1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23 */ 24 25 /* Bluetooth HCI Management interface */ 26 27 #include <linux/kernel.h> 28 #include <linux/uaccess.h> 29 #include <linux/module.h> 30 #include <asm/unaligned.h> 31 32 #include <net/bluetooth/bluetooth.h> 33 #include <net/bluetooth/hci_core.h> 34 #include <net/bluetooth/mgmt.h> 35 #include <net/bluetooth/smp.h> 36 37 bool enable_hs; 38 39 #define MGMT_VERSION 1 40 #define MGMT_REVISION 1 41 42 static const u16 mgmt_commands[] = { 43 MGMT_OP_READ_INDEX_LIST, 44 MGMT_OP_READ_INFO, 45 MGMT_OP_SET_POWERED, 46 MGMT_OP_SET_DISCOVERABLE, 47 MGMT_OP_SET_CONNECTABLE, 48 MGMT_OP_SET_FAST_CONNECTABLE, 49 MGMT_OP_SET_PAIRABLE, 50 MGMT_OP_SET_LINK_SECURITY, 51 MGMT_OP_SET_SSP, 52 MGMT_OP_SET_HS, 53 MGMT_OP_SET_LE, 54 MGMT_OP_SET_DEV_CLASS, 55 MGMT_OP_SET_LOCAL_NAME, 56 MGMT_OP_ADD_UUID, 57 MGMT_OP_REMOVE_UUID, 58 MGMT_OP_LOAD_LINK_KEYS, 59 MGMT_OP_LOAD_LONG_TERM_KEYS, 60 MGMT_OP_DISCONNECT, 61 MGMT_OP_GET_CONNECTIONS, 62 MGMT_OP_PIN_CODE_REPLY, 63 MGMT_OP_PIN_CODE_NEG_REPLY, 64 MGMT_OP_SET_IO_CAPABILITY, 65 MGMT_OP_PAIR_DEVICE, 66 MGMT_OP_CANCEL_PAIR_DEVICE, 67 MGMT_OP_UNPAIR_DEVICE, 68 MGMT_OP_USER_CONFIRM_REPLY, 69 MGMT_OP_USER_CONFIRM_NEG_REPLY, 70 MGMT_OP_USER_PASSKEY_REPLY, 71 MGMT_OP_USER_PASSKEY_NEG_REPLY, 72 MGMT_OP_READ_LOCAL_OOB_DATA, 73 MGMT_OP_ADD_REMOTE_OOB_DATA, 74 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 75 MGMT_OP_START_DISCOVERY, 76 MGMT_OP_STOP_DISCOVERY, 77 MGMT_OP_CONFIRM_NAME, 78 MGMT_OP_BLOCK_DEVICE, 79 MGMT_OP_UNBLOCK_DEVICE, 80 MGMT_OP_SET_DEVICE_ID, 81 }; 82 83 static const u16 mgmt_events[] = { 84 MGMT_EV_CONTROLLER_ERROR, 85 MGMT_EV_INDEX_ADDED, 86 MGMT_EV_INDEX_REMOVED, 87 MGMT_EV_NEW_SETTINGS, 88 MGMT_EV_CLASS_OF_DEV_CHANGED, 89 MGMT_EV_LOCAL_NAME_CHANGED, 90 MGMT_EV_NEW_LINK_KEY, 91 MGMT_EV_NEW_LONG_TERM_KEY, 92 MGMT_EV_DEVICE_CONNECTED, 93 MGMT_EV_DEVICE_DISCONNECTED, 94 MGMT_EV_CONNECT_FAILED, 95 MGMT_EV_PIN_CODE_REQUEST, 96 MGMT_EV_USER_CONFIRM_REQUEST, 97 MGMT_EV_USER_PASSKEY_REQUEST, 98 MGMT_EV_AUTH_FAILED, 99 MGMT_EV_DEVICE_FOUND, 100 MGMT_EV_DISCOVERING, 101 MGMT_EV_DEVICE_BLOCKED, 102 MGMT_EV_DEVICE_UNBLOCKED, 103 MGMT_EV_DEVICE_UNPAIRED, 104 }; 105 106 /* 107 * These LE scan and inquiry parameters were chosen according to LE General 108 * Discovery Procedure specification. 109 */ 110 #define LE_SCAN_TYPE 0x01 111 #define LE_SCAN_WIN 0x12 112 #define LE_SCAN_INT 0x12 113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 115 116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 118 119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 120 121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \ 122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 123 124 struct pending_cmd { 125 struct list_head list; 126 u16 opcode; 127 int index; 128 void *param; 129 struct sock *sk; 130 void *user_data; 131 }; 132 133 /* HCI to MGMT error code conversion table */ 134 static u8 mgmt_status_table[] = { 135 MGMT_STATUS_SUCCESS, 136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 138 MGMT_STATUS_FAILED, /* Hardware Failure */ 139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 147 MGMT_STATUS_BUSY, /* Command Disallowed */ 148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 149 MGMT_STATUS_REJECTED, /* Rejected Security */ 150 MGMT_STATUS_REJECTED, /* Rejected Personal */ 151 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 158 MGMT_STATUS_BUSY, /* Repeated Attempts */ 159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 166 MGMT_STATUS_FAILED, /* Unspecified Error */ 167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 173 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 175 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 177 MGMT_STATUS_FAILED, /* Transaction Collision */ 178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 179 MGMT_STATUS_REJECTED, /* QoS Rejected */ 180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 181 MGMT_STATUS_REJECTED, /* Insufficient Security */ 182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 183 MGMT_STATUS_BUSY, /* Role Switch Pending */ 184 MGMT_STATUS_FAILED, /* Slot Violation */ 185 MGMT_STATUS_FAILED, /* Role Switch Failed */ 186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 188 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 190 MGMT_STATUS_BUSY, /* Controller Busy */ 191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 196 }; 197 198 static u8 mgmt_status(u8 hci_status) 199 { 200 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 201 return mgmt_status_table[hci_status]; 202 203 return MGMT_STATUS_FAILED; 204 } 205 206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 207 { 208 struct sk_buff *skb; 209 struct mgmt_hdr *hdr; 210 struct mgmt_ev_cmd_status *ev; 211 int err; 212 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 214 215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 216 if (!skb) 217 return -ENOMEM; 218 219 hdr = (void *) skb_put(skb, sizeof(*hdr)); 220 221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 222 hdr->index = cpu_to_le16(index); 223 hdr->len = cpu_to_le16(sizeof(*ev)); 224 225 ev = (void *) skb_put(skb, sizeof(*ev)); 226 ev->status = status; 227 ev->opcode = cpu_to_le16(cmd); 228 229 err = sock_queue_rcv_skb(sk, skb); 230 if (err < 0) 231 kfree_skb(skb); 232 233 return err; 234 } 235 236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, 237 void *rp, size_t rp_len) 238 { 239 struct sk_buff *skb; 240 struct mgmt_hdr *hdr; 241 struct mgmt_ev_cmd_complete *ev; 242 int err; 243 244 BT_DBG("sock %p", sk); 245 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 247 if (!skb) 248 return -ENOMEM; 249 250 hdr = (void *) skb_put(skb, sizeof(*hdr)); 251 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 253 hdr->index = cpu_to_le16(index); 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 255 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 257 ev->opcode = cpu_to_le16(cmd); 258 ev->status = status; 259 260 if (rp) 261 memcpy(ev->data, rp, rp_len); 262 263 err = sock_queue_rcv_skb(sk, skb); 264 if (err < 0) 265 kfree_skb(skb); 266 267 return err; 268 } 269 270 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 271 u16 data_len) 272 { 273 struct mgmt_rp_read_version rp; 274 275 BT_DBG("sock %p", sk); 276 277 rp.version = MGMT_VERSION; 278 rp.revision = __constant_cpu_to_le16(MGMT_REVISION); 279 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp, 281 sizeof(rp)); 282 } 283 284 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 285 u16 data_len) 286 { 287 struct mgmt_rp_read_commands *rp; 288 const u16 num_commands = ARRAY_SIZE(mgmt_commands); 289 const u16 num_events = ARRAY_SIZE(mgmt_events); 290 __le16 *opcode; 291 size_t rp_size; 292 int i, err; 293 294 BT_DBG("sock %p", sk); 295 296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 297 298 rp = kmalloc(rp_size, GFP_KERNEL); 299 if (!rp) 300 return -ENOMEM; 301 302 rp->num_commands = __constant_cpu_to_le16(num_commands); 303 rp->num_events = __constant_cpu_to_le16(num_events); 304 305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++) 306 put_unaligned_le16(mgmt_commands[i], opcode); 307 308 for (i = 0; i < num_events; i++, opcode++) 309 put_unaligned_le16(mgmt_events[i], opcode); 310 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp, 312 rp_size); 313 kfree(rp); 314 315 return err; 316 } 317 318 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 319 u16 data_len) 320 { 321 struct mgmt_rp_read_index_list *rp; 322 struct list_head *p; 323 struct hci_dev *d; 324 size_t rp_len; 325 u16 count; 326 int i, err; 327 328 BT_DBG("sock %p", sk); 329 330 read_lock(&hci_dev_list_lock); 331 332 count = 0; 333 list_for_each(p, &hci_dev_list) { 334 count++; 335 } 336 337 rp_len = sizeof(*rp) + (2 * count); 338 rp = kmalloc(rp_len, GFP_ATOMIC); 339 if (!rp) { 340 read_unlock(&hci_dev_list_lock); 341 return -ENOMEM; 342 } 343 344 rp->num_controllers = cpu_to_le16(count); 345 346 i = 0; 347 list_for_each_entry(d, &hci_dev_list, list) { 348 if (test_bit(HCI_SETUP, &d->dev_flags)) 349 continue; 350 351 rp->index[i++] = cpu_to_le16(d->id); 352 BT_DBG("Added hci%u", d->id); 353 } 354 355 read_unlock(&hci_dev_list_lock); 356 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 358 rp_len); 359 360 kfree(rp); 361 362 return err; 363 } 364 365 static u32 get_supported_settings(struct hci_dev *hdev) 366 { 367 u32 settings = 0; 368 369 settings |= MGMT_SETTING_POWERED; 370 settings |= MGMT_SETTING_CONNECTABLE; 371 settings |= MGMT_SETTING_FAST_CONNECTABLE; 372 settings |= MGMT_SETTING_DISCOVERABLE; 373 settings |= MGMT_SETTING_PAIRABLE; 374 375 if (hdev->features[6] & LMP_SIMPLE_PAIR) 376 settings |= MGMT_SETTING_SSP; 377 378 if (!(hdev->features[4] & LMP_NO_BREDR)) { 379 settings |= MGMT_SETTING_BREDR; 380 settings |= MGMT_SETTING_LINK_SECURITY; 381 } 382 383 if (enable_hs) 384 settings |= MGMT_SETTING_HS; 385 386 if (hdev->features[4] & LMP_LE) 387 settings |= MGMT_SETTING_LE; 388 389 return settings; 390 } 391 392 static u32 get_current_settings(struct hci_dev *hdev) 393 { 394 u32 settings = 0; 395 396 if (hdev_is_powered(hdev)) 397 settings |= MGMT_SETTING_POWERED; 398 399 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 400 settings |= MGMT_SETTING_CONNECTABLE; 401 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 403 settings |= MGMT_SETTING_DISCOVERABLE; 404 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 406 settings |= MGMT_SETTING_PAIRABLE; 407 408 if (!(hdev->features[4] & LMP_NO_BREDR)) 409 settings |= MGMT_SETTING_BREDR; 410 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 412 settings |= MGMT_SETTING_LE; 413 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 415 settings |= MGMT_SETTING_LINK_SECURITY; 416 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 418 settings |= MGMT_SETTING_SSP; 419 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 421 settings |= MGMT_SETTING_HS; 422 423 return settings; 424 } 425 426 #define PNP_INFO_SVCLASS_ID 0x1200 427 428 static u8 bluetooth_base_uuid[] = { 429 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 430 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 431 }; 432 433 static u16 get_uuid16(u8 *uuid128) 434 { 435 u32 val; 436 int i; 437 438 for (i = 0; i < 12; i++) { 439 if (bluetooth_base_uuid[i] != uuid128[i]) 440 return 0; 441 } 442 443 val = get_unaligned_le32(&uuid128[12]); 444 if (val > 0xffff) 445 return 0; 446 447 return (u16) val; 448 } 449 450 static void create_eir(struct hci_dev *hdev, u8 *data) 451 { 452 u8 *ptr = data; 453 u16 eir_len = 0; 454 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 455 int i, truncated = 0; 456 struct bt_uuid *uuid; 457 size_t name_len; 458 459 name_len = strlen(hdev->dev_name); 460 461 if (name_len > 0) { 462 /* EIR Data type */ 463 if (name_len > 48) { 464 name_len = 48; 465 ptr[1] = EIR_NAME_SHORT; 466 } else 467 ptr[1] = EIR_NAME_COMPLETE; 468 469 /* EIR Data length */ 470 ptr[0] = name_len + 1; 471 472 memcpy(ptr + 2, hdev->dev_name, name_len); 473 474 eir_len += (name_len + 2); 475 ptr += (name_len + 2); 476 } 477 478 if (hdev->inq_tx_power) { 479 ptr[0] = 2; 480 ptr[1] = EIR_TX_POWER; 481 ptr[2] = (u8) hdev->inq_tx_power; 482 483 eir_len += 3; 484 ptr += 3; 485 } 486 487 if (hdev->devid_source > 0) { 488 ptr[0] = 9; 489 ptr[1] = EIR_DEVICE_ID; 490 491 put_unaligned_le16(hdev->devid_source, ptr + 2); 492 put_unaligned_le16(hdev->devid_vendor, ptr + 4); 493 put_unaligned_le16(hdev->devid_product, ptr + 6); 494 put_unaligned_le16(hdev->devid_version, ptr + 8); 495 496 eir_len += 10; 497 ptr += 10; 498 } 499 500 memset(uuid16_list, 0, sizeof(uuid16_list)); 501 502 /* Group all UUID16 types */ 503 list_for_each_entry(uuid, &hdev->uuids, list) { 504 u16 uuid16; 505 506 uuid16 = get_uuid16(uuid->uuid); 507 if (uuid16 == 0) 508 return; 509 510 if (uuid16 < 0x1100) 511 continue; 512 513 if (uuid16 == PNP_INFO_SVCLASS_ID) 514 continue; 515 516 /* Stop if not enough space to put next UUID */ 517 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 518 truncated = 1; 519 break; 520 } 521 522 /* Check for duplicates */ 523 for (i = 0; uuid16_list[i] != 0; i++) 524 if (uuid16_list[i] == uuid16) 525 break; 526 527 if (uuid16_list[i] == 0) { 528 uuid16_list[i] = uuid16; 529 eir_len += sizeof(u16); 530 } 531 } 532 533 if (uuid16_list[0] != 0) { 534 u8 *length = ptr; 535 536 /* EIR Data type */ 537 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 538 539 ptr += 2; 540 eir_len += 2; 541 542 for (i = 0; uuid16_list[i] != 0; i++) { 543 *ptr++ = (uuid16_list[i] & 0x00ff); 544 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 545 } 546 547 /* EIR Data length */ 548 *length = (i * sizeof(u16)) + 1; 549 } 550 } 551 552 static int update_eir(struct hci_dev *hdev) 553 { 554 struct hci_cp_write_eir cp; 555 556 if (!hdev_is_powered(hdev)) 557 return 0; 558 559 if (!