
5555 BT_DBG("%s", hdev->name);
5556
5557 if (hdev_is_powered(hdev))
5558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5559 MGMT_STATUS_REJECTED);
5560
5561 if (cp->config != 0x00 && cp->config != 0x01)
5562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5563 MGMT_STATUS_INVALID_PARAMS);
5564
5565 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_NOT_SUPPORTED);
5568
5569 hci_dev_lock(hdev);
5570
5571 if (cp->config)
5572 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5573 else
5574 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5575
5576 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5577 if (err < 0)
5578 goto unlock;
5579
5580 if (!changed)
5581 goto unlock;
5582
5583 err = new_options(hdev, sk);
5584
5585 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5586 mgmt_index_removed(hdev);
5587
5588 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5589 hci_dev_set_flag(hdev, HCI_CONFIG);
5590 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5591
5592 queue_work(hdev->req_workqueue, &hdev->power_on);
5593 } else {
5594 set_bit(HCI_RAW, &hdev->flags);
5595 mgmt_index_added(hdev);
5596 }
5597 }
5598
5599 unlock:
5600 hci_dev_unlock(hdev);
5601 return err;
5602 }
5603
set_public_address(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5604 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5605 void *data, u16 len)
5606 {
5607 struct mgmt_cp_set_public_address *cp = data;
5608 bool changed;
5609 int err;
5610
5611 BT_DBG("%s", hdev->name);
5612
5613 if (hdev_is_powered(hdev))
5614 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5615 MGMT_STATUS_REJECTED);
5616
5617 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5619 MGMT_STATUS_INVALID_PARAMS);
5620
5621 if (!hdev->set_bdaddr)
5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5623 MGMT_STATUS_NOT_SUPPORTED);
5624
5625 hci_dev_lock(hdev);
5626
5627 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5628 bacpy(&hdev->public_addr, &cp->bdaddr);
5629
5630 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5631 if (err < 0)
5632 goto unlock;
5633
5634 if (!changed)
5635 goto unlock;
5636
5637 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5638 err = new_options(hdev, sk);
5639
5640 if (is_configured(hdev)) {
5641 mgmt_index_removed(hdev);
5642
5643 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5644
5645 hci_dev_set_flag(hdev, HCI_CONFIG);
5646 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5647
5648 queue_work(hdev->req_workqueue, &hdev->power_on);
5649 }
5650
5651 unlock:
5652 hci_dev_unlock(hdev);
5653 return err;
5654 }
5655
read_local_oob_ext_data_complete(struct hci_dev * hdev,u8 status,u16 opcode,struct sk_buff * skb)5656 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5657 u16 opcode, struct sk_buff *skb)
5658 {
5659 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5660 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5661 u8 *h192, *r192, *h256, *r256;
5662 struct mgmt_pending_cmd *cmd;
5663 u16 eir_len;
5664 int err;
5665
5666 BT_DBG("%s status %u", hdev->name, status);
5667
5668 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5669 if (!cmd)
5670 return;
5671
5672 mgmt_cp = cmd->param;
5673
5674 if (status) {
5675 status = mgmt_status(status);
5676 eir_len = 0;
5677
5678 h192 = NULL;
5679 r192 = NULL;
5680 h256 = NULL;
5681 r256 = NULL;
5682 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5683 struct hci_rp_read_local_oob_data *rp;
5684
5685 if (skb->len != sizeof(*rp)) {
5686 status = MGMT_STATUS_FAILED;
5687 eir_len = 0;
5688 } else {
5689 status = MGMT_STATUS_SUCCESS;
5690 rp = (void *)skb->data;
5691
5692 eir_len = 5 + 18 + 18;
5693 h192 = rp->hash;
5694 r192 = rp->rand;
5695 h256 = NULL;
5696 r256 = NULL;
5697 }
5698 } else {
5699 struct hci_rp_read_local_oob_ext_data *rp;
5700
5701 if (skb->len != sizeof(*rp)) {
5702 status = MGMT_STATUS_FAILED;
5703 eir_len = 0;
5704 } else {
5705 status = MGMT_STATUS_SUCCESS;
5706 rp = (void *)skb->data;
5707
5708 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5709 eir_len = 5 + 18 + 18;
5710 h192 = NULL;
5711 r192 = NULL;
5712 } else {
5713 eir_len = 5 + 18 + 18 + 18 + 18;
5714 h192 = rp->hash192;
5715 r192 = rp->rand192;
5716 }
5717
5718 h256 = rp->hash256;
5719 r256 = rp->rand256;
5720 }
5721 }
5722
5723 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5724 if (!mgmt_rp)
5725 goto done;
5726
5727 if (status)
5728 goto send_rsp;
5729
5730 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5731 hdev->dev_class, 3);
5732
5733 if (h192 && r192) {
5734 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5735 EIR_SSP_HASH_C192, h192, 16);
5736 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5737 EIR_SSP_RAND_R192, r192, 16);
5738 }
5739
5740 if (h256 && r256) {
5741 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5742 EIR_SSP_HASH_C256, h256, 16);
5743 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5744 EIR_SSP_RAND_R256, r256, 16);
5745 }
5746
5747 send_rsp:
5748 mgmt_rp->type = mgmt_cp->type;
5749 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5750
5751 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5752 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5753 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5754 if (err < 0 || status)
5755 goto done;
5756
5757 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5758
5759 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5760 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5761 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5762 done:
5763 kfree(mgmt_rp);
5764 mgmt_pending_remove(cmd);
5765 }
5766
read_local_ssp_oob_req(struct hci_dev * hdev,struct sock * sk,struct mgmt_cp_read_local_oob_ext_data * cp)5767 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5768 struct mgmt_cp_read_local_oob_ext_data *cp)
5769 {
5770 struct mgmt_pending_cmd *cmd;
5771 struct hci_request req;
5772 int err;
5773
5774 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5775 cp, sizeof(*cp));
5776 if (!cmd)
5777 return -ENOMEM;
5778
5779 hci_req_init(&req, hdev);
5780
5781 if (bredr_sc_enabled(hdev))
5782 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5783 else
5784 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5785
5786 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5787 if (err < 0) {
5788 mgmt_pending_remove(cmd);
5789 return err;
5790 }
5791
5792 return 0;
5793 }
5794
read_local_oob_ext_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)5795 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5796 void *data, u16 data_len)
5797 {
5798 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5799 struct mgmt_rp_read_local_oob_ext_data *rp;
5800 size_t rp_len;
5801 u16 eir_len;
5802 u8 status, flags, role, addr[7], hash[16], rand[16];
5803 int err;
5804
5805 BT_DBG("%s", hdev->name);
5806
5807 if (hdev_is_powered(hdev)) {
5808 switch (cp->type) {
5809 case BIT(BDADDR_BREDR):
5810 status = mgmt_bredr_support(hdev);
5811 if (status)
5812 eir_len = 0;
5813 else
5814 eir_len = 5;
5815 break;
5816 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5817 status = mgmt_le_support(hdev);
5818 if (status)
5819 eir_len = 0;
5820 else
5821 eir_len = 9 + 3 + 18 + 18 + 3;
5822 break;
5823 default:
5824 status = MGMT_STATUS_INVALID_PARAMS;
5825 eir_len = 0;
5826 break;
5827 }
5828 } else {
5829 status = MGMT_STATUS_NOT_POWERED;
5830 eir_len = 0;
5831 }
5832
5833 rp_len = sizeof(*rp) + eir_len;
5834 rp = kmalloc(rp_len, GFP_ATOMIC);
5835 if (!rp)
5836 return -ENOMEM;
5837
5838 if (status)
5839 goto complete;
5840
5841 hci_dev_lock(hdev);
5842
5843 eir_len = 0;
5844 switch (cp->type) {
5845 case BIT(BDADDR_BREDR):
5846 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5847 err = read_local_ssp_oob_req(hdev, sk, cp);
5848 hci_dev_unlock(hdev);
5849 if (!err)
5850 goto done;
5851
5852 status = MGMT_STATUS_FAILED;
5853 goto complete;
5854 } else {
5855 eir_len = eir_append_data(rp->eir, eir_len,
5856 EIR_CLASS_OF_DEV,
5857 hdev->dev_class, 3);
5858 }
5859 break;
5860 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5861 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5862 smp_generate_oob(hdev, hash, rand) < 0) {
5863 hci_dev_unlock(hdev);
5864 status = MGMT_STATUS_FAILED;
5865 goto complete;
5866 }
5867
5868 /* This should return the active RPA, but since the RPA
5869 * is only programmed on demand, it is really hard to fill
5870 * this in at the moment. For now disallow retrieving
5871 * local out-of-band data when privacy is in use.
