search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wl1251: only call ieee80211_beacon_loss in managed mode
[linux-2.6/btrfs-unstable.git] / net / bluetooth / mgmt.c
blob54abbce3a39e8bc0cdbd9018ca8e616e5c864546
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33
34 #include "smp.h"
35
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 5
38
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_BREDR,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
84 MGMT_OP_SET_PRIVACY,
85 MGMT_OP_LOAD_IRKS,
86 };
87
88 static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
109 MGMT_EV_PASSKEY_NOTIFY,
110 MGMT_EV_NEW_IRK,
111 MGMT_EV_NEW_CSRK,
112 };
113
114 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
115
116 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
117 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
118
119 struct pending_cmd {
120 struct list_head list;
121 u16 opcode;
122 int index;
123 void *param;
124 struct sock *sk;
125 void *user_data;
126 };
127
128 /* HCI to MGMT error code conversion table */
129 static u8 mgmt_status_table[] = {
130 MGMT_STATUS_SUCCESS,
131 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
132 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
133 MGMT_STATUS_FAILED, /* Hardware Failure */
134 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
135 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
136 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
137 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
138 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
141 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
142 MGMT_STATUS_BUSY, /* Command Disallowed */
143 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
144 MGMT_STATUS_REJECTED, /* Rejected Security */
145 MGMT_STATUS_REJECTED, /* Rejected Personal */
146 MGMT_STATUS_TIMEOUT, /* Host Timeout */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
148 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
149 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
150 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
151 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
152 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
153 MGMT_STATUS_BUSY, /* Repeated Attempts */
154 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
155 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
157 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
158 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
159 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
160 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
161 MGMT_STATUS_FAILED, /* Unspecified Error */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
163 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
164 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
165 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
166 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
167 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
168 MGMT_STATUS_FAILED, /* Unit Link Key Used */
169 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
170 MGMT_STATUS_TIMEOUT, /* Instant Passed */
171 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
172 MGMT_STATUS_FAILED, /* Transaction Collision */
173 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
174 MGMT_STATUS_REJECTED, /* QoS Rejected */
175 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
176 MGMT_STATUS_REJECTED, /* Insufficient Security */
177 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
178 MGMT_STATUS_BUSY, /* Role Switch Pending */
179 MGMT_STATUS_FAILED, /* Slot Violation */
180 MGMT_STATUS_FAILED, /* Role Switch Failed */
181 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
182 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
183 MGMT_STATUS_BUSY, /* Host Busy Pairing */
184 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
185 MGMT_STATUS_BUSY, /* Controller Busy */
186 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
187 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
189 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
190 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
191 };
192
193 static u8 mgmt_status(u8 hci_status)
194 {
195 if (hci_status < ARRAY_SIZE(mgmt_status_table))
196 return mgmt_status_table[hci_status];
197
198 return MGMT_STATUS_FAILED;
199 }
200
201 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
202 {
203 struct sk_buff *skb;
204 struct mgmt_hdr *hdr;
205 struct mgmt_ev_cmd_status *ev;
206 int err;
207
208 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
209
210 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 if (!skb)
212 return -ENOMEM;
213
214 hdr = (void *) skb_put(skb, sizeof(*hdr));
215
216 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
217 hdr->index = cpu_to_le16(index);
218 hdr->len = cpu_to_le16(sizeof(*ev));
219
220 ev = (void *) skb_put(skb, sizeof(*ev));
221 ev->status = status;
222 ev->opcode = cpu_to_le16(cmd);
223
224 err = sock_queue_rcv_skb(sk, skb);
225 if (err < 0)
226 kfree_skb(skb);
227
228 return err;
229 }
230
231 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
232 void *rp, size_t rp_len)
233 {
234 struct sk_buff *skb;
235 struct mgmt_hdr *hdr;
236 struct mgmt_ev_cmd_complete *ev;
237 int err;
238
239 BT_DBG("sock %p", sk);
240
241 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 if (!skb)
243 return -ENOMEM;
244
245 hdr = (void *) skb_put(skb, sizeof(*hdr));
246
247 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
248 hdr->index = cpu_to_le16(index);
249 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
250
251 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
252 ev->opcode = cpu_to_le16(cmd);
253 ev->status = status;
254
255 if (rp)
256 memcpy(ev->data, rp, rp_len);
257
258 err = sock_queue_rcv_skb(sk, skb);
259 if (err < 0)
260 kfree_skb(skb);
261
262 return err;
263 }
264
265 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
266 u16 data_len)
267 {
268 struct mgmt_rp_read_version rp;
269
270 BT_DBG("sock %p", sk);
271
272 rp.version = MGMT_VERSION;
273 rp.revision = cpu_to_le16(MGMT_REVISION);
274
275 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 sizeof(rp));
277 }
278
279 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
281 {
282 struct mgmt_rp_read_commands *rp;
283 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
284 const u16 num_events = ARRAY_SIZE(mgmt_events);
285 __le16 *opcode;
286 size_t rp_size;
287 int i, err;
288
289 BT_DBG("sock %p", sk);
290
291 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
292
293 rp = kmalloc(rp_size, GFP_KERNEL);
294 if (!rp)
295 return -ENOMEM;
296
297 rp->num_commands = cpu_to_le16(num_commands);
298 rp->num_events = cpu_to_le16(num_events);
299
300 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
301 put_unaligned_le16(mgmt_commands[i], opcode);
302
303 for (i = 0; i < num_events; i++, opcode++)
304 put_unaligned_le16(mgmt_events[i], opcode);
305
306 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 rp_size);
308 kfree(rp);
309
310 return err;
311 }
312
313 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
315 {
316 struct mgmt_rp_read_index_list *rp;
317 struct hci_dev *d;
318 size_t rp_len;
319 u16 count;
320 int err;
321
322 BT_DBG("sock %p", sk);
323
324 read_lock(&hci_dev_list_lock);
325
326 count = 0;
327 list_for_each_entry(d, &hci_dev_list, list) {
328 if (d->dev_type == HCI_BREDR)
329 count++;
330 }
331
332 rp_len = sizeof(*rp) + (2 * count);
333 rp = kmalloc(rp_len, GFP_ATOMIC);
334 if (!rp) {
335 read_unlock(&hci_dev_list_lock);
336 return -ENOMEM;
337 }
338
339 count = 0;
340 list_for_each_entry(d, &hci_dev_list, list) {
341 if (test_bit(HCI_SETUP, &d->dev_flags))
342 continue;
343
344 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
345 continue;
346
347 if (d->dev_type == HCI_BREDR) {
348 rp->index[count++] = cpu_to_le16(d->id);
349 BT_DBG("Added hci%u", d->id);
350 }
351 }
352
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
356 read_unlock(&hci_dev_list_lock);
357
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
359 rp_len);
360
361 kfree(rp);
362
363 return err;
364 }
365
366 static u32 get_supported_settings(struct hci_dev *hdev)
367 {
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
372 settings |= MGMT_SETTING_DEBUG_KEYS;
373
374 if (lmp_bredr_capable(hdev)) {
375 settings |= MGMT_SETTING_CONNECTABLE;
376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
378 settings |= MGMT_SETTING_DISCOVERABLE;
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381
382 if (lmp_ssp_capable(hdev)) {
383 settings |= MGMT_SETTING_SSP;
384 settings |= MGMT_SETTING_HS;
385 }
386
387 if (lmp_sc_capable(hdev) ||
388 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
389 settings |= MGMT_SETTING_SECURE_CONN;
390 }
391
392 if (lmp_le_capable(hdev)) {
393 settings |= MGMT_SETTING_LE;
394 settings |= MGMT_SETTING_ADVERTISING;
395 settings |= MGMT_SETTING_PRIVACY;
396 }
397
398 return settings;
399 }
400
401 static u32 get_current_settings(struct hci_dev *hdev)
402 {
403 u32 settings = 0;
404
405 if (hdev_is_powered(hdev))
406 settings |= MGMT_SETTING_POWERED;
407
408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_CONNECTABLE;
410
411 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_FAST_CONNECTABLE;
413
414 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
415 settings |= MGMT_SETTING_DISCOVERABLE;
416
417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
418 settings |= MGMT_SETTING_PAIRABLE;
419
420 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_BREDR;
422
423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_LE;
425
426 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
427 settings |= MGMT_SETTING_LINK_SECURITY;
428
429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
430 settings |= MGMT_SETTING_SSP;
431
432 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
433 settings |= MGMT_SETTING_HS;
434
435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
436 settings |= MGMT_SETTING_ADVERTISING;
437
438 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_SECURE_CONN;
440
441 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
442 settings |= MGMT_SETTING_DEBUG_KEYS;
443
444 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
445 settings |= MGMT_SETTING_PRIVACY;
446
447 return settings;
448 }
449
450 #define PNP_INFO_SVCLASS_ID 0x1200
451
452 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
453 {
454 u8 *ptr = data, *uuids_start = NULL;
455 struct bt_uuid *uuid;
456
457 if (len < 4)
458 return ptr;
459
460 list_for_each_entry(uuid, &hdev->uuids, list) {
461 u16 uuid16;
462
463 if (uuid->size != 16)
464 continue;
465
466 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
467 if (uuid16 < 0x1100)
468 continue;
469
470 if (uuid16 == PNP_INFO_SVCLASS_ID)
471 continue;
472
473 if (!uuids_start) {
474 uuids_start = ptr;
475 uuids_start[0] = 1;
476 uuids_start[1] = EIR_UUID16_ALL;
477 ptr += 2;
478 }
479
480 /* Stop if not enough space to put next UUID */
481 if ((ptr - data) + sizeof(u16) > len) {
482 uuids_start[1] = EIR_UUID16_SOME;
483 break;
484 }
485
486 *ptr++ = (uuid16 & 0x00ff);
487 *ptr++ = (uuid16 & 0xff00) >> 8;
488 uuids_start[0] += sizeof(uuid16);
489 }
490
491 return ptr;
492 }
493
494 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
495 {
496 u8 *ptr = data, *uuids_start = NULL;
497 struct bt_uuid *uuid;
498
499 if (len < 6)
500 return ptr;
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 if (uuid->size != 32)
504 continue;
505
506 if (!uuids_start) {
507 uuids_start = ptr;
508 uuids_start[0] = 1;
509 uuids_start[1] = EIR_UUID32_ALL;
510 ptr += 2;
511 }
512
513 /* Stop if not enough space to put next UUID */
514 if ((ptr - data) + sizeof(u32) > len) {
515 uuids_start[1] = EIR_UUID32_SOME;
516 break;
517 }
518
519 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
520 ptr += sizeof(u32);
521 uuids_start[0] += sizeof(u32);
522 }
523
524 return ptr;
525 }
526
527 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
528 {
529 u8 *ptr = data, *uuids_start = NULL;
530 struct bt_uuid *uuid;
531
532 if (len < 18)
533 return ptr;
534
535 list_for_each_entry(uuid, &hdev->uuids, list) {
536 if (uuid->size != 128)
537 continue;
538
539 if (!uuids_start) {
540 uuids_start = ptr;
541 uuids_start[0] = 1;
542 uuids_start[1] = EIR_UUID128_ALL;
543 ptr += 2;
544 }
545
546 /* Stop if not enough space to put next UUID */
547 if ((ptr - data) + 16 > len) {
548 uuids_start[1] = EIR_UUID128_SOME;
549 break;
550 }
551
552 memcpy(ptr, uuid->uuid, 16);
553 ptr += 16;
554 uuids_start[0] += 16;
555 }
556
557 return ptr;
558 }
559
560 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
561 {
562 struct pending_cmd *cmd;
563
564 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
565 if (cmd->opcode == opcode)
566 return cmd;
567 }
568
569 return NULL;
570 }
571
572 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
573 {
574 u8 ad_len = 0;
575 size_t name_len;
576
577 name_len = strlen(hdev->dev_name);
578 if (name_len > 0) {
579 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580
581 if (name_len > max_len) {
582 name_len = max_len;
583 ptr[1] = EIR_NAME_SHORT;
584 } else
585 ptr[1] = EIR_NAME_COMPLETE;
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ad_len += (name_len + 2);
592 ptr += (name_len + 2);
593 }
594
595 return ad_len;
596 }
597
598 static void update_scan_rsp_data(struct hci_request *req)
599 {
600 struct hci_dev *hdev = req->hdev;
601 struct hci_cp_le_set_scan_rsp_data cp;
602 u8 len;
603
604 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
605 return;
606
607 memset(&cp, 0, sizeof(cp));
608
609 len = create_scan_rsp_data(hdev, cp.data);
610
611 if (hdev->scan_rsp_data_len == len &&
612 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
613 return;
614
615 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
616 hdev->scan_rsp_data_len = len;
617
618 cp.length = len;
619
620 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
621 }
622
623 static u8 get_adv_discov_flags(struct hci_dev *hdev)
624 {
625 struct pending_cmd *cmd;
626
627 /* If there's a pending mgmt command the flags will not yet have
628 * their final values, so check for this first.
629 */
630 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
631 if (cmd) {
632 struct mgmt_mode *cp = cmd->param;
633 if (cp->val == 0x01)
634 return LE_AD_GENERAL;
635 else if (cp->val == 0x02)
636 return LE_AD_LIMITED;
637 } else {
638 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_LIMITED;
640 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_GENERAL;
642 }
643
644 return 0;
645 }
646
647 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
648 {
649 u8 ad_len = 0, flags = 0;
650
651 flags |= get_adv_discov_flags(hdev);
652
653 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
654 flags |= LE_AD_NO_BREDR;
655
656 if (flags) {
657 BT_DBG("adv flags 0x%02x", flags);
658
659 ptr[0] = 2;
660 ptr[1] = EIR_FLAGS;
661 ptr[2] = flags;
662
663 ad_len += 3;
664 ptr += 3;
665 }
666
667 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
668 ptr[0] = 2;
669 ptr[1] = EIR_TX_POWER;
670 ptr[2] = (u8) hdev->adv_tx_power;
671
672 ad_len += 3;
673 ptr += 3;
674 }
675
676 return ad_len;
677 }
678
679 static void update_adv_data(struct hci_request *req)
680 {
681 struct hci_dev *hdev = req->hdev;
682 struct hci_cp_le_set_adv_data cp;
683 u8 len;
684
685 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
686 return;
687
688 memset(&cp, 0, sizeof(cp));
689
690 len = create_adv_data(hdev, cp.data);
691
692 if (hdev->adv_data_len == len &&
693 memcmp(cp.data, hdev->adv_data, len) == 0)
694 return;
695
696 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
697 hdev->adv_data_len = len;
698
699 cp.length = len;
700
701 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
702 }
703
704 static void create_eir(struct hci_dev *hdev, u8 *data)
705 {
706 u8 *ptr = data;
707 size_t name_len;
708
709 name_len = strlen(hdev->dev_name);
710
711 if (name_len > 0) {
712 /* EIR Data type */
713 if (name_len > 48) {
714 name_len = 48;
715 ptr[1] = EIR_NAME_SHORT;
716 } else
717 ptr[1] = EIR_NAME_COMPLETE;
718
719 /* EIR Data length */
720 ptr[0] = name_len + 1;
721
722 memcpy(ptr + 2, hdev->dev_name, name_len);
723
724 ptr += (name_len + 2);
725 }
726
727 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
728 ptr[0] = 2;
729 ptr[1] = EIR_TX_POWER;
730 ptr[2] = (u8) hdev->inq_tx_power;
731
732 ptr += 3;
733 }
734
735 if (hdev->devid_source > 0) {
736 ptr[0] = 9;
737 ptr[1] = EIR_DEVICE_ID;
738
739 put_unaligned_le16(hdev->devid_source, ptr + 2);
740 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
741 put_unaligned_le16(hdev->devid_product, ptr + 6);
742 put_unaligned_le16(hdev->devid_version, ptr + 8);
743
744 ptr += 10;
745 }
746
747 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
748 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
749 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
750 }
751
752 static void update_eir(struct hci_request *req)
753 {
754 struct hci_dev *hdev = req->hdev;
755 struct hci_cp_write_eir cp;
756
757 if (!hdev_is_powered(hdev))
758 return;
759
760 if (!lmp_ext_inq_capable(hdev))
761 return;
762
763 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
764 return;
765
766 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
767 return;
768
769 memset(&cp, 0, sizeof(cp));
770
771 create_eir(hdev, cp.data);
772
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
774 return;
775
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
777
778 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
779 }
780
781 static u8 get_service_classes(struct hci_dev *hdev)
782 {
783 struct bt_uuid *uuid;
784 u8 val = 0;
785
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
788
789 return val;
790 }
791
792 static void update_class(struct hci_request *req)
793 {
794 struct hci_dev *hdev = req->hdev;
795 u8 cod[3];
796
797 BT_DBG("%s", hdev->name);
798
799 if (!hdev_is_powered(hdev))
800 return;
801
802 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
803 return;
804
805 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
806 return;
807
808 cod[0] = hdev->minor_class;
809 cod[1] = hdev->major_class;
810 cod[2] = get_service_classes(hdev);
811
812 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
813 cod[1] |= 0x20;
814
815 if (memcmp(cod, hdev->dev_class, 3) == 0)
816 return;
817
818 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
819 }
820
821 static bool get_connectable(struct hci_dev *hdev)
822 {
823 struct pending_cmd *cmd;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 return cp->val;
832 }
833
834 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
835 }
836
837 static void enable_advertising(struct hci_request *req)
838 {
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_adv_param cp;
841 u8 own_addr_type, enable = 0x01;
842 bool connectable;
843
844 /* Clear the HCI_ADVERTISING bit temporarily so that the
845 * hci_update_random_address knows that it's safe to go ahead
846 * and write a new random address. The flag will be set back on
847 * as soon as the SET_ADV_ENABLE HCI command completes.
