1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "hci_request.h" 37 #include "smp.h" 38 #include "mgmt_util.h" 39 40 #define MGMT_VERSION 1 41 #define MGMT_REVISION 11 42 43 static const u16 mgmt_commands[] = { 44 MGMT_OP_READ_INDEX_LIST, 45 MGMT_OP_READ_INFO, 46 MGMT_OP_SET_POWERED, 47 MGMT_OP_SET_DISCOVERABLE, 48 MGMT_OP_SET_CONNECTABLE, 49 MGMT_OP_SET_FAST_CONNECTABLE, 50 MGMT_OP_SET_BONDABLE, 51 MGMT_OP_SET_LINK_SECURITY, 52 MGMT_OP_SET_SSP, 53 MGMT_OP_SET_HS, 54 MGMT_OP_SET_LE, 55 MGMT_OP_SET_DEV_CLASS, 56 MGMT_OP_SET_LOCAL_NAME, 57 MGMT_OP_ADD_UUID, 58 MGMT_OP_REMOVE_UUID, 59 MGMT_OP_LOAD_LINK_KEYS, 60 MGMT_OP_LOAD_LONG_TERM_KEYS, 61 MGMT_OP_DISCONNECT, 62 MGMT_OP_GET_CONNECTIONS, 63 MGMT_OP_PIN_CODE_REPLY, 64 MGMT_OP_PIN_CODE_NEG_REPLY, 65 MGMT_OP_SET_IO_CAPABILITY, 66 MGMT_OP_PAIR_DEVICE, 67 MGMT_OP_CANCEL_PAIR_DEVICE, 68 MGMT_OP_UNPAIR_DEVICE, 69 MGMT_OP_USER_CONFIRM_REPLY, 70 MGMT_OP_USER_CONFIRM_NEG_REPLY, 71 MGMT_OP_USER_PASSKEY_REPLY, 72 MGMT_OP_USER_PASSKEY_NEG_REPLY, 73 MGMT_OP_READ_LOCAL_OOB_DATA, 74 MGMT_OP_ADD_REMOTE_OOB_DATA, 75 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 76 MGMT_OP_START_DISCOVERY, 77 MGMT_OP_STOP_DISCOVERY, 78 MGMT_OP_CONFIRM_NAME, 79 MGMT_OP_BLOCK_DEVICE, 80 MGMT_OP_UNBLOCK_DEVICE, 81 MGMT_OP_SET_DEVICE_ID, 82 MGMT_OP_SET_ADVERTISING, 83 MGMT_OP_SET_BREDR, 84 MGMT_OP_SET_STATIC_ADDRESS, 85 MGMT_OP_SET_SCAN_PARAMS, 86 MGMT_OP_SET_SECURE_CONN, 87 MGMT_OP_SET_DEBUG_KEYS, 88 MGMT_OP_SET_PRIVACY, 89 MGMT_OP_LOAD_IRKS, 90 MGMT_OP_GET_CONN_INFO, 91 MGMT_OP_GET_CLOCK_INFO, 92 MGMT_OP_ADD_DEVICE, 93 MGMT_OP_REMOVE_DEVICE, 94 MGMT_OP_LOAD_CONN_PARAM, 95 MGMT_OP_READ_UNCONF_INDEX_LIST, 96 MGMT_OP_READ_CONFIG_INFO, 97 MGMT_OP_SET_EXTERNAL_CONFIG, 98 MGMT_OP_SET_PUBLIC_ADDRESS, 99 MGMT_OP_START_SERVICE_DISCOVERY, 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 101 MGMT_OP_READ_EXT_INDEX_LIST, 102 MGMT_OP_READ_ADV_FEATURES, 103 MGMT_OP_ADD_ADVERTISING, 104 MGMT_OP_REMOVE_ADVERTISING, 105 MGMT_OP_GET_ADV_SIZE_INFO, 106 MGMT_OP_START_LIMITED_DISCOVERY, 107 }; 108 109 static const u16 mgmt_events[] = { 110 MGMT_EV_CONTROLLER_ERROR, 111 MGMT_EV_INDEX_ADDED, 112 MGMT_EV_INDEX_REMOVED, 113 MGMT_EV_NEW_SETTINGS, 114 MGMT_EV_CLASS_OF_DEV_CHANGED, 115 MGMT_EV_LOCAL_NAME_CHANGED, 116 MGMT_EV_NEW_LINK_KEY, 117 MGMT_EV_NEW_LONG_TERM_KEY, 118 MGMT_EV_DEVICE_CONNECTED, 119 MGMT_EV_DEVICE_DISCONNECTED, 120 MGMT_EV_CONNECT_FAILED, 121 MGMT_EV_PIN_CODE_REQUEST, 122 MGMT_EV_USER_CONFIRM_REQUEST, 123 MGMT_EV_USER_PASSKEY_REQUEST, 124 MGMT_EV_AUTH_FAILED, 125 MGMT_EV_DEVICE_FOUND, 126 MGMT_EV_DISCOVERING, 127 MGMT_EV_DEVICE_BLOCKED, 128 MGMT_EV_DEVICE_UNBLOCKED, 129 MGMT_EV_DEVICE_UNPAIRED, 130 MGMT_EV_PASSKEY_NOTIFY, 131 MGMT_EV_NEW_IRK, 132 MGMT_EV_NEW_CSRK, 133 MGMT_EV_DEVICE_ADDED, 134 MGMT_EV_DEVICE_REMOVED, 135 MGMT_EV_NEW_CONN_PARAM, 136 MGMT_EV_UNCONF_INDEX_ADDED, 137 MGMT_EV_UNCONF_INDEX_REMOVED, 138 MGMT_EV_NEW_CONFIG_OPTIONS, 139 MGMT_EV_EXT_INDEX_ADDED, 140 MGMT_EV_EXT_INDEX_REMOVED, 141 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 142 MGMT_EV_ADVERTISING_ADDED, 143 MGMT_EV_ADVERTISING_REMOVED, 144 }; 145 146 static const u16 mgmt_untrusted_commands[] = { 147 MGMT_OP_READ_INDEX_LIST, 148 MGMT_OP_READ_INFO, 149 MGMT_OP_READ_UNCONF_INDEX_LIST, 150 MGMT_OP_READ_CONFIG_INFO, 151 MGMT_OP_READ_EXT_INDEX_LIST, 152 }; 153 154 static const u16 mgmt_untrusted_events[] = { 155 MGMT_EV_INDEX_ADDED, 156 MGMT_EV_INDEX_REMOVED, 157 MGMT_EV_NEW_SETTINGS, 158 MGMT_EV_CLASS_OF_DEV_CHANGED, 159 MGMT_EV_LOCAL_NAME_CHANGED, 160 MGMT_EV_UNCONF_INDEX_ADDED, 161 MGMT_EV_UNCONF_INDEX_REMOVED, 162 MGMT_EV_NEW_CONFIG_OPTIONS, 163 MGMT_EV_EXT_INDEX_ADDED, 164 MGMT_EV_EXT_INDEX_REMOVED, 165 }; 166 167 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 168 169 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 170 "\x00\x00\x00\x00\x00\x00\x00\x00" 171 172 /* HCI to MGMT error code conversion table */ 173 static u8 mgmt_status_table[] = { 174 MGMT_STATUS_SUCCESS, 175 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 176 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 177 MGMT_STATUS_FAILED, /* Hardware Failure */ 178 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 179 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 180 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 181 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 182 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 183 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 184 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 185 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 186 MGMT_STATUS_BUSY, /* Command Disallowed */ 187 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 188 MGMT_STATUS_REJECTED, /* Rejected Security */ 189 MGMT_STATUS_REJECTED, /* Rejected Personal */ 190 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 191 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 192 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 193 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 194 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 195 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 196 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 197 MGMT_STATUS_BUSY, /* Repeated Attempts */ 198 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 199 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 200 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 201 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 202 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 203 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 204 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 205 MGMT_STATUS_FAILED, /* Unspecified Error */ 206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 207 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 208 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 209 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 210 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 211 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 212 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 213 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 214 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 215 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 216 MGMT_STATUS_FAILED, /* Transaction Collision */ 217 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 218 MGMT_STATUS_REJECTED, /* QoS Rejected */ 219 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 220 MGMT_STATUS_REJECTED, /* Insufficient Security */ 221 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 222 MGMT_STATUS_BUSY, /* Role Switch Pending */ 223 MGMT_STATUS_FAILED, /* Slot Violation */ 224 MGMT_STATUS_FAILED, /* Role Switch Failed */ 225 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 226 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 227 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 228 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 229 MGMT_STATUS_BUSY, /* Controller Busy */ 230 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 231 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 232 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 233 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 234 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 235 }; 236 237 static u8 mgmt_status(u8 hci_status) 238 { 239 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 240 return mgmt_status_table[hci_status]; 241 242 return MGMT_STATUS_FAILED; 243 } 244 245 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 246 u16 len, int flag) 247 { 248 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 249 flag, NULL); 250 } 251 252 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 253 u16 len, int flag, struct sock *skip_sk) 254 { 255 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 256 flag, skip_sk); 257 } 258 259 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data, 260 u16 len, struct sock *skip_sk) 261 { 262 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 263 HCI_MGMT_GENERIC_EVENTS, skip_sk); 264 } 265 266 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 267 struct sock *skip_sk) 268 { 269 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 270 HCI_SOCK_TRUSTED, skip_sk); 271 } 272 273 static u8 le_addr_type(u8 mgmt_addr_type) 274 { 275 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 276 return ADDR_LE_DEV_PUBLIC; 277 else 278 return ADDR_LE_DEV_RANDOM; 279 } 280 281 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 282 u16 data_len) 283 { 284 struct mgmt_rp_read_version rp; 285 286 BT_DBG("sock %p", sk); 287 288 rp.version = MGMT_VERSION; 289 rp.revision = cpu_to_le16(MGMT_REVISION); 290 291 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 292 &rp, sizeof(rp)); 293 } 294 295 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 296 u16 data_len) 297 { 298 struct mgmt_rp_read_commands *rp; 299 u16 num_commands, num_events; 300 size_t rp_size; 301 int i, err; 302 303 BT_DBG("sock %p", sk); 304 305 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 306 num_commands = ARRAY_SIZE(mgmt_commands); 307 num_events = ARRAY_SIZE(mgmt_events); 308 } else { 309 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 310 num_events = ARRAY_SIZE(mgmt_untrusted_events); 311 } 312 313 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 314 315 rp = kmalloc(rp_size, GFP_KERNEL); 316 if (!rp) 317 return -ENOMEM; 318 319 rp->num_commands = cpu_to_le16(num_commands); 320 rp->num_events = cpu_to_le16(num_events); 321 322 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 323 __le16 *opcode = rp->opcodes; 324 325 for (i = 0; i < num_commands; i++, opcode++) 326 put_unaligned_le16(mgmt_commands[i], opcode); 327 328 for (i = 0; i < num_events; i++, opcode++) 329 put_unaligned_le16(mgmt_events[i], opcode); 330 } else { 331 __le16 *opcode = rp->opcodes; 332 333 for (i = 0; i < num_commands; i++, opcode++) 334 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 335 336 for (i = 0; i < num_events; i++, opcode++) 337 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 338 } 339 340 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 341 rp, rp_size); 342 kfree(rp); 343 344 return err; 345 } 346 347 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 348 u16 data_len) 349 { 350 struct mgmt_rp_read_index_list *rp; 351 struct hci_dev *d; 352 size_t rp_len; 353 u16 count; 354 int err; 355 356 BT_DBG("sock %p", sk); 357 358 read_lock(&hci_dev_list_lock); 359 360 count = 0; 361 list_for_each_entry(d, &hci_dev_list, list) { 362 if (d->dev_type == HCI_BREDR && 363 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 364 count++; 365 } 366 367 rp_len = sizeof(*rp) + (2 * count); 368 rp = kmalloc(rp_len, GFP_ATOMIC); 369 if (!rp) { 370 read_unlock(&hci_dev_list_lock); 371 return -ENOMEM; 372 } 373 374 count = 0; 375 list_for_each_entry(d, &hci_dev_list, list) { 376 if (hci_dev_test_flag(d, HCI_SETUP) || 377 hci_dev_test_flag(d, HCI_CONFIG) || 378 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 379 continue; 380 381 /* Devices marked as raw-only are neither configured 382 * nor unconfigured controllers. 383 */ 384 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 385 continue; 386 387 if (d->dev_type == HCI_BREDR && 388 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 389 rp->index[count++] = cpu_to_le16(d->id); 390 BT_DBG("Added hci%u", d->id); 391 } 392 } 393 394 rp->num_controllers = cpu_to_le16(count); 395 rp_len = sizeof(*rp) + (2 * count); 396 397 read_unlock(&hci_dev_list_lock); 398 399 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 400 0, rp, rp_len); 401 402 kfree(rp); 403 404 return err; 405 } 406 407 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 408 void *data, u16 data_len) 409 { 410 struct mgmt_rp_read_unconf_index_list *rp; 411 struct hci_dev *d; 412 size_t rp_len; 413 u16 count; 414 int err; 415 416 BT_DBG("sock %p", sk); 417 418 read_lock(&hci_dev_list_lock); 419 420 count = 0; 421 list_for_each_entry(d, &hci_dev_list, list) { 422 if (d->dev_type == HCI_BREDR && 423 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 424 count++; 425 } 426 427 rp_len = sizeof(*rp) + (2 * count); 428 rp = kmalloc(rp_len, GFP_ATOMIC); 429 if (!rp) { 430 read_unlock(&hci_dev_list_lock); 431 return -ENOMEM; 432 } 433 434 count = 0; 435 list_for_each_entry(d, &hci_dev_list, list) { 436 if (hci_dev_test_flag(d, HCI_SETUP) || 437 hci_dev_test_flag(d, HCI_CONFIG) || 438 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 439 continue; 440 441 /* Devices marked as raw-only are neither configured 442 * nor unconfigured controllers. 443 */ 444 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 445 continue; 446 447 if (d->dev_type == HCI_BREDR && 448 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 449 rp->index[count++] = cpu_to_le16(d->id); 450 BT_DBG("Added hci%u", d->id); 451 } 452 } 453 454 rp->num_controllers = cpu_to_le16(count); 455 rp_len = sizeof(*rp) + (2 * count); 456 457 read_unlock(&hci_dev_list_lock); 458 459 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 460 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 461 462 kfree(rp); 463 464 return err; 465 } 466 467 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 468 void *data, u16 data_len) 469 { 470 struct mgmt_rp_read_ext_index_list *rp; 471 struct hci_dev *d; 472 size_t rp_len; 473 u16 count; 474 int err; 475 476 BT_DBG("sock %p", sk); 477 478 read_lock(&hci_dev_list_lock); 479 480 count = 0; 481 list_for_each_entry(d, &hci_dev_list, list) { 482 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP) 483 count++; 484 } 485 486 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 487 rp = kmalloc(rp_len, GFP_ATOMIC); 488 if (!rp) { 489 read_unlock(&hci_dev_list_lock); 490 return -ENOMEM; 491 } 492 493 count = 0; 494 list_for_each_entry(d, &hci_dev_list, list) { 495 if (hci_dev_test_flag(d, HCI_SETUP) || 496 hci_dev_test_flag(d, HCI_CONFIG) || 497 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 498 continue; 499 500 /* Devices marked as raw-only are neither configured 501 * nor unconfigured controllers. 502 */ 503 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 504 continue; 505 506 if (d->dev_type == HCI_BREDR) { 507 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 508 rp->entry[count].type = 0x01; 509 else 510 rp->entry[count].type = 0x00; 511 } else if (d->dev_type == HCI_AMP) { 512 rp->entry[count].type = 0x02; 513 } else { 514 continue; 515 } 516 517 rp->entry[count].bus = d->bus; 518 rp->entry[count++].index = cpu_to_le16(d->id); 519 BT_DBG("Added hci%u", d->id); 520 } 521 522 rp->num_controllers = cpu_to_le16(count); 523 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count); 524 525 read_unlock(&hci_dev_list_lock); 526 527 /* If this command is called at least once, then all the 528 * default index and unconfigured index events are disabled 529 * and from now on only extended index events are used. 530 */ 531 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 532 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 533 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 534 535 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 536 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len); 537 538 kfree(rp); 539 540 return err; 541 } 542 543 static bool is_configured(struct hci_dev *hdev) 544 { 545 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 546 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 547 return false; 548 549 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 550 !bacmp(&hdev->public_addr, BDADDR_ANY)) 551 return false; 552 553 return true; 554 } 555 556 static __le32 get_missing_options(struct hci_dev *hdev) 557 { 558 u32 options = 0; 559 560 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 561 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 562 options |= MGMT_OPTION_EXTERNAL_CONFIG; 563 564 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) && 565 !bacmp(&hdev->public_addr, BDADDR_ANY)) 566 options |= MGMT_OPTION_PUBLIC_ADDRESS; 567 568 return cpu_to_le32(options); 569 } 570 571 static int new_options(struct hci_dev *hdev, struct sock *skip) 572 { 573 __le32 options = get_missing_options(hdev); 574 575 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 576 sizeof(options), skip); 577 } 578 579 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 580 { 581 __le32 options = get_missing_options(hdev); 582 583 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 584 sizeof(options)); 585 } 586 587 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 588 void *data, u16 data_len) 589 { 590 struct mgmt_rp_read_config_info rp; 591 u32 options = 0; 592 593 BT_DBG("sock %p %s", sk, hdev->name); 594 595 hci_dev_lock(hdev); 596 597 memset(&rp, 0, sizeof(rp)); 598 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 599 600 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 601 options |= MGMT_OPTION_EXTERNAL_CONFIG; 602 603 if (hdev->set_bdaddr) 604 options |= MGMT_OPTION_PUBLIC_ADDRESS; 605 606 rp.supported_options = cpu_to_le32(options); 607 rp.missing_options = get_missing_options(hdev); 608 609 hci_dev_unlock(hdev); 610 611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 612 &rp, sizeof(rp)); 613 } 614 615 static u32 get_supported_settings(struct hci_dev *hdev) 616 { 617 u32 settings = 0; 618 619 settings |= MGMT_SETTING_POWERED; 620 settings |= MGMT_SETTING_BONDABLE; 621 settings |= MGMT_SETTING_DEBUG_KEYS; 622 settings |= MGMT_SETTING_CONNECTABLE; 623 settings |= MGMT_SETTING_DISCOVERABLE; 624 625 if (lmp_bredr_capable(hdev)) { 626 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 627 settings |= MGMT_SETTING_FAST_CONNECTABLE; 628 settings |= MGMT_SETTING_BREDR; 629 settings |= MGMT_SETTING_LINK_SECURITY; 630 631 if (lmp_ssp_capable(hdev)) { 632 settings |= MGMT_SETTING_SSP; 633 settings |= MGMT_SETTING_HS; 634 } 635 636 if (lmp_sc_capable(hdev)) 637 settings |= MGMT_SETTING_SECURE_CONN; 638 } 639 640 if (lmp_le_capable(hdev)) { 641 settings |= MGMT_SETTING_LE; 642 settings |= MGMT_SETTING_ADVERTISING; 643 settings |= MGMT_SETTING_SECURE_CONN; 644 settings |= MGMT_SETTING_PRIVACY; 645 settings |= MGMT_SETTING_STATIC_ADDRESS; 646 } 647 648 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 649 hdev->set_bdaddr) 650 settings |= MGMT_SETTING_CONFIGURATION; 651 652 return settings; 653 } 654 655 static u32 get_current_settings(struct hci_dev *hdev) 656 { 657 u32 settings = 0; 658 659 if (hdev_is_powered(hdev)) 660 settings |= MGMT_SETTING_POWERED; 661 662 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 663 settings |= MGMT_SETTING_CONNECTABLE; 664 665 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 666 settings |= MGMT_SETTING_FAST_CONNECTABLE; 667 668 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 669 settings |= MGMT_SETTING_DISCOVERABLE; 670 671 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 672 settings |= MGMT_SETTING_BONDABLE; 673 674 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 675 settings |= MGMT_SETTING_BREDR; 676 677 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 678 settings |= MGMT_SETTING_LE; 679 680 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 681 settings |= MGMT_SETTING_LINK_SECURITY; 682 683 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 684 settings |= MGMT_SETTING_SSP; 685 686 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 687 settings |= MGMT_SETTING_HS; 688 689 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 690 settings |= MGMT_SETTING_ADVERTISING; 691 692 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 693 settings |= MGMT_SETTING_SECURE_CONN; 694 695 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 696 settings |= MGMT_SETTING_DEBUG_KEYS; 697 698 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 699 settings |= MGMT_SETTING_PRIVACY; 700 701 /* The current setting for static address has two purposes. The 702 * first is to indicate if the static address will be used and 703 * the second is to indicate if it is actually set. 704 * 705 * This means if the static address is not configured, this flag 706 * will never be set. If the address is configured, then if the 707 * address is actually used decides if the flag is set or not. 708 * 709 * For single mode LE only controllers and dual-mode controllers 710 * with BR/EDR disabled, the existence of the static address will 711 * be evaluated. 712 */ 713 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 714 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 715 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 716 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 717 settings |= MGMT_SETTING_STATIC_ADDRESS; 718 } 719 720 return settings; 721 } 722 723 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 724 { 725 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 726 } 727 728 static struct mgmt_pending_cmd *pending_find_data(u16 opcode, 729 struct hci_dev *hdev, 730 const void *data) 731 { 732 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data); 733 } 734 735 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 736 { 737 struct mgmt_pending_cmd *cmd; 738 739 /* If there's a pending mgmt command the flags will not yet have 740 * their final values, so check for this first. 741 */ 742 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 743 if (cmd) { 744 struct mgmt_mode *cp = cmd->param; 745 if (cp->val == 0x01) 746 return LE_AD_GENERAL; 747 else if (cp->val == 0x02) 748 return LE_AD_LIMITED; 749 } else { 750 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 751 return LE_AD_LIMITED; 752 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 753 return LE_AD_GENERAL; 754 } 755 756 return 0; 757 } 758 759 bool mgmt_get_connectable(struct hci_dev *hdev) 760 { 761 struct mgmt_pending_cmd *cmd; 762 763 /* If there's a pending mgmt command the flag will not yet have 764 * it's final value, so check for this first. 765 */ 766 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 767 if (cmd) { 768 struct mgmt_mode *cp = cmd->param; 769 770 return cp->val; 771 } 772 773 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 774 } 775 776 static void service_cache_off(struct work_struct *work) 777 { 778 struct hci_dev *hdev = container_of(work, struct hci_dev, 779 service_cache.work); 780 struct hci_request req; 781 782 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 783 return; 784 785 hci_req_init(&req, hdev); 786 787 hci_dev_lock(hdev); 788 789 __hci_req_update_eir(&req); 790 __hci_req_update_class(&req); 791 792 hci_dev_unlock(hdev); 793 794 hci_req_run(&req, NULL); 795 } 796 797 static void rpa_expired(struct work_struct *work) 798 { 799 struct hci_dev *hdev = container_of(work, struct hci_dev, 800 rpa_expired.work); 801 struct hci_request req; 802 803 BT_DBG(""); 804 805 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 806 807 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 808 return; 809 810 /* The generation of a new RPA and programming it into the 811 * controller happens in the hci_req_enable_advertising() 812 * function. 