1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
35
36 #include "hci_request.h"
37 #include "smp.h"
38 #include "mgmt_util.h"
39 #include "mgmt_config.h"
40 #include "msft.h"
41 #include "eir.h"
42 #include "aosp.h"
43
44 #define MGMT_VERSION 1
45 #define MGMT_REVISION 22
46
47 static const u16 mgmt_commands[] = {
48 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_READ_INFO,
50 MGMT_OP_SET_POWERED,
51 MGMT_OP_SET_DISCOVERABLE,
52 MGMT_OP_SET_CONNECTABLE,
53 MGMT_OP_SET_FAST_CONNECTABLE,
54 MGMT_OP_SET_BONDABLE,
55 MGMT_OP_SET_LINK_SECURITY,
56 MGMT_OP_SET_SSP,
57 MGMT_OP_SET_HS,
58 MGMT_OP_SET_LE,
59 MGMT_OP_SET_DEV_CLASS,
60 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_ADD_UUID,
62 MGMT_OP_REMOVE_UUID,
63 MGMT_OP_LOAD_LINK_KEYS,
64 MGMT_OP_LOAD_LONG_TERM_KEYS,
65 MGMT_OP_DISCONNECT,
66 MGMT_OP_GET_CONNECTIONS,
67 MGMT_OP_PIN_CODE_REPLY,
68 MGMT_OP_PIN_CODE_NEG_REPLY,
69 MGMT_OP_SET_IO_CAPABILITY,
70 MGMT_OP_PAIR_DEVICE,
71 MGMT_OP_CANCEL_PAIR_DEVICE,
72 MGMT_OP_UNPAIR_DEVICE,
73 MGMT_OP_USER_CONFIRM_REPLY,
74 MGMT_OP_USER_CONFIRM_NEG_REPLY,
75 MGMT_OP_USER_PASSKEY_REPLY,
76 MGMT_OP_USER_PASSKEY_NEG_REPLY,
77 MGMT_OP_READ_LOCAL_OOB_DATA,
78 MGMT_OP_ADD_REMOTE_OOB_DATA,
79 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
80 MGMT_OP_START_DISCOVERY,
81 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_CONFIRM_NAME,
83 MGMT_OP_BLOCK_DEVICE,
84 MGMT_OP_UNBLOCK_DEVICE,
85 MGMT_OP_SET_DEVICE_ID,
86 MGMT_OP_SET_ADVERTISING,
87 MGMT_OP_SET_BREDR,
88 MGMT_OP_SET_STATIC_ADDRESS,
89 MGMT_OP_SET_SCAN_PARAMS,
90 MGMT_OP_SET_SECURE_CONN,
91 MGMT_OP_SET_DEBUG_KEYS,
92 MGMT_OP_SET_PRIVACY,
93 MGMT_OP_LOAD_IRKS,
94 MGMT_OP_GET_CONN_INFO,
95 MGMT_OP_GET_CLOCK_INFO,
96 MGMT_OP_ADD_DEVICE,
97 MGMT_OP_REMOVE_DEVICE,
98 MGMT_OP_LOAD_CONN_PARAM,
99 MGMT_OP_READ_UNCONF_INDEX_LIST,
100 MGMT_OP_READ_CONFIG_INFO,
101 MGMT_OP_SET_EXTERNAL_CONFIG,
102 MGMT_OP_SET_PUBLIC_ADDRESS,
103 MGMT_OP_START_SERVICE_DISCOVERY,
104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
105 MGMT_OP_READ_EXT_INDEX_LIST,
106 MGMT_OP_READ_ADV_FEATURES,
107 MGMT_OP_ADD_ADVERTISING,
108 MGMT_OP_REMOVE_ADVERTISING,
109 MGMT_OP_GET_ADV_SIZE_INFO,
110 MGMT_OP_START_LIMITED_DISCOVERY,
111 MGMT_OP_READ_EXT_INFO,
112 MGMT_OP_SET_APPEARANCE,
113 MGMT_OP_GET_PHY_CONFIGURATION,
114 MGMT_OP_SET_PHY_CONFIGURATION,
115 MGMT_OP_SET_BLOCKED_KEYS,
116 MGMT_OP_SET_WIDEBAND_SPEECH,
117 MGMT_OP_READ_CONTROLLER_CAP,
118 MGMT_OP_READ_EXP_FEATURES_INFO,
119 MGMT_OP_SET_EXP_FEATURE,
120 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
121 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
122 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
123 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
124 MGMT_OP_GET_DEVICE_FLAGS,
125 MGMT_OP_SET_DEVICE_FLAGS,
126 MGMT_OP_READ_ADV_MONITOR_FEATURES,
127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
128 MGMT_OP_REMOVE_ADV_MONITOR,
129 MGMT_OP_ADD_EXT_ADV_PARAMS,
130 MGMT_OP_ADD_EXT_ADV_DATA,
131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
132 MGMT_OP_SET_MESH_RECEIVER,
133 MGMT_OP_MESH_READ_FEATURES,
134 MGMT_OP_MESH_SEND,
135 MGMT_OP_MESH_SEND_CANCEL,
136 };
137
138 static const u16 mgmt_events[] = {
139 MGMT_EV_CONTROLLER_ERROR,
140 MGMT_EV_INDEX_ADDED,
141 MGMT_EV_INDEX_REMOVED,
142 MGMT_EV_NEW_SETTINGS,
143 MGMT_EV_CLASS_OF_DEV_CHANGED,
144 MGMT_EV_LOCAL_NAME_CHANGED,
145 MGMT_EV_NEW_LINK_KEY,
146 MGMT_EV_NEW_LONG_TERM_KEY,
147 MGMT_EV_DEVICE_CONNECTED,
148 MGMT_EV_DEVICE_DISCONNECTED,
149 MGMT_EV_CONNECT_FAILED,
150 MGMT_EV_PIN_CODE_REQUEST,
151 MGMT_EV_USER_CONFIRM_REQUEST,
152 MGMT_EV_USER_PASSKEY_REQUEST,
153 MGMT_EV_AUTH_FAILED,
154 MGMT_EV_DEVICE_FOUND,
155 MGMT_EV_DISCOVERING,
156 MGMT_EV_DEVICE_BLOCKED,
157 MGMT_EV_DEVICE_UNBLOCKED,
158 MGMT_EV_DEVICE_UNPAIRED,
159 MGMT_EV_PASSKEY_NOTIFY,
160 MGMT_EV_NEW_IRK,
161 MGMT_EV_NEW_CSRK,
162 MGMT_EV_DEVICE_ADDED,
163 MGMT_EV_DEVICE_REMOVED,
164 MGMT_EV_NEW_CONN_PARAM,
165 MGMT_EV_UNCONF_INDEX_ADDED,
166 MGMT_EV_UNCONF_INDEX_REMOVED,
167 MGMT_EV_NEW_CONFIG_OPTIONS,
168 MGMT_EV_EXT_INDEX_ADDED,
169 MGMT_EV_EXT_INDEX_REMOVED,
170 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
171 MGMT_EV_ADVERTISING_ADDED,
172 MGMT_EV_ADVERTISING_REMOVED,
173 MGMT_EV_EXT_INFO_CHANGED,
174 MGMT_EV_PHY_CONFIGURATION_CHANGED,
175 MGMT_EV_EXP_FEATURE_CHANGED,
176 MGMT_EV_DEVICE_FLAGS_CHANGED,
177 MGMT_EV_ADV_MONITOR_ADDED,
178 MGMT_EV_ADV_MONITOR_REMOVED,
179 MGMT_EV_CONTROLLER_SUSPEND,
180 MGMT_EV_CONTROLLER_RESUME,
181 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
182 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
183 };
184
185 static const u16 mgmt_untrusted_commands[] = {
186 MGMT_OP_READ_INDEX_LIST,
187 MGMT_OP_READ_INFO,
188 MGMT_OP_READ_UNCONF_INDEX_LIST,
189 MGMT_OP_READ_CONFIG_INFO,
190 MGMT_OP_READ_EXT_INDEX_LIST,
191 MGMT_OP_READ_EXT_INFO,
192 MGMT_OP_READ_CONTROLLER_CAP,
193 MGMT_OP_READ_EXP_FEATURES_INFO,
194 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
195 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
196 };
197
198 static const u16 mgmt_untrusted_events[] = {
199 MGMT_EV_INDEX_ADDED,
200 MGMT_EV_INDEX_REMOVED,
201 MGMT_EV_NEW_SETTINGS,
202 MGMT_EV_CLASS_OF_DEV_CHANGED,
203 MGMT_EV_LOCAL_NAME_CHANGED,
204 MGMT_EV_UNCONF_INDEX_ADDED,
205 MGMT_EV_UNCONF_INDEX_REMOVED,
206 MGMT_EV_NEW_CONFIG_OPTIONS,
207 MGMT_EV_EXT_INDEX_ADDED,
208 MGMT_EV_EXT_INDEX_REMOVED,
209 MGMT_EV_EXT_INFO_CHANGED,
210 MGMT_EV_EXP_FEATURE_CHANGED,
211 };
212
213 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
214
215 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
216 "\x00\x00\x00\x00\x00\x00\x00\x00"
217
218 /* HCI to MGMT error code conversion table */
219 static const u8 mgmt_status_table[] = {
220 MGMT_STATUS_SUCCESS,
221 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
222 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
223 MGMT_STATUS_FAILED, /* Hardware Failure */
224 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
225 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
226 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
227 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
228 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
229 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
230 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
231 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
232 MGMT_STATUS_BUSY, /* Command Disallowed */
233 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
234 MGMT_STATUS_REJECTED, /* Rejected Security */
235 MGMT_STATUS_REJECTED, /* Rejected Personal */
236 MGMT_STATUS_TIMEOUT, /* Host Timeout */
237 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
238 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
239 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
240 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
241 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
242 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
243 MGMT_STATUS_BUSY, /* Repeated Attempts */
244 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
245 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
247 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
248 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
249 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
250 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
251 MGMT_STATUS_FAILED, /* Unspecified Error */
252 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
253 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
254 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
255 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
256 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
257 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
258 MGMT_STATUS_FAILED, /* Unit Link Key Used */
259 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
260 MGMT_STATUS_TIMEOUT, /* Instant Passed */
261 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
262 MGMT_STATUS_FAILED, /* Transaction Collision */
263 MGMT_STATUS_FAILED, /* Reserved for future use */
264 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
265 MGMT_STATUS_REJECTED, /* QoS Rejected */
266 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
267 MGMT_STATUS_REJECTED, /* Insufficient Security */
268 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
269 MGMT_STATUS_FAILED, /* Reserved for future use */
270 MGMT_STATUS_BUSY, /* Role Switch Pending */
271 MGMT_STATUS_FAILED, /* Reserved for future use */
272 MGMT_STATUS_FAILED, /* Slot Violation */
273 MGMT_STATUS_FAILED, /* Role Switch Failed */
274 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
275 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
276 MGMT_STATUS_BUSY, /* Host Busy Pairing */
277 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
278 MGMT_STATUS_BUSY, /* Controller Busy */
279 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
280 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
281 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
282 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
283 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
284 };
285
mgmt_errno_status(int err)286 static u8 mgmt_errno_status(int err)
287 {
288 switch (err) {
289 case 0:
290 return MGMT_STATUS_SUCCESS;
291 case -EPERM:
292 return MGMT_STATUS_REJECTED;
293 case -EINVAL:
294 return MGMT_STATUS_INVALID_PARAMS;
295 case -EOPNOTSUPP:
296 return MGMT_STATUS_NOT_SUPPORTED;
297 case -EBUSY:
298 return MGMT_STATUS_BUSY;
299 case -ETIMEDOUT:
300 return MGMT_STATUS_AUTH_FAILED;
301 case -ENOMEM:
302 return MGMT_STATUS_NO_RESOURCES;
303 case -EISCONN:
304 return MGMT_STATUS_ALREADY_CONNECTED;
305 case -ENOTCONN:
306 return MGMT_STATUS_DISCONNECTED;
307 }
308
309 return MGMT_STATUS_FAILED;
310 }
311
mgmt_status(int err)312 static u8 mgmt_status(int err)
313 {
314 if (err < 0)
315 return mgmt_errno_status(err);
316
317 if (err < ARRAY_SIZE(mgmt_status_table))
318 return mgmt_status_table[err];
319
320 return MGMT_STATUS_FAILED;
321 }
322
mgmt_index_event(u16 event,struct hci_dev * hdev,void * data,u16 len,int flag)323 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
324 u16 len, int flag)
325 {
326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
327 flag, NULL);
328 }
329
mgmt_limited_event(u16 event,struct hci_dev * hdev,void * data,u16 len,int flag,struct sock * skip_sk)330 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
331 u16 len, int flag, struct sock *skip_sk)
332 {
333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
334 flag, skip_sk);
335 }
336
mgmt_event(u16 event,struct hci_dev * hdev,void * data,u16 len,struct sock * skip_sk)337 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
338 struct sock *skip_sk)
339 {
340 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
341 HCI_SOCK_TRUSTED, skip_sk);
342 }
343
mgmt_event_skb(struct sk_buff * skb,struct sock * skip_sk)344 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
345 {
346 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
347 skip_sk);
348 }
349
le_addr_type(u8 mgmt_addr_type)350 static u8 le_addr_type(u8 mgmt_addr_type)
351 {
352 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
353 return ADDR_LE_DEV_PUBLIC;
354 else
355 return ADDR_LE_DEV_RANDOM;
356 }
357
mgmt_fill_version_info(void * ver)358 void mgmt_fill_version_info(void *ver)
359 {
360 struct mgmt_rp_read_version *rp = ver;
361
362 rp->version = MGMT_VERSION;
363 rp->revision = cpu_to_le16(MGMT_REVISION);
364 }
365
read_version(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)366 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
367 u16 data_len)
368 {
369 struct mgmt_rp_read_version rp;
370
371 bt_dev_dbg(hdev, "sock %p", sk);
372
373 mgmt_fill_version_info(&rp);
374
375 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
376 &rp, sizeof(rp));
377 }
378
read_commands(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)379 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
380 u16 data_len)
381 {
382 struct mgmt_rp_read_commands *rp;
383 u16 num_commands, num_events;
384 size_t rp_size;
385 int i, err;
386
387 bt_dev_dbg(hdev, "sock %p", sk);
388
389 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
390 num_commands = ARRAY_SIZE(mgmt_commands);
391 num_events = ARRAY_SIZE(mgmt_events);
392 } else {
393 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
394 num_events = ARRAY_SIZE(mgmt_untrusted_events);
395 }
396
397 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
398
399 rp = kmalloc(rp_size, GFP_KERNEL);
400 if (!rp)
401 return -ENOMEM;
402
403 rp->num_commands = cpu_to_le16(num_commands);
404 rp->num_events = cpu_to_le16(num_events);
405
406 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
407 __le16 *opcode = rp->opcodes;
408
409 for (i = 0; i < num_commands; i++, opcode++)
410 put_unaligned_le16(mgmt_commands[i], opcode);
411
412 for (i = 0; i < num_events; i++, opcode++)
413 put_unaligned_le16(mgmt_events[i], opcode);
414 } else {
415 __le16 *opcode = rp->opcodes;
416
417 for (i = 0; i < num_commands; i++, opcode++)
418 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
419
420 for (i = 0; i < num_events; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
422 }
423
424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
425 rp, rp_size);
426 kfree(rp);
427
428 return err;
429 }
430
read_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)431 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
432 u16 data_len)
433 {
434 struct mgmt_rp_read_index_list *rp;
435 struct hci_dev *d;
436 size_t rp_len;
437 u16 count;
438 int err;
439
440 bt_dev_dbg(hdev, "sock %p", sk);
441
442 read_lock(&hci_dev_list_lock);
443
444 count = 0;
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (d->dev_type == HCI_PRIMARY &&
447 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
448 count++;
449 }
450
451 rp_len = sizeof(*rp) + (2 * count);
452 rp = kmalloc(rp_len, GFP_ATOMIC);
453 if (!rp) {
454 read_unlock(&hci_dev_list_lock);
455 return -ENOMEM;
456 }
457
458 count = 0;
459 list_for_each_entry(d, &hci_dev_list, list) {
460 if (hci_dev_test_flag(d, HCI_SETUP) ||
461 hci_dev_test_flag(d, HCI_CONFIG) ||
462 hci_dev_test_flag(d, HCI_USER_CHANNEL))
463 continue;
464
465 /* Devices marked as raw-only are neither configured
466 * nor unconfigured controllers.
467 */
468 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
469 continue;
470
471 if (d->dev_type == HCI_PRIMARY &&
472 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
473 rp->index[count++] = cpu_to_le16(d->id);
474 bt_dev_dbg(hdev, "Added hci%u", d->id);
475 }
476 }
477
478 rp->num_controllers = cpu_to_le16(count);
479 rp_len = sizeof(*rp) + (2 * count);
480
481 read_unlock(&hci_dev_list_lock);
482
483 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
484 0, rp, rp_len);
485
486 kfree(rp);
487
488 return err;
489 }
490
read_unconf_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)491 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
492 void *data, u16 data_len)
493 {
494 struct mgmt_rp_read_unconf_index_list *rp;
495 struct hci_dev *d;
496 size_t rp_len;
497 u16 count;
498 int err;
499
500 bt_dev_dbg(hdev, "sock %p", sk);
501
502 read_lock(&hci_dev_list_lock);
503
504 count = 0;
505 list_for_each_entry(d, &hci_dev_list, list) {
506 if (d->dev_type == HCI_PRIMARY &&
507 hci_dev_test_flag(d, HCI_UNCONFIGURED))
508 count++;
509 }
510
511 rp_len = sizeof(*rp) + (2 * count);
512 rp = kmalloc(rp_len, GFP_ATOMIC);
513 if (!rp) {
514 read_unlock(&hci_dev_list_lock);
515 return -ENOMEM;
516 }
517
518 count = 0;
519 list_for_each_entry(d, &hci_dev_list, list) {
520 if (hci_dev_test_flag(d, HCI_SETUP) ||
521 hci_dev_test_flag(d, HCI_CONFIG) ||
522 hci_dev_test_flag(d, HCI_USER_CHANNEL))
523 continue;
524
525 /* Devices marked as raw-only are neither configured
526 * nor unconfigured controllers.
527 */
528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
529 continue;
530
531 if (d->dev_type == HCI_PRIMARY &&
532 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
533 rp->index[count++] = cpu_to_le16(d->id);
534 bt_dev_dbg(hdev, "Added hci%u", d->id);
535 }
536 }
537
538 rp->num_controllers = cpu_to_le16(count);
539 rp_len = sizeof(*rp) + (2 * count);
540
541 read_unlock(&hci_dev_list_lock);
542
543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
544 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
545
546 kfree(rp);
547
548 return err;
549 }
550
read_ext_index_list(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)551 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
552 void *data, u16 data_len)
553 {
554 struct mgmt_rp_read_ext_index_list *rp;
555 struct hci_dev *d;
556 u16 count;
557 int err;
558
559 bt_dev_dbg(hdev, "sock %p", sk);
560
561 read_lock(&hci_dev_list_lock);
562
563 count = 0;
564 list_for_each_entry(d, &hci_dev_list, list) {
565 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
566 count++;
567 }
568
569 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
570 if (!rp) {
571 read_unlock(&hci_dev_list_lock);
572 return -ENOMEM;
573 }
574
575 count = 0;
576 list_for_each_entry(d, &hci_dev_list, list) {
577 if (hci_dev_test_flag(d, HCI_SETUP) ||
578 hci_dev_test_flag(d, HCI_CONFIG) ||
579 hci_dev_test_flag(d, HCI_USER_CHANNEL))
580 continue;
581
582 /* Devices marked as raw-only are neither configured
583 * nor unconfigured controllers.
584 */
585 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
586 continue;
587
588 if (d->dev_type == HCI_PRIMARY) {
589 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
590 rp->entry[count].type = 0x01;
591 else
592 rp->entry[count].type = 0x00;
593 } else if (d->dev_type == HCI_AMP) {
594 rp->entry[count].type = 0x02;
595 } else {
596 continue;
597 }
598
599 rp->entry[count].bus = d->bus;
600 rp->entry[count++].index = cpu_to_le16(d->id);
601 bt_dev_dbg(hdev, "Added hci%u", d->id);
602 }
603
604 rp->num_controllers = cpu_to_le16(count);
605
606 read_unlock(&hci_dev_list_lock);
607
608 /* If this command is called at least once, then all the
609 * default index and unconfigured index events are disabled
610 * and from now on only extended index events are used.
611 */
612 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
613 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
614 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
615
616 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
617 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
618 struct_size(rp, entry, count));
619
620 kfree(rp);
621
622 return err;
623 }
624
is_configured(struct hci_dev * hdev)625 static bool is_configured(struct hci_dev *hdev)
626 {
627 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
628 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
629 return false;
630
631 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
632 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
633 !bacmp(&hdev->public_addr, BDADDR_ANY))
634 return false;
635
636 return true;
637 }
638
get_missing_options(struct hci_dev * hdev)639 static __le32 get_missing_options(struct hci_dev *hdev)
640 {
641 u32 options = 0;
642
643 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
644 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
645 options |= MGMT_OPTION_EXTERNAL_CONFIG;
646
647 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
648 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
649 !bacmp(&hdev->public_addr, BDADDR_ANY))
650 options |= MGMT_OPTION_PUBLIC_ADDRESS;
651
652 return cpu_to_le32(options);
653 }
654
new_options(struct hci_dev * hdev,struct sock * skip)655 static int new_options(struct hci_dev *hdev, struct sock *skip)
656 {
657 __le32 options = get_missing_options(hdev);
658
659 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
660 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
661 }
662
send_options_rsp(struct sock * sk,u16 opcode,struct hci_dev * hdev)663 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
664 {
665 __le32 options = get_missing_options(hdev);
666
667 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
668 sizeof(options));
669 }
670
read_config_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)671 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
672 void *data, u16 data_len)
673 {
674 struct mgmt_rp_read_config_info rp;
675 u32 options = 0;
676
677 bt_dev_dbg(hdev, "sock %p", sk);
678
679 hci_dev_lock(hdev);
680
681 memset(&rp, 0, sizeof(rp));
682 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
683
684 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
685 options |= MGMT_OPTION_EXTERNAL_CONFIG;
686
687 if (hdev->set_bdaddr)
688 options |= MGMT_OPTION_PUBLIC_ADDRESS;
689
690 rp.supported_options = cpu_to_le32(options);
691 rp.missing_options = get_missing_options(hdev);
692
693 hci_dev_unlock(hdev);
694
695 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
696 &rp, sizeof(rp));
697 }
698
get_supported_phys(struct hci_dev * hdev)699 static u32 get_supported_phys(struct hci_dev *hdev)
700 {
701 u32 supported_phys = 0;
702
703 if (lmp_bredr_capable(hdev)) {
704 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
705
706 if (hdev->features[0][0] & LMP_3SLOT)
707 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
708
709 if (hdev->features[0][0] & LMP_5SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
711
712 if (lmp_edr_2m_capable(hdev)) {
713 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
714
715 if (lmp_edr_3slot_capable(hdev))
716 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
717
718 if (lmp_edr_5slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
720
721 if (lmp_edr_3m_capable(hdev)) {
722 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
723
724 if (lmp_edr_3slot_capable(hdev))
725 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
726
727 if (lmp_edr_5slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
729 }
730 }
731 }
732
733 if (lmp_le_capable(hdev)) {
734 supported_phys |= MGMT_PHY_LE_1M_TX;
735 supported_phys |= MGMT_PHY_LE_1M_RX;
736
737 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
738 supported_phys |= MGMT_PHY_LE_2M_TX;
739 supported_phys |= MGMT_PHY_LE_2M_RX;
740 }
741
742 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
743 supported_phys |= MGMT_PHY_LE_CODED_TX;
744 supported_phys |= MGMT_PHY_LE_CODED_RX;
745 }
746 }
747
748 return supported_phys;
749 }
750
get_selected_phys(struct hci_dev * hdev)751 static u32 get_selected_phys(struct hci_dev *hdev)
752 {
753 u32 selected_phys = 0;
754
755 if (lmp_bredr_capable(hdev)) {
756 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
757
758 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
759 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
760
761 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
762 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
763
764 if (lmp_edr_2m_capable(hdev)) {
765 if (!(hdev->pkt_type & HCI_2DH1))
766 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
767
768 if (lmp_edr_3slot_capable(hdev) &&
769 !(hdev->pkt_type & HCI_2DH3))
770 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
771
772 if (lmp_edr_5slot_capable(hdev) &&
773 !(hdev->pkt_type & HCI_2DH5))
774 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
775
776 if (lmp_edr_3m_capable(hdev)) {
777 if (!(hdev->pkt_type & HCI_3DH1))
778 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
779
780 if (lmp_edr_3slot_capable(hdev) &&
781 !(hdev->pkt_type & HCI_3DH3))
782 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
783
784 if (lmp_edr_5slot_capable(hdev) &&
785 !(hdev->pkt_type & HCI_3DH5))
786 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
787 }
788 }
789 }
790
791 if (lmp_le_capable(hdev)) {
792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
793 selected_phys |= MGMT_PHY_LE_1M_TX;
794
795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_RX;
797
798 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
799 selected_phys |= MGMT_PHY_LE_2M_TX;
800
801 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_RX;
803
804 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
805 selected_phys |= MGMT_PHY_LE_CODED_TX;
806
807 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_RX;
809 }
810
811 return selected_phys;
812 }
813
get_configurable_phys(struct hci_dev * hdev)814 static u32 get_configurable_phys(struct hci_dev *hdev)
815 {
816 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
817 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
818 }
819
get_supported_settings(struct hci_dev * hdev)820 static u32 get_supported_settings(struct hci_dev *hdev)
821 {
822 u32 settings = 0;
823
824 settings |= MGMT_SETTING_POWERED;
825 settings |= MGMT_SETTING_BONDABLE;
826 settings |= MGMT_SETTING_DEBUG_KEYS;
827 settings |= MGMT_SETTING_CONNECTABLE;
828 settings |= MGMT_SETTING_DISCOVERABLE;
829
830 if (lmp_bredr_capable(hdev)) {
831 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
832 settings |= MGMT_SETTING_FAST_CONNECTABLE;
833 settings |= MGMT_SETTING_BREDR;
834 settings |= MGMT_SETTING_LINK_SECURITY;
835
836 if (lmp_ssp_capable(hdev)) {
837 settings |= MGMT_SETTING_SSP;
838 if (IS_ENABLED(CONFIG_BT_HS))
839 settings |= MGMT_SETTING_HS;
840 }
841
842 if (lmp_sc_capable(hdev))
843 settings |= MGMT_SETTING_SECURE_CONN;
844
845 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
846 &hdev->quirks))
847 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848 }
849
850 if (lmp_le_capable(hdev)) {
851 settings |= MGMT_SETTING_LE;
852 settings |= MGMT_SETTING_SECURE_CONN;
853 settings |= MGMT_SETTING_PRIVACY;
854 settings |= MGMT_SETTING_STATIC_ADDRESS;
855 settings |= MGMT_SETTING_ADVERTISING;
856 }
857
858 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
859 hdev->set_bdaddr)
860 settings |= MGMT_SETTING_CONFIGURATION;
861
862 if (cis_central_capable(hdev))
863 settings |= MGMT_SETTING_CIS_CENTRAL;
864
865 if (cis_peripheral_capable(hdev))
866 settings |= MGMT_SETTING_CIS_PERIPHERAL;
867
868 settings |= MGMT_SETTING_PHY_CONFIGURATION;
869
870 return settings;
871 }
872
get_current_settings(struct hci_dev * hdev)873 static u32 get_current_settings(struct hci_dev *hdev)
874 {
875 u32 settings = 0;
876
877 if (hdev_is_powered(hdev))
878 settings |= MGMT_SETTING_POWERED;
879
880 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
881 settings |= MGMT_SETTING_CONNECTABLE;
882
883 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
884 settings |= MGMT_SETTING_FAST_CONNECTABLE;
885
886 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
887 settings |= MGMT_SETTING_DISCOVERABLE;
888
889 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
890 settings |= MGMT_SETTING_BONDABLE;
891
892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
893 settings |= MGMT_SETTING_BREDR;
894
895 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
896 settings |= MGMT_SETTING_LE;
897
898 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
899 settings |= MGMT_SETTING_LINK_SECURITY;
900
901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
902 settings |= MGMT_SETTING_SSP;
903
904 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
905 settings |= MGMT_SETTING_HS;
906
907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
908 settings |= MGMT_SETTING_ADVERTISING;
909
910 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
911 settings |= MGMT_SETTING_SECURE_CONN;
912
913 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
914 settings |= MGMT_SETTING_DEBUG_KEYS;
915
916 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
917 settings |= MGMT_SETTING_PRIVACY;
918
919 /* The current setting for static address has two purposes. The
920 * first is to indicate if the static address will be used and
921 * the second is to indicate if it is actually set.
922 *
923 * This means if the static address is not configured, this flag
924 * will never be set. If the address is configured, then if the
925 * address is actually used decides if the flag is set or not.
926 *
927 * For single mode LE only controllers and dual-mode controllers
928 * with BR/EDR disabled, the existence of the static address will
929 * be evaluated.
930 */
931 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
932 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
933 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
934 if (bacmp(&hdev->static_addr, BDADDR_ANY))
935 settings |= MGMT_SETTING_STATIC_ADDRESS;
936 }
937
938 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
939 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
940
941 if (cis_central_capable(hdev))
942 settings |= MGMT_SETTING_CIS_CENTRAL;
943
944 if (cis_peripheral_capable(hdev))
945 settings |= MGMT_SETTING_CIS_PERIPHERAL;
946
947 if (bis_capable(hdev))
948 settings |= MGMT_SETTING_ISO_BROADCASTER;
949
950 if (sync_recv_capable(hdev))
951 settings |= MGMT_SETTING_ISO_SYNC_RECEIVER;
952
953 return settings;
954 }
955
pending_find(u16 opcode,struct hci_dev * hdev)956 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
957 {
958 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
959 }
960
mgmt_get_adv_discov_flags(struct hci_dev * hdev)961 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
962 {
963 struct mgmt_pending_cmd *cmd;
964
965 /* If there's a pending mgmt command the flags will not yet have
966 * their final values, so check for this first.
967 */
968 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
969 if (cmd) {
970 struct mgmt_mode *cp = cmd->param;
971 if (cp->val == 0x01)
972 return LE_AD_GENERAL;
973 else if (cp->val == 0x02)
974 return LE_AD_LIMITED;
975 } else {
976 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
977 return LE_AD_LIMITED;
978 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
979 return LE_AD_GENERAL;
980 }
981
982 return 0;
983 }
984
mgmt_get_connectable(struct hci_dev * hdev)985 bool mgmt_get_connectable(struct hci_dev *hdev)
986 {
987 struct mgmt_pending_cmd *cmd;
988
989 /* If there's a pending mgmt command the flag will not yet have
990 * it's final value, so check for this first.
991 */
992 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
993 if (cmd) {
994 struct mgmt_mode *cp = cmd->param;
995
996 return cp->val;
997 }
998
999 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1000 }
1001
service_cache_sync(struct hci_dev * hdev,void * data)1002 static int service_cache_sync(struct hci_dev *hdev, void *data)
1003 {
1004 hci_update_eir_sync(hdev);
1005 hci_update_class_sync(hdev);
1006
1007 return 0;
1008 }
1009
service_cache_off(struct work_struct * work)1010 static void service_cache_off(struct work_struct *work)
1011 {
1012 struct hci_dev *hdev = container_of(work, struct hci_dev,
1013 service_cache.work);
1014
1015 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1016 return;
1017
1018 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
1019 }
1020
rpa_expired_sync(struct hci_dev * hdev,void * data)1021 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1022 {
1023 /* The generation of a new RPA and programming it into the
1024 * controller happens in the hci_req_enable_advertising()
1025 * function.
1026 */
1027 if (ext_adv_capable(hdev))
1028 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1029 else
1030 return hci_enable_advertising_sync(hdev);
1031 }
1032
rpa_expired(struct work_struct * work)1033 static void rpa_expired(struct work_struct *work)
1034 {
1035 struct hci_dev *hdev = container_of(work, struct hci_dev,
1036 rpa_expired.work);
1037
1038 bt_dev_dbg(hdev, "");
1039
1040 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1041
1042 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1043 return;
1044
1045 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1046 }
1047
discov_off(struct work_struct * work)1048 static void discov_off(struct work_struct *work)
1049 {
1050 struct hci_dev *hdev = container_of(work, struct hci_dev,
1051 discov_off.work);
1052
1053 bt_dev_dbg(hdev, "");
1054
1055 hci_dev_lock(hdev);
1056
1057 /* When discoverable timeout triggers, then just make sure
1058 * the limited discoverable flag is cleared. Even in the case
1059 * of a timeout triggered from general discoverable, it is
1060 * safe to unconditionally clear the flag.
1061 */
1062 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1063 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1064 hdev->discov_timeout = 0;
1065
1066 hci_update_discoverable(hdev);
1067
1068 mgmt_new_settings(hdev);
1069
1070 hci_dev_unlock(hdev);
1071 }
1072
1073 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1074
mesh_send_complete(struct hci_dev * hdev,struct mgmt_mesh_tx * mesh_tx,bool silent)1075 static void mesh_send_complete(struct hci_dev *hdev,
1076 struct mgmt_mesh_tx *mesh_tx, bool silent)
1077 {
1078 u8 handle = mesh_tx->handle;
1079
1080 if (!silent)
1081 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1082 sizeof(handle), NULL);
1083
1084 mgmt_mesh_remove(mesh_tx);
1085 }
1086
mesh_send_done_sync(struct hci_dev * hdev,void * data)1087 static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1088 {
1089 struct mgmt_mesh_tx *mesh_tx;
1090
1091 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1092 hci_disable_advertising_sync(hdev);
1093 mesh_tx = mgmt_mesh_next(hdev, NULL);
1094
1095 if (mesh_tx)
1096 mesh_send_complete(hdev, mesh_tx, false);
1097
1098 return 0;
1099 }
1100
1101 static int mesh_send_sync(struct hci_dev *hdev, void *data);
1102 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
mesh_next(struct hci_dev * hdev,void * data,int err)1103 static void mesh_next(struct hci_dev *hdev, void *data, int err)
1104 {
1105 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1106
1107 if (!mesh_tx)
1108 return;
1109
1110 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1111 mesh_send_start_complete);
1112
1113 if (err < 0)
1114 mesh_send_complete(hdev, mesh_tx, false);
1115 else
1116 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1117 }
1118
mesh_send_done(struct work_struct * work)1119 static void mesh_send_done(struct work_struct *work)
1120 {
1121 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 mesh_send_done.work);
1123
1124 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1125 return;
1126
1127 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1128 }
1129
mgmt_init_hdev(struct sock * sk,struct hci_dev * hdev)1130 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1131 {
1132 if (hci_dev_test_flag(hdev, HCI_MGMT))
1133 return;
1134
1135 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1136
1137 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1138 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1139 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1140 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
1141
1142 /* Non-mgmt controlled devices get this bit set
1143 * implicitly so that pairing works for them, however
1144 * for mgmt we require user-space to explicitly enable
1145 * it
1146 */
1147 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1148
1149 hci_dev_set_flag(hdev, HCI_MGMT);
1150 }
1151
read_controller_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)1152 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1153 void *data, u16 data_len)
1154 {
1155 struct mgmt_rp_read_info rp;
1156
1157 bt_dev_dbg(hdev, "sock %p", sk);
1158
1159 hci_dev_lock(hdev);
1160
1161 memset(&rp, 0, sizeof(rp));
1162
1163 bacpy(&rp.bdaddr, &hdev->bdaddr);
1164
1165 rp.version = hdev->hci_ver;
1166 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1167
1168 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1169 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1170
1171 memcpy(rp.dev_class, hdev->dev_class, 3);
1172
1173 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1174 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1175
1176 hci_dev_unlock(hdev);
1177
1178 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1179 sizeof(rp));
1180 }
1181
append_eir_data_to_buf(struct hci_dev * hdev,u8 * eir)1182 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1183 {
1184 u16 eir_len = 0;
1185 size_t name_len;
1186
1187 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1188 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1189 hdev->dev_class, 3);
1190
1191 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1192 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1193 hdev->appearance);
1194
1195 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1196 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1197 hdev->dev_name, name_len);
1198
1199 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1200 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1201 hdev->short_name, name_len);
1202
1203 return eir_len;
1204 }
1205
read_ext_controller_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)1206 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1207 void *data, u16 data_len)
1208 {
1209 char buf[512];
1210 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1211 u16 eir_len;
1212
1213 bt_dev_dbg(hdev, "sock %p", sk);
1214
1215 memset(&buf, 0, sizeof(buf));
1216
1217 hci_dev_lock(hdev);
1218
1219 bacpy(&rp->bdaddr, &hdev->bdaddr);
1220
1221 rp->version = hdev->hci_ver;
1222 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1223
1224 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1225 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1226
1227
1228 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1229 rp->eir_len = cpu_to_le16(eir_len);
1230
1231 hci_dev_unlock(hdev);
1232
1233 /* If this command is called at least once, then the events
1234 * for class of device and local name changes are disabled
1235 * and only the new extended controller information event
1236 * is used.