848 */
849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
850
851 connectable = get_connectable(hdev);
852
853 /* Set require_privacy to true only when non-connectable
854 * advertising is used. In that case it is fine to use a
855 * non-resolvable private address.
856 */
857 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
858 return;
859
860 memset(&cp, 0, sizeof(cp));
861 cp.min_interval = cpu_to_le16(0x0800);
862 cp.max_interval = cpu_to_le16(0x0800);
863 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
864 cp.own_address_type = own_addr_type;
865 cp.channel_map = hdev->le_adv_channel_map;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870 }
871
872 static void disable_advertising(struct hci_request *req)
873 {
874 u8 enable = 0x00;
875
876 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
877 }
878
879 static void service_cache_off(struct work_struct *work)
880 {
881 struct hci_dev *hdev = container_of(work, struct hci_dev,
882 service_cache.work);
883 struct hci_request req;
884
885 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
886 return;
887
888 hci_req_init(&req, hdev);
889
890 hci_dev_lock(hdev);
891
892 update_eir(&req);
893 update_class(&req);
894
895 hci_dev_unlock(hdev);
896
897 hci_req_run(&req, NULL);
898 }
899
900 static void rpa_expired(struct work_struct *work)
901 {
902 struct hci_dev *hdev = container_of(work, struct hci_dev,
903 rpa_expired.work);
904 struct hci_request req;
905
906 BT_DBG("");
907
908 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
909
910 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
911 hci_conn_num(hdev, LE_LINK) > 0)
912 return;
913
914 /* The generation of a new RPA and programming it into the
915 * controller happens in the enable_advertising() function.
916 */
917
918 hci_req_init(&req, hdev);
919
920 disable_advertising(&req);
921 enable_advertising(&req);
922
923 hci_req_run(&req, NULL);
924 }
925
926 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
927 {
928 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
929 return;
930
931 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
932 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
933
934 /* Non-mgmt controlled devices get this bit set
935 * implicitly so that pairing works for them, however
936 * for mgmt we require user-space to explicitly enable
937 * it
938 */
939 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
940 }
941
942 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
943 void *data, u16 data_len)
944 {
945 struct mgmt_rp_read_info rp;
946
947 BT_DBG("sock %p %s", sk, hdev->name);
948
949 hci_dev_lock(hdev);
950
951 memset(&rp, 0, sizeof(rp));
952
953 bacpy(&rp.bdaddr, &hdev->bdaddr);
954
955 rp.version = hdev->hci_ver;
956 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
957
958 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
959 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
960
961 memcpy(rp.dev_class, hdev->dev_class, 3);
962
963 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
964 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
965
966 hci_dev_unlock(hdev);
967
968 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
969 sizeof(rp));
970 }
971
972 static void mgmt_pending_free(struct pending_cmd *cmd)
973 {
974 sock_put(cmd->sk);
975 kfree(cmd->param);
976 kfree(cmd);
977 }
978
979 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
980 struct hci_dev *hdev, void *data,
981 u16 len)
982 {
983 struct pending_cmd *cmd;
984
985 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
986 if (!cmd)
987 return NULL;
988
989 cmd->opcode = opcode;
990 cmd->index = hdev->id;
991
992 cmd->param = kmalloc(len, GFP_KERNEL);
993 if (!cmd->param) {
994 kfree(cmd);
995 return NULL;
996 }
997
998 if (data)
999 memcpy(cmd->param, data, len);
1000
1001 cmd->sk = sk;
1002 sock_hold(sk);
1003
1004 list_add(&cmd->list, &hdev->mgmt_pending);
1005
1006 return cmd;
1007 }
1008
1009 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1010 void (*cb)(struct pending_cmd *cmd,
1011 void *data),
1012 void *data)
1013 {
1014 struct pending_cmd *cmd, *tmp;
1015
1016 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1017 if (opcode > 0 && cmd->opcode != opcode)
1018 continue;
1019
1020 cb(cmd, data);
1021 }
1022 }
1023
1024 static void mgmt_pending_remove(struct pending_cmd *cmd)
1025 {
1026 list_del(&cmd->list);
1027 mgmt_pending_free(cmd);
1028 }
1029
1030 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1031 {
1032 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1033
1034 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1035 sizeof(settings));
1036 }
1037
1038 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1039 {
1040 BT_DBG("%s status 0x%02x", hdev->name, status);
1041
1042 if (hci_conn_count(hdev) == 0) {
1043 cancel_delayed_work(&hdev->power_off);
1044 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1045 }
1046 }
1047
1048 static int clean_up_hci_state(struct hci_dev *hdev)
1049 {
1050 struct hci_request req;
1051 struct hci_conn *conn;
1052
1053 hci_req_init(&req, hdev);
1054
1055 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1056 test_bit(HCI_PSCAN, &hdev->flags)) {
1057 u8 scan = 0x00;
1058 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1059 }
1060
1061 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1062 disable_advertising(&req);
1063
1064 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1065 hci_req_add_le_scan_disable(&req);
1066 }
1067
1068 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1069 struct hci_cp_disconnect dc;
1070 struct hci_cp_reject_conn_req rej;
1071
1072 switch (conn->state) {
1073 case BT_CONNECTED:
1074 case BT_CONFIG:
1075 dc.handle = cpu_to_le16(conn->handle);
1076 dc.reason = 0x15; /* Terminated due to Power Off */
1077 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1078 break;
1079 case BT_CONNECT:
1080 if (conn->type == LE_LINK)
1081 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1082 0, NULL);
1083 else if (conn->type == ACL_LINK)
1084 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1085 6, &conn->dst);
1086 break;
1087 case BT_CONNECT2:
1088 bacpy(&rej.bdaddr, &conn->dst);
1089 rej.reason = 0x15; /* Terminated due to Power Off */
1090 if (conn->type == ACL_LINK)
1091 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1092 sizeof(rej), &rej);
1093 else if (conn->type == SCO_LINK)
1094 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1095 sizeof(rej), &rej);
1096 break;
1097 }
1098 }
1099
1100 return hci_req_run(&req, clean_up_hci_complete);
1101 }
1102
1103 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1104 u16 len)
1105 {
1106 struct mgmt_mode *cp = data;
1107 struct pending_cmd *cmd;
1108 int err;
1109
1110 BT_DBG("request for %s", hdev->name);
1111
1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
1116 hci_dev_lock(hdev);
1117
1118 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1120 MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
1124 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1125 cancel_delayed_work(&hdev->power_off);
1126
1127 if (cp->val) {
1128 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1129 data, len);
1130 err = mgmt_powered(hdev, 1);
1131 goto failed;
1132 }
1133 }
1134
1135 if (!!cp->val == hdev_is_powered(hdev)) {
1136 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1137 goto failed;
1138 }
1139
1140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1141 if (!cmd) {
1142 err = -ENOMEM;
1143 goto failed;
1144 }
1145
1146 if (cp->val) {
1147 queue_work(hdev->req_workqueue, &hdev->power_on);
1148 err = 0;
1149 } else {
1150 /* Disconnect connections, stop scans, etc */
1151 err = clean_up_hci_state(hdev);
1152 if (!err)
1153 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1154 HCI_POWER_OFF_TIMEOUT);
1155
1156 /* ENODATA means there were no HCI commands queued */
1157 if (err == -ENODATA) {
1158 cancel_delayed_work(&hdev->power_off);
1159 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1160 err = 0;
1161 }
1162 }
1163
1164 failed:
1165 hci_dev_unlock(hdev);
1166 return err;
1167 }
1168
1169 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1170 struct sock *skip_sk)
1171 {
1172 struct sk_buff *skb;
1173 struct mgmt_hdr *hdr;
1174
1175 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1176 if (!skb)
1177 return -ENOMEM;
1178
1179 hdr = (void *) skb_put(skb, sizeof(*hdr));
1180 hdr->opcode = cpu_to_le16(event);
1181 if (hdev)
1182 hdr->index = cpu_to_le16(hdev->id);
1183 else
1184 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
1185 hdr->len = cpu_to_le16(data_len);
1186
1187 if (data)
1188 memcpy(skb_put(skb, data_len), data, data_len);
1189
1190 /* Time stamp */
1191 __net_timestamp(skb);
1192
1193 hci_send_to_control(skb, skip_sk);
1194 kfree_skb(skb);
1195
1196 return 0;
1197 }
1198
1199 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1200 {
1201 __le32 ev;
1202
1203 ev = cpu_to_le32(get_current_settings(hdev));
1204
1205 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1206 }
1207
1208 struct cmd_lookup {
1209 struct sock *sk;
1210 struct hci_dev *hdev;
1211 u8 mgmt_status;
1212 };
1213
1214 static void settings_rsp(struct pending_cmd *cmd, void *data)
1215 {
1216 struct cmd_lookup *match = data;
1217
1218 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1219
1220 list_del(&cmd->list);
1221
1222 if (match->sk == NULL) {
1223 match->sk = cmd->sk;
1224 sock_hold(match->sk);
1225 }
1226
1227 mgmt_pending_free(cmd);
1228 }
1229
1230 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1231 {
1232 u8 *status = data;
1233
1234 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1235 mgmt_pending_remove(cmd);
1236 }
1237
1238 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1239 {
1240 if (!lmp_bredr_capable(hdev))
1241 return MGMT_STATUS_NOT_SUPPORTED;
1242 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1243 return MGMT_STATUS_REJECTED;
1244 else
1245 return MGMT_STATUS_SUCCESS;
1246 }
1247
1248 static u8 mgmt_le_support(struct hci_dev *hdev)
1249 {
1250 if (!lmp_le_capable(hdev))
1251 return MGMT_STATUS_NOT_SUPPORTED;
1252 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1253 return MGMT_STATUS_REJECTED;
1254 else
1255 return MGMT_STATUS_SUCCESS;
1256 }
1257
1258 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1259 {
1260 struct pending_cmd *cmd;
1261 struct mgmt_mode *cp;
1262 struct hci_request req;
1263 bool changed;
1264
1265 BT_DBG("status 0x%02x", status);
1266
1267 hci_dev_lock(hdev);
1268
1269 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1270 if (!cmd)
1271 goto unlock;
1272
1273 if (status) {
1274 u8 mgmt_err = mgmt_status(status);
1275 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1276 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1277 goto remove_cmd;
1278 }
1279
1280 cp = cmd->param;
1281 if (cp->val) {
1282 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1283 &hdev->dev_flags);
1284
1285 if (hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1287 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1288 to);
1289 }
1290 } else {
1291 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1292 &hdev->dev_flags);
1293 }
1294
1295 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296
1297 if (changed)
1298 new_settings(hdev, cmd->sk);
1299
1300 /* When the discoverable mode gets changed, make sure
1301 * that class of device has the limited discoverable
1302 * bit correctly set.
1303 */
1304 hci_req_init(&req, hdev);
1305 update_class(&req);
1306 hci_req_run(&req, NULL);
1307
1308 remove_cmd:
1309 mgmt_pending_remove(cmd);
1310
1311 unlock:
1312 hci_dev_unlock(hdev);
1313 }
1314
1315 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1316 u16 len)
1317 {
1318 struct mgmt_cp_set_discoverable *cp = data;
1319 struct pending_cmd *cmd;
1320 struct hci_request req;
1321 u16 timeout;
1322 u8 scan;
1323 int err;
1324
1325 BT_DBG("request for %s", hdev->name);
1326
1327 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1328 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1330 MGMT_STATUS_REJECTED);
1331
1332 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1333 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1334 MGMT_STATUS_INVALID_PARAMS);
1335
1336 timeout = __le16_to_cpu(cp->timeout);
1337
1338 /* Disabling discoverable requires that no timeout is set,
1339 * and enabling limited discoverable requires a timeout.
1340 */
1341 if ((cp->val == 0x00 && timeout > 0) ||
1342 (cp->val == 0x02 && timeout == 0))
1343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1344 MGMT_STATUS_INVALID_PARAMS);
1345
1346 hci_dev_lock(hdev);
1347
1348 if (!hdev_is_powered(hdev) && timeout > 0) {
1349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1350 MGMT_STATUS_NOT_POWERED);
1351 goto failed;
1352 }
1353
1354 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1355 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1357 MGMT_STATUS_BUSY);
1358 goto failed;
1359 }
1360
1361 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1362 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1363 MGMT_STATUS_REJECTED);
1364 goto failed;
1365 }
1366
1367 if (!hdev_is_powered(hdev)) {
1368 bool changed = false;
1369
1370 /* Setting limited discoverable when powered off is
1371 * not a valid operation since it requires a timeout
1372 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1373 */
1374 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1375 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1376 changed = true;
1377 }
1378
1379 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1380 if (err < 0)
1381 goto failed;
1382
1383 if (changed)
1384 err = new_settings(hdev, sk);
1385
1386 goto failed;
1387 }
1388
1389 /* If the current mode is the same, then just update the timeout
1390 * value with the new value. And if only the timeout gets updated,
1391 * then no need for any HCI transactions.
1392 */
1393 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1394 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1395 &hdev->dev_flags)) {
1396 cancel_delayed_work(&hdev->discov_off);
1397 hdev->discov_timeout = timeout;
1398
1399 if (cp->val && hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1401 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1402 to);
1403 }
1404
1405 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1406 goto failed;
1407 }
1408
1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1410 if (!cmd) {
1411 err = -ENOMEM;
1412 goto failed;
1413 }
1414
1415 /* Cancel any potential discoverable timeout that might be
1416 * still active and store new timeout value. The arming of
1417 * the timeout happens in the complete handler.
1418 */
1419 cancel_delayed_work(&hdev->discov_off);
1420 hdev->discov_timeout = timeout;
1421
1422 /* Limited discoverable mode */
1423 if (cp->val == 0x02)
1424 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1425 else
1426 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427
1428 hci_req_init(&req, hdev);
1429
1430 /* The procedure for LE-only controllers is much simpler - just
1431 * update the advertising data.
1432 */
1433 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1434 goto update_ad;
1435
1436 scan = SCAN_PAGE;
1437
1438 if (cp->val) {
1439 struct hci_cp_write_current_iac_lap hci_cp;
1440
1441 if (cp->val == 0x02) {
1442 /* Limited discoverable mode */
1443 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1444 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1445 hci_cp.iac_lap[1] = 0x8b;
1446 hci_cp.iac_lap[2] = 0x9e;
1447 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1448 hci_cp.iac_lap[4] = 0x8b;
1449 hci_cp.iac_lap[5] = 0x9e;
1450 } else {
1451 /* General discoverable mode */
1452 hci_cp.num_iac = 1;
1453 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1454 hci_cp.iac_lap[1] = 0x8b;
1455 hci_cp.iac_lap[2] = 0x9e;
1456 }
1457
1458 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1459 (hci_cp.num_iac * 3) + 1, &hci_cp);
1460
1461 scan |= SCAN_INQUIRY;
1462 } else {
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464 }
1465
1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1467
1468 update_ad:
1469 update_adv_data(&req);
1470
1471 err = hci_req_run(&req, set_discoverable_complete);
1472 if (err < 0)
1473 mgmt_pending_remove(cmd);
1474
1475 failed:
1476 hci_dev_unlock(hdev);
1477 return err;
1478 }
1479
1480 static void write_fast_connectable(struct hci_request *req, bool enable)
1481 {
1482 struct hci_dev *hdev = req->hdev;
1483 struct hci_cp_write_page_scan_activity acp;
1484 u8 type;
1485
1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return;
1488
1489 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1490 return;
1491
1492 if (enable) {
1493 type = PAGE_SCAN_TYPE_INTERLACED;
1494
1495 /* 160 msec page scan interval */
1496 acp.interval = cpu_to_le16(0x0100);
1497 } else {
1498 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1499
1500 /* default 1.28 sec page scan */
1501 acp.interval = cpu_to_le16(0x0800);
1502 }
1503
1504 acp.window = cpu_to_le16(0x0012);
1505
1506 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1507 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1508 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1509 sizeof(acp), &acp);
1510
1511 if (hdev->page_scan_type != type)
1512 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1513 }
1514
1515 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1516 {
1517 struct pending_cmd *cmd;
1518 struct mgmt_mode *cp;
1519 bool changed;
1520
1521 BT_DBG("status 0x%02x", status);
1522
1523 hci_dev_lock(hdev);
1524
1525 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 if (!cmd)
1527 goto unlock;
1528
1529 if (status) {
1530 u8 mgmt_err = mgmt_status(status);
1531 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1532 goto remove_cmd;
1533 }
1534
1535 cp = cmd->param;
1536 if (cp->val)
1537 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1538 else
1539 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540
1541 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1542
1543 if (changed)
1544 new_settings(hdev, cmd->sk);
1545
1546 remove_cmd:
1547 mgmt_pending_remove(cmd);
1548
1549 unlock:
1550 hci_dev_unlock(hdev);
1551 }
1552
1553 static int set_connectable_update_settings(struct hci_dev *hdev,
1554 struct sock *sk, u8 val)
1555 {
1556 bool changed = false;
1557 int err;
1558
1559 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1560 changed = true;
1561
1562 if (val) {
1563 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1564 } else {
1565 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1567 }
1568
1569 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1570 if (err < 0)
1571 return err;
1572
1573 if (changed)
1574 return new_settings(hdev, sk);
1575
1576 return 0;
1577 }
1578
1579 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1580 u16 len)
1581 {
1582 struct mgmt_mode *cp = data;
1583 struct pending_cmd *cmd;
1584 struct hci_request req;
1585 u8 scan;
1586 int err;
1587
1588 BT_DBG("request for %s", hdev->name);
1589
1590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1591 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1592 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1593 MGMT_STATUS_REJECTED);
1594
1595 if (cp->val != 0x00 && cp->val != 0x01)
1596 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1597 MGMT_STATUS_INVALID_PARAMS);
1598
1599 hci_dev_lock(hdev);
1600
1601 if (!hdev_is_powered(hdev)) {
1602 err = set_connectable_update_settings(hdev, sk, cp->val);
1603 goto failed;
1604 }
1605
1606 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1607 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1609 MGMT_STATUS_BUSY);
1610 goto failed;
1611 }
1612
1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1614 if (!cmd) {
1615 err = -ENOMEM;
1616 goto failed;
1617 }
1618
1619 hci_req_init(&req, hdev);
1620
1621 /* If BR/EDR is not enabled and we disable advertising as a
1622 * by-product of disabling connectable, we need to update the
1623 * advertising flags.
