mgmt.c (254023B)
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 4 Copyright (C) 2010 Nokia Corporation 5 Copyright (C) 2011-2012 Intel Corporation 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License version 2 as 9 published by the Free Software Foundation; 10 11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 22 SOFTWARE IS DISCLAIMED. 23*/ 24 25/* Bluetooth HCI Management interface */ 26 27#include <linux/module.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/hci_sock.h> 33#include <net/bluetooth/l2cap.h> 34#include <net/bluetooth/mgmt.h> 35 36#include "hci_request.h" 37#include "smp.h" 38#include "mgmt_util.h" 39#include "mgmt_config.h" 40#include "msft.h" 41#include "eir.h" 42#include "aosp.h" 43 44#define MGMT_VERSION 1 45#define MGMT_REVISION 22 46 47static const u16 mgmt_commands[] = { 48 MGMT_OP_READ_INDEX_LIST, 49 MGMT_OP_READ_INFO, 50 MGMT_OP_SET_POWERED, 51 MGMT_OP_SET_DISCOVERABLE, 52 MGMT_OP_SET_CONNECTABLE, 53 MGMT_OP_SET_FAST_CONNECTABLE, 54 MGMT_OP_SET_BONDABLE, 55 MGMT_OP_SET_LINK_SECURITY, 56 MGMT_OP_SET_SSP, 57 MGMT_OP_SET_HS, 58 MGMT_OP_SET_LE, 59 MGMT_OP_SET_DEV_CLASS, 60 MGMT_OP_SET_LOCAL_NAME, 61 MGMT_OP_ADD_UUID, 62 MGMT_OP_REMOVE_UUID, 63 MGMT_OP_LOAD_LINK_KEYS, 64 MGMT_OP_LOAD_LONG_TERM_KEYS, 65 MGMT_OP_DISCONNECT, 66 MGMT_OP_GET_CONNECTIONS, 67 MGMT_OP_PIN_CODE_REPLY, 68 MGMT_OP_PIN_CODE_NEG_REPLY, 69 MGMT_OP_SET_IO_CAPABILITY, 70 MGMT_OP_PAIR_DEVICE, 71 MGMT_OP_CANCEL_PAIR_DEVICE, 72 MGMT_OP_UNPAIR_DEVICE, 73 MGMT_OP_USER_CONFIRM_REPLY, 74 MGMT_OP_USER_CONFIRM_NEG_REPLY, 75 MGMT_OP_USER_PASSKEY_REPLY, 76 MGMT_OP_USER_PASSKEY_NEG_REPLY, 77 MGMT_OP_READ_LOCAL_OOB_DATA, 78 MGMT_OP_ADD_REMOTE_OOB_DATA, 79 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 80 MGMT_OP_START_DISCOVERY, 81 MGMT_OP_STOP_DISCOVERY, 82 MGMT_OP_CONFIRM_NAME, 83 MGMT_OP_BLOCK_DEVICE, 84 MGMT_OP_UNBLOCK_DEVICE, 85 MGMT_OP_SET_DEVICE_ID, 86 MGMT_OP_SET_ADVERTISING, 87 MGMT_OP_SET_BREDR, 88 MGMT_OP_SET_STATIC_ADDRESS, 89 MGMT_OP_SET_SCAN_PARAMS, 90 MGMT_OP_SET_SECURE_CONN, 91 MGMT_OP_SET_DEBUG_KEYS, 92 MGMT_OP_SET_PRIVACY, 93 MGMT_OP_LOAD_IRKS, 94 MGMT_OP_GET_CONN_INFO, 95 MGMT_OP_GET_CLOCK_INFO, 96 MGMT_OP_ADD_DEVICE, 97 MGMT_OP_REMOVE_DEVICE, 98 MGMT_OP_LOAD_CONN_PARAM, 99 MGMT_OP_READ_UNCONF_INDEX_LIST, 100 MGMT_OP_READ_CONFIG_INFO, 101 MGMT_OP_SET_EXTERNAL_CONFIG, 102 MGMT_OP_SET_PUBLIC_ADDRESS, 103 MGMT_OP_START_SERVICE_DISCOVERY, 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 105 MGMT_OP_READ_EXT_INDEX_LIST, 106 MGMT_OP_READ_ADV_FEATURES, 107 MGMT_OP_ADD_ADVERTISING, 108 MGMT_OP_REMOVE_ADVERTISING, 109 MGMT_OP_GET_ADV_SIZE_INFO, 110 MGMT_OP_START_LIMITED_DISCOVERY, 111 MGMT_OP_READ_EXT_INFO, 112 MGMT_OP_SET_APPEARANCE, 113 MGMT_OP_GET_PHY_CONFIGURATION, 114 MGMT_OP_SET_PHY_CONFIGURATION, 115 MGMT_OP_SET_BLOCKED_KEYS, 116 MGMT_OP_SET_WIDEBAND_SPEECH, 117 MGMT_OP_READ_CONTROLLER_CAP, 118 MGMT_OP_READ_EXP_FEATURES_INFO, 119 MGMT_OP_SET_EXP_FEATURE, 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 121 MGMT_OP_SET_DEF_SYSTEM_CONFIG, 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 123 MGMT_OP_SET_DEF_RUNTIME_CONFIG, 124 MGMT_OP_GET_DEVICE_FLAGS, 125 MGMT_OP_SET_DEVICE_FLAGS, 126 MGMT_OP_READ_ADV_MONITOR_FEATURES, 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 128 MGMT_OP_REMOVE_ADV_MONITOR, 129 MGMT_OP_ADD_EXT_ADV_PARAMS, 130 MGMT_OP_ADD_EXT_ADV_DATA, 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, 132}; 133 134static const u16 mgmt_events[] = { 135 MGMT_EV_CONTROLLER_ERROR, 136 MGMT_EV_INDEX_ADDED, 137 MGMT_EV_INDEX_REMOVED, 138 MGMT_EV_NEW_SETTINGS, 139 MGMT_EV_CLASS_OF_DEV_CHANGED, 140 MGMT_EV_LOCAL_NAME_CHANGED, 141 MGMT_EV_NEW_LINK_KEY, 142 MGMT_EV_NEW_LONG_TERM_KEY, 143 MGMT_EV_DEVICE_CONNECTED, 144 MGMT_EV_DEVICE_DISCONNECTED, 145 MGMT_EV_CONNECT_FAILED, 146 MGMT_EV_PIN_CODE_REQUEST, 147 MGMT_EV_USER_CONFIRM_REQUEST, 148 MGMT_EV_USER_PASSKEY_REQUEST, 149 MGMT_EV_AUTH_FAILED, 150 MGMT_EV_DEVICE_FOUND, 151 MGMT_EV_DISCOVERING, 152 MGMT_EV_DEVICE_BLOCKED, 153 MGMT_EV_DEVICE_UNBLOCKED, 154 MGMT_EV_DEVICE_UNPAIRED, 155 MGMT_EV_PASSKEY_NOTIFY, 156 MGMT_EV_NEW_IRK, 157 MGMT_EV_NEW_CSRK, 158 MGMT_EV_DEVICE_ADDED, 159 MGMT_EV_DEVICE_REMOVED, 160 MGMT_EV_NEW_CONN_PARAM, 161 MGMT_EV_UNCONF_INDEX_ADDED, 162 MGMT_EV_UNCONF_INDEX_REMOVED, 163 MGMT_EV_NEW_CONFIG_OPTIONS, 164 MGMT_EV_EXT_INDEX_ADDED, 165 MGMT_EV_EXT_INDEX_REMOVED, 166 MGMT_EV_LOCAL_OOB_DATA_UPDATED, 167 MGMT_EV_ADVERTISING_ADDED, 168 MGMT_EV_ADVERTISING_REMOVED, 169 MGMT_EV_EXT_INFO_CHANGED, 170 MGMT_EV_PHY_CONFIGURATION_CHANGED, 171 MGMT_EV_EXP_FEATURE_CHANGED, 172 MGMT_EV_DEVICE_FLAGS_CHANGED, 173 MGMT_EV_ADV_MONITOR_ADDED, 174 MGMT_EV_ADV_MONITOR_REMOVED, 175 MGMT_EV_CONTROLLER_SUSPEND, 176 MGMT_EV_CONTROLLER_RESUME, 177 MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 178 MGMT_EV_ADV_MONITOR_DEVICE_LOST, 179}; 180 181static const u16 mgmt_untrusted_commands[] = { 182 MGMT_OP_READ_INDEX_LIST, 183 MGMT_OP_READ_INFO, 184 MGMT_OP_READ_UNCONF_INDEX_LIST, 185 MGMT_OP_READ_CONFIG_INFO, 186 MGMT_OP_READ_EXT_INDEX_LIST, 187 MGMT_OP_READ_EXT_INFO, 188 MGMT_OP_READ_CONTROLLER_CAP, 189 MGMT_OP_READ_EXP_FEATURES_INFO, 190 MGMT_OP_READ_DEF_SYSTEM_CONFIG, 191 MGMT_OP_READ_DEF_RUNTIME_CONFIG, 192}; 193 194static const u16 mgmt_untrusted_events[] = { 195 MGMT_EV_INDEX_ADDED, 196 MGMT_EV_INDEX_REMOVED, 197 MGMT_EV_NEW_SETTINGS, 198 MGMT_EV_CLASS_OF_DEV_CHANGED, 199 MGMT_EV_LOCAL_NAME_CHANGED, 200 MGMT_EV_UNCONF_INDEX_ADDED, 201 MGMT_EV_UNCONF_INDEX_REMOVED, 202 MGMT_EV_NEW_CONFIG_OPTIONS, 203 MGMT_EV_EXT_INDEX_ADDED, 204 MGMT_EV_EXT_INDEX_REMOVED, 205 MGMT_EV_EXT_INFO_CHANGED, 206 MGMT_EV_EXP_FEATURE_CHANGED, 207}; 208 209#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) 210 211#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \ 212 "\x00\x00\x00\x00\x00\x00\x00\x00" 213 214/* HCI to MGMT error code conversion table */ 215static const u8 mgmt_status_table[] = { 216 MGMT_STATUS_SUCCESS, 217 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 218 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 219 MGMT_STATUS_FAILED, /* Hardware Failure */ 220 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 221 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 222 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ 223 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 224 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 225 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 226 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 227 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 228 MGMT_STATUS_BUSY, /* Command Disallowed */ 229 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 230 MGMT_STATUS_REJECTED, /* Rejected Security */ 231 MGMT_STATUS_REJECTED, /* Rejected Personal */ 232 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 233 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 234 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 235 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 236 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 237 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 238 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 239 MGMT_STATUS_BUSY, /* Repeated Attempts */ 240 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 241 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 242 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 243 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 244 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 245 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 246 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 247 MGMT_STATUS_FAILED, /* Unspecified Error */ 248 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 249 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 250 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 251 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 252 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 253 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 254 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 255 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 256 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 257 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 258 MGMT_STATUS_FAILED, /* Transaction Collision */ 259 MGMT_STATUS_FAILED, /* Reserved for future use */ 260 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 261 MGMT_STATUS_REJECTED, /* QoS Rejected */ 262 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 263 MGMT_STATUS_REJECTED, /* Insufficient Security */ 264 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 265 MGMT_STATUS_FAILED, /* Reserved for future use */ 266 MGMT_STATUS_BUSY, /* Role Switch Pending */ 267 MGMT_STATUS_FAILED, /* Reserved for future use */ 268 MGMT_STATUS_FAILED, /* Slot Violation */ 269 MGMT_STATUS_FAILED, /* Role Switch Failed */ 270 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 271 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 272 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 273 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 274 MGMT_STATUS_BUSY, /* Controller Busy */ 275 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 276 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 277 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 278 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 279 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 280}; 281 282static u8 mgmt_errno_status(int err) 283{ 284 switch (err) { 285 case 0: 286 return MGMT_STATUS_SUCCESS; 287 case -EPERM: 288 return MGMT_STATUS_REJECTED; 289 case -EINVAL: 290 return MGMT_STATUS_INVALID_PARAMS; 291 case -EOPNOTSUPP: 292 return MGMT_STATUS_NOT_SUPPORTED; 293 case -EBUSY: 294 return MGMT_STATUS_BUSY; 295 case -ETIMEDOUT: 296 return MGMT_STATUS_AUTH_FAILED; 297 case -ENOMEM: 298 return MGMT_STATUS_NO_RESOURCES; 299 case -EISCONN: 300 return MGMT_STATUS_ALREADY_CONNECTED; 301 case -ENOTCONN: 302 return MGMT_STATUS_DISCONNECTED; 303 } 304 305 return MGMT_STATUS_FAILED; 306} 307 308static u8 mgmt_status(int err) 309{ 310 if (err < 0) 311 return mgmt_errno_status(err); 312 313 if (err < ARRAY_SIZE(mgmt_status_table)) 314 return mgmt_status_table[err]; 315 316 return MGMT_STATUS_FAILED; 317} 318 319static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data, 320 u16 len, int flag) 321{ 322 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 323 flag, NULL); 324} 325 326static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data, 327 u16 len, int flag, struct sock *skip_sk) 328{ 329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 330 flag, skip_sk); 331} 332 333static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len, 334 struct sock *skip_sk) 335{ 336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len, 337 HCI_SOCK_TRUSTED, skip_sk); 338} 339 340static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk) 341{ 342 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED, 343 skip_sk); 344} 345 346static u8 le_addr_type(u8 mgmt_addr_type) 347{ 348 if (mgmt_addr_type == BDADDR_LE_PUBLIC) 349 return ADDR_LE_DEV_PUBLIC; 350 else 351 return ADDR_LE_DEV_RANDOM; 352} 353 354void mgmt_fill_version_info(void *ver) 355{ 356 struct mgmt_rp_read_version *rp = ver; 357 358 rp->version = MGMT_VERSION; 359 rp->revision = cpu_to_le16(MGMT_REVISION); 360} 361 362static int read_version(struct sock *sk, struct hci_dev *hdev, void *data, 363 u16 data_len) 364{ 365 struct mgmt_rp_read_version rp; 366 367 bt_dev_dbg(hdev, "sock %p", sk); 368 369 mgmt_fill_version_info(&rp); 370 371 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, 372 &rp, sizeof(rp)); 373} 374 375static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data, 376 u16 data_len) 377{ 378 struct mgmt_rp_read_commands *rp; 379 u16 num_commands, num_events; 380 size_t rp_size; 381 int i, err; 382 383 bt_dev_dbg(hdev, "sock %p", sk); 384 385 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 386 num_commands = ARRAY_SIZE(mgmt_commands); 387 num_events = ARRAY_SIZE(mgmt_events); 388 } else { 389 num_commands = ARRAY_SIZE(mgmt_untrusted_commands); 390 num_events = ARRAY_SIZE(mgmt_untrusted_events); 391 } 392 393 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16)); 394 395 rp = kmalloc(rp_size, GFP_KERNEL); 396 if (!rp) 397 return -ENOMEM; 398 399 rp->num_commands = cpu_to_le16(num_commands); 400 rp->num_events = cpu_to_le16(num_events); 401 402 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) { 403 __le16 *opcode = rp->opcodes; 404 405 for (i = 0; i < num_commands; i++, opcode++) 406 put_unaligned_le16(mgmt_commands[i], opcode); 407 408 for (i = 0; i < num_events; i++, opcode++) 409 put_unaligned_le16(mgmt_events[i], opcode); 410 } else { 411 __le16 *opcode = rp->opcodes; 412 413 for (i = 0; i < num_commands; i++, opcode++) 414 put_unaligned_le16(mgmt_untrusted_commands[i], opcode); 415 416 for (i = 0; i < num_events; i++, opcode++) 417 put_unaligned_le16(mgmt_untrusted_events[i], opcode); 418 } 419 420 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, 421 rp, rp_size); 422 kfree(rp); 423 424 return err; 425} 426 427static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data, 428 u16 data_len) 429{ 430 struct mgmt_rp_read_index_list *rp; 431 struct hci_dev *d; 432 size_t rp_len; 433 u16 count; 434 int err; 435 436 bt_dev_dbg(hdev, "sock %p", sk); 437 438 read_lock(&hci_dev_list_lock); 439 440 count = 0; 441 list_for_each_entry(d, &hci_dev_list, list) { 442 if (d->dev_type == HCI_PRIMARY && 443 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) 444 count++; 445 } 446 447 rp_len = sizeof(*rp) + (2 * count); 448 rp = kmalloc(rp_len, GFP_ATOMIC); 449 if (!rp) { 450 read_unlock(&hci_dev_list_lock); 451 return -ENOMEM; 452 } 453 454 count = 0; 455 list_for_each_entry(d, &hci_dev_list, list) { 456 if (hci_dev_test_flag(d, HCI_SETUP) || 457 hci_dev_test_flag(d, HCI_CONFIG) || 458 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 459 continue; 460 461 /* Devices marked as raw-only are neither configured 462 * nor unconfigured controllers. 463 */ 464 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 465 continue; 466 467 if (d->dev_type == HCI_PRIMARY && 468 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 469 rp->index[count++] = cpu_to_le16(d->id); 470 bt_dev_dbg(hdev, "Added hci%u", d->id); 471 } 472 } 473 474 rp->num_controllers = cpu_to_le16(count); 475 rp_len = sizeof(*rp) + (2 * count); 476 477 read_unlock(&hci_dev_list_lock); 478 479 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 480 0, rp, rp_len); 481 482 kfree(rp); 483 484 return err; 485} 486 487static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev, 488 void *data, u16 data_len) 489{ 490 struct mgmt_rp_read_unconf_index_list *rp; 491 struct hci_dev *d; 492 size_t rp_len; 493 u16 count; 494 int err; 495 496 bt_dev_dbg(hdev, "sock %p", sk); 497 498 read_lock(&hci_dev_list_lock); 499 500 count = 0; 501 list_for_each_entry(d, &hci_dev_list, list) { 502 if (d->dev_type == HCI_PRIMARY && 503 hci_dev_test_flag(d, HCI_UNCONFIGURED)) 504 count++; 505 } 506 507 rp_len = sizeof(*rp) + (2 * count); 508 rp = kmalloc(rp_len, GFP_ATOMIC); 509 if (!rp) { 510 read_unlock(&hci_dev_list_lock); 511 return -ENOMEM; 512 } 513 514 count = 0; 515 list_for_each_entry(d, &hci_dev_list, list) { 516 if (hci_dev_test_flag(d, HCI_SETUP) || 517 hci_dev_test_flag(d, HCI_CONFIG) || 518 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 519 continue; 520 521 /* Devices marked as raw-only are neither configured 522 * nor unconfigured controllers. 523 */ 524 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 525 continue; 526 527 if (d->dev_type == HCI_PRIMARY && 528 hci_dev_test_flag(d, HCI_UNCONFIGURED)) { 529 rp->index[count++] = cpu_to_le16(d->id); 530 bt_dev_dbg(hdev, "Added hci%u", d->id); 531 } 532 } 533 534 rp->num_controllers = cpu_to_le16(count); 535 rp_len = sizeof(*rp) + (2 * count); 536 537 read_unlock(&hci_dev_list_lock); 538 539 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 540 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len); 541 542 kfree(rp); 543 544 return err; 545} 546 547static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev, 548 void *data, u16 data_len) 549{ 550 struct mgmt_rp_read_ext_index_list *rp; 551 struct hci_dev *d; 552 u16 count; 553 int err; 554 555 bt_dev_dbg(hdev, "sock %p", sk); 556 557 read_lock(&hci_dev_list_lock); 558 559 count = 0; 560 list_for_each_entry(d, &hci_dev_list, list) { 561 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP) 562 count++; 563 } 564 565 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC); 566 if (!rp) { 567 read_unlock(&hci_dev_list_lock); 568 return -ENOMEM; 569 } 570 571 count = 0; 572 list_for_each_entry(d, &hci_dev_list, list) { 573 if (hci_dev_test_flag(d, HCI_SETUP) || 574 hci_dev_test_flag(d, HCI_CONFIG) || 575 hci_dev_test_flag(d, HCI_USER_CHANNEL)) 576 continue; 577 578 /* Devices marked as raw-only are neither configured 579 * nor unconfigured controllers. 580 */ 581 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks)) 582 continue; 583 584 if (d->dev_type == HCI_PRIMARY) { 585 if (hci_dev_test_flag(d, HCI_UNCONFIGURED)) 586 rp->entry[count].type = 0x01; 587 else 588 rp->entry[count].type = 0x00; 589 } else if (d->dev_type == HCI_AMP) { 590 rp->entry[count].type = 0x02; 591 } else { 592 continue; 593 } 594 595 rp->entry[count].bus = d->bus; 596 rp->entry[count++].index = cpu_to_le16(d->id); 597 bt_dev_dbg(hdev, "Added hci%u", d->id); 598 } 599 600 rp->num_controllers = cpu_to_le16(count); 601 602 read_unlock(&hci_dev_list_lock); 603 604 /* If this command is called at least once, then all the 605 * default index and unconfigured index events are disabled 606 * and from now on only extended index events are used. 607 */ 608 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS); 609 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS); 610 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS); 611 612 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 613 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, 614 struct_size(rp, entry, count)); 615 616 kfree(rp); 617 618 return err; 619} 620 621static bool is_configured(struct hci_dev *hdev) 622{ 623 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 624 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 625 return false; 626 627 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 628 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 629 !bacmp(&hdev->public_addr, BDADDR_ANY)) 630 return false; 631 632 return true; 633} 634 635static __le32 get_missing_options(struct hci_dev *hdev) 636{ 637 u32 options = 0; 638 639 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) && 640 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED)) 641 options |= MGMT_OPTION_EXTERNAL_CONFIG; 642 643 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) || 644 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) && 645 !bacmp(&hdev->public_addr, BDADDR_ANY)) 646 options |= MGMT_OPTION_PUBLIC_ADDRESS; 647 648 return cpu_to_le32(options); 649} 650 651static int new_options(struct hci_dev *hdev, struct sock *skip) 652{ 653 __le32 options = get_missing_options(hdev); 654 655 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options, 656 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip); 657} 658 659static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 660{ 661 __le32 options = get_missing_options(hdev); 662 663 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options, 664 sizeof(options)); 665} 666 667static int read_config_info(struct sock *sk, struct hci_dev *hdev, 668 void *data, u16 data_len) 669{ 670 struct mgmt_rp_read_config_info rp; 671 u32 options = 0; 672 673 bt_dev_dbg(hdev, "sock %p", sk); 674 675 hci_dev_lock(hdev); 676 677 memset(&rp, 0, sizeof(rp)); 678 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 679 680 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 681 options |= MGMT_OPTION_EXTERNAL_CONFIG; 682 683 if (hdev->set_bdaddr) 684 options |= MGMT_OPTION_PUBLIC_ADDRESS; 685 686 rp.supported_options = cpu_to_le32(options); 687 rp.missing_options = get_missing_options(hdev); 688 689 hci_dev_unlock(hdev); 690 691 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, 692 &rp, sizeof(rp)); 693} 694 695static u32 get_supported_phys(struct hci_dev *hdev) 696{ 697 u32 supported_phys = 0; 698 699 if (lmp_bredr_capable(hdev)) { 700 supported_phys |= MGMT_PHY_BR_1M_1SLOT; 701 702 if (hdev->features[0][0] & LMP_3SLOT) 703 supported_phys |= MGMT_PHY_BR_1M_3SLOT; 704 705 if (hdev->features[0][0] & LMP_5SLOT) 706 supported_phys |= MGMT_PHY_BR_1M_5SLOT; 707 708 if (lmp_edr_2m_capable(hdev)) { 709 supported_phys |= MGMT_PHY_EDR_2M_1SLOT; 710 711 if (lmp_edr_3slot_capable(hdev)) 712 supported_phys |= MGMT_PHY_EDR_2M_3SLOT; 713 714 if (lmp_edr_5slot_capable(hdev)) 715 supported_phys |= MGMT_PHY_EDR_2M_5SLOT; 716 717 if (lmp_edr_3m_capable(hdev)) { 718 supported_phys |= MGMT_PHY_EDR_3M_1SLOT; 719 720 if (lmp_edr_3slot_capable(hdev)) 721 supported_phys |= MGMT_PHY_EDR_3M_3SLOT; 722 723 if (lmp_edr_5slot_capable(hdev)) 724 supported_phys |= MGMT_PHY_EDR_3M_5SLOT; 725 } 726 } 727 } 728 729 if (lmp_le_capable(hdev)) { 730 supported_phys |= MGMT_PHY_LE_1M_TX; 731 supported_phys |= MGMT_PHY_LE_1M_RX; 732 733 if (hdev->le_features[1] & HCI_LE_PHY_2M) { 734 supported_phys |= MGMT_PHY_LE_2M_TX; 735 supported_phys |= MGMT_PHY_LE_2M_RX; 736 } 737 738 if (hdev->le_features[1] & HCI_LE_PHY_CODED) { 739 supported_phys |= MGMT_PHY_LE_CODED_TX; 740 supported_phys |= MGMT_PHY_LE_CODED_RX; 741 } 742 } 743 744 return supported_phys; 745} 746 747static u32 get_selected_phys(struct hci_dev *hdev) 748{ 749 u32 selected_phys = 0; 750 751 if (lmp_bredr_capable(hdev)) { 752 selected_phys |= MGMT_PHY_BR_1M_1SLOT; 753 754 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3)) 755 selected_phys |= MGMT_PHY_BR_1M_3SLOT; 756 757 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5)) 758 selected_phys |= MGMT_PHY_BR_1M_5SLOT; 759 760 if (lmp_edr_2m_capable(hdev)) { 761 if (!(hdev->pkt_type & HCI_2DH1)) 762 selected_phys |= MGMT_PHY_EDR_2M_1SLOT; 763 764 if (lmp_edr_3slot_capable(hdev) && 765 !(hdev->pkt_type & HCI_2DH3)) 766 selected_phys |= MGMT_PHY_EDR_2M_3SLOT; 767 768 if (lmp_edr_5slot_capable(hdev) && 769 !(hdev->pkt_type & HCI_2DH5)) 770 selected_phys |= MGMT_PHY_EDR_2M_5SLOT; 771 772 if (lmp_edr_3m_capable(hdev)) { 773 if (!(hdev->pkt_type & HCI_3DH1)) 774 selected_phys |= MGMT_PHY_EDR_3M_1SLOT; 775 776 if (lmp_edr_3slot_capable(hdev) && 777 !(hdev->pkt_type & HCI_3DH3)) 778 selected_phys |= MGMT_PHY_EDR_3M_3SLOT; 779 780 if (lmp_edr_5slot_capable(hdev) && 781 !(hdev->pkt_type & HCI_3DH5)) 782 selected_phys |= MGMT_PHY_EDR_3M_5SLOT; 783 } 784 } 785 } 786 787 if (lmp_le_capable(hdev)) { 788 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M) 789 selected_phys |= MGMT_PHY_LE_1M_TX; 790 791 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M) 792 selected_phys |= MGMT_PHY_LE_1M_RX; 793 794 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M) 795 selected_phys |= MGMT_PHY_LE_2M_TX; 796 797 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M) 798 selected_phys |= MGMT_PHY_LE_2M_RX; 799 800 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED) 801 selected_phys |= MGMT_PHY_LE_CODED_TX; 802 803 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED) 804 selected_phys |= MGMT_PHY_LE_CODED_RX; 805 } 806 807 return selected_phys; 808} 809 810static u32 get_configurable_phys(struct hci_dev *hdev) 811{ 812 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT & 813 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX); 814} 815 816static u32 get_supported_settings(struct hci_dev *hdev) 817{ 818 u32 settings = 0; 819 820 settings |= MGMT_SETTING_POWERED; 821 settings |= MGMT_SETTING_BONDABLE; 822 settings |= MGMT_SETTING_DEBUG_KEYS; 823 settings |= MGMT_SETTING_CONNECTABLE; 824 settings |= MGMT_SETTING_DISCOVERABLE; 825 826 if (lmp_bredr_capable(hdev)) { 827 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 828 settings |= MGMT_SETTING_FAST_CONNECTABLE; 829 settings |= MGMT_SETTING_BREDR; 830 settings |= MGMT_SETTING_LINK_SECURITY; 831 832 if (lmp_ssp_capable(hdev)) { 833 settings |= MGMT_SETTING_SSP; 834 if (IS_ENABLED(CONFIG_BT_HS)) 835 settings |= MGMT_SETTING_HS; 836 } 837 838 if (lmp_sc_capable(hdev)) 839 settings |= MGMT_SETTING_SECURE_CONN; 840 841 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, 842 &hdev->quirks)) 843 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 844 } 845 846 if (lmp_le_capable(hdev)) { 847 settings |= MGMT_SETTING_LE; 848 settings |= MGMT_SETTING_SECURE_CONN; 849 settings |= MGMT_SETTING_PRIVACY; 850 settings |= MGMT_SETTING_STATIC_ADDRESS; 851 settings |= MGMT_SETTING_ADVERTISING; 852 } 853 854 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || 855 hdev->set_bdaddr) 856 settings |= MGMT_SETTING_CONFIGURATION; 857 858 settings |= MGMT_SETTING_PHY_CONFIGURATION; 859 860 return settings; 861} 862 863static u32 get_current_settings(struct hci_dev *hdev) 864{ 865 u32 settings = 0; 866 867 if (hdev_is_powered(hdev)) 868 settings |= MGMT_SETTING_POWERED; 869 870 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 871 settings |= MGMT_SETTING_CONNECTABLE; 872 873 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) 874 settings |= MGMT_SETTING_FAST_CONNECTABLE; 875 876 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 877 settings |= MGMT_SETTING_DISCOVERABLE; 878 879 if (hci_dev_test_flag(hdev, HCI_BONDABLE)) 880 settings |= MGMT_SETTING_BONDABLE; 881 882 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 883 settings |= MGMT_SETTING_BREDR; 884 885 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 886 settings |= MGMT_SETTING_LE; 887 888 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) 889 settings |= MGMT_SETTING_LINK_SECURITY; 890 891 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 892 settings |= MGMT_SETTING_SSP; 893 894 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 895 settings |= MGMT_SETTING_HS; 896 897 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 898 settings |= MGMT_SETTING_ADVERTISING; 899 900 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) 901 settings |= MGMT_SETTING_SECURE_CONN; 902 903 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS)) 904 settings |= MGMT_SETTING_DEBUG_KEYS; 905 906 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 907 settings |= MGMT_SETTING_PRIVACY; 908 909 /* The current setting for static address has two purposes. The 910 * first is to indicate if the static address will be used and 911 * the second is to indicate if it is actually set. 912 * 913 * This means if the static address is not configured, this flag 914 * will never be set. If the address is configured, then if the 915 * address is actually used decides if the flag is set or not. 916 * 917 * For single mode LE only controllers and dual-mode controllers 918 * with BR/EDR disabled, the existence of the static address will 919 * be evaluated. 920 */ 921 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 922 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 923 !bacmp(&hdev->bdaddr, BDADDR_ANY)) { 924 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 925 settings |= MGMT_SETTING_STATIC_ADDRESS; 926 } 927 928 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED)) 929 settings |= MGMT_SETTING_WIDEBAND_SPEECH; 930 931 return settings; 932} 933 934static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev) 935{ 936 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev); 937} 938 939u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev) 940{ 941 struct mgmt_pending_cmd *cmd; 942 943 /* If there's a pending mgmt command the flags will not yet have 944 * their final values, so check for this first. 945 */ 946 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev); 947 if (cmd) { 948 struct mgmt_mode *cp = cmd->param; 949 if (cp->val == 0x01) 950 return LE_AD_GENERAL; 951 else if (cp->val == 0x02) 952 return LE_AD_LIMITED; 953 } else { 954 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE)) 955 return LE_AD_LIMITED; 956 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) 957 return LE_AD_GENERAL; 958 } 959 960 return 0; 961} 962 963bool mgmt_get_connectable(struct hci_dev *hdev) 964{ 965 struct mgmt_pending_cmd *cmd; 966 967 /* If there's a pending mgmt command the flag will not yet have 968 * it's final value, so check for this first. 969 */ 970 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev); 971 if (cmd) { 972 struct mgmt_mode *cp = cmd->param; 973 974 return cp->val; 975 } 976 977 return hci_dev_test_flag(hdev, HCI_CONNECTABLE); 978} 979 980static int service_cache_sync(struct hci_dev *hdev, void *data) 981{ 982 hci_update_eir_sync(hdev); 983 hci_update_class_sync(hdev); 984 985 return 0; 986} 987 988static void service_cache_off(struct work_struct *work) 989{ 990 struct hci_dev *hdev = container_of(work, struct hci_dev, 991 service_cache.work); 992 993 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 994 return; 995 996 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL); 997} 998 999static int rpa_expired_sync(struct hci_dev *hdev, void *data) 1000{ 1001 /* The generation of a new RPA and programming it into the 1002 * controller happens in the hci_req_enable_advertising() 1003 * function. 1004 */ 1005 if (ext_adv_capable(hdev)) 1006 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance); 1007 else 1008 return hci_enable_advertising_sync(hdev); 1009} 1010 1011static void rpa_expired(struct work_struct *work) 1012{ 1013 struct hci_dev *hdev = container_of(work, struct hci_dev, 1014 rpa_expired.work); 1015 1016 bt_dev_dbg(hdev, ""); 1017 1018 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1019 1020 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING)) 1021 return; 1022 1023 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL); 1024} 1025 1026static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) 1027{ 1028 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT)) 1029 return; 1030 1031 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 1032 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); 1033 1034 /* Non-mgmt controlled devices get this bit set 1035 * implicitly so that pairing works for them, however 1036 * for mgmt we require user-space to explicitly enable 1037 * it 1038 */ 1039 hci_dev_clear_flag(hdev, HCI_BONDABLE); 1040} 1041 1042static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1043 void *data, u16 data_len) 1044{ 1045 struct mgmt_rp_read_info rp; 1046 1047 bt_dev_dbg(hdev, "sock %p", sk); 1048 1049 hci_dev_lock(hdev); 1050 1051 memset(&rp, 0, sizeof(rp)); 1052 1053 bacpy(&rp.bdaddr, &hdev->bdaddr); 1054 1055 rp.version = hdev->hci_ver; 1056 rp.manufacturer = cpu_to_le16(hdev->manufacturer); 1057 1058 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1059 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 1060 1061 memcpy(rp.dev_class, hdev->dev_class, 3); 1062 1063 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 1064 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name)); 1065 1066 hci_dev_unlock(hdev); 1067 1068 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp, 1069 sizeof(rp)); 1070} 1071 1072static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir) 1073{ 1074 u16 eir_len = 0; 1075 size_t name_len; 1076 1077 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1078 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV, 1079 hdev->dev_class, 3); 1080 1081 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1082 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE, 1083 hdev->appearance); 1084 1085 name_len = strlen(hdev->dev_name); 1086 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE, 1087 hdev->dev_name, name_len); 1088 1089 name_len = strlen(hdev->short_name); 1090 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT, 1091 hdev->short_name, name_len); 1092 1093 return eir_len; 1094} 1095 1096static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev, 1097 void *data, u16 data_len) 1098{ 1099 char buf[512]; 1100 struct mgmt_rp_read_ext_info *rp = (void *)buf; 1101 u16 eir_len; 1102 1103 bt_dev_dbg(hdev, "sock %p", sk); 1104 1105 memset(&buf, 0, sizeof(buf)); 1106 1107 hci_dev_lock(hdev); 1108 1109 bacpy(&rp->bdaddr, &hdev->bdaddr); 1110 1111 rp->version = hdev->hci_ver; 1112 rp->manufacturer = cpu_to_le16(hdev->manufacturer); 1113 1114 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev)); 1115 rp->current_settings = cpu_to_le32(get_current_settings(hdev)); 1116 1117 1118 eir_len = append_eir_data_to_buf(hdev, rp->eir); 1119 rp->eir_len = cpu_to_le16(eir_len); 1120 1121 hci_dev_unlock(hdev); 1122 1123 /* If this command is called at least once, then the events 1124 * for class of device and local name changes are disabled 1125 * and only the new extended controller information event 1126 * is used. 1127 */ 1128 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS); 1129 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS); 1130 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS); 1131 1132 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp, 1133 sizeof(*rp) + eir_len); 1134} 1135 1136static int ext_info_changed(struct hci_dev *hdev, struct sock *skip) 1137{ 1138 char buf[512]; 1139 struct mgmt_ev_ext_info_changed *ev = (void *)buf; 1140 u16 eir_len; 1141 1142 memset(buf, 0, sizeof(buf)); 1143 1144 eir_len = append_eir_data_to_buf(hdev, ev->eir); 1145 ev->eir_len = cpu_to_le16(eir_len); 1146 1147 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev, 1148 sizeof(*ev) + eir_len, 1149 HCI_MGMT_EXT_INFO_EVENTS, skip); 1150} 1151 1152static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 1153{ 1154 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 1155 1156 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings, 1157 sizeof(settings)); 1158} 1159 1160void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance) 1161{ 1162 struct mgmt_ev_advertising_added ev; 1163 1164 ev.instance = instance; 1165 1166 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk); 1167} 1168 1169void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1170 u8 instance) 1171{ 1172 struct mgmt_ev_advertising_removed ev; 1173 1174 ev.instance = instance; 1175 1176 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk); 1177} 1178 1179static void cancel_adv_timeout(struct hci_dev *hdev) 1180{ 1181 if (hdev->adv_instance_timeout) { 1182 hdev->adv_instance_timeout = 0; 1183 cancel_delayed_work(&hdev->adv_instance_expire); 1184 } 1185} 1186 1187/* This function requires the caller holds hdev->lock */ 1188static void restart_le_actions(struct hci_dev *hdev) 1189{ 1190 struct hci_conn_params *p; 1191 1192 list_for_each_entry(p, &hdev->le_conn_params, list) { 1193 /* Needed for AUTO_OFF case where might not "really" 1194 * have been powered off. 1195 */ 1196 list_del_init(&p->action); 1197 1198 switch (p->auto_connect) { 1199 case HCI_AUTO_CONN_DIRECT: 1200 case HCI_AUTO_CONN_ALWAYS: 1201 list_add(&p->action, &hdev->pend_le_conns); 1202 break; 1203 case HCI_AUTO_CONN_REPORT: 1204 list_add(&p->action, &hdev->pend_le_reports); 1205 break; 1206 default: 1207 break; 1208 } 1209 } 1210} 1211 1212static int new_settings(struct hci_dev *hdev, struct sock *skip) 1213{ 1214 __le32 ev = cpu_to_le32(get_current_settings(hdev)); 1215 1216 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, 1217 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip); 1218} 1219 1220static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err) 1221{ 1222 struct mgmt_pending_cmd *cmd = data; 1223 struct mgmt_mode *cp; 1224 1225 /* Make sure cmd still outstanding. */ 1226 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev)) 1227 return; 1228 1229 cp = cmd->param; 1230 1231 bt_dev_dbg(hdev, "err %d", err); 1232 1233 if (!err) { 1234 if (cp->val) { 1235 hci_dev_lock(hdev); 1236 restart_le_actions(hdev); 1237 hci_update_passive_scan(hdev); 1238 hci_dev_unlock(hdev); 1239 } 1240 1241 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 1242 1243 /* Only call new_setting for power on as power off is deferred 1244 * to hdev->power_off work which does call hci_dev_do_close. 