2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
35 #ifdef CONFIG_TIZEN_WIP
36 #include <net/bluetooth/mgmt_tizen.h>
37 #include <net/bluetooth/sco.h>
39 #include "hci_request.h"
42 #define MGMT_VERSION 1
43 #define MGMT_REVISION 8
45 #ifdef CONFIG_TIZEN_WIP
47 #define U16_MAX ((u16)~0U)
51 static const u16 mgmt_commands[] = {
52 MGMT_OP_READ_INDEX_LIST,
55 MGMT_OP_SET_DISCOVERABLE,
56 MGMT_OP_SET_CONNECTABLE,
57 MGMT_OP_SET_FAST_CONNECTABLE,
59 MGMT_OP_SET_LINK_SECURITY,
63 MGMT_OP_SET_DEV_CLASS,
64 MGMT_OP_SET_LOCAL_NAME,
67 MGMT_OP_LOAD_LINK_KEYS,
68 MGMT_OP_LOAD_LONG_TERM_KEYS,
70 MGMT_OP_GET_CONNECTIONS,
71 MGMT_OP_PIN_CODE_REPLY,
72 MGMT_OP_PIN_CODE_NEG_REPLY,
73 MGMT_OP_SET_IO_CAPABILITY,
75 MGMT_OP_CANCEL_PAIR_DEVICE,
76 MGMT_OP_UNPAIR_DEVICE,
77 MGMT_OP_USER_CONFIRM_REPLY,
78 MGMT_OP_USER_CONFIRM_NEG_REPLY,
79 MGMT_OP_USER_PASSKEY_REPLY,
80 MGMT_OP_USER_PASSKEY_NEG_REPLY,
81 MGMT_OP_READ_LOCAL_OOB_DATA,
82 MGMT_OP_ADD_REMOTE_OOB_DATA,
83 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
84 MGMT_OP_START_DISCOVERY,
85 MGMT_OP_STOP_DISCOVERY,
88 MGMT_OP_UNBLOCK_DEVICE,
89 MGMT_OP_SET_DEVICE_ID,
90 MGMT_OP_SET_ADVERTISING,
92 MGMT_OP_SET_STATIC_ADDRESS,
93 MGMT_OP_SET_SCAN_PARAMS,
94 MGMT_OP_SET_SECURE_CONN,
95 MGMT_OP_SET_DEBUG_KEYS,
98 MGMT_OP_GET_CONN_INFO,
99 MGMT_OP_GET_CLOCK_INFO,
101 MGMT_OP_REMOVE_DEVICE,
102 MGMT_OP_LOAD_CONN_PARAM,
103 MGMT_OP_READ_UNCONF_INDEX_LIST,
104 MGMT_OP_READ_CONFIG_INFO,
105 MGMT_OP_SET_EXTERNAL_CONFIG,
106 MGMT_OP_SET_PUBLIC_ADDRESS,
107 MGMT_OP_START_SERVICE_DISCOVERY,
110 static const u16 mgmt_events[] = {
111 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_REMOVED,
114 MGMT_EV_NEW_SETTINGS,
115 MGMT_EV_CLASS_OF_DEV_CHANGED,
116 MGMT_EV_LOCAL_NAME_CHANGED,
117 MGMT_EV_NEW_LINK_KEY,
118 MGMT_EV_NEW_LONG_TERM_KEY,
119 MGMT_EV_DEVICE_CONNECTED,
120 MGMT_EV_DEVICE_DISCONNECTED,
121 MGMT_EV_CONNECT_FAILED,
122 MGMT_EV_PIN_CODE_REQUEST,
123 MGMT_EV_USER_CONFIRM_REQUEST,
124 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DEVICE_BLOCKED,
129 MGMT_EV_DEVICE_UNBLOCKED,
130 MGMT_EV_DEVICE_UNPAIRED,
131 MGMT_EV_PASSKEY_NOTIFY,
134 MGMT_EV_DEVICE_ADDED,
135 MGMT_EV_DEVICE_REMOVED,
136 MGMT_EV_NEW_CONN_PARAM,
137 MGMT_EV_UNCONF_INDEX_ADDED,
138 MGMT_EV_UNCONF_INDEX_REMOVED,
139 MGMT_EV_NEW_CONFIG_OPTIONS,
142 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
144 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
145 "\x00\x00\x00\x00\x00\x00\x00\x00"
148 struct list_head list;
155 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
158 /* HCI to MGMT error code conversion table */
159 static u8 mgmt_status_table[] = {
161 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
162 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
163 MGMT_STATUS_FAILED, /* Hardware Failure */
164 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
165 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
166 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
167 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
168 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
169 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
170 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
171 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
172 MGMT_STATUS_BUSY, /* Command Disallowed */
173 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
174 MGMT_STATUS_REJECTED, /* Rejected Security */
175 MGMT_STATUS_REJECTED, /* Rejected Personal */
176 MGMT_STATUS_TIMEOUT, /* Host Timeout */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
178 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
179 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
180 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
181 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
182 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
183 MGMT_STATUS_BUSY, /* Repeated Attempts */
184 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
185 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
187 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
188 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
189 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
191 MGMT_STATUS_FAILED, /* Unspecified Error */
192 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
193 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
194 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
195 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
196 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
197 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
198 MGMT_STATUS_FAILED, /* Unit Link Key Used */
199 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
200 MGMT_STATUS_TIMEOUT, /* Instant Passed */
201 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
202 MGMT_STATUS_FAILED, /* Transaction Collision */
203 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
204 MGMT_STATUS_REJECTED, /* QoS Rejected */
205 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
206 MGMT_STATUS_REJECTED, /* Insufficient Security */
207 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
208 MGMT_STATUS_BUSY, /* Role Switch Pending */
209 MGMT_STATUS_FAILED, /* Slot Violation */
210 MGMT_STATUS_FAILED, /* Role Switch Failed */
211 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
212 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
213 MGMT_STATUS_BUSY, /* Host Busy Pairing */
214 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
215 MGMT_STATUS_BUSY, /* Controller Busy */
216 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
217 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
218 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
219 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
220 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
223 static u8 mgmt_status(u8 hci_status)
225 if (hci_status < ARRAY_SIZE(mgmt_status_table))
226 return mgmt_status_table[hci_status];
228 return MGMT_STATUS_FAILED;
231 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
232 struct sock *skip_sk)
235 struct mgmt_hdr *hdr;
237 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
242 hdr->opcode = cpu_to_le16(event);
244 hdr->index = cpu_to_le16(hdev->id);
246 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
247 hdr->len = cpu_to_le16(data_len);
250 memcpy(skb_put(skb, data_len), data, data_len);
253 __net_timestamp(skb);
255 hci_send_to_control(skb, skip_sk);
261 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
264 struct mgmt_hdr *hdr;
265 struct mgmt_ev_cmd_status *ev;
268 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
270 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
274 hdr = (void *) skb_put(skb, sizeof(*hdr));
276 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
277 hdr->index = cpu_to_le16(index);
278 hdr->len = cpu_to_le16(sizeof(*ev));
280 ev = (void *) skb_put(skb, sizeof(*ev));
282 ev->opcode = cpu_to_le16(cmd);
284 err = sock_queue_rcv_skb(sk, skb);
291 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
292 void *rp, size_t rp_len)
295 struct mgmt_hdr *hdr;
296 struct mgmt_ev_cmd_complete *ev;
299 BT_DBG("sock %p", sk);
301 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
305 hdr = (void *) skb_put(skb, sizeof(*hdr));
307 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
308 hdr->index = cpu_to_le16(index);
309 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
311 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
312 ev->opcode = cpu_to_le16(cmd);
316 memcpy(ev->data, rp, rp_len);
318 err = sock_queue_rcv_skb(sk, skb);
325 #ifdef CONFIG_TIZEN_WIP
326 /* BEGIN TIZEN_Bluetooth :: check for le connection update params */
327 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
332 if (min > max || min < 6 || max > 3200)
335 if (to_multiplier < 10 || to_multiplier > 3200)
338 if (max >= to_multiplier * 8)
341 max_latency = (to_multiplier * 8 / max) - 1;
343 if (latency > 499 || latency > max_latency)
348 /* END TIZEN_Bluetooth */
351 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 struct mgmt_rp_read_version rp;
356 BT_DBG("sock %p", sk);
358 rp.version = MGMT_VERSION;
359 rp.revision = cpu_to_le16(MGMT_REVISION);
361 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
365 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 struct mgmt_rp_read_commands *rp;
369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
375 BT_DBG("sock %p", sk);
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
379 rp = kmalloc(rp_size, GFP_KERNEL);
383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
392 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
399 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
402 struct mgmt_rp_read_index_list *rp;
408 BT_DBG("sock %p", sk);
410 read_lock(&hci_dev_list_lock);
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (d->dev_type == HCI_BREDR &&
415 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
422 read_unlock(&hci_dev_list_lock);
427 list_for_each_entry(d, &hci_dev_list, list) {
428 if (test_bit(HCI_SETUP, &d->dev_flags) ||
429 test_bit(HCI_CONFIG, &d->dev_flags) ||
430 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
439 if (d->dev_type == HCI_BREDR &&
440 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
449 read_unlock(&hci_dev_list_lock);
451 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
459 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
462 struct mgmt_rp_read_unconf_index_list *rp;
468 BT_DBG("sock %p", sk);
470 read_lock(&hci_dev_list_lock);
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
475 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
482 read_unlock(&hci_dev_list_lock);
487 list_for_each_entry(d, &hci_dev_list, list) {
488 if (test_bit(HCI_SETUP, &d->dev_flags) ||
489 test_bit(HCI_CONFIG, &d->dev_flags) ||
490 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
499 if (d->dev_type == HCI_BREDR &&
500 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
509 read_unlock(&hci_dev_list_lock);
511 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
519 static bool is_configured(struct hci_dev *hdev)
521 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
522 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
525 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526 !bacmp(&hdev->public_addr, BDADDR_ANY))
532 static __le32 get_missing_options(struct hci_dev *hdev)
536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
537 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
540 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541 !bacmp(&hdev->public_addr, BDADDR_ANY))
542 options |= MGMT_OPTION_PUBLIC_ADDRESS;
544 return cpu_to_le32(options);
547 static int new_options(struct hci_dev *hdev, struct sock *skip)
549 __le32 options = get_missing_options(hdev);
551 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552 sizeof(options), skip);
555 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
557 __le32 options = get_missing_options(hdev);
559 return cmd_complete(sk, hdev->id, opcode, 0, &options,
563 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564 void *data, u16 data_len)
566 struct mgmt_rp_read_config_info rp;
569 BT_DBG("sock %p %s", sk, hdev->name);
573 memset(&rp, 0, sizeof(rp));
574 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577 options |= MGMT_OPTION_EXTERNAL_CONFIG;
579 if (hdev->set_bdaddr)
580 options |= MGMT_OPTION_PUBLIC_ADDRESS;
582 rp.supported_options = cpu_to_le32(options);
583 rp.missing_options = get_missing_options(hdev);
585 hci_dev_unlock(hdev);
587 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
591 static u32 get_supported_settings(struct hci_dev *hdev)
595 settings |= MGMT_SETTING_POWERED;
596 settings |= MGMT_SETTING_BONDABLE;
597 /* Disable Debug keys implementation now */
598 #ifdef CONFIG_TIZEN_WIP
599 settings |= MGMT_SETTING_DEBUG_KEYS;
601 settings |= MGMT_SETTING_CONNECTABLE;
602 settings |= MGMT_SETTING_DISCOVERABLE;
604 if (lmp_bredr_capable(hdev)) {
605 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
606 settings |= MGMT_SETTING_FAST_CONNECTABLE;
607 settings |= MGMT_SETTING_BREDR;
608 settings |= MGMT_SETTING_LINK_SECURITY;
610 if (lmp_ssp_capable(hdev)) {
611 settings |= MGMT_SETTING_SSP;
612 settings |= MGMT_SETTING_HS;
615 /* Disable Secure connection implementation now */
616 #ifdef CONFIG_TIZEN_WIP
617 if (lmp_sc_capable(hdev) ||
618 test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
619 settings |= MGMT_SETTING_SECURE_CONN;
623 if (lmp_le_capable(hdev)) {
624 settings |= MGMT_SETTING_LE;
625 settings |= MGMT_SETTING_ADVERTISING;
626 settings |= MGMT_SETTING_SECURE_CONN;
627 settings |= MGMT_SETTING_PRIVACY;
630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
632 settings |= MGMT_SETTING_CONFIGURATION;
637 static u32 get_current_settings(struct hci_dev *hdev)
641 if (hdev_is_powered(hdev))
642 settings |= MGMT_SETTING_POWERED;
644 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
645 settings |= MGMT_SETTING_CONNECTABLE;
647 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
648 settings |= MGMT_SETTING_FAST_CONNECTABLE;
650 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
651 settings |= MGMT_SETTING_DISCOVERABLE;
653 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
654 settings |= MGMT_SETTING_BONDABLE;
656 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657 settings |= MGMT_SETTING_BREDR;
659 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
660 settings |= MGMT_SETTING_LE;
662 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
663 settings |= MGMT_SETTING_LINK_SECURITY;
665 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
666 settings |= MGMT_SETTING_SSP;
668 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
669 settings |= MGMT_SETTING_HS;
671 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
672 settings |= MGMT_SETTING_ADVERTISING;
674 /* Disable Secure connection and debug keys implementation now */
675 #ifdef CONFIG_TIZEN_WIP
676 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
677 settings |= MGMT_SETTING_SECURE_CONN;
679 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
680 settings |= MGMT_SETTING_DEBUG_KEYS;
683 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
684 settings |= MGMT_SETTING_PRIVACY;
689 #define PNP_INFO_SVCLASS_ID 0x1200
691 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
693 u8 *ptr = data, *uuids_start = NULL;
694 struct bt_uuid *uuid;
699 list_for_each_entry(uuid, &hdev->uuids, list) {
702 if (uuid->size != 16)
705 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
709 if (uuid16 == PNP_INFO_SVCLASS_ID)
715 uuids_start[1] = EIR_UUID16_ALL;
719 /* Stop if not enough space to put next UUID */
720 if ((ptr - data) + sizeof(u16) > len) {
721 uuids_start[1] = EIR_UUID16_SOME;
725 *ptr++ = (uuid16 & 0x00ff);
726 *ptr++ = (uuid16 & 0xff00) >> 8;
727 uuids_start[0] += sizeof(uuid16);
733 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
735 u8 *ptr = data, *uuids_start = NULL;
736 struct bt_uuid *uuid;
741 list_for_each_entry(uuid, &hdev->uuids, list) {
742 if (uuid->size != 32)
748 uuids_start[1] = EIR_UUID32_ALL;
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u32) > len) {
754 uuids_start[1] = EIR_UUID32_SOME;
758 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
760 uuids_start[0] += sizeof(u32);
766 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 128)
781 uuids_start[1] = EIR_UUID128_ALL;
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + 16 > len) {
787 uuids_start[1] = EIR_UUID128_SOME;
791 memcpy(ptr, uuid->uuid, 16);
793 uuids_start[0] += 16;
799 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
801 struct pending_cmd *cmd;
803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
804 if (cmd->opcode == opcode)
811 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
812 struct hci_dev *hdev,
815 struct pending_cmd *cmd;
817 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
818 if (cmd->user_data != data)
820 if (cmd->opcode == opcode)
827 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
832 name_len = strlen(hdev->dev_name);
834 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
836 if (name_len > max_len) {
838 ptr[1] = EIR_NAME_SHORT;
840 ptr[1] = EIR_NAME_COMPLETE;
842 ptr[0] = name_len + 1;
844 memcpy(ptr + 2, hdev->dev_name, name_len);
846 ad_len += (name_len + 2);
847 ptr += (name_len + 2);
853 static void update_scan_rsp_data(struct hci_request *req)
855 struct hci_dev *hdev = req->hdev;
856 struct hci_cp_le_set_scan_rsp_data cp;
859 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
862 memset(&cp, 0, sizeof(cp));
864 len = create_scan_rsp_data(hdev, cp.data);
866 #ifdef CONFIG_TIZEN_WIP
867 /* Advertising scan response data is handled in bluez.
868 This value will be updated only when application request the update */
871 if (hdev->scan_rsp_data_len == len &&
872 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
875 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
876 hdev->scan_rsp_data_len = len;
880 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
884 static u8 get_adv_discov_flags(struct hci_dev *hdev)
886 struct pending_cmd *cmd;
888 /* If there's a pending mgmt command the flags will not yet have
889 * their final values, so check for this first.
891 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
893 struct mgmt_mode *cp = cmd->param;
895 return LE_AD_GENERAL;
896 else if (cp->val == 0x02)
897 return LE_AD_LIMITED;
899 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
900 return LE_AD_LIMITED;
901 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
902 return LE_AD_GENERAL;
908 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
910 u8 ad_len = 0, flags = 0;
912 flags |= get_adv_discov_flags(hdev);
914 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
915 flags |= LE_AD_NO_BREDR;
918 BT_DBG("adv flags 0x%02x", flags);
928 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
930 ptr[1] = EIR_TX_POWER;
931 ptr[2] = (u8) hdev->adv_tx_power;
940 static void update_adv_data(struct hci_request *req)
942 struct hci_dev *hdev = req->hdev;
943 struct hci_cp_le_set_adv_data cp;
946 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
949 memset(&cp, 0, sizeof(cp));
951 len = create_adv_data(hdev, cp.data);
953 #ifdef CONFIG_TIZEN_WIP
954 /* Bluez will handle the advertising data, including the flag and tx power.
955 This value will be updated only when application request the update */
958 if (hdev->adv_data_len == len &&
959 memcmp(cp.data, hdev->adv_data, len) == 0)
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
967 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
971 int mgmt_update_adv_data(struct hci_dev *hdev)
973 struct hci_request req;
975 hci_req_init(&req, hdev);
976 update_adv_data(&req);
978 return hci_req_run(&req, NULL);
981 static void create_eir(struct hci_dev *hdev, u8 *data)
986 name_len = strlen(hdev->dev_name);
992 ptr[1] = EIR_NAME_SHORT;
994 ptr[1] = EIR_NAME_COMPLETE;
996 /* EIR Data length */
997 ptr[0] = name_len + 1;
999 memcpy(ptr + 2, hdev->dev_name, name_len);
1001 ptr += (name_len + 2);
1004 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1006 ptr[1] = EIR_TX_POWER;
1007 ptr[2] = (u8) hdev->inq_tx_power;
1012 if (hdev->devid_source > 0) {
1014 ptr[1] = EIR_DEVICE_ID;
1016 put_unaligned_le16(hdev->devid_source, ptr + 2);
1017 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1018 put_unaligned_le16(hdev->devid_product, ptr + 6);
1019 put_unaligned_le16(hdev->devid_version, ptr + 8);
1024 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1025 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1026 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1027 #ifdef CONFIG_TIZEN_WIP
1028 if (hdev->manufacturer_len > 0 &&
1029 ptr - data + hdev->manufacturer_len + 2 <= HCI_MAX_EIR_LENGTH) {
1030 ptr[0] = hdev->manufacturer_len + 1;
1031 ptr[1] = EIR_MANUFACTURER_DATA;
1032 memcpy(ptr + 2, hdev->manufacturer_data, hdev->manufacturer_len);
1033 ptr += hdev->manufacturer_len + 2;
1038 static void update_eir(struct hci_request *req)
1040 struct hci_dev *hdev = req->hdev;
1041 struct hci_cp_write_eir cp;
1043 if (!hdev_is_powered(hdev))
1046 if (!lmp_ext_inq_capable(hdev))
1049 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1052 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1055 memset(&cp, 0, sizeof(cp));
1057 create_eir(hdev, cp.data);
1059 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1062 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1064 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1067 static u8 get_service_classes(struct hci_dev *hdev)
1069 struct bt_uuid *uuid;
1072 list_for_each_entry(uuid, &hdev->uuids, list)
1073 val |= uuid->svc_hint;
1078 static void update_class(struct hci_request *req)
1080 struct hci_dev *hdev = req->hdev;
1083 BT_DBG("%s", hdev->name);
1085 if (!hdev_is_powered(hdev))
1088 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1091 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1094 cod[0] = hdev->minor_class;
1095 cod[1] = hdev->major_class;
1096 cod[2] = get_service_classes(hdev);
1098 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1101 if (memcmp(cod, hdev->dev_class, 3) == 0)
1104 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1107 #ifndef CONFIG_TIZEN_WIP
1108 static bool get_connectable(struct hci_dev *hdev)
1110 struct pending_cmd *cmd;
1112 /* If there's a pending mgmt command the flag will not yet have
1113 * it's final value, so check for this first.
1115 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1117 struct mgmt_mode *cp = cmd->param;
1121 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1125 static void disable_advertising(struct hci_request *req)
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1132 static void enable_advertising(struct hci_request *req)
1134 struct hci_dev *hdev = req->hdev;
1135 struct hci_cp_le_set_adv_param cp;
1136 #ifndef CONFIG_TIZEN_WIP
1137 u8 own_addr_type, enable = 0x01;
1140 u8 own_addr_type = ADDR_LE_DEV_PUBLIC;
1144 if (hci_conn_num(hdev, LE_LINK) > 0)
1147 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1148 disable_advertising(req);
1150 /* Clear the HCI_LE_ADV bit temporarily so that the
1151 * hci_update_random_address knows that it's safe to go ahead
1152 * and write a new random address. The flag will be set back on
1153 * as soon as the SET_ADV_ENABLE HCI command completes.
1155 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1157 #ifndef CONFIG_TIZEN_WIP
1158 connectable = get_connectable(hdev);
1160 /* Set require_privacy to true only when non-connectable
1161 * advertising is used. In that case it is fine to use a
1162 * non-resolvable private address.
