1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/module.h> 28 #include <linux/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/hci_sock.h> 33 #include <net/bluetooth/l2cap.h> 34 #include <net/bluetooth/mgmt.h> 35 36 #include "smp.h" 37 #include "mgmt_util.h" 38 #include "mgmt_config.h" 39 #include "msft.h" 40 #include "eir.h" 41 #include "aosp.h" 42 43 #define MGMT_VERSION 1 44 #define MGMT_REVISION 23 45 46 static const u16 mgmt_commands[] = { 47 MGMT_OP_READ_INDEX_LIST, 48 MGMT_OP_READ_INFO, 49 MGMT_OP_SET_POWERED, 50 MGMT_OP_SET_DISCOVERABLE, 51 MGMT_OP_SET_CONNECTABLE, 52 MGMT_OP_SET_FAST_CONNECTABLE, 53 MGMT_OP_SET_BONDABLE, 54 MGMT_OP_SET_LINK_SECURITY, 55 MGMT_OP_SET_SSP, 56 MGMT_OP_SET_HS, 57 MGMT_OP_SET_LE, 58 MGMT_OP_SET_DEV_CLASS, 59 MGMT_OP_SET_LOCAL_NAME, 60 MGMT_OP_ADD_UUID, 61 MGMT_OP_REMOVE_UUID, 62 MGMT_OP_LOAD_LINK_KEYS, 63 MGMT_OP_LOAD_LONG_TERM_KEYS, 64 MGMT_OP_DISCONNECT, 65 MGMT_OP_GET_CONNECTIONS, 66 MGMT_OP_PIN_CODE_REPLY, 67 MGMT_OP_PIN_CODE_NEG_REPLY, 68 MGMT_OP_SET_IO_CAPABILITY, 69 MGMT_OP_PAIR_DEVICE, 70 MGMT_OP_CANCEL_PAIR_DEVICE, 71 MGMT_OP_UNPAIR_DEVICE, 72 MGMT_OP_USER_CONFIRM_REPLY, 73 MGMT_OP_USER_CONFIRM_NEG_REPLY, 74 MGMT_OP_USER_PASSKEY_REPLY, 75 MGMT_OP_USER_PASSKEY_NEG_REPLY, 76 MGMT_OP_READ_LOCAL_OOB_DATA, 77 MGMT_OP_ADD_REMOTE_OOB_DATA, 78 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 79 MGMT_OP_START_DISCOVERY, 80 MGMT_OP_STOP_DISCOVERY, 81 MGMT_OP_CONFIRM_NAME, 82 MGMT_OP_BLOCK_DEVICE, 83 MGMT_OP_UNBLOCK_DEVICE, 84 MGMT_OP_SET_DEVICE_ID, 85 MGMT_OP_SET_ADVERTISING, 86 MGMT_OP_SET_BREDR, 87 MGMT_OP_SET_STATIC_ADDRESS, 88 MGMT_OP_SET_SCAN_PARAMS, 89 MGMT_OP_SET_SECURE_CONN, 90 MGMT_OP_SET_DEBUG_KEYS, 91 MGMT_OP_SET_PRIVACY, 92 MGMT_OP_LOAD_IRKS, 93 MGMT_OP_GET_CONN_INFO, 94 MGMT_OP_GET_CLOCK_INFO, 95 MGMT_OP_ADD_DEVICE, 96 MGMT_OP_REMOVE_DEVICE, 97 MGMT_OP_LOAD_CONN_PARAM, 98 MGMT_OP_READ_UNCONF_INDEX_LIST, 99 MGMT_OP_READ_CONFIG_INFO, 100 MGMT_OP_SET_EXTERNAL_CONFIG, 101 MGMT_OP_SET_PUBLIC_ADDRESS, 102 MGMT_OP_START_SERVICE_DISCOVERY, 103 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 104 MGMT_OP_READ_EXT_INDEX_LIST, 105 MGMT_OP_READ_ADV_FEATURES, 106 MGMT_OP_ADD_ADVERTISING, 107 MGMT_OP_REMOVE_ADVERTISING, 108 MGMT_OP_GET_ADV_SIZE_INFO, 109 MGMT_OP_START_LIMITED_DISCOVERY, 110 MGMT_OP_READ_EXT_INFO, 111 MGMT_OP_SET_APPEARANCE, 112 MGMT_OP_GET_PHY_CONFIGURATION, 113 MGMT_OP_SET_PHY_CONFIGURATION, 114 MGMT_OP_SET_BLOCKED_KEYS, 115 MGMT_OP_SET_WIDEBAND_SPEECH, 116 MGMT_OP_READ_CONTROLLER_CAP, 117 MGMT_OP_READ_EXP_FEATURES_INFO, 118 MGMT_OP_SET_EXP_FEATURE, 119 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 120 MGMT_OP_SET_DEF_SYSTEM_CONFIG, 121 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 122 MGMT_OP_SET_DEF_RUNTIME_CONFIG, 123 MGMT_OP_GET_DEVICE_FLAGS, 124 MGMT_OP_SET_DEVICE_FLAGS, 125 MGMT_OP_READ_ADV_MONITOR_FEATURES, 126 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 127 MGMT_OP_REMOVE_ADV_MONITOR, 128 MGMT_OP_ADD_EXT_ADV_PARAMS, 129 MGMT_OP_ADD_EXT_ADV_DATA, 130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, 131 MGMT_OP_SET_MESH_RECEIVER, 132 MGMT_OP_MESH_READ_FEATURES, 133 MGMT_OP_MESH_SEND, 134 MGMT_OP_MESH_SEND_CANCEL, 135 }; 136 137 static const u16 mgmt_events[] = { 138 MGMT_EV_CONTROLLER_ERROR, 139 MGMT_EV_INDEX_ADDED, 140 MGMT_EV_INDEX_REMOVED, 141 MGMT_EV_NEW_SETTINGS, 142 MGMT_EV_CLASS_OF_DEV_CHANGED, 143 MGMT_EV_LOCAL_NAME_CHANGED, 144 MGMT_EV_NEW_LINK_KEY, 145 MGMT_EV_NEW_LONG_TERM_KEY, 146 MGMT_EV_DEVICE_CONNECTED, 147 MGMT_EV_DEVICE_DISCONNECTED, 148 MGMT_EV_CONNECT_FAILED, 149 MGMT_EV_PIN_CODE_REQUEST, 150 MGMT_EV_USER_CONFIRM_REQUEST, 151 MGMT_EV_USER_PASSKEY_REQUEST, 152 MGMT_EV_AUTH_FAILED, 153 MGMT_EV_DEVICE_FOUND, 154 MGMT_EV_DISCOVERING, 155 MGMT_EV_DEVICE_BLOCKED, 156 MGMT_EV_DEVICE_UNBLOCKED, 157 MGMT_EV_DEVICE_UNPAIRED, 158 MGMT_EV_PASSKEY_NOTIFY, 159 MGMT_EV_NEW_IRK, 160 MGMT_EV_NEW_CSRK, 161 MGMT_EV_DEVICE_ADDED, 162 MGMT_EV_DEVICE_REMOVED, 163 MGMT_EV_NEW_CONN_PARAM, 164 MGMT_EV_UNCONF_INDEX_ADDED, 165 MGMT_EV_UNCONF_INDEX_REMOVED, 166 MGMT_EV_NEW_CONFIG_OPTIONS, 167 MGMT_EV_EXT_INDEX_ADDED, 168 MGMT_EV_EXT_INDEX_REMOVED, 169 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 170 MGMT_EV_ADVERTISING_ADDED, 171 MGMT_EV_ADVERTISING_REMOVED, 172 MGMT_EV_EXT_INFO_CHANGED, 173 MGMT_EV_PHY_CONFIGURATION_CHANGED, 174 MGMT_EV_EXP_FEATURE_CHANGED, 175 MGMT_EV_DEVICE_FLAGS_CHANGED, 176 MGMT_EV_ADV_MONITOR_ADDED, 177 MGMT_EV_ADV_MONITOR_REMOVED, 178 MGMT_EV_CONTROLLER_SUSPEND, 179 MGMT_EV_CONTROLLER_RESUME, 180 MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 181 MGMT_EV_ADV_MONITOR_DEVICE_LOST, 182 }; 183 184 static const u16 mgmt_untrusted_commands[] = { 185 MGMT_OP_READ_INDEX_LIST, 186 MGMT_OP_READ_INFO, 187 MGMT_OP_READ_UNCONF_INDEX_LIST, 188 MGMT_OP_READ_CONFIG_INFO, 189 MGMT_OP_READ_EXT_INDEX_LIST, 190 MGMT_OP_READ_EXT_INFO, 191 MGMT_OP_READ_CONTROLLER_CAP, 192 MGMT_OP_READ_EXP_FEATURES_INFO, 193 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 194 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 195 }; 196 197 static const u16 mgmt_untrusted_events[] = { 198 MGMT_EV_INDEX_ADDED, 199 MGMT_EV_INDEX_REMOVED, 200 MGMT_EV_NEW_SETTINGS, 201 MGMT_EV_CLASS_OF_DEV_CHANGED, 202 MGMT_EV_LOCAL_NAME_CHANGED, 203 MGMT_EV_UNCONF_INDEX_ADDED, 204 MGMT_EV_UNCONF_INDEX_REMOVED, 205 MGMT_EV_NEW_CONFIG_OPTIONS, 206 MGMT_EV_EXT_INDEX_ADDED, 207 MGMT_EV_EXT_INDEX_REMOVED, 208 MGMT_EV_EXT_INFO_CHANGED, 209 MGMT_EV_EXP_FEATURE_CHANGED, 210 }; 211 212 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 213 214 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 215 "\x00\x00\x00\x00\x00\x00\x00\x00" 216 217 /* HCI to MGMT error code conversion table */ 218 static const u8 mgmt_status_table[] = { 219 MGMT_STATUS_SUCCESS, 220 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 221 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 222 MGMT_STATUS_FAILED, /* Hardware Failure */ 223 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 224 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 225 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 226 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 227 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 228 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 229 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 230 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 231 MGMT_STATUS_BUSY, /* Command Disallowed */ 232 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 233 MGMT_STATUS_REJECTED, /* Rejected Security */ 234 MGMT_STATUS_REJECTED, /* Rejected Personal */ 235 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 236 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 237 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 238 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 239 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 240 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 241 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 242 MGMT_STATUS_BUSY, /* Repeated Attempts */ 243 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 244 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 245 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 246 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 247 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 248 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 249 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 250 MGMT_STATUS_FAILED, /* Unspecified Error */ 251 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 252 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 253 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 254 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 255 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 256 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 257 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 258 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 259 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 260 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 261 MGMT_STATUS_FAILED, /* Transaction Collision */ 262 MGMT_STATUS_FAILED, /* Reserved for future use */ 263 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 264 MGMT_STATUS_REJECTED, /* QoS Rejected */ 265 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 266 MGMT_STATUS_REJECTED, /* Insufficient Security */ 267 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 268 MGMT_STATUS_FAILED, /* Reserved for future use */ 269 MGMT_STATUS_BUSY, /* Role Switch Pending */ 270 MGMT_STATUS_FAILED, /* Reserved for future use */ 271 MGMT_STATUS_FAILED, /* Slot Violation */ 272 MGMT_STATUS_FAILED, /* Role Switch Failed */ 273 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 274 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 275 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 276 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 277 MGMT_STATUS_BUSY, /* Controller Busy */ 278 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 279 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 280 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 281 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 282 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 283 }; 284 285 static u8 mgmt_errno_status(int err) 286 { 287 switch (err) { 288 case 0: 289 return MGMT_STATUS_SUCCESS; 290 case -EPERM: 291 return MGMT_STATUS_REJECTED; 292 case -EINVAL: 293 return MGMT_STATUS_INVALID_PARAMS; 294 case -EOPNOTSUPP: 295 return MGMT_STATUS_NOT_SUPPORTED; 296 case -EBUSY: 297 return MGMT_STATUS_BUSY; 298 case -ETIMEDOUT: 299 return MGMT_STATUS_AUTH_FAILED; 300 case -ENOMEM: 301 return MGMT_STATUS_NO_RESOURCES; 302 case -EISCONN: 303 return MGMT_STATUS_ALREADY_CONNECTED; 304 case -ENOTCONN: 305 return MGMT_STATUS_DISCONNECTED; 306 } 307 308 return MGMT_STATUS_FAILED; 309 } 310 311 static u8 mgmt_status(int err) 312 { 313 if (err < 0) 314 return mgmt_errno_status(err); 315 316 if (err < ARRAY_SIZE(mgmt_status_table)) 317 return mgmt_status_table[err]; 318 319 return MGMT_STATUS_FAILED; 320 } 321 322 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 323 u16 len, int flag) 324 { 325 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 326 flag, NULL); 327 } 328 329 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 330 u16 len, int flag, struct sock *skip_sk) 331 { 332 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 333 flag, skip_sk); 334 } 335 336 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 337 struct sock *skip_sk) 338 { 339 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 340 HCI_SOCK_TRUSTED, skip_sk); 341 } 342 343 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk) 344 { 345 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED, 346 skip_sk); 347 } 348 349 static u8 le_addr_type(u8 mgmt_addr_type) 350 { 351 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 352 return ADDR_LE_DEV_PUBLIC; 353 else 354 return ADDR_LE_DEV_RANDOM; 355 } 356 357 void mgmt_fill_version_info(void *ver) 358 { 359 struct mgmt_rp_read_version *rp = ver; 360 361 rp->version = MGMT_VERSION; 362 rp->revision = cpu_to_le16(MGMT_REVISION); 363 } 364 365 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 366 u16 data_len) 367 { 368 struct mgmt_rp_read_version rp; 369 370 bt_dev_dbg(hdev, "sock %p", sk); 371 372 mgmt_fill_version_info(&rp); 373 374 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 375 &rp, sizeof(rp)); 376 } 377 378 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 379 u16 data_len) 380 { 381 struct mgmt_rp_read_commands *rp; 382 u16 num_commands, num_events; 383 size_t rp_size; 384 int i, err; 385 386 bt_dev_dbg(hdev, "sock %p", sk); 387 388 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 389 num_commands = ARRAY_SIZE(mgmt_commands); 390 num_events = ARRAY_SIZE(mgmt_events); 391 } else { 392 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 393 num_events = ARRAY_SIZE(mgmt_untrusted_events); 394 } 395 396 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 397 398 rp = kmalloc(rp_size, GFP_KERNEL); 399 if (!rp) 400 return -ENOMEM; 401 402 rp->num_commands = cpu_to_le16(num_commands); 403 rp->num_events = cpu_to_le16(num_events); 404 405 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 406 __le16 *opcode = rp->opcodes; 407 408 for (i = 0; i < num_commands; i++, opcode++) 409 put_unaligned_le16(mgmt_commands[i], opcode); 410 411 for (i = 0; i < num_events; i++, opcode++) 412 put_unaligned_le16(mgmt_events[i], opcode); 413 } else { 414 __le16 *opcode = rp->opcodes; 415 416 for (i = 0; i < num_commands; i++, opcode++) 417 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 418 419 for (i = 0; i < num_events; i++, opcode++) 420 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 421 } 422 423 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 424 rp, rp_size); 425 kfree(rp); 426 427 return err; 428 } 429 430 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 431 u16 data_len) 432 { 433 struct mgmt_rp_read_index_list *rp; 434 struct hci_dev *d; 435 size_t rp_len; 436 u16 count; 437 int err; 438 439 bt_dev_dbg(hdev, "sock %p", sk); 440 441 read_lock(&hci_dev_list_lock); 442 443 count = 0; 444 list_for_each_entry(d, &hci_dev_list, list) { 445 if (!hci_dev_test_flag(d, HCI_UNCONFIGURED)) 446 count++; 447 } 448 449 rp_len = sizeof(*rp) + (2 * count); 450 rp = kmalloc(rp_len, GFP_ATOMIC); 451 if (!rp) { 452 read_unlock(&hci_dev_list_lock); 453 return -ENOMEM; 454 } 455 456 count = 0; 457 list_for_each_entry(d, &hci_dev_list, list) { 458 if (hci_dev_test_flag(d, HCI_SETUP) || 459 hci_dev_test_flag(d, HCI_CONFIG) || 460 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 461 continue; 462 463 /* Devices marked as raw-only are neither configured 464 * nor unconfigured controllers. 465 */ 466 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 467 continue; 468 469 if (!hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 470 rp->index[count++] = cpu_to_le16(d->id); 471 bt_dev_dbg(hdev, "Added hci%u", d->id); 472 } 473 } 474 475 rp->num_controllers = cpu_to_le16(count); 476 rp_len = sizeof(*rp) + (2 * count); 477 478 read_unlock(&hci_dev_list_lock); 479 480 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 481 0, rp, rp_len); 482 483 kfree(rp); 484 485 return err; 486 } 487 488 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 489 void *data, u16 data_len) 490 { 491 struct mgmt_rp_read_unconf_index_list *rp; 492 struct hci_dev *d; 493 size_t rp_len; 494 u16 count; 495 int err; 496 497 bt_dev_dbg(hdev, "sock %p", sk); 498 499 read_lock(&hci_dev_list_lock); 500 501 count = 0; 502 list_for_each_entry(d, &hci_dev_list, list) { 503 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 504 count++; 505 } 506 507 rp_len = sizeof(*rp) + (2 * count); 508 rp = kmalloc(rp_len, GFP_ATOMIC); 509 if (!rp) { 510 read_unlock(&hci_dev_list_lock); 511 return -ENOMEM; 512 } 513 514 count = 0; 515 list_for_each_entry(d, &hci_dev_list, list) { 516 if (hci_dev_test_flag(d, HCI_SETUP) || 517 hci_dev_test_flag(d, HCI_CONFIG) || 518 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 519 continue; 520 521 /* Devices marked as raw-only are neither configured 522 * nor unconfigured controllers. 523 */ 524 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 525 continue; 526 527 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 528 rp->index[count++] = cpu_to_le16(d->id); 529 bt_dev_dbg(hdev, "Added hci%u", d->id); 530 } 531 } 532 533 rp->num_controllers = cpu_to_le16(count); 534 rp_len = sizeof(*rp) + (2 * count); 535 536 read_unlock(&hci_dev_list_lock); 537 538 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 539 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 540 541 kfree(rp); 542 543 return err; 544 } 545 546 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 547 void *data, u16 data_len) 548 { 549 struct mgmt_rp_read_ext_index_list *rp; 550 struct hci_dev *d; 551 u16 count; 552 int err; 553 554 bt_dev_dbg(hdev, "sock %p", sk); 555 556 read_lock(&hci_dev_list_lock); 557 558 count = 0; 559 list_for_each_entry(d, &hci_dev_list, list) 560 count++; 561 562 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 563 if (!rp) { 564 read_unlock(&hci_dev_list_lock); 565 return -ENOMEM; 566 } 567 568 count = 0; 569 list_for_each_entry(d, &hci_dev_list, list) { 570 if (hci_dev_test_flag(d, HCI_SETUP) || 571 hci_dev_test_flag(d, HCI_CONFIG) || 572 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 573 continue; 574 575 /* Devices marked as raw-only are neither configured 576 * nor unconfigured controllers. 577 */ 578 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 579 continue; 580 581 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 582 rp->entry[count].type = 0x01; 583 else 584 rp->entry[count].type = 0x00; 585 586 rp->entry[count].bus = d->bus; 587 rp->entry[count++].index = cpu_to_le16(d->id); 588 bt_dev_dbg(hdev, "Added hci%u", d->id); 589 } 590 591 rp->num_controllers = cpu_to_le16(count); 592 593 read_unlock(&hci_dev_list_lock); 594 595 /* If this command is called at least once, then all the 596 * default index and unconfigured index events are disabled 597 * and from now on only extended index events are used. 598 */ 599 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 600 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 601 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 602 603 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 604 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 605 struct_size(rp, entry, count)); 606 607 kfree(rp); 608 609 return err; 610 } 611 612 static bool is_configured(struct hci_dev *hdev) 613 { 614 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 615 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 616 return false; 617 618 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 619 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 620 !bacmp(&hdev->public_addr, BDADDR_ANY)) 621 return false; 622 623 return true; 624 } 625 626 static __le32 get_missing_options(struct hci_dev *hdev) 627 { 628 u32 options = 0; 629 630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 632 options |= MGMT_OPTION_EXTERNAL_CONFIG; 633 634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 636 !bacmp(&hdev->public_addr, BDADDR_ANY)) 637 options |= MGMT_OPTION_PUBLIC_ADDRESS; 638 639 return cpu_to_le32(options); 640 } 641 642 static int new_options(struct hci_dev *hdev, struct sock *skip) 643 { 644 __le32 options = get_missing_options(hdev); 645 646 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 647 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 648 } 649 650 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 651 { 652 __le32 options = get_missing_options(hdev); 653 654 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 655 sizeof(options)); 656 } 657 658 static int read_config_info(struct sock *sk, struct hci_dev *hdev, 659 void *data, u16 data_len) 660 { 661 struct mgmt_rp_read_config_info rp; 662 u32 options = 0; 663 664 bt_dev_dbg(hdev, "sock %p", sk); 665 666 hci_dev_lock(hdev); 667 668 memset(&rp, 0, sizeof(rp)); 669 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 670 671 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 672 options |= MGMT_OPTION_EXTERNAL_CONFIG; 673 674 if (hdev->set_bdaddr) 675 options |= MGMT_OPTION_PUBLIC_ADDRESS; 676 677 rp.supported_options = cpu_to_le32(options); 678 rp.missing_options = get_missing_options(hdev); 679 680 hci_dev_unlock(hdev); 681 682 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 683 &rp, sizeof(rp)); 684 } 685 686 static u32 get_supported_phys(struct hci_dev *hdev) 687 { 688 u32 supported_phys = 0; 689 690 if (lmp_bredr_capable(hdev)) { 691 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 692 693 if (hdev->features[0][0] & LMP_3SLOT) 694 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 695 696 if (hdev->features[0][0] & LMP_5SLOT) 697 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 698 699 if (lmp_edr_2m_capable(hdev)) { 700 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 701 702 if (lmp_edr_3slot_capable(hdev)) 703 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 704 705 if (lmp_edr_5slot_capable(hdev)) 706 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 707 708 if (lmp_edr_3m_capable(hdev)) { 709 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 710 711 if (lmp_edr_3slot_capable(hdev)) 712 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 713 714 if (lmp_edr_5slot_capable(hdev)) 715 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 716 } 717 } 718 } 719 720 if (lmp_le_capable(hdev)) { 721 supported_phys |= MGMT_PHY_LE_1M_TX; 722 supported_phys |= MGMT_PHY_LE_1M_RX; 723 724 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 725 supported_phys |= MGMT_PHY_LE_2M_TX; 726 supported_phys |= MGMT_PHY_LE_2M_RX; 727 } 728 729 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 730 supported_phys |= MGMT_PHY_LE_CODED_TX; 731 supported_phys |= MGMT_PHY_LE_CODED_RX; 732 } 733 } 734 735 return supported_phys; 736 } 737 738 static u32 get_selected_phys(struct hci_dev *hdev) 739 { 740 u32 selected_phys = 0; 741 742 if (lmp_bredr_capable(hdev)) { 743 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 744 745 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 746 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 747 748 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 749 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 750 751 if (lmp_edr_2m_capable(hdev)) { 752 if (!(hdev->pkt_type & HCI_2DH1)) 753 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 754 755 if (lmp_edr_3slot_capable(hdev) && 756 !(hdev->pkt_type & HCI_2DH3)) 757 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 758 759 if (lmp_edr_5slot_capable(hdev) && 760 !(hdev->pkt_type & HCI_2DH5)) 761 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 762 763 if (lmp_edr_3m_capable(hdev)) { 764 if (!(hdev->pkt_type & HCI_3DH1)) 765 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 766 767 if (lmp_edr_3slot_capable(hdev) && 768 !(hdev->pkt_type & HCI_3DH3)) 769 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 770 771 if (lmp_edr_5slot_capable(hdev) && 772 !(hdev->pkt_type & HCI_3DH5)) 773 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 774 } 775 } 776 } 777 778 if (lmp_le_capable(hdev)) { 779 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 780 selected_phys |= MGMT_PHY_LE_1M_TX; 781 782 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 783 selected_phys |= MGMT_PHY_LE_1M_RX; 784 785 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 786 selected_phys |= MGMT_PHY_LE_2M_TX; 787 788 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 789 selected_phys |= MGMT_PHY_LE_2M_RX; 790 791 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 792 selected_phys |= MGMT_PHY_LE_CODED_TX; 793 794 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 795 selected_phys |= MGMT_PHY_LE_CODED_RX; 796 } 797 798 return selected_phys; 799 } 800 801 static u32 get_configurable_phys(struct hci_dev *hdev) 802 { 803 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 804 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 805 } 806 807 static u32 get_supported_settings(struct hci_dev *hdev) 808 { 809 u32 settings = 0; 810 811 settings |= MGMT_SETTING_POWERED; 812 settings |= MGMT_SETTING_BONDABLE; 813 settings |= MGMT_SETTING_DEBUG_KEYS; 814 settings |= MGMT_SETTING_CONNECTABLE; 815 settings |= MGMT_SETTING_DISCOVERABLE; 816 817 if (lmp_bredr_capable(hdev)) { 818 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 819 settings |= MGMT_SETTING_FAST_CONNECTABLE; 820 settings |= MGMT_SETTING_BREDR; 821 settings |= MGMT_SETTING_LINK_SECURITY; 822 823 if (lmp_ssp_capable(hdev)) { 824 settings |= MGMT_SETTING_SSP; 825 } 826 827 if (lmp_sc_capable(hdev)) 828 settings |= MGMT_SETTING_SECURE_CONN; 829 830 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 831 &hdev->quirks)) 832 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 833 } 834 835 if (lmp_le_capable(hdev)) { 836 settings |= MGMT_SETTING_LE; 837 settings |= MGMT_SETTING_SECURE_CONN; 838 settings |= MGMT_SETTING_PRIVACY; 839 settings |= MGMT_SETTING_STATIC_ADDRESS; 840 settings |= MGMT_SETTING_ADVERTISING; 841 } 842 843 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 844 hdev->set_bdaddr) 845 settings |= MGMT_SETTING_CONFIGURATION; 846 847 if (cis_central_capable(hdev)) 848 settings |= MGMT_SETTING_CIS_CENTRAL; 849 850 if (cis_peripheral_capable(hdev)) 851 settings |= MGMT_SETTING_CIS_PERIPHERAL; 852 853 settings |= MGMT_SETTING_PHY_CONFIGURATION; 854 855 return settings; 856 } 857 858 static u32 get_current_settings(struct hci_dev *hdev) 859 { 860 u32 settings = 0; 861 862 if (hdev_is_powered(hdev)) 863 settings |= MGMT_SETTING_POWERED; 864 865 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 866 settings |= MGMT_SETTING_CONNECTABLE; 867 868 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 869 settings |= MGMT_SETTING_FAST_CONNECTABLE; 870 871 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 872 settings |= MGMT_SETTING_DISCOVERABLE; 873 874 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 875 settings |= MGMT_SETTING_BONDABLE; 876 877 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 878 settings |= MGMT_SETTING_BREDR; 879 880 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 881 settings |= MGMT_SETTING_LE; 882 883 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 884 settings |= MGMT_SETTING_LINK_SECURITY; 885 886 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 887 settings |= MGMT_SETTING_SSP; 888 889 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 890 settings |= MGMT_SETTING_ADVERTISING; 891 892 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 893 settings |= MGMT_SETTING_SECURE_CONN; 894 895 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 896 settings |= MGMT_SETTING_DEBUG_KEYS; 897 898 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 899 settings |= MGMT_SETTING_PRIVACY; 900 901 /* The current setting for static address has two purposes. The 902 * first is to indicate if the static address will be used and 903 * the second is to indicate if it is actually set. 904 * 905 * This means if the static address is not configured, this flag 906 * will never be set. If the address is configured, then if the 907 * address is actually used decides if the flag is set or not. 908 * 909 * For single mode LE only controllers and dual-mode controllers 910 * with BR/EDR disabled, the existence of the static address will 911 * be evaluated. 912 */ 913 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 914 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 915 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 916 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 917 settings |= MGMT_SETTING_STATIC_ADDRESS; 918 } 919 920 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED)) 921 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 922 923 if (cis_central_capable(hdev)) 924 settings |= MGMT_SETTING_CIS_CENTRAL; 925 926 if (cis_peripheral_capable(hdev)) 927 settings |= MGMT_SETTING_CIS_PERIPHERAL; 928 929 if (bis_capable(hdev)) 930 settings |= MGMT_SETTING_ISO_BROADCASTER; 931 932 if (sync_recv_capable(hdev)) 933 settings |= MGMT_SETTING_ISO_SYNC_RECEIVER; 934 935 return settings; 936 } 937 938 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 939 { 940 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 941 } 942 943 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 944 { 945 struct mgmt_pending_cmd *cmd; 946 947 /* If there's a pending mgmt command the flags will not yet have 948 * their final values, so check for this first. 949 */ 950 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 951 if (cmd) { 952 struct mgmt_mode *cp = cmd->param; 953 if (cp->val == 0x01) 954 return LE_AD_GENERAL; 955 else if (cp->val == 0x02) 956 return LE_AD_LIMITED; 957 } else { 958 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 959 return LE_AD_LIMITED; 960 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 961 return LE_AD_GENERAL; 962 } 963 964 return 0; 965 } 966 967 bool mgmt_get_connectable(struct hci_dev *hdev) 968 { 969 struct mgmt_pending_cmd *cmd; 970 971 /* If there's a pending mgmt command the flag will not yet have 972 * it's final value, so check for this first. 973 */ 974 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 975 if (cmd) { 976 struct mgmt_mode *cp = cmd->param; 977 978 return cp->val; 979 } 980 981 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 982 } 983 984 static int service_cache_sync(struct hci_dev *hdev, void *data) 985 { 986 hci_update_eir_sync(hdev); 987 hci_update_class_sync(hdev); 988 989 return 0; 990 } 991 992 static void service_cache_off(struct work_struct *work) 993 { 994 struct hci_dev *hdev = container_of(work, struct hci_dev, 995 service_cache.work); 996 997 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 998 return; 999 1000 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL); 1001 } 1002 1003 static int rpa_expired_sync(struct hci_dev *hdev, void *data) 1004 { 1005 /* The generation of a new RPA and programming it into the 1006 * controller happens in the hci_req_enable_advertising() 1007 * function. 1008 */ 1009 if (ext_adv_capable(hdev)) 1010 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance); 1011 else 1012 return hci_enable_advertising_sync(hdev); 1013 } 1014 1015 static void rpa_expired(struct work_struct *work) 1016 { 1017 struct hci_dev *hdev = container_of(work, struct hci_dev, 1018 rpa_expired.work); 1019 1020 bt_dev_dbg(hdev, ""); 1021 1022 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1023 1024 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1025 return; 1026 1027 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL); 1028 } 1029 1030 static int set_discoverable_sync(struct hci_dev *hdev, void *data); 1031 1032 static void discov_off(struct work_struct *work) 1033 { 1034 struct hci_dev *hdev = container_of(work, struct hci_dev, 1035 discov_off.work); 1036 1037 bt_dev_dbg(hdev, ""); 1038 1039 hci_dev_lock(hdev); 1040 1041 /* When discoverable timeout triggers, then just make sure 1042 * the limited discoverable flag is cleared. Even in the case 1043 * of a timeout triggered from general discoverable, it is 1044 * safe to unconditionally clear the flag. 1045 */ 1046 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1047 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1048 hdev->discov_timeout = 0; 1049 1050 hci_cmd_sync_queue(hdev, set_discoverable_sync, NULL, NULL); 1051 1052 mgmt_new_settings(hdev); 1053 1054 hci_dev_unlock(hdev); 1055 } 1056 1057 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev); 1058 1059 static void mesh_send_complete(struct hci_dev *hdev, 1060 struct mgmt_mesh_tx *mesh_tx, bool silent) 1061 { 1062 u8 handle = mesh_tx->handle; 1063 1064 if (!silent) 1065 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle, 1066 sizeof(handle), NULL); 1067 1068 mgmt_mesh_remove(mesh_tx); 1069 } 1070 1071 static int mesh_send_done_sync(struct hci_dev *hdev, void *data) 1072 { 1073 struct mgmt_mesh_tx *mesh_tx; 1074 1075 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 1076 hci_disable_advertising_sync(hdev); 1077 mesh_tx = mgmt_mesh_next(hdev, NULL); 1078 1079 if (mesh_tx) 1080 mesh_send_complete(hdev, mesh_tx, false); 1081 1082 return 0; 1083 } 1084 1085 static int mesh_send_sync(struct hci_dev *hdev, void *data); 1086 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err); 1087 static void mesh_next(struct hci_dev *hdev, void *data, int err) 1088 { 1089 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL); 1090 1091 if (!mesh_tx) 1092 return; 1093 1094 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 1095 mesh_send_start_complete); 1096 1097 if (err < 0) 1098 mesh_send_complete(hdev, mesh_tx, false); 1099 else 1100 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 1101 } 1102 1103 static void mesh_send_done(struct work_struct *work) 1104 { 1105 struct hci_dev *hdev = container_of(work, struct hci_dev, 1106 mesh_send_done.work); 1107 1108 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING)) 1109 return; 1110 1111 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next); 1112 } 1113 1114 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 1115 { 1116 if (hci_dev_test_flag(hdev, HCI_MGMT)) 1117 return; 1118 1119 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION); 1120 1121 INIT_DELAYED_WORK(&hdev->discov_off, discov_off); 1122 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 1123 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 1124 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done); 1125 1126 /* Non-mgmt controlled devices get this bit set 1127 * implicitly so that pairing works for them, however 1128 * for mgmt we require user-space to explicitly enable 1129 * it 1130 */ 1131 hci_dev_clear_flag(hdev, HCI_BONDABLE); 1132 1133 hci_dev_set_flag(hdev, HCI_MGMT); 1134 } 1135 1136 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1137 void *data, u16 data_len) 1138 { 1139 struct mgmt_rp_read_info rp; 1140 1141 bt_dev_dbg(hdev, "sock %p", sk); 1142 1143 hci_dev_lock(hdev); 1144 1145 memset(&rp, 0, sizeof(rp)); 1146 1147 bacpy(&rp.bdaddr, &hdev->bdaddr); 1148 1149 rp.version = hdev->hci_ver; 1150 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 1151 1152 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1153 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 1154 1155 memcpy(rp.dev_class, hdev->dev_class, 3); 1156 1157 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 1158 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 1159 1160 hci_dev_unlock(hdev); 1161 1162 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 1163 sizeof(rp)); 1164 } 1165 1166 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 1167 { 1168 u16 eir_len = 0; 1169 size_t name_len; 1170 1171 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1172 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1173 hdev->dev_class, 3); 1174 1175 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1176 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1177 hdev->appearance); 1178 1179 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name)); 1180 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1181 hdev->dev_name, name_len); 1182 1183 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name)); 1184 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1185 hdev->short_name, name_len); 1186 1187 return eir_len; 1188 } 1189 1190 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1191 void *data, u16 data_len) 1192 { 1193 char buf[512]; 1194 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1195 u16 eir_len; 1196 1197 bt_dev_dbg(hdev, "sock %p", sk); 1198 1199 memset(&buf, 0, sizeof(buf)); 1200 1201 hci_dev_lock(hdev); 1202 1203 bacpy(&rp->bdaddr, &hdev->bdaddr); 1204 1205 rp->version = hdev->hci_ver; 1206 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1207 1208 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1209 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1210 1211 1212 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1213 rp->eir_len = cpu_to_le16(eir_len); 1214 1215 hci_dev_unlock(hdev); 1216 1217 /* If this command is called at least once, then the events 1218 * for class of device and local name changes are disabled 1219 * and only the new extended controller information event 1220 * is used. 1221 */ 1222 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1223 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1224 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1225 1226 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1227 sizeof(*rp) + eir_len); 1228 } 1229 1230 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1231 { 1232 char buf[512]; 1233 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1234 u16 eir_len; 1235 1236 memset(buf, 0, sizeof(buf)); 1237 1238 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1239 ev->eir_len = cpu_to_le16(eir_len); 1240 1241 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1242 sizeof(*ev) + eir_len, 1243 HCI_MGMT_EXT_INFO_EVENTS, skip); 1244 } 1245 1246 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1247 { 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1249 1250 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1251 sizeof(settings)); 1252 } 1253 1254 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1255 { 1256 struct mgmt_ev_advertising_added ev; 1257 1258 ev.instance = instance; 1259 1260 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1261 } 1262 1263 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1264 u8 instance) 1265 { 1266 struct mgmt_ev_advertising_removed ev; 1267 1268 ev.instance = instance; 1269 1270 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1271 } 1272 1273 static void cancel_adv_timeout(struct hci_dev *hdev) 1274 { 1275 if (hdev->adv_instance_timeout) { 1276 hdev->adv_instance_timeout = 0; 1277 cancel_delayed_work(&hdev->adv_instance_expire); 1278 } 1279 } 1280 1281 /* This function requires the caller holds hdev->lock */ 1282 static void restart_le_actions(struct hci_dev *hdev) 1283 { 1284 struct hci_conn_params *p; 1285 1286 list_for_each_entry(p, &hdev->le_conn_params, list) { 1287 /* Needed for AUTO_OFF case where might not "really" 1288 * have been powered off. 1289 */ 1290 hci_pend_le_list_del_init(p); 1291 1292 switch (p->auto_connect) { 1293 case HCI_AUTO_CONN_DIRECT: 1294 case HCI_AUTO_CONN_ALWAYS: 1295 hci_pend_le_list_add(p, &hdev->pend_le_conns); 1296 break; 1297 case HCI_AUTO_CONN_REPORT: 1298 hci_pend_le_list_add(p, &hdev->pend_le_reports); 1299 break; 1300 default: 1301 break; 1302 } 1303 } 1304 } 1305 1306 static int new_settings(struct hci_dev *hdev, struct sock *skip) 1307 { 1308 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1309 1310 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1311 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1312 } 1313 1314 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err) 1315 { 1316 struct mgmt_pending_cmd *cmd = data; 1317 struct mgmt_mode *cp; 1318 1319 /* Make sure cmd still outstanding. */ 1320 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev)) 1321 return; 1322 1323 cp = cmd->param; 1324 1325 bt_dev_dbg(hdev, "err %d", err); 1326 1327 if (!err) { 1328 if (cp->val) { 1329 hci_dev_lock(hdev); 1330 restart_le_actions(hdev); 1331 hci_update_passive_scan(hdev); 1332 hci_dev_unlock(hdev); 1333 } 1334 1335 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 1336 1337 /* Only call new_setting for power on as power off is deferred 1338 * to hdev->power_off work which does call hci_dev_do_close. 