1237 */
1238 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1239 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1240 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1241
1242 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1243 sizeof(*rp) + eir_len);
1244 }
1245
ext_info_changed(struct hci_dev * hdev,struct sock * skip)1246 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1247 {
1248 char buf[512];
1249 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1250 u16 eir_len;
1251
1252 memset(buf, 0, sizeof(buf));
1253
1254 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1255 ev->eir_len = cpu_to_le16(eir_len);
1256
1257 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1258 sizeof(*ev) + eir_len,
1259 HCI_MGMT_EXT_INFO_EVENTS, skip);
1260 }
1261
send_settings_rsp(struct sock * sk,u16 opcode,struct hci_dev * hdev)1262 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1263 {
1264 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1265
1266 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1267 sizeof(settings));
1268 }
1269
mgmt_advertising_added(struct sock * sk,struct hci_dev * hdev,u8 instance)1270 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1271 {
1272 struct mgmt_ev_advertising_added ev;
1273
1274 ev.instance = instance;
1275
1276 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1277 }
1278
mgmt_advertising_removed(struct sock * sk,struct hci_dev * hdev,u8 instance)1279 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1280 u8 instance)
1281 {
1282 struct mgmt_ev_advertising_removed ev;
1283
1284 ev.instance = instance;
1285
1286 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1287 }
1288
cancel_adv_timeout(struct hci_dev * hdev)1289 static void cancel_adv_timeout(struct hci_dev *hdev)
1290 {
1291 if (hdev->adv_instance_timeout) {
1292 hdev->adv_instance_timeout = 0;
1293 cancel_delayed_work(&hdev->adv_instance_expire);
1294 }
1295 }
1296
1297 /* This function requires the caller holds hdev->lock */
restart_le_actions(struct hci_dev * hdev)1298 static void restart_le_actions(struct hci_dev *hdev)
1299 {
1300 struct hci_conn_params *p;
1301
1302 list_for_each_entry(p, &hdev->le_conn_params, list) {
1303 /* Needed for AUTO_OFF case where might not "really"
1304 * have been powered off.
1305 */
1306 hci_pend_le_list_del_init(p);
1307
1308 switch (p->auto_connect) {
1309 case HCI_AUTO_CONN_DIRECT:
1310 case HCI_AUTO_CONN_ALWAYS:
1311 hci_pend_le_list_add(p, &hdev->pend_le_conns);
1312 break;
1313 case HCI_AUTO_CONN_REPORT:
1314 hci_pend_le_list_add(p, &hdev->pend_le_reports);
1315 break;
1316 default:
1317 break;
1318 }
1319 }
1320 }
1321
new_settings(struct hci_dev * hdev,struct sock * skip)1322 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1323 {
1324 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1325
1326 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1327 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1328 }
1329
mgmt_set_powered_complete(struct hci_dev * hdev,void * data,int err)1330 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1331 {
1332 struct mgmt_pending_cmd *cmd = data;
1333 struct mgmt_mode *cp;
1334
1335 /* Make sure cmd still outstanding. */
1336 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1337 return;
1338
1339 cp = cmd->param;
1340
1341 bt_dev_dbg(hdev, "err %d", err);
1342
1343 if (!err) {
1344 if (cp->val) {
1345 hci_dev_lock(hdev);
1346 restart_le_actions(hdev);
1347 hci_update_passive_scan(hdev);
1348 hci_dev_unlock(hdev);
1349 }
1350
1351 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1352
1353 /* Only call new_setting for power on as power off is deferred
1354 * to hdev->power_off work which does call hci_dev_do_close.
1355 */
1356 if (cp->val)
1357 new_settings(hdev, cmd->sk);
1358 } else {
1359 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1360 mgmt_status(err));
1361 }
1362
1363 mgmt_pending_remove(cmd);
1364 }
1365
set_powered_sync(struct hci_dev * hdev,void * data)1366 static int set_powered_sync(struct hci_dev *hdev, void *data)
1367 {
1368 struct mgmt_pending_cmd *cmd = data;
1369 struct mgmt_mode *cp = cmd->param;
1370
1371 BT_DBG("%s", hdev->name);
1372
1373 return hci_set_powered_sync(hdev, cp->val);
1374 }
1375
set_powered(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1376 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1377 u16 len)
1378 {
1379 struct mgmt_mode *cp = data;
1380 struct mgmt_pending_cmd *cmd;
1381 int err;
1382
1383 bt_dev_dbg(hdev, "sock %p", sk);
1384
1385 if (cp->val != 0x00 && cp->val != 0x01)
1386 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1387 MGMT_STATUS_INVALID_PARAMS);
1388
1389 hci_dev_lock(hdev);
1390
1391 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1392 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1393 MGMT_STATUS_BUSY);
1394 goto failed;
1395 }
1396
1397 if (!!cp->val == hdev_is_powered(hdev)) {
1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 goto failed;
1400 }
1401
1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1403 if (!cmd) {
1404 err = -ENOMEM;
1405 goto failed;
1406 }
1407
1408 /* Cancel potentially blocking sync operation before power off */
1409 if (cp->val == 0x00) {
1410 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN);
1411 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1412 mgmt_set_powered_complete);
1413 } else {
1414 /* Use hci_cmd_sync_submit since hdev might not be running */
1415 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd,
1416 mgmt_set_powered_complete);
1417 }
1418
1419 if (err < 0)
1420 mgmt_pending_remove(cmd);
1421
1422 failed:
1423 hci_dev_unlock(hdev);
1424 return err;
1425 }
1426
mgmt_new_settings(struct hci_dev * hdev)1427 int mgmt_new_settings(struct hci_dev *hdev)
1428 {
1429 return new_settings(hdev, NULL);
1430 }
1431
1432 struct cmd_lookup {
1433 struct sock *sk;
1434 struct hci_dev *hdev;
1435 u8 mgmt_status;
1436 };
1437
settings_rsp(struct mgmt_pending_cmd * cmd,void * data)1438 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1439 {
1440 struct cmd_lookup *match = data;
1441
1442 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1443
1444 list_del(&cmd->list);
1445
1446 if (match->sk == NULL) {
1447 match->sk = cmd->sk;
1448 sock_hold(match->sk);
1449 }
1450
1451 mgmt_pending_free(cmd);
1452 }
1453
cmd_status_rsp(struct mgmt_pending_cmd * cmd,void * data)1454 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1455 {
1456 u8 *status = data;
1457
1458 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1459 mgmt_pending_remove(cmd);
1460 }
1461
cmd_complete_rsp(struct mgmt_pending_cmd * cmd,void * data)1462 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1463 {
1464 if (cmd->cmd_complete) {
1465 u8 *status = data;
1466
1467 cmd->cmd_complete(cmd, *status);
1468 mgmt_pending_remove(cmd);
1469
1470 return;
1471 }
1472
1473 cmd_status_rsp(cmd, data);
1474 }
1475
generic_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)1476 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1477 {
1478 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1479 cmd->param, cmd->param_len);
1480 }
1481
addr_cmd_complete(struct mgmt_pending_cmd * cmd,u8 status)1482 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1483 {
1484 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1485 cmd->param, sizeof(struct mgmt_addr_info));
1486 }
1487
mgmt_bredr_support(struct hci_dev * hdev)1488 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1489 {
1490 if (!lmp_bredr_capable(hdev))
1491 return MGMT_STATUS_NOT_SUPPORTED;
1492 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1493 return MGMT_STATUS_REJECTED;
1494 else
1495 return MGMT_STATUS_SUCCESS;
1496 }
1497
mgmt_le_support(struct hci_dev * hdev)1498 static u8 mgmt_le_support(struct hci_dev *hdev)
1499 {
1500 if (!lmp_le_capable(hdev))
1501 return MGMT_STATUS_NOT_SUPPORTED;
1502 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1503 return MGMT_STATUS_REJECTED;
1504 else
1505 return MGMT_STATUS_SUCCESS;
1506 }
1507
mgmt_set_discoverable_complete(struct hci_dev * hdev,void * data,int err)1508 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1509 int err)
1510 {
1511 struct mgmt_pending_cmd *cmd = data;
1512
1513 bt_dev_dbg(hdev, "err %d", err);
1514
1515 /* Make sure cmd still outstanding. */
1516 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1517 return;
1518
1519 hci_dev_lock(hdev);
1520
1521 if (err) {
1522 u8 mgmt_err = mgmt_status(err);
1523 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1524 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1525 goto done;
1526 }
1527
1528 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1529 hdev->discov_timeout > 0) {
1530 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1531 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1532 }
1533
1534 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1535 new_settings(hdev, cmd->sk);
1536
1537 done:
1538 mgmt_pending_remove(cmd);
1539 hci_dev_unlock(hdev);
1540 }
1541
set_discoverable_sync(struct hci_dev * hdev,void * data)1542 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1543 {
1544 BT_DBG("%s", hdev->name);
1545
1546 return hci_update_discoverable_sync(hdev);
1547 }
1548
set_discoverable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1549 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1550 u16 len)
1551 {
1552 struct mgmt_cp_set_discoverable *cp = data;
1553 struct mgmt_pending_cmd *cmd;
1554 u16 timeout;
1555 int err;
1556
1557 bt_dev_dbg(hdev, "sock %p", sk);
1558
1559 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1560 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1562 MGMT_STATUS_REJECTED);
1563
1564 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_INVALID_PARAMS);
1567
1568 timeout = __le16_to_cpu(cp->timeout);
1569
1570 /* Disabling discoverable requires that no timeout is set,
1571 * and enabling limited discoverable requires a timeout.
1572 */
1573 if ((cp->val == 0x00 && timeout > 0) ||
1574 (cp->val == 0x02 && timeout == 0))
1575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1576 MGMT_STATUS_INVALID_PARAMS);
1577
1578 hci_dev_lock(hdev);
1579
1580 if (!hdev_is_powered(hdev) && timeout > 0) {
1581 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1582 MGMT_STATUS_NOT_POWERED);
1583 goto failed;
1584 }
1585
1586 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1587 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1589 MGMT_STATUS_BUSY);
1590 goto failed;
1591 }
1592
1593 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1595 MGMT_STATUS_REJECTED);
1596 goto failed;
1597 }
1598
1599 if (hdev->advertising_paused) {
1600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1601 MGMT_STATUS_BUSY);
1602 goto failed;
1603 }
1604
1605 if (!hdev_is_powered(hdev)) {
1606 bool changed = false;
1607
1608 /* Setting limited discoverable when powered off is
1609 * not a valid operation since it requires a timeout
1610 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1611 */
1612 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1613 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1614 changed = true;
1615 }
1616
1617 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1618 if (err < 0)
1619 goto failed;
1620
1621 if (changed)
1622 err = new_settings(hdev, sk);
1623
1624 goto failed;
1625 }
1626
1627 /* If the current mode is the same, then just update the timeout
1628 * value with the new value. And if only the timeout gets updated,
1629 * then no need for any HCI transactions.
1630 */
1631 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1632 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1633 HCI_LIMITED_DISCOVERABLE)) {
1634 cancel_delayed_work(&hdev->discov_off);
1635 hdev->discov_timeout = timeout;
1636
1637 if (cp->val && hdev->discov_timeout > 0) {
1638 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1639 queue_delayed_work(hdev->req_workqueue,
1640 &hdev->discov_off, to);
1641 }
1642
1643 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1644 goto failed;
1645 }
1646
1647 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1648 if (!cmd) {
1649 err = -ENOMEM;
1650 goto failed;
1651 }
1652
1653 /* Cancel any potential discoverable timeout that might be
1654 * still active and store new timeout value. The arming of
1655 * the timeout happens in the complete handler.
1656 */
1657 cancel_delayed_work(&hdev->discov_off);
1658 hdev->discov_timeout = timeout;
1659
1660 if (cp->val)
1661 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1662 else
1663 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1664
1665 /* Limited discoverable mode */
1666 if (cp->val == 0x02)
1667 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1668 else
1669 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1670
1671 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1672 mgmt_set_discoverable_complete);
1673
1674 if (err < 0)
1675 mgmt_pending_remove(cmd);
1676
1677 failed:
1678 hci_dev_unlock(hdev);
1679 return err;
1680 }
1681
mgmt_set_connectable_complete(struct hci_dev * hdev,void * data,int err)1682 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1683 int err)
1684 {
1685 struct mgmt_pending_cmd *cmd = data;
1686
1687 bt_dev_dbg(hdev, "err %d", err);
1688
1689 /* Make sure cmd still outstanding. */
1690 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1691 return;
1692
1693 hci_dev_lock(hdev);
1694
1695 if (err) {
1696 u8 mgmt_err = mgmt_status(err);
1697 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1698 goto done;
1699 }
1700
1701 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1702 new_settings(hdev, cmd->sk);
1703
1704 done:
1705 if (cmd)
1706 mgmt_pending_remove(cmd);
1707
1708 hci_dev_unlock(hdev);
1709 }
1710
set_connectable_update_settings(struct hci_dev * hdev,struct sock * sk,u8 val)1711 static int set_connectable_update_settings(struct hci_dev *hdev,
1712 struct sock *sk, u8 val)
1713 {
1714 bool changed = false;
1715 int err;
1716
1717 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1718 changed = true;
1719
1720 if (val) {
1721 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1722 } else {
1723 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1724 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1725 }
1726
1727 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1728 if (err < 0)
1729 return err;
1730
1731 if (changed) {
1732 hci_update_scan(hdev);
1733 hci_update_passive_scan(hdev);
1734 return new_settings(hdev, sk);
1735 }
1736
1737 return 0;
1738 }
1739
set_connectable_sync(struct hci_dev * hdev,void * data)1740 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1741 {
1742 BT_DBG("%s", hdev->name);
1743
1744 return hci_update_connectable_sync(hdev);
1745 }
1746
set_connectable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1747 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1748 u16 len)
1749 {
1750 struct mgmt_mode *cp = data;
1751 struct mgmt_pending_cmd *cmd;
1752 int err;
1753
1754 bt_dev_dbg(hdev, "sock %p", sk);
1755
1756 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1757 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1759 MGMT_STATUS_REJECTED);
1760
1761 if (cp->val != 0x00 && cp->val != 0x01)
1762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1763 MGMT_STATUS_INVALID_PARAMS);
1764
1765 hci_dev_lock(hdev);
1766
1767 if (!hdev_is_powered(hdev)) {
1768 err = set_connectable_update_settings(hdev, sk, cp->val);
1769 goto failed;
1770 }
1771
1772 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1773 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1774 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1775 MGMT_STATUS_BUSY);
1776 goto failed;
1777 }
1778
1779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1780 if (!cmd) {
1781 err = -ENOMEM;
1782 goto failed;
1783 }
1784
1785 if (cp->val) {
1786 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1787 } else {
1788 if (hdev->discov_timeout > 0)
1789 cancel_delayed_work(&hdev->discov_off);
1790
1791 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1792 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1793 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1794 }
1795
1796 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1797 mgmt_set_connectable_complete);
1798
1799 if (err < 0)
1800 mgmt_pending_remove(cmd);
1801
1802 failed:
1803 hci_dev_unlock(hdev);
1804 return err;
1805 }
1806
set_bondable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1807 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1808 u16 len)
1809 {
1810 struct mgmt_mode *cp = data;
1811 bool changed;
1812 int err;
1813
1814 bt_dev_dbg(hdev, "sock %p", sk);
1815
1816 if (cp->val != 0x00 && cp->val != 0x01)
1817 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1818 MGMT_STATUS_INVALID_PARAMS);
1819
1820 hci_dev_lock(hdev);
1821
1822 if (cp->val)
1823 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1824 else
1825 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1826
1827 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1828 if (err < 0)
1829 goto unlock;
1830
1831 if (changed) {
1832 /* In limited privacy mode the change of bondable mode
1833 * may affect the local advertising address.
1834 */
1835 hci_update_discoverable(hdev);
1836
1837 err = new_settings(hdev, sk);
1838 }
1839
1840 unlock:
1841 hci_dev_unlock(hdev);
1842 return err;
1843 }
1844
set_link_security(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1845 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1846 u16 len)
1847 {
1848 struct mgmt_mode *cp = data;
1849 struct mgmt_pending_cmd *cmd;
1850 u8 val, status;
1851 int err;
1852
1853 bt_dev_dbg(hdev, "sock %p", sk);
1854
1855 status = mgmt_bredr_support(hdev);
1856 if (status)
1857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1858 status);
1859
1860 if (cp->val != 0x00 && cp->val != 0x01)
1861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1862 MGMT_STATUS_INVALID_PARAMS);
1863
1864 hci_dev_lock(hdev);
1865
1866 if (!hdev_is_powered(hdev)) {
1867 bool changed = false;
1868
1869 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1870 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1871 changed = true;
1872 }
1873
1874 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1875 if (err < 0)
1876 goto failed;
1877
1878 if (changed)
1879 err = new_settings(hdev, sk);
1880
1881 goto failed;
1882 }
1883
1884 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1886 MGMT_STATUS_BUSY);
1887 goto failed;
1888 }
1889
1890 val = !!cp->val;
1891
1892 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1893 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1894 goto failed;
1895 }
1896
1897 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1898 if (!cmd) {
1899 err = -ENOMEM;
1900 goto failed;
1901 }
1902
1903 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1904 if (err < 0) {
1905 mgmt_pending_remove(cmd);
1906 goto failed;
1907 }
1908
1909 failed:
1910 hci_dev_unlock(hdev);
1911 return err;
1912 }
1913
set_ssp_complete(struct hci_dev * hdev,void * data,int err)1914 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1915 {
1916 struct cmd_lookup match = { NULL, hdev };
1917 struct mgmt_pending_cmd *cmd = data;
1918 struct mgmt_mode *cp = cmd->param;
1919 u8 enable = cp->val;
1920 bool changed;
1921
1922 /* Make sure cmd still outstanding. */
1923 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1924 return;
1925
1926 if (err) {
1927 u8 mgmt_err = mgmt_status(err);
1928
1929 if (enable && hci_dev_test_and_clear_flag(hdev,
1930 HCI_SSP_ENABLED)) {
1931 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1932 new_settings(hdev, NULL);
1933 }
1934
1935 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1936 &mgmt_err);
1937 return;
1938 }
1939
1940 if (enable) {
1941 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1942 } else {
1943 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1944
1945 if (!changed)
1946 changed = hci_dev_test_and_clear_flag(hdev,
1947 HCI_HS_ENABLED);
1948 else
1949 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1950 }
1951
1952 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1953
1954 if (changed)
1955 new_settings(hdev, match.sk);
1956
1957 if (match.sk)
1958 sock_put(match.sk);
1959
1960 hci_update_eir_sync(hdev);
1961 }
1962
set_ssp_sync(struct hci_dev * hdev,void * data)1963 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1964 {
1965 struct mgmt_pending_cmd *cmd = data;
1966 struct mgmt_mode *cp = cmd->param;
1967 bool changed = false;
1968 int err;
1969
1970 if (cp->val)
1971 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1972
1973 err = hci_write_ssp_mode_sync(hdev, cp->val);
1974
1975 if (!err && changed)
1976 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1977
1978 return err;
1979 }
1980
set_ssp(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)1981 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1982 {
1983 struct mgmt_mode *cp = data;
1984 struct mgmt_pending_cmd *cmd;
1985 u8 status;
1986 int err;
1987
1988 bt_dev_dbg(hdev, "sock %p", sk);
1989
1990 status = mgmt_bredr_support(hdev);
1991 if (status)
1992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1993
1994 if (!lmp_ssp_capable(hdev))
1995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1996 MGMT_STATUS_NOT_SUPPORTED);
1997
1998 if (cp->val != 0x00 && cp->val != 0x01)
1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2000 MGMT_STATUS_INVALID_PARAMS);
2001
2002 hci_dev_lock(hdev);
2003
2004 if (!hdev_is_powered(hdev)) {
2005 bool changed;
2006
2007 if (cp->val) {
2008 changed = !hci_dev_test_and_set_flag(hdev,
2009 HCI_SSP_ENABLED);
2010 } else {
2011 changed = hci_dev_test_and_clear_flag(hdev,
2012 HCI_SSP_ENABLED);
2013 if (!changed)
2014 changed = hci_dev_test_and_clear_flag(hdev,
2015 HCI_HS_ENABLED);
2016 else
2017 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2018 }
2019
2020 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2021 if (err < 0)
2022 goto failed;
2023
2024 if (changed)
2025 err = new_settings(hdev, sk);
2026
2027 goto failed;
2028 }
2029
2030 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2031 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2032 MGMT_STATUS_BUSY);
2033 goto failed;
2034 }
2035
2036 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2037 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2038 goto failed;
2039 }
2040
2041 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2042 if (!cmd)
2043 err = -ENOMEM;
2044 else
2045 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2046 set_ssp_complete);
2047
2048 if (err < 0) {
2049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2050 MGMT_STATUS_FAILED);
2051
2052 if (cmd)
2053 mgmt_pending_remove(cmd);
2054 }
2055
2056 failed:
2057 hci_dev_unlock(hdev);
2058 return err;
2059 }
2060
set_hs(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2061 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2062 {
2063 struct mgmt_mode *cp = data;
2064 bool changed;
2065 u8 status;
2066 int err;
2067
2068 bt_dev_dbg(hdev, "sock %p", sk);
2069
2070 if (!IS_ENABLED(CONFIG_BT_HS))
2071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2072 MGMT_STATUS_NOT_SUPPORTED);
2073
2074 status = mgmt_bredr_support(hdev);
2075 if (status)
2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2077
2078 if (!lmp_ssp_capable(hdev))
2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2080 MGMT_STATUS_NOT_SUPPORTED);
2081
2082 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2083 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2084 MGMT_STATUS_REJECTED);
2085
2086 if (cp->val != 0x00 && cp->val != 0x01)
2087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_INVALID_PARAMS);
2089
2090 hci_dev_lock(hdev);
2091
2092 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2093 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2094 MGMT_STATUS_BUSY);
2095 goto unlock;
2096 }
2097
2098 if (cp->val) {
2099 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2100 } else {
2101 if (hdev_is_powered(hdev)) {
2102 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2103 MGMT_STATUS_REJECTED);
2104 goto unlock;
2105 }
2106
2107 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2108 }
2109
2110 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2111 if (err < 0)
2112 goto unlock;
2113
2114 if (changed)
2115 err = new_settings(hdev, sk);
2116
2117 unlock:
2118 hci_dev_unlock(hdev);
2119 return err;
2120 }
2121
set_le_complete(struct hci_dev * hdev,void * data,int err)2122 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2123 {
2124 struct cmd_lookup match = { NULL, hdev };
2125 u8 status = mgmt_status(err);
2126
2127 bt_dev_dbg(hdev, "err %d", err);
2128
2129 if (status) {
2130 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2131 &status);
2132 return;
2133 }
2134
2135 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2136
2137 new_settings(hdev, match.sk);
2138
2139 if (match.sk)
2140 sock_put(match.sk);
2141 }
2142
set_le_sync(struct hci_dev * hdev,void * data)2143 static int set_le_sync(struct hci_dev *hdev, void *data)
2144 {
2145 struct mgmt_pending_cmd *cmd = data;
2146 struct mgmt_mode *cp = cmd->param;
2147 u8 val = !!cp->val;
2148 int err;
2149
2150 if (!val) {
2151 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2152
2153 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2154 hci_disable_advertising_sync(hdev);
2155
2156 if (ext_adv_capable(hdev))
2157 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2158 } else {
2159 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2160 }
2161
2162 err = hci_write_le_host_supported_sync(hdev, val, 0);
2163
2164 /* Make sure the controller has a good default for
2165 * advertising data. Restrict the update to when LE
2166 * has actually been enabled. During power on, the
2167 * update in powered_update_hci will take care of it.
2168 */
2169 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2170 if (ext_adv_capable(hdev)) {
2171 int status;
2172
2173 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2174 if (!status)
2175 hci_update_scan_rsp_data_sync(hdev, 0x00);
2176 } else {
2177 hci_update_adv_data_sync(hdev, 0x00);
2178 hci_update_scan_rsp_data_sync(hdev, 0x00);
2179 }
2180
2181 hci_update_passive_scan(hdev);
2182 }
2183
2184 return err;
2185 }
2186
set_mesh_complete(struct hci_dev * hdev,void * data,int err)2187 static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2188 {
2189 struct mgmt_pending_cmd *cmd = data;
2190 u8 status = mgmt_status(err);
2191 struct sock *sk = cmd->sk;
2192
2193 if (status) {
2194 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2195 cmd_status_rsp, &status);
2196 return;
2197 }
2198
2199 mgmt_pending_remove(cmd);
2200 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2201 }
2202
set_mesh_sync(struct hci_dev * hdev,void * data)2203 static int set_mesh_sync(struct hci_dev *hdev, void *data)
2204 {
2205 struct mgmt_pending_cmd *cmd = data;
2206 struct mgmt_cp_set_mesh *cp = cmd->param;
2207 size_t len = cmd->param_len;
2208
2209 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2210
2211 if (cp->enable)
2212 hci_dev_set_flag(hdev, HCI_MESH);
2213 else
2214 hci_dev_clear_flag(hdev, HCI_MESH);
2215
2216 len -= sizeof(*cp);
2217
2218 /* If filters don't fit, forward all adv pkts */
2219 if (len <= sizeof(hdev->mesh_ad_types))
2220 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2221
2222 hci_update_passive_scan_sync(hdev);
2223 return 0;
2224 }
2225
set_mesh(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2226 static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2227 {
2228 struct mgmt_cp_set_mesh *cp = data;
2229 struct mgmt_pending_cmd *cmd;
2230 int err = 0;
2231
2232 bt_dev_dbg(hdev, "sock %p", sk);
2233
2234 if (!lmp_le_capable(hdev) ||
2235 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2237 MGMT_STATUS_NOT_SUPPORTED);
2238
2239 if (cp->enable != 0x00 && cp->enable != 0x01)
2240 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2241 MGMT_STATUS_INVALID_PARAMS);
2242
2243 hci_dev_lock(hdev);
2244
2245 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2246 if (!cmd)
2247 err = -ENOMEM;
2248 else
2249 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2250 set_mesh_complete);
2251
2252 if (err < 0) {
2253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2254 MGMT_STATUS_FAILED);
2255
2256 if (cmd)
2257 mgmt_pending_remove(cmd);
2258 }
2259
2260 hci_dev_unlock(hdev);
2261 return err;
2262 }
2263
mesh_send_start_complete(struct hci_dev * hdev,void * data,int err)2264 static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2265 {
2266 struct mgmt_mesh_tx *mesh_tx = data;
2267 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2268 unsigned long mesh_send_interval;
2269 u8 mgmt_err = mgmt_status(err);
2270
2271 /* Report any errors here, but don't report completion */
2272
2273 if (mgmt_err) {
2274 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2275 /* Send Complete Error Code for handle */
2276 mesh_send_complete(hdev, mesh_tx, false);
2277 return;
2278 }
2279
2280 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2281 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2282 mesh_send_interval);
2283 }
2284
mesh_send_sync(struct hci_dev * hdev,void * data)2285 static int mesh_send_sync(struct hci_dev *hdev, void *data)
2286 {
2287 struct mgmt_mesh_tx *mesh_tx = data;
2288 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2289 struct adv_info *adv, *next_instance;
2290 u8 instance = hdev->le_num_of_adv_sets + 1;
2291 u16 timeout, duration;
2292 int err = 0;
2293
2294 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2295 return MGMT_STATUS_BUSY;
2296
2297 timeout = 1000;
2298 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2299 adv = hci_add_adv_instance(hdev, instance, 0,
2300 send->adv_data_len, send->adv_data,
2301 0, NULL,
2302 timeout, duration,
2303 HCI_ADV_TX_POWER_NO_PREFERENCE,
2304 hdev->le_adv_min_interval,
2305 hdev->le_adv_max_interval,
2306 mesh_tx->handle);
2307
2308 if (!IS_ERR(adv))
2309 mesh_tx->instance = instance;
2310 else
2311 err = PTR_ERR(adv);
2312
2313 if (hdev->cur_adv_instance == instance) {
2314 /* If the currently advertised instance is being changed then
2315 * cancel the current advertising and schedule the next
2316 * instance. If there is only one instance then the overridden
2317 * advertising data will be visible right away.
2318 */
2319 cancel_adv_timeout(hdev);
2320
2321 next_instance = hci_get_next_instance(hdev, instance);
2322 if (next_instance)
2323 instance = next_instance->instance;
2324 else
2325 instance = 0;
2326 } else if (hdev->adv_instance_timeout) {
2327 /* Immediately advertise the new instance if no other, or
2328 * let it go naturally from queue if ADV is already happening
2329 */
2330 instance = 0;
2331 }
2332
2333 if (instance)
2334 return hci_schedule_adv_instance_sync(hdev, instance, true);
2335
2336 return err;
2337 }
2338
send_count(struct mgmt_mesh_tx * mesh_tx,void * data)2339 static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2340 {
2341 struct mgmt_rp_mesh_read_features *rp = data;
2342
2343 if (rp->used_handles >= rp->max_handles)
2344 return;
2345
2346 rp->handles[rp->used_handles++] = mesh_tx->handle;
2347 }
2348
mesh_features(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2349 static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2350 void *data, u16 len)
2351 {
2352 struct mgmt_rp_mesh_read_features rp;
2353
2354 if (!lmp_le_capable(hdev) ||
2355 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2357 MGMT_STATUS_NOT_SUPPORTED);
2358
2359 memset(&rp, 0, sizeof(rp));
2360 rp.index = cpu_to_le16(hdev->id);
2361 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2362 rp.max_handles = MESH_HANDLES_MAX;
2363
2364 hci_dev_lock(hdev);
2365
2366 if (rp.max_handles)
2367 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2368
2369 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2370 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2371
2372 hci_dev_unlock(hdev);
2373 return 0;
2374 }
2375
send_cancel(struct hci_dev * hdev,void * data)2376 static int send_cancel(struct hci_dev *hdev, void *data)
2377 {
2378 struct mgmt_pending_cmd *cmd = data;
2379 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2380 struct mgmt_mesh_tx *mesh_tx;
2381
2382 if (!cancel->handle) {
2383 do {
2384 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2385
2386 if (mesh_tx)
2387 mesh_send_complete(hdev, mesh_tx, false);
2388 } while (mesh_tx);
2389 } else {
2390 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2391
2392 if (mesh_tx && mesh_tx->sk == cmd->sk)
2393 mesh_send_complete(hdev, mesh_tx, false);
2394 }
2395
2396 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2397 0, NULL, 0);
2398 mgmt_pending_free(cmd);
2399
2400 return 0;
2401 }
2402
mesh_send_cancel(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2403 static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2404 void *data, u16 len)
2405 {
2406 struct mgmt_pending_cmd *cmd;
2407 int err;
2408
2409 if (!lmp_le_capable(hdev) ||
2410 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2412 MGMT_STATUS_NOT_SUPPORTED);
2413
2414 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2416 MGMT_STATUS_REJECTED);
2417
2418 hci_dev_lock(hdev);
2419 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2420 if (!cmd)
2421 err = -ENOMEM;
2422 else
2423 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2424
2425 if (err < 0) {
2426 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2427 MGMT_STATUS_FAILED);
2428
2429 if (cmd)
2430 mgmt_pending_free(cmd);
2431 }
2432
2433 hci_dev_unlock(hdev);
2434 return err;
2435 }
2436
mesh_send(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2437 static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2438 {
2439 struct mgmt_mesh_tx *mesh_tx;
2440 struct mgmt_cp_mesh_send *send = data;
2441 struct mgmt_rp_mesh_read_features rp;
2442 bool sending;
2443 int err = 0;
2444
2445 if (!lmp_le_capable(hdev) ||
2446 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2448 MGMT_STATUS_NOT_SUPPORTED);
2449 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2450 len <= MGMT_MESH_SEND_SIZE ||
2451 len > (MGMT_MESH_SEND_SIZE + 31))
2452 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2453 MGMT_STATUS_REJECTED);
2454
2455 hci_dev_lock(hdev);
2456
2457 memset(&rp, 0, sizeof(rp));
2458 rp.max_handles = MESH_HANDLES_MAX;
2459
2460 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2461
2462 if (rp.max_handles <= rp.used_handles) {
2463 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2464 MGMT_STATUS_BUSY);
2465 goto done;
2466 }
2467
2468 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2469 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2470
2471 if (!mesh_tx)
2472 err = -ENOMEM;
2473 else if (!sending)
2474 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2475 mesh_send_start_complete);
2476
2477 if (err < 0) {
2478 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2480 MGMT_STATUS_FAILED);
2481
2482 if (mesh_tx) {
2483 if (sending)
2484 mgmt_mesh_remove(mesh_tx);
2485 }
2486 } else {
2487 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2488
2489 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2490 &mesh_tx->handle, 1);
2491 }
2492
2493 done:
2494 hci_dev_unlock(hdev);
2495 return err;
2496 }
2497
set_le(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2498 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2499 {
2500 struct mgmt_mode *cp = data;
2501 struct mgmt_pending_cmd *cmd;
2502 int err;
2503 u8 val, enabled;
2504
2505 bt_dev_dbg(hdev, "sock %p", sk);
2506
2507 if (!lmp_le_capable(hdev))
2508 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2509 MGMT_STATUS_NOT_SUPPORTED);
2510
2511 if (cp->val != 0x00 && cp->val != 0x01)
2512 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2513 MGMT_STATUS_INVALID_PARAMS);
2514
2515 /* Bluetooth single mode LE only controllers or dual-mode
2516 * controllers configured as LE only devices, do not allow
2517 * switching LE off. These have either LE enabled explicitly
2518 * or BR/EDR has been previously switched off.
2519 *
2520 * When trying to enable an already enabled LE, then gracefully
2521 * send a positive response. Trying to disable it however will
2522 * result into rejection.
2523 */
2524 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2525 if (cp->val == 0x01)
2526 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2527
2528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2529 MGMT_STATUS_REJECTED);
2530 }
2531
2532 hci_dev_lock(hdev);
2533
2534 val = !!cp->val;
2535 enabled = lmp_host_le_capable(hdev);
2536
2537 if (!hdev_is_powered(hdev) || val == enabled) {
2538 bool changed = false;
2539
2540 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2541 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2542 changed = true;
2543 }
2544
2545 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2546 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2547 changed = true;
2548 }
2549
2550 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2551 if (err < 0)
2552 goto unlock;
2553
2554 if (changed)
2555 err = new_settings(hdev, sk);
2556
2557 goto unlock;
2558 }
2559
2560 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2561 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2562 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2563 MGMT_STATUS_BUSY);
2564 goto unlock;
2565 }
2566
2567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2568 if (!cmd)
2569 err = -ENOMEM;
2570 else
2571 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2572 set_le_complete);
2573
2574 if (err < 0) {
2575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2576 MGMT_STATUS_FAILED);
2577
2578 if (cmd)
2579 mgmt_pending_remove(cmd);
2580 }
2581
2582 unlock:
2583 hci_dev_unlock(hdev);
2584 return err;
2585 }
2586
2587 /* This is a helper function to test for pending mgmt commands that can
2588 * cause CoD or EIR HCI commands. We can only allow one such pending
2589 * mgmt command at a time since otherwise we cannot easily track what
2590 * the current values are, will be, and based on that calculate if a new
2591 * HCI command needs to be sent and if yes with what value.
