007863d6939055e539b6b4ba1181d6c507bc4220
[profile/mobile/platform/kernel/linux-3.10-sc7730.git] / net / bluetooth / mgmt.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3
4    Copyright (C) 2010  Nokia Corporation
5    Copyright (C) 2011-2012 Intel Corporation
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License version 2 as
9    published by the Free Software Foundation;
10
11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22    SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
34
35 #ifdef CONFIG_TIZEN_WIP
36 #include <net/bluetooth/mgmt_tizen.h>
37 #include <net/bluetooth/sco.h>
38 #endif
39 #include "hci_request.h"
40 #include "smp.h"
41
42 #define MGMT_VERSION    1
43 #define MGMT_REVISION   8
44
45 #ifdef CONFIG_TIZEN_WIP
46 #ifndef U16_MAX
47 #define U16_MAX         ((u16)~0U)
48 #endif
49 #endif
50
51 static const u16 mgmt_commands[] = {
52         MGMT_OP_READ_INDEX_LIST,
53         MGMT_OP_READ_INFO,
54         MGMT_OP_SET_POWERED,
55         MGMT_OP_SET_DISCOVERABLE,
56         MGMT_OP_SET_CONNECTABLE,
57         MGMT_OP_SET_FAST_CONNECTABLE,
58         MGMT_OP_SET_BONDABLE,
59         MGMT_OP_SET_LINK_SECURITY,
60         MGMT_OP_SET_SSP,
61         MGMT_OP_SET_HS,
62         MGMT_OP_SET_LE,
63         MGMT_OP_SET_DEV_CLASS,
64         MGMT_OP_SET_LOCAL_NAME,
65         MGMT_OP_ADD_UUID,
66         MGMT_OP_REMOVE_UUID,
67         MGMT_OP_LOAD_LINK_KEYS,
68         MGMT_OP_LOAD_LONG_TERM_KEYS,
69         MGMT_OP_DISCONNECT,
70         MGMT_OP_GET_CONNECTIONS,
71         MGMT_OP_PIN_CODE_REPLY,
72         MGMT_OP_PIN_CODE_NEG_REPLY,
73         MGMT_OP_SET_IO_CAPABILITY,
74         MGMT_OP_PAIR_DEVICE,
75         MGMT_OP_CANCEL_PAIR_DEVICE,
76         MGMT_OP_UNPAIR_DEVICE,
77         MGMT_OP_USER_CONFIRM_REPLY,
78         MGMT_OP_USER_CONFIRM_NEG_REPLY,
79         MGMT_OP_USER_PASSKEY_REPLY,
80         MGMT_OP_USER_PASSKEY_NEG_REPLY,
81         MGMT_OP_READ_LOCAL_OOB_DATA,
82         MGMT_OP_ADD_REMOTE_OOB_DATA,
83         MGMT_OP_REMOVE_REMOTE_OOB_DATA,
84         MGMT_OP_START_DISCOVERY,
85         MGMT_OP_STOP_DISCOVERY,
86         MGMT_OP_CONFIRM_NAME,
87         MGMT_OP_BLOCK_DEVICE,
88         MGMT_OP_UNBLOCK_DEVICE,
89         MGMT_OP_SET_DEVICE_ID,
90         MGMT_OP_SET_ADVERTISING,
91         MGMT_OP_SET_BREDR,
92         MGMT_OP_SET_STATIC_ADDRESS,
93         MGMT_OP_SET_SCAN_PARAMS,
94         MGMT_OP_SET_SECURE_CONN,
95         MGMT_OP_SET_DEBUG_KEYS,
96         MGMT_OP_SET_PRIVACY,
97         MGMT_OP_LOAD_IRKS,
98         MGMT_OP_GET_CONN_INFO,
99         MGMT_OP_GET_CLOCK_INFO,
100         MGMT_OP_ADD_DEVICE,
101         MGMT_OP_REMOVE_DEVICE,
102         MGMT_OP_LOAD_CONN_PARAM,
103         MGMT_OP_READ_UNCONF_INDEX_LIST,
104         MGMT_OP_READ_CONFIG_INFO,
105         MGMT_OP_SET_EXTERNAL_CONFIG,
106         MGMT_OP_SET_PUBLIC_ADDRESS,
107         MGMT_OP_START_SERVICE_DISCOVERY,
108 };
109
110 static const u16 mgmt_events[] = {
111         MGMT_EV_CONTROLLER_ERROR,
112         MGMT_EV_INDEX_ADDED,
113         MGMT_EV_INDEX_REMOVED,
114         MGMT_EV_NEW_SETTINGS,
115         MGMT_EV_CLASS_OF_DEV_CHANGED,
116         MGMT_EV_LOCAL_NAME_CHANGED,
117         MGMT_EV_NEW_LINK_KEY,
118         MGMT_EV_NEW_LONG_TERM_KEY,
119         MGMT_EV_DEVICE_CONNECTED,
120         MGMT_EV_DEVICE_DISCONNECTED,
121         MGMT_EV_CONNECT_FAILED,
122         MGMT_EV_PIN_CODE_REQUEST,
123         MGMT_EV_USER_CONFIRM_REQUEST,
124         MGMT_EV_USER_PASSKEY_REQUEST,
125         MGMT_EV_AUTH_FAILED,
126         MGMT_EV_DEVICE_FOUND,
127         MGMT_EV_DISCOVERING,
128         MGMT_EV_DEVICE_BLOCKED,
129         MGMT_EV_DEVICE_UNBLOCKED,
130         MGMT_EV_DEVICE_UNPAIRED,
131         MGMT_EV_PASSKEY_NOTIFY,
132         MGMT_EV_NEW_IRK,
133         MGMT_EV_NEW_CSRK,
134         MGMT_EV_DEVICE_ADDED,
135         MGMT_EV_DEVICE_REMOVED,
136         MGMT_EV_NEW_CONN_PARAM,
137         MGMT_EV_UNCONF_INDEX_ADDED,
138         MGMT_EV_UNCONF_INDEX_REMOVED,
139         MGMT_EV_NEW_CONFIG_OPTIONS,
140 };
141
142 #define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
143
144 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
145                  "\x00\x00\x00\x00\x00\x00\x00\x00"
146
147 struct pending_cmd {
148         struct list_head list;
149         u16 opcode;
150         int index;
151         void *param;
152         size_t param_len;
153         struct sock *sk;
154         void *user_data;
155         int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
156 };
157
158 /* HCI to MGMT error code conversion table */
159 static u8 mgmt_status_table[] = {
160         MGMT_STATUS_SUCCESS,
161         MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
162         MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
163         MGMT_STATUS_FAILED,             /* Hardware Failure */
164         MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
165         MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
166         MGMT_STATUS_AUTH_FAILED,        /* PIN or Key Missing */
167         MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
168         MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
169         MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
170         MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
171         MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
172         MGMT_STATUS_BUSY,               /* Command Disallowed */
173         MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
174         MGMT_STATUS_REJECTED,           /* Rejected Security */
175         MGMT_STATUS_REJECTED,           /* Rejected Personal */
176         MGMT_STATUS_TIMEOUT,            /* Host Timeout */
177         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
178         MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
179         MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
180         MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
181         MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
182         MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
183         MGMT_STATUS_BUSY,               /* Repeated Attempts */
184         MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
185         MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
186         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
187         MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
188         MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
189         MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
190         MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
191         MGMT_STATUS_FAILED,             /* Unspecified Error */
192         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
193         MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
194         MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
195         MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
196         MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
197         MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
198         MGMT_STATUS_FAILED,             /* Unit Link Key Used */
199         MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
200         MGMT_STATUS_TIMEOUT,            /* Instant Passed */
201         MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
202         MGMT_STATUS_FAILED,             /* Transaction Collision */
203         MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
204         MGMT_STATUS_REJECTED,           /* QoS Rejected */
205         MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
206         MGMT_STATUS_REJECTED,           /* Insufficient Security */
207         MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
208         MGMT_STATUS_BUSY,               /* Role Switch Pending */
209         MGMT_STATUS_FAILED,             /* Slot Violation */
210         MGMT_STATUS_FAILED,             /* Role Switch Failed */
211         MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
212         MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
213         MGMT_STATUS_BUSY,               /* Host Busy Pairing */
214         MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
215         MGMT_STATUS_BUSY,               /* Controller Busy */
216         MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
217         MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
218         MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
219         MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
220         MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
221 };
222
223 static u8 mgmt_status(u8 hci_status)
224 {
225         if (hci_status < ARRAY_SIZE(mgmt_status_table))
226                 return mgmt_status_table[hci_status];
227
228         return MGMT_STATUS_FAILED;
229 }
230
231 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
232                       struct sock *skip_sk)
233 {
234         struct sk_buff *skb;
235         struct mgmt_hdr *hdr;
236
237         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
238         if (!skb)
239                 return -ENOMEM;
240
241         hdr = (void *) skb_put(skb, sizeof(*hdr));
242         hdr->opcode = cpu_to_le16(event);
243         if (hdev)
244                 hdr->index = cpu_to_le16(hdev->id);
245         else
246                 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
247         hdr->len = cpu_to_le16(data_len);
248
249         if (data)
250                 memcpy(skb_put(skb, data_len), data, data_len);
251
252         /* Time stamp */
253         __net_timestamp(skb);
254
255         hci_send_to_control(skb, skip_sk);
256         kfree_skb(skb);
257
258         return 0;
259 }
260
261 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
262 {
263         struct sk_buff *skb;
264         struct mgmt_hdr *hdr;
265         struct mgmt_ev_cmd_status *ev;
266         int err;
267
268         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
269
270         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
271         if (!skb)
272                 return -ENOMEM;
273
274         hdr = (void *) skb_put(skb, sizeof(*hdr));
275
276         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
277         hdr->index = cpu_to_le16(index);
278         hdr->len = cpu_to_le16(sizeof(*ev));
279
280         ev = (void *) skb_put(skb, sizeof(*ev));
281         ev->status = status;
282         ev->opcode = cpu_to_le16(cmd);
283
284         err = sock_queue_rcv_skb(sk, skb);
285         if (err < 0)
286                 kfree_skb(skb);
287
288         return err;
289 }
290
291 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
292                         void *rp, size_t rp_len)
293 {
294         struct sk_buff *skb;
295         struct mgmt_hdr *hdr;
296         struct mgmt_ev_cmd_complete *ev;
297         int err;
298
299         BT_DBG("sock %p", sk);
300
301         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
302         if (!skb)
303                 return -ENOMEM;
304
305         hdr = (void *) skb_put(skb, sizeof(*hdr));
306
307         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
308         hdr->index = cpu_to_le16(index);
309         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
310
311         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
312         ev->opcode = cpu_to_le16(cmd);
313         ev->status = status;
314
315         if (rp)
316                 memcpy(ev->data, rp, rp_len);
317
318         err = sock_queue_rcv_skb(sk, skb);
319         if (err < 0)
320                 kfree_skb(skb);
321
322         return err;
323 }
324
325 #ifdef CONFIG_TIZEN_WIP
326 /* BEGIN TIZEN_Bluetooth :: check for le connection update params */
327 static inline int check_le_conn_update_param(u16 min, u16 max, u16 latency,
328                                         u16 to_multiplier)
329 {
330         u16 max_latency;
331
332         if (min > max || min < 6 || max > 3200)
333                 return -EINVAL;
334
335         if (to_multiplier < 10 || to_multiplier > 3200)
336                 return -EINVAL;
337
338         if (max >= to_multiplier * 8)
339                 return -EINVAL;
340
341         max_latency = (to_multiplier * 8 / max) - 1;
342
343         if (latency > 499 || latency > max_latency)
344                 return -EINVAL;
345
346         return 0;
347 }
348 /* END TIZEN_Bluetooth */
349 #endif
350
351 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
352                         u16 data_len)