813 */ 814 hci_req_init(&req, hdev); 815 __hci_req_enable_advertising(&req); 816 hci_req_run(&req, NULL); 817 } 818 819 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 820 { 821 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 822 return; 823 824 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 825 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 826 827 /* Non-mgmt controlled devices get this bit set 828 * implicitly so that pairing works for them, however 829 * for mgmt we require user-space to explicitly enable 830 * it 831 */ 832 hci_dev_clear_flag(hdev, HCI_BONDABLE); 833 } 834 835 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 836 void *data, u16 data_len) 837 { 838 struct mgmt_rp_read_info rp; 839 840 BT_DBG("sock %p %s", sk, hdev->name); 841 842 hci_dev_lock(hdev); 843 844 memset(&rp, 0, sizeof(rp)); 845 846 bacpy(&rp.bdaddr, &hdev->bdaddr); 847 848 rp.version = hdev->hci_ver; 849 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 850 851 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 852 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 853 854 memcpy(rp.dev_class, hdev->dev_class, 3); 855 856 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 857 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 858 859 hci_dev_unlock(hdev); 860 861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 862 sizeof(rp)); 863 } 864 865 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 866 { 867 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 868 869 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 870 sizeof(settings)); 871 } 872 873 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode) 874 { 875 BT_DBG("%s status 0x%02x", hdev->name, status); 876 877 if (hci_conn_count(hdev) == 0) { 878 cancel_delayed_work(&hdev->power_off); 879 queue_work(hdev->req_workqueue, &hdev->power_off.work); 880 } 881 } 882 883 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 884 { 885 struct mgmt_ev_advertising_added ev; 886 887 ev.instance = instance; 888 889 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 890 } 891 892 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 893 u8 instance) 894 { 895 struct mgmt_ev_advertising_removed ev; 896 897 ev.instance = instance; 898 899 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 900 } 901 902 static void cancel_adv_timeout(struct hci_dev *hdev) 903 { 904 if (hdev->adv_instance_timeout) { 905 hdev->adv_instance_timeout = 0; 906 cancel_delayed_work(&hdev->adv_instance_expire); 907 } 908 } 909 910 static int clean_up_hci_state(struct hci_dev *hdev) 911 { 912 struct hci_request req; 913 struct hci_conn *conn; 914 bool discov_stopped; 915 int err; 916 917 hci_req_init(&req, hdev); 918 919 if (test_bit(HCI_ISCAN, &hdev->flags) || 920 test_bit(HCI_PSCAN, &hdev->flags)) { 921 u8 scan = 0x00; 922 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 923 } 924 925 hci_req_clear_adv_instance(hdev, NULL, 0x00, false); 926 927 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 928 __hci_req_disable_advertising(&req); 929 930 discov_stopped = hci_req_stop_discovery(&req); 931 932 list_for_each_entry(conn, &hdev->conn_hash.list, list) { 933 /* 0x15 == Terminated due to Power Off */ 934 __hci_abort_conn(&req, conn, 0x15); 935 } 936 937 err = hci_req_run(&req, clean_up_hci_complete); 938 if (!err && discov_stopped) 939 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 940 941 return err; 942 } 943 944 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 945 u16 len) 946 { 947 struct mgmt_mode *cp = data; 948 struct mgmt_pending_cmd *cmd; 949 int err; 950 951 BT_DBG("request for %s", hdev->name); 952 953 if (cp->val != 0x00 && cp->val != 0x01) 954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 955 MGMT_STATUS_INVALID_PARAMS); 956 957 hci_dev_lock(hdev); 958 959 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 960 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 961 MGMT_STATUS_BUSY); 962 goto failed; 963 } 964 965 if (!!cp->val == hdev_is_powered(hdev)) { 966 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 967 goto failed; 968 } 969 970 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 971 if (!cmd) { 972 err = -ENOMEM; 973 goto failed; 974 } 975 976 if (cp->val) { 977 queue_work(hdev->req_workqueue, &hdev->power_on); 978 err = 0; 979 } else { 980 /* Disconnect connections, stop scans, etc */ 981 err = clean_up_hci_state(hdev); 982 if (!err) 983 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 984 HCI_POWER_OFF_TIMEOUT); 985 986 /* ENODATA means there were no HCI commands queued */ 987 if (err == -ENODATA) { 988 cancel_delayed_work(&hdev->power_off); 989 queue_work(hdev->req_workqueue, &hdev->power_off.work); 990 err = 0; 991 } 992 } 993 994 failed: 995 hci_dev_unlock(hdev); 996 return err; 997 } 998 999 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1000 { 1001 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1002 1003 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1004 sizeof(ev), skip); 1005 } 1006 1007 int mgmt_new_settings(struct hci_dev *hdev) 1008 { 1009 return new_settings(hdev, NULL); 1010 } 1011 1012 struct cmd_lookup { 1013 struct sock *sk; 1014 struct hci_dev *hdev; 1015 u8 mgmt_status; 1016 }; 1017 1018 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1019 { 1020 struct cmd_lookup *match = data; 1021 1022 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1023 1024 list_del(&cmd->list); 1025 1026 if (match->sk == NULL) { 1027 match->sk = cmd->sk; 1028 sock_hold(match->sk); 1029 } 1030 1031 mgmt_pending_free(cmd); 1032 } 1033 1034 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1035 { 1036 u8 *status = data; 1037 1038 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1039 mgmt_pending_remove(cmd); 1040 } 1041 1042 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1043 { 1044 if (cmd->cmd_complete) { 1045 u8 *status = data; 1046 1047 cmd->cmd_complete(cmd, *status); 1048 mgmt_pending_remove(cmd); 1049 1050 return; 1051 } 1052 1053 cmd_status_rsp(cmd, data); 1054 } 1055 1056 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1057 { 1058 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1059 cmd->param, cmd->param_len); 1060 } 1061 1062 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1063 { 1064 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1065 cmd->param, sizeof(struct mgmt_addr_info)); 1066 } 1067 1068 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1069 { 1070 if (!lmp_bredr_capable(hdev)) 1071 return MGMT_STATUS_NOT_SUPPORTED; 1072 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1073 return MGMT_STATUS_REJECTED; 1074 else 1075 return MGMT_STATUS_SUCCESS; 1076 } 1077 1078 static u8 mgmt_le_support(struct hci_dev *hdev) 1079 { 1080 if (!lmp_le_capable(hdev)) 1081 return MGMT_STATUS_NOT_SUPPORTED; 1082 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1083 return MGMT_STATUS_REJECTED; 1084 else 1085 return MGMT_STATUS_SUCCESS; 1086 } 1087 1088 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status) 1089 { 1090 struct mgmt_pending_cmd *cmd; 1091 1092 BT_DBG("status 0x%02x", status); 1093 1094 hci_dev_lock(hdev); 1095 1096 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 1097 if (!cmd) 1098 goto unlock; 1099 1100 if (status) { 1101 u8 mgmt_err = mgmt_status(status); 1102 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1103 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1104 goto remove_cmd; 1105 } 1106 1107 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1108 hdev->discov_timeout > 0) { 1109 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1110 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1111 } 1112 1113 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1114 new_settings(hdev, cmd->sk); 1115 1116 remove_cmd: 1117 mgmt_pending_remove(cmd); 1118 1119 unlock: 1120 hci_dev_unlock(hdev); 1121 } 1122 1123 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1124 u16 len) 1125 { 1126 struct mgmt_cp_set_discoverable *cp = data; 1127 struct mgmt_pending_cmd *cmd; 1128 u16 timeout; 1129 int err; 1130 1131 BT_DBG("request for %s", hdev->name); 1132 1133 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1134 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1136 MGMT_STATUS_REJECTED); 1137 1138 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1140 MGMT_STATUS_INVALID_PARAMS); 1141 1142 timeout = __le16_to_cpu(cp->timeout); 1143 1144 /* Disabling discoverable requires that no timeout is set, 1145 * and enabling limited discoverable requires a timeout. 1146 */ 1147 if ((cp->val == 0x00 && timeout > 0) || 1148 (cp->val == 0x02 && timeout == 0)) 1149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1150 MGMT_STATUS_INVALID_PARAMS); 1151 1152 hci_dev_lock(hdev); 1153 1154 if (!hdev_is_powered(hdev) && timeout > 0) { 1155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1156 MGMT_STATUS_NOT_POWERED); 1157 goto failed; 1158 } 1159 1160 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1161 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1163 MGMT_STATUS_BUSY); 1164 goto failed; 1165 } 1166 1167 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1169 MGMT_STATUS_REJECTED); 1170 goto failed; 1171 } 1172 1173 if (!hdev_is_powered(hdev)) { 1174 bool changed = false; 1175 1176 /* Setting limited discoverable when powered off is 1177 * not a valid operation since it requires a timeout 1178 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1179 */ 1180 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1181 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1182 changed = true; 1183 } 1184 1185 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1186 if (err < 0) 1187 goto failed; 1188 1189 if (changed) 1190 err = new_settings(hdev, sk); 1191 1192 goto failed; 1193 } 1194 1195 /* If the current mode is the same, then just update the timeout 1196 * value with the new value. And if only the timeout gets updated, 1197 * then no need for any HCI transactions. 1198 */ 1199 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1200 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1201 HCI_LIMITED_DISCOVERABLE)) { 1202 cancel_delayed_work(&hdev->discov_off); 1203 hdev->discov_timeout = timeout; 1204 1205 if (cp->val && hdev->discov_timeout > 0) { 1206 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1207 queue_delayed_work(hdev->req_workqueue, 1208 &hdev->discov_off, to); 1209 } 1210 1211 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1212 goto failed; 1213 } 1214 1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1216 if (!cmd) { 1217 err = -ENOMEM; 1218 goto failed; 1219 } 1220 1221 /* Cancel any potential discoverable timeout that might be 1222 * still active and store new timeout value. The arming of 1223 * the timeout happens in the complete handler. 1224 */ 1225 cancel_delayed_work(&hdev->discov_off); 1226 hdev->discov_timeout = timeout; 1227 1228 if (cp->val) 1229 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1230 else 1231 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1232 1233 /* Limited discoverable mode */ 1234 if (cp->val == 0x02) 1235 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1236 else 1237 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1238 1239 queue_work(hdev->req_workqueue, &hdev->discoverable_update); 1240 err = 0; 1241 1242 failed: 1243 hci_dev_unlock(hdev); 1244 return err; 1245 } 1246 1247 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status) 1248 { 1249 struct mgmt_pending_cmd *cmd; 1250 1251 BT_DBG("status 0x%02x", status); 1252 1253 hci_dev_lock(hdev); 1254 1255 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 1256 if (!cmd) 1257 goto unlock; 1258 1259 if (status) { 1260 u8 mgmt_err = mgmt_status(status); 1261 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1262 goto remove_cmd; 1263 } 1264 1265 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1266 new_settings(hdev, cmd->sk); 1267 1268 remove_cmd: 1269 mgmt_pending_remove(cmd); 1270 1271 unlock: 1272 hci_dev_unlock(hdev); 1273 } 1274 1275 static int set_connectable_update_settings(struct hci_dev *hdev, 1276 struct sock *sk, u8 val) 1277 { 1278 bool changed = false; 1279 int err; 1280 1281 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1282 changed = true; 1283 1284 if (val) { 1285 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1286 } else { 1287 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1288 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1289 } 1290 1291 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1292 if (err < 0) 1293 return err; 1294 1295 if (changed) { 1296 hci_req_update_scan(hdev); 1297 hci_update_background_scan(hdev); 1298 return new_settings(hdev, sk); 1299 } 1300 1301 return 0; 1302 } 1303 1304 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1305 u16 len) 1306 { 1307 struct mgmt_mode *cp = data; 1308 struct mgmt_pending_cmd *cmd; 1309 int err; 1310 1311 BT_DBG("request for %s", hdev->name); 1312 1313 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1314 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1316 MGMT_STATUS_REJECTED); 1317 1318 if (cp->val != 0x00 && cp->val != 0x01) 1319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1320 MGMT_STATUS_INVALID_PARAMS); 1321 1322 hci_dev_lock(hdev); 1323 1324 if (!hdev_is_powered(hdev)) { 1325 err = set_connectable_update_settings(hdev, sk, cp->val); 1326 goto failed; 1327 } 1328 1329 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1330 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1331 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1332 MGMT_STATUS_BUSY); 1333 goto failed; 1334 } 1335 1336 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1337 if (!cmd) { 1338 err = -ENOMEM; 1339 goto failed; 1340 } 1341 1342 if (cp->val) { 1343 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1344 } else { 1345 if (hdev->discov_timeout > 0) 1346 cancel_delayed_work(&hdev->discov_off); 1347 1348 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1349 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1350 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1351 } 1352 1353 queue_work(hdev->req_workqueue, &hdev->connectable_update); 1354 err = 0; 1355 1356 failed: 1357 hci_dev_unlock(hdev); 1358 return err; 1359 } 1360 1361 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1362 u16 len) 1363 { 1364 struct mgmt_mode *cp = data; 1365 bool changed; 1366 int err; 1367 1368 BT_DBG("request for %s", hdev->name); 1369 1370 if (cp->val != 0x00 && cp->val != 0x01) 1371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1372 MGMT_STATUS_INVALID_PARAMS); 1373 1374 hci_dev_lock(hdev); 1375 1376 if (cp->val) 1377 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1378 else 1379 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1380 1381 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1382 if (err < 0) 1383 goto unlock; 1384 1385 if (changed) 1386 err = new_settings(hdev, sk); 1387 1388 unlock: 1389 hci_dev_unlock(hdev); 1390 return err; 1391 } 1392 1393 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1394 u16 len) 1395 { 1396 struct mgmt_mode *cp = data; 1397 struct mgmt_pending_cmd *cmd; 1398 u8 val, status; 1399 int err; 1400 1401 BT_DBG("request for %s", hdev->name); 1402 1403 status = mgmt_bredr_support(hdev); 1404 if (status) 1405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1406 status); 1407 1408 if (cp->val != 0x00 && cp->val != 0x01) 1409 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1410 MGMT_STATUS_INVALID_PARAMS); 1411 1412 hci_dev_lock(hdev); 1413 1414 if (!hdev_is_powered(hdev)) { 1415 bool changed = false; 1416 1417 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1418 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1419 changed = true; 1420 } 1421 1422 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1423 if (err < 0) 1424 goto failed; 1425 1426 if (changed) 1427 err = new_settings(hdev, sk); 1428 1429 goto failed; 1430 } 1431 1432 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1433 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1434 MGMT_STATUS_BUSY); 1435 goto failed; 1436 } 1437 1438 val = !!cp->val; 1439 1440 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1441 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1442 goto failed; 1443 } 1444 1445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1446 if (!cmd) { 1447 err = -ENOMEM; 1448 goto failed; 1449 } 1450 1451 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1452 if (err < 0) { 1453 mgmt_pending_remove(cmd); 1454 goto failed; 1455 } 1456 1457 failed: 1458 hci_dev_unlock(hdev); 1459 return err; 1460 } 1461 1462 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1463 { 1464 struct mgmt_mode *cp = data; 1465 struct mgmt_pending_cmd *cmd; 1466 u8 status; 1467 int err; 1468 1469 BT_DBG("request for %s", hdev->name); 1470 1471 status = mgmt_bredr_support(hdev); 1472 if (status) 1473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1474 1475 if (!lmp_ssp_capable(hdev)) 1476 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1477 MGMT_STATUS_NOT_SUPPORTED); 1478 1479 if (cp->val != 0x00 && cp->val != 0x01) 1480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1481 MGMT_STATUS_INVALID_PARAMS); 1482 1483 hci_dev_lock(hdev); 1484 1485 if (!hdev_is_powered(hdev)) { 1486 bool changed; 1487 1488 if (cp->val) { 1489 changed = !hci_dev_test_and_set_flag(hdev, 1490 HCI_SSP_ENABLED); 1491 } else { 1492 changed = hci_dev_test_and_clear_flag(hdev, 1493 HCI_SSP_ENABLED); 1494 if (!changed) 1495 changed = hci_dev_test_and_clear_flag(hdev, 1496 HCI_HS_ENABLED); 1497 else 1498 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1499 } 1500 1501 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1502 if (err < 0) 1503 goto failed; 1504 1505 if (changed) 1506 err = new_settings(hdev, sk); 1507 1508 goto failed; 1509 } 1510 1511 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1512 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1513 MGMT_STATUS_BUSY); 1514 goto failed; 1515 } 1516 1517 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1518 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1519 goto failed; 1520 } 1521 1522 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1523 if (!cmd) { 1524 err = -ENOMEM; 1525 goto failed; 1526 } 1527 1528 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 1529 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 1530 sizeof(cp->val), &cp->val); 1531 1532 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val); 1533 if (err < 0) { 1534 mgmt_pending_remove(cmd); 1535 goto failed; 1536 } 1537 1538 failed: 1539 hci_dev_unlock(hdev); 1540 return err; 1541 } 1542 1543 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1544 { 1545 struct mgmt_mode *cp = data; 1546 bool changed; 1547 u8 status; 1548 int err; 1549 1550 BT_DBG("request for %s", hdev->name); 1551 1552 status = mgmt_bredr_support(hdev); 1553 if (status) 1554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1555 1556 if (!lmp_ssp_capable(hdev)) 1557 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1558 MGMT_STATUS_NOT_SUPPORTED); 1559 1560 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1562 MGMT_STATUS_REJECTED); 1563 1564 if (cp->val != 0x00 && cp->val != 0x01) 1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1566 MGMT_STATUS_INVALID_PARAMS); 1567 1568 hci_dev_lock(hdev); 1569 1570 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1571 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1572 MGMT_STATUS_BUSY); 1573 goto unlock; 1574 } 1575 1576 if (cp->val) { 1577 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1578 } else { 1579 if (hdev_is_powered(hdev)) { 1580 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1581 MGMT_STATUS_REJECTED); 1582 goto unlock; 1583 } 1584 1585 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1586 } 1587 1588 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1589 if (err < 0) 1590 goto unlock; 1591 1592 if (changed) 1593 err = new_settings(hdev, sk); 1594 1595 unlock: 1596 hci_dev_unlock(hdev); 1597 return err; 1598 } 1599 1600 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1601 { 1602 struct cmd_lookup match = { NULL, hdev }; 1603 1604 hci_dev_lock(hdev); 1605 1606 if (status) { 1607 u8 mgmt_err = mgmt_status(status); 1608 1609 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1610 &mgmt_err); 1611 goto unlock; 1612 } 1613 1614 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1615 1616 new_settings(hdev, match.sk); 1617 1618 if (match.sk) 1619 sock_put(match.sk); 1620 1621 /* Make sure the controller has a good default for 1622 * advertising data. Restrict the update to when LE 1623 * has actually been enabled. During power on, the 1624 * update in powered_update_hci will take care of it. 1625 */ 1626 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1627 struct hci_request req; 1628 1629 hci_req_init(&req, hdev); 1630 __hci_req_update_adv_data(&req, 0x00); 1631 __hci_req_update_scan_rsp_data(&req, 0x00); 1632 hci_req_run(&req, NULL); 1633 hci_update_background_scan(hdev); 1634 } 1635 1636 unlock: 1637 hci_dev_unlock(hdev); 1638 } 1639 1640 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1641 { 1642 struct mgmt_mode *cp = data; 1643 struct hci_cp_write_le_host_supported hci_cp; 1644 struct mgmt_pending_cmd *cmd; 1645 struct hci_request req; 1646 int err; 1647 u8 val, enabled; 1648 1649 BT_DBG("request for %s", hdev->name); 1650 1651 if (!lmp_le_capable(hdev)) 1652 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1653 MGMT_STATUS_NOT_SUPPORTED); 1654 1655 if (cp->val != 0x00 && cp->val != 0x01) 1656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1657 MGMT_STATUS_INVALID_PARAMS); 1658 1659 /* Bluetooth single mode LE only controllers or dual-mode 1660 * controllers configured as LE only devices, do not allow 1661 * switching LE off. These have either LE enabled explicitly 1662 * or BR/EDR has been previously switched off. 1663 * 1664 * When trying to enable an already enabled LE, then gracefully 1665 * send a positive response. Trying to disable it however will 1666 * result into rejection. 1667 */ 1668 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 1669 if (cp->val == 0x01) 1670 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1671 1672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1673 MGMT_STATUS_REJECTED); 1674 } 1675 1676 hci_dev_lock(hdev); 1677 1678 val = !!cp->val; 1679 enabled = lmp_host_le_capable(hdev); 1680 1681 if (!val) 1682 hci_req_clear_adv_instance(hdev, NULL, 0x00, true); 1683 1684 if (!hdev_is_powered(hdev) || val == enabled) { 1685 bool changed = false; 1686 1687 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1688 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 1689 changed = true; 1690 } 1691 1692 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 1693 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 1694 changed = true; 1695 } 1696 1697 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1698 if (err < 0) 1699 goto unlock; 1700 1701 if (changed) 1702 err = new_settings(hdev, sk); 1703 1704 goto unlock; 1705 } 1706 1707 if (pending_find(MGMT_OP_SET_LE, hdev) || 1708 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1709 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1710 MGMT_STATUS_BUSY); 1711 goto unlock; 1712 } 1713 1714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1715 if (!cmd) { 1716 err = -ENOMEM; 1717 goto unlock; 1718 } 1719 1720 hci_req_init(&req, hdev); 1721 1722 memset(&hci_cp, 0, sizeof(hci_cp)); 1723 1724 if (val) { 1725 hci_cp.le = val; 1726 hci_cp.simul = 0x00; 1727 } else { 1728 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1729 __hci_req_disable_advertising(&req); 1730 } 1731 1732 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1733 &hci_cp); 1734 1735 err = hci_req_run(&req, le_enable_complete); 1736 if (err < 0) 1737 mgmt_pending_remove(cmd); 1738 1739 unlock: 1740 hci_dev_unlock(hdev); 1741 return err; 1742 } 1743 1744 /* This is a helper function to test for pending mgmt commands that can 1745 * cause CoD or EIR HCI commands. We can only allow one such pending 1746 * mgmt command at a time since otherwise we cannot easily track what 1747 * the current values are, will be, and based on that calculate if a new 1748 * HCI command needs to be sent and if yes with what value. 