projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix handling of discoverable setting with timeout
[deliverable/linux.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
36
37 bool enable_hs;
38 bool enable_le;
39
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
42
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81 };
82
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104 };
105
106 /*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118
119 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
124 struct pending_cmd {
125 struct list_head list;
126 u16 opcode;
127 int index;
128 void *param;
129 struct sock *sk;
130 void *user_data;
131 };
132
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196 };
197
198 static u8 mgmt_status(u8 hci_status)
199 {
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204 }
205
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
207 {
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
211 int err;
212
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
231 kfree_skb(skb);
232
233 return err;
234 }
235
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
238 {
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
242 int err;
243
244 BT_DBG("sock %p", sk);
245
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
251
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
255
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
258 ev->status = status;
259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
262
263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
265 kfree_skb(skb);
266
267 return err;
268 }
269
270 static int read_version(struct sock *sk)
271 {
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
280 sizeof(rp));
281 }
282
283 static int read_commands(struct sock *sk)
284 {
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 rp_size);
311 kfree(rp);
312
313 return err;
314 }
315
316 static int read_index_list(struct sock *sk)
317 {
318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
320 struct hci_dev *d;
321 size_t rp_len;
322 u16 count;
323 int i, err;
324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
337 read_unlock(&hci_dev_list_lock);
338 return -ENOMEM;
339 }
340
341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
344 list_for_each_entry(d, &hci_dev_list, list) {
345 if (test_bit(HCI_SETUP, &d->dev_flags))
346 continue;
347
348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
355 rp_len);
356
357 kfree(rp);
358
359 return err;
360 }
361
362 static u32 get_supported_settings(struct hci_dev *hdev)
363 {
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
387
388 return settings;
389 }
390
391 static u32 get_current_settings(struct hci_dev *hdev)
392 {
393 u32 settings = 0;
394
395 if (hdev_is_powered(hdev))
396 settings |= MGMT_SETTING_POWERED;
397
398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_CONNECTABLE;
400
401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_DISCOVERABLE;
403
404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
410 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
411 settings |= MGMT_SETTING_LE;
412
413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
415
416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_SSP;
418
419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
422 return settings;
423 }
424
425 #define PNP_INFO_SVCLASS_ID 0x1200
426
427 static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430 };
431
432 static u16 get_uuid16(u8 *uuid128)
433 {
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449 }
450
451 static void create_eir(struct hci_dev *hdev, u8 *data)
452 {
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529 }
530
531 static int update_eir(struct hci_dev *hdev)
532 {
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
539 return 0;
540
541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554 }
555
556 static u8 get_service_classes(struct hci_dev *hdev)
557 {
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565 }
566
567 static int update_class(struct hci_dev *hdev)
568 {
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584 }
585
586 static void service_cache_off(struct work_struct *work)
587 {
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600 }
601
602 static void mgmt_init_hdev(struct hci_dev *hdev)
603 {
604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618 }
619
620 static int read_controller_info(struct sock *sk, u16 index)
621 {
622 struct mgmt_rp_read_info rp;
623 struct hci_dev *hdev;
624
625 BT_DBG("sock %p hci%u", sk, index);
626
627 hdev = hci_dev_get(index);
628 if (!hdev)
629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
631
632 hci_dev_lock(hdev);
633
634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
636
637 memset(&rp, 0, sizeof(rp));
638
639 bacpy(&rp.bdaddr, &hdev->bdaddr);
640
641 rp.version = hdev->hci_ver;
642
643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
647
648 memcpy(rp.dev_class, hdev->dev_class, 3);
649
650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
652 hci_dev_unlock(hdev);
653 hci_dev_put(hdev);
654
655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
656 }
657
658 static void mgmt_pending_free(struct pending_cmd *cmd)
659 {
660 sock_put(cmd->sk);
661 kfree(cmd->param);
662 kfree(cmd);
663 }
664
665 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
666 struct hci_dev *hdev,
667 void *data, u16 len)
668 {
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
673 return NULL;
674
675 cmd->opcode = opcode;
676 cmd->index = hdev->id;
677
678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
680 kfree(cmd);
681 return NULL;
682 }
683
684 if (data)
685 memcpy(cmd->param, data, len);
686
687 cmd->sk = sk;
688 sock_hold(sk);
689
690 list_add(&cmd->list, &hdev->mgmt_pending);
691
692 return cmd;
693 }
694
695 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698 {
699 struct list_head *p, *n;
700
701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
706 if (opcode > 0 && cmd->opcode != opcode)
707 continue;
708
709 cb(cmd, data);
710 }
711 }
712
713 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
714 {
715 struct pending_cmd *cmd;
716
717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
718 if (cmd->opcode == opcode)
719 return cmd;
720 }
721
722 return NULL;
723 }
724
725 static void mgmt_pending_remove(struct pending_cmd *cmd)
726 {
727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729 }
730
731 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
732 {
733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
734
735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
737 }
738
739 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
740 {
741 struct mgmt_mode *cp = data;
742 struct hci_dev *hdev;
743 struct pending_cmd *cmd;
744 int err;
745
746 BT_DBG("request for hci%u", index);
747
748 if (len != sizeof(*cp))
749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
751
752 hdev = hci_dev_get(index);
753 if (!hdev)
754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
756
757 hci_dev_lock(hdev);
758
759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
769 if (!!cp->val == hdev_is_powered(hdev)) {
770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
771 goto failed;
772 }
773
774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
777 goto failed;
778 }
779
780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
781 if (!cmd) {
782 err = -ENOMEM;
783 goto failed;
784 }
785
786 if (cp->val)
787 schedule_work(&hdev->power_on);
788 else
789 schedule_work(&hdev->power_off.work);
790
791 err = 0;
792
793 failed:
794 hci_dev_unlock(hdev);
795 hci_dev_put(hdev);
796 return err;
797 }
798
799 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
801 {
802 struct sk_buff *skb;
803 struct mgmt_hdr *hdr;
804
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
806 if (!skb)
807 return -ENOMEM;
808
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
811 if (hdev)
812 hdr->index = cpu_to_le16(hdev->id);
813 else
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
816
817 if (data)
818 memcpy(skb_put(skb, data_len), data, data_len);
819
820 /* Time stamp */
821 __net_timestamp(skb);
822
823 hci_send_to_control(skb, skip_sk);
824 kfree_skb(skb);
825
826 return 0;
827 }
828
829 static int new_settings(struct hci_dev *hdev, struct sock *skip)
830 {
831 __le32 ev;
832
833 ev = cpu_to_le32(get_current_settings(hdev));
834
835 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
836 }
837
838 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
839 {
840 struct mgmt_cp_set_discoverable *cp = data;
841 struct hci_dev *hdev;
842 struct pending_cmd *cmd;
843 u16 timeout;
844 u8 scan;
845 int err;
846
847 BT_DBG("request for hci%u", index);
848
849 if (len != sizeof(*cp))
850 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
851 MGMT_STATUS_INVALID_PARAMS);
852
853 timeout = get_unaligned_le16(&cp->timeout);
854 if (!cp->val && timeout > 0)
855 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
856 MGMT_STATUS_INVALID_PARAMS);
857
858 hdev = hci_dev_get(index);
859 if (!hdev)
860 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_INVALID_PARAMS);
862
863 hci_dev_lock(hdev);
864
865 if (!hdev_is_powered(hdev) && timeout > 0) {
866 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
867 MGMT_STATUS_NOT_POWERED);
868 goto failed;
869 }
870
871 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
872 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_BUSY);
875 goto failed;
876 }
877
878 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
879 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
880 MGMT_STATUS_REJECTED);
881 goto failed;
882 }
883
884 if (!hdev_is_powered(hdev)) {
885 bool changed = false;
886
887 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
888 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
889 changed = true;
890 }
891
892 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
893 if (err < 0)
894 goto failed;
895
896 if (changed)
897 err = new_settings(hdev, sk);
898
899 goto failed;
900 }
901
902 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
903 if (hdev->discov_timeout > 0) {
904 cancel_delayed_work(&hdev->discov_off);
905 hdev->discov_timeout = 0;
906 }
907
908 if (cp->val && timeout > 0) {
909 hdev->discov_timeout = timeout;
910 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
911 msecs_to_jiffies(hdev->discov_timeout * 1000));
912 }
913