2592 */
pending_eir_or_class(struct hci_dev * hdev)2593 static bool pending_eir_or_class(struct hci_dev *hdev)
2594 {
2595 struct mgmt_pending_cmd *cmd;
2596
2597 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2598 switch (cmd->opcode) {
2599 case MGMT_OP_ADD_UUID:
2600 case MGMT_OP_REMOVE_UUID:
2601 case MGMT_OP_SET_DEV_CLASS:
2602 case MGMT_OP_SET_POWERED:
2603 return true;
2604 }
2605 }
2606
2607 return false;
2608 }
2609
2610 static const u8 bluetooth_base_uuid[] = {
2611 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2612 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2613 };
2614
get_uuid_size(const u8 * uuid)2615 static u8 get_uuid_size(const u8 *uuid)
2616 {
2617 u32 val;
2618
2619 if (memcmp(uuid, bluetooth_base_uuid, 12))
2620 return 128;
2621
2622 val = get_unaligned_le32(&uuid[12]);
2623 if (val > 0xffff)
2624 return 32;
2625
2626 return 16;
2627 }
2628
mgmt_class_complete(struct hci_dev * hdev,void * data,int err)2629 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2630 {
2631 struct mgmt_pending_cmd *cmd = data;
2632
2633 bt_dev_dbg(hdev, "err %d", err);
2634
2635 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2636 mgmt_status(err), hdev->dev_class, 3);
2637
2638 mgmt_pending_free(cmd);
2639 }
2640
add_uuid_sync(struct hci_dev * hdev,void * data)2641 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2642 {
2643 int err;
2644
2645 err = hci_update_class_sync(hdev);
2646 if (err)
2647 return err;
2648
2649 return hci_update_eir_sync(hdev);
2650 }
2651
add_uuid(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2652 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2653 {
2654 struct mgmt_cp_add_uuid *cp = data;
2655 struct mgmt_pending_cmd *cmd;
2656 struct bt_uuid *uuid;
2657 int err;
2658
2659 bt_dev_dbg(hdev, "sock %p", sk);
2660
2661 hci_dev_lock(hdev);
2662
2663 if (pending_eir_or_class(hdev)) {
2664 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2665 MGMT_STATUS_BUSY);
2666 goto failed;
2667 }
2668
2669 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2670 if (!uuid) {
2671 err = -ENOMEM;
2672 goto failed;
2673 }
2674
2675 memcpy(uuid->uuid, cp->uuid, 16);
2676 uuid->svc_hint = cp->svc_hint;
2677 uuid->size = get_uuid_size(cp->uuid);
2678
2679 list_add_tail(&uuid->list, &hdev->uuids);
2680
2681 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2682 if (!cmd) {
2683 err = -ENOMEM;
2684 goto failed;
2685 }
2686
2687 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2688 if (err < 0) {
2689 mgmt_pending_free(cmd);
2690 goto failed;
2691 }
2692
2693 failed:
2694 hci_dev_unlock(hdev);
2695 return err;
2696 }
2697
enable_service_cache(struct hci_dev * hdev)2698 static bool enable_service_cache(struct hci_dev *hdev)
2699 {
2700 if (!hdev_is_powered(hdev))
2701 return false;
2702
2703 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2704 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2705 CACHE_TIMEOUT);
2706 return true;
2707 }
2708
2709 return false;
2710 }
2711
remove_uuid_sync(struct hci_dev * hdev,void * data)2712 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2713 {
2714 int err;
2715
2716 err = hci_update_class_sync(hdev);
2717 if (err)
2718 return err;
2719
2720 return hci_update_eir_sync(hdev);
2721 }
2722
remove_uuid(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2723 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2724 u16 len)
2725 {
2726 struct mgmt_cp_remove_uuid *cp = data;
2727 struct mgmt_pending_cmd *cmd;
2728 struct bt_uuid *match, *tmp;
2729 static const u8 bt_uuid_any[] = {
2730 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2731 };
2732 int err, found;
2733
2734 bt_dev_dbg(hdev, "sock %p", sk);
2735
2736 hci_dev_lock(hdev);
2737
2738 if (pending_eir_or_class(hdev)) {
2739 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2740 MGMT_STATUS_BUSY);
2741 goto unlock;
2742 }
2743
2744 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2745 hci_uuids_clear(hdev);
2746
2747 if (enable_service_cache(hdev)) {
2748 err = mgmt_cmd_complete(sk, hdev->id,
2749 MGMT_OP_REMOVE_UUID,
2750 0, hdev->dev_class, 3);
2751 goto unlock;
2752 }
2753
2754 goto update_class;
2755 }
2756
2757 found = 0;
2758
2759 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2760 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2761 continue;
2762
2763 list_del(&match->list);
2764 kfree(match);
2765 found++;
2766 }
2767
2768 if (found == 0) {
2769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2770 MGMT_STATUS_INVALID_PARAMS);
2771 goto unlock;
2772 }
2773
2774 update_class:
2775 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2776 if (!cmd) {
2777 err = -ENOMEM;
2778 goto unlock;
2779 }
2780
2781 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2782 mgmt_class_complete);
2783 if (err < 0)
2784 mgmt_pending_free(cmd);
2785
2786 unlock:
2787 hci_dev_unlock(hdev);
2788 return err;
2789 }
2790
set_class_sync(struct hci_dev * hdev,void * data)2791 static int set_class_sync(struct hci_dev *hdev, void *data)
2792 {
2793 int err = 0;
2794
2795 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2796 cancel_delayed_work_sync(&hdev->service_cache);
2797 err = hci_update_eir_sync(hdev);
2798 }
2799
2800 if (err)
2801 return err;
2802
2803 return hci_update_class_sync(hdev);
2804 }
2805
set_dev_class(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2806 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2807 u16 len)
2808 {
2809 struct mgmt_cp_set_dev_class *cp = data;
2810 struct mgmt_pending_cmd *cmd;
2811 int err;
2812
2813 bt_dev_dbg(hdev, "sock %p", sk);
2814
2815 if (!lmp_bredr_capable(hdev))
2816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2817 MGMT_STATUS_NOT_SUPPORTED);
2818
2819 hci_dev_lock(hdev);
2820
2821 if (pending_eir_or_class(hdev)) {
2822 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2823 MGMT_STATUS_BUSY);
2824 goto unlock;
2825 }
2826
2827 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2828 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2829 MGMT_STATUS_INVALID_PARAMS);
2830 goto unlock;
2831 }
2832
2833 hdev->major_class = cp->major;
2834 hdev->minor_class = cp->minor;
2835
2836 if (!hdev_is_powered(hdev)) {
2837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2838 hdev->dev_class, 3);
2839 goto unlock;
2840 }
2841
2842 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2843 if (!cmd) {
2844 err = -ENOMEM;
2845 goto unlock;
2846 }
2847
2848 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2849 mgmt_class_complete);
2850 if (err < 0)
2851 mgmt_pending_free(cmd);
2852
2853 unlock:
2854 hci_dev_unlock(hdev);
2855 return err;
2856 }
2857
load_link_keys(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2858 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2859 u16 len)
2860 {
2861 struct mgmt_cp_load_link_keys *cp = data;
2862 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2863 sizeof(struct mgmt_link_key_info));
2864 u16 key_count, expected_len;
2865 bool changed;
2866 int i;
2867
2868 bt_dev_dbg(hdev, "sock %p", sk);
2869
2870 if (!lmp_bredr_capable(hdev))
2871 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2872 MGMT_STATUS_NOT_SUPPORTED);
2873
2874 key_count = __le16_to_cpu(cp->key_count);
2875 if (key_count > max_key_count) {
2876 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2877 key_count);
2878 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2879 MGMT_STATUS_INVALID_PARAMS);
2880 }
2881
2882 expected_len = struct_size(cp, keys, key_count);
2883 if (expected_len != len) {
2884 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2885 expected_len, len);
2886 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2887 MGMT_STATUS_INVALID_PARAMS);
2888 }
2889
2890 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2892 MGMT_STATUS_INVALID_PARAMS);
2893
2894 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2895 key_count);
2896
2897 for (i = 0; i < key_count; i++) {
2898 struct mgmt_link_key_info *key = &cp->keys[i];
2899
2900 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2901 return mgmt_cmd_status(sk, hdev->id,
2902 MGMT_OP_LOAD_LINK_KEYS,
2903 MGMT_STATUS_INVALID_PARAMS);
2904 }
2905
2906 hci_dev_lock(hdev);
2907
2908 hci_link_keys_clear(hdev);
2909
2910 if (cp->debug_keys)
2911 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2912 else
2913 changed = hci_dev_test_and_clear_flag(hdev,
2914 HCI_KEEP_DEBUG_KEYS);
2915
2916 if (changed)
2917 new_settings(hdev, NULL);
2918
2919 for (i = 0; i < key_count; i++) {
2920 struct mgmt_link_key_info *key = &cp->keys[i];
2921
2922 if (hci_is_blocked_key(hdev,
2923 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2924 key->val)) {
2925 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2926 &key->addr.bdaddr);
2927 continue;
2928 }
2929
2930 /* Always ignore debug keys and require a new pairing if
2931 * the user wants to use them.
2932 */
2933 if (key->type == HCI_LK_DEBUG_COMBINATION)
2934 continue;
2935
2936 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2937 key->type, key->pin_len, NULL);
2938 }
2939
2940 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2941
2942 hci_dev_unlock(hdev);
2943
2944 return 0;
2945 }
2946
device_unpaired(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 addr_type,struct sock * skip_sk)2947 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2948 u8 addr_type, struct sock *skip_sk)
2949 {
2950 struct mgmt_ev_device_unpaired ev;
2951
2952 bacpy(&ev.addr.bdaddr, bdaddr);
2953 ev.addr.type = addr_type;
2954
2955 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2956 skip_sk);
2957 }
2958
unpair_device_complete(struct hci_dev * hdev,void * data,int err)2959 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2960 {
2961 struct mgmt_pending_cmd *cmd = data;
2962 struct mgmt_cp_unpair_device *cp = cmd->param;
2963
2964 if (!err)
2965 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2966
2967 cmd->cmd_complete(cmd, err);
2968 mgmt_pending_free(cmd);
2969 }
2970
unpair_device_sync(struct hci_dev * hdev,void * data)2971 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2972 {
2973 struct mgmt_pending_cmd *cmd = data;
2974 struct mgmt_cp_unpair_device *cp = cmd->param;
2975 struct hci_conn *conn;
2976
2977 if (cp->addr.type == BDADDR_BREDR)
2978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2979 &cp->addr.bdaddr);
2980 else
2981 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2982 le_addr_type(cp->addr.type));
2983
2984 if (!conn)
2985 return 0;
2986
2987 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2988 }
2989
unpair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)2990 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2991 u16 len)
2992 {
2993 struct mgmt_cp_unpair_device *cp = data;
2994 struct mgmt_rp_unpair_device rp;
2995 struct hci_conn_params *params;
2996 struct mgmt_pending_cmd *cmd;
2997 struct hci_conn *conn;
2998 u8 addr_type;
2999 int err;
3000
3001 memset(&rp, 0, sizeof(rp));
3002 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3003 rp.addr.type = cp->addr.type;
3004
3005 if (!bdaddr_type_is_valid(cp->addr.type))
3006 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3007 MGMT_STATUS_INVALID_PARAMS,
3008 &rp, sizeof(rp));
3009
3010 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
3011 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3012 MGMT_STATUS_INVALID_PARAMS,
3013 &rp, sizeof(rp));
3014
3015 hci_dev_lock(hdev);
3016
3017 if (!hdev_is_powered(hdev)) {
3018 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3019 MGMT_STATUS_NOT_POWERED, &rp,
3020 sizeof(rp));
3021 goto unlock;
3022 }
3023
3024 if (cp->addr.type == BDADDR_BREDR) {
3025 /* If disconnection is requested, then look up the
3026 * connection. If the remote device is connected, it
3027 * will be later used to terminate the link.
3028 *
3029 * Setting it to NULL explicitly will cause no
3030 * termination of the link.
3031 */
3032 if (cp->disconnect)
3033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3034 &cp->addr.bdaddr);
3035 else
3036 conn = NULL;
3037
3038 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
3039 if (err < 0) {
3040 err = mgmt_cmd_complete(sk, hdev->id,
3041 MGMT_OP_UNPAIR_DEVICE,
3042 MGMT_STATUS_NOT_PAIRED, &rp,
3043 sizeof(rp));
3044 goto unlock;
3045 }
3046
3047 goto done;
3048 }
3049
3050 /* LE address type */
3051 addr_type = le_addr_type(cp->addr.type);
3052
3053 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3054 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
3055 if (err < 0) {
3056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3057 MGMT_STATUS_NOT_PAIRED, &rp,
3058 sizeof(rp));
3059 goto unlock;
3060 }
3061
3062 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3063 if (!conn) {
3064 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3065 goto done;
3066 }
3067
3068
3069 /* Defer clearing up the connection parameters until closing to
3070 * give a chance of keeping them if a repairing happens.
3071 */
3072 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3073
3074 /* Disable auto-connection parameters if present */
3075 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3076 if (params) {
3077 if (params->explicit_connect)
3078 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3079 else
3080 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3081 }
3082
3083 /* If disconnection is not requested, then clear the connection
3084 * variable so that the link is not terminated.
3085 */
3086 if (!cp->disconnect)
3087 conn = NULL;
3088
3089 done:
3090 /* If the connection variable is set, then termination of the
3091 * link is requested.
3092 */
3093 if (!conn) {
3094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3095 &rp, sizeof(rp));
3096 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3097 goto unlock;
3098 }
3099
3100 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3101 sizeof(*cp));
3102 if (!cmd) {
3103 err = -ENOMEM;
3104 goto unlock;
3105 }
3106
3107 cmd->cmd_complete = addr_cmd_complete;
3108
3109 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3110 unpair_device_complete);
3111 if (err < 0)
3112 mgmt_pending_free(cmd);
3113
3114 unlock:
3115 hci_dev_unlock(hdev);
3116 return err;
3117 }
3118
disconnect(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3119 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3120 u16 len)
3121 {
3122 struct mgmt_cp_disconnect *cp = data;
3123 struct mgmt_rp_disconnect rp;
3124 struct mgmt_pending_cmd *cmd;
3125 struct hci_conn *conn;
3126 int err;
3127
3128 bt_dev_dbg(hdev, "sock %p", sk);
3129
3130 memset(&rp, 0, sizeof(rp));
3131 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3132 rp.addr.type = cp->addr.type;
3133
3134 if (!bdaddr_type_is_valid(cp->addr.type))
3135 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3136 MGMT_STATUS_INVALID_PARAMS,
3137 &rp, sizeof(rp));
3138
3139 hci_dev_lock(hdev);
3140
3141 if (!test_bit(HCI_UP, &hdev->flags)) {
3142 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3143 MGMT_STATUS_NOT_POWERED, &rp,
3144 sizeof(rp));
3145 goto failed;
3146 }
3147
3148 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3149 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3150 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3151 goto failed;
3152 }
3153
3154 if (cp->addr.type == BDADDR_BREDR)
3155 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3156 &cp->addr.bdaddr);
3157 else
3158 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3159 le_addr_type(cp->addr.type));
3160
3161 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3162 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3163 MGMT_STATUS_NOT_CONNECTED, &rp,
3164 sizeof(rp));
3165 goto failed;
3166 }
3167
3168 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3169 if (!cmd) {
3170 err = -ENOMEM;
3171 goto failed;
3172 }
3173
3174 cmd->cmd_complete = generic_cmd_complete;
3175
3176 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3177 if (err < 0)
3178 mgmt_pending_remove(cmd);
3179
3180 failed:
3181 hci_dev_unlock(hdev);
3182 return err;
3183 }
3184
link_to_bdaddr(u8 link_type,u8 addr_type)3185 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3186 {
3187 switch (link_type) {
3188 case LE_LINK:
3189 switch (addr_type) {
3190 case ADDR_LE_DEV_PUBLIC:
3191 return BDADDR_LE_PUBLIC;
3192
3193 default:
3194 /* Fallback to LE Random address type */
3195 return BDADDR_LE_RANDOM;
3196 }
3197
3198 default:
3199 /* Fallback to BR/EDR type */
3200 return BDADDR_BREDR;
3201 }
3202 }
3203
get_connections(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)3204 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3205 u16 data_len)
3206 {
3207 struct mgmt_rp_get_connections *rp;
3208 struct hci_conn *c;
3209 int err;
3210 u16 i;
3211
3212 bt_dev_dbg(hdev, "sock %p", sk);
3213
3214 hci_dev_lock(hdev);
3215
3216 if (!hdev_is_powered(hdev)) {
3217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3218 MGMT_STATUS_NOT_POWERED);
3219 goto unlock;
3220 }
3221
3222 i = 0;
3223 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3224 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3225 i++;
3226 }
3227
3228 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
3229 if (!rp) {
3230 err = -ENOMEM;
3231 goto unlock;
3232 }
3233
3234 i = 0;
3235 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3236 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3237 continue;
3238 bacpy(&rp->addr[i].bdaddr, &c->dst);
3239 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3240 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3241 continue;
3242 i++;
3243 }
3244
3245 rp->conn_count = cpu_to_le16(i);
3246
3247 /* Recalculate length in case of filtered SCO connections, etc */
3248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3249 struct_size(rp, addr, i));
3250
3251 kfree(rp);
3252
3253 unlock:
3254 hci_dev_unlock(hdev);
3255 return err;
3256 }
3257
send_pin_code_neg_reply(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_pin_code_neg_reply * cp)3258 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3259 struct mgmt_cp_pin_code_neg_reply *cp)
3260 {
3261 struct mgmt_pending_cmd *cmd;
3262 int err;
3263
3264 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3265 sizeof(*cp));
3266 if (!cmd)
3267 return -ENOMEM;
3268
3269 cmd->cmd_complete = addr_cmd_complete;
3270
3271 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3272 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3273 if (err < 0)
3274 mgmt_pending_remove(cmd);
3275
3276 return err;
3277 }
3278
pin_code_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3279 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3280 u16 len)
3281 {
3282 struct hci_conn *conn;
3283 struct mgmt_cp_pin_code_reply *cp = data;
3284 struct hci_cp_pin_code_reply reply;
3285 struct mgmt_pending_cmd *cmd;
3286 int err;
3287
3288 bt_dev_dbg(hdev, "sock %p", sk);
3289
3290 hci_dev_lock(hdev);
3291
3292 if (!hdev_is_powered(hdev)) {
3293 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3294 MGMT_STATUS_NOT_POWERED);
3295 goto failed;
3296 }
3297
3298 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3299 if (!conn) {
3300 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3301 MGMT_STATUS_NOT_CONNECTED);
3302 goto failed;
3303 }
3304
3305 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3306 struct mgmt_cp_pin_code_neg_reply ncp;
3307
3308 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3309
3310 bt_dev_err(hdev, "PIN code is not 16 bytes long");
3311
3312 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3313 if (err >= 0)
3314 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3315 MGMT_STATUS_INVALID_PARAMS);
3316
3317 goto failed;
3318 }
3319
3320 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3321 if (!cmd) {
3322 err = -ENOMEM;
3323 goto failed;
3324 }
3325
3326 cmd->cmd_complete = addr_cmd_complete;
3327
3328 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3329 reply.pin_len = cp->pin_len;
3330 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3331
3332 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3333 if (err < 0)
3334 mgmt_pending_remove(cmd);
3335
3336 failed:
3337 hci_dev_unlock(hdev);
3338 return err;
3339 }
3340
set_io_capability(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3341 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3342 u16 len)
3343 {
3344 struct mgmt_cp_set_io_capability *cp = data;
3345
3346 bt_dev_dbg(hdev, "sock %p", sk);
3347
3348 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3349 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3350 MGMT_STATUS_INVALID_PARAMS);
3351
3352 hci_dev_lock(hdev);
3353
3354 hdev->io_capability = cp->io_capability;
3355
3356 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
3357
3358 hci_dev_unlock(hdev);
3359
3360 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3361 NULL, 0);
3362 }
3363
find_pairing(struct hci_conn * conn)3364 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3365 {
3366 struct hci_dev *hdev = conn->hdev;
3367 struct mgmt_pending_cmd *cmd;
3368
3369 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3370 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3371 continue;
3372
3373 if (cmd->user_data != conn)
3374 continue;
3375
3376 return cmd;
3377 }
3378
3379 return NULL;
3380 }
3381
pairing_complete(struct mgmt_pending_cmd * cmd,u8 status)3382 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3383 {
3384 struct mgmt_rp_pair_device rp;
3385 struct hci_conn *conn = cmd->user_data;
3386 int err;
3387
3388 bacpy(&rp.addr.bdaddr, &conn->dst);
3389 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3390
3391 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3392 status, &rp, sizeof(rp));
3393
3394 /* So we don't get further callbacks for this connection */
3395 conn->connect_cfm_cb = NULL;
3396 conn->security_cfm_cb = NULL;
3397 conn->disconn_cfm_cb = NULL;
3398
3399 hci_conn_drop(conn);
3400
3401 /* The device is paired so there is no need to remove
3402 * its connection parameters anymore.
3403 */
3404 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3405
3406 hci_conn_put(conn);
3407
3408 return err;
3409 }
3410
mgmt_smp_complete(struct hci_conn * conn,bool complete)3411 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3412 {
3413 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3414 struct mgmt_pending_cmd *cmd;
3415
3416 cmd = find_pairing(conn);
3417 if (cmd) {
3418 cmd->cmd_complete(cmd, status);
3419 mgmt_pending_remove(cmd);
3420 }
3421 }
3422
pairing_complete_cb(struct hci_conn * conn,u8 status)3423 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3424 {
3425 struct mgmt_pending_cmd *cmd;
3426
3427 BT_DBG("status %u", status);
3428
3429 cmd = find_pairing(conn);
3430 if (!cmd) {
3431 BT_DBG("Unable to find a pending command");
3432 return;
3433 }
3434
3435 cmd->cmd_complete(cmd, mgmt_status(status));
3436 mgmt_pending_remove(cmd);
3437 }
3438
le_pairing_complete_cb(struct hci_conn * conn,u8 status)3439 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3440 {
3441 struct mgmt_pending_cmd *cmd;
3442
3443 BT_DBG("status %u", status);
3444
3445 if (!status)
3446 return;
3447
3448 cmd = find_pairing(conn);
3449 if (!cmd) {
3450 BT_DBG("Unable to find a pending command");
3451 return;
3452 }
3453
3454 cmd->cmd_complete(cmd, mgmt_status(status));
3455 mgmt_pending_remove(cmd);
3456 }
3457
pair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3458 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3459 u16 len)
3460 {
3461 struct mgmt_cp_pair_device *cp = data;
3462 struct mgmt_rp_pair_device rp;
3463 struct mgmt_pending_cmd *cmd;
3464 u8 sec_level, auth_type;
3465 struct hci_conn *conn;
3466 int err;
3467
3468 bt_dev_dbg(hdev, "sock %p", sk);
3469
3470 memset(&rp, 0, sizeof(rp));
3471 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3472 rp.addr.type = cp->addr.type;
3473
3474 if (!bdaddr_type_is_valid(cp->addr.type))
3475 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3476 MGMT_STATUS_INVALID_PARAMS,
3477 &rp, sizeof(rp));
3478
3479 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3480 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3481 MGMT_STATUS_INVALID_PARAMS,
3482 &rp, sizeof(rp));
3483
3484 hci_dev_lock(hdev);
3485
3486 if (!hdev_is_powered(hdev)) {
3487 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3488 MGMT_STATUS_NOT_POWERED, &rp,
3489 sizeof(rp));
3490 goto unlock;
3491 }
3492
3493 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3495 MGMT_STATUS_ALREADY_PAIRED, &rp,
3496 sizeof(rp));
3497 goto unlock;
3498 }
3499
3500 sec_level = BT_SECURITY_MEDIUM;
3501 auth_type = HCI_AT_DEDICATED_BONDING;
3502
3503 if (cp->addr.type == BDADDR_BREDR) {
3504 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3505 auth_type, CONN_REASON_PAIR_DEVICE);
3506 } else {
3507 u8 addr_type = le_addr_type(cp->addr.type);
3508 struct hci_conn_params *p;
3509
3510 /* When pairing a new device, it is expected to remember
3511 * this device for future connections. Adding the connection
3512 * parameter information ahead of time allows tracking
3513 * of the peripheral preferred values and will speed up any
3514 * further connection establishment.
3515 *
3516 * If connection parameters already exist, then they
3517 * will be kept and this function does nothing.
3518 */
3519 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3520
3521 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3522 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3523
3524 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3525 sec_level, HCI_LE_CONN_TIMEOUT,
3526 CONN_REASON_PAIR_DEVICE);
3527 }
3528
3529 if (IS_ERR(conn)) {
3530 int status;
3531
3532 if (PTR_ERR(conn) == -EBUSY)
3533 status = MGMT_STATUS_BUSY;
3534 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3535 status = MGMT_STATUS_NOT_SUPPORTED;
3536 else if (PTR_ERR(conn) == -ECONNREFUSED)
3537 status = MGMT_STATUS_REJECTED;
3538 else
3539 status = MGMT_STATUS_CONNECT_FAILED;
3540
3541 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3542 status, &rp, sizeof(rp));
3543 goto unlock;
3544 }
3545
3546 if (conn->connect_cfm_cb) {
3547 hci_conn_drop(conn);
3548 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3549 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3550 goto unlock;
3551 }
3552
3553 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3554 if (!cmd) {
3555 err = -ENOMEM;
3556 hci_conn_drop(conn);
3557 goto unlock;
3558 }
3559
3560 cmd->cmd_complete = pairing_complete;
3561
3562 /* For LE, just connecting isn't a proof that the pairing finished */
3563 if (cp->addr.type == BDADDR_BREDR) {
3564 conn->connect_cfm_cb = pairing_complete_cb;
3565 conn->security_cfm_cb = pairing_complete_cb;
3566 conn->disconn_cfm_cb = pairing_complete_cb;
3567 } else {
3568 conn->connect_cfm_cb = le_pairing_complete_cb;
3569 conn->security_cfm_cb = le_pairing_complete_cb;
3570 conn->disconn_cfm_cb = le_pairing_complete_cb;
3571 }
3572
3573 conn->io_capability = cp->io_cap;
3574 cmd->user_data = hci_conn_get(conn);
3575
3576 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3577 hci_conn_security(conn, sec_level, auth_type, true)) {
3578 cmd->cmd_complete(cmd, 0);
3579 mgmt_pending_remove(cmd);
3580 }
3581
3582 err = 0;
3583
3584 unlock:
3585 hci_dev_unlock(hdev);
3586 return err;
3587 }
3588
cancel_pair_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3589 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3590 u16 len)
3591 {
3592 struct mgmt_addr_info *addr = data;
3593 struct mgmt_pending_cmd *cmd;
3594 struct hci_conn *conn;
3595 int err;
3596
3597 bt_dev_dbg(hdev, "sock %p", sk);
3598
3599 hci_dev_lock(hdev);
3600
3601 if (!hdev_is_powered(hdev)) {
3602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3603 MGMT_STATUS_NOT_POWERED);
3604 goto unlock;
3605 }
3606
3607 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3608 if (!cmd) {
3609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3610 MGMT_STATUS_INVALID_PARAMS);
3611 goto unlock;
3612 }
3613
3614 conn = cmd->user_data;
3615
3616 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3618 MGMT_STATUS_INVALID_PARAMS);
3619 goto unlock;
3620 }
3621
3622 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3623 mgmt_pending_remove(cmd);
3624
3625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3626 addr, sizeof(*addr));
3627
3628 /* Since user doesn't want to proceed with the connection, abort any
3629 * ongoing pairing and then terminate the link if it was created
3630 * because of the pair device action.
3631 */
3632 if (addr->type == BDADDR_BREDR)
3633 hci_remove_link_key(hdev, &addr->bdaddr);
3634 else
3635 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3636 le_addr_type(addr->type));
3637
3638 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3639 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3640
3641 unlock:
3642 hci_dev_unlock(hdev);
3643 return err;
3644 }
3645
user_pairing_resp(struct sock * sk,struct hci_dev * hdev,struct mgmt_addr_info * addr,u16 mgmt_op,u16 hci_op,__le32 passkey)3646 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3647 struct mgmt_addr_info *addr, u16 mgmt_op,
3648 u16 hci_op, __le32 passkey)
3649 {
3650 struct mgmt_pending_cmd *cmd;
3651 struct hci_conn *conn;
3652 int err;
3653
3654 hci_dev_lock(hdev);
3655
3656 if (!hdev_is_powered(hdev)) {
3657 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3658 MGMT_STATUS_NOT_POWERED, addr,
3659 sizeof(*addr));
3660 goto done;
3661 }
3662
3663 if (addr->type == BDADDR_BREDR)
3664 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3665 else
3666 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3667 le_addr_type(addr->type));
3668
3669 if (!conn) {
3670 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3671 MGMT_STATUS_NOT_CONNECTED, addr,
3672 sizeof(*addr));
3673 goto done;
3674 }
3675
3676 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3677 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3678 if (!err)
3679 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3680 MGMT_STATUS_SUCCESS, addr,
3681 sizeof(*addr));
3682 else
3683 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3684 MGMT_STATUS_FAILED, addr,
3685 sizeof(*addr));
3686
3687 goto done;
3688 }
3689
3690 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3691 if (!cmd) {
3692 err = -ENOMEM;
3693 goto done;
3694 }
3695
3696 cmd->cmd_complete = addr_cmd_complete;
3697
3698 /* Continue with pairing via HCI */
3699 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3700 struct hci_cp_user_passkey_reply cp;
3701
3702 bacpy(&cp.bdaddr, &addr->bdaddr);
3703 cp.passkey = passkey;
3704 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3705 } else
3706 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3707 &addr->bdaddr);
3708
3709 if (err < 0)
3710 mgmt_pending_remove(cmd);
3711
3712 done:
3713 hci_dev_unlock(hdev);
3714 return err;
3715 }
3716
pin_code_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3717 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3718 void *data, u16 len)
3719 {
3720 struct mgmt_cp_pin_code_neg_reply *cp = data;
3721
3722 bt_dev_dbg(hdev, "sock %p", sk);
3723
3724 return user_pairing_resp(sk, hdev, &cp->addr,
3725 MGMT_OP_PIN_CODE_NEG_REPLY,
3726 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3727 }
3728
user_confirm_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3729 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3730 u16 len)
3731 {
3732 struct mgmt_cp_user_confirm_reply *cp = data;
3733
3734 bt_dev_dbg(hdev, "sock %p", sk);
3735
3736 if (len != sizeof(*cp))
3737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3738 MGMT_STATUS_INVALID_PARAMS);
3739
3740 return user_pairing_resp(sk, hdev, &cp->addr,
3741 MGMT_OP_USER_CONFIRM_REPLY,
3742 HCI_OP_USER_CONFIRM_REPLY, 0);
3743 }
3744
user_confirm_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3745 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3746 void *data, u16 len)
3747 {
3748 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3749
3750 bt_dev_dbg(hdev, "sock %p", sk);
3751
3752 return user_pairing_resp(sk, hdev, &cp->addr,
3753 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3754 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3755 }
3756
user_passkey_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3757 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3758 u16 len)
3759 {
3760 struct mgmt_cp_user_passkey_reply *cp = data;
3761
3762 bt_dev_dbg(hdev, "sock %p", sk);
3763
3764 return user_pairing_resp(sk, hdev, &cp->addr,
3765 MGMT_OP_USER_PASSKEY_REPLY,
3766 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3767 }
3768
user_passkey_neg_reply(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3769 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3770 void *data, u16 len)
3771 {
3772 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3773
3774 bt_dev_dbg(hdev, "sock %p", sk);
3775
3776 return user_pairing_resp(sk, hdev, &cp->addr,
3777 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3778 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3779 }
3780
adv_expire_sync(struct hci_dev * hdev,u32 flags)3781 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3782 {
3783 struct adv_info *adv_instance;
3784
3785 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3786 if (!adv_instance)
3787 return 0;
3788
3789 /* stop if current instance doesn't need to be changed */
3790 if (!(adv_instance->flags & flags))
3791 return 0;
3792
3793 cancel_adv_timeout(hdev);
3794
3795 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3796 if (!adv_instance)
3797 return 0;
3798
3799 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3800
3801 return 0;
3802 }
3803
name_changed_sync(struct hci_dev * hdev,void * data)3804 static int name_changed_sync(struct hci_dev *hdev, void *data)
3805 {
3806 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3807 }
3808
set_name_complete(struct hci_dev * hdev,void * data,int err)3809 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3810 {
3811 struct mgmt_pending_cmd *cmd = data;
3812 struct mgmt_cp_set_local_name *cp = cmd->param;
3813 u8 status = mgmt_status(err);
3814
3815 bt_dev_dbg(hdev, "err %d", err);
3816
3817 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3818 return;
3819
3820 if (status) {
3821 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3822 status);
3823 } else {
3824 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3825 cp, sizeof(*cp));
3826
3827 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3828 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3829 }
3830
3831 mgmt_pending_remove(cmd);
3832 }
3833
set_name_sync(struct hci_dev * hdev,void * data)3834 static int set_name_sync(struct hci_dev *hdev, void *data)
3835 {
3836 if (lmp_bredr_capable(hdev)) {
3837 hci_update_name_sync(hdev);
3838 hci_update_eir_sync(hdev);
3839 }
3840
3841 /* The name is stored in the scan response data and so
3842 * no need to update the advertising data here.
3843 */
3844 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3845 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3846
3847 return 0;
3848 }
3849
set_local_name(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3850 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3851 u16 len)
3852 {
3853 struct mgmt_cp_set_local_name *cp = data;
3854 struct mgmt_pending_cmd *cmd;
3855 int err;
3856
3857 bt_dev_dbg(hdev, "sock %p", sk);
3858
3859 hci_dev_lock(hdev);
3860
3861 /* If the old values are the same as the new ones just return a
3862 * direct command complete event.
3863 */
3864 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3865 !memcmp(hdev->short_name, cp->short_name,
3866 sizeof(hdev->short_name))) {
3867 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3868 data, len);
3869 goto failed;
3870 }
3871
3872 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3873
3874 if (!hdev_is_powered(hdev)) {
3875 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3876
3877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3878 data, len);
3879 if (err < 0)
3880 goto failed;
3881
3882 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3883 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3884 ext_info_changed(hdev, sk);
3885
3886 goto failed;
3887 }
3888
3889 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3890 if (!cmd)
3891 err = -ENOMEM;
3892 else
3893 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3894 set_name_complete);
3895
3896 if (err < 0) {
3897 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3898 MGMT_STATUS_FAILED);
3899
3900 if (cmd)
3901 mgmt_pending_remove(cmd);
3902
3903 goto failed;
3904 }
3905
3906 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3907
3908 failed:
3909 hci_dev_unlock(hdev);
3910 return err;
3911 }
3912
appearance_changed_sync(struct hci_dev * hdev,void * data)3913 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3914 {
3915 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3916 }
3917
set_appearance(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3918 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3919 u16 len)
3920 {
3921 struct mgmt_cp_set_appearance *cp = data;
3922 u16 appearance;
3923 int err;
3924
3925 bt_dev_dbg(hdev, "sock %p", sk);
3926
3927 if (!lmp_le_capable(hdev))
3928 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3929 MGMT_STATUS_NOT_SUPPORTED);
3930
3931 appearance = le16_to_cpu(cp->appearance);
3932
3933 hci_dev_lock(hdev);
3934
3935 if (hdev->appearance != appearance) {
3936 hdev->appearance = appearance;
3937
3938 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3939 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3940 NULL);
3941
3942 ext_info_changed(hdev, sk);
3943 }
3944
3945 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3946 0);
3947
3948 hci_dev_unlock(hdev);
3949
3950 return err;
3951 }
3952
get_phy_configuration(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)3953 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3954 void *data, u16 len)
3955 {
3956 struct mgmt_rp_get_phy_configuration rp;
3957
3958 bt_dev_dbg(hdev, "sock %p", sk);
3959
3960 hci_dev_lock(hdev);
3961
3962 memset(&rp, 0, sizeof(rp));
3963
3964 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3965 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3966 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3967
3968 hci_dev_unlock(hdev);
3969
3970 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3971 &rp, sizeof(rp));
3972 }
3973
mgmt_phy_configuration_changed(struct hci_dev * hdev,struct sock * skip)3974 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3975 {
3976 struct mgmt_ev_phy_configuration_changed ev;
3977
3978 memset(&ev, 0, sizeof(ev));
3979
3980 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3981
3982 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3983 sizeof(ev), skip);
3984 }
3985
set_default_phy_complete(struct hci_dev * hdev,void * data,int err)3986 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3987 {
3988 struct mgmt_pending_cmd *cmd = data;
3989 struct sk_buff *skb = cmd->skb;
3990 u8 status = mgmt_status(err);
3991
3992 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
3993 return;
3994
3995 if (!status) {
3996 if (!skb)
3997 status = MGMT_STATUS_FAILED;
3998 else if (IS_ERR(skb))
3999 status = mgmt_status(PTR_ERR(skb));
4000 else
4001 status = mgmt_status(skb->data[0]);
4002 }
4003
4004 bt_dev_dbg(hdev, "status %d", status);
4005
4006 if (status) {
4007 mgmt_cmd_status(cmd->sk, hdev->id,
4008 MGMT_OP_SET_PHY_CONFIGURATION, status);
4009 } else {
4010 mgmt_cmd_complete(cmd->sk, hdev->id,
4011 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4012 NULL, 0);
4013
4014 mgmt_phy_configuration_changed(hdev, cmd->sk);
4015 }
4016
4017 if (skb && !IS_ERR(skb))
4018 kfree_skb(skb);
4019
4020 mgmt_pending_remove(cmd);
4021 }
4022
set_default_phy_sync(struct hci_dev * hdev,void * data)4023 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4024 {
4025 struct mgmt_pending_cmd *cmd = data;
4026 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4027 struct hci_cp_le_set_default_phy cp_phy;
4028 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4029
4030 memset(&cp_phy, 0, sizeof(cp_phy));
4031
4032 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4033 cp_phy.all_phys |= 0x01;
4034
4035 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4036 cp_phy.all_phys |= 0x02;
4037
4038 if (selected_phys & MGMT_PHY_LE_1M_TX)
4039 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4040
4041 if (selected_phys & MGMT_PHY_LE_2M_TX)
4042 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4043
4044 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4045 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4046
4047 if (selected_phys & MGMT_PHY_LE_1M_RX)
4048 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4049
4050 if (selected_phys & MGMT_PHY_LE_2M_RX)
4051 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4052
4053 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4054 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4055
4056 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4057 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4058
4059 return 0;
4060 }
4061
set_phy_configuration(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4062 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4063 void *data, u16 len)
4064 {
4065 struct mgmt_cp_set_phy_configuration *cp = data;
4066 struct mgmt_pending_cmd *cmd;
4067 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4068 u16 pkt_type = (HCI_DH1 | HCI_DM1);
4069 bool changed = false;
4070 int err;
4071
4072 bt_dev_dbg(hdev, "sock %p", sk);
4073
4074 configurable_phys = get_configurable_phys(hdev);
4075 supported_phys = get_supported_phys(hdev);
4076 selected_phys = __le32_to_cpu(cp->selected_phys);
4077
4078 if (selected_phys & ~supported_phys)
4079 return mgmt_cmd_status(sk, hdev->id,
4080 MGMT_OP_SET_PHY_CONFIGURATION,
4081 MGMT_STATUS_INVALID_PARAMS);
4082
4083 unconfigure_phys = supported_phys & ~configurable_phys;
4084
4085 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4086 return mgmt_cmd_status(sk, hdev->id,
4087 MGMT_OP_SET_PHY_CONFIGURATION,
4088 MGMT_STATUS_INVALID_PARAMS);
4089
4090 if (selected_phys == get_selected_phys(hdev))
4091 return mgmt_cmd_complete(sk, hdev->id,
4092 MGMT_OP_SET_PHY_CONFIGURATION,
4093 0, NULL, 0);
4094
4095 hci_dev_lock(hdev);
4096
4097 if (!hdev_is_powered(hdev)) {
4098 err = mgmt_cmd_status(sk, hdev->id,
4099 MGMT_OP_SET_PHY_CONFIGURATION,
4100 MGMT_STATUS_REJECTED);
4101 goto unlock;
4102 }
4103
4104 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4105 err = mgmt_cmd_status(sk, hdev->id,
4106 MGMT_OP_SET_PHY_CONFIGURATION,
4107 MGMT_STATUS_BUSY);
4108 goto unlock;
4109 }
4110
4111 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4112 pkt_type |= (HCI_DH3 | HCI_DM3);
4113 else
4114 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4115
4116 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4117 pkt_type |= (HCI_DH5 | HCI_DM5);
4118 else
4119 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4120
4121 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4122 pkt_type &= ~HCI_2DH1;
4123 else
4124 pkt_type |= HCI_2DH1;
4125
4126 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4127 pkt_type &= ~HCI_2DH3;
4128 else
4129 pkt_type |= HCI_2DH3;
4130
4131 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4132 pkt_type &= ~HCI_2DH5;
4133 else
4134 pkt_type |= HCI_2DH5;
4135
4136 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4137 pkt_type &= ~HCI_3DH1;
4138 else
4139 pkt_type |= HCI_3DH1;
4140
4141 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4142 pkt_type &= ~HCI_3DH3;
4143 else
4144 pkt_type |= HCI_3DH3;
4145
4146 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4147 pkt_type &= ~HCI_3DH5;
4148 else
4149 pkt_type |= HCI_3DH5;
4150
4151 if (pkt_type != hdev->pkt_type) {
4152 hdev->pkt_type = pkt_type;
4153 changed = true;
4154 }
4155
4156 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4157 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
4158 if (changed)
4159 mgmt_phy_configuration_changed(hdev, sk);
4160
4161 err = mgmt_cmd_complete(sk, hdev->id,
4162 MGMT_OP_SET_PHY_CONFIGURATION,
4163 0, NULL, 0);
4164
4165 goto unlock;
4166 }
4167
4168 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4169 len);
4170 if (!cmd)
4171 err = -ENOMEM;
4172 else
4173 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4174 set_default_phy_complete);
4175
4176 if (err < 0) {
4177 err = mgmt_cmd_status(sk, hdev->id,
4178 MGMT_OP_SET_PHY_CONFIGURATION,
4179 MGMT_STATUS_FAILED);
4180
4181 if (cmd)
4182 mgmt_pending_remove(cmd);
4183 }
4184
4185 unlock:
4186 hci_dev_unlock(hdev);
4187
4188 return err;
4189 }
4190
set_blocked_keys(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4191 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4192 u16 len)
4193 {
4194 int err = MGMT_STATUS_SUCCESS;
4195 struct mgmt_cp_set_blocked_keys *keys = data;
4196 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4197 sizeof(struct mgmt_blocked_key_info));
4198 u16 key_count, expected_len;
4199 int i;
4200
4201 bt_dev_dbg(hdev, "sock %p", sk);
4202
4203 key_count = __le16_to_cpu(keys->key_count);
4204 if (key_count > max_key_count) {
4205 bt_dev_err(hdev, "too big key_count value %u", key_count);
4206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4207 MGMT_STATUS_INVALID_PARAMS);
4208 }
4209
4210 expected_len = struct_size(keys, keys, key_count);
4211 if (expected_len != len) {
4212 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4213 expected_len, len);
4214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4215 MGMT_STATUS_INVALID_PARAMS);
4216 }
4217
4218 hci_dev_lock(hdev);
4219
4220 hci_blocked_keys_clear(hdev);
4221
4222 for (i = 0; i < key_count; ++i) {
4223 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4224
4225 if (!b) {
4226 err = MGMT_STATUS_NO_RESOURCES;
4227 break;
4228 }
4229
4230 b->type = keys->keys[i].type;
4231 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4232 list_add_rcu(&b->list, &hdev->blocked_keys);
4233 }
4234 hci_dev_unlock(hdev);
4235
4236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4237 err, NULL, 0);
4238 }
4239
set_wideband_speech(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)4240 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4241 void *data, u16 len)
4242 {
4243 struct mgmt_mode *cp = data;
4244 int err;
4245 bool changed = false;
4246
4247 bt_dev_dbg(hdev, "sock %p", sk);
4248
4249 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4250 return mgmt_cmd_status(sk, hdev->id,
4251 MGMT_OP_SET_WIDEBAND_SPEECH,
4252 MGMT_STATUS_NOT_SUPPORTED);
4253
4254 if (cp->val != 0x00 && cp->val != 0x01)
4255 return mgmt_cmd_status(sk, hdev->id,
4256 MGMT_OP_SET_WIDEBAND_SPEECH,
4257 MGMT_STATUS_INVALID_PARAMS);
4258
4259 hci_dev_lock(hdev);
4260
4261 if (hdev_is_powered(hdev) &&
4262 !!cp->val != hci_dev_test_flag(hdev,
4263 HCI_WIDEBAND_SPEECH_ENABLED)) {
4264 err = mgmt_cmd_status(sk, hdev->id,
4265 MGMT_OP_SET_WIDEBAND_SPEECH,
4266 MGMT_STATUS_REJECTED);
4267 goto unlock;
4268 }
4269
4270 if (cp->val)
4271 changed = !hci_dev_test_and_set_flag(hdev,
4272 HCI_WIDEBAND_SPEECH_ENABLED);
4273 else
4274 changed = hci_dev_test_and_clear_flag(hdev,
4275 HCI_WIDEBAND_SPEECH_ENABLED);
4276
4277 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4278 if (err < 0)
4279 goto unlock;
4280
4281 if (changed)
4282 err = new_settings(hdev, sk);
4283
4284 unlock:
4285 hci_dev_unlock(hdev);
4286 return err;
4287 }
4288
read_controller_cap(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)4289 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4290 void *data, u16 data_len)
4291 {
4292 char buf[20];
4293 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4294 u16 cap_len = 0;
4295 u8 flags = 0;
4296 u8 tx_power_range[2];
4297
4298 bt_dev_dbg(hdev, "sock %p", sk);
4299
4300 memset(&buf, 0, sizeof(buf));
4301
4302 hci_dev_lock(hdev);
4303
4304 /* When the Read Simple Pairing Options command is supported, then
4305 * the remote public key validation is supported.