353 {
354         struct mgmt_rp_read_version rp;
355
356         BT_DBG("sock %p", sk);
357
358         rp.version = MGMT_VERSION;
359         rp.revision = cpu_to_le16(MGMT_REVISION);
360
361         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
362                             sizeof(rp));
363 }
364
365 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
366                          u16 data_len)
367 {
368         struct mgmt_rp_read_commands *rp;
369         const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370         const u16 num_events = ARRAY_SIZE(mgmt_events);
371         __le16 *opcode;
372         size_t rp_size;
373         int i, err;
374
375         BT_DBG("sock %p", sk);
376
377         rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
378
379         rp = kmalloc(rp_size, GFP_KERNEL);
380         if (!rp)
381                 return -ENOMEM;
382
383         rp->num_commands = cpu_to_le16(num_commands);
384         rp->num_events = cpu_to_le16(num_events);
385
386         for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387                 put_unaligned_le16(mgmt_commands[i], opcode);
388
389         for (i = 0; i < num_events; i++, opcode++)
390                 put_unaligned_le16(mgmt_events[i], opcode);
391
392         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
393                            rp_size);
394         kfree(rp);
395
396         return err;
397 }
398
399 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
400                            u16 data_len)
401 {
402         struct mgmt_rp_read_index_list *rp;
403         struct hci_dev *d;
404         size_t rp_len;
405         u16 count;
406         int err;
407
408         BT_DBG("sock %p", sk);
409
410         read_lock(&hci_dev_list_lock);
411
412         count = 0;
413         list_for_each_entry(d, &hci_dev_list, list) {
414                 if (d->dev_type == HCI_BREDR &&
415                     !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
416                         count++;
417         }
418
419         rp_len = sizeof(*rp) + (2 * count);
420         rp = kmalloc(rp_len, GFP_ATOMIC);
421         if (!rp) {
422                 read_unlock(&hci_dev_list_lock);
423                 return -ENOMEM;
424         }
425
426         count = 0;
427         list_for_each_entry(d, &hci_dev_list, list) {
428                 if (test_bit(HCI_SETUP, &d->dev_flags) ||
429                     test_bit(HCI_CONFIG, &d->dev_flags) ||
430                     test_bit(HCI_USER_CHANNEL, &d->dev_flags))
431                         continue;
432
433                 /* Devices marked as raw-only are neither configured
434                  * nor unconfigured controllers.
435                  */
436                 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437                         continue;
438
439                 if (d->dev_type == HCI_BREDR &&
440                     !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
441                         rp->index[count++] = cpu_to_le16(d->id);
442                         BT_DBG("Added hci%u", d->id);
443                 }
444         }
445
446         rp->num_controllers = cpu_to_le16(count);
447         rp_len = sizeof(*rp) + (2 * count);
448
449         read_unlock(&hci_dev_list_lock);
450
451         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
452                            rp_len);
453
454         kfree(rp);
455
456         return err;
457 }
458
459 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460                                   void *data, u16 data_len)
461 {
462         struct mgmt_rp_read_unconf_index_list *rp;
463         struct hci_dev *d;
464         size_t rp_len;
465         u16 count;
466         int err;
467
468         BT_DBG("sock %p", sk);
469
470         read_lock(&hci_dev_list_lock);
471
472         count = 0;
473         list_for_each_entry(d, &hci_dev_list, list) {
474                 if (d->dev_type == HCI_BREDR &&
475                     test_bit(HCI_UNCONFIGURED, &d->dev_flags))
476                         count++;
477         }
478
479         rp_len = sizeof(*rp) + (2 * count);
480         rp = kmalloc(rp_len, GFP_ATOMIC);
481         if (!rp) {
482                 read_unlock(&hci_dev_list_lock);
483                 return -ENOMEM;
484         }
485
486         count = 0;
487         list_for_each_entry(d, &hci_dev_list, list) {
488                 if (test_bit(HCI_SETUP, &d->dev_flags) ||
489                     test_bit(HCI_CONFIG, &d->dev_flags) ||
490                     test_bit(HCI_USER_CHANNEL, &d->dev_flags))
491                         continue;
492
493                 /* Devices marked as raw-only are neither configured
494                  * nor unconfigured controllers.
495                  */
496                 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
497                         continue;
498
499                 if (d->dev_type == HCI_BREDR &&
500                     test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
501                         rp->index[count++] = cpu_to_le16(d->id);
502                         BT_DBG("Added hci%u", d->id);
503                 }
504         }
505
506         rp->num_controllers = cpu_to_le16(count);
507         rp_len = sizeof(*rp) + (2 * count);
508
509         read_unlock(&hci_dev_list_lock);
510
511         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
512                            0, rp, rp_len);
513
514         kfree(rp);
515
516         return err;
517 }
518
519 static bool is_configured(struct hci_dev *hdev)
520 {
521         if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
522             !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
523                 return false;
524
525         if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526             !bacmp(&hdev->public_addr, BDADDR_ANY))
527                 return false;
528
529         return true;
530 }
531
532 static __le32 get_missing_options(struct hci_dev *hdev)
533 {
534         u32 options = 0;
535
536         if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
537             !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
538                 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
540         if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541             !bacmp(&hdev->public_addr, BDADDR_ANY))
542                 options |= MGMT_OPTION_PUBLIC_ADDRESS;
543
544         return cpu_to_le32(options);
545 }
546
547 static int new_options(struct hci_dev *hdev, struct sock *skip)
548 {
549         __le32 options = get_missing_options(hdev);
550
551         return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552                           sizeof(options), skip);
553 }
554
555 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
556 {
557         __le32 options = get_missing_options(hdev);
558
559         return cmd_complete(sk, hdev->id, opcode, 0, &options,
560                             sizeof(options));
561 }
562
563 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564                             void *data, u16 data_len)
565 {
566         struct mgmt_rp_read_config_info rp;
567         u32 options = 0;
568
569         BT_DBG("sock %p %s", sk, hdev->name);
570
571         hci_dev_lock(hdev);
572
573         memset(&rp, 0, sizeof(rp));
574         rp.manufacturer = cpu_to_le16(hdev->manufacturer);
575
576         if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577                 options |= MGMT_OPTION_EXTERNAL_CONFIG;
578
579         if (hdev->set_bdaddr)
580                 options |= MGMT_OPTION_PUBLIC_ADDRESS;
581
582         rp.supported_options = cpu_to_le32(options);
583         rp.missing_options = get_missing_options(hdev);
584
585         hci_dev_unlock(hdev);
586
587         return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
588                             sizeof(rp));
589 }
590
591 static u32 get_supported_settings(struct hci_dev *hdev)
592 {
593         u32 settings = 0;
594
595         settings |= MGMT_SETTING_POWERED;
596         settings |= MGMT_SETTING_BONDABLE;
597 /* Disable Debug keys implementation now */
598 #ifdef CONFIG_TIZEN_WIP
599         settings |= MGMT_SETTING_DEBUG_KEYS;
600 #endif
601         settings |= MGMT_SETTING_CONNECTABLE;
602         settings |= MGMT_SETTING_DISCOVERABLE;
603
604         if (lmp_bredr_capable(hdev)) {
605                 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
606                         settings |= MGMT_SETTING_FAST_CONNECTABLE;
607                 settings |= MGMT_SETTING_BREDR;
608                 settings |= MGMT_SETTING_LINK_SECURITY;
609
610                 if (lmp_ssp_capable(hdev)) {
611                         settings |= MGMT_SETTING_SSP;
612                         settings |= MGMT_SETTING_HS;
613                 }
614
615 /* Disable Secure connection implementation now */
616 #ifdef CONFIG_TIZEN_WIP
617                 if (lmp_sc_capable(hdev) ||
618                     test_bit(HCI_FORCE_BREDR_SMP, &hdev->dbg_flags))
619                         settings |= MGMT_SETTING_SECURE_CONN;
620 #endif
621         }
622
623         if (lmp_le_capable(hdev)) {
624                 settings |= MGMT_SETTING_LE;
625                 settings |= MGMT_SETTING_ADVERTISING;
626                 settings |= MGMT_SETTING_SECURE_CONN;
627                 settings |= MGMT_SETTING_PRIVACY;
628         }
629
630         if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
631             hdev->set_bdaddr)
632                 settings |= MGMT_SETTING_CONFIGURATION;
633
634         return settings;
635 }
636
637 static u32 get_current_settings(struct hci_dev *hdev)
638 {
639         u32 settings = 0;
640
641         if (hdev_is_powered(hdev))
642                 settings |= MGMT_SETTING_POWERED;
643
644         if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
645                 settings |= MGMT_SETTING_CONNECTABLE;
646
647         if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
648                 settings |= MGMT_SETTING_FAST_CONNECTABLE;
649
650         if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
651                 settings |= MGMT_SETTING_DISCOVERABLE;
652
653         if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
654                 settings |= MGMT_SETTING_BONDABLE;
655
656         if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
657                 settings |= MGMT_SETTING_BREDR;
658
659         if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
660                 settings |= MGMT_SETTING_LE;
661
662         if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
663                 settings |= MGMT_SETTING_LINK_SECURITY;
664
665         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
666                 settings |= MGMT_SETTING_SSP;
667
668         if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
669                 settings |= MGMT_SETTING_HS;
670
671         if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
672                 settings |= MGMT_SETTING_ADVERTISING;
673
674 /* Disable Secure connection and debug keys implementation now */
675 #ifdef CONFIG_TIZEN_WIP
676         if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
677                 settings |= MGMT_SETTING_SECURE_CONN;
678
679         if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
680                 settings |= MGMT_SETTING_DEBUG_KEYS;
681 #endif
682
683         if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
684                 settings |= MGMT_SETTING_PRIVACY;
685
686         return settings;
687 }
688
689 #define PNP_INFO_SVCLASS_ID             0x1200
690
691 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
692 {
693         u8 *ptr = data, *uuids_start = NULL;
694         struct bt_uuid *uuid;
695
696         if (len < 4)
697                 return ptr;
698
699         list_for_each_entry(uuid, &hdev->uuids, list) {
700                 u16 uuid16;
701
702                 if (uuid->size != 16)
703                         continue;
704
705                 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
706                 if (uuid16 < 0x1100)
707                         continue;
708
709                 if (uuid16 == PNP_INFO_SVCLASS_ID)
710                         continue;
711
712                 if (!uuids_start) {
713                         uuids_start = ptr;
714                         uuids_start[0] = 1;
715                         uuids_start[1] = EIR_UUID16_ALL;