1245 */ 1246 if (cp->val) 1247 new_settings(hdev, cmd->sk); 1248 } else { 1249 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, 1250 mgmt_status(err)); 1251 } 1252 1253 mgmt_pending_remove(cmd); 1254} 1255 1256static int set_powered_sync(struct hci_dev *hdev, void *data) 1257{ 1258 struct mgmt_pending_cmd *cmd = data; 1259 struct mgmt_mode *cp = cmd->param; 1260 1261 BT_DBG("%s", hdev->name); 1262 1263 return hci_set_powered_sync(hdev, cp->val); 1264} 1265 1266static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, 1267 u16 len) 1268{ 1269 struct mgmt_mode *cp = data; 1270 struct mgmt_pending_cmd *cmd; 1271 int err; 1272 1273 bt_dev_dbg(hdev, "sock %p", sk); 1274 1275 if (cp->val != 0x00 && cp->val != 0x01) 1276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1277 MGMT_STATUS_INVALID_PARAMS); 1278 1279 hci_dev_lock(hdev); 1280 1281 if (pending_find(MGMT_OP_SET_POWERED, hdev)) { 1282 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 1283 MGMT_STATUS_BUSY); 1284 goto failed; 1285 } 1286 1287 if (!!cp->val == hdev_is_powered(hdev)) { 1288 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 1289 goto failed; 1290 } 1291 1292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1293 if (!cmd) { 1294 err = -ENOMEM; 1295 goto failed; 1296 } 1297 1298 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd, 1299 mgmt_set_powered_complete); 1300 1301 if (err < 0) 1302 mgmt_pending_remove(cmd); 1303 1304failed: 1305 hci_dev_unlock(hdev); 1306 return err; 1307} 1308 1309int mgmt_new_settings(struct hci_dev *hdev) 1310{ 1311 return new_settings(hdev, NULL); 1312} 1313 1314struct cmd_lookup { 1315 struct sock *sk; 1316 struct hci_dev *hdev; 1317 u8 mgmt_status; 1318}; 1319 1320static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data) 1321{ 1322 struct cmd_lookup *match = data; 1323 1324 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 1325 1326 list_del(&cmd->list); 1327 1328 if (match->sk == NULL) { 1329 match->sk = cmd->sk; 1330 sock_hold(match->sk); 1331 } 1332 1333 mgmt_pending_free(cmd); 1334} 1335 1336static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data) 1337{ 1338 u8 *status = data; 1339 1340 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1341 mgmt_pending_remove(cmd); 1342} 1343 1344static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data) 1345{ 1346 if (cmd->cmd_complete) { 1347 u8 *status = data; 1348 1349 cmd->cmd_complete(cmd, *status); 1350 mgmt_pending_remove(cmd); 1351 1352 return; 1353 } 1354 1355 cmd_status_rsp(cmd, data); 1356} 1357 1358static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1359{ 1360 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1361 cmd->param, cmd->param_len); 1362} 1363 1364static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status) 1365{ 1366 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, 1367 cmd->param, sizeof(struct mgmt_addr_info)); 1368} 1369 1370static u8 mgmt_bredr_support(struct hci_dev *hdev) 1371{ 1372 if (!lmp_bredr_capable(hdev)) 1373 return MGMT_STATUS_NOT_SUPPORTED; 1374 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1375 return MGMT_STATUS_REJECTED; 1376 else 1377 return MGMT_STATUS_SUCCESS; 1378} 1379 1380static u8 mgmt_le_support(struct hci_dev *hdev) 1381{ 1382 if (!lmp_le_capable(hdev)) 1383 return MGMT_STATUS_NOT_SUPPORTED; 1384 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1385 return MGMT_STATUS_REJECTED; 1386 else 1387 return MGMT_STATUS_SUCCESS; 1388} 1389 1390static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data, 1391 int err) 1392{ 1393 struct mgmt_pending_cmd *cmd = data; 1394 1395 bt_dev_dbg(hdev, "err %d", err); 1396 1397 /* Make sure cmd still outstanding. */ 1398 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 1399 return; 1400 1401 hci_dev_lock(hdev); 1402 1403 if (err) { 1404 u8 mgmt_err = mgmt_status(err); 1405 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1406 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1407 goto done; 1408 } 1409 1410 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1411 hdev->discov_timeout > 0) { 1412 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1413 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to); 1414 } 1415 1416 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1417 new_settings(hdev, cmd->sk); 1418 1419done: 1420 mgmt_pending_remove(cmd); 1421 hci_dev_unlock(hdev); 1422} 1423 1424static int set_discoverable_sync(struct hci_dev *hdev, void *data) 1425{ 1426 BT_DBG("%s", hdev->name); 1427 1428 return hci_update_discoverable_sync(hdev); 1429} 1430 1431static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 1432 u16 len) 1433{ 1434 struct mgmt_cp_set_discoverable *cp = data; 1435 struct mgmt_pending_cmd *cmd; 1436 u16 timeout; 1437 int err; 1438 1439 bt_dev_dbg(hdev, "sock %p", sk); 1440 1441 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1442 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1444 MGMT_STATUS_REJECTED); 1445 1446 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 1447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1448 MGMT_STATUS_INVALID_PARAMS); 1449 1450 timeout = __le16_to_cpu(cp->timeout); 1451 1452 /* Disabling discoverable requires that no timeout is set, 1453 * and enabling limited discoverable requires a timeout. 1454 */ 1455 if ((cp->val == 0x00 && timeout > 0) || 1456 (cp->val == 0x02 && timeout == 0)) 1457 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1458 MGMT_STATUS_INVALID_PARAMS); 1459 1460 hci_dev_lock(hdev); 1461 1462 if (!hdev_is_powered(hdev) && timeout > 0) { 1463 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1464 MGMT_STATUS_NOT_POWERED); 1465 goto failed; 1466 } 1467 1468 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1469 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1470 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1471 MGMT_STATUS_BUSY); 1472 goto failed; 1473 } 1474 1475 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) { 1476 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1477 MGMT_STATUS_REJECTED); 1478 goto failed; 1479 } 1480 1481 if (hdev->advertising_paused) { 1482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 1483 MGMT_STATUS_BUSY); 1484 goto failed; 1485 } 1486 1487 if (!hdev_is_powered(hdev)) { 1488 bool changed = false; 1489 1490 /* Setting limited discoverable when powered off is 1491 * not a valid operation since it requires a timeout 1492 * and so no need to check HCI_LIMITED_DISCOVERABLE. 1493 */ 1494 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) { 1495 hci_dev_change_flag(hdev, HCI_DISCOVERABLE); 1496 changed = true; 1497 } 1498 1499 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1500 if (err < 0) 1501 goto failed; 1502 1503 if (changed) 1504 err = new_settings(hdev, sk); 1505 1506 goto failed; 1507 } 1508 1509 /* If the current mode is the same, then just update the timeout 1510 * value with the new value. And if only the timeout gets updated, 1511 * then no need for any HCI transactions. 1512 */ 1513 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) && 1514 (cp->val == 0x02) == hci_dev_test_flag(hdev, 1515 HCI_LIMITED_DISCOVERABLE)) { 1516 cancel_delayed_work(&hdev->discov_off); 1517 hdev->discov_timeout = timeout; 1518 1519 if (cp->val && hdev->discov_timeout > 0) { 1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000); 1521 queue_delayed_work(hdev->req_workqueue, 1522 &hdev->discov_off, to); 1523 } 1524 1525 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 1526 goto failed; 1527 } 1528 1529 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1530 if (!cmd) { 1531 err = -ENOMEM; 1532 goto failed; 1533 } 1534 1535 /* Cancel any potential discoverable timeout that might be 1536 * still active and store new timeout value. The arming of 1537 * the timeout happens in the complete handler. 1538 */ 1539 cancel_delayed_work(&hdev->discov_off); 1540 hdev->discov_timeout = timeout; 1541 1542 if (cp->val) 1543 hci_dev_set_flag(hdev, HCI_DISCOVERABLE); 1544 else 1545 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1546 1547 /* Limited discoverable mode */ 1548 if (cp->val == 0x02) 1549 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1550 else 1551 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1552 1553 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd, 1554 mgmt_set_discoverable_complete); 1555 1556 if (err < 0) 1557 mgmt_pending_remove(cmd); 1558 1559failed: 1560 hci_dev_unlock(hdev); 1561 return err; 1562} 1563 1564static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data, 1565 int err) 1566{ 1567 struct mgmt_pending_cmd *cmd = data; 1568 1569 bt_dev_dbg(hdev, "err %d", err); 1570 1571 /* Make sure cmd still outstanding. */ 1572 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 1573 return; 1574 1575 hci_dev_lock(hdev); 1576 1577 if (err) { 1578 u8 mgmt_err = mgmt_status(err); 1579 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 1580 goto done; 1581 } 1582 1583 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1584 new_settings(hdev, cmd->sk); 1585 1586done: 1587 if (cmd) 1588 mgmt_pending_remove(cmd); 1589 1590 hci_dev_unlock(hdev); 1591} 1592 1593static int set_connectable_update_settings(struct hci_dev *hdev, 1594 struct sock *sk, u8 val) 1595{ 1596 bool changed = false; 1597 int err; 1598 1599 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE)) 1600 changed = true; 1601 1602 if (val) { 1603 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1604 } else { 1605 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1606 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1607 } 1608 1609 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 1610 if (err < 0) 1611 return err; 1612 1613 if (changed) { 1614 hci_req_update_scan(hdev); 1615 hci_update_passive_scan(hdev); 1616 return new_settings(hdev, sk); 1617 } 1618 1619 return 0; 1620} 1621 1622static int set_connectable_sync(struct hci_dev *hdev, void *data) 1623{ 1624 BT_DBG("%s", hdev->name); 1625 1626 return hci_update_connectable_sync(hdev); 1627} 1628 1629static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, 1630 u16 len) 1631{ 1632 struct mgmt_mode *cp = data; 1633 struct mgmt_pending_cmd *cmd; 1634 int err; 1635 1636 bt_dev_dbg(hdev, "sock %p", sk); 1637 1638 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) && 1639 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 1640 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1641 MGMT_STATUS_REJECTED); 1642 1643 if (cp->val != 0x00 && cp->val != 0x01) 1644 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1645 MGMT_STATUS_INVALID_PARAMS); 1646 1647 hci_dev_lock(hdev); 1648 1649 if (!hdev_is_powered(hdev)) { 1650 err = set_connectable_update_settings(hdev, sk, cp->val); 1651 goto failed; 1652 } 1653 1654 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 1655 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 1656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1657 MGMT_STATUS_BUSY); 1658 goto failed; 1659 } 1660 1661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1662 if (!cmd) { 1663 err = -ENOMEM; 1664 goto failed; 1665 } 1666 1667 if (cp->val) { 1668 hci_dev_set_flag(hdev, HCI_CONNECTABLE); 1669 } else { 1670 if (hdev->discov_timeout > 0) 1671 cancel_delayed_work(&hdev->discov_off); 1672 1673 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE); 1674 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 1675 hci_dev_clear_flag(hdev, HCI_CONNECTABLE); 1676 } 1677 1678 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd, 1679 mgmt_set_connectable_complete); 1680 1681 if (err < 0) 1682 mgmt_pending_remove(cmd); 1683 1684failed: 1685 hci_dev_unlock(hdev); 1686 return err; 1687} 1688 1689static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, 1690 u16 len) 1691{ 1692 struct mgmt_mode *cp = data; 1693 bool changed; 1694 int err; 1695 1696 bt_dev_dbg(hdev, "sock %p", sk); 1697 1698 if (cp->val != 0x00 && cp->val != 0x01) 1699 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, 1700 MGMT_STATUS_INVALID_PARAMS); 1701 1702 hci_dev_lock(hdev); 1703 1704 if (cp->val) 1705 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE); 1706 else 1707 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE); 1708 1709 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); 1710 if (err < 0) 1711 goto unlock; 1712 1713 if (changed) { 1714 /* In limited privacy mode the change of bondable mode 1715 * may affect the local advertising address. 1716 */ 1717 hci_update_discoverable(hdev); 1718 1719 err = new_settings(hdev, sk); 1720 } 1721 1722unlock: 1723 hci_dev_unlock(hdev); 1724 return err; 1725} 1726 1727static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data, 1728 u16 len) 1729{ 1730 struct mgmt_mode *cp = data; 1731 struct mgmt_pending_cmd *cmd; 1732 u8 val, status; 1733 int err; 1734 1735 bt_dev_dbg(hdev, "sock %p", sk); 1736 1737 status = mgmt_bredr_support(hdev); 1738 if (status) 1739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1740 status); 1741 1742 if (cp->val != 0x00 && cp->val != 0x01) 1743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1744 MGMT_STATUS_INVALID_PARAMS); 1745 1746 hci_dev_lock(hdev); 1747 1748 if (!hdev_is_powered(hdev)) { 1749 bool changed = false; 1750 1751 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) { 1752 hci_dev_change_flag(hdev, HCI_LINK_SECURITY); 1753 changed = true; 1754 } 1755 1756 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1757 if (err < 0) 1758 goto failed; 1759 1760 if (changed) 1761 err = new_settings(hdev, sk); 1762 1763 goto failed; 1764 } 1765 1766 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) { 1767 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1768 MGMT_STATUS_BUSY); 1769 goto failed; 1770 } 1771 1772 val = !!cp->val; 1773 1774 if (test_bit(HCI_AUTH, &hdev->flags) == val) { 1775 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev); 1776 goto failed; 1777 } 1778 1779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len); 1780 if (!cmd) { 1781 err = -ENOMEM; 1782 goto failed; 1783 } 1784 1785 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val); 1786 if (err < 0) { 1787 mgmt_pending_remove(cmd); 1788 goto failed; 1789 } 1790 1791failed: 1792 hci_dev_unlock(hdev); 1793 return err; 1794} 1795 1796static void set_ssp_complete(struct hci_dev *hdev, void *data, int err) 1797{ 1798 struct cmd_lookup match = { NULL, hdev }; 1799 struct mgmt_pending_cmd *cmd = data; 1800 struct mgmt_mode *cp = cmd->param; 1801 u8 enable = cp->val; 1802 bool changed; 1803 1804 /* Make sure cmd still outstanding. */ 1805 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev)) 1806 return; 1807 1808 if (err) { 1809 u8 mgmt_err = mgmt_status(err); 1810 1811 if (enable && hci_dev_test_and_clear_flag(hdev, 1812 HCI_SSP_ENABLED)) { 1813 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1814 new_settings(hdev, NULL); 1815 } 1816 1817 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 1818 &mgmt_err); 1819 return; 1820 } 1821 1822 if (enable) { 1823 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1824 } else { 1825 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 1826 1827 if (!changed) 1828 changed = hci_dev_test_and_clear_flag(hdev, 1829 HCI_HS_ENABLED); 1830 else 1831 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1832 } 1833 1834 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 1835 1836 if (changed) 1837 new_settings(hdev, match.sk); 1838 1839 if (match.sk) 1840 sock_put(match.sk); 1841 1842 hci_update_eir_sync(hdev); 1843} 1844 1845static int set_ssp_sync(struct hci_dev *hdev, void *data) 1846{ 1847 struct mgmt_pending_cmd *cmd = data; 1848 struct mgmt_mode *cp = cmd->param; 1849 bool changed = false; 1850 int err; 1851 1852 if (cp->val) 1853 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1854 1855 err = hci_write_ssp_mode_sync(hdev, cp->val); 1856 1857 if (!err && changed) 1858 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 1859 1860 return err; 1861} 1862 1863static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1864{ 1865 struct mgmt_mode *cp = data; 1866 struct mgmt_pending_cmd *cmd; 1867 u8 status; 1868 int err; 1869 1870 bt_dev_dbg(hdev, "sock %p", sk); 1871 1872 status = mgmt_bredr_support(hdev); 1873 if (status) 1874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1875 1876 if (!lmp_ssp_capable(hdev)) 1877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1878 MGMT_STATUS_NOT_SUPPORTED); 1879 1880 if (cp->val != 0x00 && cp->val != 0x01) 1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1882 MGMT_STATUS_INVALID_PARAMS); 1883 1884 hci_dev_lock(hdev); 1885 1886 if (!hdev_is_powered(hdev)) { 1887 bool changed; 1888 1889 if (cp->val) { 1890 changed = !hci_dev_test_and_set_flag(hdev, 1891 HCI_SSP_ENABLED); 1892 } else { 1893 changed = hci_dev_test_and_clear_flag(hdev, 1894 HCI_SSP_ENABLED); 1895 if (!changed) 1896 changed = hci_dev_test_and_clear_flag(hdev, 1897 HCI_HS_ENABLED); 1898 else 1899 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1900 } 1901 1902 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1903 if (err < 0) 1904 goto failed; 1905 1906 if (changed) 1907 err = new_settings(hdev, sk); 1908 1909 goto failed; 1910 } 1911 1912 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1913 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1914 MGMT_STATUS_BUSY); 1915 goto failed; 1916 } 1917 1918 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 1919 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1920 goto failed; 1921 } 1922 1923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len); 1924 if (!cmd) 1925 err = -ENOMEM; 1926 else 1927 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd, 1928 set_ssp_complete); 1929 1930 if (err < 0) { 1931 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1932 MGMT_STATUS_FAILED); 1933 1934 if (cmd) 1935 mgmt_pending_remove(cmd); 1936 } 1937 1938failed: 1939 hci_dev_unlock(hdev); 1940 return err; 1941} 1942 1943static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1944{ 1945 struct mgmt_mode *cp = data; 1946 bool changed; 1947 u8 status; 1948 int err; 1949 1950 bt_dev_dbg(hdev, "sock %p", sk); 1951 1952 if (!IS_ENABLED(CONFIG_BT_HS)) 1953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1954 MGMT_STATUS_NOT_SUPPORTED); 1955 1956 status = mgmt_bredr_support(hdev); 1957 if (status) 1958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1959 1960 if (!lmp_ssp_capable(hdev)) 1961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1962 MGMT_STATUS_NOT_SUPPORTED); 1963 1964 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 1965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1966 MGMT_STATUS_REJECTED); 1967 1968 if (cp->val != 0x00 && cp->val != 0x01) 1969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1970 MGMT_STATUS_INVALID_PARAMS); 1971 1972 hci_dev_lock(hdev); 1973 1974 if (pending_find(MGMT_OP_SET_SSP, hdev)) { 1975 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1976 MGMT_STATUS_BUSY); 1977 goto unlock; 1978 } 1979 1980 if (cp->val) { 1981 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 1982 } else { 1983 if (hdev_is_powered(hdev)) { 1984 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1985 MGMT_STATUS_REJECTED); 1986 goto unlock; 1987 } 1988 1989 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 1990 } 1991 1992 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1993 if (err < 0) 1994 goto unlock; 1995 1996 if (changed) 1997 err = new_settings(hdev, sk); 1998 1999unlock: 2000 hci_dev_unlock(hdev); 2001 return err; 2002} 2003 2004static void set_le_complete(struct hci_dev *hdev, void *data, int err) 2005{ 2006 struct cmd_lookup match = { NULL, hdev }; 2007 u8 status = mgmt_status(err); 2008 2009 bt_dev_dbg(hdev, "err %d", err); 2010 2011 if (status) { 2012 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 2013 &status); 2014 return; 2015 } 2016 2017 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 2018 2019 new_settings(hdev, match.sk); 2020 2021 if (match.sk) 2022 sock_put(match.sk); 2023} 2024 2025static int set_le_sync(struct hci_dev *hdev, void *data) 2026{ 2027 struct mgmt_pending_cmd *cmd = data; 2028 struct mgmt_mode *cp = cmd->param; 2029 u8 val = !!cp->val; 2030 int err; 2031 2032 if (!val) { 2033 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2034 hci_disable_advertising_sync(hdev); 2035 2036 if (ext_adv_capable(hdev)) 2037 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk); 2038 } else { 2039 hci_dev_set_flag(hdev, HCI_LE_ENABLED); 2040 } 2041 2042 err = hci_write_le_host_supported_sync(hdev, val, 0); 2043 2044 /* Make sure the controller has a good default for 2045 * advertising data. Restrict the update to when LE 2046 * has actually been enabled. During power on, the 2047 * update in powered_update_hci will take care of it. 2048 */ 2049 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2050 if (ext_adv_capable(hdev)) { 2051 int status; 2052 2053 status = hci_setup_ext_adv_instance_sync(hdev, 0x00); 2054 if (!status) 2055 hci_update_scan_rsp_data_sync(hdev, 0x00); 2056 } else { 2057 hci_update_adv_data_sync(hdev, 0x00); 2058 hci_update_scan_rsp_data_sync(hdev, 0x00); 2059 } 2060 2061 hci_update_passive_scan(hdev); 2062 } 2063 2064 return err; 2065} 2066 2067static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2068{ 2069 struct mgmt_mode *cp = data; 2070 struct mgmt_pending_cmd *cmd; 2071 int err; 2072 u8 val, enabled; 2073 2074 bt_dev_dbg(hdev, "sock %p", sk); 2075 2076 if (!lmp_le_capable(hdev)) 2077 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2078 MGMT_STATUS_NOT_SUPPORTED); 2079 2080 if (cp->val != 0x00 && cp->val != 0x01) 2081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2082 MGMT_STATUS_INVALID_PARAMS); 2083 2084 /* Bluetooth single mode LE only controllers or dual-mode 2085 * controllers configured as LE only devices, do not allow 2086 * switching LE off. These have either LE enabled explicitly 2087 * or BR/EDR has been previously switched off. 2088 * 2089 * When trying to enable an already enabled LE, then gracefully 2090 * send a positive response. Trying to disable it however will 2091 * result into rejection. 2092 */ 2093 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 2094 if (cp->val == 0x01) 2095 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2096 2097 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2098 MGMT_STATUS_REJECTED); 2099 } 2100 2101 hci_dev_lock(hdev); 2102 2103 val = !!cp->val; 2104 enabled = lmp_host_le_capable(hdev); 2105 2106 if (!val) 2107 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true); 2108 2109 if (!hdev_is_powered(hdev) || val == enabled) { 2110 bool changed = false; 2111 2112 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 2113 hci_dev_change_flag(hdev, HCI_LE_ENABLED); 2114 changed = true; 2115 } 2116 2117 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) { 2118 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 2119 changed = true; 2120 } 2121 2122 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 2123 if (err < 0) 2124 goto unlock; 2125 2126 if (changed) 2127 err = new_settings(hdev, sk); 2128 2129 goto unlock; 2130 } 2131 2132 if (pending_find(MGMT_OP_SET_LE, hdev) || 2133 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 2134 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2135 MGMT_STATUS_BUSY); 2136 goto unlock; 2137 } 2138 2139 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len); 2140 if (!cmd) 2141 err = -ENOMEM; 2142 else 2143 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd, 2144 set_le_complete); 2145 2146 if (err < 0) { 2147 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 2148 MGMT_STATUS_FAILED); 2149 2150 if (cmd) 2151 mgmt_pending_remove(cmd); 2152 } 2153 2154unlock: 2155 hci_dev_unlock(hdev); 2156 return err; 2157} 2158 2159/* This is a helper function to test for pending mgmt commands that can 2160 * cause CoD or EIR HCI commands. We can only allow one such pending 2161 * mgmt command at a time since otherwise we cannot easily track what 2162 * the current values are, will be, and based on that calculate if a new 2163 * HCI command needs to be sent and if yes with what value. 2164 */ 2165static bool pending_eir_or_class(struct hci_dev *hdev) 2166{ 2167 struct mgmt_pending_cmd *cmd; 2168 2169 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2170 switch (cmd->opcode) { 2171 case MGMT_OP_ADD_UUID: 2172 case MGMT_OP_REMOVE_UUID: 2173 case MGMT_OP_SET_DEV_CLASS: 2174 case MGMT_OP_SET_POWERED: 2175 return true; 2176 } 2177 } 2178 2179 return false; 2180} 2181 2182static const u8 bluetooth_base_uuid[] = { 2183 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80, 2184 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2185}; 2186 2187static u8 get_uuid_size(const u8 *uuid) 2188{ 2189 u32 val; 2190 2191 if (memcmp(uuid, bluetooth_base_uuid, 12)) 2192 return 128; 2193 2194 val = get_unaligned_le32(&uuid[12]); 2195 if (val > 0xffff) 2196 return 32; 2197 2198 return 16; 2199} 2200 2201static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err) 2202{ 2203 struct mgmt_pending_cmd *cmd = data; 2204 2205 bt_dev_dbg(hdev, "err %d", err); 2206 2207 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 2208 mgmt_status(err), hdev->dev_class, 3); 2209 2210 mgmt_pending_free(cmd); 2211} 2212 2213static int add_uuid_sync(struct hci_dev *hdev, void *data) 2214{ 2215 int err; 2216 2217 err = hci_update_class_sync(hdev); 2218 if (err) 2219 return err; 2220 2221 return hci_update_eir_sync(hdev); 2222} 2223 2224static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2225{ 2226 struct mgmt_cp_add_uuid *cp = data; 2227 struct mgmt_pending_cmd *cmd; 2228 struct bt_uuid *uuid; 2229 int err; 2230 2231 bt_dev_dbg(hdev, "sock %p", sk); 2232 2233 hci_dev_lock(hdev); 2234 2235 if (pending_eir_or_class(hdev)) { 2236 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID, 2237 MGMT_STATUS_BUSY); 2238 goto failed; 2239 } 2240 2241 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL); 2242 if (!uuid) { 2243 err = -ENOMEM; 2244 goto failed; 2245 } 2246 2247 memcpy(uuid->uuid, cp->uuid, 16); 2248 uuid->svc_hint = cp->svc_hint; 2249 uuid->size = get_uuid_size(cp->uuid); 2250 2251 list_add_tail(&uuid->list, &hdev->uuids); 2252 2253 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len); 2254 if (!cmd) { 2255 err = -ENOMEM; 2256 goto failed; 2257 } 2258 2259 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete); 2260 if (err < 0) { 2261 mgmt_pending_free(cmd); 2262 goto failed; 2263 } 2264 2265failed: 2266 hci_dev_unlock(hdev); 2267 return err; 2268} 2269 2270static bool enable_service_cache(struct hci_dev *hdev) 2271{ 2272 if (!hdev_is_powered(hdev)) 2273 return false; 2274 2275 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) { 2276 queue_delayed_work(hdev->workqueue, &hdev->service_cache, 2277 CACHE_TIMEOUT); 2278 return true; 2279 } 2280 2281 return false; 2282} 2283 2284static int remove_uuid_sync(struct hci_dev *hdev, void *data) 2285{ 2286 int err; 2287 2288 err = hci_update_class_sync(hdev); 2289 if (err) 2290 return err; 2291 2292 return hci_update_eir_sync(hdev); 2293} 2294 2295static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, 2296 u16 len) 2297{ 2298 struct mgmt_cp_remove_uuid *cp = data; 2299 struct mgmt_pending_cmd *cmd; 2300 struct bt_uuid *match, *tmp; 2301 static const u8 bt_uuid_any[] = { 2302 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 2303 }; 2304 int err, found; 2305 2306 bt_dev_dbg(hdev, "sock %p", sk); 2307 2308 hci_dev_lock(hdev); 2309 2310 if (pending_eir_or_class(hdev)) { 2311 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2312 MGMT_STATUS_BUSY); 2313 goto unlock; 2314 } 2315 2316 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 2317 hci_uuids_clear(hdev); 2318 2319 if (enable_service_cache(hdev)) { 2320 err = mgmt_cmd_complete(sk, hdev->id, 2321 MGMT_OP_REMOVE_UUID, 2322 0, hdev->dev_class, 3); 2323 goto unlock; 2324 } 2325 2326 goto update_class; 2327 } 2328 2329 found = 0; 2330 2331 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) { 2332 if (memcmp(match->uuid, cp->uuid, 16) != 0) 2333 continue; 2334 2335 list_del(&match->list); 2336 kfree(match); 2337 found++; 2338 } 2339 2340 if (found == 0) { 2341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID, 2342 MGMT_STATUS_INVALID_PARAMS); 2343 goto unlock; 2344 } 2345 2346update_class: 2347 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len); 2348 if (!cmd) { 2349 err = -ENOMEM; 2350 goto unlock; 2351 } 2352 2353 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd, 2354 mgmt_class_complete); 2355 if (err < 0) 2356 mgmt_pending_free(cmd); 2357 2358unlock: 2359 hci_dev_unlock(hdev); 2360 return err; 2361} 2362 2363static int set_class_sync(struct hci_dev *hdev, void *data) 2364{ 2365 int err = 0; 2366 2367 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) { 2368 cancel_delayed_work_sync(&hdev->service_cache); 2369 err = hci_update_eir_sync(hdev); 2370 } 2371 2372 if (err) 2373 return err; 2374 2375 return hci_update_class_sync(hdev); 2376} 2377 2378static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, 2379 u16 len) 2380{ 2381 struct mgmt_cp_set_dev_class *cp = data; 2382 struct mgmt_pending_cmd *cmd; 2383 int err; 2384 2385 bt_dev_dbg(hdev, "sock %p", sk); 2386 2387 if (!lmp_bredr_capable(hdev)) 2388 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2389 MGMT_STATUS_NOT_SUPPORTED); 2390 2391 hci_dev_lock(hdev); 2392 2393 if (pending_eir_or_class(hdev)) { 2394 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2395 MGMT_STATUS_BUSY); 2396 goto unlock; 2397 } 2398 2399 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) { 2400 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 2401 MGMT_STATUS_INVALID_PARAMS); 2402 goto unlock; 2403 } 2404 2405 hdev->major_class = cp->major; 2406 hdev->minor_class = cp->minor; 2407 2408 if (!hdev_is_powered(hdev)) { 2409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0, 2410 hdev->dev_class, 3); 2411 goto unlock; 2412 } 2413 2414 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len); 2415 if (!cmd) { 2416 err = -ENOMEM; 2417 goto unlock; 2418 } 2419 2420 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd, 2421 mgmt_class_complete); 2422 if (err < 0) 2423 mgmt_pending_free(cmd); 2424 2425unlock: 2426 hci_dev_unlock(hdev); 2427 return err; 2428} 2429 2430static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, 2431 u16 len) 2432{ 2433 struct mgmt_cp_load_link_keys *cp = data; 2434 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 2435 sizeof(struct mgmt_link_key_info)); 2436 u16 key_count, expected_len; 2437 bool changed; 2438 int i; 2439 2440 bt_dev_dbg(hdev, "sock %p", sk); 2441 2442 if (!lmp_bredr_capable(hdev)) 2443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2444 MGMT_STATUS_NOT_SUPPORTED); 2445 2446 key_count = __le16_to_cpu(cp->key_count); 2447 if (key_count > max_key_count) { 2448 bt_dev_err(hdev, "load_link_keys: too big key_count value %u", 2449 key_count); 2450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2451 MGMT_STATUS_INVALID_PARAMS); 2452 } 2453 2454 expected_len = struct_size(cp, keys, key_count); 2455 if (expected_len != len) { 2456 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes", 2457 expected_len, len); 2458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2459 MGMT_STATUS_INVALID_PARAMS); 2460 } 2461 2462 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01) 2463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 2464 MGMT_STATUS_INVALID_PARAMS); 2465 2466 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys, 2467 key_count); 2468 2469 for (i = 0; i < key_count; i++) { 2470 struct mgmt_link_key_info *key = &cp->keys[i]; 2471 2472 if (key->addr.type != BDADDR_BREDR || key->type > 0x08) 2473 return mgmt_cmd_status(sk, hdev->id, 2474 MGMT_OP_LOAD_LINK_KEYS, 2475 MGMT_STATUS_INVALID_PARAMS); 2476 } 2477 2478 hci_dev_lock(hdev); 2479 2480 hci_link_keys_clear(hdev); 2481 2482 if (cp->debug_keys) 2483 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 2484 else 2485 changed = hci_dev_test_and_clear_flag(hdev, 2486 HCI_KEEP_DEBUG_KEYS); 2487 2488 if (changed) 2489 new_settings(hdev, NULL); 2490 2491 for (i = 0; i < key_count; i++) { 2492 struct mgmt_link_key_info *key = &cp->keys[i]; 2493 2494 if (hci_is_blocked_key(hdev, 2495 HCI_BLOCKED_KEY_TYPE_LINKKEY, 2496 key->val)) { 2497 bt_dev_warn(hdev, "Skipping blocked link key for %pMR", 2498 &key->addr.bdaddr); 2499 continue; 2500 } 2501 2502 /* Always ignore debug keys and require a new pairing if 2503 * the user wants to use them. 2504 */ 2505 if (key->type == HCI_LK_DEBUG_COMBINATION) 2506 continue; 2507 2508 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val, 2509 key->type, key->pin_len, NULL); 2510 } 2511 2512 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0); 2513 2514 hci_dev_unlock(hdev); 2515 2516 return 0; 2517} 2518 2519static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr, 2520 u8 addr_type, struct sock *skip_sk) 2521{ 2522 struct mgmt_ev_device_unpaired ev; 2523 2524 bacpy(&ev.addr.bdaddr, bdaddr); 2525 ev.addr.type = addr_type; 2526 2527 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev), 2528 skip_sk); 2529} 2530 2531static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2532 u16 len) 2533{ 2534 struct mgmt_cp_unpair_device *cp = data; 2535 struct mgmt_rp_unpair_device rp; 2536 struct hci_conn_params *params; 2537 struct mgmt_pending_cmd *cmd; 2538 struct hci_conn *conn; 2539 u8 addr_type; 2540 int err; 2541 2542 memset(&rp, 0, sizeof(rp)); 2543 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2544 rp.addr.type = cp->addr.type; 2545 2546 if (!bdaddr_type_is_valid(cp->addr.type)) 2547 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2548 MGMT_STATUS_INVALID_PARAMS, 2549 &rp, sizeof(rp)); 2550 2551 if (cp->disconnect != 0x00 && cp->disconnect != 0x01) 2552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2553 MGMT_STATUS_INVALID_PARAMS, 2554 &rp, sizeof(rp)); 2555 2556 hci_dev_lock(hdev); 2557 2558 if (!hdev_is_powered(hdev)) { 2559 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2560 MGMT_STATUS_NOT_POWERED, &rp, 2561 sizeof(rp)); 2562 goto unlock; 2563 } 2564 2565 if (cp->addr.type == BDADDR_BREDR) { 2566 /* If disconnection is requested, then look up the 2567 * connection. If the remote device is connected, it 2568 * will be later used to terminate the link. 2569 * 2570 * Setting it to NULL explicitly will cause no 2571 * termination of the link. 2572 */ 2573 if (cp->disconnect) 2574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2575 &cp->addr.bdaddr); 2576 else 2577 conn = NULL; 2578 2579 err = hci_remove_link_key(hdev, &cp->addr.bdaddr); 2580 if (err < 0) { 2581 err = mgmt_cmd_complete(sk, hdev->id, 2582 MGMT_OP_UNPAIR_DEVICE, 2583 MGMT_STATUS_NOT_PAIRED, &rp, 2584 sizeof(rp)); 2585 goto unlock; 2586 } 2587 2588 goto done; 2589 } 2590 2591 /* LE address type */ 2592 addr_type = le_addr_type(cp->addr.type); 2593 2594 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */ 2595 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type); 2596 if (err < 0) { 2597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 2598 MGMT_STATUS_NOT_PAIRED, &rp, 2599 sizeof(rp)); 2600 goto unlock; 2601 } 2602 2603 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type); 2604 if (!conn) { 2605 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); 2606 goto done; 2607 } 2608 2609 2610 /* Defer clearing up the connection parameters until closing to 2611 * give a chance of keeping them if a repairing happens. 