5872 *
5873 * Returning the identity address will not help here since
5874 * pairing happens before the identity resolving key is
5875 * known and thus the connection establishment happens
5876 * based on the RPA and not the identity address.
5877 */
5878 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5879 hci_dev_unlock(hdev);
5880 status = MGMT_STATUS_REJECTED;
5881 goto complete;
5882 }
5883
5884 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5885 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5886 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5887 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5888 memcpy(addr, &hdev->static_addr, 6);
5889 addr[6] = 0x01;
5890 } else {
5891 memcpy(addr, &hdev->bdaddr, 6);
5892 addr[6] = 0x00;
5893 }
5894
5895 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5896 addr, sizeof(addr));
5897
5898 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5899 role = 0x02;
5900 else
5901 role = 0x01;
5902
5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5904 &role, sizeof(role));
5905
5906 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5907 eir_len = eir_append_data(rp->eir, eir_len,
5908 EIR_LE_SC_CONFIRM,
5909 hash, sizeof(hash));
5910
5911 eir_len = eir_append_data(rp->eir, eir_len,
5912 EIR_LE_SC_RANDOM,
5913 rand, sizeof(rand));
5914 }
5915
5916 flags = mgmt_get_adv_discov_flags(hdev);
5917
5918 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5919 flags |= LE_AD_NO_BREDR;
5920
5921 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5922 &flags, sizeof(flags));
5923 break;
5924 }
5925
5926 hci_dev_unlock(hdev);
5927
5928 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5929
5930 status = MGMT_STATUS_SUCCESS;
5931
5932 complete:
5933 rp->type = cp->type;
5934 rp->eir_len = cpu_to_le16(eir_len);
5935
5936 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5937 status, rp, sizeof(*rp) + eir_len);
5938 if (err < 0 || status)
5939 goto done;
5940
5941 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5942 rp, sizeof(*rp) + eir_len,
5943 HCI_MGMT_OOB_DATA_EVENTS, sk);
5944
5945 done:
5946 kfree(rp);
5947
5948 return err;
5949 }
5950
get_supported_adv_flags(struct hci_dev * hdev)5951 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5952 {
5953 u32 flags = 0;
5954
5955 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5956 flags |= MGMT_ADV_FLAG_DISCOV;
5957 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5958 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5959 flags |= MGMT_ADV_FLAG_APPEARANCE;
5960 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5961
5962 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5963 flags |= MGMT_ADV_FLAG_TX_POWER;
5964
5965 return flags;
5966 }
5967
read_adv_features(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)5968 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5969 void *data, u16 data_len)
5970 {
5971 struct mgmt_rp_read_adv_features *rp;
5972 size_t rp_len;
5973 int err;
5974 struct adv_info *adv_instance;
5975 u32 supported_flags;
5976 u8 *instance;
5977
5978 BT_DBG("%s", hdev->name);
5979
5980 if (!lmp_le_capable(hdev))
5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5982 MGMT_STATUS_REJECTED);
5983
5984 hci_dev_lock(hdev);
5985
5986 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5987 rp = kmalloc(rp_len, GFP_ATOMIC);
5988 if (!rp) {
5989 hci_dev_unlock(hdev);
5990 return -ENOMEM;
5991 }
5992
5993 supported_flags = get_supported_adv_flags(hdev);
5994
5995 rp->supported_flags = cpu_to_le32(supported_flags);
5996 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5997 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
5998 rp->max_instances = HCI_MAX_ADV_INSTANCES;
5999 rp->num_instances = hdev->adv_instance_cnt;
6000
6001 instance = rp->instance;
6002 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6003 *instance = adv_instance->instance;
6004 instance++;
6005 }
6006
6007 hci_dev_unlock(hdev);
6008
6009 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6010 MGMT_STATUS_SUCCESS, rp, rp_len);
6011
6012 kfree(rp);
6013
6014 return err;
6015 }
6016
calculate_name_len(struct hci_dev * hdev)6017 static u8 calculate_name_len(struct hci_dev *hdev)
6018 {
6019 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6020
6021 return append_local_name(hdev, buf, 0);
6022 }
6023
tlv_data_max_len(struct hci_dev * hdev,u32 adv_flags,bool is_adv_data)6024 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6025 bool is_adv_data)
6026 {
6027 u8 max_len = HCI_MAX_AD_LENGTH;
6028
6029 if (is_adv_data) {
6030 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6031 MGMT_ADV_FLAG_LIMITED_DISCOV |
6032 MGMT_ADV_FLAG_MANAGED_FLAGS))
6033 max_len -= 3;
6034
6035 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6036 max_len -= 3;
6037 } else {
6038 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6039 max_len -= calculate_name_len(hdev);
6040
6041 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6042 max_len -= 4;
6043 }
6044
6045 return max_len;
6046 }
6047
flags_managed(u32 adv_flags)6048 static bool flags_managed(u32 adv_flags)
6049 {
6050 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6051 MGMT_ADV_FLAG_LIMITED_DISCOV |
6052 MGMT_ADV_FLAG_MANAGED_FLAGS);
6053 }
6054
tx_power_managed(u32 adv_flags)6055 static bool tx_power_managed(u32 adv_flags)
6056 {
6057 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6058 }
6059
name_managed(u32 adv_flags)6060 static bool name_managed(u32 adv_flags)
6061 {
6062 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6063 }
6064
appearance_managed(u32 adv_flags)6065 static bool appearance_managed(u32 adv_flags)
6066 {
6067 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6068 }
6069
tlv_data_is_valid(struct hci_dev * hdev,u32 adv_flags,u8 * data,u8 len,bool is_adv_data)6070 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6071 u8 len, bool is_adv_data)
6072 {
6073 int i, cur_len;
6074 u8 max_len;
6075
6076 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6077
6078 if (len > max_len)
6079 return false;
6080
6081 /* Make sure that the data is correctly formatted. */
6082 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6083 cur_len = data[i];
6084
6085 if (data[i + 1] == EIR_FLAGS &&
6086 (!is_adv_data || flags_managed(adv_flags)))
6087 return false;
6088
6089 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6090 return false;
6091
6092 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6093 return false;
6094
6095 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6096 return false;
6097
6098 if (data[i + 1] == EIR_APPEARANCE &&
6099 appearance_managed(adv_flags))
6100 return false;
6101
6102 /* If the current field length would exceed the total data
6103 * length, then it's invalid.