914 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
915 goto failed;
916 }
917
918 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
919 if (!cmd) {
920 err = -ENOMEM;
921 goto failed;
922 }
923
924 scan = SCAN_PAGE;
925
926 if (cp->val)
927 scan |= SCAN_INQUIRY;
928 else
929 cancel_delayed_work(&hdev->discov_off);
930
931 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
932 if (err < 0)
933 mgmt_pending_remove(cmd);
934
935 if (cp->val)
936 hdev->discov_timeout = timeout;
937
938 failed:
939 hci_dev_unlock(hdev);
940 hci_dev_put(hdev);
941
942 return err;
943 }
944
945 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
946 {
947 struct mgmt_mode *cp = data;
948 struct hci_dev *hdev;
949 struct pending_cmd *cmd;
950 u8 scan;
951 int err;
952
953 BT_DBG("request for hci%u", index);
954
955 if (len != sizeof(*cp))
956 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
957 MGMT_STATUS_INVALID_PARAMS);
958
959 hdev = hci_dev_get(index);
960 if (!hdev)
961 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
962 MGMT_STATUS_INVALID_PARAMS);
963
964 hci_dev_lock(hdev);
965
966 if (!hdev_is_powered(hdev)) {
967 bool changed = false;
968
969 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
970 changed = true;
971
972 if (cp->val) {
973 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
974 } else {
975 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
976 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
977 }
978
979 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
980 if (err < 0)
981 goto failed;
982
983 if (changed)
984 err = new_settings(hdev, sk);
985
986 goto failed;
987 }
988
989 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
990 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
991 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
992 MGMT_STATUS_BUSY);
993 goto failed;
994 }
995
996 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
997 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
998 goto failed;
999 }
1000
1001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1002 if (!cmd) {
1003 err = -ENOMEM;
1004 goto failed;
1005 }
1006
1007 if (cp->val) {
1008 scan = SCAN_PAGE;
1009 } else {
1010 scan = 0;
1011
1012 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1013 hdev->discov_timeout > 0)
1014 cancel_delayed_work(&hdev->discov_off);
1015 }
1016
1017 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1018 if (err < 0)
1019 mgmt_pending_remove(cmd);
1020
1021 failed:
1022 hci_dev_unlock(hdev);
1023 hci_dev_put(hdev);
1024
1025 return err;
1026 }
1027
1028 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
1029 {
1030 struct mgmt_mode *cp = data;
1031 struct hci_dev *hdev;
1032 int err;
1033
1034 BT_DBG("request for hci%u", index);
1035
1036 if (len != sizeof(*cp))
1037 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1038 MGMT_STATUS_INVALID_PARAMS);
1039
1040 hdev = hci_dev_get(index);
1041 if (!hdev)
1042 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1043 MGMT_STATUS_INVALID_PARAMS);
1044
1045 hci_dev_lock(hdev);
1046
1047 if (cp->val)
1048 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1049 else
1050 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1051
1052 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1053 if (err < 0)
1054 goto failed;
1055
1056 err = new_settings(hdev, sk);
1057
1058 failed:
1059 hci_dev_unlock(hdev);
1060 hci_dev_put(hdev);
1061
1062 return err;
1063 }
1064
1065 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1066 {
1067 struct mgmt_mode *cp = data;
1068 struct pending_cmd *cmd;
1069 struct hci_dev *hdev;
1070 uint8_t val;
1071 int err;
1072
1073 BT_DBG("request for hci%u", index);
1074
1075 if (len != sizeof(*cp))
1076 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1077 MGMT_STATUS_INVALID_PARAMS);
1078
1079 hdev = hci_dev_get(index);
1080 if (!hdev)
1081 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1082 MGMT_STATUS_INVALID_PARAMS);
1083
1084 hci_dev_lock(hdev);
1085
1086 if (!hdev_is_powered(hdev)) {
1087 bool changed = false;
1088
1089 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1090 &hdev->dev_flags)) {
1091 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1092 changed = true;
1093 }
1094
1095 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1096 if (err < 0)
1097 goto failed;
1098
1099 if (changed)
1100 err = new_settings(hdev, sk);
1101
1102 goto failed;
1103 }
1104
1105 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1106 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1107 MGMT_STATUS_BUSY);
1108 goto failed;
1109 }
1110
1111 val = !!cp->val;
1112
1113 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1114 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1115 goto failed;
1116 }
1117
1118 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1119 if (!cmd) {
1120 err = -ENOMEM;
1121 goto failed;
1122 }
1123
1124 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1125 if (err < 0) {
1126 mgmt_pending_remove(cmd);
1127 goto failed;
1128 }
1129
1130 failed:
1131 hci_dev_unlock(hdev);
1132 hci_dev_put(hdev);
1133
1134 return err;
1135 }
1136
1137 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1138 {
1139 struct mgmt_mode *cp = data;
1140 struct pending_cmd *cmd;
1141 struct hci_dev *hdev;
1142 uint8_t val;
1143 int err;
1144
1145 BT_DBG("request for hci%u", index);
1146
1147 if (len != sizeof(*cp))
1148 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1149 MGMT_STATUS_INVALID_PARAMS);
1150
1151 hdev = hci_dev_get(index);
1152 if (!hdev)
1153 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1154 MGMT_STATUS_INVALID_PARAMS);
1155
1156 hci_dev_lock(hdev);
1157
1158 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1159 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1160 MGMT_STATUS_NOT_SUPPORTED);
1161 goto failed;
1162 }
1163
1164 val = !!cp->val;
1165
1166 if (!hdev_is_powered(hdev)) {
1167 bool changed = false;
1168
1169 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1170 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1171 changed = true;
1172 }
1173
1174 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1175 if (err < 0)
1176 goto failed;
1177
1178 if (changed)
1179 err = new_settings(hdev, sk);
1180
1181 goto failed;
1182 }
1183
1184 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1185 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1186 goto failed;
1187 }
1188
1189 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1190 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1191 goto failed;
1192 }
1193
1194 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1195 if (!cmd) {
1196 err = -ENOMEM;
1197 goto failed;
1198 }
1199
1200 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1201 if (err < 0) {
1202 mgmt_pending_remove(cmd);
1203 goto failed;
1204 }
1205
1206 failed:
1207 hci_dev_unlock(hdev);
1208 hci_dev_put(hdev);
1209
1210 return err;
1211 }
1212
1213 static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1214 {
1215 struct mgmt_mode *cp = data;
1216 struct hci_dev *hdev;
1217 int err;
1218
1219 BT_DBG("request for hci%u", index);
1220
1221 if (len != sizeof(*cp))
1222 return cmd_status(sk, index, MGMT_OP_SET_HS,
1223 MGMT_STATUS_INVALID_PARAMS);
1224
1225 hdev = hci_dev_get(index);
1226 if (!hdev)
1227 return cmd_status(sk, index, MGMT_OP_SET_HS,
1228 MGMT_STATUS_INVALID_PARAMS);
1229
1230 if (!enable_hs) {
1231 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1232 MGMT_STATUS_NOT_SUPPORTED);
1233 goto failed;
1234 }
1235
1236 if (cp->val)
1237 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1238 else
1239 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1240
1241 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1242
1243 failed:
1244 hci_dev_put(hdev);
1245 return err;
1246 }
1247
1248 static int set_le(struct sock *sk, u16 index, void *data, u16 len)
1249 {
1250 struct mgmt_mode *cp = data;
1251 struct hci_cp_write_le_host_supported hci_cp;
1252 struct pending_cmd *cmd;
1253 struct hci_dev *hdev;
1254 int err;
1255 u8 val;
1256
1257 BT_DBG("request for hci%u", index);
1258
1259 if (len != sizeof(*cp))
1260 return cmd_status(sk, index, MGMT_OP_SET_LE,
1261 MGMT_STATUS_INVALID_PARAMS);
1262
1263 hdev = hci_dev_get(index);
1264 if (!hdev)
1265 return cmd_status(sk, index, MGMT_OP_SET_LE,
1266 MGMT_STATUS_INVALID_PARAMS);
1267
1268 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1269 err = cmd_status(sk, index, MGMT_OP_SET_LE,
1270 MGMT_STATUS_NOT_SUPPORTED);
1271 goto failed;
1272 }
1273
1274 val = !!cp->val;
1275
1276 if (!hdev_is_powered(hdev)) {
1277 bool changed = false;
1278
1279 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1280 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1281 changed = true;
1282 }
1283
1284 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1285 if (err < 0)
1286 goto failed;
1287
1288 if (changed)
1289 err = new_settings(hdev, sk);
1290
1291 goto failed;
1292 }
1293
1294 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1295 err = cmd_status(sk, index, MGMT_OP_SET_LE, MGMT_STATUS_BUSY);
1296 goto failed;
1297 }
1298
1299 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1300 if (!cmd) {
1301 err = -ENOMEM;
1302 goto failed;
1303 }
1304
1305 memset(&hci_cp, 0, sizeof(hci_cp));
1306
1307 if (val) {
1308 hci_cp.le = val;
1309 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1310 }
1311
1312 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1313 sizeof(hci_cp), &hci_cp);
1314 if (err < 0) {
1315 mgmt_pending_remove(cmd);
1316 goto failed;
1317 }
1318
1319 failed:
1320 hci_dev_put(hdev);
1321 return err;
1322 }
1323
1324 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1325 {
1326 struct mgmt_cp_add_uuid *cp = data;
1327 struct hci_dev *hdev;
1328 struct bt_uuid *uuid;
1329 int err;
1330
1331 BT_DBG("request for hci%u", index);
1332
1333 if (len != sizeof(*cp))
1334 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1335 MGMT_STATUS_INVALID_PARAMS);
1336
1337 hdev = hci_dev_get(index);
1338 if (!hdev)
1339 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1340 MGMT_STATUS_INVALID_PARAMS);
1341
1342 hci_dev_lock(hdev);
1343
1344 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1345 if (!uuid) {
1346 err = -ENOMEM;
1347 goto failed;
1348 }
1349
1350 memcpy(uuid->uuid, cp->uuid, 16);
1351 uuid->svc_hint = cp->svc_hint;
1352
1353 list_add(&uuid->list, &hdev->uuids);
1354
1355 err = update_class(hdev);