1749 */ 1750 static bool pending_eir_or_class(struct hci_dev *hdev) 1751 { 1752 struct mgmt_pending_cmd *cmd; 1753 1754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1755 switch (cmd->opcode) { 1756 case MGMT_OP_ADD_UUID: 1757 case MGMT_OP_REMOVE_UUID: 1758 case MGMT_OP_SET_DEV_CLASS: 1759 case MGMT_OP_SET_POWERED: 1760 return true; 1761 } 1762 } 1763 1764 return false; 1765 } 1766 1767 static const u8 bluetooth_base_uuid[] = { 1768 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 1769 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1770 }; 1771 1772 static u8 get_uuid_size(const u8 *uuid) 1773 { 1774 u32 val; 1775 1776 if (memcmp(uuid, bluetooth_base_uuid, 12)) 1777 return 128; 1778 1779 val = get_unaligned_le32(&uuid[12]); 1780 if (val > 0xffff) 1781 return 32; 1782 1783 return 16; 1784 } 1785 1786 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status) 1787 { 1788 struct mgmt_pending_cmd *cmd; 1789 1790 hci_dev_lock(hdev); 1791 1792 cmd = pending_find(mgmt_op, hdev); 1793 if (!cmd) 1794 goto unlock; 1795 1796 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 1797 mgmt_status(status), hdev->dev_class, 3); 1798 1799 mgmt_pending_remove(cmd); 1800 1801 unlock: 1802 hci_dev_unlock(hdev); 1803 } 1804 1805 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1806 { 1807 BT_DBG("status 0x%02x", status); 1808 1809 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status); 1810 } 1811 1812 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1813 { 1814 struct mgmt_cp_add_uuid *cp = data; 1815 struct mgmt_pending_cmd *cmd; 1816 struct hci_request req; 1817 struct bt_uuid *uuid; 1818 int err; 1819 1820 BT_DBG("request for %s", hdev->name); 1821 1822 hci_dev_lock(hdev); 1823 1824 if (pending_eir_or_class(hdev)) { 1825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1826 MGMT_STATUS_BUSY); 1827 goto failed; 1828 } 1829 1830 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 1831 if (!uuid) { 1832 err = -ENOMEM; 1833 goto failed; 1834 } 1835 1836 memcpy(uuid->uuid, cp->uuid, 16); 1837 uuid->svc_hint = cp->svc_hint; 1838 uuid->size = get_uuid_size(cp->uuid); 1839 1840 list_add_tail(&uuid->list, &hdev->uuids); 1841 1842 hci_req_init(&req, hdev); 1843 1844 __hci_req_update_class(&req); 1845 __hci_req_update_eir(&req); 1846 1847 err = hci_req_run(&req, add_uuid_complete); 1848 if (err < 0) { 1849 if (err != -ENODATA) 1850 goto failed; 1851 1852 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1853 hdev->dev_class, 3); 1854 goto failed; 1855 } 1856 1857 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1858 if (!cmd) { 1859 err = -ENOMEM; 1860 goto failed; 1861 } 1862 1863 err = 0; 1864 1865 failed: 1866 hci_dev_unlock(hdev); 1867 return err; 1868 } 1869 1870 static bool enable_service_cache(struct hci_dev *hdev) 1871 { 1872 if (!hdev_is_powered(hdev)) 1873 return false; 1874 1875 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 1876 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 1877 CACHE_TIMEOUT); 1878 return true; 1879 } 1880 1881 return false; 1882 } 1883 1884 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1885 { 1886 BT_DBG("status 0x%02x", status); 1887 1888 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status); 1889 } 1890 1891 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1892 u16 len) 1893 { 1894 struct mgmt_cp_remove_uuid *cp = data; 1895 struct mgmt_pending_cmd *cmd; 1896 struct bt_uuid *match, *tmp; 1897 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1898 struct hci_request req; 1899 int err, found; 1900 1901 BT_DBG("request for %s", hdev->name); 1902 1903 hci_dev_lock(hdev); 1904 1905 if (pending_eir_or_class(hdev)) { 1906 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1907 MGMT_STATUS_BUSY); 1908 goto unlock; 1909 } 1910 1911 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1912 hci_uuids_clear(hdev); 1913 1914 if (enable_service_cache(hdev)) { 1915 err = mgmt_cmd_complete(sk, hdev->id, 1916 MGMT_OP_REMOVE_UUID, 1917 0, hdev->dev_class, 3); 1918 goto unlock; 1919 } 1920 1921 goto update_class; 1922 } 1923 1924 found = 0; 1925 1926 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 1927 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1928 continue; 1929 1930 list_del(&match->list); 1931 kfree(match); 1932 found++; 1933 } 1934 1935 if (found == 0) { 1936 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1937 MGMT_STATUS_INVALID_PARAMS); 1938 goto unlock; 1939 } 1940 1941 update_class: 1942 hci_req_init(&req, hdev); 1943 1944 __hci_req_update_class(&req); 1945 __hci_req_update_eir(&req); 1946 1947 err = hci_req_run(&req, remove_uuid_complete); 1948 if (err < 0) { 1949 if (err != -ENODATA) 1950 goto unlock; 1951 1952 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 1953 hdev->dev_class, 3); 1954 goto unlock; 1955 } 1956 1957 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 1958 if (!cmd) { 1959 err = -ENOMEM; 1960 goto unlock; 1961 } 1962 1963 err = 0; 1964 1965 unlock: 1966 hci_dev_unlock(hdev); 1967 return err; 1968 } 1969 1970 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1971 { 1972 BT_DBG("status 0x%02x", status); 1973 1974 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status); 1975 } 1976 1977 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 1978 u16 len) 1979 { 1980 struct mgmt_cp_set_dev_class *cp = data; 1981 struct mgmt_pending_cmd *cmd; 1982 struct hci_request req; 1983 int err; 1984 1985 BT_DBG("request for %s", hdev->name); 1986 1987 if (!lmp_bredr_capable(hdev)) 1988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1989 MGMT_STATUS_NOT_SUPPORTED); 1990 1991 hci_dev_lock(hdev); 1992 1993 if (pending_eir_or_class(hdev)) { 1994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1995 MGMT_STATUS_BUSY); 1996 goto unlock; 1997 } 1998 1999 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2001 MGMT_STATUS_INVALID_PARAMS); 2002 goto unlock; 2003 } 2004 2005 hdev->major_class = cp->major; 2006 hdev->minor_class = cp->minor; 2007 2008 if (!hdev_is_powered(hdev)) { 2009 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2010 hdev->dev_class, 3); 2011 goto unlock; 2012 } 2013 2014 hci_req_init(&req, hdev); 2015 2016 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2017 hci_dev_unlock(hdev); 2018 cancel_delayed_work_sync(&hdev->service_cache); 2019 hci_dev_lock(hdev); 2020 __hci_req_update_eir(&req); 2021 } 2022 2023 __hci_req_update_class(&req); 2024 2025 err = hci_req_run(&req, set_class_complete); 2026 if (err < 0) { 2027 if (err != -ENODATA) 2028 goto unlock; 2029 2030 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2031 hdev->dev_class, 3); 2032 goto unlock; 2033 } 2034 2035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2036 if (!cmd) { 2037 err = -ENOMEM; 2038 goto unlock; 2039 } 2040 2041 err = 0; 2042 2043 unlock: 2044 hci_dev_unlock(hdev); 2045 return err; 2046 } 2047 2048 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2049 u16 len) 2050 { 2051 struct mgmt_cp_load_link_keys *cp = data; 2052 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2053 sizeof(struct mgmt_link_key_info)); 2054 u16 key_count, expected_len; 2055 bool changed; 2056 int i; 2057 2058 BT_DBG("request for %s", hdev->name); 2059 2060 if (!lmp_bredr_capable(hdev)) 2061 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2062 MGMT_STATUS_NOT_SUPPORTED); 2063 2064 key_count = __le16_to_cpu(cp->key_count); 2065 if (key_count > max_key_count) { 2066 BT_ERR("load_link_keys: too big key_count value %u", 2067 key_count); 2068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2069 MGMT_STATUS_INVALID_PARAMS); 2070 } 2071 2072 expected_len = sizeof(*cp) + key_count * 2073 sizeof(struct mgmt_link_key_info); 2074 if (expected_len != len) { 2075 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 2076 expected_len, len); 2077 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2078 MGMT_STATUS_INVALID_PARAMS); 2079 } 2080 2081 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2082 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2083 MGMT_STATUS_INVALID_PARAMS); 2084 2085 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 2086 key_count); 2087 2088 for (i = 0; i < key_count; i++) { 2089 struct mgmt_link_key_info *key = &cp->keys[i]; 2090 2091 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2092 return mgmt_cmd_status(sk, hdev->id, 2093 MGMT_OP_LOAD_LINK_KEYS, 2094 MGMT_STATUS_INVALID_PARAMS); 2095 } 2096 2097 hci_dev_lock(hdev); 2098 2099 hci_link_keys_clear(hdev); 2100 2101 if (cp->debug_keys) 2102 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2103 else 2104 changed = hci_dev_test_and_clear_flag(hdev, 2105 HCI_KEEP_DEBUG_KEYS); 2106 2107 if (changed) 2108 new_settings(hdev, NULL); 2109 2110 for (i = 0; i < key_count; i++) { 2111 struct mgmt_link_key_info *key = &cp->keys[i]; 2112 2113 /* Always ignore debug keys and require a new pairing if 2114 * the user wants to use them. 2115 */ 2116 if (key->type == HCI_LK_DEBUG_COMBINATION) 2117 continue; 2118 2119 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2120 key->type, key->pin_len, NULL); 2121 } 2122 2123 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2124 2125 hci_dev_unlock(hdev); 2126 2127 return 0; 2128 } 2129 2130 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2131 u8 addr_type, struct sock *skip_sk) 2132 { 2133 struct mgmt_ev_device_unpaired ev; 2134 2135 bacpy(&ev.addr.bdaddr, bdaddr); 2136 ev.addr.type = addr_type; 2137 2138 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2139 skip_sk); 2140 } 2141 2142 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2143 u16 len) 2144 { 2145 struct mgmt_cp_unpair_device *cp = data; 2146 struct mgmt_rp_unpair_device rp; 2147 struct hci_conn_params *params; 2148 struct mgmt_pending_cmd *cmd; 2149 struct hci_conn *conn; 2150 u8 addr_type; 2151 int err; 2152 2153 memset(&rp, 0, sizeof(rp)); 2154 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2155 rp.addr.type = cp->addr.type; 2156 2157 if (!bdaddr_type_is_valid(cp->addr.type)) 2158 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2159 MGMT_STATUS_INVALID_PARAMS, 2160 &rp, sizeof(rp)); 2161 2162 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2163 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2164 MGMT_STATUS_INVALID_PARAMS, 2165 &rp, sizeof(rp)); 2166 2167 hci_dev_lock(hdev); 2168 2169 if (!hdev_is_powered(hdev)) { 2170 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2171 MGMT_STATUS_NOT_POWERED, &rp, 2172 sizeof(rp)); 2173 goto unlock; 2174 } 2175 2176 if (cp->addr.type == BDADDR_BREDR) { 2177 /* If disconnection is requested, then look up the 2178 * connection. If the remote device is connected, it 2179 * will be later used to terminate the link. 2180 * 2181 * Setting it to NULL explicitly will cause no 2182 * termination of the link. 2183 */ 2184 if (cp->disconnect) 2185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2186 &cp->addr.bdaddr); 2187 else 2188 conn = NULL; 2189 2190 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2191 if (err < 0) { 2192 err = mgmt_cmd_complete(sk, hdev->id, 2193 MGMT_OP_UNPAIR_DEVICE, 2194 MGMT_STATUS_NOT_PAIRED, &rp, 2195 sizeof(rp)); 2196 goto unlock; 2197 } 2198 2199 goto done; 2200 } 2201 2202 /* LE address type */ 2203 addr_type = le_addr_type(cp->addr.type); 2204 2205 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); 2206 2207 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); 2208 if (err < 0) { 2209 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2210 MGMT_STATUS_NOT_PAIRED, &rp, 2211 sizeof(rp)); 2212 goto unlock; 2213 } 2214 2215 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2216 if (!conn) { 2217 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2218 goto done; 2219 } 2220 2221 /* Abort any ongoing SMP pairing */ 2222 smp_cancel_pairing(conn); 2223 2224 /* Defer clearing up the connection parameters until closing to 2225 * give a chance of keeping them if a repairing happens. 2226 */ 2227 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2228 2229 /* Disable auto-connection parameters if present */ 2230 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2231 if (params) { 2232 if (params->explicit_connect) 2233 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2234 else 2235 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2236 } 2237 2238 /* If disconnection is not requested, then clear the connection 2239 * variable so that the link is not terminated. 2240 */ 2241 if (!cp->disconnect) 2242 conn = NULL; 2243 2244 done: 2245 /* If the connection variable is set, then termination of the 2246 * link is requested. 2247 */ 2248 if (!conn) { 2249 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2250 &rp, sizeof(rp)); 2251 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2252 goto unlock; 2253 } 2254 2255 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2256 sizeof(*cp)); 2257 if (!cmd) { 2258 err = -ENOMEM; 2259 goto unlock; 2260 } 2261 2262 cmd->cmd_complete = addr_cmd_complete; 2263 2264 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2265 if (err < 0) 2266 mgmt_pending_remove(cmd); 2267 2268 unlock: 2269 hci_dev_unlock(hdev); 2270 return err; 2271 } 2272 2273 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2274 u16 len) 2275 { 2276 struct mgmt_cp_disconnect *cp = data; 2277 struct mgmt_rp_disconnect rp; 2278 struct mgmt_pending_cmd *cmd; 2279 struct hci_conn *conn; 2280 int err; 2281 2282 BT_DBG(""); 2283 2284 memset(&rp, 0, sizeof(rp)); 2285 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2286 rp.addr.type = cp->addr.type; 2287 2288 if (!bdaddr_type_is_valid(cp->addr.type)) 2289 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2290 MGMT_STATUS_INVALID_PARAMS, 2291 &rp, sizeof(rp)); 2292 2293 hci_dev_lock(hdev); 2294 2295 if (!test_bit(HCI_UP, &hdev->flags)) { 2296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2297 MGMT_STATUS_NOT_POWERED, &rp, 2298 sizeof(rp)); 2299 goto failed; 2300 } 2301 2302 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2304 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2305 goto failed; 2306 } 2307 2308 if (cp->addr.type == BDADDR_BREDR) 2309 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2310 &cp->addr.bdaddr); 2311 else 2312 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2313 le_addr_type(cp->addr.type)); 2314 2315 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2316 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2317 MGMT_STATUS_NOT_CONNECTED, &rp, 2318 sizeof(rp)); 2319 goto failed; 2320 } 2321 2322 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2323 if (!cmd) { 2324 err = -ENOMEM; 2325 goto failed; 2326 } 2327 2328 cmd->cmd_complete = generic_cmd_complete; 2329 2330 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2331 if (err < 0) 2332 mgmt_pending_remove(cmd); 2333 2334 failed: 2335 hci_dev_unlock(hdev); 2336 return err; 2337 } 2338 2339 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2340 { 2341 switch (link_type) { 2342 case LE_LINK: 2343 switch (addr_type) { 2344 case ADDR_LE_DEV_PUBLIC: 2345 return BDADDR_LE_PUBLIC; 2346 2347 default: 2348 /* Fallback to LE Random address type */ 2349 return BDADDR_LE_RANDOM; 2350 } 2351 2352 default: 2353 /* Fallback to BR/EDR type */ 2354 return BDADDR_BREDR; 2355 } 2356 } 2357 2358 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2359 u16 data_len) 2360 { 2361 struct mgmt_rp_get_connections *rp; 2362 struct hci_conn *c; 2363 size_t rp_len; 2364 int err; 2365 u16 i; 2366 2367 BT_DBG(""); 2368 2369 hci_dev_lock(hdev); 2370 2371 if (!hdev_is_powered(hdev)) { 2372 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2373 MGMT_STATUS_NOT_POWERED); 2374 goto unlock; 2375 } 2376 2377 i = 0; 2378 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2379 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2380 i++; 2381 } 2382 2383 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2384 rp = kmalloc(rp_len, GFP_KERNEL); 2385 if (!rp) { 2386 err = -ENOMEM; 2387 goto unlock; 2388 } 2389 2390 i = 0; 2391 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2392 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2393 continue; 2394 bacpy(&rp->addr[i].bdaddr, &c->dst); 2395 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2396 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2397 continue; 2398 i++; 2399 } 2400 2401 rp->conn_count = cpu_to_le16(i); 2402 2403 /* Recalculate length in case of filtered SCO connections, etc */ 2404 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 2405 2406 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2407 rp_len); 2408 2409 kfree(rp); 2410 2411 unlock: 2412 hci_dev_unlock(hdev); 2413 return err; 2414 } 2415 2416 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2417 struct mgmt_cp_pin_code_neg_reply *cp) 2418 { 2419 struct mgmt_pending_cmd *cmd; 2420 int err; 2421 2422 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2423 sizeof(*cp)); 2424 if (!cmd) 2425 return -ENOMEM; 2426 2427 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2428 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2429 if (err < 0) 2430 mgmt_pending_remove(cmd); 2431 2432 return err; 2433 } 2434 2435 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2436 u16 len) 2437 { 2438 struct hci_conn *conn; 2439 struct mgmt_cp_pin_code_reply *cp = data; 2440 struct hci_cp_pin_code_reply reply; 2441 struct mgmt_pending_cmd *cmd; 2442 int err; 2443 2444 BT_DBG(""); 2445 2446 hci_dev_lock(hdev); 2447 2448 if (!hdev_is_powered(hdev)) { 2449 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2450 MGMT_STATUS_NOT_POWERED); 2451 goto failed; 2452 } 2453 2454 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2455 if (!conn) { 2456 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2457 MGMT_STATUS_NOT_CONNECTED); 2458 goto failed; 2459 } 2460 2461 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2462 struct mgmt_cp_pin_code_neg_reply ncp; 2463 2464 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2465 2466 BT_ERR("PIN code is not 16 bytes long"); 2467 2468 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2469 if (err >= 0) 2470 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2471 MGMT_STATUS_INVALID_PARAMS); 2472 2473 goto failed; 2474 } 2475 2476 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2477 if (!cmd) { 2478 err = -ENOMEM; 2479 goto failed; 2480 } 2481 2482 cmd->cmd_complete = addr_cmd_complete; 2483 2484 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2485 reply.pin_len = cp->pin_len; 2486 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2487 2488 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2489 if (err < 0) 2490 mgmt_pending_remove(cmd); 2491 2492 failed: 2493 hci_dev_unlock(hdev); 2494 return err; 2495 } 2496 2497 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2498 u16 len) 2499 { 2500 struct mgmt_cp_set_io_capability *cp = data; 2501 2502 BT_DBG(""); 2503 2504 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2505 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2506 MGMT_STATUS_INVALID_PARAMS, NULL, 0); 2507 2508 hci_dev_lock(hdev); 2509 2510 hdev->io_capability = cp->io_capability; 2511 2512 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 2513 hdev->io_capability); 2514 2515 hci_dev_unlock(hdev); 2516 2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2518 NULL, 0); 2519 } 2520 2521 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2522 { 2523 struct hci_dev *hdev = conn->hdev; 2524 struct mgmt_pending_cmd *cmd; 2525 2526 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2527 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2528 continue; 2529 2530 if (cmd->user_data != conn) 2531 continue; 2532 2533 return cmd; 2534 } 2535 2536 return NULL; 2537 } 2538 2539 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2540 { 2541 struct mgmt_rp_pair_device rp; 2542 struct hci_conn *conn = cmd->user_data; 2543 int err; 2544 2545 bacpy(&rp.addr.bdaddr, &conn->dst); 2546 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2547 2548 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2549 status, &rp, sizeof(rp)); 2550 2551 /* So we don't get further callbacks for this connection */ 2552 conn->connect_cfm_cb = NULL; 2553 conn->security_cfm_cb = NULL; 2554 conn->disconn_cfm_cb = NULL; 2555 2556 hci_conn_drop(conn); 2557 2558 /* The device is paired so there is no need to remove 2559 * its connection parameters anymore. 2560 */ 2561 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2562 2563 hci_conn_put(conn); 2564 2565 return err; 2566 } 2567 2568 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2569 { 2570 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2571 struct mgmt_pending_cmd *cmd; 2572 2573 cmd = find_pairing(conn); 2574 if (cmd) { 2575 cmd->cmd_complete(cmd, status); 2576 mgmt_pending_remove(cmd); 2577 } 2578 } 2579 2580 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2581 { 2582 struct mgmt_pending_cmd *cmd; 2583 2584 BT_DBG("status %u", status); 2585 2586 cmd = find_pairing(conn); 2587 if (!cmd) { 2588 BT_DBG("Unable to find a pending command"); 2589 return; 2590 } 2591 2592 cmd->cmd_complete(cmd, mgmt_status(status)); 2593 mgmt_pending_remove(cmd); 2594 } 2595 2596 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2597 { 2598 struct mgmt_pending_cmd *cmd; 2599 2600 BT_DBG("status %u", status); 2601 2602 if (!status) 2603 return; 2604 2605 cmd = find_pairing(conn); 2606 if (!cmd) { 2607 BT_DBG("Unable to find a pending command"); 2608 return; 2609 } 2610 2611 cmd->cmd_complete(cmd, mgmt_status(status)); 2612 mgmt_pending_remove(cmd); 2613 } 2614 2615 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2616 u16 len) 2617 { 2618 struct mgmt_cp_pair_device *cp = data; 2619 struct mgmt_rp_pair_device rp; 2620 struct mgmt_pending_cmd *cmd; 2621 u8 sec_level, auth_type; 2622 struct hci_conn *conn; 2623 int err; 2624 2625 BT_DBG(""); 2626 2627 memset(&rp, 0, sizeof(rp)); 2628 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2629 rp.addr.type = cp->addr.type; 2630 2631 if (!bdaddr_type_is_valid(cp->addr.type)) 2632 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2633 MGMT_STATUS_INVALID_PARAMS, 2634 &rp, sizeof(rp)); 2635 2636 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 2637 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2638 MGMT_STATUS_INVALID_PARAMS, 2639 &rp, sizeof(rp)); 2640 2641 hci_dev_lock(hdev); 2642 2643 if (!hdev_is_powered(hdev)) { 2644 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2645 MGMT_STATUS_NOT_POWERED, &rp, 2646 sizeof(rp)); 2647 goto unlock; 2648 } 2649 2650 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 2651 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2652 MGMT_STATUS_ALREADY_PAIRED, &rp, 2653 sizeof(rp)); 2654 goto unlock; 2655 } 2656 2657 sec_level = BT_SECURITY_MEDIUM; 2658 auth_type = HCI_AT_DEDICATED_BONDING; 2659 2660 if (cp->addr.type == BDADDR_BREDR) { 2661 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2662 auth_type); 2663 } else { 2664 u8 addr_type = le_addr_type(cp->addr.type); 2665 struct hci_conn_params *p; 2666 2667 /* When pairing a new device, it is expected to remember 2668 * this device for future connections. Adding the connection 2669 * parameter information ahead of time allows tracking 2670 * of the slave preferred values and will speed up any 2671 * further connection establishment. 2672 * 2673 * If connection parameters already exist, then they 2674 * will be kept and this function does nothing. 2675 */ 2676 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 2677 2678 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2679 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2680 2681 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2682 addr_type, sec_level, 2683 HCI_LE_CONN_TIMEOUT); 2684 } 2685 2686 if (IS_ERR(conn)) { 2687 int status; 2688 2689 if (PTR_ERR(conn) == -EBUSY) 2690 status = MGMT_STATUS_BUSY; 2691 else if (PTR_ERR(conn) == -EOPNOTSUPP) 2692 status = MGMT_STATUS_NOT_SUPPORTED; 2693 else if (PTR_ERR(conn) == -ECONNREFUSED) 2694 status = MGMT_STATUS_REJECTED; 2695 else 2696 status = MGMT_STATUS_CONNECT_FAILED; 2697 2698 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2699 status, &rp, sizeof(rp)); 2700 goto unlock; 2701 } 2702 2703 if (conn->connect_cfm_cb) { 2704 hci_conn_drop(conn); 2705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2706 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2707 goto unlock; 2708 } 2709 2710 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2711 if (!cmd) { 2712 err = -ENOMEM; 2713 hci_conn_drop(conn); 2714 goto unlock; 2715 } 2716 2717 cmd->cmd_complete = pairing_complete; 2718 2719 /* For LE, just connecting isn't a proof that the pairing finished */ 2720 if (cp->addr.type == BDADDR_BREDR) { 2721 conn->connect_cfm_cb = pairing_complete_cb; 2722 conn->security_cfm_cb = pairing_complete_cb; 2723 conn->disconn_cfm_cb = pairing_complete_cb; 2724 } else { 2725 conn->connect_cfm_cb = le_pairing_complete_cb; 2726 conn->security_cfm_cb = le_pairing_complete_cb; 2727 conn->disconn_cfm_cb = le_pairing_complete_cb; 2728 } 2729 2730 conn->io_capability = cp->io_cap; 2731 cmd->user_data = hci_conn_get(conn); 2732 2733 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 2734 hci_conn_security(conn, sec_level, auth_type, true)) { 2735 cmd->cmd_complete(cmd, 0); 2736 mgmt_pending_remove(cmd); 2737 } 2738 2739 err = 0; 2740 2741 unlock: 2742 hci_dev_unlock(hdev); 2743 return err; 2744 } 2745 2746 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2747 u16 len) 2748 { 2749 struct mgmt_addr_info *addr = data; 2750 struct mgmt_pending_cmd *cmd; 2751 struct hci_conn *conn; 2752 int err; 2753 2754 BT_DBG(""); 2755 2756 hci_dev_lock(hdev); 2757 2758 if (!hdev_is_powered(hdev)) { 2759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2760 MGMT_STATUS_NOT_POWERED); 2761 goto unlock; 2762 } 2763 2764 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 2765 if (!cmd) { 2766 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2767 MGMT_STATUS_INVALID_PARAMS); 2768 goto unlock; 2769 } 2770 2771 conn = cmd->user_data; 2772 2773 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 2774 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 2775 MGMT_STATUS_INVALID_PARAMS); 2776 goto unlock; 2777 } 2778 2779 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 2780 mgmt_pending_remove(cmd); 2781 2782 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 2783 addr, sizeof(*addr)); 2784 unlock: 2785 hci_dev_unlock(hdev); 2786 return err; 2787 } 2788 2789 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 2790 struct mgmt_addr_info *addr, u16 mgmt_op, 2791 u16 hci_op, __le32 passkey) 2792 { 2793 struct mgmt_pending_cmd *cmd; 2794 struct hci_conn *conn; 2795 int err; 2796 2797 hci_dev_lock(hdev); 2798 2799 if (!hdev_is_powered(hdev)) { 2800 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2801 MGMT_STATUS_NOT_POWERED, addr, 2802 sizeof(*addr)); 2803 goto done; 2804 } 2805 2806 if (addr->type == BDADDR_BREDR) 2807 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 2808 else 2809 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 2810 le_addr_type(addr->type)); 2811 2812 if (!conn) { 2813 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2814 MGMT_STATUS_NOT_CONNECTED, addr, 2815 sizeof(*addr)); 2816 goto done; 2817 } 2818 2819 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 2820 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2821 if (!err) 2822 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2823 MGMT_STATUS_SUCCESS, addr, 2824 sizeof(*addr)); 2825 else 2826 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 2827 MGMT_STATUS_FAILED, addr, 2828 sizeof(*addr)); 2829 2830 goto done; 2831 } 2832 2833 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 2834 if (!cmd) { 2835 err = -ENOMEM; 2836 goto done; 2837 } 2838 2839 cmd->cmd_complete = addr_cmd_complete; 2840 2841 /* Continue with pairing via HCI */ 2842 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2843 struct hci_cp_user_passkey_reply cp; 2844 2845 bacpy(&cp.bdaddr, &addr->bdaddr); 2846 cp.passkey = passkey; 2847 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2848 } else 2849 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 2850 &addr->bdaddr); 2851 2852 if (err < 0) 2853 mgmt_pending_remove(cmd); 2854 2855 done: 2856 hci_dev_unlock(hdev); 2857 return err; 2858 } 2859 2860 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2861 void *data, u16 len) 2862 { 2863 struct mgmt_cp_pin_code_neg_reply *cp = data; 2864 2865 BT_DBG(""); 2866 2867 return user_pairing_resp(sk, hdev, &cp->addr, 2868 MGMT_OP_PIN_CODE_NEG_REPLY, 2869 HCI_OP_PIN_CODE_NEG_REPLY, 0); 2870 } 2871 2872 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2873 u16 len) 2874 { 2875 struct mgmt_cp_user_confirm_reply *cp = data; 2876 2877 BT_DBG(""); 2878 2879 if (len != sizeof(*cp)) 2880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2881 MGMT_STATUS_INVALID_PARAMS); 2882 2883 return user_pairing_resp(sk, hdev, &cp->addr, 2884 MGMT_OP_USER_CONFIRM_REPLY, 2885 HCI_OP_USER_CONFIRM_REPLY, 0); 2886 } 2887 2888 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2889 void *data, u16 len) 2890 { 2891 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2892 2893 BT_DBG(""); 2894 2895 return user_pairing_resp(sk, hdev, &cp->addr, 2896 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2897 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2898 } 2899 2900 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2901 u16 len) 2902 { 2903 struct mgmt_cp_user_passkey_reply *cp = data; 2904 2905 BT_DBG(""); 2906 2907 return user_pairing_resp(sk, hdev, &cp->addr, 2908 MGMT_OP_USER_PASSKEY_REPLY, 2909 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 2910 } 2911 2912 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 2913 void *data, u16 len) 2914 { 2915 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2916 2917 BT_DBG(""); 2918 2919 return user_pairing_resp(sk, hdev, &cp->addr, 2920 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2921 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2922 } 2923 2924 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode) 2925 { 2926 struct mgmt_cp_set_local_name *cp; 2927 struct mgmt_pending_cmd *cmd; 2928 2929 BT_DBG("status 0x%02x", status); 2930 2931 hci_dev_lock(hdev); 2932 2933 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 2934 if (!cmd) 2935 goto unlock; 2936 2937 cp = cmd->param; 2938 2939 if (status) 2940 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 2941 mgmt_status(status)); 2942 else 2943 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2944 cp, sizeof(*cp)); 2945 2946 mgmt_pending_remove(cmd); 2947 2948 unlock: 2949 hci_dev_unlock(hdev); 2950 } 2951 2952 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 2953 u16 len) 2954 { 2955 struct mgmt_cp_set_local_name *cp = data; 2956 struct mgmt_pending_cmd *cmd; 2957 struct hci_request req; 2958 int err; 2959 2960 BT_DBG(""); 2961 2962 hci_dev_lock(hdev); 2963 2964 /* If the old values are the same as the new ones just return a 2965 * direct command complete event. 