6104 */
6105 if (i + cur_len >= len)
6106 return false;
6107 }
6108
6109 return true;
6110 }
6111
add_advertising_complete(struct hci_dev * hdev,u8 status,u16 opcode)6112 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6113 u16 opcode)
6114 {
6115 struct mgmt_pending_cmd *cmd;
6116 struct mgmt_cp_add_advertising *cp;
6117 struct mgmt_rp_add_advertising rp;
6118 struct adv_info *adv_instance, *n;
6119 u8 instance;
6120
6121 BT_DBG("status %d", status);
6122
6123 hci_dev_lock(hdev);
6124
6125 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6126
6127 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6128 if (!adv_instance->pending)
6129 continue;
6130
6131 if (!status) {
6132 adv_instance->pending = false;
6133 continue;
6134 }
6135
6136 instance = adv_instance->instance;
6137
6138 if (hdev->cur_adv_instance == instance)
6139 cancel_adv_timeout(hdev);
6140
6141 hci_remove_adv_instance(hdev, instance);
6142 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6143 }
6144
6145 if (!cmd)
6146 goto unlock;
6147
6148 cp = cmd->param;
6149 rp.instance = cp->instance;
6150
6151 if (status)
6152 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6153 mgmt_status(status));
6154 else
6155 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6156 mgmt_status(status), &rp, sizeof(rp));
6157
6158 mgmt_pending_remove(cmd);
6159
6160 unlock:
6161 hci_dev_unlock(hdev);
6162 }
6163
add_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)6164 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6165 void *data, u16 data_len)
6166 {
6167 struct mgmt_cp_add_advertising *cp = data;
6168 struct mgmt_rp_add_advertising rp;
6169 u32 flags;
6170 u32 supported_flags;
6171 u8 status;
6172 u16 timeout, duration;
6173 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6174 u8 schedule_instance = 0;
6175 struct adv_info *next_instance;
6176 int err;
6177 struct mgmt_pending_cmd *cmd;
6178 struct hci_request req;
6179
6180 BT_DBG("%s", hdev->name);
6181
6182 status = mgmt_le_support(hdev);
6183 if (status)
6184 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6185 status);
6186
6187 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6188 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6189 MGMT_STATUS_INVALID_PARAMS);
6190
6191 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6193 MGMT_STATUS_INVALID_PARAMS);
6194
6195 flags = __le32_to_cpu(cp->flags);
6196 timeout = __le16_to_cpu(cp->timeout);
6197 duration = __le16_to_cpu(cp->duration);
6198
6199 /* The current implementation only supports a subset of the specified
6200 * flags.
6201 */
6202 supported_flags = get_supported_adv_flags(hdev);
6203 if (flags & ~supported_flags)
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6205 MGMT_STATUS_INVALID_PARAMS);
6206
6207 hci_dev_lock(hdev);
6208
6209 if (timeout && !hdev_is_powered(hdev)) {
6210 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6211 MGMT_STATUS_REJECTED);
6212 goto unlock;
6213 }
6214
6215 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6216 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6217 pending_find(MGMT_OP_SET_LE, hdev)) {
6218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6219 MGMT_STATUS_BUSY);
6220 goto unlock;
6221 }
6222
6223 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6224 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6225 cp->scan_rsp_len, false)) {
6226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6227 MGMT_STATUS_INVALID_PARAMS);
6228 goto unlock;
6229 }
6230
6231 err = hci_add_adv_instance(hdev, cp->instance, flags,
6232 cp->adv_data_len, cp->data,
6233 cp->scan_rsp_len,
6234 cp->data + cp->adv_data_len,
6235 timeout, duration);
6236 if (err < 0) {
6237 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6238 MGMT_STATUS_FAILED);
6239 goto unlock;
6240 }
6241
6242 /* Only trigger an advertising added event if a new instance was
6243 * actually added.
6244 */
6245 if (hdev->adv_instance_cnt > prev_instance_cnt)
6246 mgmt_advertising_added(sk, hdev, cp->instance);
6247
6248 if (hdev->cur_adv_instance == cp->instance) {
6249 /* If the currently advertised instance is being changed then
6250 * cancel the current advertising and schedule the next
6251 * instance. If there is only one instance then the overridden
6252 * advertising data will be visible right away.
6253 */
6254 cancel_adv_timeout(hdev);
6255
6256 next_instance = hci_get_next_instance(hdev, cp->instance);
6257 if (next_instance)
6258 schedule_instance = next_instance->instance;
6259 } else if (!hdev->adv_instance_timeout) {
6260 /* Immediately advertise the new instance if no other
6261 * instance is currently being advertised.
6262 */
6263 schedule_instance = cp->instance;
6264 }
6265
6266 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6267 * there is no instance to be advertised then we have no HCI
6268 * communication to make. Simply return.
6269 */
6270 if (!hdev_is_powered(hdev) ||
6271 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6272 !schedule_instance) {
6273 rp.instance = cp->instance;
6274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6275 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6276 goto unlock;
6277 }
6278
6279 /* We're good to go, update advertising data, parameters, and start
6280 * advertising.
6281 */
6282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6283 data_len);
6284 if (!cmd) {
6285 err = -ENOMEM;
6286 goto unlock;
6287 }
6288
6289 hci_req_init(&req, hdev);
6290
6291 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6292
6293 if (!err)
6294 err = hci_req_run(&req, add_advertising_complete);
6295
6296 if (err < 0)
6297 mgmt_pending_remove(cmd);
6298
6299 unlock:
6300 hci_dev_unlock(hdev);
6301
6302 return err;
6303 }
6304
remove_advertising_complete(struct hci_dev * hdev,u8 status,u16 opcode)6305 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6306 u16 opcode)
6307 {
6308 struct mgmt_pending_cmd *cmd;
6309 struct mgmt_cp_remove_advertising *cp;
6310 struct mgmt_rp_remove_advertising rp;
6311
6312 BT_DBG("status %d", status);
6313
6314 hci_dev_lock(hdev);
6315
6316 /* A failure status here only means that we failed to disable
6317 * advertising. Otherwise, the advertising instance has been removed,
6318 * so report success.