1339 */ 1340 if (cp->val) 1341 new_settings(hdev, cmd->sk); 1342 } else { 1343 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, 1344 mgmt_status(err)); 1345 } 1346 1347 mgmt_pending_remove(cmd); 1348 } 1349 1350 static int set_powered_sync(struct hci_dev *hdev, void *data) 1351 { 1352 struct mgmt_pending_cmd *cmd = data; 1353 struct mgmt_mode *cp = cmd->param; 1354 1355 BT_DBG("%s", hdev->name); 1356 1357 return hci_set_powered_sync(hdev, cp->val); 1358 } 1359 1360 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1361 u16 len) 1362 { 1363 struct mgmt_mode *cp = data; 1364 struct mgmt_pending_cmd *cmd; 1365 int err; 1366 1367 bt_dev_dbg(hdev, "sock %p", sk); 1368 1369 if (cp->val != 0x00 && cp->val != 0x01) 1370 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1371 MGMT_STATUS_INVALID_PARAMS); 1372 1373 hci_dev_lock(hdev); 1374 1375 if (!cp->val) { 1376 if (hci_dev_test_flag(hdev, HCI_POWERING_DOWN)) { 1377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1378 MGMT_STATUS_BUSY); 1379 goto failed; 1380 } 1381 } 1382 1383 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1384 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1385 MGMT_STATUS_BUSY); 1386 goto failed; 1387 } 1388 1389 if (!!cp->val == hdev_is_powered(hdev)) { 1390 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1391 goto failed; 1392 } 1393 1394 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1395 if (!cmd) { 1396 err = -ENOMEM; 1397 goto failed; 1398 } 1399 1400 /* Cancel potentially blocking sync operation before power off */ 1401 if (cp->val == 0x00) { 1402 hci_cmd_sync_cancel_sync(hdev, -EHOSTDOWN); 1403 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd, 1404 mgmt_set_powered_complete); 1405 } else { 1406 /* Use hci_cmd_sync_submit since hdev might not be running */ 1407 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd, 1408 mgmt_set_powered_complete); 1409 } 1410 1411 if (err < 0) 1412 mgmt_pending_remove(cmd); 1413 1414 failed: 1415 hci_dev_unlock(hdev); 1416 return err; 1417 } 1418 1419 int mgmt_new_settings(struct hci_dev *hdev) 1420 { 1421 return new_settings(hdev, NULL); 1422 } 1423 1424 struct cmd_lookup { 1425 struct sock *sk; 1426 struct hci_dev *hdev; 1427 u8 mgmt_status; 1428 }; 1429 1430 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1431 { 1432 struct cmd_lookup *match = data; 1433 1434 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1435 1436 list_del(&cmd->list); 1437 1438 if (match->sk == NULL) { 1439 match->sk = cmd->sk; 1440 sock_hold(match->sk); 1441 } 1442 1443 mgmt_pending_free(cmd); 1444 } 1445 1446 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1447 { 1448 u8 *status = data; 1449 1450 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1451 mgmt_pending_remove(cmd); 1452 } 1453 1454 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1455 { 1456 struct cmd_lookup *match = data; 1457 1458 /* dequeue cmd_sync entries using cmd as data as that is about to be 1459 * removed/freed. 1460 */ 1461 hci_cmd_sync_dequeue(match->hdev, NULL, cmd, NULL); 1462 1463 if (cmd->cmd_complete) { 1464 cmd->cmd_complete(cmd, match->mgmt_status); 1465 mgmt_pending_remove(cmd); 1466 1467 return; 1468 } 1469 1470 cmd_status_rsp(cmd, data); 1471 } 1472 1473 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1474 { 1475 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1476 cmd->param, cmd->param_len); 1477 } 1478 1479 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1480 { 1481 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1482 cmd->param, sizeof(struct mgmt_addr_info)); 1483 } 1484 1485 static u8 mgmt_bredr_support(struct hci_dev *hdev) 1486 { 1487 if (!lmp_bredr_capable(hdev)) 1488 return MGMT_STATUS_NOT_SUPPORTED; 1489 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1490 return MGMT_STATUS_REJECTED; 1491 else 1492 return MGMT_STATUS_SUCCESS; 1493 } 1494 1495 static u8 mgmt_le_support(struct hci_dev *hdev) 1496 { 1497 if (!lmp_le_capable(hdev)) 1498 return MGMT_STATUS_NOT_SUPPORTED; 1499 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1500 return MGMT_STATUS_REJECTED; 1501 else 1502 return MGMT_STATUS_SUCCESS; 1503 } 1504 1505 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data, 1506 int err) 1507 { 1508 struct mgmt_pending_cmd *cmd = data; 1509 1510 bt_dev_dbg(hdev, "err %d", err); 1511 1512 /* Make sure cmd still outstanding. */ 1513 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 1514 return; 1515 1516 hci_dev_lock(hdev); 1517 1518 if (err) { 1519 u8 mgmt_err = mgmt_status(err); 1520 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1521 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1522 goto done; 1523 } 1524 1525 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1526 hdev->discov_timeout > 0) { 1527 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1528 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1529 } 1530 1531 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1532 new_settings(hdev, cmd->sk); 1533 1534 done: 1535 mgmt_pending_remove(cmd); 1536 hci_dev_unlock(hdev); 1537 } 1538 1539 static int set_discoverable_sync(struct hci_dev *hdev, void *data) 1540 { 1541 BT_DBG("%s", hdev->name); 1542 1543 return hci_update_discoverable_sync(hdev); 1544 } 1545 1546 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1547 u16 len) 1548 { 1549 struct mgmt_cp_set_discoverable *cp = data; 1550 struct mgmt_pending_cmd *cmd; 1551 u16 timeout; 1552 int err; 1553 1554 bt_dev_dbg(hdev, "sock %p", sk); 1555 1556 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1557 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1559 MGMT_STATUS_REJECTED); 1560 1561 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1563 MGMT_STATUS_INVALID_PARAMS); 1564 1565 timeout = __le16_to_cpu(cp->timeout); 1566 1567 /* Disabling discoverable requires that no timeout is set, 1568 * and enabling limited discoverable requires a timeout. 1569 */ 1570 if ((cp->val == 0x00 && timeout > 0) || 1571 (cp->val == 0x02 && timeout == 0)) 1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1573 MGMT_STATUS_INVALID_PARAMS); 1574 1575 hci_dev_lock(hdev); 1576 1577 if (!hdev_is_powered(hdev) && timeout > 0) { 1578 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1579 MGMT_STATUS_NOT_POWERED); 1580 goto failed; 1581 } 1582 1583 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1584 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1585 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1586 MGMT_STATUS_BUSY); 1587 goto failed; 1588 } 1589 1590 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1592 MGMT_STATUS_REJECTED); 1593 goto failed; 1594 } 1595 1596 if (hdev->advertising_paused) { 1597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1598 MGMT_STATUS_BUSY); 1599 goto failed; 1600 } 1601 1602 if (!hdev_is_powered(hdev)) { 1603 bool changed = false; 1604 1605 /* Setting limited discoverable when powered off is 1606 * not a valid operation since it requires a timeout 1607 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1608 */ 1609 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1610 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1611 changed = true; 1612 } 1613 1614 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1615 if (err < 0) 1616 goto failed; 1617 1618 if (changed) 1619 err = new_settings(hdev, sk); 1620 1621 goto failed; 1622 } 1623 1624 /* If the current mode is the same, then just update the timeout 1625 * value with the new value. And if only the timeout gets updated, 1626 * then no need for any HCI transactions. 1627 */ 1628 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1629 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1630 HCI_LIMITED_DISCOVERABLE)) { 1631 cancel_delayed_work(&hdev->discov_off); 1632 hdev->discov_timeout = timeout; 1633 1634 if (cp->val && hdev->discov_timeout > 0) { 1635 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1636 queue_delayed_work(hdev->req_workqueue, 1637 &hdev->discov_off, to); 1638 } 1639 1640 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1641 goto failed; 1642 } 1643 1644 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1645 if (!cmd) { 1646 err = -ENOMEM; 1647 goto failed; 1648 } 1649 1650 /* Cancel any potential discoverable timeout that might be 1651 * still active and store new timeout value. The arming of 1652 * the timeout happens in the complete handler. 1653 */ 1654 cancel_delayed_work(&hdev->discov_off); 1655 hdev->discov_timeout = timeout; 1656 1657 if (cp->val) 1658 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1659 else 1660 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1661 1662 /* Limited discoverable mode */ 1663 if (cp->val == 0x02) 1664 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1665 else 1666 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1667 1668 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd, 1669 mgmt_set_discoverable_complete); 1670 1671 if (err < 0) 1672 mgmt_pending_remove(cmd); 1673 1674 failed: 1675 hci_dev_unlock(hdev); 1676 return err; 1677 } 1678 1679 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data, 1680 int err) 1681 { 1682 struct mgmt_pending_cmd *cmd = data; 1683 1684 bt_dev_dbg(hdev, "err %d", err); 1685 1686 /* Make sure cmd still outstanding. */ 1687 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 1688 return; 1689 1690 hci_dev_lock(hdev); 1691 1692 if (err) { 1693 u8 mgmt_err = mgmt_status(err); 1694 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1695 goto done; 1696 } 1697 1698 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1699 new_settings(hdev, cmd->sk); 1700 1701 done: 1702 mgmt_pending_remove(cmd); 1703 1704 hci_dev_unlock(hdev); 1705 } 1706 1707 static int set_connectable_update_settings(struct hci_dev *hdev, 1708 struct sock *sk, u8 val) 1709 { 1710 bool changed = false; 1711 int err; 1712 1713 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1714 changed = true; 1715 1716 if (val) { 1717 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1718 } else { 1719 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1720 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1721 } 1722 1723 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1724 if (err < 0) 1725 return err; 1726 1727 if (changed) { 1728 hci_update_scan(hdev); 1729 hci_update_passive_scan(hdev); 1730 return new_settings(hdev, sk); 1731 } 1732 1733 return 0; 1734 } 1735 1736 static int set_connectable_sync(struct hci_dev *hdev, void *data) 1737 { 1738 BT_DBG("%s", hdev->name); 1739 1740 return hci_update_connectable_sync(hdev); 1741 } 1742 1743 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1744 u16 len) 1745 { 1746 struct mgmt_mode *cp = data; 1747 struct mgmt_pending_cmd *cmd; 1748 int err; 1749 1750 bt_dev_dbg(hdev, "sock %p", sk); 1751 1752 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1753 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1755 MGMT_STATUS_REJECTED); 1756 1757 if (cp->val != 0x00 && cp->val != 0x01) 1758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1759 MGMT_STATUS_INVALID_PARAMS); 1760 1761 hci_dev_lock(hdev); 1762 1763 if (!hdev_is_powered(hdev)) { 1764 err = set_connectable_update_settings(hdev, sk, cp->val); 1765 goto failed; 1766 } 1767 1768 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1769 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1771 MGMT_STATUS_BUSY); 1772 goto failed; 1773 } 1774 1775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1776 if (!cmd) { 1777 err = -ENOMEM; 1778 goto failed; 1779 } 1780 1781 if (cp->val) { 1782 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1783 } else { 1784 if (hdev->discov_timeout > 0) 1785 cancel_delayed_work(&hdev->discov_off); 1786 1787 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1788 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1789 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1790 } 1791 1792 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd, 1793 mgmt_set_connectable_complete); 1794 1795 if (err < 0) 1796 mgmt_pending_remove(cmd); 1797 1798 failed: 1799 hci_dev_unlock(hdev); 1800 return err; 1801 } 1802 1803 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1804 u16 len) 1805 { 1806 struct mgmt_mode *cp = data; 1807 bool changed; 1808 int err; 1809 1810 bt_dev_dbg(hdev, "sock %p", sk); 1811 1812 if (cp->val != 0x00 && cp->val != 0x01) 1813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1814 MGMT_STATUS_INVALID_PARAMS); 1815 1816 hci_dev_lock(hdev); 1817 1818 if (cp->val) 1819 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1820 else 1821 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1822 1823 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1824 if (err < 0) 1825 goto unlock; 1826 1827 if (changed) { 1828 /* In limited privacy mode the change of bondable mode 1829 * may affect the local advertising address. 1830 */ 1831 hci_update_discoverable(hdev); 1832 1833 err = new_settings(hdev, sk); 1834 } 1835 1836 unlock: 1837 hci_dev_unlock(hdev); 1838 return err; 1839 } 1840 1841 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1842 u16 len) 1843 { 1844 struct mgmt_mode *cp = data; 1845 struct mgmt_pending_cmd *cmd; 1846 u8 val, status; 1847 int err; 1848 1849 bt_dev_dbg(hdev, "sock %p", sk); 1850 1851 status = mgmt_bredr_support(hdev); 1852 if (status) 1853 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1854 status); 1855 1856 if (cp->val != 0x00 && cp->val != 0x01) 1857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1858 MGMT_STATUS_INVALID_PARAMS); 1859 1860 hci_dev_lock(hdev); 1861 1862 if (!hdev_is_powered(hdev)) { 1863 bool changed = false; 1864 1865 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1866 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1867 changed = true; 1868 } 1869 1870 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1871 if (err < 0) 1872 goto failed; 1873 1874 if (changed) 1875 err = new_settings(hdev, sk); 1876 1877 goto failed; 1878 } 1879 1880 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1881 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1882 MGMT_STATUS_BUSY); 1883 goto failed; 1884 } 1885 1886 val = !!cp->val; 1887 1888 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1889 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1890 goto failed; 1891 } 1892 1893 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1894 if (!cmd) { 1895 err = -ENOMEM; 1896 goto failed; 1897 } 1898 1899 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1900 if (err < 0) { 1901 mgmt_pending_remove(cmd); 1902 goto failed; 1903 } 1904 1905 failed: 1906 hci_dev_unlock(hdev); 1907 return err; 1908 } 1909 1910 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err) 1911 { 1912 struct cmd_lookup match = { NULL, hdev }; 1913 struct mgmt_pending_cmd *cmd = data; 1914 struct mgmt_mode *cp = cmd->param; 1915 u8 enable = cp->val; 1916 bool changed; 1917 1918 /* Make sure cmd still outstanding. */ 1919 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev)) 1920 return; 1921 1922 if (err) { 1923 u8 mgmt_err = mgmt_status(err); 1924 1925 if (enable && hci_dev_test_and_clear_flag(hdev, 1926 HCI_SSP_ENABLED)) { 1927 new_settings(hdev, NULL); 1928 } 1929 1930 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 1931 &mgmt_err); 1932 return; 1933 } 1934 1935 if (enable) { 1936 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1937 } else { 1938 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 1939 } 1940 1941 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 1942 1943 if (changed) 1944 new_settings(hdev, match.sk); 1945 1946 if (match.sk) 1947 sock_put(match.sk); 1948 1949 hci_update_eir_sync(hdev); 1950 } 1951 1952 static int set_ssp_sync(struct hci_dev *hdev, void *data) 1953 { 1954 struct mgmt_pending_cmd *cmd = data; 1955 struct mgmt_mode *cp = cmd->param; 1956 bool changed = false; 1957 int err; 1958 1959 if (cp->val) 1960 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1961 1962 err = hci_write_ssp_mode_sync(hdev, cp->val); 1963 1964 if (!err && changed) 1965 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 1966 1967 return err; 1968 } 1969 1970 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1971 { 1972 struct mgmt_mode *cp = data; 1973 struct mgmt_pending_cmd *cmd; 1974 u8 status; 1975 int err; 1976 1977 bt_dev_dbg(hdev, "sock %p", sk); 1978 1979 status = mgmt_bredr_support(hdev); 1980 if (status) 1981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1982 1983 if (!lmp_ssp_capable(hdev)) 1984 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1985 MGMT_STATUS_NOT_SUPPORTED); 1986 1987 if (cp->val != 0x00 && cp->val != 0x01) 1988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1989 MGMT_STATUS_INVALID_PARAMS); 1990 1991 hci_dev_lock(hdev); 1992 1993 if (!hdev_is_powered(hdev)) { 1994 bool changed; 1995 1996 if (cp->val) { 1997 changed = !hci_dev_test_and_set_flag(hdev, 1998 HCI_SSP_ENABLED); 1999 } else { 2000 changed = hci_dev_test_and_clear_flag(hdev, 2001 HCI_SSP_ENABLED); 2002 } 2003 2004 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2005 if (err < 0) 2006 goto failed; 2007 2008 if (changed) 2009 err = new_settings(hdev, sk); 2010 2011 goto failed; 2012 } 2013 2014 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2015 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2016 MGMT_STATUS_BUSY); 2017 goto failed; 2018 } 2019 2020 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 2021 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 2022 goto failed; 2023 } 2024 2025 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 2026 if (!cmd) 2027 err = -ENOMEM; 2028 else 2029 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd, 2030 set_ssp_complete); 2031 2032 if (err < 0) { 2033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 2034 MGMT_STATUS_FAILED); 2035 2036 if (cmd) 2037 mgmt_pending_remove(cmd); 2038 } 2039 2040 failed: 2041 hci_dev_unlock(hdev); 2042 return err; 2043 } 2044 2045 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2046 { 2047 bt_dev_dbg(hdev, "sock %p", sk); 2048 2049 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2050 MGMT_STATUS_NOT_SUPPORTED); 2051 } 2052 2053 static void set_le_complete(struct hci_dev *hdev, void *data, int err) 2054 { 2055 struct cmd_lookup match = { NULL, hdev }; 2056 u8 status = mgmt_status(err); 2057 2058 bt_dev_dbg(hdev, "err %d", err); 2059 2060 if (status) { 2061 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 2062 &status); 2063 return; 2064 } 2065 2066 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 2067 2068 new_settings(hdev, match.sk); 2069 2070 if (match.sk) 2071 sock_put(match.sk); 2072 } 2073 2074 static int set_le_sync(struct hci_dev *hdev, void *data) 2075 { 2076 struct mgmt_pending_cmd *cmd = data; 2077 struct mgmt_mode *cp = cmd->param; 2078 u8 val = !!cp->val; 2079 int err; 2080 2081 if (!val) { 2082 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true); 2083 2084 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2085 hci_disable_advertising_sync(hdev); 2086 2087 if (ext_adv_capable(hdev)) 2088 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk); 2089 } else { 2090 hci_dev_set_flag(hdev, HCI_LE_ENABLED); 2091 } 2092 2093 err = hci_write_le_host_supported_sync(hdev, val, 0); 2094 2095 /* Make sure the controller has a good default for 2096 * advertising data. Restrict the update to when LE 2097 * has actually been enabled. During power on, the 2098 * update in powered_update_hci will take care of it. 2099 */ 2100 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2101 if (ext_adv_capable(hdev)) { 2102 int status; 2103 2104 status = hci_setup_ext_adv_instance_sync(hdev, 0x00); 2105 if (!status) 2106 hci_update_scan_rsp_data_sync(hdev, 0x00); 2107 } else { 2108 hci_update_adv_data_sync(hdev, 0x00); 2109 hci_update_scan_rsp_data_sync(hdev, 0x00); 2110 } 2111 2112 hci_update_passive_scan(hdev); 2113 } 2114 2115 return err; 2116 } 2117 2118 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err) 2119 { 2120 struct mgmt_pending_cmd *cmd = data; 2121 u8 status = mgmt_status(err); 2122 struct sock *sk = cmd->sk; 2123 2124 if (status) { 2125 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev, 2126 cmd_status_rsp, &status); 2127 return; 2128 } 2129 2130 mgmt_pending_remove(cmd); 2131 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0); 2132 } 2133 2134 static int set_mesh_sync(struct hci_dev *hdev, void *data) 2135 { 2136 struct mgmt_pending_cmd *cmd = data; 2137 struct mgmt_cp_set_mesh *cp = cmd->param; 2138 size_t len = cmd->param_len; 2139 2140 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types)); 2141 2142 if (cp->enable) 2143 hci_dev_set_flag(hdev, HCI_MESH); 2144 else 2145 hci_dev_clear_flag(hdev, HCI_MESH); 2146 2147 len -= sizeof(*cp); 2148 2149 /* If filters don't fit, forward all adv pkts */ 2150 if (len <= sizeof(hdev->mesh_ad_types)) 2151 memcpy(hdev->mesh_ad_types, cp->ad_types, len); 2152 2153 hci_update_passive_scan_sync(hdev); 2154 return 0; 2155 } 2156 2157 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2158 { 2159 struct mgmt_cp_set_mesh *cp = data; 2160 struct mgmt_pending_cmd *cmd; 2161 int err = 0; 2162 2163 bt_dev_dbg(hdev, "sock %p", sk); 2164 2165 if (!lmp_le_capable(hdev) || 2166 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2167 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2168 MGMT_STATUS_NOT_SUPPORTED); 2169 2170 if (cp->enable != 0x00 && cp->enable != 0x01) 2171 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2172 MGMT_STATUS_INVALID_PARAMS); 2173 2174 hci_dev_lock(hdev); 2175 2176 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len); 2177 if (!cmd) 2178 err = -ENOMEM; 2179 else 2180 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd, 2181 set_mesh_complete); 2182 2183 if (err < 0) { 2184 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 2185 MGMT_STATUS_FAILED); 2186 2187 if (cmd) 2188 mgmt_pending_remove(cmd); 2189 } 2190 2191 hci_dev_unlock(hdev); 2192 return err; 2193 } 2194 2195 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err) 2196 { 2197 struct mgmt_mesh_tx *mesh_tx = data; 2198 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2199 unsigned long mesh_send_interval; 2200 u8 mgmt_err = mgmt_status(err); 2201 2202 /* Report any errors here, but don't report completion */ 2203 2204 if (mgmt_err) { 2205 hci_dev_clear_flag(hdev, HCI_MESH_SENDING); 2206 /* Send Complete Error Code for handle */ 2207 mesh_send_complete(hdev, mesh_tx, false); 2208 return; 2209 } 2210 2211 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25); 2212 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done, 2213 mesh_send_interval); 2214 } 2215 2216 static int mesh_send_sync(struct hci_dev *hdev, void *data) 2217 { 2218 struct mgmt_mesh_tx *mesh_tx = data; 2219 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param; 2220 struct adv_info *adv, *next_instance; 2221 u8 instance = hdev->le_num_of_adv_sets + 1; 2222 u16 timeout, duration; 2223 int err = 0; 2224 2225 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt) 2226 return MGMT_STATUS_BUSY; 2227 2228 timeout = 1000; 2229 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval); 2230 adv = hci_add_adv_instance(hdev, instance, 0, 2231 send->adv_data_len, send->adv_data, 2232 0, NULL, 2233 timeout, duration, 2234 HCI_ADV_TX_POWER_NO_PREFERENCE, 2235 hdev->le_adv_min_interval, 2236 hdev->le_adv_max_interval, 2237 mesh_tx->handle); 2238 2239 if (!IS_ERR(adv)) 2240 mesh_tx->instance = instance; 2241 else 2242 err = PTR_ERR(adv); 2243 2244 if (hdev->cur_adv_instance == instance) { 2245 /* If the currently advertised instance is being changed then 2246 * cancel the current advertising and schedule the next 2247 * instance. If there is only one instance then the overridden 2248 * advertising data will be visible right away. 2249 */ 2250 cancel_adv_timeout(hdev); 2251 2252 next_instance = hci_get_next_instance(hdev, instance); 2253 if (next_instance) 2254 instance = next_instance->instance; 2255 else 2256 instance = 0; 2257 } else if (hdev->adv_instance_timeout) { 2258 /* Immediately advertise the new instance if no other, or 2259 * let it go naturally from queue if ADV is already happening 2260 */ 2261 instance = 0; 2262 } 2263 2264 if (instance) 2265 return hci_schedule_adv_instance_sync(hdev, instance, true); 2266 2267 return err; 2268 } 2269 2270 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data) 2271 { 2272 struct mgmt_rp_mesh_read_features *rp = data; 2273 2274 if (rp->used_handles >= rp->max_handles) 2275 return; 2276 2277 rp->handles[rp->used_handles++] = mesh_tx->handle; 2278 } 2279 2280 static int mesh_features(struct sock *sk, struct hci_dev *hdev, 2281 void *data, u16 len) 2282 { 2283 struct mgmt_rp_mesh_read_features rp; 2284 2285 if (!lmp_le_capable(hdev) || 2286 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2287 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 2288 MGMT_STATUS_NOT_SUPPORTED); 2289 2290 memset(&rp, 0, sizeof(rp)); 2291 rp.index = cpu_to_le16(hdev->id); 2292 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2293 rp.max_handles = MESH_HANDLES_MAX; 2294 2295 hci_dev_lock(hdev); 2296 2297 if (rp.max_handles) 2298 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2299 2300 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp, 2301 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX); 2302 2303 hci_dev_unlock(hdev); 2304 return 0; 2305 } 2306 2307 static int send_cancel(struct hci_dev *hdev, void *data) 2308 { 2309 struct mgmt_pending_cmd *cmd = data; 2310 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param; 2311 struct mgmt_mesh_tx *mesh_tx; 2312 2313 if (!cancel->handle) { 2314 do { 2315 mesh_tx = mgmt_mesh_next(hdev, cmd->sk); 2316 2317 if (mesh_tx) 2318 mesh_send_complete(hdev, mesh_tx, false); 2319 } while (mesh_tx); 2320 } else { 2321 mesh_tx = mgmt_mesh_find(hdev, cancel->handle); 2322 2323 if (mesh_tx && mesh_tx->sk == cmd->sk) 2324 mesh_send_complete(hdev, mesh_tx, false); 2325 } 2326 2327 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2328 0, NULL, 0); 2329 mgmt_pending_free(cmd); 2330 2331 return 0; 2332 } 2333 2334 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev, 2335 void *data, u16 len) 2336 { 2337 struct mgmt_pending_cmd *cmd; 2338 int err; 2339 2340 if (!lmp_le_capable(hdev) || 2341 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2342 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2343 MGMT_STATUS_NOT_SUPPORTED); 2344 2345 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 2346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2347 MGMT_STATUS_REJECTED); 2348 2349 hci_dev_lock(hdev); 2350 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len); 2351 if (!cmd) 2352 err = -ENOMEM; 2353 else 2354 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL); 2355 2356 if (err < 0) { 2357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL, 2358 MGMT_STATUS_FAILED); 2359 2360 if (cmd) 2361 mgmt_pending_free(cmd); 2362 } 2363 2364 hci_dev_unlock(hdev); 2365 return err; 2366 } 2367 2368 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2369 { 2370 struct mgmt_mesh_tx *mesh_tx; 2371 struct mgmt_cp_mesh_send *send = data; 2372 struct mgmt_rp_mesh_read_features rp; 2373 bool sending; 2374 int err = 0; 2375 2376 if (!lmp_le_capable(hdev) || 2377 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 2378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2379 MGMT_STATUS_NOT_SUPPORTED); 2380 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) || 2381 len <= MGMT_MESH_SEND_SIZE || 2382 len > (MGMT_MESH_SEND_SIZE + 31)) 2383 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2384 MGMT_STATUS_REJECTED); 2385 2386 hci_dev_lock(hdev); 2387 2388 memset(&rp, 0, sizeof(rp)); 2389 rp.max_handles = MESH_HANDLES_MAX; 2390 2391 mgmt_mesh_foreach(hdev, send_count, &rp, sk); 2392 2393 if (rp.max_handles <= rp.used_handles) { 2394 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2395 MGMT_STATUS_BUSY); 2396 goto done; 2397 } 2398 2399 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING); 2400 mesh_tx = mgmt_mesh_add(sk, hdev, send, len); 2401 2402 if (!mesh_tx) 2403 err = -ENOMEM; 2404 else if (!sending) 2405 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx, 2406 mesh_send_start_complete); 2407 2408 if (err < 0) { 2409 bt_dev_err(hdev, "Send Mesh Failed %d", err); 2410 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND, 2411 MGMT_STATUS_FAILED); 2412 2413 if (mesh_tx) { 2414 if (sending) 2415 mgmt_mesh_remove(mesh_tx); 2416 } 2417 } else { 2418 hci_dev_set_flag(hdev, HCI_MESH_SENDING); 2419 2420 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0, 2421 &mesh_tx->handle, 1); 2422 } 2423 2424 done: 2425 hci_dev_unlock(hdev); 2426 return err; 2427 } 2428 2429 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2430 { 2431 struct mgmt_mode *cp = data; 2432 struct mgmt_pending_cmd *cmd; 2433 int err; 2434 u8 val, enabled; 2435 2436 bt_dev_dbg(hdev, "sock %p", sk); 2437 2438 if (!lmp_le_capable(hdev)) 2439 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2440 MGMT_STATUS_NOT_SUPPORTED); 2441 2442 if (cp->val != 0x00 && cp->val != 0x01) 2443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2444 MGMT_STATUS_INVALID_PARAMS); 2445 2446 /* Bluetooth single mode LE only controllers or dual-mode 2447 * controllers configured as LE only devices, do not allow 2448 * switching LE off. These have either LE enabled explicitly 2449 * or BR/EDR has been previously switched off. 2450 * 2451 * When trying to enable an already enabled LE, then gracefully 2452 * send a positive response. Trying to disable it however will 2453 * result into rejection. 2454 */ 2455 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 2456 if (cp->val == 0x01) 2457 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2458 2459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2460 MGMT_STATUS_REJECTED); 2461 } 2462 2463 hci_dev_lock(hdev); 2464 2465 val = !!cp->val; 2466 enabled = lmp_host_le_capable(hdev); 2467 2468 if (!hdev_is_powered(hdev) || val == enabled) { 2469 bool changed = false; 2470 2471 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2472 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 2473 changed = true; 2474 } 2475 2476 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 2477 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 2478 changed = true; 2479 } 2480 2481 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2482 if (err < 0) 2483 goto unlock; 2484 2485 if (changed) 2486 err = new_settings(hdev, sk); 2487 2488 goto unlock; 2489 } 2490 2491 if (pending_find(MGMT_OP_SET_LE, hdev) || 2492 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 2493 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2494 MGMT_STATUS_BUSY); 2495 goto unlock; 2496 } 2497 2498 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 2499 if (!cmd) 2500 err = -ENOMEM; 2501 else 2502 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd, 2503 set_le_complete); 2504 2505 if (err < 0) { 2506 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2507 MGMT_STATUS_FAILED); 2508 2509 if (cmd) 2510 mgmt_pending_remove(cmd); 2511 } 2512 2513 unlock: 2514 hci_dev_unlock(hdev); 2515 return err; 2516 } 2517 2518 /* This is a helper function to test for pending mgmt commands that can 2519 * cause CoD or EIR HCI commands. We can only allow one such pending 2520 * mgmt command at a time since otherwise we cannot easily track what 2521 * the current values are, will be, and based on that calculate if a new 2522 * HCI command needs to be sent and if yes with what value. 2523 */ 2524 static bool pending_eir_or_class(struct hci_dev *hdev) 2525 { 2526 struct mgmt_pending_cmd *cmd; 2527 2528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2529 switch (cmd->opcode) { 2530 case MGMT_OP_ADD_UUID: 2531 case MGMT_OP_REMOVE_UUID: 2532 case MGMT_OP_SET_DEV_CLASS: 2533 case MGMT_OP_SET_POWERED: 2534 return true; 2535 } 2536 } 2537 2538 return false; 2539 } 2540 2541 static const u8 bluetooth_base_uuid[] = { 2542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2544 }; 2545 2546 static u8 get_uuid_size(const u8 *uuid) 2547 { 2548 u32 val; 2549 2550 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2551 return 128; 2552 2553 val = get_unaligned_le32(&uuid[12]); 2554 if (val > 0xffff) 2555 return 32; 2556 2557 return 16; 2558 } 2559 2560 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err) 2561 { 2562 struct mgmt_pending_cmd *cmd = data; 2563 2564 bt_dev_dbg(hdev, "err %d", err); 2565 2566 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2567 mgmt_status(err), hdev->dev_class, 3); 2568 2569 mgmt_pending_free(cmd); 2570 } 2571 2572 static int add_uuid_sync(struct hci_dev *hdev, void *data) 2573 { 2574 int err; 2575 2576 err = hci_update_class_sync(hdev); 2577 if (err) 2578 return err; 2579 2580 return hci_update_eir_sync(hdev); 2581 } 2582 2583 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2584 { 2585 struct mgmt_cp_add_uuid *cp = data; 2586 struct mgmt_pending_cmd *cmd; 2587 struct bt_uuid *uuid; 2588 int err; 2589 2590 bt_dev_dbg(hdev, "sock %p", sk); 2591 2592 hci_dev_lock(hdev); 2593 2594 if (pending_eir_or_class(hdev)) { 2595 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2596 MGMT_STATUS_BUSY); 2597 goto failed; 2598 } 2599 2600 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2601 if (!uuid) { 2602 err = -ENOMEM; 2603 goto failed; 2604 } 2605 2606 memcpy(uuid->uuid, cp->uuid, 16); 2607 uuid->svc_hint = cp->svc_hint; 2608 uuid->size = get_uuid_size(cp->uuid); 2609 2610 list_add_tail(&uuid->list, &hdev->uuids); 2611 2612 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2613 if (!cmd) { 2614 err = -ENOMEM; 2615 goto failed; 2616 } 2617 2618 /* MGMT_OP_ADD_UUID don't require adapter the UP/Running so use 2619 * hci_cmd_sync_submit instead of hci_cmd_sync_queue. 2620 */ 2621 err = hci_cmd_sync_submit(hdev, add_uuid_sync, cmd, 2622 mgmt_class_complete); 2623 if (err < 0) { 2624 mgmt_pending_free(cmd); 2625 goto failed; 2626 } 2627 2628 failed: 2629 hci_dev_unlock(hdev); 2630 return err; 2631 } 2632 2633 static bool enable_service_cache(struct hci_dev *hdev) 2634 { 2635 if (!hdev_is_powered(hdev)) 2636 return false; 2637 2638 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2639 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2640 CACHE_TIMEOUT); 2641 return true; 2642 } 2643 2644 return false; 2645 } 2646 2647 static int remove_uuid_sync(struct hci_dev *hdev, void *data) 2648 { 2649 int err; 2650 2651 err = hci_update_class_sync(hdev); 2652 if (err) 2653 return err; 2654 2655 return hci_update_eir_sync(hdev); 2656 } 2657 2658 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2659 u16 len) 2660 { 2661 struct mgmt_cp_remove_uuid *cp = data; 2662 struct mgmt_pending_cmd *cmd; 2663 struct bt_uuid *match, *tmp; 2664 static const u8 bt_uuid_any[] = { 2665 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 2666 }; 2667 int err, found; 2668 2669 bt_dev_dbg(hdev, "sock %p", sk); 2670 2671 hci_dev_lock(hdev); 2672 2673 if (pending_eir_or_class(hdev)) { 2674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2675 MGMT_STATUS_BUSY); 2676 goto unlock; 2677 } 2678 2679 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2680 hci_uuids_clear(hdev); 2681 2682 if (enable_service_cache(hdev)) { 2683 err = mgmt_cmd_complete(sk, hdev->id, 2684 MGMT_OP_REMOVE_UUID, 2685 0, hdev->dev_class, 3); 2686 goto unlock; 2687 } 2688 2689 goto update_class; 2690 } 2691 2692 found = 0; 2693 2694 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2695 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2696 continue; 2697 2698 list_del(&match->list); 2699 kfree(match); 2700 found++; 2701 } 2702 2703 if (found == 0) { 2704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2705 MGMT_STATUS_INVALID_PARAMS); 2706 goto unlock; 2707 } 2708 2709 update_class: 2710 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2711 if (!cmd) { 2712 err = -ENOMEM; 2713 goto unlock; 2714 } 2715 2716 /* MGMT_OP_REMOVE_UUID don't require adapter the UP/Running so use 2717 * hci_cmd_sync_submit instead of hci_cmd_sync_queue. 