716                         ptr += 2;
717                 }
718
719                 /* Stop if not enough space to put next UUID */
720                 if ((ptr - data) + sizeof(u16) > len) {
721                         uuids_start[1] = EIR_UUID16_SOME;
722                         break;
723                 }
724
725                 *ptr++ = (uuid16 & 0x00ff);
726                 *ptr++ = (uuid16 & 0xff00) >> 8;
727                 uuids_start[0] += sizeof(uuid16);
728         }
729
730         return ptr;
731 }
732
733 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
734 {
735         u8 *ptr = data, *uuids_start = NULL;
736         struct bt_uuid *uuid;
737
738         if (len < 6)
739                 return ptr;
740
741         list_for_each_entry(uuid, &hdev->uuids, list) {
742                 if (uuid->size != 32)
743                         continue;
744
745                 if (!uuids_start) {
746                         uuids_start = ptr;
747                         uuids_start[0] = 1;
748                         uuids_start[1] = EIR_UUID32_ALL;
749                         ptr += 2;
750                 }
751
752                 /* Stop if not enough space to put next UUID */
753                 if ((ptr - data) + sizeof(u32) > len) {
754                         uuids_start[1] = EIR_UUID32_SOME;
755                         break;
756                 }
757
758                 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
759                 ptr += sizeof(u32);
760                 uuids_start[0] += sizeof(u32);
761         }
762
763         return ptr;
764 }
765
766 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767 {
768         u8 *ptr = data, *uuids_start = NULL;
769         struct bt_uuid *uuid;
770
771         if (len < 18)
772                 return ptr;
773
774         list_for_each_entry(uuid, &hdev->uuids, list) {
775                 if (uuid->size != 128)
776                         continue;
777
778                 if (!uuids_start) {
779                         uuids_start = ptr;
780                         uuids_start[0] = 1;
781                         uuids_start[1] = EIR_UUID128_ALL;
782                         ptr += 2;
783                 }
784
785                 /* Stop if not enough space to put next UUID */
786                 if ((ptr - data) + 16 > len) {
787                         uuids_start[1] = EIR_UUID128_SOME;
788                         break;
789                 }
790
791                 memcpy(ptr, uuid->uuid, 16);
792                 ptr += 16;
793                 uuids_start[0] += 16;
794         }
795
796         return ptr;
797 }
798
799 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
800 {
801         struct pending_cmd *cmd;
802
803         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
804                 if (cmd->opcode == opcode)
805                         return cmd;
806         }
807
808         return NULL;
809 }
810
811 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
812                                                   struct hci_dev *hdev,
813                                                   const void *data)
814 {
815         struct pending_cmd *cmd;
816
817         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
818                 if (cmd->user_data != data)
819                         continue;
820                 if (cmd->opcode == opcode)
821                         return cmd;
822         }
823
824         return NULL;
825 }
826
827 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
828 {
829         u8 ad_len = 0;
830         size_t name_len;
831
832         name_len = strlen(hdev->dev_name);
833         if (name_len > 0) {
834                 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
835
836                 if (name_len > max_len) {
837                         name_len = max_len;
838                         ptr[1] = EIR_NAME_SHORT;
839                 } else
840                         ptr[1] = EIR_NAME_COMPLETE;
841
842                 ptr[0] = name_len + 1;
843
844                 memcpy(ptr + 2, hdev->dev_name, name_len);
845
846                 ad_len += (name_len + 2);
847                 ptr += (name_len + 2);
848         }
849
850         return ad_len;
851 }
852
853 static void update_scan_rsp_data(struct hci_request *req)
854 {
855         struct hci_dev *hdev = req->hdev;
856         struct hci_cp_le_set_scan_rsp_data cp;
857         u8 len;
858
859         if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
860                 return;
861
862         memset(&cp, 0, sizeof(cp));
863
864         len = create_scan_rsp_data(hdev, cp.data);
865
866 #ifdef  CONFIG_TIZEN_WIP
867         /* Advertising scan response data is handled in bluez.
868               This value will be updated only when application request the update */
869         return;
870 #else
871         if (hdev->scan_rsp_data_len == len &&
872             memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
873                 return;
874
875         memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
876         hdev->scan_rsp_data_len = len;
877
878         cp.length = len;
879
880         hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
881 #endif
882 }
883
884 static u8 get_adv_discov_flags(struct hci_dev *hdev)
885 {
886         struct pending_cmd *cmd;
887
888         /* If there's a pending mgmt command the flags will not yet have
889          * their final values, so check for this first.
890          */
891         cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
892         if (cmd) {
893                 struct mgmt_mode *cp = cmd->param;
894                 if (cp->val == 0x01)
895                         return LE_AD_GENERAL;
896                 else if (cp->val == 0x02)
897                         return LE_AD_LIMITED;
898         } else {
899                 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
900                         return LE_AD_LIMITED;
901                 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
902                         return LE_AD_GENERAL;
903         }
904
905         return 0;
906 }
907
908 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
909 {
910         u8 ad_len = 0, flags = 0;
911
912         flags |= get_adv_discov_flags(hdev);
913
914         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
915                 flags |= LE_AD_NO_BREDR;
916
917         if (flags) {
918                 BT_DBG("adv flags 0x%02x", flags);
919
920                 ptr[0] = 2;
921                 ptr[1] = EIR_FLAGS;
922                 ptr[2] = flags;
923
924                 ad_len += 3;
925                 ptr += 3;
926         }
927
928         if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
929                 ptr[0] = 2;
930                 ptr[1] = EIR_TX_POWER;
931                 ptr[2] = (u8) hdev->adv_tx_power;
932
933                 ad_len += 3;
934                 ptr += 3;
935         }
936
937         return ad_len;
938 }
939
940 static void update_adv_data(struct hci_request *req)
941 {
942         struct hci_dev *hdev = req->hdev;
943         struct hci_cp_le_set_adv_data cp;
944         u8 len;
945
946         if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
947                 return;
948
949         memset(&cp, 0, sizeof(cp));
950
951         len = create_adv_data(hdev, cp.data);
952
953 #ifdef  CONFIG_TIZEN_WIP
954         /* Bluez will handle the advertising data, including the flag and tx power.
955             This value will be updated only when application request the update */
956                 return;
957 #else
958         if (hdev->adv_data_len == len &&
959             memcmp(cp.data, hdev->adv_data, len) == 0)
960                 return;
961
962         memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963         hdev->adv_data_len = len;
964
965         cp.length = len;
966
967         hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
968 #endif
969 }
970
971 int mgmt_update_adv_data(struct hci_dev *hdev)
972 {
973         struct hci_request req;
974
975         hci_req_init(&req, hdev);
976         update_adv_data(&req);
977
978         return hci_req_run(&req, NULL);
979 }
980
981 static void create_eir(struct hci_dev *hdev, u8 *data)
982 {
983         u8 *ptr = data;
984         size_t name_len;
985
986         name_len = strlen(hdev->dev_name);
987
988         if (name_len > 0) {
989                 /* EIR Data type */
990                 if (name_len > 48) {
991                         name_len = 48;
992                         ptr[1] = EIR_NAME_SHORT;
993                 } else
994                         ptr[1] = EIR_NAME_COMPLETE;
995
996                 /* EIR Data length */
997                 ptr[0] = name_len + 1;
998
999                 memcpy(ptr + 2, hdev->dev_name, name_len);
1000
1001                 ptr += (name_len + 2);
1002         }
1003
1004         if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1005                 ptr[0] = 2;
1006                 ptr[1] = EIR_TX_POWER;
1007                 ptr[2] = (u8) hdev->inq_tx_power;
1008
1009                 ptr += 3;
1010         }
1011
1012         if (hdev->devid_source > 0) {
1013                 ptr[0] = 9;
1014                 ptr[1] = EIR_DEVICE_ID;
1015
1016                 put_unaligned_le16(hdev->devid_source, ptr + 2);
1017                 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1018                 put_unaligned_le16(hdev->devid_product, ptr + 6);
1019                 put_unaligned_le16(hdev->devid_version, ptr + 8);
1020
1021                 ptr += 10;
1022         }
1023
1024         ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1025         ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1026         ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1027 #ifdef CONFIG_TIZEN_WIP
1028         if (hdev->manufacturer_len > 0 &&
1029                         ptr - data + hdev->manufacturer_len + 2 <= HCI_MAX_EIR_LENGTH) {
1030                 ptr[0] = hdev->manufacturer_len + 1;
1031                 ptr[1] = EIR_MANUFACTURER_DATA;
1032                 memcpy(ptr + 2, hdev->manufacturer_data, hdev->manufacturer_len);
1033                 ptr += hdev->manufacturer_len + 2;
1034         }
1035 #endif
1036 }
1037
1038 static void update_eir(struct hci_request *req)
1039 {
1040         struct hci_dev *hdev = req->hdev;
1041         struct hci_cp_write_eir cp;
1042
1043         if (!hdev_is_powered(hdev))
1044                 return;
1045
1046         if (!lmp_ext_inq_capable(hdev))
1047                 return;
1048
1049         if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1050                 return;
1051
1052         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1053                 return;
1054
1055         memset(&cp, 0, sizeof(cp));
1056
1057         create_eir(hdev, cp.data);
1058
1059         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1060                 return;
1061
1062         memcpy(hdev->eir, cp.data, sizeof(cp.data));
1063
1064         hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1065 }
1066
1067 static u8 get_service_classes(struct hci_dev *hdev)
1068 {
1069         struct bt_uuid *uuid;
1070         u8 val = 0;
1071
1072         list_for_each_entry(uuid, &hdev->uuids, list)
1073                 val |= uuid->svc_hint;
1074
1075         return val;
1076 }
1077
1078 static void update_class(struct hci_request *req)
1079 {
1080         struct hci_dev *hdev = req->hdev;
1081         u8 cod[3];
1082
1083         BT_DBG("%s", hdev->name);
1084
1085         if (!hdev_is_powered(hdev))
1086                 return;
1087
1088         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1089                 return;
1090
1091         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1092                 return;
1093
1094         cod[0] = hdev->minor_class;
1095         cod[1] = hdev->major_class;
1096         cod[2] = get_service_classes(hdev);
1097
1098         if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1099                 cod[1] |= 0x20;
1100
1101         if (memcmp(cod, hdev->dev_class, 3) == 0)
1102                 return;
1103
1104         hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1105 }
1106
1107 #ifndef CONFIG_TIZEN_WIP
1108 static bool get_connectable(struct hci_dev *hdev)
1109 {
1110         struct pending_cmd *cmd;
1111
1112         /* If there's a pending mgmt command the flag will not yet have
1113          * it's final value, so check for this first.