2966 */ 2967 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 2968 !memcmp(hdev->short_name, cp->short_name, 2969 sizeof(hdev->short_name))) { 2970 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2971 data, len); 2972 goto failed; 2973 } 2974 2975 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 2976 2977 if (!hdev_is_powered(hdev)) { 2978 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 2979 2980 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2981 data, len); 2982 if (err < 0) 2983 goto failed; 2984 2985 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, 2986 data, len, sk); 2987 2988 goto failed; 2989 } 2990 2991 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 2992 if (!cmd) { 2993 err = -ENOMEM; 2994 goto failed; 2995 } 2996 2997 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 2998 2999 hci_req_init(&req, hdev); 3000 3001 if (lmp_bredr_capable(hdev)) { 3002 __hci_req_update_name(&req); 3003 __hci_req_update_eir(&req); 3004 } 3005 3006 /* The name is stored in the scan response data and so 3007 * no need to udpate the advertising data here. 3008 */ 3009 if (lmp_le_capable(hdev)) 3010 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance); 3011 3012 err = hci_req_run(&req, set_name_complete); 3013 if (err < 0) 3014 mgmt_pending_remove(cmd); 3015 3016 failed: 3017 hci_dev_unlock(hdev); 3018 return err; 3019 } 3020 3021 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3022 u16 opcode, struct sk_buff *skb) 3023 { 3024 struct mgmt_rp_read_local_oob_data mgmt_rp; 3025 size_t rp_size = sizeof(mgmt_rp); 3026 struct mgmt_pending_cmd *cmd; 3027 3028 BT_DBG("%s status %u", hdev->name, status); 3029 3030 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3031 if (!cmd) 3032 return; 3033 3034 if (status || !skb) { 3035 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3036 status ? mgmt_status(status) : MGMT_STATUS_FAILED); 3037 goto remove; 3038 } 3039 3040 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 3041 3042 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 3043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 3044 3045 if (skb->len < sizeof(*rp)) { 3046 mgmt_cmd_status(cmd->sk, hdev->id, 3047 MGMT_OP_READ_LOCAL_OOB_DATA, 3048 MGMT_STATUS_FAILED); 3049 goto remove; 3050 } 3051 3052 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 3053 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 3054 3055 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 3056 } else { 3057 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 3058 3059 if (skb->len < sizeof(*rp)) { 3060 mgmt_cmd_status(cmd->sk, hdev->id, 3061 MGMT_OP_READ_LOCAL_OOB_DATA, 3062 MGMT_STATUS_FAILED); 3063 goto remove; 3064 } 3065 3066 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 3067 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 3068 3069 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 3070 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 3071 } 3072 3073 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3074 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 3075 3076 remove: 3077 mgmt_pending_remove(cmd); 3078 } 3079 3080 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 3081 void *data, u16 data_len) 3082 { 3083 struct mgmt_pending_cmd *cmd; 3084 struct hci_request req; 3085 int err; 3086 3087 BT_DBG("%s", hdev->name); 3088 3089 hci_dev_lock(hdev); 3090 3091 if (!hdev_is_powered(hdev)) { 3092 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3093 MGMT_STATUS_NOT_POWERED); 3094 goto unlock; 3095 } 3096 3097 if (!lmp_ssp_capable(hdev)) { 3098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3099 MGMT_STATUS_NOT_SUPPORTED); 3100 goto unlock; 3101 } 3102 3103 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 3104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3105 MGMT_STATUS_BUSY); 3106 goto unlock; 3107 } 3108 3109 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 3110 if (!cmd) { 3111 err = -ENOMEM; 3112 goto unlock; 3113 } 3114 3115 hci_req_init(&req, hdev); 3116 3117 if (bredr_sc_enabled(hdev)) 3118 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 3119 else 3120 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 3121 3122 err = hci_req_run_skb(&req, read_local_oob_data_complete); 3123 if (err < 0) 3124 mgmt_pending_remove(cmd); 3125 3126 unlock: 3127 hci_dev_unlock(hdev); 3128 return err; 3129 } 3130 3131 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3132 void *data, u16 len) 3133 { 3134 struct mgmt_addr_info *addr = data; 3135 int err; 3136 3137 BT_DBG("%s ", hdev->name); 3138 3139 if (!bdaddr_type_is_valid(addr->type)) 3140 return mgmt_cmd_complete(sk, hdev->id, 3141 MGMT_OP_ADD_REMOTE_OOB_DATA, 3142 MGMT_STATUS_INVALID_PARAMS, 3143 addr, sizeof(*addr)); 3144 3145 hci_dev_lock(hdev); 3146 3147 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 3148 struct mgmt_cp_add_remote_oob_data *cp = data; 3149 u8 status; 3150 3151 if (cp->addr.type != BDADDR_BREDR) { 3152 err = mgmt_cmd_complete(sk, hdev->id, 3153 MGMT_OP_ADD_REMOTE_OOB_DATA, 3154 MGMT_STATUS_INVALID_PARAMS, 3155 &cp->addr, sizeof(cp->addr)); 3156 goto unlock; 3157 } 3158 3159 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3160 cp->addr.type, cp->hash, 3161 cp->rand, NULL, NULL); 3162 if (err < 0) 3163 status = MGMT_STATUS_FAILED; 3164 else 3165 status = MGMT_STATUS_SUCCESS; 3166 3167 err = mgmt_cmd_complete(sk, hdev->id, 3168 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 3169 &cp->addr, sizeof(cp->addr)); 3170 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 3171 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 3172 u8 *rand192, *hash192, *rand256, *hash256; 3173 u8 status; 3174 3175 if (bdaddr_type_is_le(cp->addr.type)) { 3176 /* Enforce zero-valued 192-bit parameters as 3177 * long as legacy SMP OOB isn't implemented. 3178 */ 3179 if (memcmp(cp->rand192, ZERO_KEY, 16) || 3180 memcmp(cp->hash192, ZERO_KEY, 16)) { 3181 err = mgmt_cmd_complete(sk, hdev->id, 3182 MGMT_OP_ADD_REMOTE_OOB_DATA, 3183 MGMT_STATUS_INVALID_PARAMS, 3184 addr, sizeof(*addr)); 3185 goto unlock; 3186 } 3187 3188 rand192 = NULL; 3189 hash192 = NULL; 3190 } else { 3191 /* In case one of the P-192 values is set to zero, 3192 * then just disable OOB data for P-192. 3193 */ 3194 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 3195 !memcmp(cp->hash192, ZERO_KEY, 16)) { 3196 rand192 = NULL; 3197 hash192 = NULL; 3198 } else { 3199 rand192 = cp->rand192; 3200 hash192 = cp->hash192; 3201 } 3202 } 3203 3204 /* In case one of the P-256 values is set to zero, then just 3205 * disable OOB data for P-256. 3206 */ 3207 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 3208 !memcmp(cp->hash256, ZERO_KEY, 16)) { 3209 rand256 = NULL; 3210 hash256 = NULL; 3211 } else { 3212 rand256 = cp->rand256; 3213 hash256 = cp->hash256; 3214 } 3215 3216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 3217 cp->addr.type, hash192, rand192, 3218 hash256, rand256); 3219 if (err < 0) 3220 status = MGMT_STATUS_FAILED; 3221 else 3222 status = MGMT_STATUS_SUCCESS; 3223 3224 err = mgmt_cmd_complete(sk, hdev->id, 3225 MGMT_OP_ADD_REMOTE_OOB_DATA, 3226 status, &cp->addr, sizeof(cp->addr)); 3227 } else { 3228 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len); 3229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 3230 MGMT_STATUS_INVALID_PARAMS); 3231 } 3232 3233 unlock: 3234 hci_dev_unlock(hdev); 3235 return err; 3236 } 3237 3238 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 3239 void *data, u16 len) 3240 { 3241 struct mgmt_cp_remove_remote_oob_data *cp = data; 3242 u8 status; 3243 int err; 3244 3245 BT_DBG("%s", hdev->name); 3246 3247 if (cp->addr.type != BDADDR_BREDR) 3248 return mgmt_cmd_complete(sk, hdev->id, 3249 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3250 MGMT_STATUS_INVALID_PARAMS, 3251 &cp->addr, sizeof(cp->addr)); 3252 3253 hci_dev_lock(hdev); 3254 3255 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 3256 hci_remote_oob_data_clear(hdev); 3257 status = MGMT_STATUS_SUCCESS; 3258 goto done; 3259 } 3260 3261 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 3262 if (err < 0) 3263 status = MGMT_STATUS_INVALID_PARAMS; 3264 else 3265 status = MGMT_STATUS_SUCCESS; 3266 3267 done: 3268 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 3269 status, &cp->addr, sizeof(cp->addr)); 3270 3271 hci_dev_unlock(hdev); 3272 return err; 3273 } 3274 3275 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 3276 { 3277 struct mgmt_pending_cmd *cmd; 3278 3279 BT_DBG("status %d", status); 3280 3281 hci_dev_lock(hdev); 3282 3283 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 3284 if (!cmd) 3285 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 3286 3287 if (!cmd) 3288 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 3289 3290 if (cmd) { 3291 cmd->cmd_complete(cmd, mgmt_status(status)); 3292 mgmt_pending_remove(cmd); 3293 } 3294 3295 hci_dev_unlock(hdev); 3296 } 3297 3298 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 3299 uint8_t *mgmt_status) 3300 { 3301 switch (type) { 3302 case DISCOV_TYPE_LE: 3303 *mgmt_status = mgmt_le_support(hdev); 3304 if (*mgmt_status) 3305 return false; 3306 break; 3307 case DISCOV_TYPE_INTERLEAVED: 3308 *mgmt_status = mgmt_le_support(hdev); 3309 if (*mgmt_status) 3310 return false; 3311 /* Intentional fall-through */ 3312 case DISCOV_TYPE_BREDR: 3313 *mgmt_status = mgmt_bredr_support(hdev); 3314 if (*mgmt_status) 3315 return false; 3316 break; 3317 default: 3318 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 3319 return false; 3320 } 3321 3322 return true; 3323 } 3324 3325 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 3326 u16 op, void *data, u16 len) 3327 { 3328 struct mgmt_cp_start_discovery *cp = data; 3329 struct mgmt_pending_cmd *cmd; 3330 u8 status; 3331 int err; 3332 3333 BT_DBG("%s", hdev->name); 3334 3335 hci_dev_lock(hdev); 3336 3337 if (!hdev_is_powered(hdev)) { 3338 err = mgmt_cmd_complete(sk, hdev->id, op, 3339 MGMT_STATUS_NOT_POWERED, 3340 &cp->type, sizeof(cp->type)); 3341 goto failed; 3342 } 3343 3344 if (hdev->discovery.state != DISCOVERY_STOPPED || 3345 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3346 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 3347 &cp->type, sizeof(cp->type)); 3348 goto failed; 3349 } 3350 3351 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3352 err = mgmt_cmd_complete(sk, hdev->id, op, status, 3353 &cp->type, sizeof(cp->type)); 3354 goto failed; 3355 } 3356 3357 /* Clear the discovery filter first to free any previously 3358 * allocated memory for the UUID list. 3359 */ 3360 hci_discovery_filter_clear(hdev); 3361 3362 hdev->discovery.type = cp->type; 3363 hdev->discovery.report_invalid_rssi = false; 3364 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 3365 hdev->discovery.limited = true; 3366 else 3367 hdev->discovery.limited = false; 3368 3369 cmd = mgmt_pending_add(sk, op, hdev, data, len); 3370 if (!cmd) { 3371 err = -ENOMEM; 3372 goto failed; 3373 } 3374 3375 cmd->cmd_complete = generic_cmd_complete; 3376 3377 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3378 queue_work(hdev->req_workqueue, &hdev->discov_update); 3379 err = 0; 3380 3381 failed: 3382 hci_dev_unlock(hdev); 3383 return err; 3384 } 3385 3386 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 3387 void *data, u16 len) 3388 { 3389 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 3390 data, len); 3391 } 3392 3393 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 3394 void *data, u16 len) 3395 { 3396 return start_discovery_internal(sk, hdev, 3397 MGMT_OP_START_LIMITED_DISCOVERY, 3398 data, len); 3399 } 3400 3401 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd, 3402 u8 status) 3403 { 3404 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 3405 cmd->param, 1); 3406 } 3407 3408 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 3409 void *data, u16 len) 3410 { 3411 struct mgmt_cp_start_service_discovery *cp = data; 3412 struct mgmt_pending_cmd *cmd; 3413 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 3414 u16 uuid_count, expected_len; 3415 u8 status; 3416 int err; 3417 3418 BT_DBG("%s", hdev->name); 3419 3420 hci_dev_lock(hdev); 3421 3422 if (!hdev_is_powered(hdev)) { 3423 err = mgmt_cmd_complete(sk, hdev->id, 3424 MGMT_OP_START_SERVICE_DISCOVERY, 3425 MGMT_STATUS_NOT_POWERED, 3426 &cp->type, sizeof(cp->type)); 3427 goto failed; 3428 } 3429 3430 if (hdev->discovery.state != DISCOVERY_STOPPED || 3431 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 3432 err = mgmt_cmd_complete(sk, hdev->id, 3433 MGMT_OP_START_SERVICE_DISCOVERY, 3434 MGMT_STATUS_BUSY, &cp->type, 3435 sizeof(cp->type)); 3436 goto failed; 3437 } 3438 3439 uuid_count = __le16_to_cpu(cp->uuid_count); 3440 if (uuid_count > max_uuid_count) { 3441 BT_ERR("service_discovery: too big uuid_count value %u", 3442 uuid_count); 3443 err = mgmt_cmd_complete(sk, hdev->id, 3444 MGMT_OP_START_SERVICE_DISCOVERY, 3445 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3446 sizeof(cp->type)); 3447 goto failed; 3448 } 3449 3450 expected_len = sizeof(*cp) + uuid_count * 16; 3451 if (expected_len != len) { 3452 BT_ERR("service_discovery: expected %u bytes, got %u bytes", 3453 expected_len, len); 3454 err = mgmt_cmd_complete(sk, hdev->id, 3455 MGMT_OP_START_SERVICE_DISCOVERY, 3456 MGMT_STATUS_INVALID_PARAMS, &cp->type, 3457 sizeof(cp->type)); 3458 goto failed; 3459 } 3460 3461 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 3462 err = mgmt_cmd_complete(sk, hdev->id, 3463 MGMT_OP_START_SERVICE_DISCOVERY, 3464 status, &cp->type, sizeof(cp->type)); 3465 goto failed; 3466 } 3467 3468 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 3469 hdev, data, len); 3470 if (!cmd) { 3471 err = -ENOMEM; 3472 goto failed; 3473 } 3474 3475 cmd->cmd_complete = service_discovery_cmd_complete; 3476 3477 /* Clear the discovery filter first to free any previously 3478 * allocated memory for the UUID list. 3479 */ 3480 hci_discovery_filter_clear(hdev); 3481 3482 hdev->discovery.result_filtering = true; 3483 hdev->discovery.type = cp->type; 3484 hdev->discovery.rssi = cp->rssi; 3485 hdev->discovery.uuid_count = uuid_count; 3486 3487 if (uuid_count > 0) { 3488 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 3489 GFP_KERNEL); 3490 if (!hdev->discovery.uuids) { 3491 err = mgmt_cmd_complete(sk, hdev->id, 3492 MGMT_OP_START_SERVICE_DISCOVERY, 3493 MGMT_STATUS_FAILED, 3494 &cp->type, sizeof(cp->type)); 3495 mgmt_pending_remove(cmd); 3496 goto failed; 3497 } 3498 } 3499 3500 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 3501 queue_work(hdev->req_workqueue, &hdev->discov_update); 3502 err = 0; 3503 3504 failed: 3505 hci_dev_unlock(hdev); 3506 return err; 3507 } 3508 3509 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 3510 { 3511 struct mgmt_pending_cmd *cmd; 3512 3513 BT_DBG("status %d", status); 3514 3515 hci_dev_lock(hdev); 3516 3517 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3518 if (cmd) { 3519 cmd->cmd_complete(cmd, mgmt_status(status)); 3520 mgmt_pending_remove(cmd); 3521 } 3522 3523 hci_dev_unlock(hdev); 3524 } 3525 3526 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 3527 u16 len) 3528 { 3529 struct mgmt_cp_stop_discovery *mgmt_cp = data; 3530 struct mgmt_pending_cmd *cmd; 3531 int err; 3532 3533 BT_DBG("%s", hdev->name); 3534 3535 hci_dev_lock(hdev); 3536 3537 if (!hci_discovery_active(hdev)) { 3538 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3539 MGMT_STATUS_REJECTED, &mgmt_cp->type, 3540 sizeof(mgmt_cp->type)); 3541 goto unlock; 3542 } 3543 3544 if (hdev->discovery.type != mgmt_cp->type) { 3545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 3546 MGMT_STATUS_INVALID_PARAMS, 3547 &mgmt_cp->type, sizeof(mgmt_cp->type)); 3548 goto unlock; 3549 } 3550 3551 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 3552 if (!cmd) { 3553 err = -ENOMEM; 3554 goto unlock; 3555 } 3556 3557 cmd->cmd_complete = generic_cmd_complete; 3558 3559 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 3560 queue_work(hdev->req_workqueue, &hdev->discov_update); 3561 err = 0; 3562 3563 unlock: 3564 hci_dev_unlock(hdev); 3565 return err; 3566 } 3567 3568 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 3569 u16 len) 3570 { 3571 struct mgmt_cp_confirm_name *cp = data; 3572 struct inquiry_entry *e; 3573 int err; 3574 3575 BT_DBG("%s", hdev->name); 3576 3577 hci_dev_lock(hdev); 3578 3579 if (!hci_discovery_active(hdev)) { 3580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3581 MGMT_STATUS_FAILED, &cp->addr, 3582 sizeof(cp->addr)); 3583 goto failed; 3584 } 3585 3586 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 3587 if (!e) { 3588 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 3589 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 3590 sizeof(cp->addr)); 3591 goto failed; 3592 } 3593 3594 if (cp->name_known) { 3595 e->name_state = NAME_KNOWN; 3596 list_del(&e->list); 3597 } else { 3598 e->name_state = NAME_NEEDED; 3599 hci_inquiry_cache_update_resolve(hdev, e); 3600 } 3601 3602 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 3603 &cp->addr, sizeof(cp->addr)); 3604 3605 failed: 3606 hci_dev_unlock(hdev); 3607 return err; 3608 } 3609 3610 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 3611 u16 len) 3612 { 3613 struct mgmt_cp_block_device *cp = data; 3614 u8 status; 3615 int err; 3616 3617 BT_DBG("%s", hdev->name); 3618 3619 if (!bdaddr_type_is_valid(cp->addr.type)) 3620 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 3621 MGMT_STATUS_INVALID_PARAMS, 3622 &cp->addr, sizeof(cp->addr)); 3623 3624 hci_dev_lock(hdev); 3625 3626 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr, 3627 cp->addr.type); 3628 if (err < 0) { 3629 status = MGMT_STATUS_FAILED; 3630 goto done; 3631 } 3632 3633 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3634 sk); 3635 status = MGMT_STATUS_SUCCESS; 3636 3637 done: 3638 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 3639 &cp->addr, sizeof(cp->addr)); 3640 3641 hci_dev_unlock(hdev); 3642 3643 return err; 3644 } 3645 3646 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 3647 u16 len) 3648 { 3649 struct mgmt_cp_unblock_device *cp = data; 3650 u8 status; 3651 int err; 3652 3653 BT_DBG("%s", hdev->name); 3654 3655 if (!bdaddr_type_is_valid(cp->addr.type)) 3656 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 3657 MGMT_STATUS_INVALID_PARAMS, 3658 &cp->addr, sizeof(cp->addr)); 3659 3660 hci_dev_lock(hdev); 3661 3662 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr, 3663 cp->addr.type); 3664 if (err < 0) { 3665 status = MGMT_STATUS_INVALID_PARAMS; 3666 goto done; 3667 } 3668 3669 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 3670 sk); 3671 status = MGMT_STATUS_SUCCESS; 3672 3673 done: 3674 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 3675 &cp->addr, sizeof(cp->addr)); 3676 3677 hci_dev_unlock(hdev); 3678 3679 return err; 3680 } 3681 3682 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 3683 u16 len) 3684 { 3685 struct mgmt_cp_set_device_id *cp = data; 3686 struct hci_request req; 3687 int err; 3688 __u16 source; 3689 3690 BT_DBG("%s", hdev->name); 3691 3692 source = __le16_to_cpu(cp->source); 3693 3694 if (source > 0x0002) 3695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 3696 MGMT_STATUS_INVALID_PARAMS); 3697 3698 hci_dev_lock(hdev); 3699 3700 hdev->devid_source = source; 3701 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 3702 hdev->devid_product = __le16_to_cpu(cp->product); 3703 hdev->devid_version = __le16_to_cpu(cp->version); 3704 3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 3706 NULL, 0); 3707 3708 hci_req_init(&req, hdev); 3709 __hci_req_update_eir(&req); 3710 hci_req_run(&req, NULL); 3711 3712 hci_dev_unlock(hdev); 3713 3714 return err; 3715 } 3716 3717 static void enable_advertising_instance(struct hci_dev *hdev, u8 status, 3718 u16 opcode) 3719 { 3720 BT_DBG("status %d", status); 3721 } 3722 3723 static void set_advertising_complete(struct hci_dev *hdev, u8 status, 3724 u16 opcode) 3725 { 3726 struct cmd_lookup match = { NULL, hdev }; 3727 struct hci_request req; 3728 u8 instance; 3729 struct adv_info *adv_instance; 3730 int err; 3731 3732 hci_dev_lock(hdev); 3733 3734 if (status) { 3735 u8 mgmt_err = mgmt_status(status); 3736 3737 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3738 cmd_status_rsp, &mgmt_err); 3739 goto unlock; 3740 } 3741 3742 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3743 hci_dev_set_flag(hdev, HCI_ADVERTISING); 3744 else 3745 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 3746 3747 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3748 &match); 3749 3750 new_settings(hdev, match.sk); 3751 3752 if (match.sk) 3753 sock_put(match.sk); 3754 3755 /* If "Set Advertising" was just disabled and instance advertising was 3756 * set up earlier, then re-enable multi-instance advertising. 3757 */ 3758 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 3759 list_empty(&hdev->adv_instances)) 3760 goto unlock; 3761 3762 instance = hdev->cur_adv_instance; 3763 if (!instance) { 3764 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 3765 struct adv_info, list); 3766 if (!adv_instance) 3767 goto unlock; 3768 3769 instance = adv_instance->instance; 3770 } 3771 3772 hci_req_init(&req, hdev); 3773 3774 err = __hci_req_schedule_adv_instance(&req, instance, true); 3775 3776 if (!err) 3777 err = hci_req_run(&req, enable_advertising_instance); 3778 3779 if (err) 3780 BT_ERR("Failed to re-configure advertising"); 3781 3782 unlock: 3783 hci_dev_unlock(hdev); 3784 } 3785 3786 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 3787 u16 len) 3788 { 3789 struct mgmt_mode *cp = data; 3790 struct mgmt_pending_cmd *cmd; 3791 struct hci_request req; 3792 u8 val, status; 3793 int err; 3794 3795 BT_DBG("request for %s", hdev->name); 3796 3797 status = mgmt_le_support(hdev); 3798 if (status) 3799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3800 status); 3801 3802 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 3803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3804 MGMT_STATUS_INVALID_PARAMS); 3805 3806 hci_dev_lock(hdev); 3807 3808 val = !!cp->val; 3809 3810 /* The following conditions are ones which mean that we should 3811 * not do any HCI communication but directly send a mgmt 3812 * response to user space (after toggling the flag if 3813 * necessary). 