2718 */ 2719 err = hci_cmd_sync_submit(hdev, remove_uuid_sync, cmd, 2720 mgmt_class_complete); 2721 if (err < 0) 2722 mgmt_pending_free(cmd); 2723 2724 unlock: 2725 hci_dev_unlock(hdev); 2726 return err; 2727 } 2728 2729 static int set_class_sync(struct hci_dev *hdev, void *data) 2730 { 2731 int err = 0; 2732 2733 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2734 cancel_delayed_work_sync(&hdev->service_cache); 2735 err = hci_update_eir_sync(hdev); 2736 } 2737 2738 if (err) 2739 return err; 2740 2741 return hci_update_class_sync(hdev); 2742 } 2743 2744 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2745 u16 len) 2746 { 2747 struct mgmt_cp_set_dev_class *cp = data; 2748 struct mgmt_pending_cmd *cmd; 2749 int err; 2750 2751 bt_dev_dbg(hdev, "sock %p", sk); 2752 2753 if (!lmp_bredr_capable(hdev)) 2754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2755 MGMT_STATUS_NOT_SUPPORTED); 2756 2757 hci_dev_lock(hdev); 2758 2759 if (pending_eir_or_class(hdev)) { 2760 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2761 MGMT_STATUS_BUSY); 2762 goto unlock; 2763 } 2764 2765 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2766 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2767 MGMT_STATUS_INVALID_PARAMS); 2768 goto unlock; 2769 } 2770 2771 hdev->major_class = cp->major; 2772 hdev->minor_class = cp->minor; 2773 2774 if (!hdev_is_powered(hdev)) { 2775 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2776 hdev->dev_class, 3); 2777 goto unlock; 2778 } 2779 2780 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2781 if (!cmd) { 2782 err = -ENOMEM; 2783 goto unlock; 2784 } 2785 2786 /* MGMT_OP_SET_DEV_CLASS don't require adapter the UP/Running so use 2787 * hci_cmd_sync_submit instead of hci_cmd_sync_queue. 2788 */ 2789 err = hci_cmd_sync_submit(hdev, set_class_sync, cmd, 2790 mgmt_class_complete); 2791 if (err < 0) 2792 mgmt_pending_free(cmd); 2793 2794 unlock: 2795 hci_dev_unlock(hdev); 2796 return err; 2797 } 2798 2799 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2800 u16 len) 2801 { 2802 struct mgmt_cp_load_link_keys *cp = data; 2803 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2804 sizeof(struct mgmt_link_key_info)); 2805 u16 key_count, expected_len; 2806 bool changed; 2807 int i; 2808 2809 bt_dev_dbg(hdev, "sock %p", sk); 2810 2811 if (!lmp_bredr_capable(hdev)) 2812 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2813 MGMT_STATUS_NOT_SUPPORTED); 2814 2815 key_count = __le16_to_cpu(cp->key_count); 2816 if (key_count > max_key_count) { 2817 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2818 key_count); 2819 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2820 MGMT_STATUS_INVALID_PARAMS); 2821 } 2822 2823 expected_len = struct_size(cp, keys, key_count); 2824 if (expected_len != len) { 2825 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2826 expected_len, len); 2827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2828 MGMT_STATUS_INVALID_PARAMS); 2829 } 2830 2831 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2832 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2833 MGMT_STATUS_INVALID_PARAMS); 2834 2835 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys, 2836 key_count); 2837 2838 hci_dev_lock(hdev); 2839 2840 hci_link_keys_clear(hdev); 2841 2842 if (cp->debug_keys) 2843 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2844 else 2845 changed = hci_dev_test_and_clear_flag(hdev, 2846 HCI_KEEP_DEBUG_KEYS); 2847 2848 if (changed) 2849 new_settings(hdev, NULL); 2850 2851 for (i = 0; i < key_count; i++) { 2852 struct mgmt_link_key_info *key = &cp->keys[i]; 2853 2854 if (hci_is_blocked_key(hdev, 2855 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2856 key->val)) { 2857 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2858 &key->addr.bdaddr); 2859 continue; 2860 } 2861 2862 if (key->addr.type != BDADDR_BREDR) { 2863 bt_dev_warn(hdev, 2864 "Invalid link address type %u for %pMR", 2865 key->addr.type, &key->addr.bdaddr); 2866 continue; 2867 } 2868 2869 if (key->type > 0x08) { 2870 bt_dev_warn(hdev, "Invalid link key type %u for %pMR", 2871 key->type, &key->addr.bdaddr); 2872 continue; 2873 } 2874 2875 /* Always ignore debug keys and require a new pairing if 2876 * the user wants to use them. 2877 */ 2878 if (key->type == HCI_LK_DEBUG_COMBINATION) 2879 continue; 2880 2881 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2882 key->type, key->pin_len, NULL); 2883 } 2884 2885 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2886 2887 hci_dev_unlock(hdev); 2888 2889 return 0; 2890 } 2891 2892 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2893 u8 addr_type, struct sock *skip_sk) 2894 { 2895 struct mgmt_ev_device_unpaired ev; 2896 2897 bacpy(&ev.addr.bdaddr, bdaddr); 2898 ev.addr.type = addr_type; 2899 2900 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2901 skip_sk); 2902 } 2903 2904 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err) 2905 { 2906 struct mgmt_pending_cmd *cmd = data; 2907 struct mgmt_cp_unpair_device *cp = cmd->param; 2908 2909 if (!err) 2910 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 2911 2912 cmd->cmd_complete(cmd, err); 2913 mgmt_pending_free(cmd); 2914 } 2915 2916 static int unpair_device_sync(struct hci_dev *hdev, void *data) 2917 { 2918 struct mgmt_pending_cmd *cmd = data; 2919 struct mgmt_cp_unpair_device *cp = cmd->param; 2920 struct hci_conn *conn; 2921 2922 if (cp->addr.type == BDADDR_BREDR) 2923 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2924 &cp->addr.bdaddr); 2925 else 2926 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2927 le_addr_type(cp->addr.type)); 2928 2929 if (!conn) 2930 return 0; 2931 2932 /* Disregard any possible error since the likes of hci_abort_conn_sync 2933 * will clean up the connection no matter the error. 2934 */ 2935 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2936 2937 return 0; 2938 } 2939 2940 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2941 u16 len) 2942 { 2943 struct mgmt_cp_unpair_device *cp = data; 2944 struct mgmt_rp_unpair_device rp; 2945 struct hci_conn_params *params; 2946 struct mgmt_pending_cmd *cmd; 2947 struct hci_conn *conn; 2948 u8 addr_type; 2949 int err; 2950 2951 memset(&rp, 0, sizeof(rp)); 2952 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2953 rp.addr.type = cp->addr.type; 2954 2955 if (!bdaddr_type_is_valid(cp->addr.type)) 2956 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2957 MGMT_STATUS_INVALID_PARAMS, 2958 &rp, sizeof(rp)); 2959 2960 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2961 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2962 MGMT_STATUS_INVALID_PARAMS, 2963 &rp, sizeof(rp)); 2964 2965 hci_dev_lock(hdev); 2966 2967 if (!hdev_is_powered(hdev)) { 2968 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2969 MGMT_STATUS_NOT_POWERED, &rp, 2970 sizeof(rp)); 2971 goto unlock; 2972 } 2973 2974 if (cp->addr.type == BDADDR_BREDR) { 2975 /* If disconnection is requested, then look up the 2976 * connection. If the remote device is connected, it 2977 * will be later used to terminate the link. 2978 * 2979 * Setting it to NULL explicitly will cause no 2980 * termination of the link. 2981 */ 2982 if (cp->disconnect) 2983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2984 &cp->addr.bdaddr); 2985 else 2986 conn = NULL; 2987 2988 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2989 if (err < 0) { 2990 err = mgmt_cmd_complete(sk, hdev->id, 2991 MGMT_OP_UNPAIR_DEVICE, 2992 MGMT_STATUS_NOT_PAIRED, &rp, 2993 sizeof(rp)); 2994 goto unlock; 2995 } 2996 2997 goto done; 2998 } 2999 3000 /* LE address type */ 3001 addr_type = le_addr_type(cp->addr.type); 3002 3003 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 3004 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 3005 if (err < 0) { 3006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 3007 MGMT_STATUS_NOT_PAIRED, &rp, 3008 sizeof(rp)); 3009 goto unlock; 3010 } 3011 3012 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 3013 if (!conn) { 3014 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 3015 goto done; 3016 } 3017 3018 3019 /* Defer clearing up the connection parameters until closing to 3020 * give a chance of keeping them if a repairing happens. 3021 */ 3022 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3023 3024 /* Disable auto-connection parameters if present */ 3025 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 3026 if (params) { 3027 if (params->explicit_connect) 3028 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 3029 else 3030 params->auto_connect = HCI_AUTO_CONN_DISABLED; 3031 } 3032 3033 /* If disconnection is not requested, then clear the connection 3034 * variable so that the link is not terminated. 3035 */ 3036 if (!cp->disconnect) 3037 conn = NULL; 3038 3039 done: 3040 /* If the connection variable is set, then termination of the 3041 * link is requested. 3042 */ 3043 if (!conn) { 3044 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 3045 &rp, sizeof(rp)); 3046 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 3047 goto unlock; 3048 } 3049 3050 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 3051 sizeof(*cp)); 3052 if (!cmd) { 3053 err = -ENOMEM; 3054 goto unlock; 3055 } 3056 3057 cmd->cmd_complete = addr_cmd_complete; 3058 3059 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd, 3060 unpair_device_complete); 3061 if (err < 0) 3062 mgmt_pending_free(cmd); 3063 3064 unlock: 3065 hci_dev_unlock(hdev); 3066 return err; 3067 } 3068 3069 static void disconnect_complete(struct hci_dev *hdev, void *data, int err) 3070 { 3071 struct mgmt_pending_cmd *cmd = data; 3072 3073 cmd->cmd_complete(cmd, mgmt_status(err)); 3074 mgmt_pending_free(cmd); 3075 } 3076 3077 static int disconnect_sync(struct hci_dev *hdev, void *data) 3078 { 3079 struct mgmt_pending_cmd *cmd = data; 3080 struct mgmt_cp_disconnect *cp = cmd->param; 3081 struct hci_conn *conn; 3082 3083 if (cp->addr.type == BDADDR_BREDR) 3084 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 3085 &cp->addr.bdaddr); 3086 else 3087 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 3088 le_addr_type(cp->addr.type)); 3089 3090 if (!conn) 3091 return -ENOTCONN; 3092 3093 /* Disregard any possible error since the likes of hci_abort_conn_sync 3094 * will clean up the connection no matter the error. 3095 */ 3096 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 3097 3098 return 0; 3099 } 3100 3101 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 3102 u16 len) 3103 { 3104 struct mgmt_cp_disconnect *cp = data; 3105 struct mgmt_rp_disconnect rp; 3106 struct mgmt_pending_cmd *cmd; 3107 int err; 3108 3109 bt_dev_dbg(hdev, "sock %p", sk); 3110 3111 memset(&rp, 0, sizeof(rp)); 3112 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3113 rp.addr.type = cp->addr.type; 3114 3115 if (!bdaddr_type_is_valid(cp->addr.type)) 3116 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3117 MGMT_STATUS_INVALID_PARAMS, 3118 &rp, sizeof(rp)); 3119 3120 hci_dev_lock(hdev); 3121 3122 if (!test_bit(HCI_UP, &hdev->flags)) { 3123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 3124 MGMT_STATUS_NOT_POWERED, &rp, 3125 sizeof(rp)); 3126 goto failed; 3127 } 3128 3129 cmd = mgmt_pending_new(sk, MGMT_OP_DISCONNECT, hdev, data, len); 3130 if (!cmd) { 3131 err = -ENOMEM; 3132 goto failed; 3133 } 3134 3135 cmd->cmd_complete = generic_cmd_complete; 3136 3137 err = hci_cmd_sync_queue(hdev, disconnect_sync, cmd, 3138 disconnect_complete); 3139 if (err < 0) 3140 mgmt_pending_free(cmd); 3141 3142 failed: 3143 hci_dev_unlock(hdev); 3144 return err; 3145 } 3146 3147 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 3148 { 3149 switch (link_type) { 3150 case ISO_LINK: 3151 case LE_LINK: 3152 switch (addr_type) { 3153 case ADDR_LE_DEV_PUBLIC: 3154 return BDADDR_LE_PUBLIC; 3155 3156 default: 3157 /* Fallback to LE Random address type */ 3158 return BDADDR_LE_RANDOM; 3159 } 3160 3161 default: 3162 /* Fallback to BR/EDR type */ 3163 return BDADDR_BREDR; 3164 } 3165 } 3166 3167 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 3168 u16 data_len) 3169 { 3170 struct mgmt_rp_get_connections *rp; 3171 struct hci_conn *c; 3172 int err; 3173 u16 i; 3174 3175 bt_dev_dbg(hdev, "sock %p", sk); 3176 3177 hci_dev_lock(hdev); 3178 3179 if (!hdev_is_powered(hdev)) { 3180 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 3181 MGMT_STATUS_NOT_POWERED); 3182 goto unlock; 3183 } 3184 3185 i = 0; 3186 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3187 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3188 i++; 3189 } 3190 3191 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 3192 if (!rp) { 3193 err = -ENOMEM; 3194 goto unlock; 3195 } 3196 3197 i = 0; 3198 list_for_each_entry(c, &hdev->conn_hash.list, list) { 3199 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 3200 continue; 3201 bacpy(&rp->addr[i].bdaddr, &c->dst); 3202 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 3203 if (c->type == SCO_LINK || c->type == ESCO_LINK) 3204 continue; 3205 i++; 3206 } 3207 3208 rp->conn_count = cpu_to_le16(i); 3209 3210 /* Recalculate length in case of filtered SCO connections, etc */ 3211 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 3212 struct_size(rp, addr, i)); 3213 3214 kfree(rp); 3215 3216 unlock: 3217 hci_dev_unlock(hdev); 3218 return err; 3219 } 3220 3221 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3222 struct mgmt_cp_pin_code_neg_reply *cp) 3223 { 3224 struct mgmt_pending_cmd *cmd; 3225 int err; 3226 3227 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 3228 sizeof(*cp)); 3229 if (!cmd) 3230 return -ENOMEM; 3231 3232 cmd->cmd_complete = addr_cmd_complete; 3233 3234 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 3235 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 3236 if (err < 0) 3237 mgmt_pending_remove(cmd); 3238 3239 return err; 3240 } 3241 3242 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3243 u16 len) 3244 { 3245 struct hci_conn *conn; 3246 struct mgmt_cp_pin_code_reply *cp = data; 3247 struct hci_cp_pin_code_reply reply; 3248 struct mgmt_pending_cmd *cmd; 3249 int err; 3250 3251 bt_dev_dbg(hdev, "sock %p", sk); 3252 3253 hci_dev_lock(hdev); 3254 3255 if (!hdev_is_powered(hdev)) { 3256 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3257 MGMT_STATUS_NOT_POWERED); 3258 goto failed; 3259 } 3260 3261 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 3262 if (!conn) { 3263 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3264 MGMT_STATUS_NOT_CONNECTED); 3265 goto failed; 3266 } 3267 3268 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 3269 struct mgmt_cp_pin_code_neg_reply ncp; 3270 3271 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 3272 3273 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 3274 3275 err = send_pin_code_neg_reply(sk, hdev, &ncp); 3276 if (err >= 0) 3277 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3278 MGMT_STATUS_INVALID_PARAMS); 3279 3280 goto failed; 3281 } 3282 3283 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 3284 if (!cmd) { 3285 err = -ENOMEM; 3286 goto failed; 3287 } 3288 3289 cmd->cmd_complete = addr_cmd_complete; 3290 3291 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 3292 reply.pin_len = cp->pin_len; 3293 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 3294 3295 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 3296 if (err < 0) 3297 mgmt_pending_remove(cmd); 3298 3299 failed: 3300 hci_dev_unlock(hdev); 3301 return err; 3302 } 3303 3304 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 3305 u16 len) 3306 { 3307 struct mgmt_cp_set_io_capability *cp = data; 3308 3309 bt_dev_dbg(hdev, "sock %p", sk); 3310 3311 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 3312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 3313 MGMT_STATUS_INVALID_PARAMS); 3314 3315 hci_dev_lock(hdev); 3316 3317 hdev->io_capability = cp->io_capability; 3318 3319 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability); 3320 3321 hci_dev_unlock(hdev); 3322 3323 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 3324 NULL, 0); 3325 } 3326 3327 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 3328 { 3329 struct hci_dev *hdev = conn->hdev; 3330 struct mgmt_pending_cmd *cmd; 3331 3332 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 3333 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 3334 continue; 3335 3336 if (cmd->user_data != conn) 3337 continue; 3338 3339 return cmd; 3340 } 3341 3342 return NULL; 3343 } 3344 3345 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 3346 { 3347 struct mgmt_rp_pair_device rp; 3348 struct hci_conn *conn = cmd->user_data; 3349 int err; 3350 3351 bacpy(&rp.addr.bdaddr, &conn->dst); 3352 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 3353 3354 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 3355 status, &rp, sizeof(rp)); 3356 3357 /* So we don't get further callbacks for this connection */ 3358 conn->connect_cfm_cb = NULL; 3359 conn->security_cfm_cb = NULL; 3360 conn->disconn_cfm_cb = NULL; 3361 3362 hci_conn_drop(conn); 3363 3364 /* The device is paired so there is no need to remove 3365 * its connection parameters anymore. 3366 */ 3367 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 3368 3369 hci_conn_put(conn); 3370 3371 return err; 3372 } 3373 3374 void mgmt_smp_complete(struct hci_conn *conn, bool complete) 3375 { 3376 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 3377 struct mgmt_pending_cmd *cmd; 3378 3379 cmd = find_pairing(conn); 3380 if (cmd) { 3381 cmd->cmd_complete(cmd, status); 3382 mgmt_pending_remove(cmd); 3383 } 3384 } 3385 3386 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 3387 { 3388 struct mgmt_pending_cmd *cmd; 3389 3390 BT_DBG("status %u", status); 3391 3392 cmd = find_pairing(conn); 3393 if (!cmd) { 3394 BT_DBG("Unable to find a pending command"); 3395 return; 3396 } 3397 3398 cmd->cmd_complete(cmd, mgmt_status(status)); 3399 mgmt_pending_remove(cmd); 3400 } 3401 3402 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 3403 { 3404 struct mgmt_pending_cmd *cmd; 3405 3406 BT_DBG("status %u", status); 3407 3408 if (!status) 3409 return; 3410 3411 cmd = find_pairing(conn); 3412 if (!cmd) { 3413 BT_DBG("Unable to find a pending command"); 3414 return; 3415 } 3416 3417 cmd->cmd_complete(cmd, mgmt_status(status)); 3418 mgmt_pending_remove(cmd); 3419 } 3420 3421 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3422 u16 len) 3423 { 3424 struct mgmt_cp_pair_device *cp = data; 3425 struct mgmt_rp_pair_device rp; 3426 struct mgmt_pending_cmd *cmd; 3427 u8 sec_level, auth_type; 3428 struct hci_conn *conn; 3429 int err; 3430 3431 bt_dev_dbg(hdev, "sock %p", sk); 3432 3433 memset(&rp, 0, sizeof(rp)); 3434 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3435 rp.addr.type = cp->addr.type; 3436 3437 if (!bdaddr_type_is_valid(cp->addr.type)) 3438 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3439 MGMT_STATUS_INVALID_PARAMS, 3440 &rp, sizeof(rp)); 3441 3442 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 3443 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3444 MGMT_STATUS_INVALID_PARAMS, 3445 &rp, sizeof(rp)); 3446 3447 hci_dev_lock(hdev); 3448 3449 if (!hdev_is_powered(hdev)) { 3450 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3451 MGMT_STATUS_NOT_POWERED, &rp, 3452 sizeof(rp)); 3453 goto unlock; 3454 } 3455 3456 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 3457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3458 MGMT_STATUS_ALREADY_PAIRED, &rp, 3459 sizeof(rp)); 3460 goto unlock; 3461 } 3462 3463 sec_level = BT_SECURITY_MEDIUM; 3464 auth_type = HCI_AT_DEDICATED_BONDING; 3465 3466 if (cp->addr.type == BDADDR_BREDR) { 3467 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 3468 auth_type, CONN_REASON_PAIR_DEVICE, 3469 HCI_ACL_CONN_TIMEOUT); 3470 } else { 3471 u8 addr_type = le_addr_type(cp->addr.type); 3472 struct hci_conn_params *p; 3473 3474 /* When pairing a new device, it is expected to remember 3475 * this device for future connections. Adding the connection 3476 * parameter information ahead of time allows tracking 3477 * of the peripheral preferred values and will speed up any 3478 * further connection establishment. 3479 * 3480 * If connection parameters already exist, then they 3481 * will be kept and this function does nothing. 3482 */ 3483 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 3484 if (!p) { 3485 err = -EIO; 3486 goto unlock; 3487 } 3488 3489 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 3490 p->auto_connect = HCI_AUTO_CONN_DISABLED; 3491 3492 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 3493 sec_level, HCI_LE_CONN_TIMEOUT, 3494 CONN_REASON_PAIR_DEVICE); 3495 } 3496 3497 if (IS_ERR(conn)) { 3498 int status; 3499 3500 if (PTR_ERR(conn) == -EBUSY) 3501 status = MGMT_STATUS_BUSY; 3502 else if (PTR_ERR(conn) == -EOPNOTSUPP) 3503 status = MGMT_STATUS_NOT_SUPPORTED; 3504 else if (PTR_ERR(conn) == -ECONNREFUSED) 3505 status = MGMT_STATUS_REJECTED; 3506 else 3507 status = MGMT_STATUS_CONNECT_FAILED; 3508 3509 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3510 status, &rp, sizeof(rp)); 3511 goto unlock; 3512 } 3513 3514 if (conn->connect_cfm_cb) { 3515 hci_conn_drop(conn); 3516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3517 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3518 goto unlock; 3519 } 3520 3521 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 3522 if (!cmd) { 3523 err = -ENOMEM; 3524 hci_conn_drop(conn); 3525 goto unlock; 3526 } 3527 3528 cmd->cmd_complete = pairing_complete; 3529 3530 /* For LE, just connecting isn't a proof that the pairing finished */ 3531 if (cp->addr.type == BDADDR_BREDR) { 3532 conn->connect_cfm_cb = pairing_complete_cb; 3533 conn->security_cfm_cb = pairing_complete_cb; 3534 conn->disconn_cfm_cb = pairing_complete_cb; 3535 } else { 3536 conn->connect_cfm_cb = le_pairing_complete_cb; 3537 conn->security_cfm_cb = le_pairing_complete_cb; 3538 conn->disconn_cfm_cb = le_pairing_complete_cb; 3539 } 3540 3541 conn->io_capability = cp->io_cap; 3542 cmd->user_data = hci_conn_get(conn); 3543 3544 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3545 hci_conn_security(conn, sec_level, auth_type, true)) { 3546 cmd->cmd_complete(cmd, 0); 3547 mgmt_pending_remove(cmd); 3548 } 3549 3550 err = 0; 3551 3552 unlock: 3553 hci_dev_unlock(hdev); 3554 return err; 3555 } 3556 3557 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3558 u16 len) 3559 { 3560 struct mgmt_addr_info *addr = data; 3561 struct mgmt_pending_cmd *cmd; 3562 struct hci_conn *conn; 3563 int err; 3564 3565 bt_dev_dbg(hdev, "sock %p", sk); 3566 3567 hci_dev_lock(hdev); 3568 3569 if (!hdev_is_powered(hdev)) { 3570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3571 MGMT_STATUS_NOT_POWERED); 3572 goto unlock; 3573 } 3574 3575 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3576 if (!cmd) { 3577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3578 MGMT_STATUS_INVALID_PARAMS); 3579 goto unlock; 3580 } 3581 3582 conn = cmd->user_data; 3583 3584 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3585 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3586 MGMT_STATUS_INVALID_PARAMS); 3587 goto unlock; 3588 } 3589 3590 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3591 mgmt_pending_remove(cmd); 3592 3593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3594 addr, sizeof(*addr)); 3595 3596 /* Since user doesn't want to proceed with the connection, abort any 3597 * ongoing pairing and then terminate the link if it was created 3598 * because of the pair device action. 3599 */ 3600 if (addr->type == BDADDR_BREDR) 3601 hci_remove_link_key(hdev, &addr->bdaddr); 3602 else 3603 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3604 le_addr_type(addr->type)); 3605 3606 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3607 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 3608 3609 unlock: 3610 hci_dev_unlock(hdev); 3611 return err; 3612 } 3613 3614 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3615 struct mgmt_addr_info *addr, u16 mgmt_op, 3616 u16 hci_op, __le32 passkey) 3617 { 3618 struct mgmt_pending_cmd *cmd; 3619 struct hci_conn *conn; 3620 int err; 3621 3622 hci_dev_lock(hdev); 3623 3624 if (!hdev_is_powered(hdev)) { 3625 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3626 MGMT_STATUS_NOT_POWERED, addr, 3627 sizeof(*addr)); 3628 goto done; 3629 } 3630 3631 if (addr->type == BDADDR_BREDR) 3632 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3633 else 3634 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3635 le_addr_type(addr->type)); 3636 3637 if (!conn) { 3638 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3639 MGMT_STATUS_NOT_CONNECTED, addr, 3640 sizeof(*addr)); 3641 goto done; 3642 } 3643 3644 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3645 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3646 if (!err) 3647 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3648 MGMT_STATUS_SUCCESS, addr, 3649 sizeof(*addr)); 3650 else 3651 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3652 MGMT_STATUS_FAILED, addr, 3653 sizeof(*addr)); 3654 3655 goto done; 3656 } 3657 3658 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3659 if (!cmd) { 3660 err = -ENOMEM; 3661 goto done; 3662 } 3663 3664 cmd->cmd_complete = addr_cmd_complete; 3665 3666 /* Continue with pairing via HCI */ 3667 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3668 struct hci_cp_user_passkey_reply cp; 3669 3670 bacpy(&cp.bdaddr, &addr->bdaddr); 3671 cp.passkey = passkey; 3672 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3673 } else 3674 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3675 &addr->bdaddr); 3676 3677 if (err < 0) 3678 mgmt_pending_remove(cmd); 3679 3680 done: 3681 hci_dev_unlock(hdev); 3682 return err; 3683 } 3684 3685 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3686 void *data, u16 len) 3687 { 3688 struct mgmt_cp_pin_code_neg_reply *cp = data; 3689 3690 bt_dev_dbg(hdev, "sock %p", sk); 3691 3692 return user_pairing_resp(sk, hdev, &cp->addr, 3693 MGMT_OP_PIN_CODE_NEG_REPLY, 3694 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3695 } 3696 3697 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3698 u16 len) 3699 { 3700 struct mgmt_cp_user_confirm_reply *cp = data; 3701 3702 bt_dev_dbg(hdev, "sock %p", sk); 3703 3704 if (len != sizeof(*cp)) 3705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3706 MGMT_STATUS_INVALID_PARAMS); 3707 3708 return user_pairing_resp(sk, hdev, &cp->addr, 3709 MGMT_OP_USER_CONFIRM_REPLY, 3710 HCI_OP_USER_CONFIRM_REPLY, 0); 3711 } 3712 3713 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3714 void *data, u16 len) 3715 { 3716 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3717 3718 bt_dev_dbg(hdev, "sock %p", sk); 3719 3720 return user_pairing_resp(sk, hdev, &cp->addr, 3721 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3722 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3723 } 3724 3725 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3726 u16 len) 3727 { 3728 struct mgmt_cp_user_passkey_reply *cp = data; 3729 3730 bt_dev_dbg(hdev, "sock %p", sk); 3731 3732 return user_pairing_resp(sk, hdev, &cp->addr, 3733 MGMT_OP_USER_PASSKEY_REPLY, 3734 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3735 } 3736 3737 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3738 void *data, u16 len) 3739 { 3740 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3741 3742 bt_dev_dbg(hdev, "sock %p", sk); 3743 3744 return user_pairing_resp(sk, hdev, &cp->addr, 3745 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3746 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3747 } 3748 3749 static int adv_expire_sync(struct hci_dev *hdev, u32 flags) 3750 { 3751 struct adv_info *adv_instance; 3752 3753 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3754 if (!adv_instance) 3755 return 0; 3756 3757 /* stop if current instance doesn't need to be changed */ 3758 if (!(adv_instance->flags & flags)) 3759 return 0; 3760 3761 cancel_adv_timeout(hdev); 3762 3763 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3764 if (!adv_instance) 3765 return 0; 3766 3767 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true); 3768 3769 return 0; 3770 } 3771 3772 static int name_changed_sync(struct hci_dev *hdev, void *data) 3773 { 3774 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3775 } 3776 3777 static void set_name_complete(struct hci_dev *hdev, void *data, int err) 3778 { 3779 struct mgmt_pending_cmd *cmd = data; 3780 struct mgmt_cp_set_local_name *cp = cmd->param; 3781 u8 status = mgmt_status(err); 3782 3783 bt_dev_dbg(hdev, "err %d", err); 3784 3785 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev)) 3786 return; 3787 3788 if (status) { 3789 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3790 status); 3791 } else { 3792 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3793 cp, sizeof(*cp)); 3794 3795 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3796 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL); 3797 } 3798 3799 mgmt_pending_remove(cmd); 3800 } 3801 3802 static int set_name_sync(struct hci_dev *hdev, void *data) 3803 { 3804 if (lmp_bredr_capable(hdev)) { 3805 hci_update_name_sync(hdev); 3806 hci_update_eir_sync(hdev); 3807 } 3808 3809 /* The name is stored in the scan response data and so 3810 * no need to update the advertising data here. 3811 */ 3812 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3813 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance); 3814 3815 return 0; 3816 } 3817 3818 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3819 u16 len) 3820 { 3821 struct mgmt_cp_set_local_name *cp = data; 3822 struct mgmt_pending_cmd *cmd; 3823 int err; 3824 3825 bt_dev_dbg(hdev, "sock %p", sk); 3826 3827 hci_dev_lock(hdev); 3828 3829 /* If the old values are the same as the new ones just return a 3830 * direct command complete event. 3831 */ 3832 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3833 !memcmp(hdev->short_name, cp->short_name, 3834 sizeof(hdev->short_name))) { 3835 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3836 data, len); 3837 goto failed; 3838 } 3839 3840 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3841 3842 if (!hdev_is_powered(hdev)) { 3843 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3844 3845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3846 data, len); 3847 if (err < 0) 3848 goto failed; 3849 3850 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3851 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3852 ext_info_changed(hdev, sk); 3853 3854 goto failed; 3855 } 3856 3857 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3858 if (!cmd) 3859 err = -ENOMEM; 3860 else 3861 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd, 3862 set_name_complete); 3863 3864 if (err < 0) { 3865 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3866 MGMT_STATUS_FAILED); 3867 3868 if (cmd) 3869 mgmt_pending_remove(cmd); 3870 3871 goto failed; 3872 } 3873 3874 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3875 3876 failed: 3877 hci_dev_unlock(hdev); 3878 return err; 3879 } 3880 3881 static int appearance_changed_sync(struct hci_dev *hdev, void *data) 3882 { 3883 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE); 3884 } 3885 3886 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3887 u16 len) 3888 { 3889 struct mgmt_cp_set_appearance *cp = data; 3890 u16 appearance; 3891 int err; 3892 3893 bt_dev_dbg(hdev, "sock %p", sk); 3894 3895 if (!lmp_le_capable(hdev)) 3896 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3897 MGMT_STATUS_NOT_SUPPORTED); 3898 3899 appearance = le16_to_cpu(cp->appearance); 3900 3901 hci_dev_lock(hdev); 3902 3903 if (hdev->appearance != appearance) { 3904 hdev->appearance = appearance; 3905 3906 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3907 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL, 3908 NULL); 3909 3910 ext_info_changed(hdev, sk); 3911 } 3912 3913 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3914 0); 3915 3916 hci_dev_unlock(hdev); 3917 3918 return err; 3919 } 3920 3921 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3922 void *data, u16 len) 3923 { 3924 struct mgmt_rp_get_phy_configuration rp; 3925 3926 bt_dev_dbg(hdev, "sock %p", sk); 3927 3928 hci_dev_lock(hdev); 3929 3930 memset(&rp, 0, sizeof(rp)); 3931 3932 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3933 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3934 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3935 3936 hci_dev_unlock(hdev); 3937 3938 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3939 &rp, sizeof(rp)); 3940 } 3941 3942 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3943 { 3944 struct mgmt_ev_phy_configuration_changed ev; 3945 3946 memset(&ev, 0, sizeof(ev)); 3947 3948 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3949 3950 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3951 sizeof(ev), skip); 3952 } 3953 3954 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err) 3955 { 3956 struct mgmt_pending_cmd *cmd = data; 3957 struct sk_buff *skb = cmd->skb; 3958 u8 status = mgmt_status(err); 3959 3960 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) 3961 return; 3962 3963 if (!status) { 3964 if (!skb) 3965 status = MGMT_STATUS_FAILED; 3966 else if (IS_ERR(skb)) 3967 status = mgmt_status(PTR_ERR(skb)); 3968 else 3969 status = mgmt_status(skb->data[0]); 3970 } 3971 3972 bt_dev_dbg(hdev, "status %d", status); 3973 3974 if (status) { 3975 mgmt_cmd_status(cmd->sk, hdev->id, 3976 MGMT_OP_SET_PHY_CONFIGURATION, status); 3977 } else { 3978 mgmt_cmd_complete(cmd->sk, hdev->id, 3979 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3980 NULL, 0); 3981 3982 mgmt_phy_configuration_changed(hdev, cmd->sk); 3983 } 3984 3985 if (skb && !IS_ERR(skb)) 3986 kfree_skb(skb); 3987 3988 mgmt_pending_remove(cmd); 3989 } 3990 3991 static int set_default_phy_sync(struct hci_dev *hdev, void *data) 3992 { 3993 struct mgmt_pending_cmd *cmd = data; 3994 struct mgmt_cp_set_phy_configuration *cp = cmd->param; 3995 struct hci_cp_le_set_default_phy cp_phy; 3996 u32 selected_phys = __le32_to_cpu(cp->selected_phys); 3997 3998 memset(&cp_phy, 0, sizeof(cp_phy)); 3999 4000 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 4001 cp_phy.all_phys |= 0x01; 4002 4003 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 4004 cp_phy.all_phys |= 0x02; 4005 4006 if (selected_phys & MGMT_PHY_LE_1M_TX) 4007 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 4008 4009 if (selected_phys & MGMT_PHY_LE_2M_TX) 4010 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 4011 4012 if (selected_phys & MGMT_PHY_LE_CODED_TX) 4013 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 4014 4015 if (selected_phys & MGMT_PHY_LE_1M_RX) 4016 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 4017 4018 if (selected_phys & MGMT_PHY_LE_2M_RX) 4019 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 4020 4021 if (selected_phys & MGMT_PHY_LE_CODED_RX) 4022 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 4023 4024 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY, 4025 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT); 4026 4027 return 0; 4028 } 4029 4030 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 4031 void *data, u16 len) 4032 { 4033 struct mgmt_cp_set_phy_configuration *cp = data; 4034 struct mgmt_pending_cmd *cmd; 4035 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 4036 u16 pkt_type = (HCI_DH1 | HCI_DM1); 4037 bool changed = false; 4038 int err; 4039 4040 bt_dev_dbg(hdev, "sock %p", sk); 4041 4042 configurable_phys = get_configurable_phys(hdev); 4043 supported_phys = get_supported_phys(hdev); 4044 selected_phys = __le32_to_cpu(cp->selected_phys); 4045 4046 if (selected_phys & ~supported_phys) 4047 return mgmt_cmd_status(sk, hdev->id, 4048 MGMT_OP_SET_PHY_CONFIGURATION, 4049 MGMT_STATUS_INVALID_PARAMS); 4050 4051 unconfigure_phys = supported_phys & ~configurable_phys; 4052 4053 