1164 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1168 memset(&cp, 0, sizeof(cp));
1169 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1170 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1171 #ifdef CONFIG_TIZEN_WIP
1172 cp.filter_policy = hdev->adv_filter_policy;
1173 cp.type = hdev->adv_type;
1175 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1177 cp.own_address_type = own_addr_type;
1178 cp.channel_map = hdev->le_adv_channel_map;
1180 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1182 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1185 static void service_cache_off(struct work_struct *work)
1187 struct hci_dev *hdev = container_of(work, struct hci_dev,
1188 service_cache.work);
1189 struct hci_request req;
1191 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1194 hci_req_init(&req, hdev);
1201 hci_dev_unlock(hdev);
1203 hci_req_run(&req, NULL);
1206 static void rpa_expired(struct work_struct *work)
1208 struct hci_dev *hdev = container_of(work, struct hci_dev,
1210 struct hci_request req;
1214 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1216 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1219 /* The generation of a new RPA and programming it into the
1220 * controller happens in the enable_advertising() function.
1222 hci_req_init(&req, hdev);
1223 enable_advertising(&req);
1224 hci_req_run(&req, NULL);
1227 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1229 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1232 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1233 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1235 /* Non-mgmt controlled devices get this bit set
1236 * implicitly so that pairing works for them, however
1237 * for mgmt we require user-space to explicitly enable
1240 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1243 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1244 void *data, u16 data_len)
1246 struct mgmt_rp_read_info rp;
1248 BT_DBG("sock %p %s", sk, hdev->name);
1252 memset(&rp, 0, sizeof(rp));
1254 bacpy(&rp.bdaddr, &hdev->bdaddr);
1256 rp.version = hdev->hci_ver;
1257 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1259 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1260 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1262 memcpy(rp.dev_class, hdev->dev_class, 3);
1264 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1265 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1267 hci_dev_unlock(hdev);
1269 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1273 static void mgmt_pending_free(struct pending_cmd *cmd)
1280 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1281 struct hci_dev *hdev, void *data,
1284 struct pending_cmd *cmd;
1286 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1290 cmd->opcode = opcode;
1291 cmd->index = hdev->id;
1293 cmd->param = kmemdup(data, len, GFP_KERNEL);
1299 cmd->param_len = len;
1304 list_add(&cmd->list, &hdev->mgmt_pending);
1309 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1310 void (*cb)(struct pending_cmd *cmd,
1314 struct pending_cmd *cmd, *tmp;
1316 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1317 if (opcode > 0 && cmd->opcode != opcode)
1324 static void mgmt_pending_remove(struct pending_cmd *cmd)
1326 list_del(&cmd->list);
1327 mgmt_pending_free(cmd);
1330 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1332 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1334 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1338 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1340 BT_DBG("%s status 0x%02x", hdev->name, status);
1342 if (hci_conn_count(hdev) == 0) {
1343 cancel_delayed_work(&hdev->power_off);
1344 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1348 static bool hci_stop_discovery(struct hci_request *req)
1350 struct hci_dev *hdev = req->hdev;
1351 struct hci_cp_remote_name_req_cancel cp;
1352 struct inquiry_entry *e;
1354 switch (hdev->discovery.state) {
1355 case DISCOVERY_FINDING:
1356 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1357 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1359 cancel_delayed_work(&hdev->le_scan_disable);
1360 hci_req_add_le_scan_disable(req);
1365 case DISCOVERY_RESOLVING:
1366 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1371 bacpy(&cp.bdaddr, &e->data.bdaddr);
1372 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1378 /* Passive scanning */
1379 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1380 hci_req_add_le_scan_disable(req);
1390 static int clean_up_hci_state(struct hci_dev *hdev)
1392 struct hci_request req;
1393 struct hci_conn *conn;
1394 bool discov_stopped;
1397 hci_req_init(&req, hdev);
1399 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1400 test_bit(HCI_PSCAN, &hdev->flags)) {
1402 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1405 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1406 disable_advertising(&req);
1408 discov_stopped = hci_stop_discovery(&req);
1410 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1411 struct hci_cp_disconnect dc;
1412 struct hci_cp_reject_conn_req rej;
1414 switch (conn->state) {
1417 dc.handle = cpu_to_le16(conn->handle);
1418 dc.reason = 0x15; /* Terminated due to Power Off */
1419 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1422 if (conn->type == LE_LINK)
1423 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1425 else if (conn->type == ACL_LINK)
1426 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1430 bacpy(&rej.bdaddr, &conn->dst);
1431 rej.reason = 0x15; /* Terminated due to Power Off */
1432 if (conn->type == ACL_LINK)
1433 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1435 else if (conn->type == SCO_LINK)
1436 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1442 err = hci_req_run(&req, clean_up_hci_complete);
1443 if (!err && discov_stopped)
1444 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1449 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1452 struct mgmt_mode *cp = data;
1453 struct pending_cmd *cmd;
1456 BT_DBG("request for %s", hdev->name);
1458 if (cp->val != 0x00 && cp->val != 0x01)
1459 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1460 MGMT_STATUS_INVALID_PARAMS);
1464 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1465 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1470 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1471 cancel_delayed_work(&hdev->power_off);
1474 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1476 err = mgmt_powered(hdev, 1);
1481 if (!!cp->val == hdev_is_powered(hdev)) {
1482 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1486 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1493 queue_work(hdev->req_workqueue, &hdev->power_on);
1496 /* Disconnect connections, stop scans, etc */
1497 err = clean_up_hci_state(hdev);
1499 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1500 HCI_POWER_OFF_TIMEOUT);
1502 /* ENODATA means there were no HCI commands queued */
1503 if (err == -ENODATA) {
1504 cancel_delayed_work(&hdev->power_off);
1505 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1511 hci_dev_unlock(hdev);
1515 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1519 ev = cpu_to_le32(get_current_settings(hdev));
1521 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1524 int mgmt_new_settings(struct hci_dev *hdev)
1526 return new_settings(hdev, NULL);
1531 struct hci_dev *hdev;
1535 static void settings_rsp(struct pending_cmd *cmd, void *data)
1537 struct cmd_lookup *match = data;
1539 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1541 list_del(&cmd->list);
1543 if (match->sk == NULL) {
1544 match->sk = cmd->sk;
1545 sock_hold(match->sk);
1548 mgmt_pending_free(cmd);
1551 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1555 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1556 mgmt_pending_remove(cmd);
1559 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1561 if (cmd->cmd_complete) {
1564 cmd->cmd_complete(cmd, *status);
1565 mgmt_pending_remove(cmd);
1570 cmd_status_rsp(cmd, data);
1573 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1575 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1576 cmd->param, cmd->param_len);
1579 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1581 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1582 sizeof(struct mgmt_addr_info));
1585 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1587 if (!lmp_bredr_capable(hdev))
1588 return MGMT_STATUS_NOT_SUPPORTED;
1589 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1590 return MGMT_STATUS_REJECTED;
1592 return MGMT_STATUS_SUCCESS;
1595 static u8 mgmt_le_support(struct hci_dev *hdev)
1597 if (!lmp_le_capable(hdev))
1598 return MGMT_STATUS_NOT_SUPPORTED;
1599 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1600 return MGMT_STATUS_REJECTED;
1602 return MGMT_STATUS_SUCCESS;
1605 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1608 struct pending_cmd *cmd;
1609 struct mgmt_mode *cp;
1610 struct hci_request req;
1613 BT_DBG("status 0x%02x", status);
1617 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1622 u8 mgmt_err = mgmt_status(status);
1623 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1624 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1630 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1633 if (hdev->discov_timeout > 0) {
1634 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1635 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1639 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1643 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1646 new_settings(hdev, cmd->sk);
1648 /* When the discoverable mode gets changed, make sure
1649 * that class of device has the limited discoverable
1650 * bit correctly set. Also update page scan based on whitelist
1653 hci_req_init(&req, hdev);
1654 __hci_update_page_scan(&req);
1656 hci_req_run(&req, NULL);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock(hdev);
1665 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_set_discoverable *cp = data;
1669 struct pending_cmd *cmd;
1670 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1677 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1678 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1680 MGMT_STATUS_REJECTED);
1682 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1684 MGMT_STATUS_INVALID_PARAMS);
1686 timeout = __le16_to_cpu(cp->timeout);
1688 /* Disabling discoverable requires that no timeout is set,
1689 * and enabling limited discoverable requires a timeout.
1691 if ((cp->val == 0x00 && timeout > 0) ||
1692 (cp->val == 0x02 && timeout == 0))
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1694 MGMT_STATUS_INVALID_PARAMS);
1698 if (!hdev_is_powered(hdev) && timeout > 0) {
1699 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1700 MGMT_STATUS_NOT_POWERED);
1704 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1705 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1706 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1711 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1712 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1713 MGMT_STATUS_REJECTED);
1717 if (!hdev_is_powered(hdev)) {
1718 bool changed = false;
1720 /* Setting limited discoverable when powered off is
1721 * not a valid operation since it requires a timeout
1722 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1724 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1725 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1729 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1734 err = new_settings(hdev, sk);
1739 /* If the current mode is the same, then just update the timeout
1740 * value with the new value. And if only the timeout gets updated,
1741 * then no need for any HCI transactions.
1743 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1744 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1745 &hdev->dev_flags)) {
1746 cancel_delayed_work(&hdev->discov_off);
1747 hdev->discov_timeout = timeout;
1749 if (cp->val && hdev->discov_timeout > 0) {
1750 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1751 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1755 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1765 /* Cancel any potential discoverable timeout that might be
1766 * still active and store new timeout value. The arming of
1767 * the timeout happens in the complete handler.
1769 cancel_delayed_work(&hdev->discov_off);
1770 hdev->discov_timeout = timeout;
1772 /* Limited discoverable mode */
1773 if (cp->val == 0x02)
1774 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1776 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1778 hci_req_init(&req, hdev);
1780 /* The procedure for LE-only controllers is much simpler - just
1781 * update the advertising data.
1783 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1789 struct hci_cp_write_current_iac_lap hci_cp;
1791 if (cp->val == 0x02) {
1792 /* Limited discoverable mode */
1793 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1794 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1795 hci_cp.iac_lap[1] = 0x8b;
1796 hci_cp.iac_lap[2] = 0x9e;
1797 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1798 hci_cp.iac_lap[4] = 0x8b;
1799 hci_cp.iac_lap[5] = 0x9e;
1801 /* General discoverable mode */
1803 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1804 hci_cp.iac_lap[1] = 0x8b;
1805 hci_cp.iac_lap[2] = 0x9e;
1808 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1809 (hci_cp.num_iac * 3) + 1, &hci_cp);
1811 scan |= SCAN_INQUIRY;
1813 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1816 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1819 update_adv_data(&req);
1821 err = hci_req_run(&req, set_discoverable_complete);
1823 mgmt_pending_remove(cmd);
1826 hci_dev_unlock(hdev);
1830 static void write_fast_connectable(struct hci_request *req, bool enable)
1832 struct hci_dev *hdev = req->hdev;
1833 #ifndef CONFIG_TIZEN_WIP
1834 struct hci_cp_write_page_scan_activity acp;
1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1841 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1844 #ifdef CONFIG_TIZEN_WIP
1846 type = PAGE_SCAN_TYPE_INTERLACED;
1848 type = PAGE_SCAN_TYPE_STANDARD;
1852 type = PAGE_SCAN_TYPE_INTERLACED;
1854 /* 160 msec page scan interval */
1855 acp.interval = cpu_to_le16(0x0100);
1857 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1859 /* default 1.28 sec page scan */
1860 acp.interval = cpu_to_le16(0x0800);
1863 acp.window = cpu_to_le16(0x0012);
1865 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1866 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1867 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1871 if (hdev->page_scan_type != type)
1872 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1875 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1878 struct pending_cmd *cmd;
1879 struct mgmt_mode *cp;
1880 bool conn_changed, discov_changed;
1882 BT_DBG("status 0x%02x", status);
1886 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1891 u8 mgmt_err = mgmt_status(status);
1892 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1898 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1900 discov_changed = false;
1902 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1904 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1908 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1910 if (conn_changed || discov_changed) {
1911 new_settings(hdev, cmd->sk);
1912 hci_update_page_scan(hdev);
1914 mgmt_update_adv_data(hdev);
1915 hci_update_background_scan(hdev);
1919 mgmt_pending_remove(cmd);
1922 hci_dev_unlock(hdev);
1925 static int set_connectable_update_settings(struct hci_dev *hdev,
1926 struct sock *sk, u8 val)
1928 bool changed = false;
1931 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1935 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1937 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1938 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1941 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1946 hci_update_page_scan(hdev);
1947 hci_update_background_scan(hdev);
1948 return new_settings(hdev, sk);
1954 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1957 struct mgmt_mode *cp = data;
1958 struct pending_cmd *cmd;
1959 struct hci_request req;
1963 BT_DBG("request for %s", hdev->name);
1965 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1966 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1967 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1968 MGMT_STATUS_REJECTED);
1970 if (cp->val != 0x00 && cp->val != 0x01)
1971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1972 MGMT_STATUS_INVALID_PARAMS);
1976 if (!hdev_is_powered(hdev)) {
1977 err = set_connectable_update_settings(hdev, sk, cp->val);
1981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1988 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1994 hci_req_init(&req, hdev);
1996 /* If BR/EDR is not enabled and we disable advertising as a
1997 * by-product of disabling connectable, we need to update the
1998 * advertising flags.
2000 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2002 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2003 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2005 update_adv_data(&req);
2006 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2010 /* If we don't have any whitelist entries just
2011 * disable all scanning. If there are entries
2012 * and we had both page and inquiry scanning
2013 * enabled then fall back to only page scanning.
2014 * Otherwise no changes are needed.
2016 if (list_empty(&hdev->whitelist))
2017 scan = SCAN_DISABLED;
2018 else if (test_bit(HCI_ISCAN, &hdev->flags))
2021 goto no_scan_update;
2023 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2024 hdev->discov_timeout > 0)
2025 cancel_delayed_work(&hdev->discov_off);
2028 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2032 /* If we're going from non-connectable to connectable or
2033 * vice-versa when fast connectable is enabled ensure that fast
2034 * connectable gets disabled. write_fast_connectable won't do
2035 * anything if the page scan parameters are already what they
2038 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2039 write_fast_connectable(&req, false);
2041 /* Update the advertising parameters if necessary */
2042 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2043 enable_advertising(&req);
2045 err = hci_req_run(&req, set_connectable_complete);
2047 mgmt_pending_remove(cmd);
2048 if (err == -ENODATA)
2049 err = set_connectable_update_settings(hdev, sk,
2055 hci_dev_unlock(hdev);
2059 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2062 struct mgmt_mode *cp = data;
2066 BT_DBG("request for %s", hdev->name);
2068 if (cp->val != 0x00 && cp->val != 0x01)
2069 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2070 MGMT_STATUS_INVALID_PARAMS);
2075 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
2077 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
2079 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2084 err = new_settings(hdev, sk);
2087 hci_dev_unlock(hdev);
2091 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2094 struct mgmt_mode *cp = data;
2095 struct pending_cmd *cmd;
2099 BT_DBG("request for %s", hdev->name);
2101 status = mgmt_bredr_support(hdev);
2103 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2106 if (cp->val != 0x00 && cp->val != 0x01)
2107 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2108 MGMT_STATUS_INVALID_PARAMS);
2112 if (!hdev_is_powered(hdev)) {
2113 bool changed = false;
2115 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2116 &hdev->dev_flags)) {
2117 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2121 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2126 err = new_settings(hdev, sk);
2131 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2132 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2139 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2140 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2150 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2152 mgmt_pending_remove(cmd);
2157 hci_dev_unlock(hdev);
2161 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2163 struct mgmt_mode *cp = data;
2164 struct pending_cmd *cmd;
2168 BT_DBG("request for %s", hdev->name);
2170 status = mgmt_bredr_support(hdev);
2172 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2174 if (!lmp_ssp_capable(hdev))
2175 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2176 MGMT_STATUS_NOT_SUPPORTED);
2178 if (cp->val != 0x00 && cp->val != 0x01)
2179 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2180 MGMT_STATUS_INVALID_PARAMS);
2184 if (!hdev_is_powered(hdev)) {
2188 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2191 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2194 changed = test_and_clear_bit(HCI_HS_ENABLED,
2197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2200 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2205 err = new_settings(hdev, sk);
2210 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2211 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2217 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2218 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2228 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2229 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2230 sizeof(cp->val), &cp->val);
2232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2234 mgmt_pending_remove(cmd);
2239 hci_dev_unlock(hdev);
2243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2245 struct mgmt_mode *cp = data;
2250 BT_DBG("request for %s", hdev->name);
2252 status = mgmt_bredr_support(hdev);
2254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2256 if (!lmp_ssp_capable(hdev))
2257 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2258 MGMT_STATUS_NOT_SUPPORTED);
2260 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2262 MGMT_STATUS_REJECTED);
2264 if (cp->val != 0x00 && cp->val != 0x01)
2265 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2266 MGMT_STATUS_INVALID_PARAMS);
2271 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2273 if (hdev_is_powered(hdev)) {
2274 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2275 MGMT_STATUS_REJECTED);
2279 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2282 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2287 err = new_settings(hdev, sk);
2290 hci_dev_unlock(hdev);
2294 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2296 struct cmd_lookup match = { NULL, hdev };
2298 #ifdef CONFIG_TIZEN_WIP
2303 u8 mgmt_err = mgmt_status(status);
2305 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2307 #ifdef CONFIG_TIZEN_WIP
2314 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2316 new_settings(hdev, match.sk);
2321 /* Make sure the controller has a good default for
2322 * advertising data. Restrict the update to when LE
2323 * has actually been enabled. During power on, the
2324 * update in powered_update_hci will take care of it.
2326 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2327 struct hci_request req;
2329 #ifndef CONFIG_TIZEN_WIP
2333 hci_req_init(&req, hdev);
2334 update_adv_data(&req);
2335 update_scan_rsp_data(&req);
2336 __hci_update_background_scan(&req);
2337 hci_req_run(&req, NULL);
2339 hci_update_background_scan(hdev);
2340 #ifdef CONFIG_TIZEN_WIP
2342 hci_dev_unlock(hdev);
2346 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2348 struct mgmt_mode *cp = data;
2349 struct hci_cp_write_le_host_supported hci_cp;
2350 struct pending_cmd *cmd;
2351 struct hci_request req;
2355 BT_DBG("request for %s", hdev->name);
2357 if (!lmp_le_capable(hdev))
2358 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2359 MGMT_STATUS_NOT_SUPPORTED);
2361 if (cp->val != 0x00 && cp->val != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2363 MGMT_STATUS_INVALID_PARAMS);
2365 /* LE-only devices do not allow toggling LE on/off */
2366 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2367 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2368 MGMT_STATUS_REJECTED);
2373 enabled = lmp_host_le_capable(hdev);
2375 if (!hdev_is_powered(hdev) || val == enabled) {
2376 bool changed = false;
2378 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2379 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2383 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2384 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2388 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2393 err = new_settings(hdev, sk);
2398 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2399 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2400 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2411 hci_req_init(&req, hdev);
2413 memset(&hci_cp, 0, sizeof(hci_cp));
2417 hci_cp.simul = 0x00;
2419 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2420 disable_advertising(&req);
2423 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2426 err = hci_req_run(&req, le_enable_complete);
2428 mgmt_pending_remove(cmd);
2431 hci_dev_unlock(hdev);
2435 /* This is a helper function to test for pending mgmt commands that can
2436 * cause CoD or EIR HCI commands. We can only allow one such pending
2437 * mgmt command at a time since otherwise we cannot easily track what
2438 * the current values are, will be, and based on that calculate if a new
2439 * HCI command needs to be sent and if yes with what value.