1356 if (err < 0)
1357 goto failed;
1358
1359 err = update_eir(hdev);
1360 if (err < 0)
1361 goto failed;
1362
1363 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
1364
1365 failed:
1366 hci_dev_unlock(hdev);
1367 hci_dev_put(hdev);
1368
1369 return err;
1370 }
1371
1372 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1373 {
1374 struct mgmt_cp_remove_uuid *cp = data;
1375 struct list_head *p, *n;
1376 struct hci_dev *hdev;
1377 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1378 int err, found;
1379
1380 BT_DBG("request for hci%u", index);
1381
1382 if (len != sizeof(*cp))
1383 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1384 MGMT_STATUS_INVALID_PARAMS);
1385
1386 hdev = hci_dev_get(index);
1387 if (!hdev)
1388 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1389 MGMT_STATUS_INVALID_PARAMS);
1390
1391 hci_dev_lock(hdev);
1392
1393 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1394 err = hci_uuids_clear(hdev);
1395 goto unlock;
1396 }
1397
1398 found = 0;
1399
1400 list_for_each_safe(p, n, &hdev->uuids) {
1401 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1402
1403 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1404 continue;
1405
1406 list_del(&match->list);
1407 found++;
1408 }
1409
1410 if (found == 0) {
1411 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1412 MGMT_STATUS_INVALID_PARAMS);
1413 goto unlock;
1414 }
1415
1416 err = update_class(hdev);
1417 if (err < 0)
1418 goto unlock;
1419
1420 err = update_eir(hdev);
1421 if (err < 0)
1422 goto unlock;
1423
1424 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
1425
1426 unlock:
1427 hci_dev_unlock(hdev);
1428 hci_dev_put(hdev);
1429
1430 return err;
1431 }
1432
1433 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1434 {
1435 struct hci_dev *hdev;
1436 struct mgmt_cp_set_dev_class *cp = data;
1437 int err;
1438
1439 BT_DBG("request for hci%u", index);
1440
1441 if (len != sizeof(*cp))
1442 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1443 MGMT_STATUS_INVALID_PARAMS);
1444
1445 hdev = hci_dev_get(index);
1446 if (!hdev)
1447 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1448 MGMT_STATUS_INVALID_PARAMS);
1449
1450 hci_dev_lock(hdev);
1451
1452 if (!hdev_is_powered(hdev)) {
1453 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1454 MGMT_STATUS_NOT_POWERED);
1455 goto unlock;
1456 }
1457
1458 hdev->major_class = cp->major;
1459 hdev->minor_class = cp->minor;
1460
1461 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1462 hci_dev_unlock(hdev);
1463 cancel_delayed_work_sync(&hdev->service_cache);
1464 hci_dev_lock(hdev);
1465 update_eir(hdev);
1466 }
1467
1468 err = update_class(hdev);
1469
1470 if (err == 0)
1471 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1472 NULL, 0);
1473
1474 unlock:
1475 hci_dev_unlock(hdev);
1476 hci_dev_put(hdev);
1477
1478 return err;
1479 }
1480
1481 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1482 {
1483 struct hci_dev *hdev;
1484 struct mgmt_cp_load_link_keys *cp = data;
1485 u16 key_count, expected_len;
1486 int i;
1487
1488 if (len < sizeof(*cp))
1489 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1490 MGMT_STATUS_INVALID_PARAMS);
1491
1492 key_count = get_unaligned_le16(&cp->key_count);
1493
1494 expected_len = sizeof(*cp) + key_count *
1495 sizeof(struct mgmt_link_key_info);
1496 if (expected_len != len) {
1497 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1498 len, expected_len);
1499 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1500 MGMT_STATUS_INVALID_PARAMS);
1501 }
1502
1503 hdev = hci_dev_get(index);
1504 if (!hdev)
1505 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1506 MGMT_STATUS_INVALID_PARAMS);
1507
1508 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1509 key_count);
1510
1511 hci_dev_lock(hdev);
1512
1513 hci_link_keys_clear(hdev);
1514
1515 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1516
1517 if (cp->debug_keys)
1518 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1519 else
1520 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1521
1522 for (i = 0; i < key_count; i++) {
1523 struct mgmt_link_key_info *key = &cp->keys[i];
1524
1525 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1526 key->type, key->pin_len);
1527 }
1528
1529 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1530
1531 hci_dev_unlock(hdev);
1532 hci_dev_put(hdev);
1533
1534 return 0;
1535 }
1536
1537 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1538 u8 addr_type, struct sock *skip_sk)
1539 {
1540 struct mgmt_ev_device_unpaired ev;
1541
1542 bacpy(&ev.addr.bdaddr, bdaddr);
1543 ev.addr.type = addr_type;
1544
1545 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1546 skip_sk);
1547 }
1548
1549 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1550 {
1551 struct hci_dev *hdev;
1552 struct mgmt_cp_unpair_device *cp = data;
1553 struct mgmt_rp_unpair_device rp;
1554 struct hci_cp_disconnect dc;
1555 struct pending_cmd *cmd;
1556 struct hci_conn *conn;
1557 u8 status = 0;
1558 int err;
1559
1560 if (len != sizeof(*cp))
1561 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1562 MGMT_STATUS_INVALID_PARAMS);
1563
1564 hdev = hci_dev_get(index);
1565 if (!hdev)
1566 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1567 MGMT_STATUS_INVALID_PARAMS);
1568
1569 hci_dev_lock(hdev);
1570
1571 memset(&rp, 0, sizeof(rp));
1572 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1573 rp.addr.type = cp->addr.type;
1574
1575 if (cp->addr.type == MGMT_ADDR_BREDR)
1576 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1577 else
1578 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1579
1580 if (err < 0) {
1581 status = MGMT_STATUS_NOT_PAIRED;
1582 goto unlock;
1583 }
1584
1585 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1586 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1587 &rp, sizeof(rp));
1588 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1589 goto unlock;
1590 }
1591
1592 if (cp->addr.type == MGMT_ADDR_BREDR)
1593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1594 &cp->addr.bdaddr);
1595 else
1596 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1597 &cp->addr.bdaddr);
1598
1599 if (!conn) {
1600 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1601 &rp, sizeof(rp));
1602 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1603 goto unlock;
1604 }
1605
1606 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1607 sizeof(*cp));
1608 if (!cmd) {
1609 err = -ENOMEM;
1610 goto unlock;
1611 }
1612
1613 put_unaligned_le16(conn->handle, &dc.handle);
1614 dc.reason = 0x13; /* Remote User Terminated Connection */
1615 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1616 if (err < 0)
1617 mgmt_pending_remove(cmd);
1618
1619 unlock:
1620 if (err < 0)
1621 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1622 &rp, sizeof(rp));
1623 hci_dev_unlock(hdev);
1624 hci_dev_put(hdev);
1625
1626 return err;
1627 }
1628
1629 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1630 {
1631 struct hci_dev *hdev;
1632 struct mgmt_cp_disconnect *cp = data;
1633 struct hci_cp_disconnect dc;
1634 struct pending_cmd *cmd;
1635 struct hci_conn *conn;
1636 int err;
1637
1638 BT_DBG("");
1639
1640 if (len != sizeof(*cp))
1641 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1642 MGMT_STATUS_INVALID_PARAMS);
1643
1644 hdev = hci_dev_get(index);
1645 if (!hdev)
1646 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1647 MGMT_STATUS_INVALID_PARAMS);
1648
1649 hci_dev_lock(hdev);
1650
1651 if (!test_bit(HCI_UP, &hdev->flags)) {
1652 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1653 MGMT_STATUS_NOT_POWERED);
1654 goto failed;
1655 }
1656
1657 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1658 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1659 MGMT_STATUS_BUSY);
1660 goto failed;
1661 }
1662
1663 if (cp->addr.type == MGMT_ADDR_BREDR)
1664 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1665 else
1666 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1667
1668 if (!conn) {
1669 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1670 MGMT_STATUS_NOT_CONNECTED);
1671 goto failed;
1672 }
1673
1674 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1675 if (!cmd) {
1676 err = -ENOMEM;
1677 goto failed;
1678 }
1679
1680 put_unaligned_le16(conn->handle, &dc.handle);
1681 dc.reason = 0x13; /* Remote User Terminated Connection */
1682
1683 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1684 if (err < 0)
1685 mgmt_pending_remove(cmd);
1686
1687 failed:
1688 hci_dev_unlock(hdev);
1689 hci_dev_put(hdev);
1690
1691 return err;
1692 }
1693
1694 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1695 {
1696 switch (link_type) {
1697 case LE_LINK:
1698 switch (addr_type) {
1699 case ADDR_LE_DEV_PUBLIC:
1700 return MGMT_ADDR_LE_PUBLIC;
1701 case ADDR_LE_DEV_RANDOM:
1702 return MGMT_ADDR_LE_RANDOM;
1703 default:
1704 return MGMT_ADDR_INVALID;
1705 }
1706 case ACL_LINK:
1707 return MGMT_ADDR_BREDR;
1708 default:
1709 return MGMT_ADDR_INVALID;
1710 }
1711 }
1712
1713 static int get_connections(struct sock *sk, u16 index)
1714 {
1715 struct mgmt_rp_get_connections *rp;
1716 struct hci_dev *hdev;
1717 struct hci_conn *c;
1718 size_t rp_len;
1719 u16 count;
1720 int i, err;
1721
1722 BT_DBG("");
1723
1724 hdev = hci_dev_get(index);
1725 if (!hdev)
1726 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1727 MGMT_STATUS_INVALID_PARAMS);
1728
1729 hci_dev_lock(hdev);
1730
1731 count = 0;
1732 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1733 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1734 count++;
1735 }
1736
1737 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1738 rp = kmalloc(rp_len, GFP_ATOMIC);
1739 if (!rp) {
1740 err = -ENOMEM;
1741 goto unlock;
1742 }
1743
1744 put_unaligned_le16(count, &rp->conn_count);
1745
1746 i = 0;
1747 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1748 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1749 continue;
1750 bacpy(&rp->addr[i].bdaddr, &c->dst);
1751 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1752 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1753 continue;
1754 i++;
1755 }
1756
1757 /* Recalculate length in case of filtered SCO connections, etc */
1758 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1759
1760 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1761
1762 unlock:
1763 kfree(rp);
1764 hci_dev_unlock(hdev);
1765 hci_dev_put(hdev);
1766 return err;