1114          */
1115         cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1116         if (cmd) {
1117                 struct mgmt_mode *cp = cmd->param;
1118                 return cp->val;
1119         }
1120
1121         return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1122 }
1123 #endif
1124
1125 static void disable_advertising(struct hci_request *req)
1126 {
1127         u8 enable = 0x00;
1128
1129         hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1130 }
1131
1132 static void enable_advertising(struct hci_request *req)
1133 {
1134         struct hci_dev *hdev = req->hdev;
1135         struct hci_cp_le_set_adv_param cp;
1136 #ifndef CONFIG_TIZEN_WIP
1137         u8 own_addr_type, enable = 0x01;
1138         bool connectable;
1139 #else
1140         u8 own_addr_type = ADDR_LE_DEV_PUBLIC;
1141         u8 enable = 0x01;
1142 #endif
1143
1144         if (hci_conn_num(hdev, LE_LINK) > 0)
1145                 return;
1146
1147         if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1148                 disable_advertising(req);
1149
1150         /* Clear the HCI_LE_ADV bit temporarily so that the
1151          * hci_update_random_address knows that it's safe to go ahead
1152          * and write a new random address. The flag will be set back on
1153          * as soon as the SET_ADV_ENABLE HCI command completes.
1154          */
1155         clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1156
1157 #ifndef CONFIG_TIZEN_WIP
1158         connectable = get_connectable(hdev);
1159
1160         /* Set require_privacy to true only when non-connectable
1161          * advertising is used. In that case it is fine to use a
1162          * non-resolvable private address.
1163          */
1164         if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1165                 return;
1166 #endif
1167
1168         memset(&cp, 0, sizeof(cp));
1169         cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1170         cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1171 #ifdef CONFIG_TIZEN_WIP
1172         cp.filter_policy = hdev->adv_filter_policy;
1173         cp.type = hdev->adv_type;
1174 #else
1175         cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1176 #endif
1177         cp.own_address_type = own_addr_type;
1178         cp.channel_map = hdev->le_adv_channel_map;
1179
1180         hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1181
1182         hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1183 }
1184
1185 static void service_cache_off(struct work_struct *work)
1186 {
1187         struct hci_dev *hdev = container_of(work, struct hci_dev,
1188                                             service_cache.work);
1189         struct hci_request req;
1190
1191         if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1192                 return;
1193
1194         hci_req_init(&req, hdev);
1195
1196         hci_dev_lock(hdev);
1197
1198         update_eir(&req);
1199         update_class(&req);
1200
1201         hci_dev_unlock(hdev);
1202
1203         hci_req_run(&req, NULL);
1204 }
1205
1206 static void rpa_expired(struct work_struct *work)
1207 {
1208         struct hci_dev *hdev = container_of(work, struct hci_dev,
1209                                             rpa_expired.work);
1210         struct hci_request req;
1211
1212         BT_DBG("");
1213
1214         set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1215
1216         if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1217                 return;
1218
1219         /* The generation of a new RPA and programming it into the
1220          * controller happens in the enable_advertising() function.
1221          */
1222         hci_req_init(&req, hdev);
1223         enable_advertising(&req);
1224         hci_req_run(&req, NULL);
1225 }
1226
1227 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1228 {
1229         if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1230                 return;
1231
1232         INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1233         INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1234
1235         /* Non-mgmt controlled devices get this bit set
1236          * implicitly so that pairing works for them, however
1237          * for mgmt we require user-space to explicitly enable
1238          * it
1239          */
1240         clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1241 }
1242
1243 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1244                                 void *data, u16 data_len)
1245 {
1246         struct mgmt_rp_read_info rp;
1247
1248         BT_DBG("sock %p %s", sk, hdev->name);
1249
1250         hci_dev_lock(hdev);
1251
1252         memset(&rp, 0, sizeof(rp));
1253
1254         bacpy(&rp.bdaddr, &hdev->bdaddr);
1255
1256         rp.version = hdev->hci_ver;
1257         rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1258
1259         rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1260         rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1261
1262         memcpy(rp.dev_class, hdev->dev_class, 3);
1263
1264         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1265         memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1266
1267         hci_dev_unlock(hdev);
1268
1269         return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1270                             sizeof(rp));
1271 }
1272
1273 static void mgmt_pending_free(struct pending_cmd *cmd)
1274 {
1275         sock_put(cmd->sk);
1276         kfree(cmd->param);
1277         kfree(cmd);
1278 }
1279
1280 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1281                                             struct hci_dev *hdev, void *data,
1282                                             u16 len)
1283 {
1284         struct pending_cmd *cmd;
1285
1286         cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1287         if (!cmd)
1288                 return NULL;
1289
1290         cmd->opcode = opcode;
1291         cmd->index = hdev->id;
1292
1293         cmd->param = kmemdup(data, len, GFP_KERNEL);
1294         if (!cmd->param) {
1295                 kfree(cmd);
1296                 return NULL;
1297         }
1298
1299         cmd->param_len = len;
1300
1301         cmd->sk = sk;
1302         sock_hold(sk);
1303
1304         list_add(&cmd->list, &hdev->mgmt_pending);
1305
1306         return cmd;
1307 }
1308
1309 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1310                                  void (*cb)(struct pending_cmd *cmd,
1311                                             void *data),
1312                                  void *data)
1313 {
1314         struct pending_cmd *cmd, *tmp;
1315
1316         list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1317                 if (opcode > 0 && cmd->opcode != opcode)
1318                         continue;
1319
1320                 cb(cmd, data);
1321         }
1322 }
1323
1324 static void mgmt_pending_remove(struct pending_cmd *cmd)
1325 {
1326         list_del(&cmd->list);
1327         mgmt_pending_free(cmd);
1328 }
1329
1330 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1331 {
1332         __le32 settings = cpu_to_le32(get_current_settings(hdev));
1333
1334         return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1335                             sizeof(settings));
1336 }
1337
1338 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1339 {
1340         BT_DBG("%s status 0x%02x", hdev->name, status);
1341
1342         if (hci_conn_count(hdev) == 0) {
1343                 cancel_delayed_work(&hdev->power_off);
1344                 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1345         }
1346 }
1347
1348 static bool hci_stop_discovery(struct hci_request *req)
1349 {
1350         struct hci_dev *hdev = req->hdev;
1351         struct hci_cp_remote_name_req_cancel cp;
1352         struct inquiry_entry *e;
1353
1354         switch (hdev->discovery.state) {
1355         case DISCOVERY_FINDING:
1356                 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1357                         hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1358                 } else {
1359                         cancel_delayed_work(&hdev->le_scan_disable);
1360                         hci_req_add_le_scan_disable(req);
1361                 }
1362
1363                 return true;
1364
1365         case DISCOVERY_RESOLVING:
1366                 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1367                                                      NAME_PENDING);
1368                 if (!e)
1369                         break;
1370
1371                 bacpy(&cp.bdaddr, &e->data.bdaddr);
1372                 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1373                             &cp);
1374
1375                 return true;
1376
1377         default:
1378                 /* Passive scanning */
1379                 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1380                         hci_req_add_le_scan_disable(req);
1381                         return true;
1382                 }
1383
1384                 break;
1385         }
1386
1387         return false;
1388 }
1389
1390 static int clean_up_hci_state(struct hci_dev *hdev)
1391 {
1392         struct hci_request req;
1393         struct hci_conn *conn;
1394         bool discov_stopped;
1395         int err;
1396
1397         hci_req_init(&req, hdev);
1398
1399         if (test_bit(HCI_ISCAN, &hdev->flags) ||
1400             test_bit(HCI_PSCAN, &hdev->flags)) {
1401                 u8 scan = 0x00;
1402                 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1403         }
1404
1405         if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1406                 disable_advertising(&req);
1407
1408         discov_stopped = hci_stop_discovery(&req);
1409
1410         list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1411                 struct hci_cp_disconnect dc;
1412                 struct hci_cp_reject_conn_req rej;
1413
1414                 switch (conn->state) {
1415                 case BT_CONNECTED:
1416                 case BT_CONFIG:
1417                         dc.handle = cpu_to_le16(conn->handle);
1418                         dc.reason = 0x15; /* Terminated due to Power Off */
1419                         hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1420                         break;
1421                 case BT_CONNECT:
1422                         if (conn->type == LE_LINK)
1423                                 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1424                                             0, NULL);
1425                         else if (conn->type == ACL_LINK)
1426                                 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1427                                             6, &conn->dst);
1428                         break;
1429                 case BT_CONNECT2:
1430                         bacpy(&rej.bdaddr, &conn->dst);
1431                         rej.reason = 0x15; /* Terminated due to Power Off */
1432                         if (conn->type == ACL_LINK)
1433                                 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1434                                             sizeof(rej), &rej);
1435                         else if (conn->type == SCO_LINK)
1436                                 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1437                                             sizeof(rej), &rej);
1438                         break;
1439                 }
1440         }
1441
1442         err = hci_req_run(&req, clean_up_hci_complete);
1443         if (!err && discov_stopped)
1444                 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1445
1446         return err;
1447 }
1448
1449 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1450                        u16 len)
1451 {
1452         struct mgmt_mode *cp = data;