6319 */
6320 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6321 if (!cmd)
6322 goto unlock;
6323
6324 cp = cmd->param;
6325 rp.instance = cp->instance;
6326
6327 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6328 &rp, sizeof(rp));
6329 mgmt_pending_remove(cmd);
6330
6331 unlock:
6332 hci_dev_unlock(hdev);
6333 }
6334
remove_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)6335 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6336 void *data, u16 data_len)
6337 {
6338 struct mgmt_cp_remove_advertising *cp = data;
6339 struct mgmt_rp_remove_advertising rp;
6340 struct mgmt_pending_cmd *cmd;
6341 struct hci_request req;
6342 int err;
6343
6344 BT_DBG("%s", hdev->name);
6345
6346 hci_dev_lock(hdev);
6347
6348 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6349 err = mgmt_cmd_status(sk, hdev->id,
6350 MGMT_OP_REMOVE_ADVERTISING,
6351 MGMT_STATUS_INVALID_PARAMS);
6352 goto unlock;
6353 }
6354
6355 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6356 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6357 pending_find(MGMT_OP_SET_LE, hdev)) {
6358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6359 MGMT_STATUS_BUSY);
6360 goto unlock;
6361 }
6362
6363 if (list_empty(&hdev->adv_instances)) {
6364 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6365 MGMT_STATUS_INVALID_PARAMS);
6366 goto unlock;
6367 }
6368
6369 hci_req_init(&req, hdev);
6370
6371 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6372
6373 if (list_empty(&hdev->adv_instances))
6374 __hci_req_disable_advertising(&req);
6375
6376 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6377 * flag is set or the device isn't powered then we have no HCI
6378 * communication to make. Simply return.
6379 */
6380 if (skb_queue_empty(&req.cmd_q) ||
6381 !hdev_is_powered(hdev) ||
6382 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6383 rp.instance = cp->instance;
6384 err = mgmt_cmd_complete(sk, hdev->id,
6385 MGMT_OP_REMOVE_ADVERTISING,
6386 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6387 goto unlock;
6388 }
6389
6390 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6391 data_len);
6392 if (!cmd) {
6393 err = -ENOMEM;
6394 goto unlock;
6395 }
6396
6397 err = hci_req_run(&req, remove_advertising_complete);
6398 if (err < 0)
6399 mgmt_pending_remove(cmd);
6400
6401 unlock:
6402 hci_dev_unlock(hdev);
6403
6404 return err;
6405 }
6406
get_adv_size_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)6407 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6408 void *data, u16 data_len)
6409 {
6410 struct mgmt_cp_get_adv_size_info *cp = data;
6411 struct mgmt_rp_get_adv_size_info rp;
6412 u32 flags, supported_flags;
6413 int err;
6414
6415 BT_DBG("%s", hdev->name);
6416
6417 if (!lmp_le_capable(hdev))
6418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6419 MGMT_STATUS_REJECTED);
6420
6421 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6423 MGMT_STATUS_INVALID_PARAMS);
6424
6425 flags = __le32_to_cpu(cp->flags);
6426
6427 /* The current implementation only supports a subset of the specified
6428 * flags.
6429 */
6430 supported_flags = get_supported_adv_flags(hdev);
6431 if (flags & ~supported_flags)
6432 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6433 MGMT_STATUS_INVALID_PARAMS);
6434
6435 rp.instance = cp->instance;
6436 rp.flags = cp->flags;
6437 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6438 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6439
6440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6441 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6442
6443 return err;
6444 }
6445
6446 static const struct hci_mgmt_handler mgmt_handlers[] = {
6447 { NULL }, /* 0x0000 (no command) */
6448 { read_version, MGMT_READ_VERSION_SIZE,
6449 HCI_MGMT_NO_HDEV |
6450 HCI_MGMT_UNTRUSTED },
6451 { read_commands, MGMT_READ_COMMANDS_SIZE,
6452 HCI_MGMT_NO_HDEV |
6453 HCI_MGMT_UNTRUSTED },
6454 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6455 HCI_MGMT_NO_HDEV |
6456 HCI_MGMT_UNTRUSTED },
6457 { read_controller_info, MGMT_READ_INFO_SIZE,
6458 HCI_MGMT_UNTRUSTED },
6459 { set_powered, MGMT_SETTING_SIZE },
6460 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6461 { set_connectable, MGMT_SETTING_SIZE },
6462 { set_fast_connectable, MGMT_SETTING_SIZE },
6463 { set_bondable, MGMT_SETTING_SIZE },
6464 { set_link_security, MGMT_SETTING_SIZE },
6465 { set_ssp, MGMT_SETTING_SIZE },
6466 { set_hs, MGMT_SETTING_SIZE },
6467 { set_le, MGMT_SETTING_SIZE },
6468 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6469 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6470 { add_uuid, MGMT_ADD_UUID_SIZE },
6471 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6472 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6473 HCI_MGMT_VAR_LEN },
6474 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6475 HCI_MGMT_VAR_LEN },
6476 { disconnect, MGMT_DISCONNECT_SIZE },
6477 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6478 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6479 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6480 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6481 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6482 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6483 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6484 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6485 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6486 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6487 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6488 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6489 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6490 HCI_MGMT_VAR_LEN },
6491 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6492 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6493 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6494 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6495 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6496 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6497 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6498 { set_advertising, MGMT_SETTING_SIZE },
6499 { set_bredr, MGMT_SETTING_SIZE },
6500 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6501 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6502 { set_secure_conn, MGMT_SETTING_SIZE },
6503 { set_debug_keys, MGMT_SETTING_SIZE },
6504 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6505 { load_irks, MGMT_LOAD_IRKS_SIZE,
6506 HCI_MGMT_VAR_LEN },
6507 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6508 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6509 { add_device, MGMT_ADD_DEVICE_SIZE },
6510 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6511 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6512 HCI_MGMT_VAR_LEN },
6513 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6514 HCI_MGMT_NO_HDEV |
6515 HCI_MGMT_UNTRUSTED },
6516 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6517 HCI_MGMT_UNCONFIGURED |
6518 HCI_MGMT_UNTRUSTED },
6519 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6520 HCI_MGMT_UNCONFIGURED },
6521 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6522 HCI_MGMT_UNCONFIGURED },
6523 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6524 HCI_MGMT_VAR_LEN },
6525 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6526 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6527 HCI_MGMT_NO_HDEV |
6528 HCI_MGMT_UNTRUSTED },
6529 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6530 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6531 HCI_MGMT_VAR_LEN },
6532 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6533 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6534 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6535 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6536 HCI_MGMT_UNTRUSTED },
6537 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6538 };
6539
mgmt_index_added(struct hci_dev * hdev)6540 void mgmt_index_added(struct hci_dev *hdev)
6541 {
6542 struct mgmt_ev_ext_index ev;
6543
6544 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6545 return;
6546
6547 switch (hdev->dev_type) {
6548 case HCI_PRIMARY:
6549 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6550 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6551 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6552 ev.type = 0x01;
6553 } else {
6554 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6555 HCI_MGMT_INDEX_EVENTS);
6556 ev.type = 0x00;
6557 }
6558 break;
6559 case HCI_AMP:
6560 ev.type = 0x02;
6561 break;
6562 default:
6563 return;
6564 }
6565
6566 ev.bus = hdev->bus;
6567
6568 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6569 HCI_MGMT_EXT_INDEX_EVENTS);
6570 }
6571
mgmt_index_removed(struct hci_dev * hdev)6572 void mgmt_index_removed(struct hci_dev *hdev)
6573 {
6574 struct mgmt_ev_ext_index ev;
6575 u8 status = MGMT_STATUS_INVALID_INDEX;
6576
6577 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6578 return;
6579
6580 switch (hdev->dev_type) {
6581 case HCI_PRIMARY:
6582 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6583
6584 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6585 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6586 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6587 ev.type = 0x01;
6588 } else {
6589 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6590 HCI_MGMT_INDEX_EVENTS);
6591 ev.type = 0x00;
6592 }
6593 break;
6594 case HCI_AMP:
6595 ev.type = 0x02;
6596 break;
6597 default:
6598 return;
6599 }
6600
6601 ev.bus = hdev->bus;
6602
6603 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6604 HCI_MGMT_EXT_INDEX_EVENTS);
6605 }
6606
6607 /* This function requires the caller holds hdev->lock */
restart_le_actions(struct hci_dev * hdev)6608 static void restart_le_actions(struct hci_dev *hdev)
6609 {
6610 struct hci_conn_params *p;
6611
6612 list_for_each_entry(p, &hdev->le_conn_params, list) {
6613 /* Needed for AUTO_OFF case where might not "really"
6614 * have been powered off.