1624 */
1625 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1626 if (!cp->val) {
1627 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630 update_adv_data(&req);
1631 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1632 if (cp->val) {
1633 scan = SCAN_PAGE;
1634 } else {
1635 scan = 0;
1636
1637 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1638 hdev->discov_timeout > 0)
1639 cancel_delayed_work(&hdev->discov_off);
1640 }
1641
1642 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1643 }
1644
1645 /* If we're going from non-connectable to connectable or
1646 * vice-versa when fast connectable is enabled ensure that fast
1647 * connectable gets disabled. write_fast_connectable won't do
1648 * anything if the page scan parameters are already what they
1649 * should be.
1650 */
1651 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1652 write_fast_connectable(&req, false);
1653
1654 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1655 hci_conn_num(hdev, LE_LINK) == 0) {
1656 disable_advertising(&req);
1657 enable_advertising(&req);
1658 }
1659
1660 err = hci_req_run(&req, set_connectable_complete);
1661 if (err < 0) {
1662 mgmt_pending_remove(cmd);
1663 if (err == -ENODATA)
1664 err = set_connectable_update_settings(hdev, sk,
1665 cp->val);
1666 goto failed;
1667 }
1668
1669 failed:
1670 hci_dev_unlock(hdev);
1671 return err;
1672 }
1673
1674 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1675 u16 len)
1676 {
1677 struct mgmt_mode *cp = data;
1678 bool changed;
1679 int err;
1680
1681 BT_DBG("request for %s", hdev->name);
1682
1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
1687 hci_dev_lock(hdev);
1688
1689 if (cp->val)
1690 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1691 else
1692 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1693
1694 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1695 if (err < 0)
1696 goto unlock;
1697
1698 if (changed)
1699 err = new_settings(hdev, sk);
1700
1701 unlock:
1702 hci_dev_unlock(hdev);
1703 return err;
1704 }
1705
1706 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1707 u16 len)
1708 {
1709 struct mgmt_mode *cp = data;
1710 struct pending_cmd *cmd;
1711 u8 val, status;
1712 int err;
1713
1714 BT_DBG("request for %s", hdev->name);
1715
1716 status = mgmt_bredr_support(hdev);
1717 if (status)
1718 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1719 status);
1720
1721 if (cp->val != 0x00 && cp->val != 0x01)
1722 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1723 MGMT_STATUS_INVALID_PARAMS);
1724
1725 hci_dev_lock(hdev);
1726
1727 if (!hdev_is_powered(hdev)) {
1728 bool changed = false;
1729
1730 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1731 &hdev->dev_flags)) {
1732 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1733 changed = true;
1734 }
1735
1736 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1737 if (err < 0)
1738 goto failed;
1739
1740 if (changed)
1741 err = new_settings(hdev, sk);
1742
1743 goto failed;
1744 }
1745
1746 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1747 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1748 MGMT_STATUS_BUSY);
1749 goto failed;
1750 }
1751
1752 val = !!cp->val;
1753
1754 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1755 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1756 goto failed;
1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1762 goto failed;
1763 }
1764
1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1766 if (err < 0) {
1767 mgmt_pending_remove(cmd);
1768 goto failed;
1769 }
1770
1771 failed:
1772 hci_dev_unlock(hdev);
1773 return err;
1774 }
1775
1776 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1777 {
1778 struct mgmt_mode *cp = data;
1779 struct pending_cmd *cmd;
1780 u8 status;
1781 int err;
1782
1783 BT_DBG("request for %s", hdev->name);
1784
1785 status = mgmt_bredr_support(hdev);
1786 if (status)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1788
1789 if (!lmp_ssp_capable(hdev))
1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 MGMT_STATUS_NOT_SUPPORTED);
1792
1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
1797 hci_dev_lock(hdev);
1798
1799 if (!hdev_is_powered(hdev)) {
1800 bool changed;
1801
1802 if (cp->val) {
1803 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1804 &hdev->dev_flags);
1805 } else {
1806 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1807 &hdev->dev_flags);
1808 if (!changed)
1809 changed = test_and_clear_bit(HCI_HS_ENABLED,
1810 &hdev->dev_flags);
1811 else
1812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1813 }
1814
1815 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1816 if (err < 0)
1817 goto failed;
1818
1819 if (changed)
1820 err = new_settings(hdev, sk);
1821
1822 goto failed;
1823 }
1824
1825 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1826 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_BUSY);
1829 goto failed;
1830 }
1831
1832 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1833 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1834 goto failed;
1835 }
1836
1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1838 if (!cmd) {
1839 err = -ENOMEM;
1840 goto failed;
1841 }
1842
1843 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1844 if (err < 0) {
1845 mgmt_pending_remove(cmd);
1846 goto failed;
1847 }
1848
1849 failed:
1850 hci_dev_unlock(hdev);
1851 return err;
1852 }
1853
1854 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1855 {
1856 struct mgmt_mode *cp = data;
1857 bool changed;
1858 u8 status;
1859 int err;
1860
1861 BT_DBG("request for %s", hdev->name);
1862
1863 status = mgmt_bredr_support(hdev);
1864 if (status)
1865 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1866
1867 if (!lmp_ssp_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1871 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1873 MGMT_STATUS_REJECTED);
1874
1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
1879 hci_dev_lock(hdev);
1880
1881 if (cp->val) {
1882 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1883 } else {
1884 if (hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1886 MGMT_STATUS_REJECTED);
1887 goto unlock;
1888 }
1889
1890 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1891 }
1892
1893 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1894 if (err < 0)
1895 goto unlock;
1896
1897 if (changed)
1898 err = new_settings(hdev, sk);
1899
1900 unlock:
1901 hci_dev_unlock(hdev);
1902 return err;
1903 }
1904
1905 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1906 {
1907 struct cmd_lookup match = { NULL, hdev };
1908
1909 if (status) {
1910 u8 mgmt_err = mgmt_status(status);
1911
1912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1913 &mgmt_err);
1914 return;
1915 }
1916
1917 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1918
1919 new_settings(hdev, match.sk);
1920
1921 if (match.sk)
1922 sock_put(match.sk);
1923
1924 /* Make sure the controller has a good default for
1925 * advertising data. Restrict the update to when LE
1926 * has actually been enabled. During power on, the
1927 * update in powered_update_hci will take care of it.
1928 */
1929 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1930 struct hci_request req;
1931
1932 hci_dev_lock(hdev);
1933
1934 hci_req_init(&req, hdev);
1935 update_adv_data(&req);
1936 update_scan_rsp_data(&req);
1937 hci_req_run(&req, NULL);
1938
1939 hci_dev_unlock(hdev);
1940 }
1941 }
1942
1943 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1944 {
1945 struct mgmt_mode *cp = data;
1946 struct hci_cp_write_le_host_supported hci_cp;
1947 struct pending_cmd *cmd;
1948 struct hci_request req;
1949 int err;
1950 u8 val, enabled;
1951
1952 BT_DBG("request for %s", hdev->name);
1953
1954 if (!lmp_le_capable(hdev))
1955 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1956 MGMT_STATUS_NOT_SUPPORTED);
1957
1958 if (cp->val != 0x00 && cp->val != 0x01)
1959 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 MGMT_STATUS_INVALID_PARAMS);
1961
1962 /* LE-only devices do not allow toggling LE on/off */
1963 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1964 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1965 MGMT_STATUS_REJECTED);
1966
1967 hci_dev_lock(hdev);
1968
1969 val = !!cp->val;
1970 enabled = lmp_host_le_capable(hdev);
1971
1972 if (!hdev_is_powered(hdev) || val == enabled) {
1973 bool changed = false;
1974
1975 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1976 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1977 changed = true;
1978 }
1979
1980 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1981 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1982 changed = true;
1983 }
1984
1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986 if (err < 0)
1987 goto unlock;
1988
1989 if (changed)
1990 err = new_settings(hdev, sk);
1991
1992 goto unlock;
1993 }
1994
1995 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1996 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1997 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1998 MGMT_STATUS_BUSY);
1999 goto unlock;
2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003 if (!cmd) {
2004 err = -ENOMEM;
2005 goto unlock;
2006 }
2007
2008 hci_req_init(&req, hdev);
2009
2010 memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012 if (val) {
2013 hci_cp.le = val;
2014 hci_cp.simul = lmp_le_br_capable(hdev);
2015 } else {
2016 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2017 disable_advertising(&req);
2018 }
2019
2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2021 &hci_cp);
2022
2023 err = hci_req_run(&req, le_enable_complete);
2024 if (err < 0)
2025 mgmt_pending_remove(cmd);
2026
2027 unlock:
2028 hci_dev_unlock(hdev);
2029 return err;
2030 }
2031
2032 /* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2037 */
2038 static bool pending_eir_or_class(struct hci_dev *hdev)
2039 {
2040 struct pending_cmd *cmd;
2041
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2048 return true;
2049 }
2050 }
2051
2052 return false;
2053 }
2054
2055 static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2058 };
2059
2060 static u8 get_uuid_size(const u8 *uuid)
2061 {
2062 u32 val;
2063
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2065 return 128;
2066
2067 val = get_unaligned_le32(&uuid[12]);
2068 if (val > 0xffff)
2069 return 32;
2070
2071 return 16;
2072 }
2073
2074 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2075 {
2076 struct pending_cmd *cmd;
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(mgmt_op, hdev);
2081 if (!cmd)
2082 goto unlock;
2083
2084 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2085 hdev->dev_class, 3);
2086
2087 mgmt_pending_remove(cmd);
2088
2089 unlock:
2090 hci_dev_unlock(hdev);
2091 }
2092
2093 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2094 {
2095 BT_DBG("status 0x%02x", status);
2096
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2098 }
2099
2100 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2101 {
2102 struct mgmt_cp_add_uuid *cp = data;
2103 struct pending_cmd *cmd;
2104 struct hci_request req;
2105 struct bt_uuid *uuid;
2106 int err;
2107
2108 BT_DBG("request for %s", hdev->name);
2109
2110 hci_dev_lock(hdev);
2111
2112 if (pending_eir_or_class(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2114 MGMT_STATUS_BUSY);
2115 goto failed;
2116 }
2117
2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2119 if (!uuid) {
2120 err = -ENOMEM;
2121 goto failed;
2122 }
2123
2124 memcpy(uuid->uuid, cp->uuid, 16);
2125 uuid->svc_hint = cp->svc_hint;
2126 uuid->size = get_uuid_size(cp->uuid);
2127
2128 list_add_tail(&uuid->list, &hdev->uuids);
2129
2130 hci_req_init(&req, hdev);
2131
2132 update_class(&req);
2133 update_eir(&req);
2134
2135 err = hci_req_run(&req, add_uuid_complete);
2136 if (err < 0) {
2137 if (err != -ENODATA)
2138 goto failed;
2139
2140 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2141 hdev->dev_class, 3);
2142 goto failed;
2143 }
2144
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2146 if (!cmd) {
2147 err = -ENOMEM;
2148 goto failed;
2149 }
2150
2151 err = 0;
2152
2153 failed:
2154 hci_dev_unlock(hdev);
2155 return err;
2156 }
2157
2158 static bool enable_service_cache(struct hci_dev *hdev)
2159 {
2160 if (!hdev_is_powered(hdev))
2161 return false;
2162
2163 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2165 CACHE_TIMEOUT);
2166 return true;
2167 }
2168
2169 return false;
2170 }
2171
2172 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2173 {
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2177 }
2178
2179 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2180 u16 len)
2181 {
2182 struct mgmt_cp_remove_uuid *cp = data;
2183 struct pending_cmd *cmd;
2184 struct bt_uuid *match, *tmp;
2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2186 struct hci_request req;
2187 int err, found;
2188
2189 BT_DBG("request for %s", hdev->name);
2190
2191 hci_dev_lock(hdev);
2192
2193 if (pending_eir_or_class(hdev)) {
2194 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2195 MGMT_STATUS_BUSY);
2196 goto unlock;
2197 }
2198
2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2200 hci_uuids_clear(hdev);
2201
2202 if (enable_service_cache(hdev)) {
2203 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2204 0, hdev->dev_class, 3);
2205 goto unlock;
2206 }
2207
2208 goto update_class;
2209 }
2210
2211 found = 0;
2212
2213 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2214 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2215 continue;
2216
2217 list_del(&match->list);
2218 kfree(match);
2219 found++;
2220 }
2221
2222 if (found == 0) {
2223 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2224 MGMT_STATUS_INVALID_PARAMS);
2225 goto unlock;
2226 }
2227
2228 update_class:
2229 hci_req_init(&req, hdev);
2230
2231 update_class(&req);
2232 update_eir(&req);
2233
2234 err = hci_req_run(&req, remove_uuid_complete);
2235 if (err < 0) {
2236 if (err != -ENODATA)
2237 goto unlock;
2238
2239 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2240 hdev->dev_class, 3);
2241 goto unlock;
2242 }
2243
2244 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2245 if (!cmd) {
2246 err = -ENOMEM;
2247 goto unlock;
2248 }
2249
2250 err = 0;
2251
2252 unlock:
2253 hci_dev_unlock(hdev);
2254 return err;
2255 }
2256
2257 static void set_class_complete(struct hci_dev *hdev, u8 status)
2258 {
2259 BT_DBG("status 0x%02x", status);
2260
2261 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2262 }
2263
2264 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2265 u16 len)
2266 {
2267 struct mgmt_cp_set_dev_class *cp = data;
2268 struct pending_cmd *cmd;
2269 struct hci_request req;
2270 int err;
2271
2272 BT_DBG("request for %s", hdev->name);
2273
2274 if (!lmp_bredr_capable(hdev))
2275 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2276 MGMT_STATUS_NOT_SUPPORTED);
2277
2278 hci_dev_lock(hdev);
2279
2280 if (pending_eir_or_class(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2282 MGMT_STATUS_BUSY);
2283 goto unlock;
2284 }
2285
2286 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2288 MGMT_STATUS_INVALID_PARAMS);
2289 goto unlock;
2290 }
2291
2292 hdev->major_class = cp->major;
2293 hdev->minor_class = cp->minor;
2294
2295 if (!hdev_is_powered(hdev)) {
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2297 hdev->dev_class, 3);
2298 goto unlock;
2299 }
2300
2301 hci_req_init(&req, hdev);
2302
2303 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2304 hci_dev_unlock(hdev);
2305 cancel_delayed_work_sync(&hdev->service_cache);
2306 hci_dev_lock(hdev);
2307 update_eir(&req);
2308 }
2309
2310 update_class(&req);
2311
2312 err = hci_req_run(&req, set_class_complete);
2313 if (err < 0) {
2314 if (err != -ENODATA)
2315 goto unlock;
2316
2317 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2318 hdev->dev_class, 3);
2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2323 if (!cmd) {
2324 err = -ENOMEM;
2325 goto unlock;
2326 }
2327
2328 err = 0;
2329
2330 unlock:
2331 hci_dev_unlock(hdev);
2332 return err;
2333 }
2334
2335 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2336 u16 len)
2337 {
2338 struct mgmt_cp_load_link_keys *cp = data;
2339 u16 key_count, expected_len;
2340 bool changed;
2341 int i;
2342
2343 BT_DBG("request for %s", hdev->name);
2344
2345 if (!lmp_bredr_capable(hdev))
2346 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2347 MGMT_STATUS_NOT_SUPPORTED);
2348
2349 key_count = __le16_to_cpu(cp->key_count);
2350
2351 expected_len = sizeof(*cp) + key_count *
2352 sizeof(struct mgmt_link_key_info);
2353 if (expected_len != len) {
2354 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2355 expected_len, len);
2356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2357 MGMT_STATUS_INVALID_PARAMS);
2358 }
2359
2360 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2362 MGMT_STATUS_INVALID_PARAMS);
2363
2364 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2365 key_count);
2366
2367 for (i = 0; i < key_count; i++) {
2368 struct mgmt_link_key_info *key = &cp->keys[i];
2369
2370 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2371 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2372 MGMT_STATUS_INVALID_PARAMS);
2373 }
2374
2375 hci_dev_lock(hdev);
2376
2377 hci_link_keys_clear(hdev);
2378
2379 if (cp->debug_keys)
2380 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2381 else
2382 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383
2384 if (changed)
2385 new_settings(hdev, NULL);
2386
2387 for (i = 0; i < key_count; i++) {
2388 struct mgmt_link_key_info *key = &cp->keys[i];
2389
2390 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2391 key->type, key->pin_len);
2392 }
2393
2394 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2395
2396 hci_dev_unlock(hdev);
2397
2398 return 0;
2399 }
2400
2401 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2402 u8 addr_type, struct sock *skip_sk)
2403 {
2404 struct mgmt_ev_device_unpaired ev;
2405
2406 bacpy(&ev.addr.bdaddr, bdaddr);
2407 ev.addr.type = addr_type;
2408
2409 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2410 skip_sk);
2411 }
2412
2413 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2414 u16 len)
2415 {
2416 struct mgmt_cp_unpair_device *cp = data;