1453         struct pending_cmd *cmd;
1454         int err;
1455
1456         BT_DBG("request for %s", hdev->name);
1457
1458         if (cp->val != 0x00 && cp->val != 0x01)
1459                 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1460                                   MGMT_STATUS_INVALID_PARAMS);
1461
1462         hci_dev_lock(hdev);
1463
1464         if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1465                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1466                                  MGMT_STATUS_BUSY);
1467                 goto failed;
1468         }
1469
1470         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1471                 cancel_delayed_work(&hdev->power_off);
1472
1473                 if (cp->val) {
1474                         mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1475                                          data, len);
1476                         err = mgmt_powered(hdev, 1);
1477                         goto failed;
1478                 }
1479         }
1480
1481         if (!!cp->val == hdev_is_powered(hdev)) {
1482                 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1483                 goto failed;
1484         }
1485
1486         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1487         if (!cmd) {
1488                 err = -ENOMEM;
1489                 goto failed;
1490         }
1491
1492         if (cp->val) {
1493                 queue_work(hdev->req_workqueue, &hdev->power_on);
1494                 err = 0;
1495         } else {
1496                 /* Disconnect connections, stop scans, etc */
1497                 err = clean_up_hci_state(hdev);
1498                 if (!err)
1499                         queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1500                                            HCI_POWER_OFF_TIMEOUT);
1501
1502                 /* ENODATA means there were no HCI commands queued */
1503                 if (err == -ENODATA) {
1504                         cancel_delayed_work(&hdev->power_off);
1505                         queue_work(hdev->req_workqueue, &hdev->power_off.work);
1506                         err = 0;
1507                 }
1508         }
1509
1510 failed:
1511         hci_dev_unlock(hdev);
1512         return err;
1513 }
1514
1515 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1516 {
1517         __le32 ev;
1518
1519         ev = cpu_to_le32(get_current_settings(hdev));
1520
1521         return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1522 }
1523
1524 int mgmt_new_settings(struct hci_dev *hdev)
1525 {
1526         return new_settings(hdev, NULL);
1527 }
1528
1529 struct cmd_lookup {
1530         struct sock *sk;
1531         struct hci_dev *hdev;
1532         u8 mgmt_status;
1533 };
1534
1535 static void settings_rsp(struct pending_cmd *cmd, void *data)
1536 {
1537         struct cmd_lookup *match = data;
1538
1539         send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1540
1541         list_del(&cmd->list);
1542
1543         if (match->sk == NULL) {
1544                 match->sk = cmd->sk;
1545                 sock_hold(match->sk);
1546         }
1547
1548         mgmt_pending_free(cmd);
1549 }
1550
1551 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1552 {
1553         u8 *status = data;
1554
1555         cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1556         mgmt_pending_remove(cmd);
1557 }
1558
1559 static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1560 {
1561         if (cmd->cmd_complete) {
1562                 u8 *status = data;
1563
1564                 cmd->cmd_complete(cmd, *status);
1565                 mgmt_pending_remove(cmd);
1566
1567                 return;
1568         }
1569
1570         cmd_status_rsp(cmd, data);
1571 }
1572
1573 static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1574 {
1575         return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1576                             cmd->param, cmd->param_len);
1577 }
1578
1579 static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1580 {
1581         return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1582                             sizeof(struct mgmt_addr_info));
1583 }
1584
1585 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1586 {
1587         if (!lmp_bredr_capable(hdev))
1588                 return MGMT_STATUS_NOT_SUPPORTED;
1589         else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1590                 return MGMT_STATUS_REJECTED;
1591         else
1592                 return MGMT_STATUS_SUCCESS;
1593 }
1594
1595 static u8 mgmt_le_support(struct hci_dev *hdev)
1596 {
1597         if (!lmp_le_capable(hdev))
1598                 return MGMT_STATUS_NOT_SUPPORTED;
1599         else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1600                 return MGMT_STATUS_REJECTED;
1601         else
1602                 return MGMT_STATUS_SUCCESS;
1603 }
1604
1605 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1606                                       u16 opcode)
1607 {
1608         struct pending_cmd *cmd;
1609         struct mgmt_mode *cp;
1610         struct hci_request req;
1611         bool changed;
1612
1613         BT_DBG("status 0x%02x", status);
1614
1615         hci_dev_lock(hdev);
1616
1617         cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1618         if (!cmd)
1619                 goto unlock;
1620
1621         if (status) {
1622                 u8 mgmt_err = mgmt_status(status);
1623                 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1624                 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1625                 goto remove_cmd;
1626         }
1627
1628         cp = cmd->param;
1629         if (cp->val) {
1630                 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1631                                             &hdev->dev_flags);
1632
1633                 if (hdev->discov_timeout > 0) {
1634                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1635                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1636                                            to);
1637                 }
1638         } else {
1639                 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1640                                              &hdev->dev_flags);
1641         }
1642
1643         send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1644
1645         if (changed)
1646                 new_settings(hdev, cmd->sk);
1647
1648         /* When the discoverable mode gets changed, make sure
1649          * that class of device has the limited discoverable
1650          * bit correctly set. Also update page scan based on whitelist
1651          * entries.
1652          */
1653         hci_req_init(&req, hdev);
1654         __hci_update_page_scan(&req);
1655         update_class(&req);
1656         hci_req_run(&req, NULL);
1657
1658 remove_cmd:
1659         mgmt_pending_remove(cmd);
1660
1661 unlock:
1662         hci_dev_unlock(hdev);
1663 }
1664
1665 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1666                             u16 len)
1667 {
1668         struct mgmt_cp_set_discoverable *cp = data;
1669         struct pending_cmd *cmd;
1670         struct hci_request req;
1671         u16 timeout;
1672         u8 scan;
1673         int err;
1674
1675         BT_DBG("request for %s", hdev->name);
1676
1677         if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1678             !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1679                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1680                                   MGMT_STATUS_REJECTED);
1681
1682         if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1683                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1684                                   MGMT_STATUS_INVALID_PARAMS);
1685
1686         timeout = __le16_to_cpu(cp->timeout);
1687
1688         /* Disabling discoverable requires that no timeout is set,
1689          * and enabling limited discoverable requires a timeout.
1690          */
1691         if ((cp->val == 0x00 && timeout > 0) ||
1692             (cp->val == 0x02 && timeout == 0))
1693                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1694                                   MGMT_STATUS_INVALID_PARAMS);
1695
1696         hci_dev_lock(hdev);
1697
1698         if (!hdev_is_powered(hdev) && timeout > 0) {
1699                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1700                                  MGMT_STATUS_NOT_POWERED);
1701                 goto failed;
1702         }
1703
1704         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1705             mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1706                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1707                                  MGMT_STATUS_BUSY);
1708                 goto failed;
1709         }
1710
1711         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1712                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1713                                  MGMT_STATUS_REJECTED);
1714                 goto failed;
1715         }
1716
1717         if (!hdev_is_powered(hdev)) {
1718                 bool changed = false;
1719
1720                 /* Setting limited discoverable when powered off is
1721                  * not a valid operation since it requires a timeout
1722                  * and so no need to check HCI_LIMITED_DISCOVERABLE.
1723                  */
1724                 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1725                         change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1726                         changed = true;
1727                 }
1728
1729                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1730                 if (err < 0)
1731                         goto failed;
1732
1733                 if (changed)
1734                         err = new_settings(hdev, sk);
1735
1736                 goto failed;
1737         }
1738
1739         /* If the current mode is the same, then just update the timeout
1740          * value with the new value. And if only the timeout gets updated,
1741          * then no need for any HCI transactions.
1742          */
1743         if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1744             (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1745                                           &hdev->dev_flags)) {
1746                 cancel_delayed_work(&hdev->discov_off);
1747                 hdev->discov_timeout = timeout;
1748
1749                 if (cp->val && hdev->discov_timeout > 0) {
1750                         int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1751                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1752                                            to);
1753                 }
1754
1755                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1756                 goto failed;
1757         }
1758
1759         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1760         if (!cmd) {
1761                 err = -ENOMEM;
1762                 goto failed;
1763         }
1764
1765         /* Cancel any potential discoverable timeout that might be
1766          * still active and store new timeout value. The arming of
1767          * the timeout happens in the complete handler.
1768          */
1769         cancel_delayed_work(&hdev->discov_off);
1770         hdev->discov_timeout = timeout;
1771
1772         /* Limited discoverable mode */
1773         if (cp->val == 0x02)
1774                 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1775         else
1776                 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1777
1778         hci_req_init(&req, hdev);
1779
1780         /* The procedure for LE-only controllers is much simpler - just
1781          * update the advertising data.