(hdev->features[6] & LMP_EXT_INQ)) 560 return 0; 561 562 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 563 return 0; 564 565 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 566 return 0; 567 568 memset(&cp, 0, sizeof(cp)); 569 570 create_eir(hdev, cp.data); 571 572 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 573 return 0; 574 575 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 576 577 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 578 } 579 580 static u8 get_service_classes(struct hci_dev *hdev) 581 { 582 struct bt_uuid *uuid; 583 u8 val = 0; 584 585 list_for_each_entry(uuid, &hdev->uuids, list) 586 val |= uuid->svc_hint; 587 588 return val; 589 } 590 591 static int update_class(struct hci_dev *hdev) 592 { 593 u8 cod[3]; 594 int err; 595 596 BT_DBG("%s", hdev->name); 597 598 if (!hdev_is_powered(hdev)) 599 return 0; 600 601 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 602 return 0; 603 604 cod[0] = hdev->minor_class; 605 cod[1] = hdev->major_class; 606 cod[2] = get_service_classes(hdev); 607 608 if (memcmp(cod, hdev->dev_class, 3) == 0) 609 return 0; 610 611 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 612 if (err == 0) 613 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 614 615 return err; 616 } 617 618 static void service_cache_off(struct work_struct *work) 619 { 620 struct hci_dev *hdev = container_of(work, struct hci_dev, 621 service_cache.work); 622 623 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 624 return; 625 626 hci_dev_lock(hdev); 627 628 update_eir(hdev); 629 update_class(hdev); 630 631 hci_dev_unlock(hdev); 632 } 633 634 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 635 { 636 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) 637 return; 638 639 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 640 641 /* Non-mgmt controlled devices get this bit set 642 * implicitly so that pairing works for them, however 643 * for mgmt we require user-space to explicitly enable 644 * it 645 */ 646 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 647 } 648 649 static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 650 void *data, u16 data_len) 651 { 652 struct mgmt_rp_read_info rp; 653 654 BT_DBG("sock %p %s", sk, hdev->name); 655 656 hci_dev_lock(hdev); 657 658 memset(&rp, 0, sizeof(rp)); 659 660 bacpy(&rp.bdaddr, &hdev->bdaddr); 661 662 rp.version = hdev->hci_ver; 663 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 664 665 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 666 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 667 668 memcpy(rp.dev_class, hdev->dev_class, 3); 669 670 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 671 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 672 673 hci_dev_unlock(hdev); 674 675 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 676 sizeof(rp)); 677 } 678 679 static void mgmt_pending_free(struct pending_cmd *cmd) 680 { 681 sock_put(cmd->sk); 682 kfree(cmd->param); 683 kfree(cmd); 684 } 685 686 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 687 struct hci_dev *hdev, void *data, 688 u16 len) 689 { 690 struct pending_cmd *cmd; 691 692 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 693 if (!cmd) 694 return NULL; 695 696 cmd->opcode = opcode; 697 cmd->index = hdev->id; 698 699 cmd->param = kmalloc(len, GFP_ATOMIC); 700 if (!cmd->param) { 701 kfree(cmd); 702 return NULL; 703 } 704 705 if (data) 706 memcpy(cmd->param, data, len); 707 708 cmd->sk = sk; 709 sock_hold(sk); 710 711 list_add(&cmd->list, &hdev->mgmt_pending); 712 713 return cmd; 714 } 715 716 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 717 void (*cb)(struct pending_cmd *cmd, void *data), 718 void *data) 719 { 720 struct list_head *p, *n; 721 722 list_for_each_safe(p, n, &hdev->mgmt_pending) { 723 struct pending_cmd *cmd; 724 725 cmd = list_entry(p, struct pending_cmd, list); 726 727 if (opcode > 0 && cmd->opcode != opcode) 728 continue; 729 730 cb(cmd, data); 731 } 732 } 733 734 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 735 { 736 struct pending_cmd *cmd; 737 738 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 739 if (cmd->opcode == opcode) 740 return cmd; 741 } 742 743 return NULL; 744 } 745 746 static void mgmt_pending_remove(struct pending_cmd *cmd) 747 { 748 list_del(&cmd->list); 749 mgmt_pending_free(cmd); 750 } 751 752 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 753 { 754 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 755 756 return cmd_complete(sk, hdev->id, opcode, 0, &settings, 757 sizeof(settings)); 758 } 759 760 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 761 u16 len) 762 { 763 struct mgmt_mode *cp = data; 764 struct pending_cmd *cmd; 765 int err; 766 767 BT_DBG("request for %s", hdev->name); 768 769 hci_dev_lock(hdev); 770 771 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 772 cancel_delayed_work(&hdev->power_off); 773 774 if (cp->val) { 775 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 776 mgmt_powered(hdev, 1); 777 goto failed; 778 } 779 } 780 781 if (!!cp->val == hdev_is_powered(hdev)) { 782 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 783 goto failed; 784 } 785 786 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 787 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 788 MGMT_STATUS_BUSY); 789 goto failed; 790 } 791 792 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 793 if (!cmd) { 794 err = -ENOMEM; 795 goto failed; 796 } 797 798 if (cp->val) 799 schedule_work(&hdev->power_on); 800 else 801 schedule_work(&hdev->power_off.work); 802 803 err = 0; 804 805 failed: 806 hci_dev_unlock(hdev); 807 return err; 808 } 809 810 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len, 811 struct sock *skip_sk) 812 { 813 struct sk_buff *skb; 814 struct mgmt_hdr *hdr; 815 816 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 817 if (!skb) 818 return -ENOMEM; 819 820 hdr = (void *) skb_put(skb, sizeof(*hdr)); 821 hdr->opcode = cpu_to_le16(event); 822 if (hdev) 823 hdr->index = cpu_to_le16(hdev->id); 824 else 825 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 826 hdr->len = cpu_to_le16(data_len); 827 828 if (data) 829 memcpy(skb_put(skb, data_len), data, data_len); 830 831 /* Time stamp */ 832 __net_timestamp(skb); 833 834 hci_send_to_control(skb, skip_sk); 835 kfree_skb(skb); 836 837 return 0; 838 } 839 840 static int new_settings(struct hci_dev *hdev, struct sock *skip) 841 { 842 __le32 ev; 843 844 ev = cpu_to_le32(get_current_settings(hdev)); 845 846 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip); 847 } 848 849 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 850 u16 len) 851 { 852 struct mgmt_cp_set_discoverable *cp = data; 853 struct pending_cmd *cmd; 854 u16 timeout; 855 u8 scan; 856 int err; 857 858 BT_DBG("request for %s", hdev->name); 859 860 timeout = __le16_to_cpu(cp->timeout); 861 if (!cp->val && timeout > 0) 862 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 863 MGMT_STATUS_INVALID_PARAMS); 864 865 hci_dev_lock(hdev); 866 867 if (!hdev_is_powered(hdev) && timeout > 0) { 868 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 869 MGMT_STATUS_NOT_POWERED); 870 goto failed; 871 } 872 873 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 874 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 875 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 876 MGMT_STATUS_BUSY); 877 goto failed; 878 } 879 880 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) { 881 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 882 MGMT_STATUS_REJECTED); 883 goto failed; 884 } 885 886 if (!hdev_is_powered(hdev)) { 887 bool changed = false; 888 889 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 890 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 891 changed = true; 892 } 893 894 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 895 if (err < 0) 896 goto failed; 897 898 if (changed) 899 err = new_settings(hdev, sk); 900 901 goto failed; 902 } 903 904 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) { 905 if (hdev->discov_timeout > 0) { 906 cancel_delayed_work(&hdev->discov_off); 907 hdev->discov_timeout = 0; 908 } 909 910 if (cp->val && timeout > 0) { 911 hdev->discov_timeout = timeout; 912 queue_delayed_work(hdev->workqueue, &hdev->discov_off, 913 msecs_to_jiffies(hdev->discov_timeout * 1000)); 914 } 915 916 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 917 goto failed; 918 } 919 920 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 921 if (!cmd) { 922 err = -ENOMEM; 923 goto failed; 924 } 925 926 scan = SCAN_PAGE; 927 928 if (cp->val) 929 scan |= SCAN_INQUIRY; 930 else 931 cancel_delayed_work(&hdev->discov_off); 932 933 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 934 if (err < 0) 935 mgmt_pending_remove(cmd); 936 937 if (cp->val) 938 hdev->discov_timeout = timeout; 939 940 failed: 941 hci_dev_unlock(hdev); 942 return err; 943 } 944 945 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 946 u16 len) 947 { 948 struct mgmt_mode *cp = data; 949 struct pending_cmd *cmd; 950 u8 scan; 951 int err; 952 953 BT_DBG("request for %s", hdev->name); 954 955 hci_dev_lock(hdev); 956 957 if (!hdev_is_powered(hdev)) { 958 bool changed = false; 959 960 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 961 changed = true; 962 963 if (cp->val) { 964 set_bit(HCI_CONNECTABLE, &hdev->dev_flags); 965 } else { 966 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 967 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 968 } 969 970 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 971 if (err < 0) 972 goto failed; 973 974 if (changed) 975 err = new_settings(hdev, sk); 976 977 goto failed; 978 } 979 980 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 