2417 struct mgmt_rp_unpair_device rp;
2418 struct hci_cp_disconnect dc;
2419 struct pending_cmd *cmd;
2420 struct hci_conn *conn;
2421 int err;
2422
2423 memset(&rp, 0, sizeof(rp));
2424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 rp.addr.type = cp->addr.type;
2426
2427 if (!bdaddr_type_is_valid(cp->addr.type))
2428 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS,
2430 &rp, sizeof(rp));
2431
2432 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2433 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_INVALID_PARAMS,
2435 &rp, sizeof(rp));
2436
2437 hci_dev_lock(hdev);
2438
2439 if (!hdev_is_powered(hdev)) {
2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2441 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2442 goto unlock;
2443 }
2444
2445 if (cp->addr.type == BDADDR_BREDR) {
2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2447 } else {
2448 u8 addr_type;
2449
2450 if (cp->addr.type == BDADDR_LE_PUBLIC)
2451 addr_type = ADDR_LE_DEV_PUBLIC;
2452 else
2453 addr_type = ADDR_LE_DEV_RANDOM;
2454
2455 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2456
2457 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2458
2459 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2460 }
2461
2462 if (err < 0) {
2463 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2464 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2465 goto unlock;
2466 }
2467
2468 if (cp->disconnect) {
2469 if (cp->addr.type == BDADDR_BREDR)
2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2471 &cp->addr.bdaddr);
2472 else
2473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2474 &cp->addr.bdaddr);
2475 } else {
2476 conn = NULL;
2477 }
2478
2479 if (!conn) {
2480 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2481 &rp, sizeof(rp));
2482 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2483 goto unlock;
2484 }
2485
2486 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2487 sizeof(*cp));
2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto unlock;
2491 }
2492
2493 dc.handle = cpu_to_le16(conn->handle);
2494 dc.reason = 0x13; /* Remote User Terminated Connection */
2495 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2496 if (err < 0)
2497 mgmt_pending_remove(cmd);
2498
2499 unlock:
2500 hci_dev_unlock(hdev);
2501 return err;
2502 }
2503
2504 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2505 u16 len)
2506 {
2507 struct mgmt_cp_disconnect *cp = data;
2508 struct mgmt_rp_disconnect rp;
2509 struct hci_cp_disconnect dc;
2510 struct pending_cmd *cmd;
2511 struct hci_conn *conn;
2512 int err;
2513
2514 BT_DBG("");
2515
2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
2520 if (!bdaddr_type_is_valid(cp->addr.type))
2521 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
2524
2525 hci_dev_lock(hdev);
2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
2528 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2530 goto failed;
2531 }
2532
2533 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2534 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2535 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2536 goto failed;
2537 }
2538
2539 if (cp->addr.type == BDADDR_BREDR)
2540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 &cp->addr.bdaddr);
2542 else
2543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2544
2545 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2546 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2547 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2548 goto failed;
2549 }
2550
2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2552 if (!cmd) {
2553 err = -ENOMEM;
2554 goto failed;
2555 }
2556
2557 dc.handle = cpu_to_le16(conn->handle);
2558 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2559
2560 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2561 if (err < 0)
2562 mgmt_pending_remove(cmd);
2563
2564 failed:
2565 hci_dev_unlock(hdev);
2566 return err;
2567 }
2568
2569 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2570 {
2571 switch (link_type) {
2572 case LE_LINK:
2573 switch (addr_type) {
2574 case ADDR_LE_DEV_PUBLIC:
2575 return BDADDR_LE_PUBLIC;
2576
2577 default:
2578 /* Fallback to LE Random address type */
2579 return BDADDR_LE_RANDOM;
2580 }
2581
2582 default:
2583 /* Fallback to BR/EDR type */
2584 return BDADDR_BREDR;
2585 }
2586 }
2587
2588 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 data_len)
2590 {
2591 struct mgmt_rp_get_connections *rp;
2592 struct hci_conn *c;
2593 size_t rp_len;
2594 int err;
2595 u16 i;
2596
2597 BT_DBG("");
2598
2599 hci_dev_lock(hdev);
2600
2601 if (!hdev_is_powered(hdev)) {
2602 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2603 MGMT_STATUS_NOT_POWERED);
2604 goto unlock;
2605 }
2606
2607 i = 0;
2608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2609 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2610 i++;
2611 }
2612
2613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2614 rp = kmalloc(rp_len, GFP_KERNEL);
2615 if (!rp) {
2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2620 i = 0;
2621 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2622 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 continue;
2624 bacpy(&rp->addr[i].bdaddr, &c->dst);
2625 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2626 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2627 continue;
2628 i++;
2629 }
2630
2631 rp->conn_count = cpu_to_le16(i);
2632
2633 /* Recalculate length in case of filtered SCO connections, etc */
2634 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2635
2636 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2637 rp_len);
2638
2639 kfree(rp);
2640
2641 unlock:
2642 hci_dev_unlock(hdev);
2643 return err;
2644 }
2645
2646 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2647 struct mgmt_cp_pin_code_neg_reply *cp)
2648 {
2649 struct pending_cmd *cmd;
2650 int err;
2651
2652 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2653 sizeof(*cp));
2654 if (!cmd)
2655 return -ENOMEM;
2656
2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663 }
2664
2665 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2666 u16 len)
2667 {
2668 struct hci_conn *conn;
2669 struct mgmt_cp_pin_code_reply *cp = data;
2670 struct hci_cp_pin_code_reply reply;
2671 struct pending_cmd *cmd;
2672 int err;
2673
2674 BT_DBG("");
2675
2676 hci_dev_lock(hdev);
2677
2678 if (!hdev_is_powered(hdev)) {
2679 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2680 MGMT_STATUS_NOT_POWERED);
2681 goto failed;
2682 }
2683
2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2685 if (!conn) {
2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2687 MGMT_STATUS_NOT_CONNECTED);
2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2695
2696 BT_ERR("PIN code is not 16 bytes long");
2697
2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2699 if (err >= 0)
2700 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_INVALID_PARAMS);
2702
2703 goto failed;
2704 }
2705
2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2707 if (!cmd) {
2708 err = -ENOMEM;
2709 goto failed;
2710 }
2711
2712 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2713 reply.pin_len = cp->pin_len;
2714 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2715
2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2717 if (err < 0)
2718 mgmt_pending_remove(cmd);
2719
2720 failed:
2721 hci_dev_unlock(hdev);
2722 return err;
2723 }
2724
2725 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 u16 len)
2727 {
2728 struct mgmt_cp_set_io_capability *cp = data;
2729
2730 BT_DBG("");
2731
2732 hci_dev_lock(hdev);
2733
2734 hdev->io_capability = cp->io_capability;
2735
2736 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2737 hdev->io_capability);
2738
2739 hci_dev_unlock(hdev);
2740
2741 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2742 0);
2743 }
2744
2745 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2746 {
2747 struct hci_dev *hdev = conn->hdev;
2748 struct pending_cmd *cmd;
2749
2750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2751 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2752 continue;
2753
2754 if (cmd->user_data != conn)
2755 continue;
2756
2757 return cmd;
2758 }
2759
2760 return NULL;
2761 }
2762
2763 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2764 {
2765 struct mgmt_rp_pair_device rp;
2766 struct hci_conn *conn = cmd->user_data;
2767
2768 bacpy(&rp.addr.bdaddr, &conn->dst);
2769 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2770
2771 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2772 &rp, sizeof(rp));
2773
2774 /* So we don't get further callbacks for this connection */
2775 conn->connect_cfm_cb = NULL;
2776 conn->security_cfm_cb = NULL;
2777 conn->disconn_cfm_cb = NULL;
2778
2779 hci_conn_drop(conn);
2780
2781 mgmt_pending_remove(cmd);
2782 }
2783
2784 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2785 {
2786 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2787 struct pending_cmd *cmd;
2788
2789 cmd = find_pairing(conn);
2790 if (cmd)
2791 pairing_complete(cmd, status);
2792 }
2793
2794 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2795 {
2796 struct pending_cmd *cmd;
2797
2798 BT_DBG("status %u", status);
2799
2800 cmd = find_pairing(conn);
2801 if (!cmd)
2802 BT_DBG("Unable to find a pending command");
2803 else
2804 pairing_complete(cmd, mgmt_status(status));
2805 }
2806
2807 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2808 {
2809 struct pending_cmd *cmd;
2810
2811 BT_DBG("status %u", status);
2812
2813 if (!status)
2814 return;
2815
2816 cmd = find_pairing(conn);
2817 if (!cmd)
2818 BT_DBG("Unable to find a pending command");
2819 else
2820 pairing_complete(cmd, mgmt_status(status));
2821 }
2822
2823 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2824 u16 len)
2825 {
2826 struct mgmt_cp_pair_device *cp = data;
2827 struct mgmt_rp_pair_device rp;
2828 struct pending_cmd *cmd;
2829 u8 sec_level, auth_type;
2830 struct hci_conn *conn;
2831 int err;
2832
2833 BT_DBG("");
2834
2835 memset(&rp, 0, sizeof(rp));
2836 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2837 rp.addr.type = cp->addr.type;
2838
2839 if (!bdaddr_type_is_valid(cp->addr.type))
2840 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2841 MGMT_STATUS_INVALID_PARAMS,
2842 &rp, sizeof(rp));
2843
2844 hci_dev_lock(hdev);
2845
2846 if (!hdev_is_powered(hdev)) {
2847 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2848 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2849 goto unlock;
2850 }
2851
2852 sec_level = BT_SECURITY_MEDIUM;
2853 auth_type = HCI_AT_DEDICATED_BONDING;
2854
2855 if (cp->addr.type == BDADDR_BREDR) {
2856 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2857 auth_type);
2858 } else {
2859 u8 addr_type;
2860
2861 /* Convert from L2CAP channel address type to HCI address type
2862 */
2863 if (cp->addr.type == BDADDR_LE_PUBLIC)
2864 addr_type = ADDR_LE_DEV_PUBLIC;
2865 else
2866 addr_type = ADDR_LE_DEV_RANDOM;
2867
2868 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
2869 sec_level, auth_type);
2870 }
2871
2872 if (IS_ERR(conn)) {
2873 int status;
2874
2875 if (PTR_ERR(conn) == -EBUSY)
2876 status = MGMT_STATUS_BUSY;
2877 else
2878 status = MGMT_STATUS_CONNECT_FAILED;
2879
2880 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2881 status, &rp,
2882 sizeof(rp));
2883 goto unlock;
2884 }
2885
2886 if (conn->connect_cfm_cb) {
2887 hci_conn_drop(conn);
2888 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2889 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2890 goto unlock;
2891 }
2892
2893 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2894 if (!cmd) {
2895 err = -ENOMEM;
2896 hci_conn_drop(conn);
2897 goto unlock;
2898 }
2899
2900 /* For LE, just connecting isn't a proof that the pairing finished */
2901 if (cp->addr.type == BDADDR_BREDR) {
2902 conn->connect_cfm_cb = pairing_complete_cb;
2903 conn->security_cfm_cb = pairing_complete_cb;
2904 conn->disconn_cfm_cb = pairing_complete_cb;
2905 } else {
2906 conn->connect_cfm_cb = le_pairing_complete_cb;
2907 conn->security_cfm_cb = le_pairing_complete_cb;
2908 conn->disconn_cfm_cb = le_pairing_complete_cb;
2909 }
2910
2911 conn->io_capability = cp->io_cap;
2912 cmd->user_data = conn;
2913
2914 if (conn->state == BT_CONNECTED &&
2915 hci_conn_security(conn, sec_level, auth_type))
2916 pairing_complete(cmd, 0);
2917
2918 err = 0;
2919
2920 unlock:
2921 hci_dev_unlock(hdev);
2922 return err;
2923 }
2924
2925 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2926 u16 len)
2927 {
2928 struct mgmt_addr_info *addr = data;
2929 struct pending_cmd *cmd;
2930 struct hci_conn *conn;
2931 int err;
2932
2933 BT_DBG("");
2934
2935 hci_dev_lock(hdev);
2936
2937 if (!hdev_is_powered(hdev)) {
2938 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2939 MGMT_STATUS_NOT_POWERED);
2940 goto unlock;
2941 }
2942
2943 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2944 if (!cmd) {
2945 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2946 MGMT_STATUS_INVALID_PARAMS);
2947 goto unlock;
2948 }
2949
2950 conn = cmd->user_data;
2951
2952 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2953 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2954 MGMT_STATUS_INVALID_PARAMS);
2955 goto unlock;
2956 }
2957
2958 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2959
2960 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2961 addr, sizeof(*addr));
2962 unlock:
2963 hci_dev_unlock(hdev);
2964 return err;
2965 }
2966
2967 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2968 struct mgmt_addr_info *addr, u16 mgmt_op,
2969 u16 hci_op, __le32 passkey)
2970 {
2971 struct pending_cmd *cmd;
2972 struct hci_conn *conn;
2973 int err;
2974
2975 hci_dev_lock(hdev);
2976
2977 if (!hdev_is_powered(hdev)) {
2978 err = cmd_complete(sk, hdev->id, mgmt_op,
2979 MGMT_STATUS_NOT_POWERED, addr,
2980 sizeof(*addr));
2981 goto done;
2982 }
2983
2984 if (addr->type == BDADDR_BREDR)
2985 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2986 else
2987 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2988
2989 if (!conn) {
2990 err = cmd_complete(sk, hdev->id, mgmt_op,
2991 MGMT_STATUS_NOT_CONNECTED, addr,
2992 sizeof(*addr));
2993 goto done;
2994 }
2995
2996 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2997 /* Continue with pairing via SMP */
2998 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2999
3000 if (!err)
3001 err = cmd_complete(sk, hdev->id, mgmt_op,
3002 MGMT_STATUS_SUCCESS, addr,
3003 sizeof(*addr));
3004 else
3005 err = cmd_complete(sk, hdev->id, mgmt_op,
3006 MGMT_STATUS_FAILED, addr,
3007 sizeof(*addr));
3008
3009 goto done;
3010 }
3011
3012 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3013 if (!cmd) {
3014 err = -ENOMEM;
3015 goto done;
3016 }
3017
3018 /* Continue with pairing via HCI */
3019 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3020 struct hci_cp_user_passkey_reply cp;
3021
3022 bacpy(&cp.bdaddr, &addr->bdaddr);
3023 cp.passkey = passkey;
3024 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3025 } else
3026 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3027 &addr->bdaddr);
3028
3029 if (err < 0)
3030 mgmt_pending_remove(cmd);
3031
3032 done:
3033 hci_dev_unlock(hdev);
3034 return err;
3035 }
3036
3037 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3038 void *data, u16 len)
3039 {
3040 struct mgmt_cp_pin_code_neg_reply *cp = data;
3041
3042 BT_DBG("");
3043
3044 return user_pairing_resp(sk, hdev, &cp->addr,
3045 MGMT_OP_PIN_CODE_NEG_REPLY,
3046 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3047 }
3048
3049 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3050 u16 len)
3051 {
3052 struct mgmt_cp_user_confirm_reply *cp = data;
3053
3054 BT_DBG("");
3055
3056 if (len != sizeof(*cp))
3057 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3058 MGMT_STATUS_INVALID_PARAMS);
3059
3060 return user_pairing_resp(sk, hdev, &cp->addr,
3061 MGMT_OP_USER_CONFIRM_REPLY,
3062 HCI_OP_USER_CONFIRM_REPLY, 0);
3063 }
3064
3065 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3066 void *data, u16 len)
3067 {
3068 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3069
3070 BT_DBG("");
3071
3072 return user_pairing_resp(sk, hdev, &cp->addr,
3073 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3074 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3075 }
3076
3077 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3078 u16 len)
3079 {
3080 struct mgmt_cp_user_passkey_reply *cp = data;
3081
3082 BT_DBG("");
3083
3084 return user_pairing_resp(sk, hdev, &cp->addr,
3085 MGMT_OP_USER_PASSKEY_REPLY,
3086 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3087 }
3088
3089 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3090 void *data, u16 len)
3091 {
3092 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3093
3094 BT_DBG("");
3095
3096 return user_pairing_resp(sk, hdev, &cp->addr,
3097 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3098 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3099 }
3100
3101 static void update_name(struct hci_request *req)
3102 {
3103 struct hci_dev *hdev = req->hdev;
3104 struct hci_cp_write_local_name cp;
3105
3106 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3107
3108 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3109 }
3110
3111 static void set_name_complete(struct hci_dev *hdev, u8 status)
3112 {
3113 struct mgmt_cp_set_local_name *cp;
3114 struct pending_cmd *cmd;
3115
3116 BT_DBG("status 0x%02x", status);
3117
3118 hci_dev_lock(hdev);
3119
3120 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3121 if (!cmd)
3122 goto unlock;
3123
3124 cp = cmd->param;
3125
3126 if (status)
3127 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3128 mgmt_status(status));
3129 else
3130 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3131 cp, sizeof(*cp));
3132
3133 mgmt_pending_remove(cmd);
3134
3135 unlock:
3136 hci_dev_unlock(hdev);
3137 }
3138
3139 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3140 u16 len)
3141 {
3142 struct mgmt_cp_set_local_name *cp = data;
3143 struct pending_cmd *cmd;
3144 struct hci_request req;
3145 int err;
3146
3147 BT_DBG("");
3148
3149 hci_dev_lock(hdev);
3150
3151 /* If the old values are the same as the new ones just return a
3152 * direct command complete event.