2441 static bool pending_eir_or_class(struct hci_dev *hdev)
2443 struct pending_cmd *cmd;
2445 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2446 switch (cmd->opcode) {
2447 case MGMT_OP_ADD_UUID:
2448 case MGMT_OP_REMOVE_UUID:
2449 case MGMT_OP_SET_DEV_CLASS:
2450 case MGMT_OP_SET_POWERED:
2458 static const u8 bluetooth_base_uuid[] = {
2459 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2460 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2463 static u8 get_uuid_size(const u8 *uuid)
2467 if (memcmp(uuid, bluetooth_base_uuid, 12))
2470 val = get_unaligned_le32(&uuid[12]);
2477 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2479 struct pending_cmd *cmd;
2483 cmd = mgmt_pending_find(mgmt_op, hdev);
2487 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2488 hdev->dev_class, 3);
2490 mgmt_pending_remove(cmd);
2493 hci_dev_unlock(hdev);
2496 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2498 BT_DBG("status 0x%02x", status);
2500 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2503 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2505 struct mgmt_cp_add_uuid *cp = data;
2506 struct pending_cmd *cmd;
2507 struct hci_request req;
2508 struct bt_uuid *uuid;
2511 BT_DBG("request for %s", hdev->name);
2515 if (pending_eir_or_class(hdev)) {
2516 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2521 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2527 memcpy(uuid->uuid, cp->uuid, 16);
2528 uuid->svc_hint = cp->svc_hint;
2529 uuid->size = get_uuid_size(cp->uuid);
2531 list_add_tail(&uuid->list, &hdev->uuids);
2533 hci_req_init(&req, hdev);
2538 err = hci_req_run(&req, add_uuid_complete);
2540 if (err != -ENODATA)
2543 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2544 hdev->dev_class, 3);
2548 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2557 hci_dev_unlock(hdev);
2561 static bool enable_service_cache(struct hci_dev *hdev)
2563 if (!hdev_is_powered(hdev))
2566 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2567 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2575 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2577 BT_DBG("status 0x%02x", status);
2579 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2582 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2585 struct mgmt_cp_remove_uuid *cp = data;
2586 struct pending_cmd *cmd;
2587 struct bt_uuid *match, *tmp;
2588 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2589 struct hci_request req;
2592 BT_DBG("request for %s", hdev->name);
2596 if (pending_eir_or_class(hdev)) {
2597 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2602 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2603 hci_uuids_clear(hdev);
2605 if (enable_service_cache(hdev)) {
2606 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2607 0, hdev->dev_class, 3);
2616 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2617 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2620 list_del(&match->list);
2626 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2627 MGMT_STATUS_INVALID_PARAMS);
2632 hci_req_init(&req, hdev);
2637 err = hci_req_run(&req, remove_uuid_complete);
2639 if (err != -ENODATA)
2642 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2643 hdev->dev_class, 3);
2647 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2656 hci_dev_unlock(hdev);
2660 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2662 BT_DBG("status 0x%02x", status);
2664 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2667 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2670 struct mgmt_cp_set_dev_class *cp = data;
2671 struct pending_cmd *cmd;
2672 struct hci_request req;
2675 BT_DBG("request for %s", hdev->name);
2677 if (!lmp_bredr_capable(hdev))
2678 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2679 MGMT_STATUS_NOT_SUPPORTED);
2683 if (pending_eir_or_class(hdev)) {
2684 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2689 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2690 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2691 MGMT_STATUS_INVALID_PARAMS);
2695 hdev->major_class = cp->major;
2696 hdev->minor_class = cp->minor;
2698 if (!hdev_is_powered(hdev)) {
2699 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2700 hdev->dev_class, 3);
2704 hci_req_init(&req, hdev);
2706 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2707 hci_dev_unlock(hdev);
2708 cancel_delayed_work_sync(&hdev->service_cache);
2715 err = hci_req_run(&req, set_class_complete);
2717 if (err != -ENODATA)
2720 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2721 hdev->dev_class, 3);
2725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2734 hci_dev_unlock(hdev);
2738 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2741 struct mgmt_cp_load_link_keys *cp = data;
2742 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2743 sizeof(struct mgmt_link_key_info));
2744 u16 key_count, expected_len;
2748 BT_DBG("request for %s", hdev->name);
2750 if (!lmp_bredr_capable(hdev))
2751 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2752 MGMT_STATUS_NOT_SUPPORTED);
2754 key_count = __le16_to_cpu(cp->key_count);
2755 if (key_count > max_key_count) {
2756 BT_ERR("load_link_keys: too big key_count value %u",
2758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2759 MGMT_STATUS_INVALID_PARAMS);
2762 expected_len = sizeof(*cp) + key_count *
2763 sizeof(struct mgmt_link_key_info);
2764 if (expected_len != len) {
2765 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2767 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2768 MGMT_STATUS_INVALID_PARAMS);
2771 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2772 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2773 MGMT_STATUS_INVALID_PARAMS);
2775 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2778 for (i = 0; i < key_count; i++) {
2779 struct mgmt_link_key_info *key = &cp->keys[i];
2781 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2782 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2783 MGMT_STATUS_INVALID_PARAMS);
2788 hci_link_keys_clear(hdev);
2791 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2794 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2798 new_settings(hdev, NULL);
2800 for (i = 0; i < key_count; i++) {
2801 struct mgmt_link_key_info *key = &cp->keys[i];
2803 /* Always ignore debug keys and require a new pairing if
2804 * the user wants to use them.
2806 if (key->type == HCI_LK_DEBUG_COMBINATION)
2809 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2810 key->type, key->pin_len, NULL);
2813 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2815 hci_dev_unlock(hdev);
2820 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2821 u8 addr_type, struct sock *skip_sk)
2823 struct mgmt_ev_device_unpaired ev;
2825 bacpy(&ev.addr.bdaddr, bdaddr);
2826 ev.addr.type = addr_type;
2828 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2832 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2835 struct mgmt_cp_unpair_device *cp = data;
2836 struct mgmt_rp_unpair_device rp;
2837 struct hci_cp_disconnect dc;
2838 struct pending_cmd *cmd;
2839 struct hci_conn *conn;
2842 memset(&rp, 0, sizeof(rp));
2843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2844 rp.addr.type = cp->addr.type;
2846 if (!bdaddr_type_is_valid(cp->addr.type))
2847 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2848 MGMT_STATUS_INVALID_PARAMS,
2851 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2852 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2853 MGMT_STATUS_INVALID_PARAMS,
2858 if (!hdev_is_powered(hdev)) {
2859 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2860 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2864 if (cp->addr.type == BDADDR_BREDR) {
2865 /* If disconnection is requested, then look up the
2866 * connection. If the remote device is connected, it
2867 * will be later used to terminate the link.
2869 * Setting it to NULL explicitly will cause no
2870 * termination of the link.
2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2878 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2882 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2885 /* Defer clearing up the connection parameters
2886 * until closing to give a chance of keeping
2887 * them if a repairing happens.
2889 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2891 /* If disconnection is not requested, then
2892 * clear the connection variable so that the
2893 * link is not terminated.
2895 if (!cp->disconnect)
2899 if (cp->addr.type == BDADDR_LE_PUBLIC)
2900 addr_type = ADDR_LE_DEV_PUBLIC;
2902 addr_type = ADDR_LE_DEV_RANDOM;
2904 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2906 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2910 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2911 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2915 /* If the connection variable is set, then termination of the
2916 * link is requested.
2919 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2921 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2925 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2932 cmd->cmd_complete = addr_cmd_complete;
2934 dc.handle = cpu_to_le16(conn->handle);
2935 dc.reason = 0x13; /* Remote User Terminated Connection */
2936 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2938 mgmt_pending_remove(cmd);
2941 hci_dev_unlock(hdev);
2945 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2948 struct mgmt_cp_disconnect *cp = data;
2949 struct mgmt_rp_disconnect rp;
2950 struct pending_cmd *cmd;
2951 struct hci_conn *conn;
2956 memset(&rp, 0, sizeof(rp));
2957 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2958 rp.addr.type = cp->addr.type;
2960 if (!bdaddr_type_is_valid(cp->addr.type))
2961 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2962 MGMT_STATUS_INVALID_PARAMS,
2967 if (!test_bit(HCI_UP, &hdev->flags)) {
2968 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2969 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2973 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2974 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2975 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2979 if (cp->addr.type == BDADDR_BREDR)
2980 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2983 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2985 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2987 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2991 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2997 cmd->cmd_complete = generic_cmd_complete;
2999 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3001 mgmt_pending_remove(cmd);
3004 hci_dev_unlock(hdev);
3008 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3010 switch (link_type) {
3012 switch (addr_type) {
3013 case ADDR_LE_DEV_PUBLIC:
3014 return BDADDR_LE_PUBLIC;
3017 /* Fallback to LE Random address type */
3018 return BDADDR_LE_RANDOM;
3022 /* Fallback to BR/EDR type */
3023 return BDADDR_BREDR;
3027 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3030 struct mgmt_rp_get_connections *rp;
3040 if (!hdev_is_powered(hdev)) {
3041 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3042 MGMT_STATUS_NOT_POWERED);
3047 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3048 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3052 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3053 rp = kmalloc(rp_len, GFP_KERNEL);
3060 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3061 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3063 bacpy(&rp->addr[i].bdaddr, &c->dst);
3064 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3065 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3070 rp->conn_count = cpu_to_le16(i);
3072 /* Recalculate length in case of filtered SCO connections, etc */
3073 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3075 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3081 hci_dev_unlock(hdev);
3085 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3086 struct mgmt_cp_pin_code_neg_reply *cp)
3088 struct pending_cmd *cmd;
3091 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3096 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3097 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3099 mgmt_pending_remove(cmd);
3104 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3107 struct hci_conn *conn;
3108 struct mgmt_cp_pin_code_reply *cp = data;
3109 struct hci_cp_pin_code_reply reply;
3110 struct pending_cmd *cmd;
3117 if (!hdev_is_powered(hdev)) {
3118 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3119 MGMT_STATUS_NOT_POWERED);
3123 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3125 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3126 MGMT_STATUS_NOT_CONNECTED);
3130 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3131 struct mgmt_cp_pin_code_neg_reply ncp;
3133 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3135 BT_ERR("PIN code is not 16 bytes long");
3137 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3139 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3140 MGMT_STATUS_INVALID_PARAMS);
3145 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3151 cmd->cmd_complete = addr_cmd_complete;
3153 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3154 reply.pin_len = cp->pin_len;
3155 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3157 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3159 mgmt_pending_remove(cmd);
3162 hci_dev_unlock(hdev);
3166 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3169 struct mgmt_cp_set_io_capability *cp = data;
3173 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3174 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3175 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3179 hdev->io_capability = cp->io_capability;
3181 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3182 hdev->io_capability);
3184 hci_dev_unlock(hdev);
3186 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3190 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3192 struct hci_dev *hdev = conn->hdev;
3193 struct pending_cmd *cmd;
3195 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3196 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3199 if (cmd->user_data != conn)
3208 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3210 struct mgmt_rp_pair_device rp;
3211 struct hci_conn *conn = cmd->user_data;
3214 bacpy(&rp.addr.bdaddr, &conn->dst);
3215 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3217 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3220 /* So we don't get further callbacks for this connection */
3221 conn->connect_cfm_cb = NULL;
3222 conn->security_cfm_cb = NULL;
3223 conn->disconn_cfm_cb = NULL;
3225 hci_conn_drop(conn);
3227 /* The device is paired so there is no need to remove
3228 * its connection parameters anymore.
3230 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3237 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3239 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3240 struct pending_cmd *cmd;
3242 cmd = find_pairing(conn);
3244 cmd->cmd_complete(cmd, status);
3245 mgmt_pending_remove(cmd);
3249 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3251 struct pending_cmd *cmd;
3253 BT_DBG("status %u", status);
3255 cmd = find_pairing(conn);
3257 BT_DBG("Unable to find a pending command");
3261 cmd->cmd_complete(cmd, mgmt_status(status));
3262 mgmt_pending_remove(cmd);
3265 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3267 struct pending_cmd *cmd;
3269 BT_DBG("status %u", status);
3274 cmd = find_pairing(conn);
3276 BT_DBG("Unable to find a pending command");
3280 cmd->cmd_complete(cmd, mgmt_status(status));
3281 mgmt_pending_remove(cmd);
3284 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3287 struct mgmt_cp_pair_device *cp = data;
3288 struct mgmt_rp_pair_device rp;
3289 struct pending_cmd *cmd;
3290 u8 sec_level, auth_type;
3291 struct hci_conn *conn;
3296 memset(&rp, 0, sizeof(rp));
3297 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3298 rp.addr.type = cp->addr.type;
3300 if (!bdaddr_type_is_valid(cp->addr.type))
3301 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302 MGMT_STATUS_INVALID_PARAMS,
3305 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3306 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3307 MGMT_STATUS_INVALID_PARAMS,
3312 if (!hdev_is_powered(hdev)) {
3313 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3314 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3318 sec_level = BT_SECURITY_MEDIUM;
3319 auth_type = HCI_AT_DEDICATED_BONDING;
3321 if (cp->addr.type == BDADDR_BREDR) {
3322 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3327 /* Convert from L2CAP channel address type to HCI address type
3329 if (cp->addr.type == BDADDR_LE_PUBLIC)
3330 addr_type = ADDR_LE_DEV_PUBLIC;
3332 addr_type = ADDR_LE_DEV_RANDOM;
3334 /* When pairing a new device, it is expected to remember
3335 * this device for future connections. Adding the connection
3336 * parameter information ahead of time allows tracking
3337 * of the slave preferred values and will speed up any
3338 * further connection establishment.
3340 * If connection parameters already exist, then they
3341 * will be kept and this function does nothing.
3343 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3345 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3346 sec_level, HCI_LE_CONN_TIMEOUT,
3353 if (PTR_ERR(conn) == -EBUSY)
3354 status = MGMT_STATUS_BUSY;
3356 status = MGMT_STATUS_CONNECT_FAILED;
3358 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3364 if (conn->connect_cfm_cb) {
3365 hci_conn_drop(conn);
3366 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3367 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3371 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3374 hci_conn_drop(conn);
3378 cmd->cmd_complete = pairing_complete;
3380 /* For LE, just connecting isn't a proof that the pairing finished */
3381 if (cp->addr.type == BDADDR_BREDR) {
3382 conn->connect_cfm_cb = pairing_complete_cb;
3383 conn->security_cfm_cb = pairing_complete_cb;
3384 conn->disconn_cfm_cb = pairing_complete_cb;
3386 conn->connect_cfm_cb = le_pairing_complete_cb;
3387 conn->security_cfm_cb = le_pairing_complete_cb;
3388 conn->disconn_cfm_cb = le_pairing_complete_cb;
3391 conn->io_capability = cp->io_cap;
3392 cmd->user_data = hci_conn_get(conn);
3394 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3395 hci_conn_security(conn, sec_level, auth_type, true)) {
3396 cmd->cmd_complete(cmd, 0);
3397 mgmt_pending_remove(cmd);
3403 hci_dev_unlock(hdev);
3407 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3410 struct mgmt_addr_info *addr = data;
3411 struct pending_cmd *cmd;
3412 struct hci_conn *conn;
3419 if (!hdev_is_powered(hdev)) {
3420 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3421 MGMT_STATUS_NOT_POWERED);
3425 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3427 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3428 MGMT_STATUS_INVALID_PARAMS);
3432 conn = cmd->user_data;
3434 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3435 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3436 MGMT_STATUS_INVALID_PARAMS);
3440 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3441 mgmt_pending_remove(cmd);
3443 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3444 addr, sizeof(*addr));
3446 hci_dev_unlock(hdev);
3450 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3451 struct mgmt_addr_info *addr, u16 mgmt_op,
3452 u16 hci_op, __le32 passkey)
3454 struct pending_cmd *cmd;
3455 struct hci_conn *conn;
3460 if (!hdev_is_powered(hdev)) {
3461 err = cmd_complete(sk, hdev->id, mgmt_op,
3462 MGMT_STATUS_NOT_POWERED, addr,
3467 if (addr->type == BDADDR_BREDR)
3468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3470 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3473 err = cmd_complete(sk, hdev->id, mgmt_op,
3474 MGMT_STATUS_NOT_CONNECTED, addr,
3479 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3480 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3482 err = cmd_complete(sk, hdev->id, mgmt_op,
3483 MGMT_STATUS_SUCCESS, addr,
3486 err = cmd_complete(sk, hdev->id, mgmt_op,
3487 MGMT_STATUS_FAILED, addr,
3493 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3499 cmd->cmd_complete = addr_cmd_complete;
3501 /* Continue with pairing via HCI */
3502 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3503 struct hci_cp_user_passkey_reply cp;
3505 bacpy(&cp.bdaddr, &addr->bdaddr);
3506 cp.passkey = passkey;
3507 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3509 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3513 mgmt_pending_remove(cmd);
3516 hci_dev_unlock(hdev);
3520 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3521 void *data, u16 len)
3523 struct mgmt_cp_pin_code_neg_reply *cp = data;
3527 return user_pairing_resp(sk, hdev, &cp->addr,
3528 MGMT_OP_PIN_CODE_NEG_REPLY,
3529 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3532 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3535 struct mgmt_cp_user_confirm_reply *cp = data;
3539 if (len != sizeof(*cp))
3540 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3541 MGMT_STATUS_INVALID_PARAMS);
3543 return user_pairing_resp(sk, hdev, &cp->addr,
3544 MGMT_OP_USER_CONFIRM_REPLY,
3545 HCI_OP_USER_CONFIRM_REPLY, 0);
3548 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3549 void *data, u16 len)
3551 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3555 return user_pairing_resp(sk, hdev, &cp->addr,
3556 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3557 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3560 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3563 struct mgmt_cp_user_passkey_reply *cp = data;
3567 return user_pairing_resp(sk, hdev, &cp->addr,
3568 MGMT_OP_USER_PASSKEY_REPLY,
3569 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3572 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3573 void *data, u16 len)
3575 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3579 return user_pairing_resp(sk, hdev, &cp->addr,
3580 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3581 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3584 static void update_name(struct hci_request *req)
3586 struct hci_dev *hdev = req->hdev;
3587 struct hci_cp_write_local_name cp;
3589 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3591 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3594 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3596 struct mgmt_cp_set_local_name *cp;
3597 struct pending_cmd *cmd;
3599 BT_DBG("status 0x%02x", status);
3603 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3610 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3611 mgmt_status(status));
3613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3616 mgmt_pending_remove(cmd);
3619 hci_dev_unlock(hdev);
3622 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3625 struct mgmt_cp_set_local_name *cp = data;
3626 struct pending_cmd *cmd;
3627 struct hci_request req;
3634 /* If the old values are the same as the new ones just return a
3635 * direct command complete event.
3637 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3638 !memcmp(hdev->short_name, cp->short_name,
3639 sizeof(hdev->short_name))) {
3640 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3645 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3647 if (!hdev_is_powered(hdev)) {
3648 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3650 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3655 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3667 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3669 hci_req_init(&req, hdev);
3671 if (lmp_bredr_capable(hdev)) {
3676 /* The name is stored in the scan response data and so
3677 * no need to udpate the advertising data here.
3679 if (lmp_le_capable(hdev))
3680 update_scan_rsp_data(&req);
3682 err = hci_req_run(&req, set_name_complete);
3684 mgmt_pending_remove(cmd);
3687 hci_dev_unlock(hdev);
3691 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3692 void *data, u16 data_len)
3694 struct pending_cmd *cmd;
3697 BT_DBG("%s", hdev->name);
3701 if (!hdev_is_powered(hdev)) {
3702 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3703 MGMT_STATUS_NOT_POWERED);
3707 if (!lmp_ssp_capable(hdev)) {
3708 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3709 MGMT_STATUS_NOT_SUPPORTED);
3713 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3714 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3719 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3725 if (bredr_sc_enabled(hdev))
3726 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3729 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3732 mgmt_pending_remove(cmd);
3735 hci_dev_unlock(hdev);
3739 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3740 void *data, u16 len)
3742 struct mgmt_addr_info *addr = data;
3745 BT_DBG("%s ", hdev->name);
3747 if (!bdaddr_type_is_valid(addr->type))
3748 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749 MGMT_STATUS_INVALID_PARAMS, addr,
3754 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3755 struct mgmt_cp_add_remote_oob_data *cp = data;
3758 if (cp->addr.type != BDADDR_BREDR) {
3759 err = cmd_complete(sk, hdev->id,
3760 MGMT_OP_ADD_REMOTE_OOB_DATA,
3761 MGMT_STATUS_INVALID_PARAMS,
3762 &cp->addr, sizeof(cp->addr));
3766 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3767 cp->addr.type, cp->hash,
3768 cp->rand, NULL, NULL);
3770 status = MGMT_STATUS_FAILED;
3772 status = MGMT_STATUS_SUCCESS;
3774 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3775 status, &cp->addr, sizeof(cp->addr));
3776 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3777 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3778 u8 *rand192, *hash192;
3781 if (bdaddr_type_is_le(cp->addr.type)) {
3782 /* Enforce zero-valued 192-bit parameters as
3783 * long as legacy SMP OOB isn't implemented.
3785 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3786 memcmp(cp->hash192, ZERO_KEY, 16)) {
3787 err = cmd_complete(sk, hdev->id,
3788 MGMT_OP_ADD_REMOTE_OOB_DATA,
3789 MGMT_STATUS_INVALID_PARAMS,
3790 addr, sizeof(*addr));
3797 rand192 = cp->rand192;
3798 hash192 = cp->hash192;
3801 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3802 cp->addr.type, hash192, rand192,
3803 cp->hash256, cp->rand256);
3805 status = MGMT_STATUS_FAILED;
3807 status = MGMT_STATUS_SUCCESS;
3809 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3810 status, &cp->addr, sizeof(cp->addr));
3812 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3813 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3814 MGMT_STATUS_INVALID_PARAMS);
3818 hci_dev_unlock(hdev);
3822 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3823 void *data, u16 len)
3825 struct mgmt_cp_remove_remote_oob_data *cp = data;
3829 BT_DBG("%s", hdev->name);
3831 if (cp->addr.type != BDADDR_BREDR)
3832 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3833 MGMT_STATUS_INVALID_PARAMS,
3834 &cp->addr, sizeof(cp->addr));
3838 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3839 hci_remote_oob_data_clear(hdev);
3840 status = MGMT_STATUS_SUCCESS;
3844 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3846 status = MGMT_STATUS_INVALID_PARAMS;
3848 status = MGMT_STATUS_SUCCESS;
3851 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3852 status, &cp->addr, sizeof(cp->addr));
3854 hci_dev_unlock(hdev);
3858 static bool trigger_discovery(struct hci_request *req, u8 *status)
3860 struct hci_dev *hdev = req->hdev;
3861 struct hci_cp_le_set_scan_param param_cp;
3862 struct hci_cp_le_set_scan_enable enable_cp;
3863 struct hci_cp_inquiry inq_cp;
3864 /* General inquiry access code (GIAC) */
3865 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3869 switch (hdev->discovery.type) {
3870 case DISCOV_TYPE_BREDR:
3871 *status = mgmt_bredr_support(hdev);
3875 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3876 *status = MGMT_STATUS_BUSY;
3880 hci_inquiry_cache_flush(hdev);
3882 memset(&inq_cp, 0, sizeof(inq_cp));
3883 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3884 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3885 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3888 case DISCOV_TYPE_LE:
3889 case DISCOV_TYPE_INTERLEAVED:
3890 *status = mgmt_le_support(hdev);
3894 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3895 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3896 *status = MGMT_STATUS_NOT_SUPPORTED;
3900 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3901 /* Don't let discovery abort an outgoing
3902 * connection attempt that's using directed
3905 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3907 *status = MGMT_STATUS_REJECTED;
3911 disable_advertising(req);
3914 /* If controller is scanning, it means the background scanning
3915 * is running. Thus, we should temporarily stop it in order to
3916 * set the discovery scanning parameters.