2612 */ 2613 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2614 2615 /* Disable auto-connection parameters if present */ 2616 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type); 2617 if (params) { 2618 if (params->explicit_connect) 2619 params->auto_connect = HCI_AUTO_CONN_EXPLICIT; 2620 else 2621 params->auto_connect = HCI_AUTO_CONN_DISABLED; 2622 } 2623 2624 /* If disconnection is not requested, then clear the connection 2625 * variable so that the link is not terminated. 2626 */ 2627 if (!cp->disconnect) 2628 conn = NULL; 2629 2630done: 2631 /* If the connection variable is set, then termination of the 2632 * link is requested. 2633 */ 2634 if (!conn) { 2635 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0, 2636 &rp, sizeof(rp)); 2637 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk); 2638 goto unlock; 2639 } 2640 2641 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp, 2642 sizeof(*cp)); 2643 if (!cmd) { 2644 err = -ENOMEM; 2645 goto unlock; 2646 } 2647 2648 cmd->cmd_complete = addr_cmd_complete; 2649 2650 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 2651 if (err < 0) 2652 mgmt_pending_remove(cmd); 2653 2654unlock: 2655 hci_dev_unlock(hdev); 2656 return err; 2657} 2658 2659static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data, 2660 u16 len) 2661{ 2662 struct mgmt_cp_disconnect *cp = data; 2663 struct mgmt_rp_disconnect rp; 2664 struct mgmt_pending_cmd *cmd; 2665 struct hci_conn *conn; 2666 int err; 2667 2668 bt_dev_dbg(hdev, "sock %p", sk); 2669 2670 memset(&rp, 0, sizeof(rp)); 2671 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 2672 rp.addr.type = cp->addr.type; 2673 2674 if (!bdaddr_type_is_valid(cp->addr.type)) 2675 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2676 MGMT_STATUS_INVALID_PARAMS, 2677 &rp, sizeof(rp)); 2678 2679 hci_dev_lock(hdev); 2680 2681 if (!test_bit(HCI_UP, &hdev->flags)) { 2682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2683 MGMT_STATUS_NOT_POWERED, &rp, 2684 sizeof(rp)); 2685 goto failed; 2686 } 2687 2688 if (pending_find(MGMT_OP_DISCONNECT, hdev)) { 2689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2690 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2691 goto failed; 2692 } 2693 2694 if (cp->addr.type == BDADDR_BREDR) 2695 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 2696 &cp->addr.bdaddr); 2697 else 2698 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, 2699 le_addr_type(cp->addr.type)); 2700 2701 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) { 2702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT, 2703 MGMT_STATUS_NOT_CONNECTED, &rp, 2704 sizeof(rp)); 2705 goto failed; 2706 } 2707 2708 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 2709 if (!cmd) { 2710 err = -ENOMEM; 2711 goto failed; 2712 } 2713 2714 cmd->cmd_complete = generic_cmd_complete; 2715 2716 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM); 2717 if (err < 0) 2718 mgmt_pending_remove(cmd); 2719 2720failed: 2721 hci_dev_unlock(hdev); 2722 return err; 2723} 2724 2725static u8 link_to_bdaddr(u8 link_type, u8 addr_type) 2726{ 2727 switch (link_type) { 2728 case LE_LINK: 2729 switch (addr_type) { 2730 case ADDR_LE_DEV_PUBLIC: 2731 return BDADDR_LE_PUBLIC; 2732 2733 default: 2734 /* Fallback to LE Random address type */ 2735 return BDADDR_LE_RANDOM; 2736 } 2737 2738 default: 2739 /* Fallback to BR/EDR type */ 2740 return BDADDR_BREDR; 2741 } 2742} 2743 2744static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data, 2745 u16 data_len) 2746{ 2747 struct mgmt_rp_get_connections *rp; 2748 struct hci_conn *c; 2749 int err; 2750 u16 i; 2751 2752 bt_dev_dbg(hdev, "sock %p", sk); 2753 2754 hci_dev_lock(hdev); 2755 2756 if (!hdev_is_powered(hdev)) { 2757 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 2758 MGMT_STATUS_NOT_POWERED); 2759 goto unlock; 2760 } 2761 2762 i = 0; 2763 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2764 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2765 i++; 2766 } 2767 2768 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL); 2769 if (!rp) { 2770 err = -ENOMEM; 2771 goto unlock; 2772 } 2773 2774 i = 0; 2775 list_for_each_entry(c, &hdev->conn_hash.list, list) { 2776 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 2777 continue; 2778 bacpy(&rp->addr[i].bdaddr, &c->dst); 2779 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type); 2780 if (c->type == SCO_LINK || c->type == ESCO_LINK) 2781 continue; 2782 i++; 2783 } 2784 2785 rp->conn_count = cpu_to_le16(i); 2786 2787 /* Recalculate length in case of filtered SCO connections, etc */ 2788 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp, 2789 struct_size(rp, addr, i)); 2790 2791 kfree(rp); 2792 2793unlock: 2794 hci_dev_unlock(hdev); 2795 return err; 2796} 2797 2798static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 2799 struct mgmt_cp_pin_code_neg_reply *cp) 2800{ 2801 struct mgmt_pending_cmd *cmd; 2802 int err; 2803 2804 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 2805 sizeof(*cp)); 2806 if (!cmd) 2807 return -ENOMEM; 2808 2809 cmd->cmd_complete = addr_cmd_complete; 2810 2811 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2812 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr); 2813 if (err < 0) 2814 mgmt_pending_remove(cmd); 2815 2816 return err; 2817} 2818 2819static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2820 u16 len) 2821{ 2822 struct hci_conn *conn; 2823 struct mgmt_cp_pin_code_reply *cp = data; 2824 struct hci_cp_pin_code_reply reply; 2825 struct mgmt_pending_cmd *cmd; 2826 int err; 2827 2828 bt_dev_dbg(hdev, "sock %p", sk); 2829 2830 hci_dev_lock(hdev); 2831 2832 if (!hdev_is_powered(hdev)) { 2833 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2834 MGMT_STATUS_NOT_POWERED); 2835 goto failed; 2836 } 2837 2838 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr); 2839 if (!conn) { 2840 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2841 MGMT_STATUS_NOT_CONNECTED); 2842 goto failed; 2843 } 2844 2845 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 2846 struct mgmt_cp_pin_code_neg_reply ncp; 2847 2848 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr)); 2849 2850 bt_dev_err(hdev, "PIN code is not 16 bytes long"); 2851 2852 err = send_pin_code_neg_reply(sk, hdev, &ncp); 2853 if (err >= 0) 2854 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, 2855 MGMT_STATUS_INVALID_PARAMS); 2856 2857 goto failed; 2858 } 2859 2860 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 2861 if (!cmd) { 2862 err = -ENOMEM; 2863 goto failed; 2864 } 2865 2866 cmd->cmd_complete = addr_cmd_complete; 2867 2868 bacpy(&reply.bdaddr, &cp->addr.bdaddr); 2869 reply.pin_len = cp->pin_len; 2870 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 2871 2872 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 2873 if (err < 0) 2874 mgmt_pending_remove(cmd); 2875 2876failed: 2877 hci_dev_unlock(hdev); 2878 return err; 2879} 2880 2881static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 2882 u16 len) 2883{ 2884 struct mgmt_cp_set_io_capability *cp = data; 2885 2886 bt_dev_dbg(hdev, "sock %p", sk); 2887 2888 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY) 2889 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 2890 MGMT_STATUS_INVALID_PARAMS); 2891 2892 hci_dev_lock(hdev); 2893 2894 hdev->io_capability = cp->io_capability; 2895 2896 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability); 2897 2898 hci_dev_unlock(hdev); 2899 2900 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, 2901 NULL, 0); 2902} 2903 2904static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn) 2905{ 2906 struct hci_dev *hdev = conn->hdev; 2907 struct mgmt_pending_cmd *cmd; 2908 2909 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 2910 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 2911 continue; 2912 2913 if (cmd->user_data != conn) 2914 continue; 2915 2916 return cmd; 2917 } 2918 2919 return NULL; 2920} 2921 2922static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status) 2923{ 2924 struct mgmt_rp_pair_device rp; 2925 struct hci_conn *conn = cmd->user_data; 2926 int err; 2927 2928 bacpy(&rp.addr.bdaddr, &conn->dst); 2929 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 2930 2931 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, 2932 status, &rp, sizeof(rp)); 2933 2934 /* So we don't get further callbacks for this connection */ 2935 conn->connect_cfm_cb = NULL; 2936 conn->security_cfm_cb = NULL; 2937 conn->disconn_cfm_cb = NULL; 2938 2939 hci_conn_drop(conn); 2940 2941 /* The device is paired so there is no need to remove 2942 * its connection parameters anymore. 2943 */ 2944 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); 2945 2946 hci_conn_put(conn); 2947 2948 return err; 2949} 2950 2951void mgmt_smp_complete(struct hci_conn *conn, bool complete) 2952{ 2953 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; 2954 struct mgmt_pending_cmd *cmd; 2955 2956 cmd = find_pairing(conn); 2957 if (cmd) { 2958 cmd->cmd_complete(cmd, status); 2959 mgmt_pending_remove(cmd); 2960 } 2961} 2962 2963static void pairing_complete_cb(struct hci_conn *conn, u8 status) 2964{ 2965 struct mgmt_pending_cmd *cmd; 2966 2967 BT_DBG("status %u", status); 2968 2969 cmd = find_pairing(conn); 2970 if (!cmd) { 2971 BT_DBG("Unable to find a pending command"); 2972 return; 2973 } 2974 2975 cmd->cmd_complete(cmd, mgmt_status(status)); 2976 mgmt_pending_remove(cmd); 2977} 2978 2979static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) 2980{ 2981 struct mgmt_pending_cmd *cmd; 2982 2983 BT_DBG("status %u", status); 2984 2985 if (!status) 2986 return; 2987 2988 cmd = find_pairing(conn); 2989 if (!cmd) { 2990 BT_DBG("Unable to find a pending command"); 2991 return; 2992 } 2993 2994 cmd->cmd_complete(cmd, mgmt_status(status)); 2995 mgmt_pending_remove(cmd); 2996} 2997 2998static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 2999 u16 len) 3000{ 3001 struct mgmt_cp_pair_device *cp = data; 3002 struct mgmt_rp_pair_device rp; 3003 struct mgmt_pending_cmd *cmd; 3004 u8 sec_level, auth_type; 3005 struct hci_conn *conn; 3006 int err; 3007 3008 bt_dev_dbg(hdev, "sock %p", sk); 3009 3010 memset(&rp, 0, sizeof(rp)); 3011 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3012 rp.addr.type = cp->addr.type; 3013 3014 if (!bdaddr_type_is_valid(cp->addr.type)) 3015 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3016 MGMT_STATUS_INVALID_PARAMS, 3017 &rp, sizeof(rp)); 3018 3019 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY) 3020 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3021 MGMT_STATUS_INVALID_PARAMS, 3022 &rp, sizeof(rp)); 3023 3024 hci_dev_lock(hdev); 3025 3026 if (!hdev_is_powered(hdev)) { 3027 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3028 MGMT_STATUS_NOT_POWERED, &rp, 3029 sizeof(rp)); 3030 goto unlock; 3031 } 3032 3033 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) { 3034 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3035 MGMT_STATUS_ALREADY_PAIRED, &rp, 3036 sizeof(rp)); 3037 goto unlock; 3038 } 3039 3040 sec_level = BT_SECURITY_MEDIUM; 3041 auth_type = HCI_AT_DEDICATED_BONDING; 3042 3043 if (cp->addr.type == BDADDR_BREDR) { 3044 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 3045 auth_type, CONN_REASON_PAIR_DEVICE); 3046 } else { 3047 u8 addr_type = le_addr_type(cp->addr.type); 3048 struct hci_conn_params *p; 3049 3050 /* When pairing a new device, it is expected to remember 3051 * this device for future connections. Adding the connection 3052 * parameter information ahead of time allows tracking 3053 * of the peripheral preferred values and will speed up any 3054 * further connection establishment. 3055 * 3056 * If connection parameters already exist, then they 3057 * will be kept and this function does nothing. 3058 */ 3059 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); 3060 3061 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 3062 p->auto_connect = HCI_AUTO_CONN_DISABLED; 3063 3064 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 3065 sec_level, HCI_LE_CONN_TIMEOUT, 3066 CONN_REASON_PAIR_DEVICE); 3067 } 3068 3069 if (IS_ERR(conn)) { 3070 int status; 3071 3072 if (PTR_ERR(conn) == -EBUSY) 3073 status = MGMT_STATUS_BUSY; 3074 else if (PTR_ERR(conn) == -EOPNOTSUPP) 3075 status = MGMT_STATUS_NOT_SUPPORTED; 3076 else if (PTR_ERR(conn) == -ECONNREFUSED) 3077 status = MGMT_STATUS_REJECTED; 3078 else 3079 status = MGMT_STATUS_CONNECT_FAILED; 3080 3081 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3082 status, &rp, sizeof(rp)); 3083 goto unlock; 3084 } 3085 3086 if (conn->connect_cfm_cb) { 3087 hci_conn_drop(conn); 3088 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 3089 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 3090 goto unlock; 3091 } 3092 3093 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 3094 if (!cmd) { 3095 err = -ENOMEM; 3096 hci_conn_drop(conn); 3097 goto unlock; 3098 } 3099 3100 cmd->cmd_complete = pairing_complete; 3101 3102 /* For LE, just connecting isn't a proof that the pairing finished */ 3103 if (cp->addr.type == BDADDR_BREDR) { 3104 conn->connect_cfm_cb = pairing_complete_cb; 3105 conn->security_cfm_cb = pairing_complete_cb; 3106 conn->disconn_cfm_cb = pairing_complete_cb; 3107 } else { 3108 conn->connect_cfm_cb = le_pairing_complete_cb; 3109 conn->security_cfm_cb = le_pairing_complete_cb; 3110 conn->disconn_cfm_cb = le_pairing_complete_cb; 3111 } 3112 3113 conn->io_capability = cp->io_cap; 3114 cmd->user_data = hci_conn_get(conn); 3115 3116 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && 3117 hci_conn_security(conn, sec_level, auth_type, true)) { 3118 cmd->cmd_complete(cmd, 0); 3119 mgmt_pending_remove(cmd); 3120 } 3121 3122 err = 0; 3123 3124unlock: 3125 hci_dev_unlock(hdev); 3126 return err; 3127} 3128 3129static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, 3130 u16 len) 3131{ 3132 struct mgmt_addr_info *addr = data; 3133 struct mgmt_pending_cmd *cmd; 3134 struct hci_conn *conn; 3135 int err; 3136 3137 bt_dev_dbg(hdev, "sock %p", sk); 3138 3139 hci_dev_lock(hdev); 3140 3141 if (!hdev_is_powered(hdev)) { 3142 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3143 MGMT_STATUS_NOT_POWERED); 3144 goto unlock; 3145 } 3146 3147 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev); 3148 if (!cmd) { 3149 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3150 MGMT_STATUS_INVALID_PARAMS); 3151 goto unlock; 3152 } 3153 3154 conn = cmd->user_data; 3155 3156 if (bacmp(&addr->bdaddr, &conn->dst) != 0) { 3157 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 3158 MGMT_STATUS_INVALID_PARAMS); 3159 goto unlock; 3160 } 3161 3162 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); 3163 mgmt_pending_remove(cmd); 3164 3165 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3166 addr, sizeof(*addr)); 3167 3168 /* Since user doesn't want to proceed with the connection, abort any 3169 * ongoing pairing and then terminate the link if it was created 3170 * because of the pair device action. 3171 */ 3172 if (addr->type == BDADDR_BREDR) 3173 hci_remove_link_key(hdev, &addr->bdaddr); 3174 else 3175 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3176 le_addr_type(addr->type)); 3177 3178 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3179 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 3180 3181unlock: 3182 hci_dev_unlock(hdev); 3183 return err; 3184} 3185 3186static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev, 3187 struct mgmt_addr_info *addr, u16 mgmt_op, 3188 u16 hci_op, __le32 passkey) 3189{ 3190 struct mgmt_pending_cmd *cmd; 3191 struct hci_conn *conn; 3192 int err; 3193 3194 hci_dev_lock(hdev); 3195 3196 if (!hdev_is_powered(hdev)) { 3197 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3198 MGMT_STATUS_NOT_POWERED, addr, 3199 sizeof(*addr)); 3200 goto done; 3201 } 3202 3203 if (addr->type == BDADDR_BREDR) 3204 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr); 3205 else 3206 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr, 3207 le_addr_type(addr->type)); 3208 3209 if (!conn) { 3210 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3211 MGMT_STATUS_NOT_CONNECTED, addr, 3212 sizeof(*addr)); 3213 goto done; 3214 } 3215 3216 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { 3217 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 3218 if (!err) 3219 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3220 MGMT_STATUS_SUCCESS, addr, 3221 sizeof(*addr)); 3222 else 3223 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op, 3224 MGMT_STATUS_FAILED, addr, 3225 sizeof(*addr)); 3226 3227 goto done; 3228 } 3229 3230 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr)); 3231 if (!cmd) { 3232 err = -ENOMEM; 3233 goto done; 3234 } 3235 3236 cmd->cmd_complete = addr_cmd_complete; 3237 3238 /* Continue with pairing via HCI */ 3239 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 3240 struct hci_cp_user_passkey_reply cp; 3241 3242 bacpy(&cp.bdaddr, &addr->bdaddr); 3243 cp.passkey = passkey; 3244 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 3245 } else 3246 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr), 3247 &addr->bdaddr); 3248 3249 if (err < 0) 3250 mgmt_pending_remove(cmd); 3251 3252done: 3253 hci_dev_unlock(hdev); 3254 return err; 3255} 3256 3257static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev, 3258 void *data, u16 len) 3259{ 3260 struct mgmt_cp_pin_code_neg_reply *cp = data; 3261 3262 bt_dev_dbg(hdev, "sock %p", sk); 3263 3264 return user_pairing_resp(sk, hdev, &cp->addr, 3265 MGMT_OP_PIN_CODE_NEG_REPLY, 3266 HCI_OP_PIN_CODE_NEG_REPLY, 0); 3267} 3268 3269static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3270 u16 len) 3271{ 3272 struct mgmt_cp_user_confirm_reply *cp = data; 3273 3274 bt_dev_dbg(hdev, "sock %p", sk); 3275 3276 if (len != sizeof(*cp)) 3277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY, 3278 MGMT_STATUS_INVALID_PARAMS); 3279 3280 return user_pairing_resp(sk, hdev, &cp->addr, 3281 MGMT_OP_USER_CONFIRM_REPLY, 3282 HCI_OP_USER_CONFIRM_REPLY, 0); 3283} 3284 3285static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev, 3286 void *data, u16 len) 3287{ 3288 struct mgmt_cp_user_confirm_neg_reply *cp = data; 3289 3290 bt_dev_dbg(hdev, "sock %p", sk); 3291 3292 return user_pairing_resp(sk, hdev, &cp->addr, 3293 MGMT_OP_USER_CONFIRM_NEG_REPLY, 3294 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 3295} 3296 3297static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data, 3298 u16 len) 3299{ 3300 struct mgmt_cp_user_passkey_reply *cp = data; 3301 3302 bt_dev_dbg(hdev, "sock %p", sk); 3303 3304 return user_pairing_resp(sk, hdev, &cp->addr, 3305 MGMT_OP_USER_PASSKEY_REPLY, 3306 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 3307} 3308 3309static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev, 3310 void *data, u16 len) 3311{ 3312 struct mgmt_cp_user_passkey_neg_reply *cp = data; 3313 3314 bt_dev_dbg(hdev, "sock %p", sk); 3315 3316 return user_pairing_resp(sk, hdev, &cp->addr, 3317 MGMT_OP_USER_PASSKEY_NEG_REPLY, 3318 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 3319} 3320 3321static int adv_expire_sync(struct hci_dev *hdev, u32 flags) 3322{ 3323 struct adv_info *adv_instance; 3324 3325 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance); 3326 if (!adv_instance) 3327 return 0; 3328 3329 /* stop if current instance doesn't need to be changed */ 3330 if (!(adv_instance->flags & flags)) 3331 return 0; 3332 3333 cancel_adv_timeout(hdev); 3334 3335 adv_instance = hci_get_next_instance(hdev, adv_instance->instance); 3336 if (!adv_instance) 3337 return 0; 3338 3339 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true); 3340 3341 return 0; 3342} 3343 3344static int name_changed_sync(struct hci_dev *hdev, void *data) 3345{ 3346 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME); 3347} 3348 3349static void set_name_complete(struct hci_dev *hdev, void *data, int err) 3350{ 3351 struct mgmt_pending_cmd *cmd = data; 3352 struct mgmt_cp_set_local_name *cp = cmd->param; 3353 u8 status = mgmt_status(err); 3354 3355 bt_dev_dbg(hdev, "err %d", err); 3356 3357 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev)) 3358 return; 3359 3360 if (status) { 3361 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3362 status); 3363 } else { 3364 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3365 cp, sizeof(*cp)); 3366 3367 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3368 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL); 3369 } 3370 3371 mgmt_pending_remove(cmd); 3372} 3373 3374static int set_name_sync(struct hci_dev *hdev, void *data) 3375{ 3376 if (lmp_bredr_capable(hdev)) { 3377 hci_update_name_sync(hdev); 3378 hci_update_eir_sync(hdev); 3379 } 3380 3381 /* The name is stored in the scan response data and so 3382 * no need to update the advertising data here. 3383 */ 3384 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING)) 3385 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance); 3386 3387 return 0; 3388} 3389 3390static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data, 3391 u16 len) 3392{ 3393 struct mgmt_cp_set_local_name *cp = data; 3394 struct mgmt_pending_cmd *cmd; 3395 int err; 3396 3397 bt_dev_dbg(hdev, "sock %p", sk); 3398 3399 hci_dev_lock(hdev); 3400 3401 /* If the old values are the same as the new ones just return a 3402 * direct command complete event. 3403 */ 3404 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) && 3405 !memcmp(hdev->short_name, cp->short_name, 3406 sizeof(hdev->short_name))) { 3407 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3408 data, len); 3409 goto failed; 3410 } 3411 3412 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name)); 3413 3414 if (!hdev_is_powered(hdev)) { 3415 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3416 3417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, 3418 data, len); 3419 if (err < 0) 3420 goto failed; 3421 3422 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, 3423 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk); 3424 ext_info_changed(hdev, sk); 3425 3426 goto failed; 3427 } 3428 3429 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 3430 if (!cmd) 3431 err = -ENOMEM; 3432 else 3433 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd, 3434 set_name_complete); 3435 3436 if (err < 0) { 3437 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3438 MGMT_STATUS_FAILED); 3439 3440 if (cmd) 3441 mgmt_pending_remove(cmd); 3442 3443 goto failed; 3444 } 3445 3446 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name)); 3447 3448failed: 3449 hci_dev_unlock(hdev); 3450 return err; 3451} 3452 3453static int appearance_changed_sync(struct hci_dev *hdev, void *data) 3454{ 3455 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE); 3456} 3457 3458static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data, 3459 u16 len) 3460{ 3461 struct mgmt_cp_set_appearance *cp = data; 3462 u16 appearance; 3463 int err; 3464 3465 bt_dev_dbg(hdev, "sock %p", sk); 3466 3467 if (!lmp_le_capable(hdev)) 3468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 3469 MGMT_STATUS_NOT_SUPPORTED); 3470 3471 appearance = le16_to_cpu(cp->appearance); 3472 3473 hci_dev_lock(hdev); 3474 3475 if (hdev->appearance != appearance) { 3476 hdev->appearance = appearance; 3477 3478 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 3479 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL, 3480 NULL); 3481 3482 ext_info_changed(hdev, sk); 3483 } 3484 3485 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL, 3486 0); 3487 3488 hci_dev_unlock(hdev); 3489 3490 return err; 3491} 3492 3493static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3494 void *data, u16 len) 3495{ 3496 struct mgmt_rp_get_phy_configuration rp; 3497 3498 bt_dev_dbg(hdev, "sock %p", sk); 3499 3500 hci_dev_lock(hdev); 3501 3502 memset(&rp, 0, sizeof(rp)); 3503 3504 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev)); 3505 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3506 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev)); 3507 3508 hci_dev_unlock(hdev); 3509 3510 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0, 3511 &rp, sizeof(rp)); 3512} 3513 3514int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip) 3515{ 3516 struct mgmt_ev_phy_configuration_changed ev; 3517 3518 memset(&ev, 0, sizeof(ev)); 3519 3520 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev)); 3521 3522 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev, 3523 sizeof(ev), skip); 3524} 3525 3526static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err) 3527{ 3528 struct mgmt_pending_cmd *cmd = data; 3529 struct sk_buff *skb = cmd->skb; 3530 u8 status = mgmt_status(err); 3531 3532 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) 3533 return; 3534 3535 if (!status) { 3536 if (!skb) 3537 status = MGMT_STATUS_FAILED; 3538 else if (IS_ERR(skb)) 3539 status = mgmt_status(PTR_ERR(skb)); 3540 else 3541 status = mgmt_status(skb->data[0]); 3542 } 3543 3544 bt_dev_dbg(hdev, "status %d", status); 3545 3546 if (status) { 3547 mgmt_cmd_status(cmd->sk, hdev->id, 3548 MGMT_OP_SET_PHY_CONFIGURATION, status); 3549 } else { 3550 mgmt_cmd_complete(cmd->sk, hdev->id, 3551 MGMT_OP_SET_PHY_CONFIGURATION, 0, 3552 NULL, 0); 3553 3554 mgmt_phy_configuration_changed(hdev, cmd->sk); 3555 } 3556 3557 if (skb && !IS_ERR(skb)) 3558 kfree_skb(skb); 3559 3560 mgmt_pending_remove(cmd); 3561} 3562 3563static int set_default_phy_sync(struct hci_dev *hdev, void *data) 3564{ 3565 struct mgmt_pending_cmd *cmd = data; 3566 struct mgmt_cp_set_phy_configuration *cp = cmd->param; 3567 struct hci_cp_le_set_default_phy cp_phy; 3568 u32 selected_phys = __le32_to_cpu(cp->selected_phys); 3569 3570 memset(&cp_phy, 0, sizeof(cp_phy)); 3571 3572 if (!(selected_phys & MGMT_PHY_LE_TX_MASK)) 3573 cp_phy.all_phys |= 0x01; 3574 3575 if (!(selected_phys & MGMT_PHY_LE_RX_MASK)) 3576 cp_phy.all_phys |= 0x02; 3577 3578 if (selected_phys & MGMT_PHY_LE_1M_TX) 3579 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M; 3580 3581 if (selected_phys & MGMT_PHY_LE_2M_TX) 3582 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M; 3583 3584 if (selected_phys & MGMT_PHY_LE_CODED_TX) 3585 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED; 3586 3587 if (selected_phys & MGMT_PHY_LE_1M_RX) 3588 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M; 3589 3590 if (selected_phys & MGMT_PHY_LE_2M_RX) 3591 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M; 3592 3593 if (selected_phys & MGMT_PHY_LE_CODED_RX) 3594 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED; 3595 3596 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY, 3597 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT); 3598 3599 return 0; 3600} 3601 3602static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev, 3603 void *data, u16 len) 3604{ 3605 struct mgmt_cp_set_phy_configuration *cp = data; 3606 struct mgmt_pending_cmd *cmd; 3607 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys; 3608 u16 pkt_type = (HCI_DH1 | HCI_DM1); 3609 bool changed = false; 3610 int err; 3611 3612 bt_dev_dbg(hdev, "sock %p", sk); 3613 3614 configurable_phys = get_configurable_phys(hdev); 3615 supported_phys = get_supported_phys(hdev); 3616 selected_phys = __le32_to_cpu(cp->selected_phys); 3617 3618 if (selected_phys & ~supported_phys) 3619 return mgmt_cmd_status(sk, hdev->id, 3620 MGMT_OP_SET_PHY_CONFIGURATION, 3621 MGMT_STATUS_INVALID_PARAMS); 3622 3623 unconfigure_phys = supported_phys & ~configurable_phys; 3624 3625 if ((selected_phys & unconfigure_phys) != unconfigure_phys) 3626 return mgmt_cmd_status(sk, hdev->id, 3627 MGMT_OP_SET_PHY_CONFIGURATION, 3628 MGMT_STATUS_INVALID_PARAMS); 3629 3630 if (selected_phys == get_selected_phys(hdev)) 3631 return mgmt_cmd_complete(sk, hdev->id, 3632 MGMT_OP_SET_PHY_CONFIGURATION, 3633 0, NULL, 0); 3634 3635 hci_dev_lock(hdev); 3636 3637 if (!hdev_is_powered(hdev)) { 3638 err = mgmt_cmd_status(sk, hdev->id, 3639 MGMT_OP_SET_PHY_CONFIGURATION, 3640 MGMT_STATUS_REJECTED); 3641 goto unlock; 3642 } 3643 3644 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) { 3645 err = mgmt_cmd_status(sk, hdev->id, 3646 MGMT_OP_SET_PHY_CONFIGURATION, 3647 MGMT_STATUS_BUSY); 3648 goto unlock; 3649 } 3650 3651 if (selected_phys & MGMT_PHY_BR_1M_3SLOT) 3652 pkt_type |= (HCI_DH3 | HCI_DM3); 3653 else 3654 pkt_type &= ~(HCI_DH3 | HCI_DM3); 3655 3656 if (selected_phys & MGMT_PHY_BR_1M_5SLOT) 3657 pkt_type |= (HCI_DH5 | HCI_DM5); 3658 else 3659 pkt_type &= ~(HCI_DH5 | HCI_DM5); 3660 3661 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT) 3662 pkt_type &= ~HCI_2DH1; 3663 else 3664 pkt_type |= HCI_2DH1; 3665 3666 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT) 3667 pkt_type &= ~HCI_2DH3; 3668 else 3669 pkt_type |= HCI_2DH3; 3670 3671 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT) 3672 pkt_type &= ~HCI_2DH5; 3673 else 3674 pkt_type |= HCI_2DH5; 3675 3676 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT) 3677 pkt_type &= ~HCI_3DH1; 3678 else 3679 pkt_type |= HCI_3DH1; 3680 3681 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT) 3682 pkt_type &= ~HCI_3DH3; 3683 else 3684 pkt_type |= HCI_3DH3; 3685 3686 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT) 3687 pkt_type &= ~HCI_3DH5; 3688 else 3689 pkt_type |= HCI_3DH5; 3690 3691 if (pkt_type != hdev->pkt_type) { 3692 hdev->pkt_type = pkt_type; 3693 changed = true; 3694 } 3695 3696 if ((selected_phys & MGMT_PHY_LE_MASK) == 3697 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) { 3698 if (changed) 3699 mgmt_phy_configuration_changed(hdev, sk); 3700 3701 err = mgmt_cmd_complete(sk, hdev->id, 3702 MGMT_OP_SET_PHY_CONFIGURATION, 3703 0, NULL, 0); 3704 3705 goto unlock; 3706 } 3707 3708 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data, 3709 len); 3710 if (!cmd) 3711 err = -ENOMEM; 3712 else 3713 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd, 3714 set_default_phy_complete); 3715 3716 if (err < 0) { 3717 err = mgmt_cmd_status(sk, hdev->id, 3718 MGMT_OP_SET_PHY_CONFIGURATION, 3719 MGMT_STATUS_FAILED); 3720 3721 if (cmd) 3722 mgmt_pending_remove(cmd); 3723 } 3724 3725unlock: 3726 hci_dev_unlock(hdev); 3727 3728 return err; 3729} 3730 3731static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data, 3732 u16 len) 3733{ 3734 int err = MGMT_STATUS_SUCCESS; 3735 struct mgmt_cp_set_blocked_keys *keys = data; 3736 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) / 3737 sizeof(struct mgmt_blocked_key_info)); 3738 u16 key_count, expected_len; 3739 int i; 3740 3741 bt_dev_dbg(hdev, "sock %p", sk); 3742 3743 key_count = __le16_to_cpu(keys->key_count); 3744 if (key_count > max_key_count) { 3745 bt_dev_err(hdev, "too big key_count value %u", key_count); 3746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3747 MGMT_STATUS_INVALID_PARAMS); 3748 } 3749 3750 expected_len = struct_size(keys, keys, key_count); 3751 if (expected_len != len) { 3752 bt_dev_err(hdev, "expected %u bytes, got %u bytes", 3753 expected_len, len); 3754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3755 MGMT_STATUS_INVALID_PARAMS); 3756 } 3757 3758 hci_dev_lock(hdev); 3759 3760 hci_blocked_keys_clear(hdev); 3761 3762 for (i = 0; i < keys->key_count; ++i) { 3763 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL); 3764 3765 if (!b) { 3766 err = MGMT_STATUS_NO_RESOURCES; 3767 break; 3768 } 3769 3770 b->type = keys->keys[i].type; 3771 memcpy(b->val, keys->keys[i].val, sizeof(b->val)); 3772 list_add_rcu(&b->list, &hdev->blocked_keys); 3773 } 3774 hci_dev_unlock(hdev); 3775 3776 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS, 3777 err, NULL, 0); 3778} 3779 3780static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev, 3781 void *data, u16 len) 3782{ 3783 struct mgmt_mode *cp = data; 3784 int err; 3785 bool changed = false; 3786 3787 bt_dev_dbg(hdev, "sock %p", sk); 3788 3789 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks)) 3790 return mgmt_cmd_status(sk, hdev->id, 3791 MGMT_OP_SET_WIDEBAND_SPEECH, 3792 MGMT_STATUS_NOT_SUPPORTED); 3793 3794 if (cp->val != 0x00 && cp->val != 0x01) 3795 return mgmt_cmd_status(sk, hdev->id, 3796 MGMT_OP_SET_WIDEBAND_SPEECH, 3797 MGMT_STATUS_INVALID_PARAMS); 3798 3799 hci_dev_lock(hdev); 3800 3801 if (hdev_is_powered(hdev) && 3802 !!cp->val != hci_dev_test_flag(hdev, 3803 HCI_WIDEBAND_SPEECH_ENABLED)) { 3804 err = mgmt_cmd_status(sk, hdev->id, 3805 MGMT_OP_SET_WIDEBAND_SPEECH, 3806 MGMT_STATUS_REJECTED); 3807 goto unlock; 3808 } 3809 3810 if (cp->val) 3811 changed = !hci_dev_test_and_set_flag(hdev, 3812 HCI_WIDEBAND_SPEECH_ENABLED); 3813 else 3814 changed = hci_dev_test_and_clear_flag(hdev, 3815 HCI_WIDEBAND_SPEECH_ENABLED); 3816 3817 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev); 3818 if (err < 0) 3819 goto unlock; 3820 3821 if (changed) 3822 err = new_settings(hdev, sk); 3823 3824unlock: 3825 hci_dev_unlock(hdev); 3826 return err; 3827} 3828 3829static int read_controller_cap(struct sock *sk, struct hci_dev *hdev, 3830 void *data, u16 data_len) 3831{ 3832 char buf[20]; 3833 struct mgmt_rp_read_controller_cap *rp = (void *)buf; 3834 u16 cap_len = 0; 3835 u8 flags = 0; 3836 u8 tx_power_range[2]; 3837 3838 bt_dev_dbg(hdev, "sock %p", sk); 3839 3840 memset(&buf, 0, sizeof(buf)); 3841 3842 hci_dev_lock(hdev); 3843 3844 /* When the Read Simple Pairing Options command is supported, then 3845 * the remote public key validation is supported. 