3153 */
3154 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3155 !memcmp(hdev->short_name, cp->short_name,
3156 sizeof(hdev->short_name))) {
3157 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3158 data, len);
3159 goto failed;
3160 }
3161
3162 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3163
3164 if (!hdev_is_powered(hdev)) {
3165 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3166
3167 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3168 data, len);
3169 if (err < 0)
3170 goto failed;
3171
3172 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3173 sk);
3174
3175 goto failed;
3176 }
3177
3178 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3179 if (!cmd) {
3180 err = -ENOMEM;
3181 goto failed;
3182 }
3183
3184 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3185
3186 hci_req_init(&req, hdev);
3187
3188 if (lmp_bredr_capable(hdev)) {
3189 update_name(&req);
3190 update_eir(&req);
3191 }
3192
3193 /* The name is stored in the scan response data and so
3194 * no need to udpate the advertising data here.
3195 */
3196 if (lmp_le_capable(hdev))
3197 update_scan_rsp_data(&req);
3198
3199 err = hci_req_run(&req, set_name_complete);
3200 if (err < 0)
3201 mgmt_pending_remove(cmd);
3202
3203 failed:
3204 hci_dev_unlock(hdev);
3205 return err;
3206 }
3207
3208 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3209 void *data, u16 data_len)
3210 {
3211 struct pending_cmd *cmd;
3212 int err;
3213
3214 BT_DBG("%s", hdev->name);
3215
3216 hci_dev_lock(hdev);
3217
3218 if (!hdev_is_powered(hdev)) {
3219 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3220 MGMT_STATUS_NOT_POWERED);
3221 goto unlock;
3222 }
3223
3224 if (!lmp_ssp_capable(hdev)) {
3225 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3226 MGMT_STATUS_NOT_SUPPORTED);
3227 goto unlock;
3228 }
3229
3230 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3231 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3232 MGMT_STATUS_BUSY);
3233 goto unlock;
3234 }
3235
3236 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3237 if (!cmd) {
3238 err = -ENOMEM;
3239 goto unlock;
3240 }
3241
3242 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3243 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3244 0, NULL);
3245 else
3246 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3247
3248 if (err < 0)
3249 mgmt_pending_remove(cmd);
3250
3251 unlock:
3252 hci_dev_unlock(hdev);
3253 return err;
3254 }
3255
3256 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3257 void *data, u16 len)
3258 {
3259 int err;
3260
3261 BT_DBG("%s ", hdev->name);
3262
3263 hci_dev_lock(hdev);
3264
3265 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3266 struct mgmt_cp_add_remote_oob_data *cp = data;
3267 u8 status;
3268
3269 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3270 cp->hash, cp->randomizer);
3271 if (err < 0)
3272 status = MGMT_STATUS_FAILED;
3273 else
3274 status = MGMT_STATUS_SUCCESS;
3275
3276 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3277 status, &cp->addr, sizeof(cp->addr));
3278 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3279 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3280 u8 status;
3281
3282 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3283 cp->hash192,
3284 cp->randomizer192,
3285 cp->hash256,
3286 cp->randomizer256);
3287 if (err < 0)
3288 status = MGMT_STATUS_FAILED;
3289 else
3290 status = MGMT_STATUS_SUCCESS;
3291
3292 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3293 status, &cp->addr, sizeof(cp->addr));
3294 } else {
3295 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3296 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3297 MGMT_STATUS_INVALID_PARAMS);
3298 }
3299
3300 hci_dev_unlock(hdev);
3301 return err;
3302 }
3303
3304 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3305 void *data, u16 len)
3306 {
3307 struct mgmt_cp_remove_remote_oob_data *cp = data;
3308 u8 status;
3309 int err;
3310
3311 BT_DBG("%s", hdev->name);
3312
3313 hci_dev_lock(hdev);
3314
3315 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3316 if (err < 0)
3317 status = MGMT_STATUS_INVALID_PARAMS;
3318 else
3319 status = MGMT_STATUS_SUCCESS;
3320
3321 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3322 status, &cp->addr, sizeof(cp->addr));
3323
3324 hci_dev_unlock(hdev);
3325 return err;
3326 }
3327
3328 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3329 {
3330 struct pending_cmd *cmd;
3331 u8 type;
3332 int err;
3333
3334 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3335
3336 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3337 if (!cmd)
3338 return -ENOENT;
3339
3340 type = hdev->discovery.type;
3341
3342 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3343 &type, sizeof(type));
3344 mgmt_pending_remove(cmd);
3345
3346 return err;
3347 }
3348
3349 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3350 {
3351 unsigned long timeout = 0;
3352
3353 BT_DBG("status %d", status);
3354
3355 if (status) {
3356 hci_dev_lock(hdev);
3357 mgmt_start_discovery_failed(hdev, status);
3358 hci_dev_unlock(hdev);
3359 return;
3360 }
3361
3362 hci_dev_lock(hdev);
3363 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3364 hci_dev_unlock(hdev);
3365
3366 switch (hdev->discovery.type) {
3367 case DISCOV_TYPE_LE:
3368 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3369 break;
3370
3371 case DISCOV_TYPE_INTERLEAVED:
3372 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3373 break;
3374
3375 case DISCOV_TYPE_BREDR:
3376 break;
3377
3378 default:
3379 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3380 }
3381
3382 if (!timeout)
3383 return;
3384
3385 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3386 }
3387
3388 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3389 void *data, u16 len)
3390 {
3391 struct mgmt_cp_start_discovery *cp = data;
3392 struct pending_cmd *cmd;
3393 struct hci_cp_le_set_scan_param param_cp;
3394 struct hci_cp_le_set_scan_enable enable_cp;
3395 struct hci_cp_inquiry inq_cp;
3396 struct hci_request req;
3397 /* General inquiry access code (GIAC) */
3398 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3399 u8 status, own_addr_type;
3400 int err;
3401
3402 BT_DBG("%s", hdev->name);
3403
3404 hci_dev_lock(hdev);
3405
3406 if (!hdev_is_powered(hdev)) {
3407 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3408 MGMT_STATUS_NOT_POWERED);
3409 goto failed;
3410 }
3411
3412 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3413 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3414 MGMT_STATUS_BUSY);
3415 goto failed;
3416 }
3417
3418 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3419 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3420 MGMT_STATUS_BUSY);
3421 goto failed;
3422 }
3423
3424 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3425 if (!cmd) {
3426 err = -ENOMEM;
3427 goto failed;
3428 }
3429
3430 hdev->discovery.type = cp->type;
3431
3432 hci_req_init(&req, hdev);
3433
3434 switch (hdev->discovery.type) {
3435 case DISCOV_TYPE_BREDR:
3436 status = mgmt_bredr_support(hdev);
3437 if (status) {
3438 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3439 status);
3440 mgmt_pending_remove(cmd);
3441 goto failed;
3442 }
3443
3444 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3445 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3446 MGMT_STATUS_BUSY);
3447 mgmt_pending_remove(cmd);
3448 goto failed;
3449 }
3450
3451 hci_inquiry_cache_flush(hdev);
3452
3453 memset(&inq_cp, 0, sizeof(inq_cp));
3454 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3455 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3456 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3457 break;
3458
3459 case DISCOV_TYPE_LE:
3460 case DISCOV_TYPE_INTERLEAVED:
3461 status = mgmt_le_support(hdev);
3462 if (status) {
3463 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3464 status);
3465 mgmt_pending_remove(cmd);
3466 goto failed;
3467 }
3468
3469 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3470 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3472 MGMT_STATUS_NOT_SUPPORTED);
3473 mgmt_pending_remove(cmd);
3474 goto failed;
3475 }
3476
3477 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3478 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3479 MGMT_STATUS_REJECTED);
3480 mgmt_pending_remove(cmd);
3481 goto failed;
3482 }
3483
3484 /* If controller is scanning, it means the background scanning
3485 * is running. Thus, we should temporarily stop it in order to
3486 * set the discovery scanning parameters.
3487 */
3488 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3489 hci_req_add_le_scan_disable(&req);
3490
3491 memset(&param_cp, 0, sizeof(param_cp));
3492
3493 /* All active scans will be done with either a resolvable
3494 * private address (when privacy feature has been enabled)
3495 * or unresolvable private address.
3496 */
3497 err = hci_update_random_address(&req, true, &own_addr_type);
3498 if (err < 0) {
3499 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3500 MGMT_STATUS_FAILED);
3501 mgmt_pending_remove(cmd);
3502 goto failed;
3503 }
3504
3505 param_cp.type = LE_SCAN_ACTIVE;
3506 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3507 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3508 param_cp.own_address_type = own_addr_type;
3509 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3510 &param_cp);
3511
3512 memset(&enable_cp, 0, sizeof(enable_cp));
3513 enable_cp.enable = LE_SCAN_ENABLE;
3514 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3515 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3516 &enable_cp);
3517 break;
3518
3519 default:
3520 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3521 MGMT_STATUS_INVALID_PARAMS);
3522 mgmt_pending_remove(cmd);
3523 goto failed;
3524 }
3525
3526 err = hci_req_run(&req, start_discovery_complete);
3527 if (err < 0)
3528 mgmt_pending_remove(cmd);
3529 else
3530 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3531
3532 failed:
3533 hci_dev_unlock(hdev);
3534 return err;
3535 }
3536
3537 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3538 {
3539 struct pending_cmd *cmd;
3540 int err;
3541
3542 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3543 if (!cmd)
3544 return -ENOENT;
3545
3546 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3547 &hdev->discovery.type, sizeof(hdev->discovery.type));
3548 mgmt_pending_remove(cmd);
3549
3550 return err;
3551 }
3552
3553 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3554 {
3555 BT_DBG("status %d", status);
3556
3557 hci_dev_lock(hdev);
3558
3559 if (status) {
3560 mgmt_stop_discovery_failed(hdev, status);
3561 goto unlock;
3562 }
3563
3564 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3565
3566 unlock:
3567 hci_dev_unlock(hdev);
3568 }
3569
3570 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3571 u16 len)
3572 {
3573 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3574 struct pending_cmd *cmd;
3575 struct hci_cp_remote_name_req_cancel cp;
3576 struct inquiry_entry *e;
3577 struct hci_request req;
3578 int err;
3579
3580 BT_DBG("%s", hdev->name);
3581
3582 hci_dev_lock(hdev);
3583
3584 if (!hci_discovery_active(hdev)) {
3585 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3586 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3587 sizeof(mgmt_cp->type));
3588 goto unlock;
3589 }
3590
3591 if (hdev->discovery.type != mgmt_cp->type) {
3592 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3593 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3594 sizeof(mgmt_cp->type));
3595 goto unlock;
3596 }
3597
3598 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3599 if (!cmd) {
3600 err = -ENOMEM;
3601 goto unlock;
3602 }
3603
3604 hci_req_init(&req, hdev);
3605
3606 switch (hdev->discovery.state) {
3607 case DISCOVERY_FINDING:
3608 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3609 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3610 } else {
3611 cancel_delayed_work(&hdev->le_scan_disable);
3612
3613 hci_req_add_le_scan_disable(&req);
3614 }
3615
3616 break;
3617
3618 case DISCOVERY_RESOLVING:
3619 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3620 NAME_PENDING);
3621 if (!e) {
3622 mgmt_pending_remove(cmd);
3623 err = cmd_complete(sk, hdev->id,
3624 MGMT_OP_STOP_DISCOVERY, 0,
3625 &mgmt_cp->type,
3626 sizeof(mgmt_cp->type));
3627 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3628 goto unlock;
3629 }
3630
3631 bacpy(&cp.bdaddr, &e->data.bdaddr);
3632 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3633 &cp);
3634
3635 break;
3636
3637 default:
3638 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3639
3640 mgmt_pending_remove(cmd);
3641 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3642 MGMT_STATUS_FAILED, &mgmt_cp->type,
3643 sizeof(mgmt_cp->type));
3644 goto unlock;
3645 }
3646
3647 err = hci_req_run(&req, stop_discovery_complete);
3648 if (err < 0)
3649 mgmt_pending_remove(cmd);
3650 else
3651 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3652
3653 unlock:
3654 hci_dev_unlock(hdev);
3655 return err;
3656 }
3657
3658 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3659 u16 len)
3660 {
3661 struct mgmt_cp_confirm_name *cp = data;
3662 struct inquiry_entry *e;
3663 int err;
3664
3665 BT_DBG("%s", hdev->name);
3666
3667 hci_dev_lock(hdev);
3668
3669 if (!hci_discovery_active(hdev)) {
3670 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3671 MGMT_STATUS_FAILED, &cp->addr,
3672 sizeof(cp->addr));
3673 goto failed;
3674 }
3675
3676 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3677 if (!e) {
3678 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3679 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3680 sizeof(cp->addr));
3681 goto failed;
3682 }
3683
3684 if (cp->name_known) {
3685 e->name_state = NAME_KNOWN;
3686 list_del(&e->list);
3687 } else {
3688 e->name_state = NAME_NEEDED;
3689 hci_inquiry_cache_update_resolve(hdev, e);
3690 }
3691
3692 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3693 sizeof(cp->addr));
3694
3695 failed:
3696 hci_dev_unlock(hdev);
3697 return err;
3698 }
3699
3700 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3701 u16 len)
3702 {
3703 struct mgmt_cp_block_device *cp = data;
3704 u8 status;
3705 int err;
3706
3707 BT_DBG("%s", hdev->name);
3708
3709 if (!bdaddr_type_is_valid(cp->addr.type))
3710 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3711 MGMT_STATUS_INVALID_PARAMS,
3712 &cp->addr, sizeof(cp->addr));
3713
3714 hci_dev_lock(hdev);
3715
3716 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3717 if (err < 0)
3718 status = MGMT_STATUS_FAILED;
3719 else
3720 status = MGMT_STATUS_SUCCESS;
3721
3722 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3723 &cp->addr, sizeof(cp->addr));
3724
3725 hci_dev_unlock(hdev);
3726
3727 return err;
3728 }
3729
3730 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3731 u16 len)
3732 {
3733 struct mgmt_cp_unblock_device *cp = data;
3734 u8 status;
3735 int err;
3736
3737 BT_DBG("%s", hdev->name);
3738
3739 if (!bdaddr_type_is_valid(cp->addr.type))
3740 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3741 MGMT_STATUS_INVALID_PARAMS,
3742 &cp->addr, sizeof(cp->addr));
3743
3744 hci_dev_lock(hdev);
3745
3746 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3747 if (err < 0)
3748 status = MGMT_STATUS_INVALID_PARAMS;
3749 else
3750 status = MGMT_STATUS_SUCCESS;
3751
3752 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3753 &cp->addr, sizeof(cp->addr));
3754
3755 hci_dev_unlock(hdev);
3756
3757 return err;
3758 }
3759
3760 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3761 u16 len)
3762 {
3763 struct mgmt_cp_set_device_id *cp = data;
3764 struct hci_request req;
3765 int err;
3766 __u16 source;
3767
3768 BT_DBG("%s", hdev->name);
3769
3770 source = __le16_to_cpu(cp->source);
3771
3772 if (source > 0x0002)
3773 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3774 MGMT_STATUS_INVALID_PARAMS);
3775
3776 hci_dev_lock(hdev);
3777
3778 hdev->devid_source = source;
3779 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3780 hdev->devid_product = __le16_to_cpu(cp->product);
3781 hdev->devid_version = __le16_to_cpu(cp->version);
3782
3783 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3784
3785 hci_req_init(&req, hdev);
3786 update_eir(&req);
3787 hci_req_run(&req, NULL);
3788
3789 hci_dev_unlock(hdev);
3790
3791 return err;
3792 }
3793
3794 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3795 {
3796 struct cmd_lookup match = { NULL, hdev };
3797
3798 if (status) {
3799 u8 mgmt_err = mgmt_status(status);
3800
3801 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3802 cmd_status_rsp, &mgmt_err);
3803 return;
3804 }
3805
3806 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3807 &match);
3808
3809 new_settings(hdev, match.sk);
3810
3811 if (match.sk)
3812 sock_put(match.sk);
3813 }
3814
3815 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3816 u16 len)
3817 {
3818 struct mgmt_mode *cp = data;
3819 struct pending_cmd *cmd;
3820 struct hci_request req;
3821 u8 val, enabled, status;
3822 int err;
3823
3824 BT_DBG("request for %s", hdev->name);
3825
3826 status = mgmt_le_support(hdev);
3827 if (status)
3828 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3829 status);
3830
3831 if (cp->val != 0x00 && cp->val != 0x01)
3832 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3833 MGMT_STATUS_INVALID_PARAMS);
3834
3835 hci_dev_lock(hdev);
3836
3837 val = !!cp->val;
3838 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3839
3840 /* The following conditions are ones which mean that we should
3841 * not do any HCI communication but directly send a mgmt
3842 * response to user space (after toggling the flag if
3843 * necessary).