3918 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3919 hci_req_add_le_scan_disable(req);
3921 memset(¶m_cp, 0, sizeof(param_cp));
3923 /* All active scans will be done with either a resolvable
3924 * private address (when privacy feature has been enabled)
3925 * or non-resolvable private address.
3927 err = hci_update_random_address(req, true, &own_addr_type);
3929 *status = MGMT_STATUS_FAILED;
3933 param_cp.type = LE_SCAN_ACTIVE;
3934 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3935 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3936 param_cp.own_address_type = own_addr_type;
3937 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3940 memset(&enable_cp, 0, sizeof(enable_cp));
3941 enable_cp.enable = LE_SCAN_ENABLE;
3942 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3943 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3948 *status = MGMT_STATUS_INVALID_PARAMS;
3955 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3958 struct pending_cmd *cmd;
3959 unsigned long timeout;
3961 BT_DBG("status %d", status);
3965 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3967 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3970 cmd->cmd_complete(cmd, mgmt_status(status));
3971 mgmt_pending_remove(cmd);
3975 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3979 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3981 switch (hdev->discovery.type) {
3982 case DISCOV_TYPE_LE:
3983 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3985 case DISCOV_TYPE_INTERLEAVED:
3986 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3988 case DISCOV_TYPE_BREDR:
3992 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3998 queue_delayed_work(hdev->workqueue,
3999 &hdev->le_scan_disable, timeout);
4002 hci_dev_unlock(hdev);
4005 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4006 void *data, u16 len)
4008 struct mgmt_cp_start_discovery *cp = data;
4009 struct pending_cmd *cmd;
4010 struct hci_request req;
4014 BT_DBG("%s", hdev->name);
4018 if (!hdev_is_powered(hdev)) {
4019 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4020 MGMT_STATUS_NOT_POWERED,
4021 &cp->type, sizeof(cp->type));
4025 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4026 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4027 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028 MGMT_STATUS_BUSY, &cp->type,
4033 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4039 cmd->cmd_complete = generic_cmd_complete;
4041 /* Clear the discovery filter first to free any previously
4042 * allocated memory for the UUID list.
4044 hci_discovery_filter_clear(hdev);
4046 hdev->discovery.type = cp->type;
4047 hdev->discovery.report_invalid_rssi = false;
4049 hci_req_init(&req, hdev);
4051 if (!trigger_discovery(&req, &status)) {
4052 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4053 status, &cp->type, sizeof(cp->type));
4054 mgmt_pending_remove(cmd);
4058 err = hci_req_run(&req, start_discovery_complete);
4060 mgmt_pending_remove(cmd);
4064 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4067 hci_dev_unlock(hdev);
4071 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4073 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4077 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4078 void *data, u16 len)
4080 struct mgmt_cp_start_service_discovery *cp = data;
4081 struct pending_cmd *cmd;
4082 struct hci_request req;
4083 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4084 u16 uuid_count, expected_len;
4088 BT_DBG("%s", hdev->name);
4092 if (!hdev_is_powered(hdev)) {
4093 err = cmd_complete(sk, hdev->id,
4094 MGMT_OP_START_SERVICE_DISCOVERY,
4095 MGMT_STATUS_NOT_POWERED,
4096 &cp->type, sizeof(cp->type));
4100 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4101 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4102 err = cmd_complete(sk, hdev->id,
4103 MGMT_OP_START_SERVICE_DISCOVERY,
4104 MGMT_STATUS_BUSY, &cp->type,
4109 uuid_count = __le16_to_cpu(cp->uuid_count);
4110 if (uuid_count > max_uuid_count) {
4111 BT_ERR("service_discovery: too big uuid_count value %u",
4113 err = cmd_complete(sk, hdev->id,
4114 MGMT_OP_START_SERVICE_DISCOVERY,
4115 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4120 expected_len = sizeof(*cp) + uuid_count * 16;
4121 if (expected_len != len) {
4122 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4124 err = cmd_complete(sk, hdev->id,
4125 MGMT_OP_START_SERVICE_DISCOVERY,
4126 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4131 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4138 cmd->cmd_complete = service_discovery_cmd_complete;
4140 /* Clear the discovery filter first to free any previously
4141 * allocated memory for the UUID list.
4143 hci_discovery_filter_clear(hdev);
4145 hdev->discovery.type = cp->type;
4146 hdev->discovery.rssi = cp->rssi;
4147 hdev->discovery.uuid_count = uuid_count;
4149 if (uuid_count > 0) {
4150 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4152 if (!hdev->discovery.uuids) {
4153 err = cmd_complete(sk, hdev->id,
4154 MGMT_OP_START_SERVICE_DISCOVERY,
4156 &cp->type, sizeof(cp->type));
4157 mgmt_pending_remove(cmd);
4162 hci_req_init(&req, hdev);
4164 if (!trigger_discovery(&req, &status)) {
4165 err = cmd_complete(sk, hdev->id,
4166 MGMT_OP_START_SERVICE_DISCOVERY,
4167 status, &cp->type, sizeof(cp->type));
4168 mgmt_pending_remove(cmd);
4172 err = hci_req_run(&req, start_discovery_complete);
4174 mgmt_pending_remove(cmd);
4178 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4181 hci_dev_unlock(hdev);
4185 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4187 struct pending_cmd *cmd;
4189 BT_DBG("status %d", status);
4193 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4195 cmd->cmd_complete(cmd, mgmt_status(status));
4196 mgmt_pending_remove(cmd);
4200 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4202 hci_dev_unlock(hdev);
4205 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4208 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4209 struct pending_cmd *cmd;
4210 struct hci_request req;
4213 BT_DBG("%s", hdev->name);
4217 if (!hci_discovery_active(hdev)) {
4218 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4219 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4220 sizeof(mgmt_cp->type));
4224 if (hdev->discovery.type != mgmt_cp->type) {
4225 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4226 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4227 sizeof(mgmt_cp->type));
4231 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4237 cmd->cmd_complete = generic_cmd_complete;
4239 hci_req_init(&req, hdev);
4241 hci_stop_discovery(&req);
4243 err = hci_req_run(&req, stop_discovery_complete);
4245 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4249 mgmt_pending_remove(cmd);
4251 /* If no HCI commands were sent we're done */
4252 if (err == -ENODATA) {
4253 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4254 &mgmt_cp->type, sizeof(mgmt_cp->type));
4255 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4259 hci_dev_unlock(hdev);
4263 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4266 struct mgmt_cp_confirm_name *cp = data;
4267 struct inquiry_entry *e;
4270 BT_DBG("%s", hdev->name);
4274 if (!hci_discovery_active(hdev)) {
4275 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4276 MGMT_STATUS_FAILED, &cp->addr,
4281 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4283 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4284 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4289 if (cp->name_known) {
4290 e->name_state = NAME_KNOWN;
4293 e->name_state = NAME_NEEDED;
4294 hci_inquiry_cache_update_resolve(hdev, e);
4297 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4301 hci_dev_unlock(hdev);
4305 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4308 struct mgmt_cp_block_device *cp = data;
4312 BT_DBG("%s", hdev->name);
4314 if (!bdaddr_type_is_valid(cp->addr.type))
4315 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4316 MGMT_STATUS_INVALID_PARAMS,
4317 &cp->addr, sizeof(cp->addr));
4321 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4324 status = MGMT_STATUS_FAILED;
4328 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4330 status = MGMT_STATUS_SUCCESS;
4333 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4334 &cp->addr, sizeof(cp->addr));
4336 hci_dev_unlock(hdev);
4341 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4344 struct mgmt_cp_unblock_device *cp = data;
4348 BT_DBG("%s", hdev->name);
4350 if (!bdaddr_type_is_valid(cp->addr.type))
4351 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4352 MGMT_STATUS_INVALID_PARAMS,
4353 &cp->addr, sizeof(cp->addr));
4357 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4360 status = MGMT_STATUS_INVALID_PARAMS;
4364 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4366 status = MGMT_STATUS_SUCCESS;
4369 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4370 &cp->addr, sizeof(cp->addr));
4372 hci_dev_unlock(hdev);
4377 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4380 struct mgmt_cp_set_device_id *cp = data;
4381 struct hci_request req;
4385 BT_DBG("%s", hdev->name);
4387 source = __le16_to_cpu(cp->source);
4389 if (source > 0x0002)
4390 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4391 MGMT_STATUS_INVALID_PARAMS);
4395 hdev->devid_source = source;
4396 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4397 hdev->devid_product = __le16_to_cpu(cp->product);
4398 hdev->devid_version = __le16_to_cpu(cp->version);
4400 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4402 hci_req_init(&req, hdev);
4404 hci_req_run(&req, NULL);
4406 hci_dev_unlock(hdev);
4411 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4414 struct cmd_lookup match = { NULL, hdev };
4419 u8 mgmt_err = mgmt_status(status);
4421 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4422 cmd_status_rsp, &mgmt_err);
4426 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4427 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4429 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4431 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4434 new_settings(hdev, match.sk);
4440 hci_dev_unlock(hdev);
4443 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4446 struct mgmt_mode *cp = data;
4447 struct pending_cmd *cmd;
4448 struct hci_request req;
4449 u8 val, enabled, status;
4452 BT_DBG("request for %s", hdev->name);
4454 status = mgmt_le_support(hdev);
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4459 if (cp->val != 0x00 && cp->val != 0x01)
4460 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4461 MGMT_STATUS_INVALID_PARAMS);
4466 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4468 /* The following conditions are ones which mean that we should
4469 * not do any HCI communication but directly send a mgmt
4470 * response to user space (after toggling the flag if
4473 if (!hdev_is_powered(hdev) || val == enabled ||
4474 hci_conn_num(hdev, LE_LINK) > 0 ||
4475 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4476 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4477 bool changed = false;
4479 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4480 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4484 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4489 err = new_settings(hdev, sk);
4494 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4495 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4496 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4507 hci_req_init(&req, hdev);
4510 enable_advertising(&req);
4512 disable_advertising(&req);
4514 err = hci_req_run(&req, set_advertising_complete);
4516 mgmt_pending_remove(cmd);
4519 hci_dev_unlock(hdev);
4523 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4524 void *data, u16 len)
4526 struct mgmt_cp_set_static_address *cp = data;
4529 BT_DBG("%s", hdev->name);
4531 if (!lmp_le_capable(hdev))
4532 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4533 MGMT_STATUS_NOT_SUPPORTED);
4535 if (hdev_is_powered(hdev))
4536 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4537 MGMT_STATUS_REJECTED);
4539 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4540 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4541 return cmd_status(sk, hdev->id,
4542 MGMT_OP_SET_STATIC_ADDRESS,
4543 MGMT_STATUS_INVALID_PARAMS);
4545 /* Two most significant bits shall be set */
4546 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4547 return cmd_status(sk, hdev->id,
4548 MGMT_OP_SET_STATIC_ADDRESS,
4549 MGMT_STATUS_INVALID_PARAMS);
4554 bacpy(&hdev->static_addr, &cp->bdaddr);
4556 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4558 hci_dev_unlock(hdev);
4563 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4564 void *data, u16 len)
4566 struct mgmt_cp_set_scan_params *cp = data;
4567 __u16 interval, window;
4570 BT_DBG("%s", hdev->name);
4572 if (!lmp_le_capable(hdev))
4573 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4574 MGMT_STATUS_NOT_SUPPORTED);
4576 interval = __le16_to_cpu(cp->interval);
4578 if (interval < 0x0004 || interval > 0x4000)
4579 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4580 MGMT_STATUS_INVALID_PARAMS);
4582 window = __le16_to_cpu(cp->window);
4584 if (window < 0x0004 || window > 0x4000)
4585 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4586 MGMT_STATUS_INVALID_PARAMS);
4588 if (window > interval)
4589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4590 MGMT_STATUS_INVALID_PARAMS);
4594 hdev->le_scan_interval = interval;
4595 hdev->le_scan_window = window;
4597 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4599 /* If background scan is running, restart it so new parameters are
4602 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4603 hdev->discovery.state == DISCOVERY_STOPPED) {
4604 struct hci_request req;
4606 hci_req_init(&req, hdev);
4608 hci_req_add_le_scan_disable(&req);
4609 hci_req_add_le_passive_scan(&req);
4611 hci_req_run(&req, NULL);
4614 hci_dev_unlock(hdev);
4619 #ifdef CONFIG_TIZEN_WIP
4620 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
4621 void *data, u16 len)
4623 struct mgmt_cp_le_set_scan_params *cp = data;
4624 __u16 interval, window;
4627 BT_DBG("%s", hdev->name);
4629 if (!lmp_le_capable(hdev))
4630 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4631 MGMT_STATUS_NOT_SUPPORTED);
4633 interval = __le16_to_cpu(cp->interval);
4635 if (interval < 0x0004 || interval > 0x4000)
4636 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4637 MGMT_STATUS_INVALID_PARAMS);
4639 window = __le16_to_cpu(cp->window);
4641 if (window < 0x0004 || window > 0x4000)
4642 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4643 MGMT_STATUS_INVALID_PARAMS);
4645 if (window > interval)
4646 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4647 MGMT_STATUS_INVALID_PARAMS);
4651 hdev->le_scan_type = cp->type;
4652 hdev->le_scan_interval = interval;
4653 hdev->le_scan_window = window;
4655 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0, NULL, 0);
4657 /* If background scan is running, restart it so new parameters are
4660 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4661 hdev->discovery.state == DISCOVERY_STOPPED) {
4662 struct hci_request req;
4664 hci_req_init(&req, hdev);
4666 hci_req_add_le_scan_disable(&req);
4667 hci_req_add_le_passive_scan(&req);
4669 hci_req_run(&req, NULL);
4672 hci_dev_unlock(hdev);
4678 #ifdef CONFIG_TIZEN_WIP /* Adv White List feature */
4679 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4681 struct mgmt_cp_add_dev_white_list *cp;
4682 struct pending_cmd *cmd;
4684 BT_DBG("status 0x%02x", status);
4688 cmd = mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4695 cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4696 mgmt_status(status));
4698 cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST, 0,
4701 mgmt_pending_remove(cmd);
4704 hci_dev_unlock(hdev);
4707 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4708 void *data, u16 len)
4710 struct pending_cmd *cmd;
4711 struct mgmt_cp_add_dev_white_list *cp = data;
4712 struct hci_request req;
4715 BT_DBG("%s", hdev->name);
4717 if (!lmp_le_capable(hdev))
4718 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4719 MGMT_STATUS_NOT_SUPPORTED);
4721 if (!hdev_is_powered(hdev))
4722 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4723 MGMT_STATUS_REJECTED);
4727 if (mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4728 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4733 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4739 hci_req_init(&req, hdev);
4741 hci_req_add(&req, HCI_OP_LE_ADD_DEV_WHITE_LIST, sizeof(*cp), cp);
4743 err = hci_req_run(&req, add_white_list_complete);
4745 mgmt_pending_remove(cmd);
4750 hci_dev_unlock(hdev);
4755 static void remove_from_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4757 struct mgmt_cp_remove_dev_from_white_list *cp;
4758 struct pending_cmd *cmd;
4760 BT_DBG("status 0x%02x", status);
4764 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
4771 cmd_status(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4772 mgmt_status(status));
4774 cmd_complete(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
4777 mgmt_pending_remove(cmd);
4780 hci_dev_unlock(hdev);
4783 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
4784 void *data, u16 len)
4786 struct pending_cmd *cmd;
4787 struct mgmt_cp_remove_dev_from_white_list *cp = data;
4788 struct hci_request req;
4791 BT_DBG("%s", hdev->name);
4793 if (!lmp_le_capable(hdev))
4794 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4795 MGMT_STATUS_NOT_SUPPORTED);
4797 if (!hdev_is_powered(hdev))
4798 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4799 MGMT_STATUS_REJECTED);
4803 if (mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
4804 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4809 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev, data, len);
4815 hci_req_init(&req, hdev);
4817 hci_req_add(&req, HCI_OP_LE_REMOVE_FROM_DEV_WHITE_LIST, sizeof(*cp), cp);
4819 err = hci_req_run(&req, remove_from_white_list_complete);
4821 mgmt_pending_remove(cmd);
4826 hci_dev_unlock(hdev);
4831 static void clear_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4833 struct pending_cmd *cmd;
4835 BT_DBG("status 0x%02x", status);
4839 cmd = mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
4844 cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4845 mgmt_status(status));
4847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST, 0,
4850 mgmt_pending_remove(cmd);
4853 hci_dev_unlock(hdev);
4856 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
4857 void *data, u16 len)
4859 struct pending_cmd *cmd;
4860 struct hci_request req;
4863 BT_DBG("%s", hdev->name);
4865 if (!lmp_le_capable(hdev))
4866 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4867 MGMT_STATUS_NOT_SUPPORTED);
4869 if (!hdev_is_powered(hdev))
4870 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4871 MGMT_STATUS_REJECTED);
4875 if (mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
4876 err = cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4881 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev, NULL, 0);
4887 hci_req_init(&req, hdev);
4889 hci_req_add(&req, HCI_OP_LE_CLEAR_DEV_WHITE_LIST, 0, NULL);
4891 err = hci_req_run(&req, clear_white_list_complete);
4893 mgmt_pending_remove(cmd);
4898 hci_dev_unlock(hdev);
4903 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
4905 struct pending_cmd *cmd;
4909 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
4911 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
4915 type = hdev->le_discovery.type;
4917 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
4918 &type, sizeof(type));
4919 mgmt_pending_remove(cmd);
4924 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4926 unsigned long timeout = 0;
4928 BT_DBG("status %d", status);
4932 mgmt_start_le_discovery_failed(hdev, status);
4933 hci_dev_unlock(hdev);
4938 hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
4939 hci_dev_unlock(hdev);
4941 switch (hdev->le_discovery.type) {
4942 case DISCOV_TYPE_LE:
4943 /* BEGIN TIZEN_Bluetooth :: Keep going on LE Scan */
4945 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4947 /* END TIZEN_Bluetooth */
4951 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
4957 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
4960 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
4961 void *data, u16 len)
4963 struct mgmt_cp_start_le_discovery *cp = data;
4964 struct pending_cmd *cmd;
4965 struct hci_cp_le_set_scan_param param_cp;
4966 struct hci_cp_le_set_scan_enable enable_cp;
4967 struct hci_request req;
4968 u8 status, own_addr_type;
4971 BT_DBG("%s", hdev->name);
4975 if (!hdev_is_powered(hdev)) {
4976 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4977 MGMT_STATUS_NOT_POWERED);
4981 if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
4982 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4987 cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
4993 hdev->le_discovery.type = cp->type;
4995 hci_req_init(&req, hdev);
4997 switch (hdev->le_discovery.type) {
4998 case DISCOV_TYPE_LE:
4999 status = mgmt_le_support(hdev);
5001 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5003 mgmt_pending_remove(cmd);
5007 /* If controller is scanning, it means the background scanning
5008 * is running. Thus, we should temporarily stop it in order to
5009 * set the discovery scanning parameters.
5011 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5012 hci_req_add_le_scan_disable(&req);
5014 memset(¶m_cp, 0, sizeof(param_cp));
5016 /* All active scans will be done with either a resolvable
5017 * private address (when privacy feature has been enabled)
5018 * or unresolvable private address.