981 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 982 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 983 MGMT_STATUS_BUSY); 984 goto failed; 985 } 986 987 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 988 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 989 goto failed; 990 } 991 992 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 993 if (!cmd) { 994 err = -ENOMEM; 995 goto failed; 996 } 997 998 if (cp->val) { 999 scan = SCAN_PAGE; 1000 } else { 1001 scan = 0; 1002 1003 if (test_bit(HCI_ISCAN, &hdev->flags) && 1004 hdev->discov_timeout > 0) 1005 cancel_delayed_work(&hdev->discov_off); 1006 } 1007 1008 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1009 if (err < 0) 1010 mgmt_pending_remove(cmd); 1011 1012 failed: 1013 hci_dev_unlock(hdev); 1014 return err; 1015 } 1016 1017 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, 1018 u16 len) 1019 { 1020 struct mgmt_mode *cp = data; 1021 int err; 1022 1023 BT_DBG("request for %s", hdev->name); 1024 1025 hci_dev_lock(hdev); 1026 1027 if (cp->val) 1028 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1029 else 1030 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1031 1032 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1033 if (err < 0) 1034 goto failed; 1035 1036 err = new_settings(hdev, sk); 1037 1038 failed: 1039 hci_dev_unlock(hdev); 1040 return err; 1041 } 1042 1043 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1044 u16 len) 1045 { 1046 struct mgmt_mode *cp = data; 1047 struct pending_cmd *cmd; 1048 u8 val; 1049 int err; 1050 1051 BT_DBG("request for %s", hdev->name); 1052 1053 hci_dev_lock(hdev); 1054 1055 if (!hdev_is_powered(hdev)) { 1056 bool changed = false; 1057 1058 if (!!cp->val != test_bit(HCI_LINK_SECURITY, 1059 &hdev->dev_flags)) { 1060 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 1061 changed = true; 1062 } 1063 1064 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1065 if (err < 0) 1066 goto failed; 1067 1068 if (changed) 1069 err = new_settings(hdev, sk); 1070 1071 goto failed; 1072 } 1073 1074 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1075 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1076 MGMT_STATUS_BUSY); 1077 goto failed; 1078 } 1079 1080 val = !!cp->val; 1081 1082 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1083 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1084 goto failed; 1085 } 1086 1087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1088 if (!cmd) { 1089 err = -ENOMEM; 1090 goto failed; 1091 } 1092 1093 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1094 if (err < 0) { 1095 mgmt_pending_remove(cmd); 1096 goto failed; 1097 } 1098 1099 failed: 1100 hci_dev_unlock(hdev); 1101 return err; 1102 } 1103 1104 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1105 { 1106 struct mgmt_mode *cp = data; 1107 struct pending_cmd *cmd; 1108 u8 val; 1109 int err; 1110 1111 BT_DBG("request for %s", hdev->name); 1112 1113 hci_dev_lock(hdev); 1114 1115 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1117 MGMT_STATUS_NOT_SUPPORTED); 1118 goto failed; 1119 } 1120 1121 val = !!cp->val; 1122 1123 if (!hdev_is_powered(hdev)) { 1124 bool changed = false; 1125 1126 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1127 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 1128 changed = true; 1129 } 1130 1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1132 if (err < 0) 1133 goto failed; 1134 1135 if (changed) 1136 err = new_settings(hdev, sk); 1137 1138 goto failed; 1139 } 1140 1141 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) { 1142 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1143 MGMT_STATUS_BUSY); 1144 goto failed; 1145 } 1146 1147 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) { 1148 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1149 goto failed; 1150 } 1151 1152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1153 if (!cmd) { 1154 err = -ENOMEM; 1155 goto failed; 1156 } 1157 1158 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val); 1159 if (err < 0) { 1160 mgmt_pending_remove(cmd); 1161 goto failed; 1162 } 1163 1164 failed: 1165 hci_dev_unlock(hdev); 1166 return err; 1167 } 1168 1169 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1170 { 1171 struct mgmt_mode *cp = data; 1172 1173 BT_DBG("request for %s", hdev->name); 1174 1175 if (!enable_hs) 1176 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1177 MGMT_STATUS_NOT_SUPPORTED); 1178 1179 if (cp->val) 1180 set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1181 else 1182 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1183 1184 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1185 } 1186 1187 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1188 { 1189 struct mgmt_mode *cp = data; 1190 struct hci_cp_write_le_host_supported hci_cp; 1191 struct pending_cmd *cmd; 1192 int err; 1193 u8 val, enabled; 1194 1195 BT_DBG("request for %s", hdev->name); 1196 1197 hci_dev_lock(hdev); 1198 1199 if (!(hdev->features[4] & LMP_LE)) { 1200 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1201 MGMT_STATUS_NOT_SUPPORTED); 1202 goto unlock; 1203 } 1204 1205 val = !!cp->val; 1206 enabled = !!(hdev->host_features[0] & LMP_HOST_LE); 1207 1208 if (!hdev_is_powered(hdev) || val == enabled) { 1209 bool changed = false; 1210 1211 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1212 change_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1213 changed = true; 1214 } 1215 1216 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1217 if (err < 0) 1218 goto unlock; 1219 1220 if (changed) 1221 err = new_settings(hdev, sk); 1222 1223 goto unlock; 1224 } 1225 1226 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 1227 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1228 MGMT_STATUS_BUSY); 1229 goto unlock; 1230 } 1231 1232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 1233 if (!cmd) { 1234 err = -ENOMEM; 1235 goto unlock; 1236 } 1237 1238 memset(&hci_cp, 0, sizeof(hci_cp)); 1239 1240 if (val) { 1241 hci_cp.le = val; 1242 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 1243 } 1244 1245 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1246 &hci_cp); 1247 if (err < 0) 1248 mgmt_pending_remove(cmd); 1249 1250 unlock: 1251 hci_dev_unlock(hdev); 1252 return err; 1253 } 1254 1255 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1256 { 1257 struct mgmt_cp_add_uuid *cp = data; 1258 struct pending_cmd *cmd; 1259 struct bt_uuid *uuid; 1260 int err; 1261 1262 BT_DBG("request for %s", hdev->name); 1263 1264 hci_dev_lock(hdev); 1265 1266 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1267 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 1268 MGMT_STATUS_BUSY); 1269 goto failed; 1270 } 1271 1272 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1273 if (!uuid) { 1274 err = -ENOMEM; 1275 goto failed; 1276 } 1277 1278 memcpy(uuid->uuid, cp->uuid, 16); 1279 uuid->svc_hint = cp->svc_hint; 1280 1281 list_add(&uuid->list, &hdev->uuids); 1282 1283 err = update_class(hdev); 1284 if (err < 0) 1285 goto failed; 1286 1287 err = update_eir(hdev); 1288 if (err < 0) 1289 goto failed; 1290 1291 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1292 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0, 1293 hdev->dev_class, 3); 1294 goto failed; 1295 } 1296 1297 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len); 1298 if (!cmd) 1299 err = -ENOMEM; 1300 1301 failed: 1302 hci_dev_unlock(hdev); 1303 return err; 1304 } 1305 1306 static bool enable_service_cache(struct hci_dev *hdev) 1307 { 1308 if (!hdev_is_powered(hdev)) 1309 return false; 1310 1311 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1312 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT); 1313 return true; 1314 } 1315 1316 return false; 1317 } 1318 1319 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 1320 u16 len) 1321 { 1322 struct mgmt_cp_remove_uuid *cp = data; 1323 struct pending_cmd *cmd; 1324 struct list_head *p, *n; 1325 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 1326 int err, found; 1327 1328 BT_DBG("request for %s", hdev->name); 1329 1330 hci_dev_lock(hdev); 1331 1332 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1333 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1334 MGMT_STATUS_BUSY); 1335 goto unlock; 1336 } 1337 1338 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1339 err = hci_uuids_clear(hdev); 1340 1341 if (enable_service_cache(hdev)) { 1342 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1343 0, hdev->dev_class, 3); 1344 goto unlock; 1345 } 1346 1347 goto update_class; 1348 } 1349 1350 found = 0; 1351 1352 list_for_each_safe(p, n, &hdev->uuids) { 1353 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 1354 1355 if (memcmp(match->uuid, cp->uuid, 16) != 0) 1356 continue; 1357 1358 list_del(&match->list); 1359 found++; 1360 } 1361 1362 if (found == 0) { 1363 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 1364 MGMT_STATUS_INVALID_PARAMS); 1365 goto unlock; 1366 } 1367 1368 update_class: 1369 err = update_class(hdev); 1370 if (err < 0) 1371 goto unlock; 1372 1373 err = update_eir(hdev); 1374 if (err < 0) 1375 goto unlock; 1376 1377 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1378 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0, 1379 hdev->dev_class, 3); 1380 goto unlock; 1381 } 1382 1383 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 1384 if (!cmd) 1385 err = -ENOMEM; 1386 1387 unlock: 1388 hci_dev_unlock(hdev); 1389 return err; 1390 } 1391 1392 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 1393 u16 len) 1394 { 1395 struct mgmt_cp_set_dev_class *cp = data; 1396 struct pending_cmd *cmd; 1397 int err; 1398 1399 BT_DBG("request for %s", hdev->name); 1400 1401 hci_dev_lock(hdev); 1402 1403 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1404 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 1405 MGMT_STATUS_BUSY); 1406 goto unlock; 1407 } 1408 1409 hdev->major_class = cp->major; 1410 hdev->minor_class = cp->minor; 1411 1412 if (!hdev_is_powered(hdev)) { 1413 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1414 hdev->dev_class, 3); 1415 goto unlock; 1416 } 1417 1418 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1419 hci_dev_unlock(hdev); 1420 cancel_delayed_work_sync(&hdev->service_cache); 1421 hci_dev_lock(hdev); 1422 update_eir(hdev); 1423 } 1424 1425 err = update_class(hdev); 1426 if (err < 0) 1427 goto unlock; 1428 1429 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) { 1430 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 1431 hdev->dev_class, 3); 1432 goto unlock; 1433 } 1434 1435 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 1436 if (!cmd) 1437 err = -ENOMEM; 1438 1439 unlock: 1440 hci_dev_unlock(hdev); 1441 return err; 1442 } 1443 1444 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 1445 u16 len) 1446 { 1447 struct mgmt_cp_load_link_keys *cp = data; 1448 u16 key_count, expected_len; 1449 int i; 1450 1451 key_count = __le16_to_cpu(cp->key_count); 1452 1453 expected_len = sizeof(*cp) + key_count * 1454 sizeof(struct mgmt_link_key_info); 1455 if (expected_len != len) { 1456 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1457 len, expected_len); 1458 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1459 