3844 */
3845 if (!hdev_is_powered(hdev) || val == enabled ||
3846 hci_conn_num(hdev, LE_LINK) > 0) {
3847 bool changed = false;
3848
3849 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3850 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3851 changed = true;
3852 }
3853
3854 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3855 if (err < 0)
3856 goto unlock;
3857
3858 if (changed)
3859 err = new_settings(hdev, sk);
3860
3861 goto unlock;
3862 }
3863
3864 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3865 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3866 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3867 MGMT_STATUS_BUSY);
3868 goto unlock;
3869 }
3870
3871 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3872 if (!cmd) {
3873 err = -ENOMEM;
3874 goto unlock;
3875 }
3876
3877 hci_req_init(&req, hdev);
3878
3879 if (val)
3880 enable_advertising(&req);
3881 else
3882 disable_advertising(&req);
3883
3884 err = hci_req_run(&req, set_advertising_complete);
3885 if (err < 0)
3886 mgmt_pending_remove(cmd);
3887
3888 unlock:
3889 hci_dev_unlock(hdev);
3890 return err;
3891 }
3892
3893 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3894 void *data, u16 len)
3895 {
3896 struct mgmt_cp_set_static_address *cp = data;
3897 int err;
3898
3899 BT_DBG("%s", hdev->name);
3900
3901 if (!lmp_le_capable(hdev))
3902 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3903 MGMT_STATUS_NOT_SUPPORTED);
3904
3905 if (hdev_is_powered(hdev))
3906 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3907 MGMT_STATUS_REJECTED);
3908
3909 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3910 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3911 return cmd_status(sk, hdev->id,
3912 MGMT_OP_SET_STATIC_ADDRESS,
3913 MGMT_STATUS_INVALID_PARAMS);
3914
3915 /* Two most significant bits shall be set */
3916 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3917 return cmd_status(sk, hdev->id,
3918 MGMT_OP_SET_STATIC_ADDRESS,
3919 MGMT_STATUS_INVALID_PARAMS);
3920 }
3921
3922 hci_dev_lock(hdev);
3923
3924 bacpy(&hdev->static_addr, &cp->bdaddr);
3925
3926 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3927
3928 hci_dev_unlock(hdev);
3929
3930 return err;
3931 }
3932
3933 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3934 void *data, u16 len)
3935 {
3936 struct mgmt_cp_set_scan_params *cp = data;
3937 __u16 interval, window;
3938 int err;
3939
3940 BT_DBG("%s", hdev->name);
3941
3942 if (!lmp_le_capable(hdev))
3943 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3944 MGMT_STATUS_NOT_SUPPORTED);
3945
3946 interval = __le16_to_cpu(cp->interval);
3947
3948 if (interval < 0x0004 || interval > 0x4000)
3949 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3950 MGMT_STATUS_INVALID_PARAMS);
3951
3952 window = __le16_to_cpu(cp->window);
3953
3954 if (window < 0x0004 || window > 0x4000)
3955 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3956 MGMT_STATUS_INVALID_PARAMS);
3957
3958 if (window > interval)
3959 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3960 MGMT_STATUS_INVALID_PARAMS);
3961
3962 hci_dev_lock(hdev);
3963
3964 hdev->le_scan_interval = interval;
3965 hdev->le_scan_window = window;
3966
3967 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3968
3969 /* If background scan is running, restart it so new parameters are
3970 * loaded.
3971 */
3972 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3973 hdev->discovery.state == DISCOVERY_STOPPED) {
3974 struct hci_request req;
3975
3976 hci_req_init(&req, hdev);
3977
3978 hci_req_add_le_scan_disable(&req);
3979 hci_req_add_le_passive_scan(&req);
3980
3981 hci_req_run(&req, NULL);
3982 }
3983
3984 hci_dev_unlock(hdev);
3985
3986 return err;
3987 }
3988
3989 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3990 {
3991 struct pending_cmd *cmd;
3992
3993 BT_DBG("status 0x%02x", status);
3994
3995 hci_dev_lock(hdev);
3996
3997 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3998 if (!cmd)
3999 goto unlock;
4000
4001 if (status) {
4002 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4003 mgmt_status(status));
4004 } else {
4005 struct mgmt_mode *cp = cmd->param;
4006
4007 if (cp->val)
4008 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4009 else
4010 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4011
4012 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4013 new_settings(hdev, cmd->sk);
4014 }
4015
4016 mgmt_pending_remove(cmd);
4017
4018 unlock:
4019 hci_dev_unlock(hdev);
4020 }
4021
4022 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4023 void *data, u16 len)
4024 {
4025 struct mgmt_mode *cp = data;
4026 struct pending_cmd *cmd;
4027 struct hci_request req;
4028 int err;
4029
4030 BT_DBG("%s", hdev->name);
4031
4032 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4033 hdev->hci_ver < BLUETOOTH_VER_1_2)
4034 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4035 MGMT_STATUS_NOT_SUPPORTED);
4036
4037 if (cp->val != 0x00 && cp->val != 0x01)
4038 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4039 MGMT_STATUS_INVALID_PARAMS);
4040
4041 if (!hdev_is_powered(hdev))
4042 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4043 MGMT_STATUS_NOT_POWERED);
4044
4045 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4046 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4047 MGMT_STATUS_REJECTED);
4048
4049 hci_dev_lock(hdev);
4050
4051 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4052 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4053 MGMT_STATUS_BUSY);
4054 goto unlock;
4055 }
4056
4057 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4058 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4059 hdev);
4060 goto unlock;
4061 }
4062
4063 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4064 data, len);
4065 if (!cmd) {
4066 err = -ENOMEM;
4067 goto unlock;
4068 }
4069
4070 hci_req_init(&req, hdev);
4071
4072 write_fast_connectable(&req, cp->val);
4073
4074 err = hci_req_run(&req, fast_connectable_complete);
4075 if (err < 0) {
4076 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4077 MGMT_STATUS_FAILED);
4078 mgmt_pending_remove(cmd);
4079 }
4080
4081 unlock:
4082 hci_dev_unlock(hdev);
4083
4084 return err;
4085 }
4086
4087 static void set_bredr_scan(struct hci_request *req)
4088 {
4089 struct hci_dev *hdev = req->hdev;
4090 u8 scan = 0;
4091
4092 /* Ensure that fast connectable is disabled. This function will
4093 * not do anything if the page scan parameters are already what
4094 * they should be.
4095 */
4096 write_fast_connectable(req, false);
4097
4098 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4099 scan |= SCAN_PAGE;
4100 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4101 scan |= SCAN_INQUIRY;
4102
4103 if (scan)
4104 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4105 }
4106
4107 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4108 {
4109 struct pending_cmd *cmd;
4110
4111 BT_DBG("status 0x%02x", status);
4112
4113 hci_dev_lock(hdev);
4114
4115 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4116 if (!cmd)
4117 goto unlock;
4118
4119 if (status) {
4120 u8 mgmt_err = mgmt_status(status);
4121
4122 /* We need to restore the flag if related HCI commands
4123 * failed.
4124 */
4125 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4126
4127 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4128 } else {
4129 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4130 new_settings(hdev, cmd->sk);
4131 }
4132
4133 mgmt_pending_remove(cmd);
4134
4135 unlock:
4136 hci_dev_unlock(hdev);
4137 }
4138
4139 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4140 {
4141 struct mgmt_mode *cp = data;
4142 struct pending_cmd *cmd;
4143 struct hci_request req;
4144 int err;
4145
4146 BT_DBG("request for %s", hdev->name);
4147
4148 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4149 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4150 MGMT_STATUS_NOT_SUPPORTED);
4151
4152 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4153 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4154 MGMT_STATUS_REJECTED);
4155
4156 if (cp->val != 0x00 && cp->val != 0x01)
4157 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4158 MGMT_STATUS_INVALID_PARAMS);
4159
4160 hci_dev_lock(hdev);
4161
4162 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4163 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4164 goto unlock;
4165 }
4166
4167 if (!hdev_is_powered(hdev)) {
4168 if (!cp->val) {
4169 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4170 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4171 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4172 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4173 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4174 }
4175
4176 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4177
4178 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4179 if (err < 0)
4180 goto unlock;
4181
4182 err = new_settings(hdev, sk);
4183 goto unlock;
4184 }
4185
4186 /* Reject disabling when powered on */
4187 if (!cp->val) {
4188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4189 MGMT_STATUS_REJECTED);
4190 goto unlock;
4191 }
4192
4193 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4194 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4195 MGMT_STATUS_BUSY);
4196 goto unlock;
4197 }
4198
4199 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4200 if (!cmd) {
4201 err = -ENOMEM;
4202 goto unlock;
4203 }
4204
4205 /* We need to flip the bit already here so that update_adv_data
4206 * generates the correct flags.
4207 */
4208 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4209
4210 hci_req_init(&req, hdev);
4211
4212 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4213 set_bredr_scan(&req);
4214
4215 /* Since only the advertising data flags will change, there
4216 * is no need to update the scan response data.
4217 */
4218 update_adv_data(&req);
4219
4220 err = hci_req_run(&req, set_bredr_complete);
4221 if (err < 0)
4222 mgmt_pending_remove(cmd);
4223
4224 unlock:
4225 hci_dev_unlock(hdev);
4226 return err;
4227 }
4228
4229 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4230 void *data, u16 len)
4231 {
4232 struct mgmt_mode *cp = data;
4233 struct pending_cmd *cmd;
4234 u8 val, status;
4235 int err;
4236
4237 BT_DBG("request for %s", hdev->name);
4238
4239 status = mgmt_bredr_support(hdev);
4240 if (status)
4241 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4242 status);
4243
4244 if (!lmp_sc_capable(hdev) &&
4245 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4246 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4247 MGMT_STATUS_NOT_SUPPORTED);
4248
4249 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4250 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4251 MGMT_STATUS_INVALID_PARAMS);
4252
4253 hci_dev_lock(hdev);
4254
4255 if (!hdev_is_powered(hdev)) {
4256 bool changed;
4257
4258 if (cp->val) {
4259 changed = !test_and_set_bit(HCI_SC_ENABLED,
4260 &hdev->dev_flags);
4261 if (cp->val == 0x02)
4262 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4263 else
4264 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4265 } else {
4266 changed = test_and_clear_bit(HCI_SC_ENABLED,
4267 &hdev->dev_flags);
4268 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4269 }
4270
4271 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4272 if (err < 0)
4273 goto failed;
4274
4275 if (changed)
4276 err = new_settings(hdev, sk);
4277
4278 goto failed;
4279 }
4280
4281 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4282 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4283 MGMT_STATUS_BUSY);
4284 goto failed;
4285 }
4286
4287 val = !!cp->val;
4288
4289 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4290 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4291 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4292 goto failed;
4293 }
4294
4295 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4296 if (!cmd) {
4297 err = -ENOMEM;
4298 goto failed;
4299 }
4300
4301 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4302 if (err < 0) {
4303 mgmt_pending_remove(cmd);
4304 goto failed;
4305 }
4306
4307 if (cp->val == 0x02)
4308 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4309 else
4310 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4311
4312 failed:
4313 hci_dev_unlock(hdev);
4314 return err;
4315 }
4316
4317 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4318 void *data, u16 len)
4319 {
4320 struct mgmt_mode *cp = data;
4321 bool changed;
4322 int err;
4323
4324 BT_DBG("request for %s", hdev->name);
4325
4326 if (cp->val != 0x00 && cp->val != 0x01)
4327 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4328 MGMT_STATUS_INVALID_PARAMS);
4329
4330 hci_dev_lock(hdev);
4331
4332 if (cp->val)
4333 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4334 else
4335 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4336
4337 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4338 if (err < 0)
4339 goto unlock;
4340
4341 if (changed)
4342 err = new_settings(hdev, sk);
4343
4344 unlock:
4345 hci_dev_unlock(hdev);
4346 return err;
4347 }
4348
4349 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4350 u16 len)
4351 {
4352 struct mgmt_cp_set_privacy *cp = cp_data;
4353 bool changed;
4354 int err;
4355
4356 BT_DBG("request for %s", hdev->name);
4357
4358 if (!lmp_le_capable(hdev))
4359 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4360 MGMT_STATUS_NOT_SUPPORTED);
4361
4362 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4363 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4364 MGMT_STATUS_INVALID_PARAMS);
4365
4366 if (hdev_is_powered(hdev))
4367 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4368 MGMT_STATUS_REJECTED);
4369
4370 hci_dev_lock(hdev);
4371
4372 /* If user space supports this command it is also expected to
4373 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4374 */
4375 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4376
4377 if (cp->privacy) {
4378 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4379 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4380 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4381 } else {
4382 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4383 memset(hdev->irk, 0, sizeof(hdev->irk));
4384 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4385 }
4386
4387 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4388 if (err < 0)
4389 goto unlock;
4390
4391 if (changed)
4392 err = new_settings(hdev, sk);
4393
4394 unlock:
4395 hci_dev_unlock(hdev);
4396 return err;
4397 }
4398
4399 static bool irk_is_valid(struct mgmt_irk_info *irk)
4400 {
4401 switch (irk->addr.type) {
4402 case BDADDR_LE_PUBLIC:
4403 return true;
4404
4405 case BDADDR_LE_RANDOM:
4406 /* Two most significant bits shall be set */
4407 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4408 return false;
4409 return true;
4410 }
4411
4412 return false;
4413 }
4414
4415 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4416 u16 len)
4417 {
4418 struct mgmt_cp_load_irks *cp = cp_data;
4419 u16 irk_count, expected_len;
4420 int i, err;
4421
4422 BT_DBG("request for %s", hdev->name);
4423
4424 if (!lmp_le_capable(hdev))
4425 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4426 MGMT_STATUS_NOT_SUPPORTED);
4427
4428 irk_count = __le16_to_cpu(cp->irk_count);
4429
4430 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4431 if (expected_len != len) {
4432 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4433 expected_len, len);
4434 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4435 MGMT_STATUS_INVALID_PARAMS);
4436 }
4437
4438 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4439
4440 for (i = 0; i < irk_count; i++) {
4441 struct mgmt_irk_info *key = &cp->irks[i];
4442
4443 if (!irk_is_valid(key))
4444 return cmd_status(sk, hdev->id,
4445 MGMT_OP_LOAD_IRKS,
4446 MGMT_STATUS_INVALID_PARAMS);
4447 }
4448
4449 hci_dev_lock(hdev);
4450
4451 hci_smp_irks_clear(hdev);
4452
4453 for (i = 0; i < irk_count; i++) {
4454 struct mgmt_irk_info *irk = &cp->irks[i];
4455 u8 addr_type;
4456
4457 if (irk->addr.type == BDADDR_LE_PUBLIC)
4458 addr_type = ADDR_LE_DEV_PUBLIC;
4459 else
4460 addr_type = ADDR_LE_DEV_RANDOM;
4461
4462 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4463 BDADDR_ANY);
4464 }
4465
4466 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4467
4468 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4469
4470 hci_dev_unlock(hdev);
4471
4472 return err;
4473 }
4474
4475 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4476 {
4477 if (key->master != 0x00 && key->master != 0x01)
4478 return false;
4479
4480 switch (key->addr.type) {
4481 case BDADDR_LE_PUBLIC:
4482 return true;
4483
4484 case BDADDR_LE_RANDOM:
4485 /* Two most significant bits shall be set */
4486 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4487 return false;
4488 return true;
4489 }
4490
4491 return false;
4492 }
4493
4494 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4495 void *cp_data, u16 len)
4496 {
4497 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4498 u16 key_count, expected_len;
4499 int i, err;
4500
4501 BT_DBG("request for %s", hdev->name);
4502
4503 if (!lmp_le_capable(hdev))
4504 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4505 MGMT_STATUS_NOT_SUPPORTED);
4506
4507 key_count = __le16_to_cpu(cp->key_count);
4508
4509 expected_len = sizeof(*cp) + key_count *
4510 sizeof(struct mgmt_ltk_info);
4511 if (expected_len != len) {