6615 */
6616 list_del_init(&p->action);
6617
6618 switch (p->auto_connect) {
6619 case HCI_AUTO_CONN_DIRECT:
6620 case HCI_AUTO_CONN_ALWAYS:
6621 list_add(&p->action, &hdev->pend_le_conns);
6622 break;
6623 case HCI_AUTO_CONN_REPORT:
6624 list_add(&p->action, &hdev->pend_le_reports);
6625 break;
6626 default:
6627 break;
6628 }
6629 }
6630 }
6631
mgmt_power_on(struct hci_dev * hdev,int err)6632 void mgmt_power_on(struct hci_dev *hdev, int err)
6633 {
6634 struct cmd_lookup match = { NULL, hdev };
6635
6636 BT_DBG("err %d", err);
6637
6638 hci_dev_lock(hdev);
6639
6640 if (!err) {
6641 restart_le_actions(hdev);
6642 hci_update_background_scan(hdev);
6643 }
6644
6645 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6646
6647 new_settings(hdev, match.sk);
6648
6649 if (match.sk)
6650 sock_put(match.sk);
6651
6652 hci_dev_unlock(hdev);
6653 }
6654
__mgmt_power_off(struct hci_dev * hdev)6655 void __mgmt_power_off(struct hci_dev *hdev)
6656 {
6657 struct cmd_lookup match = { NULL, hdev };
6658 u8 status, zero_cod[] = { 0, 0, 0 };
6659
6660 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6661
6662 /* If the power off is because of hdev unregistration let
6663 * use the appropriate INVALID_INDEX status. Otherwise use
6664 * NOT_POWERED. We cover both scenarios here since later in
6665 * mgmt_index_removed() any hci_conn callbacks will have already
6666 * been triggered, potentially causing misleading DISCONNECTED
6667 * status responses.
6668 */
6669 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6670 status = MGMT_STATUS_INVALID_INDEX;
6671 else
6672 status = MGMT_STATUS_NOT_POWERED;
6673
6674 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6675
6676 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6677 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6678 zero_cod, sizeof(zero_cod),
6679 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6680 ext_info_changed(hdev, NULL);
6681 }
6682
6683 new_settings(hdev, match.sk);
6684
6685 if (match.sk)
6686 sock_put(match.sk);
6687 }
6688
mgmt_set_powered_failed(struct hci_dev * hdev,int err)6689 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6690 {
6691 struct mgmt_pending_cmd *cmd;
6692 u8 status;
6693
6694 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6695 if (!cmd)
6696 return;
6697
6698 if (err == -ERFKILL)
6699 status = MGMT_STATUS_RFKILLED;
6700 else
6701 status = MGMT_STATUS_FAILED;
6702
6703 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6704
6705 mgmt_pending_remove(cmd);
6706 }
6707
mgmt_new_link_key(struct hci_dev * hdev,struct link_key * key,bool persistent)6708 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6709 bool persistent)
6710 {
6711 struct mgmt_ev_new_link_key ev;
6712
6713 memset(&ev, 0, sizeof(ev));
6714
6715 ev.store_hint = persistent;
6716 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6717 ev.key.addr.type = BDADDR_BREDR;
6718 ev.key.type = key->type;
6719 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6720 ev.key.pin_len = key->pin_len;
6721
6722 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6723 }
6724
mgmt_ltk_type(struct smp_ltk * ltk)6725 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6726 {
6727 switch (ltk->type) {
6728 case SMP_LTK:
6729 case SMP_LTK_SLAVE:
6730 if (ltk->authenticated)
6731 return MGMT_LTK_AUTHENTICATED;
6732 return MGMT_LTK_UNAUTHENTICATED;
6733 case SMP_LTK_P256:
6734 if (ltk->authenticated)
6735 return MGMT_LTK_P256_AUTH;
6736 return MGMT_LTK_P256_UNAUTH;
6737 case SMP_LTK_P256_DEBUG:
6738 return MGMT_LTK_P256_DEBUG;
6739 }
6740
6741 return MGMT_LTK_UNAUTHENTICATED;
6742 }
6743
mgmt_new_ltk(struct hci_dev * hdev,struct smp_ltk * key,bool persistent)6744 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6745 {
6746 struct mgmt_ev_new_long_term_key ev;
6747
6748 memset(&ev, 0, sizeof(ev));
6749
6750 /* Devices using resolvable or non-resolvable random addresses
6751 * without providing an identity resolving key don't require
6752 * to store long term keys. Their addresses will change the
6753 * next time around.
6754 *
6755 * Only when a remote device provides an identity address
6756 * make sure the long term key is stored. If the remote
6757 * identity is known, the long term keys are internally
6758 * mapped to the identity address. So allow static random
6759 * and public addresses here.
6760 */
6761 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6762 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6763 ev.store_hint = 0x00;
6764 else
6765 ev.store_hint = persistent;
6766
6767 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6768 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6769 ev.key.type = mgmt_ltk_type(key);
6770 ev.key.enc_size = key->enc_size;
6771 ev.key.ediv = key->ediv;
6772 ev.key.rand = key->rand;
6773
6774 if (key->type == SMP_LTK)
6775 ev.key.master = 1;
6776
6777 /* Make sure we copy only the significant bytes based on the
6778 * encryption key size, and set the rest of the value to zeroes.
6779 */
6780 memcpy(ev.key.val, key->val, key->enc_size);
6781 memset(ev.key.val + key->enc_size, 0,
6782 sizeof(ev.key.val) - key->enc_size);
6783
6784 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6785 }
6786
mgmt_new_irk(struct hci_dev * hdev,struct smp_irk * irk,bool persistent)6787 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6788 {
6789 struct mgmt_ev_new_irk ev;
6790
6791 memset(&ev, 0, sizeof(ev));
6792
6793 ev.store_hint = persistent;
6794
6795 bacpy(&ev.rpa, &irk->rpa);
6796 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6797 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6798 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6799
6800 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6801 }
6802
mgmt_new_csrk(struct hci_dev * hdev,struct smp_csrk * csrk,bool persistent)6803 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6804 bool persistent)
6805 {
6806 struct mgmt_ev_new_csrk ev;
6807
6808 memset(&ev, 0, sizeof(ev));
6809
6810 /* Devices using resolvable or non-resolvable random addresses
6811 * without providing an identity resolving key don't require
6812 * to store signature resolving keys. Their addresses will change
6813 * the next time around.
6814 *
6815 * Only when a remote device provides an identity address
6816 * make sure the signature resolving key is stored. So allow
6817 * static random and public addresses here.