MGMT_STATUS_INVALID_PARAMS); 1460 } 1461 1462 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys, 1463 key_count); 1464 1465 hci_dev_lock(hdev); 1466 1467 hci_link_keys_clear(hdev); 1468 1469 set_bit(HCI_LINK_KEYS, &hdev->dev_flags); 1470 1471 if (cp->debug_keys) 1472 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1473 else 1474 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1475 1476 for (i = 0; i < key_count; i++) { 1477 struct mgmt_link_key_info *key = &cp->keys[i]; 1478 1479 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val, 1480 key->type, key->pin_len); 1481 } 1482 1483 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 1484 1485 hci_dev_unlock(hdev); 1486 1487 return 0; 1488 } 1489 1490 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 1491 u8 addr_type, struct sock *skip_sk) 1492 { 1493 struct mgmt_ev_device_unpaired ev; 1494 1495 bacpy(&ev.addr.bdaddr, bdaddr); 1496 ev.addr.type = addr_type; 1497 1498 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 1499 skip_sk); 1500 } 1501 1502 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1503 u16 len) 1504 { 1505 struct mgmt_cp_unpair_device *cp = data; 1506 struct mgmt_rp_unpair_device rp; 1507 struct hci_cp_disconnect dc; 1508 struct pending_cmd *cmd; 1509 struct hci_conn *conn; 1510 int err; 1511 1512 hci_dev_lock(hdev); 1513 1514 memset(&rp, 0, sizeof(rp)); 1515 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1516 rp.addr.type = cp->addr.type; 1517 1518 if (!hdev_is_powered(hdev)) { 1519 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1520 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp)); 1521 goto unlock; 1522 } 1523 1524 if (cp->addr.type == BDADDR_BREDR) 1525 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 1526 else 1527 err = hci_remove_ltk(hdev, &cp->addr.bdaddr); 1528 1529 if (err < 0) { 1530 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 1531 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp)); 1532 goto unlock; 1533 } 1534 1535 if (cp->disconnect) { 1536 if (cp->addr.type == BDADDR_BREDR) 1537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 1538 &cp->addr.bdaddr); 1539 else 1540 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, 1541 &cp->addr.bdaddr); 1542 } else { 1543 conn = NULL; 1544 } 1545 1546 if (!conn) { 1547 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 1548 &rp, sizeof(rp)); 1549 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 1550 goto unlock; 1551 } 1552 1553 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 1554 sizeof(*cp)); 1555 if (!cmd) { 1556 err = -ENOMEM; 1557 goto unlock; 1558 } 1559 1560 dc.handle = cpu_to_le16(conn->handle); 1561 dc.reason = 0x13; /* Remote User Terminated Connection */ 1562 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1563 if (err < 0) 1564 mgmt_pending_remove(cmd); 1565 1566 unlock: 1567 hci_dev_unlock(hdev); 1568 return err; 1569 } 1570 1571 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 1572 u16 len) 1573 { 1574 struct mgmt_cp_disconnect *cp = data; 1575 struct hci_cp_disconnect dc; 1576 struct pending_cmd *cmd; 1577 struct hci_conn *conn; 1578 int err; 1579 1580 BT_DBG(""); 1581 1582 hci_dev_lock(hdev); 1583 1584 if (!test_bit(HCI_UP, &hdev->flags)) { 1585 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1586 MGMT_STATUS_NOT_POWERED); 1587 goto failed; 1588 } 1589 1590 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1591 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1592 MGMT_STATUS_BUSY); 1593 goto failed; 1594 } 1595 1596 if (cp->addr.type == BDADDR_BREDR) 1597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1598 else 1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 1600 1601 if (!conn) { 1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT, 1603 MGMT_STATUS_NOT_CONNECTED); 1604 goto failed; 1605 } 1606 1607 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1608 if (!cmd) { 1609 err = -ENOMEM; 1610 goto failed; 1611 } 1612 1613 dc.handle = cpu_to_le16(conn->handle); 1614 dc.reason = 0x13; /* Remote User Terminated Connection */ 1615 1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1617 if (err < 0) 1618 mgmt_pending_remove(cmd); 1619 1620 failed: 1621 hci_dev_unlock(hdev); 1622 return err; 1623 } 1624 1625 static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 1626 { 1627 switch (link_type) { 1628 case LE_LINK: 1629 switch (addr_type) { 1630 case ADDR_LE_DEV_PUBLIC: 1631 return BDADDR_LE_PUBLIC; 1632 1633 default: 1634 /* Fallback to LE Random address type */ 1635 return BDADDR_LE_RANDOM; 1636 } 1637 1638 default: 1639 /* Fallback to BR/EDR type */ 1640 return BDADDR_BREDR; 1641 } 1642 } 1643 1644 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 1645 u16 data_len) 1646 { 1647 struct mgmt_rp_get_connections *rp; 1648 struct hci_conn *c; 1649 size_t rp_len; 1650 int err; 1651 u16 i; 1652 1653 BT_DBG(""); 1654 1655 hci_dev_lock(hdev); 1656 1657 if (!hdev_is_powered(hdev)) { 1658 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 1659 MGMT_STATUS_NOT_POWERED); 1660 goto unlock; 1661 } 1662 1663 i = 0; 1664 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1665 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1666 i++; 1667 } 1668 1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1670 rp = kmalloc(rp_len, GFP_ATOMIC); 1671 if (!rp) { 1672 err = -ENOMEM; 1673 goto unlock; 1674 } 1675 1676 i = 0; 1677 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1678 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1679 continue; 1680 bacpy(&rp->addr[i].bdaddr, &c->dst); 1681 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 1682 if (c->type == SCO_LINK || c->type == ESCO_LINK) 1683 continue; 1684 i++; 1685 } 1686 1687 rp->conn_count = cpu_to_le16(i); 1688 1689 /* Recalculate length in case of filtered SCO connections, etc */ 1690 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1691 1692 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 1693 rp_len); 1694 1695 kfree(rp); 1696 1697 unlock: 1698 hci_dev_unlock(hdev); 1699 return err; 1700 } 1701 1702 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 1703 struct mgmt_cp_pin_code_neg_reply *cp) 1704 { 1705 struct pending_cmd *cmd; 1706 int err; 1707 1708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1709 sizeof(*cp)); 1710 if (!cmd) 1711 return -ENOMEM; 1712 1713 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 1714 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 1715 if (err < 0) 1716 mgmt_pending_remove(cmd); 1717 1718 return err; 1719 } 1720 1721 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 1722 u16 len) 1723 { 1724 struct hci_conn *conn; 1725 struct mgmt_cp_pin_code_reply *cp = data; 1726 struct hci_cp_pin_code_reply reply; 1727 struct pending_cmd *cmd; 1728 int err; 1729 1730 BT_DBG(""); 1731 1732 hci_dev_lock(hdev); 1733 1734 if (!hdev_is_powered(hdev)) { 1735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1736 MGMT_STATUS_NOT_POWERED); 1737 goto failed; 1738 } 1739 1740 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 1741 if (!conn) { 1742 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1743 MGMT_STATUS_NOT_CONNECTED); 1744 goto failed; 1745 } 1746 1747 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1748 struct mgmt_cp_pin_code_neg_reply ncp; 1749 1750 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 1751 1752 BT_ERR("PIN code is not 16 bytes long"); 1753 1754 err = send_pin_code_neg_reply(sk, hdev, &ncp); 1755 if (err >= 0) 1756 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 1757 MGMT_STATUS_INVALID_PARAMS); 1758 1759 goto failed; 1760 } 1761 1762 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1763 if (!cmd) { 1764 err = -ENOMEM; 1765 goto failed; 1766 } 1767 1768 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 1769 reply.pin_len = cp->pin_len; 1770 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1771 1772 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1773 if (err < 0) 1774 mgmt_pending_remove(cmd); 1775 1776 failed: 1777 hci_dev_unlock(hdev); 1778 return err; 1779 } 1780 1781 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 1782 void *data, u16 len) 1783 { 1784 struct mgmt_cp_pin_code_neg_reply *cp = data; 1785 int err; 1786 1787 BT_DBG(""); 1788 1789 hci_dev_lock(hdev); 1790 1791 if (!hdev_is_powered(hdev)) { 1792 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 1793 MGMT_STATUS_NOT_POWERED); 1794 goto failed; 1795 } 1796 1797 err = send_pin_code_neg_reply(sk, hdev, cp); 1798 1799 failed: 1800 hci_dev_unlock(hdev); 1801 return err; 1802 } 1803 1804 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 1805 u16 len) 1806 { 1807 struct mgmt_cp_set_io_capability *cp = data; 1808 1809 BT_DBG(""); 1810 1811 hci_dev_lock(hdev); 1812 1813 hdev->io_capability = cp->io_capability; 1814 1815 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1816 hdev->io_capability); 1817 1818 hci_dev_unlock(hdev); 1819 1820 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 1821 0); 1822 } 1823 1824 static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1825 { 1826 struct hci_dev *hdev = conn->hdev; 1827 struct pending_cmd *cmd; 1828 1829 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1830 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1831 continue; 1832 1833 if (cmd->user_data != conn) 1834 continue; 1835 1836 return cmd; 1837 } 1838 1839 return NULL; 1840 } 1841 1842 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1843 { 1844 struct mgmt_rp_pair_device rp; 1845 struct hci_conn *conn = cmd->user_data; 1846 1847 bacpy(&rp.addr.bdaddr, &conn->dst); 1848 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 1849 1850 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status, 1851 &rp, sizeof(rp)); 1852 1853 /* So we don't get further callbacks for this connection */ 1854 conn->connect_cfm_cb = NULL; 1855 conn->security_cfm_cb = NULL; 1856 conn->disconn_cfm_cb = NULL; 1857 1858 hci_conn_put(conn); 1859 1860 mgmt_pending_remove(cmd); 1861 } 1862 1863 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1864 { 1865 struct pending_cmd *cmd; 1866 1867 BT_DBG("status %u", status); 1868 1869 cmd = find_pairing(conn); 1870 if (!cmd) 1871 BT_DBG("Unable to find a pending command"); 1872 else 1873 pairing_complete(cmd, mgmt_status(status)); 1874 } 1875 1876 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1877 u16 len) 1878 { 1879 struct mgmt_cp_pair_device *cp = data; 1880 struct mgmt_rp_pair_device rp; 1881 struct pending_cmd *cmd; 1882 u8 sec_level, auth_type; 1883 struct hci_conn *conn; 1884 int err; 1885 1886 BT_DBG(""); 1887 1888 hci_dev_lock(hdev); 1889 1890 if (!hdev_is_powered(hdev)) { 1891 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1892 MGMT_STATUS_NOT_POWERED); 1893 goto unlock; 1894 } 1895 1896 sec_level = BT_SECURITY_MEDIUM; 1897 if (cp->io_cap == 0x03) 1898 auth_type = HCI_AT_DEDICATED_BONDING; 1899 else 1900 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1901 1902 if (cp->addr.type == BDADDR_BREDR) 1903 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, 1904 cp->addr.type, sec_level, auth_type); 1905 else 1906 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, 1907 cp->addr.type, sec_level, auth_type); 1908 1909 memset(&rp, 0, sizeof(rp)); 1910 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1911 