4512 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4513 expected_len, len);
4514 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4515 MGMT_STATUS_INVALID_PARAMS);
4516 }
4517
4518 BT_DBG("%s key_count %u", hdev->name, key_count);
4519
4520 for (i = 0; i < key_count; i++) {
4521 struct mgmt_ltk_info *key = &cp->keys[i];
4522
4523 if (!ltk_is_valid(key))
4524 return cmd_status(sk, hdev->id,
4525 MGMT_OP_LOAD_LONG_TERM_KEYS,
4526 MGMT_STATUS_INVALID_PARAMS);
4527 }
4528
4529 hci_dev_lock(hdev);
4530
4531 hci_smp_ltks_clear(hdev);
4532
4533 for (i = 0; i < key_count; i++) {
4534 struct mgmt_ltk_info *key = &cp->keys[i];
4535 u8 type, addr_type;
4536
4537 if (key->addr.type == BDADDR_LE_PUBLIC)
4538 addr_type = ADDR_LE_DEV_PUBLIC;
4539 else
4540 addr_type = ADDR_LE_DEV_RANDOM;
4541
4542 if (key->master)
4543 type = HCI_SMP_LTK;
4544 else
4545 type = HCI_SMP_LTK_SLAVE;
4546
4547 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4548 key->type, key->val, key->enc_size, key->ediv,
4549 key->rand);
4550 }
4551
4552 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4553 NULL, 0);
4554
4555 hci_dev_unlock(hdev);
4556
4557 return err;
4558 }
4559
4560 static const struct mgmt_handler {
4561 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4562 u16 data_len);
4563 bool var_len;
4564 size_t data_len;
4565 } mgmt_handlers[] = {
4566 { NULL }, /* 0x0000 (no command) */
4567 { read_version, false, MGMT_READ_VERSION_SIZE },
4568 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4569 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4570 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4571 { set_powered, false, MGMT_SETTING_SIZE },
4572 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4573 { set_connectable, false, MGMT_SETTING_SIZE },
4574 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4575 { set_pairable, false, MGMT_SETTING_SIZE },
4576 { set_link_security, false, MGMT_SETTING_SIZE },
4577 { set_ssp, false, MGMT_SETTING_SIZE },
4578 { set_hs, false, MGMT_SETTING_SIZE },
4579 { set_le, false, MGMT_SETTING_SIZE },
4580 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4581 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4582 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4583 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4584 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4585 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4586 { disconnect, false, MGMT_DISCONNECT_SIZE },
4587 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4588 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4589 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4590 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4591 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4592 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4593 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4594 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4595 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4596 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4597 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4598 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4599 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4600 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4601 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4602 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4603 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4604 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4605 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4606 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4607 { set_advertising, false, MGMT_SETTING_SIZE },
4608 { set_bredr, false, MGMT_SETTING_SIZE },
4609 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4610 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4611 { set_secure_conn, false, MGMT_SETTING_SIZE },
4612 { set_debug_keys, false, MGMT_SETTING_SIZE },
4613 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4614 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4615 };
4616
4617
4618 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4619 {
4620 void *buf;
4621 u8 *cp;
4622 struct mgmt_hdr *hdr;
4623 u16 opcode, index, len;
4624 struct hci_dev *hdev = NULL;
4625 const struct mgmt_handler *handler;
4626 int err;
4627
4628 BT_DBG("got %zu bytes", msglen);
4629
4630 if (msglen < sizeof(*hdr))
4631 return -EINVAL;
4632
4633 buf = kmalloc(msglen, GFP_KERNEL);
4634 if (!buf)
4635 return -ENOMEM;
4636
4637 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4638 err = -EFAULT;
4639 goto done;
4640 }
4641
4642 hdr = buf;
4643 opcode = __le16_to_cpu(hdr->opcode);
4644 index = __le16_to_cpu(hdr->index);
4645 len = __le16_to_cpu(hdr->len);
4646
4647 if (len != msglen - sizeof(*hdr)) {
4648 err = -EINVAL;
4649 goto done;
4650 }
4651
4652 if (index != MGMT_INDEX_NONE) {
4653 hdev = hci_dev_get(index);
4654 if (!hdev) {
4655 err = cmd_status(sk, index, opcode,
4656 MGMT_STATUS_INVALID_INDEX);
4657 goto done;
4658 }
4659
4660 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4661 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4662 err = cmd_status(sk, index, opcode,
4663 MGMT_STATUS_INVALID_INDEX);
4664 goto done;
4665 }
4666 }
4667
4668 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4669 mgmt_handlers[opcode].func == NULL) {
4670 BT_DBG("Unknown op %u", opcode);
4671 err = cmd_status(sk, index, opcode,
4672 MGMT_STATUS_UNKNOWN_COMMAND);
4673 goto done;
4674 }
4675
4676 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4677 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4678 err = cmd_status(sk, index, opcode,
4679 MGMT_STATUS_INVALID_INDEX);
4680 goto done;
4681 }
4682
4683 handler = &mgmt_handlers[opcode];
4684
4685 if ((handler->var_len && len < handler->data_len) ||
4686 (!handler->var_len && len != handler->data_len)) {
4687 err = cmd_status(sk, index, opcode,
4688 MGMT_STATUS_INVALID_PARAMS);
4689 goto done;
4690 }
4691
4692 if (hdev)
4693 mgmt_init_hdev(sk, hdev);
4694
4695 cp = buf + sizeof(*hdr);
4696
4697 err = handler->func(sk, hdev, cp, len);
4698 if (err < 0)
4699 goto done;
4700
4701 err = msglen;
4702
4703 done:
4704 if (hdev)
4705 hci_dev_put(hdev);
4706
4707 kfree(buf);
4708 return err;
4709 }
4710
4711 void mgmt_index_added(struct hci_dev *hdev)
4712 {
4713 if (hdev->dev_type != HCI_BREDR)
4714 return;
4715
4716 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4717 }
4718
4719 void mgmt_index_removed(struct hci_dev *hdev)
4720 {
4721 u8 status = MGMT_STATUS_INVALID_INDEX;
4722
4723 if (hdev->dev_type != HCI_BREDR)
4724 return;
4725
4726 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4727
4728 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4729 }
4730
4731 /* This function requires the caller holds hdev->lock */
4732 static void restart_le_auto_conns(struct hci_dev *hdev)
4733 {
4734 struct hci_conn_params *p;
4735
4736 list_for_each_entry(p, &hdev->le_conn_params, list) {
4737 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4738 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4739 }
4740 }
4741
4742 static void powered_complete(struct hci_dev *hdev, u8 status)
4743 {
4744 struct cmd_lookup match = { NULL, hdev };
4745
4746 BT_DBG("status 0x%02x", status);
4747
4748 hci_dev_lock(hdev);
4749
4750 restart_le_auto_conns(hdev);
4751
4752 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4753
4754 new_settings(hdev, match.sk);
4755
4756 hci_dev_unlock(hdev);
4757
4758 if (match.sk)
4759 sock_put(match.sk);
4760 }
4761
4762 static int powered_update_hci(struct hci_dev *hdev)
4763 {
4764 struct hci_request req;
4765 u8 link_sec;
4766
4767 hci_req_init(&req, hdev);
4768
4769 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4770 !lmp_host_ssp_capable(hdev)) {
4771 u8 ssp = 1;
4772
4773 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4774 }
4775
4776 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4777 lmp_bredr_capable(hdev)) {
4778 struct hci_cp_write_le_host_supported cp;
4779
4780 cp.le = 1;
4781 cp.simul = lmp_le_br_capable(hdev);
4782
4783 /* Check first if we already have the right
4784 * host state (host features set)
4785 */
4786 if (cp.le != lmp_host_le_capable(hdev) ||
4787 cp.simul != lmp_host_le_br_capable(hdev))
4788 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4789 sizeof(cp), &cp);
4790 }
4791
4792 if (lmp_le_capable(hdev)) {
4793 /* Make sure the controller has a good default for
4794 * advertising data. This also applies to the case
4795 * where BR/EDR was toggled during the AUTO_OFF phase.
4796 */
4797 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4798 update_adv_data(&req);
4799 update_scan_rsp_data(&req);
4800 }
4801
4802 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4803 enable_advertising(&req);
4804 }
4805
4806 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4807 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4808 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4809 sizeof(link_sec), &link_sec);
4810
4811 if (lmp_bredr_capable(hdev)) {
4812 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4813 set_bredr_scan(&req);
4814 update_class(&req);
4815 update_name(&req);
4816 update_eir(&req);
4817 }
4818
4819 return hci_req_run(&req, powered_complete);
4820 }
4821
4822 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4823 {
4824 struct cmd_lookup match = { NULL, hdev };
4825 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4826 u8 zero_cod[] = { 0, 0, 0 };
4827 int err;
4828
4829 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4830 return 0;
4831
4832 if (powered) {
4833 if (powered_update_hci(hdev) == 0)
4834 return 0;
4835
4836 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4837 &match);
4838 goto new_settings;
4839 }
4840
4841 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4842 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4843
4844 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4845 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4846 zero_cod, sizeof(zero_cod), NULL);
4847
4848 new_settings:
4849 err = new_settings(hdev, match.sk);
4850
4851 if (match.sk)
4852 sock_put(match.sk);
4853
4854 return err;
4855 }
4856
4857 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4858 {
4859 struct pending_cmd *cmd;
4860 u8 status;
4861
4862 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4863 if (!cmd)
4864 return;
4865
4866 if (err == -ERFKILL)
4867 status = MGMT_STATUS_RFKILLED;
4868 else
4869 status = MGMT_STATUS_FAILED;
4870
4871 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4872
4873 mgmt_pending_remove(cmd);
4874 }
4875
4876 void mgmt_discoverable_timeout(struct hci_dev *hdev)
4877 {
4878 struct hci_request req;
4879
4880 hci_dev_lock(hdev);
4881
4882 /* When discoverable timeout triggers, then just make sure
4883 * the limited discoverable flag is cleared. Even in the case
4884 * of a timeout triggered from general discoverable, it is
4885 * safe to unconditionally clear the flag.
4886 */
4887 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4888 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4889
4890 hci_req_init(&req, hdev);
4891 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4892 u8 scan = SCAN_PAGE;
4893 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4894 sizeof(scan), &scan);
4895 }
4896 update_class(&req);
4897 update_adv_data(&req);
4898 hci_req_run(&req, NULL);
4899
4900 hdev->discov_timeout = 0;
4901
4902 new_settings(hdev, NULL);
4903
4904 hci_dev_unlock(hdev);
4905 }
4906
4907 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4908 {
4909 bool changed;
4910
4911 /* Nothing needed here if there's a pending command since that
4912 * commands request completion callback takes care of everything
4913 * necessary.
4914 */
4915 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4916 return;
4917
4918 /* Powering off may clear the scan mode - don't let that interfere */
4919 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4920 return;
4921
4922 if (discoverable) {
4923 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4924 } else {
4925 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4926 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4927 }
4928
4929 if (changed) {
4930 struct hci_request req;
4931
4932 /* In case this change in discoverable was triggered by
4933 * a disabling of connectable there could be a need to
4934 * update the advertising flags.
4935 */
4936 hci_req_init(&req, hdev);
4937 update_adv_data(&req);
4938 hci_req_run(&req, NULL);
4939
4940 new_settings(hdev, NULL);
4941 }
4942 }
4943
4944 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4945 {
4946 bool changed;
4947
4948 /* Nothing needed here if there's a pending command since that
4949 * commands request completion callback takes care of everything
4950 * necessary.
4951 */
4952 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4953 return;
4954
4955 /* Powering off may clear the scan mode - don't let that interfere */
4956 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4957 return;
4958
4959 if (connectable)
4960 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4961 else
4962 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4963
4964 if (changed)
4965 new_settings(hdev, NULL);
4966 }
4967
4968 void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4969 {
4970 /* Powering off may stop advertising - don't let that interfere */
4971 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4972 return;
4973
4974 if (advertising)
4975 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4976 else
4977 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4978 }
4979
4980 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4981 {
4982 u8 mgmt_err = mgmt_status(status);
4983
4984 if (scan & SCAN_PAGE)
4985 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4986 cmd_status_rsp, &mgmt_err);
4987
4988 if (scan & SCAN_INQUIRY)
4989 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4990 cmd_status_rsp, &mgmt_err);
4991 }
4992
4993 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4994 bool persistent)
4995 {
4996 struct mgmt_ev_new_link_key ev;
4997
4998 memset(&ev, 0, sizeof(ev));
4999
5000 ev.store_hint = persistent;
5001 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5002 ev.key.addr.type = BDADDR_BREDR;
5003 ev.key.type = key->type;
5004 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
5005 ev.key.pin_len = key->pin_len;
5006
5007 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
5008 }
5009
5010 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
5011 {
5012 struct mgmt_ev_new_long_term_key ev;
5013
5014 memset(&ev, 0, sizeof(ev));
5015
5016 /* Devices using resolvable or non-resolvable random addresses
5017 * without providing an indentity resolving key don't require
5018 * to store long term keys. Their addresses will change the
5019 * next time around.
5020 *
5021 * Only when a remote device provides an identity address
5022 * make sure the long term key is stored. If the remote
5023 * identity is known, the long term keys are internally
5024 * mapped to the identity address. So allow static random
5025 * and public addresses here.
5026 */
5027 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5028 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5029 ev.store_hint = 0x00;
5030 else
5031 ev.store_hint = persistent;
5032
5033 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5034 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
5035 ev.key.type = key->authenticated;
5036 ev.key.enc_size = key->enc_size;
5037 ev.key.ediv = key->ediv;
5038 ev.key.rand = key->rand;
5039
5040 if (key->type == HCI_SMP_LTK)
5041 ev.key.master = 1;
5042
5043 memcpy(ev.key.val, key->val, sizeof(key->val));
5044
5045 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
5046 }
5047
5048 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5049 {
5050 struct mgmt_ev_new_irk ev;
5051
5052 memset(&ev, 0, sizeof(ev));
5053
5054 /* For identity resolving keys from devices that are already
5055 * using a public address or static random address, do not
5056 * ask for storing this key. The identity resolving key really
5057 * is only mandatory for devices using resovlable random
5058 * addresses.
5059 *
5060 * Storing all identity resolving keys has the downside that
5061 * they will be also loaded on next boot of they system. More
5062 * identity resolving keys, means more time during scanning is
5063 * needed to actually resolve these addresses.
5064 */
5065 if (bacmp(&irk->rpa, BDADDR_ANY))
5066 ev.store_hint = 0x01;
5067 else
5068 ev.store_hint = 0x00;
5069
5070 bacpy(&ev.rpa, &irk->rpa);
5071 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5072 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5073 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5074
5075 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5076 }
5077
5078 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5079 bool persistent)
5080 {
5081 struct mgmt_ev_new_csrk ev;
5082
5083 memset(&ev, 0, sizeof(ev));
5084
5085 /* Devices using resolvable or non-resolvable random addresses
5086 * without providing an indentity resolving key don't require
5087 * to store signature resolving keys. Their addresses will change
5088 * the next time around.
5089 *
5090 * Only when a remote device provides an identity address
5091 * make sure the signature resolving key is stored. So allow
5092 * static random and public addresses here.