3814 */ 3815 if (!hdev_is_powered(hdev) || 3816 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 3817 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 3818 hci_conn_num(hdev, LE_LINK) > 0 || 3819 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3820 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 3821 bool changed; 3822 3823 if (cp->val) { 3824 hdev->cur_adv_instance = 0x00; 3825 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 3826 if (cp->val == 0x02) 3827 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3828 else 3829 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3830 } else { 3831 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 3832 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3833 } 3834 3835 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 3836 if (err < 0) 3837 goto unlock; 3838 3839 if (changed) 3840 err = new_settings(hdev, sk); 3841 3842 goto unlock; 3843 } 3844 3845 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 3846 pending_find(MGMT_OP_SET_LE, hdev)) { 3847 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3848 MGMT_STATUS_BUSY); 3849 goto unlock; 3850 } 3851 3852 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 3853 if (!cmd) { 3854 err = -ENOMEM; 3855 goto unlock; 3856 } 3857 3858 hci_req_init(&req, hdev); 3859 3860 if (cp->val == 0x02) 3861 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3862 else 3863 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 3864 3865 cancel_adv_timeout(hdev); 3866 3867 if (val) { 3868 /* Switch to instance "0" for the Set Advertising setting. 3869 * We cannot use update_[adv|scan_rsp]_data() here as the 3870 * HCI_ADVERTISING flag is not yet set. 3871 */ 3872 hdev->cur_adv_instance = 0x00; 3873 __hci_req_update_adv_data(&req, 0x00); 3874 __hci_req_update_scan_rsp_data(&req, 0x00); 3875 __hci_req_enable_advertising(&req); 3876 } else { 3877 __hci_req_disable_advertising(&req); 3878 } 3879 3880 err = hci_req_run(&req, set_advertising_complete); 3881 if (err < 0) 3882 mgmt_pending_remove(cmd); 3883 3884 unlock: 3885 hci_dev_unlock(hdev); 3886 return err; 3887 } 3888 3889 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 3890 void *data, u16 len) 3891 { 3892 struct mgmt_cp_set_static_address *cp = data; 3893 int err; 3894 3895 BT_DBG("%s", hdev->name); 3896 3897 if (!lmp_le_capable(hdev)) 3898 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3899 MGMT_STATUS_NOT_SUPPORTED); 3900 3901 if (hdev_is_powered(hdev)) 3902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3903 MGMT_STATUS_REJECTED); 3904 3905 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 3906 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 3907 return mgmt_cmd_status(sk, hdev->id, 3908 MGMT_OP_SET_STATIC_ADDRESS, 3909 MGMT_STATUS_INVALID_PARAMS); 3910 3911 /* Two most significant bits shall be set */ 3912 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 3913 return mgmt_cmd_status(sk, hdev->id, 3914 MGMT_OP_SET_STATIC_ADDRESS, 3915 MGMT_STATUS_INVALID_PARAMS); 3916 } 3917 3918 hci_dev_lock(hdev); 3919 3920 bacpy(&hdev->static_addr, &cp->bdaddr); 3921 3922 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 3923 if (err < 0) 3924 goto unlock; 3925 3926 err = new_settings(hdev, sk); 3927 3928 unlock: 3929 hci_dev_unlock(hdev); 3930 return err; 3931 } 3932 3933 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 3934 void *data, u16 len) 3935 { 3936 struct mgmt_cp_set_scan_params *cp = data; 3937 __u16 interval, window; 3938 int err; 3939 3940 BT_DBG("%s", hdev->name); 3941 3942 if (!lmp_le_capable(hdev)) 3943 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3944 MGMT_STATUS_NOT_SUPPORTED); 3945 3946 interval = __le16_to_cpu(cp->interval); 3947 3948 if (interval < 0x0004 || interval > 0x4000) 3949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3950 MGMT_STATUS_INVALID_PARAMS); 3951 3952 window = __le16_to_cpu(cp->window); 3953 3954 if (window < 0x0004 || window > 0x4000) 3955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3956 MGMT_STATUS_INVALID_PARAMS); 3957 3958 if (window > interval) 3959 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 3960 MGMT_STATUS_INVALID_PARAMS); 3961 3962 hci_dev_lock(hdev); 3963 3964 hdev->le_scan_interval = interval; 3965 hdev->le_scan_window = window; 3966 3967 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 3968 NULL, 0); 3969 3970 /* If background scan is running, restart it so new parameters are 3971 * loaded. 3972 */ 3973 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 3974 hdev->discovery.state == DISCOVERY_STOPPED) { 3975 struct hci_request req; 3976 3977 hci_req_init(&req, hdev); 3978 3979 hci_req_add_le_scan_disable(&req); 3980 hci_req_add_le_passive_scan(&req); 3981 3982 hci_req_run(&req, NULL); 3983 } 3984 3985 hci_dev_unlock(hdev); 3986 3987 return err; 3988 } 3989 3990 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, 3991 u16 opcode) 3992 { 3993 struct mgmt_pending_cmd *cmd; 3994 3995 BT_DBG("status 0x%02x", status); 3996 3997 hci_dev_lock(hdev); 3998 3999 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4000 if (!cmd) 4001 goto unlock; 4002 4003 if (status) { 4004 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4005 mgmt_status(status)); 4006 } else { 4007 struct mgmt_mode *cp = cmd->param; 4008 4009 if (cp->val) 4010 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 4011 else 4012 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4013 4014 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 4015 new_settings(hdev, cmd->sk); 4016 } 4017 4018 mgmt_pending_remove(cmd); 4019 4020 unlock: 4021 hci_dev_unlock(hdev); 4022 } 4023 4024 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 4025 void *data, u16 len) 4026 { 4027 struct mgmt_mode *cp = data; 4028 struct mgmt_pending_cmd *cmd; 4029 struct hci_request req; 4030 int err; 4031 4032 BT_DBG("%s", hdev->name); 4033 4034 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 4035 hdev->hci_ver < BLUETOOTH_VER_1_2) 4036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4037 MGMT_STATUS_NOT_SUPPORTED); 4038 4039 if (cp->val != 0x00 && cp->val != 0x01) 4040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4041 MGMT_STATUS_INVALID_PARAMS); 4042 4043 hci_dev_lock(hdev); 4044 4045 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) { 4046 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4047 MGMT_STATUS_BUSY); 4048 goto unlock; 4049 } 4050 4051 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 4052 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4053 hdev); 4054 goto unlock; 4055 } 4056 4057 if (!hdev_is_powered(hdev)) { 4058 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 4059 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, 4060 hdev); 4061 new_settings(hdev, sk); 4062 goto unlock; 4063 } 4064 4065 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, 4066 data, len); 4067 if (!cmd) { 4068 err = -ENOMEM; 4069 goto unlock; 4070 } 4071 4072 hci_req_init(&req, hdev); 4073 4074 __hci_req_write_fast_connectable(&req, cp->val); 4075 4076 err = hci_req_run(&req, fast_connectable_complete); 4077 if (err < 0) { 4078 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 4079 MGMT_STATUS_FAILED); 4080 mgmt_pending_remove(cmd); 4081 } 4082 4083 unlock: 4084 hci_dev_unlock(hdev); 4085 4086 return err; 4087 } 4088 4089 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4090 { 4091 struct mgmt_pending_cmd *cmd; 4092 4093 BT_DBG("status 0x%02x", status); 4094 4095 hci_dev_lock(hdev); 4096 4097 cmd = pending_find(MGMT_OP_SET_BREDR, hdev); 4098 if (!cmd) 4099 goto unlock; 4100 4101 if (status) { 4102 u8 mgmt_err = mgmt_status(status); 4103 4104 /* We need to restore the flag if related HCI commands 4105 * failed. 4106 */ 4107 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 4108 4109 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 4110 } else { 4111 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 4112 new_settings(hdev, cmd->sk); 4113 } 4114 4115 mgmt_pending_remove(cmd); 4116 4117 unlock: 4118 hci_dev_unlock(hdev); 4119 } 4120 4121 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 4122 { 4123 struct mgmt_mode *cp = data; 4124 struct mgmt_pending_cmd *cmd; 4125 struct hci_request req; 4126 int err; 4127 4128 BT_DBG("request for %s", hdev->name); 4129 4130 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 4131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4132 MGMT_STATUS_NOT_SUPPORTED); 4133 4134 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4136 MGMT_STATUS_REJECTED); 4137 4138 if (cp->val != 0x00 && cp->val != 0x01) 4139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4140 MGMT_STATUS_INVALID_PARAMS); 4141 4142 hci_dev_lock(hdev); 4143 4144 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4145 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4146 goto unlock; 4147 } 4148 4149 if (!hdev_is_powered(hdev)) { 4150 if (!cp->val) { 4151 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 4152 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 4153 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 4154 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 4155 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 4156 } 4157 4158 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 4159 4160 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 4161 if (err < 0) 4162 goto unlock; 4163 4164 err = new_settings(hdev, sk); 4165 goto unlock; 4166 } 4167 4168 /* Reject disabling when powered on */ 4169 if (!cp->val) { 4170 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4171 MGMT_STATUS_REJECTED); 4172 goto unlock; 4173 } else { 4174 /* When configuring a dual-mode controller to operate 4175 * with LE only and using a static address, then switching 4176 * BR/EDR back on is not allowed. 4177 * 4178 * Dual-mode controllers shall operate with the public 4179 * address as its identity address for BR/EDR and LE. So 4180 * reject the attempt to create an invalid configuration. 4181 * 4182 * The same restrictions applies when secure connections 4183 * has been enabled. For BR/EDR this is a controller feature 4184 * while for LE it is a host stack feature. This means that 4185 * switching BR/EDR back on when secure connections has been 4186 * enabled is not a supported transaction. 4187 */ 4188 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4189 (bacmp(&hdev->static_addr, BDADDR_ANY) || 4190 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 4191 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4192 MGMT_STATUS_REJECTED); 4193 goto unlock; 4194 } 4195 } 4196 4197 if (pending_find(MGMT_OP_SET_BREDR, hdev)) { 4198 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 4199 MGMT_STATUS_BUSY); 4200 goto unlock; 4201 } 4202 4203 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 4204 if (!cmd) { 4205 err = -ENOMEM; 4206 goto unlock; 4207 } 4208 4209 /* We need to flip the bit already here so that 4210 * hci_req_update_adv_data generates the correct flags. 4211 */ 4212 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 4213 4214 hci_req_init(&req, hdev); 4215 4216 __hci_req_write_fast_connectable(&req, false); 4217 __hci_req_update_scan(&req); 4218 4219 /* Since only the advertising data flags will change, there 4220 * is no need to update the scan response data. 4221 */ 4222 __hci_req_update_adv_data(&req, hdev->cur_adv_instance); 4223 4224 err = hci_req_run(&req, set_bredr_complete); 4225 if (err < 0) 4226 mgmt_pending_remove(cmd); 4227 4228 unlock: 4229 hci_dev_unlock(hdev); 4230 return err; 4231 } 4232 4233 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4234 { 4235 struct mgmt_pending_cmd *cmd; 4236 struct mgmt_mode *cp; 4237 4238 BT_DBG("%s status %u", hdev->name, status); 4239 4240 hci_dev_lock(hdev); 4241 4242 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev); 4243 if (!cmd) 4244 goto unlock; 4245 4246 if (status) { 4247 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 4248 mgmt_status(status)); 4249 goto remove; 4250 } 4251 4252 cp = cmd->param; 4253 4254 switch (cp->val) { 4255 case 0x00: 4256 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 4257 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4258 break; 4259 case 0x01: 4260 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4261 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4262 break; 4263 case 0x02: 4264 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 4265 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4266 break; 4267 } 4268 4269 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev); 4270 new_settings(hdev, cmd->sk); 4271 4272 remove: 4273 mgmt_pending_remove(cmd); 4274 unlock: 4275 hci_dev_unlock(hdev); 4276 } 4277 4278 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 4279 void *data, u16 len) 4280 { 4281 struct mgmt_mode *cp = data; 4282 struct mgmt_pending_cmd *cmd; 4283 struct hci_request req; 4284 u8 val; 4285 int err; 4286 4287 BT_DBG("request for %s", hdev->name); 4288 4289 if (!lmp_sc_capable(hdev) && 4290 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 4291 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4292 MGMT_STATUS_NOT_SUPPORTED); 4293 4294 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 4295 lmp_sc_capable(hdev) && 4296 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 4297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4298 MGMT_STATUS_REJECTED); 4299 4300 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4302 MGMT_STATUS_INVALID_PARAMS); 4303 4304 hci_dev_lock(hdev); 4305 4306 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 4307 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 4308 bool changed; 4309 4310 if (cp->val) { 4311 changed = !hci_dev_test_and_set_flag(hdev, 4312 HCI_SC_ENABLED); 4313 if (cp->val == 0x02) 4314 hci_dev_set_flag(hdev, HCI_SC_ONLY); 4315 else 4316 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4317 } else { 4318 changed = hci_dev_test_and_clear_flag(hdev, 4319 HCI_SC_ENABLED); 4320 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 4321 } 4322 4323 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4324 if (err < 0) 4325 goto failed; 4326 4327 if (changed) 4328 err = new_settings(hdev, sk); 4329 4330 goto failed; 4331 } 4332 4333 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { 4334 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 4335 MGMT_STATUS_BUSY); 4336 goto failed; 4337 } 4338 4339 val = !!cp->val; 4340 4341 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 4342 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 4343 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 4344 goto failed; 4345 } 4346 4347 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 4348 if (!cmd) { 4349 err = -ENOMEM; 4350 goto failed; 4351 } 4352 4353 hci_req_init(&req, hdev); 4354 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val); 4355 err = hci_req_run(&req, sc_enable_complete); 4356 if (err < 0) { 4357 mgmt_pending_remove(cmd); 4358 goto failed; 4359 } 4360 4361 failed: 4362 hci_dev_unlock(hdev); 4363 return err; 4364 } 4365 4366 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 4367 void *data, u16 len) 4368 { 4369 struct mgmt_mode *cp = data; 4370 bool changed, use_changed; 4371 int err; 4372 4373 BT_DBG("request for %s", hdev->name); 4374 4375 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 4376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 4377 MGMT_STATUS_INVALID_PARAMS); 4378 4379 hci_dev_lock(hdev); 4380 4381 if (cp->val) 4382 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 4383 else 4384 changed = hci_dev_test_and_clear_flag(hdev, 4385 HCI_KEEP_DEBUG_KEYS); 4386 4387 if (cp->val == 0x02) 4388 use_changed = !hci_dev_test_and_set_flag(hdev, 4389 HCI_USE_DEBUG_KEYS); 4390 else 4391 use_changed = hci_dev_test_and_clear_flag(hdev, 4392 HCI_USE_DEBUG_KEYS); 4393 4394 if (hdev_is_powered(hdev) && use_changed && 4395 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 4396 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 4397 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 4398 sizeof(mode), &mode); 4399 } 4400 4401 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 4402 if (err < 0) 4403 goto unlock; 4404 4405 if (changed) 4406 err = new_settings(hdev, sk); 4407 4408 unlock: 4409 hci_dev_unlock(hdev); 4410 return err; 4411 } 4412 4413 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4414 u16 len) 4415 { 4416 struct mgmt_cp_set_privacy *cp = cp_data; 4417 bool changed; 4418 int err; 4419 4420 BT_DBG("request for %s", hdev->name); 4421 4422 if (!lmp_le_capable(hdev)) 4423 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4424 MGMT_STATUS_NOT_SUPPORTED); 4425 4426 if (cp->privacy != 0x00 && cp->privacy != 0x01) 4427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4428 MGMT_STATUS_INVALID_PARAMS); 4429 4430 if (hdev_is_powered(hdev)) 4431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 4432 MGMT_STATUS_REJECTED); 4433 4434 hci_dev_lock(hdev); 4435 4436 /* If user space supports this command it is also expected to 4437 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 4438 */ 4439 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4440 4441 if (cp->privacy) { 4442 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4443 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4444 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4445 } else { 4446 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4447 memset(hdev->irk, 0, sizeof(hdev->irk)); 4448 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4449 } 4450 4451 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 4452 if (err < 0) 4453 goto unlock; 4454 4455 if (changed) 4456 err = new_settings(hdev, sk); 4457 4458 unlock: 4459 hci_dev_unlock(hdev); 4460 return err; 4461 } 4462 4463 static bool irk_is_valid(struct mgmt_irk_info *irk) 4464 { 4465 switch (irk->addr.type) { 4466 case BDADDR_LE_PUBLIC: 4467 return true; 4468 4469 case BDADDR_LE_RANDOM: 4470 /* Two most significant bits shall be set */ 4471 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4472 return false; 4473 return true; 4474 } 4475 4476 return false; 4477 } 4478 4479 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 4480 u16 len) 4481 { 4482 struct mgmt_cp_load_irks *cp = cp_data; 4483 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 4484 sizeof(struct mgmt_irk_info)); 4485 u16 irk_count, expected_len; 4486 int i, err; 4487 4488 BT_DBG("request for %s", hdev->name); 4489 4490 if (!lmp_le_capable(hdev)) 4491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4492 MGMT_STATUS_NOT_SUPPORTED); 4493 4494 irk_count = __le16_to_cpu(cp->irk_count); 4495 if (irk_count > max_irk_count) { 4496 BT_ERR("load_irks: too big irk_count value %u", irk_count); 4497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4498 MGMT_STATUS_INVALID_PARAMS); 4499 } 4500 4501 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); 4502 if (expected_len != len) { 4503 BT_ERR("load_irks: expected %u bytes, got %u bytes", 4504 expected_len, len); 4505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 4506 MGMT_STATUS_INVALID_PARAMS); 4507 } 4508 4509 BT_DBG("%s irk_count %u", hdev->name, irk_count); 4510 4511 for (i = 0; i < irk_count; i++) { 4512 struct mgmt_irk_info *key = &cp->irks[i]; 4513 4514 if (!irk_is_valid(key)) 4515 return mgmt_cmd_status(sk, hdev->id, 4516 MGMT_OP_LOAD_IRKS, 4517 MGMT_STATUS_INVALID_PARAMS); 4518 } 4519 4520 hci_dev_lock(hdev); 4521 4522 hci_smp_irks_clear(hdev); 4523 4524 for (i = 0; i < irk_count; i++) { 4525 struct mgmt_irk_info *irk = &cp->irks[i]; 4526 4527 hci_add_irk(hdev, &irk->addr.bdaddr, 4528 le_addr_type(irk->addr.type), irk->val, 4529 BDADDR_ANY); 4530 } 4531 4532 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 4533 4534 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 4535 4536 hci_dev_unlock(hdev); 4537 4538 return err; 4539 } 4540 4541 static bool ltk_is_valid(struct mgmt_ltk_info *key) 4542 { 4543 if (key->master != 0x00 && key->master != 0x01) 4544 return false; 4545 4546 switch (key->addr.type) { 4547 case BDADDR_LE_PUBLIC: 4548 return true; 4549 4550 case BDADDR_LE_RANDOM: 4551 /* Two most significant bits shall be set */ 4552 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 4553 return false; 4554 return true; 4555 } 4556 4557 return false; 4558 } 4559 4560 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 4561 void *cp_data, u16 len) 4562 { 4563 struct mgmt_cp_load_long_term_keys *cp = cp_data; 4564 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 4565 sizeof(struct mgmt_ltk_info)); 4566 u16 key_count, expected_len; 4567 int i, err; 4568 4569 BT_DBG("request for %s", hdev->name); 4570 4571 if (!lmp_le_capable(hdev)) 4572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4573 MGMT_STATUS_NOT_SUPPORTED); 4574 4575 key_count = __le16_to_cpu(cp->key_count); 4576 if (key_count > max_key_count) { 4577 BT_ERR("load_ltks: too big key_count value %u", key_count); 4578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4579 MGMT_STATUS_INVALID_PARAMS); 4580 } 4581 4582 expected_len = sizeof(*cp) + key_count * 4583 sizeof(struct mgmt_ltk_info); 4584 if (expected_len != len) { 4585 BT_ERR("load_keys: expected %u bytes, got %u bytes", 4586 expected_len, len); 4587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 4588 MGMT_STATUS_INVALID_PARAMS); 4589 } 4590 4591 BT_DBG("%s key_count %u", hdev->name, key_count); 4592 4593 for (i = 0; i < key_count; i++) { 4594 struct mgmt_ltk_info *key = &cp->keys[i]; 4595 4596 if (!ltk_is_valid(key)) 4597 return mgmt_cmd_status(sk, hdev->id, 4598 MGMT_OP_LOAD_LONG_TERM_KEYS, 4599 MGMT_STATUS_INVALID_PARAMS); 4600 } 4601 4602 hci_dev_lock(hdev); 4603 4604 hci_smp_ltks_clear(hdev); 4605 4606 for (i = 0; i < key_count; i++) { 4607 struct mgmt_ltk_info *key = &cp->keys[i]; 4608 u8 type, authenticated; 4609 4610 switch (key->type) { 4611 case MGMT_LTK_UNAUTHENTICATED: 4612 authenticated = 0x00; 4613 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4614 break; 4615 case MGMT_LTK_AUTHENTICATED: 4616 authenticated = 0x01; 4617 type = key->master ? SMP_LTK : SMP_LTK_SLAVE; 4618 break; 4619 case MGMT_LTK_P256_UNAUTH: 4620 authenticated = 0x00; 4621 type = SMP_LTK_P256; 4622 break; 4623 case MGMT_LTK_P256_AUTH: 4624 authenticated = 0x01; 4625 type = SMP_LTK_P256; 4626 break; 4627 case MGMT_LTK_P256_DEBUG: 4628 authenticated = 0x00; 4629 type = SMP_LTK_P256_DEBUG; 4630 default: 4631 continue; 4632 } 4633 4634 hci_add_ltk(hdev, &key->addr.bdaddr, 4635 le_addr_type(key->addr.type), type, authenticated, 4636 key->val, key->enc_size, key->ediv, key->rand); 4637 } 4638 4639 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 4640 NULL, 0); 4641 4642 hci_dev_unlock(hdev); 4643 4644 return err; 4645 } 4646 4647 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4648 { 4649 struct hci_conn *conn = cmd->user_data; 4650 struct mgmt_rp_get_conn_info rp; 4651 int err; 4652 4653 memcpy(&rp.addr, cmd->param, sizeof(rp.addr)); 4654 4655 if (status == MGMT_STATUS_SUCCESS) { 4656 rp.rssi = conn->rssi; 4657 rp.tx_power = conn->tx_power; 4658 rp.max_tx_power = conn->max_tx_power; 4659 } else { 4660 rp.rssi = HCI_RSSI_INVALID; 4661 rp.tx_power = HCI_TX_POWER_INVALID; 4662 rp.max_tx_power = HCI_TX_POWER_INVALID; 4663 } 4664 4665 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, 4666 status, &rp, sizeof(rp)); 4667 4668 hci_conn_drop(conn); 4669 hci_conn_put(conn); 4670 4671 return err; 4672 } 4673 4674 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status, 4675 u16 opcode) 4676 { 4677 struct hci_cp_read_rssi *cp; 4678 struct mgmt_pending_cmd *cmd; 4679 struct hci_conn *conn; 4680 u16 handle; 4681 u8 status; 4682 4683 BT_DBG("status 0x%02x", hci_status); 4684 4685 hci_dev_lock(hdev); 4686 4687 /* Commands sent in request are either Read RSSI or Read Transmit Power 4688 * Level so we check which one was last sent to retrieve connection 4689 * handle. Both commands have handle as first parameter so it's safe to 4690 * cast data on the same command struct. 4691 * 4692 * First command sent is always Read RSSI and we fail only if it fails. 4693 * In other case we simply override error to indicate success as we 4694 * already remembered if TX power value is actually valid. 