6818 */
6819 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6820 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6821 ev.store_hint = 0x00;
6822 else
6823 ev.store_hint = persistent;
6824
6825 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6826 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6827 ev.key.type = csrk->type;
6828 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6829
6830 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6831 }
6832
mgmt_new_conn_param(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 bdaddr_type,u8 store_hint,u16 min_interval,u16 max_interval,u16 latency,u16 timeout)6833 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6834 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6835 u16 max_interval, u16 latency, u16 timeout)
6836 {
6837 struct mgmt_ev_new_conn_param ev;
6838
6839 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6840 return;
6841
6842 memset(&ev, 0, sizeof(ev));
6843 bacpy(&ev.addr.bdaddr, bdaddr);
6844 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6845 ev.store_hint = store_hint;
6846 ev.min_interval = cpu_to_le16(min_interval);
6847 ev.max_interval = cpu_to_le16(max_interval);
6848 ev.latency = cpu_to_le16(latency);
6849 ev.timeout = cpu_to_le16(timeout);
6850
6851 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6852 }
6853
mgmt_device_connected(struct hci_dev * hdev,struct hci_conn * conn,u32 flags,u8 * name,u8 name_len)6854 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6855 u32 flags, u8 *name, u8 name_len)
6856 {
6857 char buf[512];
6858 struct mgmt_ev_device_connected *ev = (void *) buf;
6859 u16 eir_len = 0;
6860
6861 bacpy(&ev->addr.bdaddr, &conn->dst);
6862 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6863
6864 ev->flags = __cpu_to_le32(flags);
6865
6866 /* We must ensure that the EIR Data fields are ordered and
6867 * unique. Keep it simple for now and avoid the problem by not
6868 * adding any BR/EDR data to the LE adv.
6869 */
6870 if (conn->le_adv_data_len > 0) {
6871 memcpy(&ev->eir[eir_len],
6872 conn->le_adv_data, conn->le_adv_data_len);
6873 eir_len = conn->le_adv_data_len;
6874 } else {
6875 if (name_len > 0)
6876 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6877 name, name_len);
6878
6879 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6880 eir_len = eir_append_data(ev->eir, eir_len,
6881 EIR_CLASS_OF_DEV,
6882 conn->dev_class, 3);
6883 }
6884
6885 ev->eir_len = cpu_to_le16(eir_len);
6886
6887 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6888 sizeof(*ev) + eir_len, NULL);
6889 }
6890
disconnect_rsp(struct mgmt_pending_cmd * cmd,void * data)6891 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6892 {
6893 struct sock **sk = data;
6894
6895 cmd->cmd_complete(cmd, 0);
6896
6897 *sk = cmd->sk;
6898 sock_hold(*sk);
6899
6900 mgmt_pending_remove(cmd);
6901 }
6902
unpair_device_rsp(struct mgmt_pending_cmd * cmd,void * data)6903 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6904 {
6905 struct hci_dev *hdev = data;
6906 struct mgmt_cp_unpair_device *cp = cmd->param;
6907
6908 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6909
6910 cmd->cmd_complete(cmd, 0);
6911 mgmt_pending_remove(cmd);
6912 }
6913
mgmt_powering_down(struct hci_dev * hdev)6914 bool mgmt_powering_down(struct hci_dev *hdev)
6915 {
6916 struct mgmt_pending_cmd *cmd;
6917 struct mgmt_mode *cp;
6918
6919 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6920 if (!cmd)
6921 return false;
6922
6923 cp = cmd->param;
6924 if (!cp->val)
6925 return true;
6926
6927 return false;
6928 }
6929
mgmt_device_disconnected(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 reason,bool mgmt_connected)6930 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6931 u8 link_type, u8 addr_type, u8 reason,
6932 bool mgmt_connected)
6933 {
6934 struct mgmt_ev_device_disconnected ev;
6935 struct sock *sk = NULL;
6936
6937 /* The connection is still in hci_conn_hash so test for 1
6938 * instead of 0 to know if this is the last one.
6939 */
6940 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6941 cancel_delayed_work(&hdev->power_off);
6942 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6943 }
6944
6945 if (!mgmt_connected)
6946 return;
6947
6948 if (link_type != ACL_LINK && link_type != LE_LINK)
6949 return;
6950
6951 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6952
6953 bacpy(&ev.addr.bdaddr, bdaddr);
6954 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6955 ev.reason = reason;
6956
6957 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6958
6959 if (sk)
6960 sock_put(sk);
6961
6962 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6963 hdev);
6964 }
6965
mgmt_disconnect_failed(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)6966 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6967 u8 link_type, u8 addr_type, u8 status)
6968 {
6969 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6970 struct mgmt_cp_disconnect *cp;
6971 struct mgmt_pending_cmd *cmd;
6972
6973 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6974 hdev);
6975
6976 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6977 if (!cmd)
6978 return;
6979
6980 cp = cmd->param;
6981
6982 if (bacmp(bdaddr, &cp->addr.bdaddr))
6983 return;
6984
6985 if (cp->addr.type != bdaddr_type)
6986 return;
6987
6988 cmd->cmd_complete(cmd, mgmt_status(status));
6989 mgmt_pending_remove(cmd);
6990 }
6991
mgmt_connect_failed(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)6992 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6993 u8 addr_type, u8 status)
6994 {
6995 struct mgmt_ev_connect_failed ev;
6996
6997 /* The connection is still in hci_conn_hash so test for 1
6998 * instead of 0 to know if this is the last one.