3846 * 3847 * Alternatively, when Microsoft extensions are available, they can 3848 * indicate support for public key validation as well. 3849 */ 3850 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev)) 3851 flags |= 0x01; /* Remote public key validation (BR/EDR) */ 3852 3853 flags |= 0x02; /* Remote public key validation (LE) */ 3854 3855 /* When the Read Encryption Key Size command is supported, then the 3856 * encryption key size is enforced. 3857 */ 3858 if (hdev->commands[20] & 0x10) 3859 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */ 3860 3861 flags |= 0x08; /* Encryption key size enforcement (LE) */ 3862 3863 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS, 3864 &flags, 1); 3865 3866 /* When the Read Simple Pairing Options command is supported, then 3867 * also max encryption key size information is provided. 3868 */ 3869 if (hdev->commands[41] & 0x08) 3870 cap_len = eir_append_le16(rp->cap, cap_len, 3871 MGMT_CAP_MAX_ENC_KEY_SIZE, 3872 hdev->max_enc_key_size); 3873 3874 cap_len = eir_append_le16(rp->cap, cap_len, 3875 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE, 3876 SMP_MAX_ENC_KEY_SIZE); 3877 3878 /* Append the min/max LE tx power parameters if we were able to fetch 3879 * it from the controller 3880 */ 3881 if (hdev->commands[38] & 0x80) { 3882 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1); 3883 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1); 3884 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR, 3885 tx_power_range, 2); 3886 } 3887 3888 rp->cap_len = cpu_to_le16(cap_len); 3889 3890 hci_dev_unlock(hdev); 3891 3892 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0, 3893 rp, sizeof(*rp) + cap_len); 3894} 3895 3896#ifdef CONFIG_BT_FEATURE_DEBUG 3897/* d4992530-b9ec-469f-ab01-6c481c47da1c */ 3898static const u8 debug_uuid[16] = { 3899 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab, 3900 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4, 3901}; 3902#endif 3903 3904/* 330859bc-7506-492d-9370-9a6f0614037f */ 3905static const u8 quality_report_uuid[16] = { 3906 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93, 3907 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33, 3908}; 3909 3910/* a6695ace-ee7f-4fb9-881a-5fac66c629af */ 3911static const u8 offload_codecs_uuid[16] = { 3912 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88, 3913 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6, 3914}; 3915 3916/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 3917static const u8 le_simultaneous_roles_uuid[16] = { 3918 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 3919 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 3920}; 3921 3922/* 15c0a148-c273-11ea-b3de-0242ac130004 */ 3923static const u8 rpa_resolution_uuid[16] = { 3924 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 3925 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 3926}; 3927 3928static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 3929 void *data, u16 data_len) 3930{ 3931 char buf[102]; /* Enough space for 5 features: 2 + 20 * 5 */ 3932 struct mgmt_rp_read_exp_features_info *rp = (void *)buf; 3933 u16 idx = 0; 3934 u32 flags; 3935 3936 bt_dev_dbg(hdev, "sock %p", sk); 3937 3938 memset(&buf, 0, sizeof(buf)); 3939 3940#ifdef CONFIG_BT_FEATURE_DEBUG 3941 if (!hdev) { 3942 flags = bt_dbg_get() ? BIT(0) : 0; 3943 3944 memcpy(rp->features[idx].uuid, debug_uuid, 16); 3945 rp->features[idx].flags = cpu_to_le32(flags); 3946 idx++; 3947 } 3948#endif 3949 3950 if (hdev && hci_dev_le_state_simultaneous(hdev)) { 3951 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) 3952 flags = BIT(0); 3953 else 3954 flags = 0; 3955 3956 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16); 3957 rp->features[idx].flags = cpu_to_le32(flags); 3958 idx++; 3959 } 3960 3961 if (hdev && ll_privacy_capable(hdev)) { 3962 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 3963 flags = BIT(0) | BIT(1); 3964 else 3965 flags = BIT(1); 3966 3967 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 3968 rp->features[idx].flags = cpu_to_le32(flags); 3969 idx++; 3970 } 3971 3972 if (hdev && (aosp_has_quality_report(hdev) || 3973 hdev->set_quality_report)) { 3974 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)) 3975 flags = BIT(0); 3976 else 3977 flags = 0; 3978 3979 memcpy(rp->features[idx].uuid, quality_report_uuid, 16); 3980 rp->features[idx].flags = cpu_to_le32(flags); 3981 idx++; 3982 } 3983 3984 if (hdev && hdev->get_data_path_id) { 3985 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)) 3986 flags = BIT(0); 3987 else 3988 flags = 0; 3989 3990 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16); 3991 rp->features[idx].flags = cpu_to_le32(flags); 3992 idx++; 3993 } 3994 3995 rp->feature_count = cpu_to_le16(idx); 3996 3997 /* After reading the experimental features information, enable 3998 * the events to update client on any future change. 3999 */ 4000 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4001 4002 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4003 MGMT_OP_READ_EXP_FEATURES_INFO, 4004 0, rp, sizeof(*rp) + (20 * idx)); 4005} 4006 4007static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 4008 struct sock *skip) 4009{ 4010 struct mgmt_ev_exp_feature_changed ev; 4011 4012 memset(&ev, 0, sizeof(ev)); 4013 memcpy(ev.uuid, rpa_resolution_uuid, 16); 4014 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 4015 4016 // Do we need to be atomic with the conn_flags? 4017 if (enabled && privacy_mode_capable(hdev)) 4018 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY; 4019 else 4020 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY; 4021 4022 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4023 &ev, sizeof(ev), 4024 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4025 4026} 4027 4028static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid, 4029 bool enabled, struct sock *skip) 4030{ 4031 struct mgmt_ev_exp_feature_changed ev; 4032 4033 memset(&ev, 0, sizeof(ev)); 4034 memcpy(ev.uuid, uuid, 16); 4035 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0); 4036 4037 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 4038 &ev, sizeof(ev), 4039 HCI_MGMT_EXP_FEATURE_EVENTS, skip); 4040} 4041 4042#define EXP_FEAT(_uuid, _set_func) \ 4043{ \ 4044 .uuid = _uuid, \ 4045 .set_func = _set_func, \ 4046} 4047 4048/* The zero key uuid is special. Multiple exp features are set through it. */ 4049static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev, 4050 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4051{ 4052 struct mgmt_rp_set_exp_feature rp; 4053 4054 memset(rp.uuid, 0, 16); 4055 rp.flags = cpu_to_le32(0); 4056 4057#ifdef CONFIG_BT_FEATURE_DEBUG 4058 if (!hdev) { 4059 bool changed = bt_dbg_get(); 4060 4061 bt_dbg_set(false); 4062 4063 if (changed) 4064 exp_feature_changed(NULL, ZERO_KEY, false, sk); 4065 } 4066#endif 4067 4068 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 4069 bool changed; 4070 4071 changed = hci_dev_test_and_clear_flag(hdev, 4072 HCI_ENABLE_LL_PRIVACY); 4073 if (changed) 4074 exp_feature_changed(hdev, rpa_resolution_uuid, false, 4075 sk); 4076 } 4077 4078 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4079 4080 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4081 MGMT_OP_SET_EXP_FEATURE, 0, 4082 &rp, sizeof(rp)); 4083} 4084 4085#ifdef CONFIG_BT_FEATURE_DEBUG 4086static int set_debug_func(struct sock *sk, struct hci_dev *hdev, 4087 struct mgmt_cp_set_exp_feature *cp, u16 data_len) 4088{ 4089 struct mgmt_rp_set_exp_feature rp; 4090 4091 bool val, changed; 4092 int err; 4093 4094 /* Command requires to use the non-controller index */ 4095 if (hdev) 4096 return mgmt_cmd_status(sk, hdev->id, 4097 MGMT_OP_SET_EXP_FEATURE, 4098 MGMT_STATUS_INVALID_INDEX); 4099 4100 /* Parameters are limited to a single octet */ 4101 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4102 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4103 MGMT_OP_SET_EXP_FEATURE, 4104 MGMT_STATUS_INVALID_PARAMS); 4105 4106 /* Only boolean on/off is supported */ 4107 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4108 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4109 MGMT_OP_SET_EXP_FEATURE, 4110 MGMT_STATUS_INVALID_PARAMS); 4111 4112 val = !!cp->param[0]; 4113 changed = val ? !bt_dbg_get() : bt_dbg_get(); 4114 bt_dbg_set(val); 4115 4116 memcpy(rp.uuid, debug_uuid, 16); 4117 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4118 4119 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4120 4121 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, 4122 MGMT_OP_SET_EXP_FEATURE, 0, 4123 &rp, sizeof(rp)); 4124 4125 if (changed) 4126 exp_feature_changed(hdev, debug_uuid, val, sk); 4127 4128 return err; 4129} 4130#endif 4131 4132static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev, 4133 struct mgmt_cp_set_exp_feature *cp, 4134 u16 data_len) 4135{ 4136 struct mgmt_rp_set_exp_feature rp; 4137 bool val, changed; 4138 int err; 4139 u32 flags; 4140 4141 /* Command requires to use the controller index */ 4142 if (!hdev) 4143 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4144 MGMT_OP_SET_EXP_FEATURE, 4145 MGMT_STATUS_INVALID_INDEX); 4146 4147 /* Changes can only be made when controller is powered down */ 4148 if (hdev_is_powered(hdev)) 4149 return mgmt_cmd_status(sk, hdev->id, 4150 MGMT_OP_SET_EXP_FEATURE, 4151 MGMT_STATUS_REJECTED); 4152 4153 /* Parameters are limited to a single octet */ 4154 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4155 return mgmt_cmd_status(sk, hdev->id, 4156 MGMT_OP_SET_EXP_FEATURE, 4157 MGMT_STATUS_INVALID_PARAMS); 4158 4159 /* Only boolean on/off is supported */ 4160 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4161 return mgmt_cmd_status(sk, hdev->id, 4162 MGMT_OP_SET_EXP_FEATURE, 4163 MGMT_STATUS_INVALID_PARAMS); 4164 4165 val = !!cp->param[0]; 4166 4167 if (val) { 4168 changed = !hci_dev_test_and_set_flag(hdev, 4169 HCI_ENABLE_LL_PRIVACY); 4170 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 4171 4172 /* Enable LL privacy + supported settings changed */ 4173 flags = BIT(0) | BIT(1); 4174 } else { 4175 changed = hci_dev_test_and_clear_flag(hdev, 4176 HCI_ENABLE_LL_PRIVACY); 4177 4178 /* Disable LL privacy + supported settings changed */ 4179 flags = BIT(1); 4180 } 4181 4182 memcpy(rp.uuid, rpa_resolution_uuid, 16); 4183 rp.flags = cpu_to_le32(flags); 4184 4185 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4186 4187 err = mgmt_cmd_complete(sk, hdev->id, 4188 MGMT_OP_SET_EXP_FEATURE, 0, 4189 &rp, sizeof(rp)); 4190 4191 if (changed) 4192 exp_ll_privacy_feature_changed(val, hdev, sk); 4193 4194 return err; 4195} 4196 4197static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev, 4198 struct mgmt_cp_set_exp_feature *cp, 4199 u16 data_len) 4200{ 4201 struct mgmt_rp_set_exp_feature rp; 4202 bool val, changed; 4203 int err; 4204 4205 /* Command requires to use a valid controller index */ 4206 if (!hdev) 4207 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4208 MGMT_OP_SET_EXP_FEATURE, 4209 MGMT_STATUS_INVALID_INDEX); 4210 4211 /* Parameters are limited to a single octet */ 4212 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4213 return mgmt_cmd_status(sk, hdev->id, 4214 MGMT_OP_SET_EXP_FEATURE, 4215 MGMT_STATUS_INVALID_PARAMS); 4216 4217 /* Only boolean on/off is supported */ 4218 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4219 return mgmt_cmd_status(sk, hdev->id, 4220 MGMT_OP_SET_EXP_FEATURE, 4221 MGMT_STATUS_INVALID_PARAMS); 4222 4223 hci_req_sync_lock(hdev); 4224 4225 val = !!cp->param[0]; 4226 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT)); 4227 4228 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) { 4229 err = mgmt_cmd_status(sk, hdev->id, 4230 MGMT_OP_SET_EXP_FEATURE, 4231 MGMT_STATUS_NOT_SUPPORTED); 4232 goto unlock_quality_report; 4233 } 4234 4235 if (changed) { 4236 if (hdev->set_quality_report) 4237 err = hdev->set_quality_report(hdev, val); 4238 else 4239 err = aosp_set_quality_report(hdev, val); 4240 4241 if (err) { 4242 err = mgmt_cmd_status(sk, hdev->id, 4243 MGMT_OP_SET_EXP_FEATURE, 4244 MGMT_STATUS_FAILED); 4245 goto unlock_quality_report; 4246 } 4247 4248 if (val) 4249 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT); 4250 else 4251 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT); 4252 } 4253 4254 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed); 4255 4256 memcpy(rp.uuid, quality_report_uuid, 16); 4257 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4258 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4259 4260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0, 4261 &rp, sizeof(rp)); 4262 4263 if (changed) 4264 exp_feature_changed(hdev, quality_report_uuid, val, sk); 4265 4266unlock_quality_report: 4267 hci_req_sync_unlock(hdev); 4268 return err; 4269} 4270 4271static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev, 4272 struct mgmt_cp_set_exp_feature *cp, 4273 u16 data_len) 4274{ 4275 bool val, changed; 4276 int err; 4277 struct mgmt_rp_set_exp_feature rp; 4278 4279 /* Command requires to use a valid controller index */ 4280 if (!hdev) 4281 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4282 MGMT_OP_SET_EXP_FEATURE, 4283 MGMT_STATUS_INVALID_INDEX); 4284 4285 /* Parameters are limited to a single octet */ 4286 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4287 return mgmt_cmd_status(sk, hdev->id, 4288 MGMT_OP_SET_EXP_FEATURE, 4289 MGMT_STATUS_INVALID_PARAMS); 4290 4291 /* Only boolean on/off is supported */ 4292 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4293 return mgmt_cmd_status(sk, hdev->id, 4294 MGMT_OP_SET_EXP_FEATURE, 4295 MGMT_STATUS_INVALID_PARAMS); 4296 4297 val = !!cp->param[0]; 4298 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED)); 4299 4300 if (!hdev->get_data_path_id) { 4301 return mgmt_cmd_status(sk, hdev->id, 4302 MGMT_OP_SET_EXP_FEATURE, 4303 MGMT_STATUS_NOT_SUPPORTED); 4304 } 4305 4306 if (changed) { 4307 if (val) 4308 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4309 else 4310 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED); 4311 } 4312 4313 bt_dev_info(hdev, "offload codecs enable %d changed %d", 4314 val, changed); 4315 4316 memcpy(rp.uuid, offload_codecs_uuid, 16); 4317 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4318 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4319 err = mgmt_cmd_complete(sk, hdev->id, 4320 MGMT_OP_SET_EXP_FEATURE, 0, 4321 &rp, sizeof(rp)); 4322 4323 if (changed) 4324 exp_feature_changed(hdev, offload_codecs_uuid, val, sk); 4325 4326 return err; 4327} 4328 4329static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev, 4330 struct mgmt_cp_set_exp_feature *cp, 4331 u16 data_len) 4332{ 4333 bool val, changed; 4334 int err; 4335 struct mgmt_rp_set_exp_feature rp; 4336 4337 /* Command requires to use a valid controller index */ 4338 if (!hdev) 4339 return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 4340 MGMT_OP_SET_EXP_FEATURE, 4341 MGMT_STATUS_INVALID_INDEX); 4342 4343 /* Parameters are limited to a single octet */ 4344 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 4345 return mgmt_cmd_status(sk, hdev->id, 4346 MGMT_OP_SET_EXP_FEATURE, 4347 MGMT_STATUS_INVALID_PARAMS); 4348 4349 /* Only boolean on/off is supported */ 4350 if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 4351 return mgmt_cmd_status(sk, hdev->id, 4352 MGMT_OP_SET_EXP_FEATURE, 4353 MGMT_STATUS_INVALID_PARAMS); 4354 4355 val = !!cp->param[0]; 4356 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)); 4357 4358 if (!hci_dev_le_state_simultaneous(hdev)) { 4359 return mgmt_cmd_status(sk, hdev->id, 4360 MGMT_OP_SET_EXP_FEATURE, 4361 MGMT_STATUS_NOT_SUPPORTED); 4362 } 4363 4364 if (changed) { 4365 if (val) 4366 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4367 else 4368 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES); 4369 } 4370 4371 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d", 4372 val, changed); 4373 4374 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16); 4375 rp.flags = cpu_to_le32(val ? BIT(0) : 0); 4376 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 4377 err = mgmt_cmd_complete(sk, hdev->id, 4378 MGMT_OP_SET_EXP_FEATURE, 0, 4379 &rp, sizeof(rp)); 4380 4381 if (changed) 4382 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk); 4383 4384 return err; 4385} 4386 4387static const struct mgmt_exp_feature { 4388 const u8 *uuid; 4389 int (*set_func)(struct sock *sk, struct hci_dev *hdev, 4390 struct mgmt_cp_set_exp_feature *cp, u16 data_len); 4391} exp_features[] = { 4392 EXP_FEAT(ZERO_KEY, set_zero_key_func), 4393#ifdef CONFIG_BT_FEATURE_DEBUG 4394 EXP_FEAT(debug_uuid, set_debug_func), 4395#endif 4396 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func), 4397 EXP_FEAT(quality_report_uuid, set_quality_report_func), 4398 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func), 4399 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func), 4400 4401 /* end with a null feature */ 4402 EXP_FEAT(NULL, NULL) 4403}; 4404 4405static int set_exp_feature(struct sock *sk, struct hci_dev *hdev, 4406 void *data, u16 data_len) 4407{ 4408 struct mgmt_cp_set_exp_feature *cp = data; 4409 size_t i = 0; 4410 4411 bt_dev_dbg(hdev, "sock %p", sk); 4412 4413 for (i = 0; exp_features[i].uuid; i++) { 4414 if (!memcmp(cp->uuid, exp_features[i].uuid, 16)) 4415 return exp_features[i].set_func(sk, hdev, cp, data_len); 4416 } 4417 4418 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 4419 MGMT_OP_SET_EXP_FEATURE, 4420 MGMT_STATUS_NOT_SUPPORTED); 4421} 4422 4423static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 4424 u16 data_len) 4425{ 4426 struct mgmt_cp_get_device_flags *cp = data; 4427 struct mgmt_rp_get_device_flags rp; 4428 struct bdaddr_list_with_flags *br_params; 4429 struct hci_conn_params *params; 4430 u32 supported_flags; 4431 u32 current_flags = 0; 4432 u8 status = MGMT_STATUS_INVALID_PARAMS; 4433 4434 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 4435 &cp->addr.bdaddr, cp->addr.type); 4436 4437 hci_dev_lock(hdev); 4438 4439 supported_flags = hdev->conn_flags; 4440 4441 memset(&rp, 0, sizeof(rp)); 4442 4443 if (cp->addr.type == BDADDR_BREDR) { 4444 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 4445 &cp->addr.bdaddr, 4446 cp->addr.type); 4447 if (!br_params) 4448 goto done; 4449 4450 current_flags = br_params->flags; 4451 } else { 4452 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 4453 le_addr_type(cp->addr.type)); 4454 4455 if (!params) 4456 goto done; 4457 4458 current_flags = params->flags; 4459 } 4460 4461 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 4462 rp.addr.type = cp->addr.type; 4463 rp.supported_flags = cpu_to_le32(supported_flags); 4464 rp.current_flags = cpu_to_le32(current_flags); 4465 4466 status = MGMT_STATUS_SUCCESS; 4467 4468done: 4469 hci_dev_unlock(hdev); 4470 4471 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 4472 &rp, sizeof(rp)); 4473} 4474 4475static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 4476 bdaddr_t *bdaddr, u8 bdaddr_type, 4477 u32 supported_flags, u32 current_flags) 4478{ 4479 struct mgmt_ev_device_flags_changed ev; 4480 4481 bacpy(&ev.addr.bdaddr, bdaddr); 4482 ev.addr.type = bdaddr_type; 4483 ev.supported_flags = cpu_to_le32(supported_flags); 4484 ev.current_flags = cpu_to_le32(current_flags); 4485 4486 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 4487} 4488 4489static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 4490 u16 len) 4491{ 4492 struct mgmt_cp_set_device_flags *cp = data; 4493 struct bdaddr_list_with_flags *br_params; 4494 struct hci_conn_params *params; 4495 u8 status = MGMT_STATUS_INVALID_PARAMS; 4496 u32 supported_flags; 4497 u32 current_flags = __le32_to_cpu(cp->current_flags); 4498 4499 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 4500 &cp->addr.bdaddr, cp->addr.type, 4501 __le32_to_cpu(current_flags)); 4502 4503 // We should take hci_dev_lock() early, I think.. conn_flags can change 4504 supported_flags = hdev->conn_flags; 4505 4506 if ((supported_flags | current_flags) != supported_flags) { 4507 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 4508 current_flags, supported_flags); 4509 goto done; 4510 } 4511 4512 hci_dev_lock(hdev); 4513 4514 if (cp->addr.type == BDADDR_BREDR) { 4515 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 4516 &cp->addr.bdaddr, 4517 cp->addr.type); 4518 4519 if (br_params) { 4520 br_params->flags = current_flags; 4521 status = MGMT_STATUS_SUCCESS; 4522 } else { 4523 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 4524 &cp->addr.bdaddr, cp->addr.type); 4525 } 4526 } else { 4527 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 4528 le_addr_type(cp->addr.type)); 4529 if (params) { 4530 /* Devices using RPAs can only be programmed in the 4531 * acceptlist LL Privacy has been enable otherwise they 4532 * cannot mark HCI_CONN_FLAG_REMOTE_WAKEUP. 4533 */ 4534 if ((current_flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && 4535 !use_ll_privacy(hdev) && 4536 hci_find_irk_by_addr(hdev, ¶ms->addr, 4537 params->addr_type)) { 4538 bt_dev_warn(hdev, 4539 "Cannot set wakeable for RPA"); 4540 goto unlock; 4541 } 4542 4543 params->flags = current_flags; 4544 status = MGMT_STATUS_SUCCESS; 4545 4546 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY 4547 * has been set. 4548 */ 4549 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY) 4550 hci_update_passive_scan(hdev); 4551 } else { 4552 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 4553 &cp->addr.bdaddr, 4554 le_addr_type(cp->addr.type)); 4555 } 4556 } 4557 4558unlock: 4559 hci_dev_unlock(hdev); 4560 4561done: 4562 if (status == MGMT_STATUS_SUCCESS) 4563 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 4564 supported_flags, current_flags); 4565 4566 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 4567 &cp->addr, sizeof(cp->addr)); 4568} 4569 4570static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 4571 u16 handle) 4572{ 4573 struct mgmt_ev_adv_monitor_added ev; 4574 4575 ev.monitor_handle = cpu_to_le16(handle); 4576 4577 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 4578} 4579 4580void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle) 4581{ 4582 struct mgmt_ev_adv_monitor_removed ev; 4583 struct mgmt_pending_cmd *cmd; 4584 struct sock *sk_skip = NULL; 4585 struct mgmt_cp_remove_adv_monitor *cp; 4586 4587 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev); 4588 if (cmd) { 4589 cp = cmd->param; 4590 4591 if (cp->monitor_handle) 4592 sk_skip = cmd->sk; 4593 } 4594 4595 ev.monitor_handle = cpu_to_le16(handle); 4596 4597 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip); 4598} 4599 4600static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 4601 void *data, u16 len) 4602{ 4603 struct adv_monitor *monitor = NULL; 4604 struct mgmt_rp_read_adv_monitor_features *rp = NULL; 4605 int handle, err; 4606 size_t rp_size = 0; 4607 __u32 supported = 0; 4608 __u32 enabled = 0; 4609 __u16 num_handles = 0; 4610 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 4611 4612 BT_DBG("request for %s", hdev->name); 4613 4614 hci_dev_lock(hdev); 4615 4616 if (msft_monitor_supported(hdev)) 4617 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 4618 4619 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) 4620 handles[num_handles++] = monitor->handle; 4621 4622 hci_dev_unlock(hdev); 4623 4624 rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 4625 rp = kmalloc(rp_size, GFP_KERNEL); 4626 if (!rp) 4627 return -ENOMEM; 4628 4629 /* All supported features are currently enabled */ 4630 enabled = supported; 4631 4632 rp->supported_features = cpu_to_le32(supported); 4633 rp->enabled_features = cpu_to_le32(enabled); 4634 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 4635 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 4636 rp->num_handles = cpu_to_le16(num_handles); 4637 if (num_handles) 4638 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 4639 4640 err = mgmt_cmd_complete(sk, hdev->id, 4641 MGMT_OP_READ_ADV_MONITOR_FEATURES, 4642 MGMT_STATUS_SUCCESS, rp, rp_size); 4643 4644 kfree(rp); 4645 4646 return err; 4647} 4648 4649int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status) 4650{ 4651 struct mgmt_rp_add_adv_patterns_monitor rp; 4652 struct mgmt_pending_cmd *cmd; 4653 struct adv_monitor *monitor; 4654 int err = 0; 4655 4656 hci_dev_lock(hdev); 4657 4658 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev); 4659 if (!cmd) { 4660 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev); 4661 if (!cmd) 4662 goto done; 4663 } 4664 4665 monitor = cmd->user_data; 4666 rp.monitor_handle = cpu_to_le16(monitor->handle); 4667 4668 if (!status) { 4669 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle); 4670 hdev->adv_monitors_cnt++; 4671 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED) 4672 monitor->state = ADV_MONITOR_STATE_REGISTERED; 4673 hci_update_passive_scan(hdev); 4674 } 4675 4676 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 4677 mgmt_status(status), &rp, sizeof(rp)); 4678 mgmt_pending_remove(cmd); 4679 4680done: 4681 hci_dev_unlock(hdev); 4682 bt_dev_dbg(hdev, "add monitor %d complete, status %u", 4683 rp.monitor_handle, status); 4684 4685 return err; 4686} 4687 4688static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 4689 struct adv_monitor *m, u8 status, 4690 void *data, u16 len, u16 op) 4691{ 4692 struct mgmt_rp_add_adv_patterns_monitor rp; 4693 struct mgmt_pending_cmd *cmd; 4694 int err; 4695 bool pending; 4696 4697 hci_dev_lock(hdev); 4698 4699 if (status) 4700 goto unlock; 4701 4702 if (pending_find(MGMT_OP_SET_LE, hdev) || 4703 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 4704 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) || 4705 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) { 4706 status = MGMT_STATUS_BUSY; 4707 goto unlock; 4708 } 4709 4710 cmd = mgmt_pending_add(sk, op, hdev, data, len); 4711 if (!cmd) { 4712 status = MGMT_STATUS_NO_RESOURCES; 4713 goto unlock; 4714 } 4715 4716 cmd->user_data = m; 4717 pending = hci_add_adv_monitor(hdev, m, &err); 4718 if (err) { 4719 if (err == -ENOSPC || err == -ENOMEM) 4720 status = MGMT_STATUS_NO_RESOURCES; 4721 else if (err == -EINVAL) 4722 status = MGMT_STATUS_INVALID_PARAMS; 4723 else 4724 status = MGMT_STATUS_FAILED; 4725 4726 mgmt_pending_remove(cmd); 4727 goto unlock; 4728 } 4729 4730 if (!pending) { 4731 mgmt_pending_remove(cmd); 4732 rp.monitor_handle = cpu_to_le16(m->handle); 4733 mgmt_adv_monitor_added(sk, hdev, m->handle); 4734 m->state = ADV_MONITOR_STATE_REGISTERED; 4735 hdev->adv_monitors_cnt++; 4736 4737 hci_dev_unlock(hdev); 4738 return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS, 4739 &rp, sizeof(rp)); 4740 } 4741 4742 hci_dev_unlock(hdev); 4743 4744 return 0; 4745 4746unlock: 4747 hci_free_adv_monitor(hdev, m); 4748 hci_dev_unlock(hdev); 4749 return mgmt_cmd_status(sk, hdev->id, op, status); 4750} 4751 4752static void parse_adv_monitor_rssi(struct adv_monitor *m, 4753 struct mgmt_adv_rssi_thresholds *rssi) 4754{ 4755 if (rssi) { 4756 m->rssi.low_threshold = rssi->low_threshold; 4757 m->rssi.low_threshold_timeout = 4758 __le16_to_cpu(rssi->low_threshold_timeout); 4759 m->rssi.high_threshold = rssi->high_threshold; 4760 m->rssi.high_threshold_timeout = 4761 __le16_to_cpu(rssi->high_threshold_timeout); 4762 m->rssi.sampling_period = rssi->sampling_period; 4763 } else { 4764 /* Default values. These numbers are the least constricting 4765 * parameters for MSFT API to work, so it behaves as if there 4766 * are no rssi parameter to consider. May need to be changed 4767 * if other API are to be supported. 4768 */ 4769 m->rssi.low_threshold = -127; 4770 m->rssi.low_threshold_timeout = 60; 4771 m->rssi.high_threshold = -127; 4772 m->rssi.high_threshold_timeout = 0; 4773 m->rssi.sampling_period = 0; 4774 } 4775} 4776 4777static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count, 4778 struct mgmt_adv_pattern *patterns) 4779{ 4780 u8 offset = 0, length = 0; 4781 struct adv_pattern *p = NULL; 4782 int i; 4783 4784 for (i = 0; i < pattern_count; i++) { 4785 offset = patterns[i].offset; 4786 length = patterns[i].length; 4787 if (offset >= HCI_MAX_AD_LENGTH || 4788 length > HCI_MAX_AD_LENGTH || 4789 (offset + length) > HCI_MAX_AD_LENGTH) 4790 return MGMT_STATUS_INVALID_PARAMS; 4791 4792 p = kmalloc(sizeof(*p), GFP_KERNEL); 4793 if (!p) 4794 return MGMT_STATUS_NO_RESOURCES; 4795 4796 p->ad_type = patterns[i].ad_type; 4797 p->offset = patterns[i].offset; 4798 p->length = patterns[i].length; 4799 memcpy(p->value, patterns[i].value, p->length); 4800 4801 INIT_LIST_HEAD(&p->list); 4802 list_add(&p->list, &m->patterns); 4803 } 4804 4805 return MGMT_STATUS_SUCCESS; 4806} 4807 4808static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 4809 void *data, u16 len) 4810{ 4811 struct mgmt_cp_add_adv_patterns_monitor *cp = data; 4812 struct adv_monitor *m = NULL; 4813 u8 status = MGMT_STATUS_SUCCESS; 4814 size_t expected_size = sizeof(*cp); 4815 4816 BT_DBG("request for %s", hdev->name); 4817 4818 if (len <= sizeof(*cp)) { 4819 status = MGMT_STATUS_INVALID_PARAMS; 4820 goto done; 4821 } 4822 4823 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 4824 if (len != expected_size) { 4825 status = MGMT_STATUS_INVALID_PARAMS; 4826 goto done; 4827 } 4828 4829 m = kzalloc(sizeof(*m), GFP_KERNEL); 4830 if (!m) { 4831 status = MGMT_STATUS_NO_RESOURCES; 4832 goto done; 4833 } 4834 4835 INIT_LIST_HEAD(&m->patterns); 4836 4837 parse_adv_monitor_rssi(m, NULL); 4838 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 4839 4840done: 4841 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 4842 MGMT_OP_ADD_ADV_PATTERNS_MONITOR); 4843} 4844 4845static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev, 4846 void *data, u16 len) 4847{ 4848 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data; 4849 struct adv_monitor *m = NULL; 4850 u8 status = MGMT_STATUS_SUCCESS; 4851 size_t expected_size = sizeof(*cp); 4852 4853 BT_DBG("request for %s", hdev->name); 4854 4855 if (len <= sizeof(*cp)) { 4856 status = MGMT_STATUS_INVALID_PARAMS; 4857 goto done; 4858 } 4859 4860 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern); 4861 if (len != expected_size) { 4862 status = MGMT_STATUS_INVALID_PARAMS; 4863 goto done; 4864 } 4865 4866 m = kzalloc(sizeof(*m), GFP_KERNEL); 4867 if (!m) { 4868 status = MGMT_STATUS_NO_RESOURCES; 4869 goto done; 4870 } 4871 4872 INIT_LIST_HEAD(&m->patterns); 4873 4874 parse_adv_monitor_rssi(m, &cp->rssi); 4875 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns); 4876 4877done: 4878 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len, 4879 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI); 4880} 4881 4882int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status) 4883{ 4884 struct mgmt_rp_remove_adv_monitor rp; 4885 struct mgmt_cp_remove_adv_monitor *cp; 4886 struct mgmt_pending_cmd *cmd; 4887 int err = 0; 4888 4889 hci_dev_lock(hdev); 4890 4891 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev); 4892 if (!cmd) 4893 goto done; 4894 4895 cp = cmd->param; 4896 rp.monitor_handle = cp->monitor_handle; 4897 4898 if (!status) 4899 hci_update_passive_scan(hdev); 4900 4901 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 4902 mgmt_status(status), &rp, sizeof(rp)); 4903 mgmt_pending_remove(cmd); 4904 4905done: 4906 hci_dev_unlock(hdev); 4907 bt_dev_dbg(hdev, "remove monitor %d complete, status %u", 4908 rp.monitor_handle, status); 4909 4910 return err; 4911} 4912 4913static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 4914 void *data, u16 len) 4915{ 4916 struct mgmt_cp_remove_adv_monitor *cp = data; 4917 struct mgmt_rp_remove_adv_monitor rp; 4918 struct mgmt_pending_cmd *cmd; 4919 u16 handle = __le16_to_cpu(cp->monitor_handle); 4920 int err, status; 4921 bool pending; 4922 4923 BT_DBG("request for %s", hdev->name); 4924 rp.monitor_handle = cp->monitor_handle; 4925 4926 hci_dev_lock(hdev); 4927 4928 if (pending_find(MGMT_OP_SET_LE, hdev) || 4929 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) || 4930 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) || 4931 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) { 4932 status = MGMT_STATUS_BUSY; 4933 goto unlock; 4934 } 4935 4936 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len); 4937 if (!cmd) { 4938 status = MGMT_STATUS_NO_RESOURCES; 4939 goto unlock; 4940 } 4941 4942 if (handle) 4943 pending = hci_remove_single_adv_monitor(hdev, handle, &err); 4944 else 4945 pending = hci_remove_all_adv_monitor(hdev, &err); 4946 4947 if (err) { 4948 mgmt_pending_remove(cmd); 4949 4950 if (err == -ENOENT) 4951 status = MGMT_STATUS_INVALID_INDEX; 4952 else 4953 status = MGMT_STATUS_FAILED; 4954 4955 goto unlock; 4956 } 4957 4958 /* monitor can be removed without forwarding request to controller */ 4959 if (!pending) { 4960 mgmt_pending_remove(cmd); 4961 hci_dev_unlock(hdev); 4962 4963 return mgmt_cmd_complete(sk, hdev->id, 4964 MGMT_OP_REMOVE_ADV_MONITOR, 4965 MGMT_STATUS_SUCCESS, 4966 &rp, sizeof(rp)); 4967 } 4968 4969 hci_dev_unlock(hdev); 4970 return 0; 4971 4972unlock: 4973 hci_dev_unlock(hdev); 4974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 4975 status); 4976} 4977 4978static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err) 4979{ 4980 struct mgmt_rp_read_local_oob_data mgmt_rp; 4981 size_t rp_size = sizeof(mgmt_rp); 4982 struct mgmt_pending_cmd *cmd = data; 4983 struct sk_buff *skb = cmd->skb; 4984 u8 status = mgmt_status(err); 4985 4986 if (!status) { 4987 if (!skb) 4988 status = MGMT_STATUS_FAILED; 4989 else if (IS_ERR(skb)) 4990 status = mgmt_status(PTR_ERR(skb)); 4991 else 4992 status = mgmt_status(skb->data[0]); 4993 } 4994 4995 bt_dev_dbg(hdev, "status %d", status); 4996 4997 if (status) { 4998 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status); 4999 goto remove; 5000 } 5001 5002 memset(&mgmt_rp, 0, sizeof(mgmt_rp)); 5003 5004 if (!bredr_sc_enabled(hdev)) { 5005 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 5006 5007 if (skb->len < sizeof(*rp)) { 5008 mgmt_cmd_status(cmd->sk, hdev->id, 5009 MGMT_OP_READ_LOCAL_OOB_DATA, 5010 MGMT_STATUS_FAILED); 5011 goto remove; 5012 } 5013 5014 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash)); 5015 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand)); 5016 5017 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256); 5018 } else { 5019 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; 5020 5021 if (skb->len < sizeof(*rp)) { 5022 mgmt_cmd_status(cmd->sk, hdev->id, 5023 MGMT_OP_READ_LOCAL_OOB_DATA, 5024 MGMT_STATUS_FAILED); 5025 goto remove; 5026 } 5027 5028 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192)); 5029 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192)); 5030 5031 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256)); 5032 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256)); 5033 } 5034 5035 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5036 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size); 5037 5038remove: 5039 if (skb && !IS_ERR(skb)) 5040 kfree_skb(skb); 5041 5042 mgmt_pending_free(cmd); 5043} 5044 5045static int read_local_oob_data_sync(struct hci_dev *hdev, void *data) 5046{ 5047 struct mgmt_pending_cmd *cmd = data; 5048 5049 if (bredr_sc_enabled(hdev)) 5050 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk); 5051 else 5052 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk); 5053 5054 if (IS_ERR(cmd->skb)) 5055 return PTR_ERR(cmd->skb); 5056 else 5057 return 0; 5058} 5059 5060static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, 5061 void *data, u16 data_len) 5062{ 5063 struct mgmt_pending_cmd *cmd; 5064 int err; 5065 5066 bt_dev_dbg(hdev, "sock %p", sk); 5067 5068 hci_dev_lock(hdev); 5069 5070 if (!hdev_is_powered(hdev)) { 5071 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5072 MGMT_STATUS_NOT_POWERED); 5073 goto unlock; 5074 } 5075 5076 if (!lmp_ssp_capable(hdev)) { 5077 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5078 MGMT_STATUS_NOT_SUPPORTED); 5079 goto unlock; 5080 } 5081 5082 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 5083 if (!cmd) 5084 err = -ENOMEM; 5085 else 5086 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 5087 read_local_oob_data_complete); 5088 5089 if (err < 0) { 5090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5091 MGMT_STATUS_FAILED); 5092 5093 if (cmd) 5094 mgmt_pending_free(cmd); 5095 } 5096 5097unlock: 5098 hci_dev_unlock(hdev); 5099 return err; 5100} 5101 5102static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5103 void *data, u16 len) 5104{ 5105 struct mgmt_addr_info *addr = data; 5106 int err; 5107 5108 bt_dev_dbg(hdev, "sock %p", sk); 5109 5110 if (!bdaddr_type_is_valid(addr->type)) 5111 return mgmt_cmd_complete(sk, hdev->id, 5112 MGMT_OP_ADD_REMOTE_OOB_DATA, 5113 MGMT_STATUS_INVALID_PARAMS, 5114 addr, sizeof(*addr)); 5115 5116 hci_dev_lock(hdev); 5117 5118 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { 5119 struct mgmt_cp_add_remote_oob_data *cp = data; 5120 u8 status; 5121 5122 if (cp->addr.type != BDADDR_BREDR) { 5123 err = mgmt_cmd_complete(sk, hdev->id, 5124 MGMT_OP_ADD_REMOTE_OOB_DATA, 5125 MGMT_STATUS_INVALID_PARAMS, 5126 &cp->addr, sizeof(cp->addr)); 5127 goto unlock; 5128 } 5129 5130 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5131 cp->addr.type, cp->hash, 5132 cp->rand, NULL, NULL); 5133 if (err < 0) 5134 status = MGMT_STATUS_FAILED; 5135 else 5136 status = MGMT_STATUS_SUCCESS; 5137 5138 err = mgmt_cmd_complete(sk, hdev->id, 5139 MGMT_OP_ADD_REMOTE_OOB_DATA, status, 5140 &cp->addr, sizeof(cp->addr)); 5141 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { 5142 struct mgmt_cp_add_remote_oob_ext_data *cp = data; 5143 u8 *rand192, *hash192, *rand256, *hash256; 5144 u8 status; 5145 5146 if (bdaddr_type_is_le(cp->addr.type)) { 5147 /* Enforce zero-valued 192-bit parameters as 5148 * long as legacy SMP OOB isn't implemented. 