4695 */ 4696 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI); 4697 if (!cp) { 4698 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER); 4699 status = MGMT_STATUS_SUCCESS; 4700 } else { 4701 status = mgmt_status(hci_status); 4702 } 4703 4704 if (!cp) { 4705 BT_ERR("invalid sent_cmd in conn_info response"); 4706 goto unlock; 4707 } 4708 4709 handle = __le16_to_cpu(cp->handle); 4710 conn = hci_conn_hash_lookup_handle(hdev, handle); 4711 if (!conn) { 4712 BT_ERR("unknown handle (%d) in conn_info response", handle); 4713 goto unlock; 4714 } 4715 4716 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn); 4717 if (!cmd) 4718 goto unlock; 4719 4720 cmd->cmd_complete(cmd, status); 4721 mgmt_pending_remove(cmd); 4722 4723 unlock: 4724 hci_dev_unlock(hdev); 4725 } 4726 4727 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 4728 u16 len) 4729 { 4730 struct mgmt_cp_get_conn_info *cp = data; 4731 struct mgmt_rp_get_conn_info rp; 4732 struct hci_conn *conn; 4733 unsigned long conn_info_age; 4734 int err = 0; 4735 4736 BT_DBG("%s", hdev->name); 4737 4738 memset(&rp, 0, sizeof(rp)); 4739 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4740 rp.addr.type = cp->addr.type; 4741 4742 if (!bdaddr_type_is_valid(cp->addr.type)) 4743 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4744 MGMT_STATUS_INVALID_PARAMS, 4745 &rp, sizeof(rp)); 4746 4747 hci_dev_lock(hdev); 4748 4749 if (!hdev_is_powered(hdev)) { 4750 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4751 MGMT_STATUS_NOT_POWERED, &rp, 4752 sizeof(rp)); 4753 goto unlock; 4754 } 4755 4756 if (cp->addr.type == BDADDR_BREDR) 4757 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4758 &cp->addr.bdaddr); 4759 else 4760 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 4761 4762 if (!conn || conn->state != BT_CONNECTED) { 4763 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4764 MGMT_STATUS_NOT_CONNECTED, &rp, 4765 sizeof(rp)); 4766 goto unlock; 4767 } 4768 4769 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) { 4770 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4771 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 4772 goto unlock; 4773 } 4774 4775 /* To avoid client trying to guess when to poll again for information we 4776 * calculate conn info age as random value between min/max set in hdev. 4777 */ 4778 conn_info_age = hdev->conn_info_min_age + 4779 prandom_u32_max(hdev->conn_info_max_age - 4780 hdev->conn_info_min_age); 4781 4782 /* Query controller to refresh cached values if they are too old or were 4783 * never read. 4784 */ 4785 if (time_after(jiffies, conn->conn_info_timestamp + 4786 msecs_to_jiffies(conn_info_age)) || 4787 !conn->conn_info_timestamp) { 4788 struct hci_request req; 4789 struct hci_cp_read_tx_power req_txp_cp; 4790 struct hci_cp_read_rssi req_rssi_cp; 4791 struct mgmt_pending_cmd *cmd; 4792 4793 hci_req_init(&req, hdev); 4794 req_rssi_cp.handle = cpu_to_le16(conn->handle); 4795 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp), 4796 &req_rssi_cp); 4797 4798 /* For LE links TX power does not change thus we don't need to 4799 * query for it once value is known. 4800 */ 4801 if (!bdaddr_type_is_le(cp->addr.type) || 4802 conn->tx_power == HCI_TX_POWER_INVALID) { 4803 req_txp_cp.handle = cpu_to_le16(conn->handle); 4804 req_txp_cp.type = 0x00; 4805 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4806 sizeof(req_txp_cp), &req_txp_cp); 4807 } 4808 4809 /* Max TX power needs to be read only once per connection */ 4810 if (conn->max_tx_power == HCI_TX_POWER_INVALID) { 4811 req_txp_cp.handle = cpu_to_le16(conn->handle); 4812 req_txp_cp.type = 0x01; 4813 hci_req_add(&req, HCI_OP_READ_TX_POWER, 4814 sizeof(req_txp_cp), &req_txp_cp); 4815 } 4816 4817 err = hci_req_run(&req, conn_info_refresh_complete); 4818 if (err < 0) 4819 goto unlock; 4820 4821 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev, 4822 data, len); 4823 if (!cmd) { 4824 err = -ENOMEM; 4825 goto unlock; 4826 } 4827 4828 hci_conn_hold(conn); 4829 cmd->user_data = hci_conn_get(conn); 4830 cmd->cmd_complete = conn_info_cmd_complete; 4831 4832 conn->conn_info_timestamp = jiffies; 4833 } else { 4834 /* Cache is valid, just reply with values cached in hci_conn */ 4835 rp.rssi = conn->rssi; 4836 rp.tx_power = conn->tx_power; 4837 rp.max_tx_power = conn->max_tx_power; 4838 4839 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 4840 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4841 } 4842 4843 unlock: 4844 hci_dev_unlock(hdev); 4845 return err; 4846 } 4847 4848 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 4849 { 4850 struct hci_conn *conn = cmd->user_data; 4851 struct mgmt_rp_get_clock_info rp; 4852 struct hci_dev *hdev; 4853 int err; 4854 4855 memset(&rp, 0, sizeof(rp)); 4856 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr)); 4857 4858 if (status) 4859 goto complete; 4860 4861 hdev = hci_dev_get(cmd->index); 4862 if (hdev) { 4863 rp.local_clock = cpu_to_le32(hdev->clock); 4864 hci_dev_put(hdev); 4865 } 4866 4867 if (conn) { 4868 rp.piconet_clock = cpu_to_le32(conn->clock); 4869 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 4870 } 4871 4872 complete: 4873 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 4874 sizeof(rp)); 4875 4876 if (conn) { 4877 hci_conn_drop(conn); 4878 hci_conn_put(conn); 4879 } 4880 4881 return err; 4882 } 4883 4884 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode) 4885 { 4886 struct hci_cp_read_clock *hci_cp; 4887 struct mgmt_pending_cmd *cmd; 4888 struct hci_conn *conn; 4889 4890 BT_DBG("%s status %u", hdev->name, status); 4891 4892 hci_dev_lock(hdev); 4893 4894 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK); 4895 if (!hci_cp) 4896 goto unlock; 4897 4898 if (hci_cp->which) { 4899 u16 handle = __le16_to_cpu(hci_cp->handle); 4900 conn = hci_conn_hash_lookup_handle(hdev, handle); 4901 } else { 4902 conn = NULL; 4903 } 4904 4905 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn); 4906 if (!cmd) 4907 goto unlock; 4908 4909 cmd->cmd_complete(cmd, mgmt_status(status)); 4910 mgmt_pending_remove(cmd); 4911 4912 unlock: 4913 hci_dev_unlock(hdev); 4914 } 4915 4916 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 4917 u16 len) 4918 { 4919 struct mgmt_cp_get_clock_info *cp = data; 4920 struct mgmt_rp_get_clock_info rp; 4921 struct hci_cp_read_clock hci_cp; 4922 struct mgmt_pending_cmd *cmd; 4923 struct hci_request req; 4924 struct hci_conn *conn; 4925 int err; 4926 4927 BT_DBG("%s", hdev->name); 4928 4929 memset(&rp, 0, sizeof(rp)); 4930 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4931 rp.addr.type = cp->addr.type; 4932 4933 if (cp->addr.type != BDADDR_BREDR) 4934 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4935 MGMT_STATUS_INVALID_PARAMS, 4936 &rp, sizeof(rp)); 4937 4938 hci_dev_lock(hdev); 4939 4940 if (!hdev_is_powered(hdev)) { 4941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 4942 MGMT_STATUS_NOT_POWERED, &rp, 4943 sizeof(rp)); 4944 goto unlock; 4945 } 4946 4947 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 4948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 4949 &cp->addr.bdaddr); 4950 if (!conn || conn->state != BT_CONNECTED) { 4951 err = mgmt_cmd_complete(sk, hdev->id, 4952 MGMT_OP_GET_CLOCK_INFO, 4953 MGMT_STATUS_NOT_CONNECTED, 4954 &rp, sizeof(rp)); 4955 goto unlock; 4956 } 4957 } else { 4958 conn = NULL; 4959 } 4960 4961 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 4962 if (!cmd) { 4963 err = -ENOMEM; 4964 goto unlock; 4965 } 4966 4967 cmd->cmd_complete = clock_info_cmd_complete; 4968 4969 hci_req_init(&req, hdev); 4970 4971 memset(&hci_cp, 0, sizeof(hci_cp)); 4972 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4973 4974 if (conn) { 4975 hci_conn_hold(conn); 4976 cmd->user_data = hci_conn_get(conn); 4977 4978 hci_cp.handle = cpu_to_le16(conn->handle); 4979 hci_cp.which = 0x01; /* Piconet clock */ 4980 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp); 4981 } 4982 4983 err = hci_req_run(&req, get_clock_info_complete); 4984 if (err < 0) 4985 mgmt_pending_remove(cmd); 4986 4987 unlock: 4988 hci_dev_unlock(hdev); 4989 return err; 4990 } 4991 4992 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 4993 { 4994 struct hci_conn *conn; 4995 4996 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 4997 if (!conn) 4998 return false; 4999 5000 if (conn->dst_type != type) 5001 return false; 5002 5003 if (conn->state != BT_CONNECTED) 5004 return false; 5005 5006 return true; 5007 } 5008 5009 /* This function requires the caller holds hdev->lock */ 5010 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 5011 u8 addr_type, u8 auto_connect) 5012 { 5013 struct hci_conn_params *params; 5014 5015 params = hci_conn_params_add(hdev, addr, addr_type); 5016 if (!params) 5017 return -EIO; 5018 5019 if (params->auto_connect == auto_connect) 5020 return 0; 5021 5022 list_del_init(¶ms->action); 5023 5024 switch (auto_connect) { 5025 case HCI_AUTO_CONN_DISABLED: 5026 case HCI_AUTO_CONN_LINK_LOSS: 5027 /* If auto connect is being disabled when we're trying to 5028 * connect to device, keep connecting. 5029 */ 5030 if (params->explicit_connect) 5031 list_add(¶ms->action, &hdev->pend_le_conns); 5032 break; 5033 case HCI_AUTO_CONN_REPORT: 5034 if (params->explicit_connect) 5035 list_add(¶ms->action, &hdev->pend_le_conns); 5036 else 5037 list_add(¶ms->action, &hdev->pend_le_reports); 5038 break; 5039 case HCI_AUTO_CONN_DIRECT: 5040 case HCI_AUTO_CONN_ALWAYS: 5041 if (!is_connected(hdev, addr, addr_type)) 5042 list_add(¶ms->action, &hdev->pend_le_conns); 5043 break; 5044 } 5045 5046 params->auto_connect = auto_connect; 5047 5048 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type, 5049 auto_connect); 5050 5051 return 0; 5052 } 5053 5054 static void device_added(struct sock *sk, struct hci_dev *hdev, 5055 bdaddr_t *bdaddr, u8 type, u8 action) 5056 { 5057 struct mgmt_ev_device_added ev; 5058 5059 bacpy(&ev.addr.bdaddr, bdaddr); 5060 ev.addr.type = type; 5061 ev.action = action; 5062 5063 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 5064 } 5065 5066 static int add_device(struct sock *sk, struct hci_dev *hdev, 5067 void *data, u16 len) 5068 { 5069 struct mgmt_cp_add_device *cp = data; 5070 u8 auto_conn, addr_type; 5071 int err; 5072 5073 BT_DBG("%s", hdev->name); 5074 5075 if (!bdaddr_type_is_valid(cp->addr.type) || 5076 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 5077 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5078 MGMT_STATUS_INVALID_PARAMS, 5079 &cp->addr, sizeof(cp->addr)); 5080 5081 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 5082 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5083 MGMT_STATUS_INVALID_PARAMS, 5084 &cp->addr, sizeof(cp->addr)); 5085 5086 hci_dev_lock(hdev); 5087 5088 if (cp->addr.type == BDADDR_BREDR) { 5089 /* Only incoming connections action is supported for now */ 5090 if (cp->action != 0x01) { 5091 err = mgmt_cmd_complete(sk, hdev->id, 5092 MGMT_OP_ADD_DEVICE, 5093 MGMT_STATUS_INVALID_PARAMS, 5094 &cp->addr, sizeof(cp->addr)); 5095 goto unlock; 5096 } 5097 5098 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 5099 cp->addr.type); 5100 if (err) 5101 goto unlock; 5102 5103 hci_req_update_scan(hdev); 5104 5105 goto added; 5106 } 5107 5108 addr_type = le_addr_type(cp->addr.type); 5109 5110 if (cp->action == 0x02) 5111 auto_conn = HCI_AUTO_CONN_ALWAYS; 5112 else if (cp->action == 0x01) 5113 auto_conn = HCI_AUTO_CONN_DIRECT; 5114 else 5115 auto_conn = HCI_AUTO_CONN_REPORT; 5116 5117 /* Kernel internally uses conn_params with resolvable private 5118 * address, but Add Device allows only identity addresses. 5119 * Make sure it is enforced before calling 5120 * hci_conn_params_lookup. 5121 */ 5122 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5124 MGMT_STATUS_INVALID_PARAMS, 5125 &cp->addr, sizeof(cp->addr)); 5126 goto unlock; 5127 } 5128 5129 /* If the connection parameters don't exist for this device, 5130 * they will be created and configured with defaults. 5131 */ 5132 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 5133 auto_conn) < 0) { 5134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5135 MGMT_STATUS_FAILED, &cp->addr, 5136 sizeof(cp->addr)); 5137 goto unlock; 5138 } 5139 5140 hci_update_background_scan(hdev); 5141 5142 added: 5143 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 5144 5145 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5146 MGMT_STATUS_SUCCESS, &cp->addr, 5147 sizeof(cp->addr)); 5148 5149 unlock: 5150 hci_dev_unlock(hdev); 5151 return err; 5152 } 5153 5154 static void device_removed(struct sock *sk, struct hci_dev *hdev, 5155 bdaddr_t *bdaddr, u8 type) 5156 { 5157 struct mgmt_ev_device_removed ev; 5158 5159 bacpy(&ev.addr.bdaddr, bdaddr); 5160 ev.addr.type = type; 5161 5162 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 5163 } 5164 5165 static int remove_device(struct sock *sk, struct hci_dev *hdev, 5166 void *data, u16 len) 5167 { 5168 struct mgmt_cp_remove_device *cp = data; 5169 int err; 5170 5171 BT_DBG("%s", hdev->name); 5172 5173 hci_dev_lock(hdev); 5174 5175 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5176 struct hci_conn_params *params; 5177 u8 addr_type; 5178 5179 if (!bdaddr_type_is_valid(cp->addr.type)) { 5180 err = mgmt_cmd_complete(sk, hdev->id, 5181 MGMT_OP_REMOVE_DEVICE, 5182 MGMT_STATUS_INVALID_PARAMS, 5183 &cp->addr, sizeof(cp->addr)); 5184 goto unlock; 5185 } 5186 5187 if (cp->addr.type == BDADDR_BREDR) { 5188 err = hci_bdaddr_list_del(&hdev->whitelist, 5189 &cp->addr.bdaddr, 5190 cp->addr.type); 5191 if (err) { 5192 err = mgmt_cmd_complete(sk, hdev->id, 5193 MGMT_OP_REMOVE_DEVICE, 5194 MGMT_STATUS_INVALID_PARAMS, 5195 &cp->addr, 5196 sizeof(cp->addr)); 5197 goto unlock; 5198 } 5199 5200 hci_req_update_scan(hdev); 5201 5202 device_removed(sk, hdev, &cp->addr.bdaddr, 5203 cp->addr.type); 5204 goto complete; 5205 } 5206 5207 addr_type = le_addr_type(cp->addr.type); 5208 5209 /* Kernel internally uses conn_params with resolvable private 5210 * address, but Remove Device allows only identity addresses. 5211 * Make sure it is enforced before calling 5212 * hci_conn_params_lookup. 5213 */ 5214 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 5215 err = mgmt_cmd_complete(sk, hdev->id, 5216 MGMT_OP_REMOVE_DEVICE, 5217 MGMT_STATUS_INVALID_PARAMS, 5218 &cp->addr, sizeof(cp->addr)); 5219 goto unlock; 5220 } 5221 5222 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5223 addr_type); 5224 if (!params) { 5225 err = mgmt_cmd_complete(sk, hdev->id, 5226 MGMT_OP_REMOVE_DEVICE, 5227 MGMT_STATUS_INVALID_PARAMS, 5228 &cp->addr, sizeof(cp->addr)); 5229 goto unlock; 5230 } 5231 5232 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 5233 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 5234 err = mgmt_cmd_complete(sk, hdev->id, 5235 MGMT_OP_REMOVE_DEVICE, 5236 MGMT_STATUS_INVALID_PARAMS, 5237 &cp->addr, sizeof(cp->addr)); 5238 goto unlock; 5239 } 5240 5241 list_del(¶ms->action); 5242 list_del(¶ms->list); 5243 kfree(params); 5244 hci_update_background_scan(hdev); 5245 5246 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 5247 } else { 5248 struct hci_conn_params *p, *tmp; 5249 struct bdaddr_list *b, *btmp; 5250 5251 if (cp->addr.type) { 5252 err = mgmt_cmd_complete(sk, hdev->id, 5253 MGMT_OP_REMOVE_DEVICE, 5254 MGMT_STATUS_INVALID_PARAMS, 5255 &cp->addr, sizeof(cp->addr)); 5256 goto unlock; 5257 } 5258 5259 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) { 5260 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 5261 list_del(&b->list); 5262 kfree(b); 5263 } 5264 5265 hci_req_update_scan(hdev); 5266 5267 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 5268 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 5269 continue; 5270 device_removed(sk, hdev, &p->addr, p->addr_type); 5271 if (p->explicit_connect) { 5272 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 5273 continue; 5274 } 5275 list_del(&p->action); 5276 list_del(&p->list); 5277 kfree(p); 5278 } 5279 5280 BT_DBG("All LE connection parameters were removed"); 5281 5282 hci_update_background_scan(hdev); 5283 } 5284 5285 complete: 5286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 5287 MGMT_STATUS_SUCCESS, &cp->addr, 5288 sizeof(cp->addr)); 5289 unlock: 5290 hci_dev_unlock(hdev); 5291 return err; 5292 } 5293 5294 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 5295 u16 len) 5296 { 5297 struct mgmt_cp_load_conn_param *cp = data; 5298 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 5299 sizeof(struct mgmt_conn_param)); 5300 u16 param_count, expected_len; 5301 int i; 5302 5303 if (!lmp_le_capable(hdev)) 5304 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5305 MGMT_STATUS_NOT_SUPPORTED); 5306 5307 param_count = __le16_to_cpu(cp->param_count); 5308 if (param_count > max_param_count) { 5309 BT_ERR("load_conn_param: too big param_count value %u", 5310 param_count); 5311 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5312 MGMT_STATUS_INVALID_PARAMS); 5313 } 5314 5315 expected_len = sizeof(*cp) + param_count * 5316 sizeof(struct mgmt_conn_param); 5317 if (expected_len != len) { 5318 BT_ERR("load_conn_param: expected %u bytes, got %u bytes", 5319 expected_len, len); 5320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 5321 MGMT_STATUS_INVALID_PARAMS); 5322 } 5323 5324 BT_DBG("%s param_count %u", hdev->name, param_count); 5325 5326 hci_dev_lock(hdev); 5327 5328 hci_conn_params_clear_disabled(hdev); 5329 5330 for (i = 0; i < param_count; i++) { 5331 struct mgmt_conn_param *param = &cp->params[i]; 5332 struct hci_conn_params *hci_param; 5333 u16 min, max, latency, timeout; 5334 u8 addr_type; 5335 5336 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr, 5337 param->addr.type); 5338 5339 if (param->addr.type == BDADDR_LE_PUBLIC) { 5340 addr_type = ADDR_LE_DEV_PUBLIC; 5341 } else if (param->addr.type == BDADDR_LE_RANDOM) { 5342 addr_type = ADDR_LE_DEV_RANDOM; 5343 } else { 5344 BT_ERR("Ignoring invalid connection parameters"); 5345 continue; 5346 } 5347 5348 min = le16_to_cpu(param->min_interval); 5349 max = le16_to_cpu(param->max_interval); 5350 latency = le16_to_cpu(param->latency); 5351 timeout = le16_to_cpu(param->timeout); 5352 5353 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 5354 min, max, latency, timeout); 5355 5356 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 5357 BT_ERR("Ignoring invalid connection parameters"); 5358 continue; 5359 } 5360 5361 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 5362 addr_type); 5363 if (!hci_param) { 5364 BT_ERR("Failed to add connection parameters"); 5365 continue; 5366 } 5367 5368 hci_param->conn_min_interval = min; 5369 hci_param->conn_max_interval = max; 5370 hci_param->conn_latency = latency; 5371 hci_param->supervision_timeout = timeout; 5372 } 5373 5374 hci_dev_unlock(hdev); 5375 5376 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 5377 NULL, 0); 5378 } 5379 5380 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 5381 void *data, u16 len) 5382 { 5383 struct mgmt_cp_set_external_config *cp = data; 5384 bool changed; 5385 int err; 5386 5387 BT_DBG("%s", hdev->name); 5388 5389 if (hdev_is_powered(hdev)) 5390 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5391 MGMT_STATUS_REJECTED); 5392 5393 if (cp->config != 0x00 && cp->config != 0x01) 5394 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5395 MGMT_STATUS_INVALID_PARAMS); 5396 5397 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 5398 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 5399 MGMT_STATUS_NOT_SUPPORTED); 5400 5401 hci_dev_lock(hdev); 5402 5403 if (cp->config) 5404 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 5405 else 5406 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 5407 5408 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 5409 if (err < 0) 5410 goto unlock; 5411 5412 if (!changed) 5413 goto unlock; 5414 5415 err = new_options(hdev, sk); 5416 5417 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 5418 mgmt_index_removed(hdev); 5419 5420 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 5421 hci_dev_set_flag(hdev, HCI_CONFIG); 5422 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5423 5424 queue_work(hdev->req_workqueue, &hdev->power_on); 5425 } else { 5426 set_bit(HCI_RAW, &hdev->flags); 5427 mgmt_index_added(hdev); 5428 } 5429 } 5430 5431 unlock: 5432 hci_dev_unlock(hdev); 5433 return err; 5434 } 5435 5436 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 5437 void *data, u16 len) 5438 { 5439 struct mgmt_cp_set_public_address *cp = data; 5440 bool changed; 5441 int err; 5442 5443 BT_DBG("%s", hdev->name); 5444 5445 if (hdev_is_powered(hdev)) 5446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5447 MGMT_STATUS_REJECTED); 5448 5449 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 5450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5451 MGMT_STATUS_INVALID_PARAMS); 5452 5453 if (!hdev->set_bdaddr) 5454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 5455 MGMT_STATUS_NOT_SUPPORTED); 5456 5457 hci_dev_lock(hdev); 5458 5459 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 5460 bacpy(&hdev->public_addr, &cp->bdaddr); 5461 5462 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 5463 if (err < 0) 5464 goto unlock; 5465 5466 if (!changed) 5467 goto unlock; 5468 5469 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 5470 err = new_options(hdev, sk); 5471 5472 if (is_configured(hdev)) { 5473 mgmt_index_removed(hdev); 5474 5475 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 5476 5477 hci_dev_set_flag(hdev, HCI_CONFIG); 5478 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 5479 5480 queue_work(hdev->req_workqueue, &hdev->power_on); 5481 } 5482 5483 unlock: 5484 hci_dev_unlock(hdev); 5485 return err; 5486 } 5487 5488 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, 5489 u8 data_len) 5490 { 5491 eir[eir_len++] = sizeof(type) + data_len; 5492 eir[eir_len++] = type; 5493 memcpy(&eir[eir_len], data, data_len); 5494 eir_len += data_len; 5495 5496 return eir_len; 5497 } 5498 5499 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status, 5500 u16 opcode, struct sk_buff *skb) 5501 { 5502 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 5503 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 5504 u8 *h192, *r192, *h256, *r256; 5505 struct mgmt_pending_cmd *cmd; 5506 u16 eir_len; 5507 int err; 5508 5509 BT_DBG("%s status %u", hdev->name, status); 5510 5511 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev); 5512 if (!cmd) 5513 return; 5514 5515 mgmt_cp = cmd->param; 5516 5517 if (status) { 5518 status = mgmt_status(status); 5519 eir_len = 0; 5520 5521 h192 = NULL; 5522 r192 = NULL; 5523 h256 = NULL; 5524 r256 = NULL; 5525 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) { 5526 struct hci_rp_read_local_oob_data *rp; 5527 5528 if (skb->len != sizeof(*rp)) { 5529 status = MGMT_STATUS_FAILED; 5530 eir_len = 0; 5531 } else { 5532 status = MGMT_STATUS_SUCCESS; 5533 rp = (void *)skb->data; 5534 5535 eir_len = 5 + 18 + 18; 5536 h192 = rp->hash; 5537 r192 = rp->rand; 5538 h256 = NULL; 5539 r256 = NULL; 5540 } 5541 } else { 5542 struct hci_rp_read_local_oob_ext_data *rp; 5543 5544 if (skb->len != sizeof(*rp)) { 5545 status = MGMT_STATUS_FAILED; 5546 eir_len = 0; 5547 } else { 5548 status = MGMT_STATUS_SUCCESS; 5549 rp = (void *)skb->data; 5550 5551 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 5552 eir_len = 5 + 18 + 18; 5553 h192 = NULL; 5554 r192 = NULL; 5555 } else { 5556 eir_len = 5 + 18 + 18 + 18 + 18; 5557 h192 = rp->hash192; 5558 r192 = rp->rand192; 5559 } 5560 5561 h256 = rp->hash256; 5562 r256 = rp->rand256; 5563 } 5564 } 5565 5566 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 5567 if (!mgmt_rp) 5568 goto done; 5569 5570 if (status) 5571 goto send_rsp; 5572 5573 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 5574 hdev->dev_class, 3); 5575 5576 if (h192 && r192) { 5577 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5578 EIR_SSP_HASH_C192, h192, 16); 5579 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5580 EIR_SSP_RAND_R192, r192, 16); 5581 } 5582 5583 if (h256 && r256) { 5584 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5585 EIR_SSP_HASH_C256, h256, 16); 5586 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 5587 EIR_SSP_RAND_R256, r256, 16); 5588 } 5589 5590 send_rsp: 5591 mgmt_rp->type = mgmt_cp->type; 5592 mgmt_rp->eir_len = cpu_to_le16(eir_len); 5593 5594 err = mgmt_cmd_complete(cmd->sk, hdev->id, 5595 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 5596 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 5597 if (err < 0 || status) 5598 goto done; 5599 5600 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 5601 5602 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5603 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 5604 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 5605 done: 5606 kfree(mgmt_rp); 5607 mgmt_pending_remove(cmd); 5608 } 5609 5610 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 5611 struct mgmt_cp_read_local_oob_ext_data *cp) 5612 { 5613 struct mgmt_pending_cmd *cmd; 5614 struct hci_request req; 5615 int err; 5616 5617 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 5618 cp, sizeof(*cp)); 5619 if (!cmd) 5620 return -ENOMEM; 5621 5622 hci_req_init(&req, hdev); 5623 5624 if (bredr_sc_enabled(hdev)) 5625 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL); 5626 else 5627 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 5628 5629 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete); 5630 if (err < 0) { 5631 mgmt_pending_remove(cmd); 5632 return err; 5633 } 5634 5635 return 0; 5636 } 5637 5638 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 5639 void *data, u16 data_len) 5640 { 5641 struct mgmt_cp_read_local_oob_ext_data *cp = data; 5642 struct mgmt_rp_read_local_oob_ext_data *rp; 5643 size_t rp_len; 5644 u16 eir_len; 5645 u8 status, flags, role, addr[7], hash[16], rand[16]; 5646 int err; 5647 5648 BT_DBG("%s", hdev->name); 5649 5650 if (hdev_is_powered(hdev)) { 5651 switch (cp->type) { 5652 case BIT(BDADDR_BREDR): 5653 status = mgmt_bredr_support(hdev); 5654 if (status) 5655 eir_len = 0; 5656 else 5657 eir_len = 5; 5658 break; 5659 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5660 status = mgmt_le_support(hdev); 5661 if (status) 5662 eir_len = 0; 5663 else 5664 eir_len = 9 + 3 + 18 + 18 + 3; 5665 break; 5666 default: 5667 status = MGMT_STATUS_INVALID_PARAMS; 5668 eir_len = 0; 5669 break; 5670 } 5671 } else { 5672 status = MGMT_STATUS_NOT_POWERED; 5673 eir_len = 0; 5674 } 5675 5676 rp_len = sizeof(*rp) + eir_len; 5677 rp = kmalloc(rp_len, GFP_ATOMIC); 5678 if (!rp) 5679 return -ENOMEM; 5680 5681 if (status) 5682 goto complete; 5683 5684 hci_dev_lock(hdev); 5685 5686 eir_len = 0; 5687 switch (cp->type) { 5688 case BIT(BDADDR_BREDR): 5689 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 5690 err = read_local_ssp_oob_req(hdev, sk, cp); 5691 hci_dev_unlock(hdev); 5692 if (!err) 5693 goto done; 5694 5695 status = MGMT_STATUS_FAILED; 5696 goto complete; 5697 } else { 5698 eir_len = eir_append_data(rp->eir, eir_len, 5699 EIR_CLASS_OF_DEV, 5700 hdev->dev_class, 3); 5701 } 5702 break; 5703 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 5704 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 5705 smp_generate_oob(hdev, hash, rand) < 0) { 5706 hci_dev_unlock(hdev); 5707 status = MGMT_STATUS_FAILED; 5708 goto complete; 5709 } 5710 5711 /* This should return the active RPA, but since the RPA 5712 * is only programmed on demand, it is really hard to fill 5713 * this in at the moment. For now disallow retrieving 5714 * local out-of-band data when privacy is in use. 5715 * 5716 * Returning the identity address will not help here since 5717 * pairing happens before the identity resolving key is 5718 * known and thus the connection establishment happens 5719 * based on the RPA and not the identity address. 