rp.addr.type = cp->addr.type; 1912 1913 if (IS_ERR(conn)) { 1914 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1915 MGMT_STATUS_CONNECT_FAILED, &rp, 1916 sizeof(rp)); 1917 goto unlock; 1918 } 1919 1920 if (conn->connect_cfm_cb) { 1921 hci_conn_put(conn); 1922 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 1923 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 1924 goto unlock; 1925 } 1926 1927 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1928 if (!cmd) { 1929 err = -ENOMEM; 1930 hci_conn_put(conn); 1931 goto unlock; 1932 } 1933 1934 /* For LE, just connecting isn't a proof that the pairing finished */ 1935 if (cp->addr.type == BDADDR_BREDR) 1936 conn->connect_cfm_cb = pairing_complete_cb; 1937 1938 conn->security_cfm_cb = pairing_complete_cb; 1939 conn->disconn_cfm_cb = pairing_complete_cb; 1940 conn->io_capability = cp->io_cap; 1941 cmd->user_data = conn; 1942 1943 if (conn->state == BT_CONNECTED && 1944 hci_conn_security(conn, sec_level, auth_type)) 1945 pairing_complete(cmd, 0); 1946 1947 err = 0; 1948 1949 unlock: 1950 hci_dev_unlock(hdev); 1951 return err; 1952 } 1953 1954 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 1955 u16 len) 1956 { 1957 struct mgmt_addr_info *addr = data; 1958 struct pending_cmd *cmd; 1959 struct hci_conn *conn; 1960 int err; 1961 1962 BT_DBG(""); 1963 1964 hci_dev_lock(hdev); 1965 1966 if (!hdev_is_powered(hdev)) { 1967 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1968 MGMT_STATUS_NOT_POWERED); 1969 goto unlock; 1970 } 1971 1972 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev); 1973 if (!cmd) { 1974 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1975 MGMT_STATUS_INVALID_PARAMS); 1976 goto unlock; 1977 } 1978 1979 conn = cmd->user_data; 1980 1981 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 1982 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 1983 MGMT_STATUS_INVALID_PARAMS); 1984 goto unlock; 1985 } 1986 1987 pairing_complete(cmd, MGMT_STATUS_CANCELLED); 1988 1989 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 1990 addr, sizeof(*addr)); 1991 unlock: 1992 hci_dev_unlock(hdev); 1993 return err; 1994 } 1995 1996 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 1997 bdaddr_t *bdaddr, u8 type, u16 mgmt_op, 1998 u16 hci_op, __le32 passkey) 1999 { 2000 struct pending_cmd *cmd; 2001 struct hci_conn *conn; 2002 int err; 2003 2004 hci_dev_lock(hdev); 2005 2006 if (!hdev_is_powered(hdev)) { 2007 err = cmd_status(sk, hdev->id, mgmt_op, 2008 MGMT_STATUS_NOT_POWERED); 2009 goto done; 2010 } 2011 2012 if (type == BDADDR_BREDR) 2013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 2014 else 2015 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 2016 2017 if (!conn) { 2018 err = cmd_status(sk, hdev->id, mgmt_op, 2019 MGMT_STATUS_NOT_CONNECTED); 2020 goto done; 2021 } 2022 2023 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) { 2024 /* Continue with pairing via SMP */ 2025 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2026 2027 if (!err) 2028 err = cmd_status(sk, hdev->id, mgmt_op, 2029 MGMT_STATUS_SUCCESS); 2030 else 2031 err = cmd_status(sk, hdev->id, mgmt_op, 2032 MGMT_STATUS_FAILED); 2033 2034 goto done; 2035 } 2036 2037 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 2038 if (!cmd) { 2039 err = -ENOMEM; 2040 goto done; 2041 } 2042 2043 /* Continue with pairing via HCI */ 2044 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 2045 struct hci_cp_user_passkey_reply cp; 2046 2047 bacpy(&cp.bdaddr, bdaddr); 2048 cp.passkey = passkey; 2049 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 2050 } else 2051 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 2052 2053 if (err < 0) 2054 mgmt_pending_remove(cmd); 2055 2056 done: 2057 hci_dev_unlock(hdev); 2058 return err; 2059 } 2060 2061 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2062 u16 len) 2063 { 2064 struct mgmt_cp_user_confirm_reply *cp = data; 2065 2066 BT_DBG(""); 2067 2068 if (len != sizeof(*cp)) 2069 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 2070 MGMT_STATUS_INVALID_PARAMS); 2071 2072 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2073 MGMT_OP_USER_CONFIRM_REPLY, 2074 HCI_OP_USER_CONFIRM_REPLY, 0); 2075 } 2076 2077 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 2078 void *data, u16 len) 2079 { 2080 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2081 2082 BT_DBG(""); 2083 2084 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2085 MGMT_OP_USER_CONFIRM_NEG_REPLY, 2086 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 2087 } 2088 2089 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2090 u16 len) 2091 { 2092 struct mgmt_cp_user_passkey_reply *cp = data; 2093 2094 BT_DBG(""); 2095 2096 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2097 MGMT_OP_USER_PASSKEY_REPLY, 2098 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 2099 } 2100 2101 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 2102 void *data, u16 len) 2103 { 2104 struct mgmt_cp_user_passkey_neg_reply *cp = data; 2105 2106 BT_DBG(""); 2107 2108 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 2109 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2110 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2111 } 2112 2113 static int update_name(struct hci_dev *hdev, const char *name) 2114 { 2115 struct hci_cp_write_local_name cp; 2116 2117 memcpy(cp.name, name, sizeof(cp.name)); 2118 2119 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp); 2120 } 2121 2122 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 2123 u16 len) 2124 { 2125 struct mgmt_cp_set_local_name *cp = data; 2126 struct pending_cmd *cmd; 2127 int err; 2128 2129 BT_DBG(""); 2130 2131 hci_dev_lock(hdev); 2132 2133 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 2134 2135 if (!hdev_is_powered(hdev)) { 2136 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 2137 2138 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 2139 data, len); 2140 if (err < 0) 2141 goto failed; 2142 2143 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len, 2144 sk); 2145 2146 goto failed; 2147 } 2148 2149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 2150 if (!cmd) { 2151 err = -ENOMEM; 2152 goto failed; 2153 } 2154 2155 err = update_name(hdev, cp->name); 2156 if (err < 0) 2157 mgmt_pending_remove(cmd); 2158 2159 failed: 2160 hci_dev_unlock(hdev); 2161 return err; 2162 } 2163 2164 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 2165 void *data, u16 data_len) 2166 { 2167 struct pending_cmd *cmd; 2168 int err; 2169 2170 BT_DBG("%s", hdev->name); 2171 2172 hci_dev_lock(hdev); 2173 2174 if (!hdev_is_powered(hdev)) { 2175 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2176 MGMT_STATUS_NOT_POWERED); 2177 goto unlock; 2178 } 2179 2180 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 2181 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2182 MGMT_STATUS_NOT_SUPPORTED); 2183 goto unlock; 2184 } 2185 2186 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 2187 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 2188 MGMT_STATUS_BUSY); 2189 goto unlock; 2190 } 2191 2192 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 2193 if (!cmd) { 2194 err = -ENOMEM; 2195 goto unlock; 2196 } 2197 2198 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 2199 if (err < 0) 2200 mgmt_pending_remove(cmd); 2201 2202 unlock: 2203 hci_dev_unlock(hdev); 2204 return err; 2205 } 2206 2207 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2208 void *data, u16 len) 2209 { 2210 struct mgmt_cp_add_remote_oob_data *cp = data; 2211 u8 status; 2212 int err; 2213 2214 BT_DBG("%s ", hdev->name); 2215 2216 hci_dev_lock(hdev); 2217 2218 if (!hdev_is_powered(hdev)) { 2219 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 2220 MGMT_STATUS_NOT_POWERED, &cp->addr, 2221 sizeof(cp->addr)); 2222 goto unlock; 2223 } 2224 2225 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash, 2226 cp->randomizer); 2227 if (err < 0) 2228 status = MGMT_STATUS_FAILED; 2229 else 2230 status = 0; 2231 2232 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status, 2233 &cp->addr, sizeof(cp->addr)); 2234 2235 unlock: 2236 hci_dev_unlock(hdev); 2237 return err; 2238 } 2239 2240 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 2241 void *data, u16 len) 2242 { 2243 struct mgmt_cp_remove_remote_oob_data *cp = data; 2244 u8 status; 2245 int err; 2246 2247 BT_DBG("%s", hdev->name); 2248 2249 hci_dev_lock(hdev); 2250 2251 if (!hdev_is_powered(hdev)) { 2252 err = cmd_complete(sk, hdev->id, 2253 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2254 MGMT_STATUS_NOT_POWERED, &cp->addr, 2255 sizeof(cp->addr)); 2256 goto unlock; 2257 } 2258 2259 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr); 2260 if (err < 0) 2261 status = MGMT_STATUS_INVALID_PARAMS; 2262 else 2263 status = 0; 2264 2265 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2266 status, &cp->addr, sizeof(cp->addr)); 2267 2268 unlock: 2269 hci_dev_unlock(hdev); 2270 return err; 2271 } 2272 2273 int mgmt_interleaved_discovery(struct hci_dev *hdev) 2274 { 2275 int err; 2276 2277 BT_DBG("%s", hdev->name); 2278 2279 hci_dev_lock(hdev); 2280 2281 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE); 2282 if (err < 0) 2283 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2284 2285 hci_dev_unlock(hdev); 2286 2287 return err; 2288 } 2289 2290 static int start_discovery(struct sock *sk, struct hci_dev *hdev, 2291 void *data, u16 len) 2292 { 2293 struct mgmt_cp_start_discovery *cp = data; 2294 struct pending_cmd *cmd; 2295 int err; 2296 2297 BT_DBG("%s", hdev->name); 2298 2299 hci_dev_lock(hdev); 2300 2301 if (!hdev_is_powered(hdev)) { 2302 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2303 MGMT_STATUS_NOT_POWERED); 2304 goto failed; 2305 } 2306 2307 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) { 2308 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2309 MGMT_STATUS_BUSY); 2310 goto failed; 2311 } 2312 2313 if (hdev->discovery.state != DISCOVERY_STOPPED) { 2314 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2315 MGMT_STATUS_BUSY); 2316 goto failed; 2317 } 2318 2319 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 2320 if (!cmd) { 2321 err = -ENOMEM; 2322 goto failed; 2323 } 2324 2325 hdev->discovery.type = cp->type; 2326 2327 switch (hdev->discovery.type) { 2328 case DISCOV_TYPE_BREDR: 2329 if (lmp_bredr_capable(hdev)) 2330 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2331 else 2332 err = -ENOTSUPP; 2333 break; 2334 2335 case DISCOV_TYPE_LE: 2336 if (lmp_host_le_capable(hdev)) 2337 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2338 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2339 else 2340 err = -ENOTSUPP; 2341 break; 2342 2343 case DISCOV_TYPE_INTERLEAVED: 2344 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev)) 2345 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2346 LE_SCAN_WIN, 2347 LE_SCAN_TIMEOUT_BREDR_LE); 2348 else 2349 err = -ENOTSUPP; 2350 break; 2351 2352 default: 2353 err = -EINVAL; 2354 } 2355 2356 if (err < 0) 2357 mgmt_pending_remove(cmd); 2358 else 2359 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 2360 2361 failed: 2362 hci_dev_unlock(hdev); 2363 return err; 2364 } 2365 2366 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 2367 u16 