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 4054 return mgmt_cmd_status(sk, hdev->id, 4055 MGMT_OP_SET_PHY_CONFIGURATION, 4056 MGMT_STATUS_INVALID_PARAMS); 4057 4058 if (selected_phys == get_selected_phys(hdev)) 4059 return mgmt_cmd_complete(sk, hdev->id, 4060 MGMT_OP_SET_PHY_CONFIGURATION, 4061 0, NULL, 0); 4062 4063 hci_dev_lock(hdev); 4064 4065 if (!hdev_is_powered(hdev)) { 4066 err = mgmt_cmd_status(sk, hdev->id, 4067 MGMT_OP_SET_PHY_CONFIGURATION, 4068 MGMT_STATUS_REJECTED); 4069 goto unlock; 4070 } 4071 4072 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 4073 err = mgmt_cmd_status(sk, hdev->id, 4074 MGMT_OP_SET_PHY_CONFIGURATION, 4075 MGMT_STATUS_BUSY); 4076 goto unlock; 4077 } 4078 4079 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 4080 pkt_type |= (HCI_DH3 | HCI_DM3); 4081 else 4082 pkt_type &= ~(HCI_DH3 | HCI_DM3); 4083 4084 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 4085 pkt_type |= (HCI_DH5 | HCI_DM5); 4086 else 4087 pkt_type &= ~(HCI_DH5 | HCI_DM5); 4088 4089 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 4090 pkt_type &= ~HCI_2DH1; 4091 else 4092 pkt_type |= HCI_2DH1; 4093 4094 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 4095 pkt_type &= ~HCI_2DH3; 4096 else 4097 pkt_type |= HCI_2DH3; 4098 4099 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 4100 pkt_type &= ~HCI_2DH5; 4101 else 4102 pkt_type |= HCI_2DH5; 4103 4104 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 4105 pkt_type &= ~HCI_3DH1; 4106 else 4107 pkt_type |= HCI_3DH1; 4108 4109 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 4110 pkt_type &= ~HCI_3DH3; 4111 else 4112 pkt_type |= HCI_3DH3; 4113 4114 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 4115 pkt_type &= ~HCI_3DH5; 4116 else 4117 pkt_type |= HCI_3DH5; 4118 4119 if (pkt_type != hdev->pkt_type) { 4120 hdev->pkt_type = pkt_type; 4121 changed = true; 4122 } 4123 4124 if ((selected_phys & MGMT_PHY_LE_MASK) == 4125 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 4126 if (changed) 4127 mgmt_phy_configuration_changed(hdev, sk); 4128 4129 err = mgmt_cmd_complete(sk, hdev->id, 4130 MGMT_OP_SET_PHY_CONFIGURATION, 4131 0, NULL, 0); 4132 4133 goto unlock; 4134 } 4135 4136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 4137 len); 4138 if (!cmd) 4139 err = -ENOMEM; 4140 else 4141 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd, 4142 set_default_phy_complete); 4143 4144 if (err < 0) { 4145 err = mgmt_cmd_status(sk, hdev->id, 4146 MGMT_OP_SET_PHY_CONFIGURATION, 4147 MGMT_STATUS_FAILED); 4148 4149 if (cmd) 4150 mgmt_pending_remove(cmd); 4151 } 4152 4153 unlock: 4154 hci_dev_unlock(hdev); 4155 4156 return err; 4157 } 4158 4159 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 4160 u16 len) 4161 { 4162 int err = MGMT_STATUS_SUCCESS; 4163 struct mgmt_cp_set_blocked_keys *keys = data; 4164 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 4165 sizeof(struct mgmt_blocked_key_info)); 4166 u16 key_count, expected_len; 4167 int i; 4168 4169 bt_dev_dbg(hdev, "sock %p", sk); 4170 4171 key_count = __le16_to_cpu(keys->key_count); 4172 if (key_count > max_key_count) { 4173 bt_dev_err(hdev, "too big key_count value %u", key_count); 4174 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4175 MGMT_STATUS_INVALID_PARAMS); 4176 } 4177 4178 expected_len = struct_size(keys, keys, key_count); 4179 if (expected_len != len) { 4180 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 4181 expected_len, len); 4182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4183 MGMT_STATUS_INVALID_PARAMS); 4184 } 4185 4186 hci_dev_lock(hdev); 4187 4188 hci_blocked_keys_clear(hdev); 4189 4190 for (i = 0; i < key_count; ++i) { 4191 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 4192 4193 if (!b) { 4194 err = MGMT_STATUS_NO_RESOURCES; 4195 break; 4196 } 4197 4198 b->type = keys->keys[i].type; 4199 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 4200 list_add_rcu(&b->list, &hdev->blocked_keys); 4201 } 4202 hci_dev_unlock(hdev); 4203 4204 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 4205 err, NULL, 0); 4206 } 4207 4208 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, 4209 void *data, u16 len) 4210 { 4211 struct mgmt_mode *cp = data; 4212 int err; 4213 bool changed = false; 4214 4215 bt_dev_dbg(hdev, "sock %p", sk); 4216 4217 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks)) 4218 return mgmt_cmd_status(sk, hdev->id, 4219 MGMT_OP_SET_WIDEBAND_SPEECH, 4220 MGMT_STATUS_NOT_SUPPORTED); 4221 4222 if (cp->val != 0x00 && cp->val != 0x01) 4223 return mgmt_cmd_status(sk, hdev->id, 4224 MGMT_OP_SET_WIDEBAND_SPEECH, 4225 MGMT_STATUS_INVALID_PARAMS); 4226 4227 hci_dev_lock(hdev); 4228 4229 if (hdev_is_powered(hdev) && 4230 !!cp->val != hci_dev_test_flag(hdev, 4231 HCI_WIDEBAND_SPEECH_ENABLED)) { 4232 err = mgmt_cmd_status(sk, hdev->id, 4233 MGMT_OP_SET_WIDEBAND_SPEECH, 4234 MGMT_STATUS_REJECTED); 4235 goto unlock; 4236 } 4237 4238 if (cp->val) 4239 changed = !hci_dev_test_and_set_flag(hdev, 4240 HCI_WIDEBAND_SPEECH_ENABLED); 4241 else 4242 changed = hci_dev_test_and_clear_flag(hdev, 4243 HCI_WIDEBAND_SPEECH_ENABLED); 4244 4245 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev); 4246 if (err < 0) 4247 goto unlock; 4248 4249 if (changed) 4250 err = new_settings(hdev, sk); 4251 4252 unlock: 4253 hci_dev_unlock(hdev); 4254 return err; 4255 } 4256 4257 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev, 4258 void *data, u16 data_len) 4259 { 4260 char buf[20]; 4261 struct mgmt_rp_read_controller_cap *rp = (void *)buf; 4262 u16 cap_len = 0; 4263 u8 flags = 0; 4264 u8 tx_power_range[2]; 4265 4266 bt_dev_dbg(hdev, "sock %p", sk); 4267 4268 memset(&buf, 0, sizeof(buf)); 4269 4270 hci_dev_lock(hdev); 4271 4272 /* When the Read Simple Pairing Options command is supported, then 4273 * the remote public key validation is supported. 4274 * 4275 * Alternatively, when Microsoft extensions are available, they can 4276 * indicate support for public key validation as well. 4277 */ 4278 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev)) 4279 flags |= 0x01; /* Remote public key validation (BR/EDR) */ 4280 4281 flags |= 0x02; /* Remote public key validation (LE) */ 4282 4283 /* When the Read Encryption Key Size command is supported, then the 4284 * encryption key size is enforced. 4285 */ 4286 if (hdev->commands[20] & 0x10) 4287 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ 4288 4289 flags |= 0x08; /* Encryption key size enforcement (LE) */ 4290 4291 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS, 4292 &flags, 1); 4293 4294 /* When the Read Simple Pairing Options command is supported, then 4295 * also max encryption key size information is provided. 4296 */ 4297 if (hdev->commands[41] & 0x08) 4298 cap_len = eir_append_le16(rp->cap, cap_len, 4299 MGMT_CAP_MAX_ENC_KEY_SIZE, 4300 hdev->max_enc_key_size); 4301 4302 cap_len = eir_append_le16(rp->cap, cap_len, 4303 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE, 4304 SMP_MAX_ENC_KEY_SIZE); 4305 4306 /* Append the min/max LE tx power parameters if we were able to fetch 4307 * it from the controller 4308 */ 4309 if (hdev->commands[38] & 0x80) { 4310 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1); 4311 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1); 4312 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR, 4313 tx_power_range, 2); 4314 } 4315 4316 rp->cap_len = cpu_to_le16(cap_len); 4317 4318 hci_dev_unlock(hdev); 4319 4320 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0, 4321 rp, sizeof(*rp) + cap_len); 4322 } 4323 4324 #ifdef CONFIG_BT_FEATURE_DEBUG 4325 /* d4992530-b9ec-469f-ab01-6c481c47da1c */ 4326 static const u8 debug_uuid[16] = { 4327 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab, 4328 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4, 4329 }; 4330 #endif 4331 4332 /* 330859bc-7506-492d-9370-9a6f0614037f */ 4333 static const u8 quality_report_uuid[16] = { 4334 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93, 4335 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33, 4336 }; 4337 4338 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */ 4339 static const u8 offload_codecs_uuid[16] = { 4340 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88, 4341 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6, 4342 }; 4343 4344 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 4345 static const u8 le_simultaneous_roles_uuid[16] = { 4346 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 4347 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 4348 }; 4349 4350 /* 15c0a148-c273-11ea-b3de-0242ac130004 */ 4351 static const u8 rpa_resolution_uuid[16] = { 4352 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 4353 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 4354 }; 4355 4356 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */ 4357 static const u8 iso_socket_uuid[16] = { 4358 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98, 4359 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f, 4360 }; 4361 4362 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */ 4363 static const u8 mgmt_mesh_uuid[16] = { 4364 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf, 4365 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c, 4366 }; 4367 4368 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 4369 void *data, u16 data_len) 4370 { 4371 struct mgmt_rp_read_exp_features_info *rp; 4372 size_t len; 4373 u16 idx = 0; 4374 u32 flags; 4375 int status; 4376 4377 bt_dev_dbg(hdev, "sock %p", sk); 4378 4379 /* Enough space for 7 features */ 4380 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7); 4381 rp = kzalloc(len, GFP_KERNEL); 4382 if (!rp) 4383 return -ENOMEM; 4384 4385 #ifdef CONFIG_BT_FEATURE_DEBUG 4386 if (!hdev) { 4387 flags = bt_dbg_get() ? BIT(0) : 0; 4388 4389 memcpy(rp->features[idx].uuid, debug_uuid, 16); 4390 rp->features[idx].flags = cpu_to_le32(flags); 4391 idx++; 4392 } 4393 #endif 4394 4395 if (hdev && hci_dev_le_state_simultaneous(hdev)) { 4396 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) 4397 flags = BIT(0); 4398 else 4399 flags = 0; 4400 4401 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16); 4402 rp->features[idx].flags = cpu_to_le32(flags); 4403 idx++; 4404 } 4405 4406 if (hdev && ll_privacy_capable(hdev)) { 4407 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 4408 flags = BIT(0) | BIT(1); 4409 else 4410 flags = BIT(1); 4411 4412 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 4413 rp->features[idx].flags = cpu_to_le32(flags); 4414 idx++; 4415 } 4416 4417 if (hdev && (aosp_has_quality_report(hdev) || 4418 hdev->set_quality_report)) { 4419 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)) 4420 flags = BIT(0); 4421 else 4422 flags = 0; 4423 4424 memcpy(rp->features[idx].uuid, quality_report_uuid, 16); 4425 rp->features[idx].flags = cpu_to_le32(flags); 4426 idx++; 4427 } 4428 4429 if (hdev && hdev->get_data_path_id) { 4430 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) 4431 flags = BIT(0); 4432 else 4433 flags = 0; 4434 4435 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16); 4436 rp->features[idx].flags = cpu_to_le32(flags); 4437 idx++; 4438 } 4439 4440 if (IS_ENABLED(CONFIG_BT_LE)) { 4441 flags = iso_enabled() ? BIT(0) : 0; 4442 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16); 4443 rp->features[idx].flags = cpu_to_le32(flags); 4444 idx++; 4445 } 4446 4447 if (hdev && lmp_le_capable(hdev)) { 4448 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL)) 4449 flags = BIT(0); 4450 else 4451 flags = 0; 4452 4453 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16); 4454 rp->features[idx].flags = cpu_to_le32(flags); 4455 idx++; 4456 } 4457 4458 rp->feature_count = cpu_to_le16(idx); 4459 4460 /* After reading the experimental features information, enable 4461 * the events to update client on any future change. 4462 */ 4463 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4464 4465 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4466 MGMT_OP_READ_EXP_FEATURES_INFO, 4467 0, rp, sizeof(*rp) + (20 * idx)); 4468 4469 kfree(rp); 4470 return status; 4471 } 4472 4473 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 4474 struct sock *skip) 4475 { 4476 struct mgmt_ev_exp_feature_changed ev; 4477 4478 memset(&ev, 0, sizeof(ev)); 4479 memcpy(ev.uuid, rpa_resolution_uuid, 16); 4480 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 4481 4482 // Do we need to be atomic with the conn_flags? 4483 if (enabled && privacy_mode_capable(hdev)) 4484 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY; 4485 else 4486 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY; 4487 4488 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4489 &ev, sizeof(ev), 4490 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4491 4492 } 4493 4494 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid, 4495 bool enabled, struct sock *skip) 4496 { 4497 struct mgmt_ev_exp_feature_changed ev; 4498 4499 memset(&ev, 0, sizeof(ev)); 4500 memcpy(ev.uuid, uuid, 16); 4501 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0); 4502 4503 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4504 &ev, sizeof(ev), 4505 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4506 } 4507 4508 #define EXP_FEAT(_uuid, _set_func) \ 4509 { \ 4510 .uuid = _uuid, \ 4511 .set_func = _set_func, \ 4512 } 4513 4514 /* The zero key uuid is special. Multiple exp features are set through it. */ 4515 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev, 4516 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4517 { 4518 struct mgmt_rp_set_exp_feature rp; 4519 4520 memset(rp.uuid, 0, 16); 4521 rp.flags = cpu_to_le32(0); 4522 4523 #ifdef CONFIG_BT_FEATURE_DEBUG 4524 if (!hdev) { 4525 bool changed = bt_dbg_get(); 4526 4527 bt_dbg_set(false); 4528 4529 if (changed) 4530 exp_feature_changed(NULL, ZERO_KEY, false, sk); 4531 } 4532 #endif 4533 4534 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 4535 bool changed; 4536 4537 changed = hci_dev_test_and_clear_flag(hdev, 4538 HCI_ENABLE_LL_PRIVACY); 4539 if (changed) 4540 exp_feature_changed(hdev, rpa_resolution_uuid, false, 4541 sk); 4542 } 4543 4544 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4545 4546 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4547 MGMT_OP_SET_EXP_FEATURE, 0, 4548 &rp, sizeof(rp)); 4549 } 4550 4551 #ifdef CONFIG_BT_FEATURE_DEBUG 4552 static int set_debug_func(struct sock *sk, struct hci_dev *hdev, 4553 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4554 { 4555 struct mgmt_rp_set_exp_feature rp; 4556 4557 bool val, changed; 4558 int err; 4559 4560 /* Command requires to use the non-controller index */ 4561 if (hdev) 4562 return mgmt_cmd_status(sk, hdev->id, 4563 MGMT_OP_SET_EXP_FEATURE, 4564 MGMT_STATUS_INVALID_INDEX); 4565 4566 /* Parameters are limited to a single octet */ 4567 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4568 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4569 MGMT_OP_SET_EXP_FEATURE, 4570 MGMT_STATUS_INVALID_PARAMS); 4571 4572 /* Only boolean on/off is supported */ 4573 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4574 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4575 MGMT_OP_SET_EXP_FEATURE, 4576 MGMT_STATUS_INVALID_PARAMS); 4577 4578 val = !!cp->param[0]; 4579 changed = val ? !bt_dbg_get() : bt_dbg_get(); 4580 bt_dbg_set(val); 4581 4582 memcpy(rp.uuid, debug_uuid, 16); 4583 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4584 4585 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4586 4587 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4588 MGMT_OP_SET_EXP_FEATURE, 0, 4589 &rp, sizeof(rp)); 4590 4591 if (changed) 4592 exp_feature_changed(hdev, debug_uuid, val, sk); 4593 4594 return err; 4595 } 4596 #endif 4597 4598 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev, 4599 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4600 { 4601 struct mgmt_rp_set_exp_feature rp; 4602 bool val, changed; 4603 int err; 4604 4605 /* Command requires to use the controller index */ 4606 if (!hdev) 4607 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4608 MGMT_OP_SET_EXP_FEATURE, 4609 MGMT_STATUS_INVALID_INDEX); 4610 4611 /* Parameters are limited to a single octet */ 4612 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4613 return mgmt_cmd_status(sk, hdev->id, 4614 MGMT_OP_SET_EXP_FEATURE, 4615 MGMT_STATUS_INVALID_PARAMS); 4616 4617 /* Only boolean on/off is supported */ 4618 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4619 return mgmt_cmd_status(sk, hdev->id, 4620 MGMT_OP_SET_EXP_FEATURE, 4621 MGMT_STATUS_INVALID_PARAMS); 4622 4623 val = !!cp->param[0]; 4624 4625 if (val) { 4626 changed = !hci_dev_test_and_set_flag(hdev, 4627 HCI_MESH_EXPERIMENTAL); 4628 } else { 4629 hci_dev_clear_flag(hdev, HCI_MESH); 4630 changed = hci_dev_test_and_clear_flag(hdev, 4631 HCI_MESH_EXPERIMENTAL); 4632 } 4633 4634 memcpy(rp.uuid, mgmt_mesh_uuid, 16); 4635 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4636 4637 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4638 4639 err = mgmt_cmd_complete(sk, hdev->id, 4640 MGMT_OP_SET_EXP_FEATURE, 0, 4641 &rp, sizeof(rp)); 4642 4643 if (changed) 4644 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk); 4645 4646 return err; 4647 } 4648 4649 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev, 4650 struct mgmt_cp_set_exp_feature *cp, 4651 u16 data_len) 4652 { 4653 struct mgmt_rp_set_exp_feature rp; 4654 bool val, changed; 4655 int err; 4656 u32 flags; 4657 4658 /* Command requires to use the controller index */ 4659 if (!hdev) 4660 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4661 MGMT_OP_SET_EXP_FEATURE, 4662 MGMT_STATUS_INVALID_INDEX); 4663 4664 /* Changes can only be made when controller is powered down */ 4665 if (hdev_is_powered(hdev)) 4666 return mgmt_cmd_status(sk, hdev->id, 4667 MGMT_OP_SET_EXP_FEATURE, 4668 MGMT_STATUS_REJECTED); 4669 4670 /* Parameters are limited to a single octet */ 4671 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4672 return mgmt_cmd_status(sk, hdev->id, 4673 MGMT_OP_SET_EXP_FEATURE, 4674 MGMT_STATUS_INVALID_PARAMS); 4675 4676 /* Only boolean on/off is supported */ 4677 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4678 return mgmt_cmd_status(sk, hdev->id, 4679 MGMT_OP_SET_EXP_FEATURE, 4680 MGMT_STATUS_INVALID_PARAMS); 4681 4682 val = !!cp->param[0]; 4683 4684 if (val) { 4685 changed = !hci_dev_test_and_set_flag(hdev, 4686 HCI_ENABLE_LL_PRIVACY); 4687 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4688 4689 /* Enable LL privacy + supported settings changed */ 4690 flags = BIT(0) | BIT(1); 4691 } else { 4692 changed = hci_dev_test_and_clear_flag(hdev, 4693 HCI_ENABLE_LL_PRIVACY); 4694 4695 /* Disable LL privacy + supported settings changed */ 4696 flags = BIT(1); 4697 } 4698 4699 memcpy(rp.uuid, rpa_resolution_uuid, 16); 4700 rp.flags = cpu_to_le32(flags); 4701 4702 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4703 4704 err = mgmt_cmd_complete(sk, hdev->id, 4705 MGMT_OP_SET_EXP_FEATURE, 0, 4706 &rp, sizeof(rp)); 4707 4708 if (changed) 4709 exp_ll_privacy_feature_changed(val, hdev, sk); 4710 4711 return err; 4712 } 4713 4714 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev, 4715 struct mgmt_cp_set_exp_feature *cp, 4716 u16 data_len) 4717 { 4718 struct mgmt_rp_set_exp_feature rp; 4719 bool val, changed; 4720 int err; 4721 4722 /* Command requires to use a valid controller index */ 4723 if (!hdev) 4724 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4725 MGMT_OP_SET_EXP_FEATURE, 4726 MGMT_STATUS_INVALID_INDEX); 4727 4728 /* Parameters are limited to a single octet */ 4729 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4730 return mgmt_cmd_status(sk, hdev->id, 4731 MGMT_OP_SET_EXP_FEATURE, 4732 MGMT_STATUS_INVALID_PARAMS); 4733 4734 /* Only boolean on/off is supported */ 4735 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4736 return mgmt_cmd_status(sk, hdev->id, 4737 MGMT_OP_SET_EXP_FEATURE, 4738 MGMT_STATUS_INVALID_PARAMS); 4739 4740 hci_req_sync_lock(hdev); 4741 4742 val = !!cp->param[0]; 4743 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)); 4744 4745 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) { 4746 err = mgmt_cmd_status(sk, hdev->id, 4747 MGMT_OP_SET_EXP_FEATURE, 4748 MGMT_STATUS_NOT_SUPPORTED); 4749 goto unlock_quality_report; 4750 } 4751 4752 if (changed) { 4753 if (hdev->set_quality_report) 4754 err = hdev->set_quality_report(hdev, val); 4755 else 4756 err = aosp_set_quality_report(hdev, val); 4757 4758 if (err) { 4759 err = mgmt_cmd_status(sk, hdev->id, 4760 MGMT_OP_SET_EXP_FEATURE, 4761 MGMT_STATUS_FAILED); 4762 goto unlock_quality_report; 4763 } 4764 4765 if (val) 4766 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT); 4767 else 4768 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 4769 } 4770 4771 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed); 4772 4773 memcpy(rp.uuid, quality_report_uuid, 16); 4774 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4775 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4776 4777 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0, 4778 &rp, sizeof(rp)); 4779 4780 if (changed) 4781 exp_feature_changed(hdev, quality_report_uuid, val, sk); 4782 4783 unlock_quality_report: 4784 hci_req_sync_unlock(hdev); 4785 return err; 4786 } 4787 4788 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev, 4789 struct mgmt_cp_set_exp_feature *cp, 4790 u16 data_len) 4791 { 4792 bool val, changed; 4793 int err; 4794 struct mgmt_rp_set_exp_feature rp; 4795 4796 /* Command requires to use a valid controller index */ 4797 if (!hdev) 4798 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4799 MGMT_OP_SET_EXP_FEATURE, 4800 MGMT_STATUS_INVALID_INDEX); 4801 4802 /* Parameters are limited to a single octet */ 4803 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4804 return mgmt_cmd_status(sk, hdev->id, 4805 MGMT_OP_SET_EXP_FEATURE, 4806 MGMT_STATUS_INVALID_PARAMS); 4807 4808 /* Only boolean on/off is supported */ 4809 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4810 return mgmt_cmd_status(sk, hdev->id, 4811 MGMT_OP_SET_EXP_FEATURE, 4812 MGMT_STATUS_INVALID_PARAMS); 4813 4814 val = !!cp->param[0]; 4815 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)); 4816 4817 if (!hdev->get_data_path_id) { 4818 return mgmt_cmd_status(sk, hdev->id, 4819 MGMT_OP_SET_EXP_FEATURE, 4820 MGMT_STATUS_NOT_SUPPORTED); 4821 } 4822 4823 if (changed) { 4824 if (val) 4825 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4826 else 4827 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4828 } 4829 4830 bt_dev_info(hdev, "offload codecs enable %d changed %d", 4831 val, changed); 4832 4833 memcpy(rp.uuid, offload_codecs_uuid, 16); 4834 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4835 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4836 err = mgmt_cmd_complete(sk, hdev->id, 4837 MGMT_OP_SET_EXP_FEATURE, 0, 4838 &rp, sizeof(rp)); 4839 4840 if (changed) 4841 exp_feature_changed(hdev, offload_codecs_uuid, val, sk); 4842 4843 return err; 4844 } 4845 4846 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev, 4847 struct mgmt_cp_set_exp_feature *cp, 4848 u16 data_len) 4849 { 4850 bool val, changed; 4851 int err; 4852 struct mgmt_rp_set_exp_feature rp; 4853 4854 /* Command requires to use a valid controller index */ 4855 if (!hdev) 4856 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4857 MGMT_OP_SET_EXP_FEATURE, 4858 MGMT_STATUS_INVALID_INDEX); 4859 4860 /* Parameters are limited to a single octet */ 4861 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4862 return mgmt_cmd_status(sk, hdev->id, 4863 MGMT_OP_SET_EXP_FEATURE, 4864 MGMT_STATUS_INVALID_PARAMS); 4865 4866 /* Only boolean on/off is supported */ 4867 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4868 return mgmt_cmd_status(sk, hdev->id, 4869 MGMT_OP_SET_EXP_FEATURE, 4870 MGMT_STATUS_INVALID_PARAMS); 4871 4872 val = !!cp->param[0]; 4873 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)); 4874 4875 if (!hci_dev_le_state_simultaneous(hdev)) { 4876 return mgmt_cmd_status(sk, hdev->id, 4877 MGMT_OP_SET_EXP_FEATURE, 4878 MGMT_STATUS_NOT_SUPPORTED); 4879 } 4880 4881 if (changed) { 4882 if (val) 4883 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4884 else 4885 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4886 } 4887 4888 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d", 4889 val, changed); 4890 4891 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16); 4892 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4893 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4894 err = mgmt_cmd_complete(sk, hdev->id, 4895 MGMT_OP_SET_EXP_FEATURE, 0, 4896 &rp, sizeof(rp)); 4897 4898 if (changed) 4899 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk); 4900 4901 return err; 4902 } 4903 4904 #ifdef CONFIG_BT_LE 4905 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev, 4906 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4907 { 4908 struct mgmt_rp_set_exp_feature rp; 4909 bool val, changed = false; 4910 int err; 4911 4912 /* Command requires to use the non-controller index */ 4913 if (hdev) 4914 return mgmt_cmd_status(sk, hdev->id, 4915 MGMT_OP_SET_EXP_FEATURE, 4916 MGMT_STATUS_INVALID_INDEX); 4917 4918 /* Parameters are limited to a single octet */ 4919 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4920 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4921 MGMT_OP_SET_EXP_FEATURE, 4922 MGMT_STATUS_INVALID_PARAMS); 4923 4924 /* Only boolean on/off is supported */ 4925 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4926 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4927 MGMT_OP_SET_EXP_FEATURE, 4928 MGMT_STATUS_INVALID_PARAMS); 4929 4930 val = cp->param[0] ? true : false; 4931 if (val) 4932 err = iso_init(); 4933 else 4934 err = iso_exit(); 4935 4936 if (!err) 4937 changed = true; 4938 4939 memcpy(rp.uuid, iso_socket_uuid, 16); 4940 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4941 4942 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4943 4944 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4945 MGMT_OP_SET_EXP_FEATURE, 0, 4946 &rp, sizeof(rp)); 4947 4948 if (changed) 4949 exp_feature_changed(hdev, iso_socket_uuid, val, sk); 4950 4951 return err; 4952 } 4953 #endif 4954 4955 static const struct mgmt_exp_feature { 4956 const u8 *uuid; 4957 int (*set_func)(struct sock *sk, struct hci_dev *hdev, 4958 struct mgmt_cp_set_exp_feature *cp, u16 data_len); 4959 } exp_features[] = { 4960 EXP_FEAT(ZERO_KEY, set_zero_key_func), 4961 #ifdef CONFIG_BT_FEATURE_DEBUG 4962 EXP_FEAT(debug_uuid, set_debug_func), 4963 #endif 4964 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func), 4965 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func), 4966 EXP_FEAT(quality_report_uuid, set_quality_report_func), 4967 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func), 4968 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func), 4969 #ifdef CONFIG_BT_LE 4970 EXP_FEAT(iso_socket_uuid, set_iso_socket_func), 4971 #endif 4972 4973 /* end with a null feature */ 4974 EXP_FEAT(NULL, NULL) 4975 }; 4976 4977 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev, 4978 void *data, u16 data_len) 4979 { 4980 struct mgmt_cp_set_exp_feature *cp = data; 4981 size_t i = 0; 4982 4983 bt_dev_dbg(hdev, "sock %p", sk); 4984 4985 for (i = 0; exp_features[i].uuid; i++) { 4986 if (!memcmp(cp->uuid, exp_features[i].uuid, 16)) 4987 return exp_features[i].set_func(sk, hdev, cp, data_len); 4988 } 4989 4990 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4991 MGMT_OP_SET_EXP_FEATURE, 4992 MGMT_STATUS_NOT_SUPPORTED); 4993 } 4994 4995 static u32 get_params_flags(struct hci_dev *hdev, 4996 struct hci_conn_params *params) 4997 { 4998 u32 flags = hdev->conn_flags; 4999 5000 /* Devices using RPAs can only be programmed in the acceptlist if 5001 * LL Privacy has been enable otherwise they cannot mark 5002 * HCI_CONN_FLAG_REMOTE_WAKEUP. 5003 */ 5004 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) && 5005 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) 5006 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP; 5007 5008 return flags; 5009 } 5010 5011 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5012 u16 data_len) 5013 { 5014 struct mgmt_cp_get_device_flags *cp = data; 5015 struct mgmt_rp_get_device_flags rp; 5016 struct bdaddr_list_with_flags *br_params; 5017 struct hci_conn_params *params; 5018 u32 supported_flags; 5019 u32 current_flags = 0; 5020 u8 status = MGMT_STATUS_INVALID_PARAMS; 5021 5022 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 5023 &cp->addr.bdaddr, cp->addr.type); 5024 5025 hci_dev_lock(hdev); 5026 5027 supported_flags = hdev->conn_flags; 5028 5029 memset(&rp, 0, sizeof(rp)); 5030 5031 if (cp->addr.type == BDADDR_BREDR) { 5032 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5033 &cp->addr.bdaddr, 5034 cp->addr.type); 5035 if (!br_params) 5036 goto done; 5037 5038 current_flags = br_params->flags; 5039 } else { 5040 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5041 le_addr_type(cp->addr.type)); 5042 if (!params) 5043 goto done; 5044 5045 supported_flags = get_params_flags(hdev, params); 5046 current_flags = params->flags; 5047 } 5048 5049 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 5050 rp.addr.type = cp->addr.type; 5051 rp.supported_flags = cpu_to_le32(supported_flags); 5052 rp.current_flags = cpu_to_le32(current_flags); 5053 5054 status = MGMT_STATUS_SUCCESS; 5055 5056 done: 5057 hci_dev_unlock(hdev); 5058 5059 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 5060 &rp, sizeof(rp)); 5061 } 5062 5063 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 5064 bdaddr_t *bdaddr, u8 bdaddr_type, 5065 u32 supported_flags, u32 current_flags) 5066 { 5067 struct mgmt_ev_device_flags_changed ev; 5068 5069 bacpy(&ev.addr.bdaddr, bdaddr); 5070 ev.addr.type = bdaddr_type; 5071 ev.supported_flags = cpu_to_le32(supported_flags); 5072 ev.current_flags = cpu_to_le32(current_flags); 5073 5074 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 5075 } 5076 5077 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5078 u16 len) 5079 { 5080 struct mgmt_cp_set_device_flags *cp = data; 5081 struct bdaddr_list_with_flags *br_params; 5082 struct hci_conn_params *params; 5083 u8 status = MGMT_STATUS_INVALID_PARAMS; 5084 u32 supported_flags; 5085 u32 current_flags = __le32_to_cpu(cp->current_flags); 5086 5087 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 5088 &cp->addr.bdaddr, cp->addr.type, current_flags); 5089 5090 // We should take hci_dev_lock() early, I think.. conn_flags can change 5091 supported_flags = hdev->conn_flags; 5092 5093 if ((supported_flags | current_flags) != supported_flags) { 5094 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5095 current_flags, supported_flags); 5096 goto done; 5097 } 5098 5099 hci_dev_lock(hdev); 5100 5101 if (cp->addr.type == BDADDR_BREDR) { 5102 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 5103 &cp->addr.bdaddr, 5104 cp->addr.type); 5105 5106 if (br_params) { 5107 br_params->flags = current_flags; 5108 status = MGMT_STATUS_SUCCESS; 5109 } else { 5110 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 5111 &cp->addr.bdaddr, cp->addr.type); 5112 } 5113 5114 goto unlock; 5115 } 5116 5117 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5118 le_addr_type(cp->addr.type)); 5119 if (!params) { 5120 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 5121 &cp->addr.bdaddr, le_addr_type(cp->addr.type)); 5122 goto unlock; 5123 } 5124 5125 supported_flags = get_params_flags(hdev, params); 5126 5127 if ((supported_flags | current_flags) != supported_flags) { 5128 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 5129 current_flags, supported_flags); 5130 goto unlock; 5131 } 5132 5133 WRITE_ONCE(params->flags, current_flags); 5134 status = MGMT_STATUS_SUCCESS; 5135 5136 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY 5137 * has been set. 5138 */ 5139 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY) 5140 hci_update_passive_scan(hdev); 5141 5142 unlock: 5143 hci_dev_unlock(hdev); 5144 5145 done: 5146 if (status == MGMT_STATUS_SUCCESS) 5147 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 5148 supported_flags, current_flags); 5149 5150 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 5151 &cp->addr, sizeof(cp->addr)); 5152 } 5153 5154 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 5155 u16 handle) 5156 { 5157 struct mgmt_ev_adv_monitor_added ev; 5158 5159 ev.monitor_handle = cpu_to_le16(handle); 5160 5161 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 5162 } 5163 5164 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle) 5165 { 5166 struct mgmt_ev_adv_monitor_removed ev; 5167 struct mgmt_pending_cmd *cmd; 5168 struct sock *sk_skip = NULL; 5169 struct mgmt_cp_remove_adv_monitor *cp; 5170 5171 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev); 5172 if (cmd) { 5173 cp = cmd->param; 5174 5175 if (cp->monitor_handle) 5176 sk_skip = cmd->sk; 5177 } 5178 5179 ev.monitor_handle = cpu_to_le16(handle); 5180 5181 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip); 5182 } 5183 5184 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 5185 void *data, u16 len) 5186 { 5187 struct adv_monitor *monitor = NULL; 5188 struct mgmt_rp_read_adv_monitor_features *rp = NULL; 5189 int handle, err; 5190 size_t rp_size = 0; 5191 __u32 supported = 0; 5192 __u32 enabled = 0; 5193 __u16 num_handles = 0; 5194 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 5195 5196 BT_DBG("request for %s", hdev->name); 5197 5198 hci_dev_lock(hdev); 5199 5200 if (msft_monitor_supported(hdev)) 5201 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 5202 5203 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) 5204 handles[num_handles++] = monitor->handle; 5205 5206 hci_dev_unlock(hdev); 5207 5208 rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 5209 rp = kmalloc(rp_size, GFP_KERNEL); 5210 if (!rp) 5211 return -ENOMEM; 5212 5213 /* All supported features are currently enabled */ 5214 enabled = supported; 5215 5216 rp->supported_features = cpu_to_le32(supported); 5217 rp->enabled_features = cpu_to_le32(enabled); 5218 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 5219 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 5220 rp->num_handles = cpu_to_le16(num_handles); 5221 if (num_handles) 5222 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 5223 5224 err = mgmt_cmd_complete(sk, hdev->id, 5225 MGMT_OP_READ_ADV_MONITOR_FEATURES, 5226 MGMT_STATUS_SUCCESS, rp, rp_size); 5227 5228 kfree(rp); 5229 5230 return err; 5231 } 5232 5233 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, 5234 void *data, int status) 5235 { 5236 struct mgmt_rp_add_adv_patterns_monitor rp; 5237 struct mgmt_pending_cmd *cmd = data; 5238 struct adv_monitor *monitor = cmd->user_data; 5239 5240 hci_dev_lock(hdev); 5241 5242 rp.monitor_handle = cpu_to_le16(monitor->handle); 5243 5244 if (!status) { 5245 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle); 5246 hdev->adv_monitors_cnt++; 5247 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED) 5248 monitor->state = ADV_MONITOR_STATE_REGISTERED; 5249 hci_update_passive_scan(hdev); 5250 } 5251 5252 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5253 mgmt_status(status), &rp, sizeof(rp)); 5254 mgmt_pending_remove(cmd); 5255 5256 hci_dev_unlock(hdev); 5257 bt_dev_dbg(hdev, "add monitor %d complete, status %d", 5258 rp.monitor_handle, status); 5259 } 5260 5261 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data) 5262 { 5263 struct mgmt_pending_cmd *cmd = data; 5264 struct adv_monitor *monitor = cmd->user_data; 5265 5266 return hci_add_adv_monitor(hdev, monitor); 5267 } 5268 5269 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5270 struct adv_monitor *m, u8 status, 5271 void *data, u16 len, u16 op) 5272 { 5273 struct mgmt_pending_cmd *cmd; 5274 int err; 5275 5276 hci_dev_lock(hdev); 5277 5278 if (status) 5279 goto unlock; 5280 5281 if (pending_find(MGMT_OP_SET_LE, hdev) || 5282 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5283 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) || 5284 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) { 5285 status = MGMT_STATUS_BUSY; 5286 goto unlock; 5287 } 5288 5289 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5290 if (!cmd) { 5291 status = MGMT_STATUS_NO_RESOURCES; 5292 goto unlock; 5293 } 5294 5295 cmd->user_data = m; 5296 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd, 5297 mgmt_add_adv_patterns_monitor_complete); 5298 if (err) { 5299 if (err == -ENOMEM) 5300 status = MGMT_STATUS_NO_RESOURCES; 5301 else 5302 status = MGMT_STATUS_FAILED; 5303 5304 goto unlock; 5305 } 5306 5307 hci_dev_unlock(hdev); 5308 5309 return 0; 5310 5311 unlock: 5312 hci_free_adv_monitor(hdev, m); 5313 hci_dev_unlock(hdev); 5314 return mgmt_cmd_status(sk, hdev->id, op, status); 5315 } 5316 5317 static void parse_adv_monitor_rssi(struct adv_monitor *m, 5318 struct mgmt_adv_rssi_thresholds *rssi) 5319 { 5320 if (rssi) { 5321 m->rssi.low_threshold = rssi->low_threshold; 5322 m->rssi.low_threshold_timeout = 5323 __le16_to_cpu(rssi->low_threshold_timeout); 5324 m->rssi.high_threshold = rssi->high_threshold; 5325 m->rssi.high_threshold_timeout = 5326 __le16_to_cpu(rssi->high_threshold_timeout); 5327 m->rssi.sampling_period = rssi->sampling_period; 5328 } else { 5329 /* Default values. These numbers are the least constricting 5330 * parameters for MSFT API to work, so it behaves as if there 5331 * are no rssi parameter to consider. May need to be changed 5332 * if other API are to be supported. 