5720 */ 5721 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 5722 hci_dev_unlock(hdev); 5723 status = MGMT_STATUS_REJECTED; 5724 goto complete; 5725 } 5726 5727 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 5728 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 5729 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 5730 bacmp(&hdev->static_addr, BDADDR_ANY))) { 5731 memcpy(addr, &hdev->static_addr, 6); 5732 addr[6] = 0x01; 5733 } else { 5734 memcpy(addr, &hdev->bdaddr, 6); 5735 addr[6] = 0x00; 5736 } 5737 5738 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 5739 addr, sizeof(addr)); 5740 5741 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 5742 role = 0x02; 5743 else 5744 role = 0x01; 5745 5746 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 5747 &role, sizeof(role)); 5748 5749 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 5750 eir_len = eir_append_data(rp->eir, eir_len, 5751 EIR_LE_SC_CONFIRM, 5752 hash, sizeof(hash)); 5753 5754 eir_len = eir_append_data(rp->eir, eir_len, 5755 EIR_LE_SC_RANDOM, 5756 rand, sizeof(rand)); 5757 } 5758 5759 flags = mgmt_get_adv_discov_flags(hdev); 5760 5761 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 5762 flags |= LE_AD_NO_BREDR; 5763 5764 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 5765 &flags, sizeof(flags)); 5766 break; 5767 } 5768 5769 hci_dev_unlock(hdev); 5770 5771 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 5772 5773 status = MGMT_STATUS_SUCCESS; 5774 5775 complete: 5776 rp->type = cp->type; 5777 rp->eir_len = cpu_to_le16(eir_len); 5778 5779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 5780 status, rp, sizeof(*rp) + eir_len); 5781 if (err < 0 || status) 5782 goto done; 5783 5784 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 5785 rp, sizeof(*rp) + eir_len, 5786 HCI_MGMT_OOB_DATA_EVENTS, sk); 5787 5788 done: 5789 kfree(rp); 5790 5791 return err; 5792 } 5793 5794 static u32 get_supported_adv_flags(struct hci_dev *hdev) 5795 { 5796 u32 flags = 0; 5797 5798 flags |= MGMT_ADV_FLAG_CONNECTABLE; 5799 flags |= MGMT_ADV_FLAG_DISCOV; 5800 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 5801 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 5802 5803 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) 5804 flags |= MGMT_ADV_FLAG_TX_POWER; 5805 5806 return flags; 5807 } 5808 5809 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 5810 void *data, u16 data_len) 5811 { 5812 struct mgmt_rp_read_adv_features *rp; 5813 size_t rp_len; 5814 int err; 5815 struct adv_info *adv_instance; 5816 u32 supported_flags; 5817 u8 *instance; 5818 5819 BT_DBG("%s", hdev->name); 5820 5821 if (!lmp_le_capable(hdev)) 5822 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5823 MGMT_STATUS_REJECTED); 5824 5825 hci_dev_lock(hdev); 5826 5827 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 5828 rp = kmalloc(rp_len, GFP_ATOMIC); 5829 if (!rp) { 5830 hci_dev_unlock(hdev); 5831 return -ENOMEM; 5832 } 5833 5834 supported_flags = get_supported_adv_flags(hdev); 5835 5836 rp->supported_flags = cpu_to_le32(supported_flags); 5837 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 5838 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 5839 rp->max_instances = HCI_MAX_ADV_INSTANCES; 5840 rp->num_instances = hdev->adv_instance_cnt; 5841 5842 instance = rp->instance; 5843 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 5844 *instance = adv_instance->instance; 5845 instance++; 5846 } 5847 5848 hci_dev_unlock(hdev); 5849 5850 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 5851 MGMT_STATUS_SUCCESS, rp, rp_len); 5852 5853 kfree(rp); 5854 5855 return err; 5856 } 5857 5858 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 5859 u8 len, bool is_adv_data) 5860 { 5861 u8 max_len = HCI_MAX_AD_LENGTH; 5862 int i, cur_len; 5863 bool flags_managed = false; 5864 bool tx_power_managed = false; 5865 5866 if (is_adv_data) { 5867 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 5868 MGMT_ADV_FLAG_LIMITED_DISCOV | 5869 MGMT_ADV_FLAG_MANAGED_FLAGS)) { 5870 flags_managed = true; 5871 max_len -= 3; 5872 } 5873 5874 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) { 5875 tx_power_managed = true; 5876 max_len -= 3; 5877 } 5878 } 5879 5880 if (len > max_len) 5881 return false; 5882 5883 /* Make sure that the data is correctly formatted. */ 5884 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) { 5885 cur_len = data[i]; 5886 5887 if (flags_managed && data[i + 1] == EIR_FLAGS) 5888 return false; 5889 5890 if (tx_power_managed && data[i + 1] == EIR_TX_POWER) 5891 return false; 5892 5893 /* If the current field length would exceed the total data 5894 * length, then it's invalid. 5895 */ 5896 if (i + cur_len >= len) 5897 return false; 5898 } 5899 5900 return true; 5901 } 5902 5903 static void add_advertising_complete(struct hci_dev *hdev, u8 status, 5904 u16 opcode) 5905 { 5906 struct mgmt_pending_cmd *cmd; 5907 struct mgmt_cp_add_advertising *cp; 5908 struct mgmt_rp_add_advertising rp; 5909 struct adv_info *adv_instance, *n; 5910 u8 instance; 5911 5912 BT_DBG("status %d", status); 5913 5914 hci_dev_lock(hdev); 5915 5916 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev); 5917 5918 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 5919 if (!adv_instance->pending) 5920 continue; 5921 5922 if (!status) { 5923 adv_instance->pending = false; 5924 continue; 5925 } 5926 5927 instance = adv_instance->instance; 5928 5929 if (hdev->cur_adv_instance == instance) 5930 cancel_adv_timeout(hdev); 5931 5932 hci_remove_adv_instance(hdev, instance); 5933 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance); 5934 } 5935 5936 if (!cmd) 5937 goto unlock; 5938 5939 cp = cmd->param; 5940 rp.instance = cp->instance; 5941 5942 if (status) 5943 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 5944 mgmt_status(status)); 5945 else 5946 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5947 mgmt_status(status), &rp, sizeof(rp)); 5948 5949 mgmt_pending_remove(cmd); 5950 5951 unlock: 5952 hci_dev_unlock(hdev); 5953 } 5954 5955 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 5956 void *data, u16 data_len) 5957 { 5958 struct mgmt_cp_add_advertising *cp = data; 5959 struct mgmt_rp_add_advertising rp; 5960 u32 flags; 5961 u32 supported_flags; 5962 u8 status; 5963 u16 timeout, duration; 5964 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 5965 u8 schedule_instance = 0; 5966 struct adv_info *next_instance; 5967 int err; 5968 struct mgmt_pending_cmd *cmd; 5969 struct hci_request req; 5970 5971 BT_DBG("%s", hdev->name); 5972 5973 status = mgmt_le_support(hdev); 5974 if (status) 5975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5976 status); 5977 5978 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 5979 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5980 MGMT_STATUS_INVALID_PARAMS); 5981 5982 flags = __le32_to_cpu(cp->flags); 5983 timeout = __le16_to_cpu(cp->timeout); 5984 duration = __le16_to_cpu(cp->duration); 5985 5986 /* The current implementation only supports a subset of the specified 5987 * flags. 5988 */ 5989 supported_flags = get_supported_adv_flags(hdev); 5990 if (flags & ~supported_flags) 5991 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5992 MGMT_STATUS_INVALID_PARAMS); 5993 5994 hci_dev_lock(hdev); 5995 5996 if (timeout && !hdev_is_powered(hdev)) { 5997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 5998 MGMT_STATUS_REJECTED); 5999 goto unlock; 6000 } 6001 6002 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6003 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6004 pending_find(MGMT_OP_SET_LE, hdev)) { 6005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6006 MGMT_STATUS_BUSY); 6007 goto unlock; 6008 } 6009 6010 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 6011 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 6012 cp->scan_rsp_len, false)) { 6013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6014 MGMT_STATUS_INVALID_PARAMS); 6015 goto unlock; 6016 } 6017 6018 err = hci_add_adv_instance(hdev, cp->instance, flags, 6019 cp->adv_data_len, cp->data, 6020 cp->scan_rsp_len, 6021 cp->data + cp->adv_data_len, 6022 timeout, duration); 6023 if (err < 0) { 6024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6025 MGMT_STATUS_FAILED); 6026 goto unlock; 6027 } 6028 6029 /* Only trigger an advertising added event if a new instance was 6030 * actually added. 6031 */ 6032 if (hdev->adv_instance_cnt > prev_instance_cnt) 6033 mgmt_advertising_added(sk, hdev, cp->instance); 6034 6035 if (hdev->cur_adv_instance == cp->instance) { 6036 /* If the currently advertised instance is being changed then 6037 * cancel the current advertising and schedule the next 6038 * instance. If there is only one instance then the overridden 6039 * advertising data will be visible right away. 6040 */ 6041 cancel_adv_timeout(hdev); 6042 6043 next_instance = hci_get_next_instance(hdev, cp->instance); 6044 if (next_instance) 6045 schedule_instance = next_instance->instance; 6046 } else if (!hdev->adv_instance_timeout) { 6047 /* Immediately advertise the new instance if no other 6048 * instance is currently being advertised. 6049 */ 6050 schedule_instance = cp->instance; 6051 } 6052 6053 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 6054 * there is no instance to be advertised then we have no HCI 6055 * communication to make. Simply return. 6056 */ 6057 if (!hdev_is_powered(hdev) || 6058 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6059 !schedule_instance) { 6060 rp.instance = cp->instance; 6061 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6062 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6063 goto unlock; 6064 } 6065 6066 /* We're good to go, update advertising data, parameters, and start 6067 * advertising. 6068 */ 6069 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 6070 data_len); 6071 if (!cmd) { 6072 err = -ENOMEM; 6073 goto unlock; 6074 } 6075 6076 hci_req_init(&req, hdev); 6077 6078 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true); 6079 6080 if (!err) 6081 err = hci_req_run(&req, add_advertising_complete); 6082 6083 if (err < 0) 6084 mgmt_pending_remove(cmd); 6085 6086 unlock: 6087 hci_dev_unlock(hdev); 6088 6089 return err; 6090 } 6091 6092 static void remove_advertising_complete(struct hci_dev *hdev, u8 status, 6093 u16 opcode) 6094 { 6095 struct mgmt_pending_cmd *cmd; 6096 struct mgmt_cp_remove_advertising *cp; 6097 struct mgmt_rp_remove_advertising rp; 6098 6099 BT_DBG("status %d", status); 6100 6101 hci_dev_lock(hdev); 6102 6103 /* A failure status here only means that we failed to disable 6104 * advertising. Otherwise, the advertising instance has been removed, 6105 * so report success. 6106 */ 6107 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev); 6108 if (!cmd) 6109 goto unlock; 6110 6111 cp = cmd->param; 6112 rp.instance = cp->instance; 6113 6114 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS, 6115 &rp, sizeof(rp)); 6116 mgmt_pending_remove(cmd); 6117 6118 unlock: 6119 hci_dev_unlock(hdev); 6120 } 6121 6122 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 6123 void *data, u16 data_len) 6124 { 6125 struct mgmt_cp_remove_advertising *cp = data; 6126 struct mgmt_rp_remove_advertising rp; 6127 struct mgmt_pending_cmd *cmd; 6128 struct hci_request req; 6129 int err; 6130 6131 BT_DBG("%s", hdev->name); 6132 6133 hci_dev_lock(hdev); 6134 6135 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 6136 err = mgmt_cmd_status(sk, hdev->id, 6137 MGMT_OP_REMOVE_ADVERTISING, 6138 MGMT_STATUS_INVALID_PARAMS); 6139 goto unlock; 6140 } 6141 6142 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 6143 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 6144 pending_find(MGMT_OP_SET_LE, hdev)) { 6145 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6146 MGMT_STATUS_BUSY); 6147 goto unlock; 6148 } 6149 6150 if (list_empty(&hdev->adv_instances)) { 6151 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 6152 MGMT_STATUS_INVALID_PARAMS); 6153 goto unlock; 6154 } 6155 6156 hci_req_init(&req, hdev); 6157 6158 hci_req_clear_adv_instance(hdev, &req, cp->instance, true); 6159 6160 if (list_empty(&hdev->adv_instances)) 6161 __hci_req_disable_advertising(&req); 6162 6163 /* If no HCI commands have been collected so far or the HCI_ADVERTISING 6164 * flag is set or the device isn't powered then we have no HCI 6165 * communication to make. Simply return. 6166 */ 6167 if (skb_queue_empty(&req.cmd_q) || 6168 !hdev_is_powered(hdev) || 6169 hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 6170 rp.instance = cp->instance; 6171 err = mgmt_cmd_complete(sk, hdev->id, 6172 MGMT_OP_REMOVE_ADVERTISING, 6173 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6174 goto unlock; 6175 } 6176 6177 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 6178 data_len); 6179 if (!cmd) { 6180 err = -ENOMEM; 6181 goto unlock; 6182 } 6183 6184 err = hci_req_run(&req, remove_advertising_complete); 6185 if (err < 0) 6186 mgmt_pending_remove(cmd); 6187 6188 unlock: 6189 hci_dev_unlock(hdev); 6190 6191 return err; 6192 } 6193 6194 static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data) 6195 { 6196 u8 max_len = HCI_MAX_AD_LENGTH; 6197 6198 if (is_adv_data) { 6199 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 6200 MGMT_ADV_FLAG_LIMITED_DISCOV | 6201 MGMT_ADV_FLAG_MANAGED_FLAGS)) 6202 max_len -= 3; 6203 6204 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 6205 max_len -= 3; 6206 } 6207 6208 return max_len; 6209 } 6210 6211 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 6212 void *data, u16 data_len) 6213 { 6214 struct mgmt_cp_get_adv_size_info *cp = data; 6215 struct mgmt_rp_get_adv_size_info rp; 6216 u32 flags, supported_flags; 6217 int err; 6218 6219 BT_DBG("%s", hdev->name); 6220 6221 if (!lmp_le_capable(hdev)) 6222 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6223 MGMT_STATUS_REJECTED); 6224 6225 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 6226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6227 MGMT_STATUS_INVALID_PARAMS); 6228 6229 flags = __le32_to_cpu(cp->flags); 6230 6231 /* The current implementation only supports a subset of the specified 6232 * flags. 6233 */ 6234 supported_flags = get_supported_adv_flags(hdev); 6235 if (flags & ~supported_flags) 6236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6237 MGMT_STATUS_INVALID_PARAMS); 6238 6239 rp.instance = cp->instance; 6240 rp.flags = cp->flags; 6241 rp.max_adv_data_len = tlv_data_max_len(flags, true); 6242 rp.max_scan_rsp_len = tlv_data_max_len(flags, false); 6243 6244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 6245 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6246 6247 return err; 6248 } 6249 6250 static const struct hci_mgmt_handler mgmt_handlers[] = { 6251 { NULL }, /* 0x0000 (no command) */ 6252 { read_version, MGMT_READ_VERSION_SIZE, 6253 HCI_MGMT_NO_HDEV | 6254 HCI_MGMT_UNTRUSTED }, 6255 { read_commands, MGMT_READ_COMMANDS_SIZE, 6256 HCI_MGMT_NO_HDEV | 6257 HCI_MGMT_UNTRUSTED }, 6258 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 6259 HCI_MGMT_NO_HDEV | 6260 HCI_MGMT_UNTRUSTED }, 6261 { read_controller_info, MGMT_READ_INFO_SIZE, 6262 HCI_MGMT_UNTRUSTED }, 6263 { set_powered, MGMT_SETTING_SIZE }, 6264 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 6265 { set_connectable, MGMT_SETTING_SIZE }, 6266 { set_fast_connectable, MGMT_SETTING_SIZE }, 6267 { set_bondable, MGMT_SETTING_SIZE }, 6268 { set_link_security, MGMT_SETTING_SIZE }, 6269 { set_ssp, MGMT_SETTING_SIZE }, 6270 { set_hs, MGMT_SETTING_SIZE }, 6271 { set_le, MGMT_SETTING_SIZE }, 6272 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 6273 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 6274 { add_uuid, MGMT_ADD_UUID_SIZE }, 6275 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 6276 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 6277 HCI_MGMT_VAR_LEN }, 6278 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 6279 HCI_MGMT_VAR_LEN }, 6280 { disconnect, MGMT_DISCONNECT_SIZE }, 6281 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 6282 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 6283 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 6284 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 6285 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 6286 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 6287 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 6288 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 6289 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 6290 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 6291 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 6292 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 6293 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 6294 HCI_MGMT_VAR_LEN }, 6295 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 6296 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 6297 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 6298 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 6299 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 6300 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 6301 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 6302 { set_advertising, MGMT_SETTING_SIZE }, 6303 { set_bredr, MGMT_SETTING_SIZE }, 6304 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 6305 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 6306 { set_secure_conn, MGMT_SETTING_SIZE }, 6307 { set_debug_keys, MGMT_SETTING_SIZE }, 6308 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 6309 { load_irks, MGMT_LOAD_IRKS_SIZE, 6310 HCI_MGMT_VAR_LEN }, 6311 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 6312 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 6313 { add_device, MGMT_ADD_DEVICE_SIZE }, 6314 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 6315 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 6316 HCI_MGMT_VAR_LEN }, 6317 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 6318 HCI_MGMT_NO_HDEV | 6319 HCI_MGMT_UNTRUSTED }, 6320 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 6321 HCI_MGMT_UNCONFIGURED | 6322 HCI_MGMT_UNTRUSTED }, 6323 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 6324 HCI_MGMT_UNCONFIGURED }, 6325 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 6326 HCI_MGMT_UNCONFIGURED }, 6327 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 6328 HCI_MGMT_VAR_LEN }, 6329 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 6330 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 6331 HCI_MGMT_NO_HDEV | 6332 HCI_MGMT_UNTRUSTED }, 6333 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 6334 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 6335 HCI_MGMT_VAR_LEN }, 6336 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 6337 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 6338 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 6339 }; 6340 6341 void mgmt_index_added(struct hci_dev *hdev) 6342 { 6343 struct mgmt_ev_ext_index ev; 6344 6345 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6346 return; 6347 6348 switch (hdev->dev_type) { 6349 case HCI_BREDR: 6350 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6351 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 6352 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6353 ev.type = 0x01; 6354 } else { 6355 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 6356 HCI_MGMT_INDEX_EVENTS); 6357 ev.type = 0x00; 6358 } 6359 break; 6360 case HCI_AMP: 6361 ev.type = 0x02; 6362 break; 6363 default: 6364 return; 6365 } 6366 6367 ev.bus = hdev->bus; 6368 6369 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 6370 HCI_MGMT_EXT_INDEX_EVENTS); 6371 } 6372 6373 void mgmt_index_removed(struct hci_dev *hdev) 6374 { 6375 struct mgmt_ev_ext_index ev; 6376 u8 status = MGMT_STATUS_INVALID_INDEX; 6377 6378 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 6379 return; 6380 6381 switch (hdev->dev_type) { 6382 case HCI_BREDR: 6383 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6384 6385 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 6386 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 6387 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 6388 ev.type = 0x01; 6389 } else { 6390 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 6391 HCI_MGMT_INDEX_EVENTS); 6392 ev.type = 0x00; 6393 } 6394 break; 6395 case HCI_AMP: 6396 ev.type = 0x02; 6397 break; 6398 default: 6399 return; 6400 } 6401 6402 ev.bus = hdev->bus; 6403 6404 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 6405 HCI_MGMT_EXT_INDEX_EVENTS); 6406 } 6407 6408 /* This function requires the caller holds hdev->lock */ 6409 static void restart_le_actions(struct hci_dev *hdev) 6410 { 6411 struct hci_conn_params *p; 6412 6413 list_for_each_entry(p, &hdev->le_conn_params, list) { 6414 /* Needed for AUTO_OFF case where might not "really" 6415 * have been powered off. 6416 */ 6417 list_del_init(&p->action); 6418 6419 switch (p->auto_connect) { 6420 case HCI_AUTO_CONN_DIRECT: 6421 case HCI_AUTO_CONN_ALWAYS: 6422 list_add(&p->action, &hdev->pend_le_conns); 6423 break; 6424 case HCI_AUTO_CONN_REPORT: 6425 list_add(&p->action, &hdev->pend_le_reports); 6426 break; 6427 default: 6428 break; 6429 } 6430 } 6431 } 6432 6433 void mgmt_power_on(struct hci_dev *hdev, int err) 6434 { 6435 struct cmd_lookup match = { NULL, hdev }; 6436 6437 BT_DBG("err %d", err); 6438 6439 hci_dev_lock(hdev); 6440 6441 if (!err) { 6442 restart_le_actions(hdev); 6443 hci_update_background_scan(hdev); 6444 } 6445 6446 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6447 6448 new_settings(hdev, match.sk); 6449 6450 if (match.sk) 6451 sock_put(match.sk); 6452 6453 hci_dev_unlock(hdev); 6454 } 6455 6456 void __mgmt_power_off(struct hci_dev *hdev) 6457 { 6458 struct cmd_lookup match = { NULL, hdev }; 6459 u8 status, zero_cod[] = { 0, 0, 0 }; 6460 6461 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 6462 6463 /* If the power off is because of hdev unregistration let 6464 * use the appropriate INVALID_INDEX status. Otherwise use 6465 * NOT_POWERED. We cover both scenarios here since later in 6466 * mgmt_index_removed() any hci_conn callbacks will have already 6467 * been triggered, potentially causing misleading DISCONNECTED 6468 * status responses. 