len) 2368 { 2369 struct mgmt_cp_stop_discovery *mgmt_cp = data; 2370 struct pending_cmd *cmd; 2371 struct hci_cp_remote_name_req_cancel cp; 2372 struct inquiry_entry *e; 2373 int err; 2374 2375 BT_DBG("%s", hdev->name); 2376 2377 hci_dev_lock(hdev); 2378 2379 if (!hci_discovery_active(hdev)) { 2380 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2381 MGMT_STATUS_REJECTED, &mgmt_cp->type, 2382 sizeof(mgmt_cp->type)); 2383 goto unlock; 2384 } 2385 2386 if (hdev->discovery.type != mgmt_cp->type) { 2387 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 2388 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type, 2389 sizeof(mgmt_cp->type)); 2390 goto unlock; 2391 } 2392 2393 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 2394 if (!cmd) { 2395 err = -ENOMEM; 2396 goto unlock; 2397 } 2398 2399 switch (hdev->discovery.state) { 2400 case DISCOVERY_FINDING: 2401 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2402 err = hci_cancel_inquiry(hdev); 2403 else 2404 err = hci_cancel_le_scan(hdev); 2405 2406 break; 2407 2408 case DISCOVERY_RESOLVING: 2409 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, 2410 NAME_PENDING); 2411 if (!e) { 2412 mgmt_pending_remove(cmd); 2413 err = cmd_complete(sk, hdev->id, 2414 MGMT_OP_STOP_DISCOVERY, 0, 2415 &mgmt_cp->type, 2416 sizeof(mgmt_cp->type)); 2417 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 2418 goto unlock; 2419 } 2420 2421 bacpy(&cp.bdaddr, &e->data.bdaddr); 2422 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 2423 sizeof(cp), &cp); 2424 2425 break; 2426 2427 default: 2428 BT_DBG("unknown discovery state %u", hdev->discovery.state); 2429 err = -EFAULT; 2430 } 2431 2432 if (err < 0) 2433 mgmt_pending_remove(cmd); 2434 else 2435 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2436 2437 unlock: 2438 hci_dev_unlock(hdev); 2439 return err; 2440 } 2441 2442 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 2443 u16 len) 2444 { 2445 struct mgmt_cp_confirm_name *cp = data; 2446 struct inquiry_entry *e; 2447 int err; 2448 2449 BT_DBG("%s", hdev->name); 2450 2451 hci_dev_lock(hdev); 2452 2453 if (!hci_discovery_active(hdev)) { 2454 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2455 MGMT_STATUS_FAILED); 2456 goto failed; 2457 } 2458 2459 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 2460 if (!e) { 2461 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 2462 MGMT_STATUS_INVALID_PARAMS); 2463 goto failed; 2464 } 2465 2466 if (cp->name_known) { 2467 e->name_state = NAME_KNOWN; 2468 list_del(&e->list); 2469 } else { 2470 e->name_state = NAME_NEEDED; 2471 hci_inquiry_cache_update_resolve(hdev, e); 2472 } 2473 2474 err = 0; 2475 2476 failed: 2477 hci_dev_unlock(hdev); 2478 return err; 2479 } 2480 2481 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 2482 u16 len) 2483 { 2484 struct mgmt_cp_block_device *cp = data; 2485 u8 status; 2486 int err; 2487 2488 BT_DBG("%s", hdev->name); 2489 2490 hci_dev_lock(hdev); 2491 2492 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type); 2493 if (err < 0) 2494 status = MGMT_STATUS_FAILED; 2495 else 2496 status = 0; 2497 2498 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 2499 &cp->addr, sizeof(cp->addr)); 2500 2501 hci_dev_unlock(hdev); 2502 2503 return err; 2504 } 2505 2506 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 2507 u16 len) 2508 { 2509 struct mgmt_cp_unblock_device *cp = data; 2510 u8 status; 2511 int err; 2512 2513 BT_DBG("%s", hdev->name); 2514 2515 hci_dev_lock(hdev); 2516 2517 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type); 2518 if (err < 0) 2519 status = MGMT_STATUS_INVALID_PARAMS; 2520 else 2521 status = 0; 2522 2523 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 2524 &cp->addr, sizeof(cp->addr)); 2525 2526 hci_dev_unlock(hdev); 2527 2528 return err; 2529 } 2530 2531 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 2532 u16 len) 2533 { 2534 struct mgmt_cp_set_device_id *cp = data; 2535 int err; 2536 __u16 source; 2537 2538 BT_DBG("%s", hdev->name); 2539 2540 source = __le16_to_cpu(cp->source); 2541 2542 if (source > 0x0002) 2543 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 2544 MGMT_STATUS_INVALID_PARAMS); 2545 2546 hci_dev_lock(hdev); 2547 2548 hdev->devid_source = source; 2549 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 2550 hdev->devid_product = __le16_to_cpu(cp->product); 2551 hdev->devid_version = __le16_to_cpu(cp->version); 2552 2553 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0); 2554 2555 update_eir(hdev); 2556 2557 hci_dev_unlock(hdev); 2558 2559 return err; 2560 } 2561 2562 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 2563 void *data, u16 len) 2564 { 2565 struct mgmt_mode *cp = data; 2566 struct hci_cp_write_page_scan_activity acp; 2567 u8 type; 2568 int err; 2569 2570 BT_DBG("%s", hdev->name); 2571 2572 if (!hdev_is_powered(hdev)) 2573 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2574 MGMT_STATUS_NOT_POWERED); 2575 2576 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2577 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2578 MGMT_STATUS_REJECTED); 2579 2580 hci_dev_lock(hdev); 2581 2582 if (cp->val) { 2583 type = PAGE_SCAN_TYPE_INTERLACED; 2584 2585 /* 22.5 msec page scan interval */ 2586 acp.interval = __constant_cpu_to_le16(0x0024); 2587 } else { 2588 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2589 2590 /* default 1.28 sec page scan */ 2591 acp.interval = __constant_cpu_to_le16(0x0800); 2592 } 2593 2594 /* default 11.25 msec page scan window */ 2595 acp.window = __constant_cpu_to_le16(0x0012); 2596 2597 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp), 2598 &acp); 2599 if (err < 0) { 2600 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2601 MGMT_STATUS_FAILED); 2602 goto done; 2603 } 2604 2605 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2606 if (err < 0) { 2607 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2608 MGMT_STATUS_FAILED); 2609 goto done; 2610 } 2611 2612 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0, 2613 NULL, 0); 2614 done: 2615 hci_dev_unlock(hdev); 2616 return err; 2617 } 2618 2619 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 2620 void *cp_data, u16 len) 2621 { 2622 struct mgmt_cp_load_long_term_keys *cp = cp_data; 2623 u16 key_count, expected_len; 2624 int i; 2625 2626 key_count = __le16_to_cpu(cp->key_count); 2627 2628 expected_len = sizeof(*cp) + key_count * 2629 sizeof(struct mgmt_ltk_info); 2630 if (expected_len != len) { 2631 BT_ERR("load_keys: expected %u bytes, got %u bytes", 2632 len, expected_len); 2633 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 2634 EINVAL); 2635 } 2636 2637 BT_DBG("%s key_count %u", hdev->name, key_count); 2638 2639 hci_dev_lock(hdev); 2640 2641 hci_smp_ltks_clear(hdev); 2642 2643 for (i = 0; i < key_count; i++) { 2644 struct mgmt_ltk_info *key = &cp->keys[i]; 2645 u8 type; 2646 2647 if (key->master) 2648 type = HCI_SMP_LTK; 2649 else 2650 type = HCI_SMP_LTK_SLAVE; 2651 2652 hci_add_ltk(hdev, &key->addr.bdaddr, 2653 bdaddr_to_le(key->addr.type), 2654 type, 0, key->authenticated, key->val, 2655 key->enc_size, key->ediv, key->rand); 2656 } 2657 2658 hci_dev_unlock(hdev); 2659 2660 return 0; 2661 } 2662 2663 static const struct mgmt_handler { 2664 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data, 2665 u16 data_len); 2666 bool var_len; 2667 size_t data_len; 2668 } mgmt_handlers[] = { 2669 { NULL }, /* 0x0000 (no command) */ 2670 { read_version, false, MGMT_READ_VERSION_SIZE }, 2671 { read_commands, false, MGMT_READ_COMMANDS_SIZE }, 2672 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE }, 2673 { read_controller_info, false, MGMT_READ_INFO_SIZE }, 2674 { set_powered, false, MGMT_SETTING_SIZE }, 2675 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, 2676 { set_connectable, false, MGMT_SETTING_SIZE }, 2677 { set_fast_connectable, false, MGMT_SETTING_SIZE }, 2678 { set_pairable, false, MGMT_SETTING_SIZE }, 2679 { set_link_security, false, MGMT_SETTING_SIZE }, 2680 { set_ssp, false, MGMT_SETTING_SIZE }, 2681 { set_hs, false, MGMT_SETTING_SIZE }, 2682 { set_le, false, MGMT_SETTING_SIZE }, 2683 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE }, 2684 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE }, 2685 { add_uuid, false, MGMT_ADD_UUID_SIZE }, 2686 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE }, 2687 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE }, 2688 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE }, 2689 { disconnect, false, MGMT_DISCONNECT_SIZE }, 2690 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE }, 2691 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE }, 2692 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 2693 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE }, 2694 { pair_device, false, MGMT_PAIR_DEVICE_SIZE }, 2695 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 2696 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE }, 2697 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE }, 2698 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 2699 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, 2700 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 2701 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 2702 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, 2703 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 2704 { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, 2705 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, 2706 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE }, 2707 { block_device, false, MGMT_BLOCK_DEVICE_SIZE }, 2708 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE }, 2709 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE }, 2710 }; 2711 2712 2713 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2714 { 2715 void *buf; 2716 u8 *cp; 2717 struct mgmt_hdr *hdr; 2718 u16 opcode, index, len; 2719 struct hci_dev *hdev = NULL; 2720 const struct mgmt_handler *handler; 2721 int err; 2722 2723 BT_DBG("got %zu bytes", msglen); 2724 2725 if (msglen < sizeof(*hdr)) 2726 return -EINVAL; 2727 2728 buf = kmalloc(msglen, GFP_KERNEL); 2729 if (!buf) 2730 return -ENOMEM; 2731 2732 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2733 err = -EFAULT; 2734 goto done; 2735 } 2736 2737 hdr = buf; 2738 opcode = __le16_to_cpu(hdr->opcode); 2739 index = __le16_to_cpu(hdr->index); 2740 len = __le16_to_cpu(hdr->len); 2741 2742 if (len != msglen - sizeof(*hdr)) { 2743 err = -EINVAL; 2744 goto done; 2745 } 2746 2747 if (index != MGMT_INDEX_NONE) { 2748 hdev = hci_dev_get(index); 2749 if (!hdev) { 2750 err = cmd_status(sk, index, opcode, 2751 MGMT_STATUS_INVALID_INDEX); 2752 goto done; 2753 } 2754 } 2755 2756 if (opcode >= ARRAY_SIZE(mgmt_handlers) || 2757 mgmt_handlers[opcode].func == NULL) { 2758 BT_DBG("Unknown op %u", opcode); 2759 err = cmd_status(sk, index, opcode, 2760 MGMT_STATUS_UNKNOWN_COMMAND); 2761 goto done; 2762 } 2763 2764 if ((hdev && opcode < MGMT_OP_READ_INFO) || 2765 (!hdev && opcode >= MGMT_OP_READ_INFO)) { 2766 err = cmd_status(sk, index, opcode, 2767 MGMT_STATUS_INVALID_INDEX); 2768 goto done; 2769 } 2770 2771 handler = &mgmt_handlers[opcode]; 2772 2773 if ((handler->var_len && len < handler->data_len) || 2774 (!handler->var_len && len != handler->data_len)) { 