1767 }
1768
1769 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1770 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1771 {
1772 struct pending_cmd *cmd;
1773 int err;
1774
1775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1776 sizeof(*cp));
1777 if (!cmd)
1778 return -ENOMEM;
1779
1780 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1781 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1782 if (err < 0)
1783 mgmt_pending_remove(cmd);
1784
1785 return err;
1786 }
1787
1788 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1789 {
1790 struct hci_dev *hdev;
1791 struct hci_conn *conn;
1792 struct mgmt_cp_pin_code_reply *cp = data;
1793 struct hci_cp_pin_code_reply reply;
1794 struct pending_cmd *cmd;
1795 int err;
1796
1797 BT_DBG("");
1798
1799 if (len != sizeof(*cp))
1800 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1801 MGMT_STATUS_INVALID_PARAMS);
1802
1803 hdev = hci_dev_get(index);
1804 if (!hdev)
1805 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1806 MGMT_STATUS_INVALID_PARAMS);
1807
1808 hci_dev_lock(hdev);
1809
1810 if (!hdev_is_powered(hdev)) {
1811 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1812 MGMT_STATUS_NOT_POWERED);
1813 goto failed;
1814 }
1815
1816 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1817 if (!conn) {
1818 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1819 MGMT_STATUS_NOT_CONNECTED);
1820 goto failed;
1821 }
1822
1823 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1824 struct mgmt_cp_pin_code_neg_reply ncp;
1825
1826 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1827
1828 BT_ERR("PIN code is not 16 bytes long");
1829
1830 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1831 if (err >= 0)
1832 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1833 MGMT_STATUS_INVALID_PARAMS);
1834
1835 goto failed;
1836 }
1837
1838 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1839 len);
1840 if (!cmd) {
1841 err = -ENOMEM;
1842 goto failed;
1843 }
1844
1845 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1846 reply.pin_len = cp->pin_len;
1847 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1848
1849 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1850 if (err < 0)
1851 mgmt_pending_remove(cmd);
1852
1853 failed:
1854 hci_dev_unlock(hdev);
1855 hci_dev_put(hdev);
1856
1857 return err;
1858 }
1859
1860 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1861 {
1862 struct hci_dev *hdev;
1863 struct mgmt_cp_pin_code_neg_reply *cp = data;
1864 int err;
1865
1866 BT_DBG("");
1867
1868 if (len != sizeof(*cp))
1869 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1870 MGMT_STATUS_INVALID_PARAMS);
1871
1872 hdev = hci_dev_get(index);
1873 if (!hdev)
1874 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1875 MGMT_STATUS_INVALID_PARAMS);
1876
1877 hci_dev_lock(hdev);
1878
1879 if (!hdev_is_powered(hdev)) {
1880 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1881 MGMT_STATUS_NOT_POWERED);
1882 goto failed;
1883 }
1884
1885 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1886
1887 failed:
1888 hci_dev_unlock(hdev);
1889 hci_dev_put(hdev);
1890
1891 return err;
1892 }
1893
1894 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1895 {
1896 struct hci_dev *hdev;
1897 struct mgmt_cp_set_io_capability *cp = data;
1898
1899 BT_DBG("");
1900
1901 if (len != sizeof(*cp))
1902 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1903 MGMT_STATUS_INVALID_PARAMS);
1904
1905 hdev = hci_dev_get(index);
1906 if (!hdev)
1907 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1908 MGMT_STATUS_INVALID_PARAMS);
1909
1910 hci_dev_lock(hdev);
1911
1912 hdev->io_capability = cp->io_capability;
1913
1914 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1915 hdev->io_capability);
1916
1917 hci_dev_unlock(hdev);
1918 hci_dev_put(hdev);
1919
1920 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
1921 }
1922
1923 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1924 {
1925 struct hci_dev *hdev = conn->hdev;
1926 struct pending_cmd *cmd;
1927
1928 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1929 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1930 continue;
1931
1932 if (cmd->user_data != conn)
1933 continue;
1934
1935 return cmd;
1936 }
1937
1938 return NULL;
1939 }
1940
1941 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1942 {
1943 struct mgmt_rp_pair_device rp;
1944 struct hci_conn *conn = cmd->user_data;
1945
1946 bacpy(&rp.addr.bdaddr, &conn->dst);
1947 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1948
1949 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1950 &rp, sizeof(rp));
1951
1952 /* So we don't get further callbacks for this connection */
1953 conn->connect_cfm_cb = NULL;
1954 conn->security_cfm_cb = NULL;
1955 conn->disconn_cfm_cb = NULL;
1956
1957 hci_conn_put(conn);
1958
1959 mgmt_pending_remove(cmd);
1960 }
1961
1962 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1963 {
1964 struct pending_cmd *cmd;
1965
1966 BT_DBG("status %u", status);
1967
1968 cmd = find_pairing(conn);
1969 if (!cmd)
1970 BT_DBG("Unable to find a pending command");
1971 else
1972 pairing_complete(cmd, mgmt_status(status));
1973 }
1974
1975 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1976 {
1977 struct hci_dev *hdev;
1978 struct mgmt_cp_pair_device *cp = data;
1979 struct mgmt_rp_pair_device rp;
1980 struct pending_cmd *cmd;
1981 u8 sec_level, auth_type;
1982 struct hci_conn *conn;
1983 int err;
1984
1985 BT_DBG("");
1986
1987 if (len != sizeof(*cp))
1988 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1989 MGMT_STATUS_INVALID_PARAMS);
1990
1991 hdev = hci_dev_get(index);
1992 if (!hdev)
1993 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1994 MGMT_STATUS_INVALID_PARAMS);
1995
1996 hci_dev_lock(hdev);
1997
1998 sec_level = BT_SECURITY_MEDIUM;
1999 if (cp->io_cap == 0x03)
2000 auth_type = HCI_AT_DEDICATED_BONDING;
2001 else
2002 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2003
2004 if (cp->addr.type == MGMT_ADDR_BREDR)
2005 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
2006 auth_type);
2007 else
2008 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
2009 auth_type);
2010
2011 memset(&rp, 0, sizeof(rp));
2012 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2013 rp.addr.type = cp->addr.type;
2014
2015 if (IS_ERR(conn)) {
2016 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2017 MGMT_STATUS_CONNECT_FAILED,
2018 &rp, sizeof(rp));
2019 goto unlock;
2020 }
2021
2022 if (conn->connect_cfm_cb) {
2023 hci_conn_put(conn);
2024 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2025 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2026 goto unlock;
2027 }
2028
2029 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2030 if (!cmd) {
2031 err = -ENOMEM;
2032 hci_conn_put(conn);
2033 goto unlock;
2034 }
2035
2036 /* For LE, just connecting isn't a proof that the pairing finished */
2037 if (cp->addr.type == MGMT_ADDR_BREDR)
2038 conn->connect_cfm_cb = pairing_complete_cb;
2039
2040 conn->security_cfm_cb = pairing_complete_cb;
2041 conn->disconn_cfm_cb = pairing_complete_cb;
2042 conn->io_capability = cp->io_cap;
2043 cmd->user_data = conn;
2044
2045 if (conn->state == BT_CONNECTED &&
2046 hci_conn_security(conn, sec_level, auth_type))
2047 pairing_complete(cmd, 0);
2048
2049 err = 0;
2050
2051 unlock:
2052 hci_dev_unlock(hdev);
2053 hci_dev_put(hdev);
2054
2055 return err;
2056 }
2057
2058 static int cancel_pair_device(struct sock *sk, u16 index,
2059 unsigned char *data, u16 len)
2060 {
2061 struct mgmt_addr_info *addr = (void *) data;
2062 struct hci_dev *hdev;
2063 struct pending_cmd *cmd;
2064 struct hci_conn *conn;
2065 int err;
2066
2067 BT_DBG("");
2068
2069 if (len != sizeof(*addr))
2070 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2071 MGMT_STATUS_INVALID_PARAMS);
2072
2073 hdev = hci_dev_get(index);
2074 if (!hdev)
2075 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2076 MGMT_STATUS_INVALID_PARAMS);
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2081 if (!cmd) {
2082 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2083 MGMT_STATUS_INVALID_PARAMS);
2084 goto unlock;
2085 }
2086
2087 conn = cmd->user_data;
2088
2089 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2090 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2091 MGMT_STATUS_INVALID_PARAMS);
2092 goto unlock;
2093 }
2094
2095 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2096
2097 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
2098 sizeof(*addr));
2099 unlock:
2100 hci_dev_unlock(hdev);
2101 hci_dev_put(hdev);
2102
2103 return err;
2104 }
2105
2106 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
2107 u8 type, u16 mgmt_op, u16 hci_op,
2108 __le32 passkey)
2109 {
2110 struct pending_cmd *cmd;
2111 struct hci_dev *hdev;
2112 struct hci_conn *conn;
2113 int err;
2114
2115 hdev = hci_dev_get(index);
2116 if (!hdev)
2117 return cmd_status(sk, index, mgmt_op,
2118 MGMT_STATUS_INVALID_PARAMS);
2119
2120 hci_dev_lock(hdev);
2121
2122 if (!hdev_is_powered(hdev)) {
2123 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2124 goto done;
2125 }
2126
2127 if (type == MGMT_ADDR_BREDR)
2128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2129 else
2130 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2131
2132 if (!conn) {
2133 err = cmd_status(sk, index, mgmt_op,
2134 MGMT_STATUS_NOT_CONNECTED);
2135 goto done;
2136 }
2137
2138 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2139 /* Continue with pairing via SMP */
2140 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2141
2142 if (!err)
2143 err = cmd_status(sk, index, mgmt_op,
2144 MGMT_STATUS_SUCCESS);
2145 else
2146 err = cmd_status(sk, index, mgmt_op,
2147 MGMT_STATUS_FAILED);
2148
2149 goto done;
2150 }
2151
2152 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto done;
2156 }
2157
2158 /* Continue with pairing via HCI */
2159 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2160 struct hci_cp_user_passkey_reply cp;
2161
2162 bacpy(&cp.bdaddr, bdaddr);
2163 cp.passkey = passkey;
2164 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2165 } else
2166 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2167
2168 if (err < 0)
2169 mgmt_pending_remove(cmd);
2170
2171 done:
2172 hci_dev_unlock(hdev);
2173 hci_dev_put(hdev);
2174
2175 return err;
2176 }
2177
2178 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2179 {
2180 struct mgmt_cp_user_confirm_reply *cp = data;