4306 *
4307 * Alternatively, when Microsoft extensions are available, they can
4308 * indicate support for public key validation as well.
4309 */
4310 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
4311 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4312
4313 flags |= 0x02; /* Remote public key validation (LE) */
4314
4315 /* When the Read Encryption Key Size command is supported, then the
4316 * encryption key size is enforced.
4317 */
4318 if (hdev->commands[20] & 0x10)
4319 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4320
4321 flags |= 0x08; /* Encryption key size enforcement (LE) */
4322
4323 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4324 &flags, 1);
4325
4326 /* When the Read Simple Pairing Options command is supported, then
4327 * also max encryption key size information is provided.
4328 */
4329 if (hdev->commands[41] & 0x08)
4330 cap_len = eir_append_le16(rp->cap, cap_len,
4331 MGMT_CAP_MAX_ENC_KEY_SIZE,
4332 hdev->max_enc_key_size);
4333
4334 cap_len = eir_append_le16(rp->cap, cap_len,
4335 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4336 SMP_MAX_ENC_KEY_SIZE);
4337
4338 /* Append the min/max LE tx power parameters if we were able to fetch
4339 * it from the controller
4340 */
4341 if (hdev->commands[38] & 0x80) {
4342 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4343 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4344 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4345 tx_power_range, 2);
4346 }
4347
4348 rp->cap_len = cpu_to_le16(cap_len);
4349
4350 hci_dev_unlock(hdev);
4351
4352 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4353 rp, sizeof(*rp) + cap_len);
4354 }
4355
4356 #ifdef CONFIG_BT_FEATURE_DEBUG
4357 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
4358 static const u8 debug_uuid[16] = {
4359 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4360 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4361 };
4362 #endif
4363
4364 /* 330859bc-7506-492d-9370-9a6f0614037f */
4365 static const u8 quality_report_uuid[16] = {
4366 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4367 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4368 };
4369
4370 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4371 static const u8 offload_codecs_uuid[16] = {
4372 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4373 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4374 };
4375
4376 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
4377 static const u8 le_simultaneous_roles_uuid[16] = {
4378 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4379 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4380 };
4381
4382 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
4383 static const u8 rpa_resolution_uuid[16] = {
4384 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4385 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4386 };
4387
4388 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4389 static const u8 iso_socket_uuid[16] = {
4390 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4391 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4392 };
4393
4394 /* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4395 static const u8 mgmt_mesh_uuid[16] = {
4396 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4397 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4398 };
4399
read_exp_features_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)4400 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 data_len)
4402 {
4403 struct mgmt_rp_read_exp_features_info *rp;
4404 size_t len;
4405 u16 idx = 0;
4406 u32 flags;
4407 int status;
4408
4409 bt_dev_dbg(hdev, "sock %p", sk);
4410
4411 /* Enough space for 7 features */
4412 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
4413 rp = kzalloc(len, GFP_KERNEL);
4414 if (!rp)
4415 return -ENOMEM;
4416
4417 #ifdef CONFIG_BT_FEATURE_DEBUG
4418 if (!hdev) {
4419 flags = bt_dbg_get() ? BIT(0) : 0;
4420
4421 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4422 rp->features[idx].flags = cpu_to_le32(flags);
4423 idx++;
4424 }
4425 #endif
4426
4427 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4428 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4429 flags = BIT(0);
4430 else
4431 flags = 0;
4432
4433 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4434 rp->features[idx].flags = cpu_to_le32(flags);
4435 idx++;
4436 }
4437
4438 if (hdev && ll_privacy_capable(hdev)) {
4439 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4440 flags = BIT(0) | BIT(1);
4441 else
4442 flags = BIT(1);
4443
4444 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4445 rp->features[idx].flags = cpu_to_le32(flags);
4446 idx++;
4447 }
4448
4449 if (hdev && (aosp_has_quality_report(hdev) ||
4450 hdev->set_quality_report)) {
4451 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4452 flags = BIT(0);
4453 else
4454 flags = 0;
4455
4456 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4457 rp->features[idx].flags = cpu_to_le32(flags);
4458 idx++;
4459 }
4460
4461 if (hdev && hdev->get_data_path_id) {
4462 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4463 flags = BIT(0);
4464 else
4465 flags = 0;
4466
4467 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4468 rp->features[idx].flags = cpu_to_le32(flags);
4469 idx++;
4470 }
4471
4472 if (IS_ENABLED(CONFIG_BT_LE)) {
4473 flags = iso_enabled() ? BIT(0) : 0;
4474 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4475 rp->features[idx].flags = cpu_to_le32(flags);
4476 idx++;
4477 }
4478
4479 if (hdev && lmp_le_capable(hdev)) {
4480 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4481 flags = BIT(0);
4482 else
4483 flags = 0;
4484
4485 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4486 rp->features[idx].flags = cpu_to_le32(flags);
4487 idx++;
4488 }
4489
4490 rp->feature_count = cpu_to_le16(idx);
4491
4492 /* After reading the experimental features information, enable
4493 * the events to update client on any future change.
4494 */
4495 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4496
4497 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4498 MGMT_OP_READ_EXP_FEATURES_INFO,
4499 0, rp, sizeof(*rp) + (20 * idx));
4500
4501 kfree(rp);
4502 return status;
4503 }
4504
exp_ll_privacy_feature_changed(bool enabled,struct hci_dev * hdev,struct sock * skip)4505 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4506 struct sock *skip)
4507 {
4508 struct mgmt_ev_exp_feature_changed ev;
4509
4510 memset(&ev, 0, sizeof(ev));
4511 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4512 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4513
4514 // Do we need to be atomic with the conn_flags?
4515 if (enabled && privacy_mode_capable(hdev))
4516 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4517 else
4518 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4519
4520 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4521 &ev, sizeof(ev),
4522 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4523
4524 }
4525
exp_feature_changed(struct hci_dev * hdev,const u8 * uuid,bool enabled,struct sock * skip)4526 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4527 bool enabled, struct sock *skip)
4528 {
4529 struct mgmt_ev_exp_feature_changed ev;
4530
4531 memset(&ev, 0, sizeof(ev));
4532 memcpy(ev.uuid, uuid, 16);
4533 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4534
4535 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4536 &ev, sizeof(ev),
4537 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4538 }
4539
4540 #define EXP_FEAT(_uuid, _set_func) \
4541 { \
4542 .uuid = _uuid, \
4543 .set_func = _set_func, \
4544 }
4545
4546 /* The zero key uuid is special. Multiple exp features are set through it. */
set_zero_key_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4547 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4548 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4549 {
4550 struct mgmt_rp_set_exp_feature rp;
4551
4552 memset(rp.uuid, 0, 16);
4553 rp.flags = cpu_to_le32(0);
4554
4555 #ifdef CONFIG_BT_FEATURE_DEBUG
4556 if (!hdev) {
4557 bool changed = bt_dbg_get();
4558
4559 bt_dbg_set(false);
4560
4561 if (changed)
4562 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4563 }
4564 #endif
4565
4566 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4567 bool changed;
4568
4569 changed = hci_dev_test_and_clear_flag(hdev,
4570 HCI_ENABLE_LL_PRIVACY);
4571 if (changed)
4572 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4573 sk);
4574 }
4575
4576 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4577
4578 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4579 MGMT_OP_SET_EXP_FEATURE, 0,
4580 &rp, sizeof(rp));
4581 }
4582
4583 #ifdef CONFIG_BT_FEATURE_DEBUG
set_debug_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4584 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4585 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4586 {
4587 struct mgmt_rp_set_exp_feature rp;
4588
4589 bool val, changed;
4590 int err;
4591
4592 /* Command requires to use the non-controller index */
4593 if (hdev)
4594 return mgmt_cmd_status(sk, hdev->id,
4595 MGMT_OP_SET_EXP_FEATURE,
4596 MGMT_STATUS_INVALID_INDEX);
4597
4598 /* Parameters are limited to a single octet */
4599 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4600 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4601 MGMT_OP_SET_EXP_FEATURE,
4602 MGMT_STATUS_INVALID_PARAMS);
4603
4604 /* Only boolean on/off is supported */
4605 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4606 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4607 MGMT_OP_SET_EXP_FEATURE,
4608 MGMT_STATUS_INVALID_PARAMS);
4609
4610 val = !!cp->param[0];
4611 changed = val ? !bt_dbg_get() : bt_dbg_get();
4612 bt_dbg_set(val);
4613
4614 memcpy(rp.uuid, debug_uuid, 16);
4615 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4616
4617 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4618
4619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4620 MGMT_OP_SET_EXP_FEATURE, 0,
4621 &rp, sizeof(rp));
4622
4623 if (changed)
4624 exp_feature_changed(hdev, debug_uuid, val, sk);
4625
4626 return err;
4627 }
4628 #endif
4629
set_mgmt_mesh_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4630 static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4631 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4632 {
4633 struct mgmt_rp_set_exp_feature rp;
4634 bool val, changed;
4635 int err;
4636
4637 /* Command requires to use the controller index */
4638 if (!hdev)
4639 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4640 MGMT_OP_SET_EXP_FEATURE,
4641 MGMT_STATUS_INVALID_INDEX);
4642
4643 /* Parameters are limited to a single octet */
4644 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4645 return mgmt_cmd_status(sk, hdev->id,
4646 MGMT_OP_SET_EXP_FEATURE,
4647 MGMT_STATUS_INVALID_PARAMS);
4648
4649 /* Only boolean on/off is supported */
4650 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4651 return mgmt_cmd_status(sk, hdev->id,
4652 MGMT_OP_SET_EXP_FEATURE,
4653 MGMT_STATUS_INVALID_PARAMS);
4654
4655 val = !!cp->param[0];
4656
4657 if (val) {
4658 changed = !hci_dev_test_and_set_flag(hdev,
4659 HCI_MESH_EXPERIMENTAL);
4660 } else {
4661 hci_dev_clear_flag(hdev, HCI_MESH);
4662 changed = hci_dev_test_and_clear_flag(hdev,
4663 HCI_MESH_EXPERIMENTAL);
4664 }
4665
4666 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4667 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4668
4669 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4670
4671 err = mgmt_cmd_complete(sk, hdev->id,
4672 MGMT_OP_SET_EXP_FEATURE, 0,
4673 &rp, sizeof(rp));
4674
4675 if (changed)
4676 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4677
4678 return err;
4679 }
4680
set_rpa_resolution_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4681 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4682 struct mgmt_cp_set_exp_feature *cp,
4683 u16 data_len)
4684 {
4685 struct mgmt_rp_set_exp_feature rp;
4686 bool val, changed;
4687 int err;
4688 u32 flags;
4689
4690 /* Command requires to use the controller index */
4691 if (!hdev)
4692 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4693 MGMT_OP_SET_EXP_FEATURE,
4694 MGMT_STATUS_INVALID_INDEX);
4695
4696 /* Changes can only be made when controller is powered down */
4697 if (hdev_is_powered(hdev))
4698 return mgmt_cmd_status(sk, hdev->id,
4699 MGMT_OP_SET_EXP_FEATURE,
4700 MGMT_STATUS_REJECTED);
4701
4702 /* Parameters are limited to a single octet */
4703 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4704 return mgmt_cmd_status(sk, hdev->id,
4705 MGMT_OP_SET_EXP_FEATURE,
4706 MGMT_STATUS_INVALID_PARAMS);
4707
4708 /* Only boolean on/off is supported */
4709 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4710 return mgmt_cmd_status(sk, hdev->id,
4711 MGMT_OP_SET_EXP_FEATURE,
4712 MGMT_STATUS_INVALID_PARAMS);
4713
4714 val = !!cp->param[0];
4715
4716 if (val) {
4717 changed = !hci_dev_test_and_set_flag(hdev,
4718 HCI_ENABLE_LL_PRIVACY);
4719 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4720
4721 /* Enable LL privacy + supported settings changed */
4722 flags = BIT(0) | BIT(1);
4723 } else {
4724 changed = hci_dev_test_and_clear_flag(hdev,
4725 HCI_ENABLE_LL_PRIVACY);
4726
4727 /* Disable LL privacy + supported settings changed */
4728 flags = BIT(1);
4729 }
4730
4731 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4732 rp.flags = cpu_to_le32(flags);
4733
4734 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4735
4736 err = mgmt_cmd_complete(sk, hdev->id,
4737 MGMT_OP_SET_EXP_FEATURE, 0,
4738 &rp, sizeof(rp));
4739
4740 if (changed)
4741 exp_ll_privacy_feature_changed(val, hdev, sk);
4742
4743 return err;
4744 }
4745
set_quality_report_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4746 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4747 struct mgmt_cp_set_exp_feature *cp,
4748 u16 data_len)
4749 {
4750 struct mgmt_rp_set_exp_feature rp;
4751 bool val, changed;
4752 int err;
4753
4754 /* Command requires to use a valid controller index */
4755 if (!hdev)
4756 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4757 MGMT_OP_SET_EXP_FEATURE,
4758 MGMT_STATUS_INVALID_INDEX);
4759
4760 /* Parameters are limited to a single octet */
4761 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4762 return mgmt_cmd_status(sk, hdev->id,
4763 MGMT_OP_SET_EXP_FEATURE,
4764 MGMT_STATUS_INVALID_PARAMS);
4765
4766 /* Only boolean on/off is supported */
4767 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4768 return mgmt_cmd_status(sk, hdev->id,
4769 MGMT_OP_SET_EXP_FEATURE,
4770 MGMT_STATUS_INVALID_PARAMS);
4771
4772 hci_req_sync_lock(hdev);
4773
4774 val = !!cp->param[0];
4775 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4776
4777 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4778 err = mgmt_cmd_status(sk, hdev->id,
4779 MGMT_OP_SET_EXP_FEATURE,
4780 MGMT_STATUS_NOT_SUPPORTED);
4781 goto unlock_quality_report;
4782 }
4783
4784 if (changed) {
4785 if (hdev->set_quality_report)
4786 err = hdev->set_quality_report(hdev, val);
4787 else
4788 err = aosp_set_quality_report(hdev, val);
4789
4790 if (err) {
4791 err = mgmt_cmd_status(sk, hdev->id,
4792 MGMT_OP_SET_EXP_FEATURE,
4793 MGMT_STATUS_FAILED);
4794 goto unlock_quality_report;
4795 }
4796
4797 if (val)
4798 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4799 else
4800 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4801 }
4802
4803 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4804
4805 memcpy(rp.uuid, quality_report_uuid, 16);
4806 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4807 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4808
4809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4810 &rp, sizeof(rp));
4811
4812 if (changed)
4813 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4814
4815 unlock_quality_report:
4816 hci_req_sync_unlock(hdev);
4817 return err;
4818 }
4819
set_offload_codec_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4820 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4821 struct mgmt_cp_set_exp_feature *cp,
4822 u16 data_len)
4823 {
4824 bool val, changed;
4825 int err;
4826 struct mgmt_rp_set_exp_feature rp;
4827
4828 /* Command requires to use a valid controller index */
4829 if (!hdev)
4830 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4831 MGMT_OP_SET_EXP_FEATURE,
4832 MGMT_STATUS_INVALID_INDEX);
4833
4834 /* Parameters are limited to a single octet */
4835 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4836 return mgmt_cmd_status(sk, hdev->id,
4837 MGMT_OP_SET_EXP_FEATURE,
4838 MGMT_STATUS_INVALID_PARAMS);
4839
4840 /* Only boolean on/off is supported */
4841 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4842 return mgmt_cmd_status(sk, hdev->id,
4843 MGMT_OP_SET_EXP_FEATURE,
4844 MGMT_STATUS_INVALID_PARAMS);
4845
4846 val = !!cp->param[0];
4847 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4848
4849 if (!hdev->get_data_path_id) {
4850 return mgmt_cmd_status(sk, hdev->id,
4851 MGMT_OP_SET_EXP_FEATURE,
4852 MGMT_STATUS_NOT_SUPPORTED);
4853 }
4854
4855 if (changed) {
4856 if (val)
4857 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4858 else
4859 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4860 }
4861
4862 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4863 val, changed);
4864
4865 memcpy(rp.uuid, offload_codecs_uuid, 16);
4866 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4867 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4868 err = mgmt_cmd_complete(sk, hdev->id,
4869 MGMT_OP_SET_EXP_FEATURE, 0,
4870 &rp, sizeof(rp));
4871
4872 if (changed)
4873 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4874
4875 return err;
4876 }
4877
set_le_simultaneous_roles_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4878 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4879 struct mgmt_cp_set_exp_feature *cp,
4880 u16 data_len)
4881 {
4882 bool val, changed;
4883 int err;
4884 struct mgmt_rp_set_exp_feature rp;
4885
4886 /* Command requires to use a valid controller index */
4887 if (!hdev)
4888 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4889 MGMT_OP_SET_EXP_FEATURE,
4890 MGMT_STATUS_INVALID_INDEX);
4891
4892 /* Parameters are limited to a single octet */
4893 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4894 return mgmt_cmd_status(sk, hdev->id,
4895 MGMT_OP_SET_EXP_FEATURE,
4896 MGMT_STATUS_INVALID_PARAMS);
4897
4898 /* Only boolean on/off is supported */
4899 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4900 return mgmt_cmd_status(sk, hdev->id,
4901 MGMT_OP_SET_EXP_FEATURE,
4902 MGMT_STATUS_INVALID_PARAMS);
4903
4904 val = !!cp->param[0];
4905 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4906
4907 if (!hci_dev_le_state_simultaneous(hdev)) {
4908 return mgmt_cmd_status(sk, hdev->id,
4909 MGMT_OP_SET_EXP_FEATURE,
4910 MGMT_STATUS_NOT_SUPPORTED);
4911 }
4912
4913 if (changed) {
4914 if (val)
4915 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4916 else
4917 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4918 }
4919
4920 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4921 val, changed);
4922
4923 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4924 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4925 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4926 err = mgmt_cmd_complete(sk, hdev->id,
4927 MGMT_OP_SET_EXP_FEATURE, 0,
4928 &rp, sizeof(rp));
4929
4930 if (changed)
4931 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4932
4933 return err;
4934 }
4935
4936 #ifdef CONFIG_BT_LE
set_iso_socket_func(struct sock * sk,struct hci_dev * hdev,struct mgmt_cp_set_exp_feature * cp,u16 data_len)4937 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4938 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4939 {
4940 struct mgmt_rp_set_exp_feature rp;
4941 bool val, changed = false;
4942 int err;
4943
4944 /* Command requires to use the non-controller index */
4945 if (hdev)
4946 return mgmt_cmd_status(sk, hdev->id,
4947 MGMT_OP_SET_EXP_FEATURE,
4948 MGMT_STATUS_INVALID_INDEX);
4949
4950 /* Parameters are limited to a single octet */
4951 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4952 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4953 MGMT_OP_SET_EXP_FEATURE,
4954 MGMT_STATUS_INVALID_PARAMS);
4955
4956 /* Only boolean on/off is supported */
4957 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4958 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4959 MGMT_OP_SET_EXP_FEATURE,
4960 MGMT_STATUS_INVALID_PARAMS);
4961
4962 val = cp->param[0] ? true : false;
4963 if (val)
4964 err = iso_init();
4965 else
4966 err = iso_exit();
4967
4968 if (!err)
4969 changed = true;
4970
4971 memcpy(rp.uuid, iso_socket_uuid, 16);
4972 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4973
4974 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4975
4976 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4977 MGMT_OP_SET_EXP_FEATURE, 0,
4978 &rp, sizeof(rp));
4979
4980 if (changed)
4981 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4982
4983 return err;
4984 }
4985 #endif
4986
4987 static const struct mgmt_exp_feature {
4988 const u8 *uuid;
4989 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4990 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4991 } exp_features[] = {
4992 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4993 #ifdef CONFIG_BT_FEATURE_DEBUG
4994 EXP_FEAT(debug_uuid, set_debug_func),
4995 #endif
4996 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
4997 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
4998 EXP_FEAT(quality_report_uuid, set_quality_report_func),
4999 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
5000 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
5001 #ifdef CONFIG_BT_LE
5002 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5003 #endif
5004
5005 /* end with a null feature */
5006 EXP_FEAT(NULL, NULL)
5007 };
5008
set_exp_feature(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)5009 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5010 void *data, u16 data_len)
5011 {
5012 struct mgmt_cp_set_exp_feature *cp = data;
5013 size_t i = 0;
5014
5015 bt_dev_dbg(hdev, "sock %p", sk);
5016
5017 for (i = 0; exp_features[i].uuid; i++) {
5018 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5019 return exp_features[i].set_func(sk, hdev, cp, data_len);
5020 }
5021
5022 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5023 MGMT_OP_SET_EXP_FEATURE,
5024 MGMT_STATUS_NOT_SUPPORTED);
5025 }
5026
get_params_flags(struct hci_dev * hdev,struct hci_conn_params * params)5027 static u32 get_params_flags(struct hci_dev *hdev,
5028 struct hci_conn_params *params)
5029 {
5030 u32 flags = hdev->conn_flags;
5031
5032 /* Devices using RPAs can only be programmed in the acceptlist if
5033 * LL Privacy has been enable otherwise they cannot mark
5034 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5035 */
5036 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5037 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
5038 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5039
5040 return flags;
5041 }
5042
get_device_flags(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)5043 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5044 u16 data_len)
5045 {
5046 struct mgmt_cp_get_device_flags *cp = data;
5047 struct mgmt_rp_get_device_flags rp;
5048 struct bdaddr_list_with_flags *br_params;
5049 struct hci_conn_params *params;
5050 u32 supported_flags;
5051 u32 current_flags = 0;
5052 u8 status = MGMT_STATUS_INVALID_PARAMS;
5053
5054 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5055 &cp->addr.bdaddr, cp->addr.type);
5056
5057 hci_dev_lock(hdev);
5058
5059 supported_flags = hdev->conn_flags;
5060
5061 memset(&rp, 0, sizeof(rp));
5062
5063 if (cp->addr.type == BDADDR_BREDR) {
5064 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5065 &cp->addr.bdaddr,
5066 cp->addr.type);
5067 if (!br_params)
5068 goto done;
5069
5070 current_flags = br_params->flags;
5071 } else {
5072 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5073 le_addr_type(cp->addr.type));
5074 if (!params)
5075 goto done;
5076
5077 supported_flags = get_params_flags(hdev, params);
5078 current_flags = params->flags;
5079 }
5080
5081 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5082 rp.addr.type = cp->addr.type;
5083 rp.supported_flags = cpu_to_le32(supported_flags);
5084 rp.current_flags = cpu_to_le32(current_flags);
5085
5086 status = MGMT_STATUS_SUCCESS;
5087
5088 done:
5089 hci_dev_unlock(hdev);
5090
5091 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5092 &rp, sizeof(rp));
5093 }
5094
device_flags_changed(struct sock * sk,struct hci_dev * hdev,bdaddr_t * bdaddr,u8 bdaddr_type,u32 supported_flags,u32 current_flags)5095 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5096 bdaddr_t *bdaddr, u8 bdaddr_type,
5097 u32 supported_flags, u32 current_flags)
5098 {
5099 struct mgmt_ev_device_flags_changed ev;
5100
5101 bacpy(&ev.addr.bdaddr, bdaddr);
5102 ev.addr.type = bdaddr_type;
5103 ev.supported_flags = cpu_to_le32(supported_flags);
5104 ev.current_flags = cpu_to_le32(current_flags);
5105
5106 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5107 }
5108
set_device_flags(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5109 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5110 u16 len)
5111 {
5112 struct mgmt_cp_set_device_flags *cp = data;
5113 struct bdaddr_list_with_flags *br_params;
5114 struct hci_conn_params *params;
5115 u8 status = MGMT_STATUS_INVALID_PARAMS;
5116 u32 supported_flags;
5117 u32 current_flags = __le32_to_cpu(cp->current_flags);
5118
5119 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
5120 &cp->addr.bdaddr, cp->addr.type, current_flags);
5121
5122 // We should take hci_dev_lock() early, I think.. conn_flags can change
5123 supported_flags = hdev->conn_flags;
5124
5125 if ((supported_flags | current_flags) != supported_flags) {
5126 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5127 current_flags, supported_flags);
5128 goto done;
5129 }
5130
5131 hci_dev_lock(hdev);
5132
5133 if (cp->addr.type == BDADDR_BREDR) {
5134 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
5135 &cp->addr.bdaddr,
5136 cp->addr.type);
5137
5138 if (br_params) {
5139 br_params->flags = current_flags;
5140 status = MGMT_STATUS_SUCCESS;
5141 } else {
5142 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5143 &cp->addr.bdaddr, cp->addr.type);
5144 }
5145
5146 goto unlock;
5147 }
5148
5149 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5150 le_addr_type(cp->addr.type));
5151 if (!params) {
5152 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5153 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5154 goto unlock;
5155 }
5156
5157 supported_flags = get_params_flags(hdev, params);
5158
5159 if ((supported_flags | current_flags) != supported_flags) {
5160 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5161 current_flags, supported_flags);
5162 goto unlock;
5163 }
5164
5165 WRITE_ONCE(params->flags, current_flags);
5166 status = MGMT_STATUS_SUCCESS;
5167
5168 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5169 * has been set.
5170 */
5171 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5172 hci_update_passive_scan(hdev);
5173
5174 unlock:
5175 hci_dev_unlock(hdev);
5176
5177 done:
5178 if (status == MGMT_STATUS_SUCCESS)
5179 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5180 supported_flags, current_flags);
5181
5182 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5183 &cp->addr, sizeof(cp->addr));
5184 }
5185
mgmt_adv_monitor_added(struct sock * sk,struct hci_dev * hdev,u16 handle)5186 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5187 u16 handle)
5188 {
5189 struct mgmt_ev_adv_monitor_added ev;
5190
5191 ev.monitor_handle = cpu_to_le16(handle);
5192
5193 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5194 }
5195
mgmt_adv_monitor_removed(struct hci_dev * hdev,u16 handle)5196 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
5197 {
5198 struct mgmt_ev_adv_monitor_removed ev;
5199 struct mgmt_pending_cmd *cmd;
5200 struct sock *sk_skip = NULL;
5201 struct mgmt_cp_remove_adv_monitor *cp;
5202
5203 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5204 if (cmd) {
5205 cp = cmd->param;
5206
5207 if (cp->monitor_handle)
5208 sk_skip = cmd->sk;
5209 }
5210
5211 ev.monitor_handle = cpu_to_le16(handle);
5212
5213 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
5214 }
5215
read_adv_mon_features(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5216 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5217 void *data, u16 len)
5218 {
5219 struct adv_monitor *monitor = NULL;
5220 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
5221 int handle, err;
5222 size_t rp_size = 0;
5223 __u32 supported = 0;
5224 __u32 enabled = 0;
5225 __u16 num_handles = 0;
5226 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5227
5228 BT_DBG("request for %s", hdev->name);
5229
5230 hci_dev_lock(hdev);
5231
5232 if (msft_monitor_supported(hdev))
5233 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5234
5235 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
5236 handles[num_handles++] = monitor->handle;
5237
5238 hci_dev_unlock(hdev);
5239
5240 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5241 rp = kmalloc(rp_size, GFP_KERNEL);
5242 if (!rp)
5243 return -ENOMEM;
5244
5245 /* All supported features are currently enabled */
5246 enabled = supported;
5247
5248 rp->supported_features = cpu_to_le32(supported);
5249 rp->enabled_features = cpu_to_le32(enabled);
5250 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5251 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5252 rp->num_handles = cpu_to_le16(num_handles);
5253 if (num_handles)
5254 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5255
5256 err = mgmt_cmd_complete(sk, hdev->id,
5257 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5258 MGMT_STATUS_SUCCESS, rp, rp_size);
5259
5260 kfree(rp);
5261
5262 return err;
5263 }
5264
mgmt_add_adv_patterns_monitor_complete(struct hci_dev * hdev,void * data,int status)5265 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5266 void *data, int status)
5267 {
5268 struct mgmt_rp_add_adv_patterns_monitor rp;
5269 struct mgmt_pending_cmd *cmd = data;
5270 struct adv_monitor *monitor = cmd->user_data;
5271
5272 hci_dev_lock(hdev);
5273
5274 rp.monitor_handle = cpu_to_le16(monitor->handle);
5275
5276 if (!status) {
5277 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5278 hdev->adv_monitors_cnt++;
5279 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5280 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5281 hci_update_passive_scan(hdev);
5282 }
5283
5284 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5285 mgmt_status(status), &rp, sizeof(rp));
5286 mgmt_pending_remove(cmd);
5287
5288 hci_dev_unlock(hdev);
5289 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
5290 rp.monitor_handle, status);
5291 }
5292
mgmt_add_adv_patterns_monitor_sync(struct hci_dev * hdev,void * data)5293 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5294 {
5295 struct mgmt_pending_cmd *cmd = data;
5296 struct adv_monitor *monitor = cmd->user_data;
5297
5298 return hci_add_adv_monitor(hdev, monitor);
5299 }
5300
__add_adv_patterns_monitor(struct sock * sk,struct hci_dev * hdev,struct adv_monitor * m,u8 status,void * data,u16 len,u16 op)5301 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5302 struct adv_monitor *m, u8 status,
5303 void *data, u16 len, u16 op)
5304 {
5305 struct mgmt_pending_cmd *cmd;
5306 int err;
5307
5308 hci_dev_lock(hdev);
5309
5310 if (status)
5311 goto unlock;
5312
5313 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5314 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5315 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5316 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5317 status = MGMT_STATUS_BUSY;
5318 goto unlock;
5319 }
5320
5321 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5322 if (!cmd) {
5323 status = MGMT_STATUS_NO_RESOURCES;
5324 goto unlock;
5325 }
5326
5327 cmd->user_data = m;
5328 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5329 mgmt_add_adv_patterns_monitor_complete);
5330 if (err) {
5331 if (err == -ENOMEM)
5332 status = MGMT_STATUS_NO_RESOURCES;
5333 else
5334 status = MGMT_STATUS_FAILED;
5335
5336 goto unlock;
5337 }
5338
5339 hci_dev_unlock(hdev);
5340
5341 return 0;
5342
5343 unlock:
5344 hci_free_adv_monitor(hdev, m);
5345 hci_dev_unlock(hdev);
5346 return mgmt_cmd_status(sk, hdev->id, op, status);
5347 }
5348
parse_adv_monitor_rssi(struct adv_monitor * m,struct mgmt_adv_rssi_thresholds * rssi)5349 static void parse_adv_monitor_rssi(struct adv_monitor *m,
5350 struct mgmt_adv_rssi_thresholds *rssi)
5351 {
5352 if (rssi) {
5353 m->rssi.low_threshold = rssi->low_threshold;
5354 m->rssi.low_threshold_timeout =
5355 __le16_to_cpu(rssi->low_threshold_timeout);
5356 m->rssi.high_threshold = rssi->high_threshold;
5357 m->rssi.high_threshold_timeout =
5358 __le16_to_cpu(rssi->high_threshold_timeout);
5359 m->rssi.sampling_period = rssi->sampling_period;
5360 } else {
5361 /* Default values. These numbers are the least constricting
5362 * parameters for MSFT API to work, so it behaves as if there
5363 * are no rssi parameter to consider. May need to be changed
5364 * if other API are to be supported.