5333 */ 5334 m->rssi.low_threshold = -127; 5335 m->rssi.low_threshold_timeout = 60; 5336 m->rssi.high_threshold = -127; 5337 m->rssi.high_threshold_timeout = 0; 5338 m->rssi.sampling_period = 0; 5339 } 5340 } 5341 5342 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count, 5343 struct mgmt_adv_pattern *patterns) 5344 { 5345 u8 offset = 0, length = 0; 5346 struct adv_pattern *p = NULL; 5347 int i; 5348 5349 for (i = 0; i < pattern_count; i++) { 5350 offset = patterns[i].offset; 5351 length = patterns[i].length; 5352 if (offset >= HCI_MAX_EXT_AD_LENGTH || 5353 length > HCI_MAX_EXT_AD_LENGTH || 5354 (offset + length) > HCI_MAX_EXT_AD_LENGTH) 5355 return MGMT_STATUS_INVALID_PARAMS; 5356 5357 p = kmalloc(sizeof(*p), GFP_KERNEL); 5358 if (!p) 5359 return MGMT_STATUS_NO_RESOURCES; 5360 5361 p->ad_type = patterns[i].ad_type; 5362 p->offset = patterns[i].offset; 5363 p->length = patterns[i].length; 5364 memcpy(p->value, patterns[i].value, p->length); 5365 5366 INIT_LIST_HEAD(&p->list); 5367 list_add(&p->list, &m->patterns); 5368 } 5369 5370 return MGMT_STATUS_SUCCESS; 5371 } 5372 5373 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 5374 void *data, u16 len) 5375 { 5376 struct mgmt_cp_add_adv_patterns_monitor *cp = data; 5377 struct adv_monitor *m = NULL; 5378 u8 status = MGMT_STATUS_SUCCESS; 5379 size_t expected_size = sizeof(*cp); 5380 5381 BT_DBG("request for %s", hdev->name); 5382 5383 if (len <= sizeof(*cp)) { 5384 status = MGMT_STATUS_INVALID_PARAMS; 5385 goto done; 5386 } 5387 5388 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5389 if (len != expected_size) { 5390 status = MGMT_STATUS_INVALID_PARAMS; 5391 goto done; 5392 } 5393 5394 m = kzalloc(sizeof(*m), GFP_KERNEL); 5395 if (!m) { 5396 status = MGMT_STATUS_NO_RESOURCES; 5397 goto done; 5398 } 5399 5400 INIT_LIST_HEAD(&m->patterns); 5401 5402 parse_adv_monitor_rssi(m, NULL); 5403 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5404 5405 done: 5406 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5407 MGMT_OP_ADD_ADV_PATTERNS_MONITOR); 5408 } 5409 5410 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev, 5411 void *data, u16 len) 5412 { 5413 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data; 5414 struct adv_monitor *m = NULL; 5415 u8 status = MGMT_STATUS_SUCCESS; 5416 size_t expected_size = sizeof(*cp); 5417 5418 BT_DBG("request for %s", hdev->name); 5419 5420 if (len <= sizeof(*cp)) { 5421 status = MGMT_STATUS_INVALID_PARAMS; 5422 goto done; 5423 } 5424 5425 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 5426 if (len != expected_size) { 5427 status = MGMT_STATUS_INVALID_PARAMS; 5428 goto done; 5429 } 5430 5431 m = kzalloc(sizeof(*m), GFP_KERNEL); 5432 if (!m) { 5433 status = MGMT_STATUS_NO_RESOURCES; 5434 goto done; 5435 } 5436 5437 INIT_LIST_HEAD(&m->patterns); 5438 5439 parse_adv_monitor_rssi(m, &cp->rssi); 5440 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 5441 5442 done: 5443 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 5444 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI); 5445 } 5446 5447 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, 5448 void *data, int status) 5449 { 5450 struct mgmt_rp_remove_adv_monitor rp; 5451 struct mgmt_pending_cmd *cmd = data; 5452 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5453 5454 hci_dev_lock(hdev); 5455 5456 rp.monitor_handle = cp->monitor_handle; 5457 5458 if (!status) 5459 hci_update_passive_scan(hdev); 5460 5461 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 5462 mgmt_status(status), &rp, sizeof(rp)); 5463 mgmt_pending_remove(cmd); 5464 5465 hci_dev_unlock(hdev); 5466 bt_dev_dbg(hdev, "remove monitor %d complete, status %d", 5467 rp.monitor_handle, status); 5468 } 5469 5470 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data) 5471 { 5472 struct mgmt_pending_cmd *cmd = data; 5473 struct mgmt_cp_remove_adv_monitor *cp = cmd->param; 5474 u16 handle = __le16_to_cpu(cp->monitor_handle); 5475 5476 if (!handle) 5477 return hci_remove_all_adv_monitor(hdev); 5478 5479 return hci_remove_single_adv_monitor(hdev, handle); 5480 } 5481 5482 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 5483 void *data, u16 len) 5484 { 5485 struct mgmt_pending_cmd *cmd; 5486 int err, status; 5487 5488 hci_dev_lock(hdev); 5489 5490 if (pending_find(MGMT_OP_SET_LE, hdev) || 5491 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) || 5492 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 5493 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) { 5494 status = MGMT_STATUS_BUSY; 5495 goto unlock; 5496 } 5497 5498 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len); 5499 if (!cmd) { 5500 status = MGMT_STATUS_NO_RESOURCES; 5501 goto unlock; 5502 } 5503 5504 err = hci_cmd_sync_submit(hdev, mgmt_remove_adv_monitor_sync, cmd, 5505 mgmt_remove_adv_monitor_complete); 5506 5507 if (err) { 5508 mgmt_pending_remove(cmd); 5509 5510 if (err == -ENOMEM) 5511 status = MGMT_STATUS_NO_RESOURCES; 5512 else 5513 status = MGMT_STATUS_FAILED; 5514 5515 goto unlock; 5516 } 5517 5518 hci_dev_unlock(hdev); 5519 5520 return 0; 5521 5522 unlock: 5523 hci_dev_unlock(hdev); 5524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 5525 status); 5526 } 5527 5528 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err) 5529 { 5530 struct mgmt_rp_read_local_oob_data mgmt_rp; 5531 size_t rp_size = sizeof(mgmt_rp); 5532 struct mgmt_pending_cmd *cmd = data; 5533 struct sk_buff *skb = cmd->skb; 5534 u8 status = mgmt_status(err); 5535 5536 if (!status) { 5537 if (!skb) 5538 status = MGMT_STATUS_FAILED; 5539 else if (IS_ERR(skb)) 5540 status = mgmt_status(PTR_ERR(skb)); 5541 else 5542 status = mgmt_status(skb->data[0]); 5543 } 5544 5545 bt_dev_dbg(hdev, "status %d", status); 5546 5547 if (status) { 5548 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status); 5549 goto remove; 5550 } 5551 5552 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 5553 5554 if (!bredr_sc_enabled(hdev)) { 5555 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 5556 5557 if (skb->len < sizeof(*rp)) { 5558 mgmt_cmd_status(cmd->sk, hdev->id, 5559 MGMT_OP_READ_LOCAL_OOB_DATA, 5560 MGMT_STATUS_FAILED); 5561 goto remove; 5562 } 5563 5564 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 5565 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 5566 5567 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 5568 } else { 5569 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 5570 5571 if (skb->len < sizeof(*rp)) { 5572 mgmt_cmd_status(cmd->sk, hdev->id, 5573 MGMT_OP_READ_LOCAL_OOB_DATA, 5574 MGMT_STATUS_FAILED); 5575 goto remove; 5576 } 5577 5578 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 5579 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 5580 5581 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 5582 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 5583 } 5584 5585 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5586 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 5587 5588 remove: 5589 if (skb && !IS_ERR(skb)) 5590 kfree_skb(skb); 5591 5592 mgmt_pending_free(cmd); 5593 } 5594 5595 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data) 5596 { 5597 struct mgmt_pending_cmd *cmd = data; 5598 5599 if (bredr_sc_enabled(hdev)) 5600 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk); 5601 else 5602 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk); 5603 5604 if (IS_ERR(cmd->skb)) 5605 return PTR_ERR(cmd->skb); 5606 else 5607 return 0; 5608 } 5609 5610 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 5611 void *data, u16 data_len) 5612 { 5613 struct mgmt_pending_cmd *cmd; 5614 int err; 5615 5616 bt_dev_dbg(hdev, "sock %p", sk); 5617 5618 hci_dev_lock(hdev); 5619 5620 if (!hdev_is_powered(hdev)) { 5621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5622 MGMT_STATUS_NOT_POWERED); 5623 goto unlock; 5624 } 5625 5626 if (!lmp_ssp_capable(hdev)) { 5627 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5628 MGMT_STATUS_NOT_SUPPORTED); 5629 goto unlock; 5630 } 5631 5632 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 5633 if (!cmd) 5634 err = -ENOMEM; 5635 else 5636 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 5637 read_local_oob_data_complete); 5638 5639 if (err < 0) { 5640 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5641 MGMT_STATUS_FAILED); 5642 5643 if (cmd) 5644 mgmt_pending_free(cmd); 5645 } 5646 5647 unlock: 5648 hci_dev_unlock(hdev); 5649 return err; 5650 } 5651 5652 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5653 void *data, u16 len) 5654 { 5655 struct mgmt_addr_info *addr = data; 5656 int err; 5657 5658 bt_dev_dbg(hdev, "sock %p", sk); 5659 5660 if (!bdaddr_type_is_valid(addr->type)) 5661 return mgmt_cmd_complete(sk, hdev->id, 5662 MGMT_OP_ADD_REMOTE_OOB_DATA, 5663 MGMT_STATUS_INVALID_PARAMS, 5664 addr, sizeof(*addr)); 5665 5666 hci_dev_lock(hdev); 5667 5668 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 5669 struct mgmt_cp_add_remote_oob_data *cp = data; 5670 u8 status; 5671 5672 if (cp->addr.type != BDADDR_BREDR) { 5673 err = mgmt_cmd_complete(sk, hdev->id, 5674 MGMT_OP_ADD_REMOTE_OOB_DATA, 5675 MGMT_STATUS_INVALID_PARAMS, 5676 &cp->addr, sizeof(cp->addr)); 5677 goto unlock; 5678 } 5679 5680 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5681 cp->addr.type, cp->hash, 5682 cp->rand, NULL, NULL); 5683 if (err < 0) 5684 status = MGMT_STATUS_FAILED; 5685 else 5686 status = MGMT_STATUS_SUCCESS; 5687 5688 err = mgmt_cmd_complete(sk, hdev->id, 5689 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 5690 &cp->addr, sizeof(cp->addr)); 5691 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 5692 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 5693 u8 *rand192, *hash192, *rand256, *hash256; 5694 u8 status; 5695 5696 if (bdaddr_type_is_le(cp->addr.type)) { 5697 /* Enforce zero-valued 192-bit parameters as 5698 * long as legacy SMP OOB isn't implemented. 5699 */ 5700 if (memcmp(cp->rand192, ZERO_KEY, 16) || 5701 memcmp(cp->hash192, ZERO_KEY, 16)) { 5702 err = mgmt_cmd_complete(sk, hdev->id, 5703 MGMT_OP_ADD_REMOTE_OOB_DATA, 5704 MGMT_STATUS_INVALID_PARAMS, 5705 addr, sizeof(*addr)); 5706 goto unlock; 5707 } 5708 5709 rand192 = NULL; 5710 hash192 = NULL; 5711 } else { 5712 /* In case one of the P-192 values is set to zero, 5713 * then just disable OOB data for P-192. 5714 */ 5715 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 5716 !memcmp(cp->hash192, ZERO_KEY, 16)) { 5717 rand192 = NULL; 5718 hash192 = NULL; 5719 } else { 5720 rand192 = cp->rand192; 5721 hash192 = cp->hash192; 5722 } 5723 } 5724 5725 /* In case one of the P-256 values is set to zero, then just 5726 * disable OOB data for P-256. 5727 */ 5728 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 5729 !memcmp(cp->hash256, ZERO_KEY, 16)) { 5730 rand256 = NULL; 5731 hash256 = NULL; 5732 } else { 5733 rand256 = cp->rand256; 5734 hash256 = cp->hash256; 5735 } 5736 5737 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5738 cp->addr.type, hash192, rand192, 5739 hash256, rand256); 5740 if (err < 0) 5741 status = MGMT_STATUS_FAILED; 5742 else 5743 status = MGMT_STATUS_SUCCESS; 5744 5745 err = mgmt_cmd_complete(sk, hdev->id, 5746 MGMT_OP_ADD_REMOTE_OOB_DATA, 5747 status, &cp->addr, sizeof(cp->addr)); 5748 } else { 5749 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 5750 len); 5751 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 5752 MGMT_STATUS_INVALID_PARAMS); 5753 } 5754 5755 unlock: 5756 hci_dev_unlock(hdev); 5757 return err; 5758 } 5759 5760 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5761 void *data, u16 len) 5762 { 5763 struct mgmt_cp_remove_remote_oob_data *cp = data; 5764 u8 status; 5765 int err; 5766 5767 bt_dev_dbg(hdev, "sock %p", sk); 5768 5769 if (cp->addr.type != BDADDR_BREDR) 5770 return mgmt_cmd_complete(sk, hdev->id, 5771 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5772 MGMT_STATUS_INVALID_PARAMS, 5773 &cp->addr, sizeof(cp->addr)); 5774 5775 hci_dev_lock(hdev); 5776 5777 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5778 hci_remote_oob_data_clear(hdev); 5779 status = MGMT_STATUS_SUCCESS; 5780 goto done; 5781 } 5782 5783 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 5784 if (err < 0) 5785 status = MGMT_STATUS_INVALID_PARAMS; 5786 else 5787 status = MGMT_STATUS_SUCCESS; 5788 5789 done: 5790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5791 status, &cp->addr, sizeof(cp->addr)); 5792 5793 hci_dev_unlock(hdev); 5794 return err; 5795 } 5796 5797 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 5798 { 5799 struct mgmt_pending_cmd *cmd; 5800 5801 bt_dev_dbg(hdev, "status %u", status); 5802 5803 hci_dev_lock(hdev); 5804 5805 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 5806 if (!cmd) 5807 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 5808 5809 if (!cmd) 5810 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 5811 5812 if (cmd) { 5813 cmd->cmd_complete(cmd, mgmt_status(status)); 5814 mgmt_pending_remove(cmd); 5815 } 5816 5817 hci_dev_unlock(hdev); 5818 } 5819 5820 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 5821 uint8_t *mgmt_status) 5822 { 5823 switch (type) { 5824 case DISCOV_TYPE_LE: 5825 *mgmt_status = mgmt_le_support(hdev); 5826 if (*mgmt_status) 5827 return false; 5828 break; 5829 case DISCOV_TYPE_INTERLEAVED: 5830 *mgmt_status = mgmt_le_support(hdev); 5831 if (*mgmt_status) 5832 return false; 5833 fallthrough; 5834 case DISCOV_TYPE_BREDR: 5835 *mgmt_status = mgmt_bredr_support(hdev); 5836 if (*mgmt_status) 5837 return false; 5838 break; 5839 default: 5840 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 5841 return false; 5842 } 5843 5844 return true; 5845 } 5846 5847 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err) 5848 { 5849 struct mgmt_pending_cmd *cmd = data; 5850 5851 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) && 5852 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) && 5853 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev)) 5854 return; 5855 5856 bt_dev_dbg(hdev, "err %d", err); 5857 5858 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5859 cmd->param, 1); 5860 mgmt_pending_remove(cmd); 5861 5862 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED: 5863 DISCOVERY_FINDING); 5864 } 5865 5866 static int start_discovery_sync(struct hci_dev *hdev, void *data) 5867 { 5868 return hci_start_discovery_sync(hdev); 5869 } 5870 5871 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 5872 u16 op, void *data, u16 len) 5873 { 5874 struct mgmt_cp_start_discovery *cp = data; 5875 struct mgmt_pending_cmd *cmd; 5876 u8 status; 5877 int err; 5878 5879 bt_dev_dbg(hdev, "sock %p", sk); 5880 5881 hci_dev_lock(hdev); 5882 5883 if (!hdev_is_powered(hdev)) { 5884 err = mgmt_cmd_complete(sk, hdev->id, op, 5885 MGMT_STATUS_NOT_POWERED, 5886 &cp->type, sizeof(cp->type)); 5887 goto failed; 5888 } 5889 5890 if (hdev->discovery.state != DISCOVERY_STOPPED || 5891 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5892 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5893 &cp->type, sizeof(cp->type)); 5894 goto failed; 5895 } 5896 5897 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 5898 err = mgmt_cmd_complete(sk, hdev->id, op, status, 5899 &cp->type, sizeof(cp->type)); 5900 goto failed; 5901 } 5902 5903 /* Can't start discovery when it is paused */ 5904 if (hdev->discovery_paused) { 5905 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5906 &cp->type, sizeof(cp->type)); 5907 goto failed; 5908 } 5909 5910 /* Clear the discovery filter first to free any previously 5911 * allocated memory for the UUID list. 5912 */ 5913 hci_discovery_filter_clear(hdev); 5914 5915 hdev->discovery.type = cp->type; 5916 hdev->discovery.report_invalid_rssi = false; 5917 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 5918 hdev->discovery.limited = true; 5919 else 5920 hdev->discovery.limited = false; 5921 5922 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5923 if (!cmd) { 5924 err = -ENOMEM; 5925 goto failed; 5926 } 5927 5928 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5929 start_discovery_complete); 5930 if (err < 0) { 5931 mgmt_pending_remove(cmd); 5932 goto failed; 5933 } 5934 5935 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5936 5937 failed: 5938 hci_dev_unlock(hdev); 5939 return err; 5940 } 5941 5942 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 5943 void *data, u16 len) 5944 { 5945 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 5946 data, len); 5947 } 5948 5949 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 5950 void *data, u16 len) 5951 { 5952 return start_discovery_internal(sk, hdev, 5953 MGMT_OP_START_LIMITED_DISCOVERY, 5954 data, len); 5955 } 5956 5957 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 5958 void *data, u16 len) 5959 { 5960 struct mgmt_cp_start_service_discovery *cp = data; 5961 struct mgmt_pending_cmd *cmd; 5962 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 5963 u16 uuid_count, expected_len; 5964 u8 status; 5965 int err; 5966 5967 bt_dev_dbg(hdev, "sock %p", sk); 5968 5969 hci_dev_lock(hdev); 5970 5971 if (!hdev_is_powered(hdev)) { 5972 err = mgmt_cmd_complete(sk, hdev->id, 5973 MGMT_OP_START_SERVICE_DISCOVERY, 5974 MGMT_STATUS_NOT_POWERED, 5975 &cp->type, sizeof(cp->type)); 5976 goto failed; 5977 } 5978 5979 if (hdev->discovery.state != DISCOVERY_STOPPED || 5980 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5981 err = mgmt_cmd_complete(sk, hdev->id, 5982 MGMT_OP_START_SERVICE_DISCOVERY, 5983 MGMT_STATUS_BUSY, &cp->type, 5984 sizeof(cp->type)); 5985 goto failed; 5986 } 5987 5988 if (hdev->discovery_paused) { 5989 err = mgmt_cmd_complete(sk, hdev->id, 5990 MGMT_OP_START_SERVICE_DISCOVERY, 5991 MGMT_STATUS_BUSY, &cp->type, 5992 sizeof(cp->type)); 5993 goto failed; 5994 } 5995 5996 uuid_count = __le16_to_cpu(cp->uuid_count); 5997 if (uuid_count > max_uuid_count) { 5998 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 5999 uuid_count); 6000 err = mgmt_cmd_complete(sk, hdev->id, 6001 MGMT_OP_START_SERVICE_DISCOVERY, 6002 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6003 sizeof(cp->type)); 6004 goto failed; 6005 } 6006 6007 expected_len = sizeof(*cp) + uuid_count * 16; 6008 if (expected_len != len) { 6009 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 6010 expected_len, len); 6011 err = mgmt_cmd_complete(sk, hdev->id, 6012 MGMT_OP_START_SERVICE_DISCOVERY, 6013 MGMT_STATUS_INVALID_PARAMS, &cp->type, 6014 sizeof(cp->type)); 6015 goto failed; 6016 } 6017 6018 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 6019 err = mgmt_cmd_complete(sk, hdev->id, 6020 MGMT_OP_START_SERVICE_DISCOVERY, 6021 status, &cp->type, sizeof(cp->type)); 6022 goto failed; 6023 } 6024 6025 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 6026 hdev, data, len); 6027 if (!cmd) { 6028 err = -ENOMEM; 6029 goto failed; 6030 } 6031 6032 /* Clear the discovery filter first to free any previously 6033 * allocated memory for the UUID list. 6034 */ 6035 hci_discovery_filter_clear(hdev); 6036 6037 hdev->discovery.result_filtering = true; 6038 hdev->discovery.type = cp->type; 6039 hdev->discovery.rssi = cp->rssi; 6040 hdev->discovery.uuid_count = uuid_count; 6041 6042 if (uuid_count > 0) { 6043 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 6044 GFP_KERNEL); 6045 if (!hdev->discovery.uuids) { 6046 err = mgmt_cmd_complete(sk, hdev->id, 6047 MGMT_OP_START_SERVICE_DISCOVERY, 6048 MGMT_STATUS_FAILED, 6049 &cp->type, sizeof(cp->type)); 6050 mgmt_pending_remove(cmd); 6051 goto failed; 6052 } 6053 } 6054 6055 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 6056 start_discovery_complete); 6057 if (err < 0) { 6058 mgmt_pending_remove(cmd); 6059 goto failed; 6060 } 6061 6062 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 6063 6064 failed: 6065 hci_dev_unlock(hdev); 6066 return err; 6067 } 6068 6069 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 6070 { 6071 struct mgmt_pending_cmd *cmd; 6072 6073 bt_dev_dbg(hdev, "status %u", status); 6074 6075 hci_dev_lock(hdev); 6076 6077 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 6078 if (cmd) { 6079 cmd->cmd_complete(cmd, mgmt_status(status)); 6080 mgmt_pending_remove(cmd); 6081 } 6082 6083 hci_dev_unlock(hdev); 6084 } 6085 6086 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err) 6087 { 6088 struct mgmt_pending_cmd *cmd = data; 6089 6090 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev)) 6091 return; 6092 6093 bt_dev_dbg(hdev, "err %d", err); 6094 6095 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 6096 cmd->param, 1); 6097 mgmt_pending_remove(cmd); 6098 6099 if (!err) 6100 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 6101 } 6102 6103 static int stop_discovery_sync(struct hci_dev *hdev, void *data) 6104 { 6105 return hci_stop_discovery_sync(hdev); 6106 } 6107 6108 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 6109 u16 len) 6110 { 6111 struct mgmt_cp_stop_discovery *mgmt_cp = data; 6112 struct mgmt_pending_cmd *cmd; 6113 int err; 6114 6115 bt_dev_dbg(hdev, "sock %p", sk); 6116 6117 hci_dev_lock(hdev); 6118 6119 if (!hci_discovery_active(hdev)) { 6120 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6121 MGMT_STATUS_REJECTED, &mgmt_cp->type, 6122 sizeof(mgmt_cp->type)); 6123 goto unlock; 6124 } 6125 6126 if (hdev->discovery.type != mgmt_cp->type) { 6127 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 6128 MGMT_STATUS_INVALID_PARAMS, 6129 &mgmt_cp->type, sizeof(mgmt_cp->type)); 6130 goto unlock; 6131 } 6132 6133 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 6134 if (!cmd) { 6135 err = -ENOMEM; 6136 goto unlock; 6137 } 6138 6139 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd, 6140 stop_discovery_complete); 6141 if (err < 0) { 6142 mgmt_pending_remove(cmd); 6143 goto unlock; 6144 } 6145 6146 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 6147 6148 unlock: 6149 hci_dev_unlock(hdev); 6150 return err; 6151 } 6152 6153 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 6154 u16 len) 6155 { 6156 struct mgmt_cp_confirm_name *cp = data; 6157 struct inquiry_entry *e; 6158 int err; 6159 6160 bt_dev_dbg(hdev, "sock %p", sk); 6161 6162 hci_dev_lock(hdev); 6163 6164 if (!hci_discovery_active(hdev)) { 6165 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6166 MGMT_STATUS_FAILED, &cp->addr, 6167 sizeof(cp->addr)); 6168 goto failed; 6169 } 6170 6171 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 6172 if (!e) { 6173 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 6174 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 6175 sizeof(cp->addr)); 6176 goto failed; 6177 } 6178 6179 if (cp->name_known) { 6180 e->name_state = NAME_KNOWN; 6181 list_del(&e->list); 6182 } else { 6183 e->name_state = NAME_NEEDED; 6184 hci_inquiry_cache_update_resolve(hdev, e); 6185 } 6186 6187 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 6188 &cp->addr, sizeof(cp->addr)); 6189 6190 failed: 6191 hci_dev_unlock(hdev); 6192 return err; 6193 } 6194 6195 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 6196 u16 len) 6197 { 6198 struct mgmt_cp_block_device *cp = data; 6199 u8 status; 6200 int err; 6201 6202 bt_dev_dbg(hdev, "sock %p", sk); 6203 6204 if (!bdaddr_type_is_valid(cp->addr.type)) 6205 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 6206 MGMT_STATUS_INVALID_PARAMS, 6207 &cp->addr, sizeof(cp->addr)); 6208 6209 hci_dev_lock(hdev); 6210 6211 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr, 6212 cp->addr.type); 6213 if (err < 0) { 6214 status = MGMT_STATUS_FAILED; 6215 goto done; 6216 } 6217 6218 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6219 sk); 6220 status = MGMT_STATUS_SUCCESS; 6221 6222 done: 6223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 6224 &cp->addr, sizeof(cp->addr)); 6225 6226 hci_dev_unlock(hdev); 6227 6228 return err; 6229 } 6230 6231 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 6232 u16 len) 6233 { 6234 struct mgmt_cp_unblock_device *cp = data; 6235 u8 status; 6236 int err; 6237 6238 bt_dev_dbg(hdev, "sock %p", sk); 6239 6240 if (!bdaddr_type_is_valid(cp->addr.type)) 6241 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 6242 MGMT_STATUS_INVALID_PARAMS, 6243 &cp->addr, sizeof(cp->addr)); 6244 6245 hci_dev_lock(hdev); 6246 6247 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr, 6248 cp->addr.type); 6249 if (err < 0) { 6250 status = MGMT_STATUS_INVALID_PARAMS; 6251 goto done; 6252 } 6253 6254 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 6255 sk); 6256 status = MGMT_STATUS_SUCCESS; 6257 6258 done: 6259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 6260 &cp->addr, sizeof(cp->addr)); 6261 6262 hci_dev_unlock(hdev); 6263 6264 return err; 6265 } 6266 6267 static int set_device_id_sync(struct hci_dev *hdev, void *data) 6268 { 6269 return hci_update_eir_sync(hdev); 6270 } 6271 6272 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 6273 u16 len) 6274 { 6275 struct mgmt_cp_set_device_id *cp = data; 6276 int err; 6277 __u16 source; 6278 6279 bt_dev_dbg(hdev, "sock %p", sk); 6280 6281 source = __le16_to_cpu(cp->source); 6282 6283 if (source > 0x0002) 6284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 6285 MGMT_STATUS_INVALID_PARAMS); 6286 6287 hci_dev_lock(hdev); 6288 6289 hdev->devid_source = source; 6290 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 6291 hdev->devid_product = __le16_to_cpu(cp->product); 6292 hdev->devid_version = __le16_to_cpu(cp->version); 6293 6294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 6295 NULL, 0); 6296 6297 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL); 6298 6299 hci_dev_unlock(hdev); 6300 6301 return err; 6302 } 6303 6304 static void enable_advertising_instance(struct hci_dev *hdev, int err) 6305 { 6306 if (err) 6307 bt_dev_err(hdev, "failed to re-configure advertising %d", err); 6308 else 6309 bt_dev_dbg(hdev, "status %d", err); 6310 } 6311 6312 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err) 6313 { 6314 struct cmd_lookup match = { NULL, hdev }; 6315 u8 instance; 6316 struct adv_info *adv_instance; 6317 u8 status = mgmt_status(err); 6318 6319 if (status) { 6320 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 6321 cmd_status_rsp, &status); 6322 return; 6323 } 6324 6325 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 6326 hci_dev_set_flag(hdev, HCI_ADVERTISING); 6327 else 6328 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 6329 6330 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 6331 &match); 6332 6333 new_settings(hdev, match.sk); 6334 6335 if (match.sk) 6336 sock_put(match.sk); 6337 6338 /* If "Set Advertising" was just disabled and instance advertising was 6339 * set up earlier, then re-enable multi-instance advertising. 6340 */ 6341 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 6342 list_empty(&hdev->adv_instances)) 6343 return; 6344 6345 instance = hdev->cur_adv_instance; 6346 if (!instance) { 6347 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 6348 struct adv_info, list); 6349 if (!adv_instance) 6350 return; 6351 6352 instance = adv_instance->instance; 6353 } 6354 6355 err = hci_schedule_adv_instance_sync(hdev, instance, true); 6356 6357 enable_advertising_instance(hdev, err); 6358 } 6359 6360 static int set_adv_sync(struct hci_dev *hdev, void *data) 6361 { 6362 struct mgmt_pending_cmd *cmd = data; 6363 struct mgmt_mode *cp = cmd->param; 6364 u8 val = !!cp->val; 6365 6366 if (cp->val == 0x02) 6367 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6368 else 6369 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6370 6371 cancel_adv_timeout(hdev); 6372 6373 if (val) { 6374 /* Switch to instance "0" for the Set Advertising setting. 6375 * We cannot use update_[adv|scan_rsp]_data() here as the 6376 * HCI_ADVERTISING flag is not yet set. 6377 */ 6378 hdev->cur_adv_instance = 0x00; 6379 6380 if (ext_adv_capable(hdev)) { 6381 hci_start_ext_adv_sync(hdev, 0x00); 6382 } else { 6383 hci_update_adv_data_sync(hdev, 0x00); 6384 hci_update_scan_rsp_data_sync(hdev, 0x00); 6385 hci_enable_advertising_sync(hdev); 6386 } 6387 } else { 6388 hci_disable_advertising_sync(hdev); 6389 } 6390 6391 return 0; 6392 } 6393 6394 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 6395 u16 len) 6396 { 6397 struct mgmt_mode *cp = data; 6398 struct mgmt_pending_cmd *cmd; 6399 u8 val, status; 6400 int err; 6401 6402 bt_dev_dbg(hdev, "sock %p", sk); 6403 6404 status = mgmt_le_support(hdev); 6405 if (status) 6406 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6407 status); 6408 6409 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6410 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6411 MGMT_STATUS_INVALID_PARAMS); 6412 6413 if (hdev->advertising_paused) 6414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6415 MGMT_STATUS_BUSY); 6416 6417 hci_dev_lock(hdev); 6418 6419 val = !!cp->val; 6420 6421 /* The following conditions are ones which mean that we should 6422 * not do any HCI communication but directly send a mgmt 6423 * response to user space (after toggling the flag if 6424 * necessary). 6425 */ 6426 if (!hdev_is_powered(hdev) || 6427 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 6428 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 6429 hci_dev_test_flag(hdev, HCI_MESH) || 6430 hci_conn_num(hdev, LE_LINK) > 0 || 6431 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6432 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 6433 bool changed; 6434 6435 if (cp->val) { 6436 hdev->cur_adv_instance = 0x00; 6437 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 6438 if (cp->val == 0x02) 6439 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6440 else 6441 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6442 } else { 6443 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 6444 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 6445 } 6446 6447 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 6448 if (err < 0) 6449 goto unlock; 6450 6451 if (changed) 6452 err = new_settings(hdev, sk); 6453 6454 goto unlock; 6455 } 6456 6457 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 6458 pending_find(MGMT_OP_SET_LE, hdev)) { 6459 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6460 MGMT_STATUS_BUSY); 6461 goto unlock; 6462 } 6463 6464 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 6465 if (!cmd) 6466 err = -ENOMEM; 6467 else 6468 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd, 6469 set_advertising_complete); 6470 6471 if (err < 0 && cmd) 6472 mgmt_pending_remove(cmd); 6473 6474 unlock: 6475 hci_dev_unlock(hdev); 6476 return err; 6477 } 6478 6479 static int set_static_address(struct sock *sk, struct hci_dev *hdev, 6480 void *data, u16 len) 6481 { 6482 struct mgmt_cp_set_static_address *cp = data; 6483 int err; 6484 6485 bt_dev_dbg(hdev, "sock %p", sk); 6486 6487 if (!lmp_le_capable(hdev)) 6488 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6489 MGMT_STATUS_NOT_SUPPORTED); 6490 6491 if (hdev_is_powered(hdev)) 6492 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 6493 MGMT_STATUS_REJECTED); 6494 6495 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 6496 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 6497 return mgmt_cmd_status(sk, hdev->id, 6498 MGMT_OP_SET_STATIC_ADDRESS, 6499 MGMT_STATUS_INVALID_PARAMS); 6500 6501 /* Two most significant bits shall be set */ 6502 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 6503 return mgmt_cmd_status(sk, hdev->id, 6504 MGMT_OP_SET_STATIC_ADDRESS, 6505 MGMT_STATUS_INVALID_PARAMS); 6506 } 6507 6508 hci_dev_lock(hdev); 6509 6510 bacpy(&hdev->static_addr, &cp->bdaddr); 6511 6512 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 6513 if (err < 0) 6514 goto unlock; 6515 6516 err = new_settings(hdev, sk); 6517 6518 unlock: 6519 hci_dev_unlock(hdev); 6520 return err; 6521 } 6522 6523 static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 6524 void *data, u16 len) 6525 { 6526 struct mgmt_cp_set_scan_params *cp = data; 6527 __u16 interval, window; 6528 int err; 6529 6530 bt_dev_dbg(hdev, "sock %p", sk); 6531 6532 if (!lmp_le_capable(hdev)) 6533 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6534 MGMT_STATUS_NOT_SUPPORTED); 6535 6536 interval = __le16_to_cpu(cp->interval); 6537 6538 if (interval < 0x0004 || interval > 0x4000) 6539 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6540 MGMT_STATUS_INVALID_PARAMS); 6541 6542 window = __le16_to_cpu(cp->window); 6543 6544 if (window < 0x0004 || window > 0x4000) 6545 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6546 MGMT_STATUS_INVALID_PARAMS); 6547 6548 if (window > interval) 6549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 6550 MGMT_STATUS_INVALID_PARAMS); 6551 6552 hci_dev_lock(hdev); 6553 6554 hdev->le_scan_interval = interval; 6555 hdev->le_scan_window = window; 6556 6557 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 6558 NULL, 0); 6559 6560 /* If background scan is running, restart it so new parameters are 6561 * loaded. 6562 */ 6563 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6564 hdev->discovery.state == DISCOVERY_STOPPED) 6565 hci_update_passive_scan(hdev); 6566 6567 hci_dev_unlock(hdev); 6568 6569 return err; 6570 } 6571 6572 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err) 6573 { 6574 struct mgmt_pending_cmd *cmd = data; 6575 6576 bt_dev_dbg(hdev, "err %d", err); 6577 6578 if (err) { 6579 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6580 mgmt_status(err)); 6581 } else { 6582 struct mgmt_mode *cp = cmd->param; 6583 6584 if (cp->val) 6585 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 6586 else 6587 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6588 6589 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6590 new_settings(hdev, cmd->sk); 6591 } 6592 6593 mgmt_pending_free(cmd); 6594 } 6595 6596 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data) 6597 { 6598 struct mgmt_pending_cmd *cmd = data; 6599 struct mgmt_mode *cp = cmd->param; 6600 6601 return hci_write_fast_connectable_sync(hdev, cp->val); 6602 } 6603 6604 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 6605 void *data, u16 len) 6606 { 6607 struct mgmt_mode *cp = data; 6608 struct mgmt_pending_cmd *cmd; 6609 int err; 6610 6611 bt_dev_dbg(hdev, "sock %p", sk); 6612 6613 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 6614 hdev->hci_ver < BLUETOOTH_VER_1_2) 6615 return mgmt_cmd_status(sk, hdev->id, 6616 MGMT_OP_SET_FAST_CONNECTABLE, 6617 MGMT_STATUS_NOT_SUPPORTED); 6618 6619 if (cp->val != 0x00 && cp->val != 0x01) 6620 return mgmt_cmd_status(sk, hdev->id, 6621 MGMT_OP_SET_FAST_CONNECTABLE, 6622 MGMT_STATUS_INVALID_PARAMS); 6623 6624 hci_dev_lock(hdev); 6625 6626 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 6627 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6628 goto unlock; 6629 } 6630 6631 if (!hdev_is_powered(hdev)) { 6632 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 6633 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6634 new_settings(hdev, sk); 6635 goto unlock; 6636 } 6637 6638 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data, 6639 len); 6640 if (!cmd) 6641 err = -ENOMEM; 6642 else 6643 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd, 6644 fast_connectable_complete); 6645 6646 if (err < 0) { 6647 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6648 MGMT_STATUS_FAILED); 6649 6650 if (cmd) 6651 mgmt_pending_free(cmd); 6652 } 6653 6654 unlock: 6655 hci_dev_unlock(hdev); 6656 6657 return err; 6658 } 6659 6660 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err) 6661 { 6662 struct mgmt_pending_cmd *cmd = data; 6663 6664 bt_dev_dbg(hdev, "err %d", err); 6665 6666 if (err) { 6667 u8 mgmt_err = mgmt_status(err); 6668 6669 /* We need to restore the flag if related HCI commands 6670 * failed. 