5020 err = hci_update_random_address(&req, true, &own_addr_type);
5022 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5023 MGMT_STATUS_FAILED);
5024 mgmt_pending_remove(cmd);
5028 param_cp.type = hdev->le_scan_type;
5029 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5030 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5031 param_cp.own_address_type = own_addr_type;
5032 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5035 memset(&enable_cp, 0, sizeof(enable_cp));
5036 enable_cp.enable = LE_SCAN_ENABLE;
5037 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5039 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5044 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5045 MGMT_STATUS_INVALID_PARAMS);
5046 mgmt_pending_remove(cmd);
5050 err = hci_req_run(&req, start_le_discovery_complete);
5052 mgmt_pending_remove(cmd);
5054 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
5057 hci_dev_unlock(hdev);
5061 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
5063 struct pending_cmd *cmd;
5066 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
5070 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
5071 &hdev->le_discovery.type, sizeof(hdev->le_discovery.type));
5072 mgmt_pending_remove(cmd);
5077 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5079 BT_DBG("status %d", status);
5084 mgmt_stop_le_discovery_failed(hdev, status);
5088 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
5091 hci_dev_unlock(hdev);
5094 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5097 struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
5098 struct pending_cmd *cmd;
5099 struct hci_request req;
5102 BT_DBG("%s", hdev->name);
5106 if (!hci_le_discovery_active(hdev)) {
5107 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5108 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5109 sizeof(mgmt_cp->type));
5113 if (hdev->le_discovery.type != mgmt_cp->type) {
5114 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5115 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
5116 sizeof(mgmt_cp->type));
5120 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
5126 hci_req_init(&req, hdev);
5128 switch (hdev->le_discovery.state) {
5129 case DISCOVERY_FINDING:
5130 cancel_delayed_work(&hdev->le_scan_disable);
5131 hci_req_add_le_scan_disable(&req);
5135 BT_DBG("unknown le discovery state %u", hdev->le_discovery.state);
5137 mgmt_pending_remove(cmd);
5138 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5139 MGMT_STATUS_FAILED, &mgmt_cp->type,
5140 sizeof(mgmt_cp->type));
5144 err = hci_req_run(&req, stop_le_discovery_complete);
5146 mgmt_pending_remove(cmd);
5148 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
5151 hci_dev_unlock(hdev);
5155 /* BEGIN TIZEN_Bluetooth :: LE auto connect */
5156 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
5157 void *data, u16 len)
5161 BT_DBG("%s", hdev->name);
5165 err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
5167 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
5170 hci_dev_unlock(hdev);
5174 /* END TIZEN_Bluetooth */
5176 /* BEGIN TIZEN_Bluetooth :: LE connection Update */
5177 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
5180 struct mgmt_cp_le_conn_update *cp = data;
5182 struct hci_conn *conn;
5183 u16 min, max, latency, supervision_timeout;
5186 if (!hdev_is_powered(hdev))
5187 return cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5188 MGMT_STATUS_NOT_POWERED);
5190 min = __le16_to_cpu(cp->conn_interval_min);
5191 max = __le16_to_cpu(cp->conn_interval_max);
5192 latency = __le16_to_cpu(cp->conn_latency);
5193 supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
5195 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
5196 min, max, latency, supervision_timeout);
5198 err = check_le_conn_update_param(min, max, latency, supervision_timeout);
5201 err = cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5202 MGMT_STATUS_INVALID_PARAMS);
5208 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
5211 cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5212 MGMT_STATUS_NOT_CONNECTED);
5216 hci_le_conn_update(conn, min, max, latency, supervision_timeout);
5218 err = cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
5221 hci_dev_unlock(hdev);
5224 /* END TIZEN_Bluetooth */
5227 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5229 struct pending_cmd *cmd;
5231 BT_DBG("status 0x%02x", status);
5235 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5240 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5241 mgmt_status(status));
5243 struct mgmt_mode *cp = cmd->param;
5246 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5248 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5250 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5251 new_settings(hdev, cmd->sk);
5254 mgmt_pending_remove(cmd);
5257 hci_dev_unlock(hdev);
5260 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5261 void *data, u16 len)
5263 struct mgmt_mode *cp = data;
5264 struct pending_cmd *cmd;
5265 struct hci_request req;
5268 BT_DBG("%s", hdev->name);
5270 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
5271 hdev->hci_ver < BLUETOOTH_VER_1_2)
5272 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5273 MGMT_STATUS_NOT_SUPPORTED);
5275 if (cp->val != 0x00 && cp->val != 0x01)
5276 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5277 MGMT_STATUS_INVALID_PARAMS);
5279 if (!hdev_is_powered(hdev))
5280 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5281 MGMT_STATUS_NOT_POWERED);
5283 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5284 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5285 MGMT_STATUS_REJECTED);
5289 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5290 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5295 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
5296 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5301 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5308 hci_req_init(&req, hdev);
5310 write_fast_connectable(&req, cp->val);
5312 err = hci_req_run(&req, fast_connectable_complete);
5314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5315 MGMT_STATUS_FAILED);
5316 mgmt_pending_remove(cmd);
5320 hci_dev_unlock(hdev);
5325 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5327 struct pending_cmd *cmd;
5329 BT_DBG("status 0x%02x", status);
5333 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
5338 u8 mgmt_err = mgmt_status(status);
5340 /* We need to restore the flag if related HCI commands
5343 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5345 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5347 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5348 new_settings(hdev, cmd->sk);
5351 mgmt_pending_remove(cmd);
5354 hci_dev_unlock(hdev);
5357 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5359 struct mgmt_mode *cp = data;
5360 struct pending_cmd *cmd;
5361 struct hci_request req;
5364 BT_DBG("request for %s", hdev->name);
5366 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5367 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5368 MGMT_STATUS_NOT_SUPPORTED);
5370 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5371 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5372 MGMT_STATUS_REJECTED);
5374 if (cp->val != 0x00 && cp->val != 0x01)
5375 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5376 MGMT_STATUS_INVALID_PARAMS);
5380 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5381 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5385 if (!hdev_is_powered(hdev)) {
5387 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5388 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5389 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5390 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5391 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5394 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5396 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5400 err = new_settings(hdev, sk);
5404 /* Reject disabling when powered on */
5406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5407 MGMT_STATUS_REJECTED);
5410 /* When configuring a dual-mode controller to operate
5411 * with LE only and using a static address, then switching
5412 * BR/EDR back on is not allowed.
5414 * Dual-mode controllers shall operate with the public
5415 * address as its identity address for BR/EDR and LE. So
5416 * reject the attempt to create an invalid configuration.
5418 * The same restrictions applies when secure connections
5419 * has been enabled. For BR/EDR this is a controller feature
5420 * while for LE it is a host stack feature. This means that
5421 * switching BR/EDR back on when secure connections has been
5422 * enabled is not a supported transaction.
5424 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5425 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5426 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
5427 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5428 MGMT_STATUS_REJECTED);
5433 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
5434 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5439 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5445 /* We need to flip the bit already here so that update_adv_data
5446 * generates the correct flags.
5448 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5450 hci_req_init(&req, hdev);
5452 write_fast_connectable(&req, false);
5453 __hci_update_page_scan(&req);
5455 /* Since only the advertising data flags will change, there
5456 * is no need to update the scan response data.
5458 update_adv_data(&req);
5460 err = hci_req_run(&req, set_bredr_complete);
5462 mgmt_pending_remove(cmd);
5465 hci_dev_unlock(hdev);
5469 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5471 struct pending_cmd *cmd;
5472 struct mgmt_mode *cp;
5474 BT_DBG("%s status %u", hdev->name, status);
5478 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5483 cmd_status(cmd->sk, cmd->index, cmd->opcode,
5484 mgmt_status(status));
5492 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5493 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5496 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5497 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5500 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5501 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5505 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5506 new_settings(hdev, cmd->sk);
5509 mgmt_pending_remove(cmd);
5511 hci_dev_unlock(hdev);
5514 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5515 void *data, u16 len)
5517 struct mgmt_mode *cp = data;
5518 struct pending_cmd *cmd;
5519 struct hci_request req;
5523 BT_DBG("request for %s", hdev->name);
5525 if (!lmp_sc_capable(hdev) &&
5526 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5527 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5528 MGMT_STATUS_NOT_SUPPORTED);
5530 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5531 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5532 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5533 MGMT_STATUS_REJECTED);
5535 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5536 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5537 MGMT_STATUS_INVALID_PARAMS);
5541 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5542 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5546 changed = !test_and_set_bit(HCI_SC_ENABLED,
5548 if (cp->val == 0x02)
5549 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5551 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5553 changed = test_and_clear_bit(HCI_SC_ENABLED,
5555 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5558 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5563 err = new_settings(hdev, sk);
5568 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5576 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5577 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
5578 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5588 hci_req_init(&req, hdev);
5589 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5590 err = hci_req_run(&req, sc_enable_complete);
5592 mgmt_pending_remove(cmd);
5597 hci_dev_unlock(hdev);
5601 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5604 struct mgmt_mode *cp = data;
5605 bool changed, use_changed;
5608 BT_DBG("request for %s", hdev->name);
5610 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5611 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5612 MGMT_STATUS_INVALID_PARAMS);
5617 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5620 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5623 if (cp->val == 0x02)
5624 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5627 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5630 if (hdev_is_powered(hdev) && use_changed &&
5631 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5632 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5633 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5634 sizeof(mode), &mode);
5637 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5642 err = new_settings(hdev, sk);
5645 hci_dev_unlock(hdev);
5649 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5652 struct mgmt_cp_set_privacy *cp = cp_data;
5656 BT_DBG("request for %s", hdev->name);
5658 if (!lmp_le_capable(hdev))
5659 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5660 MGMT_STATUS_NOT_SUPPORTED);
5662 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5663 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5664 MGMT_STATUS_INVALID_PARAMS);
5666 /* Not sure why below condition is required; commenting for now,
5667 * since set privacy command is always rejected if this condition is enabled.
5669 #ifndef CONFIG_TIZEN_WIP
5670 if (hdev_is_powered(hdev))
5671 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5672 MGMT_STATUS_REJECTED);
5677 /* If user space supports this command it is also expected to
5678 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5680 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5683 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5684 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5685 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5687 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5688 memset(hdev->irk, 0, sizeof(hdev->irk));
5689 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5692 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5697 err = new_settings(hdev, sk);
5700 hci_dev_unlock(hdev);
5704 static bool irk_is_valid(struct mgmt_irk_info *irk)
5706 switch (irk->addr.type) {
5707 case BDADDR_LE_PUBLIC:
5710 case BDADDR_LE_RANDOM:
5711 /* Two most significant bits shall be set */
5712 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5720 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5723 struct mgmt_cp_load_irks *cp = cp_data;
5724 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5725 sizeof(struct mgmt_irk_info));
5726 u16 irk_count, expected_len;
5729 BT_DBG("request for %s", hdev->name);
5731 if (!lmp_le_capable(hdev))
5732 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5733 MGMT_STATUS_NOT_SUPPORTED);
5735 irk_count = __le16_to_cpu(cp->irk_count);
5736 if (irk_count > max_irk_count) {
5737 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5738 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5739 MGMT_STATUS_INVALID_PARAMS);
5742 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5743 if (expected_len != len) {
5744 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5746 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5747 MGMT_STATUS_INVALID_PARAMS);
5750 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5752 for (i = 0; i < irk_count; i++) {
5753 struct mgmt_irk_info *key = &cp->irks[i];
5755 if (!irk_is_valid(key))
5756 return cmd_status(sk, hdev->id,
5758 MGMT_STATUS_INVALID_PARAMS);
5763 hci_smp_irks_clear(hdev);
5765 for (i = 0; i < irk_count; i++) {
5766 struct mgmt_irk_info *irk = &cp->irks[i];
5769 if (irk->addr.type == BDADDR_LE_PUBLIC)
5770 addr_type = ADDR_LE_DEV_PUBLIC;
5772 addr_type = ADDR_LE_DEV_RANDOM;
5774 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5778 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5780 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5782 hci_dev_unlock(hdev);
5787 #ifdef CONFIG_TIZEN_WIP
5788 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
5789 void *data, u16 len)
5791 struct mgmt_cp_set_advertising_params *cp = data;
5796 BT_DBG("%s", hdev->name);
5798 if (!lmp_le_capable(hdev))
5799 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5800 MGMT_STATUS_NOT_SUPPORTED);
5802 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5803 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5806 min_interval = __le16_to_cpu(cp->interval_min);
5807 max_interval = __le16_to_cpu(cp->interval_max);
5809 if (min_interval > max_interval ||
5810 min_interval < 0x0020 || max_interval > 0x4000)
5811 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5812 MGMT_STATUS_INVALID_PARAMS);
5816 hdev->le_adv_min_interval = min_interval;
5817 hdev->le_adv_max_interval = max_interval;
5818 hdev->adv_filter_policy = cp->filter_policy;
5819 hdev->adv_type = cp->type;
5821 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
5823 hci_dev_unlock(hdev);
5828 static void set_advertising_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5830 struct mgmt_cp_set_advertising_data *cp;
5831 struct pending_cmd *cmd;
5833 BT_DBG("status 0x%02x", status);
5837 cmd = mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
5844 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5845 mgmt_status(status));
5847 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA, 0,
5850 mgmt_pending_remove(cmd);
5853 hci_dev_unlock(hdev);
5856 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
5857 void *data, u16 len)
5859 struct pending_cmd *cmd;
5860 struct hci_request req;
5861 struct mgmt_cp_set_advertising_data *cp = data;
5862 struct hci_cp_le_set_adv_data adv;
5865 BT_DBG("%s", hdev->name);
5867 if (!lmp_le_capable(hdev)) {
5868 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5869 MGMT_STATUS_NOT_SUPPORTED);
5874 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
5875 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5880 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
5887 if (len > HCI_MAX_AD_LENGTH) {
5888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5889 MGMT_STATUS_INVALID_PARAMS);
5893 hci_req_init(&req, hdev);
5895 memset(&adv, 0, sizeof(adv));
5896 memcpy(adv.data, cp->data, len);
5899 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
5901 err = hci_req_run(&req, set_advertising_data_complete);
5903 mgmt_pending_remove(cmd);
5907 hci_dev_unlock(hdev);
5912 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5914 struct mgmt_cp_set_scan_rsp_data *cp;
5915 struct pending_cmd *cmd;
5917 BT_DBG("status 0x%02x", status);
5921 cmd = mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
5928 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5929 mgmt_status(status));
5931 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA, 0,
5934 mgmt_pending_remove(cmd);
5937 hci_dev_unlock(hdev);
5940 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
5943 struct pending_cmd *cmd;
5944 struct hci_request req;
5945 struct mgmt_cp_set_scan_rsp_data *cp = data;
5946 struct hci_cp_le_set_scan_rsp_data rsp;
5949 BT_DBG("%s", hdev->name);
5951 if (!lmp_le_capable(hdev))
5952 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5953 MGMT_STATUS_NOT_SUPPORTED);
5957 if (mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
5958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5963 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
5968 if (len > HCI_MAX_AD_LENGTH) {
5969 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5970 MGMT_STATUS_INVALID_PARAMS);
5974 hci_req_init(&req, hdev);
5976 memset(&rsp, 0, sizeof(rsp));
5977 memcpy(rsp.data, cp->data, len);
5980 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
5982 err = hci_req_run(&req, set_scan_rsp_data_complete);
5984 mgmt_pending_remove(cmd);
5988 hci_dev_unlock(hdev);
5993 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5995 struct mgmt_cp_set_manufacturer_data *cp;
5996 struct pending_cmd *cmd;
5998 BT_DBG("status 0x%02x", status);
6002 cmd = mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
6009 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6010 mgmt_status(status));
6012 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6015 mgmt_pending_remove(cmd);
6018 hci_dev_unlock(hdev);
6021 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
6022 void *data, u16 len)
6024 struct pending_cmd *cmd;
6025 struct hci_request req;
6026 struct mgmt_cp_set_manufacturer_data *cp = data;
6027 u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
6032 BT_DBG("%s", hdev->name);
6034 if (!lmp_bredr_capable(hdev)) {
6035 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6036 MGMT_STATUS_NOT_SUPPORTED);
6039 if (cp->data[0] == 0 ||
6040 cp->data[0] - 1 > sizeof(hdev->manufacturer_data)) {
6041 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6042 MGMT_STATUS_INVALID_PARAMS);
6045 if (cp->data[1] != 0xFF) {
6046 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6047 MGMT_STATUS_NOT_SUPPORTED);
6052 if (mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
6053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6058 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data, len);
6064 hci_req_init(&req, hdev);
6066 /* if new data is same as previous data then return command complete event*/
6067 if (hdev->manufacturer_len == cp->data[0] - 1 &&
6068 !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
6069 mgmt_pending_remove(cmd);
6070 cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6072 hci_dev_unlock(hdev);
6076 old_len = hdev->manufacturer_len;
6078 memcpy(old_data, hdev->manufacturer_data, old_len);
6081 hdev->manufacturer_len = cp->data[0] - 1;
6082 if (hdev->manufacturer_len > 0) {
6083 memcpy(hdev->manufacturer_data, cp->data + 2, hdev->manufacturer_len);
6088 err = hci_req_run(&req, set_manufacturer_data_complete);
6090 mgmt_pending_remove(cmd);
6095 hci_dev_unlock(hdev);
6100 memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
6101 hdev->manufacturer_len = old_len;
6102 if (hdev->manufacturer_len > 0) {
6103 memcpy(hdev->manufacturer_data, old_data,
6104 hdev->manufacturer_len);
6106 hci_dev_unlock(hdev);
6110 #ifdef CONFIG_TIZEN_WIP
6111 static int set_voice_setting(struct sock *sk, struct hci_dev *hdev,
6112 void *data, u16 len)
6114 struct mgmt_cp_set_voice_setting *cp = data;
6115 struct hci_conn *conn;
6116 struct hci_conn *sco_conn;
6120 BT_DBG("%s", hdev->name);
6122 if (!lmp_bredr_capable(hdev)) {
6123 return cmd_status(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING,
6124 MGMT_STATUS_NOT_SUPPORTED);
6129 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
6131 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6136 conn->voice_setting = cp->voice_setting;
6137 conn->sco_role = cp->sco_role;
6139 sco_conn = hci_conn_hash_lookup_sco(hdev);
6140 if (sco_conn && bacmp(&sco_conn->dst, &cp->bdaddr) != 0) {
6141 BT_ERR("There is other SCO connection.");
6145 if (conn->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
6146 if (conn->voice_setting == 0x0063)
6147 sco_connect_set_wbc(hdev);
6149 sco_connect_set_nbc(hdev);
6151 if (conn->voice_setting == 0x0063)
6152 sco_connect_set_gw_wbc(hdev);
6154 sco_connect_set_gw_nbc(hdev);
6158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6162 hci_dev_unlock(hdev);
6167 static int get_adv_tx_power(struct sock *sk, struct hci_dev *hdev,
6168 void *data, u16 len)
6170 struct mgmt_rp_get_adv_tx_power *rp;
6174 BT_DBG("%s", hdev->name);
6178 rp_len = sizeof(*rp);
6179 rp = kmalloc(rp_len, GFP_KERNEL);
6185 rp->adv_tx_power= hdev->adv_tx_power;
6187 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_TX_POWER, 0, rp,
6193 hci_dev_unlock(hdev);
6198 /* BEGIN TIZEN_Bluetooth :: Apply RSSI changes */
6199 static void set_rssi_threshold_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6201 BT_DBG("status 0x%02x", status);
6204 static void set_rssi_disable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6206 BT_DBG("status 0x%02x", status);
6209 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
6210 void *data, u16 len)
6213 struct hci_cp_set_rssi_threshold th = { 0, };