5365 */
5366 m->rssi.low_threshold = -127;
5367 m->rssi.low_threshold_timeout = 60;
5368 m->rssi.high_threshold = -127;
5369 m->rssi.high_threshold_timeout = 0;
5370 m->rssi.sampling_period = 0;
5371 }
5372 }
5373
parse_adv_monitor_pattern(struct adv_monitor * m,u8 pattern_count,struct mgmt_adv_pattern * patterns)5374 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5375 struct mgmt_adv_pattern *patterns)
5376 {
5377 u8 offset = 0, length = 0;
5378 struct adv_pattern *p = NULL;
5379 int i;
5380
5381 for (i = 0; i < pattern_count; i++) {
5382 offset = patterns[i].offset;
5383 length = patterns[i].length;
5384 if (offset >= HCI_MAX_EXT_AD_LENGTH ||
5385 length > HCI_MAX_EXT_AD_LENGTH ||
5386 (offset + length) > HCI_MAX_EXT_AD_LENGTH)
5387 return MGMT_STATUS_INVALID_PARAMS;
5388
5389 p = kmalloc(sizeof(*p), GFP_KERNEL);
5390 if (!p)
5391 return MGMT_STATUS_NO_RESOURCES;
5392
5393 p->ad_type = patterns[i].ad_type;
5394 p->offset = patterns[i].offset;
5395 p->length = patterns[i].length;
5396 memcpy(p->value, patterns[i].value, p->length);
5397
5398 INIT_LIST_HEAD(&p->list);
5399 list_add(&p->list, &m->patterns);
5400 }
5401
5402 return MGMT_STATUS_SUCCESS;
5403 }
5404
add_adv_patterns_monitor(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5405 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5406 void *data, u16 len)
5407 {
5408 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5409 struct adv_monitor *m = NULL;
5410 u8 status = MGMT_STATUS_SUCCESS;
5411 size_t expected_size = sizeof(*cp);
5412
5413 BT_DBG("request for %s", hdev->name);
5414
5415 if (len <= sizeof(*cp)) {
5416 status = MGMT_STATUS_INVALID_PARAMS;
5417 goto done;
5418 }
5419
5420 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5421 if (len != expected_size) {
5422 status = MGMT_STATUS_INVALID_PARAMS;
5423 goto done;
5424 }
5425
5426 m = kzalloc(sizeof(*m), GFP_KERNEL);
5427 if (!m) {
5428 status = MGMT_STATUS_NO_RESOURCES;
5429 goto done;
5430 }
5431
5432 INIT_LIST_HEAD(&m->patterns);
5433
5434 parse_adv_monitor_rssi(m, NULL);
5435 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5436
5437 done:
5438 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5439 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5440 }
5441
add_adv_patterns_monitor_rssi(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5442 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5443 void *data, u16 len)
5444 {
5445 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5446 struct adv_monitor *m = NULL;
5447 u8 status = MGMT_STATUS_SUCCESS;
5448 size_t expected_size = sizeof(*cp);
5449
5450 BT_DBG("request for %s", hdev->name);
5451
5452 if (len <= sizeof(*cp)) {
5453 status = MGMT_STATUS_INVALID_PARAMS;
5454 goto done;
5455 }
5456
5457 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5458 if (len != expected_size) {
5459 status = MGMT_STATUS_INVALID_PARAMS;
5460 goto done;
5461 }
5462
5463 m = kzalloc(sizeof(*m), GFP_KERNEL);
5464 if (!m) {
5465 status = MGMT_STATUS_NO_RESOURCES;
5466 goto done;
5467 }
5468
5469 INIT_LIST_HEAD(&m->patterns);
5470
5471 parse_adv_monitor_rssi(m, &cp->rssi);
5472 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5473
5474 done:
5475 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
5476 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5477 }
5478
mgmt_remove_adv_monitor_complete(struct hci_dev * hdev,void * data,int status)5479 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5480 void *data, int status)
5481 {
5482 struct mgmt_rp_remove_adv_monitor rp;
5483 struct mgmt_pending_cmd *cmd = data;
5484 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5485
5486 hci_dev_lock(hdev);
5487
5488 rp.monitor_handle = cp->monitor_handle;
5489
5490 if (!status)
5491 hci_update_passive_scan(hdev);
5492
5493 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5494 mgmt_status(status), &rp, sizeof(rp));
5495 mgmt_pending_remove(cmd);
5496
5497 hci_dev_unlock(hdev);
5498 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5499 rp.monitor_handle, status);
5500 }
5501
mgmt_remove_adv_monitor_sync(struct hci_dev * hdev,void * data)5502 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5503 {
5504 struct mgmt_pending_cmd *cmd = data;
5505 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5506 u16 handle = __le16_to_cpu(cp->monitor_handle);
5507
5508 if (!handle)
5509 return hci_remove_all_adv_monitor(hdev);
5510
5511 return hci_remove_single_adv_monitor(hdev, handle);
5512 }
5513
remove_adv_monitor(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5514 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5515 void *data, u16 len)
5516 {
5517 struct mgmt_pending_cmd *cmd;
5518 int err, status;
5519
5520 hci_dev_lock(hdev);
5521
5522 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5523 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5524 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5525 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5526 status = MGMT_STATUS_BUSY;
5527 goto unlock;
5528 }
5529
5530 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5531 if (!cmd) {
5532 status = MGMT_STATUS_NO_RESOURCES;
5533 goto unlock;
5534 }
5535
5536 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5537 mgmt_remove_adv_monitor_complete);
5538
5539 if (err) {
5540 mgmt_pending_remove(cmd);
5541
5542 if (err == -ENOMEM)
5543 status = MGMT_STATUS_NO_RESOURCES;
5544 else
5545 status = MGMT_STATUS_FAILED;
5546
5547 goto unlock;
5548 }
5549
5550 hci_dev_unlock(hdev);
5551
5552 return 0;
5553
5554 unlock:
5555 hci_dev_unlock(hdev);
5556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5557 status);
5558 }
5559
read_local_oob_data_complete(struct hci_dev * hdev,void * data,int err)5560 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5561 {
5562 struct mgmt_rp_read_local_oob_data mgmt_rp;
5563 size_t rp_size = sizeof(mgmt_rp);
5564 struct mgmt_pending_cmd *cmd = data;
5565 struct sk_buff *skb = cmd->skb;
5566 u8 status = mgmt_status(err);
5567
5568 if (!status) {
5569 if (!skb)
5570 status = MGMT_STATUS_FAILED;
5571 else if (IS_ERR(skb))
5572 status = mgmt_status(PTR_ERR(skb));
5573 else
5574 status = mgmt_status(skb->data[0]);
5575 }
5576
5577 bt_dev_dbg(hdev, "status %d", status);
5578
5579 if (status) {
5580 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5581 goto remove;
5582 }
5583
5584 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5585
5586 if (!bredr_sc_enabled(hdev)) {
5587 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5588
5589 if (skb->len < sizeof(*rp)) {
5590 mgmt_cmd_status(cmd->sk, hdev->id,
5591 MGMT_OP_READ_LOCAL_OOB_DATA,
5592 MGMT_STATUS_FAILED);
5593 goto remove;
5594 }
5595
5596 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5597 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5598
5599 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5600 } else {
5601 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5602
5603 if (skb->len < sizeof(*rp)) {
5604 mgmt_cmd_status(cmd->sk, hdev->id,
5605 MGMT_OP_READ_LOCAL_OOB_DATA,
5606 MGMT_STATUS_FAILED);
5607 goto remove;
5608 }
5609
5610 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5611 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5612
5613 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5614 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5615 }
5616
5617 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5618 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5619
5620 remove:
5621 if (skb && !IS_ERR(skb))
5622 kfree_skb(skb);
5623
5624 mgmt_pending_free(cmd);
5625 }
5626
read_local_oob_data_sync(struct hci_dev * hdev,void * data)5627 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5628 {
5629 struct mgmt_pending_cmd *cmd = data;
5630
5631 if (bredr_sc_enabled(hdev))
5632 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5633 else
5634 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5635
5636 if (IS_ERR(cmd->skb))
5637 return PTR_ERR(cmd->skb);
5638 else
5639 return 0;
5640 }
5641
read_local_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)5642 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5643 void *data, u16 data_len)
5644 {
5645 struct mgmt_pending_cmd *cmd;
5646 int err;
5647
5648 bt_dev_dbg(hdev, "sock %p", sk);
5649
5650 hci_dev_lock(hdev);
5651
5652 if (!hdev_is_powered(hdev)) {
5653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5654 MGMT_STATUS_NOT_POWERED);
5655 goto unlock;
5656 }
5657
5658 if (!lmp_ssp_capable(hdev)) {
5659 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5660 MGMT_STATUS_NOT_SUPPORTED);
5661 goto unlock;
5662 }
5663
5664 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5665 if (!cmd)
5666 err = -ENOMEM;
5667 else
5668 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5669 read_local_oob_data_complete);
5670
5671 if (err < 0) {
5672 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5673 MGMT_STATUS_FAILED);
5674
5675 if (cmd)
5676 mgmt_pending_free(cmd);
5677 }
5678
5679 unlock:
5680 hci_dev_unlock(hdev);
5681 return err;
5682 }
5683
add_remote_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5684 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5685 void *data, u16 len)
5686 {
5687 struct mgmt_addr_info *addr = data;
5688 int err;
5689
5690 bt_dev_dbg(hdev, "sock %p", sk);
5691
5692 if (!bdaddr_type_is_valid(addr->type))
5693 return mgmt_cmd_complete(sk, hdev->id,
5694 MGMT_OP_ADD_REMOTE_OOB_DATA,
5695 MGMT_STATUS_INVALID_PARAMS,
5696 addr, sizeof(*addr));
5697
5698 hci_dev_lock(hdev);
5699
5700 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5701 struct mgmt_cp_add_remote_oob_data *cp = data;
5702 u8 status;
5703
5704 if (cp->addr.type != BDADDR_BREDR) {
5705 err = mgmt_cmd_complete(sk, hdev->id,
5706 MGMT_OP_ADD_REMOTE_OOB_DATA,
5707 MGMT_STATUS_INVALID_PARAMS,
5708 &cp->addr, sizeof(cp->addr));
5709 goto unlock;
5710 }
5711
5712 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5713 cp->addr.type, cp->hash,
5714 cp->rand, NULL, NULL);
5715 if (err < 0)
5716 status = MGMT_STATUS_FAILED;
5717 else
5718 status = MGMT_STATUS_SUCCESS;
5719
5720 err = mgmt_cmd_complete(sk, hdev->id,
5721 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5722 &cp->addr, sizeof(cp->addr));
5723 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5724 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5725 u8 *rand192, *hash192, *rand256, *hash256;
5726 u8 status;
5727
5728 if (bdaddr_type_is_le(cp->addr.type)) {
5729 /* Enforce zero-valued 192-bit parameters as
5730 * long as legacy SMP OOB isn't implemented.
5731 */
5732 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5733 memcmp(cp->hash192, ZERO_KEY, 16)) {
5734 err = mgmt_cmd_complete(sk, hdev->id,
5735 MGMT_OP_ADD_REMOTE_OOB_DATA,
5736 MGMT_STATUS_INVALID_PARAMS,
5737 addr, sizeof(*addr));
5738 goto unlock;
5739 }
5740
5741 rand192 = NULL;
5742 hash192 = NULL;
5743 } else {
5744 /* In case one of the P-192 values is set to zero,
5745 * then just disable OOB data for P-192.
5746 */
5747 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5748 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5749 rand192 = NULL;
5750 hash192 = NULL;
5751 } else {
5752 rand192 = cp->rand192;
5753 hash192 = cp->hash192;
5754 }
5755 }
5756
5757 /* In case one of the P-256 values is set to zero, then just
5758 * disable OOB data for P-256.
5759 */
5760 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5761 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5762 rand256 = NULL;
5763 hash256 = NULL;
5764 } else {
5765 rand256 = cp->rand256;
5766 hash256 = cp->hash256;
5767 }
5768
5769 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5770 cp->addr.type, hash192, rand192,
5771 hash256, rand256);
5772 if (err < 0)
5773 status = MGMT_STATUS_FAILED;
5774 else
5775 status = MGMT_STATUS_SUCCESS;
5776
5777 err = mgmt_cmd_complete(sk, hdev->id,
5778 MGMT_OP_ADD_REMOTE_OOB_DATA,
5779 status, &cp->addr, sizeof(cp->addr));
5780 } else {
5781 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5782 len);
5783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5784 MGMT_STATUS_INVALID_PARAMS);
5785 }
5786
5787 unlock:
5788 hci_dev_unlock(hdev);
5789 return err;
5790 }
5791
remove_remote_oob_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5792 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5793 void *data, u16 len)
5794 {
5795 struct mgmt_cp_remove_remote_oob_data *cp = data;
5796 u8 status;
5797 int err;
5798
5799 bt_dev_dbg(hdev, "sock %p", sk);
5800
5801 if (cp->addr.type != BDADDR_BREDR)
5802 return mgmt_cmd_complete(sk, hdev->id,
5803 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5804 MGMT_STATUS_INVALID_PARAMS,
5805 &cp->addr, sizeof(cp->addr));
5806
5807 hci_dev_lock(hdev);
5808
5809 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5810 hci_remote_oob_data_clear(hdev);
5811 status = MGMT_STATUS_SUCCESS;
5812 goto done;
5813 }
5814
5815 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5816 if (err < 0)
5817 status = MGMT_STATUS_INVALID_PARAMS;
5818 else
5819 status = MGMT_STATUS_SUCCESS;
5820
5821 done:
5822 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5823 status, &cp->addr, sizeof(cp->addr));
5824
5825 hci_dev_unlock(hdev);
5826 return err;
5827 }
5828
mgmt_start_discovery_complete(struct hci_dev * hdev,u8 status)5829 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5830 {
5831 struct mgmt_pending_cmd *cmd;
5832
5833 bt_dev_dbg(hdev, "status %u", status);
5834
5835 hci_dev_lock(hdev);
5836
5837 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5838 if (!cmd)
5839 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5840
5841 if (!cmd)
5842 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5843
5844 if (cmd) {
5845 cmd->cmd_complete(cmd, mgmt_status(status));
5846 mgmt_pending_remove(cmd);
5847 }
5848
5849 hci_dev_unlock(hdev);
5850 }
5851
discovery_type_is_valid(struct hci_dev * hdev,uint8_t type,uint8_t * mgmt_status)5852 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5853 uint8_t *mgmt_status)
5854 {
5855 switch (type) {
5856 case DISCOV_TYPE_LE:
5857 *mgmt_status = mgmt_le_support(hdev);
5858 if (*mgmt_status)
5859 return false;
5860 break;
5861 case DISCOV_TYPE_INTERLEAVED:
5862 *mgmt_status = mgmt_le_support(hdev);
5863 if (*mgmt_status)
5864 return false;
5865 fallthrough;
5866 case DISCOV_TYPE_BREDR:
5867 *mgmt_status = mgmt_bredr_support(hdev);
5868 if (*mgmt_status)
5869 return false;
5870 break;
5871 default:
5872 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5873 return false;
5874 }
5875
5876 return true;
5877 }
5878
start_discovery_complete(struct hci_dev * hdev,void * data,int err)5879 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5880 {
5881 struct mgmt_pending_cmd *cmd = data;
5882
5883 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5884 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5885 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5886 return;
5887
5888 bt_dev_dbg(hdev, "err %d", err);
5889
5890 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5891 cmd->param, 1);
5892 mgmt_pending_remove(cmd);
5893
5894 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5895 DISCOVERY_FINDING);
5896 }
5897
start_discovery_sync(struct hci_dev * hdev,void * data)5898 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5899 {
5900 return hci_start_discovery_sync(hdev);
5901 }
5902
start_discovery_internal(struct sock * sk,struct hci_dev * hdev,u16 op,void * data,u16 len)5903 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5904 u16 op, void *data, u16 len)
5905 {
5906 struct mgmt_cp_start_discovery *cp = data;
5907 struct mgmt_pending_cmd *cmd;
5908 u8 status;
5909 int err;
5910
5911 bt_dev_dbg(hdev, "sock %p", sk);
5912
5913 hci_dev_lock(hdev);
5914
5915 if (!hdev_is_powered(hdev)) {
5916 err = mgmt_cmd_complete(sk, hdev->id, op,
5917 MGMT_STATUS_NOT_POWERED,
5918 &cp->type, sizeof(cp->type));
5919 goto failed;
5920 }
5921
5922 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5923 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5924 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5925 &cp->type, sizeof(cp->type));
5926 goto failed;
5927 }
5928
5929 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5930 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5931 &cp->type, sizeof(cp->type));
5932 goto failed;
5933 }
5934
5935 /* Can't start discovery when it is paused */
5936 if (hdev->discovery_paused) {
5937 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5938 &cp->type, sizeof(cp->type));
5939 goto failed;
5940 }
5941
5942 /* Clear the discovery filter first to free any previously
5943 * allocated memory for the UUID list.
5944 */
5945 hci_discovery_filter_clear(hdev);
5946
5947 hdev->discovery.type = cp->type;
5948 hdev->discovery.report_invalid_rssi = false;
5949 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5950 hdev->discovery.limited = true;
5951 else
5952 hdev->discovery.limited = false;
5953
5954 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5955 if (!cmd) {
5956 err = -ENOMEM;
5957 goto failed;
5958 }
5959
5960 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5961 start_discovery_complete);
5962 if (err < 0) {
5963 mgmt_pending_remove(cmd);
5964 goto failed;
5965 }
5966
5967 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5968
5969 failed:
5970 hci_dev_unlock(hdev);
5971 return err;
5972 }
5973
start_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5974 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5975 void *data, u16 len)
5976 {
5977 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5978 data, len);
5979 }
5980
start_limited_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5981 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5982 void *data, u16 len)
5983 {
5984 return start_discovery_internal(sk, hdev,
5985 MGMT_OP_START_LIMITED_DISCOVERY,
5986 data, len);
5987 }
5988
start_service_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)5989 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5990 void *data, u16 len)
5991 {
5992 struct mgmt_cp_start_service_discovery *cp = data;
5993 struct mgmt_pending_cmd *cmd;
5994 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5995 u16 uuid_count, expected_len;
5996 u8 status;
5997 int err;
5998
5999 bt_dev_dbg(hdev, "sock %p", sk);
6000
6001 hci_dev_lock(hdev);
6002
6003 if (!hdev_is_powered(hdev)) {
6004 err = mgmt_cmd_complete(sk, hdev->id,
6005 MGMT_OP_START_SERVICE_DISCOVERY,
6006 MGMT_STATUS_NOT_POWERED,
6007 &cp->type, sizeof(cp->type));
6008 goto failed;
6009 }
6010
6011 if (hdev->discovery.state != DISCOVERY_STOPPED ||
6012 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
6013 err = mgmt_cmd_complete(sk, hdev->id,
6014 MGMT_OP_START_SERVICE_DISCOVERY,
6015 MGMT_STATUS_BUSY, &cp->type,
6016 sizeof(cp->type));
6017 goto failed;
6018 }
6019
6020 if (hdev->discovery_paused) {
6021 err = mgmt_cmd_complete(sk, hdev->id,
6022 MGMT_OP_START_SERVICE_DISCOVERY,
6023 MGMT_STATUS_BUSY, &cp->type,
6024 sizeof(cp->type));
6025 goto failed;
6026 }
6027
6028 uuid_count = __le16_to_cpu(cp->uuid_count);
6029 if (uuid_count > max_uuid_count) {
6030 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6031 uuid_count);
6032 err = mgmt_cmd_complete(sk, hdev->id,
6033 MGMT_OP_START_SERVICE_DISCOVERY,
6034 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6035 sizeof(cp->type));
6036 goto failed;
6037 }
6038
6039 expected_len = sizeof(*cp) + uuid_count * 16;
6040 if (expected_len != len) {
6041 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6042 expected_len, len);
6043 err = mgmt_cmd_complete(sk, hdev->id,
6044 MGMT_OP_START_SERVICE_DISCOVERY,
6045 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6046 sizeof(cp->type));
6047 goto failed;
6048 }
6049
6050 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6051 err = mgmt_cmd_complete(sk, hdev->id,
6052 MGMT_OP_START_SERVICE_DISCOVERY,
6053 status, &cp->type, sizeof(cp->type));
6054 goto failed;
6055 }
6056
6057 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
6058 hdev, data, len);
6059 if (!cmd) {
6060 err = -ENOMEM;
6061 goto failed;
6062 }
6063
6064 /* Clear the discovery filter first to free any previously
6065 * allocated memory for the UUID list.
6066 */
6067 hci_discovery_filter_clear(hdev);
6068
6069 hdev->discovery.result_filtering = true;
6070 hdev->discovery.type = cp->type;
6071 hdev->discovery.rssi = cp->rssi;
6072 hdev->discovery.uuid_count = uuid_count;
6073
6074 if (uuid_count > 0) {
6075 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6076 GFP_KERNEL);
6077 if (!hdev->discovery.uuids) {
6078 err = mgmt_cmd_complete(sk, hdev->id,
6079 MGMT_OP_START_SERVICE_DISCOVERY,
6080 MGMT_STATUS_FAILED,
6081 &cp->type, sizeof(cp->type));
6082 mgmt_pending_remove(cmd);
6083 goto failed;
6084 }
6085 }
6086
6087 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6088 start_discovery_complete);
6089 if (err < 0) {
6090 mgmt_pending_remove(cmd);
6091 goto failed;
6092 }
6093
6094 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
6095
6096 failed:
6097 hci_dev_unlock(hdev);
6098 return err;
6099 }
6100
mgmt_stop_discovery_complete(struct hci_dev * hdev,u8 status)6101 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
6102 {
6103 struct mgmt_pending_cmd *cmd;
6104
6105 bt_dev_dbg(hdev, "status %u", status);
6106
6107 hci_dev_lock(hdev);
6108
6109 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6110 if (cmd) {
6111 cmd->cmd_complete(cmd, mgmt_status(status));
6112 mgmt_pending_remove(cmd);
6113 }
6114
6115 hci_dev_unlock(hdev);
6116 }
6117
stop_discovery_complete(struct hci_dev * hdev,void * data,int err)6118 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6119 {
6120 struct mgmt_pending_cmd *cmd = data;
6121
6122 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6123 return;
6124
6125 bt_dev_dbg(hdev, "err %d", err);
6126
6127 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6128 cmd->param, 1);
6129 mgmt_pending_remove(cmd);
6130
6131 if (!err)
6132 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6133 }
6134
stop_discovery_sync(struct hci_dev * hdev,void * data)6135 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6136 {
6137 return hci_stop_discovery_sync(hdev);
6138 }
6139
stop_discovery(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6140 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
6141 u16 len)
6142 {
6143 struct mgmt_cp_stop_discovery *mgmt_cp = data;
6144 struct mgmt_pending_cmd *cmd;
6145 int err;
6146
6147 bt_dev_dbg(hdev, "sock %p", sk);
6148
6149 hci_dev_lock(hdev);
6150
6151 if (!hci_discovery_active(hdev)) {
6152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6153 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6154 sizeof(mgmt_cp->type));
6155 goto unlock;
6156 }
6157
6158 if (hdev->discovery.type != mgmt_cp->type) {
6159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6160 MGMT_STATUS_INVALID_PARAMS,
6161 &mgmt_cp->type, sizeof(mgmt_cp->type));
6162 goto unlock;
6163 }
6164
6165 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
6166 if (!cmd) {
6167 err = -ENOMEM;
6168 goto unlock;
6169 }
6170
6171 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6172 stop_discovery_complete);
6173 if (err < 0) {
6174 mgmt_pending_remove(cmd);
6175 goto unlock;
6176 }
6177
6178 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
6179
6180 unlock:
6181 hci_dev_unlock(hdev);
6182 return err;
6183 }
6184
confirm_name(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6185 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
6186 u16 len)
6187 {
6188 struct mgmt_cp_confirm_name *cp = data;
6189 struct inquiry_entry *e;
6190 int err;
6191
6192 bt_dev_dbg(hdev, "sock %p", sk);
6193
6194 hci_dev_lock(hdev);
6195
6196 if (!hci_discovery_active(hdev)) {
6197 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6198 MGMT_STATUS_FAILED, &cp->addr,
6199 sizeof(cp->addr));
6200 goto failed;
6201 }
6202
6203 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
6204 if (!e) {
6205 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6206 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6207 sizeof(cp->addr));
6208 goto failed;
6209 }
6210
6211 if (cp->name_known) {
6212 e->name_state = NAME_KNOWN;
6213 list_del(&e->list);
6214 } else {
6215 e->name_state = NAME_NEEDED;
6216 hci_inquiry_cache_update_resolve(hdev, e);
6217 }
6218
6219 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6220 &cp->addr, sizeof(cp->addr));
6221
6222 failed:
6223 hci_dev_unlock(hdev);
6224 return err;
6225 }
6226
block_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6227 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
6228 u16 len)
6229 {
6230 struct mgmt_cp_block_device *cp = data;
6231 u8 status;
6232 int err;
6233
6234 bt_dev_dbg(hdev, "sock %p", sk);
6235
6236 if (!bdaddr_type_is_valid(cp->addr.type))
6237 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6238 MGMT_STATUS_INVALID_PARAMS,
6239 &cp->addr, sizeof(cp->addr));
6240
6241 hci_dev_lock(hdev);
6242
6243 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
6244 cp->addr.type);
6245 if (err < 0) {
6246 status = MGMT_STATUS_FAILED;
6247 goto done;
6248 }
6249
6250 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6251 sk);
6252 status = MGMT_STATUS_SUCCESS;
6253
6254 done:
6255 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6256 &cp->addr, sizeof(cp->addr));
6257
6258 hci_dev_unlock(hdev);
6259
6260 return err;
6261 }
6262
unblock_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6263 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
6264 u16 len)
6265 {
6266 struct mgmt_cp_unblock_device *cp = data;
6267 u8 status;
6268 int err;
6269
6270 bt_dev_dbg(hdev, "sock %p", sk);
6271
6272 if (!bdaddr_type_is_valid(cp->addr.type))
6273 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6274 MGMT_STATUS_INVALID_PARAMS,
6275 &cp->addr, sizeof(cp->addr));
6276
6277 hci_dev_lock(hdev);
6278
6279 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
6280 cp->addr.type);
6281 if (err < 0) {
6282 status = MGMT_STATUS_INVALID_PARAMS;
6283 goto done;
6284 }
6285
6286 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6287 sk);
6288 status = MGMT_STATUS_SUCCESS;
6289
6290 done:
6291 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6292 &cp->addr, sizeof(cp->addr));
6293
6294 hci_dev_unlock(hdev);
6295
6296 return err;
6297 }
6298
set_device_id_sync(struct hci_dev * hdev,void * data)6299 static int set_device_id_sync(struct hci_dev *hdev, void *data)
6300 {
6301 return hci_update_eir_sync(hdev);
6302 }
6303
set_device_id(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6304 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6305 u16 len)
6306 {
6307 struct mgmt_cp_set_device_id *cp = data;
6308 int err;
6309 __u16 source;
6310
6311 bt_dev_dbg(hdev, "sock %p", sk);
6312
6313 source = __le16_to_cpu(cp->source);
6314
6315 if (source > 0x0002)
6316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6317 MGMT_STATUS_INVALID_PARAMS);
6318
6319 hci_dev_lock(hdev);
6320
6321 hdev->devid_source = source;
6322 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6323 hdev->devid_product = __le16_to_cpu(cp->product);
6324 hdev->devid_version = __le16_to_cpu(cp->version);
6325
6326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6327 NULL, 0);
6328
6329 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
6330
6331 hci_dev_unlock(hdev);
6332
6333 return err;
6334 }
6335
enable_advertising_instance(struct hci_dev * hdev,int err)6336 static void enable_advertising_instance(struct hci_dev *hdev, int err)
6337 {
6338 if (err)
6339 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6340 else
6341 bt_dev_dbg(hdev, "status %d", err);
6342 }
6343
set_advertising_complete(struct hci_dev * hdev,void * data,int err)6344 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
6345 {
6346 struct cmd_lookup match = { NULL, hdev };
6347 u8 instance;
6348 struct adv_info *adv_instance;
6349 u8 status = mgmt_status(err);
6350
6351 if (status) {
6352 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
6353 cmd_status_rsp, &status);
6354 return;
6355 }
6356
6357 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
6358 hci_dev_set_flag(hdev, HCI_ADVERTISING);
6359 else
6360 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
6361
6362 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6363 &match);
6364
6365 new_settings(hdev, match.sk);
6366
6367 if (match.sk)
6368 sock_put(match.sk);
6369
6370 /* If "Set Advertising" was just disabled and instance advertising was
6371 * set up earlier, then re-enable multi-instance advertising.
6372 */
6373 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6374 list_empty(&hdev->adv_instances))
6375 return;
6376
6377 instance = hdev->cur_adv_instance;
6378 if (!instance) {
6379 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6380 struct adv_info, list);
6381 if (!adv_instance)
6382 return;
6383
6384 instance = adv_instance->instance;
6385 }
6386
6387 err = hci_schedule_adv_instance_sync(hdev, instance, true);
6388
6389 enable_advertising_instance(hdev, err);
6390 }
6391
set_adv_sync(struct hci_dev * hdev,void * data)6392 static int set_adv_sync(struct hci_dev *hdev, void *data)
6393 {
6394 struct mgmt_pending_cmd *cmd = data;
6395 struct mgmt_mode *cp = cmd->param;
6396 u8 val = !!cp->val;
6397
6398 if (cp->val == 0x02)
6399 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6400 else
6401 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6402
6403 cancel_adv_timeout(hdev);
6404
6405 if (val) {
6406 /* Switch to instance "0" for the Set Advertising setting.
6407 * We cannot use update_[adv|scan_rsp]_data() here as the
6408 * HCI_ADVERTISING flag is not yet set.
6409 */
6410 hdev->cur_adv_instance = 0x00;
6411
6412 if (ext_adv_capable(hdev)) {
6413 hci_start_ext_adv_sync(hdev, 0x00);
6414 } else {
6415 hci_update_adv_data_sync(hdev, 0x00);
6416 hci_update_scan_rsp_data_sync(hdev, 0x00);
6417 hci_enable_advertising_sync(hdev);
6418 }
6419 } else {
6420 hci_disable_advertising_sync(hdev);
6421 }
6422
6423 return 0;
6424 }
6425
set_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6426 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6427 u16 len)
6428 {
6429 struct mgmt_mode *cp = data;
6430 struct mgmt_pending_cmd *cmd;
6431 u8 val, status;
6432 int err;
6433
6434 bt_dev_dbg(hdev, "sock %p", sk);
6435
6436 status = mgmt_le_support(hdev);
6437 if (status)
6438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6439 status);
6440
6441 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6443 MGMT_STATUS_INVALID_PARAMS);
6444
6445 if (hdev->advertising_paused)
6446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6447 MGMT_STATUS_BUSY);
6448
6449 hci_dev_lock(hdev);
6450
6451 val = !!cp->val;
6452
6453 /* The following conditions are ones which mean that we should
6454 * not do any HCI communication but directly send a mgmt
6455 * response to user space (after toggling the flag if
6456 * necessary).
6457 */
6458 if (!hdev_is_powered(hdev) ||
6459 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6460 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
6461 hci_dev_test_flag(hdev, HCI_MESH) ||
6462 hci_conn_num(hdev, LE_LINK) > 0 ||
6463 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6464 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
6465 bool changed;
6466
6467 if (cp->val) {
6468 hdev->cur_adv_instance = 0x00;
6469 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
6470 if (cp->val == 0x02)
6471 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6472 else
6473 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6474 } else {
6475 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
6476 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6477 }
6478
6479 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6480 if (err < 0)
6481 goto unlock;
6482
6483 if (changed)
6484 err = new_settings(hdev, sk);
6485
6486 goto unlock;
6487 }
6488
6489 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6490 pending_find(MGMT_OP_SET_LE, hdev)) {
6491 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6492 MGMT_STATUS_BUSY);
6493 goto unlock;
6494 }
6495
6496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6497 if (!cmd)
6498 err = -ENOMEM;
6499 else
6500 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6501 set_advertising_complete);
6502
6503 if (err < 0 && cmd)
6504 mgmt_pending_remove(cmd);
6505
6506 unlock:
6507 hci_dev_unlock(hdev);
6508 return err;
6509 }
6510
set_static_address(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6511 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6512 void *data, u16 len)
6513 {
6514 struct mgmt_cp_set_static_address *cp = data;
6515 int err;
6516
6517 bt_dev_dbg(hdev, "sock %p", sk);
6518
6519 if (!lmp_le_capable(hdev))
6520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6521 MGMT_STATUS_NOT_SUPPORTED);
6522
6523 if (hdev_is_powered(hdev))
6524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6525 MGMT_STATUS_REJECTED);
6526
6527 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6528 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6529 return mgmt_cmd_status(sk, hdev->id,
6530 MGMT_OP_SET_STATIC_ADDRESS,
6531 MGMT_STATUS_INVALID_PARAMS);
6532
6533 /* Two most significant bits shall be set */
6534 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6535 return mgmt_cmd_status(sk, hdev->id,
6536 MGMT_OP_SET_STATIC_ADDRESS,
6537 MGMT_STATUS_INVALID_PARAMS);
6538 }
6539
6540 hci_dev_lock(hdev);
6541
6542 bacpy(&hdev->static_addr, &cp->bdaddr);
6543
6544 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6545 if (err < 0)
6546 goto unlock;
6547
6548 err = new_settings(hdev, sk);
6549
6550 unlock:
6551 hci_dev_unlock(hdev);
6552 return err;
6553 }
6554
set_scan_params(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6555 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6556 void *data, u16 len)
6557 {
6558 struct mgmt_cp_set_scan_params *cp = data;
6559 __u16 interval, window;
6560 int err;
6561
6562 bt_dev_dbg(hdev, "sock %p", sk);
6563
6564 if (!lmp_le_capable(hdev))
6565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6566 MGMT_STATUS_NOT_SUPPORTED);
6567
6568 interval = __le16_to_cpu(cp->interval);
6569
6570 if (interval < 0x0004 || interval > 0x4000)
6571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6572 MGMT_STATUS_INVALID_PARAMS);
6573
6574 window = __le16_to_cpu(cp->window);
6575
6576 if (window < 0x0004 || window > 0x4000)
6577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6578 MGMT_STATUS_INVALID_PARAMS);
6579
6580 if (window > interval)
6581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6582 MGMT_STATUS_INVALID_PARAMS);
6583
6584 hci_dev_lock(hdev);
6585
6586 hdev->le_scan_interval = interval;
6587 hdev->le_scan_window = window;
6588
6589 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6590 NULL, 0);
6591
6592 /* If background scan is running, restart it so new parameters are
6593 * loaded.
6594 */
6595 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6596 hdev->discovery.state == DISCOVERY_STOPPED)
6597 hci_update_passive_scan(hdev);
6598
6599 hci_dev_unlock(hdev);
6600
6601 return err;
6602 }
6603
fast_connectable_complete(struct hci_dev * hdev,void * data,int err)6604 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6605 {
6606 struct mgmt_pending_cmd *cmd = data;
6607
6608 bt_dev_dbg(hdev, "err %d", err);
6609
6610 if (err) {
6611 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6612 mgmt_status(err));
6613 } else {
6614 struct mgmt_mode *cp = cmd->param;
6615
6616 if (cp->val)
6617 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6618 else
6619 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6620
6621 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6622 new_settings(hdev, cmd->sk);
6623 }
6624
6625 mgmt_pending_free(cmd);
6626 }
6627
write_fast_connectable_sync(struct hci_dev * hdev,void * data)6628 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6629 {
6630 struct mgmt_pending_cmd *cmd = data;
6631 struct mgmt_mode *cp = cmd->param;
6632
6633 return hci_write_fast_connectable_sync(hdev, cp->val);
6634 }
6635
set_fast_connectable(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6636 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6637 void *data, u16 len)
6638 {
6639 struct mgmt_mode *cp = data;
6640 struct mgmt_pending_cmd *cmd;
6641 int err;
6642
6643 bt_dev_dbg(hdev, "sock %p", sk);
6644
6645 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6646 hdev->hci_ver < BLUETOOTH_VER_1_2)
6647 return mgmt_cmd_status(sk, hdev->id,
6648 MGMT_OP_SET_FAST_CONNECTABLE,
6649 MGMT_STATUS_NOT_SUPPORTED);
6650
6651 if (cp->val != 0x00 && cp->val != 0x01)
6652 return mgmt_cmd_status(sk, hdev->id,
6653 MGMT_OP_SET_FAST_CONNECTABLE,
6654 MGMT_STATUS_INVALID_PARAMS);
6655
6656 hci_dev_lock(hdev);
6657
6658 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6659 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6660 goto unlock;
6661 }
6662
6663 if (!hdev_is_powered(hdev)) {
6664 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6665 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6666 new_settings(hdev, sk);
6667 goto unlock;
6668 }
6669
6670 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6671 len);
6672 if (!cmd)
6673 err = -ENOMEM;
6674 else
6675 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6676 fast_connectable_complete);
6677
6678 if (err < 0) {
6679 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6680 MGMT_STATUS_FAILED);
6681
6682 if (cmd)
6683 mgmt_pending_free(cmd);
6684 }
6685
6686 unlock:
6687 hci_dev_unlock(hdev);
6688
6689 return err;
6690 }
6691
set_bredr_complete(struct hci_dev * hdev,void * data,int err)6692 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6693 {
6694 struct mgmt_pending_cmd *cmd = data;
6695
6696 bt_dev_dbg(hdev, "err %d", err);
6697
6698 if (err) {
6699 u8 mgmt_err = mgmt_status(err);
6700
6701 /* We need to restore the flag if related HCI commands
6702 * failed.
6703 */
6704 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6705
6706 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6707 } else {
6708 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6709 new_settings(hdev, cmd->sk);
6710 }
6711
6712 mgmt_pending_free(cmd);
6713 }
6714
set_bredr_sync(struct hci_dev * hdev,void * data)6715 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6716 {
6717 int status;
6718
6719 status = hci_write_fast_connectable_sync(hdev, false);
6720
6721 if (!status)
6722 status = hci_update_scan_sync(hdev);
6723
6724 /* Since only the advertising data flags will change, there
6725 * is no need to update the scan response data.