1782          */
1783         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1784                 goto update_ad;
1785
1786         scan = SCAN_PAGE;
1787
1788         if (cp->val) {
1789                 struct hci_cp_write_current_iac_lap hci_cp;
1790
1791                 if (cp->val == 0x02) {
1792                         /* Limited discoverable mode */
1793                         hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1794                         hci_cp.iac_lap[0] = 0x00;       /* LIAC */
1795                         hci_cp.iac_lap[1] = 0x8b;
1796                         hci_cp.iac_lap[2] = 0x9e;
1797                         hci_cp.iac_lap[3] = 0x33;       /* GIAC */
1798                         hci_cp.iac_lap[4] = 0x8b;
1799                         hci_cp.iac_lap[5] = 0x9e;
1800                 } else {
1801                         /* General discoverable mode */
1802                         hci_cp.num_iac = 1;
1803                         hci_cp.iac_lap[0] = 0x33;       /* GIAC */
1804                         hci_cp.iac_lap[1] = 0x8b;
1805                         hci_cp.iac_lap[2] = 0x9e;
1806                 }
1807
1808                 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1809                             (hci_cp.num_iac * 3) + 1, &hci_cp);
1810
1811                 scan |= SCAN_INQUIRY;
1812         } else {
1813                 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1814         }
1815
1816         hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1817
1818 update_ad:
1819         update_adv_data(&req);
1820
1821         err = hci_req_run(&req, set_discoverable_complete);
1822         if (err < 0)
1823                 mgmt_pending_remove(cmd);
1824
1825 failed:
1826         hci_dev_unlock(hdev);
1827         return err;
1828 }
1829
1830 static void write_fast_connectable(struct hci_request *req, bool enable)
1831 {
1832         struct hci_dev *hdev = req->hdev;
1833 #ifndef CONFIG_TIZEN_WIP
1834         struct hci_cp_write_page_scan_activity acp;
1835 #endif
1836         u8 type;
1837
1838         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1839                 return;
1840
1841         if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1842                 return;
1843
1844 #ifdef CONFIG_TIZEN_WIP
1845         if (enable) {
1846                 type = PAGE_SCAN_TYPE_INTERLACED;
1847         } else {
1848                 type = PAGE_SCAN_TYPE_STANDARD;
1849         }
1850 #else
1851         if (enable) {
1852                 type = PAGE_SCAN_TYPE_INTERLACED;
1853
1854                 /* 160 msec page scan interval */
1855                 acp.interval = cpu_to_le16(0x0100);
1856         } else {
1857                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1858
1859                 /* default 1.28 sec page scan */
1860                 acp.interval = cpu_to_le16(0x0800);
1861         }
1862
1863         acp.window = cpu_to_le16(0x0012);
1864
1865         if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1866             __cpu_to_le16(hdev->page_scan_window) != acp.window)
1867                 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1868                             sizeof(acp), &acp);
1869 #endif
1870
1871         if (hdev->page_scan_type != type)
1872                 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1873 }
1874
1875 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1876                                      u16 opcode)
1877 {
1878         struct pending_cmd *cmd;
1879         struct mgmt_mode *cp;
1880         bool conn_changed, discov_changed;
1881
1882         BT_DBG("status 0x%02x", status);
1883
1884         hci_dev_lock(hdev);
1885
1886         cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1887         if (!cmd)
1888                 goto unlock;
1889
1890         if (status) {
1891                 u8 mgmt_err = mgmt_status(status);
1892                 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1893                 goto remove_cmd;
1894         }
1895
1896         cp = cmd->param;
1897         if (cp->val) {
1898                 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1899                                                  &hdev->dev_flags);
1900                 discov_changed = false;
1901         } else {
1902                 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1903                                                   &hdev->dev_flags);
1904                 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1905                                                     &hdev->dev_flags);
1906         }
1907
1908         send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1909
1910         if (conn_changed || discov_changed) {
1911                 new_settings(hdev, cmd->sk);
1912                 hci_update_page_scan(hdev);
1913                 if (discov_changed)
1914                         mgmt_update_adv_data(hdev);
1915                 hci_update_background_scan(hdev);
1916         }
1917
1918 remove_cmd:
1919         mgmt_pending_remove(cmd);
1920
1921 unlock:
1922         hci_dev_unlock(hdev);
1923 }
1924
1925 static int set_connectable_update_settings(struct hci_dev *hdev,
1926                                            struct sock *sk, u8 val)
1927 {
1928         bool changed = false;
1929         int err;
1930
1931         if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1932                 changed = true;
1933
1934         if (val) {
1935                 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1936         } else {
1937                 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1938                 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1939         }
1940
1941         err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1942         if (err < 0)
1943                 return err;
1944
1945         if (changed) {
1946                 hci_update_page_scan(hdev);
1947                 hci_update_background_scan(hdev);
1948                 return new_settings(hdev, sk);
1949         }
1950
1951         return 0;
1952 }
1953
1954 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1955                            u16 len)
1956 {
1957         struct mgmt_mode *cp = data;
1958         struct pending_cmd *cmd;
1959         struct hci_request req;
1960         u8 scan;
1961         int err;
1962
1963         BT_DBG("request for %s", hdev->name);
1964
1965         if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1966             !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1967                 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1968                                   MGMT_STATUS_REJECTED);
1969
1970         if (cp->val != 0x00 && cp->val != 0x01)
1971                 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1972                                   MGMT_STATUS_INVALID_PARAMS);
1973
1974         hci_dev_lock(hdev);
1975
1976         if (!hdev_is_powered(hdev)) {
1977                 err = set_connectable_update_settings(hdev, sk, cp->val);
1978                 goto failed;
1979         }
1980
1981         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1982             mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1983                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1984                                  MGMT_STATUS_BUSY);
1985                 goto failed;
1986         }
1987
1988         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1989         if (!cmd) {
1990                 err = -ENOMEM;
1991                 goto failed;
1992         }
1993
1994         hci_req_init(&req, hdev);
1995
1996         /* If BR/EDR is not enabled and we disable advertising as a
1997          * by-product of disabling connectable, we need to update the
1998          * advertising flags.
1999          */
2000         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2001                 if (!cp->val) {
2002                         clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2003                         clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2004                 }
2005                 update_adv_data(&req);
2006         } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2007                 if (cp->val) {
2008                         scan = SCAN_PAGE;
2009                 } else {
2010                         /* If we don't have any whitelist entries just
2011                          * disable all scanning. If there are entries
2012                          * and we had both page and inquiry scanning
2013                          * enabled then fall back to only page scanning.
2014                          * Otherwise no changes are needed.
2015                          */
2016                         if (list_empty(&hdev->whitelist))
2017                                 scan = SCAN_DISABLED;
2018                         else if (test_bit(HCI_ISCAN, &hdev->flags))
2019                                 scan = SCAN_PAGE;
2020                         else
2021                                 goto no_scan_update;
2022
2023                         if (test_bit(HCI_ISCAN, &hdev->flags) &&
2024                             hdev->discov_timeout > 0)
2025                                 cancel_delayed_work(&hdev->discov_off);
2026                 }
2027
2028                 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2029         }
2030
2031 no_scan_update:
2032         /* If we're going from non-connectable to connectable or
2033          * vice-versa when fast connectable is enabled ensure that fast
2034          * connectable gets disabled. write_fast_connectable won't do
2035          * anything if the page scan parameters are already what they
2036          * should be.
2037          */
2038         if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
2039                 write_fast_connectable(&req, false);
2040
2041         /* Update the advertising parameters if necessary */
2042         if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2043                 enable_advertising(&req);
2044
2045         err = hci_req_run(&req, set_connectable_complete);
2046         if (err < 0) {
2047                 mgmt_pending_remove(cmd);
2048                 if (err == -ENODATA)
2049                         err = set_connectable_update_settings(hdev, sk,
2050                                                               cp->val);
2051                 goto failed;
2052         }
2053
2054 failed:
2055         hci_dev_unlock(hdev);
2056         return err;
2057 }
2058
2059 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2060                         u16 len)
2061 {
2062         struct mgmt_mode *cp = data;
2063         bool changed;
2064         int err;
2065
2066         BT_DBG("request for %s", hdev->name);
2067
2068         if (cp->val != 0x00 && cp->val != 0x01)
2069                 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2070                                   MGMT_STATUS_INVALID_PARAMS);
2071
2072         hci_dev_lock(hdev);
2073
2074         if (cp->val)
2075                 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
2076         else
2077                 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
2078
2079         err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2080         if (err < 0)
2081                 goto unlock;
2082
2083         if (changed)
2084                 err = new_settings(hdev, sk);
2085
2086 unlock:
2087         hci_dev_unlock(hdev);
2088         return err;
2089 }
2090
2091 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2092                              u16 len)
2093 {
2094         struct mgmt_mode *cp = data;
2095         struct pending_cmd *cmd;
2096         u8 val, status;
2097         int err;
2098
2099         BT_DBG("request for %s", hdev->name);
2100
2101         status = mgmt_bredr_support(hdev);
2102         if (status)
2103                 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2104                                   status);
2105
2106         if (cp->val != 0x00 && cp->val != 0x01)
2107                 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2108                                   MGMT_STATUS_INVALID_PARAMS);
2109
2110         hci_dev_lock(hdev);
2111
2112         if (!hdev_is_powered(hdev)) {
2113                 bool changed = false;
2114
2115                 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
2116                                           &hdev->dev_flags)) {
2117                         change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2118                         changed = true;
2119                 }
2120
2121                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2122                 if (err < 0)
2123                         goto failed;
2124
2125                 if (changed)
2126                         err = new_settings(hdev, sk);
2127
2128                 goto failed;
2129         }
2130
2131         if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2132                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2133                                  MGMT_STATUS_BUSY);
2134                 goto failed;
2135         }
2136
2137         val = !!cp->val;
2138
2139         if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2140                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2141                 goto failed;
2142         }
2143
2144         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2145         if (!cmd) {
2146                 err = -ENOMEM;
2147                 goto failed;
2148         }
2149
2150         err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2151         if (err < 0) {
2152                 mgmt_pending_remove(cmd);
2153                 goto failed;
2154         }
2155
2156 failed:
2157         hci_dev_unlock(hdev);
2158         return err;
2159 }
2160
2161 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2162 {
2163         struct mgmt_mode *cp = data;
2164         struct pending_cmd *cmd;
2165         u8 status;
2166         int err;
2167
2168         BT_DBG("request for %s", hdev->name);
2169
2170         status = mgmt_bredr_support(hdev);
2171         if (status)
2172                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2173
2174         if (!lmp_ssp_capable(hdev))
2175                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2176                                   MGMT_STATUS_NOT_SUPPORTED);
2177
2178         if (cp->val != 0x00 && cp->val != 0x01)
2179                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2180                                   MGMT_STATUS_INVALID_PARAMS);
2181
2182         hci_dev_lock(hdev);
2183
2184         if (!hdev_is_powered(hdev)) {
2185                 bool changed;
2186
2187                 if (cp->val) {
2188                         changed = !test_and_set_bit(HCI_SSP_ENABLED,
2189                                                     &hdev->dev_flags);
2190                 } else {
2191                         changed = test_and_clear_bit(HCI_SSP_ENABLED,
2192                                                      &hdev->dev_flags);
2193                         if (!changed)
2194                                 changed = test_and_clear_bit(HCI_HS_ENABLED,
2195                                                              &hdev->dev_flags);
2196                         else
2197                                 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2198                 }
2199
2200                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2201                 if (err < 0)
2202                         goto failed;
2203
2204                 if (changed)
2205                         err = new_settings(hdev, sk);
2206
2207                 goto failed;
2208         }
2209
2210         if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2211             mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2212                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2213                                  MGMT_STATUS_BUSY);
2214                 goto failed;
2215         }
2216
2217         if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2218                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2219                 goto failed;
2220         }
2221
2222         cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2223         if (!cmd) {
2224                 err = -ENOMEM;
2225                 goto failed;
2226         }
2227
2228         if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2229                 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2230                              sizeof(cp->val), &cp->val);
2231
2232         err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2233         if (err < 0) {
2234                 mgmt_pending_remove(cmd);
2235                 goto failed;
2236         }
2237
2238 failed:
2239         hci_dev_unlock(hdev);
2240         return err;
2241 }
2242
2243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2244 {
2245         struct mgmt_mode *cp = data;
2246         bool changed;
2247         u8 status;
2248         int err;
2249
2250         BT_DBG("request for %s", hdev->name);
2251
2252         status = mgmt_bredr_support(hdev);
2253         if (status)
2254                 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2255
2256         if (!lmp_ssp_capable(hdev))
2257                 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2258                                   MGMT_STATUS_NOT_SUPPORTED);
2259
2260         if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2261                 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2262                                   MGMT_STATUS_REJECTED);
2263
2264         if (cp->val != 0x00 && cp->val != 0x01)
2265                 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2266                                   MGMT_STATUS_INVALID_PARAMS);
2267
2268         hci_dev_lock(hdev);
2269
2270         if (cp->val) {
2271                 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2272         } else {
2273                 if (hdev_is_powered(hdev)) {
2274                         err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2275                                          MGMT_STATUS_REJECTED);
2276                         goto unlock;
2277                 }
2278
2279                 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2280         }
2281
2282         err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2283         if (err < 0)
2284                 goto unlock;
2285
2286         if (changed)
2287                 err = new_settings(hdev, sk);
2288
2289 unlock:
2290         hci_dev_unlock(hdev);
2291         return err;
2292 }
2293
2294 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2295 {
2296         struct cmd_lookup match = { NULL, hdev };
2297
2298 #ifdef CONFIG_TIZEN_WIP
2299         hci_dev_lock(hdev);
2300 #endif
2301
2302         if (status) {
2303                 u8 mgmt_err = mgmt_status(status);
2304
2305                 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2306                                      &mgmt_err);
2307 #ifdef CONFIG_TIZEN_WIP
2308                 goto unlock;
2309 #else
2310                 return;
2311 #endif
2312         }
2313
2314         mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2315
2316         new_settings(hdev, match.sk);
2317
2318         if (match.sk)
2319                 sock_put(match.sk);
2320
2321         /* Make sure the controller has a good default for
2322          * advertising data. Restrict the update to when LE
2323          * has actually been enabled. During power on, the
2324          * update in powered_update_hci will take care of it.