6214 struct mgmt_cp_set_enable_rssi *cp = data;
6215 struct hci_conn *conn;
6216 struct pending_cmd *cmd;
6217 struct hci_request req;
6222 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6224 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6225 MGMT_STATUS_FAILED);
6229 if (!lmp_le_capable(hdev)) {
6230 mgmt_pending_remove(cmd);
6231 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6232 MGMT_STATUS_NOT_SUPPORTED);
6235 if (!hdev_is_powered(hdev)) {
6236 BT_DBG("%s", hdev->name);
6237 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6238 MGMT_STATUS_NOT_POWERED, data, len);
6239 mgmt_pending_remove(cmd);
6243 if (cp->link_type == 0x01)
6244 dest_type = LE_LINK;
6246 dest_type = ACL_LINK;
6248 /* Get LE/ACL link handle info*/
6249 conn = hci_conn_hash_lookup_ba(hdev,
6250 dest_type, &cp->bdaddr);
6253 err = cmd_complete(sk, hdev->id,
6254 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
6255 mgmt_pending_remove(cmd);
6259 hci_req_init(&req, hdev);
6261 th.hci_le_ext_opcode = 0x0B;
6263 th.conn_handle = conn->handle;
6264 th.alert_mask = 0x07;
6265 th.low_th = cp->low_th;
6266 th.in_range_th = cp->in_range_th;
6267 th.high_th = cp->high_th;
6269 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6270 err = hci_req_run(&req, set_rssi_threshold_complete);
6273 mgmt_pending_remove(cmd);
6274 BT_ERR("Error in requesting hci_req_run");
6279 hci_dev_unlock(hdev);
6283 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
6284 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6286 struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
6287 struct mgmt_cp_set_enable_rssi *cp = data;
6288 struct pending_cmd *cmd;
6290 if (cp == NULL || rp == NULL)
6293 mgmt_rp.status = rp->status;
6294 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6295 mgmt_rp.bt_address = cp->bdaddr;
6296 mgmt_rp.link_type = cp->link_type;
6298 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, MGMT_STATUS_SUCCESS,
6299 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6301 mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
6302 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6304 hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
6305 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6306 &mgmt_rp.bt_address, true);
6310 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6312 mgmt_pending_remove(cmd);
6314 hci_dev_unlock(hdev);
6317 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
6318 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6320 struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
6321 struct mgmt_cp_disable_rssi *cp = data;
6322 struct pending_cmd *cmd;
6324 if (cp == NULL || rp == NULL)
6327 mgmt_rp.status = rp->status;
6328 mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6329 mgmt_rp.bt_address = cp->bdaddr;
6330 mgmt_rp.link_type = cp->link_type;
6332 cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, MGMT_STATUS_SUCCESS,
6333 &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6335 mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
6336 sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6338 hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6339 &mgmt_rp.bt_address, false);
6344 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6346 mgmt_pending_remove(cmd);
6348 hci_dev_unlock(hdev);
6351 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
6352 void *data, u16 len)
6354 struct pending_cmd *cmd;
6355 struct hci_request req;
6356 struct hci_cp_set_enable_rssi cp_en = { 0, };
6359 BT_DBG("Set Disable RSSI.");
6361 cp_en.hci_le_ext_opcode = 0x01;
6362 cp_en.le_enable_cs_Features = 0x00;
6363 cp_en.data[0] = 0x00;
6364 cp_en.data[1] = 0x00;
6365 cp_en.data[2] = 0x00;
6369 cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6372 MGMT_STATUS_FAILED);
6376 if (!lmp_le_capable(hdev)) {
6377 mgmt_pending_remove(cmd);
6378 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6379 MGMT_STATUS_NOT_SUPPORTED);
6382 if (!hdev_is_powered(hdev)) {
6383 BT_DBG("%s", hdev->name);
6384 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6385 MGMT_STATUS_NOT_POWERED, data, len);
6386 mgmt_pending_remove(cmd);
6390 hci_req_init(&req, hdev);
6392 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6393 sizeof(struct hci_cp_set_enable_rssi),
6394 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6395 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6397 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6398 err = hci_req_run(&req, set_rssi_disable_complete);
6401 mgmt_pending_remove(cmd);
6402 BT_ERR("Error in requesting hci_req_run");
6407 hci_dev_unlock(hdev);
6413 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
6415 struct hci_cc_rsp_enable_rssi *rp = response;
6416 struct pending_cmd *cmd_enable = NULL;
6417 struct pending_cmd *cmd_disable = NULL;
6418 struct mgmt_cp_set_enable_rssi *cp_en;
6419 struct mgmt_cp_disable_rssi *cp_dis;
6422 cmd_enable = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6423 cmd_disable = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6424 hci_dev_unlock(hdev);
6427 BT_DBG("Enable Request");
6430 BT_DBG("Disable Request");
6433 cp_en = cmd_enable->param;
6438 switch (rp->le_ext_opcode) {
6440 BT_DBG("RSSI enabled.. Setting Threshold...");
6441 mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
6442 cp_en, sizeof(*cp_en));
6446 BT_DBG("Sending RSSI enable success");
6447 mgmt_rssi_enable_success(cmd_enable->sk, hdev,
6448 cp_en, rp, rp->status);
6452 } else if (cmd_disable) {
6453 cp_dis = cmd_disable->param;
6458 switch (rp->le_ext_opcode) {
6460 BT_DBG("Sending RSSI disable success");
6461 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6462 cp_dis, rp, rp->status);
6466 /* Only unset RSSI Threshold values for the Link if
6467 RSSI is monitored for other BREDR or LE Links*/
6468 if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
6469 BT_DBG("Unset Threshold. Other links being monitored");
6470 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6471 cp_dis, rp, rp->status);
6473 BT_DBG("Unset Threshold. Disabling...");
6474 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
6475 cp_dis, sizeof(*cp_dis));
6482 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6484 BT_DBG("status 0x%02x", status);
6487 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
6488 void *data, u16 len)
6490 struct pending_cmd *cmd;
6491 struct hci_request req;
6492 struct mgmt_cp_set_enable_rssi *cp = data;
6493 struct hci_cp_set_enable_rssi cp_en = { 0, };
6495 BT_DBG("Set Enable RSSI.");
6497 cp_en.hci_le_ext_opcode = 0x01;
6498 cp_en.le_enable_cs_Features = 0x04;
6499 cp_en.data[0] = 0x00;
6500 cp_en.data[1] = 0x00;
6501 cp_en.data[2] = 0x00;
6503 if (!lmp_le_capable(hdev))
6504 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6505 MGMT_STATUS_NOT_SUPPORTED);
6508 if (!hdev_is_powered(hdev)) {
6509 BT_DBG("%s", hdev->name);
6510 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
6516 if (mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
6517 BT_DBG("%s", hdev->name);
6518 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6523 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp, sizeof(*cp));
6525 BT_DBG("%s", hdev->name);
6530 /* If RSSI is already enabled directly set Threshold values*/
6531 if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
6532 hci_dev_unlock(hdev);
6533 BT_DBG("RSSI Enabled. Directly set Threshold");
6534 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
6538 hci_req_init(&req, hdev);
6540 BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6541 sizeof(struct hci_cp_set_enable_rssi),
6542 cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6543 cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6545 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6546 err = hci_req_run(&req, set_rssi_enable_complete);
6549 mgmt_pending_remove(cmd);
6550 BT_ERR("Error in requesting hci_req_run");
6555 hci_dev_unlock(hdev);
6560 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6562 struct pending_cmd *cmd;
6564 BT_DBG("status 0x%02x", status);
6568 cmd = mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
6572 cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI, MGMT_STATUS_SUCCESS,
6575 mgmt_pending_remove(cmd);
6578 hci_dev_unlock(hdev);
6581 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
6584 struct pending_cmd *cmd;
6585 struct hci_request req;
6586 struct mgmt_cp_get_raw_rssi *cp = data;
6587 struct hci_cp_get_raw_rssi hci_cp;
6589 struct hci_conn *conn;
6593 BT_DBG("Get Raw RSSI.");
6594 if (!lmp_le_capable(hdev))
6595 return cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6596 MGMT_STATUS_NOT_SUPPORTED);
6600 if (cp->link_type == 0x01) {
6601 dest_type = LE_LINK;
6603 dest_type = ACL_LINK;
6606 /* Get LE/BREDR link handle info*/
6607 conn = hci_conn_hash_lookup_ba(hdev,
6608 dest_type, &cp->bt_address);
6610 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 1,
6614 hci_cp.conn_handle = conn->handle;
6616 if (!hdev_is_powered(hdev)) {
6617 BT_DBG("%s", hdev->name);
6618 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 0,
6624 if (mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
6625 BT_DBG("%s", hdev->name);
6626 err = cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6631 cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
6633 BT_DBG("%s", hdev->name);
6638 hci_req_init(&req, hdev);
6640 BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
6641 hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
6642 err = hci_req_run(&req, get_raw_rssi_complete);
6645 mgmt_pending_remove(cmd);
6646 BT_ERR("Error in requesting hci_req_run");
6650 hci_dev_unlock(hdev);
6655 void mgmt_raw_rssi_response(struct hci_dev *hdev,
6656 struct hci_cc_rp_get_raw_rssi *rp, int success)
6658 struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
6659 struct hci_conn *conn;
6661 mgmt_rp.status = rp->status;
6662 mgmt_rp.rssi_dbm = rp->rssi_dbm;
6664 conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
6668 bacpy(&mgmt_rp.bt_address, &conn->dst);
6669 if (conn->type == LE_LINK) {
6670 mgmt_rp.link_type = 0x01;
6672 mgmt_rp.link_type = 0x00;
6675 mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
6676 sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
6679 static void set_disable_threshold_complete(struct hci_dev *hdev,
6680 u8 status, u16 opcode)
6682 BT_DBG("status 0x%02x", status);
6685 /** Removes monitoring for a link*/
6686 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
6687 void *data, u16 len)
6690 struct hci_cp_set_rssi_threshold th = { 0, };
6691 struct mgmt_cp_disable_rssi *cp = data;
6692 struct hci_conn *conn;
6693 struct pending_cmd *cmd;
6694 struct hci_request req;
6696 BT_DBG("Set Disable RSSI.");
6698 if (!lmp_le_capable(hdev)) {
6699 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6700 MGMT_STATUS_NOT_SUPPORTED);
6705 /* Get LE/ACL link handle info*/
6706 if (cp->link_type == 0x01)
6707 dest_type = LE_LINK;
6709 dest_type = ACL_LINK;
6711 conn = hci_conn_hash_lookup_ba(hdev,
6712 dest_type, &cp->bdaddr);
6714 err = cmd_complete(sk, hdev->id,
6715 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
6719 th.hci_le_ext_opcode = 0x0B;
6721 th.conn_handle = conn->handle;
6722 th.alert_mask = 0x00;
6724 th.in_range_th = 0x00;
6727 if (!hdev_is_powered(hdev)) {
6728 BT_DBG("%s", hdev->name);
6729 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, 0,
6734 if (mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
6735 BT_DBG("%s", hdev->name);
6736 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6741 cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp, sizeof(*cp));
6743 BT_DBG("%s", hdev->name);
6748 hci_req_init(&req, hdev);
6750 hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6751 err = hci_req_run(&req, set_disable_threshold_complete);
6753 mgmt_pending_remove(cmd);
6754 BT_ERR("Error in requesting hci_req_run");
6759 hci_dev_unlock(hdev);
6764 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
6766 struct hci_ev_vendor_specific_rssi_alert *ev = (void *) skb->data;
6767 struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
6768 struct hci_conn *conn;
6770 BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
6771 ev->conn_handle, ev->alert_type, ev->rssi_dbm);
6773 conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
6776 BT_ERR("RSSI alert Error: Device not found for handle");
6779 bacpy(&mgmt_ev.bdaddr, &conn->dst);
6781 if (conn->type == LE_LINK)
6782 mgmt_ev.link_type = 0x01;
6784 mgmt_ev.link_type = 0x00;
6786 mgmt_ev.alert_type = ev->alert_type;
6787 mgmt_ev.rssi_dbm = ev->rssi_dbm;
6789 mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
6790 sizeof(struct mgmt_ev_vendor_specific_rssi_alert), NULL);
6793 void mgmt_multi_adv_state_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
6795 struct hci_ev_vendor_specific_multi_adv_state *ev = (void *) skb->data;
6796 struct mgmt_ev_vendor_specific_multi_adv_state_changed mgmt_ev;
6798 BT_DBG("Multi adv state changed [%2.2X %2.2X %2.2X]",
6799 ev->adv_instance, ev->state_change_reason, ev->connection_handle);
6801 mgmt_ev.adv_instance = ev->adv_instance;
6802 mgmt_ev.state_change_reason = ev->state_change_reason;
6803 mgmt_ev.connection_handle = ev->connection_handle;
6805 mgmt_event(MGMT_EV_MULTI_ADV_STATE_CHANGED, hdev, &mgmt_ev,
6806 sizeof(struct mgmt_ev_vendor_specific_multi_adv_state_changed), NULL);
6809 static int enable_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6810 void *data, u16 len)
6813 struct mgmt_cp_enable_6lowpan *cp = data;
6815 BT_DBG("%s", hdev->name);
6819 if (!hdev_is_powered(hdev)) {
6820 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6821 MGMT_STATUS_NOT_POWERED);
6825 if (!lmp_le_capable(hdev)) {
6826 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6827 MGMT_STATUS_NOT_SUPPORTED);
6831 if (cp->enable_6lowpan)
6832 bt_6lowpan_enable();
6834 bt_6lowpan_disable();
6836 err = cmd_complete(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6837 MGMT_STATUS_SUCCESS, NULL, 0);
6839 hci_dev_unlock(hdev);
6843 static int connect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6844 void *data, u16 len)
6846 struct mgmt_cp_connect_6lowpan *cp = data;
6847 __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6850 BT_DBG("%s", hdev->name);
6854 if (!lmp_le_capable(hdev)) {
6855 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6856 MGMT_STATUS_NOT_SUPPORTED);
6860 if (!hdev_is_powered(hdev)) {
6861 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6862 MGMT_STATUS_REJECTED);
6866 if (bdaddr_type_is_le(cp->addr.type)) {
6867 if (cp->addr.type == BDADDR_LE_PUBLIC)
6868 addr_type = ADDR_LE_DEV_PUBLIC;
6870 addr_type = ADDR_LE_DEV_RANDOM;
6872 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6873 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6877 hci_dev_unlock(hdev);
6879 /* 6lowpan Connect */
6880 err = _bt_6lowpan_connect(&cp->addr.bdaddr, cp->addr.type);
6885 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6886 MGMT_STATUS_REJECTED, NULL, 0);
6891 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6894 hci_dev_unlock(hdev);
6898 static int disconnect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6899 void *data, u16 len)
6901 struct mgmt_cp_disconnect_6lowpan *cp = data;
6902 struct hci_conn *conn = NULL;
6903 __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6906 BT_DBG("%s", hdev->name);
6910 if (!lmp_le_capable(hdev)) {
6911 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6912 MGMT_STATUS_NOT_SUPPORTED);
6916 if (!hdev_is_powered(hdev)) {
6917 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6918 MGMT_STATUS_REJECTED);
6922 if (bdaddr_type_is_le(cp->addr.type)) {
6923 if (cp->addr.type == BDADDR_LE_PUBLIC)
6924 addr_type = ADDR_LE_DEV_PUBLIC;
6926 addr_type = ADDR_LE_DEV_RANDOM;
6928 err = cmd_complete(sk, hdev->id,
6929 MGMT_OP_DISCONNECT_6LOWPAN,
6930 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6934 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6936 err = cmd_complete(sk, hdev->id,
6937 MGMT_OP_DISCONNECT_6LOWPAN,
6938 MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6942 if (conn->dst_type != addr_type) {
6943 err = cmd_complete(sk, hdev->id,
6944 MGMT_OP_DISCONNECT_6LOWPAN,
6945 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6949 if (conn->state != BT_CONNECTED) {
6950 err = cmd_complete(sk, hdev->id,
6951 MGMT_OP_DISCONNECT_6LOWPAN,
6952 MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6956 /* 6lowpan Disconnect */
6957 err = _bt_6lowpan_disconnect(conn->l2cap_data, cp->addr.type);
6959 err = cmd_complete(sk, hdev->id,
6960 MGMT_OP_DISCONNECT_6LOWPAN,
6961 MGMT_STATUS_REJECTED, NULL, 0);
6965 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6969 hci_dev_unlock(hdev);
6973 void mgmt_6lowpan_conn_changed(struct hci_dev *hdev, char if_name[16],
6974 bdaddr_t *bdaddr, u8 addr_type, bool connected)
6977 struct mgmt_ev_6lowpan_conn_state_changed *ev = (void *)buf;
6980 memset(buf, 0, sizeof(buf));
6981 bacpy(&ev->addr.bdaddr, bdaddr);
6982 ev->addr.type = addr_type;
6983 ev->connected = connected;
6984 memcpy(ev->ifname, (__u8 *)if_name, 16);
6986 ev_size = sizeof(*ev);
6988 mgmt_event(MGMT_EV_6LOWPAN_CONN_STATE_CHANGED, hdev, ev, ev_size, NULL);
6990 /* END TIZEN_Bluetooth */
6993 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6995 if (key->master != 0x00 && key->master != 0x01)
6998 switch (key->addr.type) {
6999 case BDADDR_LE_PUBLIC:
7002 case BDADDR_LE_RANDOM:
7003 /* Two most significant bits shall be set */
7004 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7012 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
7013 void *cp_data, u16 len)
7015 struct mgmt_cp_load_long_term_keys *cp = cp_data;
7016 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7017 sizeof(struct mgmt_ltk_info));
7018 u16 key_count, expected_len;
7021 BT_DBG("request for %s", hdev->name);
7023 if (!lmp_le_capable(hdev))
7024 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7025 MGMT_STATUS_NOT_SUPPORTED);
7027 key_count = __le16_to_cpu(cp->key_count);
7028 if (key_count > max_key_count) {
7029 BT_ERR("load_ltks: too big key_count value %u", key_count);
7030 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7031 MGMT_STATUS_INVALID_PARAMS);
7034 expected_len = sizeof(*cp) + key_count *
7035 sizeof(struct mgmt_ltk_info);
7036 if (expected_len != len) {
7037 BT_ERR("load_keys: expected %u bytes, got %u bytes",
7039 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7040 MGMT_STATUS_INVALID_PARAMS);
7043 BT_DBG("%s key_count %u", hdev->name, key_count);
7045 for (i = 0; i < key_count; i++) {
7046 struct mgmt_ltk_info *key = &cp->keys[i];
7048 if (!ltk_is_valid(key))
7049 return cmd_status(sk, hdev->id,
7050 MGMT_OP_LOAD_LONG_TERM_KEYS,
7051 MGMT_STATUS_INVALID_PARAMS);
7056 hci_smp_ltks_clear(hdev);
7058 for (i = 0; i < key_count; i++) {
7059 struct mgmt_ltk_info *key = &cp->keys[i];
7060 u8 type, addr_type, authenticated;
7062 if (key->addr.type == BDADDR_LE_PUBLIC)
7063 addr_type = ADDR_LE_DEV_PUBLIC;
7065 addr_type = ADDR_LE_DEV_RANDOM;
7067 switch (key->type) {
7068 case MGMT_LTK_UNAUTHENTICATED:
7069 authenticated = 0x00;
7070 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7072 case MGMT_LTK_AUTHENTICATED:
7073 authenticated = 0x01;
7074 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7076 case MGMT_LTK_P256_UNAUTH:
7077 authenticated = 0x00;
7078 type = SMP_LTK_P256;
7080 case MGMT_LTK_P256_AUTH:
7081 authenticated = 0x01;
7082 type = SMP_LTK_P256;
7084 case MGMT_LTK_P256_DEBUG:
7085 authenticated = 0x00;
7086 type = SMP_LTK_P256_DEBUG;
7091 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
7092 authenticated, key->val, key->enc_size, key->ediv,
7096 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
7099 hci_dev_unlock(hdev);
7104 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7106 struct hci_conn *conn = cmd->user_data;
7107 struct mgmt_rp_get_conn_info rp;
7110 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
7112 if (status == MGMT_STATUS_SUCCESS) {
7113 rp.rssi = conn->rssi;
7114 rp.tx_power = conn->tx_power;
7115 rp.max_tx_power = conn->max_tx_power;
7117 rp.rssi = HCI_RSSI_INVALID;
7118 rp.tx_power = HCI_TX_POWER_INVALID;
7119 rp.max_tx_power = HCI_TX_POWER_INVALID;
7122 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7125 hci_conn_drop(conn);
7131 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
7134 struct hci_cp_read_rssi *cp;
7135 struct pending_cmd *cmd;
7136 struct hci_conn *conn;
7140 BT_DBG("status 0x%02x", hci_status);
7144 /* Commands sent in request are either Read RSSI or Read Transmit Power
7145 * Level so we check which one was last sent to retrieve connection
7146 * handle. Both commands have handle as first parameter so it's safe to
7147 * cast data on the same command struct.
7149 * First command sent is always Read RSSI and we fail only if it fails.
7150 * In other case we simply override error to indicate success as we
7151 * already remembered if TX power value is actually valid.
7153 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
7155 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
7156 status = MGMT_STATUS_SUCCESS;
7158 status = mgmt_status(hci_status);
7162 BT_ERR("invalid sent_cmd in conn_info response");
7166 handle = __le16_to_cpu(cp->handle);
7167 conn = hci_conn_hash_lookup_handle(hdev, handle);
7169 BT_ERR("unknown handle (%d) in conn_info response", handle);
7173 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
7177 cmd->cmd_complete(cmd, status);
7178 mgmt_pending_remove(cmd);
7181 hci_dev_unlock(hdev);
7185 #ifdef CONFIG_TIZEN_WIP
7186 /* defination of "prandom_u32_max" is imported from latest kernel,
7187 * so if the kernel is migrated to latest, below defination should be removed
7191 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
7192 * @ep_ro: right open interval endpoint
7194 * Returns a pseudo-random number that is in interval [0, ep_ro). Note
7195 * that the result depends on PRNG being well distributed in [0, ~0U]
7196 * u32 space. Here we use maximally equidistributed combined Tausworthe
7197 * generator, that is, prandom_u32(). This is useful when requesting a
7198 * random index of an array containing ep_ro elements, for example.
7200 * Returns: pseudo-random number in interval [0, ep_ro)
7202 static inline u32 prandom_u32_max(u32 ep_ro)
7204 return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
7208 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7211 struct mgmt_cp_get_conn_info *cp = data;
7212 struct mgmt_rp_get_conn_info rp;
7213 struct hci_conn *conn;
7214 unsigned long conn_info_age;
7217 BT_DBG("%s", hdev->name);
7219 memset(&rp, 0, sizeof(rp));
7220 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7221 rp.addr.type = cp->addr.type;
7223 if (!bdaddr_type_is_valid(cp->addr.type))
7224 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7225 MGMT_STATUS_INVALID_PARAMS,
7230 if (!hdev_is_powered(hdev)) {
7231 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7232 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7236 if (cp->addr.type == BDADDR_BREDR)
7237 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7240 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7242 if (!conn || conn->state != BT_CONNECTED) {
7243 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7244 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
7248 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
7249 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7250 MGMT_STATUS_BUSY, &rp, sizeof(rp));
7254 /* To avoid client trying to guess when to poll again for information we
7255 * calculate conn info age as random value between min/max set in hdev.
7257 conn_info_age = hdev->conn_info_min_age +
7258 prandom_u32_max(hdev->conn_info_max_age -
7259 hdev->conn_info_min_age);
7261 /* Query controller to refresh cached values if they are too old or were
7264 if (time_after(jiffies, conn->conn_info_timestamp +
7265 msecs_to_jiffies(conn_info_age)) ||
7266 !conn->conn_info_timestamp) {
7267 struct hci_request req;
7268 struct hci_cp_read_tx_power req_txp_cp;
7269 struct hci_cp_read_rssi req_rssi_cp;
7270 struct pending_cmd *cmd;
7272 hci_req_init(&req, hdev);
7273 req_rssi_cp.handle = cpu_to_le16(conn->handle);
7274 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
7277 /* For LE links TX power does not change thus we don't need to
7278 * query for it once value is known.