5149 */ 5150 if (memcmp(cp->rand192, ZERO_KEY, 16) || 5151 memcmp(cp->hash192, ZERO_KEY, 16)) { 5152 err = mgmt_cmd_complete(sk, hdev->id, 5153 MGMT_OP_ADD_REMOTE_OOB_DATA, 5154 MGMT_STATUS_INVALID_PARAMS, 5155 addr, sizeof(*addr)); 5156 goto unlock; 5157 } 5158 5159 rand192 = NULL; 5160 hash192 = NULL; 5161 } else { 5162 /* In case one of the P-192 values is set to zero, 5163 * then just disable OOB data for P-192. 5164 */ 5165 if (!memcmp(cp->rand192, ZERO_KEY, 16) || 5166 !memcmp(cp->hash192, ZERO_KEY, 16)) { 5167 rand192 = NULL; 5168 hash192 = NULL; 5169 } else { 5170 rand192 = cp->rand192; 5171 hash192 = cp->hash192; 5172 } 5173 } 5174 5175 /* In case one of the P-256 values is set to zero, then just 5176 * disable OOB data for P-256. 5177 */ 5178 if (!memcmp(cp->rand256, ZERO_KEY, 16) || 5179 !memcmp(cp->hash256, ZERO_KEY, 16)) { 5180 rand256 = NULL; 5181 hash256 = NULL; 5182 } else { 5183 rand256 = cp->rand256; 5184 hash256 = cp->hash256; 5185 } 5186 5187 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, 5188 cp->addr.type, hash192, rand192, 5189 hash256, rand256); 5190 if (err < 0) 5191 status = MGMT_STATUS_FAILED; 5192 else 5193 status = MGMT_STATUS_SUCCESS; 5194 5195 err = mgmt_cmd_complete(sk, hdev->id, 5196 MGMT_OP_ADD_REMOTE_OOB_DATA, 5197 status, &cp->addr, sizeof(cp->addr)); 5198 } else { 5199 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes", 5200 len); 5201 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, 5202 MGMT_STATUS_INVALID_PARAMS); 5203 } 5204 5205unlock: 5206 hci_dev_unlock(hdev); 5207 return err; 5208} 5209 5210static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev, 5211 void *data, u16 len) 5212{ 5213 struct mgmt_cp_remove_remote_oob_data *cp = data; 5214 u8 status; 5215 int err; 5216 5217 bt_dev_dbg(hdev, "sock %p", sk); 5218 5219 if (cp->addr.type != BDADDR_BREDR) 5220 return mgmt_cmd_complete(sk, hdev->id, 5221 MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5222 MGMT_STATUS_INVALID_PARAMS, 5223 &cp->addr, sizeof(cp->addr)); 5224 5225 hci_dev_lock(hdev); 5226 5227 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 5228 hci_remote_oob_data_clear(hdev); 5229 status = MGMT_STATUS_SUCCESS; 5230 goto done; 5231 } 5232 5233 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type); 5234 if (err < 0) 5235 status = MGMT_STATUS_INVALID_PARAMS; 5236 else 5237 status = MGMT_STATUS_SUCCESS; 5238 5239done: 5240 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 5241 status, &cp->addr, sizeof(cp->addr)); 5242 5243 hci_dev_unlock(hdev); 5244 return err; 5245} 5246 5247void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status) 5248{ 5249 struct mgmt_pending_cmd *cmd; 5250 5251 bt_dev_dbg(hdev, "status %u", status); 5252 5253 hci_dev_lock(hdev); 5254 5255 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev); 5256 if (!cmd) 5257 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev); 5258 5259 if (!cmd) 5260 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev); 5261 5262 if (cmd) { 5263 cmd->cmd_complete(cmd, mgmt_status(status)); 5264 mgmt_pending_remove(cmd); 5265 } 5266 5267 hci_dev_unlock(hdev); 5268} 5269 5270static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type, 5271 uint8_t *mgmt_status) 5272{ 5273 switch (type) { 5274 case DISCOV_TYPE_LE: 5275 *mgmt_status = mgmt_le_support(hdev); 5276 if (*mgmt_status) 5277 return false; 5278 break; 5279 case DISCOV_TYPE_INTERLEAVED: 5280 *mgmt_status = mgmt_le_support(hdev); 5281 if (*mgmt_status) 5282 return false; 5283 fallthrough; 5284 case DISCOV_TYPE_BREDR: 5285 *mgmt_status = mgmt_bredr_support(hdev); 5286 if (*mgmt_status) 5287 return false; 5288 break; 5289 default: 5290 *mgmt_status = MGMT_STATUS_INVALID_PARAMS; 5291 return false; 5292 } 5293 5294 return true; 5295} 5296 5297static void start_discovery_complete(struct hci_dev *hdev, void *data, int err) 5298{ 5299 struct mgmt_pending_cmd *cmd = data; 5300 5301 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) && 5302 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) && 5303 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev)) 5304 return; 5305 5306 bt_dev_dbg(hdev, "err %d", err); 5307 5308 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5309 cmd->param, 1); 5310 mgmt_pending_remove(cmd); 5311 5312 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED: 5313 DISCOVERY_FINDING); 5314} 5315 5316static int start_discovery_sync(struct hci_dev *hdev, void *data) 5317{ 5318 return hci_start_discovery_sync(hdev); 5319} 5320 5321static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev, 5322 u16 op, void *data, u16 len) 5323{ 5324 struct mgmt_cp_start_discovery *cp = data; 5325 struct mgmt_pending_cmd *cmd; 5326 u8 status; 5327 int err; 5328 5329 bt_dev_dbg(hdev, "sock %p", sk); 5330 5331 hci_dev_lock(hdev); 5332 5333 if (!hdev_is_powered(hdev)) { 5334 err = mgmt_cmd_complete(sk, hdev->id, op, 5335 MGMT_STATUS_NOT_POWERED, 5336 &cp->type, sizeof(cp->type)); 5337 goto failed; 5338 } 5339 5340 if (hdev->discovery.state != DISCOVERY_STOPPED || 5341 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5342 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5343 &cp->type, sizeof(cp->type)); 5344 goto failed; 5345 } 5346 5347 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 5348 err = mgmt_cmd_complete(sk, hdev->id, op, status, 5349 &cp->type, sizeof(cp->type)); 5350 goto failed; 5351 } 5352 5353 /* Can't start discovery when it is paused */ 5354 if (hdev->discovery_paused) { 5355 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY, 5356 &cp->type, sizeof(cp->type)); 5357 goto failed; 5358 } 5359 5360 /* Clear the discovery filter first to free any previously 5361 * allocated memory for the UUID list. 5362 */ 5363 hci_discovery_filter_clear(hdev); 5364 5365 hdev->discovery.type = cp->type; 5366 hdev->discovery.report_invalid_rssi = false; 5367 if (op == MGMT_OP_START_LIMITED_DISCOVERY) 5368 hdev->discovery.limited = true; 5369 else 5370 hdev->discovery.limited = false; 5371 5372 cmd = mgmt_pending_add(sk, op, hdev, data, len); 5373 if (!cmd) { 5374 err = -ENOMEM; 5375 goto failed; 5376 } 5377 5378 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5379 start_discovery_complete); 5380 if (err < 0) { 5381 mgmt_pending_remove(cmd); 5382 goto failed; 5383 } 5384 5385 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5386 5387failed: 5388 hci_dev_unlock(hdev); 5389 return err; 5390} 5391 5392static int start_discovery(struct sock *sk, struct hci_dev *hdev, 5393 void *data, u16 len) 5394{ 5395 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY, 5396 data, len); 5397} 5398 5399static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev, 5400 void *data, u16 len) 5401{ 5402 return start_discovery_internal(sk, hdev, 5403 MGMT_OP_START_LIMITED_DISCOVERY, 5404 data, len); 5405} 5406 5407static int start_service_discovery(struct sock *sk, struct hci_dev *hdev, 5408 void *data, u16 len) 5409{ 5410 struct mgmt_cp_start_service_discovery *cp = data; 5411 struct mgmt_pending_cmd *cmd; 5412 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16); 5413 u16 uuid_count, expected_len; 5414 u8 status; 5415 int err; 5416 5417 bt_dev_dbg(hdev, "sock %p", sk); 5418 5419 hci_dev_lock(hdev); 5420 5421 if (!hdev_is_powered(hdev)) { 5422 err = mgmt_cmd_complete(sk, hdev->id, 5423 MGMT_OP_START_SERVICE_DISCOVERY, 5424 MGMT_STATUS_NOT_POWERED, 5425 &cp->type, sizeof(cp->type)); 5426 goto failed; 5427 } 5428 5429 if (hdev->discovery.state != DISCOVERY_STOPPED || 5430 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) { 5431 err = mgmt_cmd_complete(sk, hdev->id, 5432 MGMT_OP_START_SERVICE_DISCOVERY, 5433 MGMT_STATUS_BUSY, &cp->type, 5434 sizeof(cp->type)); 5435 goto failed; 5436 } 5437 5438 if (hdev->discovery_paused) { 5439 err = mgmt_cmd_complete(sk, hdev->id, 5440 MGMT_OP_START_SERVICE_DISCOVERY, 5441 MGMT_STATUS_BUSY, &cp->type, 5442 sizeof(cp->type)); 5443 goto failed; 5444 } 5445 5446 uuid_count = __le16_to_cpu(cp->uuid_count); 5447 if (uuid_count > max_uuid_count) { 5448 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u", 5449 uuid_count); 5450 err = mgmt_cmd_complete(sk, hdev->id, 5451 MGMT_OP_START_SERVICE_DISCOVERY, 5452 MGMT_STATUS_INVALID_PARAMS, &cp->type, 5453 sizeof(cp->type)); 5454 goto failed; 5455 } 5456 5457 expected_len = sizeof(*cp) + uuid_count * 16; 5458 if (expected_len != len) { 5459 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes", 5460 expected_len, len); 5461 err = mgmt_cmd_complete(sk, hdev->id, 5462 MGMT_OP_START_SERVICE_DISCOVERY, 5463 MGMT_STATUS_INVALID_PARAMS, &cp->type, 5464 sizeof(cp->type)); 5465 goto failed; 5466 } 5467 5468 if (!discovery_type_is_valid(hdev, cp->type, &status)) { 5469 err = mgmt_cmd_complete(sk, hdev->id, 5470 MGMT_OP_START_SERVICE_DISCOVERY, 5471 status, &cp->type, sizeof(cp->type)); 5472 goto failed; 5473 } 5474 5475 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 5476 hdev, data, len); 5477 if (!cmd) { 5478 err = -ENOMEM; 5479 goto failed; 5480 } 5481 5482 /* Clear the discovery filter first to free any previously 5483 * allocated memory for the UUID list. 5484 */ 5485 hci_discovery_filter_clear(hdev); 5486 5487 hdev->discovery.result_filtering = true; 5488 hdev->discovery.type = cp->type; 5489 hdev->discovery.rssi = cp->rssi; 5490 hdev->discovery.uuid_count = uuid_count; 5491 5492 if (uuid_count > 0) { 5493 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16, 5494 GFP_KERNEL); 5495 if (!hdev->discovery.uuids) { 5496 err = mgmt_cmd_complete(sk, hdev->id, 5497 MGMT_OP_START_SERVICE_DISCOVERY, 5498 MGMT_STATUS_FAILED, 5499 &cp->type, sizeof(cp->type)); 5500 mgmt_pending_remove(cmd); 5501 goto failed; 5502 } 5503 } 5504 5505 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5506 start_discovery_complete); 5507 if (err < 0) { 5508 mgmt_pending_remove(cmd); 5509 goto failed; 5510 } 5511 5512 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 5513 5514failed: 5515 hci_dev_unlock(hdev); 5516 return err; 5517} 5518 5519void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status) 5520{ 5521 struct mgmt_pending_cmd *cmd; 5522 5523 bt_dev_dbg(hdev, "status %u", status); 5524 5525 hci_dev_lock(hdev); 5526 5527 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 5528 if (cmd) { 5529 cmd->cmd_complete(cmd, mgmt_status(status)); 5530 mgmt_pending_remove(cmd); 5531 } 5532 5533 hci_dev_unlock(hdev); 5534} 5535 5536static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err) 5537{ 5538 struct mgmt_pending_cmd *cmd = data; 5539 5540 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev)) 5541 return; 5542 5543 bt_dev_dbg(hdev, "err %d", err); 5544 5545 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5546 cmd->param, 1); 5547 mgmt_pending_remove(cmd); 5548 5549 if (!err) 5550 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 5551} 5552 5553static int stop_discovery_sync(struct hci_dev *hdev, void *data) 5554{ 5555 return hci_stop_discovery_sync(hdev); 5556} 5557 5558static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, 5559 u16 len) 5560{ 5561 struct mgmt_cp_stop_discovery *mgmt_cp = data; 5562 struct mgmt_pending_cmd *cmd; 5563 int err; 5564 5565 bt_dev_dbg(hdev, "sock %p", sk); 5566 5567 hci_dev_lock(hdev); 5568 5569 if (!hci_discovery_active(hdev)) { 5570 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 5571 MGMT_STATUS_REJECTED, &mgmt_cp->type, 5572 sizeof(mgmt_cp->type)); 5573 goto unlock; 5574 } 5575 5576 if (hdev->discovery.type != mgmt_cp->type) { 5577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 5578 MGMT_STATUS_INVALID_PARAMS, 5579 &mgmt_cp->type, sizeof(mgmt_cp->type)); 5580 goto unlock; 5581 } 5582 5583 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 5584 if (!cmd) { 5585 err = -ENOMEM; 5586 goto unlock; 5587 } 5588 5589 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd, 5590 stop_discovery_complete); 5591 if (err < 0) { 5592 mgmt_pending_remove(cmd); 5593 goto unlock; 5594 } 5595 5596 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 5597 5598unlock: 5599 hci_dev_unlock(hdev); 5600 return err; 5601} 5602 5603static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, 5604 u16 len) 5605{ 5606 struct mgmt_cp_confirm_name *cp = data; 5607 struct inquiry_entry *e; 5608 int err; 5609 5610 bt_dev_dbg(hdev, "sock %p", sk); 5611 5612 hci_dev_lock(hdev); 5613 5614 if (!hci_discovery_active(hdev)) { 5615 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 5616 MGMT_STATUS_FAILED, &cp->addr, 5617 sizeof(cp->addr)); 5618 goto failed; 5619 } 5620 5621 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); 5622 if (!e) { 5623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 5624 MGMT_STATUS_INVALID_PARAMS, &cp->addr, 5625 sizeof(cp->addr)); 5626 goto failed; 5627 } 5628 5629 if (cp->name_known) { 5630 e->name_state = NAME_KNOWN; 5631 list_del(&e->list); 5632 } else { 5633 e->name_state = NAME_NEEDED; 5634 hci_inquiry_cache_update_resolve(hdev, e); 5635 } 5636 5637 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, 5638 &cp->addr, sizeof(cp->addr)); 5639 5640failed: 5641 hci_dev_unlock(hdev); 5642 return err; 5643} 5644 5645static int block_device(struct sock *sk, struct hci_dev *hdev, void *data, 5646 u16 len) 5647{ 5648 struct mgmt_cp_block_device *cp = data; 5649 u8 status; 5650 int err; 5651 5652 bt_dev_dbg(hdev, "sock %p", sk); 5653 5654 if (!bdaddr_type_is_valid(cp->addr.type)) 5655 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, 5656 MGMT_STATUS_INVALID_PARAMS, 5657 &cp->addr, sizeof(cp->addr)); 5658 5659 hci_dev_lock(hdev); 5660 5661 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr, 5662 cp->addr.type); 5663 if (err < 0) { 5664 status = MGMT_STATUS_FAILED; 5665 goto done; 5666 } 5667 5668 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr), 5669 sk); 5670 status = MGMT_STATUS_SUCCESS; 5671 5672done: 5673 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status, 5674 &cp->addr, sizeof(cp->addr)); 5675 5676 hci_dev_unlock(hdev); 5677 5678 return err; 5679} 5680 5681static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data, 5682 u16 len) 5683{ 5684 struct mgmt_cp_unblock_device *cp = data; 5685 u8 status; 5686 int err; 5687 5688 bt_dev_dbg(hdev, "sock %p", sk); 5689 5690 if (!bdaddr_type_is_valid(cp->addr.type)) 5691 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, 5692 MGMT_STATUS_INVALID_PARAMS, 5693 &cp->addr, sizeof(cp->addr)); 5694 5695 hci_dev_lock(hdev); 5696 5697 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr, 5698 cp->addr.type); 5699 if (err < 0) { 5700 status = MGMT_STATUS_INVALID_PARAMS; 5701 goto done; 5702 } 5703 5704 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr), 5705 sk); 5706 status = MGMT_STATUS_SUCCESS; 5707 5708done: 5709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status, 5710 &cp->addr, sizeof(cp->addr)); 5711 5712 hci_dev_unlock(hdev); 5713 5714 return err; 5715} 5716 5717static int set_device_id_sync(struct hci_dev *hdev, void *data) 5718{ 5719 return hci_update_eir_sync(hdev); 5720} 5721 5722static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data, 5723 u16 len) 5724{ 5725 struct mgmt_cp_set_device_id *cp = data; 5726 int err; 5727 __u16 source; 5728 5729 bt_dev_dbg(hdev, "sock %p", sk); 5730 5731 source = __le16_to_cpu(cp->source); 5732 5733 if (source > 0x0002) 5734 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 5735 MGMT_STATUS_INVALID_PARAMS); 5736 5737 hci_dev_lock(hdev); 5738 5739 hdev->devid_source = source; 5740 hdev->devid_vendor = __le16_to_cpu(cp->vendor); 5741 hdev->devid_product = __le16_to_cpu(cp->product); 5742 hdev->devid_version = __le16_to_cpu(cp->version); 5743 5744 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, 5745 NULL, 0); 5746 5747 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL); 5748 5749 hci_dev_unlock(hdev); 5750 5751 return err; 5752} 5753 5754static void enable_advertising_instance(struct hci_dev *hdev, int err) 5755{ 5756 if (err) 5757 bt_dev_err(hdev, "failed to re-configure advertising %d", err); 5758 else 5759 bt_dev_dbg(hdev, "status %d", err); 5760} 5761 5762static void set_advertising_complete(struct hci_dev *hdev, void *data, int err) 5763{ 5764 struct cmd_lookup match = { NULL, hdev }; 5765 u8 instance; 5766 struct adv_info *adv_instance; 5767 u8 status = mgmt_status(err); 5768 5769 if (status) { 5770 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 5771 cmd_status_rsp, &status); 5772 return; 5773 } 5774 5775 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 5776 hci_dev_set_flag(hdev, HCI_ADVERTISING); 5777 else 5778 hci_dev_clear_flag(hdev, HCI_ADVERTISING); 5779 5780 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 5781 &match); 5782 5783 new_settings(hdev, match.sk); 5784 5785 if (match.sk) 5786 sock_put(match.sk); 5787 5788 /* If "Set Advertising" was just disabled and instance advertising was 5789 * set up earlier, then re-enable multi-instance advertising. 5790 */ 5791 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 5792 list_empty(&hdev->adv_instances)) 5793 return; 5794 5795 instance = hdev->cur_adv_instance; 5796 if (!instance) { 5797 adv_instance = list_first_entry_or_null(&hdev->adv_instances, 5798 struct adv_info, list); 5799 if (!adv_instance) 5800 return; 5801 5802 instance = adv_instance->instance; 5803 } 5804 5805 err = hci_schedule_adv_instance_sync(hdev, instance, true); 5806 5807 enable_advertising_instance(hdev, err); 5808} 5809 5810static int set_adv_sync(struct hci_dev *hdev, void *data) 5811{ 5812 struct mgmt_pending_cmd *cmd = data; 5813 struct mgmt_mode *cp = cmd->param; 5814 u8 val = !!cp->val; 5815 5816 if (cp->val == 0x02) 5817 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5818 else 5819 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5820 5821 cancel_adv_timeout(hdev); 5822 5823 if (val) { 5824 /* Switch to instance "0" for the Set Advertising setting. 5825 * We cannot use update_[adv|scan_rsp]_data() here as the 5826 * HCI_ADVERTISING flag is not yet set. 5827 */ 5828 hdev->cur_adv_instance = 0x00; 5829 5830 if (ext_adv_capable(hdev)) { 5831 hci_start_ext_adv_sync(hdev, 0x00); 5832 } else { 5833 hci_update_adv_data_sync(hdev, 0x00); 5834 hci_update_scan_rsp_data_sync(hdev, 0x00); 5835 hci_enable_advertising_sync(hdev); 5836 } 5837 } else { 5838 hci_disable_advertising_sync(hdev); 5839 } 5840 5841 return 0; 5842} 5843 5844static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, 5845 u16 len) 5846{ 5847 struct mgmt_mode *cp = data; 5848 struct mgmt_pending_cmd *cmd; 5849 u8 val, status; 5850 int err; 5851 5852 bt_dev_dbg(hdev, "sock %p", sk); 5853 5854 status = mgmt_le_support(hdev); 5855 if (status) 5856 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5857 status); 5858 5859 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 5860 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5861 MGMT_STATUS_INVALID_PARAMS); 5862 5863 if (hdev->advertising_paused) 5864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5865 MGMT_STATUS_BUSY); 5866 5867 hci_dev_lock(hdev); 5868 5869 val = !!cp->val; 5870 5871 /* The following conditions are ones which mean that we should 5872 * not do any HCI communication but directly send a mgmt 5873 * response to user space (after toggling the flag if 5874 * necessary). 5875 */ 5876 if (!hdev_is_powered(hdev) || 5877 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) && 5878 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) || 5879 hci_conn_num(hdev, LE_LINK) > 0 || 5880 (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 5881 hdev->le_scan_type == LE_SCAN_ACTIVE)) { 5882 bool changed; 5883 5884 if (cp->val) { 5885 hdev->cur_adv_instance = 0x00; 5886 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING); 5887 if (cp->val == 0x02) 5888 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5889 else 5890 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5891 } else { 5892 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING); 5893 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE); 5894 } 5895 5896 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 5897 if (err < 0) 5898 goto unlock; 5899 5900 if (changed) 5901 err = new_settings(hdev, sk); 5902 5903 goto unlock; 5904 } 5905 5906 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 5907 pending_find(MGMT_OP_SET_LE, hdev)) { 5908 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5909 MGMT_STATUS_BUSY); 5910 goto unlock; 5911 } 5912 5913 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 5914 if (!cmd) 5915 err = -ENOMEM; 5916 else 5917 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd, 5918 set_advertising_complete); 5919 5920 if (err < 0 && cmd) 5921 mgmt_pending_remove(cmd); 5922 5923unlock: 5924 hci_dev_unlock(hdev); 5925 return err; 5926} 5927 5928static int set_static_address(struct sock *sk, struct hci_dev *hdev, 5929 void *data, u16 len) 5930{ 5931 struct mgmt_cp_set_static_address *cp = data; 5932 int err; 5933 5934 bt_dev_dbg(hdev, "sock %p", sk); 5935 5936 if (!lmp_le_capable(hdev)) 5937 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 5938 MGMT_STATUS_NOT_SUPPORTED); 5939 5940 if (hdev_is_powered(hdev)) 5941 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 5942 MGMT_STATUS_REJECTED); 5943 5944 if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 5945 if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 5946 return mgmt_cmd_status(sk, hdev->id, 5947 MGMT_OP_SET_STATIC_ADDRESS, 5948 MGMT_STATUS_INVALID_PARAMS); 5949 5950 /* Two most significant bits shall be set */ 5951 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 5952 return mgmt_cmd_status(sk, hdev->id, 5953 MGMT_OP_SET_STATIC_ADDRESS, 5954 MGMT_STATUS_INVALID_PARAMS); 5955 } 5956 5957 hci_dev_lock(hdev); 5958 5959 bacpy(&hdev->static_addr, &cp->bdaddr); 5960 5961 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev); 5962 if (err < 0) 5963 goto unlock; 5964 5965 err = new_settings(hdev, sk); 5966 5967unlock: 5968 hci_dev_unlock(hdev); 5969 return err; 5970} 5971 5972static int set_scan_params(struct sock *sk, struct hci_dev *hdev, 5973 void *data, u16 len) 5974{ 5975 struct mgmt_cp_set_scan_params *cp = data; 5976 __u16 interval, window; 5977 int err; 5978 5979 bt_dev_dbg(hdev, "sock %p", sk); 5980 5981 if (!lmp_le_capable(hdev)) 5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5983 MGMT_STATUS_NOT_SUPPORTED); 5984 5985 interval = __le16_to_cpu(cp->interval); 5986 5987 if (interval < 0x0004 || interval > 0x4000) 5988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5989 MGMT_STATUS_INVALID_PARAMS); 5990 5991 window = __le16_to_cpu(cp->window); 5992 5993 if (window < 0x0004 || window > 0x4000) 5994 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5995 MGMT_STATUS_INVALID_PARAMS); 5996 5997 if (window > interval) 5998 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 5999 MGMT_STATUS_INVALID_PARAMS); 6000 6001 hci_dev_lock(hdev); 6002 6003 hdev->le_scan_interval = interval; 6004 hdev->le_scan_window = window; 6005 6006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, 6007 NULL, 0); 6008 6009 /* If background scan is running, restart it so new parameters are 6010 * loaded. 6011 */ 6012 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) && 6013 hdev->discovery.state == DISCOVERY_STOPPED) 6014 hci_update_passive_scan(hdev); 6015 6016 hci_dev_unlock(hdev); 6017 6018 return err; 6019} 6020 6021static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err) 6022{ 6023 struct mgmt_pending_cmd *cmd = data; 6024 6025 bt_dev_dbg(hdev, "err %d", err); 6026 6027 if (err) { 6028 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6029 mgmt_status(err)); 6030 } else { 6031 struct mgmt_mode *cp = cmd->param; 6032 6033 if (cp->val) 6034 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE); 6035 else 6036 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6037 6038 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6039 new_settings(hdev, cmd->sk); 6040 } 6041 6042 mgmt_pending_free(cmd); 6043} 6044 6045static int write_fast_connectable_sync(struct hci_dev *hdev, void *data) 6046{ 6047 struct mgmt_pending_cmd *cmd = data; 6048 struct mgmt_mode *cp = cmd->param; 6049 6050 return hci_write_fast_connectable_sync(hdev, cp->val); 6051} 6052 6053static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev, 6054 void *data, u16 len) 6055{ 6056 struct mgmt_mode *cp = data; 6057 struct mgmt_pending_cmd *cmd; 6058 int err; 6059 6060 bt_dev_dbg(hdev, "sock %p", sk); 6061 6062 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) || 6063 hdev->hci_ver < BLUETOOTH_VER_1_2) 6064 return mgmt_cmd_status(sk, hdev->id, 6065 MGMT_OP_SET_FAST_CONNECTABLE, 6066 MGMT_STATUS_NOT_SUPPORTED); 6067 6068 if (cp->val != 0x00 && cp->val != 0x01) 6069 return mgmt_cmd_status(sk, hdev->id, 6070 MGMT_OP_SET_FAST_CONNECTABLE, 6071 MGMT_STATUS_INVALID_PARAMS); 6072 6073 hci_dev_lock(hdev); 6074 6075 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) { 6076 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6077 goto unlock; 6078 } 6079 6080 if (!hdev_is_powered(hdev)) { 6081 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE); 6082 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev); 6083 new_settings(hdev, sk); 6084 goto unlock; 6085 } 6086 6087 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data, 6088 len); 6089 if (!cmd) 6090 err = -ENOMEM; 6091 else 6092 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd, 6093 fast_connectable_complete); 6094 6095 if (err < 0) { 6096 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 6097 MGMT_STATUS_FAILED); 6098 6099 if (cmd) 6100 mgmt_pending_free(cmd); 6101 } 6102 6103unlock: 6104 hci_dev_unlock(hdev); 6105 6106 return err; 6107} 6108 6109static void set_bredr_complete(struct hci_dev *hdev, void *data, int err) 6110{ 6111 struct mgmt_pending_cmd *cmd = data; 6112 6113 bt_dev_dbg(hdev, "err %d", err); 6114 6115 if (err) { 6116 u8 mgmt_err = mgmt_status(err); 6117 6118 /* We need to restore the flag if related HCI commands 6119 * failed. 6120 */ 6121 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED); 6122 6123 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6124 } else { 6125 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 6126 new_settings(hdev, cmd->sk); 6127 } 6128 6129 mgmt_pending_free(cmd); 6130} 6131 6132static int set_bredr_sync(struct hci_dev *hdev, void *data) 6133{ 6134 int status; 6135 6136 status = hci_write_fast_connectable_sync(hdev, false); 6137 6138 if (!status) 6139 status = hci_update_scan_sync(hdev); 6140 6141 /* Since only the advertising data flags will change, there 6142 * is no need to update the scan response data. 6143 */ 6144 if (!status) 6145 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance); 6146 6147 return status; 6148} 6149 6150static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 6151{ 6152 struct mgmt_mode *cp = data; 6153 struct mgmt_pending_cmd *cmd; 6154 int err; 6155 6156 bt_dev_dbg(hdev, "sock %p", sk); 6157 6158 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 6159 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6160 MGMT_STATUS_NOT_SUPPORTED); 6161 6162 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6164 MGMT_STATUS_REJECTED); 6165 6166 if (cp->val != 0x00 && cp->val != 0x01) 6167 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6168 MGMT_STATUS_INVALID_PARAMS); 6169 6170 hci_dev_lock(hdev); 6171 6172 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6173 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6174 goto unlock; 6175 } 6176 6177 if (!hdev_is_powered(hdev)) { 6178 if (!cp->val) { 6179 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE); 6180 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 6181 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 6182 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6183 hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 6184 } 6185 6186 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED); 6187 6188 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 6189 if (err < 0) 6190 goto unlock; 6191 6192 err = new_settings(hdev, sk); 6193 goto unlock; 6194 } 6195 6196 /* Reject disabling when powered on */ 6197 if (!cp->val) { 6198 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6199 MGMT_STATUS_REJECTED); 6200 goto unlock; 6201 } else { 6202 /* When configuring a dual-mode controller to operate 6203 * with LE only and using a static address, then switching 6204 * BR/EDR back on is not allowed. 6205 * 6206 * Dual-mode controllers shall operate with the public 6207 * address as its identity address for BR/EDR and LE. So 6208 * reject the attempt to create an invalid configuration. 6209 * 6210 * The same restrictions applies when secure connections 6211 * has been enabled. For BR/EDR this is a controller feature 6212 * while for LE it is a host stack feature. This means that 6213 * switching BR/EDR back on when secure connections has been 6214 * enabled is not a supported transaction. 6215 */ 6216 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6217 (bacmp(&hdev->static_addr, BDADDR_ANY) || 6218 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) { 6219 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6220 MGMT_STATUS_REJECTED); 6221 goto unlock; 6222 } 6223 } 6224 6225 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len); 6226 if (!cmd) 6227 err = -ENOMEM; 6228 else 6229 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd, 6230 set_bredr_complete); 6231 6232 if (err < 0) { 6233 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 6234 MGMT_STATUS_FAILED); 6235 if (cmd) 6236 mgmt_pending_free(cmd); 6237 6238 goto unlock; 6239 } 6240 6241 /* We need to flip the bit already here so that 6242 * hci_req_update_adv_data generates the correct flags. 