6999 */
7000 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7001 cancel_delayed_work(&hdev->power_off);
7002 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7003 }
7004
7005 bacpy(&ev.addr.bdaddr, bdaddr);
7006 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7007 ev.status = mgmt_status(status);
7008
7009 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7010 }
7011
mgmt_pin_code_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 secure)7012 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7013 {
7014 struct mgmt_ev_pin_code_request ev;
7015
7016 bacpy(&ev.addr.bdaddr, bdaddr);
7017 ev.addr.type = BDADDR_BREDR;
7018 ev.secure = secure;
7019
7020 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7021 }
7022
mgmt_pin_code_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 status)7023 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7024 u8 status)
7025 {
7026 struct mgmt_pending_cmd *cmd;
7027
7028 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7029 if (!cmd)
7030 return;
7031
7032 cmd->cmd_complete(cmd, mgmt_status(status));
7033 mgmt_pending_remove(cmd);
7034 }
7035
mgmt_pin_code_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 status)7036 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7037 u8 status)
7038 {
7039 struct mgmt_pending_cmd *cmd;
7040
7041 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7042 if (!cmd)
7043 return;
7044
7045 cmd->cmd_complete(cmd, mgmt_status(status));
7046 mgmt_pending_remove(cmd);
7047 }
7048
mgmt_user_confirm_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u32 value,u8 confirm_hint)7049 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7050 u8 link_type, u8 addr_type, u32 value,
7051 u8 confirm_hint)
7052 {
7053 struct mgmt_ev_user_confirm_request ev;
7054
7055 BT_DBG("%s", hdev->name);
7056
7057 bacpy(&ev.addr.bdaddr, bdaddr);
7058 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7059 ev.confirm_hint = confirm_hint;
7060 ev.value = cpu_to_le32(value);
7061
7062 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7063 NULL);
7064 }
7065
mgmt_user_passkey_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type)7066 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7067 u8 link_type, u8 addr_type)
7068 {
7069 struct mgmt_ev_user_passkey_request ev;
7070
7071 BT_DBG("%s", hdev->name);
7072
7073 bacpy(&ev.addr.bdaddr, bdaddr);
7074 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7075
7076 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7077 NULL);
7078 }
7079
user_pairing_resp_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status,u8 opcode)7080 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7081 u8 link_type, u8 addr_type, u8 status,
7082 u8 opcode)
7083 {
7084 struct mgmt_pending_cmd *cmd;
7085
7086 cmd = pending_find(opcode, hdev);
7087 if (!cmd)
7088 return -ENOENT;
7089
7090 cmd->cmd_complete(cmd, mgmt_status(status));
7091 mgmt_pending_remove(cmd);
7092
7093 return 0;
7094 }
7095
mgmt_user_confirm_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)7096 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7097 u8 link_type, u8 addr_type, u8 status)
7098 {
7099 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7100 status, MGMT_OP_USER_CONFIRM_REPLY);
7101 }
7102
mgmt_user_confirm_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)7103 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7104 u8 link_type, u8 addr_type, u8 status)
7105 {
7106 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7107 status,
7108 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7109 }
7110
mgmt_user_passkey_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)7111 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7112 u8 link_type, u8 addr_type, u8 status)
7113 {
7114 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7115 status, MGMT_OP_USER_PASSKEY_REPLY);
7116 }
7117
mgmt_user_passkey_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)7118 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7119 u8 link_type, u8 addr_type, u8 status)
7120 {
7121 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7122 status,
7123 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7124 }
7125
mgmt_user_passkey_notify(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u32 passkey,u8 entered)7126 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7127 u8 link_type, u8 addr_type, u32 passkey,
7128 u8 entered)
7129 {
7130 struct mgmt_ev_passkey_notify ev;
7131
7132 BT_DBG("%s", hdev->name);
7133
7134 bacpy(&ev.addr.bdaddr, bdaddr);
7135 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7136 ev.passkey = __cpu_to_le32(passkey);
7137 ev.entered = entered;
7138
7139 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7140 }
7141
mgmt_auth_failed(struct hci_conn * conn,u8 hci_status)7142 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7143 {
7144 struct mgmt_ev_auth_failed ev;
7145 struct mgmt_pending_cmd *cmd;
7146 u8 status = mgmt_status(hci_status);
7147
7148 bacpy(&ev.addr.bdaddr, &conn->dst);
7149 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7150 ev.status = status;
7151
7152 cmd = find_pairing(conn);
7153
7154 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7155 cmd ? cmd->sk : NULL);
7156
7157 if (cmd) {
7158 cmd->cmd_complete(cmd, status);
7159 mgmt_pending_remove(cmd);
7160 }
7161 }
7162
mgmt_auth_enable_complete(struct hci_dev * hdev,u8 status)7163 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7164 {
7165 struct cmd_lookup match = { NULL, hdev };
7166 bool changed;
7167
7168 if (status) {
7169 u8 mgmt_err = mgmt_status(status);
7170 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7171 cmd_status_rsp, &mgmt_err);
7172 return;
7173 }
7174
7175 if (test_bit(HCI_AUTH, &hdev->flags))
7176 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7177 else
7178 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7179
7180 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7181 &match);
7182
7183 if (changed)
7184 new_settings(hdev, match.sk);
7185
7186 if (match.sk)
7187 sock_put(match.sk);
7188 }
7189
clear_eir(struct hci_request * req)7190 static void clear_eir(struct hci_request *req)
7191 {
7192 struct hci_dev *hdev = req->hdev;
7193 struct hci_cp_write_eir cp;
7194
7195 if (!lmp_ext_inq_capable(hdev))
7196 return;
7197
7198 memset(hdev->eir, 0, sizeof(hdev->eir));
7199
7200 memset(&cp, 0, sizeof(cp));
7201
7202 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7203 }
7204
mgmt_ssp_enable_complete(struct hci_dev * hdev,u8 enable,u8 status)7205 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7206 {
7207 struct cmd_lookup match = { NULL, hdev };
7208 struct hci_request req;
7209 bool changed = false;
7210
7211 if (status) {
7212 u8 mgmt_err = mgmt_status(status);
7213
7214 if (enable && hci_dev_test_and_clear_flag(hdev,
7215 HCI_SSP_ENABLED)) {
7216 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7217 new_settings(hdev, NULL);
7218 }
7219
7220 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7221 &mgmt_err);
7222 return;
7223 }
7224
7225 if (enable) {
7226 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7227 } else {
7228 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7229 if (!changed)
7230 changed = hci_dev_test_and_clear_flag(hdev,
7231 HCI_HS_ENABLED);
7232 else
7233 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7234 }
7235
7236 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7237
7238 if (changed)
7239 new_settings(hdev, match.sk);
7240
7241 if (match.sk)
7242 sock_put(match.sk);
7243
7244 hci_req_init(&req, hdev);
7245
7246 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7247 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7248 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7249 sizeof(enable), &enable);
7250 __hci_req_update_eir(&req);
7251 } else {
7252 clear_eir(&req);
7253 }
7254
7255 hci_req_run(&req, NULL);
7256 }
7257
sk_lookup(struct mgmt_pending_cmd * cmd,void * data)7258 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7259 {
7260 struct cmd_lookup *match = data;
7261
7262 if (match->sk == NULL) {
7263 match->sk = cmd->sk;
7264 sock_hold(match->sk);
7265 }
7266 }
7267
mgmt_set_class_of_dev_complete(struct hci_dev * hdev,u8 * dev_class,u8 status)7268 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7269 u8 status)
7270 {
7271 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7272
7273 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7274 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7275 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7276
7277 if (!status) {
7278 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7279 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7280 ext_info_changed(hdev, NULL);
7281 }
7282
7283 if (match.sk)
7284 sock_put(match.sk);
7285 }
7286
mgmt_set_local_name_complete(struct hci_dev * hdev,u8 * name,u8 status)7287 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7288 {
7289 struct mgmt_cp_set_local_name ev;
7290 struct mgmt_pending_cmd *cmd;
7291
7292 if (status)
7293 return;
7294
7295 memset(&ev, 0, sizeof(ev));
7296 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7297 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7298
7299 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7300 if (!cmd) {
7301 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7302
7303 /* If this is a HCI command related to powering on the
7304 * HCI dev don't send any mgmt signals.