7280 if (!bdaddr_type_is_le(cp->addr.type) ||
7281 conn->tx_power == HCI_TX_POWER_INVALID) {
7282 req_txp_cp.handle = cpu_to_le16(conn->handle);
7283 req_txp_cp.type = 0x00;
7284 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7285 sizeof(req_txp_cp), &req_txp_cp);
7288 /* Max TX power needs to be read only once per connection */
7289 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
7290 req_txp_cp.handle = cpu_to_le16(conn->handle);
7291 req_txp_cp.type = 0x01;
7292 hci_req_add(&req, HCI_OP_READ_TX_POWER,
7293 sizeof(req_txp_cp), &req_txp_cp);
7296 err = hci_req_run(&req, conn_info_refresh_complete);
7300 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
7307 hci_conn_hold(conn);
7308 cmd->user_data = hci_conn_get(conn);
7309 cmd->cmd_complete = conn_info_cmd_complete;
7311 conn->conn_info_timestamp = jiffies;
7313 /* Cache is valid, just reply with values cached in hci_conn */
7314 rp.rssi = conn->rssi;
7315 rp.tx_power = conn->tx_power;
7316 rp.max_tx_power = conn->max_tx_power;
7318 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7319 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7323 hci_dev_unlock(hdev);
7327 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7329 struct hci_conn *conn = cmd->user_data;
7330 struct mgmt_rp_get_clock_info rp;
7331 struct hci_dev *hdev;
7334 memset(&rp, 0, sizeof(rp));
7335 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
7340 hdev = hci_dev_get(cmd->index);
7342 rp.local_clock = cpu_to_le32(hdev->clock);
7347 rp.piconet_clock = cpu_to_le32(conn->clock);
7348 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7352 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7356 hci_conn_drop(conn);
7363 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7365 struct hci_cp_read_clock *hci_cp;
7366 struct pending_cmd *cmd;
7367 struct hci_conn *conn;
7369 BT_DBG("%s status %u", hdev->name, status);
7373 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
7377 if (hci_cp->which) {
7378 u16 handle = __le16_to_cpu(hci_cp->handle);
7379 conn = hci_conn_hash_lookup_handle(hdev, handle);
7384 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
7388 cmd->cmd_complete(cmd, mgmt_status(status));
7389 mgmt_pending_remove(cmd);
7392 hci_dev_unlock(hdev);
7395 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7398 struct mgmt_cp_get_clock_info *cp = data;
7399 struct mgmt_rp_get_clock_info rp;
7400 struct hci_cp_read_clock hci_cp;
7401 struct pending_cmd *cmd;
7402 struct hci_request req;
7403 struct hci_conn *conn;
7406 BT_DBG("%s", hdev->name);
7408 memset(&rp, 0, sizeof(rp));
7409 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7410 rp.addr.type = cp->addr.type;
7412 if (cp->addr.type != BDADDR_BREDR)
7413 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7414 MGMT_STATUS_INVALID_PARAMS,
7419 if (!hdev_is_powered(hdev)) {
7420 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7421 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7425 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7426 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7428 if (!conn || conn->state != BT_CONNECTED) {
7429 err = cmd_complete(sk, hdev->id,
7430 MGMT_OP_GET_CLOCK_INFO,
7431 MGMT_STATUS_NOT_CONNECTED,
7439 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7445 cmd->cmd_complete = clock_info_cmd_complete;
7447 hci_req_init(&req, hdev);
7449 memset(&hci_cp, 0, sizeof(hci_cp));
7450 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7453 hci_conn_hold(conn);
7454 cmd->user_data = hci_conn_get(conn);
7456 hci_cp.handle = cpu_to_le16(conn->handle);
7457 hci_cp.which = 0x01; /* Piconet clock */
7458 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7461 err = hci_req_run(&req, get_clock_info_complete);
7463 mgmt_pending_remove(cmd);
7466 hci_dev_unlock(hdev);
7470 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7472 struct hci_conn *conn;
7474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7478 if (conn->dst_type != type)
7481 if (conn->state != BT_CONNECTED)
7487 /* This function requires the caller holds hdev->lock */
7488 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
7489 u8 addr_type, u8 auto_connect)
7491 struct hci_dev *hdev = req->hdev;
7492 struct hci_conn_params *params;
7494 params = hci_conn_params_add(hdev, addr, addr_type);
7498 if (params->auto_connect == auto_connect)
7501 list_del_init(¶ms->action);
7503 switch (auto_connect) {
7504 case HCI_AUTO_CONN_DISABLED:
7505 case HCI_AUTO_CONN_LINK_LOSS:
7506 __hci_update_background_scan(req);
7508 case HCI_AUTO_CONN_REPORT:
7509 list_add(¶ms->action, &hdev->pend_le_reports);
7510 __hci_update_background_scan(req);
7512 case HCI_AUTO_CONN_DIRECT:
7513 case HCI_AUTO_CONN_ALWAYS:
7514 if (!is_connected(hdev, addr, addr_type)) {
7515 list_add(¶ms->action, &hdev->pend_le_conns);
7516 __hci_update_background_scan(req);
7521 params->auto_connect = auto_connect;
7523 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
7529 static void device_added(struct sock *sk, struct hci_dev *hdev,
7530 bdaddr_t *bdaddr, u8 type, u8 action)
7532 struct mgmt_ev_device_added ev;
7534 bacpy(&ev.addr.bdaddr, bdaddr);
7535 ev.addr.type = type;
7538 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7541 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7543 struct pending_cmd *cmd;
7545 BT_DBG("status 0x%02x", status);
7549 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
7553 cmd->cmd_complete(cmd, mgmt_status(status));
7554 mgmt_pending_remove(cmd);
7557 hci_dev_unlock(hdev);
7560 static int add_device(struct sock *sk, struct hci_dev *hdev,
7561 void *data, u16 len)
7563 struct mgmt_cp_add_device *cp = data;
7564 struct pending_cmd *cmd;
7565 struct hci_request req;
7566 u8 auto_conn, addr_type;
7569 BT_DBG("%s", hdev->name);
7571 if (!bdaddr_type_is_valid(cp->addr.type) ||
7572 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7573 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7574 MGMT_STATUS_INVALID_PARAMS,
7575 &cp->addr, sizeof(cp->addr));
7577 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7578 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7579 MGMT_STATUS_INVALID_PARAMS,
7580 &cp->addr, sizeof(cp->addr));
7582 hci_req_init(&req, hdev);
7586 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
7592 cmd->cmd_complete = addr_cmd_complete;
7594 if (cp->addr.type == BDADDR_BREDR) {
7595 /* Only incoming connections action is supported for now */
7596 if (cp->action != 0x01) {
7597 err = cmd->cmd_complete(cmd,
7598 MGMT_STATUS_INVALID_PARAMS);
7599 mgmt_pending_remove(cmd);
7603 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
7608 __hci_update_page_scan(&req);
7613 if (cp->addr.type == BDADDR_LE_PUBLIC)
7614 addr_type = ADDR_LE_DEV_PUBLIC;
7616 addr_type = ADDR_LE_DEV_RANDOM;
7618 if (cp->action == 0x02)
7619 auto_conn = HCI_AUTO_CONN_ALWAYS;
7620 else if (cp->action == 0x01)
7621 auto_conn = HCI_AUTO_CONN_DIRECT;
7623 auto_conn = HCI_AUTO_CONN_REPORT;
7625 /* If the connection parameters don't exist for this device,
7626 * they will be created and configured with defaults.
7628 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
7630 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
7631 mgmt_pending_remove(cmd);
7636 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7638 err = hci_req_run(&req, add_device_complete);
7640 /* ENODATA means no HCI commands were needed (e.g. if
7641 * the adapter is powered off).
7643 if (err == -ENODATA)
7644 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7645 mgmt_pending_remove(cmd);
7649 hci_dev_unlock(hdev);
7653 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7654 bdaddr_t *bdaddr, u8 type)
7656 struct mgmt_ev_device_removed ev;
7658 bacpy(&ev.addr.bdaddr, bdaddr);
7659 ev.addr.type = type;
7661 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7664 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7666 struct pending_cmd *cmd;
7668 BT_DBG("status 0x%02x", status);
7672 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
7676 cmd->cmd_complete(cmd, mgmt_status(status));
7677 mgmt_pending_remove(cmd);
7680 hci_dev_unlock(hdev);
7683 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7684 void *data, u16 len)
7686 struct mgmt_cp_remove_device *cp = data;
7687 struct pending_cmd *cmd;
7688 struct hci_request req;
7691 BT_DBG("%s", hdev->name);
7693 hci_req_init(&req, hdev);
7697 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
7703 cmd->cmd_complete = addr_cmd_complete;
7705 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7706 struct hci_conn_params *params;
7709 if (!bdaddr_type_is_valid(cp->addr.type)) {
7710 err = cmd->cmd_complete(cmd,
7711 MGMT_STATUS_INVALID_PARAMS);
7712 mgmt_pending_remove(cmd);
7716 if (cp->addr.type == BDADDR_BREDR) {
7717 err = hci_bdaddr_list_del(&hdev->whitelist,
7721 err = cmd->cmd_complete(cmd,
7722 MGMT_STATUS_INVALID_PARAMS);
7723 mgmt_pending_remove(cmd);
7727 __hci_update_page_scan(&req);
7729 device_removed(sk, hdev, &cp->addr.bdaddr,
7734 if (cp->addr.type == BDADDR_LE_PUBLIC)
7735 addr_type = ADDR_LE_DEV_PUBLIC;
7737 addr_type = ADDR_LE_DEV_RANDOM;
7739 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7742 err = cmd->cmd_complete(cmd,
7743 MGMT_STATUS_INVALID_PARAMS);
7744 mgmt_pending_remove(cmd);
7748 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
7749 err = cmd->cmd_complete(cmd,
7750 MGMT_STATUS_INVALID_PARAMS);
7751 mgmt_pending_remove(cmd);
7755 list_del(¶ms->action);
7756 list_del(¶ms->list);
7758 __hci_update_background_scan(&req);
7760 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7762 struct hci_conn_params *p, *tmp;
7763 struct bdaddr_list *b, *btmp;
7765 if (cp->addr.type) {
7766 err = cmd->cmd_complete(cmd,
7767 MGMT_STATUS_INVALID_PARAMS);
7768 mgmt_pending_remove(cmd);
7772 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
7773 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7778 __hci_update_page_scan(&req);
7780 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7781 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7783 device_removed(sk, hdev, &p->addr, p->addr_type);
7784 list_del(&p->action);
7789 BT_DBG("All LE connection parameters were removed");
7791 __hci_update_background_scan(&req);
7795 err = hci_req_run(&req, remove_device_complete);
7797 /* ENODATA means no HCI commands were needed (e.g. if
7798 * the adapter is powered off).
7800 if (err == -ENODATA)
7801 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7802 mgmt_pending_remove(cmd);
7806 hci_dev_unlock(hdev);
7810 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7813 struct mgmt_cp_load_conn_param *cp = data;
7814 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7815 sizeof(struct mgmt_conn_param));
7816 u16 param_count, expected_len;
7819 if (!lmp_le_capable(hdev))
7820 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7821 MGMT_STATUS_NOT_SUPPORTED);
7823 param_count = __le16_to_cpu(cp->param_count);
7824 if (param_count > max_param_count) {
7825 BT_ERR("load_conn_param: too big param_count value %u",
7827 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7828 MGMT_STATUS_INVALID_PARAMS);
7831 expected_len = sizeof(*cp) + param_count *
7832 sizeof(struct mgmt_conn_param);
7833 if (expected_len != len) {
7834 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
7836 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7837 MGMT_STATUS_INVALID_PARAMS);
7840 BT_DBG("%s param_count %u", hdev->name, param_count);
7844 hci_conn_params_clear_disabled(hdev);
7846 for (i = 0; i < param_count; i++) {
7847 struct mgmt_conn_param *param = &cp->params[i];
7848 struct hci_conn_params *hci_param;
7849 u16 min, max, latency, timeout;
7852 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
7855 if (param->addr.type == BDADDR_LE_PUBLIC) {
7856 addr_type = ADDR_LE_DEV_PUBLIC;
7857 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7858 addr_type = ADDR_LE_DEV_RANDOM;
7860 BT_ERR("Ignoring invalid connection parameters");
7864 min = le16_to_cpu(param->min_interval);
7865 max = le16_to_cpu(param->max_interval);
7866 latency = le16_to_cpu(param->latency);
7867 timeout = le16_to_cpu(param->timeout);
7869 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7870 min, max, latency, timeout);
7872 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7873 BT_ERR("Ignoring invalid connection parameters");
7877 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7880 BT_ERR("Failed to add connection parameters");
7884 hci_param->conn_min_interval = min;
7885 hci_param->conn_max_interval = max;
7886 hci_param->conn_latency = latency;
7887 hci_param->supervision_timeout = timeout;
7890 hci_dev_unlock(hdev);
7892 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
7895 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7896 void *data, u16 len)
7898 struct mgmt_cp_set_external_config *cp = data;
7902 BT_DBG("%s", hdev->name);
7904 if (hdev_is_powered(hdev))
7905 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7906 MGMT_STATUS_REJECTED);
7908 if (cp->config != 0x00 && cp->config != 0x01)
7909 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7910 MGMT_STATUS_INVALID_PARAMS);
7912 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7913 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7914 MGMT_STATUS_NOT_SUPPORTED);
7919 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
7922 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
7925 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7932 err = new_options(hdev, sk);
7934 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
7935 mgmt_index_removed(hdev);
7937 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
7938 set_bit(HCI_CONFIG, &hdev->dev_flags);
7939 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7941 queue_work(hdev->req_workqueue, &hdev->power_on);
7943 set_bit(HCI_RAW, &hdev->flags);
7944 mgmt_index_added(hdev);
7949 hci_dev_unlock(hdev);
7953 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7954 void *data, u16 len)
7956 struct mgmt_cp_set_public_address *cp = data;
7960 BT_DBG("%s", hdev->name);
7962 if (hdev_is_powered(hdev))
7963 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7964 MGMT_STATUS_REJECTED);
7966 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7967 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7968 MGMT_STATUS_INVALID_PARAMS);
7970 if (!hdev->set_bdaddr)
7971 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7972 MGMT_STATUS_NOT_SUPPORTED);
7976 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7977 bacpy(&hdev->public_addr, &cp->bdaddr);
7979 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7986 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
7987 err = new_options(hdev, sk);
7989 if (is_configured(hdev)) {
7990 mgmt_index_removed(hdev);
7992 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
7994 set_bit(HCI_CONFIG, &hdev->dev_flags);
7995 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7997 queue_work(hdev->req_workqueue, &hdev->power_on);
8001 hci_dev_unlock(hdev);
8005 static const struct mgmt_handler {
8006 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
8010 } mgmt_handlers[] = {
8011 { NULL }, /* 0x0000 (no command) */
8012 { read_version, false, MGMT_READ_VERSION_SIZE },
8013 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
8014 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
8015 { read_controller_info, false, MGMT_READ_INFO_SIZE },
8016 { set_powered, false, MGMT_SETTING_SIZE },
8017 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
8018 { set_connectable, false, MGMT_SETTING_SIZE },
8019 { set_fast_connectable, false, MGMT_SETTING_SIZE },
8020 { set_bondable, false, MGMT_SETTING_SIZE },
8021 { set_link_security, false, MGMT_SETTING_SIZE },
8022 { set_ssp, false, MGMT_SETTING_SIZE },
8023 { set_hs, false, MGMT_SETTING_SIZE },
8024 { set_le, false, MGMT_SETTING_SIZE },
8025 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
8026 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
8027 { add_uuid, false, MGMT_ADD_UUID_SIZE },
8028 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
8029 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
8030 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
8031 { disconnect, false, MGMT_DISCONNECT_SIZE },
8032 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
8033 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
8034 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8035 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
8036 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
8037 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8038 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
8039 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
8040 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8041 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
8042 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8043 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8044 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
8045 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8046 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
8047 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
8048 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
8049 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
8050 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
8051 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
8052 { set_advertising, false, MGMT_SETTING_SIZE },
8053 { set_bredr, false, MGMT_SETTING_SIZE },
8054 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
8055 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
8056 { set_secure_conn, false, MGMT_SETTING_SIZE },
8057 { set_debug_keys, false, MGMT_SETTING_SIZE },
8058 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
8059 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
8060 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
8061 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
8062 { add_device, false, MGMT_ADD_DEVICE_SIZE },
8063 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
8064 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
8065 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
8066 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
8067 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
8068 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
8069 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
8072 #ifdef CONFIG_TIZEN_WIP
8073 static const struct mgmt_handler tizen_mgmt_handlers[] = {
8074 { NULL }, /* 0x0000 (no command) */
8075 { set_advertising_params, false, MGMT_SET_ADVERTISING_PARAMS_SIZE },
8076 { set_advertising_data, true, MGMT_SET_ADV_MIN_APP_DATA_SIZE },
8077 { set_scan_rsp_data, true, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE },
8078 { add_white_list, false, MGMT_ADD_DEV_WHITE_LIST_SIZE },
8079 { remove_from_white_list, false, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
8080 { clear_white_list, false, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
8081 { set_enable_rssi, false, MGMT_SET_RSSI_ENABLE_SIZE },
8082 { get_raw_rssi, false, MGMT_GET_RAW_RSSI_SIZE },
8083 { set_disable_threshold, false, MGMT_SET_RSSI_DISABLE_SIZE },
8084 { start_le_discovery, false, MGMT_START_LE_DISCOVERY_SIZE },
8085 { stop_le_discovery, false, MGMT_STOP_LE_DISCOVERY_SIZE },
8086 { disable_le_auto_connect, false, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
8087 { le_conn_update, false, MGMT_LE_CONN_UPDATE_SIZE},
8088 { set_manufacturer_data, false, MGMT_SET_MANUFACTURER_DATA_SIZE},
8089 { le_set_scan_params, false, MGMT_LE_SET_SCAN_PARAMS_SIZE },
8090 { set_voice_setting, false, MGMT_SET_VOICE_SETTING_SIZE},
8091 { get_adv_tx_power, false, MGMT_GET_ADV_TX_POWER_SIZE},
8092 { enable_bt_6lowpan, false, MGMT_ENABLE_BT_6LOWPAN_SIZE },
8093 { disconnect_bt_6lowpan, false, MGMT_DISCONNECT_6LOWPAN_SIZE },
8097 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
8101 struct mgmt_hdr *hdr;
8102 u16 opcode, index, len;
8103 struct hci_dev *hdev = NULL;
8104 const struct mgmt_handler *handler;
8107 BT_DBG("got %zu bytes", msglen);
8109 if (msglen < sizeof(*hdr))
8112 buf = kmalloc(msglen, GFP_KERNEL);
8116 #ifdef CONFIG_TIZEN_WIP
8117 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
8119 if (memcpy_from_msg(buf, msg, msglen)) {
8126 opcode = __le16_to_cpu(hdr->opcode);
8127 index = __le16_to_cpu(hdr->index);
8128 len = __le16_to_cpu(hdr->len);
8130 if (len != msglen - sizeof(*hdr)) {
8135 if (index != MGMT_INDEX_NONE) {
8136 hdev = hci_dev_get(index);
8138 err = cmd_status(sk, index, opcode,
8139 MGMT_STATUS_INVALID_INDEX);
8143 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
8144 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
8145 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
8146 err = cmd_status(sk, index, opcode,
8147 MGMT_STATUS_INVALID_INDEX);
8151 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
8152 opcode != MGMT_OP_READ_CONFIG_INFO &&
8153 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
8154 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
8155 err = cmd_status(sk, index, opcode,
8156 MGMT_STATUS_INVALID_INDEX);
8161 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8162 mgmt_handlers[opcode].func == NULL) {
8163 #ifdef CONFIG_TIZEN_WIP
8164 u16 tizen_opcode = opcode - TIZEN_OP_CODE_BASE;
8166 if (tizen_opcode > 0 &&
8167 tizen_opcode < ARRAY_SIZE(tizen_mgmt_handlers) &&
8168 tizen_mgmt_handlers[tizen_opcode].func) {
8170 handler = &tizen_mgmt_handlers[tizen_opcode];
8174 BT_DBG("Unknown op %u", opcode);
8175 err = cmd_status(sk, index, opcode,
8176 MGMT_STATUS_UNKNOWN_COMMAND);
8180 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
8181 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8182 err = cmd_status(sk, index, opcode,
8183 MGMT_STATUS_INVALID_INDEX);
8187 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
8188 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8189 err = cmd_status(sk, index, opcode,
8190 MGMT_STATUS_INVALID_INDEX);
8194 handler = &mgmt_handlers[opcode];
8196 #ifdef CONFIG_TIZEN_WIP
8199 if ((handler->var_len && len < handler->data_len) ||
8200 (!handler->var_len && len != handler->data_len)) {
8201 err = cmd_status(sk, index, opcode,
8202 MGMT_STATUS_INVALID_PARAMS);
8207 mgmt_init_hdev(sk, hdev);
8209 cp = buf + sizeof(*hdr);
8211 err = handler->func(sk, hdev, cp, len);
8225 void mgmt_index_added(struct hci_dev *hdev)
8227 if (hdev->dev_type != HCI_BREDR)
8230 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8233 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8234 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
8236 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
8239 void mgmt_index_removed(struct hci_dev *hdev)
8241 u8 status = MGMT_STATUS_INVALID_INDEX;
8243 if (hdev->dev_type != HCI_BREDR)
8246 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8249 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8251 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8252 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
8254 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
8257 /* This function requires the caller holds hdev->lock */
8258 static void restart_le_actions(struct hci_request *req)
8260 struct hci_dev *hdev = req->hdev;
8261 struct hci_conn_params *p;
8263 list_for_each_entry(p, &hdev->le_conn_params, list) {
8264 /* Needed for AUTO_OFF case where might not "really"
8265 * have been powered off.
8267 list_del_init(&p->action);
8269 switch (p->auto_connect) {
8270 case HCI_AUTO_CONN_DIRECT:
8271 case HCI_AUTO_CONN_ALWAYS:
8272 list_add(&p->action, &hdev->pend_le_conns);
8274 case HCI_AUTO_CONN_REPORT:
8275 list_add(&p->action, &hdev->pend_le_reports);
8282 __hci_update_background_scan(req);
8285 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8287 struct cmd_lookup match = { NULL, hdev };
8289 BT_DBG("status 0x%02x", status);
8292 /* Register the available SMP channels (BR/EDR and LE) only
8293 * when successfully powering on the controller. This late
8294 * registration is required so that LE SMP can clearly
8295 * decide if the public address or static address is used.
8302 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8304 new_settings(hdev, match.sk);
8306 hci_dev_unlock(hdev);
8312 static int powered_update_hci(struct hci_dev *hdev)
8314 struct hci_request req;
8317 hci_req_init(&req, hdev);
8319 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
8320 !lmp_host_ssp_capable(hdev)) {
8323 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
8325 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
8328 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
8329 sizeof(support), &support);
8333 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
8334 lmp_bredr_capable(hdev)) {
8335 struct hci_cp_write_le_host_supported cp;
8340 /* Check first if we already have the right
8341 * host state (host features set)
8343 if (cp.le != lmp_host_le_capable(hdev) ||
8344 cp.simul != lmp_host_le_br_capable(hdev))
8345 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
8349 if (lmp_le_capable(hdev)) {
8350 /* Make sure the controller has a good default for
8351 * advertising data. This also applies to the case
8352 * where BR/EDR was toggled during the AUTO_OFF phase.