2181
2182 BT_DBG("");
2183
2184 if (len != sizeof(*cp))
2185 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2186 MGMT_STATUS_INVALID_PARAMS);
2187
2188 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2189 MGMT_OP_USER_CONFIRM_REPLY,
2190 HCI_OP_USER_CONFIRM_REPLY, 0);
2191 }
2192
2193 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2194 u16 len)
2195 {
2196 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2197
2198 BT_DBG("");
2199
2200 if (len != sizeof(*cp))
2201 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2202 MGMT_STATUS_INVALID_PARAMS);
2203
2204 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2205 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2206 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2207 }
2208
2209 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2210 {
2211 struct mgmt_cp_user_passkey_reply *cp = data;
2212
2213 BT_DBG("");
2214
2215 if (len != sizeof(*cp))
2216 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2217 EINVAL);
2218
2219 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2220 MGMT_OP_USER_PASSKEY_REPLY,
2221 HCI_OP_USER_PASSKEY_REPLY,
2222 cp->passkey);
2223 }
2224
2225 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2226 u16 len)
2227 {
2228 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2229
2230 BT_DBG("");
2231
2232 if (len != sizeof(*cp))
2233 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2234 EINVAL);
2235
2236 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2237 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2238 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2239 }
2240
2241 static int set_local_name(struct sock *sk, u16 index, void *data,
2242 u16 len)
2243 {
2244 struct mgmt_cp_set_local_name *mgmt_cp = data;
2245 struct hci_cp_write_local_name hci_cp;
2246 struct hci_dev *hdev;
2247 struct pending_cmd *cmd;
2248 int err;
2249
2250 BT_DBG("");
2251
2252 if (len != sizeof(*mgmt_cp))
2253 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2254 MGMT_STATUS_INVALID_PARAMS);
2255
2256 hdev = hci_dev_get(index);
2257 if (!hdev)
2258 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2259 MGMT_STATUS_INVALID_PARAMS);
2260
2261 hci_dev_lock(hdev);
2262
2263 if (!hdev_is_powered(hdev)) {
2264 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2265 MGMT_STATUS_NOT_POWERED);
2266 goto failed;
2267 }
2268
2269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2270 len);
2271 if (!cmd) {
2272 err = -ENOMEM;
2273 goto failed;
2274 }
2275
2276 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2277 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2278 &hci_cp);
2279 if (err < 0)
2280 mgmt_pending_remove(cmd);
2281
2282 failed:
2283 hci_dev_unlock(hdev);
2284 hci_dev_put(hdev);
2285
2286 return err;
2287 }
2288
2289 static int read_local_oob_data(struct sock *sk, u16 index)
2290 {
2291 struct hci_dev *hdev;
2292 struct pending_cmd *cmd;
2293 int err;
2294
2295 BT_DBG("hci%u", index);
2296
2297 hdev = hci_dev_get(index);
2298 if (!hdev)
2299 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2300 MGMT_STATUS_INVALID_PARAMS);
2301
2302 hci_dev_lock(hdev);
2303
2304 if (!hdev_is_powered(hdev)) {
2305 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2306 MGMT_STATUS_NOT_POWERED);
2307 goto unlock;
2308 }
2309
2310 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2311 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2312 MGMT_STATUS_NOT_SUPPORTED);
2313 goto unlock;
2314 }
2315
2316 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2317 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2318 MGMT_STATUS_BUSY);
2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2323 if (!cmd) {
2324 err = -ENOMEM;
2325 goto unlock;
2326 }
2327
2328 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2329 if (err < 0)
2330 mgmt_pending_remove(cmd);
2331
2332 unlock:
2333 hci_dev_unlock(hdev);
2334 hci_dev_put(hdev);
2335
2336 return err;
2337 }
2338
2339 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2340 u16 len)
2341 {
2342 struct hci_dev *hdev;
2343 struct mgmt_cp_add_remote_oob_data *cp = data;
2344 u8 status;
2345 int err;
2346
2347 BT_DBG("hci%u ", index);
2348
2349 if (len != sizeof(*cp))
2350 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2351 MGMT_STATUS_INVALID_PARAMS);
2352
2353 hdev = hci_dev_get(index);
2354 if (!hdev)
2355 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2356 MGMT_STATUS_INVALID_PARAMS,
2357 &cp->addr, sizeof(cp->addr));
2358
2359 hci_dev_lock(hdev);
2360
2361 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2362 cp->randomizer);
2363 if (err < 0)
2364 status = MGMT_STATUS_FAILED;
2365 else
2366 status = 0;
2367
2368 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2369 &cp->addr, sizeof(cp->addr));
2370
2371 hci_dev_unlock(hdev);
2372 hci_dev_put(hdev);
2373
2374 return err;
2375 }
2376
2377 static int remove_remote_oob_data(struct sock *sk, u16 index,
2378 void *data, u16 len)
2379 {
2380 struct hci_dev *hdev;
2381 struct mgmt_cp_remove_remote_oob_data *cp = data;
2382 u8 status;
2383 int err;
2384
2385 BT_DBG("hci%u ", index);
2386
2387 if (len != sizeof(*cp))
2388 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2389 MGMT_STATUS_INVALID_PARAMS);
2390
2391 hdev = hci_dev_get(index);
2392 if (!hdev)
2393 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2394 MGMT_STATUS_INVALID_PARAMS,
2395 &cp->addr, sizeof(cp->addr));
2396
2397 hci_dev_lock(hdev);
2398
2399 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2400 if (err < 0)
2401 status = MGMT_STATUS_INVALID_PARAMS;
2402 else
2403 status = 0;
2404
2405 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2406 &cp->addr, sizeof(cp->addr));
2407
2408 hci_dev_unlock(hdev);
2409 hci_dev_put(hdev);
2410
2411 return err;
2412 }
2413
2414 static int discovery(struct hci_dev *hdev)
2415 {
2416 int err;
2417
2418 if (lmp_host_le_capable(hdev)) {
2419 if (lmp_bredr_capable(hdev)) {
2420 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2421 LE_SCAN_INT, LE_SCAN_WIN,
2422 LE_SCAN_TIMEOUT_BREDR_LE);
2423 } else {
2424 hdev->discovery.type = DISCOV_TYPE_LE;
2425 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2426 LE_SCAN_INT, LE_SCAN_WIN,
2427 LE_SCAN_TIMEOUT_LE_ONLY);
2428 }
2429 } else {
2430 hdev->discovery.type = DISCOV_TYPE_BREDR;
2431 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2432 }
2433
2434 return err;
2435 }
2436
2437 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2438 {
2439 int err;
2440
2441 BT_DBG("%s", hdev->name);
2442
2443 hci_dev_lock(hdev);
2444
2445 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2446 if (err < 0)
2447 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2448
2449 hci_dev_unlock(hdev);
2450
2451 return err;
2452 }
2453
2454 static int start_discovery(struct sock *sk, u16 index,
2455 void *data, u16 len)
2456 {
2457 struct mgmt_cp_start_discovery *cp = data;
2458 struct pending_cmd *cmd;
2459 struct hci_dev *hdev;
2460 int err;
2461
2462 BT_DBG("hci%u", index);
2463
2464 if (len != sizeof(*cp))
2465 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2466 MGMT_STATUS_INVALID_PARAMS);
2467
2468 hdev = hci_dev_get(index);
2469 if (!hdev)
2470 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2471 MGMT_STATUS_INVALID_PARAMS);
2472
2473 hci_dev_lock(hdev);
2474
2475 if (!hdev_is_powered(hdev)) {
2476 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2477 MGMT_STATUS_NOT_POWERED);
2478 goto failed;
2479 }
2480
2481 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2482 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2483 MGMT_STATUS_BUSY);
2484 goto failed;
2485 }
2486
2487 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto failed;
2491 }
2492
2493 hdev->discovery.type = cp->type;
2494
2495 switch (hdev->discovery.type) {
2496 case DISCOV_TYPE_BREDR:
2497 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2498 break;
2499
2500 case DISCOV_TYPE_LE:
2501 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2502 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2503 break;
2504
2505 case DISCOV_TYPE_INTERLEAVED:
2506 err = discovery(hdev);
2507 break;
2508
2509 default:
2510 err = -EINVAL;
2511 }
2512
2513 if (err < 0)
2514 mgmt_pending_remove(cmd);
2515 else
2516 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2517
2518 failed:
2519 hci_dev_unlock(hdev);
2520 hci_dev_put(hdev);
2521
2522 return err;
2523 }
2524
2525 static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
2526 {
2527 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2528 struct hci_dev *hdev;
2529 struct pending_cmd *cmd;
2530 struct hci_cp_remote_name_req_cancel cp;
2531 struct inquiry_entry *e;
2532 int err;
2533
2534 BT_DBG("hci%u", index);
2535
2536 if (len != sizeof(*mgmt_cp))
2537 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2538 MGMT_STATUS_INVALID_PARAMS);
2539
2540 hdev = hci_dev_get(index);
2541 if (!hdev)
2542 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2543 MGMT_STATUS_INVALID_PARAMS);
2544
2545 hci_dev_lock(hdev);
2546
2547 if (!hci_discovery_active(hdev)) {
2548 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2549 MGMT_STATUS_REJECTED,
2550 &mgmt_cp->type, sizeof(mgmt_cp->type));
2551 goto unlock;
2552 }
2553
2554 if (hdev->discovery.type != mgmt_cp->type) {
2555 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2556 MGMT_STATUS_INVALID_PARAMS,
2557 &mgmt_cp->type, sizeof(mgmt_cp->type));
2558 goto unlock;
2559 }
2560
2561 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2562 if (!cmd) {
2563 err = -ENOMEM;
2564 goto unlock;
2565 }
2566
2567 if (hdev->discovery.state == DISCOVERY_FINDING) {
2568 err = hci_cancel_inquiry(hdev);
2569 if (err < 0)
2570 mgmt_pending_remove(cmd);
2571 else
2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2573 goto unlock;
2574 }
2575
2576 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2577 if (!e) {
2578 mgmt_pending_remove(cmd);
2579 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2580 &mgmt_cp->type, sizeof(mgmt_cp->type));
2581 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2582 goto unlock;
2583 }
2584
2585 bacpy(&cp.bdaddr, &e->data.bdaddr);
2586 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2587 sizeof(cp), &cp);
2588 if (err < 0)
2589 mgmt_pending_remove(cmd);
2590 else
2591 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2592
2593 unlock:
2594 hci_dev_unlock(hdev);
2595 hci_dev_put(hdev);
2596
2597 return err;