2325          */
2326         if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2327                 struct hci_request req;
2328
2329 #ifndef CONFIG_TIZEN_WIP
2330                 hci_dev_lock(hdev);
2331 #endif
2332
2333                 hci_req_init(&req, hdev);
2334                 update_adv_data(&req);
2335                 update_scan_rsp_data(&req);
2336                 __hci_update_background_scan(&req);
2337                 hci_req_run(&req, NULL);
2338         }
2339         hci_update_background_scan(hdev);
2340 #ifdef CONFIG_TIZEN_WIP
2341 unlock:
2342         hci_dev_unlock(hdev);
2343 #endif
2344 }
2345
2346 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2347 {
2348         struct mgmt_mode *cp = data;
2349         struct hci_cp_write_le_host_supported hci_cp;
2350         struct pending_cmd *cmd;
2351         struct hci_request req;
2352         int err;
2353         u8 val, enabled;
2354
2355         BT_DBG("request for %s", hdev->name);
2356
2357         if (!lmp_le_capable(hdev))
2358                 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2359                                   MGMT_STATUS_NOT_SUPPORTED);
2360
2361         if (cp->val != 0x00 && cp->val != 0x01)
2362                 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2363                                   MGMT_STATUS_INVALID_PARAMS);
2364
2365         /* LE-only devices do not allow toggling LE on/off */
2366         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2367                 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2368                                   MGMT_STATUS_REJECTED);
2369
2370         hci_dev_lock(hdev);
2371
2372         val = !!cp->val;
2373         enabled = lmp_host_le_capable(hdev);
2374
2375         if (!hdev_is_powered(hdev) || val == enabled) {
2376                 bool changed = false;
2377
2378                 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2379                         change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2380                         changed = true;
2381                 }
2382
2383                 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2384                         clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2385                         changed = true;
2386                 }
2387
2388                 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2389                 if (err < 0)
2390                         goto unlock;
2391
2392                 if (changed)
2393                         err = new_settings(hdev, sk);
2394
2395                 goto unlock;
2396         }
2397
2398         if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2399             mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2400                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2401                                  MGMT_STATUS_BUSY);
2402                 goto unlock;
2403         }
2404
2405         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2406         if (!cmd) {
2407                 err = -ENOMEM;
2408                 goto unlock;
2409         }
2410
2411         hci_req_init(&req, hdev);
2412
2413         memset(&hci_cp, 0, sizeof(hci_cp));
2414
2415         if (val) {
2416                 hci_cp.le = val;
2417                 hci_cp.simul = 0x00;
2418         } else {
2419                 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2420                         disable_advertising(&req);
2421         }
2422
2423         hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2424                     &hci_cp);
2425
2426         err = hci_req_run(&req, le_enable_complete);
2427         if (err < 0)
2428                 mgmt_pending_remove(cmd);
2429
2430 unlock:
2431         hci_dev_unlock(hdev);
2432         return err;
2433 }
2434
2435 /* This is a helper function to test for pending mgmt commands that can
2436  * cause CoD or EIR HCI commands. We can only allow one such pending
2437  * mgmt command at a time since otherwise we cannot easily track what
2438  * the current values are, will be, and based on that calculate if a new
2439  * HCI command needs to be sent and if yes with what value.
2440  */
2441 static bool pending_eir_or_class(struct hci_dev *hdev)
2442 {
2443         struct pending_cmd *cmd;
2444
2445         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2446                 switch (cmd->opcode) {
2447                 case MGMT_OP_ADD_UUID:
2448                 case MGMT_OP_REMOVE_UUID:
2449                 case MGMT_OP_SET_DEV_CLASS:
2450                 case MGMT_OP_SET_POWERED:
2451                         return true;
2452                 }
2453         }
2454
2455         return false;
2456 }
2457
2458 static const u8 bluetooth_base_uuid[] = {
2459                         0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2460                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2461 };
2462
2463 static u8 get_uuid_size(const u8 *uuid)
2464 {
2465         u32 val;
2466
2467         if (memcmp(uuid, bluetooth_base_uuid, 12))
2468                 return 128;
2469
2470         val = get_unaligned_le32(&uuid[12]);
2471         if (val > 0xffff)
2472                 return 32;
2473
2474         return 16;
2475 }
2476
2477 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2478 {
2479         struct pending_cmd *cmd;
2480
2481         hci_dev_lock(hdev);
2482
2483         cmd = mgmt_pending_find(mgmt_op, hdev);
2484         if (!cmd)
2485                 goto unlock;
2486
2487         cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2488                      hdev->dev_class, 3);
2489
2490         mgmt_pending_remove(cmd);
2491
2492 unlock:
2493         hci_dev_unlock(hdev);
2494 }
2495
2496 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2497 {
2498         BT_DBG("status 0x%02x", status);
2499
2500         mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2501 }
2502
2503 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2504 {
2505         struct mgmt_cp_add_uuid *cp = data;
2506         struct pending_cmd *cmd;
2507         struct hci_request req;
2508         struct bt_uuid *uuid;
2509         int err;
2510
2511         BT_DBG("request for %s", hdev->name);
2512
2513         hci_dev_lock(hdev);
2514
2515         if (pending_eir_or_class(hdev)) {
2516                 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2517                                  MGMT_STATUS_BUSY);
2518                 goto failed;
2519         }
2520
2521         uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2522         if (!uuid) {
2523                 err = -ENOMEM;
2524                 goto failed;
2525         }
2526
2527         memcpy(uuid->uuid, cp->uuid, 16);
2528         uuid->svc_hint = cp->svc_hint;
2529         uuid->size = get_uuid_size(cp->uuid);
2530
2531         list_add_tail(&uuid->list, &hdev->uuids);
2532
2533         hci_req_init(&req, hdev);
2534
2535         update_class(&req);
2536         update_eir(&req);
2537
2538         err = hci_req_run(&req, add_uuid_complete);
2539         if (err < 0) {
2540                 if (err != -ENODATA)
2541                         goto failed;
2542
2543                 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2544                                    hdev->dev_class, 3);
2545                 goto failed;
2546         }
2547
2548         cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2549         if (!cmd) {
2550                 err = -ENOMEM;
2551                 goto failed;
2552         }
2553
2554         err = 0;
2555
2556 failed:
2557         hci_dev_unlock(hdev);
2558         return err;
2559 }
2560
2561 static bool enable_service_cache(struct hci_dev *hdev)
2562 {
2563         if (!hdev_is_powered(hdev))
2564                 return false;
2565
2566         if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2567                 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2568                                    CACHE_TIMEOUT);
2569                 return true;
2570         }
2571
2572         return false;
2573 }
2574
2575 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2576 {
2577         BT_DBG("status 0x%02x", status);
2578
2579         mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2580 }
2581
2582 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2583                        u16 len)
2584 {
2585         struct mgmt_cp_remove_uuid *cp = data;
2586         struct pending_cmd *cmd;
2587         struct bt_uuid *match, *tmp;
2588         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2589         struct hci_request req;
2590         int err, found;
2591
2592         BT_DBG("request for %s", hdev->name);
2593
2594         hci_dev_lock(hdev);
2595
2596         if (pending_eir_or_class(hdev)) {
2597                 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2598                                  MGMT_STATUS_BUSY);
2599                 goto unlock;
2600         }
2601
2602         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2603                 hci_uuids_clear(hdev);
2604
2605                 if (enable_service_cache(hdev)) {
2606                         err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2607                                            0, hdev->dev_class, 3);
2608                         goto unlock;
2609                 }
2610
2611                 goto update_class;
2612         }
2613
2614         found = 0;
2615
2616         list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2617                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2618                         continue;
2619
2620                 list_del(&match->list);
2621                 kfree(match);
2622                 found++;
2623         }
2624
2625         if (found == 0) {
2626                 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2627                                  MGMT_STATUS_INVALID_PARAMS);
2628                 goto unlock;
2629         }
2630
2631 update_class:
2632         hci_req_init(&req, hdev);
2633
2634         update_class(&req);
2635         update_eir(&req);
2636
2637         err = hci_req_run(&req, remove_uuid_complete);
2638         if (err < 0) {
2639                 if (err != -ENODATA)
2640                         goto unlock;
2641
2642                 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2643                                    hdev->dev_class, 3);
2644                 goto unlock;
2645         }
2646
2647         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2648         if (!cmd) {
2649                 err = -ENOMEM;
2650                 goto unlock;
2651         }
2652
2653         err = 0;
2654
2655 unlock:
2656         hci_dev_unlock(hdev);
2657         return err;
2658 }
2659
2660 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2661 {
2662         BT_DBG("status 0x%02x", status);
2663
2664         mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2665 }
2666
2667 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2668                          u16 len)
2669 {
2670         struct mgmt_cp_set_dev_class *cp = data;
2671         struct pending_cmd *cmd;
2672         struct hci_request req;
2673         int err;
2674
2675         BT_DBG("request for %s", hdev->name);
2676
2677         if (!lmp_bredr_capable(hdev))
2678                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2679                                   MGMT_STATUS_NOT_SUPPORTED);
2680
2681         hci_dev_lock(hdev);
2682
2683         if (pending_eir_or_class(hdev)) {
2684                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2685                                  MGMT_STATUS_BUSY);
2686                 goto unlock;
2687         }
2688
2689         if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2690                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2691                                  MGMT_STATUS_INVALID_PARAMS);
2692                 goto unlock;
2693         }
2694
2695         hdev->major_class = cp->major;
2696         hdev->minor_class = cp->minor;
2697
2698         if (!hdev_is_powered(hdev)) {
2699                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2700                                    hdev->dev_class, 3);
2701                 goto unlock;
2702         }
2703
2704         hci_req_init(&req, hdev);
2705
2706         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2707                 hci_dev_unlock(hdev);
2708                 cancel_delayed_work_sync(&hdev->service_cache);
2709                 hci_dev_lock(hdev);
2710                 update_eir(&req);
2711         }
2712
2713         update_class(&req);
2714
2715         err = hci_req_run(&req, set_class_complete);
2716         if (err < 0) {
2717                 if (err != -ENODATA)
2718                         goto unlock;
2719
2720                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2721                                    hdev->dev_class, 3);
2722                 goto unlock;
2723         }
2724