6243 */ 6244 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED); 6245 6246unlock: 6247 hci_dev_unlock(hdev); 6248 return err; 6249} 6250 6251static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err) 6252{ 6253 struct mgmt_pending_cmd *cmd = data; 6254 struct mgmt_mode *cp; 6255 6256 bt_dev_dbg(hdev, "err %d", err); 6257 6258 if (err) { 6259 u8 mgmt_err = mgmt_status(err); 6260 6261 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 6262 goto done; 6263 } 6264 6265 cp = cmd->param; 6266 6267 switch (cp->val) { 6268 case 0x00: 6269 hci_dev_clear_flag(hdev, HCI_SC_ENABLED); 6270 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6271 break; 6272 case 0x01: 6273 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6274 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6275 break; 6276 case 0x02: 6277 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6278 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6279 break; 6280 } 6281 6282 send_settings_rsp(cmd->sk, cmd->opcode, hdev); 6283 new_settings(hdev, cmd->sk); 6284 6285done: 6286 mgmt_pending_free(cmd); 6287} 6288 6289static int set_secure_conn_sync(struct hci_dev *hdev, void *data) 6290{ 6291 struct mgmt_pending_cmd *cmd = data; 6292 struct mgmt_mode *cp = cmd->param; 6293 u8 val = !!cp->val; 6294 6295 /* Force write of val */ 6296 hci_dev_set_flag(hdev, HCI_SC_ENABLED); 6297 6298 return hci_write_sc_support_sync(hdev, val); 6299} 6300 6301static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, 6302 void *data, u16 len) 6303{ 6304 struct mgmt_mode *cp = data; 6305 struct mgmt_pending_cmd *cmd; 6306 u8 val; 6307 int err; 6308 6309 bt_dev_dbg(hdev, "sock %p", sk); 6310 6311 if (!lmp_sc_capable(hdev) && 6312 !hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 6313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6314 MGMT_STATUS_NOT_SUPPORTED); 6315 6316 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 6317 lmp_sc_capable(hdev) && 6318 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 6319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6320 MGMT_STATUS_REJECTED); 6321 6322 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6323 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6324 MGMT_STATUS_INVALID_PARAMS); 6325 6326 hci_dev_lock(hdev); 6327 6328 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) || 6329 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) { 6330 bool changed; 6331 6332 if (cp->val) { 6333 changed = !hci_dev_test_and_set_flag(hdev, 6334 HCI_SC_ENABLED); 6335 if (cp->val == 0x02) 6336 hci_dev_set_flag(hdev, HCI_SC_ONLY); 6337 else 6338 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6339 } else { 6340 changed = hci_dev_test_and_clear_flag(hdev, 6341 HCI_SC_ENABLED); 6342 hci_dev_clear_flag(hdev, HCI_SC_ONLY); 6343 } 6344 6345 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6346 if (err < 0) 6347 goto failed; 6348 6349 if (changed) 6350 err = new_settings(hdev, sk); 6351 6352 goto failed; 6353 } 6354 6355 val = !!cp->val; 6356 6357 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 6358 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 6359 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); 6360 goto failed; 6361 } 6362 6363 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); 6364 if (!cmd) 6365 err = -ENOMEM; 6366 else 6367 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd, 6368 set_secure_conn_complete); 6369 6370 if (err < 0) { 6371 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, 6372 MGMT_STATUS_FAILED); 6373 if (cmd) 6374 mgmt_pending_free(cmd); 6375 } 6376 6377failed: 6378 hci_dev_unlock(hdev); 6379 return err; 6380} 6381 6382static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, 6383 void *data, u16 len) 6384{ 6385 struct mgmt_mode *cp = data; 6386 bool changed, use_changed; 6387 int err; 6388 6389 bt_dev_dbg(hdev, "sock %p", sk); 6390 6391 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 6392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, 6393 MGMT_STATUS_INVALID_PARAMS); 6394 6395 hci_dev_lock(hdev); 6396 6397 if (cp->val) 6398 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS); 6399 else 6400 changed = hci_dev_test_and_clear_flag(hdev, 6401 HCI_KEEP_DEBUG_KEYS); 6402 6403 if (cp->val == 0x02) 6404 use_changed = !hci_dev_test_and_set_flag(hdev, 6405 HCI_USE_DEBUG_KEYS); 6406 else 6407 use_changed = hci_dev_test_and_clear_flag(hdev, 6408 HCI_USE_DEBUG_KEYS); 6409 6410 if (hdev_is_powered(hdev) && use_changed && 6411 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 6412 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00; 6413 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, 6414 sizeof(mode), &mode); 6415 } 6416 6417 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); 6418 if (err < 0) 6419 goto unlock; 6420 6421 if (changed) 6422 err = new_settings(hdev, sk); 6423 6424unlock: 6425 hci_dev_unlock(hdev); 6426 return err; 6427} 6428 6429static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, 6430 u16 len) 6431{ 6432 struct mgmt_cp_set_privacy *cp = cp_data; 6433 bool changed; 6434 int err; 6435 6436 bt_dev_dbg(hdev, "sock %p", sk); 6437 6438 if (!lmp_le_capable(hdev)) 6439 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6440 MGMT_STATUS_NOT_SUPPORTED); 6441 6442 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02) 6443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6444 MGMT_STATUS_INVALID_PARAMS); 6445 6446 if (hdev_is_powered(hdev)) 6447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, 6448 MGMT_STATUS_REJECTED); 6449 6450 hci_dev_lock(hdev); 6451 6452 /* If user space supports this command it is also expected to 6453 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. 6454 */ 6455 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 6456 6457 if (cp->privacy) { 6458 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 6459 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 6460 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 6461 hci_adv_instances_set_rpa_expired(hdev, true); 6462 if (cp->privacy == 0x02) 6463 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 6464 else 6465 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 6466 } else { 6467 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 6468 memset(hdev->irk, 0, sizeof(hdev->irk)); 6469 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 6470 hci_adv_instances_set_rpa_expired(hdev, false); 6471 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 6472 } 6473 6474 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); 6475 if (err < 0) 6476 goto unlock; 6477 6478 if (changed) 6479 err = new_settings(hdev, sk); 6480 6481unlock: 6482 hci_dev_unlock(hdev); 6483 return err; 6484} 6485 6486static bool irk_is_valid(struct mgmt_irk_info *irk) 6487{ 6488 switch (irk->addr.type) { 6489 case BDADDR_LE_PUBLIC: 6490 return true; 6491 6492 case BDADDR_LE_RANDOM: 6493 /* Two most significant bits shall be set */ 6494 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) 6495 return false; 6496 return true; 6497 } 6498 6499 return false; 6500} 6501 6502static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, 6503 u16 len) 6504{ 6505 struct mgmt_cp_load_irks *cp = cp_data; 6506 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) / 6507 sizeof(struct mgmt_irk_info)); 6508 u16 irk_count, expected_len; 6509 int i, err; 6510 6511 bt_dev_dbg(hdev, "sock %p", sk); 6512 6513 if (!lmp_le_capable(hdev)) 6514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 6515 MGMT_STATUS_NOT_SUPPORTED); 6516 6517 irk_count = __le16_to_cpu(cp->irk_count); 6518 if (irk_count > max_irk_count) { 6519 bt_dev_err(hdev, "load_irks: too big irk_count value %u", 6520 irk_count); 6521 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 6522 MGMT_STATUS_INVALID_PARAMS); 6523 } 6524 6525 expected_len = struct_size(cp, irks, irk_count); 6526 if (expected_len != len) { 6527 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes", 6528 expected_len, len); 6529 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, 6530 MGMT_STATUS_INVALID_PARAMS); 6531 } 6532 6533 bt_dev_dbg(hdev, "irk_count %u", irk_count); 6534 6535 for (i = 0; i < irk_count; i++) { 6536 struct mgmt_irk_info *key = &cp->irks[i]; 6537 6538 if (!irk_is_valid(key)) 6539 return mgmt_cmd_status(sk, hdev->id, 6540 MGMT_OP_LOAD_IRKS, 6541 MGMT_STATUS_INVALID_PARAMS); 6542 } 6543 6544 hci_dev_lock(hdev); 6545 6546 hci_smp_irks_clear(hdev); 6547 6548 for (i = 0; i < irk_count; i++) { 6549 struct mgmt_irk_info *irk = &cp->irks[i]; 6550 6551 if (hci_is_blocked_key(hdev, 6552 HCI_BLOCKED_KEY_TYPE_IRK, 6553 irk->val)) { 6554 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR", 6555 &irk->addr.bdaddr); 6556 continue; 6557 } 6558 6559 hci_add_irk(hdev, &irk->addr.bdaddr, 6560 le_addr_type(irk->addr.type), irk->val, 6561 BDADDR_ANY); 6562 } 6563 6564 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING); 6565 6566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); 6567 6568 hci_dev_unlock(hdev); 6569 6570 return err; 6571} 6572 6573static bool ltk_is_valid(struct mgmt_ltk_info *key) 6574{ 6575 if (key->initiator != 0x00 && key->initiator != 0x01) 6576 return false; 6577 6578 switch (key->addr.type) { 6579 case BDADDR_LE_PUBLIC: 6580 return true; 6581 6582 case BDADDR_LE_RANDOM: 6583 /* Two most significant bits shall be set */ 6584 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) 6585 return false; 6586 return true; 6587 } 6588 6589 return false; 6590} 6591 6592static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, 6593 void *cp_data, u16 len) 6594{ 6595 struct mgmt_cp_load_long_term_keys *cp = cp_data; 6596 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) / 6597 sizeof(struct mgmt_ltk_info)); 6598 u16 key_count, expected_len; 6599 int i, err; 6600 6601 bt_dev_dbg(hdev, "sock %p", sk); 6602 6603 if (!lmp_le_capable(hdev)) 6604 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 6605 MGMT_STATUS_NOT_SUPPORTED); 6606 6607 key_count = __le16_to_cpu(cp->key_count); 6608 if (key_count > max_key_count) { 6609 bt_dev_err(hdev, "load_ltks: too big key_count value %u", 6610 key_count); 6611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 6612 MGMT_STATUS_INVALID_PARAMS); 6613 } 6614 6615 expected_len = struct_size(cp, keys, key_count); 6616 if (expected_len != len) { 6617 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes", 6618 expected_len, len); 6619 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 6620 MGMT_STATUS_INVALID_PARAMS); 6621 } 6622 6623 bt_dev_dbg(hdev, "key_count %u", key_count); 6624 6625 for (i = 0; i < key_count; i++) { 6626 struct mgmt_ltk_info *key = &cp->keys[i]; 6627 6628 if (!ltk_is_valid(key)) 6629 return mgmt_cmd_status(sk, hdev->id, 6630 MGMT_OP_LOAD_LONG_TERM_KEYS, 6631 MGMT_STATUS_INVALID_PARAMS); 6632 } 6633 6634 hci_dev_lock(hdev); 6635 6636 hci_smp_ltks_clear(hdev); 6637 6638 for (i = 0; i < key_count; i++) { 6639 struct mgmt_ltk_info *key = &cp->keys[i]; 6640 u8 type, authenticated; 6641 6642 if (hci_is_blocked_key(hdev, 6643 HCI_BLOCKED_KEY_TYPE_LTK, 6644 key->val)) { 6645 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR", 6646 &key->addr.bdaddr); 6647 continue; 6648 } 6649 6650 switch (key->type) { 6651 case MGMT_LTK_UNAUTHENTICATED: 6652 authenticated = 0x00; 6653 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 6654 break; 6655 case MGMT_LTK_AUTHENTICATED: 6656 authenticated = 0x01; 6657 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER; 6658 break; 6659 case MGMT_LTK_P256_UNAUTH: 6660 authenticated = 0x00; 6661 type = SMP_LTK_P256; 6662 break; 6663 case MGMT_LTK_P256_AUTH: 6664 authenticated = 0x01; 6665 type = SMP_LTK_P256; 6666 break; 6667 case MGMT_LTK_P256_DEBUG: 6668 authenticated = 0x00; 6669 type = SMP_LTK_P256_DEBUG; 6670 fallthrough; 6671 default: 6672 continue; 6673 } 6674 6675 hci_add_ltk(hdev, &key->addr.bdaddr, 6676 le_addr_type(key->addr.type), type, authenticated, 6677 key->val, key->enc_size, key->ediv, key->rand); 6678 } 6679 6680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, 6681 NULL, 0); 6682 6683 hci_dev_unlock(hdev); 6684 6685 return err; 6686} 6687 6688static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err) 6689{ 6690 struct mgmt_pending_cmd *cmd = data; 6691 struct hci_conn *conn = cmd->user_data; 6692 struct mgmt_cp_get_conn_info *cp = cmd->param; 6693 struct mgmt_rp_get_conn_info rp; 6694 u8 status; 6695 6696 bt_dev_dbg(hdev, "err %d", err); 6697 6698 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr)); 6699 6700 status = mgmt_status(err); 6701 if (status == MGMT_STATUS_SUCCESS) { 6702 rp.rssi = conn->rssi; 6703 rp.tx_power = conn->tx_power; 6704 rp.max_tx_power = conn->max_tx_power; 6705 } else { 6706 rp.rssi = HCI_RSSI_INVALID; 6707 rp.tx_power = HCI_TX_POWER_INVALID; 6708 rp.max_tx_power = HCI_TX_POWER_INVALID; 6709 } 6710 6711 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status, 6712 &rp, sizeof(rp)); 6713 6714 if (conn) { 6715 hci_conn_drop(conn); 6716 hci_conn_put(conn); 6717 } 6718 6719 mgmt_pending_free(cmd); 6720} 6721 6722static int get_conn_info_sync(struct hci_dev *hdev, void *data) 6723{ 6724 struct mgmt_pending_cmd *cmd = data; 6725 struct mgmt_cp_get_conn_info *cp = cmd->param; 6726 struct hci_conn *conn; 6727 int err; 6728 __le16 handle; 6729 6730 /* Make sure we are still connected */ 6731 if (cp->addr.type == BDADDR_BREDR) 6732 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6733 &cp->addr.bdaddr); 6734 else 6735 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 6736 6737 if (!conn || conn != cmd->user_data || conn->state != BT_CONNECTED) { 6738 if (cmd->user_data) { 6739 hci_conn_drop(cmd->user_data); 6740 hci_conn_put(cmd->user_data); 6741 cmd->user_data = NULL; 6742 } 6743 return MGMT_STATUS_NOT_CONNECTED; 6744 } 6745 6746 handle = cpu_to_le16(conn->handle); 6747 6748 /* Refresh RSSI each time */ 6749 err = hci_read_rssi_sync(hdev, handle); 6750 6751 /* For LE links TX power does not change thus we don't need to 6752 * query for it once value is known. 6753 */ 6754 if (!err && (!bdaddr_type_is_le(cp->addr.type) || 6755 conn->tx_power == HCI_TX_POWER_INVALID)) 6756 err = hci_read_tx_power_sync(hdev, handle, 0x00); 6757 6758 /* Max TX power needs to be read only once per connection */ 6759 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID) 6760 err = hci_read_tx_power_sync(hdev, handle, 0x01); 6761 6762 return err; 6763} 6764 6765static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data, 6766 u16 len) 6767{ 6768 struct mgmt_cp_get_conn_info *cp = data; 6769 struct mgmt_rp_get_conn_info rp; 6770 struct hci_conn *conn; 6771 unsigned long conn_info_age; 6772 int err = 0; 6773 6774 bt_dev_dbg(hdev, "sock %p", sk); 6775 6776 memset(&rp, 0, sizeof(rp)); 6777 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6778 rp.addr.type = cp->addr.type; 6779 6780 if (!bdaddr_type_is_valid(cp->addr.type)) 6781 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6782 MGMT_STATUS_INVALID_PARAMS, 6783 &rp, sizeof(rp)); 6784 6785 hci_dev_lock(hdev); 6786 6787 if (!hdev_is_powered(hdev)) { 6788 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6789 MGMT_STATUS_NOT_POWERED, &rp, 6790 sizeof(rp)); 6791 goto unlock; 6792 } 6793 6794 if (cp->addr.type == BDADDR_BREDR) 6795 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6796 &cp->addr.bdaddr); 6797 else 6798 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr); 6799 6800 if (!conn || conn->state != BT_CONNECTED) { 6801 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6802 MGMT_STATUS_NOT_CONNECTED, &rp, 6803 sizeof(rp)); 6804 goto unlock; 6805 } 6806 6807 /* To avoid client trying to guess when to poll again for information we 6808 * calculate conn info age as random value between min/max set in hdev. 6809 */ 6810 conn_info_age = hdev->conn_info_min_age + 6811 prandom_u32_max(hdev->conn_info_max_age - 6812 hdev->conn_info_min_age); 6813 6814 /* Query controller to refresh cached values if they are too old or were 6815 * never read. 6816 */ 6817 if (time_after(jiffies, conn->conn_info_timestamp + 6818 msecs_to_jiffies(conn_info_age)) || 6819 !conn->conn_info_timestamp) { 6820 struct mgmt_pending_cmd *cmd; 6821 6822 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data, 6823 len); 6824 if (!cmd) 6825 err = -ENOMEM; 6826 else 6827 err = hci_cmd_sync_queue(hdev, get_conn_info_sync, 6828 cmd, get_conn_info_complete); 6829 6830 if (err < 0) { 6831 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6832 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 6833 6834 if (cmd) 6835 mgmt_pending_free(cmd); 6836 6837 goto unlock; 6838 } 6839 6840 hci_conn_hold(conn); 6841 cmd->user_data = hci_conn_get(conn); 6842 6843 conn->conn_info_timestamp = jiffies; 6844 } else { 6845 /* Cache is valid, just reply with values cached in hci_conn */ 6846 rp.rssi = conn->rssi; 6847 rp.tx_power = conn->tx_power; 6848 rp.max_tx_power = conn->max_tx_power; 6849 6850 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO, 6851 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 6852 } 6853 6854unlock: 6855 hci_dev_unlock(hdev); 6856 return err; 6857} 6858 6859static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err) 6860{ 6861 struct mgmt_pending_cmd *cmd = data; 6862 struct mgmt_cp_get_clock_info *cp = cmd->param; 6863 struct mgmt_rp_get_clock_info rp; 6864 struct hci_conn *conn = cmd->user_data; 6865 u8 status = mgmt_status(err); 6866 6867 bt_dev_dbg(hdev, "err %d", err); 6868 6869 memset(&rp, 0, sizeof(rp)); 6870 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6871 rp.addr.type = cp->addr.type; 6872 6873 if (err) 6874 goto complete; 6875 6876 rp.local_clock = cpu_to_le32(hdev->clock); 6877 6878 if (conn) { 6879 rp.piconet_clock = cpu_to_le32(conn->clock); 6880 rp.accuracy = cpu_to_le16(conn->clock_accuracy); 6881 hci_conn_drop(conn); 6882 hci_conn_put(conn); 6883 } 6884 6885complete: 6886 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, 6887 sizeof(rp)); 6888 6889 mgmt_pending_free(cmd); 6890} 6891 6892static int get_clock_info_sync(struct hci_dev *hdev, void *data) 6893{ 6894 struct mgmt_pending_cmd *cmd = data; 6895 struct mgmt_cp_get_clock_info *cp = cmd->param; 6896 struct hci_cp_read_clock hci_cp; 6897 struct hci_conn *conn = cmd->user_data; 6898 int err; 6899 6900 memset(&hci_cp, 0, sizeof(hci_cp)); 6901 err = hci_read_clock_sync(hdev, &hci_cp); 6902 6903 if (conn) { 6904 /* Make sure connection still exists */ 6905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6906 &cp->addr.bdaddr); 6907 6908 if (conn && conn == cmd->user_data && 6909 conn->state == BT_CONNECTED) { 6910 hci_cp.handle = cpu_to_le16(conn->handle); 6911 hci_cp.which = 0x01; /* Piconet clock */ 6912 err = hci_read_clock_sync(hdev, &hci_cp); 6913 } else if (cmd->user_data) { 6914 hci_conn_drop(cmd->user_data); 6915 hci_conn_put(cmd->user_data); 6916 cmd->user_data = NULL; 6917 } 6918 } 6919 6920 return err; 6921} 6922 6923static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data, 6924 u16 len) 6925{ 6926 struct mgmt_cp_get_clock_info *cp = data; 6927 struct mgmt_rp_get_clock_info rp; 6928 struct mgmt_pending_cmd *cmd; 6929 struct hci_conn *conn; 6930 int err; 6931 6932 bt_dev_dbg(hdev, "sock %p", sk); 6933 6934 memset(&rp, 0, sizeof(rp)); 6935 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 6936 rp.addr.type = cp->addr.type; 6937 6938 if (cp->addr.type != BDADDR_BREDR) 6939 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 6940 MGMT_STATUS_INVALID_PARAMS, 6941 &rp, sizeof(rp)); 6942 6943 hci_dev_lock(hdev); 6944 6945 if (!hdev_is_powered(hdev)) { 6946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 6947 MGMT_STATUS_NOT_POWERED, &rp, 6948 sizeof(rp)); 6949 goto unlock; 6950 } 6951 6952 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 6953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, 6954 &cp->addr.bdaddr); 6955 if (!conn || conn->state != BT_CONNECTED) { 6956 err = mgmt_cmd_complete(sk, hdev->id, 6957 MGMT_OP_GET_CLOCK_INFO, 6958 MGMT_STATUS_NOT_CONNECTED, 6959 &rp, sizeof(rp)); 6960 goto unlock; 6961 } 6962 } else { 6963 conn = NULL; 6964 } 6965 6966 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len); 6967 if (!cmd) 6968 err = -ENOMEM; 6969 else 6970 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd, 6971 get_clock_info_complete); 6972 6973 if (err < 0) { 6974 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO, 6975 MGMT_STATUS_FAILED, &rp, sizeof(rp)); 6976 6977 if (cmd) 6978 mgmt_pending_free(cmd); 6979 6980 } else if (conn) { 6981 hci_conn_hold(conn); 6982 cmd->user_data = hci_conn_get(conn); 6983 } 6984 6985 6986unlock: 6987 hci_dev_unlock(hdev); 6988 return err; 6989} 6990 6991static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 6992{ 6993 struct hci_conn *conn; 6994 6995 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 6996 if (!conn) 6997 return false; 6998 6999 if (conn->dst_type != type) 7000 return false; 7001 7002 if (conn->state != BT_CONNECTED) 7003 return false; 7004 7005 return true; 7006} 7007 7008/* This function requires the caller holds hdev->lock */ 7009static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 7010 u8 addr_type, u8 auto_connect) 7011{ 7012 struct hci_conn_params *params; 7013 7014 params = hci_conn_params_add(hdev, addr, addr_type); 7015 if (!params) 7016 return -EIO; 7017 7018 if (params->auto_connect == auto_connect) 7019 return 0; 7020 7021 list_del_init(¶ms->action); 7022 7023 switch (auto_connect) { 7024 case HCI_AUTO_CONN_DISABLED: 7025 case HCI_AUTO_CONN_LINK_LOSS: 7026 /* If auto connect is being disabled when we're trying to 7027 * connect to device, keep connecting. 7028 */ 7029 if (params->explicit_connect) 7030 list_add(¶ms->action, &hdev->pend_le_conns); 7031 break; 7032 case HCI_AUTO_CONN_REPORT: 7033 if (params->explicit_connect) 7034 list_add(¶ms->action, &hdev->pend_le_conns); 7035 else 7036 list_add(¶ms->action, &hdev->pend_le_reports); 7037 break; 7038 case HCI_AUTO_CONN_DIRECT: 7039 case HCI_AUTO_CONN_ALWAYS: 7040 if (!is_connected(hdev, addr, addr_type)) 7041 list_add(¶ms->action, &hdev->pend_le_conns); 7042 break; 7043 } 7044 7045 params->auto_connect = auto_connect; 7046 7047 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 7048 addr, addr_type, auto_connect); 7049 7050 return 0; 7051} 7052 7053static void device_added(struct sock *sk, struct hci_dev *hdev, 7054 bdaddr_t *bdaddr, u8 type, u8 action) 7055{ 7056 struct mgmt_ev_device_added ev; 7057 7058 bacpy(&ev.addr.bdaddr, bdaddr); 7059 ev.addr.type = type; 7060 ev.action = action; 7061 7062 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk); 7063} 7064 7065static int add_device_sync(struct hci_dev *hdev, void *data) 7066{ 7067 return hci_update_passive_scan_sync(hdev); 7068} 7069 7070static int add_device(struct sock *sk, struct hci_dev *hdev, 7071 void *data, u16 len) 7072{ 7073 struct mgmt_cp_add_device *cp = data; 7074 u8 auto_conn, addr_type; 7075 struct hci_conn_params *params; 7076 int err; 7077 u32 current_flags = 0; 7078 u32 supported_flags; 7079 7080 bt_dev_dbg(hdev, "sock %p", sk); 7081 7082 if (!bdaddr_type_is_valid(cp->addr.type) || 7083 !bacmp(&cp->addr.bdaddr, BDADDR_ANY)) 7084 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7085 MGMT_STATUS_INVALID_PARAMS, 7086 &cp->addr, sizeof(cp->addr)); 7087 7088 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) 7089 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7090 MGMT_STATUS_INVALID_PARAMS, 7091 &cp->addr, sizeof(cp->addr)); 7092 7093 hci_dev_lock(hdev); 7094 7095 if (cp->addr.type == BDADDR_BREDR) { 7096 /* Only incoming connections action is supported for now */ 7097 if (cp->action != 0x01) { 7098 err = mgmt_cmd_complete(sk, hdev->id, 7099 MGMT_OP_ADD_DEVICE, 7100 MGMT_STATUS_INVALID_PARAMS, 7101 &cp->addr, sizeof(cp->addr)); 7102 goto unlock; 7103 } 7104 7105 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list, 7106 &cp->addr.bdaddr, 7107 cp->addr.type, 0); 7108 if (err) 7109 goto unlock; 7110 7111 hci_req_update_scan(hdev); 7112 7113 goto added; 7114 } 7115 7116 addr_type = le_addr_type(cp->addr.type); 7117 7118 if (cp->action == 0x02) 7119 auto_conn = HCI_AUTO_CONN_ALWAYS; 7120 else if (cp->action == 0x01) 7121 auto_conn = HCI_AUTO_CONN_DIRECT; 7122 else 7123 auto_conn = HCI_AUTO_CONN_REPORT; 7124 7125 /* Kernel internally uses conn_params with resolvable private 7126 * address, but Add Device allows only identity addresses. 7127 * Make sure it is enforced before calling 7128 * hci_conn_params_lookup. 7129 */ 7130 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7131 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7132 MGMT_STATUS_INVALID_PARAMS, 7133 &cp->addr, sizeof(cp->addr)); 7134 goto unlock; 7135 } 7136 7137 /* If the connection parameters don't exist for this device, 7138 * they will be created and configured with defaults. 7139 */ 7140 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7141 auto_conn) < 0) { 7142 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7143 MGMT_STATUS_FAILED, &cp->addr, 7144 sizeof(cp->addr)); 7145 goto unlock; 7146 } else { 7147 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7148 addr_type); 7149 if (params) 7150 current_flags = params->flags; 7151 } 7152 7153 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL); 7154 if (err < 0) 7155 goto unlock; 7156 7157added: 7158 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 7159 supported_flags = hdev->conn_flags; 7160 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 7161 supported_flags, current_flags); 7162 7163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7164 MGMT_STATUS_SUCCESS, &cp->addr, 7165 sizeof(cp->addr)); 7166 7167unlock: 7168 hci_dev_unlock(hdev); 7169 return err; 7170} 7171 7172static void device_removed(struct sock *sk, struct hci_dev *hdev, 7173 bdaddr_t *bdaddr, u8 type) 7174{ 7175 struct mgmt_ev_device_removed ev; 7176 7177 bacpy(&ev.addr.bdaddr, bdaddr); 7178 ev.addr.type = type; 7179 7180 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk); 7181} 7182 7183static int remove_device_sync(struct hci_dev *hdev, void *data) 7184{ 7185 return hci_update_passive_scan_sync(hdev); 7186} 7187 7188static int remove_device(struct sock *sk, struct hci_dev *hdev, 7189 void *data, u16 len) 7190{ 7191 struct mgmt_cp_remove_device *cp = data; 7192 int err; 7193 7194 bt_dev_dbg(hdev, "sock %p", sk); 7195 7196 hci_dev_lock(hdev); 7197 7198 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) { 7199 struct hci_conn_params *params; 7200 u8 addr_type; 7201 7202 if (!bdaddr_type_is_valid(cp->addr.type)) { 7203 err = mgmt_cmd_complete(sk, hdev->id, 7204 MGMT_OP_REMOVE_DEVICE, 7205 MGMT_STATUS_INVALID_PARAMS, 7206 &cp->addr, sizeof(cp->addr)); 7207 goto unlock; 7208 } 7209 7210 if (cp->addr.type == BDADDR_BREDR) { 7211 err = hci_bdaddr_list_del(&hdev->accept_list, 7212 &cp->addr.bdaddr, 7213 cp->addr.type); 7214 if (err) { 7215 err = mgmt_cmd_complete(sk, hdev->id, 7216 MGMT_OP_REMOVE_DEVICE, 7217 MGMT_STATUS_INVALID_PARAMS, 7218 &cp->addr, 7219 sizeof(cp->addr)); 7220 goto unlock; 7221 } 7222 7223 hci_req_update_scan(hdev); 7224 7225 device_removed(sk, hdev, &cp->addr.bdaddr, 7226 cp->addr.type); 7227 goto complete; 7228 } 7229 7230 addr_type = le_addr_type(cp->addr.type); 7231 7232 /* Kernel internally uses conn_params with resolvable private 7233 * address, but Remove Device allows only identity addresses. 7234 * Make sure it is enforced before calling 7235 * hci_conn_params_lookup. 7236 */ 7237 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) { 7238 err = mgmt_cmd_complete(sk, hdev->id, 7239 MGMT_OP_REMOVE_DEVICE, 7240 MGMT_STATUS_INVALID_PARAMS, 7241 &cp->addr, sizeof(cp->addr)); 7242 goto unlock; 7243 } 7244 7245 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7246 addr_type); 7247 if (!params) { 7248 err = mgmt_cmd_complete(sk, hdev->id, 7249 MGMT_OP_REMOVE_DEVICE, 7250 MGMT_STATUS_INVALID_PARAMS, 7251 &cp->addr, sizeof(cp->addr)); 7252 goto unlock; 7253 } 7254 7255 if (params->auto_connect == HCI_AUTO_CONN_DISABLED || 7256 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { 7257 err = mgmt_cmd_complete(sk, hdev->id, 7258 MGMT_OP_REMOVE_DEVICE, 7259 MGMT_STATUS_INVALID_PARAMS, 7260 &cp->addr, sizeof(cp->addr)); 7261 goto unlock; 7262 } 7263 7264 list_del(¶ms->action); 7265 list_del(¶ms->list); 7266 kfree(params); 7267 7268 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); 7269 } else { 7270 struct hci_conn_params *p, *tmp; 7271 struct bdaddr_list *b, *btmp; 7272 7273 if (cp->addr.type) { 7274 err = mgmt_cmd_complete(sk, hdev->id, 7275 MGMT_OP_REMOVE_DEVICE, 7276 MGMT_STATUS_INVALID_PARAMS, 7277 &cp->addr, sizeof(cp->addr)); 7278 goto unlock; 7279 } 7280 7281 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) { 7282 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type); 7283 list_del(&b->list); 7284 kfree(b); 7285 } 7286 7287 hci_req_update_scan(hdev); 7288 7289 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) { 7290 if (p->auto_connect == HCI_AUTO_CONN_DISABLED) 7291 continue; 7292 device_removed(sk, hdev, &p->addr, p->addr_type); 7293 if (p->explicit_connect) { 7294 p->auto_connect = HCI_AUTO_CONN_EXPLICIT; 7295 continue; 7296 } 7297 list_del(&p->action); 7298 list_del(&p->list); 7299 kfree(p); 7300 } 7301 7302 bt_dev_dbg(hdev, "All LE connection parameters were removed"); 7303 } 7304 7305 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL); 7306 7307complete: 7308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE, 7309 MGMT_STATUS_SUCCESS, &cp->addr, 7310 sizeof(cp->addr)); 7311unlock: 7312 hci_dev_unlock(hdev); 7313 return err; 7314} 7315 7316static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data, 7317 u16 len) 7318{ 7319 struct mgmt_cp_load_conn_param *cp = data; 7320 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) / 7321 sizeof(struct mgmt_conn_param)); 7322 u16 param_count, expected_len; 7323 int i; 7324 7325 if (!lmp_le_capable(hdev)) 7326 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7327 MGMT_STATUS_NOT_SUPPORTED); 7328 7329 param_count = __le16_to_cpu(cp->param_count); 7330 if (param_count > max_param_count) { 7331 bt_dev_err(hdev, "load_conn_param: too big param_count value %u", 7332 param_count); 7333 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7334 MGMT_STATUS_INVALID_PARAMS); 7335 } 7336 7337 expected_len = struct_size(cp, params, param_count); 7338 if (expected_len != len) { 7339 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes", 7340 expected_len, len); 7341 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 7342 MGMT_STATUS_INVALID_PARAMS); 7343 } 7344 7345 bt_dev_dbg(hdev, "param_count %u", param_count); 7346 7347 hci_dev_lock(hdev); 7348 7349 hci_conn_params_clear_disabled(hdev); 7350 7351 for (i = 0; i < param_count; i++) { 7352 struct mgmt_conn_param *param = &cp->params[i]; 7353 struct hci_conn_params *hci_param; 7354 u16 min, max, latency, timeout; 7355 u8 addr_type; 7356 7357 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr, 7358 param->addr.type); 7359 7360 if (param->addr.type == BDADDR_LE_PUBLIC) { 7361 addr_type = ADDR_LE_DEV_PUBLIC; 7362 } else if (param->addr.type == BDADDR_LE_RANDOM) { 7363 addr_type = ADDR_LE_DEV_RANDOM; 7364 } else { 7365 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7366 continue; 7367 } 7368 7369 min = le16_to_cpu(param->min_interval); 7370 max = le16_to_cpu(param->max_interval); 7371 latency = le16_to_cpu(param->latency); 7372 timeout = le16_to_cpu(param->timeout); 7373 7374 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x", 7375 min, max, latency, timeout); 7376 7377 if (hci_check_conn_params(min, max, latency, timeout) < 0) { 7378 bt_dev_err(hdev, "ignoring invalid connection parameters"); 7379 continue; 7380 } 7381 7382 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr, 7383 addr_type); 7384 if (!hci_param) { 7385 bt_dev_err(hdev, "failed to add connection parameters"); 7386 continue; 7387 } 7388 7389 hci_param->conn_min_interval = min; 7390 hci_param->conn_max_interval = max; 7391 hci_param->conn_latency = latency; 7392 hci_param->supervision_timeout = timeout; 7393 } 7394 7395 hci_dev_unlock(hdev); 7396 7397 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, 7398 NULL, 0); 7399} 7400 7401static int set_external_config(struct sock *sk, struct hci_dev *hdev, 7402 void *data, u16 len) 7403{ 7404 struct mgmt_cp_set_external_config *cp = data; 7405 bool changed; 7406 int err; 7407 7408 bt_dev_dbg(hdev, "sock %p", sk); 7409 7410 if (hdev_is_powered(hdev)) 7411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7412 MGMT_STATUS_REJECTED); 7413 7414 if (cp->config != 0x00 && cp->config != 0x01) 7415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7416 MGMT_STATUS_INVALID_PARAMS); 7417 7418 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks)) 7419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG, 7420 MGMT_STATUS_NOT_SUPPORTED); 7421 7422 hci_dev_lock(hdev); 7423 7424 if (cp->config) 7425 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED); 7426 else 7427 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED); 7428 7429 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev); 7430 if (err < 0) 7431 goto unlock; 7432 7433 if (!changed) 7434 goto unlock; 7435 7436 err = new_options(hdev, sk); 7437 7438 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) { 7439 mgmt_index_removed(hdev); 7440 7441 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) { 7442 hci_dev_set_flag(hdev, HCI_CONFIG); 7443 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 7444 7445 queue_work(hdev->req_workqueue, &hdev->power_on); 7446 } else { 7447 set_bit(HCI_RAW, &hdev->flags); 7448 mgmt_index_added(hdev); 7449 } 7450 } 7451 7452unlock: 7453 hci_dev_unlock(hdev); 7454 return err; 7455} 7456 7457static int set_public_address(struct sock *sk, struct hci_dev *hdev, 7458 void *data, u16 len) 7459{ 7460 struct mgmt_cp_set_public_address *cp = data; 7461 bool changed; 7462 int err; 7463 7464 bt_dev_dbg(hdev, "sock %p", sk); 7465 7466 if (hdev_is_powered(hdev)) 7467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 7468 MGMT_STATUS_REJECTED); 7469 7470 if (!bacmp(&cp->bdaddr, BDADDR_ANY)) 7471 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 7472 MGMT_STATUS_INVALID_PARAMS); 7473 7474 if (!hdev->set_bdaddr) 7475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS, 7476 MGMT_STATUS_NOT_SUPPORTED); 7477 7478 hci_dev_lock(hdev); 7479 7480 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr); 7481 bacpy(&hdev->public_addr, &cp->bdaddr); 7482 7483 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev); 7484 if (err < 0) 7485 goto unlock; 7486 7487 if (!changed) 7488 goto unlock; 7489 7490 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) 7491 err = new_options(hdev, sk); 7492 7493 if (is_configured(hdev)) { 7494 mgmt_index_removed(hdev); 7495 7496 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED); 7497 7498 hci_dev_set_flag(hdev, HCI_CONFIG); 7499 hci_dev_set_flag(hdev, HCI_AUTO_OFF); 7500 7501 queue_work(hdev->req_workqueue, &hdev->power_on); 7502 } 7503 7504unlock: 7505 hci_dev_unlock(hdev); 7506 return err; 7507} 7508 7509static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data, 7510 int err) 7511{ 7512 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp; 7513 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp; 7514 u8 *h192, *r192, *h256, *r256; 7515 struct mgmt_pending_cmd *cmd = data; 7516 struct sk_buff *skb = cmd->skb; 7517 u8 status = mgmt_status(err); 7518 u16 eir_len; 7519 7520 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev)) 7521 return; 7522 7523 if (!status) { 7524 if (!skb) 7525 status = MGMT_STATUS_FAILED; 7526 else if (IS_ERR(skb)) 7527 status = mgmt_status(PTR_ERR(skb)); 7528 else 7529 status = mgmt_status(skb->data[0]); 7530 } 7531 7532 bt_dev_dbg(hdev, "status %u", status); 7533 7534 mgmt_cp = cmd->param; 7535 7536 if (status) { 7537 status = mgmt_status(status); 7538 eir_len = 0; 7539 7540 h192 = NULL; 7541 r192 = NULL; 7542 h256 = NULL; 7543 r256 = NULL; 7544 } else if (!bredr_sc_enabled(hdev)) { 7545 struct hci_rp_read_local_oob_data *rp; 7546 7547 if (skb->len != sizeof(*rp)) { 7548 status = MGMT_STATUS_FAILED; 7549 eir_len = 0; 7550 } else { 7551 status = MGMT_STATUS_SUCCESS; 7552 rp = (void *)skb->data; 7553 7554 eir_len = 5 + 18 + 18; 7555 h192 = rp->hash; 7556 r192 = rp->rand; 7557 h256 = NULL; 7558 r256 = NULL; 7559 } 7560 } else { 7561 struct hci_rp_read_local_oob_ext_data *rp; 7562 7563 if (skb->len != sizeof(*rp)) { 7564 status = MGMT_STATUS_FAILED; 7565 eir_len = 0; 7566 } else { 7567 status = MGMT_STATUS_SUCCESS; 7568 rp = (void *)skb->data; 7569 7570 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) { 7571 eir_len = 5 + 18 + 18; 7572 h192 = NULL; 7573 r192 = NULL; 7574 } else { 7575 eir_len = 5 + 18 + 18 + 18 + 18; 7576 h192 = rp->hash192; 7577 r192 = rp->rand192; 7578 } 7579 7580 h256 = rp->hash256; 7581 r256 = rp->rand256; 7582 } 7583 } 7584 7585 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL); 7586 if (!mgmt_rp) 7587 goto done; 7588 7589 if (eir_len == 0) 7590 goto send_rsp; 7591 7592 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV, 7593 hdev->dev_class, 3); 7594 7595 if (h192 && r192) { 7596 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7597 EIR_SSP_HASH_C192, h192, 16); 7598 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7599 EIR_SSP_RAND_R192, r192, 16); 7600 } 7601 7602 if (h256 && r256) { 7603 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7604 EIR_SSP_HASH_C256, h256, 16); 7605 eir_len = eir_append_data(mgmt_rp->eir, eir_len, 7606 EIR_SSP_RAND_R256, r256, 16); 7607 } 7608 7609send_rsp: 7610 mgmt_rp->type = mgmt_cp->type; 7611 mgmt_rp->eir_len = cpu_to_le16(eir_len); 7612 7613 err = mgmt_cmd_complete(cmd->sk, hdev->id, 7614 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status, 7615 mgmt_rp, sizeof(*mgmt_rp) + eir_len); 7616 if (err < 0 || status) 7617 goto done; 7618 7619 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS); 7620 7621 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 7622 mgmt_rp, sizeof(*mgmt_rp) + eir_len, 7623 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk); 7624done: 7625 if (skb && !IS_ERR(skb)) 7626 kfree_skb(skb); 7627 7628 kfree(mgmt_rp); 7629 mgmt_pending_remove(cmd); 7630} 7631 7632static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk, 7633 struct mgmt_cp_read_local_oob_ext_data *cp) 7634{ 7635 struct mgmt_pending_cmd *cmd; 7636 int err; 7637 7638 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev, 7639 cp, sizeof(*cp)); 7640 if (!cmd) 7641 return -ENOMEM; 7642 7643 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd, 7644 read_local_oob_ext_data_complete); 7645 7646 if (err < 0) { 7647 mgmt_pending_remove(cmd); 7648 return err; 7649 } 7650 7651 return 0; 7652} 7653 7654static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev, 7655 void *data, u16 data_len) 7656{ 7657 struct mgmt_cp_read_local_oob_ext_data *cp = data; 7658 struct mgmt_rp_read_local_oob_ext_data *rp; 7659 size_t rp_len; 7660 u16 eir_len; 7661 u8 status, flags, role, addr[7], hash[16], rand[16]; 7662 int err; 7663 7664 bt_dev_dbg(hdev, "sock %p", sk); 7665 7666 if (hdev_is_powered(hdev)) { 7667 switch (cp->type) { 7668 case BIT(BDADDR_BREDR): 7669 status = mgmt_bredr_support(hdev); 7670 if (status) 7671 eir_len = 0; 7672 else 7673 eir_len = 5; 7674 break; 7675 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 7676 status = mgmt_le_support(hdev); 7677 if (status) 7678 eir_len = 0; 7679 else 7680 eir_len = 9 + 3 + 18 + 18 + 3; 7681 break; 7682 default: 7683 status = MGMT_STATUS_INVALID_PARAMS; 7684 eir_len = 0; 7685 break; 7686 } 7687 } else { 7688 status = MGMT_STATUS_NOT_POWERED; 7689 eir_len = 0; 7690 } 7691 7692 rp_len = sizeof(*rp) + eir_len; 7693 rp = kmalloc(rp_len, GFP_ATOMIC); 7694 if (!rp) 7695 return -ENOMEM; 7696 7697 if (!status && !lmp_ssp_capable(hdev)) { 7698 status = MGMT_STATUS_NOT_SUPPORTED; 7699 eir_len = 0; 7700 } 7701 7702 if (status) 7703 goto complete; 7704 7705 hci_dev_lock(hdev); 7706 7707 eir_len = 0; 7708 switch (cp->type) { 7709 case BIT(BDADDR_BREDR): 7710 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) { 7711 err = read_local_ssp_oob_req(hdev, sk, cp); 7712 hci_dev_unlock(hdev); 7713 if (!err) 7714 goto done; 7715 7716 status = MGMT_STATUS_FAILED; 7717 goto complete; 7718 } else { 7719 eir_len = eir_append_data(rp->eir, eir_len, 7720 EIR_CLASS_OF_DEV, 7721 hdev->dev_class, 3); 7722 } 7723 break; 7724 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)): 7725 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) && 7726 smp_generate_oob(hdev, hash, rand) < 0) { 7727 hci_dev_unlock(hdev); 7728 status = MGMT_STATUS_FAILED; 7729 goto complete; 7730 } 7731 7732 /* This should return the active RPA, but since the RPA 7733 * is only programmed on demand, it is really hard to fill 7734 * this in at the moment. For now disallow retrieving 7735 * local out-of-band data when privacy is in use. 7736 * 7737 * Returning the identity address will not help here since 7738 * pairing happens before the identity resolving key is 7739 * known and thus the connection establishment happens 7740 * based on the RPA and not the identity address. 