2598 }
2599
2600 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2601 {
2602 struct mgmt_cp_confirm_name *cp = data;
2603 struct inquiry_entry *e;
2604 struct hci_dev *hdev;
2605 int err;
2606
2607 BT_DBG("hci%u", index);
2608
2609 if (len != sizeof(*cp))
2610 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2611 MGMT_STATUS_INVALID_PARAMS);
2612
2613 hdev = hci_dev_get(index);
2614 if (!hdev)
2615 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2616 MGMT_STATUS_INVALID_PARAMS);
2617
2618 hci_dev_lock(hdev);
2619
2620 if (!hci_discovery_active(hdev)) {
2621 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2622 MGMT_STATUS_FAILED);
2623 goto failed;
2624 }
2625
2626 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2627 if (!e) {
2628 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2629 MGMT_STATUS_INVALID_PARAMS);
2630 goto failed;
2631 }
2632
2633 if (cp->name_known) {
2634 e->name_state = NAME_KNOWN;
2635 list_del(&e->list);
2636 } else {
2637 e->name_state = NAME_NEEDED;
2638 hci_inquiry_cache_update_resolve(hdev, e);
2639 }
2640
2641 err = 0;
2642
2643 failed:
2644 hci_dev_unlock(hdev);
2645
2646 return err;
2647 }
2648
2649 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2650 {
2651 struct hci_dev *hdev;
2652 struct mgmt_cp_block_device *cp = data;
2653 u8 status;
2654 int err;
2655
2656 BT_DBG("hci%u", index);
2657
2658 if (len != sizeof(*cp))
2659 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2660 MGMT_STATUS_INVALID_PARAMS);
2661
2662 hdev = hci_dev_get(index);
2663 if (!hdev)
2664 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2665 MGMT_STATUS_INVALID_PARAMS,
2666 &cp->addr, sizeof(cp->addr));
2667
2668 hci_dev_lock(hdev);
2669
2670 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2671 if (err < 0)
2672 status = MGMT_STATUS_FAILED;
2673 else
2674 status = 0;
2675
2676 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2677 &cp->addr, sizeof(cp->addr));
2678
2679 hci_dev_unlock(hdev);
2680 hci_dev_put(hdev);
2681
2682 return err;
2683 }
2684
2685 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2686 {
2687 struct hci_dev *hdev;
2688 struct mgmt_cp_unblock_device *cp = data;
2689 u8 status;
2690 int err;
2691
2692 BT_DBG("hci%u", index);
2693
2694 if (len != sizeof(*cp))
2695 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2696 MGMT_STATUS_INVALID_PARAMS);
2697
2698 hdev = hci_dev_get(index);
2699 if (!hdev)
2700 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2701 MGMT_STATUS_INVALID_PARAMS,
2702 &cp->addr, sizeof(cp->addr));
2703
2704 hci_dev_lock(hdev);
2705
2706 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2707 if (err < 0)
2708 status = MGMT_STATUS_INVALID_PARAMS;
2709 else
2710 status = 0;
2711
2712 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2713 &cp->addr, sizeof(cp->addr));
2714
2715 hci_dev_unlock(hdev);
2716 hci_dev_put(hdev);
2717
2718 return err;
2719 }
2720
2721 static int set_fast_connectable(struct sock *sk, u16 index,
2722 void *data, u16 len)
2723 {
2724 struct hci_dev *hdev;
2725 struct mgmt_mode *cp = data;
2726 struct hci_cp_write_page_scan_activity acp;
2727 u8 type;
2728 int err;
2729
2730 BT_DBG("hci%u", index);
2731
2732 if (len != sizeof(*cp))
2733 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2734 MGMT_STATUS_INVALID_PARAMS);
2735
2736 hdev = hci_dev_get(index);
2737 if (!hdev)
2738 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2739 MGMT_STATUS_INVALID_PARAMS);
2740 if (!hdev_is_powered(hdev))
2741 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2742 MGMT_STATUS_NOT_POWERED);
2743
2744 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2745 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2746 MGMT_STATUS_REJECTED);
2747
2748 hci_dev_lock(hdev);
2749
2750 if (cp->val) {
2751 type = PAGE_SCAN_TYPE_INTERLACED;
2752 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2753 } else {
2754 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2755 acp.interval = 0x0800; /* default 1.28 sec page scan */
2756 }
2757
2758 acp.window = 0x0012; /* default 11.25 msec page scan window */
2759
2760 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2761 sizeof(acp), &acp);
2762 if (err < 0) {
2763 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2764 MGMT_STATUS_FAILED);
2765 goto done;
2766 }
2767
2768 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2769 if (err < 0) {
2770 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2771 MGMT_STATUS_FAILED);
2772 goto done;
2773 }
2774
2775 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2776 NULL, 0);
2777 done:
2778 hci_dev_unlock(hdev);
2779 hci_dev_put(hdev);
2780
2781 return err;
2782 }
2783
2784 static int load_long_term_keys(struct sock *sk, u16 index,
2785 void *cp_data, u16 len)
2786 {
2787 struct hci_dev *hdev;
2788 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2789 u16 key_count, expected_len;
2790 int i;
2791
2792 if (len < sizeof(*cp))
2793 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2794 EINVAL);
2795
2796 key_count = get_unaligned_le16(&cp->key_count);
2797
2798 expected_len = sizeof(*cp) + key_count *
2799 sizeof(struct mgmt_ltk_info);
2800 if (expected_len != len) {
2801 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2802 len, expected_len);
2803 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2804 EINVAL);
2805 }
2806
2807 hdev = hci_dev_get(index);
2808 if (!hdev)
2809 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2810 ENODEV);
2811
2812 BT_DBG("hci%u key_count %u", index, key_count);
2813
2814 hci_dev_lock(hdev);
2815
2816 hci_smp_ltks_clear(hdev);
2817
2818 for (i = 0; i < key_count; i++) {
2819 struct mgmt_ltk_info *key = &cp->keys[i];
2820 u8 type;
2821
2822 if (key->master)
2823 type = HCI_SMP_LTK;
2824 else
2825 type = HCI_SMP_LTK_SLAVE;
2826
2827 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2828 type, 0, key->authenticated, key->val,
2829 key->enc_size, key->ediv, key->rand);
2830 }
2831
2832 hci_dev_unlock(hdev);
2833 hci_dev_put(hdev);
2834
2835 return 0;
2836 }
2837
2838 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2839 {
2840 void *buf;
2841 u8 *cp;
2842 struct mgmt_hdr *hdr;
2843 u16 opcode, index, len;
2844 int err;
2845
2846 BT_DBG("got %zu bytes", msglen);
2847
2848 if (msglen < sizeof(*hdr))
2849 return -EINVAL;
2850
2851 buf = kmalloc(msglen, GFP_KERNEL);
2852 if (!buf)
2853 return -ENOMEM;
2854
2855 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2856 err = -EFAULT;
2857 goto done;
2858 }
2859
2860 hdr = buf;
2861 opcode = get_unaligned_le16(&hdr->opcode);
2862 index = get_unaligned_le16(&hdr->index);
2863 len = get_unaligned_le16(&hdr->len);
2864
2865 if (len != msglen - sizeof(*hdr)) {
2866 err = -EINVAL;
2867 goto done;
2868 }
2869
2870 cp = buf + sizeof(*hdr);
2871
2872 switch (opcode) {
2873 case MGMT_OP_READ_VERSION:
2874 err = read_version(sk);
2875 break;
2876 case MGMT_OP_READ_COMMANDS:
2877 err = read_commands(sk);
2878 break;
2879 case MGMT_OP_READ_INDEX_LIST:
2880 err = read_index_list(sk);
2881 break;
2882 case MGMT_OP_READ_INFO:
2883 err = read_controller_info(sk, index);
2884 break;
2885 case MGMT_OP_SET_POWERED:
2886 err = set_powered(sk, index, cp, len);
2887 break;
2888 case MGMT_OP_SET_DISCOVERABLE:
2889 err = set_discoverable(sk, index, cp, len);
2890 break;
2891 case MGMT_OP_SET_CONNECTABLE:
2892 err = set_connectable(sk, index, cp, len);
2893 break;
2894 case MGMT_OP_SET_FAST_CONNECTABLE:
2895 err = set_fast_connectable(sk, index, cp, len);
2896 break;
2897 case MGMT_OP_SET_PAIRABLE:
2898 err = set_pairable(sk, index, cp, len);
2899 break;
2900 case MGMT_OP_SET_LINK_SECURITY:
2901 err = set_link_security(sk, index, cp, len);
2902 break;
2903 case MGMT_OP_SET_SSP:
2904 err = set_ssp(sk, index, cp, len);
2905 break;
2906 case MGMT_OP_SET_HS:
2907 err = set_hs(sk, index, cp, len);
2908 break;
2909 case MGMT_OP_SET_LE:
2910 err = set_le(sk, index, cp, len);
2911 break;
2912 case MGMT_OP_ADD_UUID:
2913 err = add_uuid(sk, index, cp, len);
2914 break;
2915 case MGMT_OP_REMOVE_UUID:
2916 err = remove_uuid(sk, index, cp, len);
2917 break;
2918 case MGMT_OP_SET_DEV_CLASS:
2919 err = set_dev_class(sk, index, cp, len);
2920 break;
2921 case MGMT_OP_LOAD_LINK_KEYS:
2922 err = load_link_keys(sk, index, cp, len);
2923 break;
2924 case MGMT_OP_DISCONNECT:
2925 err = disconnect(sk, index, cp, len);
2926 break;
2927 case MGMT_OP_GET_CONNECTIONS:
2928 err = get_connections(sk, index);
2929 break;
2930 case MGMT_OP_PIN_CODE_REPLY:
2931 err = pin_code_reply(sk, index, cp, len);
2932 break;
2933 case MGMT_OP_PIN_CODE_NEG_REPLY:
2934 err = pin_code_neg_reply(sk, index, cp, len);
2935 break;
2936 case MGMT_OP_SET_IO_CAPABILITY:
2937 err = set_io_capability(sk, index, cp, len);
2938 break;
2939 case MGMT_OP_PAIR_DEVICE:
2940 err = pair_device(sk, index, cp, len);
2941 break;
2942 case MGMT_OP_CANCEL_PAIR_DEVICE:
2943 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2944 break;
2945 case MGMT_OP_UNPAIR_DEVICE:
2946 err = unpair_device(sk, index, cp, len);
2947 break;
2948 case MGMT_OP_USER_CONFIRM_REPLY:
2949 err = user_confirm_reply(sk, index, cp, len);
2950 break;
2951 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2952 err = user_confirm_neg_reply(sk, index, cp, len);
2953 break;
2954 case MGMT_OP_USER_PASSKEY_REPLY:
2955 err = user_passkey_reply(sk, index, cp, len);
2956 break;
2957 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2958 err = user_passkey_neg_reply(sk, index, cp, len);
2959 break;
2960 case MGMT_OP_SET_LOCAL_NAME:
2961 err = set_local_name(sk, index, cp, len);
2962 break;
2963 case MGMT_OP_READ_LOCAL_OOB_DATA:
2964 err = read_local_oob_data(sk, index);
2965 break;
2966 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2967 err = add_remote_oob_data(sk, index, cp, len);
2968 break;
2969 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2970 err = remove_remote_oob_data(sk, index, cp, len);
2971 break;
2972 case MGMT_OP_START_DISCOVERY:
2973 err = start_discovery(sk, index, cp, len);
2974 break;
2975 case MGMT_OP_STOP_DISCOVERY:
2976 err = stop_discovery(sk, index, cp, len);
2977 break;
2978 case MGMT_OP_CONFIRM_NAME:
2979 err = confirm_name(sk, index, cp, len);
2980 break;
2981 case MGMT_OP_BLOCK_DEVICE:
2982 err = block_device(sk, index, cp, len);
2983 break;
2984 case MGMT_OP_UNBLOCK_DEVICE:
2985 err = unblock_device(sk, index, cp, len);
2986 break;
2987 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2988 err = load_long_term_keys(sk, index, cp, len);