6726 */
6727 if (!status)
6728 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6729
6730 return status;
6731 }
6732
set_bredr(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6733 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6734 {
6735 struct mgmt_mode *cp = data;
6736 struct mgmt_pending_cmd *cmd;
6737 int err;
6738
6739 bt_dev_dbg(hdev, "sock %p", sk);
6740
6741 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6743 MGMT_STATUS_NOT_SUPPORTED);
6744
6745 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6747 MGMT_STATUS_REJECTED);
6748
6749 if (cp->val != 0x00 && cp->val != 0x01)
6750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6751 MGMT_STATUS_INVALID_PARAMS);
6752
6753 hci_dev_lock(hdev);
6754
6755 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6756 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6757 goto unlock;
6758 }
6759
6760 if (!hdev_is_powered(hdev)) {
6761 if (!cp->val) {
6762 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6763 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6764 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6765 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6766 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6767 }
6768
6769 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6770
6771 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6772 if (err < 0)
6773 goto unlock;
6774
6775 err = new_settings(hdev, sk);
6776 goto unlock;
6777 }
6778
6779 /* Reject disabling when powered on */
6780 if (!cp->val) {
6781 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6782 MGMT_STATUS_REJECTED);
6783 goto unlock;
6784 } else {
6785 /* When configuring a dual-mode controller to operate
6786 * with LE only and using a static address, then switching
6787 * BR/EDR back on is not allowed.
6788 *
6789 * Dual-mode controllers shall operate with the public
6790 * address as its identity address for BR/EDR and LE. So
6791 * reject the attempt to create an invalid configuration.
6792 *
6793 * The same restrictions applies when secure connections
6794 * has been enabled. For BR/EDR this is a controller feature
6795 * while for LE it is a host stack feature. This means that
6796 * switching BR/EDR back on when secure connections has been
6797 * enabled is not a supported transaction.
6798 */
6799 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6800 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6801 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6803 MGMT_STATUS_REJECTED);
6804 goto unlock;
6805 }
6806 }
6807
6808 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6809 if (!cmd)
6810 err = -ENOMEM;
6811 else
6812 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6813 set_bredr_complete);
6814
6815 if (err < 0) {
6816 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6817 MGMT_STATUS_FAILED);
6818 if (cmd)
6819 mgmt_pending_free(cmd);
6820
6821 goto unlock;
6822 }
6823
6824 /* We need to flip the bit already here so that
6825 * hci_req_update_adv_data generates the correct flags.
6826 */
6827 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6828
6829 unlock:
6830 hci_dev_unlock(hdev);
6831 return err;
6832 }
6833
set_secure_conn_complete(struct hci_dev * hdev,void * data,int err)6834 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6835 {
6836 struct mgmt_pending_cmd *cmd = data;
6837 struct mgmt_mode *cp;
6838
6839 bt_dev_dbg(hdev, "err %d", err);
6840
6841 if (err) {
6842 u8 mgmt_err = mgmt_status(err);
6843
6844 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6845 goto done;
6846 }
6847
6848 cp = cmd->param;
6849
6850 switch (cp->val) {
6851 case 0x00:
6852 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6853 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6854 break;
6855 case 0x01:
6856 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6857 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6858 break;
6859 case 0x02:
6860 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6861 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6862 break;
6863 }
6864
6865 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6866 new_settings(hdev, cmd->sk);
6867
6868 done:
6869 mgmt_pending_free(cmd);
6870 }
6871
set_secure_conn_sync(struct hci_dev * hdev,void * data)6872 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6873 {
6874 struct mgmt_pending_cmd *cmd = data;
6875 struct mgmt_mode *cp = cmd->param;
6876 u8 val = !!cp->val;
6877
6878 /* Force write of val */
6879 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6880
6881 return hci_write_sc_support_sync(hdev, val);
6882 }
6883
set_secure_conn(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6884 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6885 void *data, u16 len)
6886 {
6887 struct mgmt_mode *cp = data;
6888 struct mgmt_pending_cmd *cmd;
6889 u8 val;
6890 int err;
6891
6892 bt_dev_dbg(hdev, "sock %p", sk);
6893
6894 if (!lmp_sc_capable(hdev) &&
6895 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6896 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6897 MGMT_STATUS_NOT_SUPPORTED);
6898
6899 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6900 lmp_sc_capable(hdev) &&
6901 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6903 MGMT_STATUS_REJECTED);
6904
6905 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6907 MGMT_STATUS_INVALID_PARAMS);
6908
6909 hci_dev_lock(hdev);
6910
6911 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6912 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6913 bool changed;
6914
6915 if (cp->val) {
6916 changed = !hci_dev_test_and_set_flag(hdev,
6917 HCI_SC_ENABLED);
6918 if (cp->val == 0x02)
6919 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6920 else
6921 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6922 } else {
6923 changed = hci_dev_test_and_clear_flag(hdev,
6924 HCI_SC_ENABLED);
6925 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6926 }
6927
6928 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6929 if (err < 0)
6930 goto failed;
6931
6932 if (changed)
6933 err = new_settings(hdev, sk);
6934
6935 goto failed;
6936 }
6937
6938 val = !!cp->val;
6939
6940 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6941 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6942 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6943 goto failed;
6944 }
6945
6946 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6947 if (!cmd)
6948 err = -ENOMEM;
6949 else
6950 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6951 set_secure_conn_complete);
6952
6953 if (err < 0) {
6954 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6955 MGMT_STATUS_FAILED);
6956 if (cmd)
6957 mgmt_pending_free(cmd);
6958 }
6959
6960 failed:
6961 hci_dev_unlock(hdev);
6962 return err;
6963 }
6964
set_debug_keys(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)6965 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6966 void *data, u16 len)
6967 {
6968 struct mgmt_mode *cp = data;
6969 bool changed, use_changed;
6970 int err;
6971
6972 bt_dev_dbg(hdev, "sock %p", sk);
6973
6974 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6976 MGMT_STATUS_INVALID_PARAMS);
6977
6978 hci_dev_lock(hdev);
6979
6980 if (cp->val)
6981 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6982 else
6983 changed = hci_dev_test_and_clear_flag(hdev,
6984 HCI_KEEP_DEBUG_KEYS);
6985
6986 if (cp->val == 0x02)
6987 use_changed = !hci_dev_test_and_set_flag(hdev,
6988 HCI_USE_DEBUG_KEYS);
6989 else
6990 use_changed = hci_dev_test_and_clear_flag(hdev,
6991 HCI_USE_DEBUG_KEYS);
6992
6993 if (hdev_is_powered(hdev) && use_changed &&
6994 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6995 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6996 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6997 sizeof(mode), &mode);
6998 }
6999
7000 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7001 if (err < 0)
7002 goto unlock;
7003
7004 if (changed)
7005 err = new_settings(hdev, sk);
7006
7007 unlock:
7008 hci_dev_unlock(hdev);
7009 return err;
7010 }
7011
set_privacy(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)7012 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7013 u16 len)
7014 {
7015 struct mgmt_cp_set_privacy *cp = cp_data;
7016 bool changed;
7017 int err;
7018
7019 bt_dev_dbg(hdev, "sock %p", sk);
7020
7021 if (!lmp_le_capable(hdev))
7022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7023 MGMT_STATUS_NOT_SUPPORTED);
7024
7025 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
7026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7027 MGMT_STATUS_INVALID_PARAMS);
7028
7029 if (hdev_is_powered(hdev))
7030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7031 MGMT_STATUS_REJECTED);
7032
7033 hci_dev_lock(hdev);
7034
7035 /* If user space supports this command it is also expected to
7036 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7037 */
7038 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7039
7040 if (cp->privacy) {
7041 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
7042 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
7043 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
7044 hci_adv_instances_set_rpa_expired(hdev, true);
7045 if (cp->privacy == 0x02)
7046 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7047 else
7048 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7049 } else {
7050 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
7051 memset(hdev->irk, 0, sizeof(hdev->irk));
7052 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
7053 hci_adv_instances_set_rpa_expired(hdev, false);
7054 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
7055 }
7056
7057 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7058 if (err < 0)
7059 goto unlock;
7060
7061 if (changed)
7062 err = new_settings(hdev, sk);
7063
7064 unlock:
7065 hci_dev_unlock(hdev);
7066 return err;
7067 }
7068
irk_is_valid(struct mgmt_irk_info * irk)7069 static bool irk_is_valid(struct mgmt_irk_info *irk)
7070 {
7071 switch (irk->addr.type) {
7072 case BDADDR_LE_PUBLIC:
7073 return true;
7074
7075 case BDADDR_LE_RANDOM:
7076 /* Two most significant bits shall be set */
7077 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7078 return false;
7079 return true;
7080 }
7081
7082 return false;
7083 }
7084
load_irks(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)7085 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7086 u16 len)
7087 {
7088 struct mgmt_cp_load_irks *cp = cp_data;
7089 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7090 sizeof(struct mgmt_irk_info));
7091 u16 irk_count, expected_len;
7092 int i, err;
7093
7094 bt_dev_dbg(hdev, "sock %p", sk);
7095
7096 if (!lmp_le_capable(hdev))
7097 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7098 MGMT_STATUS_NOT_SUPPORTED);
7099
7100 irk_count = __le16_to_cpu(cp->irk_count);
7101 if (irk_count > max_irk_count) {
7102 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7103 irk_count);
7104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7105 MGMT_STATUS_INVALID_PARAMS);
7106 }
7107
7108 expected_len = struct_size(cp, irks, irk_count);
7109 if (expected_len != len) {
7110 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7111 expected_len, len);
7112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7113 MGMT_STATUS_INVALID_PARAMS);
7114 }
7115
7116 bt_dev_dbg(hdev, "irk_count %u", irk_count);
7117
7118 for (i = 0; i < irk_count; i++) {
7119 struct mgmt_irk_info *key = &cp->irks[i];
7120
7121 if (!irk_is_valid(key))
7122 return mgmt_cmd_status(sk, hdev->id,
7123 MGMT_OP_LOAD_IRKS,
7124 MGMT_STATUS_INVALID_PARAMS);
7125 }
7126
7127 hci_dev_lock(hdev);
7128
7129 hci_smp_irks_clear(hdev);
7130
7131 for (i = 0; i < irk_count; i++) {
7132 struct mgmt_irk_info *irk = &cp->irks[i];
7133
7134 if (hci_is_blocked_key(hdev,
7135 HCI_BLOCKED_KEY_TYPE_IRK,
7136 irk->val)) {
7137 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7138 &irk->addr.bdaddr);
7139 continue;
7140 }
7141
7142 hci_add_irk(hdev, &irk->addr.bdaddr,
7143 le_addr_type(irk->addr.type), irk->val,
7144 BDADDR_ANY);
7145 }
7146
7147 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
7148
7149 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
7150
7151 hci_dev_unlock(hdev);
7152
7153 return err;
7154 }
7155
ltk_is_valid(struct mgmt_ltk_info * key)7156 static bool ltk_is_valid(struct mgmt_ltk_info *key)
7157 {
7158 if (key->initiator != 0x00 && key->initiator != 0x01)
7159 return false;
7160
7161 switch (key->addr.type) {
7162 case BDADDR_LE_PUBLIC:
7163 return true;
7164
7165 case BDADDR_LE_RANDOM:
7166 /* Two most significant bits shall be set */
7167 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7168 return false;
7169 return true;
7170 }
7171
7172 return false;
7173 }
7174
load_long_term_keys(struct sock * sk,struct hci_dev * hdev,void * cp_data,u16 len)7175 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
7176 void *cp_data, u16 len)
7177 {
7178 struct mgmt_cp_load_long_term_keys *cp = cp_data;
7179 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7180 sizeof(struct mgmt_ltk_info));
7181 u16 key_count, expected_len;
7182 int i, err;
7183
7184 bt_dev_dbg(hdev, "sock %p", sk);
7185
7186 if (!lmp_le_capable(hdev))
7187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7188 MGMT_STATUS_NOT_SUPPORTED);
7189
7190 key_count = __le16_to_cpu(cp->key_count);
7191 if (key_count > max_key_count) {
7192 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
7193 key_count);
7194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7195 MGMT_STATUS_INVALID_PARAMS);
7196 }
7197
7198 expected_len = struct_size(cp, keys, key_count);
7199 if (expected_len != len) {
7200 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
7201 expected_len, len);
7202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7203 MGMT_STATUS_INVALID_PARAMS);
7204 }
7205
7206 bt_dev_dbg(hdev, "key_count %u", key_count);
7207
7208 for (i = 0; i < key_count; i++) {
7209 struct mgmt_ltk_info *key = &cp->keys[i];
7210
7211 if (!ltk_is_valid(key))
7212 return mgmt_cmd_status(sk, hdev->id,
7213 MGMT_OP_LOAD_LONG_TERM_KEYS,
7214 MGMT_STATUS_INVALID_PARAMS);
7215 }
7216
7217 hci_dev_lock(hdev);
7218
7219 hci_smp_ltks_clear(hdev);
7220
7221 for (i = 0; i < key_count; i++) {
7222 struct mgmt_ltk_info *key = &cp->keys[i];
7223 u8 type, authenticated;
7224
7225 if (hci_is_blocked_key(hdev,
7226 HCI_BLOCKED_KEY_TYPE_LTK,
7227 key->val)) {
7228 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
7229 &key->addr.bdaddr);
7230 continue;
7231 }
7232
7233 switch (key->type) {
7234 case MGMT_LTK_UNAUTHENTICATED:
7235 authenticated = 0x00;
7236 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
7237 break;
7238 case MGMT_LTK_AUTHENTICATED:
7239 authenticated = 0x01;
7240 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
7241 break;
7242 case MGMT_LTK_P256_UNAUTH:
7243 authenticated = 0x00;
7244 type = SMP_LTK_P256;
7245 break;
7246 case MGMT_LTK_P256_AUTH:
7247 authenticated = 0x01;
7248 type = SMP_LTK_P256;
7249 break;
7250 case MGMT_LTK_P256_DEBUG:
7251 authenticated = 0x00;
7252 type = SMP_LTK_P256_DEBUG;
7253 fallthrough;
7254 default:
7255 continue;
7256 }
7257
7258 hci_add_ltk(hdev, &key->addr.bdaddr,
7259 le_addr_type(key->addr.type), type, authenticated,
7260 key->val, key->enc_size, key->ediv, key->rand);
7261 }
7262
7263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
7264 NULL, 0);
7265
7266 hci_dev_unlock(hdev);
7267
7268 return err;
7269 }
7270
get_conn_info_complete(struct hci_dev * hdev,void * data,int err)7271 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
7272 {
7273 struct mgmt_pending_cmd *cmd = data;
7274 struct hci_conn *conn = cmd->user_data;
7275 struct mgmt_cp_get_conn_info *cp = cmd->param;
7276 struct mgmt_rp_get_conn_info rp;
7277 u8 status;
7278
7279 bt_dev_dbg(hdev, "err %d", err);
7280
7281 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
7282
7283 status = mgmt_status(err);
7284 if (status == MGMT_STATUS_SUCCESS) {
7285 rp.rssi = conn->rssi;
7286 rp.tx_power = conn->tx_power;
7287 rp.max_tx_power = conn->max_tx_power;
7288 } else {
7289 rp.rssi = HCI_RSSI_INVALID;
7290 rp.tx_power = HCI_TX_POWER_INVALID;
7291 rp.max_tx_power = HCI_TX_POWER_INVALID;
7292 }
7293
7294 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7295 &rp, sizeof(rp));
7296
7297 mgmt_pending_free(cmd);
7298 }
7299
get_conn_info_sync(struct hci_dev * hdev,void * data)7300 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
7301 {
7302 struct mgmt_pending_cmd *cmd = data;
7303 struct mgmt_cp_get_conn_info *cp = cmd->param;
7304 struct hci_conn *conn;
7305 int err;
7306 __le16 handle;
7307
7308 /* Make sure we are still connected */
7309 if (cp->addr.type == BDADDR_BREDR)
7310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7311 &cp->addr.bdaddr);
7312 else
7313 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7314
7315 if (!conn || conn->state != BT_CONNECTED)
7316 return MGMT_STATUS_NOT_CONNECTED;
7317
7318 cmd->user_data = conn;
7319 handle = cpu_to_le16(conn->handle);
7320
7321 /* Refresh RSSI each time */
7322 err = hci_read_rssi_sync(hdev, handle);
7323
7324 /* For LE links TX power does not change thus we don't need to
7325 * query for it once value is known.
7326 */
7327 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
7328 conn->tx_power == HCI_TX_POWER_INVALID))
7329 err = hci_read_tx_power_sync(hdev, handle, 0x00);
7330
7331 /* Max TX power needs to be read only once per connection */
7332 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
7333 err = hci_read_tx_power_sync(hdev, handle, 0x01);
7334
7335 return err;
7336 }
7337
get_conn_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7338 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7339 u16 len)
7340 {
7341 struct mgmt_cp_get_conn_info *cp = data;
7342 struct mgmt_rp_get_conn_info rp;
7343 struct hci_conn *conn;
7344 unsigned long conn_info_age;
7345 int err = 0;
7346
7347 bt_dev_dbg(hdev, "sock %p", sk);
7348
7349 memset(&rp, 0, sizeof(rp));
7350 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7351 rp.addr.type = cp->addr.type;
7352
7353 if (!bdaddr_type_is_valid(cp->addr.type))
7354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7355 MGMT_STATUS_INVALID_PARAMS,
7356 &rp, sizeof(rp));
7357
7358 hci_dev_lock(hdev);
7359
7360 if (!hdev_is_powered(hdev)) {
7361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7362 MGMT_STATUS_NOT_POWERED, &rp,
7363 sizeof(rp));
7364 goto unlock;
7365 }
7366
7367 if (cp->addr.type == BDADDR_BREDR)
7368 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7369 &cp->addr.bdaddr);
7370 else
7371 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7372
7373 if (!conn || conn->state != BT_CONNECTED) {
7374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7375 MGMT_STATUS_NOT_CONNECTED, &rp,
7376 sizeof(rp));
7377 goto unlock;
7378 }
7379
7380 /* To avoid client trying to guess when to poll again for information we
7381 * calculate conn info age as random value between min/max set in hdev.
7382 */
7383 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age,
7384 hdev->conn_info_max_age - 1);
7385
7386 /* Query controller to refresh cached values if they are too old or were
7387 * never read.
7388 */
7389 if (time_after(jiffies, conn->conn_info_timestamp +
7390 msecs_to_jiffies(conn_info_age)) ||
7391 !conn->conn_info_timestamp) {
7392 struct mgmt_pending_cmd *cmd;
7393
7394 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
7395 len);
7396 if (!cmd) {
7397 err = -ENOMEM;
7398 } else {
7399 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
7400 cmd, get_conn_info_complete);
7401 }
7402
7403 if (err < 0) {
7404 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7405 MGMT_STATUS_FAILED, &rp, sizeof(rp));
7406
7407 if (cmd)
7408 mgmt_pending_free(cmd);
7409
7410 goto unlock;
7411 }
7412
7413 conn->conn_info_timestamp = jiffies;
7414 } else {
7415 /* Cache is valid, just reply with values cached in hci_conn */
7416 rp.rssi = conn->rssi;
7417 rp.tx_power = conn->tx_power;
7418 rp.max_tx_power = conn->max_tx_power;
7419
7420 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7421 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7422 }
7423
7424 unlock:
7425 hci_dev_unlock(hdev);
7426 return err;
7427 }
7428
get_clock_info_complete(struct hci_dev * hdev,void * data,int err)7429 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
7430 {
7431 struct mgmt_pending_cmd *cmd = data;
7432 struct mgmt_cp_get_clock_info *cp = cmd->param;
7433 struct mgmt_rp_get_clock_info rp;
7434 struct hci_conn *conn = cmd->user_data;
7435 u8 status = mgmt_status(err);
7436
7437 bt_dev_dbg(hdev, "err %d", err);
7438
7439 memset(&rp, 0, sizeof(rp));
7440 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7441 rp.addr.type = cp->addr.type;
7442
7443 if (err)
7444 goto complete;
7445
7446 rp.local_clock = cpu_to_le32(hdev->clock);
7447
7448 if (conn) {
7449 rp.piconet_clock = cpu_to_le32(conn->clock);
7450 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7451 }
7452
7453 complete:
7454 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7455 sizeof(rp));
7456
7457 mgmt_pending_free(cmd);
7458 }
7459
get_clock_info_sync(struct hci_dev * hdev,void * data)7460 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
7461 {
7462 struct mgmt_pending_cmd *cmd = data;
7463 struct mgmt_cp_get_clock_info *cp = cmd->param;
7464 struct hci_cp_read_clock hci_cp;
7465 struct hci_conn *conn;
7466
7467 memset(&hci_cp, 0, sizeof(hci_cp));
7468 hci_read_clock_sync(hdev, &hci_cp);
7469
7470 /* Make sure connection still exists */
7471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
7472 if (!conn || conn->state != BT_CONNECTED)
7473 return MGMT_STATUS_NOT_CONNECTED;
7474
7475 cmd->user_data = conn;
7476 hci_cp.handle = cpu_to_le16(conn->handle);
7477 hci_cp.which = 0x01; /* Piconet clock */
7478
7479 return hci_read_clock_sync(hdev, &hci_cp);
7480 }
7481
get_clock_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7482 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7483 u16 len)
7484 {
7485 struct mgmt_cp_get_clock_info *cp = data;
7486 struct mgmt_rp_get_clock_info rp;
7487 struct mgmt_pending_cmd *cmd;
7488 struct hci_conn *conn;
7489 int err;
7490
7491 bt_dev_dbg(hdev, "sock %p", sk);
7492
7493 memset(&rp, 0, sizeof(rp));
7494 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7495 rp.addr.type = cp->addr.type;
7496
7497 if (cp->addr.type != BDADDR_BREDR)
7498 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7499 MGMT_STATUS_INVALID_PARAMS,
7500 &rp, sizeof(rp));
7501
7502 hci_dev_lock(hdev);
7503
7504 if (!hdev_is_powered(hdev)) {
7505 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7506 MGMT_STATUS_NOT_POWERED, &rp,
7507 sizeof(rp));
7508 goto unlock;
7509 }
7510
7511 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7512 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7513 &cp->addr.bdaddr);
7514 if (!conn || conn->state != BT_CONNECTED) {
7515 err = mgmt_cmd_complete(sk, hdev->id,
7516 MGMT_OP_GET_CLOCK_INFO,
7517 MGMT_STATUS_NOT_CONNECTED,
7518 &rp, sizeof(rp));
7519 goto unlock;
7520 }
7521 } else {
7522 conn = NULL;
7523 }
7524
7525 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7526 if (!cmd)
7527 err = -ENOMEM;
7528 else
7529 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
7530 get_clock_info_complete);
7531
7532 if (err < 0) {
7533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7534 MGMT_STATUS_FAILED, &rp, sizeof(rp));
7535
7536 if (cmd)
7537 mgmt_pending_free(cmd);
7538 }
7539
7540
7541 unlock:
7542 hci_dev_unlock(hdev);
7543 return err;
7544 }
7545
is_connected(struct hci_dev * hdev,bdaddr_t * addr,u8 type)7546 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7547 {
7548 struct hci_conn *conn;
7549
7550 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7551 if (!conn)
7552 return false;
7553
7554 if (conn->dst_type != type)
7555 return false;
7556
7557 if (conn->state != BT_CONNECTED)
7558 return false;
7559
7560 return true;
7561 }
7562
7563 /* This function requires the caller holds hdev->lock */
hci_conn_params_set(struct hci_dev * hdev,bdaddr_t * addr,u8 addr_type,u8 auto_connect)7564 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
7565 u8 addr_type, u8 auto_connect)
7566 {
7567 struct hci_conn_params *params;
7568
7569 params = hci_conn_params_add(hdev, addr, addr_type);
7570 if (!params)
7571 return -EIO;
7572
7573 if (params->auto_connect == auto_connect)
7574 return 0;
7575
7576 hci_pend_le_list_del_init(params);
7577
7578 switch (auto_connect) {
7579 case HCI_AUTO_CONN_DISABLED:
7580 case HCI_AUTO_CONN_LINK_LOSS:
7581 /* If auto connect is being disabled when we're trying to
7582 * connect to device, keep connecting.
7583 */
7584 if (params->explicit_connect)
7585 hci_pend_le_list_add(params, &hdev->pend_le_conns);
7586 break;
7587 case HCI_AUTO_CONN_REPORT:
7588 if (params->explicit_connect)
7589 hci_pend_le_list_add(params, &hdev->pend_le_conns);
7590 else
7591 hci_pend_le_list_add(params, &hdev->pend_le_reports);
7592 break;
7593 case HCI_AUTO_CONN_DIRECT:
7594 case HCI_AUTO_CONN_ALWAYS:
7595 if (!is_connected(hdev, addr, addr_type))
7596 hci_pend_le_list_add(params, &hdev->pend_le_conns);
7597 break;
7598 }
7599
7600 params->auto_connect = auto_connect;
7601
7602 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
7603 addr, addr_type, auto_connect);
7604
7605 return 0;
7606 }
7607
device_added(struct sock * sk,struct hci_dev * hdev,bdaddr_t * bdaddr,u8 type,u8 action)7608 static void device_added(struct sock *sk, struct hci_dev *hdev,
7609 bdaddr_t *bdaddr, u8 type, u8 action)
7610 {
7611 struct mgmt_ev_device_added ev;
7612
7613 bacpy(&ev.addr.bdaddr, bdaddr);
7614 ev.addr.type = type;
7615 ev.action = action;
7616
7617 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7618 }
7619
add_device_sync(struct hci_dev * hdev,void * data)7620 static int add_device_sync(struct hci_dev *hdev, void *data)
7621 {
7622 return hci_update_passive_scan_sync(hdev);
7623 }
7624
add_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7625 static int add_device(struct sock *sk, struct hci_dev *hdev,
7626 void *data, u16 len)
7627 {
7628 struct mgmt_cp_add_device *cp = data;
7629 u8 auto_conn, addr_type;
7630 struct hci_conn_params *params;
7631 int err;
7632 u32 current_flags = 0;
7633 u32 supported_flags;
7634
7635 bt_dev_dbg(hdev, "sock %p", sk);
7636
7637 if (!bdaddr_type_is_valid(cp->addr.type) ||
7638 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7639 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7640 MGMT_STATUS_INVALID_PARAMS,
7641 &cp->addr, sizeof(cp->addr));
7642
7643 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7644 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7645 MGMT_STATUS_INVALID_PARAMS,
7646 &cp->addr, sizeof(cp->addr));
7647
7648 hci_dev_lock(hdev);
7649
7650 if (cp->addr.type == BDADDR_BREDR) {
7651 /* Only incoming connections action is supported for now */
7652 if (cp->action != 0x01) {
7653 err = mgmt_cmd_complete(sk, hdev->id,
7654 MGMT_OP_ADD_DEVICE,
7655 MGMT_STATUS_INVALID_PARAMS,
7656 &cp->addr, sizeof(cp->addr));
7657 goto unlock;
7658 }
7659
7660 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
7661 &cp->addr.bdaddr,
7662 cp->addr.type, 0);
7663 if (err)
7664 goto unlock;
7665
7666 hci_update_scan(hdev);
7667
7668 goto added;
7669 }
7670
7671 addr_type = le_addr_type(cp->addr.type);
7672
7673 if (cp->action == 0x02)
7674 auto_conn = HCI_AUTO_CONN_ALWAYS;
7675 else if (cp->action == 0x01)
7676 auto_conn = HCI_AUTO_CONN_DIRECT;
7677 else
7678 auto_conn = HCI_AUTO_CONN_REPORT;
7679
7680 /* Kernel internally uses conn_params with resolvable private
7681 * address, but Add Device allows only identity addresses.
7682 * Make sure it is enforced before calling
7683 * hci_conn_params_lookup.
7684 */
7685 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
7686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7687 MGMT_STATUS_INVALID_PARAMS,
7688 &cp->addr, sizeof(cp->addr));
7689 goto unlock;
7690 }
7691
7692 /* If the connection parameters don't exist for this device,
7693 * they will be created and configured with defaults.
7694 */
7695 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
7696 auto_conn) < 0) {
7697 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7698 MGMT_STATUS_FAILED, &cp->addr,
7699 sizeof(cp->addr));
7700 goto unlock;
7701 } else {
7702 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7703 addr_type);
7704 if (params)
7705 current_flags = params->flags;
7706 }
7707
7708 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7709 if (err < 0)
7710 goto unlock;
7711
7712 added:
7713 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7714 supported_flags = hdev->conn_flags;
7715 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
7716 supported_flags, current_flags);
7717
7718 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7719 MGMT_STATUS_SUCCESS, &cp->addr,
7720 sizeof(cp->addr));
7721
7722 unlock:
7723 hci_dev_unlock(hdev);
7724 return err;
7725 }
7726
device_removed(struct sock * sk,struct hci_dev * hdev,bdaddr_t * bdaddr,u8 type)7727 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7728 bdaddr_t *bdaddr, u8 type)
7729 {
7730 struct mgmt_ev_device_removed ev;
7731
7732 bacpy(&ev.addr.bdaddr, bdaddr);
7733 ev.addr.type = type;
7734
7735 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7736 }
7737
remove_device_sync(struct hci_dev * hdev,void * data)7738 static int remove_device_sync(struct hci_dev *hdev, void *data)
7739 {
7740 return hci_update_passive_scan_sync(hdev);
7741 }
7742
remove_device(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7743 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7744 void *data, u16 len)
7745 {
7746 struct mgmt_cp_remove_device *cp = data;
7747 int err;
7748
7749 bt_dev_dbg(hdev, "sock %p", sk);
7750
7751 hci_dev_lock(hdev);
7752
7753 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7754 struct hci_conn_params *params;
7755 u8 addr_type;
7756
7757 if (!bdaddr_type_is_valid(cp->addr.type)) {
7758 err = mgmt_cmd_complete(sk, hdev->id,
7759 MGMT_OP_REMOVE_DEVICE,
7760 MGMT_STATUS_INVALID_PARAMS,
7761 &cp->addr, sizeof(cp->addr));
7762 goto unlock;
7763 }
7764
7765 if (cp->addr.type == BDADDR_BREDR) {
7766 err = hci_bdaddr_list_del(&hdev->accept_list,
7767 &cp->addr.bdaddr,
7768 cp->addr.type);
7769 if (err) {
7770 err = mgmt_cmd_complete(sk, hdev->id,
7771 MGMT_OP_REMOVE_DEVICE,
7772 MGMT_STATUS_INVALID_PARAMS,
7773 &cp->addr,
7774 sizeof(cp->addr));
7775 goto unlock;
7776 }
7777
7778 hci_update_scan(hdev);
7779
7780 device_removed(sk, hdev, &cp->addr.bdaddr,
7781 cp->addr.type);
7782 goto complete;
7783 }
7784
7785 addr_type = le_addr_type(cp->addr.type);
7786
7787 /* Kernel internally uses conn_params with resolvable private
7788 * address, but Remove Device allows only identity addresses.
7789 * Make sure it is enforced before calling
7790 * hci_conn_params_lookup.
7791 */
7792 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
7793 err = mgmt_cmd_complete(sk, hdev->id,
7794 MGMT_OP_REMOVE_DEVICE,
7795 MGMT_STATUS_INVALID_PARAMS,
7796 &cp->addr, sizeof(cp->addr));
7797 goto unlock;
7798 }
7799
7800 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7801 addr_type);
7802 if (!params) {
7803 err = mgmt_cmd_complete(sk, hdev->id,
7804 MGMT_OP_REMOVE_DEVICE,
7805 MGMT_STATUS_INVALID_PARAMS,
7806 &cp->addr, sizeof(cp->addr));
7807 goto unlock;
7808 }
7809
7810 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7811 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
7812 err = mgmt_cmd_complete(sk, hdev->id,
7813 MGMT_OP_REMOVE_DEVICE,
7814 MGMT_STATUS_INVALID_PARAMS,
7815 &cp->addr, sizeof(cp->addr));
7816 goto unlock;
7817 }
7818
7819 hci_conn_params_free(params);
7820
7821 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7822 } else {
7823 struct hci_conn_params *p, *tmp;
7824 struct bdaddr_list *b, *btmp;
7825
7826 if (cp->addr.type) {
7827 err = mgmt_cmd_complete(sk, hdev->id,
7828 MGMT_OP_REMOVE_DEVICE,
7829 MGMT_STATUS_INVALID_PARAMS,
7830 &cp->addr, sizeof(cp->addr));
7831 goto unlock;
7832 }
7833
7834 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
7835 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7836 list_del(&b->list);
7837 kfree(b);
7838 }
7839
7840 hci_update_scan(hdev);
7841
7842 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7843 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7844 continue;
7845 device_removed(sk, hdev, &p->addr, p->addr_type);
7846 if (p->explicit_connect) {
7847 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7848 continue;
7849 }
7850 hci_conn_params_free(p);
7851 }
7852
7853 bt_dev_dbg(hdev, "All LE connection parameters were removed");
7854 }
7855
7856 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7857
7858 complete:
7859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7860 MGMT_STATUS_SUCCESS, &cp->addr,
7861 sizeof(cp->addr));
7862 unlock:
7863 hci_dev_unlock(hdev);
7864 return err;
7865 }
7866
load_conn_param(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7867 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7868 u16 len)
7869 {
7870 struct mgmt_cp_load_conn_param *cp = data;
7871 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7872 sizeof(struct mgmt_conn_param));
7873 u16 param_count, expected_len;
7874 int i;
7875
7876 if (!lmp_le_capable(hdev))
7877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7878 MGMT_STATUS_NOT_SUPPORTED);
7879
7880 param_count = __le16_to_cpu(cp->param_count);
7881 if (param_count > max_param_count) {
7882 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7883 param_count);
7884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7885 MGMT_STATUS_INVALID_PARAMS);
7886 }
7887
7888 expected_len = struct_size(cp, params, param_count);
7889 if (expected_len != len) {
7890 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7891 expected_len, len);
7892 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7893 MGMT_STATUS_INVALID_PARAMS);
7894 }
7895
7896 bt_dev_dbg(hdev, "param_count %u", param_count);
7897
7898 hci_dev_lock(hdev);
7899
7900 hci_conn_params_clear_disabled(hdev);
7901
7902 for (i = 0; i < param_count; i++) {
7903 struct mgmt_conn_param *param = &cp->params[i];
7904 struct hci_conn_params *hci_param;
7905 u16 min, max, latency, timeout;
7906 u8 addr_type;
7907
7908 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
7909 param->addr.type);
7910
7911 if (param->addr.type == BDADDR_LE_PUBLIC) {
7912 addr_type = ADDR_LE_DEV_PUBLIC;
7913 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7914 addr_type = ADDR_LE_DEV_RANDOM;
7915 } else {
7916 bt_dev_err(hdev, "ignoring invalid connection parameters");
7917 continue;
7918 }
7919
7920 min = le16_to_cpu(param->min_interval);
7921 max = le16_to_cpu(param->max_interval);
7922 latency = le16_to_cpu(param->latency);
7923 timeout = le16_to_cpu(param->timeout);
7924
7925 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7926 min, max, latency, timeout);
7927
7928 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7929 bt_dev_err(hdev, "ignoring invalid connection parameters");
7930 continue;
7931 }
7932
7933 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7934 addr_type);
7935 if (!hci_param) {
7936 bt_dev_err(hdev, "failed to add connection parameters");
7937 continue;
7938 }
7939
7940 hci_param->conn_min_interval = min;
7941 hci_param->conn_max_interval = max;
7942 hci_param->conn_latency = latency;
7943 hci_param->supervision_timeout = timeout;
7944 }
7945
7946 hci_dev_unlock(hdev);
7947
7948 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7949 NULL, 0);
7950 }
7951
set_external_config(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)7952 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7953 void *data, u16 len)
7954 {
7955 struct mgmt_cp_set_external_config *cp = data;
7956 bool changed;
7957 int err;
7958
7959 bt_dev_dbg(hdev, "sock %p", sk);
7960
7961 if (hdev_is_powered(hdev))
7962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7963 MGMT_STATUS_REJECTED);
7964
7965 if (cp->config != 0x00 && cp->config != 0x01)
7966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7967 MGMT_STATUS_INVALID_PARAMS);
7968
7969 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7971 MGMT_STATUS_NOT_SUPPORTED);
7972
7973 hci_dev_lock(hdev);
7974
7975 if (cp->config)
7976 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
7977 else
7978 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
7979
7980 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7981 if (err < 0)
7982 goto unlock;
7983
7984 if (!changed)
7985 goto unlock;
7986
7987 err = new_options(hdev, sk);
7988
7989 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
7990 mgmt_index_removed(hdev);
7991
7992 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
7993 hci_dev_set_flag(hdev, HCI_CONFIG);
7994 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7995
7996 queue_work(hdev->req_workqueue, &hdev->power_on);
7997 } else {
7998 set_bit(HCI_RAW, &hdev->flags);
7999 mgmt_index_added(hdev);
8000 }
8001 }
8002
8003 unlock:
8004 hci_dev_unlock(hdev);
8005 return err;
8006 }
8007
set_public_address(struct sock * sk,struct hci_dev * hdev,void * data,u16 len)8008 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
8009 void *data, u16 len)
8010 {
8011 struct mgmt_cp_set_public_address *cp = data;
8012 bool changed;
8013 int err;
8014
8015 bt_dev_dbg(hdev, "sock %p", sk);
8016
8017 if (hdev_is_powered(hdev))
8018 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8019 MGMT_STATUS_REJECTED);
8020
8021 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
8022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8023 MGMT_STATUS_INVALID_PARAMS);
8024
8025 if (!hdev->set_bdaddr)
8026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8027 MGMT_STATUS_NOT_SUPPORTED);
8028
8029 hci_dev_lock(hdev);
8030
8031 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
8032 bacpy(&hdev->public_addr, &cp->bdaddr);
8033
8034 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
8035 if (err < 0)
8036 goto unlock;
8037
8038 if (!changed)
8039 goto unlock;
8040
8041 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
8042 err = new_options(hdev, sk);
8043
8044 if (is_configured(hdev)) {
8045 mgmt_index_removed(hdev);
8046
8047 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
8048
8049 hci_dev_set_flag(hdev, HCI_CONFIG);
8050 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
8051
8052 queue_work(hdev->req_workqueue, &hdev->power_on);
8053 }
8054
8055 unlock:
8056 hci_dev_unlock(hdev);
8057 return err;
8058 }
8059
read_local_oob_ext_data_complete(struct hci_dev * hdev,void * data,int err)8060 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
8061 int err)
8062 {
8063 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
8064 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
8065 u8 *h192, *r192, *h256, *r256;
8066 struct mgmt_pending_cmd *cmd = data;
8067 struct sk_buff *skb = cmd->skb;
8068 u8 status = mgmt_status(err);
8069 u16 eir_len;
8070
8071 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
8072 return;
8073
8074 if (!status) {
8075 if (!skb)
8076 status = MGMT_STATUS_FAILED;
8077 else if (IS_ERR(skb))
8078 status = mgmt_status(PTR_ERR(skb));
8079 else
8080 status = mgmt_status(skb->data[0]);
8081 }
8082
8083 bt_dev_dbg(hdev, "status %u", status);
8084
8085 mgmt_cp = cmd->param;
8086
8087 if (status) {
8088 status = mgmt_status(status);
8089 eir_len = 0;
8090
8091 h192 = NULL;
8092 r192 = NULL;
8093 h256 = NULL;
8094 r256 = NULL;
8095 } else if (!bredr_sc_enabled(hdev)) {
8096 struct hci_rp_read_local_oob_data *rp;
8097
8098 if (skb->len != sizeof(*rp)) {
8099 status = MGMT_STATUS_FAILED;
8100 eir_len = 0;
8101 } else {
8102 status = MGMT_STATUS_SUCCESS;
8103 rp = (void *)skb->data;
8104
8105 eir_len = 5 + 18 + 18;
8106 h192 = rp->hash;
8107 r192 = rp->rand;
8108 h256 = NULL;
8109 r256 = NULL;
8110 }
8111 } else {
8112 struct hci_rp_read_local_oob_ext_data *rp;
8113
8114 if (skb->len != sizeof(*rp)) {
8115 status = MGMT_STATUS_FAILED;
8116 eir_len = 0;
8117 } else {
8118 status = MGMT_STATUS_SUCCESS;
8119 rp = (void *)skb->data;
8120
8121 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
8122 eir_len = 5 + 18 + 18;
8123 h192 = NULL;
8124 r192 = NULL;
8125 } else {
8126 eir_len = 5 + 18 + 18 + 18 + 18;
8127 h192 = rp->hash192;
8128 r192 = rp->rand192;
8129 }
8130
8131 h256 = rp->hash256;
8132 r256 = rp->rand256;
8133 }
8134 }
8135
8136 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
8137 if (!mgmt_rp)
8138 goto done;
8139
8140 if (eir_len == 0)
8141 goto send_rsp;
8142
8143 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
8144 hdev->dev_class, 3);
8145
8146 if (h192 && r192) {
8147 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8148 EIR_SSP_HASH_C192, h192, 16);
8149 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8150 EIR_SSP_RAND_R192, r192, 16);
8151 }
8152
8153 if (h256 && r256) {
8154 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8155 EIR_SSP_HASH_C256, h256, 16);
8156 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8157 EIR_SSP_RAND_R256, r256, 16);
8158 }
8159
8160 send_rsp:
8161 mgmt_rp->type = mgmt_cp->type;
8162 mgmt_rp->eir_len = cpu_to_le16(eir_len);
8163
8164 err = mgmt_cmd_complete(cmd->sk, hdev->id,
8165 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
8166 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
8167 if (err < 0 || status)
8168 goto done;
8169
8170 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
8171
8172 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8173 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
8174 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
8175 done:
8176 if (skb && !IS_ERR(skb))
8177 kfree_skb(skb);
8178
8179 kfree(mgmt_rp);
8180 mgmt_pending_remove(cmd);
8181 }
8182
read_local_ssp_oob_req(struct hci_dev * hdev,struct sock * sk,struct mgmt_cp_read_local_oob_ext_data * cp)8183 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
8184 struct mgmt_cp_read_local_oob_ext_data *cp)
8185 {
8186 struct mgmt_pending_cmd *cmd;
8187 int err;
8188
8189 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
8190 cp, sizeof(*cp));
8191 if (!cmd)
8192 return -ENOMEM;
8193
8194 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
8195 read_local_oob_ext_data_complete);
8196
8197 if (err < 0) {
8198 mgmt_pending_remove(cmd);
8199 return err;
8200 }
8201
8202 return 0;
8203 }
8204
read_local_oob_ext_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)8205 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
8206 void *data, u16 data_len)
8207 {
8208 struct mgmt_cp_read_local_oob_ext_data *cp = data;
8209 struct mgmt_rp_read_local_oob_ext_data *rp;
8210 size_t rp_len;
8211 u16 eir_len;
8212 u8 status, flags, role, addr[7], hash[16], rand[16];
8213 int err;
8214
8215 bt_dev_dbg(hdev, "sock %p", sk);
8216
8217 if (hdev_is_powered(hdev)) {
8218 switch (cp->type) {
8219 case BIT(BDADDR_BREDR):
8220 status = mgmt_bredr_support(hdev);
8221 if (status)
8222 eir_len = 0;
8223 else
8224 eir_len = 5;
8225 break;
8226 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
8227 status = mgmt_le_support(hdev);
8228 if (status)
8229 eir_len = 0;
8230 else
8231 eir_len = 9 + 3 + 18 + 18 + 3;
8232 break;
8233 default:
8234 status = MGMT_STATUS_INVALID_PARAMS;
8235 eir_len = 0;
8236 break;
8237 }
8238 } else {
8239 status = MGMT_STATUS_NOT_POWERED;
8240 eir_len = 0;
8241 }
8242
8243 rp_len = sizeof(*rp) + eir_len;
8244 rp = kmalloc(rp_len, GFP_ATOMIC);
8245 if (!rp)
8246 return -ENOMEM;
8247
8248 if (!status && !lmp_ssp_capable(hdev)) {
8249 status = MGMT_STATUS_NOT_SUPPORTED;
8250 eir_len = 0;
8251 }
8252
8253 if (status)
8254 goto complete;
8255
8256 hci_dev_lock(hdev);
8257
8258 eir_len = 0;
8259 switch (cp->type) {
8260 case BIT(BDADDR_BREDR):
8261 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8262 err = read_local_ssp_oob_req(hdev, sk, cp);
8263 hci_dev_unlock(hdev);
8264 if (!err)
8265 goto done;
8266
8267 status = MGMT_STATUS_FAILED;
8268 goto complete;
8269 } else {
8270 eir_len = eir_append_data(rp->eir, eir_len,
8271 EIR_CLASS_OF_DEV,
8272 hdev->dev_class, 3);
8273 }
8274 break;
8275 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
8276 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
8277 smp_generate_oob(hdev, hash, rand) < 0) {
8278 hci_dev_unlock(hdev);
8279 status = MGMT_STATUS_FAILED;
8280 goto complete;
8281 }
8282
8283 /* This should return the active RPA, but since the RPA
8284 * is only programmed on demand, it is really hard to fill
8285 * this in at the moment. For now disallow retrieving
8286 * local out-of-band data when privacy is in use.