8354 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8355 update_adv_data(&req);
8356 update_scan_rsp_data(&req);
8359 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
8360 enable_advertising(&req);
8362 restart_le_actions(&req);
8365 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
8366 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
8367 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
8368 sizeof(link_sec), &link_sec);
8370 if (lmp_bredr_capable(hdev)) {
8371 write_fast_connectable(&req, false);
8372 __hci_update_page_scan(&req);
8378 return hci_req_run(&req, powered_complete);
8381 int mgmt_powered(struct hci_dev *hdev, u8 powered)
8383 struct cmd_lookup match = { NULL, hdev };
8384 u8 status, zero_cod[] = { 0, 0, 0 };
8387 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
8391 if (powered_update_hci(hdev) == 0)
8394 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
8399 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8401 /* If the power off is because of hdev unregistration let
8402 * use the appropriate INVALID_INDEX status. Otherwise use
8403 * NOT_POWERED. We cover both scenarios here since later in
8404 * mgmt_index_removed() any hci_conn callbacks will have already
8405 * been triggered, potentially causing misleading DISCONNECTED
8408 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
8409 status = MGMT_STATUS_INVALID_INDEX;
8411 status = MGMT_STATUS_NOT_POWERED;
8413 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8415 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
8416 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8417 zero_cod, sizeof(zero_cod), NULL);
8420 err = new_settings(hdev, match.sk);
8428 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8430 struct pending_cmd *cmd;
8433 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8437 if (err == -ERFKILL)
8438 status = MGMT_STATUS_RFKILLED;
8440 status = MGMT_STATUS_FAILED;
8442 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8444 mgmt_pending_remove(cmd);
8447 void mgmt_discoverable_timeout(struct hci_dev *hdev)
8449 struct hci_request req;
8453 /* When discoverable timeout triggers, then just make sure
8454 * the limited discoverable flag is cleared. Even in the case
8455 * of a timeout triggered from general discoverable, it is
8456 * safe to unconditionally clear the flag.
8458 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
8459 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
8461 hci_req_init(&req, hdev);
8462 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
8463 u8 scan = SCAN_PAGE;
8464 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
8465 sizeof(scan), &scan);
8468 update_adv_data(&req);
8469 hci_req_run(&req, NULL);
8471 hdev->discov_timeout = 0;
8473 new_settings(hdev, NULL);
8475 hci_dev_unlock(hdev);
8478 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8481 struct mgmt_ev_new_link_key ev;
8483 memset(&ev, 0, sizeof(ev));
8485 ev.store_hint = persistent;
8486 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8487 ev.key.addr.type = BDADDR_BREDR;
8488 ev.key.type = key->type;
8489 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8490 ev.key.pin_len = key->pin_len;
8492 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8495 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8497 switch (ltk->type) {
8500 if (ltk->authenticated)
8501 return MGMT_LTK_AUTHENTICATED;
8502 return MGMT_LTK_UNAUTHENTICATED;
8504 if (ltk->authenticated)
8505 return MGMT_LTK_P256_AUTH;
8506 return MGMT_LTK_P256_UNAUTH;
8507 case SMP_LTK_P256_DEBUG:
8508 return MGMT_LTK_P256_DEBUG;
8511 return MGMT_LTK_UNAUTHENTICATED;
8514 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8516 struct mgmt_ev_new_long_term_key ev;
8518 memset(&ev, 0, sizeof(ev));
8520 /* Devices using resolvable or non-resolvable random addresses
8521 * without providing an indentity resolving key don't require
8522 * to store long term keys. Their addresses will change the
8525 * Only when a remote device provides an identity address
8526 * make sure the long term key is stored. If the remote
8527 * identity is known, the long term keys are internally
8528 * mapped to the identity address. So allow static random
8529 * and public addresses here.
8531 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8532 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8533 ev.store_hint = 0x00;
8535 ev.store_hint = persistent;
8537 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8538 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8539 ev.key.type = mgmt_ltk_type(key);
8540 ev.key.enc_size = key->enc_size;
8541 ev.key.ediv = key->ediv;
8542 ev.key.rand = key->rand;
8544 if (key->type == SMP_LTK)
8547 memcpy(ev.key.val, key->val, sizeof(key->val));
8549 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8552 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
8554 struct mgmt_ev_new_irk ev;
8556 memset(&ev, 0, sizeof(ev));
8558 /* For identity resolving keys from devices that are already
8559 * using a public address or static random address, do not
8560 * ask for storing this key. The identity resolving key really
8561 * is only mandatory for devices using resovlable random
8564 * Storing all identity resolving keys has the downside that
8565 * they will be also loaded on next boot of they system. More
8566 * identity resolving keys, means more time during scanning is
8567 * needed to actually resolve these addresses.
8569 if (bacmp(&irk->rpa, BDADDR_ANY))
8570 ev.store_hint = 0x01;
8572 ev.store_hint = 0x00;
8574 bacpy(&ev.rpa, &irk->rpa);
8575 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8576 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8577 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8579 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8582 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8585 struct mgmt_ev_new_csrk ev;
8587 memset(&ev, 0, sizeof(ev));
8589 /* Devices using resolvable or non-resolvable random addresses
8590 * without providing an indentity resolving key don't require
8591 * to store signature resolving keys. Their addresses will change
8592 * the next time around.
8594 * Only when a remote device provides an identity address
8595 * make sure the signature resolving key is stored. So allow
8596 * static random and public addresses here.
8598 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8599 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8600 ev.store_hint = 0x00;
8602 ev.store_hint = persistent;
8604 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8605 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8606 ev.key.master = csrk->master;
8607 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8609 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8612 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8613 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8614 u16 max_interval, u16 latency, u16 timeout)
8616 struct mgmt_ev_new_conn_param ev;
8618 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8621 memset(&ev, 0, sizeof(ev));
8622 bacpy(&ev.addr.bdaddr, bdaddr);
8623 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8624 ev.store_hint = store_hint;
8625 ev.min_interval = cpu_to_le16(min_interval);
8626 ev.max_interval = cpu_to_le16(max_interval);
8627 ev.latency = cpu_to_le16(latency);
8628 ev.timeout = cpu_to_le16(timeout);
8630 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8633 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
8636 eir[eir_len++] = sizeof(type) + data_len;
8637 eir[eir_len++] = type;
8638 memcpy(&eir[eir_len], data, data_len);
8639 eir_len += data_len;
8644 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8645 u32 flags, u8 *name, u8 name_len)
8648 struct mgmt_ev_device_connected *ev = (void *) buf;
8651 bacpy(&ev->addr.bdaddr, &conn->dst);
8652 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8654 ev->flags = __cpu_to_le32(flags);
8656 /* We must ensure that the EIR Data fields are ordered and
8657 * unique. Keep it simple for now and avoid the problem by not
8658 * adding any BR/EDR data to the LE adv.
8660 if (conn->le_adv_data_len > 0) {
8661 memcpy(&ev->eir[eir_len],
8662 conn->le_adv_data, conn->le_adv_data_len);
8663 eir_len = conn->le_adv_data_len;
8666 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8669 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8670 eir_len = eir_append_data(ev->eir, eir_len,
8672 conn->dev_class, 3);
8675 ev->eir_len = cpu_to_le16(eir_len);
8677 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8678 sizeof(*ev) + eir_len, NULL);
8681 #ifdef CONFIG_TIZEN_WIP
8682 /* BEGIN TIZEN_Bluetooth :: name update changes */
8683 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
8687 struct mgmt_ev_device_name_update *ev = (void *) buf;
8693 bacpy(&ev->addr.bdaddr, bdaddr);
8694 ev->addr.type = BDADDR_BREDR;
8696 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8699 ev->eir_len = cpu_to_le16(eir_len);
8701 return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
8702 sizeof(*ev) + eir_len, NULL);
8704 /* END TIZEN_Bluetooth :: name update changes */
8707 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
8709 struct sock **sk = data;
8711 cmd->cmd_complete(cmd, 0);
8716 mgmt_pending_remove(cmd);
8719 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
8721 struct hci_dev *hdev = data;
8722 struct mgmt_cp_unpair_device *cp = cmd->param;
8724 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8726 cmd->cmd_complete(cmd, 0);
8727 mgmt_pending_remove(cmd);
8730 bool mgmt_powering_down(struct hci_dev *hdev)
8732 struct pending_cmd *cmd;
8733 struct mgmt_mode *cp;
8735 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8746 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8747 u8 link_type, u8 addr_type, u8 reason,
8748 bool mgmt_connected)
8750 struct mgmt_ev_device_disconnected ev;
8751 struct sock *sk = NULL;
8753 /* The connection is still in hci_conn_hash so test for 1
8754 * instead of 0 to know if this is the last one.
8756 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8757 cancel_delayed_work(&hdev->power_off);
8758 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8761 if (!mgmt_connected)
8764 if (link_type != ACL_LINK && link_type != LE_LINK)
8767 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8769 bacpy(&ev.addr.bdaddr, bdaddr);
8770 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8773 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8778 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8782 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8783 u8 link_type, u8 addr_type, u8 status)
8785 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8786 struct mgmt_cp_disconnect *cp;
8787 struct pending_cmd *cmd;
8789 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8792 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8798 if (bacmp(bdaddr, &cp->addr.bdaddr))
8801 if (cp->addr.type != bdaddr_type)
8804 cmd->cmd_complete(cmd, mgmt_status(status));
8805 mgmt_pending_remove(cmd);
8808 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8809 u8 addr_type, u8 status)
8811 struct mgmt_ev_connect_failed ev;
8813 /* The connection is still in hci_conn_hash so test for 1
8814 * instead of 0 to know if this is the last one.
8816 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8817 cancel_delayed_work(&hdev->power_off);
8818 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8821 bacpy(&ev.addr.bdaddr, bdaddr);
8822 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8823 ev.status = mgmt_status(status);
8825 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8827 #ifdef CONFIG_TIZEN_WIP
8828 void mgmt_hardware_error(struct hci_dev *hdev, u8 err_code)
8830 struct mgmt_ev_hardware_error ev;
8832 ev.error_code = err_code;
8833 mgmt_event(MGMT_EV_HARDWARE_ERROR, hdev, &ev, sizeof(ev), NULL);
8836 void mgmt_tx_timeout_error(struct hci_dev *hdev)
8838 mgmt_event(MGMT_EV_TX_TIMEOUT_ERROR, hdev, NULL, 0, NULL);
8842 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8844 struct mgmt_ev_pin_code_request ev;
8846 bacpy(&ev.addr.bdaddr, bdaddr);
8847 ev.addr.type = BDADDR_BREDR;
8850 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8853 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8856 struct pending_cmd *cmd;
8858 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8862 cmd->cmd_complete(cmd, mgmt_status(status));
8863 mgmt_pending_remove(cmd);
8866 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8869 struct pending_cmd *cmd;
8871 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8875 cmd->cmd_complete(cmd, mgmt_status(status));
8876 mgmt_pending_remove(cmd);
8879 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8880 u8 link_type, u8 addr_type, u32 value,
8883 struct mgmt_ev_user_confirm_request ev;
8885 BT_DBG("%s", hdev->name);
8887 bacpy(&ev.addr.bdaddr, bdaddr);
8888 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8889 ev.confirm_hint = confirm_hint;
8890 ev.value = cpu_to_le32(value);
8892 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8896 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8897 u8 link_type, u8 addr_type)
8899 struct mgmt_ev_user_passkey_request ev;
8901 BT_DBG("%s", hdev->name);
8903 bacpy(&ev.addr.bdaddr, bdaddr);
8904 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8906 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8910 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8911 u8 link_type, u8 addr_type, u8 status,
8914 struct pending_cmd *cmd;
8916 cmd = mgmt_pending_find(opcode, hdev);
8920 cmd->cmd_complete(cmd, mgmt_status(status));
8921 mgmt_pending_remove(cmd);
8926 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8927 u8 link_type, u8 addr_type, u8 status)
8929 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8930 status, MGMT_OP_USER_CONFIRM_REPLY);
8933 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8934 u8 link_type, u8 addr_type, u8 status)
8936 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8938 MGMT_OP_USER_CONFIRM_NEG_REPLY);
8941 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8942 u8 link_type, u8 addr_type, u8 status)
8944 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8945 status, MGMT_OP_USER_PASSKEY_REPLY);
8948 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8949 u8 link_type, u8 addr_type, u8 status)
8951 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8953 MGMT_OP_USER_PASSKEY_NEG_REPLY);
8956 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8957 u8 link_type, u8 addr_type, u32 passkey,
8960 struct mgmt_ev_passkey_notify ev;
8962 BT_DBG("%s", hdev->name);
8964 bacpy(&ev.addr.bdaddr, bdaddr);
8965 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8966 ev.passkey = __cpu_to_le32(passkey);
8967 ev.entered = entered;
8969 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8972 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8974 struct mgmt_ev_auth_failed ev;
8975 struct pending_cmd *cmd;
8976 u8 status = mgmt_status(hci_status);
8978 bacpy(&ev.addr.bdaddr, &conn->dst);
8979 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8982 cmd = find_pairing(conn);
8984 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8985 cmd ? cmd->sk : NULL);
8988 cmd->cmd_complete(cmd, status);
8989 mgmt_pending_remove(cmd);
8993 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8995 struct cmd_lookup match = { NULL, hdev };
8999 u8 mgmt_err = mgmt_status(status);
9000 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9001 cmd_status_rsp, &mgmt_err);
9005 if (test_bit(HCI_AUTH, &hdev->flags))
9006 changed = !test_and_set_bit(HCI_LINK_SECURITY,
9009 changed = test_and_clear_bit(HCI_LINK_SECURITY,
9012 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9016 new_settings(hdev, match.sk);
9022 static void clear_eir(struct hci_request *req)
9024 struct hci_dev *hdev = req->hdev;
9025 struct hci_cp_write_eir cp;
9027 if (!lmp_ext_inq_capable(hdev))
9030 memset(hdev->eir, 0, sizeof(hdev->eir));
9032 memset(&cp, 0, sizeof(cp));
9034 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9037 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9039 struct cmd_lookup match = { NULL, hdev };
9040 struct hci_request req;
9041 bool changed = false;
9044 u8 mgmt_err = mgmt_status(status);
9046 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9047 &hdev->dev_flags)) {
9048 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9049 new_settings(hdev, NULL);
9052 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9058 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9060 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9062 changed = test_and_clear_bit(HCI_HS_ENABLED,
9065 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9068 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9071 new_settings(hdev, match.sk);
9076 hci_req_init(&req, hdev);
9078 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
9079 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
9080 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9081 sizeof(enable), &enable);
9087 hci_req_run(&req, NULL);
9090 static void sk_lookup(struct pending_cmd *cmd, void *data)
9092 struct cmd_lookup *match = data;
9094 if (match->sk == NULL) {
9095 match->sk = cmd->sk;
9096 sock_hold(match->sk);
9100 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9103 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9105 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9106 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9107 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9110 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
9117 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9119 struct mgmt_cp_set_local_name ev;
9120 struct pending_cmd *cmd;
9125 memset(&ev, 0, sizeof(ev));
9126 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9127 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9129 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9131 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9133 /* If this is a HCI command related to powering on the
9134 * HCI dev don't send any mgmt signals.
9136 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
9140 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9141 cmd ? cmd->sk : NULL);
9144 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
9145 u8 *rand192, u8 *hash256, u8 *rand256,
9148 struct pending_cmd *cmd;
9150 BT_DBG("%s status %u", hdev->name, status);
9152 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
9157 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
9158 mgmt_status(status));
9160 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
9161 struct mgmt_rp_read_local_oob_ext_data rp;
9163 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
9164 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
9166 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
9167 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
9169 cmd_complete(cmd->sk, hdev->id,
9170 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9173 struct mgmt_rp_read_local_oob_data rp;
9175 memcpy(rp.hash, hash192, sizeof(rp.hash));
9176 memcpy(rp.rand, rand192, sizeof(rp.rand));
9178 cmd_complete(cmd->sk, hdev->id,
9179 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9184 mgmt_pending_remove(cmd);
9187 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9191 for (i = 0; i < uuid_count; i++) {
9192 if (!memcmp(uuid, uuids[i], 16))
9199 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9203 while (parsed < eir_len) {
9204 u8 field_len = eir[0];
9211 if (eir_len - parsed < field_len + 1)
9215 case EIR_UUID16_ALL:
9216 case EIR_UUID16_SOME:
9217 for (i = 0; i + 3 <= field_len; i += 2) {
9218 memcpy(uuid, bluetooth_base_uuid, 16);
9219 uuid[13] = eir[i + 3];
9220 uuid[12] = eir[i + 2];
9221 if (has_uuid(uuid, uuid_count, uuids))
9225 case EIR_UUID32_ALL:
9226 case EIR_UUID32_SOME:
9227 for (i = 0; i + 5 <= field_len; i += 4) {
9228 memcpy(uuid, bluetooth_base_uuid, 16);
9229 uuid[15] = eir[i + 5];
9230 uuid[14] = eir[i + 4];
9231 uuid[13] = eir[i + 3];
9232 uuid[12] = eir[i + 2];
9233 if (has_uuid(uuid, uuid_count, uuids))
9237 case EIR_UUID128_ALL:
9238 case EIR_UUID128_SOME:
9239 for (i = 0; i + 17 <= field_len; i += 16) {
9240 memcpy(uuid, eir + i + 2, 16);
9241 if (has_uuid(uuid, uuid_count, uuids))
9247 parsed += field_len + 1;
9248 eir += field_len + 1;
9254 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9255 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9256 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9259 struct mgmt_ev_device_found *ev = (void *) buf;
9263 /* Don't send events for a non-kernel initiated discovery. With
9264 * LE one exception is if we have pend_le_reports > 0 in which
9265 * case we're doing passive scanning and want these events.
9267 if (!hci_discovery_active(hdev)) {
9268 if (link_type == ACL_LINK)
9270 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
9274 /* When using service discovery with a RSSI threshold, then check
9275 * if such a RSSI threshold is specified. If a RSSI threshold has
9276 * been specified, then all results with a RSSI smaller than the
9277 * RSSI threshold will be dropped.
9279 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9280 * the results are also dropped.
9282 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9283 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
9286 /* Make sure that the buffer is big enough. The 5 extra bytes
9287 * are for the potential CoD field.
9289 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9292 memset(buf, 0, sizeof(buf));
9294 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9295 * RSSI value was reported as 0 when not available. This behavior
9296 * is kept when using device discovery. This is required for full
9297 * backwards compatibility with the API.
9299 * However when using service discovery, the value 127 will be
9300 * returned when the RSSI is not available.
9302 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9303 link_type == ACL_LINK)
9306 bacpy(&ev->addr.bdaddr, bdaddr);
9307 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9309 ev->flags = cpu_to_le32(flags);
9312 /* When using service discovery and a list of UUID is
9313 * provided, results with no matching UUID should be
9314 * dropped. In case there is a match the result is
9315 * kept and checking possible scan response data
9318 if (hdev->discovery.uuid_count > 0)
9319 match = eir_has_uuids(eir, eir_len,
9320 hdev->discovery.uuid_count,
9321 hdev->discovery.uuids);
9325 if (!match && !scan_rsp_len)
9328 /* Copy EIR or advertising data into event */
9329 memcpy(ev->eir, eir, eir_len);
9331 /* When using service discovery and a list of UUID is
9332 * provided, results with empty EIR or advertising data
9333 * should be dropped since they do not match any UUID.
9335 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
9341 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9342 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9345 if (scan_rsp_len > 0) {
9346 /* When using service discovery and a list of UUID is
9347 * provided, results with no matching UUID should be
9348 * dropped if there is no previous match from the
9351 if (hdev->discovery.uuid_count > 0) {
9352 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
9353 hdev->discovery.uuid_count,
9354 hdev->discovery.uuids))
9358 /* Append scan response data to event */
9359 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9361 /* When using service discovery and a list of UUID is
9362 * provided, results with empty scan response and no
9363 * previous matched advertising data should be dropped.
9365 if (hdev->discovery.uuid_count > 0 && !match)
9369 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9370 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9372 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9375 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Pass adv type */
9376 void mgmt_le_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9377 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9378 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, u8 adv_type)
9381 struct mgmt_ev_le_device_found *ev = (void *) buf;
9384 if (!hci_discovery_active(hdev) && !hci_le_discovery_active(hdev))
9387 /* Make sure that the buffer is big enough. The 5 extra bytes
9388 * are for the potential CoD field.
9390 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9393 memset(buf, 0, sizeof(buf));
9395 bacpy(&ev->addr.bdaddr, bdaddr);
9396 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9398 ev->flags = cpu_to_le32(flags);
9399 ev->adv_type = adv_type;
9402 memcpy(ev->eir, eir, eir_len);
9404 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9405 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9408 if (scan_rsp_len > 0)
9409 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9411 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9412 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9414 mgmt_event(MGMT_EV_LE_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9418 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9419 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9421 struct mgmt_ev_device_found *ev;
9422 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9425 ev = (struct mgmt_ev_device_found *) buf;
9427 memset(buf, 0, sizeof(buf));
9429 bacpy(&ev->addr.bdaddr, bdaddr);
9430 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9433 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9436 ev->eir_len = cpu_to_le16(eir_len);
9438 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9441 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9443 struct mgmt_ev_discovering ev;
9445 BT_DBG("%s discovering %u", hdev->name, discovering);
9447 memset(&ev, 0, sizeof(ev));
9448 ev.type = hdev->discovery.type;
9449 ev.discovering = discovering;
9451 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9454 #ifdef CONFIG_TIZEN_WIP
9455 /* BEGIN TIZEN_Bluetooth :: Seperate LE discovery */
9456 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
9458 struct mgmt_ev_discovering ev;
9459 struct pending_cmd *cmd;
9461 BT_DBG("%s le discovering %u", hdev->name, discovering);
9464 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
9466 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
9469 u8 type = hdev->le_discovery.type;
9471 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
9473 mgmt_pending_remove(cmd);
9476 memset(&ev, 0, sizeof(ev));
9477 ev.type = hdev->le_discovery.type;
9478 ev.discovering = discovering;
9480 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9482 /* END TIZEN_Bluetooth */
9485 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
9487 BT_DBG("%s status %u", hdev->name, status);
9490 void mgmt_reenable_advertising(struct hci_dev *hdev)
9492 struct hci_request req;
9494 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
9497 hci_req_init(&req, hdev);
9498 enable_advertising(&req);
9499 hci_req_run(&req, adv_enable_complete);
projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / blob