2989 break;
2990 default:
2991 BT_DBG("Unknown op %u", opcode);
2992 err = cmd_status(sk, index, opcode,
2993 MGMT_STATUS_UNKNOWN_COMMAND);
2994 break;
2995 }
2996
2997 if (err < 0)
2998 goto done;
2999
3000 err = msglen;
3001
3002 done:
3003 kfree(buf);
3004 return err;
3005 }
3006
3007 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3008 {
3009 u8 *status = data;
3010
3011 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3012 mgmt_pending_remove(cmd);
3013 }
3014
3015 int mgmt_index_added(struct hci_dev *hdev)
3016 {
3017 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3018 }
3019
3020 int mgmt_index_removed(struct hci_dev *hdev)
3021 {
3022 u8 status = ENODEV;
3023
3024 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3025
3026 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3027 }
3028
3029 struct cmd_lookup {
3030 struct sock *sk;
3031 struct hci_dev *hdev;
3032 };
3033
3034 static void settings_rsp(struct pending_cmd *cmd, void *data)
3035 {
3036 struct cmd_lookup *match = data;
3037
3038 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3039
3040 list_del(&cmd->list);
3041
3042 if (match->sk == NULL) {
3043 match->sk = cmd->sk;
3044 sock_hold(match->sk);
3045 }
3046
3047 mgmt_pending_free(cmd);
3048 }
3049
3050 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3051 {
3052 struct cmd_lookup match = { NULL, hdev };
3053 int err;
3054
3055 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3056 return 0;
3057
3058 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3059
3060 if (powered) {
3061 u8 scan = 0;
3062
3063 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3064 scan |= SCAN_PAGE;
3065 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3066 scan |= SCAN_INQUIRY;
3067
3068 if (scan)
3069 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3070 } else {
3071 u8 status = ENETDOWN;
3072 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3073 }
3074
3075 err = new_settings(hdev, match.sk);
3076
3077 if (match.sk)
3078 sock_put(match.sk);
3079
3080 return err;
3081 }
3082
3083 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3084 {
3085 struct cmd_lookup match = { NULL, hdev };
3086 bool changed = false;
3087 int err = 0;
3088
3089 if (discoverable) {
3090 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3091 changed = true;
3092 } else {
3093 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3094 changed = true;
3095 }
3096
3097 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3098 &match);
3099
3100 if (changed)
3101 err = new_settings(hdev, match.sk);
3102
3103 if (match.sk)
3104 sock_put(match.sk);
3105
3106 return err;
3107 }
3108
3109 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3110 {
3111 struct cmd_lookup match = { NULL, hdev };
3112 bool changed = false;
3113 int err = 0;
3114
3115 if (connectable) {
3116 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3117 changed = true;
3118 } else {
3119 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3120 changed = true;
3121 }
3122
3123 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3124 &match);
3125
3126 if (changed)
3127 err = new_settings(hdev, match.sk);
3128
3129 if (match.sk)
3130 sock_put(match.sk);
3131
3132 return err;
3133 }
3134
3135 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3136 {
3137 u8 mgmt_err = mgmt_status(status);
3138
3139 if (scan & SCAN_PAGE)
3140 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3141 cmd_status_rsp, &mgmt_err);
3142
3143 if (scan & SCAN_INQUIRY)
3144 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3145 cmd_status_rsp, &mgmt_err);
3146
3147 return 0;
3148 }
3149
3150 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3151 u8 persistent)
3152 {
3153 struct mgmt_ev_new_link_key ev;
3154
3155 memset(&ev, 0, sizeof(ev));
3156
3157 ev.store_hint = persistent;
3158 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3159 ev.key.addr.type = MGMT_ADDR_BREDR;
3160 ev.key.type = key->type;
3161 memcpy(ev.key.val, key->val, 16);
3162 ev.key.pin_len = key->pin_len;
3163
3164 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3165 }
3166
3167 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3168 {
3169 struct mgmt_ev_new_long_term_key ev;
3170
3171 memset(&ev, 0, sizeof(ev));
3172
3173 ev.store_hint = persistent;
3174 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3175 ev.key.addr.type = key->bdaddr_type;
3176 ev.key.authenticated = key->authenticated;
3177 ev.key.enc_size = key->enc_size;
3178 ev.key.ediv = key->ediv;
3179
3180 if (key->type == HCI_SMP_LTK)
3181 ev.key.master = 1;
3182
3183 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3184 memcpy(ev.key.val, key->val, sizeof(key->val));
3185
3186 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3187 &ev, sizeof(ev), NULL);
3188 }
3189
3190 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3191 u8 addr_type, u8 *name, u8 name_len,
3192 u8 *dev_class)
3193 {
3194 char buf[512];
3195 struct mgmt_ev_device_connected *ev = (void *) buf;
3196 u16 eir_len = 0;
3197
3198 bacpy(&ev->addr.bdaddr, bdaddr);
3199 ev->addr.type = link_to_mgmt(link_type, addr_type);
3200
3201 if (name_len > 0)
3202 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3203 name, name_len);
3204
3205 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3206 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3207 EIR_CLASS_OF_DEV, dev_class, 3);
3208
3209 put_unaligned_le16(eir_len, &ev->eir_len);
3210
3211 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3212 sizeof(*ev) + eir_len, NULL);
3213 }
3214
3215 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3216 {
3217 struct mgmt_cp_disconnect *cp = cmd->param;
3218 struct sock **sk = data;
3219 struct mgmt_rp_disconnect rp;
3220
3221 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3222 rp.addr.type = cp->addr.type;
3223
3224 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3225 sizeof(rp));
3226
3227 *sk = cmd->sk;
3228 sock_hold(*sk);
3229
3230 mgmt_pending_remove(cmd);
3231 }
3232
3233 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3234 {
3235 struct hci_dev *hdev = data;
3236 struct mgmt_cp_unpair_device *cp = cmd->param;
3237 struct mgmt_rp_unpair_device rp;
3238
3239 memset(&rp, 0, sizeof(rp));
3240 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3241 rp.addr.type = cp->addr.type;
3242
3243 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3244
3245 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3246
3247 mgmt_pending_remove(cmd);
3248 }
3249
3250 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3251 u8 link_type, u8 addr_type)
3252 {
3253 struct mgmt_addr_info ev;
3254 struct sock *sk = NULL;
3255 int err;
3256
3257 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3258
3259 bacpy(&ev.bdaddr, bdaddr);
3260 ev.type = link_to_mgmt(link_type, addr_type);
3261
3262 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3263 sk);
3264
3265 if (sk)
3266 sock_put(sk);
3267
3268 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3269 hdev);
3270
3271 return err;
3272 }
3273
3274 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3275 u8 link_type, u8 addr_type, u8 status)
3276 {
3277 struct mgmt_rp_disconnect rp;
3278 struct pending_cmd *cmd;
3279 int err;
3280
3281 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3282 if (!cmd)
3283 return -ENOENT;
3284
3285 bacpy(&rp.addr.bdaddr, bdaddr);
3286 rp.addr.type = link_to_mgmt(link_type, addr_type);
3287
3288 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3289 mgmt_status(status), &rp, sizeof(rp));
3290
3291 mgmt_pending_remove(cmd);
3292
3293 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3294 hdev);
3295 return err;
3296 }
3297
3298 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3299 u8 addr_type, u8 status)
3300 {
3301 struct mgmt_ev_connect_failed ev;
3302
3303 bacpy(&ev.addr.bdaddr, bdaddr);
3304 ev.addr.type = link_to_mgmt(link_type, addr_type);
3305 ev.status = mgmt_status(status);
3306
3307 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3308 }
3309
3310 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3311 {
3312 struct mgmt_ev_pin_code_request ev;
3313
3314 bacpy(&ev.addr.bdaddr, bdaddr);
3315 ev.addr.type = MGMT_ADDR_BREDR;
3316 ev.secure = secure;
3317
3318 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3319 NULL);
3320 }
3321
3322 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3323 u8 status)
3324 {
3325 struct pending_cmd *cmd;
3326 struct mgmt_rp_pin_code_reply rp;
3327 int err;
3328
3329 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3330 if (!cmd)
3331 return -ENOENT;
3332
3333 bacpy(&rp.addr.bdaddr, bdaddr);
3334 rp.addr.type = MGMT_ADDR_BREDR;
3335
3336 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3337 mgmt_status(status), &rp, sizeof(rp));
3338
3339 mgmt_pending_remove(cmd);
3340
3341 return err;
3342 }
3343
3344 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3345 u8 status)
3346 {
3347 struct pending_cmd *cmd;
3348 struct mgmt_rp_pin_code_reply rp;
3349 int err;
3350
3351 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3352 if (!cmd)
3353 return -ENOENT;
3354
3355 bacpy(&rp.addr.bdaddr, bdaddr);
3356 rp.addr.type = MGMT_ADDR_BREDR;
3357
3358 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3359 mgmt_status(status), &rp, sizeof(rp));
3360
3361 mgmt_pending_remove(cmd);
3362
3363 return err;
3364 }
3365
3366 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3367 u8 link_type, u8 addr_type, __le32 value,
3368 u8 confirm_hint)
3369 {
3370 struct mgmt_ev_user_confirm_request ev;
3371
3372 BT_DBG("%s", hdev->name);
3373
3374 bacpy(&ev.addr.bdaddr, bdaddr);
3375 ev.addr.type = link_to_mgmt(link_type, addr_type);
3376 ev.confirm_hint = confirm_hint;
3377 put_unaligned_le32(value, &ev.value);
3378
3379 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3380 NULL);
3381 }
3382
3383 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3384 u8 link_type, u8 addr_type)
3385 {
3386 struct mgmt_ev_user_passkey_request ev;
3387
3388 BT_DBG("%s", hdev->name);
3389
3390 bacpy(&ev.addr.bdaddr, bdaddr);
3391 ev.addr.type = link_to_mgmt(link_type, addr_type);
3392
3393 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3394 NULL);
3395 }
3396
3397 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3398 u8 link_type, u8 addr_type, u8 status,
3399 u8 opcode)
3400 {
3401 struct pending_cmd *cmd;
3402 struct mgmt_rp_user_confirm_reply rp;
3403 int err;
3404