8287 *
8288 * Returning the identity address will not help here since
8289 * pairing happens before the identity resolving key is
8290 * known and thus the connection establishment happens
8291 * based on the RPA and not the identity address.
8292 */
8293 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
8294 hci_dev_unlock(hdev);
8295 status = MGMT_STATUS_REJECTED;
8296 goto complete;
8297 }
8298
8299 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
8300 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
8301 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
8302 bacmp(&hdev->static_addr, BDADDR_ANY))) {
8303 memcpy(addr, &hdev->static_addr, 6);
8304 addr[6] = 0x01;
8305 } else {
8306 memcpy(addr, &hdev->bdaddr, 6);
8307 addr[6] = 0x00;
8308 }
8309
8310 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
8311 addr, sizeof(addr));
8312
8313 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
8314 role = 0x02;
8315 else
8316 role = 0x01;
8317
8318 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
8319 &role, sizeof(role));
8320
8321 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
8322 eir_len = eir_append_data(rp->eir, eir_len,
8323 EIR_LE_SC_CONFIRM,
8324 hash, sizeof(hash));
8325
8326 eir_len = eir_append_data(rp->eir, eir_len,
8327 EIR_LE_SC_RANDOM,
8328 rand, sizeof(rand));
8329 }
8330
8331 flags = mgmt_get_adv_discov_flags(hdev);
8332
8333 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
8334 flags |= LE_AD_NO_BREDR;
8335
8336 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
8337 &flags, sizeof(flags));
8338 break;
8339 }
8340
8341 hci_dev_unlock(hdev);
8342
8343 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
8344
8345 status = MGMT_STATUS_SUCCESS;
8346
8347 complete:
8348 rp->type = cp->type;
8349 rp->eir_len = cpu_to_le16(eir_len);
8350
8351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
8352 status, rp, sizeof(*rp) + eir_len);
8353 if (err < 0 || status)
8354 goto done;
8355
8356 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8357 rp, sizeof(*rp) + eir_len,
8358 HCI_MGMT_OOB_DATA_EVENTS, sk);
8359
8360 done:
8361 kfree(rp);
8362
8363 return err;
8364 }
8365
get_supported_adv_flags(struct hci_dev * hdev)8366 static u32 get_supported_adv_flags(struct hci_dev *hdev)
8367 {
8368 u32 flags = 0;
8369
8370 flags |= MGMT_ADV_FLAG_CONNECTABLE;
8371 flags |= MGMT_ADV_FLAG_DISCOV;
8372 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
8373 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
8374 flags |= MGMT_ADV_FLAG_APPEARANCE;
8375 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
8376 flags |= MGMT_ADV_PARAM_DURATION;
8377 flags |= MGMT_ADV_PARAM_TIMEOUT;
8378 flags |= MGMT_ADV_PARAM_INTERVALS;
8379 flags |= MGMT_ADV_PARAM_TX_POWER;
8380 flags |= MGMT_ADV_PARAM_SCAN_RSP;
8381
8382 /* In extended adv TX_POWER returned from Set Adv Param
8383 * will be always valid.
8384 */
8385 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
8386 flags |= MGMT_ADV_FLAG_TX_POWER;
8387
8388 if (ext_adv_capable(hdev)) {
8389 flags |= MGMT_ADV_FLAG_SEC_1M;
8390 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
8391 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
8392
8393 if (le_2m_capable(hdev))
8394 flags |= MGMT_ADV_FLAG_SEC_2M;
8395
8396 if (le_coded_capable(hdev))
8397 flags |= MGMT_ADV_FLAG_SEC_CODED;
8398 }
8399
8400 return flags;
8401 }
8402
read_adv_features(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)8403 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
8404 void *data, u16 data_len)
8405 {
8406 struct mgmt_rp_read_adv_features *rp;
8407 size_t rp_len;
8408 int err;
8409 struct adv_info *adv_instance;
8410 u32 supported_flags;
8411 u8 *instance;
8412
8413 bt_dev_dbg(hdev, "sock %p", sk);
8414
8415 if (!lmp_le_capable(hdev))
8416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8417 MGMT_STATUS_REJECTED);
8418
8419 hci_dev_lock(hdev);
8420
8421 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
8422 rp = kmalloc(rp_len, GFP_ATOMIC);
8423 if (!rp) {
8424 hci_dev_unlock(hdev);
8425 return -ENOMEM;
8426 }
8427
8428 supported_flags = get_supported_adv_flags(hdev);
8429
8430 rp->supported_flags = cpu_to_le32(supported_flags);
8431 rp->max_adv_data_len = max_adv_len(hdev);
8432 rp->max_scan_rsp_len = max_adv_len(hdev);
8433 rp->max_instances = hdev->le_num_of_adv_sets;
8434 rp->num_instances = hdev->adv_instance_cnt;
8435
8436 instance = rp->instance;
8437 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
8438 /* Only instances 1-le_num_of_adv_sets are externally visible */
8439 if (adv_instance->instance <= hdev->adv_instance_cnt) {
8440 *instance = adv_instance->instance;
8441 instance++;
8442 } else {
8443 rp->num_instances--;
8444 rp_len--;
8445 }
8446 }
8447
8448 hci_dev_unlock(hdev);
8449
8450 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8451 MGMT_STATUS_SUCCESS, rp, rp_len);
8452
8453 kfree(rp);
8454
8455 return err;
8456 }
8457
calculate_name_len(struct hci_dev * hdev)8458 static u8 calculate_name_len(struct hci_dev *hdev)
8459 {
8460 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
8461
8462 return eir_append_local_name(hdev, buf, 0);
8463 }
8464
tlv_data_max_len(struct hci_dev * hdev,u32 adv_flags,bool is_adv_data)8465 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
8466 bool is_adv_data)
8467 {
8468 u8 max_len = max_adv_len(hdev);
8469
8470 if (is_adv_data) {
8471 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
8472 MGMT_ADV_FLAG_LIMITED_DISCOV |
8473 MGMT_ADV_FLAG_MANAGED_FLAGS))
8474 max_len -= 3;
8475
8476 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
8477 max_len -= 3;
8478 } else {
8479 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
8480 max_len -= calculate_name_len(hdev);
8481
8482 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
8483 max_len -= 4;
8484 }
8485
8486 return max_len;
8487 }
8488
flags_managed(u32 adv_flags)8489 static bool flags_managed(u32 adv_flags)
8490 {
8491 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
8492 MGMT_ADV_FLAG_LIMITED_DISCOV |
8493 MGMT_ADV_FLAG_MANAGED_FLAGS);
8494 }
8495
tx_power_managed(u32 adv_flags)8496 static bool tx_power_managed(u32 adv_flags)
8497 {
8498 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
8499 }
8500
name_managed(u32 adv_flags)8501 static bool name_managed(u32 adv_flags)
8502 {
8503 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
8504 }
8505
appearance_managed(u32 adv_flags)8506 static bool appearance_managed(u32 adv_flags)
8507 {
8508 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
8509 }
8510
tlv_data_is_valid(struct hci_dev * hdev,u32 adv_flags,u8 * data,u8 len,bool is_adv_data)8511 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
8512 u8 len, bool is_adv_data)
8513 {
8514 int i, cur_len;
8515 u8 max_len;
8516
8517 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
8518
8519 if (len > max_len)
8520 return false;
8521
8522 /* Make sure that the data is correctly formatted. */
8523 for (i = 0; i < len; i += (cur_len + 1)) {
8524 cur_len = data[i];
8525
8526 if (!cur_len)
8527 continue;
8528
8529 if (data[i + 1] == EIR_FLAGS &&
8530 (!is_adv_data || flags_managed(adv_flags)))
8531 return false;
8532
8533 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
8534 return false;
8535
8536 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
8537 return false;
8538
8539 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
8540 return false;
8541
8542 if (data[i + 1] == EIR_APPEARANCE &&
8543 appearance_managed(adv_flags))
8544 return false;
8545
8546 /* If the current field length would exceed the total data
8547 * length, then it's invalid.
8548 */
8549 if (i + cur_len >= len)
8550 return false;
8551 }
8552
8553 return true;
8554 }
8555
requested_adv_flags_are_valid(struct hci_dev * hdev,u32 adv_flags)8556 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
8557 {
8558 u32 supported_flags, phy_flags;
8559
8560 /* The current implementation only supports a subset of the specified
8561 * flags. Also need to check mutual exclusiveness of sec flags.
8562 */
8563 supported_flags = get_supported_adv_flags(hdev);
8564 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
8565 if (adv_flags & ~supported_flags ||
8566 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
8567 return false;
8568
8569 return true;
8570 }
8571
adv_busy(struct hci_dev * hdev)8572 static bool adv_busy(struct hci_dev *hdev)
8573 {
8574 return pending_find(MGMT_OP_SET_LE, hdev);
8575 }
8576
add_adv_complete(struct hci_dev * hdev,struct sock * sk,u8 instance,int err)8577 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
8578 int err)
8579 {
8580 struct adv_info *adv, *n;
8581
8582 bt_dev_dbg(hdev, "err %d", err);
8583
8584 hci_dev_lock(hdev);
8585
8586 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
8587 u8 instance;
8588
8589 if (!adv->pending)
8590 continue;
8591
8592 if (!err) {
8593 adv->pending = false;
8594 continue;
8595 }
8596
8597 instance = adv->instance;
8598
8599 if (hdev->cur_adv_instance == instance)
8600 cancel_adv_timeout(hdev);
8601
8602 hci_remove_adv_instance(hdev, instance);
8603 mgmt_advertising_removed(sk, hdev, instance);
8604 }
8605
8606 hci_dev_unlock(hdev);
8607 }
8608
add_advertising_complete(struct hci_dev * hdev,void * data,int err)8609 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
8610 {
8611 struct mgmt_pending_cmd *cmd = data;
8612 struct mgmt_cp_add_advertising *cp = cmd->param;
8613 struct mgmt_rp_add_advertising rp;
8614
8615 memset(&rp, 0, sizeof(rp));
8616
8617 rp.instance = cp->instance;
8618
8619 if (err)
8620 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8621 mgmt_status(err));
8622 else
8623 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8624 mgmt_status(err), &rp, sizeof(rp));
8625
8626 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8627
8628 mgmt_pending_free(cmd);
8629 }
8630
add_advertising_sync(struct hci_dev * hdev,void * data)8631 static int add_advertising_sync(struct hci_dev *hdev, void *data)
8632 {
8633 struct mgmt_pending_cmd *cmd = data;
8634 struct mgmt_cp_add_advertising *cp = cmd->param;
8635
8636 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8637 }
8638
add_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)8639 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
8640 void *data, u16 data_len)
8641 {
8642 struct mgmt_cp_add_advertising *cp = data;
8643 struct mgmt_rp_add_advertising rp;
8644 u32 flags;
8645 u8 status;
8646 u16 timeout, duration;
8647 unsigned int prev_instance_cnt;
8648 u8 schedule_instance = 0;
8649 struct adv_info *adv, *next_instance;
8650 int err;
8651 struct mgmt_pending_cmd *cmd;
8652
8653 bt_dev_dbg(hdev, "sock %p", sk);
8654
8655 status = mgmt_le_support(hdev);
8656 if (status)
8657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8658 status);
8659
8660 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8662 MGMT_STATUS_INVALID_PARAMS);
8663
8664 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
8665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8666 MGMT_STATUS_INVALID_PARAMS);
8667
8668 flags = __le32_to_cpu(cp->flags);
8669 timeout = __le16_to_cpu(cp->timeout);
8670 duration = __le16_to_cpu(cp->duration);
8671
8672 if (!requested_adv_flags_are_valid(hdev, flags))
8673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8674 MGMT_STATUS_INVALID_PARAMS);
8675
8676 hci_dev_lock(hdev);
8677
8678 if (timeout && !hdev_is_powered(hdev)) {
8679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8680 MGMT_STATUS_REJECTED);
8681 goto unlock;
8682 }
8683
8684 if (adv_busy(hdev)) {
8685 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8686 MGMT_STATUS_BUSY);
8687 goto unlock;
8688 }
8689
8690 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8691 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
8692 cp->scan_rsp_len, false)) {
8693 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8694 MGMT_STATUS_INVALID_PARAMS);
8695 goto unlock;
8696 }
8697
8698 prev_instance_cnt = hdev->adv_instance_cnt;
8699
8700 adv = hci_add_adv_instance(hdev, cp->instance, flags,
8701 cp->adv_data_len, cp->data,
8702 cp->scan_rsp_len,
8703 cp->data + cp->adv_data_len,
8704 timeout, duration,
8705 HCI_ADV_TX_POWER_NO_PREFERENCE,
8706 hdev->le_adv_min_interval,
8707 hdev->le_adv_max_interval, 0);
8708 if (IS_ERR(adv)) {
8709 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8710 MGMT_STATUS_FAILED);
8711 goto unlock;
8712 }
8713
8714 /* Only trigger an advertising added event if a new instance was
8715 * actually added.
8716 */
8717 if (hdev->adv_instance_cnt > prev_instance_cnt)
8718 mgmt_advertising_added(sk, hdev, cp->instance);
8719
8720 if (hdev->cur_adv_instance == cp->instance) {
8721 /* If the currently advertised instance is being changed then
8722 * cancel the current advertising and schedule the next
8723 * instance. If there is only one instance then the overridden
8724 * advertising data will be visible right away.
8725 */
8726 cancel_adv_timeout(hdev);
8727
8728 next_instance = hci_get_next_instance(hdev, cp->instance);
8729 if (next_instance)
8730 schedule_instance = next_instance->instance;
8731 } else if (!hdev->adv_instance_timeout) {
8732 /* Immediately advertise the new instance if no other
8733 * instance is currently being advertised.
8734 */
8735 schedule_instance = cp->instance;
8736 }
8737
8738 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8739 * there is no instance to be advertised then we have no HCI
8740 * communication to make. Simply return.
8741 */
8742 if (!hdev_is_powered(hdev) ||
8743 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8744 !schedule_instance) {
8745 rp.instance = cp->instance;
8746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8747 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8748 goto unlock;
8749 }
8750
8751 /* We're good to go, update advertising data, parameters, and start
8752 * advertising.
8753 */
8754 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
8755 data_len);
8756 if (!cmd) {
8757 err = -ENOMEM;
8758 goto unlock;
8759 }
8760
8761 cp->instance = schedule_instance;
8762
8763 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8764 add_advertising_complete);
8765 if (err < 0)
8766 mgmt_pending_free(cmd);
8767
8768 unlock:
8769 hci_dev_unlock(hdev);
8770
8771 return err;
8772 }
8773
add_ext_adv_params_complete(struct hci_dev * hdev,void * data,int err)8774 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8775 int err)
8776 {
8777 struct mgmt_pending_cmd *cmd = data;
8778 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8779 struct mgmt_rp_add_ext_adv_params rp;
8780 struct adv_info *adv;
8781 u32 flags;
8782
8783 BT_DBG("%s", hdev->name);
8784
8785 hci_dev_lock(hdev);
8786
8787 adv = hci_find_adv_instance(hdev, cp->instance);
8788 if (!adv)
8789 goto unlock;
8790
8791 rp.instance = cp->instance;
8792 rp.tx_power = adv->tx_power;
8793
8794 /* While we're at it, inform userspace of the available space for this
8795 * advertisement, given the flags that will be used.
8796 */
8797 flags = __le32_to_cpu(cp->flags);
8798 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8799 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8800
8801 if (err) {
8802 /* If this advertisement was previously advertising and we
8803 * failed to update it, we signal that it has been removed and
8804 * delete its structure
8805 */
8806 if (!adv->pending)
8807 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8808
8809 hci_remove_adv_instance(hdev, cp->instance);
8810
8811 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8812 mgmt_status(err));
8813 } else {
8814 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8815 mgmt_status(err), &rp, sizeof(rp));
8816 }
8817
8818 unlock:
8819 if (cmd)
8820 mgmt_pending_free(cmd);
8821
8822 hci_dev_unlock(hdev);
8823 }
8824
add_ext_adv_params_sync(struct hci_dev * hdev,void * data)8825 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8826 {
8827 struct mgmt_pending_cmd *cmd = data;
8828 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8829
8830 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8831 }
8832
add_ext_adv_params(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)8833 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8834 void *data, u16 data_len)
8835 {
8836 struct mgmt_cp_add_ext_adv_params *cp = data;
8837 struct mgmt_rp_add_ext_adv_params rp;
8838 struct mgmt_pending_cmd *cmd = NULL;
8839 struct adv_info *adv;
8840 u32 flags, min_interval, max_interval;
8841 u16 timeout, duration;
8842 u8 status;
8843 s8 tx_power;
8844 int err;
8845
8846 BT_DBG("%s", hdev->name);
8847
8848 status = mgmt_le_support(hdev);
8849 if (status)
8850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8851 status);
8852
8853 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8854 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8855 MGMT_STATUS_INVALID_PARAMS);
8856
8857 /* The purpose of breaking add_advertising into two separate MGMT calls
8858 * for params and data is to allow more parameters to be added to this
8859 * structure in the future. For this reason, we verify that we have the
8860 * bare minimum structure we know of when the interface was defined. Any
8861 * extra parameters we don't know about will be ignored in this request.
8862 */
8863 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
8864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8865 MGMT_STATUS_INVALID_PARAMS);
8866
8867 flags = __le32_to_cpu(cp->flags);
8868
8869 if (!requested_adv_flags_are_valid(hdev, flags))
8870 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8871 MGMT_STATUS_INVALID_PARAMS);
8872
8873 hci_dev_lock(hdev);
8874
8875 /* In new interface, we require that we are powered to register */
8876 if (!hdev_is_powered(hdev)) {
8877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8878 MGMT_STATUS_REJECTED);
8879 goto unlock;
8880 }
8881
8882 if (adv_busy(hdev)) {
8883 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8884 MGMT_STATUS_BUSY);
8885 goto unlock;
8886 }
8887
8888 /* Parse defined parameters from request, use defaults otherwise */
8889 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8890 __le16_to_cpu(cp->timeout) : 0;
8891
8892 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8893 __le16_to_cpu(cp->duration) :
8894 hdev->def_multi_adv_rotation_duration;
8895
8896 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8897 __le32_to_cpu(cp->min_interval) :
8898 hdev->le_adv_min_interval;
8899
8900 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8901 __le32_to_cpu(cp->max_interval) :
8902 hdev->le_adv_max_interval;
8903
8904 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8905 cp->tx_power :
8906 HCI_ADV_TX_POWER_NO_PREFERENCE;
8907
8908 /* Create advertising instance with no advertising or response data */
8909 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
8910 timeout, duration, tx_power, min_interval,
8911 max_interval, 0);
8912
8913 if (IS_ERR(adv)) {
8914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8915 MGMT_STATUS_FAILED);
8916 goto unlock;
8917 }
8918
8919 /* Submit request for advertising params if ext adv available */
8920 if (ext_adv_capable(hdev)) {
8921 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8922 data, data_len);
8923 if (!cmd) {
8924 err = -ENOMEM;
8925 hci_remove_adv_instance(hdev, cp->instance);
8926 goto unlock;
8927 }
8928
8929 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8930 add_ext_adv_params_complete);
8931 if (err < 0)
8932 mgmt_pending_free(cmd);
8933 } else {
8934 rp.instance = cp->instance;
8935 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8936 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8937 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8938 err = mgmt_cmd_complete(sk, hdev->id,
8939 MGMT_OP_ADD_EXT_ADV_PARAMS,
8940 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8941 }
8942
8943 unlock:
8944 hci_dev_unlock(hdev);
8945
8946 return err;
8947 }
8948
add_ext_adv_data_complete(struct hci_dev * hdev,void * data,int err)8949 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8950 {
8951 struct mgmt_pending_cmd *cmd = data;
8952 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8953 struct mgmt_rp_add_advertising rp;
8954
8955 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8956
8957 memset(&rp, 0, sizeof(rp));
8958
8959 rp.instance = cp->instance;
8960
8961 if (err)
8962 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8963 mgmt_status(err));
8964 else
8965 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8966 mgmt_status(err), &rp, sizeof(rp));
8967
8968 mgmt_pending_free(cmd);
8969 }
8970
add_ext_adv_data_sync(struct hci_dev * hdev,void * data)8971 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8972 {
8973 struct mgmt_pending_cmd *cmd = data;
8974 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8975 int err;
8976
8977 if (ext_adv_capable(hdev)) {
8978 err = hci_update_adv_data_sync(hdev, cp->instance);
8979 if (err)
8980 return err;
8981
8982 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8983 if (err)
8984 return err;
8985
8986 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8987 }
8988
8989 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8990 }
8991
add_ext_adv_data(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)8992 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8993 u16 data_len)
8994 {
8995 struct mgmt_cp_add_ext_adv_data *cp = data;
8996 struct mgmt_rp_add_ext_adv_data rp;
8997 u8 schedule_instance = 0;
8998 struct adv_info *next_instance;
8999 struct adv_info *adv_instance;
9000 int err = 0;
9001 struct mgmt_pending_cmd *cmd;
9002
9003 BT_DBG("%s", hdev->name);
9004
9005 hci_dev_lock(hdev);
9006
9007 adv_instance = hci_find_adv_instance(hdev, cp->instance);
9008
9009 if (!adv_instance) {
9010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9011 MGMT_STATUS_INVALID_PARAMS);
9012 goto unlock;
9013 }
9014
9015 /* In new interface, we require that we are powered to register */
9016 if (!hdev_is_powered(hdev)) {
9017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9018 MGMT_STATUS_REJECTED);
9019 goto clear_new_instance;
9020 }
9021
9022 if (adv_busy(hdev)) {
9023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9024 MGMT_STATUS_BUSY);
9025 goto clear_new_instance;
9026 }
9027
9028 /* Validate new data */
9029 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
9030 cp->adv_data_len, true) ||
9031 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
9032 cp->adv_data_len, cp->scan_rsp_len, false)) {
9033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9034 MGMT_STATUS_INVALID_PARAMS);
9035 goto clear_new_instance;
9036 }
9037
9038 /* Set the data in the advertising instance */
9039 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
9040 cp->data, cp->scan_rsp_len,
9041 cp->data + cp->adv_data_len);
9042
9043 /* If using software rotation, determine next instance to use */
9044 if (hdev->cur_adv_instance == cp->instance) {
9045 /* If the currently advertised instance is being changed
9046 * then cancel the current advertising and schedule the
9047 * next instance. If there is only one instance then the
9048 * overridden advertising data will be visible right
9049 * away
9050 */
9051 cancel_adv_timeout(hdev);
9052
9053 next_instance = hci_get_next_instance(hdev, cp->instance);
9054 if (next_instance)
9055 schedule_instance = next_instance->instance;
9056 } else if (!hdev->adv_instance_timeout) {
9057 /* Immediately advertise the new instance if no other
9058 * instance is currently being advertised.
9059 */
9060 schedule_instance = cp->instance;
9061 }
9062
9063 /* If the HCI_ADVERTISING flag is set or there is no instance to
9064 * be advertised then we have no HCI communication to make.
9065 * Simply return.
9066 */
9067 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
9068 if (adv_instance->pending) {
9069 mgmt_advertising_added(sk, hdev, cp->instance);
9070 adv_instance->pending = false;
9071 }
9072 rp.instance = cp->instance;
9073 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9074 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9075 goto unlock;
9076 }
9077
9078 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
9079 data_len);
9080 if (!cmd) {
9081 err = -ENOMEM;
9082 goto clear_new_instance;
9083 }
9084
9085 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
9086 add_ext_adv_data_complete);
9087 if (err < 0) {
9088 mgmt_pending_free(cmd);
9089 goto clear_new_instance;
9090 }
9091
9092 /* We were successful in updating data, so trigger advertising_added
9093 * event if this is an instance that wasn't previously advertising. If
9094 * a failure occurs in the requests we initiated, we will remove the
9095 * instance again in add_advertising_complete
9096 */
9097 if (adv_instance->pending)
9098 mgmt_advertising_added(sk, hdev, cp->instance);
9099
9100 goto unlock;
9101
9102 clear_new_instance:
9103 hci_remove_adv_instance(hdev, cp->instance);
9104
9105 unlock:
9106 hci_dev_unlock(hdev);
9107
9108 return err;
9109 }
9110
remove_advertising_complete(struct hci_dev * hdev,void * data,int err)9111 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
9112 int err)
9113 {
9114 struct mgmt_pending_cmd *cmd = data;
9115 struct mgmt_cp_remove_advertising *cp = cmd->param;
9116 struct mgmt_rp_remove_advertising rp;
9117
9118 bt_dev_dbg(hdev, "err %d", err);
9119
9120 memset(&rp, 0, sizeof(rp));
9121 rp.instance = cp->instance;
9122
9123 if (err)
9124 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
9125 mgmt_status(err));
9126 else
9127 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
9128 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9129
9130 mgmt_pending_free(cmd);
9131 }
9132
remove_advertising_sync(struct hci_dev * hdev,void * data)9133 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
9134 {
9135 struct mgmt_pending_cmd *cmd = data;
9136 struct mgmt_cp_remove_advertising *cp = cmd->param;
9137 int err;
9138
9139 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
9140 if (err)
9141 return err;
9142
9143 if (list_empty(&hdev->adv_instances))
9144 err = hci_disable_advertising_sync(hdev);
9145
9146 return err;
9147 }
9148
remove_advertising(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)9149 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
9150 void *data, u16 data_len)
9151 {
9152 struct mgmt_cp_remove_advertising *cp = data;
9153 struct mgmt_pending_cmd *cmd;
9154 int err;
9155
9156 bt_dev_dbg(hdev, "sock %p", sk);
9157
9158 hci_dev_lock(hdev);
9159
9160 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
9161 err = mgmt_cmd_status(sk, hdev->id,
9162 MGMT_OP_REMOVE_ADVERTISING,
9163 MGMT_STATUS_INVALID_PARAMS);
9164 goto unlock;
9165 }
9166
9167 if (pending_find(MGMT_OP_SET_LE, hdev)) {
9168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9169 MGMT_STATUS_BUSY);
9170 goto unlock;
9171 }
9172
9173 if (list_empty(&hdev->adv_instances)) {
9174 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9175 MGMT_STATUS_INVALID_PARAMS);
9176 goto unlock;
9177 }
9178
9179 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
9180 data_len);
9181 if (!cmd) {
9182 err = -ENOMEM;
9183 goto unlock;
9184 }
9185
9186 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
9187 remove_advertising_complete);
9188 if (err < 0)
9189 mgmt_pending_free(cmd);
9190
9191 unlock:
9192 hci_dev_unlock(hdev);
9193
9194 return err;
9195 }
9196
get_adv_size_info(struct sock * sk,struct hci_dev * hdev,void * data,u16 data_len)9197 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
9198 void *data, u16 data_len)
9199 {
9200 struct mgmt_cp_get_adv_size_info *cp = data;
9201 struct mgmt_rp_get_adv_size_info rp;
9202 u32 flags, supported_flags;
9203
9204 bt_dev_dbg(hdev, "sock %p", sk);
9205
9206 if (!lmp_le_capable(hdev))
9207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9208 MGMT_STATUS_REJECTED);
9209
9210 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
9211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9212 MGMT_STATUS_INVALID_PARAMS);
9213
9214 flags = __le32_to_cpu(cp->flags);
9215
9216 /* The current implementation only supports a subset of the specified
9217 * flags.