2775 err = cmd_status(sk, index, opcode, 2776 MGMT_STATUS_INVALID_PARAMS); 2777 goto done; 2778 } 2779 2780 if (hdev) 2781 mgmt_init_hdev(sk, hdev); 2782 2783 cp = buf + sizeof(*hdr); 2784 2785 err = handler->func(sk, hdev, cp, len); 2786 if (err < 0) 2787 goto done; 2788 2789 err = msglen; 2790 2791 done: 2792 if (hdev) 2793 hci_dev_put(hdev); 2794 2795 kfree(buf); 2796 return err; 2797 } 2798 2799 static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2800 { 2801 u8 *status = data; 2802 2803 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 2804 mgmt_pending_remove(cmd); 2805 } 2806 2807 int mgmt_index_added(struct hci_dev *hdev) 2808 { 2809 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 2810 } 2811 2812 int mgmt_index_removed(struct hci_dev *hdev) 2813 { 2814 u8 status = MGMT_STATUS_INVALID_INDEX; 2815 2816 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2817 2818 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 2819 } 2820 2821 struct cmd_lookup { 2822 struct sock *sk; 2823 struct hci_dev *hdev; 2824 u8 mgmt_status; 2825 }; 2826 2827 static void settings_rsp(struct pending_cmd *cmd, void *data) 2828 { 2829 struct cmd_lookup *match = data; 2830 2831 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 2832 2833 list_del(&cmd->list); 2834 2835 if (match->sk == NULL) { 2836 match->sk = cmd->sk; 2837 sock_hold(match->sk); 2838 } 2839 2840 mgmt_pending_free(cmd); 2841 } 2842 2843 int mgmt_powered(struct hci_dev *hdev, u8 powered) 2844 { 2845 struct cmd_lookup match = { NULL, hdev }; 2846 int err; 2847 2848 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 2849 return 0; 2850 2851 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2852 2853 if (powered) { 2854 u8 scan = 0; 2855 2856 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2857 scan |= SCAN_PAGE; 2858 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2859 scan |= SCAN_INQUIRY; 2860 2861 if (scan) 2862 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 2863 2864 update_class(hdev); 2865 update_name(hdev, hdev->dev_name); 2866 update_eir(hdev); 2867 } else { 2868 u8 status = MGMT_STATUS_NOT_POWERED; 2869 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2870 } 2871 2872 err = new_settings(hdev, match.sk); 2873 2874 if (match.sk) 2875 sock_put(match.sk); 2876 2877 return err; 2878 } 2879 2880 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2881 { 2882 struct cmd_lookup match = { NULL, hdev }; 2883 bool changed = false; 2884 int err = 0; 2885 2886 if (discoverable) { 2887 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2888 changed = true; 2889 } else { 2890 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 2891 changed = true; 2892 } 2893 2894 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, 2895 &match); 2896 2897 if (changed) 2898 err = new_settings(hdev, match.sk); 2899 2900 if (match.sk) 2901 sock_put(match.sk); 2902 2903 return err; 2904 } 2905 2906 int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2907 { 2908 struct cmd_lookup match = { NULL, hdev }; 2909 bool changed = false; 2910 int err = 0; 2911 2912 if (connectable) { 2913 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2914 changed = true; 2915 } else { 2916 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 2917 changed = true; 2918 } 2919 2920 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2921 &match); 2922 2923 if (changed) 2924 err = new_settings(hdev, match.sk); 2925 2926 if (match.sk) 2927 sock_put(match.sk); 2928 2929 return err; 2930 } 2931 2932 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2933 { 2934 u8 mgmt_err = mgmt_status(status); 2935 2936 if (scan & SCAN_PAGE) 2937 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2938 cmd_status_rsp, &mgmt_err); 2939 2940 if (scan & SCAN_INQUIRY) 2941 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2942 cmd_status_rsp, &mgmt_err); 2943 2944 return 0; 2945 } 2946 2947 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2948 bool persistent) 2949 { 2950 struct mgmt_ev_new_link_key ev; 2951 2952 memset(&ev, 0, sizeof(ev)); 2953 2954 ev.store_hint = persistent; 2955 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2956 ev.key.addr.type = BDADDR_BREDR; 2957 ev.key.type = key->type; 2958 memcpy(ev.key.val, key->val, 16); 2959 ev.key.pin_len = key->pin_len; 2960 2961 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2962 } 2963 2964 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent) 2965 { 2966 struct mgmt_ev_new_long_term_key ev; 2967 2968 memset(&ev, 0, sizeof(ev)); 2969 2970 ev.store_hint = persistent; 2971 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 2972 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 2973 ev.key.authenticated = key->authenticated; 2974 ev.key.enc_size = key->enc_size; 2975 ev.key.ediv = key->ediv; 2976 2977 if (key->type == HCI_SMP_LTK) 2978 ev.key.master = 1; 2979 2980 memcpy(ev.key.rand, key->rand, sizeof(key->rand)); 2981 memcpy(ev.key.val, key->val, sizeof(key->val)); 2982 2983 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), 2984 NULL); 2985 } 2986 2987 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2988 u8 addr_type, u32 flags, u8 *name, u8 name_len, 2989 u8 *dev_class) 2990 { 2991 char buf[512]; 2992 struct mgmt_ev_device_connected *ev = (void *) buf; 2993 u16 eir_len = 0; 2994 2995 bacpy(&ev->addr.bdaddr, bdaddr); 2996 ev->addr.type = link_to_bdaddr(link_type, addr_type); 2997 2998 ev->flags = __cpu_to_le32(flags); 2999 3000 if (name_len > 0) 3001 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 3002 name, name_len); 3003 3004 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 3005 eir_len = eir_append_data(ev->eir, eir_len, 3006 EIR_CLASS_OF_DEV, dev_class, 3); 3007 3008 ev->eir_len = cpu_to_le16(eir_len); 3009 3010 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 3011 sizeof(*ev) + eir_len, NULL); 3012 } 3013 3014 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 3015 { 3016 struct mgmt_cp_disconnect *cp = cmd->param; 3017 struct sock **sk = data; 3018 struct mgmt_rp_disconnect rp; 3019 3020 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3021 rp.addr.type = cp->addr.type; 3022 3023 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp, 3024 sizeof(rp)); 3025 3026 *sk = cmd->sk; 3027 sock_hold(*sk); 3028 3029 mgmt_pending_remove(cmd); 3030 } 3031 3032 static void unpair_device_rsp(struct pending_cmd *cmd, void *data) 3033 { 3034 struct hci_dev *hdev = data; 3035 struct mgmt_cp_unpair_device *cp = cmd->param; 3036 struct mgmt_rp_unpair_device rp; 3037 3038 memset(&rp, 0, sizeof(rp)); 3039 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3040 rp.addr.type = cp->addr.type; 3041 3042 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 3043 3044 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp)); 3045 3046 mgmt_pending_remove(cmd); 3047 } 3048 3049 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 3050 u8 link_type, u8 addr_type) 3051 { 3052 struct mgmt_addr_info ev; 3053 struct sock *sk = NULL; 3054 int err; 3055 3056 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 3057 3058 bacpy(&ev.bdaddr, bdaddr); 3059 ev.type = link_to_bdaddr(link_type, addr_type); 3060 3061 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 3062 sk); 3063 3064 if (sk) 3065 sock_put(sk); 3066 3067 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3068 hdev); 3069 3070 return err; 3071 } 3072 3073 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 3074 u8 link_type, u8 addr_type, u8 status) 3075 { 3076 struct mgmt_rp_disconnect rp; 3077 struct pending_cmd *cmd; 3078 int err; 3079 3080 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3081 if (!cmd) 3082 return -ENOENT; 3083 3084 bacpy(&rp.addr.bdaddr, bdaddr); 3085 rp.addr.type = link_to_bdaddr(link_type, addr_type); 3086 3087 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 3088 mgmt_status(status), &rp, sizeof(rp)); 3089 3090 mgmt_pending_remove(cmd); 3091 3092 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 3093 hdev); 3094 return err; 3095 } 3096 3097 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3098 u8 addr_type, u8 status) 3099 { 3100 struct mgmt_ev_connect_failed ev; 3101 3102 bacpy(&ev.addr.bdaddr, bdaddr); 3103 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3104 ev.status = mgmt_status(status); 3105 3106 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 3107 } 3108 3109 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 3110 { 3111 struct mgmt_ev_pin_code_request ev; 3112 3113 bacpy(&ev.addr.bdaddr, bdaddr); 3114 ev.addr.type = BDADDR_BREDR; 3115 ev.secure = secure; 3116 3117 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 3118 NULL); 3119 } 3120 3121 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3122 u8 status) 3123 { 3124 struct pending_cmd *cmd; 3125 struct mgmt_rp_pin_code_reply rp; 3126 int err; 3127 3128 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 3129 if (!cmd) 3130 return -ENOENT; 3131 3132 bacpy(&rp.addr.bdaddr, bdaddr); 3133 rp.addr.type = BDADDR_BREDR; 3134 3135 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 3136 mgmt_status(status), &rp, sizeof(rp)); 3137 3138 mgmt_pending_remove(cmd); 3139 3140 return err; 3141 } 3142 3143 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3144 u8 status) 3145 { 3146 struct pending_cmd *cmd; 3147 struct mgmt_rp_pin_code_reply rp; 3148 int err; 3149 3150 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 3151 if (!cmd) 3152 return -ENOENT; 3153 3154 bacpy(&rp.addr.bdaddr, bdaddr); 3155 rp.addr.type = BDADDR_BREDR; 3156 3157 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, 3158 mgmt_status(status), &rp, sizeof(rp)); 3159 3160 mgmt_pending_remove(cmd); 3161 3162 return err; 3163 } 3164 3165 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3166 u8 link_type, u8 addr_type, __le32 value, 3167 u8 confirm_hint) 3168 { 3169 struct mgmt_ev_user_confirm_request ev; 3170 3171 BT_DBG("%s", hdev->name); 3172 3173 bacpy(&ev.addr.bdaddr, bdaddr); 3174 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3175 ev.confirm_hint = confirm_hint; 3176 ev.value = value; 3177 3178 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 3179 NULL); 3180 } 3181 3182 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3183 u8 link_type, u8 addr_type) 3184 { 3185 struct mgmt_ev_user_passkey_request ev; 3186 3187 BT_DBG("%s", hdev->name); 3188 3189 bacpy(&ev.addr.bdaddr, bdaddr); 3190 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3191 3192 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 3193 NULL); 3194 } 3195 3196 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3197 u8 link_type, u8 addr_type, u8 status, 3198 u8 opcode) 3199 { 3200 struct pending_cmd *cmd; 3201 struct mgmt_rp_user_confirm_reply rp; 3202 int err; 3203 3204 cmd = mgmt_pending_find(opcode, hdev); 3205 if (!cmd) 3206 return -ENOENT; 3207 3208 bacpy(&rp.addr.bdaddr, bdaddr); 3209 rp.addr.type = link_to_bdaddr(link_type, addr_type); 3210 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status), 3211 &rp, sizeof(rp)); 3212 3213 mgmt_pending_remove(cmd); 3214 3215 return err; 3216 } 3217 3218 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3219 u8 link_type, u8 addr_type, u8 status) 3220 { 3221 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3222 