6671 */ 6672 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 6673 6674 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6675 } else { 6676 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 6677 new_settings(hdev, cmd->sk); 6678 } 6679 6680 mgmt_pending_free(cmd); 6681 } 6682 6683 static int set_bredr_sync(struct hci_dev *hdev, void *data) 6684 { 6685 int status; 6686 6687 status = hci_write_fast_connectable_sync(hdev, false); 6688 6689 if (!status) 6690 status = hci_update_scan_sync(hdev); 6691 6692 /* Since only the advertising data flags will change, there 6693 * is no need to update the scan response data. 6694 */ 6695 if (!status) 6696 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance); 6697 6698 return status; 6699 } 6700 6701 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 6702 { 6703 struct mgmt_mode *cp = data; 6704 struct mgmt_pending_cmd *cmd; 6705 int err; 6706 6707 bt_dev_dbg(hdev, "sock %p", sk); 6708 6709 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 6710 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6711 MGMT_STATUS_NOT_SUPPORTED); 6712 6713 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6714 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6715 MGMT_STATUS_REJECTED); 6716 6717 if (cp->val != 0x00 && cp->val != 0x01) 6718 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6719 MGMT_STATUS_INVALID_PARAMS); 6720 6721 hci_dev_lock(hdev); 6722 6723 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6724 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6725 goto unlock; 6726 } 6727 6728 if (!hdev_is_powered(hdev)) { 6729 if (!cp->val) { 6730 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 6731 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 6732 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 6733 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6734 } 6735 6736 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 6737 6738 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6739 if (err < 0) 6740 goto unlock; 6741 6742 err = new_settings(hdev, sk); 6743 goto unlock; 6744 } 6745 6746 /* Reject disabling when powered on */ 6747 if (!cp->val) { 6748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6749 MGMT_STATUS_REJECTED); 6750 goto unlock; 6751 } else { 6752 /* When configuring a dual-mode controller to operate 6753 * with LE only and using a static address, then switching 6754 * BR/EDR back on is not allowed. 6755 * 6756 * Dual-mode controllers shall operate with the public 6757 * address as its identity address for BR/EDR and LE. So 6758 * reject the attempt to create an invalid configuration. 6759 * 6760 * The same restrictions applies when secure connections 6761 * has been enabled. For BR/EDR this is a controller feature 6762 * while for LE it is a host stack feature. This means that 6763 * switching BR/EDR back on when secure connections has been 6764 * enabled is not a supported transaction. 6765 */ 6766 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6767 (bacmp(&hdev->static_addr, BDADDR_ANY) || 6768 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 6769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6770 MGMT_STATUS_REJECTED); 6771 goto unlock; 6772 } 6773 } 6774 6775 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len); 6776 if (!cmd) 6777 err = -ENOMEM; 6778 else 6779 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd, 6780 set_bredr_complete); 6781 6782 if (err < 0) { 6783 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6784 MGMT_STATUS_FAILED); 6785 if (cmd) 6786 mgmt_pending_free(cmd); 6787 6788 goto unlock; 6789 } 6790 6791 /* We need to flip the bit already here so that 6792 * hci_req_update_adv_data generates the correct flags. 6793 */ 6794 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 6795 6796 unlock: 6797 hci_dev_unlock(hdev); 6798 return err; 6799 } 6800 6801 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err) 6802 { 6803 struct mgmt_pending_cmd *cmd = data; 6804 struct mgmt_mode *cp; 6805 6806 bt_dev_dbg(hdev, "err %d", err); 6807 6808 if (err) { 6809 u8 mgmt_err = mgmt_status(err); 6810 6811 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6812 goto done; 6813 } 6814 6815 cp = cmd->param; 6816 6817 switch (cp->val) { 6818 case 0x00: 6819 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 6820 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6821 break; 6822 case 0x01: 6823 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6824 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6825 break; 6826 case 0x02: 6827 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6828 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6829 break; 6830 } 6831 6832 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 6833 new_settings(hdev, cmd->sk); 6834 6835 done: 6836 mgmt_pending_free(cmd); 6837 } 6838 6839 static int set_secure_conn_sync(struct hci_dev *hdev, void *data) 6840 { 6841 struct mgmt_pending_cmd *cmd = data; 6842 struct mgmt_mode *cp = cmd->param; 6843 u8 val = !!cp->val; 6844 6845 /* Force write of val */ 6846 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6847 6848 return hci_write_sc_support_sync(hdev, val); 6849 } 6850 6851 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 6852 void *data, u16 len) 6853 { 6854 struct mgmt_mode *cp = data; 6855 struct mgmt_pending_cmd *cmd; 6856 u8 val; 6857 int err; 6858 6859 bt_dev_dbg(hdev, "sock %p", sk); 6860 6861 if (!lmp_sc_capable(hdev) && 6862 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6864 MGMT_STATUS_NOT_SUPPORTED); 6865 6866 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6867 lmp_sc_capable(hdev) && 6868 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 6869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6870 MGMT_STATUS_REJECTED); 6871 6872 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6874 MGMT_STATUS_INVALID_PARAMS); 6875 6876 hci_dev_lock(hdev); 6877 6878 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 6879 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6880 bool changed; 6881 6882 if (cp->val) { 6883 changed = !hci_dev_test_and_set_flag(hdev, 6884 HCI_SC_ENABLED); 6885 if (cp->val == 0x02) 6886 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6887 else 6888 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6889 } else { 6890 changed = hci_dev_test_and_clear_flag(hdev, 6891 HCI_SC_ENABLED); 6892 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6893 } 6894 6895 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6896 if (err < 0) 6897 goto failed; 6898 6899 if (changed) 6900 err = new_settings(hdev, sk); 6901 6902 goto failed; 6903 } 6904 6905 val = !!cp->val; 6906 6907 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6908 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6909 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6910 goto failed; 6911 } 6912 6913 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 6914 if (!cmd) 6915 err = -ENOMEM; 6916 else 6917 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd, 6918 set_secure_conn_complete); 6919 6920 if (err < 0) { 6921 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6922 MGMT_STATUS_FAILED); 6923 if (cmd) 6924 mgmt_pending_free(cmd); 6925 } 6926 6927 failed: 6928 hci_dev_unlock(hdev); 6929 return err; 6930 } 6931 6932 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 6933 void *data, u16 len) 6934 { 6935 struct mgmt_mode *cp = data; 6936 bool changed, use_changed; 6937 int err; 6938 6939 bt_dev_dbg(hdev, "sock %p", sk); 6940 6941 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 6943 MGMT_STATUS_INVALID_PARAMS); 6944 6945 hci_dev_lock(hdev); 6946 6947 if (cp->val) 6948 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 6949 else 6950 changed = hci_dev_test_and_clear_flag(hdev, 6951 HCI_KEEP_DEBUG_KEYS); 6952 6953 if (cp->val == 0x02) 6954 use_changed = !hci_dev_test_and_set_flag(hdev, 6955 HCI_USE_DEBUG_KEYS); 6956 else 6957 use_changed = hci_dev_test_and_clear_flag(hdev, 6958 HCI_USE_DEBUG_KEYS); 6959 6960 if (hdev_is_powered(hdev) && use_changed && 6961 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6962 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 6963 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 6964 sizeof(mode), &mode); 6965 } 6966 6967 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 6968 if (err < 0) 6969 goto unlock; 6970 6971 if (changed) 6972 err = new_settings(hdev, sk); 6973 6974 unlock: 6975 hci_dev_unlock(hdev); 6976 return err; 6977 } 6978 6979 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 6980 u16 len) 6981 { 6982 struct mgmt_cp_set_privacy *cp = cp_data; 6983 bool changed; 6984 int err; 6985 6986 bt_dev_dbg(hdev, "sock %p", sk); 6987 6988 if (!lmp_le_capable(hdev)) 6989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6990 MGMT_STATUS_NOT_SUPPORTED); 6991 6992 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 6993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6994 MGMT_STATUS_INVALID_PARAMS); 6995 6996 if (hdev_is_powered(hdev)) 6997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6998 MGMT_STATUS_REJECTED); 6999 7000 hci_dev_lock(hdev); 7001 7002 /* If user space supports this command it is also expected to 7003 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 7004 */ 7005 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7006 7007 if (cp->privacy) { 7008 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 7009 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 7010 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 7011 hci_adv_instances_set_rpa_expired(hdev, true); 7012 if (cp->privacy == 0x02) 7013 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 7014 else 7015 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7016 } else { 7017 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 7018 memset(hdev->irk, 0, sizeof(hdev->irk)); 7019 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 7020 hci_adv_instances_set_rpa_expired(hdev, false); 7021 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 7022 } 7023 7024 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 7025 if (err < 0) 7026 goto unlock; 7027 7028 if (changed) 7029 err = new_settings(hdev, sk); 7030 7031 unlock: 7032 hci_dev_unlock(hdev); 7033 return err; 7034 } 7035 7036 static bool irk_is_valid(struct mgmt_irk_info *irk) 7037 { 7038 switch (irk->addr.type) { 7039 case BDADDR_LE_PUBLIC: 7040 return true; 7041 7042 case BDADDR_LE_RANDOM: 7043 /* Two most significant bits shall be set */ 7044 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7045 return false; 7046 return true; 7047 } 7048 7049 return false; 7050 } 7051 7052 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 7053 u16 len) 7054 { 7055 struct mgmt_cp_load_irks *cp = cp_data; 7056 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 7057 sizeof(struct mgmt_irk_info)); 7058 u16 irk_count, expected_len; 7059 int i, err; 7060 7061 bt_dev_dbg(hdev, "sock %p", sk); 7062 7063 if (!lmp_le_capable(hdev)) 7064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7065 MGMT_STATUS_NOT_SUPPORTED); 7066 7067 irk_count = __le16_to_cpu(cp->irk_count); 7068 if (irk_count > max_irk_count) { 7069 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 7070 irk_count); 7071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7072 MGMT_STATUS_INVALID_PARAMS); 7073 } 7074 7075 expected_len = struct_size(cp, irks, irk_count); 7076 if (expected_len != len) { 7077 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 7078 expected_len, len); 7079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 7080 MGMT_STATUS_INVALID_PARAMS); 7081 } 7082 7083 bt_dev_dbg(hdev, "irk_count %u", irk_count); 7084 7085 for (i = 0; i < irk_count; i++) { 7086 struct mgmt_irk_info *key = &cp->irks[i]; 7087 7088 if (!irk_is_valid(key)) 7089 return mgmt_cmd_status(sk, hdev->id, 7090 MGMT_OP_LOAD_IRKS, 7091 MGMT_STATUS_INVALID_PARAMS); 7092 } 7093 7094 hci_dev_lock(hdev); 7095 7096 hci_smp_irks_clear(hdev); 7097 7098 for (i = 0; i < irk_count; i++) { 7099 struct mgmt_irk_info *irk = &cp->irks[i]; 7100 7101 if (hci_is_blocked_key(hdev, 7102 HCI_BLOCKED_KEY_TYPE_IRK, 7103 irk->val)) { 7104 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 7105 &irk->addr.bdaddr); 7106 continue; 7107 } 7108 7109 hci_add_irk(hdev, &irk->addr.bdaddr, 7110 le_addr_type(irk->addr.type), irk->val, 7111 BDADDR_ANY); 7112 } 7113 7114 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 7115 7116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 7117 7118 hci_dev_unlock(hdev); 7119 7120 return err; 7121 } 7122 7123 static bool ltk_is_valid(struct mgmt_ltk_info *key) 7124 { 7125 if (key->initiator != 0x00 && key->initiator != 0x01) 7126 return false; 7127 7128 switch (key->addr.type) { 7129 case BDADDR_LE_PUBLIC: 7130 return true; 7131 7132 case BDADDR_LE_RANDOM: 7133 /* Two most significant bits shall be set */ 7134 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 7135 return false; 7136 return true; 7137 } 7138 7139 return false; 7140 } 7141 7142 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 7143 void *cp_data, u16 len) 7144 { 7145 struct mgmt_cp_load_long_term_keys *cp = cp_data; 7146 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 7147 sizeof(struct mgmt_ltk_info)); 7148 u16 key_count, expected_len; 7149 int i, err; 7150 7151 bt_dev_dbg(hdev, "sock %p", sk); 7152 7153 if (!lmp_le_capable(hdev)) 7154 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7155 MGMT_STATUS_NOT_SUPPORTED); 7156 7157 key_count = __le16_to_cpu(cp->key_count); 7158 if (key_count > max_key_count) { 7159 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 7160 key_count); 7161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7162 MGMT_STATUS_INVALID_PARAMS); 7163 } 7164 7165 expected_len = struct_size(cp, keys, key_count); 7166 if (expected_len != len) { 7167 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 7168 expected_len, len); 7169 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 7170 MGMT_STATUS_INVALID_PARAMS); 7171 } 7172 7173 bt_dev_dbg(hdev, "key_count %u", key_count); 7174 7175 hci_dev_lock(hdev); 7176 7177 hci_smp_ltks_clear(hdev); 7178 7179 for (i = 0; i < key_count; i++) { 7180 struct mgmt_ltk_info *key = &cp->keys[i]; 7181 u8 type, authenticated; 7182 7183 if (hci_is_blocked_key(hdev, 7184 HCI_BLOCKED_KEY_TYPE_LTK, 7185 key->val)) { 7186 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 7187 &key->addr.bdaddr); 7188 continue; 7189 } 7190 7191 if (!ltk_is_valid(key)) { 7192 bt_dev_warn(hdev, "Invalid LTK for %pMR", 7193 &key->addr.bdaddr); 7194 continue; 7195 } 7196 7197 switch (key->type) { 7198 case MGMT_LTK_UNAUTHENTICATED: 7199 authenticated = 0x00; 7200 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7201 break; 7202 case MGMT_LTK_AUTHENTICATED: 7203 authenticated = 0x01; 7204 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 7205 break; 7206 case MGMT_LTK_P256_UNAUTH: 7207 authenticated = 0x00; 7208 type = SMP_LTK_P256; 7209 break; 7210 case MGMT_LTK_P256_AUTH: 7211 authenticated = 0x01; 7212 type = SMP_LTK_P256; 7213 break; 7214 case MGMT_LTK_P256_DEBUG: 7215 authenticated = 0x00; 7216 type = SMP_LTK_P256_DEBUG; 7217 fallthrough; 7218 default: 7219 continue; 7220 } 7221 7222 hci_add_ltk(hdev, &key->addr.bdaddr, 7223 le_addr_type(key->addr.type), type, authenticated, 7224 key->val, key->enc_size, key->ediv, key->rand); 7225 } 7226 7227 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 7228 NULL, 0); 7229 7230 hci_dev_unlock(hdev); 7231 7232 return err; 7233 } 7234 7235 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err) 7236 { 7237 struct mgmt_pending_cmd *cmd = data; 7238 struct hci_conn *conn = cmd->user_data; 7239 struct mgmt_cp_get_conn_info *cp = cmd->param; 7240 struct mgmt_rp_get_conn_info rp; 7241 u8 status; 7242 7243 bt_dev_dbg(hdev, "err %d", err); 7244 7245 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr)); 7246 7247 status = mgmt_status(err); 7248 if (status == MGMT_STATUS_SUCCESS) { 7249 rp.rssi = conn->rssi; 7250 rp.tx_power = conn->tx_power; 7251 rp.max_tx_power = conn->max_tx_power; 7252 } else { 7253 rp.rssi = HCI_RSSI_INVALID; 7254 rp.tx_power = HCI_TX_POWER_INVALID; 7255 rp.max_tx_power = HCI_TX_POWER_INVALID; 7256 } 7257 7258 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status, 7259 &rp, sizeof(rp)); 7260 7261 mgmt_pending_free(cmd); 7262 } 7263 7264 static int get_conn_info_sync(struct hci_dev *hdev, void *data) 7265 { 7266 struct mgmt_pending_cmd *cmd = data; 7267 struct mgmt_cp_get_conn_info *cp = cmd->param; 7268 struct hci_conn *conn; 7269 int err; 7270 __le16 handle; 7271 7272 /* Make sure we are still connected */ 7273 if (cp->addr.type == BDADDR_BREDR) 7274 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7275 &cp->addr.bdaddr); 7276 else 7277 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7278 7279 if (!conn || conn->state != BT_CONNECTED) 7280 return MGMT_STATUS_NOT_CONNECTED; 7281 7282 cmd->user_data = conn; 7283 handle = cpu_to_le16(conn->handle); 7284 7285 /* Refresh RSSI each time */ 7286 err = hci_read_rssi_sync(hdev, handle); 7287 7288 /* For LE links TX power does not change thus we don't need to 7289 * query for it once value is known. 7290 */ 7291 if (!err && (!bdaddr_type_is_le(cp->addr.type) || 7292 conn->tx_power == HCI_TX_POWER_INVALID)) 7293 err = hci_read_tx_power_sync(hdev, handle, 0x00); 7294 7295 /* Max TX power needs to be read only once per connection */ 7296 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID) 7297 err = hci_read_tx_power_sync(hdev, handle, 0x01); 7298 7299 return err; 7300 } 7301 7302 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 7303 u16 len) 7304 { 7305 struct mgmt_cp_get_conn_info *cp = data; 7306 struct mgmt_rp_get_conn_info rp; 7307 struct hci_conn *conn; 7308 unsigned long conn_info_age; 7309 int err = 0; 7310 7311 bt_dev_dbg(hdev, "sock %p", sk); 7312 7313 memset(&rp, 0, sizeof(rp)); 7314 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7315 rp.addr.type = cp->addr.type; 7316 7317 if (!bdaddr_type_is_valid(cp->addr.type)) 7318 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7319 MGMT_STATUS_INVALID_PARAMS, 7320 &rp, sizeof(rp)); 7321 7322 hci_dev_lock(hdev); 7323 7324 if (!hdev_is_powered(hdev)) { 7325 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7326 MGMT_STATUS_NOT_POWERED, &rp, 7327 sizeof(rp)); 7328 goto unlock; 7329 } 7330 7331 if (cp->addr.type == BDADDR_BREDR) 7332 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7333 &cp->addr.bdaddr); 7334 else 7335 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 7336 7337 if (!conn || conn->state != BT_CONNECTED) { 7338 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7339 MGMT_STATUS_NOT_CONNECTED, &rp, 7340 sizeof(rp)); 7341 goto unlock; 7342 } 7343 7344 /* To avoid client trying to guess when to poll again for information we 7345 * calculate conn info age as random value between min/max set in hdev. 7346 */ 7347 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age, 7348 hdev->conn_info_max_age - 1); 7349 7350 /* Query controller to refresh cached values if they are too old or were 7351 * never read. 7352 */ 7353 if (time_after(jiffies, conn->conn_info_timestamp + 7354 msecs_to_jiffies(conn_info_age)) || 7355 !conn->conn_info_timestamp) { 7356 struct mgmt_pending_cmd *cmd; 7357 7358 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data, 7359 len); 7360 if (!cmd) { 7361 err = -ENOMEM; 7362 } else { 7363 err = hci_cmd_sync_queue(hdev, get_conn_info_sync, 7364 cmd, get_conn_info_complete); 7365 } 7366 7367 if (err < 0) { 7368 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7369 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7370 7371 if (cmd) 7372 mgmt_pending_free(cmd); 7373 7374 goto unlock; 7375 } 7376 7377 conn->conn_info_timestamp = jiffies; 7378 } else { 7379 /* Cache is valid, just reply with values cached in hci_conn */ 7380 rp.rssi = conn->rssi; 7381 rp.tx_power = conn->tx_power; 7382 rp.max_tx_power = conn->max_tx_power; 7383 7384 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 7385 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 7386 } 7387 7388 unlock: 7389 hci_dev_unlock(hdev); 7390 return err; 7391 } 7392 7393 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err) 7394 { 7395 struct mgmt_pending_cmd *cmd = data; 7396 struct mgmt_cp_get_clock_info *cp = cmd->param; 7397 struct mgmt_rp_get_clock_info rp; 7398 struct hci_conn *conn = cmd->user_data; 7399 u8 status = mgmt_status(err); 7400 7401 bt_dev_dbg(hdev, "err %d", err); 7402 7403 memset(&rp, 0, sizeof(rp)); 7404 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7405 rp.addr.type = cp->addr.type; 7406 7407 if (err) 7408 goto complete; 7409 7410 rp.local_clock = cpu_to_le32(hdev->clock); 7411 7412 if (conn) { 7413 rp.piconet_clock = cpu_to_le32(conn->clock); 7414 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 7415 } 7416 7417 complete: 7418 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 7419 sizeof(rp)); 7420 7421 mgmt_pending_free(cmd); 7422 } 7423 7424 static int get_clock_info_sync(struct hci_dev *hdev, void *data) 7425 { 7426 struct mgmt_pending_cmd *cmd = data; 7427 struct mgmt_cp_get_clock_info *cp = cmd->param; 7428 struct hci_cp_read_clock hci_cp; 7429 struct hci_conn *conn; 7430 7431 memset(&hci_cp, 0, sizeof(hci_cp)); 7432 hci_read_clock_sync(hdev, &hci_cp); 7433 7434 /* Make sure connection still exists */ 7435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 7436 if (!conn || conn->state != BT_CONNECTED) 7437 return MGMT_STATUS_NOT_CONNECTED; 7438 7439 cmd->user_data = conn; 7440 hci_cp.handle = cpu_to_le16(conn->handle); 7441 hci_cp.which = 0x01; /* Piconet clock */ 7442 7443 return hci_read_clock_sync(hdev, &hci_cp); 7444 } 7445 7446 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 7447 u16 len) 7448 { 7449 struct mgmt_cp_get_clock_info *cp = data; 7450 struct mgmt_rp_get_clock_info rp; 7451 struct mgmt_pending_cmd *cmd; 7452 struct hci_conn *conn; 7453 int err; 7454 7455 bt_dev_dbg(hdev, "sock %p", sk); 7456 7457 memset(&rp, 0, sizeof(rp)); 7458 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 7459 rp.addr.type = cp->addr.type; 7460 7461 if (cp->addr.type != BDADDR_BREDR) 7462 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7463 MGMT_STATUS_INVALID_PARAMS, 7464 &rp, sizeof(rp)); 7465 7466 hci_dev_lock(hdev); 7467 7468 if (!hdev_is_powered(hdev)) { 7469 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7470 MGMT_STATUS_NOT_POWERED, &rp, 7471 sizeof(rp)); 7472 goto unlock; 7473 } 7474 7475 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7476 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 7477 &cp->addr.bdaddr); 7478 if (!conn || conn->state != BT_CONNECTED) { 7479 err = mgmt_cmd_complete(sk, hdev->id, 7480 MGMT_OP_GET_CLOCK_INFO, 7481 MGMT_STATUS_NOT_CONNECTED, 7482 &rp, sizeof(rp)); 7483 goto unlock; 7484 } 7485 } else { 7486 conn = NULL; 7487 } 7488 7489 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 7490 if (!cmd) 7491 err = -ENOMEM; 7492 else 7493 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd, 7494 get_clock_info_complete); 7495 7496 if (err < 0) { 7497 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 7498 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 7499 7500 if (cmd) 7501 mgmt_pending_free(cmd); 7502 } 7503 7504 7505 unlock: 7506 hci_dev_unlock(hdev); 7507 return err; 7508 } 7509 7510 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 7511 { 7512 struct hci_conn *conn; 7513 7514 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 7515 if (!conn) 7516 return false; 7517 7518 if (conn->dst_type != type) 7519 return false; 7520 7521 if (conn->state != BT_CONNECTED) 7522 return false; 7523 7524 return true; 7525 } 7526 7527 /* This function requires the caller holds hdev->lock */ 7528 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 7529 u8 addr_type, u8 auto_connect) 7530 { 7531 struct hci_conn_params *params; 7532 7533 params = hci_conn_params_add(hdev, addr, addr_type); 7534 if (!params) 7535 return -EIO; 7536 7537 if (params->auto_connect == auto_connect) 7538 return 0; 7539 7540 hci_pend_le_list_del_init(params); 7541 7542 switch (auto_connect) { 7543 case HCI_AUTO_CONN_DISABLED: 7544 case HCI_AUTO_CONN_LINK_LOSS: 7545 /* If auto connect is being disabled when we're trying to 7546 * connect to device, keep connecting. 7547 */ 7548 if (params->explicit_connect) 7549 hci_pend_le_list_add(params, &hdev->pend_le_conns); 7550 break; 7551 case HCI_AUTO_CONN_REPORT: 7552 if (params->explicit_connect) 7553 hci_pend_le_list_add(params, &hdev->pend_le_conns); 7554 else 7555 hci_pend_le_list_add(params, &hdev->pend_le_reports); 7556 break; 7557 case HCI_AUTO_CONN_DIRECT: 7558 case HCI_AUTO_CONN_ALWAYS: 7559 if (!is_connected(hdev, addr, addr_type)) 7560 hci_pend_le_list_add(params, &hdev->pend_le_conns); 7561 break; 7562 } 7563 7564 params->auto_connect = auto_connect; 7565 7566 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 7567 addr, addr_type, auto_connect); 7568 7569 return 0; 7570 } 7571 7572 static void device_added(struct sock *sk, struct hci_dev *hdev, 7573 bdaddr_t *bdaddr, u8 type, u8 action) 7574 { 7575 struct mgmt_ev_device_added ev; 7576 7577 bacpy(&ev.addr.bdaddr, bdaddr); 7578 ev.addr.type = type; 7579 ev.action = action; 7580 7581 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 7582 } 7583 7584 static int add_device_sync(struct hci_dev *hdev, void *data) 7585 { 7586 return hci_update_passive_scan_sync(hdev); 7587 } 7588 7589 static int add_device(struct sock *sk, struct hci_dev *hdev, 7590 void *data, u16 len) 7591 { 7592 struct mgmt_cp_add_device *cp = data; 7593 u8 auto_conn, addr_type; 7594 struct hci_conn_params *params; 7595 int err; 7596 u32 current_flags = 0; 7597 u32 supported_flags; 7598 7599 bt_dev_dbg(hdev, "sock %p", sk); 7600 7601 if (!bdaddr_type_is_valid(cp->addr.type) || 7602 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 7603 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7604 MGMT_STATUS_INVALID_PARAMS, 7605 &cp->addr, sizeof(cp->addr)); 7606 7607 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 7608 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7609 MGMT_STATUS_INVALID_PARAMS, 7610 &cp->addr, sizeof(cp->addr)); 7611 7612 hci_dev_lock(hdev); 7613 7614 if (cp->addr.type == BDADDR_BREDR) { 7615 /* Only incoming connections action is supported for now */ 7616 if (cp->action != 0x01) { 7617 err = mgmt_cmd_complete(sk, hdev->id, 7618 MGMT_OP_ADD_DEVICE, 7619 MGMT_STATUS_INVALID_PARAMS, 7620 &cp->addr, sizeof(cp->addr)); 7621 goto unlock; 7622 } 7623 7624 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list, 7625 &cp->addr.bdaddr, 7626 cp->addr.type, 0); 7627 if (err) 7628 goto unlock; 7629 7630 hci_update_scan(hdev); 7631 7632 goto added; 7633 } 7634 7635 addr_type = le_addr_type(cp->addr.type); 7636 7637 if (cp->action == 0x02) 7638 auto_conn = HCI_AUTO_CONN_ALWAYS; 7639 else if (cp->action == 0x01) 7640 auto_conn = HCI_AUTO_CONN_DIRECT; 7641 else 7642 auto_conn = HCI_AUTO_CONN_REPORT; 7643 7644 /* Kernel internally uses conn_params with resolvable private 7645 * address, but Add Device allows only identity addresses. 7646 * Make sure it is enforced before calling 7647 * hci_conn_params_lookup. 7648 */ 7649 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7651 MGMT_STATUS_INVALID_PARAMS, 7652 &cp->addr, sizeof(cp->addr)); 7653 goto unlock; 7654 } 7655 7656 /* If the connection parameters don't exist for this device, 7657 * they will be created and configured with defaults. 7658 */ 7659 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7660 auto_conn) < 0) { 7661 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7662 MGMT_STATUS_FAILED, &cp->addr, 7663 sizeof(cp->addr)); 7664 goto unlock; 7665 } else { 7666 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7667 addr_type); 7668 if (params) 7669 current_flags = params->flags; 7670 } 7671 7672 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL); 7673 if (err < 0) 7674 goto unlock; 7675 7676 added: 7677 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 7678 supported_flags = hdev->conn_flags; 7679 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 7680 supported_flags, current_flags); 7681 7682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7683 MGMT_STATUS_SUCCESS, &cp->addr, 7684 sizeof(cp->addr)); 7685 7686 unlock: 7687 hci_dev_unlock(hdev); 7688 return err; 7689 } 7690 7691 static void device_removed(struct sock *sk, struct hci_dev *hdev, 7692 bdaddr_t *bdaddr, u8 type) 7693 { 7694 struct mgmt_ev_device_removed ev; 7695 7696 bacpy(&ev.addr.bdaddr, bdaddr); 7697 ev.addr.type = type; 7698 7699 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 7700 } 7701 7702 static int remove_device_sync(struct hci_dev *hdev, void *data) 7703 { 7704 return hci_update_passive_scan_sync(hdev); 7705 } 7706 7707 static int remove_device(struct sock *sk, struct hci_dev *hdev, 7708 void *data, u16 len) 7709 { 7710 struct mgmt_cp_remove_device *cp = data; 7711 int err; 7712 7713 bt_dev_dbg(hdev, "sock %p", sk); 7714 7715 hci_dev_lock(hdev); 7716 7717 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7718 struct hci_conn_params *params; 7719 u8 addr_type; 7720 7721 if (!bdaddr_type_is_valid(cp->addr.type)) { 7722 err = mgmt_cmd_complete(sk, hdev->id, 7723 MGMT_OP_REMOVE_DEVICE, 7724 MGMT_STATUS_INVALID_PARAMS, 7725 &cp->addr, sizeof(cp->addr)); 7726 goto unlock; 7727 } 7728 7729 if (cp->addr.type == BDADDR_BREDR) { 7730 err = hci_bdaddr_list_del(&hdev->accept_list, 7731 &cp->addr.bdaddr, 7732 cp->addr.type); 7733 if (err) { 7734 err = mgmt_cmd_complete(sk, hdev->id, 7735 MGMT_OP_REMOVE_DEVICE, 7736 MGMT_STATUS_INVALID_PARAMS, 7737 &cp->addr, 7738 sizeof(cp->addr)); 7739 goto unlock; 7740 } 7741 7742 hci_update_scan(hdev); 7743 7744 device_removed(sk, hdev, &cp->addr.bdaddr, 7745 cp->addr.type); 7746 goto complete; 7747 } 7748 7749 addr_type = le_addr_type(cp->addr.type); 7750 7751 /* Kernel internally uses conn_params with resolvable private 7752 * address, but Remove Device allows only identity addresses. 7753 * Make sure it is enforced before calling 7754 * hci_conn_params_lookup. 7755 */ 7756 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7757 err = mgmt_cmd_complete(sk, hdev->id, 7758 MGMT_OP_REMOVE_DEVICE, 7759 MGMT_STATUS_INVALID_PARAMS, 7760 &cp->addr, sizeof(cp->addr)); 7761 goto unlock; 7762 } 7763 7764 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7765 addr_type); 7766 if (!params) { 7767 err = mgmt_cmd_complete(sk, hdev->id, 7768 MGMT_OP_REMOVE_DEVICE, 7769 MGMT_STATUS_INVALID_PARAMS, 7770 &cp->addr, sizeof(cp->addr)); 7771 goto unlock; 7772 } 7773 7774 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 7775 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 7776 err = mgmt_cmd_complete(sk, hdev->id, 7777 MGMT_OP_REMOVE_DEVICE, 7778 MGMT_STATUS_INVALID_PARAMS, 7779 &cp->addr, sizeof(cp->addr)); 7780 goto unlock; 7781 } 7782 7783 hci_conn_params_free(params); 7784 7785 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 7786 } else { 7787 struct hci_conn_params *p, *tmp; 7788 struct bdaddr_list *b, *btmp; 7789 7790 if (cp->addr.type) { 7791 err = mgmt_cmd_complete(sk, hdev->id, 7792 MGMT_OP_REMOVE_DEVICE, 7793 MGMT_STATUS_INVALID_PARAMS, 7794 &cp->addr, sizeof(cp->addr)); 7795 goto unlock; 7796 } 7797 7798 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) { 7799 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 7800 list_del(&b->list); 7801 kfree(b); 7802 } 7803 7804 hci_update_scan(hdev); 7805 7806 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 7807 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 7808 continue; 7809 device_removed(sk, hdev, &p->addr, p->addr_type); 7810 if (p->explicit_connect) { 7811 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 7812 continue; 7813 } 7814 hci_conn_params_free(p); 7815 } 7816 7817 bt_dev_dbg(hdev, "All LE connection parameters were removed"); 7818 } 7819 7820 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL); 7821 7822 complete: 7823 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 7824 MGMT_STATUS_SUCCESS, &cp->addr, 7825 sizeof(cp->addr)); 7826 unlock: 7827 hci_dev_unlock(hdev); 7828 return err; 7829 } 7830 7831 static int conn_update_sync(struct hci_dev *hdev, void *data) 7832 { 7833 struct hci_conn_params *params = data; 7834 struct hci_conn *conn; 7835 7836 conn = hci_conn_hash_lookup_le(hdev, ¶ms->addr, params->addr_type); 7837 if (!conn) 7838 return -ECANCELED; 7839 7840 return hci_le_conn_update_sync(hdev, conn, params); 7841 } 7842 7843 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 7844 u16 len) 7845 { 7846 struct mgmt_cp_load_conn_param *cp = data; 7847 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 7848 sizeof(struct mgmt_conn_param)); 7849 u16 param_count, expected_len; 7850 int i; 7851 7852 if (!lmp_le_capable(hdev)) 7853 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7854 MGMT_STATUS_NOT_SUPPORTED); 7855 7856 param_count = __le16_to_cpu(cp->param_count); 7857 if (param_count > max_param_count) { 7858 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 7859 param_count); 7860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7861 MGMT_STATUS_INVALID_PARAMS); 7862 } 7863 7864 expected_len = struct_size(cp, params, param_count); 7865 if (expected_len != len) { 7866 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 7867 expected_len, len); 7868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7869 MGMT_STATUS_INVALID_PARAMS); 7870 } 7871 7872 bt_dev_dbg(hdev, "param_count %u", param_count); 7873 7874 hci_dev_lock(hdev); 7875 7876 if (param_count > 1) 7877 hci_conn_params_clear_disabled(hdev); 7878 7879 for (i = 0; i < param_count; i++) { 7880 struct mgmt_conn_param *param = &cp->params[i]; 7881 struct hci_conn_params *hci_param; 7882 u16 min, max, latency, timeout; 7883 bool update = false; 7884 u8 addr_type; 7885 7886 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr, 7887 param->addr.type); 7888 7889 if (param->addr.type == BDADDR_LE_PUBLIC) { 7890 addr_type = ADDR_LE_DEV_PUBLIC; 7891 } else if (param->addr.type == BDADDR_LE_RANDOM) { 7892 addr_type = ADDR_LE_DEV_RANDOM; 7893 } else { 7894 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7895 continue; 7896 } 7897 7898 min = le16_to_cpu(param->min_interval); 7899 max = le16_to_cpu(param->max_interval); 7900 latency = le16_to_cpu(param->latency); 7901 timeout = le16_to_cpu(param->timeout); 7902 7903 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 7904 min, max, latency, timeout); 7905 7906 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 7907 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7908 continue; 7909 } 7910 7911 /* Detect when the loading is for an existing parameter then 7912 * attempt to trigger the connection update procedure. 7913 */ 7914 if (!i && param_count == 1) { 7915 hci_param = hci_conn_params_lookup(hdev, 7916 ¶m->addr.bdaddr, 7917 addr_type); 7918 if (hci_param) 7919 update = true; 7920 else 7921 hci_conn_params_clear_disabled(hdev); 7922 } 7923 7924 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 7925 addr_type); 7926 if (!hci_param) { 7927 bt_dev_err(hdev, "failed to add connection parameters"); 7928 continue; 7929 } 7930 7931 hci_param->conn_min_interval = min; 7932 hci_param->conn_max_interval = max; 7933 hci_param->conn_latency = latency; 7934 hci_param->supervision_timeout = timeout; 7935 7936 /* Check if we need to trigger a connection update */ 7937 if (update) { 7938 struct hci_conn *conn; 7939 7940 /* Lookup for existing connection as central and check 7941 * if parameters match and if they don't then trigger 7942 * a connection update. 