7305 */
7306 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7307 return;
7308 }
7309
7310 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7311 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7312 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7313 }
7314
has_uuid(u8 * uuid,u16 uuid_count,u8 (* uuids)[16])7315 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7316 {
7317 int i;
7318
7319 for (i = 0; i < uuid_count; i++) {
7320 if (!memcmp(uuid, uuids[i], 16))
7321 return true;
7322 }
7323
7324 return false;
7325 }
7326
eir_has_uuids(u8 * eir,u16 eir_len,u16 uuid_count,u8 (* uuids)[16])7327 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7328 {
7329 u16 parsed = 0;
7330
7331 while (parsed < eir_len) {
7332 u8 field_len = eir[0];
7333 u8 uuid[16];
7334 int i;
7335
7336 if (field_len == 0)
7337 break;
7338
7339 if (eir_len - parsed < field_len + 1)
7340 break;
7341
7342 switch (eir[1]) {
7343 case EIR_UUID16_ALL:
7344 case EIR_UUID16_SOME:
7345 for (i = 0; i + 3 <= field_len; i += 2) {
7346 memcpy(uuid, bluetooth_base_uuid, 16);
7347 uuid[13] = eir[i + 3];
7348 uuid[12] = eir[i + 2];
7349 if (has_uuid(uuid, uuid_count, uuids))
7350 return true;
7351 }
7352 break;
7353 case EIR_UUID32_ALL:
7354 case EIR_UUID32_SOME:
7355 for (i = 0; i + 5 <= field_len; i += 4) {
7356 memcpy(uuid, bluetooth_base_uuid, 16);
7357 uuid[15] = eir[i + 5];
7358 uuid[14] = eir[i + 4];
7359 uuid[13] = eir[i + 3];
7360 uuid[12] = eir[i + 2];
7361 if (has_uuid(uuid, uuid_count, uuids))
7362 return true;
7363 }
7364 break;
7365 case EIR_UUID128_ALL:
7366 case EIR_UUID128_SOME:
7367 for (i = 0; i + 17 <= field_len; i += 16) {
7368 memcpy(uuid, eir + i + 2, 16);
7369 if (has_uuid(uuid, uuid_count, uuids))
7370 return true;
7371 }
7372 break;
7373 }
7374
7375 parsed += field_len + 1;
7376 eir += field_len + 1;
7377 }
7378
7379 return false;
7380 }
7381
restart_le_scan(struct hci_dev * hdev)7382 static void restart_le_scan(struct hci_dev *hdev)
7383 {
7384 /* If controller is not scanning we are done. */
7385 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7386 return;
7387
7388 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7389 hdev->discovery.scan_start +
7390 hdev->discovery.scan_duration))
7391 return;
7392
7393 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7394 DISCOV_LE_RESTART_DELAY);
7395 }
7396
is_filter_match(struct hci_dev * hdev,s8 rssi,u8 * eir,u16 eir_len,u8 * scan_rsp,u8 scan_rsp_len)7397 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7398 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7399 {
7400 /* If a RSSI threshold has been specified, and
7401 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7402 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7403 * is set, let it through for further processing, as we might need to
7404 * restart the scan.
7405 *
7406 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7407 * the results are also dropped.
7408 */
7409 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7410 (rssi == HCI_RSSI_INVALID ||
7411 (rssi < hdev->discovery.rssi &&
7412 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7413 return false;
7414
7415 if (hdev->discovery.uuid_count != 0) {
7416 /* If a list of UUIDs is provided in filter, results with no
7417 * matching UUID should be dropped.
7418 */
7419 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7420 hdev->discovery.uuids) &&
7421 !eir_has_uuids(scan_rsp, scan_rsp_len,
7422 hdev->discovery.uuid_count,
7423 hdev->discovery.uuids))
7424 return false;
7425 }
7426
7427 /* If duplicate filtering does not report RSSI changes, then restart
7428 * scanning to ensure updated result with updated RSSI values.
7429 */
7430 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7431 restart_le_scan(hdev);
7432
7433 /* Validate RSSI value against the RSSI threshold once more. */
7434 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7435 rssi < hdev->discovery.rssi)
7436 return false;
7437 }
7438
7439 return true;
7440 }
7441
mgmt_device_found(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 * dev_class,s8 rssi,u32 flags,u8 * eir,u16 eir_len,u8 * scan_rsp,u8 scan_rsp_len)7442 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7443 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7444 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7445 {
7446 char buf[512];
7447 struct mgmt_ev_device_found *ev = (void *)buf;
7448 size_t ev_size;
7449
7450 /* Don't send events for a non-kernel initiated discovery. With
7451 * LE one exception is if we have pend_le_reports > 0 in which
7452 * case we're doing passive scanning and want these events.
7453 */
7454 if (!hci_discovery_active(hdev)) {
7455 if (link_type == ACL_LINK)
7456 return;
7457 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7458 return;
7459 }
7460
7461 if (hdev->discovery.result_filtering) {
7462 /* We are using service discovery */
7463 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7464 scan_rsp_len))
7465 return;
7466 }
7467
7468 if (hdev->discovery.limited) {
7469 /* Check for limited discoverable bit */
7470 if (dev_class) {
7471 if (!(dev_class[1] & 0x20))
7472 return;
7473 } else {
7474 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7475 if (!flags || !(flags[0] & LE_AD_LIMITED))
7476 return;
7477 }
7478 }
7479
7480 /* Make sure that the buffer is big enough. The 5 extra bytes
7481 * are for the potential CoD field.
7482 */
7483 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7484 return;
7485
7486 memset(buf, 0, sizeof(buf));
7487
7488 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7489 * RSSI value was reported as 0 when not available. This behavior
7490 * is kept when using device discovery. This is required for full
7491 * backwards compatibility with the API.
7492 *
7493 * However when using service discovery, the value 127 will be
7494 * returned when the RSSI is not available.
7495 */
7496 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7497 link_type == ACL_LINK)
7498 rssi = 0;
7499
7500 bacpy(&ev->addr.bdaddr, bdaddr);
7501 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7502 ev->rssi = rssi;
7503 ev->flags = cpu_to_le32(flags);
7504
7505 if (eir_len > 0)
7506 /* Copy EIR or advertising data into event */
7507 memcpy(ev->eir, eir, eir_len);
7508
7509 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7510 NULL))
7511 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7512 dev_class, 3);
7513
7514 if (scan_rsp_len > 0)
7515 /* Append scan response data to event */
7516 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7517
7518 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7519 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7520
7521 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7522 }
7523
mgmt_remote_name(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,s8 rssi,u8 * name,u8 name_len)7524 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7525 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7526 {
7527 struct mgmt_ev_device_found *ev;
7528 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7529 u16 eir_len;
7530
7531 ev = (struct mgmt_ev_device_found *) buf;
7532
7533 memset(buf, 0, sizeof(buf));
7534
7535 bacpy(&ev->addr.bdaddr, bdaddr);
7536 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7537 ev->rssi = rssi;
7538
7539 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7540 name_len);
7541
7542 ev->eir_len = cpu_to_le16(eir_len);
7543
7544 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7545 }
7546
mgmt_discovering(struct hci_dev * hdev,u8 discovering)7547 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7548 {
7549 struct mgmt_ev_discovering ev;
7550
7551 BT_DBG("%s discovering %u", hdev->name, discovering);
7552
7553 memset(&ev, 0, sizeof(ev));
7554 ev.type = hdev->discovery.type;
7555 ev.discovering = discovering;
7556
7557 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7558 }
7559
7560 static struct hci_mgmt_chan chan = {
7561 .channel = HCI_CHANNEL_CONTROL,
7562 .handler_count = ARRAY_SIZE(mgmt_handlers),
7563 .handlers = mgmt_handlers,
7564 .hdev_init = mgmt_init_hdev,
7565 };
7566
mgmt_init(void)7567 int mgmt_init(void)
7568 {
7569 return hci_mgmt_chan_register(&chan);
7570 }
7571
mgmt_exit(void)7572 void mgmt_exit(void)
7573 {
7574 hci_mgmt_chan_unregister(&chan);
7575 }
7576