7741 */ 7742 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 7743 hci_dev_unlock(hdev); 7744 status = MGMT_STATUS_REJECTED; 7745 goto complete; 7746 } 7747 7748 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) || 7749 !bacmp(&hdev->bdaddr, BDADDR_ANY) || 7750 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) && 7751 bacmp(&hdev->static_addr, BDADDR_ANY))) { 7752 memcpy(addr, &hdev->static_addr, 6); 7753 addr[6] = 0x01; 7754 } else { 7755 memcpy(addr, &hdev->bdaddr, 6); 7756 addr[6] = 0x00; 7757 } 7758 7759 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR, 7760 addr, sizeof(addr)); 7761 7762 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 7763 role = 0x02; 7764 else 7765 role = 0x01; 7766 7767 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE, 7768 &role, sizeof(role)); 7769 7770 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) { 7771 eir_len = eir_append_data(rp->eir, eir_len, 7772 EIR_LE_SC_CONFIRM, 7773 hash, sizeof(hash)); 7774 7775 eir_len = eir_append_data(rp->eir, eir_len, 7776 EIR_LE_SC_RANDOM, 7777 rand, sizeof(rand)); 7778 } 7779 7780 flags = mgmt_get_adv_discov_flags(hdev); 7781 7782 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) 7783 flags |= LE_AD_NO_BREDR; 7784 7785 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS, 7786 &flags, sizeof(flags)); 7787 break; 7788 } 7789 7790 hci_dev_unlock(hdev); 7791 7792 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS); 7793 7794 status = MGMT_STATUS_SUCCESS; 7795 7796complete: 7797 rp->type = cp->type; 7798 rp->eir_len = cpu_to_le16(eir_len); 7799 7800 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, 7801 status, rp, sizeof(*rp) + eir_len); 7802 if (err < 0 || status) 7803 goto done; 7804 7805 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev, 7806 rp, sizeof(*rp) + eir_len, 7807 HCI_MGMT_OOB_DATA_EVENTS, sk); 7808 7809done: 7810 kfree(rp); 7811 7812 return err; 7813} 7814 7815static u32 get_supported_adv_flags(struct hci_dev *hdev) 7816{ 7817 u32 flags = 0; 7818 7819 flags |= MGMT_ADV_FLAG_CONNECTABLE; 7820 flags |= MGMT_ADV_FLAG_DISCOV; 7821 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV; 7822 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS; 7823 flags |= MGMT_ADV_FLAG_APPEARANCE; 7824 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 7825 flags |= MGMT_ADV_PARAM_DURATION; 7826 flags |= MGMT_ADV_PARAM_TIMEOUT; 7827 flags |= MGMT_ADV_PARAM_INTERVALS; 7828 flags |= MGMT_ADV_PARAM_TX_POWER; 7829 flags |= MGMT_ADV_PARAM_SCAN_RSP; 7830 7831 /* In extended adv TX_POWER returned from Set Adv Param 7832 * will be always valid. 7833 */ 7834 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) || 7835 ext_adv_capable(hdev)) 7836 flags |= MGMT_ADV_FLAG_TX_POWER; 7837 7838 if (ext_adv_capable(hdev)) { 7839 flags |= MGMT_ADV_FLAG_SEC_1M; 7840 flags |= MGMT_ADV_FLAG_HW_OFFLOAD; 7841 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER; 7842 7843 if (hdev->le_features[1] & HCI_LE_PHY_2M) 7844 flags |= MGMT_ADV_FLAG_SEC_2M; 7845 7846 if (hdev->le_features[1] & HCI_LE_PHY_CODED) 7847 flags |= MGMT_ADV_FLAG_SEC_CODED; 7848 } 7849 7850 return flags; 7851} 7852 7853static int read_adv_features(struct sock *sk, struct hci_dev *hdev, 7854 void *data, u16 data_len) 7855{ 7856 struct mgmt_rp_read_adv_features *rp; 7857 size_t rp_len; 7858 int err; 7859 struct adv_info *adv_instance; 7860 u32 supported_flags; 7861 u8 *instance; 7862 7863 bt_dev_dbg(hdev, "sock %p", sk); 7864 7865 if (!lmp_le_capable(hdev)) 7866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 7867 MGMT_STATUS_REJECTED); 7868 7869 hci_dev_lock(hdev); 7870 7871 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; 7872 rp = kmalloc(rp_len, GFP_ATOMIC); 7873 if (!rp) { 7874 hci_dev_unlock(hdev); 7875 return -ENOMEM; 7876 } 7877 7878 supported_flags = get_supported_adv_flags(hdev); 7879 7880 rp->supported_flags = cpu_to_le32(supported_flags); 7881 rp->max_adv_data_len = HCI_MAX_AD_LENGTH; 7882 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH; 7883 rp->max_instances = hdev->le_num_of_adv_sets; 7884 rp->num_instances = hdev->adv_instance_cnt; 7885 7886 instance = rp->instance; 7887 list_for_each_entry(adv_instance, &hdev->adv_instances, list) { 7888 *instance = adv_instance->instance; 7889 instance++; 7890 } 7891 7892 hci_dev_unlock(hdev); 7893 7894 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 7895 MGMT_STATUS_SUCCESS, rp, rp_len); 7896 7897 kfree(rp); 7898 7899 return err; 7900} 7901 7902static u8 calculate_name_len(struct hci_dev *hdev) 7903{ 7904 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3]; 7905 7906 return eir_append_local_name(hdev, buf, 0); 7907} 7908 7909static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags, 7910 bool is_adv_data) 7911{ 7912 u8 max_len = HCI_MAX_AD_LENGTH; 7913 7914 if (is_adv_data) { 7915 if (adv_flags & (MGMT_ADV_FLAG_DISCOV | 7916 MGMT_ADV_FLAG_LIMITED_DISCOV | 7917 MGMT_ADV_FLAG_MANAGED_FLAGS)) 7918 max_len -= 3; 7919 7920 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) 7921 max_len -= 3; 7922 } else { 7923 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME) 7924 max_len -= calculate_name_len(hdev); 7925 7926 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE)) 7927 max_len -= 4; 7928 } 7929 7930 return max_len; 7931} 7932 7933static bool flags_managed(u32 adv_flags) 7934{ 7935 return adv_flags & (MGMT_ADV_FLAG_DISCOV | 7936 MGMT_ADV_FLAG_LIMITED_DISCOV | 7937 MGMT_ADV_FLAG_MANAGED_FLAGS); 7938} 7939 7940static bool tx_power_managed(u32 adv_flags) 7941{ 7942 return adv_flags & MGMT_ADV_FLAG_TX_POWER; 7943} 7944 7945static bool name_managed(u32 adv_flags) 7946{ 7947 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME; 7948} 7949 7950static bool appearance_managed(u32 adv_flags) 7951{ 7952 return adv_flags & MGMT_ADV_FLAG_APPEARANCE; 7953} 7954 7955static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data, 7956 u8 len, bool is_adv_data) 7957{ 7958 int i, cur_len; 7959 u8 max_len; 7960 7961 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data); 7962 7963 if (len > max_len) 7964 return false; 7965 7966 /* Make sure that the data is correctly formatted. */ 7967 for (i = 0; i < len; i += (cur_len + 1)) { 7968 cur_len = data[i]; 7969 7970 if (!cur_len) 7971 continue; 7972 7973 if (data[i + 1] == EIR_FLAGS && 7974 (!is_adv_data || flags_managed(adv_flags))) 7975 return false; 7976 7977 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags)) 7978 return false; 7979 7980 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags)) 7981 return false; 7982 7983 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags)) 7984 return false; 7985 7986 if (data[i + 1] == EIR_APPEARANCE && 7987 appearance_managed(adv_flags)) 7988 return false; 7989 7990 /* If the current field length would exceed the total data 7991 * length, then it's invalid. 7992 */ 7993 if (i + cur_len >= len) 7994 return false; 7995 } 7996 7997 return true; 7998} 7999 8000static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags) 8001{ 8002 u32 supported_flags, phy_flags; 8003 8004 /* The current implementation only supports a subset of the specified 8005 * flags. Also need to check mutual exclusiveness of sec flags. 8006 */ 8007 supported_flags = get_supported_adv_flags(hdev); 8008 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK; 8009 if (adv_flags & ~supported_flags || 8010 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags))))) 8011 return false; 8012 8013 return true; 8014} 8015 8016static bool adv_busy(struct hci_dev *hdev) 8017{ 8018 return pending_find(MGMT_OP_SET_LE, hdev); 8019} 8020 8021static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance, 8022 int err) 8023{ 8024 struct adv_info *adv, *n; 8025 8026 bt_dev_dbg(hdev, "err %d", err); 8027 8028 hci_dev_lock(hdev); 8029 8030 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) { 8031 u8 instance; 8032 8033 if (!adv->pending) 8034 continue; 8035 8036 if (!err) { 8037 adv->pending = false; 8038 continue; 8039 } 8040 8041 instance = adv->instance; 8042 8043 if (hdev->cur_adv_instance == instance) 8044 cancel_adv_timeout(hdev); 8045 8046 hci_remove_adv_instance(hdev, instance); 8047 mgmt_advertising_removed(sk, hdev, instance); 8048 } 8049 8050 hci_dev_unlock(hdev); 8051} 8052 8053static void add_advertising_complete(struct hci_dev *hdev, void *data, int err) 8054{ 8055 struct mgmt_pending_cmd *cmd = data; 8056 struct mgmt_cp_add_advertising *cp = cmd->param; 8057 struct mgmt_rp_add_advertising rp; 8058 8059 memset(&rp, 0, sizeof(rp)); 8060 8061 rp.instance = cp->instance; 8062 8063 if (err) 8064 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8065 mgmt_status(err)); 8066 else 8067 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8068 mgmt_status(err), &rp, sizeof(rp)); 8069 8070 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8071 8072 mgmt_pending_free(cmd); 8073} 8074 8075static int add_advertising_sync(struct hci_dev *hdev, void *data) 8076{ 8077 struct mgmt_pending_cmd *cmd = data; 8078 struct mgmt_cp_add_advertising *cp = cmd->param; 8079 8080 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8081} 8082 8083static int add_advertising(struct sock *sk, struct hci_dev *hdev, 8084 void *data, u16 data_len) 8085{ 8086 struct mgmt_cp_add_advertising *cp = data; 8087 struct mgmt_rp_add_advertising rp; 8088 u32 flags; 8089 u8 status; 8090 u16 timeout, duration; 8091 unsigned int prev_instance_cnt; 8092 u8 schedule_instance = 0; 8093 struct adv_info *next_instance; 8094 int err; 8095 struct mgmt_pending_cmd *cmd; 8096 8097 bt_dev_dbg(hdev, "sock %p", sk); 8098 8099 status = mgmt_le_support(hdev); 8100 if (status) 8101 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8102 status); 8103 8104 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8106 MGMT_STATUS_INVALID_PARAMS); 8107 8108 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len) 8109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8110 MGMT_STATUS_INVALID_PARAMS); 8111 8112 flags = __le32_to_cpu(cp->flags); 8113 timeout = __le16_to_cpu(cp->timeout); 8114 duration = __le16_to_cpu(cp->duration); 8115 8116 if (!requested_adv_flags_are_valid(hdev, flags)) 8117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8118 MGMT_STATUS_INVALID_PARAMS); 8119 8120 hci_dev_lock(hdev); 8121 8122 if (timeout && !hdev_is_powered(hdev)) { 8123 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8124 MGMT_STATUS_REJECTED); 8125 goto unlock; 8126 } 8127 8128 if (adv_busy(hdev)) { 8129 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8130 MGMT_STATUS_BUSY); 8131 goto unlock; 8132 } 8133 8134 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) || 8135 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len, 8136 cp->scan_rsp_len, false)) { 8137 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8138 MGMT_STATUS_INVALID_PARAMS); 8139 goto unlock; 8140 } 8141 8142 prev_instance_cnt = hdev->adv_instance_cnt; 8143 8144 err = hci_add_adv_instance(hdev, cp->instance, flags, 8145 cp->adv_data_len, cp->data, 8146 cp->scan_rsp_len, 8147 cp->data + cp->adv_data_len, 8148 timeout, duration, 8149 HCI_ADV_TX_POWER_NO_PREFERENCE, 8150 hdev->le_adv_min_interval, 8151 hdev->le_adv_max_interval); 8152 if (err < 0) { 8153 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8154 MGMT_STATUS_FAILED); 8155 goto unlock; 8156 } 8157 8158 /* Only trigger an advertising added event if a new instance was 8159 * actually added. 8160 */ 8161 if (hdev->adv_instance_cnt > prev_instance_cnt) 8162 mgmt_advertising_added(sk, hdev, cp->instance); 8163 8164 if (hdev->cur_adv_instance == cp->instance) { 8165 /* If the currently advertised instance is being changed then 8166 * cancel the current advertising and schedule the next 8167 * instance. If there is only one instance then the overridden 8168 * advertising data will be visible right away. 8169 */ 8170 cancel_adv_timeout(hdev); 8171 8172 next_instance = hci_get_next_instance(hdev, cp->instance); 8173 if (next_instance) 8174 schedule_instance = next_instance->instance; 8175 } else if (!hdev->adv_instance_timeout) { 8176 /* Immediately advertise the new instance if no other 8177 * instance is currently being advertised. 8178 */ 8179 schedule_instance = cp->instance; 8180 } 8181 8182 /* If the HCI_ADVERTISING flag is set or the device isn't powered or 8183 * there is no instance to be advertised then we have no HCI 8184 * communication to make. Simply return. 8185 */ 8186 if (!hdev_is_powered(hdev) || 8187 hci_dev_test_flag(hdev, HCI_ADVERTISING) || 8188 !schedule_instance) { 8189 rp.instance = cp->instance; 8190 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8191 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8192 goto unlock; 8193 } 8194 8195 /* We're good to go, update advertising data, parameters, and start 8196 * advertising. 8197 */ 8198 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data, 8199 data_len); 8200 if (!cmd) { 8201 err = -ENOMEM; 8202 goto unlock; 8203 } 8204 8205 cp->instance = schedule_instance; 8206 8207 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd, 8208 add_advertising_complete); 8209 if (err < 0) 8210 mgmt_pending_free(cmd); 8211 8212unlock: 8213 hci_dev_unlock(hdev); 8214 8215 return err; 8216} 8217 8218static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data, 8219 int err) 8220{ 8221 struct mgmt_pending_cmd *cmd = data; 8222 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8223 struct mgmt_rp_add_ext_adv_params rp; 8224 struct adv_info *adv; 8225 u32 flags; 8226 8227 BT_DBG("%s", hdev->name); 8228 8229 hci_dev_lock(hdev); 8230 8231 adv = hci_find_adv_instance(hdev, cp->instance); 8232 if (!adv) 8233 goto unlock; 8234 8235 rp.instance = cp->instance; 8236 rp.tx_power = adv->tx_power; 8237 8238 /* While we're at it, inform userspace of the available space for this 8239 * advertisement, given the flags that will be used. 8240 */ 8241 flags = __le32_to_cpu(cp->flags); 8242 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8243 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8244 8245 if (err) { 8246 /* If this advertisement was previously advertising and we 8247 * failed to update it, we signal that it has been removed and 8248 * delete its structure 8249 */ 8250 if (!adv->pending) 8251 mgmt_advertising_removed(cmd->sk, hdev, cp->instance); 8252 8253 hci_remove_adv_instance(hdev, cp->instance); 8254 8255 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8256 mgmt_status(err)); 8257 } else { 8258 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8259 mgmt_status(err), &rp, sizeof(rp)); 8260 } 8261 8262unlock: 8263 if (cmd) 8264 mgmt_pending_free(cmd); 8265 8266 hci_dev_unlock(hdev); 8267} 8268 8269static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data) 8270{ 8271 struct mgmt_pending_cmd *cmd = data; 8272 struct mgmt_cp_add_ext_adv_params *cp = cmd->param; 8273 8274 return hci_setup_ext_adv_instance_sync(hdev, cp->instance); 8275} 8276 8277static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev, 8278 void *data, u16 data_len) 8279{ 8280 struct mgmt_cp_add_ext_adv_params *cp = data; 8281 struct mgmt_rp_add_ext_adv_params rp; 8282 struct mgmt_pending_cmd *cmd = NULL; 8283 u32 flags, min_interval, max_interval; 8284 u16 timeout, duration; 8285 u8 status; 8286 s8 tx_power; 8287 int err; 8288 8289 BT_DBG("%s", hdev->name); 8290 8291 status = mgmt_le_support(hdev); 8292 if (status) 8293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8294 status); 8295 8296 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8298 MGMT_STATUS_INVALID_PARAMS); 8299 8300 /* The purpose of breaking add_advertising into two separate MGMT calls 8301 * for params and data is to allow more parameters to be added to this 8302 * structure in the future. For this reason, we verify that we have the 8303 * bare minimum structure we know of when the interface was defined. Any 8304 * extra parameters we don't know about will be ignored in this request. 8305 */ 8306 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE) 8307 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 8308 MGMT_STATUS_INVALID_PARAMS); 8309 8310 flags = __le32_to_cpu(cp->flags); 8311 8312 if (!requested_adv_flags_are_valid(hdev, flags)) 8313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8314 MGMT_STATUS_INVALID_PARAMS); 8315 8316 hci_dev_lock(hdev); 8317 8318 /* In new interface, we require that we are powered to register */ 8319 if (!hdev_is_powered(hdev)) { 8320 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8321 MGMT_STATUS_REJECTED); 8322 goto unlock; 8323 } 8324 8325 if (adv_busy(hdev)) { 8326 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8327 MGMT_STATUS_BUSY); 8328 goto unlock; 8329 } 8330 8331 /* Parse defined parameters from request, use defaults otherwise */ 8332 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ? 8333 __le16_to_cpu(cp->timeout) : 0; 8334 8335 duration = (flags & MGMT_ADV_PARAM_DURATION) ? 8336 __le16_to_cpu(cp->duration) : 8337 hdev->def_multi_adv_rotation_duration; 8338 8339 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8340 __le32_to_cpu(cp->min_interval) : 8341 hdev->le_adv_min_interval; 8342 8343 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ? 8344 __le32_to_cpu(cp->max_interval) : 8345 hdev->le_adv_max_interval; 8346 8347 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ? 8348 cp->tx_power : 8349 HCI_ADV_TX_POWER_NO_PREFERENCE; 8350 8351 /* Create advertising instance with no advertising or response data */ 8352 err = hci_add_adv_instance(hdev, cp->instance, flags, 8353 0, NULL, 0, NULL, timeout, duration, 8354 tx_power, min_interval, max_interval); 8355 8356 if (err < 0) { 8357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS, 8358 MGMT_STATUS_FAILED); 8359 goto unlock; 8360 } 8361 8362 /* Submit request for advertising params if ext adv available */ 8363 if (ext_adv_capable(hdev)) { 8364 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev, 8365 data, data_len); 8366 if (!cmd) { 8367 err = -ENOMEM; 8368 hci_remove_adv_instance(hdev, cp->instance); 8369 goto unlock; 8370 } 8371 8372 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd, 8373 add_ext_adv_params_complete); 8374 if (err < 0) 8375 mgmt_pending_free(cmd); 8376 } else { 8377 rp.instance = cp->instance; 8378 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE; 8379 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8380 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8381 err = mgmt_cmd_complete(sk, hdev->id, 8382 MGMT_OP_ADD_EXT_ADV_PARAMS, 8383 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8384 } 8385 8386unlock: 8387 hci_dev_unlock(hdev); 8388 8389 return err; 8390} 8391 8392static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err) 8393{ 8394 struct mgmt_pending_cmd *cmd = data; 8395 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8396 struct mgmt_rp_add_advertising rp; 8397 8398 add_adv_complete(hdev, cmd->sk, cp->instance, err); 8399 8400 memset(&rp, 0, sizeof(rp)); 8401 8402 rp.instance = cp->instance; 8403 8404 if (err) 8405 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8406 mgmt_status(err)); 8407 else 8408 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8409 mgmt_status(err), &rp, sizeof(rp)); 8410 8411 mgmt_pending_free(cmd); 8412} 8413 8414static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data) 8415{ 8416 struct mgmt_pending_cmd *cmd = data; 8417 struct mgmt_cp_add_ext_adv_data *cp = cmd->param; 8418 int err; 8419 8420 if (ext_adv_capable(hdev)) { 8421 err = hci_update_adv_data_sync(hdev, cp->instance); 8422 if (err) 8423 return err; 8424 8425 err = hci_update_scan_rsp_data_sync(hdev, cp->instance); 8426 if (err) 8427 return err; 8428 8429 return hci_enable_ext_advertising_sync(hdev, cp->instance); 8430 } 8431 8432 return hci_schedule_adv_instance_sync(hdev, cp->instance, true); 8433} 8434 8435static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data, 8436 u16 data_len) 8437{ 8438 struct mgmt_cp_add_ext_adv_data *cp = data; 8439 struct mgmt_rp_add_ext_adv_data rp; 8440 u8 schedule_instance = 0; 8441 struct adv_info *next_instance; 8442 struct adv_info *adv_instance; 8443 int err = 0; 8444 struct mgmt_pending_cmd *cmd; 8445 8446 BT_DBG("%s", hdev->name); 8447 8448 hci_dev_lock(hdev); 8449 8450 adv_instance = hci_find_adv_instance(hdev, cp->instance); 8451 8452 if (!adv_instance) { 8453 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 8454 MGMT_STATUS_INVALID_PARAMS); 8455 goto unlock; 8456 } 8457 8458 /* In new interface, we require that we are powered to register */ 8459 if (!hdev_is_powered(hdev)) { 8460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 8461 MGMT_STATUS_REJECTED); 8462 goto clear_new_instance; 8463 } 8464 8465 if (adv_busy(hdev)) { 8466 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 8467 MGMT_STATUS_BUSY); 8468 goto clear_new_instance; 8469 } 8470 8471 /* Validate new data */ 8472 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data, 8473 cp->adv_data_len, true) || 8474 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data + 8475 cp->adv_data_len, cp->scan_rsp_len, false)) { 8476 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 8477 MGMT_STATUS_INVALID_PARAMS); 8478 goto clear_new_instance; 8479 } 8480 8481 /* Set the data in the advertising instance */ 8482 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len, 8483 cp->data, cp->scan_rsp_len, 8484 cp->data + cp->adv_data_len); 8485 8486 /* If using software rotation, determine next instance to use */ 8487 if (hdev->cur_adv_instance == cp->instance) { 8488 /* If the currently advertised instance is being changed 8489 * then cancel the current advertising and schedule the 8490 * next instance. If there is only one instance then the 8491 * overridden advertising data will be visible right 8492 * away 8493 */ 8494 cancel_adv_timeout(hdev); 8495 8496 next_instance = hci_get_next_instance(hdev, cp->instance); 8497 if (next_instance) 8498 schedule_instance = next_instance->instance; 8499 } else if (!hdev->adv_instance_timeout) { 8500 /* Immediately advertise the new instance if no other 8501 * instance is currently being advertised. 8502 */ 8503 schedule_instance = cp->instance; 8504 } 8505 8506 /* If the HCI_ADVERTISING flag is set or there is no instance to 8507 * be advertised then we have no HCI communication to make. 8508 * Simply return. 8509 */ 8510 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) { 8511 if (adv_instance->pending) { 8512 mgmt_advertising_added(sk, hdev, cp->instance); 8513 adv_instance->pending = false; 8514 } 8515 rp.instance = cp->instance; 8516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA, 8517 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8518 goto unlock; 8519 } 8520 8521 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data, 8522 data_len); 8523 if (!cmd) { 8524 err = -ENOMEM; 8525 goto clear_new_instance; 8526 } 8527 8528 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd, 8529 add_ext_adv_data_complete); 8530 if (err < 0) { 8531 mgmt_pending_free(cmd); 8532 goto clear_new_instance; 8533 } 8534 8535 /* We were successful in updating data, so trigger advertising_added 8536 * event if this is an instance that wasn't previously advertising. If 8537 * a failure occurs in the requests we initiated, we will remove the 8538 * instance again in add_advertising_complete 8539 */ 8540 if (adv_instance->pending) 8541 mgmt_advertising_added(sk, hdev, cp->instance); 8542 8543 goto unlock; 8544 8545clear_new_instance: 8546 hci_remove_adv_instance(hdev, cp->instance); 8547 8548unlock: 8549 hci_dev_unlock(hdev); 8550 8551 return err; 8552} 8553 8554static void remove_advertising_complete(struct hci_dev *hdev, void *data, 8555 int err) 8556{ 8557 struct mgmt_pending_cmd *cmd = data; 8558 struct mgmt_cp_remove_advertising *cp = cmd->param; 8559 struct mgmt_rp_remove_advertising rp; 8560 8561 bt_dev_dbg(hdev, "err %d", err); 8562 8563 memset(&rp, 0, sizeof(rp)); 8564 rp.instance = cp->instance; 8565 8566 if (err) 8567 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, 8568 mgmt_status(err)); 8569 else 8570 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, 8571 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8572 8573 mgmt_pending_free(cmd); 8574} 8575 8576static int remove_advertising_sync(struct hci_dev *hdev, void *data) 8577{ 8578 struct mgmt_pending_cmd *cmd = data; 8579 struct mgmt_cp_remove_advertising *cp = cmd->param; 8580 int err; 8581 8582 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true); 8583 if (err) 8584 return err; 8585 8586 if (list_empty(&hdev->adv_instances)) 8587 err = hci_disable_advertising_sync(hdev); 8588 8589 return err; 8590} 8591 8592static int remove_advertising(struct sock *sk, struct hci_dev *hdev, 8593 void *data, u16 data_len) 8594{ 8595 struct mgmt_cp_remove_advertising *cp = data; 8596 struct mgmt_pending_cmd *cmd; 8597 int err; 8598 8599 bt_dev_dbg(hdev, "sock %p", sk); 8600 8601 hci_dev_lock(hdev); 8602 8603 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { 8604 err = mgmt_cmd_status(sk, hdev->id, 8605 MGMT_OP_REMOVE_ADVERTISING, 8606 MGMT_STATUS_INVALID_PARAMS); 8607 goto unlock; 8608 } 8609 8610 if (pending_find(MGMT_OP_SET_LE, hdev)) { 8611 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 8612 MGMT_STATUS_BUSY); 8613 goto unlock; 8614 } 8615 8616 if (list_empty(&hdev->adv_instances)) { 8617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 8618 MGMT_STATUS_INVALID_PARAMS); 8619 goto unlock; 8620 } 8621 8622 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data, 8623 data_len); 8624 if (!cmd) { 8625 err = -ENOMEM; 8626 goto unlock; 8627 } 8628 8629 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd, 8630 remove_advertising_complete); 8631 if (err < 0) 8632 mgmt_pending_free(cmd); 8633 8634unlock: 8635 hci_dev_unlock(hdev); 8636 8637 return err; 8638} 8639 8640static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev, 8641 void *data, u16 data_len) 8642{ 8643 struct mgmt_cp_get_adv_size_info *cp = data; 8644 struct mgmt_rp_get_adv_size_info rp; 8645 u32 flags, supported_flags; 8646 8647 bt_dev_dbg(hdev, "sock %p", sk); 8648 8649 if (!lmp_le_capable(hdev)) 8650 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8651 MGMT_STATUS_REJECTED); 8652 8653 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets) 8654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8655 MGMT_STATUS_INVALID_PARAMS); 8656 8657 flags = __le32_to_cpu(cp->flags); 8658 8659 /* The current implementation only supports a subset of the specified 8660 * flags. 