9218 */
9219 supported_flags = get_supported_adv_flags(hdev);
9220 if (flags & ~supported_flags)
9221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9222 MGMT_STATUS_INVALID_PARAMS);
9223
9224 rp.instance = cp->instance;
9225 rp.flags = cp->flags;
9226 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
9227 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
9228
9229 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9230 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9231 }
9232
9233 static const struct hci_mgmt_handler mgmt_handlers[] = {
9234 { NULL }, /* 0x0000 (no command) */
9235 { read_version, MGMT_READ_VERSION_SIZE,
9236 HCI_MGMT_NO_HDEV |
9237 HCI_MGMT_UNTRUSTED },
9238 { read_commands, MGMT_READ_COMMANDS_SIZE,
9239 HCI_MGMT_NO_HDEV |
9240 HCI_MGMT_UNTRUSTED },
9241 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
9242 HCI_MGMT_NO_HDEV |
9243 HCI_MGMT_UNTRUSTED },
9244 { read_controller_info, MGMT_READ_INFO_SIZE,
9245 HCI_MGMT_UNTRUSTED },
9246 { set_powered, MGMT_SETTING_SIZE },
9247 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
9248 { set_connectable, MGMT_SETTING_SIZE },
9249 { set_fast_connectable, MGMT_SETTING_SIZE },
9250 { set_bondable, MGMT_SETTING_SIZE },
9251 { set_link_security, MGMT_SETTING_SIZE },
9252 { set_ssp, MGMT_SETTING_SIZE },
9253 { set_hs, MGMT_SETTING_SIZE },
9254 { set_le, MGMT_SETTING_SIZE },
9255 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
9256 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
9257 { add_uuid, MGMT_ADD_UUID_SIZE },
9258 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
9259 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
9260 HCI_MGMT_VAR_LEN },
9261 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
9262 HCI_MGMT_VAR_LEN },
9263 { disconnect, MGMT_DISCONNECT_SIZE },
9264 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
9265 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
9266 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
9267 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
9268 { pair_device, MGMT_PAIR_DEVICE_SIZE },
9269 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
9270 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
9271 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
9272 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
9273 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
9274 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
9275 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
9276 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
9277 HCI_MGMT_VAR_LEN },
9278 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
9279 { start_discovery, MGMT_START_DISCOVERY_SIZE },
9280 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
9281 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
9282 { block_device, MGMT_BLOCK_DEVICE_SIZE },
9283 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
9284 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
9285 { set_advertising, MGMT_SETTING_SIZE },
9286 { set_bredr, MGMT_SETTING_SIZE },
9287 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
9288 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
9289 { set_secure_conn, MGMT_SETTING_SIZE },
9290 { set_debug_keys, MGMT_SETTING_SIZE },
9291 { set_privacy, MGMT_SET_PRIVACY_SIZE },
9292 { load_irks, MGMT_LOAD_IRKS_SIZE,
9293 HCI_MGMT_VAR_LEN },
9294 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
9295 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
9296 { add_device, MGMT_ADD_DEVICE_SIZE },
9297 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
9298 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
9299 HCI_MGMT_VAR_LEN },
9300 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
9301 HCI_MGMT_NO_HDEV |
9302 HCI_MGMT_UNTRUSTED },
9303 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
9304 HCI_MGMT_UNCONFIGURED |
9305 HCI_MGMT_UNTRUSTED },
9306 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
9307 HCI_MGMT_UNCONFIGURED },
9308 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
9309 HCI_MGMT_UNCONFIGURED },
9310 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
9311 HCI_MGMT_VAR_LEN },
9312 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
9313 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
9314 HCI_MGMT_NO_HDEV |
9315 HCI_MGMT_UNTRUSTED },
9316 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
9317 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
9318 HCI_MGMT_VAR_LEN },
9319 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
9320 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
9321 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
9322 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
9323 HCI_MGMT_UNTRUSTED },
9324 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
9325 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
9326 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
9327 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
9328 HCI_MGMT_VAR_LEN },
9329 { set_wideband_speech, MGMT_SETTING_SIZE },
9330 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
9331 HCI_MGMT_UNTRUSTED },
9332 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
9333 HCI_MGMT_UNTRUSTED |
9334 HCI_MGMT_HDEV_OPTIONAL },
9335 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
9336 HCI_MGMT_VAR_LEN |
9337 HCI_MGMT_HDEV_OPTIONAL },
9338 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
9339 HCI_MGMT_UNTRUSTED },
9340 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
9341 HCI_MGMT_VAR_LEN },
9342 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
9343 HCI_MGMT_UNTRUSTED },
9344 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
9345 HCI_MGMT_VAR_LEN },
9346 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
9347 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
9348 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
9349 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
9350 HCI_MGMT_VAR_LEN },
9351 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
9352 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
9353 HCI_MGMT_VAR_LEN },
9354 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
9355 HCI_MGMT_VAR_LEN },
9356 { add_adv_patterns_monitor_rssi,
9357 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
9358 HCI_MGMT_VAR_LEN },
9359 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
9360 HCI_MGMT_VAR_LEN },
9361 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
9362 { mesh_send, MGMT_MESH_SEND_SIZE,
9363 HCI_MGMT_VAR_LEN },
9364 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
9365 };
9366
mgmt_index_added(struct hci_dev * hdev)9367 void mgmt_index_added(struct hci_dev *hdev)
9368 {
9369 struct mgmt_ev_ext_index ev;
9370
9371 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9372 return;
9373
9374 switch (hdev->dev_type) {
9375 case HCI_PRIMARY:
9376 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9377 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
9378 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
9379 ev.type = 0x01;
9380 } else {
9381 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
9382 HCI_MGMT_INDEX_EVENTS);
9383 ev.type = 0x00;
9384 }
9385 break;
9386 case HCI_AMP:
9387 ev.type = 0x02;
9388 break;
9389 default:
9390 return;
9391 }
9392
9393 ev.bus = hdev->bus;
9394
9395 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
9396 HCI_MGMT_EXT_INDEX_EVENTS);
9397 }
9398
mgmt_index_removed(struct hci_dev * hdev)9399 void mgmt_index_removed(struct hci_dev *hdev)
9400 {
9401 struct mgmt_ev_ext_index ev;
9402 u8 status = MGMT_STATUS_INVALID_INDEX;
9403
9404 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9405 return;
9406
9407 switch (hdev->dev_type) {
9408 case HCI_PRIMARY:
9409 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
9410
9411 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9412 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
9413 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
9414 ev.type = 0x01;
9415 } else {
9416 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
9417 HCI_MGMT_INDEX_EVENTS);
9418 ev.type = 0x00;
9419 }
9420 break;
9421 case HCI_AMP:
9422 ev.type = 0x02;
9423 break;
9424 default:
9425 return;
9426 }
9427
9428 ev.bus = hdev->bus;
9429
9430 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
9431 HCI_MGMT_EXT_INDEX_EVENTS);
9432
9433 /* Cancel any remaining timed work */
9434 if (!hci_dev_test_flag(hdev, HCI_MGMT))
9435 return;
9436 cancel_delayed_work_sync(&hdev->discov_off);
9437 cancel_delayed_work_sync(&hdev->service_cache);
9438 cancel_delayed_work_sync(&hdev->rpa_expired);
9439 }
9440
mgmt_power_on(struct hci_dev * hdev,int err)9441 void mgmt_power_on(struct hci_dev *hdev, int err)
9442 {
9443 struct cmd_lookup match = { NULL, hdev };
9444
9445 bt_dev_dbg(hdev, "err %d", err);
9446
9447 hci_dev_lock(hdev);
9448
9449 if (!err) {
9450 restart_le_actions(hdev);
9451 hci_update_passive_scan(hdev);
9452 }
9453
9454 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9455
9456 new_settings(hdev, match.sk);
9457
9458 if (match.sk)
9459 sock_put(match.sk);
9460
9461 hci_dev_unlock(hdev);
9462 }
9463
__mgmt_power_off(struct hci_dev * hdev)9464 void __mgmt_power_off(struct hci_dev *hdev)
9465 {
9466 struct cmd_lookup match = { NULL, hdev };
9467 u8 status, zero_cod[] = { 0, 0, 0 };
9468
9469 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9470
9471 /* If the power off is because of hdev unregistration let
9472 * use the appropriate INVALID_INDEX status. Otherwise use
9473 * NOT_POWERED. We cover both scenarios here since later in
9474 * mgmt_index_removed() any hci_conn callbacks will have already
9475 * been triggered, potentially causing misleading DISCONNECTED
9476 * status responses.
9477 */
9478 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9479 status = MGMT_STATUS_INVALID_INDEX;
9480 else
9481 status = MGMT_STATUS_NOT_POWERED;
9482
9483 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
9484
9485 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
9486 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
9487 zero_cod, sizeof(zero_cod),
9488 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9489 ext_info_changed(hdev, NULL);
9490 }
9491
9492 new_settings(hdev, match.sk);
9493
9494 if (match.sk)
9495 sock_put(match.sk);
9496 }
9497
mgmt_set_powered_failed(struct hci_dev * hdev,int err)9498 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
9499 {
9500 struct mgmt_pending_cmd *cmd;
9501 u8 status;
9502
9503 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
9504 if (!cmd)
9505 return;
9506
9507 if (err == -ERFKILL)
9508 status = MGMT_STATUS_RFKILLED;
9509 else
9510 status = MGMT_STATUS_FAILED;
9511
9512 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
9513
9514 mgmt_pending_remove(cmd);
9515 }
9516
mgmt_new_link_key(struct hci_dev * hdev,struct link_key * key,bool persistent)9517 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
9518 bool persistent)
9519 {
9520 struct mgmt_ev_new_link_key ev;
9521
9522 memset(&ev, 0, sizeof(ev));
9523
9524 ev.store_hint = persistent;
9525 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
9526 ev.key.addr.type = BDADDR_BREDR;
9527 ev.key.type = key->type;
9528 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
9529 ev.key.pin_len = key->pin_len;
9530
9531 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
9532 }
9533
mgmt_ltk_type(struct smp_ltk * ltk)9534 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
9535 {
9536 switch (ltk->type) {
9537 case SMP_LTK:
9538 case SMP_LTK_RESPONDER:
9539 if (ltk->authenticated)
9540 return MGMT_LTK_AUTHENTICATED;
9541 return MGMT_LTK_UNAUTHENTICATED;
9542 case SMP_LTK_P256:
9543 if (ltk->authenticated)
9544 return MGMT_LTK_P256_AUTH;
9545 return MGMT_LTK_P256_UNAUTH;
9546 case SMP_LTK_P256_DEBUG:
9547 return MGMT_LTK_P256_DEBUG;
9548 }
9549
9550 return MGMT_LTK_UNAUTHENTICATED;
9551 }
9552
mgmt_new_ltk(struct hci_dev * hdev,struct smp_ltk * key,bool persistent)9553 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
9554 {
9555 struct mgmt_ev_new_long_term_key ev;
9556
9557 memset(&ev, 0, sizeof(ev));
9558
9559 /* Devices using resolvable or non-resolvable random addresses
9560 * without providing an identity resolving key don't require
9561 * to store long term keys. Their addresses will change the
9562 * next time around.
9563 *
9564 * Only when a remote device provides an identity address
9565 * make sure the long term key is stored. If the remote
9566 * identity is known, the long term keys are internally
9567 * mapped to the identity address. So allow static random
9568 * and public addresses here.
9569 */
9570 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9571 (key->bdaddr.b[5] & 0xc0) != 0xc0)
9572 ev.store_hint = 0x00;
9573 else
9574 ev.store_hint = persistent;
9575
9576 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
9577 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
9578 ev.key.type = mgmt_ltk_type(key);
9579 ev.key.enc_size = key->enc_size;
9580 ev.key.ediv = key->ediv;
9581 ev.key.rand = key->rand;
9582
9583 if (key->type == SMP_LTK)
9584 ev.key.initiator = 1;
9585
9586 /* Make sure we copy only the significant bytes based on the
9587 * encryption key size, and set the rest of the value to zeroes.
9588 */
9589 memcpy(ev.key.val, key->val, key->enc_size);
9590 memset(ev.key.val + key->enc_size, 0,
9591 sizeof(ev.key.val) - key->enc_size);
9592
9593 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
9594 }
9595
mgmt_new_irk(struct hci_dev * hdev,struct smp_irk * irk,bool persistent)9596 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
9597 {
9598 struct mgmt_ev_new_irk ev;
9599
9600 memset(&ev, 0, sizeof(ev));
9601
9602 ev.store_hint = persistent;
9603
9604 bacpy(&ev.rpa, &irk->rpa);
9605 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
9606 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
9607 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
9608
9609 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
9610 }
9611
mgmt_new_csrk(struct hci_dev * hdev,struct smp_csrk * csrk,bool persistent)9612 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
9613 bool persistent)
9614 {
9615 struct mgmt_ev_new_csrk ev;
9616
9617 memset(&ev, 0, sizeof(ev));
9618
9619 /* Devices using resolvable or non-resolvable random addresses
9620 * without providing an identity resolving key don't require
9621 * to store signature resolving keys. Their addresses will change
9622 * the next time around.
9623 *
9624 * Only when a remote device provides an identity address
9625 * make sure the signature resolving key is stored. So allow
9626 * static random and public addresses here.
9627 */
9628 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9629 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
9630 ev.store_hint = 0x00;
9631 else
9632 ev.store_hint = persistent;
9633
9634 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
9635 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
9636 ev.key.type = csrk->type;
9637 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
9638
9639 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
9640 }
9641
mgmt_new_conn_param(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 bdaddr_type,u8 store_hint,u16 min_interval,u16 max_interval,u16 latency,u16 timeout)9642 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
9643 u8 bdaddr_type, u8 store_hint, u16 min_interval,
9644 u16 max_interval, u16 latency, u16 timeout)
9645 {
9646 struct mgmt_ev_new_conn_param ev;
9647
9648 if (!hci_is_identity_address(bdaddr, bdaddr_type))
9649 return;
9650
9651 memset(&ev, 0, sizeof(ev));
9652 bacpy(&ev.addr.bdaddr, bdaddr);
9653 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
9654 ev.store_hint = store_hint;
9655 ev.min_interval = cpu_to_le16(min_interval);
9656 ev.max_interval = cpu_to_le16(max_interval);
9657 ev.latency = cpu_to_le16(latency);
9658 ev.timeout = cpu_to_le16(timeout);
9659
9660 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
9661 }
9662
mgmt_device_connected(struct hci_dev * hdev,struct hci_conn * conn,u8 * name,u8 name_len)9663 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
9664 u8 *name, u8 name_len)
9665 {
9666 struct sk_buff *skb;
9667 struct mgmt_ev_device_connected *ev;
9668 u16 eir_len = 0;
9669 u32 flags = 0;
9670
9671 /* allocate buff for LE or BR/EDR adv */
9672 if (conn->le_adv_data_len > 0)
9673 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
9674 sizeof(*ev) + conn->le_adv_data_len);
9675 else
9676 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
9677 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
9678 eir_precalc_len(sizeof(conn->dev_class)));
9679
9680 ev = skb_put(skb, sizeof(*ev));
9681 bacpy(&ev->addr.bdaddr, &conn->dst);
9682 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9683
9684 if (conn->out)
9685 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9686
9687 ev->flags = __cpu_to_le32(flags);
9688
9689 /* We must ensure that the EIR Data fields are ordered and
9690 * unique. Keep it simple for now and avoid the problem by not
9691 * adding any BR/EDR data to the LE adv.
9692 */
9693 if (conn->le_adv_data_len > 0) {
9694 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
9695 eir_len = conn->le_adv_data_len;
9696 } else {
9697 if (name)
9698 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
9699
9700 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
9701 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
9702 conn->dev_class, sizeof(conn->dev_class));
9703 }
9704
9705 ev->eir_len = cpu_to_le16(eir_len);
9706
9707 mgmt_event_skb(skb, NULL);
9708 }
9709
disconnect_rsp(struct mgmt_pending_cmd * cmd,void * data)9710 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
9711 {
9712 struct sock **sk = data;
9713
9714 cmd->cmd_complete(cmd, 0);
9715
9716 *sk = cmd->sk;
9717 sock_hold(*sk);
9718
9719 mgmt_pending_remove(cmd);
9720 }
9721
unpair_device_rsp(struct mgmt_pending_cmd * cmd,void * data)9722 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
9723 {
9724 struct hci_dev *hdev = data;
9725 struct mgmt_cp_unpair_device *cp = cmd->param;
9726
9727 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9728
9729 cmd->cmd_complete(cmd, 0);
9730 mgmt_pending_remove(cmd);
9731 }
9732
mgmt_powering_down(struct hci_dev * hdev)9733 bool mgmt_powering_down(struct hci_dev *hdev)
9734 {
9735 struct mgmt_pending_cmd *cmd;
9736 struct mgmt_mode *cp;
9737
9738 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
9739 if (!cmd)
9740 return false;
9741
9742 cp = cmd->param;
9743 if (!cp->val)
9744 return true;
9745
9746 return false;
9747 }
9748
mgmt_device_disconnected(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 reason,bool mgmt_connected)9749 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
9750 u8 link_type, u8 addr_type, u8 reason,
9751 bool mgmt_connected)
9752 {
9753 struct mgmt_ev_device_disconnected ev;
9754 struct sock *sk = NULL;
9755
9756 /* The connection is still in hci_conn_hash so test for 1
9757 * instead of 0 to know if this is the last one.
9758 */
9759 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9760 cancel_delayed_work(&hdev->power_off);
9761 queue_work(hdev->req_workqueue, &hdev->power_off.work);
9762 }
9763
9764 if (!mgmt_connected)
9765 return;
9766
9767 if (link_type != ACL_LINK && link_type != LE_LINK)
9768 return;
9769
9770 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
9771
9772 bacpy(&ev.addr.bdaddr, bdaddr);
9773 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9774 ev.reason = reason;
9775
9776 /* Report disconnects due to suspend */
9777 if (hdev->suspended)
9778 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9779
9780 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
9781
9782 if (sk)
9783 sock_put(sk);
9784
9785 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9786 hdev);
9787 }
9788
mgmt_disconnect_failed(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9789 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9790 u8 link_type, u8 addr_type, u8 status)
9791 {
9792 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9793 struct mgmt_cp_disconnect *cp;
9794 struct mgmt_pending_cmd *cmd;
9795
9796 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9797 hdev);
9798
9799 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
9800 if (!cmd)
9801 return;
9802
9803 cp = cmd->param;
9804
9805 if (bacmp(bdaddr, &cp->addr.bdaddr))
9806 return;
9807
9808 if (cp->addr.type != bdaddr_type)
9809 return;
9810
9811 cmd->cmd_complete(cmd, mgmt_status(status));
9812 mgmt_pending_remove(cmd);
9813 }
9814
mgmt_connect_failed(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9815 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9816 u8 addr_type, u8 status)
9817 {
9818 struct mgmt_ev_connect_failed ev;
9819
9820 /* The connection is still in hci_conn_hash so test for 1
9821 * instead of 0 to know if this is the last one.
9822 */
9823 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9824 cancel_delayed_work(&hdev->power_off);
9825 queue_work(hdev->req_workqueue, &hdev->power_off.work);
9826 }
9827
9828 bacpy(&ev.addr.bdaddr, bdaddr);
9829 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9830 ev.status = mgmt_status(status);
9831
9832 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
9833 }
9834
mgmt_pin_code_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 secure)9835 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
9836 {
9837 struct mgmt_ev_pin_code_request ev;
9838
9839 bacpy(&ev.addr.bdaddr, bdaddr);
9840 ev.addr.type = BDADDR_BREDR;
9841 ev.secure = secure;
9842
9843 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
9844 }
9845
mgmt_pin_code_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 status)9846 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9847 u8 status)
9848 {
9849 struct mgmt_pending_cmd *cmd;
9850
9851 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
9852 if (!cmd)
9853 return;
9854
9855 cmd->cmd_complete(cmd, mgmt_status(status));
9856 mgmt_pending_remove(cmd);
9857 }
9858
mgmt_pin_code_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 status)9859 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9860 u8 status)
9861 {
9862 struct mgmt_pending_cmd *cmd;
9863
9864 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
9865 if (!cmd)
9866 return;
9867
9868 cmd->cmd_complete(cmd, mgmt_status(status));
9869 mgmt_pending_remove(cmd);
9870 }
9871
mgmt_user_confirm_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u32 value,u8 confirm_hint)9872 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9873 u8 link_type, u8 addr_type, u32 value,
9874 u8 confirm_hint)
9875 {
9876 struct mgmt_ev_user_confirm_request ev;
9877
9878 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9879
9880 bacpy(&ev.addr.bdaddr, bdaddr);
9881 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9882 ev.confirm_hint = confirm_hint;
9883 ev.value = cpu_to_le32(value);
9884
9885 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
9886 NULL);
9887 }
9888
mgmt_user_passkey_request(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type)9889 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9890 u8 link_type, u8 addr_type)
9891 {
9892 struct mgmt_ev_user_passkey_request ev;
9893
9894 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9895
9896 bacpy(&ev.addr.bdaddr, bdaddr);
9897 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9898
9899 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
9900 NULL);
9901 }
9902
user_pairing_resp_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status,u8 opcode)9903 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9904 u8 link_type, u8 addr_type, u8 status,
9905 u8 opcode)
9906 {
9907 struct mgmt_pending_cmd *cmd;
9908
9909 cmd = pending_find(opcode, hdev);
9910 if (!cmd)
9911 return -ENOENT;
9912
9913 cmd->cmd_complete(cmd, mgmt_status(status));
9914 mgmt_pending_remove(cmd);
9915
9916 return 0;
9917 }
9918
mgmt_user_confirm_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9919 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9920 u8 link_type, u8 addr_type, u8 status)
9921 {
9922 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9923 status, MGMT_OP_USER_CONFIRM_REPLY);
9924 }
9925
mgmt_user_confirm_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9926 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9927 u8 link_type, u8 addr_type, u8 status)
9928 {
9929 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9930 status,
9931 MGMT_OP_USER_CONFIRM_NEG_REPLY);
9932 }
9933
mgmt_user_passkey_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9934 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9935 u8 link_type, u8 addr_type, u8 status)
9936 {
9937 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9938 status, MGMT_OP_USER_PASSKEY_REPLY);
9939 }
9940
mgmt_user_passkey_neg_reply_complete(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 status)9941 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9942 u8 link_type, u8 addr_type, u8 status)
9943 {
9944 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9945 status,
9946 MGMT_OP_USER_PASSKEY_NEG_REPLY);
9947 }
9948
mgmt_user_passkey_notify(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u32 passkey,u8 entered)9949 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9950 u8 link_type, u8 addr_type, u32 passkey,
9951 u8 entered)
9952 {
9953 struct mgmt_ev_passkey_notify ev;
9954
9955 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9956
9957 bacpy(&ev.addr.bdaddr, bdaddr);
9958 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9959 ev.passkey = __cpu_to_le32(passkey);
9960 ev.entered = entered;
9961
9962 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9963 }
9964
mgmt_auth_failed(struct hci_conn * conn,u8 hci_status)9965 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9966 {
9967 struct mgmt_ev_auth_failed ev;
9968 struct mgmt_pending_cmd *cmd;
9969 u8 status = mgmt_status(hci_status);
9970
9971 bacpy(&ev.addr.bdaddr, &conn->dst);
9972 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9973 ev.status = status;
9974
9975 cmd = find_pairing(conn);
9976
9977 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9978 cmd ? cmd->sk : NULL);
9979
9980 if (cmd) {
9981 cmd->cmd_complete(cmd, status);
9982 mgmt_pending_remove(cmd);
9983 }
9984 }
9985
mgmt_auth_enable_complete(struct hci_dev * hdev,u8 status)9986 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9987 {
9988 struct cmd_lookup match = { NULL, hdev };
9989 bool changed;
9990
9991 if (status) {
9992 u8 mgmt_err = mgmt_status(status);
9993 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9994 cmd_status_rsp, &mgmt_err);
9995 return;
9996 }
9997
9998 if (test_bit(HCI_AUTH, &hdev->flags))
9999 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
10000 else
10001 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
10002
10003 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
10004 &match);
10005
10006 if (changed)
10007 new_settings(hdev, match.sk);
10008
10009 if (match.sk)
10010 sock_put(match.sk);
10011 }
10012
sk_lookup(struct mgmt_pending_cmd * cmd,void * data)10013 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
10014 {
10015 struct cmd_lookup *match = data;
10016
10017 if (match->sk == NULL) {
10018 match->sk = cmd->sk;
10019 sock_hold(match->sk);
10020 }
10021 }
10022
mgmt_set_class_of_dev_complete(struct hci_dev * hdev,u8 * dev_class,u8 status)10023 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
10024 u8 status)
10025 {
10026 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
10027
10028 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
10029 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
10030 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
10031
10032 if (!status) {
10033 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
10034 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
10035 ext_info_changed(hdev, NULL);
10036 }
10037
10038 if (match.sk)
10039 sock_put(match.sk);
10040 }
10041
mgmt_set_local_name_complete(struct hci_dev * hdev,u8 * name,u8 status)10042 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
10043 {
10044 struct mgmt_cp_set_local_name ev;
10045 struct mgmt_pending_cmd *cmd;
10046
10047 if (status)
10048 return;
10049
10050 memset(&ev, 0, sizeof(ev));
10051 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
10052 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
10053
10054 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
10055 if (!cmd) {
10056 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
10057
10058 /* If this is a HCI command related to powering on the
10059 * HCI dev don't send any mgmt signals.
10060 */
10061 if (pending_find(MGMT_OP_SET_POWERED, hdev))
10062 return;
10063 }
10064
10065 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
10066 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
10067 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
10068 }
10069
has_uuid(u8 * uuid,u16 uuid_count,u8 (* uuids)[16])10070 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
10071 {
10072 int i;
10073
10074 for (i = 0; i < uuid_count; i++) {
10075 if (!memcmp(uuid, uuids[i], 16))
10076 return true;
10077 }
10078
10079 return false;
10080 }
10081
eir_has_uuids(u8 * eir,u16 eir_len,u16 uuid_count,u8 (* uuids)[16])10082 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
10083 {
10084 u16 parsed = 0;
10085
10086 while (parsed < eir_len) {
10087 u8 field_len = eir[0];
10088 u8 uuid[16];
10089 int i;
10090
10091 if (field_len == 0)
10092 break;
10093
10094 if (eir_len - parsed < field_len + 1)
10095 break;
10096
10097 switch (eir[1]) {
10098 case EIR_UUID16_ALL:
10099 case EIR_UUID16_SOME:
10100 for (i = 0; i + 3 <= field_len; i += 2) {
10101 memcpy(uuid, bluetooth_base_uuid, 16);
10102 uuid[13] = eir[i + 3];
10103 uuid[12] = eir[i + 2];
10104 if (has_uuid(uuid, uuid_count, uuids))
10105 return true;
10106 }
10107 break;
10108 case EIR_UUID32_ALL:
10109 case EIR_UUID32_SOME:
10110 for (i = 0; i + 5 <= field_len; i += 4) {
10111 memcpy(uuid, bluetooth_base_uuid, 16);
10112 uuid[15] = eir[i + 5];
10113 uuid[14] = eir[i + 4];
10114 uuid[13] = eir[i + 3];
10115 uuid[12] = eir[i + 2];
10116 if (has_uuid(uuid, uuid_count, uuids))
10117 return true;
10118 }
10119 break;
10120 case EIR_UUID128_ALL:
10121 case EIR_UUID128_SOME:
10122 for (i = 0; i + 17 <= field_len; i += 16) {
10123 memcpy(uuid, eir + i + 2, 16);
10124 if (has_uuid(uuid, uuid_count, uuids))
10125 return true;
10126 }
10127 break;
10128 }
10129
10130 parsed += field_len + 1;
10131 eir += field_len + 1;
10132 }
10133
10134 return false;
10135 }
10136
restart_le_scan(struct hci_dev * hdev)10137 static void restart_le_scan(struct hci_dev *hdev)
10138 {
10139 /* If controller is not scanning we are done. */
10140 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
10141 return;
10142
10143 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
10144 hdev->discovery.scan_start +
10145 hdev->discovery.scan_duration))
10146 return;
10147
10148 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
10149 DISCOV_LE_RESTART_DELAY);
10150 }
10151
is_filter_match(struct hci_dev * hdev,s8 rssi,u8 * eir,u16 eir_len,u8 * scan_rsp,u8 scan_rsp_len)10152 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
10153 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
10154 {
10155 /* If a RSSI threshold has been specified, and
10156 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
10157 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
10158 * is set, let it through for further processing, as we might need to
10159 * restart the scan.
10160 *
10161 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
10162 * the results are also dropped.
10163 */
10164 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
10165 (rssi == HCI_RSSI_INVALID ||
10166 (rssi < hdev->discovery.rssi &&
10167 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
10168 return false;
10169
10170 if (hdev->discovery.uuid_count != 0) {
10171 /* If a list of UUIDs is provided in filter, results with no
10172 * matching UUID should be dropped.
10173 */
10174 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
10175 hdev->discovery.uuids) &&
10176 !eir_has_uuids(scan_rsp, scan_rsp_len,
10177 hdev->discovery.uuid_count,
10178 hdev->discovery.uuids))
10179 return false;
10180 }
10181
10182 /* If duplicate filtering does not report RSSI changes, then restart
10183 * scanning to ensure updated result with updated RSSI values.
10184 */
10185 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
10186 restart_le_scan(hdev);
10187
10188 /* Validate RSSI value against the RSSI threshold once more. */
10189 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
10190 rssi < hdev->discovery.rssi)
10191 return false;
10192 }
10193
10194 return true;
10195 }
10196
mgmt_adv_monitor_device_lost(struct hci_dev * hdev,u16 handle,bdaddr_t * bdaddr,u8 addr_type)10197 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
10198 bdaddr_t *bdaddr, u8 addr_type)
10199 {
10200 struct mgmt_ev_adv_monitor_device_lost ev;
10201
10202 ev.monitor_handle = cpu_to_le16(handle);
10203 bacpy(&ev.addr.bdaddr, bdaddr);
10204 ev.addr.type = addr_type;
10205
10206 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
10207 NULL);
10208 }
10209
mgmt_send_adv_monitor_device_found(struct hci_dev * hdev,struct sk_buff * skb,struct sock * skip_sk,u16 handle)10210 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
10211 struct sk_buff *skb,
10212 struct sock *skip_sk,
10213 u16 handle)
10214 {
10215 struct sk_buff *advmon_skb;
10216 size_t advmon_skb_len;
10217 __le16 *monitor_handle;
10218
10219 if (!skb)
10220 return;
10221
10222 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
10223 sizeof(struct mgmt_ev_device_found)) + skb->len;
10224 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
10225 advmon_skb_len);
10226 if (!advmon_skb)
10227 return;
10228
10229 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
10230 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
10231 * store monitor_handle of the matched monitor.
10232 */
10233 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
10234 *monitor_handle = cpu_to_le16(handle);
10235 skb_put_data(advmon_skb, skb->data, skb->len);
10236
10237 mgmt_event_skb(advmon_skb, skip_sk);
10238 }
10239
mgmt_adv_monitor_device_found(struct hci_dev * hdev,bdaddr_t * bdaddr,bool report_device,struct sk_buff * skb,struct sock * skip_sk)10240 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
10241 bdaddr_t *bdaddr, bool report_device,
10242 struct sk_buff *skb,
10243 struct sock *skip_sk)
10244 {
10245 struct monitored_device *dev, *tmp;
10246 bool matched = false;
10247 bool notified = false;
10248
10249 /* We have received the Advertisement Report because:
10250 * 1. the kernel has initiated active discovery
10251 * 2. if not, we have pend_le_reports > 0 in which case we are doing
10252 * passive scanning
10253 * 3. if none of the above is true, we have one or more active
10254 * Advertisement Monitor
10255 *
10256 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
10257 * and report ONLY one advertisement per device for the matched Monitor
10258 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10259 *
10260 * For case 3, since we are not active scanning and all advertisements
10261 * received are due to a matched Advertisement Monitor, report all
10262 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10263 */
10264 if (report_device && !hdev->advmon_pend_notify) {
10265 mgmt_event_skb(skb, skip_sk);
10266 return;
10267 }
10268
10269 hdev->advmon_pend_notify = false;
10270
10271 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
10272 if (!bacmp(&dev->bdaddr, bdaddr)) {
10273 matched = true;
10274
10275 if (!dev->notified) {
10276 mgmt_send_adv_monitor_device_found(hdev, skb,
10277 skip_sk,
10278 dev->handle);
10279 notified = true;
10280 dev->notified = true;
10281 }
10282 }
10283
10284 if (!dev->notified)
10285 hdev->advmon_pend_notify = true;
10286 }
10287
10288 if (!report_device &&
10289 ((matched && !notified) || !msft_monitor_supported(hdev))) {
10290 /* Handle 0 indicates that we are not active scanning and this
10291 * is a subsequent advertisement report for an already matched
10292 * Advertisement Monitor or the controller offloading support
10293 * is not available.
10294 */
10295 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
10296 }
10297
10298 if (report_device)
10299 mgmt_event_skb(skb, skip_sk);
10300 else
10301 kfree_skb(skb);
10302 }
10303
mesh_device_found(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 addr_type,s8 rssi,u32 flags,u8 * eir,u16 eir_len,u8 * scan_rsp,u8 scan_rsp_len,u64 instant)10304 static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
10305 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
10306 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10307 u64 instant)
10308 {
10309 struct sk_buff *skb;
10310 struct mgmt_ev_mesh_device_found *ev;
10311 int i, j;
10312
10313 if (!hdev->mesh_ad_types[0])
10314 goto accepted;
10315
10316 /* Scan for requested AD types */
10317 if (eir_len > 0) {
10318 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
10319 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10320 if (!hdev->mesh_ad_types[j])
10321 break;
10322
10323 if (hdev->mesh_ad_types[j] == eir[i + 1])
10324 goto accepted;
10325 }
10326 }
10327 }
10328
10329 if (scan_rsp_len > 0) {
10330 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
10331 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10332 if (!hdev->mesh_ad_types[j])
10333 break;
10334
10335 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
10336 goto accepted;
10337 }
10338 }
10339 }
10340
10341 return;
10342
10343 accepted:
10344 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
10345 sizeof(*ev) + eir_len + scan_rsp_len);
10346 if (!skb)
10347 return;
10348
10349 ev = skb_put(skb, sizeof(*ev));
10350
10351 bacpy(&ev->addr.bdaddr, bdaddr);
10352 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
10353 ev->rssi = rssi;
10354 ev->flags = cpu_to_le32(flags);
10355 ev->instant = cpu_to_le64(instant);
10356
10357 if (eir_len > 0)
10358 /* Copy EIR or advertising data into event */
10359 skb_put_data(skb, eir, eir_len);
10360
10361 if (scan_rsp_len > 0)
10362 /* Append scan response data to event */
10363 skb_put_data(skb, scan_rsp, scan_rsp_len);
10364
10365 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
10366
10367 mgmt_event_skb(skb, NULL);
10368 }
10369
mgmt_device_found(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,u8 * dev_class,s8 rssi,u32 flags,u8 * eir,u16 eir_len,u8 * scan_rsp,u8 scan_rsp_len,u64 instant)10370 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10371 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
10372 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10373 u64 instant)
10374 {
10375 struct sk_buff *skb;
10376 struct mgmt_ev_device_found *ev;
10377 bool report_device = hci_discovery_active(hdev);
10378
10379 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
10380 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
10381 eir, eir_len, scan_rsp, scan_rsp_len,
10382 instant);
10383
10384 /* Don't send events for a non-kernel initiated discovery. With
10385 * LE one exception is if we have pend_le_reports > 0 in which
10386 * case we're doing passive scanning and want these events.
10387 */
10388 if (!hci_discovery_active(hdev)) {
10389 if (link_type == ACL_LINK)
10390 return;
10391 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
10392 report_device = true;
10393 else if (!hci_is_adv_monitoring(hdev))
10394 return;
10395 }
10396
10397 if (hdev->discovery.result_filtering) {
10398 /* We are using service discovery */
10399 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
10400 scan_rsp_len))
10401 return;
10402 }
10403
10404 if (hdev->discovery.limited) {
10405 /* Check for limited discoverable bit */
10406 if (dev_class) {
10407 if (!(dev_class[1] & 0x20))
10408 return;
10409 } else {
10410 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
10411 if (!flags || !(flags[0] & LE_AD_LIMITED))
10412 return;
10413 }
10414 }
10415
10416 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
10417 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10418 sizeof(*ev) + eir_len + scan_rsp_len + 5);
10419 if (!skb)
10420 return;
10421
10422 ev = skb_put(skb, sizeof(*ev));
10423
10424 /* In case of device discovery with BR/EDR devices (pre 1.2), the
10425 * RSSI value was reported as 0 when not available. This behavior
10426 * is kept when using device discovery. This is required for full
10427 * backwards compatibility with the API.
10428 *
10429 * However when using service discovery, the value 127 will be
10430 * returned when the RSSI is not available.
10431 */
10432 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
10433 link_type == ACL_LINK)
10434 rssi = 0;
10435
10436 bacpy(&ev->addr.bdaddr, bdaddr);
10437 ev->addr.type = link_to_bdaddr(link_type, addr_type);
10438 ev->rssi = rssi;
10439 ev->flags = cpu_to_le32(flags);
10440
10441 if (eir_len > 0)
10442 /* Copy EIR or advertising data into event */
10443 skb_put_data(skb, eir, eir_len);
10444
10445 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
10446 u8 eir_cod[5];
10447
10448 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
10449 dev_class, 3);
10450 skb_put_data(skb, eir_cod, sizeof(eir_cod));
10451 }
10452
10453 if (scan_rsp_len > 0)
10454 /* Append scan response data to event */
10455 skb_put_data(skb, scan_rsp, scan_rsp_len);
10456
10457 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
10458
10459 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
10460 }
10461
mgmt_remote_name(struct hci_dev * hdev,bdaddr_t * bdaddr,u8 link_type,u8 addr_type,s8 rssi,u8 * name,u8 name_len)10462 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10463 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
10464 {
10465 struct sk_buff *skb;
10466 struct mgmt_ev_device_found *ev;
10467 u16 eir_len = 0;
10468 u32 flags = 0;
10469
10470 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10471 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
10472
10473 ev = skb_put(skb, sizeof(*ev));
10474 bacpy(&ev->addr.bdaddr, bdaddr);
10475 ev->addr.type = link_to_bdaddr(link_type, addr_type);
10476 ev->rssi = rssi;
10477
10478 if (name)
10479 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
10480 else
10481 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
10482
10483 ev->eir_len = cpu_to_le16(eir_len);
10484 ev->flags = cpu_to_le32(flags);
10485
10486 mgmt_event_skb(skb, NULL);
10487 }
10488
mgmt_discovering(struct hci_dev * hdev,u8 discovering)10489 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
10490 {
10491 struct mgmt_ev_discovering ev;
10492
10493 bt_dev_dbg(hdev, "discovering %u", discovering);
10494
10495 memset(&ev, 0, sizeof(ev));
10496 ev.type = hdev->discovery.type;
10497 ev.discovering = discovering;
10498
10499 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
10500 }
10501
mgmt_suspending(struct hci_dev * hdev,u8 state)10502 void mgmt_suspending(struct hci_dev *hdev, u8 state)
10503 {
10504 struct mgmt_ev_controller_suspend ev;
10505
10506 ev.suspend_state = state;
10507 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
10508 }
10509
mgmt_resuming(struct hci_dev * hdev,u8 reason,bdaddr_t * bdaddr,u8 addr_type)10510 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
10511 u8 addr_type)
10512 {
10513 struct mgmt_ev_controller_resume ev;
10514
10515 ev.wake_reason = reason;
10516 if (bdaddr) {
10517 bacpy(&ev.addr.bdaddr, bdaddr);
10518 ev.addr.type = addr_type;
10519 } else {
10520 memset(&ev.addr, 0, sizeof(ev.addr));
10521 }
10522
10523 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
10524 }
10525
10526 static struct hci_mgmt_chan chan = {
10527 .channel = HCI_CHANNEL_CONTROL,
10528 .handler_count = ARRAY_SIZE(mgmt_handlers),
10529 .handlers = mgmt_handlers,
10530 .hdev_init = mgmt_init_hdev,
10531 };
10532
mgmt_init(void)10533 int mgmt_init(void)
10534 {
10535 return hci_mgmt_chan_register(&chan);
10536 }
10537
mgmt_exit(void)10538 void mgmt_exit(void)
10539 {
10540 hci_mgmt_chan_unregister(&chan);
10541 }
10542
mgmt_cleanup(struct sock * sk)10543 void mgmt_cleanup(struct sock *sk)
10544 {
10545 struct mgmt_mesh_tx *mesh_tx;
10546 struct hci_dev *hdev;
10547
10548 read_lock(&hci_dev_list_lock);
10549
10550 list_for_each_entry(hdev, &hci_dev_list, list) {
10551 do {
10552 mesh_tx = mgmt_mesh_next(hdev, sk);
10553
10554 if (mesh_tx)
10555 mesh_send_complete(hdev, mesh_tx, true);
10556 } while (mesh_tx);
10557 }
10558
10559 read_unlock(&hci_dev_list_lock);
10560 }
10561