3405 cmd = mgmt_pending_find(opcode, hdev);
3406 if (!cmd)
3407 return -ENOENT;
3408
3409 bacpy(&rp.addr.bdaddr, bdaddr);
3410 rp.addr.type = link_to_mgmt(link_type, addr_type);
3411 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3412 &rp, sizeof(rp));
3413
3414 mgmt_pending_remove(cmd);
3415
3416 return err;
3417 }
3418
3419 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3420 u8 link_type, u8 addr_type, u8 status)
3421 {
3422 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3423 status, MGMT_OP_USER_CONFIRM_REPLY);
3424 }
3425
3426 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3427 u8 link_type, u8 addr_type, u8 status)
3428 {
3429 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3430 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3431 }
3432
3433 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3434 u8 link_type, u8 addr_type, u8 status)
3435 {
3436 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3437 status, MGMT_OP_USER_PASSKEY_REPLY);
3438 }
3439
3440 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3441 u8 link_type, u8 addr_type, u8 status)
3442 {
3443 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3444 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3445 }
3446
3447 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3448 u8 addr_type, u8 status)
3449 {
3450 struct mgmt_ev_auth_failed ev;
3451
3452 bacpy(&ev.addr.bdaddr, bdaddr);
3453 ev.addr.type = link_to_mgmt(link_type, addr_type);
3454 ev.status = mgmt_status(status);
3455
3456 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3457 }
3458
3459 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3460 {
3461 struct cmd_lookup match = { NULL, hdev };
3462 bool changed = false;
3463 int err = 0;
3464
3465 if (status) {
3466 u8 mgmt_err = mgmt_status(status);
3467 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3468 cmd_status_rsp, &mgmt_err);
3469 return 0;
3470 }
3471
3472 if (test_bit(HCI_AUTH, &hdev->flags)) {
3473 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3474 changed = true;
3475 } else {
3476 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3477 changed = true;
3478 }
3479
3480 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3481 &match);
3482
3483 if (changed)
3484 err = new_settings(hdev, match.sk);
3485
3486 if (match.sk)
3487 sock_put(match.sk);
3488
3489 return err;
3490 }
3491
3492 static int clear_eir(struct hci_dev *hdev)
3493 {
3494 struct hci_cp_write_eir cp;
3495
3496 if (!(hdev->features[6] & LMP_EXT_INQ))
3497 return 0;
3498
3499 memset(hdev->eir, 0, sizeof(hdev->eir));
3500
3501 memset(&cp, 0, sizeof(cp));
3502
3503 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3504 }
3505
3506 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3507 {
3508 struct cmd_lookup match = { NULL, hdev };
3509 bool changed = false;
3510 int err = 0;
3511
3512 if (status) {
3513 u8 mgmt_err = mgmt_status(status);
3514
3515 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3516 &hdev->dev_flags))
3517 err = new_settings(hdev, NULL);
3518
3519 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3520 cmd_status_rsp, &mgmt_err);
3521
3522 return err;
3523 }
3524
3525 if (enable) {
3526 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3527 changed = true;
3528 } else {
3529 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3530 changed = true;
3531 }
3532
3533 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3534
3535 if (changed)
3536 err = new_settings(hdev, match.sk);
3537
3538 if (match.sk)
3539 sock_put(match.sk);
3540
3541 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3542 update_eir(hdev);
3543 else
3544 clear_eir(hdev);
3545
3546 return err;
3547 }
3548
3549 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3550 {
3551 struct pending_cmd *cmd;
3552 struct mgmt_cp_set_local_name ev;
3553 int err;
3554
3555 memset(&ev, 0, sizeof(ev));
3556 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3557
3558 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3559 if (!cmd)
3560 goto send_event;
3561
3562 if (status) {
3563 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3564 mgmt_status(status));
3565 goto failed;
3566 }
3567
3568 update_eir(hdev);
3569
3570 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3571 sizeof(ev));
3572 if (err < 0)
3573 goto failed;
3574
3575 send_event:
3576 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3577 cmd ? cmd->sk : NULL);
3578 update_eir(hdev);
3579
3580 failed:
3581 if (cmd)
3582 mgmt_pending_remove(cmd);
3583 return err;
3584 }
3585
3586 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3587 u8 *randomizer, u8 status)
3588 {
3589 struct pending_cmd *cmd;
3590 int err;
3591
3592 BT_DBG("%s status %u", hdev->name, status);
3593
3594 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3595 if (!cmd)
3596 return -ENOENT;
3597
3598 if (status) {
3599 err = cmd_status(cmd->sk, hdev->id,
3600 MGMT_OP_READ_LOCAL_OOB_DATA,
3601 mgmt_status(status));
3602 } else {
3603 struct mgmt_rp_read_local_oob_data rp;
3604
3605 memcpy(rp.hash, hash, sizeof(rp.hash));
3606 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3607
3608 err = cmd_complete(cmd->sk, hdev->id,
3609 MGMT_OP_READ_LOCAL_OOB_DATA,
3610 0, &rp, sizeof(rp));
3611 }
3612
3613 mgmt_pending_remove(cmd);
3614
3615 return err;
3616 }
3617
3618 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3619 {
3620 struct cmd_lookup match = { NULL, hdev };
3621 bool changed = false;
3622 int err = 0;
3623
3624 if (status) {
3625 u8 mgmt_err = mgmt_status(status);
3626
3627 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3628 &hdev->dev_flags))
3629 err = new_settings(hdev, NULL);
3630
3631 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3632 cmd_status_rsp, &mgmt_err);
3633
3634 return err;
3635 }
3636
3637 if (enable) {
3638 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3639 changed = true;
3640 } else {
3641 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3642 changed = true;
3643 }
3644
3645 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3646
3647 if (changed)
3648 err = new_settings(hdev, match.sk);
3649
3650 if (match.sk)
3651 sock_put(match.sk);
3652
3653 return err;
3654 }
3655
3656 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3657 u8 addr_type, u8 *dev_class, s8 rssi,
3658 u8 cfm_name, u8 *eir, u16 eir_len)
3659 {
3660 char buf[512];
3661 struct mgmt_ev_device_found *ev = (void *) buf;
3662 size_t ev_size;
3663
3664 /* Leave 5 bytes for a potential CoD field */
3665 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3666 return -EINVAL;
3667
3668 memset(buf, 0, sizeof(buf));
3669
3670 bacpy(&ev->addr.bdaddr, bdaddr);
3671 ev->addr.type = link_to_mgmt(link_type, addr_type);
3672 ev->rssi = rssi;
3673 ev->confirm_name = cfm_name;
3674
3675 if (eir_len > 0)
3676 memcpy(ev->eir, eir, eir_len);
3677
3678 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3679 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3680 dev_class, 3);
3681
3682 put_unaligned_le16(eir_len, &ev->eir_len);
3683
3684 ev_size = sizeof(*ev) + eir_len;
3685
3686 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3687 }
3688
3689 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3690 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3691 {
3692 struct mgmt_ev_device_found *ev;
3693 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3694 u16 eir_len;
3695
3696 ev = (struct mgmt_ev_device_found *) buf;
3697
3698 memset(buf, 0, sizeof(buf));
3699
3700 bacpy(&ev->addr.bdaddr, bdaddr);
3701 ev->addr.type = link_to_mgmt(link_type, addr_type);
3702 ev->rssi = rssi;
3703
3704 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3705 name_len);
3706
3707 put_unaligned_le16(eir_len, &ev->eir_len);
3708
3709 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3710 sizeof(*ev) + eir_len, NULL);
3711 }
3712
3713 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3714 {
3715 struct pending_cmd *cmd;
3716 u8 type;
3717 int err;
3718
3719 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3720
3721 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3722 if (!cmd)
3723 return -ENOENT;
3724
3725 type = hdev->discovery.type;
3726
3727 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3728 &type, sizeof(type));
3729 mgmt_pending_remove(cmd);
3730
3731 return err;
3732 }
3733
3734 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3735 {
3736 struct pending_cmd *cmd;
3737 int err;
3738
3739 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3740 if (!cmd)
3741 return -ENOENT;
3742
3743 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3744 &hdev->discovery.type,
3745 sizeof(hdev->discovery.type));
3746 mgmt_pending_remove(cmd);
3747
3748 return err;
3749 }
3750
3751 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3752 {
3753 struct mgmt_ev_discovering ev;
3754 struct pending_cmd *cmd;
3755
3756 BT_DBG("%s discovering %u", hdev->name, discovering);
3757
3758 if (discovering)
3759 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3760 else
3761 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3762
3763 if (cmd != NULL) {
3764 u8 type = hdev->discovery.type;
3765
3766 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3767 &type, sizeof(type));
3768 mgmt_pending_remove(cmd);
3769 }
3770
3771 memset(&ev, 0, sizeof(ev));
3772 ev.type = hdev->discovery.type;
3773 ev.discovering = discovering;
3774
3775 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3776 }
3777
3778 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3779 {
3780 struct pending_cmd *cmd;
3781 struct mgmt_ev_device_blocked ev;
3782
3783 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3784
3785 bacpy(&ev.addr.bdaddr, bdaddr);
3786 ev.addr.type = type;
3787
3788 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3789 cmd ? cmd->sk : NULL);
3790 }
3791
3792 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3793 {
3794 struct pending_cmd *cmd;
3795 struct mgmt_ev_device_unblocked ev;
3796
3797 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3798
3799 bacpy(&ev.addr.bdaddr, bdaddr);
3800 ev.addr.type = type;
3801
3802 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3803 cmd ? cmd->sk : NULL);
3804 }
3805
3806 module_param(enable_hs, bool, 0644);
3807 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3808
3809 module_param(enable_le, bool, 0644);
3810 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.217146 seconds and 6 git commands to generate.