5093 */
5094 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5095 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5096 ev.store_hint = 0x00;
5097 else
5098 ev.store_hint = persistent;
5099
5100 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5101 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5102 ev.key.master = csrk->master;
5103 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5104
5105 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5106 }
5107
5108 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5109 u8 data_len)
5110 {
5111 eir[eir_len++] = sizeof(type) + data_len;
5112 eir[eir_len++] = type;
5113 memcpy(&eir[eir_len], data, data_len);
5114 eir_len += data_len;
5115
5116 return eir_len;
5117 }
5118
5119 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5120 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5121 u8 *dev_class)
5122 {
5123 char buf[512];
5124 struct mgmt_ev_device_connected *ev = (void *) buf;
5125 u16 eir_len = 0;
5126
5127 bacpy(&ev->addr.bdaddr, bdaddr);
5128 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5129
5130 ev->flags = __cpu_to_le32(flags);
5131
5132 if (name_len > 0)
5133 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
5134 name, name_len);
5135
5136 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
5137 eir_len = eir_append_data(ev->eir, eir_len,
5138 EIR_CLASS_OF_DEV, dev_class, 3);
5139
5140 ev->eir_len = cpu_to_le16(eir_len);
5141
5142 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5143 sizeof(*ev) + eir_len, NULL);
5144 }
5145
5146 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5147 {
5148 struct mgmt_cp_disconnect *cp = cmd->param;
5149 struct sock **sk = data;
5150 struct mgmt_rp_disconnect rp;
5151
5152 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5153 rp.addr.type = cp->addr.type;
5154
5155 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
5156 sizeof(rp));
5157
5158 *sk = cmd->sk;
5159 sock_hold(*sk);
5160
5161 mgmt_pending_remove(cmd);
5162 }
5163
5164 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
5165 {
5166 struct hci_dev *hdev = data;
5167 struct mgmt_cp_unpair_device *cp = cmd->param;
5168 struct mgmt_rp_unpair_device rp;
5169
5170 memset(&rp, 0, sizeof(rp));
5171 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5172 rp.addr.type = cp->addr.type;
5173
5174 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5175
5176 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
5177
5178 mgmt_pending_remove(cmd);
5179 }
5180
5181 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5182 u8 link_type, u8 addr_type, u8 reason,
5183 bool mgmt_connected)
5184 {
5185 struct mgmt_ev_device_disconnected ev;
5186 struct pending_cmd *power_off;
5187 struct sock *sk = NULL;
5188
5189 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5190 if (power_off) {
5191 struct mgmt_mode *cp = power_off->param;
5192
5193 /* The connection is still in hci_conn_hash so test for 1
5194 * instead of 0 to know if this is the last one.
5195 */
5196 if (!cp->val && hci_conn_count(hdev) == 1) {
5197 cancel_delayed_work(&hdev->power_off);
5198 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5199 }
5200 }
5201
5202 if (!mgmt_connected)
5203 return;
5204
5205 if (link_type != ACL_LINK && link_type != LE_LINK)
5206 return;
5207
5208 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
5209
5210 bacpy(&ev.addr.bdaddr, bdaddr);
5211 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5212 ev.reason = reason;
5213
5214 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
5215
5216 if (sk)
5217 sock_put(sk);
5218
5219 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5220 hdev);
5221 }
5222
5223 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5224 u8 link_type, u8 addr_type, u8 status)
5225 {
5226 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5227 struct mgmt_cp_disconnect *cp;
5228 struct mgmt_rp_disconnect rp;
5229 struct pending_cmd *cmd;
5230
5231 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5232 hdev);
5233
5234 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
5235 if (!cmd)
5236 return;
5237
5238 cp = cmd->param;
5239
5240 if (bacmp(bdaddr, &cp->addr.bdaddr))
5241 return;
5242
5243 if (cp->addr.type != bdaddr_type)
5244 return;
5245
5246 bacpy(&rp.addr.bdaddr, bdaddr);
5247 rp.addr.type = bdaddr_type;
5248
5249 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5250 mgmt_status(status), &rp, sizeof(rp));
5251
5252 mgmt_pending_remove(cmd);
5253 }
5254
5255 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5256 u8 addr_type, u8 status)
5257 {
5258 struct mgmt_ev_connect_failed ev;
5259 struct pending_cmd *power_off;
5260
5261 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5262 if (power_off) {
5263 struct mgmt_mode *cp = power_off->param;
5264
5265 /* The connection is still in hci_conn_hash so test for 1
5266 * instead of 0 to know if this is the last one.
5267 */
5268 if (!cp->val && hci_conn_count(hdev) == 1) {
5269 cancel_delayed_work(&hdev->power_off);
5270 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5271 }
5272 }
5273
5274 bacpy(&ev.addr.bdaddr, bdaddr);
5275 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5276 ev.status = mgmt_status(status);
5277
5278 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
5279 }
5280
5281 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
5282 {
5283 struct mgmt_ev_pin_code_request ev;
5284
5285 bacpy(&ev.addr.bdaddr, bdaddr);
5286 ev.addr.type = BDADDR_BREDR;
5287 ev.secure = secure;
5288
5289 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
5290 }
5291
5292 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5293 u8 status)
5294 {
5295 struct pending_cmd *cmd;
5296 struct mgmt_rp_pin_code_reply rp;
5297
5298 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
5299 if (!cmd)
5300 return;
5301
5302 bacpy(&rp.addr.bdaddr, bdaddr);
5303 rp.addr.type = BDADDR_BREDR;
5304
5305 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5306 mgmt_status(status), &rp, sizeof(rp));
5307
5308 mgmt_pending_remove(cmd);
5309 }
5310
5311 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5312 u8 status)
5313 {
5314 struct pending_cmd *cmd;
5315 struct mgmt_rp_pin_code_reply rp;
5316
5317 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
5318 if (!cmd)
5319 return;
5320
5321 bacpy(&rp.addr.bdaddr, bdaddr);
5322 rp.addr.type = BDADDR_BREDR;
5323
5324 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5325 mgmt_status(status), &rp, sizeof(rp));
5326
5327 mgmt_pending_remove(cmd);
5328 }
5329
5330 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5331 u8 link_type, u8 addr_type, u32 value,
5332 u8 confirm_hint)
5333 {
5334 struct mgmt_ev_user_confirm_request ev;
5335
5336 BT_DBG("%s", hdev->name);
5337
5338 bacpy(&ev.addr.bdaddr, bdaddr);
5339 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5340 ev.confirm_hint = confirm_hint;
5341 ev.value = cpu_to_le32(value);
5342
5343 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
5344 NULL);
5345 }
5346
5347 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5348 u8 link_type, u8 addr_type)
5349 {
5350 struct mgmt_ev_user_passkey_request ev;
5351
5352 BT_DBG("%s", hdev->name);
5353
5354 bacpy(&ev.addr.bdaddr, bdaddr);
5355 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5356
5357 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5358 NULL);
5359 }
5360
5361 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5362 u8 link_type, u8 addr_type, u8 status,
5363 u8 opcode)
5364 {
5365 struct pending_cmd *cmd;
5366 struct mgmt_rp_user_confirm_reply rp;
5367 int err;
5368
5369 cmd = mgmt_pending_find(opcode, hdev);
5370 if (!cmd)
5371 return -ENOENT;
5372
5373 bacpy(&rp.addr.bdaddr, bdaddr);
5374 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5375 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5376 &rp, sizeof(rp));
5377
5378 mgmt_pending_remove(cmd);
5379
5380 return err;
5381 }
5382
5383 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5384 u8 link_type, u8 addr_type, u8 status)
5385 {
5386 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5387 status, MGMT_OP_USER_CONFIRM_REPLY);
5388 }
5389
5390 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5391 u8 link_type, u8 addr_type, u8 status)
5392 {
5393 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5394 status,
5395 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5396 }
5397
5398 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5399 u8 link_type, u8 addr_type, u8 status)
5400 {
5401 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5402 status, MGMT_OP_USER_PASSKEY_REPLY);
5403 }
5404
5405 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5406 u8 link_type, u8 addr_type, u8 status)
5407 {
5408 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5409 status,
5410 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5411 }
5412
5413 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5414 u8 link_type, u8 addr_type, u32 passkey,
5415 u8 entered)
5416 {
5417 struct mgmt_ev_passkey_notify ev;
5418
5419 BT_DBG("%s", hdev->name);
5420
5421 bacpy(&ev.addr.bdaddr, bdaddr);
5422 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5423 ev.passkey = __cpu_to_le32(passkey);
5424 ev.entered = entered;
5425
5426 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5427 }
5428
5429 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5430 u8 addr_type, u8 status)
5431 {
5432 struct mgmt_ev_auth_failed ev;
5433
5434 bacpy(&ev.addr.bdaddr, bdaddr);
5435 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5436 ev.status = mgmt_status(status);
5437
5438 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5439 }
5440
5441 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5442 {
5443 struct cmd_lookup match = { NULL, hdev };
5444 bool changed;
5445
5446 if (status) {
5447 u8 mgmt_err = mgmt_status(status);
5448 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5449 cmd_status_rsp, &mgmt_err);
5450 return;
5451 }
5452
5453 if (test_bit(HCI_AUTH, &hdev->flags))
5454 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5455 &hdev->dev_flags);
5456 else
5457 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5458 &hdev->dev_flags);
5459
5460 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5461 &match);
5462
5463 if (changed)
5464 new_settings(hdev, match.sk);
5465
5466 if (match.sk)
5467 sock_put(match.sk);
5468 }
5469
5470 static void clear_eir(struct hci_request *req)
5471 {
5472 struct hci_dev *hdev = req->hdev;
5473 struct hci_cp_write_eir cp;
5474
5475 if (!lmp_ext_inq_capable(hdev))
5476 return;
5477
5478 memset(hdev->eir, 0, sizeof(hdev->eir));
5479
5480 memset(&cp, 0, sizeof(cp));
5481
5482 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5483 }
5484
5485 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5486 {
5487 struct cmd_lookup match = { NULL, hdev };
5488 struct hci_request req;
5489 bool changed = false;
5490
5491 if (status) {
5492 u8 mgmt_err = mgmt_status(status);
5493
5494 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5495 &hdev->dev_flags)) {
5496 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5497 new_settings(hdev, NULL);
5498 }
5499
5500 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5501 &mgmt_err);
5502 return;
5503 }
5504
5505 if (enable) {
5506 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5507 } else {
5508 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5509 if (!changed)
5510 changed = test_and_clear_bit(HCI_HS_ENABLED,
5511 &hdev->dev_flags);
5512 else
5513 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5514 }
5515
5516 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5517
5518 if (changed)
5519 new_settings(hdev, match.sk);
5520
5521 if (match.sk)
5522 sock_put(match.sk);
5523
5524 hci_req_init(&req, hdev);
5525
5526 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5527 update_eir(&req);
5528 else
5529 clear_eir(&req);
5530
5531 hci_req_run(&req, NULL);
5532 }
5533
5534 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5535 {
5536 struct cmd_lookup match = { NULL, hdev };
5537 bool changed = false;
5538
5539 if (status) {
5540 u8 mgmt_err = mgmt_status(status);
5541
5542 if (enable) {
5543 if (test_and_clear_bit(HCI_SC_ENABLED,
5544 &hdev->dev_flags))
5545 new_settings(hdev, NULL);
5546 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5547 }
5548
5549 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5550 cmd_status_rsp, &mgmt_err);
5551 return;
5552 }
5553
5554 if (enable) {
5555 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5556 } else {
5557 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5558 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5559 }
5560
5561 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5562 settings_rsp, &match);
5563
5564 if (changed)
5565 new_settings(hdev, match.sk);
5566
5567 if (match.sk)
5568 sock_put(match.sk);
5569 }
5570
5571 static void sk_lookup(struct pending_cmd *cmd, void *data)
5572 {
5573 struct cmd_lookup *match = data;
5574
5575 if (match->sk == NULL) {
5576 match->sk = cmd->sk;
5577 sock_hold(match->sk);
5578 }
5579 }
5580
5581 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5582 u8 status)
5583 {
5584 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5585
5586 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5587 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5588 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5589
5590 if (!status)
5591 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5592 NULL);
5593
5594 if (match.sk)
5595 sock_put(match.sk);
5596 }
5597
5598 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5599 {
5600 struct mgmt_cp_set_local_name ev;
5601 struct pending_cmd *cmd;
5602
5603 if (status)
5604 return;
5605
5606 memset(&ev, 0, sizeof(ev));
5607 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5608 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5609
5610 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5611 if (!cmd) {
5612 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5613
5614 /* If this is a HCI command related to powering on the
5615 * HCI dev don't send any mgmt signals.
5616 */
5617 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5618 return;
5619 }
5620
5621 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5622 cmd ? cmd->sk : NULL);
5623 }
5624
5625 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5626 u8 *randomizer192, u8 *hash256,
5627 u8 *randomizer256, u8 status)
5628 {
5629 struct pending_cmd *cmd;
5630
5631 BT_DBG("%s status %u", hdev->name, status);
5632
5633 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5634 if (!cmd)
5635 return;
5636
5637 if (status) {
5638 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5639 mgmt_status(status));
5640 } else {
5641 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5642 hash256 && randomizer256) {
5643 struct mgmt_rp_read_local_oob_ext_data rp;
5644
5645 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5646 memcpy(rp.randomizer192, randomizer192,
5647 sizeof(rp.randomizer192));
5648
5649 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5650 memcpy(rp.randomizer256, randomizer256,
5651 sizeof(rp.randomizer256));
5652
5653 cmd_complete(cmd->sk, hdev->id,
5654 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5655 &rp, sizeof(rp));
5656 } else {
5657 struct mgmt_rp_read_local_oob_data rp;
5658
5659 memcpy(rp.hash, hash192, sizeof(rp.hash));
5660 memcpy(rp.randomizer, randomizer192,
5661 sizeof(rp.randomizer));
5662
5663 cmd_complete(cmd->sk, hdev->id,
5664 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5665 &rp, sizeof(rp));
5666 }
5667 }
5668
5669 mgmt_pending_remove(cmd);
5670 }
5671
5672 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5673 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5674 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5675 u8 scan_rsp_len)
5676 {
5677 char buf[512];
5678 struct mgmt_ev_device_found *ev = (void *) buf;
5679 struct smp_irk *irk;
5680 size_t ev_size;
5681
5682 if (!hci_discovery_active(hdev))
5683 return;
5684
5685 /* Make sure that the buffer is big enough. The 5 extra bytes
5686 * are for the potential CoD field.
5687 */
5688 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
5689 return;
5690
5691 memset(buf, 0, sizeof(buf));
5692
5693 irk = hci_get_irk(hdev, bdaddr, addr_type);
5694 if (irk) {
5695 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5696 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5697 } else {
5698 bacpy(&ev->addr.bdaddr, bdaddr);
5699 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5700 }
5701
5702 ev->rssi = rssi;
5703 if (cfm_name)
5704 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5705 if (!ssp)
5706 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5707
5708 if (eir_len > 0)
5709 memcpy(ev->eir, eir, eir_len);
5710
5711 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5712 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5713 dev_class, 3);
5714
5715 if (scan_rsp_len > 0)
5716 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5717
5718 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5719 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
5720
5721 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5722 }
5723
5724 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5725 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5726 {
5727 struct mgmt_ev_device_found *ev;
5728 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5729 u16 eir_len;
5730
5731 ev = (struct mgmt_ev_device_found *) buf;
5732
5733 memset(buf, 0, sizeof(buf));
5734
5735 bacpy(&ev->addr.bdaddr, bdaddr);
5736 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5737 ev->rssi = rssi;
5738
5739 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5740 name_len);
5741
5742 ev->eir_len = cpu_to_le16(eir_len);
5743
5744 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5745 }
5746
5747 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5748 {
5749 struct mgmt_ev_discovering ev;
5750 struct pending_cmd *cmd;
5751
5752 BT_DBG("%s discovering %u", hdev->name, discovering);
5753
5754 if (discovering)
5755 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5756 else
5757 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5758
5759 if (cmd != NULL) {
5760 u8 type = hdev->discovery.type;
5761
5762 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5763 sizeof(type));
5764 mgmt_pending_remove(cmd);
5765 }
5766
5767 memset(&ev, 0, sizeof(ev));
5768 ev.type = hdev->discovery.type;
5769 ev.discovering = discovering;
5770
5771 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5772 }
5773
5774 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5775 {
5776 struct pending_cmd *cmd;
5777 struct mgmt_ev_device_blocked ev;
5778
5779 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5780
5781 bacpy(&ev.addr.bdaddr, bdaddr);
5782 ev.addr.type = type;
5783
5784 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5785 cmd ? cmd->sk : NULL);
5786 }
5787
5788 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5789 {
5790 struct pending_cmd *cmd;
5791 struct mgmt_ev_device_unblocked ev;
5792
5793 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5794
5795 bacpy(&ev.addr.bdaddr, bdaddr);
5796 ev.addr.type = type;
5797
5798 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5799 cmd ? cmd->sk : NULL);
5800 }
5801
5802 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5803 {
5804 BT_DBG("%s status %u", hdev->name, status);
5805
5806 /* Clear the advertising mgmt setting if we failed to re-enable it */
5807 if (status) {
5808 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5809 new_settings(hdev, NULL);
5810 }
5811 }
5812
5813 void mgmt_reenable_advertising(struct hci_dev *hdev)
5814 {
5815 struct hci_request req;
5816
5817 if (hci_conn_num(hdev, LE_LINK) > 0)
5818 return;
5819
5820 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5821 return;
5822
5823 hci_req_init(&req, hdev);
5824 enable_advertising(&req);
5825
5826 /* If this fails we have no option but to let user space know
5827 * that we've disabled advertising.
5828 */
5829 if (hci_req_run(&req, adv_enable_complete) < 0) {
5830 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5831 new_settings(hdev, NULL);
5832 }
5833 }
(deprecated) Btrfs devel tree