8661 */ 8662 supported_flags = get_supported_adv_flags(hdev); 8663 if (flags & ~supported_flags) 8664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8665 MGMT_STATUS_INVALID_PARAMS); 8666 8667 rp.instance = cp->instance; 8668 rp.flags = cp->flags; 8669 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true); 8670 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false); 8671 8672 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO, 8673 MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 8674} 8675 8676static const struct hci_mgmt_handler mgmt_handlers[] = { 8677 { NULL }, /* 0x0000 (no command) */ 8678 { read_version, MGMT_READ_VERSION_SIZE, 8679 HCI_MGMT_NO_HDEV | 8680 HCI_MGMT_UNTRUSTED }, 8681 { read_commands, MGMT_READ_COMMANDS_SIZE, 8682 HCI_MGMT_NO_HDEV | 8683 HCI_MGMT_UNTRUSTED }, 8684 { read_index_list, MGMT_READ_INDEX_LIST_SIZE, 8685 HCI_MGMT_NO_HDEV | 8686 HCI_MGMT_UNTRUSTED }, 8687 { read_controller_info, MGMT_READ_INFO_SIZE, 8688 HCI_MGMT_UNTRUSTED }, 8689 { set_powered, MGMT_SETTING_SIZE }, 8690 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE }, 8691 { set_connectable, MGMT_SETTING_SIZE }, 8692 { set_fast_connectable, MGMT_SETTING_SIZE }, 8693 { set_bondable, MGMT_SETTING_SIZE }, 8694 { set_link_security, MGMT_SETTING_SIZE }, 8695 { set_ssp, MGMT_SETTING_SIZE }, 8696 { set_hs, MGMT_SETTING_SIZE }, 8697 { set_le, MGMT_SETTING_SIZE }, 8698 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE }, 8699 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE }, 8700 { add_uuid, MGMT_ADD_UUID_SIZE }, 8701 { remove_uuid, MGMT_REMOVE_UUID_SIZE }, 8702 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE, 8703 HCI_MGMT_VAR_LEN }, 8704 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE, 8705 HCI_MGMT_VAR_LEN }, 8706 { disconnect, MGMT_DISCONNECT_SIZE }, 8707 { get_connections, MGMT_GET_CONNECTIONS_SIZE }, 8708 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE }, 8709 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE }, 8710 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE }, 8711 { pair_device, MGMT_PAIR_DEVICE_SIZE }, 8712 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE }, 8713 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE }, 8714 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE }, 8715 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE }, 8716 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE }, 8717 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, 8718 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE }, 8719 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE, 8720 HCI_MGMT_VAR_LEN }, 8721 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, 8722 { start_discovery, MGMT_START_DISCOVERY_SIZE }, 8723 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE }, 8724 { confirm_name, MGMT_CONFIRM_NAME_SIZE }, 8725 { block_device, MGMT_BLOCK_DEVICE_SIZE }, 8726 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE }, 8727 { set_device_id, MGMT_SET_DEVICE_ID_SIZE }, 8728 { set_advertising, MGMT_SETTING_SIZE }, 8729 { set_bredr, MGMT_SETTING_SIZE }, 8730 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE }, 8731 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE }, 8732 { set_secure_conn, MGMT_SETTING_SIZE }, 8733 { set_debug_keys, MGMT_SETTING_SIZE }, 8734 { set_privacy, MGMT_SET_PRIVACY_SIZE }, 8735 { load_irks, MGMT_LOAD_IRKS_SIZE, 8736 HCI_MGMT_VAR_LEN }, 8737 { get_conn_info, MGMT_GET_CONN_INFO_SIZE }, 8738 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE }, 8739 { add_device, MGMT_ADD_DEVICE_SIZE }, 8740 { remove_device, MGMT_REMOVE_DEVICE_SIZE }, 8741 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE, 8742 HCI_MGMT_VAR_LEN }, 8743 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE, 8744 HCI_MGMT_NO_HDEV | 8745 HCI_MGMT_UNTRUSTED }, 8746 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE, 8747 HCI_MGMT_UNCONFIGURED | 8748 HCI_MGMT_UNTRUSTED }, 8749 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE, 8750 HCI_MGMT_UNCONFIGURED }, 8751 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE, 8752 HCI_MGMT_UNCONFIGURED }, 8753 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE, 8754 HCI_MGMT_VAR_LEN }, 8755 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE }, 8756 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE, 8757 HCI_MGMT_NO_HDEV | 8758 HCI_MGMT_UNTRUSTED }, 8759 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE }, 8760 { add_advertising, MGMT_ADD_ADVERTISING_SIZE, 8761 HCI_MGMT_VAR_LEN }, 8762 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE }, 8763 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE }, 8764 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE }, 8765 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 8766 HCI_MGMT_UNTRUSTED }, 8767 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 8768 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE }, 8769 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE }, 8770 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE, 8771 HCI_MGMT_VAR_LEN }, 8772 { set_wideband_speech, MGMT_SETTING_SIZE }, 8773 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE, 8774 HCI_MGMT_UNTRUSTED }, 8775 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE, 8776 HCI_MGMT_UNTRUSTED | 8777 HCI_MGMT_HDEV_OPTIONAL }, 8778 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 8779 HCI_MGMT_VAR_LEN | 8780 HCI_MGMT_HDEV_OPTIONAL }, 8781 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 8782 HCI_MGMT_UNTRUSTED }, 8783 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 8784 HCI_MGMT_VAR_LEN }, 8785 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 8786 HCI_MGMT_UNTRUSTED }, 8787 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 8788 HCI_MGMT_VAR_LEN }, 8789 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 8790 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 8791 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 8792 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 8793 HCI_MGMT_VAR_LEN }, 8794 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 8795 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE, 8796 HCI_MGMT_VAR_LEN }, 8797 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE, 8798 HCI_MGMT_VAR_LEN }, 8799 { add_adv_patterns_monitor_rssi, 8800 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE, 8801 HCI_MGMT_VAR_LEN }, 8802}; 8803 8804void mgmt_index_added(struct hci_dev *hdev) 8805{ 8806 struct mgmt_ev_ext_index ev; 8807 8808 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 8809 return; 8810 8811 switch (hdev->dev_type) { 8812 case HCI_PRIMARY: 8813 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 8814 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, 8815 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 8816 ev.type = 0x01; 8817 } else { 8818 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, 8819 HCI_MGMT_INDEX_EVENTS); 8820 ev.type = 0x00; 8821 } 8822 break; 8823 case HCI_AMP: 8824 ev.type = 0x02; 8825 break; 8826 default: 8827 return; 8828 } 8829 8830 ev.bus = hdev->bus; 8831 8832 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev), 8833 HCI_MGMT_EXT_INDEX_EVENTS); 8834} 8835 8836void mgmt_index_removed(struct hci_dev *hdev) 8837{ 8838 struct mgmt_ev_ext_index ev; 8839 u8 status = MGMT_STATUS_INVALID_INDEX; 8840 8841 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 8842 return; 8843 8844 switch (hdev->dev_type) { 8845 case HCI_PRIMARY: 8846 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 8847 8848 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) { 8849 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, 8850 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS); 8851 ev.type = 0x01; 8852 } else { 8853 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, 8854 HCI_MGMT_INDEX_EVENTS); 8855 ev.type = 0x00; 8856 } 8857 break; 8858 case HCI_AMP: 8859 ev.type = 0x02; 8860 break; 8861 default: 8862 return; 8863 } 8864 8865 ev.bus = hdev->bus; 8866 8867 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev), 8868 HCI_MGMT_EXT_INDEX_EVENTS); 8869} 8870 8871void mgmt_power_on(struct hci_dev *hdev, int err) 8872{ 8873 struct cmd_lookup match = { NULL, hdev }; 8874 8875 bt_dev_dbg(hdev, "err %d", err); 8876 8877 hci_dev_lock(hdev); 8878 8879 if (!err) { 8880 restart_le_actions(hdev); 8881 hci_update_passive_scan(hdev); 8882 } 8883 8884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 8885 8886 new_settings(hdev, match.sk); 8887 8888 if (match.sk) 8889 sock_put(match.sk); 8890 8891 hci_dev_unlock(hdev); 8892} 8893 8894void __mgmt_power_off(struct hci_dev *hdev) 8895{ 8896 struct cmd_lookup match = { NULL, hdev }; 8897 u8 status, zero_cod[] = { 0, 0, 0 }; 8898 8899 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 8900 8901 /* If the power off is because of hdev unregistration let 8902 * use the appropriate INVALID_INDEX status. Otherwise use 8903 * NOT_POWERED. We cover both scenarios here since later in 8904 * mgmt_index_removed() any hci_conn callbacks will have already 8905 * been triggered, potentially causing misleading DISCONNECTED 8906 * status responses. 8907 */ 8908 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) 8909 status = MGMT_STATUS_INVALID_INDEX; 8910 else 8911 status = MGMT_STATUS_NOT_POWERED; 8912 8913 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); 8914 8915 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) { 8916 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, 8917 zero_cod, sizeof(zero_cod), 8918 HCI_MGMT_DEV_CLASS_EVENTS, NULL); 8919 ext_info_changed(hdev, NULL); 8920 } 8921 8922 new_settings(hdev, match.sk); 8923 8924 if (match.sk) 8925 sock_put(match.sk); 8926} 8927 8928void mgmt_set_powered_failed(struct hci_dev *hdev, int err) 8929{ 8930 struct mgmt_pending_cmd *cmd; 8931 u8 status; 8932 8933 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 8934 if (!cmd) 8935 return; 8936 8937 if (err == -ERFKILL) 8938 status = MGMT_STATUS_RFKILLED; 8939 else 8940 status = MGMT_STATUS_FAILED; 8941 8942 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 8943 8944 mgmt_pending_remove(cmd); 8945} 8946 8947void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 8948 bool persistent) 8949{ 8950 struct mgmt_ev_new_link_key ev; 8951 8952 memset(&ev, 0, sizeof(ev)); 8953 8954 ev.store_hint = persistent; 8955 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 8956 ev.key.addr.type = BDADDR_BREDR; 8957 ev.key.type = key->type; 8958 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); 8959 ev.key.pin_len = key->pin_len; 8960 8961 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 8962} 8963 8964static u8 mgmt_ltk_type(struct smp_ltk *ltk) 8965{ 8966 switch (ltk->type) { 8967 case SMP_LTK: 8968 case SMP_LTK_RESPONDER: 8969 if (ltk->authenticated) 8970 return MGMT_LTK_AUTHENTICATED; 8971 return MGMT_LTK_UNAUTHENTICATED; 8972 case SMP_LTK_P256: 8973 if (ltk->authenticated) 8974 return MGMT_LTK_P256_AUTH; 8975 return MGMT_LTK_P256_UNAUTH; 8976 case SMP_LTK_P256_DEBUG: 8977 return MGMT_LTK_P256_DEBUG; 8978 } 8979 8980 return MGMT_LTK_UNAUTHENTICATED; 8981} 8982 8983void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) 8984{ 8985 struct mgmt_ev_new_long_term_key ev; 8986 8987 memset(&ev, 0, sizeof(ev)); 8988 8989 /* Devices using resolvable or non-resolvable random addresses 8990 * without providing an identity resolving key don't require 8991 * to store long term keys. Their addresses will change the 8992 * next time around. 8993 * 8994 * Only when a remote device provides an identity address 8995 * make sure the long term key is stored. If the remote 8996 * identity is known, the long term keys are internally 8997 * mapped to the identity address. So allow static random 8998 * and public addresses here. 8999 */ 9000 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && 9001 (key->bdaddr.b[5] & 0xc0) != 0xc0) 9002 ev.store_hint = 0x00; 9003 else 9004 ev.store_hint = persistent; 9005 9006 bacpy(&ev.key.addr.bdaddr, &key->bdaddr); 9007 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); 9008 ev.key.type = mgmt_ltk_type(key); 9009 ev.key.enc_size = key->enc_size; 9010 ev.key.ediv = key->ediv; 9011 ev.key.rand = key->rand; 9012 9013 if (key->type == SMP_LTK) 9014 ev.key.initiator = 1; 9015 9016 /* Make sure we copy only the significant bytes based on the 9017 * encryption key size, and set the rest of the value to zeroes. 9018 */ 9019 memcpy(ev.key.val, key->val, key->enc_size); 9020 memset(ev.key.val + key->enc_size, 0, 9021 sizeof(ev.key.val) - key->enc_size); 9022 9023 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); 9024} 9025 9026void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent) 9027{ 9028 struct mgmt_ev_new_irk ev; 9029 9030 memset(&ev, 0, sizeof(ev)); 9031 9032 ev.store_hint = persistent; 9033 9034 bacpy(&ev.rpa, &irk->rpa); 9035 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); 9036 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); 9037 memcpy(ev.irk.val, irk->val, sizeof(irk->val)); 9038 9039 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); 9040} 9041 9042void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk, 9043 bool persistent) 9044{ 9045 struct mgmt_ev_new_csrk ev; 9046 9047 memset(&ev, 0, sizeof(ev)); 9048 9049 /* Devices using resolvable or non-resolvable random addresses 9050 * without providing an identity resolving key don't require 9051 * to store signature resolving keys. Their addresses will change 9052 * the next time around. 9053 * 9054 * Only when a remote device provides an identity address 9055 * make sure the signature resolving key is stored. So allow 9056 * static random and public addresses here. 9057 */ 9058 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM && 9059 (csrk->bdaddr.b[5] & 0xc0) != 0xc0) 9060 ev.store_hint = 0x00; 9061 else 9062 ev.store_hint = persistent; 9063 9064 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); 9065 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); 9066 ev.key.type = csrk->type; 9067 memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); 9068 9069 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL); 9070} 9071 9072void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr, 9073 u8 bdaddr_type, u8 store_hint, u16 min_interval, 9074 u16 max_interval, u16 latency, u16 timeout) 9075{ 9076 struct mgmt_ev_new_conn_param ev; 9077 9078 if (!hci_is_identity_address(bdaddr, bdaddr_type)) 9079 return; 9080 9081 memset(&ev, 0, sizeof(ev)); 9082 bacpy(&ev.addr.bdaddr, bdaddr); 9083 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type); 9084 ev.store_hint = store_hint; 9085 ev.min_interval = cpu_to_le16(min_interval); 9086 ev.max_interval = cpu_to_le16(max_interval); 9087 ev.latency = cpu_to_le16(latency); 9088 ev.timeout = cpu_to_le16(timeout); 9089 9090 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL); 9091} 9092 9093void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn, 9094 u8 *name, u8 name_len) 9095{ 9096 struct sk_buff *skb; 9097 struct mgmt_ev_device_connected *ev; 9098 u16 eir_len = 0; 9099 u32 flags = 0; 9100 9101 /* allocate buff for LE or BR/EDR adv */ 9102 if (conn->le_adv_data_len > 0) 9103 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9104 sizeof(*ev) + conn->le_adv_data_len); 9105 else 9106 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED, 9107 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) + 9108 eir_precalc_len(sizeof(conn->dev_class))); 9109 9110 ev = skb_put(skb, sizeof(*ev)); 9111 bacpy(&ev->addr.bdaddr, &conn->dst); 9112 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9113 9114 if (conn->out) 9115 flags |= MGMT_DEV_FOUND_INITIATED_CONN; 9116 9117 ev->flags = __cpu_to_le32(flags); 9118 9119 /* We must ensure that the EIR Data fields are ordered and 9120 * unique. Keep it simple for now and avoid the problem by not 9121 * adding any BR/EDR data to the LE adv. 9122 */ 9123 if (conn->le_adv_data_len > 0) { 9124 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len); 9125 eir_len = conn->le_adv_data_len; 9126 } else { 9127 if (name) 9128 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 9129 9130 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class))) 9131 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV, 9132 conn->dev_class, sizeof(conn->dev_class)); 9133 } 9134 9135 ev->eir_len = cpu_to_le16(eir_len); 9136 9137 mgmt_event_skb(skb, NULL); 9138} 9139 9140static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data) 9141{ 9142 struct sock **sk = data; 9143 9144 cmd->cmd_complete(cmd, 0); 9145 9146 *sk = cmd->sk; 9147 sock_hold(*sk); 9148 9149 mgmt_pending_remove(cmd); 9150} 9151 9152static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data) 9153{ 9154 struct hci_dev *hdev = data; 9155 struct mgmt_cp_unpair_device *cp = cmd->param; 9156 9157 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk); 9158 9159 cmd->cmd_complete(cmd, 0); 9160 mgmt_pending_remove(cmd); 9161} 9162 9163bool mgmt_powering_down(struct hci_dev *hdev) 9164{ 9165 struct mgmt_pending_cmd *cmd; 9166 struct mgmt_mode *cp; 9167 9168 cmd = pending_find(MGMT_OP_SET_POWERED, hdev); 9169 if (!cmd) 9170 return false; 9171 9172 cp = cmd->param; 9173 if (!cp->val) 9174 return true; 9175 9176 return false; 9177} 9178 9179void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 9180 u8 link_type, u8 addr_type, u8 reason, 9181 bool mgmt_connected) 9182{ 9183 struct mgmt_ev_device_disconnected ev; 9184 struct sock *sk = NULL; 9185 9186 /* The connection is still in hci_conn_hash so test for 1 9187 * instead of 0 to know if this is the last one. 9188 */ 9189 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9190 cancel_delayed_work(&hdev->power_off); 9191 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9192 } 9193 9194 if (!mgmt_connected) 9195 return; 9196 9197 if (link_type != ACL_LINK && link_type != LE_LINK) 9198 return; 9199 9200 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 9201 9202 bacpy(&ev.addr.bdaddr, bdaddr); 9203 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9204 ev.reason = reason; 9205 9206 /* Report disconnects due to suspend */ 9207 if (hdev->suspended) 9208 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND; 9209 9210 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 9211 9212 if (sk) 9213 sock_put(sk); 9214 9215 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9216 hdev); 9217} 9218 9219void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 9220 u8 link_type, u8 addr_type, u8 status) 9221{ 9222 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type); 9223 struct mgmt_cp_disconnect *cp; 9224 struct mgmt_pending_cmd *cmd; 9225 9226 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 9227 hdev); 9228 9229 cmd = pending_find(MGMT_OP_DISCONNECT, hdev); 9230 if (!cmd) 9231 return; 9232 9233 cp = cmd->param; 9234 9235 if (bacmp(bdaddr, &cp->addr.bdaddr)) 9236 return; 9237 9238 if (cp->addr.type != bdaddr_type) 9239 return; 9240 9241 cmd->cmd_complete(cmd, mgmt_status(status)); 9242 mgmt_pending_remove(cmd); 9243} 9244 9245void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9246 u8 addr_type, u8 status) 9247{ 9248 struct mgmt_ev_connect_failed ev; 9249 9250 /* The connection is still in hci_conn_hash so test for 1 9251 * instead of 0 to know if this is the last one. 9252 */ 9253 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) { 9254 cancel_delayed_work(&hdev->power_off); 9255 queue_work(hdev->req_workqueue, &hdev->power_off.work); 9256 } 9257 9258 bacpy(&ev.addr.bdaddr, bdaddr); 9259 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9260 ev.status = mgmt_status(status); 9261 9262 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 9263} 9264 9265void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 9266{ 9267 struct mgmt_ev_pin_code_request ev; 9268 9269 bacpy(&ev.addr.bdaddr, bdaddr); 9270 ev.addr.type = BDADDR_BREDR; 9271 ev.secure = secure; 9272 9273 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL); 9274} 9275 9276void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9277 u8 status) 9278{ 9279 struct mgmt_pending_cmd *cmd; 9280 9281 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 9282 if (!cmd) 9283 return; 9284 9285 cmd->cmd_complete(cmd, mgmt_status(status)); 9286 mgmt_pending_remove(cmd); 9287} 9288 9289void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9290 u8 status) 9291{ 9292 struct mgmt_pending_cmd *cmd; 9293 9294 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 9295 if (!cmd) 9296 return; 9297 9298 cmd->cmd_complete(cmd, mgmt_status(status)); 9299 mgmt_pending_remove(cmd); 9300} 9301 9302int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9303 u8 link_type, u8 addr_type, u32 value, 9304 u8 confirm_hint) 9305{ 9306 struct mgmt_ev_user_confirm_request ev; 9307 9308 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9309 9310 bacpy(&ev.addr.bdaddr, bdaddr); 9311 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9312 ev.confirm_hint = confirm_hint; 9313 ev.value = cpu_to_le32(value); 9314 9315 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 9316 NULL); 9317} 9318 9319int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 9320 u8 link_type, u8 addr_type) 9321{ 9322 struct mgmt_ev_user_passkey_request ev; 9323 9324 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9325 9326 bacpy(&ev.addr.bdaddr, bdaddr); 9327 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9328 9329 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 9330 NULL); 9331} 9332 9333static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9334 u8 link_type, u8 addr_type, u8 status, 9335 u8 opcode) 9336{ 9337 struct mgmt_pending_cmd *cmd; 9338 9339 cmd = pending_find(opcode, hdev); 9340 if (!cmd) 9341 return -ENOENT; 9342 9343 cmd->cmd_complete(cmd, mgmt_status(status)); 9344 mgmt_pending_remove(cmd); 9345 9346 return 0; 9347} 9348 9349int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9350 u8 link_type, u8 addr_type, u8 status) 9351{ 9352 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9353 status, MGMT_OP_USER_CONFIRM_REPLY); 9354} 9355 9356int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9357 u8 link_type, u8 addr_type, u8 status) 9358{ 9359 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9360 status, 9361 MGMT_OP_USER_CONFIRM_NEG_REPLY); 9362} 9363 9364int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9365 u8 link_type, u8 addr_type, u8 status) 9366{ 9367 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9368 status, MGMT_OP_USER_PASSKEY_REPLY); 9369} 9370 9371int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 9372 u8 link_type, u8 addr_type, u8 status) 9373{ 9374 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type, 9375 status, 9376 MGMT_OP_USER_PASSKEY_NEG_REPLY); 9377} 9378 9379int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr, 9380 u8 link_type, u8 addr_type, u32 passkey, 9381 u8 entered) 9382{ 9383 struct mgmt_ev_passkey_notify ev; 9384 9385 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr); 9386 9387 bacpy(&ev.addr.bdaddr, bdaddr); 9388 ev.addr.type = link_to_bdaddr(link_type, addr_type); 9389 ev.passkey = __cpu_to_le32(passkey); 9390 ev.entered = entered; 9391 9392 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL); 9393} 9394 9395void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) 9396{ 9397 struct mgmt_ev_auth_failed ev; 9398 struct mgmt_pending_cmd *cmd; 9399 u8 status = mgmt_status(hci_status); 9400 9401 bacpy(&ev.addr.bdaddr, &conn->dst); 9402 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type); 9403 ev.status = status; 9404 9405 cmd = find_pairing(conn); 9406 9407 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), 9408 cmd ? cmd->sk : NULL); 9409 9410 if (cmd) { 9411 cmd->cmd_complete(cmd, status); 9412 mgmt_pending_remove(cmd); 9413 } 9414} 9415 9416void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) 9417{ 9418 struct cmd_lookup match = { NULL, hdev }; 9419 bool changed; 9420 9421 if (status) { 9422 u8 mgmt_err = mgmt_status(status); 9423 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, 9424 cmd_status_rsp, &mgmt_err); 9425 return; 9426 } 9427 9428 if (test_bit(HCI_AUTH, &hdev->flags)) 9429 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY); 9430 else 9431 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY); 9432 9433 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp, 9434 &match); 9435 9436 if (changed) 9437 new_settings(hdev, match.sk); 9438 9439 if (match.sk) 9440 sock_put(match.sk); 9441} 9442 9443static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data) 9444{ 9445 struct cmd_lookup *match = data; 9446 9447 if (match->sk == NULL) { 9448 match->sk = cmd->sk; 9449 sock_hold(match->sk); 9450 } 9451} 9452 9453void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class, 9454 u8 status) 9455{ 9456 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) }; 9457 9458 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match); 9459 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match); 9460 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match); 9461 9462 if (!status) { 9463 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 9464 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL); 9465 ext_info_changed(hdev, NULL); 9466 } 9467 9468 if (match.sk) 9469 sock_put(match.sk); 9470} 9471 9472void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 9473{ 9474 struct mgmt_cp_set_local_name ev; 9475 struct mgmt_pending_cmd *cmd; 9476 9477 if (status) 9478 return; 9479 9480 memset(&ev, 0, sizeof(ev)); 9481 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 9482 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH); 9483 9484 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 9485 if (!cmd) { 9486 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name)); 9487 9488 /* If this is a HCI command related to powering on the 9489 * HCI dev don't send any mgmt signals. 9490 */ 9491 if (pending_find(MGMT_OP_SET_POWERED, hdev)) 9492 return; 9493 } 9494 9495 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 9496 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL); 9497 ext_info_changed(hdev, cmd ? cmd->sk : NULL); 9498} 9499 9500static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16]) 9501{ 9502 int i; 9503 9504 for (i = 0; i < uuid_count; i++) { 9505 if (!memcmp(uuid, uuids[i], 16)) 9506 return true; 9507 } 9508 9509 return false; 9510} 9511 9512static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16]) 9513{ 9514 u16 parsed = 0; 9515 9516 while (parsed < eir_len) { 9517 u8 field_len = eir[0]; 9518 u8 uuid[16]; 9519 int i; 9520 9521 if (field_len == 0) 9522 break; 9523 9524 if (eir_len - parsed < field_len + 1) 9525 break; 9526 9527 switch (eir[1]) { 9528 case EIR_UUID16_ALL: 9529 case EIR_UUID16_SOME: 9530 for (i = 0; i + 3 <= field_len; i += 2) { 9531 memcpy(uuid, bluetooth_base_uuid, 16); 9532 uuid[13] = eir[i + 3]; 9533 uuid[12] = eir[i + 2]; 9534 if (has_uuid(uuid, uuid_count, uuids)) 9535 return true; 9536 } 9537 break; 9538 case EIR_UUID32_ALL: 9539 case EIR_UUID32_SOME: 9540 for (i = 0; i + 5 <= field_len; i += 4) { 9541 memcpy(uuid, bluetooth_base_uuid, 16); 9542 uuid[15] = eir[i + 5]; 9543 uuid[14] = eir[i + 4]; 9544 uuid[13] = eir[i + 3]; 9545 uuid[12] = eir[i + 2]; 9546 if (has_uuid(uuid, uuid_count, uuids)) 9547 return true; 9548 } 9549 break; 9550 case EIR_UUID128_ALL: 9551 case EIR_UUID128_SOME: 9552 for (i = 0; i + 17 <= field_len; i += 16) { 9553 memcpy(uuid, eir + i + 2, 16); 9554 if (has_uuid(uuid, uuid_count, uuids)) 9555 return true; 9556 } 9557 break; 9558 } 9559 9560 parsed += field_len + 1; 9561 eir += field_len + 1; 9562 } 9563 9564 return false; 9565} 9566 9567static void restart_le_scan(struct hci_dev *hdev) 9568{ 9569 /* If controller is not scanning we are done. */ 9570 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 9571 return; 9572 9573 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 9574 hdev->discovery.scan_start + 9575 hdev->discovery.scan_duration)) 9576 return; 9577 9578 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 9579 DISCOV_LE_RESTART_DELAY); 9580} 9581 9582static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 9583 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 9584{ 9585 /* If a RSSI threshold has been specified, and 9586 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with 9587 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk 9588 * is set, let it through for further processing, as we might need to 9589 * restart the scan. 9590 * 9591 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry, 9592 * the results are also dropped. 9593 */ 9594 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 9595 (rssi == HCI_RSSI_INVALID || 9596 (rssi < hdev->discovery.rssi && 9597 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)))) 9598 return false; 9599 9600 if (hdev->discovery.uuid_count != 0) { 9601 /* If a list of UUIDs is provided in filter, results with no 9602 * matching UUID should be dropped. 9603 */ 9604 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count, 9605 hdev->discovery.uuids) && 9606 !eir_has_uuids(scan_rsp, scan_rsp_len, 9607 hdev->discovery.uuid_count, 9608 hdev->discovery.uuids)) 9609 return false; 9610 } 9611 9612 /* If duplicate filtering does not report RSSI changes, then restart 9613 * scanning to ensure updated result with updated RSSI values. 9614 */ 9615 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 9616 restart_le_scan(hdev); 9617 9618 /* Validate RSSI value against the RSSI threshold once more. */ 9619 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 9620 rssi < hdev->discovery.rssi) 9621 return false; 9622 } 9623 9624 return true; 9625} 9626 9627void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle, 9628 bdaddr_t *bdaddr, u8 addr_type) 9629{ 9630 struct mgmt_ev_adv_monitor_device_lost ev; 9631 9632 ev.monitor_handle = cpu_to_le16(handle); 9633 bacpy(&ev.addr.bdaddr, bdaddr); 9634 ev.addr.type = addr_type; 9635 9636 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev), 9637 NULL); 9638} 9639 9640static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev, 9641 struct sk_buff *skb, 9642 struct sock *skip_sk, 9643 u16 handle) 9644{ 9645 struct sk_buff *advmon_skb; 9646 size_t advmon_skb_len; 9647 __le16 *monitor_handle; 9648 9649 if (!skb) 9650 return; 9651 9652 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) - 9653 sizeof(struct mgmt_ev_device_found)) + skb->len; 9654 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND, 9655 advmon_skb_len); 9656 if (!advmon_skb) 9657 return; 9658 9659 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except 9660 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and 9661 * store monitor_handle of the matched monitor. 9662 */ 9663 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle)); 9664 *monitor_handle = cpu_to_le16(handle); 9665 skb_put_data(advmon_skb, skb->data, skb->len); 9666 9667 mgmt_event_skb(advmon_skb, skip_sk); 9668} 9669 9670static void mgmt_adv_monitor_device_found(struct hci_dev *hdev, 9671 bdaddr_t *bdaddr, bool report_device, 9672 struct sk_buff *skb, 9673 struct sock *skip_sk) 9674{ 9675 struct monitored_device *dev, *tmp; 9676 bool matched = false; 9677 bool notified = false; 9678 9679 /* We have received the Advertisement Report because: 9680 * 1. the kernel has initiated active discovery 9681 * 2. if not, we have pend_le_reports > 0 in which case we are doing 9682 * passive scanning 9683 * 3. if none of the above is true, we have one or more active 9684 * Advertisement Monitor 9685 * 9686 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND 9687 * and report ONLY one advertisement per device for the matched Monitor 9688 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 9689 * 9690 * For case 3, since we are not active scanning and all advertisements 9691 * received are due to a matched Advertisement Monitor, report all 9692 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event. 9693 */ 9694 if (report_device && !hdev->advmon_pend_notify) { 9695 mgmt_event_skb(skb, skip_sk); 9696 return; 9697 } 9698 9699 hdev->advmon_pend_notify = false; 9700 9701 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) { 9702 if (!bacmp(&dev->bdaddr, bdaddr)) { 9703 matched = true; 9704 9705 if (!dev->notified) { 9706 mgmt_send_adv_monitor_device_found(hdev, skb, 9707 skip_sk, 9708 dev->handle); 9709 notified = true; 9710 dev->notified = true; 9711 } 9712 } 9713 9714 if (!dev->notified) 9715 hdev->advmon_pend_notify = true; 9716 } 9717 9718 if (!report_device && 9719 ((matched && !notified) || !msft_monitor_supported(hdev))) { 9720 /* Handle 0 indicates that we are not active scanning and this 9721 * is a subsequent advertisement report for an already matched 9722 * Advertisement Monitor or the controller offloading support 9723 * is not available. 9724 */ 9725 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0); 9726 } 9727 9728 if (report_device) 9729 mgmt_event_skb(skb, skip_sk); 9730 else 9731 kfree_skb(skb); 9732} 9733 9734void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9735 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags, 9736 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 9737{ 9738 struct sk_buff *skb; 9739 struct mgmt_ev_device_found *ev; 9740 bool report_device = hci_discovery_active(hdev); 9741 9742 /* Don't send events for a non-kernel initiated discovery. With 9743 * LE one exception is if we have pend_le_reports > 0 in which 9744 * case we're doing passive scanning and want these events. 9745 */ 9746 if (!hci_discovery_active(hdev)) { 9747 if (link_type == ACL_LINK) 9748 return; 9749 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports)) 9750 report_device = true; 9751 else if (!hci_is_adv_monitoring(hdev)) 9752 return; 9753 } 9754 9755 if (hdev->discovery.result_filtering) { 9756 /* We are using service discovery */ 9757 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp, 9758 scan_rsp_len)) 9759 return; 9760 } 9761 9762 if (hdev->discovery.limited) { 9763 /* Check for limited discoverable bit */ 9764 if (dev_class) { 9765 if (!(dev_class[1] & 0x20)) 9766 return; 9767 } else { 9768 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL); 9769 if (!flags || !(flags[0] & LE_AD_LIMITED)) 9770 return; 9771 } 9772 } 9773 9774 /* Allocate skb. The 5 extra bytes are for the potential CoD field */ 9775 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 9776 sizeof(*ev) + eir_len + scan_rsp_len + 5); 9777 if (!skb) 9778 return; 9779 9780 ev = skb_put(skb, sizeof(*ev)); 9781 9782 /* In case of device discovery with BR/EDR devices (pre 1.2), the 9783 * RSSI value was reported as 0 when not available. This behavior 9784 * is kept when using device discovery. This is required for full 9785 * backwards compatibility with the API. 9786 * 9787 * However when using service discovery, the value 127 will be 9788 * returned when the RSSI is not available. 9789 */ 9790 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi && 9791 link_type == ACL_LINK) 9792 rssi = 0; 9793 9794 bacpy(&ev->addr.bdaddr, bdaddr); 9795 ev->addr.type = link_to_bdaddr(link_type, addr_type); 9796 ev->rssi = rssi; 9797 ev->flags = cpu_to_le32(flags); 9798 9799 if (eir_len > 0) 9800 /* Copy EIR or advertising data into event */ 9801 skb_put_data(skb, eir, eir_len); 9802 9803 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) { 9804 u8 eir_cod[5]; 9805 9806 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV, 9807 dev_class, 3); 9808 skb_put_data(skb, eir_cod, sizeof(eir_cod)); 9809 } 9810 9811 if (scan_rsp_len > 0) 9812 /* Append scan response data to event */ 9813 skb_put_data(skb, scan_rsp, scan_rsp_len); 9814 9815 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len); 9816 9817 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL); 9818} 9819 9820void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 9821 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 9822{ 9823 struct sk_buff *skb; 9824 struct mgmt_ev_device_found *ev; 9825 u16 eir_len = 0; 9826 u32 flags = 0; 9827 9828 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND, 9829 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0)); 9830 9831 ev = skb_put(skb, sizeof(*ev)); 9832 bacpy(&ev->addr.bdaddr, bdaddr); 9833 ev->addr.type = link_to_bdaddr(link_type, addr_type); 9834 ev->rssi = rssi; 9835 9836 if (name) 9837 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len); 9838 else 9839 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED; 9840 9841 ev->eir_len = cpu_to_le16(eir_len); 9842 ev->flags = cpu_to_le32(flags); 9843 9844 mgmt_event_skb(skb, NULL); 9845} 9846 9847void mgmt_discovering(struct hci_dev *hdev, u8 discovering) 9848{ 9849 struct mgmt_ev_discovering ev; 9850 9851 bt_dev_dbg(hdev, "discovering %u", discovering); 9852 9853 memset(&ev, 0, sizeof(ev)); 9854 ev.type = hdev->discovery.type; 9855 ev.discovering = discovering; 9856 9857 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 9858} 9859 9860void mgmt_suspending(struct hci_dev *hdev, u8 state) 9861{ 9862 struct mgmt_ev_controller_suspend ev; 9863 9864 ev.suspend_state = state; 9865 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL); 9866} 9867 9868void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr, 9869 u8 addr_type) 9870{ 9871 struct mgmt_ev_controller_resume ev; 9872 9873 ev.wake_reason = reason; 9874 if (bdaddr) { 9875 bacpy(&ev.addr.bdaddr, bdaddr); 9876 ev.addr.type = addr_type; 9877 } else { 9878 memset(&ev.addr, 0, sizeof(ev.addr)); 9879 } 9880 9881 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL); 9882} 9883 9884static struct hci_mgmt_chan chan = { 9885 .channel = HCI_CHANNEL_CONTROL, 9886 .handler_count = ARRAY_SIZE(mgmt_handlers), 9887 .handlers = mgmt_handlers, 9888 .hdev_init = mgmt_init_hdev, 9889}; 9890 9891int mgmt_init(void) 9892{ 9893 return hci_mgmt_chan_register(&chan); 9894} 9895 9896void mgmt_exit(void) 9897{ 9898 hci_mgmt_chan_unregister(&chan); 9899}