7943 */ 7944 conn = hci_conn_hash_lookup_le(hdev, &hci_param->addr, 7945 addr_type); 7946 if (conn && conn->role == HCI_ROLE_MASTER && 7947 (conn->le_conn_min_interval != min || 7948 conn->le_conn_max_interval != max || 7949 conn->le_conn_latency != latency || 7950 conn->le_supv_timeout != timeout)) 7951 hci_cmd_sync_queue(hdev, conn_update_sync, 7952 hci_param, NULL); 7953 } 7954 } 7955 7956 hci_dev_unlock(hdev); 7957 7958 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 7959 NULL, 0); 7960 } 7961 7962 static int set_external_config(struct sock *sk, struct hci_dev *hdev, 7963 void *data, u16 len) 7964 { 7965 struct mgmt_cp_set_external_config *cp = data; 7966 bool changed; 7967 int err; 7968 7969 bt_dev_dbg(hdev, "sock %p", sk); 7970 7971 if (hdev_is_powered(hdev)) 7972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7973 MGMT_STATUS_REJECTED); 7974 7975 if (cp->config != 0x00 && cp->config != 0x01) 7976 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7977 MGMT_STATUS_INVALID_PARAMS); 7978 7979 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 7980 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7981 MGMT_STATUS_NOT_SUPPORTED); 7982 7983 hci_dev_lock(hdev); 7984 7985 if (cp->config) 7986 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 7987 else 7988 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 7989 7990 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 7991 if (err < 0) 7992 goto unlock; 7993 7994 if (!changed) 7995 goto unlock; 7996 7997 err = new_options(hdev, sk); 7998 7999 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 8000 mgmt_index_removed(hdev); 8001 8002 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 8003 hci_dev_set_flag(hdev, HCI_CONFIG); 8004 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 8005 8006 queue_work(hdev->req_workqueue, &hdev->power_on); 8007 } else { 8008 set_bit(HCI_RAW, &hdev->flags); 8009 mgmt_index_added(hdev); 8010 } 8011 } 8012 8013 unlock: 8014 hci_dev_unlock(hdev); 8015 return err; 8016 } 8017 8018 static int set_public_address(struct sock *sk, struct hci_dev *hdev, 8019 void *data, u16 len) 8020 { 8021 struct mgmt_cp_set_public_address *cp = data; 8022 bool changed; 8023 int err; 8024 8025 bt_dev_dbg(hdev, "sock %p", sk); 8026 8027 if (hdev_is_powered(hdev)) 8028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8029 MGMT_STATUS_REJECTED); 8030 8031 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 8032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8033 MGMT_STATUS_INVALID_PARAMS); 8034 8035 if (!hdev->set_bdaddr) 8036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 8037 MGMT_STATUS_NOT_SUPPORTED); 8038 8039 hci_dev_lock(hdev); 8040 8041 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 8042 bacpy(&hdev->public_addr, &cp->bdaddr); 8043 8044 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 8045 if (err < 0) 8046 goto unlock; 8047 8048 if (!changed) 8049 goto unlock; 8050 8051 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 8052 err = new_options(hdev, sk); 8053 8054 if (is_configured(hdev)) { 8055 mgmt_index_removed(hdev); 8056 8057 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 8058 8059 hci_dev_set_flag(hdev, HCI_CONFIG); 8060 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 8061 8062 queue_work(hdev->req_workqueue, &hdev->power_on); 8063 } 8064 8065 unlock: 8066 hci_dev_unlock(hdev); 8067 return err; 8068 } 8069 8070 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data, 8071 int err) 8072 { 8073 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 8074 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 8075 u8 *h192, *r192, *h256, *r256; 8076 struct mgmt_pending_cmd *cmd = data; 8077 struct sk_buff *skb = cmd->skb; 8078 u8 status = mgmt_status(err); 8079 u16 eir_len; 8080 8081 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev)) 8082 return; 8083 8084 if (!status) { 8085 if (!skb) 8086 status = MGMT_STATUS_FAILED; 8087 else if (IS_ERR(skb)) 8088 status = mgmt_status(PTR_ERR(skb)); 8089 else 8090 status = mgmt_status(skb->data[0]); 8091 } 8092 8093 bt_dev_dbg(hdev, "status %u", status); 8094 8095 mgmt_cp = cmd->param; 8096 8097 if (status) { 8098 status = mgmt_status(status); 8099 eir_len = 0; 8100 8101 h192 = NULL; 8102 r192 = NULL; 8103 h256 = NULL; 8104 r256 = NULL; 8105 } else if (!bredr_sc_enabled(hdev)) { 8106 struct hci_rp_read_local_oob_data *rp; 8107 8108 if (skb->len != sizeof(*rp)) { 8109 status = MGMT_STATUS_FAILED; 8110 eir_len = 0; 8111 } else { 8112 status = MGMT_STATUS_SUCCESS; 8113 rp = (void *)skb->data; 8114 8115 eir_len = 5 + 18 + 18; 8116 h192 = rp->hash; 8117 r192 = rp->rand; 8118 h256 = NULL; 8119 r256 = NULL; 8120 } 8121 } else { 8122 struct hci_rp_read_local_oob_ext_data *rp; 8123 8124 if (skb->len != sizeof(*rp)) { 8125 status = MGMT_STATUS_FAILED; 8126 eir_len = 0; 8127 } else { 8128 status = MGMT_STATUS_SUCCESS; 8129 rp = (void *)skb->data; 8130 8131 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 8132 eir_len = 5 + 18 + 18; 8133 h192 = NULL; 8134 r192 = NULL; 8135 } else { 8136 eir_len = 5 + 18 + 18 + 18 + 18; 8137 h192 = rp->hash192; 8138 r192 = rp->rand192; 8139 } 8140 8141 h256 = rp->hash256; 8142 r256 = rp->rand256; 8143 } 8144 } 8145 8146 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 8147 if (!mgmt_rp) 8148 goto done; 8149 8150 if (eir_len == 0) 8151 goto send_rsp; 8152 8153 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 8154 hdev->dev_class, 3); 8155 8156 if (h192 && r192) { 8157 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8158 EIR_SSP_HASH_C192, h192, 16); 8159 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8160 EIR_SSP_RAND_R192, r192, 16); 8161 } 8162 8163 if (h256 && r256) { 8164 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8165 EIR_SSP_HASH_C256, h256, 16); 8166 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 8167 EIR_SSP_RAND_R256, r256, 16); 8168 } 8169 8170 send_rsp: 8171 mgmt_rp->type = mgmt_cp->type; 8172 mgmt_rp->eir_len = cpu_to_le16(eir_len); 8173 8174 err = mgmt_cmd_complete(cmd->sk, hdev->id, 8175 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 8176 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 8177 if (err < 0 || status) 8178 goto done; 8179 8180 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 8181 8182 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8183 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 8184 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 8185 done: 8186 if (skb && !IS_ERR(skb)) 8187 kfree_skb(skb); 8188 8189 kfree(mgmt_rp); 8190 mgmt_pending_remove(cmd); 8191 } 8192 8193 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 8194 struct mgmt_cp_read_local_oob_ext_data *cp) 8195 { 8196 struct mgmt_pending_cmd *cmd; 8197 int err; 8198 8199 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 8200 cp, sizeof(*cp)); 8201 if (!cmd) 8202 return -ENOMEM; 8203 8204 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 8205 read_local_oob_ext_data_complete); 8206 8207 if (err < 0) { 8208 mgmt_pending_remove(cmd); 8209 return err; 8210 } 8211 8212 return 0; 8213 } 8214 8215 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 8216 void *data, u16 data_len) 8217 { 8218 struct mgmt_cp_read_local_oob_ext_data *cp = data; 8219 struct mgmt_rp_read_local_oob_ext_data *rp; 8220 size_t rp_len; 8221 u16 eir_len; 8222 u8 status, flags, role, addr[7], hash[16], rand[16]; 8223 int err; 8224 8225 bt_dev_dbg(hdev, "sock %p", sk); 8226 8227 if (hdev_is_powered(hdev)) { 8228 switch (cp->type) { 8229 case BIT(BDADDR_BREDR): 8230 status = mgmt_bredr_support(hdev); 8231 if (status) 8232 eir_len = 0; 8233 else 8234 eir_len = 5; 8235 break; 8236 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8237 status = mgmt_le_support(hdev); 8238 if (status) 8239 eir_len = 0; 8240 else 8241 eir_len = 9 + 3 + 18 + 18 + 3; 8242 break; 8243 default: 8244 status = MGMT_STATUS_INVALID_PARAMS; 8245 eir_len = 0; 8246 break; 8247 } 8248 } else { 8249 status = MGMT_STATUS_NOT_POWERED; 8250 eir_len = 0; 8251 } 8252 8253 rp_len = sizeof(*rp) + eir_len; 8254 rp = kmalloc(rp_len, GFP_ATOMIC); 8255 if (!rp) 8256 return -ENOMEM; 8257 8258 if (!status && !lmp_ssp_capable(hdev)) { 8259 status = MGMT_STATUS_NOT_SUPPORTED; 8260 eir_len = 0; 8261 } 8262 8263 if (status) 8264 goto complete; 8265 8266 hci_dev_lock(hdev); 8267 8268 eir_len = 0; 8269 switch (cp->type) { 8270 case BIT(BDADDR_BREDR): 8271 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 8272 err = read_local_ssp_oob_req(hdev, sk, cp); 8273 hci_dev_unlock(hdev); 8274 if (!err) 8275 goto done; 8276 8277 status = MGMT_STATUS_FAILED; 8278 goto complete; 8279 } else { 8280 eir_len = eir_append_data(rp->eir, eir_len, 8281 EIR_CLASS_OF_DEV, 8282 hdev->dev_class, 3); 8283 } 8284 break; 8285 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 8286 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 8287 smp_generate_oob(hdev, hash, rand) < 0) { 8288 hci_dev_unlock(hdev); 8289 status = MGMT_STATUS_FAILED; 8290 goto complete; 8291 } 8292 8293 /* This should return the active RPA, but since the RPA 8294 * is only programmed on demand, it is really hard to fill 8295 * this in at the moment. For now disallow retrieving 8296 * local out-of-band data when privacy is in use. 8297 * 8298 * Returning the identity address will not help here since 8299 * pairing happens before the identity resolving key is 8300 * known and thus the connection establishment happens 8301 * based on the RPA and not the identity address. 8302 */ 8303 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 8304 hci_dev_unlock(hdev); 8305 status = MGMT_STATUS_REJECTED; 8306 goto complete; 8307 } 8308 8309 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 8310 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 8311 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 8312 bacmp(&hdev->static_addr, BDADDR_ANY))) { 8313 memcpy(addr, &hdev->static_addr, 6); 8314 addr[6] = 0x01; 8315 } else { 8316 memcpy(addr, &hdev->bdaddr, 6); 8317 addr[6] = 0x00; 8318 } 8319 8320 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 8321 addr, sizeof(addr)); 8322 8323 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 8324 role = 0x02; 8325 else 8326 role = 0x01; 8327 8328 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 8329 &role, sizeof(role)); 8330 8331 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 8332 eir_len = eir_append_data(rp->eir, eir_len, 8333 EIR_LE_SC_CONFIRM, 8334 hash, sizeof(hash)); 8335 8336 eir_len = eir_append_data(rp->eir, eir_len, 8337 EIR_LE_SC_RANDOM, 8338 rand, sizeof(rand)); 8339 } 8340 8341 flags = mgmt_get_adv_discov_flags(hdev); 8342 8343 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 8344 flags |= LE_AD_NO_BREDR; 8345 8346 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 8347 &flags, sizeof(flags)); 8348 break; 8349 } 8350 8351 hci_dev_unlock(hdev); 8352 8353 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 8354 8355 status = MGMT_STATUS_SUCCESS; 8356 8357 complete: 8358 rp->type = cp->type; 8359 rp->eir_len = cpu_to_le16(eir_len); 8360 8361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 8362 status, rp, sizeof(*rp) + eir_len); 8363 if (err < 0 || status) 8364 goto done; 8365 8366 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 8367 rp, sizeof(*rp) + eir_len, 8368 HCI_MGMT_OOB_DATA_EVENTS, sk); 8369 8370 done: 8371 kfree(rp); 8372 8373 return err; 8374 } 8375 8376 static u32 get_supported_adv_flags(struct hci_dev *hdev) 8377 { 8378 u32 flags = 0; 8379 8380 flags |= MGMT_ADV_FLAG_CONNECTABLE; 8381 flags |= MGMT_ADV_FLAG_DISCOV; 8382 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 8383 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 8384 flags |= MGMT_ADV_FLAG_APPEARANCE; 8385 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 8386 flags |= MGMT_ADV_PARAM_DURATION; 8387 flags |= MGMT_ADV_PARAM_TIMEOUT; 8388 flags |= MGMT_ADV_PARAM_INTERVALS; 8389 flags |= MGMT_ADV_PARAM_TX_POWER; 8390 flags |= MGMT_ADV_PARAM_SCAN_RSP; 8391 8392 /* In extended adv TX_POWER returned from Set Adv Param 8393 * will be always valid. 8394 */ 8395 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev)) 8396 flags |= MGMT_ADV_FLAG_TX_POWER; 8397 8398 if (ext_adv_capable(hdev)) { 8399 flags |= MGMT_ADV_FLAG_SEC_1M; 8400 flags |= MGMT_ADV_FLAG_HW_OFFLOAD; 8401 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER; 8402 8403 if (le_2m_capable(hdev)) 8404 flags |= MGMT_ADV_FLAG_SEC_2M; 8405 8406 if (le_coded_capable(hdev)) 8407 flags |= MGMT_ADV_FLAG_SEC_CODED; 8408 } 8409 8410 return flags; 8411 } 8412 8413 static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 8414 void *data, u16 data_len) 8415 { 8416 struct mgmt_rp_read_adv_features *rp; 8417 size_t rp_len; 8418 int err; 8419 struct adv_info *adv_instance; 8420 u32 supported_flags; 8421 u8 *instance; 8422 8423 bt_dev_dbg(hdev, "sock %p", sk); 8424 8425 if (!lmp_le_capable(hdev)) 8426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8427 MGMT_STATUS_REJECTED); 8428 8429 hci_dev_lock(hdev); 8430 8431 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 8432 rp = kmalloc(rp_len, GFP_ATOMIC); 8433 if (!rp) { 8434 hci_dev_unlock(hdev); 8435 return -ENOMEM; 8436 } 8437 8438 supported_flags = get_supported_adv_flags(hdev); 8439 8440 rp->supported_flags = cpu_to_le32(supported_flags); 8441 rp->max_adv_data_len = max_adv_len(hdev); 8442 rp->max_scan_rsp_len = max_adv_len(hdev); 8443 rp->max_instances = hdev->le_num_of_adv_sets; 8444 rp->num_instances = hdev->adv_instance_cnt; 8445 8446 instance = rp->instance; 8447 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 8448 /* Only instances 1-le_num_of_adv_sets are externally visible */ 8449 if (adv_instance->instance <= hdev->adv_instance_cnt) { 8450 *instance = adv_instance->instance; 8451 instance++; 8452 } else { 8453 rp->num_instances--; 8454 rp_len--; 8455 } 8456 } 8457 8458 hci_dev_unlock(hdev); 8459 8460 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 8461 MGMT_STATUS_SUCCESS, rp, rp_len); 8462 8463 kfree(rp); 8464 8465 return err; 8466 } 8467 8468 static u8 calculate_name_len(struct hci_dev *hdev) 8469 { 8470 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 2]; /* len + type + name */ 8471 8472 return eir_append_local_name(hdev, buf, 0); 8473 } 8474 8475 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 8476 bool is_adv_data) 8477 { 8478 u8 max_len = max_adv_len(hdev); 8479 8480 if (is_adv_data) { 8481 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 8482 MGMT_ADV_FLAG_LIMITED_DISCOV | 8483 MGMT_ADV_FLAG_MANAGED_FLAGS)) 8484 max_len -= 3; 8485 8486 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 8487 max_len -= 3; 8488 } else { 8489 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 8490 max_len -= calculate_name_len(hdev); 8491 8492 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 8493 max_len -= 4; 8494 } 8495 8496 return max_len; 8497 } 8498 8499 static bool flags_managed(u32 adv_flags) 8500 { 8501 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 8502 MGMT_ADV_FLAG_LIMITED_DISCOV | 8503 MGMT_ADV_FLAG_MANAGED_FLAGS); 8504 } 8505 8506 static bool tx_power_managed(u32 adv_flags) 8507 { 8508 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 8509 } 8510 8511 static bool name_managed(u32 adv_flags) 8512 { 8513 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 8514 } 8515 8516 static bool appearance_managed(u32 adv_flags) 8517 { 8518 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 8519 } 8520 8521 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 8522 u8 len, bool is_adv_data) 8523 { 8524 int i, cur_len; 8525 u8 max_len; 8526 8527 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 8528 8529 if (len > max_len) 8530 return false; 8531 8532 /* Make sure that the data is correctly formatted. */ 8533 for (i = 0; i < len; i += (cur_len + 1)) { 8534 cur_len = data[i]; 8535 8536 if (!cur_len) 8537 continue; 8538 8539 if (data[i + 1] == EIR_FLAGS && 8540 (!is_adv_data || flags_managed(adv_flags))) 8541 return false; 8542 8543 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 8544 return false; 8545 8546 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 8547 return false; 8548 8549 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 8550 return false; 8551 8552 if (data[i + 1] == EIR_APPEARANCE && 8553 appearance_managed(adv_flags)) 8554 return false; 8555 8556 /* If the current field length would exceed the total data 8557 * length, then it's invalid. 8558 */ 8559 if (i + cur_len >= len) 8560 return false; 8561 } 8562 8563 return true; 8564 } 8565 8566 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags) 8567 { 8568 u32 supported_flags, phy_flags; 8569 8570 /* The current implementation only supports a subset of the specified 8571 * flags. Also need to check mutual exclusiveness of sec flags. 8572 */ 8573 supported_flags = get_supported_adv_flags(hdev); 8574 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK; 8575 if (adv_flags & ~supported_flags || 8576 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 8577 return false; 8578 8579 return true; 8580 } 8581 8582 static bool adv_busy(struct hci_dev *hdev) 8583 { 8584 return pending_find(MGMT_OP_SET_LE, hdev); 8585 } 8586 8587 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance, 8588 int err) 8589 { 8590 struct adv_info *adv, *n; 8591 8592 bt_dev_dbg(hdev, "err %d", err); 8593 8594 hci_dev_lock(hdev); 8595 8596 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { 8597 u8 instance; 8598 8599 if (!adv->pending) 8600 continue; 8601 8602 if (!err) { 8603 adv->pending = false; 8604 continue; 8605 } 8606 8607 instance = adv->instance; 8608 8609 if (hdev->cur_adv_instance == instance) 8610 cancel_adv_timeout(hdev); 8611 8612 hci_remove_adv_instance(hdev, instance); 8613 mgmt_advertising_removed(sk, hdev, instance); 8614 } 8615 8616 hci_dev_unlock(hdev); 8617 } 8618 8619 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err) 8620 { 8621 struct mgmt_pending_cmd *cmd = data; 8622 struct mgmt_cp_add_advertising *cp = cmd->param; 8623 struct mgmt_rp_add_advertising rp; 8624 8625 memset(&rp, 0, sizeof(rp)); 8626 8627 rp.instance = cp->instance; 8628 8629 if (err) 8630 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8631 mgmt_status(err)); 8632 else 8633 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8634 mgmt_status(err), &rp, sizeof(rp)); 8635 8636 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8637 8638 mgmt_pending_free(cmd); 8639 } 8640 8641 static int add_advertising_sync(struct hci_dev *hdev, void *data) 8642 { 8643 struct mgmt_pending_cmd *cmd = data; 8644 struct mgmt_cp_add_advertising *cp = cmd->param; 8645 8646 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8647 } 8648 8649 static int add_advertising(struct sock *sk, struct hci_dev *hdev, 8650 void *data, u16 data_len) 8651 { 8652 struct mgmt_cp_add_advertising *cp = data; 8653 struct mgmt_rp_add_advertising rp; 8654 u32 flags; 8655 u8 status; 8656 u16 timeout, duration; 8657 unsigned int prev_instance_cnt; 8658 u8 schedule_instance = 0; 8659 struct adv_info *adv, *next_instance; 8660 int err; 8661 struct mgmt_pending_cmd *cmd; 8662 8663 bt_dev_dbg(hdev, "sock %p", sk); 8664 8665 status = mgmt_le_support(hdev); 8666 if (status) 8667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8668 status); 8669 8670 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8672 MGMT_STATUS_INVALID_PARAMS); 8673 8674 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 8675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8676 MGMT_STATUS_INVALID_PARAMS); 8677 8678 flags = __le32_to_cpu(cp->flags); 8679 timeout = __le16_to_cpu(cp->timeout); 8680 duration = __le16_to_cpu(cp->duration); 8681 8682 if (!requested_adv_flags_are_valid(hdev, flags)) 8683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8684 MGMT_STATUS_INVALID_PARAMS); 8685 8686 hci_dev_lock(hdev); 8687 8688 if (timeout && !hdev_is_powered(hdev)) { 8689 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8690 MGMT_STATUS_REJECTED); 8691 goto unlock; 8692 } 8693 8694 if (adv_busy(hdev)) { 8695 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8696 MGMT_STATUS_BUSY); 8697 goto unlock; 8698 } 8699 8700 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 8701 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 8702 cp->scan_rsp_len, false)) { 8703 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8704 MGMT_STATUS_INVALID_PARAMS); 8705 goto unlock; 8706 } 8707 8708 prev_instance_cnt = hdev->adv_instance_cnt; 8709 8710 adv = hci_add_adv_instance(hdev, cp->instance, flags, 8711 cp->adv_data_len, cp->data, 8712 cp->scan_rsp_len, 8713 cp->data + cp->adv_data_len, 8714 timeout, duration, 8715 HCI_ADV_TX_POWER_NO_PREFERENCE, 8716 hdev->le_adv_min_interval, 8717 hdev->le_adv_max_interval, 0); 8718 if (IS_ERR(adv)) { 8719 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8720 MGMT_STATUS_FAILED); 8721 goto unlock; 8722 } 8723 8724 /* Only trigger an advertising added event if a new instance was 8725 * actually added. 8726 */ 8727 if (hdev->adv_instance_cnt > prev_instance_cnt) 8728 mgmt_advertising_added(sk, hdev, cp->instance); 8729 8730 if (hdev->cur_adv_instance == cp->instance) { 8731 /* If the currently advertised instance is being changed then 8732 * cancel the current advertising and schedule the next 8733 * instance. If there is only one instance then the overridden 8734 * advertising data will be visible right away. 8735 */ 8736 cancel_adv_timeout(hdev); 8737 8738 next_instance = hci_get_next_instance(hdev, cp->instance); 8739 if (next_instance) 8740 schedule_instance = next_instance->instance; 8741 } else if (!hdev->adv_instance_timeout) { 8742 /* Immediately advertise the new instance if no other 8743 * instance is currently being advertised. 8744 */ 8745 schedule_instance = cp->instance; 8746 } 8747 8748 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 8749 * there is no instance to be advertised then we have no HCI 8750 * communication to make. Simply return. 8751 */ 8752 if (!hdev_is_powered(hdev) || 8753 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 8754 !schedule_instance) { 8755 rp.instance = cp->instance; 8756 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8757 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8758 goto unlock; 8759 } 8760 8761 /* We're good to go, update advertising data, parameters, and start 8762 * advertising. 8763 */ 8764 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 8765 data_len); 8766 if (!cmd) { 8767 err = -ENOMEM; 8768 goto unlock; 8769 } 8770 8771 cp->instance = schedule_instance; 8772 8773 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd, 8774 add_advertising_complete); 8775 if (err < 0) 8776 mgmt_pending_free(cmd); 8777 8778 unlock: 8779 hci_dev_unlock(hdev); 8780 8781 return err; 8782 } 8783 8784 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data, 8785 int err) 8786 { 8787 struct mgmt_pending_cmd *cmd = data; 8788 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8789 struct mgmt_rp_add_ext_adv_params rp; 8790 struct adv_info *adv; 8791 u32 flags; 8792 8793 BT_DBG("%s", hdev->name); 8794 8795 hci_dev_lock(hdev); 8796 8797 adv = hci_find_adv_instance(hdev, cp->instance); 8798 if (!adv) 8799 goto unlock; 8800 8801 rp.instance = cp->instance; 8802 rp.tx_power = adv->tx_power; 8803 8804 /* While we're at it, inform userspace of the available space for this 8805 * advertisement, given the flags that will be used. 8806 */ 8807 flags = __le32_to_cpu(cp->flags); 8808 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8809 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8810 8811 if (err) { 8812 /* If this advertisement was previously advertising and we 8813 * failed to update it, we signal that it has been removed and 8814 * delete its structure 8815 */ 8816 if (!adv->pending) 8817 mgmt_advertising_removed(cmd->sk, hdev, cp->instance); 8818 8819 hci_remove_adv_instance(hdev, cp->instance); 8820 8821 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8822 mgmt_status(err)); 8823 } else { 8824 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8825 mgmt_status(err), &rp, sizeof(rp)); 8826 } 8827 8828 unlock: 8829 mgmt_pending_free(cmd); 8830 8831 hci_dev_unlock(hdev); 8832 } 8833 8834 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data) 8835 { 8836 struct mgmt_pending_cmd *cmd = data; 8837 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8838 8839 return hci_setup_ext_adv_instance_sync(hdev, cp->instance); 8840 } 8841 8842 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev, 8843 void *data, u16 data_len) 8844 { 8845 struct mgmt_cp_add_ext_adv_params *cp = data; 8846 struct mgmt_rp_add_ext_adv_params rp; 8847 struct mgmt_pending_cmd *cmd = NULL; 8848 struct adv_info *adv; 8849 u32 flags, min_interval, max_interval; 8850 u16 timeout, duration; 8851 u8 status; 8852 s8 tx_power; 8853 int err; 8854 8855 BT_DBG("%s", hdev->name); 8856 8857 status = mgmt_le_support(hdev); 8858 if (status) 8859 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8860 status); 8861 8862 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8864 MGMT_STATUS_INVALID_PARAMS); 8865 8866 /* The purpose of breaking add_advertising into two separate MGMT calls 8867 * for params and data is to allow more parameters to be added to this 8868 * structure in the future. For this reason, we verify that we have the 8869 * bare minimum structure we know of when the interface was defined. Any 8870 * extra parameters we don't know about will be ignored in this request. 8871 */ 8872 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE) 8873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8874 MGMT_STATUS_INVALID_PARAMS); 8875 8876 flags = __le32_to_cpu(cp->flags); 8877 8878 if (!requested_adv_flags_are_valid(hdev, flags)) 8879 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8880 MGMT_STATUS_INVALID_PARAMS); 8881 8882 hci_dev_lock(hdev); 8883 8884 /* In new interface, we require that we are powered to register */ 8885 if (!hdev_is_powered(hdev)) { 8886 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8887 MGMT_STATUS_REJECTED); 8888 goto unlock; 8889 } 8890 8891 if (adv_busy(hdev)) { 8892 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8893 MGMT_STATUS_BUSY); 8894 goto unlock; 8895 } 8896 8897 /* Parse defined parameters from request, use defaults otherwise */ 8898 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ? 8899 __le16_to_cpu(cp->timeout) : 0; 8900 8901 duration = (flags & MGMT_ADV_PARAM_DURATION) ? 8902 __le16_to_cpu(cp->duration) : 8903 hdev->def_multi_adv_rotation_duration; 8904 8905 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8906 __le32_to_cpu(cp->min_interval) : 8907 hdev->le_adv_min_interval; 8908 8909 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8910 __le32_to_cpu(cp->max_interval) : 8911 hdev->le_adv_max_interval; 8912 8913 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ? 8914 cp->tx_power : 8915 HCI_ADV_TX_POWER_NO_PREFERENCE; 8916 8917 /* Create advertising instance with no advertising or response data */ 8918 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL, 8919 timeout, duration, tx_power, min_interval, 8920 max_interval, 0); 8921 8922 if (IS_ERR(adv)) { 8923 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8924 MGMT_STATUS_FAILED); 8925 goto unlock; 8926 } 8927 8928 /* Submit request for advertising params if ext adv available */ 8929 if (ext_adv_capable(hdev)) { 8930 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev, 8931 data, data_len); 8932 if (!cmd) { 8933 err = -ENOMEM; 8934 hci_remove_adv_instance(hdev, cp->instance); 8935 goto unlock; 8936 } 8937 8938 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd, 8939 add_ext_adv_params_complete); 8940 if (err < 0) 8941 mgmt_pending_free(cmd); 8942 } else { 8943 rp.instance = cp->instance; 8944 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 8945 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8946 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8947 err = mgmt_cmd_complete(sk, hdev->id, 8948 MGMT_OP_ADD_EXT_ADV_PARAMS, 8949 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8950 } 8951 8952 unlock: 8953 hci_dev_unlock(hdev); 8954 8955 return err; 8956 } 8957 8958 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err) 8959 { 8960 struct mgmt_pending_cmd *cmd = data; 8961 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8962 struct mgmt_rp_add_advertising rp; 8963 8964 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8965 8966 memset(&rp, 0, sizeof(rp)); 8967 8968 rp.instance = cp->instance; 8969 8970 if (err) 8971 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8972 mgmt_status(err)); 8973 else 8974 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8975 mgmt_status(err), &rp, sizeof(rp)); 8976 8977 mgmt_pending_free(cmd); 8978 } 8979 8980 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data) 8981 { 8982 struct mgmt_pending_cmd *cmd = data; 8983 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8984 int err; 8985 8986 if (ext_adv_capable(hdev)) { 8987 err = hci_update_adv_data_sync(hdev, cp->instance); 8988 if (err) 8989 return err; 8990 8991 err = hci_update_scan_rsp_data_sync(hdev, cp->instance); 8992 if (err) 8993 return err; 8994 8995 return hci_enable_ext_advertising_sync(hdev, cp->instance); 8996 } 8997 8998 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8999 } 9000 9001 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data, 9002 u16 data_len) 9003 { 9004 struct mgmt_cp_add_ext_adv_data *cp = data; 9005 struct mgmt_rp_add_ext_adv_data rp; 9006 u8 schedule_instance = 0; 9007 struct adv_info *next_instance; 9008 struct adv_info *adv_instance; 9009 int err = 0; 9010 struct mgmt_pending_cmd *cmd; 9011 9012 BT_DBG("%s", hdev->name); 9013 9014 hci_dev_lock(hdev); 9015 9016 adv_instance = hci_find_adv_instance(hdev, cp->instance); 9017 9018 if (!adv_instance) { 9019 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9020 MGMT_STATUS_INVALID_PARAMS); 9021 goto unlock; 9022 } 9023 9024 /* In new interface, we require that we are powered to register */ 9025 if (!hdev_is_powered(hdev)) { 9026 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9027 MGMT_STATUS_REJECTED); 9028 goto clear_new_instance; 9029 } 9030 9031 if (adv_busy(hdev)) { 9032 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9033 MGMT_STATUS_BUSY); 9034 goto clear_new_instance; 9035 } 9036 9037 /* Validate new data */ 9038 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data, 9039 cp->adv_data_len, true) || 9040 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data + 9041 cp->adv_data_len, cp->scan_rsp_len, false)) { 9042 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9043 MGMT_STATUS_INVALID_PARAMS); 9044 goto clear_new_instance; 9045 } 9046 9047 /* Set the data in the advertising instance */ 9048 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len, 9049 cp->data, cp->scan_rsp_len, 9050 cp->data + cp->adv_data_len); 9051 9052 /* If using software rotation, determine next instance to use */ 9053 if (hdev->cur_adv_instance == cp->instance) { 9054 /* If the currently advertised instance is being changed 9055 * then cancel the current advertising and schedule the 9056 * next instance. If there is only one instance then the 9057 * overridden advertising data will be visible right 9058 * away 9059 */ 9060 cancel_adv_timeout(hdev); 9061 9062 next_instance = hci_get_next_instance(hdev, cp->instance); 9063 if (next_instance) 9064 schedule_instance = next_instance->instance; 9065 } else if (!hdev->adv_instance_timeout) { 9066 /* Immediately advertise the new instance if no other 9067 * instance is currently being advertised. 9068 */ 9069 schedule_instance = cp->instance; 9070 } 9071 9072 /* If the HCI_ADVERTISING flag is set or there is no instance to 9073 * be advertised then we have no HCI communication to make. 9074 * Simply return. 9075 */ 9076 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) { 9077 if (adv_instance->pending) { 9078 mgmt_advertising_added(sk, hdev, cp->instance); 9079 adv_instance->pending = false; 9080 } 9081 rp.instance = cp->instance; 9082 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 9083 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9084 goto unlock; 9085 } 9086 9087 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data, 9088 data_len); 9089 if (!cmd) { 9090 err = -ENOMEM; 9091 goto clear_new_instance; 9092 } 9093 9094 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd, 9095 add_ext_adv_data_complete); 9096 if (err < 0) { 9097 mgmt_pending_free(cmd); 9098 goto clear_new_instance; 9099 } 9100 9101 /* We were successful in updating data, so trigger advertising_added 9102 * event if this is an instance that wasn't previously advertising. If 9103 * a failure occurs in the requests we initiated, we will remove the 9104 * instance again in add_advertising_complete 9105 */ 9106 if (adv_instance->pending) 9107 mgmt_advertising_added(sk, hdev, cp->instance); 9108 9109 goto unlock; 9110 9111 clear_new_instance: 9112 hci_remove_adv_instance(hdev, cp->instance); 9113 9114 unlock: 9115 hci_dev_unlock(hdev); 9116 9117 return err; 9118 } 9119 9120 static void remove_advertising_complete(struct hci_dev *hdev, void *data, 9121 int err) 9122 { 9123 struct mgmt_pending_cmd *cmd = data; 9124 struct mgmt_cp_remove_advertising *cp = cmd->param; 9125 struct mgmt_rp_remove_advertising rp; 9126 9127 bt_dev_dbg(hdev, "err %d", err); 9128 9129 memset(&rp, 0, sizeof(rp)); 9130 rp.instance = cp->instance; 9131 9132 if (err) 9133 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 9134 mgmt_status(err)); 9135 else 9136 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 9137 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9138 9139 mgmt_pending_free(cmd); 9140 } 9141 9142 static int remove_advertising_sync(struct hci_dev *hdev, void *data) 9143 { 9144 struct mgmt_pending_cmd *cmd = data; 9145 struct mgmt_cp_remove_advertising *cp = cmd->param; 9146 int err; 9147 9148 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true); 9149 if (err) 9150 return err; 9151 9152 if (list_empty(&hdev->adv_instances)) 9153 err = hci_disable_advertising_sync(hdev); 9154 9155 return err; 9156 } 9157 9158 static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 9159 void *data, u16 data_len) 9160 { 9161 struct mgmt_cp_remove_advertising *cp = data; 9162 struct mgmt_pending_cmd *cmd; 9163 int err; 9164 9165 bt_dev_dbg(hdev, "sock %p", sk); 9166 9167 hci_dev_lock(hdev); 9168 9169 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 9170 err = mgmt_cmd_status(sk, hdev->id, 9171 MGMT_OP_REMOVE_ADVERTISING, 9172 MGMT_STATUS_INVALID_PARAMS); 9173 goto unlock; 9174 } 9175 9176 if (pending_find(MGMT_OP_SET_LE, hdev)) { 9177 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9178 MGMT_STATUS_BUSY); 9179 goto unlock; 9180 } 9181 9182 if (list_empty(&hdev->adv_instances)) { 9183 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 9184 MGMT_STATUS_INVALID_PARAMS); 9185 goto unlock; 9186 } 9187 9188 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 9189 data_len); 9190 if (!cmd) { 9191 err = -ENOMEM; 9192 goto unlock; 9193 } 9194 9195 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd, 9196 remove_advertising_complete); 9197 if (err < 0) 9198 mgmt_pending_free(cmd); 9199 9200 unlock: 9201 hci_dev_unlock(hdev); 9202 9203 return err; 9204 } 9205 9206 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 9207 void *data, u16 data_len) 9208 { 9209 struct mgmt_cp_get_adv_size_info *cp = data; 9210 struct mgmt_rp_get_adv_size_info rp; 9211 u32 flags, supported_flags; 9212 9213 bt_dev_dbg(hdev, "sock %p", sk); 9214 9215 if (!lmp_le_capable(hdev)) 9216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9217 MGMT_STATUS_REJECTED); 9218 9219 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 9220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9221 MGMT_STATUS_INVALID_PARAMS); 9222 9223 flags = __le32_to_cpu(cp->flags); 9224 9225 /* The current implementation only supports a subset of the specified 9226 * flags. 