6469 */ 6470 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 6471 status = MGMT_STATUS_INVALID_INDEX; 6472 else 6473 status = MGMT_STATUS_NOT_POWERED; 6474 6475 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 6476 6477 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) 6478 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 6479 zero_cod, sizeof(zero_cod), NULL); 6480 6481 new_settings(hdev, match.sk); 6482 6483 if (match.sk) 6484 sock_put(match.sk); 6485 } 6486 6487 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 6488 { 6489 struct mgmt_pending_cmd *cmd; 6490 u8 status; 6491 6492 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6493 if (!cmd) 6494 return; 6495 6496 if (err == -ERFKILL) 6497 status = MGMT_STATUS_RFKILLED; 6498 else 6499 status = MGMT_STATUS_FAILED; 6500 6501 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 6502 6503 mgmt_pending_remove(cmd); 6504 } 6505 6506 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 6507 bool persistent) 6508 { 6509 struct mgmt_ev_new_link_key ev; 6510 6511 memset(&ev, 0, sizeof(ev)); 6512 6513 ev.store_hint = persistent; 6514 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6515 ev.key.addr.type = BDADDR_BREDR; 6516 ev.key.type = key->type; 6517 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 6518 ev.key.pin_len = key->pin_len; 6519 6520 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 6521 } 6522 6523 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 6524 { 6525 switch (ltk->type) { 6526 case SMP_LTK: 6527 case SMP_LTK_SLAVE: 6528 if (ltk->authenticated) 6529 return MGMT_LTK_AUTHENTICATED; 6530 return MGMT_LTK_UNAUTHENTICATED; 6531 case SMP_LTK_P256: 6532 if (ltk->authenticated) 6533 return MGMT_LTK_P256_AUTH; 6534 return MGMT_LTK_P256_UNAUTH; 6535 case SMP_LTK_P256_DEBUG: 6536 return MGMT_LTK_P256_DEBUG; 6537 } 6538 6539 return MGMT_LTK_UNAUTHENTICATED; 6540 } 6541 6542 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 6543 { 6544 struct mgmt_ev_new_long_term_key ev; 6545 6546 memset(&ev, 0, sizeof(ev)); 6547 6548 /* Devices using resolvable or non-resolvable random addresses 6549 * without providing an identity resolving key don't require 6550 * to store long term keys. Their addresses will change the 6551 * next time around. 6552 * 6553 * Only when a remote device provides an identity address 6554 * make sure the long term key is stored. If the remote 6555 * identity is known, the long term keys are internally 6556 * mapped to the identity address. So allow static random 6557 * and public addresses here. 6558 */ 6559 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 6560 (key->bdaddr.b[5] & 0xc0) != 0xc0) 6561 ev.store_hint = 0x00; 6562 else 6563 ev.store_hint = persistent; 6564 6565 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 6566 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 6567 ev.key.type = mgmt_ltk_type(key); 6568 ev.key.enc_size = key->enc_size; 6569 ev.key.ediv = key->ediv; 6570 ev.key.rand = key->rand; 6571 6572 if (key->type == SMP_LTK) 6573 ev.key.master = 1; 6574 6575 /* Make sure we copy only the significant bytes based on the 6576 * encryption key size, and set the rest of the value to zeroes. 6577 */ 6578 memcpy(ev.key.val, key->val, key->enc_size); 6579 memset(ev.key.val + key->enc_size, 0, 6580 sizeof(ev.key.val) - key->enc_size); 6581 6582 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 6583 } 6584 6585 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 6586 { 6587 struct mgmt_ev_new_irk ev; 6588 6589 memset(&ev, 0, sizeof(ev)); 6590 6591 ev.store_hint = persistent; 6592 6593 bacpy(&ev.rpa, &irk->rpa); 6594 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 6595 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 6596 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 6597 6598 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 6599 } 6600 6601 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 6602 bool persistent) 6603 { 6604 struct mgmt_ev_new_csrk ev; 6605 6606 memset(&ev, 0, sizeof(ev)); 6607 6608 /* Devices using resolvable or non-resolvable random addresses 6609 * without providing an identity resolving key don't require 6610 * to store signature resolving keys. Their addresses will change 6611 * the next time around. 6612 * 6613 * Only when a remote device provides an identity address 6614 * make sure the signature resolving key is stored. So allow 6615 * static random and public addresses here. 6616 */ 6617 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 6618 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 6619 ev.store_hint = 0x00; 6620 else 6621 ev.store_hint = persistent; 6622 6623 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 6624 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 6625 ev.key.type = csrk->type; 6626 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 6627 6628 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 6629 } 6630 6631 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 6632 u8 bdaddr_type, u8 store_hint, u16 min_interval, 6633 u16 max_interval, u16 latency, u16 timeout) 6634 { 6635 struct mgmt_ev_new_conn_param ev; 6636 6637 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 6638 return; 6639 6640 memset(&ev, 0, sizeof(ev)); 6641 bacpy(&ev.addr.bdaddr, bdaddr); 6642 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 6643 ev.store_hint = store_hint; 6644 ev.min_interval = cpu_to_le16(min_interval); 6645 ev.max_interval = cpu_to_le16(max_interval); 6646 ev.latency = cpu_to_le16(latency); 6647 ev.timeout = cpu_to_le16(timeout); 6648 6649 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 6650 } 6651 6652 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 6653 u32 flags, u8 *name, u8 name_len) 6654 { 6655 char buf[512]; 6656 struct mgmt_ev_device_connected *ev = (void *) buf; 6657 u16 eir_len = 0; 6658 6659 bacpy(&ev->addr.bdaddr, &conn->dst); 6660 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6661 6662 ev->flags = __cpu_to_le32(flags); 6663 6664 /* We must ensure that the EIR Data fields are ordered and 6665 * unique. Keep it simple for now and avoid the problem by not 6666 * adding any BR/EDR data to the LE adv. 6667 */ 6668 if (conn->le_adv_data_len > 0) { 6669 memcpy(&ev->eir[eir_len], 6670 conn->le_adv_data, conn->le_adv_data_len); 6671 eir_len = conn->le_adv_data_len; 6672 } else { 6673 if (name_len > 0) 6674 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 6675 name, name_len); 6676 6677 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0) 6678 eir_len = eir_append_data(ev->eir, eir_len, 6679 EIR_CLASS_OF_DEV, 6680 conn->dev_class, 3); 6681 } 6682 6683 ev->eir_len = cpu_to_le16(eir_len); 6684 6685 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 6686 sizeof(*ev) + eir_len, NULL); 6687 } 6688 6689 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 6690 { 6691 struct sock **sk = data; 6692 6693 cmd->cmd_complete(cmd, 0); 6694 6695 *sk = cmd->sk; 6696 sock_hold(*sk); 6697 6698 mgmt_pending_remove(cmd); 6699 } 6700 6701 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 6702 { 6703 struct hci_dev *hdev = data; 6704 struct mgmt_cp_unpair_device *cp = cmd->param; 6705 6706 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 6707 6708 cmd->cmd_complete(cmd, 0); 6709 mgmt_pending_remove(cmd); 6710 } 6711 6712 bool mgmt_powering_down(struct hci_dev *hdev) 6713 { 6714 struct mgmt_pending_cmd *cmd; 6715 struct mgmt_mode *cp; 6716 6717 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 6718 if (!cmd) 6719 return false; 6720 6721 cp = cmd->param; 6722 if (!cp->val) 6723 return true; 6724 6725 return false; 6726 } 6727 6728 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 6729 u8 link_type, u8 addr_type, u8 reason, 6730 bool mgmt_connected) 6731 { 6732 struct mgmt_ev_device_disconnected ev; 6733 struct sock *sk = NULL; 6734 6735 /* The connection is still in hci_conn_hash so test for 1 6736 * instead of 0 to know if this is the last one. 6737 */ 6738 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6739 cancel_delayed_work(&hdev->power_off); 6740 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6741 } 6742 6743 if (!mgmt_connected) 6744 return; 6745 6746 if (link_type != ACL_LINK && link_type != LE_LINK) 6747 return; 6748 6749 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 6750 6751 bacpy(&ev.addr.bdaddr, bdaddr); 6752 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6753 ev.reason = reason; 6754 6755 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 6756 6757 if (sk) 6758 sock_put(sk); 6759 6760 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6761 hdev); 6762 } 6763 6764 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 6765 u8 link_type, u8 addr_type, u8 status) 6766 { 6767 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 6768 struct mgmt_cp_disconnect *cp; 6769 struct mgmt_pending_cmd *cmd; 6770 6771 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 6772 hdev); 6773 6774 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 6775 if (!cmd) 6776 return; 6777 6778 cp = cmd->param; 6779 6780 if (bacmp(bdaddr, &cp->addr.bdaddr)) 6781 return; 6782 6783 if (cp->addr.type != bdaddr_type) 6784 return; 6785 6786 cmd->cmd_complete(cmd, mgmt_status(status)); 6787 mgmt_pending_remove(cmd); 6788 } 6789 6790 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 6791 u8 addr_type, u8 status) 6792 { 6793 struct mgmt_ev_connect_failed ev; 6794 6795 /* The connection is still in hci_conn_hash so test for 1 6796 * instead of 0 to know if this is the last one. 6797 */ 6798 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 6799 cancel_delayed_work(&hdev->power_off); 6800 queue_work(hdev->req_workqueue, &hdev->power_off.work); 6801 } 6802 6803 bacpy(&ev.addr.bdaddr, bdaddr); 6804 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6805 ev.status = mgmt_status(status); 6806 6807 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 6808 } 6809 6810 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 6811 { 6812 struct mgmt_ev_pin_code_request ev; 6813 6814 bacpy(&ev.addr.bdaddr, bdaddr); 6815 ev.addr.type = BDADDR_BREDR; 6816 ev.secure = secure; 6817 6818 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 6819 } 6820 6821 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6822 u8 status) 6823 { 6824 struct mgmt_pending_cmd *cmd; 6825 6826 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 6827 if (!cmd) 6828 return; 6829 6830 cmd->cmd_complete(cmd, mgmt_status(status)); 6831 mgmt_pending_remove(cmd); 6832 } 6833 6834 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6835 u8 status) 6836 { 6837 struct mgmt_pending_cmd *cmd; 6838 6839 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 6840 if (!cmd) 6841 return; 6842 6843 cmd->cmd_complete(cmd, mgmt_status(status)); 6844 mgmt_pending_remove(cmd); 6845 } 6846 6847 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6848 u8 link_type, u8 addr_type, u32 value, 6849 u8 confirm_hint) 6850 { 6851 struct mgmt_ev_user_confirm_request ev; 6852 6853 BT_DBG("%s", hdev->name); 6854 6855 bacpy(&ev.addr.bdaddr, bdaddr); 6856 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6857 ev.confirm_hint = confirm_hint; 6858 ev.value = cpu_to_le32(value); 6859 6860 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 6861 NULL); 6862 } 6863 6864 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 6865 u8 link_type, u8 addr_type) 6866 { 6867 struct mgmt_ev_user_passkey_request ev; 6868 6869 BT_DBG("%s", hdev->name); 6870 6871 bacpy(&ev.addr.bdaddr, bdaddr); 6872 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6873 6874 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 6875 NULL); 6876 } 6877 6878 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6879 u8 link_type, u8 addr_type, u8 status, 6880 u8 opcode) 6881 { 6882 struct mgmt_pending_cmd *cmd; 6883 6884 cmd = pending_find(opcode, hdev); 6885 if (!cmd) 6886 return -ENOENT; 6887 6888 cmd->cmd_complete(cmd, mgmt_status(status)); 6889 mgmt_pending_remove(cmd); 6890 6891 return 0; 6892 } 6893 6894 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6895 u8 link_type, u8 addr_type, u8 status) 6896 { 6897 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6898 status, MGMT_OP_USER_CONFIRM_REPLY); 6899 } 6900 6901 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6902 u8 link_type, u8 addr_type, u8 status) 6903 { 6904 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6905 status, 6906 MGMT_OP_USER_CONFIRM_NEG_REPLY); 6907 } 6908 6909 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6910 u8 link_type, u8 addr_type, u8 status) 6911 { 6912 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6913 status, MGMT_OP_USER_PASSKEY_REPLY); 6914 } 6915 6916 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 6917 u8 link_type, u8 addr_type, u8 status) 6918 { 6919 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 6920 status, 6921 MGMT_OP_USER_PASSKEY_NEG_REPLY); 6922 } 6923 6924 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 6925 u8 link_type, u8 addr_type, u32 passkey, 6926 u8 entered) 6927 { 6928 struct mgmt_ev_passkey_notify ev; 6929 6930 BT_DBG("%s", hdev->name); 6931 6932 bacpy(&ev.addr.bdaddr, bdaddr); 6933 ev.addr.type = link_to_bdaddr(link_type, addr_type); 6934 ev.passkey = __cpu_to_le32(passkey); 6935 ev.entered = entered; 6936 6937 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 6938 } 6939 6940 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 6941 { 6942 struct mgmt_ev_auth_failed ev; 6943 struct mgmt_pending_cmd *cmd; 6944 u8 status = mgmt_status(hci_status); 6945 6946 bacpy(&ev.addr.bdaddr, &conn->dst); 6947 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 6948 ev.status = status; 6949 6950 cmd = find_pairing(conn); 6951 6952 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 6953 cmd ? cmd->sk : NULL); 6954 6955 if (cmd) { 6956 cmd->cmd_complete(cmd, status); 6957 mgmt_pending_remove(cmd); 6958 } 6959 } 6960 6961 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 6962 { 6963 struct cmd_lookup match = { NULL, hdev }; 6964 bool changed; 6965 6966 if (status) { 6967 u8 mgmt_err = mgmt_status(status); 6968 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 6969 cmd_status_rsp, &mgmt_err); 6970 return; 6971 } 6972 6973 if (test_bit(HCI_AUTH, &hdev->flags)) 6974 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 6975 else 6976 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 6977 6978 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 6979 &match); 6980 6981 if (changed) 6982 new_settings(hdev, match.sk); 6983 6984 if (match.sk) 6985 sock_put(match.sk); 6986 } 6987 6988 static void clear_eir(struct hci_request *req) 6989 { 6990 struct hci_dev *hdev = req->hdev; 6991 struct hci_cp_write_eir cp; 6992 6993 if (!lmp_ext_inq_capable(hdev)) 6994 return; 6995 6996 memset(hdev->eir, 0, sizeof(hdev->eir)); 6997 6998 memset(&cp, 0, sizeof(cp)); 6999 7000 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 7001 } 7002 7003 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 7004 { 7005 struct cmd_lookup match = { NULL, hdev }; 7006 struct hci_request req; 7007 bool changed = false; 7008 7009 if (status) { 7010 u8 mgmt_err = mgmt_status(status); 7011 7012 if (enable && hci_dev_test_and_clear_flag(hdev, 7013 HCI_SSP_ENABLED)) { 7014 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7015 new_settings(hdev, NULL); 7016 } 7017 7018 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 7019 &mgmt_err); 7020 return; 7021 } 7022 7023 if (enable) { 7024 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 7025 } else { 7026 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 7027 if (!changed) 7028 changed = hci_dev_test_and_clear_flag(hdev, 7029 HCI_HS_ENABLED); 7030 else 7031 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 7032 } 7033 7034 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 7035 7036 if (changed) 7037 new_settings(hdev, match.sk); 7038 7039 if (match.sk) 7040 sock_put(match.sk); 7041 7042 hci_req_init(&req, hdev); 7043 7044 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7045 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) 7046 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE, 7047 sizeof(enable), &enable); 7048 __hci_req_update_eir(&req); 7049 } else { 7050 clear_eir(&req); 7051 } 7052 7053 hci_req_run(&req, NULL); 7054 } 7055 7056 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 7057 { 7058 struct cmd_lookup *match = data; 7059 7060 if (match->sk == NULL) { 7061 match->sk = cmd->sk; 7062 sock_hold(match->sk); 7063 } 7064 } 7065 7066 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 7067 u8 status) 7068 { 7069 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 7070 7071 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 7072 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 7073 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 7074 7075 if (!status) 7076 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 7077 dev_class, 3, NULL); 7078 7079 if (match.sk) 7080 sock_put(match.sk); 7081 } 7082 7083 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 7084 { 7085 struct mgmt_cp_set_local_name ev; 7086 struct mgmt_pending_cmd *cmd; 7087 7088 if (status) 7089 return; 7090 7091 memset(&ev, 0, sizeof(ev)); 7092 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 7093 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 7094 7095 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 7096 if (!cmd) { 7097 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 7098 7099 /* If this is a HCI command related to powering on the 7100 * HCI dev don't send any mgmt signals. 7101 */ 7102 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 7103 return; 7104 } 7105 7106 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 7107 cmd ? cmd->sk : NULL); 7108 } 7109 7110 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 7111 { 7112 int i; 7113 7114 for (i = 0; i < uuid_count; i++) { 7115 if (!memcmp(uuid, uuids[i], 16)) 7116 return true; 7117 } 7118 7119 return false; 7120 } 7121 7122 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 7123 { 7124 u16 parsed = 0; 7125 7126 while (parsed < eir_len) { 7127 u8 field_len = eir[0]; 7128 u8 uuid[16]; 7129 int i; 7130 7131 if (field_len == 0) 7132 break; 7133 7134 if (eir_len - parsed < field_len + 1) 7135 break; 7136 7137 switch (eir[1]) { 7138 case EIR_UUID16_ALL: 7139 case EIR_UUID16_SOME: 7140 for (i = 0; i + 3 <= field_len; i += 2) { 7141 memcpy(uuid, bluetooth_base_uuid, 16); 7142 uuid[13] = eir[i + 3]; 7143 uuid[12] = eir[i + 2]; 7144 if (has_uuid(uuid, uuid_count, uuids)) 7145 return true; 7146 } 7147 break; 7148 case EIR_UUID32_ALL: 7149 case EIR_UUID32_SOME: 7150 for (i = 0; i + 5 <= field_len; i += 4) { 7151 memcpy(uuid, bluetooth_base_uuid, 16); 7152 uuid[15] = eir[i + 5]; 7153 uuid[14] = eir[i + 4]; 7154 uuid[13] = eir[i + 3]; 7155 uuid[12] = eir[i + 2]; 7156 if (has_uuid(uuid, uuid_count, uuids)) 7157 return true; 7158 } 7159 break; 7160 case EIR_UUID128_ALL: 7161 case EIR_UUID128_SOME: 7162 for (i = 0; i + 17 <= field_len; i += 16) { 7163 memcpy(uuid, eir + i + 2, 16); 7164 if (has_uuid(uuid, uuid_count, uuids)) 7165 return true; 7166 } 7167 break; 7168 } 7169 7170 parsed += field_len + 1; 7171 eir += field_len + 1; 7172 } 7173 7174 return false; 7175 } 7176 7177 static void restart_le_scan(struct hci_dev *hdev) 7178 { 7179 /* If controller is not scanning we are done. */ 7180 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 7181 return; 7182 7183 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 7184 hdev->discovery.scan_start + 7185 hdev->discovery.scan_duration)) 7186 return; 7187 7188 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 7189 DISCOV_LE_RESTART_DELAY); 7190 } 7191 7192 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 7193 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7194 { 7195 /* If a RSSI threshold has been specified, and 7196 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 7197 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 7198 * is set, let it through for further processing, as we might need to 7199 * restart the scan. 7200 * 7201 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 7202 * the results are also dropped. 7203 */ 7204 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7205 (rssi == HCI_RSSI_INVALID || 7206 (rssi < hdev->discovery.rssi && 7207 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 7208 return false; 7209 7210 if (hdev->discovery.uuid_count != 0) { 7211 /* If a list of UUIDs is provided in filter, results with no 7212 * matching UUID should be dropped. 7213 */ 7214 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 7215 hdev->discovery.uuids) && 7216 !eir_has_uuids(scan_rsp, scan_rsp_len, 7217 hdev->discovery.uuid_count, 7218 hdev->discovery.uuids)) 7219 return false; 7220 } 7221 7222 /* If duplicate filtering does not report RSSI changes, then restart 7223 * scanning to ensure updated result with updated RSSI values. 7224 */ 7225 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 7226 restart_le_scan(hdev); 7227 7228 /* Validate RSSI value against the RSSI threshold once more. */ 7229 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 7230 rssi < hdev->discovery.rssi) 7231 return false; 7232 } 7233 7234 return true; 7235 } 7236 7237 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7238 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 7239 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 7240 { 7241 char buf[512]; 7242 struct mgmt_ev_device_found *ev = (void *)buf; 7243 size_t ev_size; 7244 7245 /* Don't send events for a non-kernel initiated discovery. With 7246 * LE one exception is if we have pend_le_reports > 0 in which 7247 * case we're doing passive scanning and want these events. 7248 */ 7249 if (!hci_discovery_active(hdev)) { 7250 if (link_type == ACL_LINK) 7251 return; 7252 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 7253 return; 7254 } 7255 7256 if (hdev->discovery.result_filtering) { 7257 /* We are using service discovery */ 7258 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 7259 scan_rsp_len)) 7260 return; 7261 } 7262 7263 if (hdev->discovery.limited) { 7264 /* Check for limited discoverable bit */ 7265 if (dev_class) { 7266 if (!(dev_class[1] & 0x20)) 7267 return; 7268 } else { 7269 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 7270 if (!flags || !(flags[0] & LE_AD_LIMITED)) 7271 return; 7272 } 7273 } 7274 7275 /* Make sure that the buffer is big enough. The 5 extra bytes 7276 * are for the potential CoD field. 7277 */ 7278 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf)) 7279 return; 7280 7281 memset(buf, 0, sizeof(buf)); 7282 7283 /* In case of device discovery with BR/EDR devices (pre 1.2), the 7284 * RSSI value was reported as 0 when not available. This behavior 7285 * is kept when using device discovery. This is required for full 7286 * backwards compatibility with the API. 7287 * 7288 * However when using service discovery, the value 127 will be 7289 * returned when the RSSI is not available. 7290 */ 7291 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 7292 link_type == ACL_LINK) 7293 rssi = 0; 7294 7295 bacpy(&ev->addr.bdaddr, bdaddr); 7296 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7297 ev->rssi = rssi; 7298 ev->flags = cpu_to_le32(flags); 7299 7300 if (eir_len > 0) 7301 /* Copy EIR or advertising data into event */ 7302 memcpy(ev->eir, eir, eir_len); 7303 7304 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7305 NULL)) 7306 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 7307 dev_class, 3); 7308 7309 if (scan_rsp_len > 0) 7310 /* Append scan response data to event */ 7311 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len); 7312 7313 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 7314 ev_size = sizeof(*ev) + eir_len + scan_rsp_len; 7315 7316 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 7317 } 7318 7319 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 7320 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 7321 { 7322 struct mgmt_ev_device_found *ev; 7323 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 7324 u16 eir_len; 7325 7326 ev = (struct mgmt_ev_device_found *) buf; 7327 7328 memset(buf, 0, sizeof(buf)); 7329 7330 bacpy(&ev->addr.bdaddr, bdaddr); 7331 ev->addr.type = link_to_bdaddr(link_type, addr_type); 7332 ev->rssi = rssi; 7333 7334 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 7335 name_len); 7336 7337 ev->eir_len = cpu_to_le16(eir_len); 7338 7339 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL); 7340 } 7341 7342 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 7343 { 7344 struct mgmt_ev_discovering ev; 7345 7346 BT_DBG("%s discovering %u", hdev->name, discovering); 7347 7348 memset(&ev, 0, sizeof(ev)); 7349 ev.type = hdev->discovery.type; 7350 ev.discovering = discovering; 7351 7352 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 7353 } 7354 7355 static struct hci_mgmt_chan chan = { 7356 .channel = HCI_CHANNEL_CONTROL, 7357 .handler_count = ARRAY_SIZE(mgmt_handlers), 7358 .handlers = mgmt_handlers, 7359 .hdev_init = mgmt_init_hdev, 7360 }; 7361 7362 int mgmt_init(void) 7363 { 7364 return hci_mgmt_chan_register(&chan); 7365 } 7366 7367 void mgmt_exit(void) 7368 { 7369 hci_mgmt_chan_unregister(&chan); 7370 } 7371