status, MGMT_OP_USER_CONFIRM_REPLY); 3223 } 3224 3225 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3226 u8 link_type, u8 addr_type, u8 status) 3227 { 3228 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3229 status, MGMT_OP_USER_CONFIRM_NEG_REPLY); 3230 } 3231 3232 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3233 u8 link_type, u8 addr_type, u8 status) 3234 { 3235 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3236 status, MGMT_OP_USER_PASSKEY_REPLY); 3237 } 3238 3239 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3240 u8 link_type, u8 addr_type, u8 status) 3241 { 3242 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 3243 status, MGMT_OP_USER_PASSKEY_NEG_REPLY); 3244 } 3245 3246 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3247 u8 addr_type, u8 status) 3248 { 3249 struct mgmt_ev_auth_failed ev; 3250 3251 bacpy(&ev.addr.bdaddr, bdaddr); 3252 ev.addr.type = link_to_bdaddr(link_type, addr_type); 3253 ev.status = mgmt_status(status); 3254 3255 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 3256 } 3257 3258 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 3259 { 3260 struct cmd_lookup match = { NULL, hdev }; 3261 bool changed = false; 3262 int err = 0; 3263 3264 if (status) { 3265 u8 mgmt_err = mgmt_status(status); 3266 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 3267 cmd_status_rsp, &mgmt_err); 3268 return 0; 3269 } 3270 3271 if (test_bit(HCI_AUTH, &hdev->flags)) { 3272 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3273 changed = true; 3274 } else { 3275 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) 3276 changed = true; 3277 } 3278 3279 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 3280 &match); 3281 3282 if (changed) 3283 err = new_settings(hdev, match.sk); 3284 3285 if (match.sk) 3286 sock_put(match.sk); 3287 3288 return err; 3289 } 3290 3291 static int clear_eir(struct hci_dev *hdev) 3292 { 3293 struct hci_cp_write_eir cp; 3294 3295 if (!(hdev->features[6] & LMP_EXT_INQ)) 3296 return 0; 3297 3298 memset(hdev->eir, 0, sizeof(hdev->eir)); 3299 3300 memset(&cp, 0, sizeof(cp)); 3301 3302 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 3303 } 3304 3305 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3306 { 3307 struct cmd_lookup match = { NULL, hdev }; 3308 bool changed = false; 3309 int err = 0; 3310 3311 if (status) { 3312 u8 mgmt_err = mgmt_status(status); 3313 3314 if (enable && test_and_clear_bit(HCI_SSP_ENABLED, 3315 &hdev->dev_flags)) 3316 err = new_settings(hdev, NULL); 3317 3318 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 3319 &mgmt_err); 3320 3321 return err; 3322 } 3323 3324 if (enable) { 3325 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3326 changed = true; 3327 } else { 3328 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3329 changed = true; 3330 } 3331 3332 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 3333 3334 if (changed) 3335 err = new_settings(hdev, match.sk); 3336 3337 if (match.sk) 3338 sock_put(match.sk); 3339 3340 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 3341 update_eir(hdev); 3342 else 3343 clear_eir(hdev); 3344 3345 return err; 3346 } 3347 3348 static void class_rsp(struct pending_cmd *cmd, void *data) 3349 { 3350 struct cmd_lookup *match = data; 3351 3352 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status, 3353 match->hdev->dev_class, 3); 3354 3355 list_del(&cmd->list); 3356 3357 if (match->sk == NULL) { 3358 match->sk = cmd->sk; 3359 sock_hold(match->sk); 3360 } 3361 3362 mgmt_pending_free(cmd); 3363 } 3364 3365 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 3366 u8 status) 3367 { 3368 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 3369 int err = 0; 3370 3371 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags); 3372 3373 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match); 3374 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match); 3375 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match); 3376 3377 if (!status) 3378 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3379 3, NULL); 3380 3381 if (match.sk) 3382 sock_put(match.sk); 3383 3384 return err; 3385 } 3386 3387 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 3388 { 3389 struct pending_cmd *cmd; 3390 struct mgmt_cp_set_local_name ev; 3391 bool changed = false; 3392 int err = 0; 3393 3394 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) { 3395 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 3396 changed = true; 3397 } 3398 3399 memset(&ev, 0, sizeof(ev)); 3400 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3401 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 3402 3403 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3404 if (!cmd) 3405 goto send_event; 3406 3407 /* Always assume that either the short or the complete name has 3408 * changed if there was a pending mgmt command */ 3409 changed = true; 3410 3411 if (status) { 3412 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3413 mgmt_status(status)); 3414 goto failed; 3415 } 3416 3417 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev, 3418 sizeof(ev)); 3419 if (err < 0) 3420 goto failed; 3421 3422 send_event: 3423 if (changed) 3424 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, 3425 sizeof(ev), cmd ? cmd->sk : NULL); 3426 3427 update_eir(hdev); 3428 3429 failed: 3430 if (cmd) 3431 mgmt_pending_remove(cmd); 3432 return err; 3433 } 3434 3435 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 3436 u8 *randomizer, u8 status) 3437 { 3438 struct pending_cmd *cmd; 3439 int err; 3440 3441 BT_DBG("%s status %u", hdev->name, status); 3442 3443 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 3444 if (!cmd) 3445 return -ENOENT; 3446 3447 if (status) { 3448 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 3449 mgmt_status(status)); 3450 } else { 3451 struct mgmt_rp_read_local_oob_data rp; 3452 3453 memcpy(rp.hash, hash, sizeof(rp.hash)); 3454 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 3455 3456 err = cmd_complete(cmd->sk, hdev->id, 3457 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp, 3458 sizeof(rp)); 3459 } 3460 3461 mgmt_pending_remove(cmd); 3462 3463 return err; 3464 } 3465 3466 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 3467 { 3468 struct cmd_lookup match = { NULL, hdev }; 3469 bool changed = false; 3470 int err = 0; 3471 3472 if (status) { 3473 u8 mgmt_err = mgmt_status(status); 3474 3475 if (enable && test_and_clear_bit(HCI_LE_ENABLED, 3476 &hdev->dev_flags)) 3477 err = new_settings(hdev, NULL); 3478 3479 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 3480 &mgmt_err); 3481 3482 return err; 3483 } 3484 3485 if (enable) { 3486 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3487 changed = true; 3488 } else { 3489 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3490 changed = true; 3491 } 3492 3493 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 3494 3495 if (changed) 3496 err = new_settings(hdev, match.sk); 3497 3498 if (match.sk) 3499 sock_put(match.sk); 3500 3501 return err; 3502 } 3503 3504 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3505 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 3506 ssp, u8 *eir, u16 eir_len) 3507 { 3508 char buf[512]; 3509 struct mgmt_ev_device_found *ev = (void *) buf; 3510 size_t ev_size; 3511 3512 /* Leave 5 bytes for a potential CoD field */ 3513 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 3514 return -EINVAL; 3515 3516 memset(buf, 0, sizeof(buf)); 3517 3518 bacpy(&ev->addr.bdaddr, bdaddr); 3519 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3520 ev->rssi = rssi; 3521 if (cfm_name) 3522 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME; 3523 if (!ssp) 3524 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING; 3525 3526 if (eir_len > 0) 3527 memcpy(ev->eir, eir, eir_len); 3528 3529 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 3530 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 3531 dev_class, 3); 3532 3533 ev->eir_len = cpu_to_le16(eir_len); 3534 3535 ev_size = sizeof(*ev) + eir_len; 3536 3537 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3538 } 3539 3540 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3541 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 3542 { 3543 struct mgmt_ev_device_found *ev; 3544 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 3545 u16 eir_len; 3546 3547 ev = (struct mgmt_ev_device_found *) buf; 3548 3549 memset(buf, 0, sizeof(buf)); 3550 3551 bacpy(&ev->addr.bdaddr, bdaddr); 3552 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3553 ev->rssi = rssi; 3554 3555 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 3556 name_len); 3557 3558 ev->eir_len = cpu_to_le16(eir_len); 3559 3560 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, 3561 sizeof(*ev) + eir_len, NULL); 3562 } 3563 3564 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3565 { 3566 struct pending_cmd *cmd; 3567 u8 type; 3568 int err; 3569 3570 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 3571 3572 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3573 if (!cmd) 3574 return -ENOENT; 3575 3576 type = hdev->discovery.type; 3577 3578 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3579 &type, sizeof(type)); 3580 mgmt_pending_remove(cmd); 3581 3582 return err; 3583 } 3584 3585 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 3586 { 3587 struct pending_cmd *cmd; 3588 int err; 3589 3590 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3591 if (!cmd) 3592 return -ENOENT; 3593 3594 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), 3595 &hdev->discovery.type, sizeof(hdev->discovery.type)); 3596 mgmt_pending_remove(cmd); 3597 3598 return err; 3599 } 3600 3601 int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 3602 { 3603 struct mgmt_ev_discovering ev; 3604 struct pending_cmd *cmd; 3605 3606 BT_DBG("%s discovering %u", hdev->name, discovering); 3607 3608 if (discovering) 3609 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3610 else 3611 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3612 3613 if (cmd != NULL) { 3614 u8 type = hdev->discovery.type; 3615 3616 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type, 3617 sizeof(type)); 3618 mgmt_pending_remove(cmd); 3619 } 3620 3621 memset(&ev, 0, sizeof(ev)); 3622 ev.type = hdev->discovery.type; 3623 ev.discovering = discovering; 3624 3625 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 3626 } 3627 3628 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3629 { 3630 struct pending_cmd *cmd; 3631 struct mgmt_ev_device_blocked ev; 3632 3633 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 3634 3635 bacpy(&ev.addr.bdaddr, bdaddr); 3636 ev.addr.type = type; 3637 3638 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 3639 cmd ? cmd->sk : NULL); 3640 } 3641 3642 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 3643 { 3644 struct pending_cmd *cmd; 3645 struct mgmt_ev_device_unblocked ev; 3646 3647 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 3648 3649 bacpy(&ev.addr.bdaddr, bdaddr); 3650 ev.addr.type = type; 3651 3652 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 3653 cmd ? cmd->sk : NULL); 3654 } 3655 3656 module_param(enable_hs, bool, 0644); 3657 MODULE_PARM_DESC(enable_hs, "Enable High Speed support"); 3658