9227 */ 9228 supported_flags = get_supported_adv_flags(hdev); 9229 if (flags & ~supported_flags) 9230 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9231 MGMT_STATUS_INVALID_PARAMS); 9232 9233 rp.instance = cp->instance; 9234 rp.flags = cp->flags; 9235 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 9236 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 9237 9238 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 9239 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 9240 } 9241 9242 static const struct hci_mgmt_handler mgmt_handlers[] = { 9243 { NULL }, /* 0x0000 (no command) */ 9244 { read_version, MGMT_READ_VERSION_SIZE, 9245 HCI_MGMT_NO_HDEV | 9246 HCI_MGMT_UNTRUSTED }, 9247 { read_commands, MGMT_READ_COMMANDS_SIZE, 9248 HCI_MGMT_NO_HDEV | 9249 HCI_MGMT_UNTRUSTED }, 9250 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 9251 HCI_MGMT_NO_HDEV | 9252 HCI_MGMT_UNTRUSTED }, 9253 { read_controller_info, MGMT_READ_INFO_SIZE, 9254 HCI_MGMT_UNTRUSTED }, 9255 { set_powered, MGMT_SETTING_SIZE }, 9256 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 9257 { set_connectable, MGMT_SETTING_SIZE }, 9258 { set_fast_connectable, MGMT_SETTING_SIZE }, 9259 { set_bondable, MGMT_SETTING_SIZE }, 9260 { set_link_security, MGMT_SETTING_SIZE }, 9261 { set_ssp, MGMT_SETTING_SIZE }, 9262 { set_hs, MGMT_SETTING_SIZE }, 9263 { set_le, MGMT_SETTING_SIZE }, 9264 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 9265 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 9266 { add_uuid, MGMT_ADD_UUID_SIZE }, 9267 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 9268 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 9269 HCI_MGMT_VAR_LEN }, 9270 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 9271 HCI_MGMT_VAR_LEN }, 9272 { disconnect, MGMT_DISCONNECT_SIZE }, 9273 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 9274 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 9275 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 9276 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 9277 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 9278 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 9279 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 9280 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 9281 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 9282 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 9283 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 9284 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 9285 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 9286 HCI_MGMT_VAR_LEN }, 9287 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 9288 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 9289 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 9290 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 9291 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 9292 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 9293 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 9294 { set_advertising, MGMT_SETTING_SIZE }, 9295 { set_bredr, MGMT_SETTING_SIZE }, 9296 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 9297 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 9298 { set_secure_conn, MGMT_SETTING_SIZE }, 9299 { set_debug_keys, MGMT_SETTING_SIZE }, 9300 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 9301 { load_irks, MGMT_LOAD_IRKS_SIZE, 9302 HCI_MGMT_VAR_LEN }, 9303 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 9304 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 9305 { add_device, MGMT_ADD_DEVICE_SIZE }, 9306 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 9307 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 9308 HCI_MGMT_VAR_LEN }, 9309 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 9310 HCI_MGMT_NO_HDEV | 9311 HCI_MGMT_UNTRUSTED }, 9312 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 9313 HCI_MGMT_UNCONFIGURED | 9314 HCI_MGMT_UNTRUSTED }, 9315 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 9316 HCI_MGMT_UNCONFIGURED }, 9317 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 9318 HCI_MGMT_UNCONFIGURED }, 9319 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 9320 HCI_MGMT_VAR_LEN }, 9321 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 9322 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 9323 HCI_MGMT_NO_HDEV | 9324 HCI_MGMT_UNTRUSTED }, 9325 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 9326 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 9327 HCI_MGMT_VAR_LEN }, 9328 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 9329 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 9330 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 9331 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 9332 HCI_MGMT_UNTRUSTED }, 9333 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 9334 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 9335 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 9336 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 9337 HCI_MGMT_VAR_LEN }, 9338 { set_wideband_speech, MGMT_SETTING_SIZE }, 9339 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE, 9340 HCI_MGMT_UNTRUSTED }, 9341 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE, 9342 HCI_MGMT_UNTRUSTED | 9343 HCI_MGMT_HDEV_OPTIONAL }, 9344 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 9345 HCI_MGMT_VAR_LEN | 9346 HCI_MGMT_HDEV_OPTIONAL }, 9347 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 9348 HCI_MGMT_UNTRUSTED }, 9349 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 9350 HCI_MGMT_VAR_LEN }, 9351 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 9352 HCI_MGMT_UNTRUSTED }, 9353 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 9354 HCI_MGMT_VAR_LEN }, 9355 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 9356 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 9357 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 9358 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 9359 HCI_MGMT_VAR_LEN }, 9360 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 9361 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE, 9362 HCI_MGMT_VAR_LEN }, 9363 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE, 9364 HCI_MGMT_VAR_LEN }, 9365 { add_adv_patterns_monitor_rssi, 9366 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE, 9367 HCI_MGMT_VAR_LEN }, 9368 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE, 9369 HCI_MGMT_VAR_LEN }, 9370 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE }, 9371 { mesh_send, MGMT_MESH_SEND_SIZE, 9372 HCI_MGMT_VAR_LEN }, 9373 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE }, 9374 }; 9375 9376 void mgmt_index_added(struct hci_dev *hdev) 9377 { 9378 struct mgmt_ev_ext_index ev; 9379 9380 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9381 return; 9382 9383 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9384 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, 9385 HCI_MGMT_UNCONF_INDEX_EVENTS); 9386 ev.type = 0x01; 9387 } else { 9388 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 9389 HCI_MGMT_INDEX_EVENTS); 9390 ev.type = 0x00; 9391 } 9392 9393 ev.bus = hdev->bus; 9394 9395 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 9396 HCI_MGMT_EXT_INDEX_EVENTS); 9397 } 9398 9399 void mgmt_index_removed(struct hci_dev *hdev) 9400 { 9401 struct mgmt_ev_ext_index ev; 9402 struct cmd_lookup match = { NULL, hdev, MGMT_STATUS_INVALID_INDEX }; 9403 9404 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 9405 return; 9406 9407 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &match); 9408 9409 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 9410 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, 9411 HCI_MGMT_UNCONF_INDEX_EVENTS); 9412 ev.type = 0x01; 9413 } else { 9414 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 9415 HCI_MGMT_INDEX_EVENTS); 9416 ev.type = 0x00; 9417 } 9418 9419 ev.bus = hdev->bus; 9420 9421 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 9422 HCI_MGMT_EXT_INDEX_EVENTS); 9423 9424 /* Cancel any remaining timed work */ 9425 if (!hci_dev_test_flag(hdev, HCI_MGMT)) 9426 return; 9427 cancel_delayed_work_sync(&hdev->discov_off); 9428 cancel_delayed_work_sync(&hdev->service_cache); 9429 cancel_delayed_work_sync(&hdev->rpa_expired); 9430 } 9431 9432 void mgmt_power_on(struct hci_dev *hdev, int err) 9433 { 9434 struct cmd_lookup match = { NULL, hdev }; 9435 9436 bt_dev_dbg(hdev, "err %d", err); 9437 9438 hci_dev_lock(hdev); 9439 9440 if (!err) { 9441 restart_le_actions(hdev); 9442 hci_update_passive_scan(hdev); 9443 } 9444 9445 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9446 9447 new_settings(hdev, match.sk); 9448 9449 if (match.sk) 9450 sock_put(match.sk); 9451 9452 hci_dev_unlock(hdev); 9453 } 9454 9455 void __mgmt_power_off(struct hci_dev *hdev) 9456 { 9457 struct cmd_lookup match = { NULL, hdev }; 9458 u8 zero_cod[] = { 0, 0, 0 }; 9459 9460 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 9461 9462 /* If the power off is because of hdev unregistration let 9463 * use the appropriate INVALID_INDEX status. Otherwise use 9464 * NOT_POWERED. We cover both scenarios here since later in 9465 * mgmt_index_removed() any hci_conn callbacks will have already 9466 * been triggered, potentially causing misleading DISCONNECTED 9467 * status responses. 9468 */ 9469 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 9470 match.mgmt_status = MGMT_STATUS_INVALID_INDEX; 9471 else 9472 match.mgmt_status = MGMT_STATUS_NOT_POWERED; 9473 9474 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &match); 9475 9476 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 9477 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 9478 zero_cod, sizeof(zero_cod), 9479 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 9480 ext_info_changed(hdev, NULL); 9481 } 9482 9483 new_settings(hdev, match.sk); 9484 9485 if (match.sk) 9486 sock_put(match.sk); 9487 } 9488 9489 void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 9490 { 9491 struct mgmt_pending_cmd *cmd; 9492 u8 status; 9493 9494 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9495 if (!cmd) 9496 return; 9497 9498 if (err == -ERFKILL) 9499 status = MGMT_STATUS_RFKILLED; 9500 else 9501 status = MGMT_STATUS_FAILED; 9502 9503 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 9504 9505 mgmt_pending_remove(cmd); 9506 } 9507 9508 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 9509 bool persistent) 9510 { 9511 struct mgmt_ev_new_link_key ev; 9512 9513 memset(&ev, 0, sizeof(ev)); 9514 9515 ev.store_hint = persistent; 9516 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9517 ev.key.addr.type = BDADDR_BREDR; 9518 ev.key.type = key->type; 9519 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 9520 ev.key.pin_len = key->pin_len; 9521 9522 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 9523 } 9524 9525 static u8 mgmt_ltk_type(struct smp_ltk *ltk) 9526 { 9527 switch (ltk->type) { 9528 case SMP_LTK: 9529 case SMP_LTK_RESPONDER: 9530 if (ltk->authenticated) 9531 return MGMT_LTK_AUTHENTICATED; 9532 return MGMT_LTK_UNAUTHENTICATED; 9533 case SMP_LTK_P256: 9534 if (ltk->authenticated) 9535 return MGMT_LTK_P256_AUTH; 9536 return MGMT_LTK_P256_UNAUTH; 9537 case SMP_LTK_P256_DEBUG: 9538 return MGMT_LTK_P256_DEBUG; 9539 } 9540 9541 return MGMT_LTK_UNAUTHENTICATED; 9542 } 9543 9544 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 9545 { 9546 struct mgmt_ev_new_long_term_key ev; 9547 9548 memset(&ev, 0, sizeof(ev)); 9549 9550 /* Devices using resolvable or non-resolvable random addresses 9551 * without providing an identity resolving key don't require 9552 * to store long term keys. Their addresses will change the 9553 * next time around. 9554 * 9555 * Only when a remote device provides an identity address 9556 * make sure the long term key is stored. If the remote 9557 * identity is known, the long term keys are internally 9558 * mapped to the identity address. So allow static random 9559 * and public addresses here. 9560 */ 9561 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 9562 (key->bdaddr.b[5] & 0xc0) != 0xc0) 9563 ev.store_hint = 0x00; 9564 else 9565 ev.store_hint = persistent; 9566 9567 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9568 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 9569 ev.key.type = mgmt_ltk_type(key); 9570 ev.key.enc_size = key->enc_size; 9571 ev.key.ediv = key->ediv; 9572 ev.key.rand = key->rand; 9573 9574 if (key->type == SMP_LTK) 9575 ev.key.initiator = 1; 9576 9577 /* Make sure we copy only the significant bytes based on the 9578 * encryption key size, and set the rest of the value to zeroes. 9579 */ 9580 memcpy(ev.key.val, key->val, key->enc_size); 9581 memset(ev.key.val + key->enc_size, 0, 9582 sizeof(ev.key.val) - key->enc_size); 9583 9584 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 9585 } 9586 9587 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 9588 { 9589 struct mgmt_ev_new_irk ev; 9590 9591 memset(&ev, 0, sizeof(ev)); 9592 9593 ev.store_hint = persistent; 9594 9595 bacpy(&ev.rpa, &irk->rpa); 9596 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 9597 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 9598 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 9599 9600 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 9601 } 9602 9603 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 9604 bool persistent) 9605 { 9606 struct mgmt_ev_new_csrk ev; 9607 9608 memset(&ev, 0, sizeof(ev)); 9609 9610 /* Devices using resolvable or non-resolvable random addresses 9611 * without providing an identity resolving key don't require 9612 * to store signature resolving keys. Their addresses will change 9613 * the next time around. 9614 * 9615 * Only when a remote device provides an identity address 9616 * make sure the signature resolving key is stored. So allow 9617 * static random and public addresses here. 9618 */ 9619 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 9620 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 9621 ev.store_hint = 0x00; 9622 else 9623 ev.store_hint = persistent; 9624 9625 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 9626 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 9627 ev.key.type = csrk->type; 9628 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 9629 9630 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 9631 } 9632 9633 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 9634 u8 bdaddr_type, u8 store_hint, u16 min_interval, 9635 u16 max_interval, u16 latency, u16 timeout) 9636 { 9637 struct mgmt_ev_new_conn_param ev; 9638 9639 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 9640 return; 9641 9642 memset(&ev, 0, sizeof(ev)); 9643 bacpy(&ev.addr.bdaddr, bdaddr); 9644 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 9645 ev.store_hint = store_hint; 9646 ev.min_interval = cpu_to_le16(min_interval); 9647 ev.max_interval = cpu_to_le16(max_interval); 9648 ev.latency = cpu_to_le16(latency); 9649 ev.timeout = cpu_to_le16(timeout); 9650 9651 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 9652 } 9653 9654 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 9655 u8 *name, u8 name_len) 9656 { 9657 struct sk_buff *skb; 9658 struct mgmt_ev_device_connected *ev; 9659 u16 eir_len = 0; 9660 u32 flags = 0; 9661 9662 if (test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) 9663 return; 9664 9665 /* allocate buff for LE or BR/EDR adv */ 9666 if (conn->le_adv_data_len > 0) 9667 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9668 sizeof(*ev) + conn->le_adv_data_len); 9669 else 9670 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9671 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) + 9672 eir_precalc_len(sizeof(conn->dev_class))); 9673 9674 ev = skb_put(skb, sizeof(*ev)); 9675 bacpy(&ev->addr.bdaddr, &conn->dst); 9676 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9677 9678 if (conn->out) 9679 flags |= MGMT_DEV_FOUND_INITIATED_CONN; 9680 9681 ev->flags = __cpu_to_le32(flags); 9682 9683 /* We must ensure that the EIR Data fields are ordered and 9684 * unique. Keep it simple for now and avoid the problem by not 9685 * adding any BR/EDR data to the LE adv. 9686 */ 9687 if (conn->le_adv_data_len > 0) { 9688 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len); 9689 eir_len = conn->le_adv_data_len; 9690 } else { 9691 if (name) 9692 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 9693 9694 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class))) 9695 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV, 9696 conn->dev_class, sizeof(conn->dev_class)); 9697 } 9698 9699 ev->eir_len = cpu_to_le16(eir_len); 9700 9701 mgmt_event_skb(skb, NULL); 9702 } 9703 9704 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 9705 { 9706 struct hci_dev *hdev = data; 9707 struct mgmt_cp_unpair_device *cp = cmd->param; 9708 9709 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 9710 9711 cmd->cmd_complete(cmd, 0); 9712 mgmt_pending_remove(cmd); 9713 } 9714 9715 bool mgmt_powering_down(struct hci_dev *hdev) 9716 { 9717 struct mgmt_pending_cmd *cmd; 9718 struct mgmt_mode *cp; 9719 9720 if (hci_dev_test_flag(hdev, HCI_POWERING_DOWN)) 9721 return true; 9722 9723 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9724 if (!cmd) 9725 return false; 9726 9727 cp = cmd->param; 9728 if (!cp->val) 9729 return true; 9730 9731 return false; 9732 } 9733 9734 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 9735 u8 link_type, u8 addr_type, u8 reason, 9736 bool mgmt_connected) 9737 { 9738 struct mgmt_ev_device_disconnected ev; 9739 struct sock *sk = NULL; 9740 9741 if (!mgmt_connected) 9742 return; 9743 9744 if (link_type != ACL_LINK && link_type != LE_LINK) 9745 return; 9746 9747 bacpy(&ev.addr.bdaddr, bdaddr); 9748 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9749 ev.reason = reason; 9750 9751 /* Report disconnects due to suspend */ 9752 if (hdev->suspended) 9753 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND; 9754 9755 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 9756 9757 if (sk) 9758 sock_put(sk); 9759 } 9760 9761 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 9762 u8 link_type, u8 addr_type, u8 status) 9763 { 9764 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 9765 struct mgmt_cp_disconnect *cp; 9766 struct mgmt_pending_cmd *cmd; 9767 9768 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9769 hdev); 9770 9771 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 9772 if (!cmd) 9773 return; 9774 9775 cp = cmd->param; 9776 9777 if (bacmp(bdaddr, &cp->addr.bdaddr)) 9778 return; 9779 9780 if (cp->addr.type != bdaddr_type) 9781 return; 9782 9783 cmd->cmd_complete(cmd, mgmt_status(status)); 9784 mgmt_pending_remove(cmd); 9785 } 9786 9787 void mgmt_connect_failed(struct hci_dev *hdev, struct hci_conn *conn, u8 status) 9788 { 9789 struct mgmt_ev_connect_failed ev; 9790 9791 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) { 9792 mgmt_device_disconnected(hdev, &conn->dst, conn->type, 9793 conn->dst_type, status, true); 9794 return; 9795 } 9796 9797 bacpy(&ev.addr.bdaddr, &conn->dst); 9798 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9799 ev.status = mgmt_status(status); 9800 9801 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 9802 } 9803 9804 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 9805 { 9806 struct mgmt_ev_pin_code_request ev; 9807 9808 bacpy(&ev.addr.bdaddr, bdaddr); 9809 ev.addr.type = BDADDR_BREDR; 9810 ev.secure = secure; 9811 9812 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 9813 } 9814 9815 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9816 u8 status) 9817 { 9818 struct mgmt_pending_cmd *cmd; 9819 9820 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 9821 if (!cmd) 9822 return; 9823 9824 cmd->cmd_complete(cmd, mgmt_status(status)); 9825 mgmt_pending_remove(cmd); 9826 } 9827 9828 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9829 u8 status) 9830 { 9831 struct mgmt_pending_cmd *cmd; 9832 9833 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 9834 if (!cmd) 9835 return; 9836 9837 cmd->cmd_complete(cmd, mgmt_status(status)); 9838 mgmt_pending_remove(cmd); 9839 } 9840 9841 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9842 u8 link_type, u8 addr_type, u32 value, 9843 u8 confirm_hint) 9844 { 9845 struct mgmt_ev_user_confirm_request ev; 9846 9847 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9848 9849 bacpy(&ev.addr.bdaddr, bdaddr); 9850 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9851 ev.confirm_hint = confirm_hint; 9852 ev.value = cpu_to_le32(value); 9853 9854 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 9855 NULL); 9856 } 9857 9858 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9859 u8 link_type, u8 addr_type) 9860 { 9861 struct mgmt_ev_user_passkey_request ev; 9862 9863 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9864 9865 bacpy(&ev.addr.bdaddr, bdaddr); 9866 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9867 9868 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 9869 NULL); 9870 } 9871 9872 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9873 u8 link_type, u8 addr_type, u8 status, 9874 u8 opcode) 9875 { 9876 struct mgmt_pending_cmd *cmd; 9877 9878 cmd = pending_find(opcode, hdev); 9879 if (!cmd) 9880 return -ENOENT; 9881 9882 cmd->cmd_complete(cmd, mgmt_status(status)); 9883 mgmt_pending_remove(cmd); 9884 9885 return 0; 9886 } 9887 9888 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9889 u8 link_type, u8 addr_type, u8 status) 9890 { 9891 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9892 status, MGMT_OP_USER_CONFIRM_REPLY); 9893 } 9894 9895 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9896 u8 link_type, u8 addr_type, u8 status) 9897 { 9898 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9899 status, 9900 MGMT_OP_USER_CONFIRM_NEG_REPLY); 9901 } 9902 9903 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9904 u8 link_type, u8 addr_type, u8 status) 9905 { 9906 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9907 status, MGMT_OP_USER_PASSKEY_REPLY); 9908 } 9909 9910 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9911 u8 link_type, u8 addr_type, u8 status) 9912 { 9913 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9914 status, 9915 MGMT_OP_USER_PASSKEY_NEG_REPLY); 9916 } 9917 9918 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 9919 u8 link_type, u8 addr_type, u32 passkey, 9920 u8 entered) 9921 { 9922 struct mgmt_ev_passkey_notify ev; 9923 9924 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9925 9926 bacpy(&ev.addr.bdaddr, bdaddr); 9927 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9928 ev.passkey = __cpu_to_le32(passkey); 9929 ev.entered = entered; 9930 9931 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 9932 } 9933 9934 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 9935 { 9936 struct mgmt_ev_auth_failed ev; 9937 struct mgmt_pending_cmd *cmd; 9938 u8 status = mgmt_status(hci_status); 9939 9940 bacpy(&ev.addr.bdaddr, &conn->dst); 9941 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9942 ev.status = status; 9943 9944 cmd = find_pairing(conn); 9945 9946 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 9947 cmd ? cmd->sk : NULL); 9948 9949 if (cmd) { 9950 cmd->cmd_complete(cmd, status); 9951 mgmt_pending_remove(cmd); 9952 } 9953 } 9954 9955 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 9956 { 9957 struct cmd_lookup match = { NULL, hdev }; 9958 bool changed; 9959 9960 if (status) { 9961 u8 mgmt_err = mgmt_status(status); 9962 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 9963 cmd_status_rsp, &mgmt_err); 9964 return; 9965 } 9966 9967 if (test_bit(HCI_AUTH, &hdev->flags)) 9968 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 9969 else 9970 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 9971 9972 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 9973 &match); 9974 9975 if (changed) 9976 new_settings(hdev, match.sk); 9977 9978 if (match.sk) 9979 sock_put(match.sk); 9980 } 9981 9982 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 9983 { 9984 struct cmd_lookup *match = data; 9985 9986 if (match->sk == NULL) { 9987 match->sk = cmd->sk; 9988 sock_hold(match->sk); 9989 } 9990 } 9991 9992 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 9993 u8 status) 9994 { 9995 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 9996 9997 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 9998 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 9999 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 10000 10001 if (!status) { 10002 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 10003 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 10004 ext_info_changed(hdev, NULL); 10005 } 10006 10007 if (match.sk) 10008 sock_put(match.sk); 10009 } 10010 10011 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 10012 { 10013 struct mgmt_cp_set_local_name ev; 10014 struct mgmt_pending_cmd *cmd; 10015 10016 if (status) 10017 return; 10018 10019 memset(&ev, 0, sizeof(ev)); 10020 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 10021 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 10022 10023 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 10024 if (!cmd) { 10025 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 10026 10027 /* If this is a HCI command related to powering on the 10028 * HCI dev don't send any mgmt signals. 10029 */ 10030 if (hci_dev_test_flag(hdev, HCI_POWERING_DOWN)) 10031 return; 10032 10033 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 10034 return; 10035 } 10036 10037 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 10038 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 10039 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 10040 } 10041 10042 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 10043 { 10044 int i; 10045 10046 for (i = 0; i < uuid_count; i++) { 10047 if (!memcmp(uuid, uuids[i], 16)) 10048 return true; 10049 } 10050 10051 return false; 10052 } 10053 10054 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 10055 { 10056 u16 parsed = 0; 10057 10058 while (parsed < eir_len) { 10059 u8 field_len = eir[0]; 10060 u8 uuid[16]; 10061 int i; 10062 10063 if (field_len == 0) 10064 break; 10065 10066 if (eir_len - parsed < field_len + 1) 10067 break; 10068 10069 switch (eir[1]) { 10070 case EIR_UUID16_ALL: 10071 case EIR_UUID16_SOME: 10072 for (i = 0; i + 3 <= field_len; i += 2) { 10073 memcpy(uuid, bluetooth_base_uuid, 16); 10074 uuid[13] = eir[i + 3]; 10075 uuid[12] = eir[i + 2]; 10076 if (has_uuid(uuid, uuid_count, uuids)) 10077 return true; 10078 } 10079 break; 10080 case EIR_UUID32_ALL: 10081 case EIR_UUID32_SOME: 10082 for (i = 0; i + 5 <= field_len; i += 4) { 10083 memcpy(uuid, bluetooth_base_uuid, 16); 10084 uuid[15] = eir[i + 5]; 10085 uuid[14] = eir[i + 4]; 10086 uuid[13] = eir[i + 3]; 10087 uuid[12] = eir[i + 2]; 10088 if (has_uuid(uuid, uuid_count, uuids)) 10089 return true; 10090 } 10091 break; 10092 case EIR_UUID128_ALL: 10093 case EIR_UUID128_SOME: 10094 for (i = 0; i + 17 <= field_len; i += 16) { 10095 memcpy(uuid, eir + i + 2, 16); 10096 if (has_uuid(uuid, uuid_count, uuids)) 10097 return true; 10098 } 10099 break; 10100 } 10101 10102 parsed += field_len + 1; 10103 eir += field_len + 1; 10104 } 10105 10106 return false; 10107 } 10108 10109 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 10110 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 10111 { 10112 /* If a RSSI threshold has been specified, and 10113 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 10114 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 10115 * is set, let it through for further processing, as we might need to 10116 * restart the scan. 10117 * 10118 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 10119 * the results are also dropped. 10120 */ 10121 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10122 (rssi == HCI_RSSI_INVALID || 10123 (rssi < hdev->discovery.rssi && 10124 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 10125 return false; 10126 10127 if (hdev->discovery.uuid_count != 0) { 10128 /* If a list of UUIDs is provided in filter, results with no 10129 * matching UUID should be dropped. 10130 */ 10131 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 10132 hdev->discovery.uuids) && 10133 !eir_has_uuids(scan_rsp, scan_rsp_len, 10134 hdev->discovery.uuid_count, 10135 hdev->discovery.uuids)) 10136 return false; 10137 } 10138 10139 /* If duplicate filtering does not report RSSI changes, then restart 10140 * scanning to ensure updated result with updated RSSI values. 10141 */ 10142 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 10143 /* Validate RSSI value against the RSSI threshold once more. */ 10144 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10145 rssi < hdev->discovery.rssi) 10146 return false; 10147 } 10148 10149 return true; 10150 } 10151 10152 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle, 10153 bdaddr_t *bdaddr, u8 addr_type) 10154 { 10155 struct mgmt_ev_adv_monitor_device_lost ev; 10156 10157 ev.monitor_handle = cpu_to_le16(handle); 10158 bacpy(&ev.addr.bdaddr, bdaddr); 10159 ev.addr.type = addr_type; 10160 10161 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev), 10162 NULL); 10163 } 10164 10165 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev, 10166 struct sk_buff *skb, 10167 struct sock *skip_sk, 10168 u16 handle) 10169 { 10170 struct sk_buff *advmon_skb; 10171 size_t advmon_skb_len; 10172 __le16 *monitor_handle; 10173 10174 if (!skb) 10175 return; 10176 10177 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) - 10178 sizeof(struct mgmt_ev_device_found)) + skb->len; 10179 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 10180 advmon_skb_len); 10181 if (!advmon_skb) 10182 return; 10183 10184 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except 10185 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and 10186 * store monitor_handle of the matched monitor. 10187 */ 10188 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle)); 10189 *monitor_handle = cpu_to_le16(handle); 10190 skb_put_data(advmon_skb, skb->data, skb->len); 10191 10192 mgmt_event_skb(advmon_skb, skip_sk); 10193 } 10194 10195 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev, 10196 bdaddr_t *bdaddr, bool report_device, 10197 struct sk_buff *skb, 10198 struct sock *skip_sk) 10199 { 10200 struct monitored_device *dev, *tmp; 10201 bool matched = false; 10202 bool notified = false; 10203 10204 /* We have received the Advertisement Report because: 10205 * 1. the kernel has initiated active discovery 10206 * 2. if not, we have pend_le_reports > 0 in which case we are doing 10207 * passive scanning 10208 * 3. if none of the above is true, we have one or more active 10209 * Advertisement Monitor 10210 * 10211 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND 10212 * and report ONLY one advertisement per device for the matched Monitor 10213 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10214 * 10215 * For case 3, since we are not active scanning and all advertisements 10216 * received are due to a matched Advertisement Monitor, report all 10217 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 10218 */ 10219 if (report_device && !hdev->advmon_pend_notify) { 10220 mgmt_event_skb(skb, skip_sk); 10221 return; 10222 } 10223 10224 hdev->advmon_pend_notify = false; 10225 10226 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) { 10227 if (!bacmp(&dev->bdaddr, bdaddr)) { 10228 matched = true; 10229 10230 if (!dev->notified) { 10231 mgmt_send_adv_monitor_device_found(hdev, skb, 10232 skip_sk, 10233 dev->handle); 10234 notified = true; 10235 dev->notified = true; 10236 } 10237 } 10238 10239 if (!dev->notified) 10240 hdev->advmon_pend_notify = true; 10241 } 10242 10243 if (!report_device && 10244 ((matched && !notified) || !msft_monitor_supported(hdev))) { 10245 /* Handle 0 indicates that we are not active scanning and this 10246 * is a subsequent advertisement report for an already matched 10247 * Advertisement Monitor or the controller offloading support 10248 * is not available. 10249 */ 10250 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0); 10251 } 10252 10253 if (report_device) 10254 mgmt_event_skb(skb, skip_sk); 10255 else 10256 kfree_skb(skb); 10257 } 10258 10259 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, 10260 u8 addr_type, s8 rssi, u32 flags, u8 *eir, 10261 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10262 u64 instant) 10263 { 10264 struct sk_buff *skb; 10265 struct mgmt_ev_mesh_device_found *ev; 10266 int i, j; 10267 10268 if (!hdev->mesh_ad_types[0]) 10269 goto accepted; 10270 10271 /* Scan for requested AD types */ 10272 if (eir_len > 0) { 10273 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) { 10274 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10275 if (!hdev->mesh_ad_types[j]) 10276 break; 10277 10278 if (hdev->mesh_ad_types[j] == eir[i + 1]) 10279 goto accepted; 10280 } 10281 } 10282 } 10283 10284 if (scan_rsp_len > 0) { 10285 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) { 10286 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) { 10287 if (!hdev->mesh_ad_types[j]) 10288 break; 10289 10290 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1]) 10291 goto accepted; 10292 } 10293 } 10294 } 10295 10296 return; 10297 10298 accepted: 10299 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND, 10300 sizeof(*ev) + eir_len + scan_rsp_len); 10301 if (!skb) 10302 return; 10303 10304 ev = skb_put(skb, sizeof(*ev)); 10305 10306 bacpy(&ev->addr.bdaddr, bdaddr); 10307 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type); 10308 ev->rssi = rssi; 10309 ev->flags = cpu_to_le32(flags); 10310 ev->instant = cpu_to_le64(instant); 10311 10312 if (eir_len > 0) 10313 /* Copy EIR or advertising data into event */ 10314 skb_put_data(skb, eir, eir_len); 10315 10316 if (scan_rsp_len > 0) 10317 /* Append scan response data to event */ 10318 skb_put_data(skb, scan_rsp, scan_rsp_len); 10319 10320 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10321 10322 mgmt_event_skb(skb, NULL); 10323 } 10324 10325 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10326 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 10327 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, 10328 u64 instant) 10329 { 10330 struct sk_buff *skb; 10331 struct mgmt_ev_device_found *ev; 10332 bool report_device = hci_discovery_active(hdev); 10333 10334 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK) 10335 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags, 10336 eir, eir_len, scan_rsp, scan_rsp_len, 10337 instant); 10338 10339 /* Don't send events for a non-kernel initiated discovery. With 10340 * LE one exception is if we have pend_le_reports > 0 in which 10341 * case we're doing passive scanning and want these events. 10342 */ 10343 if (!hci_discovery_active(hdev)) { 10344 if (link_type == ACL_LINK) 10345 return; 10346 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports)) 10347 report_device = true; 10348 else if (!hci_is_adv_monitoring(hdev)) 10349 return; 10350 } 10351 10352 if (hdev->discovery.result_filtering) { 10353 /* We are using service discovery */ 10354 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 10355 scan_rsp_len)) 10356 return; 10357 } 10358 10359 if (hdev->discovery.limited) { 10360 /* Check for limited discoverable bit */ 10361 if (dev_class) { 10362 if (!(dev_class[1] & 0x20)) 10363 return; 10364 } else { 10365 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 10366 if (!flags || !(flags[0] & LE_AD_LIMITED)) 10367 return; 10368 } 10369 } 10370 10371 /* Allocate skb. The 5 extra bytes are for the potential CoD field */ 10372 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10373 sizeof(*ev) + eir_len + scan_rsp_len + 5); 10374 if (!skb) 10375 return; 10376 10377 ev = skb_put(skb, sizeof(*ev)); 10378 10379 /* In case of device discovery with BR/EDR devices (pre 1.2), the 10380 * RSSI value was reported as 0 when not available. This behavior 10381 * is kept when using device discovery. This is required for full 10382 * backwards compatibility with the API. 10383 * 10384 * However when using service discovery, the value 127 will be 10385 * returned when the RSSI is not available. 10386 */ 10387 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 10388 link_type == ACL_LINK) 10389 rssi = 0; 10390 10391 bacpy(&ev->addr.bdaddr, bdaddr); 10392 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10393 ev->rssi = rssi; 10394 ev->flags = cpu_to_le32(flags); 10395 10396 if (eir_len > 0) 10397 /* Copy EIR or advertising data into event */ 10398 skb_put_data(skb, eir, eir_len); 10399 10400 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) { 10401 u8 eir_cod[5]; 10402 10403 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV, 10404 dev_class, 3); 10405 skb_put_data(skb, eir_cod, sizeof(eir_cod)); 10406 } 10407 10408 if (scan_rsp_len > 0) 10409 /* Append scan response data to event */ 10410 skb_put_data(skb, scan_rsp, scan_rsp_len); 10411 10412 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 10413 10414 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL); 10415 } 10416 10417 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 10418 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 10419 { 10420 struct sk_buff *skb; 10421 struct mgmt_ev_device_found *ev; 10422 u16 eir_len = 0; 10423 u32 flags = 0; 10424 10425 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 10426 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0)); 10427 10428 ev = skb_put(skb, sizeof(*ev)); 10429 bacpy(&ev->addr.bdaddr, bdaddr); 10430 ev->addr.type = link_to_bdaddr(link_type, addr_type); 10431 ev->rssi = rssi; 10432 10433 if (name) 10434 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 10435 else 10436 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED; 10437 10438 ev->eir_len = cpu_to_le16(eir_len); 10439 ev->flags = cpu_to_le32(flags); 10440 10441 mgmt_event_skb(skb, NULL); 10442 } 10443 10444 void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 10445 { 10446 struct mgmt_ev_discovering ev; 10447 10448 bt_dev_dbg(hdev, "discovering %u", discovering); 10449 10450 memset(&ev, 0, sizeof(ev)); 10451 ev.type = hdev->discovery.type; 10452 ev.discovering = discovering; 10453 10454 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 10455 } 10456 10457 void mgmt_suspending(struct hci_dev *hdev, u8 state) 10458 { 10459 struct mgmt_ev_controller_suspend ev; 10460 10461 ev.suspend_state = state; 10462 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL); 10463 } 10464 10465 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr, 10466 u8 addr_type) 10467 { 10468 struct mgmt_ev_controller_resume ev; 10469 10470 ev.wake_reason = reason; 10471 if (bdaddr) { 10472 bacpy(&ev.addr.bdaddr, bdaddr); 10473 ev.addr.type = addr_type; 10474 } else { 10475 memset(&ev.addr, 0, sizeof(ev.addr)); 10476 } 10477 10478 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL); 10479 } 10480 10481 static struct hci_mgmt_chan chan = { 10482 .channel = HCI_CHANNEL_CONTROL, 10483 .handler_count = ARRAY_SIZE(mgmt_handlers), 10484 .handlers = mgmt_handlers, 10485 .hdev_init = mgmt_init_hdev, 10486 }; 10487 10488 int mgmt_init(void) 10489 { 10490 return hci_mgmt_chan_register(&chan); 10491 } 10492 10493 void mgmt_exit(void) 10494 { 10495 hci_mgmt_chan_unregister(&chan); 10496 } 10497 10498 void mgmt_cleanup(struct sock *sk) 10499 { 10500 struct mgmt_mesh_tx *mesh_tx; 10501 struct hci_dev *hdev; 10502 10503 read_lock(&hci_dev_list_lock); 10504 10505 list_for_each_entry(hdev, &hci_dev_list, list) { 10506 do { 10507 mesh_tx = mgmt_mesh_next(hdev, sk); 10508 10509 if (mesh_tx) 10510 mesh_send_complete(hdev, mesh_tx, true); 10511 } while (mesh_tx); 10512 } 10513 10514 read_unlock(&hci_dev_list_lock); 10515 } 10516