2725         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2726         if (!cmd) {
2727                 err = -ENOMEM;
2728                 goto unlock;
2729         }
2730
2731         err = 0;
2732
2733 unlock:
2734         hci_dev_unlock(hdev);
2735         return err;
2736 }
2737
2738 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2739                           u16 len)
2740 {
2741         struct mgmt_cp_load_link_keys *cp = data;
2742         const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2743                                    sizeof(struct mgmt_link_key_info));
2744         u16 key_count, expected_len;
2745         bool changed;
2746         int i;
2747
2748         BT_DBG("request for %s", hdev->name);
2749
2750         if (!lmp_bredr_capable(hdev))
2751                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2752                                   MGMT_STATUS_NOT_SUPPORTED);
2753
2754         key_count = __le16_to_cpu(cp->key_count);
2755         if (key_count > max_key_count) {
2756                 BT_ERR("load_link_keys: too big key_count value %u",
2757                        key_count);
2758                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2759                                   MGMT_STATUS_INVALID_PARAMS);
2760         }
2761
2762         expected_len = sizeof(*cp) + key_count *
2763                                         sizeof(struct mgmt_link_key_info);
2764         if (expected_len != len) {
2765                 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2766                        expected_len, len);
2767                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2768                                   MGMT_STATUS_INVALID_PARAMS);
2769         }
2770
2771         if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2772                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2773                                   MGMT_STATUS_INVALID_PARAMS);
2774
2775         BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2776                key_count);
2777
2778         for (i = 0; i < key_count; i++) {
2779                 struct mgmt_link_key_info *key = &cp->keys[i];
2780
2781                 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2782                         return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2783                                           MGMT_STATUS_INVALID_PARAMS);
2784         }
2785
2786         hci_dev_lock(hdev);
2787
2788         hci_link_keys_clear(hdev);
2789
2790         if (cp->debug_keys)
2791                 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2792                                             &hdev->dev_flags);
2793         else
2794                 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2795                                              &hdev->dev_flags);
2796
2797         if (changed)
2798                 new_settings(hdev, NULL);
2799
2800         for (i = 0; i < key_count; i++) {
2801                 struct mgmt_link_key_info *key = &cp->keys[i];
2802
2803                 /* Always ignore debug keys and require a new pairing if
2804                  * the user wants to use them.
2805                  */
2806                 if (key->type == HCI_LK_DEBUG_COMBINATION)
2807                         continue;
2808
2809                 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2810                                  key->type, key->pin_len, NULL);
2811         }
2812
2813         cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2814
2815         hci_dev_unlock(hdev);
2816
2817         return 0;
2818 }
2819
2820 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2821                            u8 addr_type, struct sock *skip_sk)
2822 {
2823         struct mgmt_ev_device_unpaired ev;
2824
2825         bacpy(&ev.addr.bdaddr, bdaddr);
2826         ev.addr.type = addr_type;
2827
2828         return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2829                           skip_sk);
2830 }
2831
2832 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2833                          u16 len)
2834 {
2835         struct mgmt_cp_unpair_device *cp = data;
2836         struct mgmt_rp_unpair_device rp;
2837         struct hci_cp_disconnect dc;
2838         struct pending_cmd *cmd;
2839         struct hci_conn *conn;
2840         int err;
2841
2842         memset(&rp, 0, sizeof(rp));
2843         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2844         rp.addr.type = cp->addr.type;
2845
2846         if (!bdaddr_type_is_valid(cp->addr.type))
2847                 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2848                                     MGMT_STATUS_INVALID_PARAMS,
2849                                     &rp, sizeof(rp));
2850
2851         if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2852                 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2853                                     MGMT_STATUS_INVALID_PARAMS,
2854                                     &rp, sizeof(rp));
2855
2856         hci_dev_lock(hdev);
2857
2858         if (!hdev_is_powered(hdev)) {
2859                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2860                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2861                 goto unlock;
2862         }
2863
2864         if (cp->addr.type == BDADDR_BREDR) {
2865                 /* If disconnection is requested, then look up the
2866                  * connection. If the remote device is connected, it
2867                  * will be later used to terminate the link.
2868                  *
2869                  * Setting it to NULL explicitly will cause no
2870                  * termination of the link.
2871                  */
2872                 if (cp->disconnect)
2873                         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2874                                                        &cp->addr.bdaddr);
2875                 else
2876                         conn = NULL;
2877
2878                 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2879         } else {
2880                 u8 addr_type;
2881
2882                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2883                                                &cp->addr.bdaddr);
2884                 if (conn) {
2885                         /* Defer clearing up the connection parameters
2886                          * until closing to give a chance of keeping
2887                          * them if a repairing happens.
2888                          */
2889                         set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2890
2891                         /* If disconnection is not requested, then
2892                          * clear the connection variable so that the
2893                          * link is not terminated.
2894                          */
2895                         if (!cp->disconnect)
2896                                 conn = NULL;
2897                 }
2898
2899                 if (cp->addr.type == BDADDR_LE_PUBLIC)
2900                         addr_type = ADDR_LE_DEV_PUBLIC;
2901                 else
2902                         addr_type = ADDR_LE_DEV_RANDOM;
2903
2904                 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2905
2906                 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2907         }
2908
2909         if (err < 0) {
2910                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2911                                    MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2912                 goto unlock;
2913         }
2914
2915         /* If the connection variable is set, then termination of the
2916          * link is requested.
2917          */
2918         if (!conn) {
2919                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2920                                    &rp, sizeof(rp));
2921                 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2922                 goto unlock;
2923         }
2924
2925         cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2926                                sizeof(*cp));
2927         if (!cmd) {
2928                 err = -ENOMEM;
2929                 goto unlock;
2930         }
2931
2932         cmd->cmd_complete = addr_cmd_complete;
2933
2934         dc.handle = cpu_to_le16(conn->handle);
2935         dc.reason = 0x13; /* Remote User Terminated Connection */
2936         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2937         if (err < 0)
2938                 mgmt_pending_remove(cmd);
2939
2940 unlock:
2941         hci_dev_unlock(hdev);
2942         return err;
2943 }
2944
2945 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2946                       u16 len)
2947 {
2948         struct mgmt_cp_disconnect *cp = data;
2949         struct mgmt_rp_disconnect rp;
2950         struct pending_cmd *cmd;
2951         struct hci_conn *conn;
2952         int err;
2953
2954         BT_DBG("");
2955
2956         memset(&rp, 0, sizeof(rp));
2957         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2958         rp.addr.type = cp->addr.type;
2959
2960         if (!bdaddr_type_is_valid(cp->addr.type))
2961                 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2962                                     MGMT_STATUS_INVALID_PARAMS,
2963                                     &rp, sizeof(rp));
2964
2965         hci_dev_lock(hdev);
2966
2967         if (!test_bit(HCI_UP, &hdev->flags)) {
2968                 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2969                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2970                 goto failed;
2971         }
2972
2973         if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2974                 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2975                                    MGMT_STATUS_BUSY, &rp, sizeof(rp));
2976                 goto failed;
2977         }
2978
2979         if (cp->addr.type == BDADDR_BREDR)
2980                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2981                                                &cp->addr.bdaddr);
2982         else
2983                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2984
2985         if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2986                 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2987                                    MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2988                 goto failed;
2989         }
2990
2991         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2992         if (!cmd) {
2993                 err = -ENOMEM;
2994                 goto failed;
2995         }
2996
2997         cmd->cmd_complete = generic_cmd_complete;
2998
2999         err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3000         if (err < 0)
3001                 mgmt_pending_remove(cmd);
3002
3003 failed:
3004         hci_dev_unlock(hdev);
3005         return err;
3006 }
3007
3008 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3009 {
3010         switch (link_type) {
3011         case LE_LINK:
3012                 switch (addr_type) {
3013                 case ADDR_LE_DEV_PUBLIC:
3014                         return BDADDR_LE_PUBLIC;
3015
3016                 default:
3017                         /* Fallback to LE Random address type */
3018                         return BDADDR_LE_RANDOM;
3019                 }
3020
3021         default:
3022                 /* Fallback to BR/EDR type */
3023                 return BDADDR_BREDR;
3024         }
3025 }
3026
3027 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3028                            u16 data_len)
3029 {
3030         struct mgmt_rp_get_connections *rp;
3031         struct hci_conn *c;
3032         size_t rp_len;
3033         int err;
3034         u16 i;
3035
3036         BT_DBG("");
3037
3038         hci_dev_lock(hdev);
3039
3040         if (!hdev_is_powered(hdev)) {
3041                 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3042                                  MGMT_STATUS_NOT_POWERED);
3043                 goto unlock;
3044         }
3045
3046         i = 0;
3047         list_for_each_entry(c, &hdev->conn_hash.list, list) {
3048                 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3049                         i++;
3050         }
3051
3052         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3053         rp = kmalloc(rp_len, GFP_KERNEL);
3054         if (!rp) {
3055                 err = -ENOMEM;
3056                 goto unlock;
3057         }
3058
3059         i = 0;
3060         list_for_each_entry(c, &hdev->conn_hash.list, list) {
3061                 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3062                         continue;
3063                 bacpy(&rp->addr[i].bdaddr, &c->dst);
3064                 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3065                 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3066                         continue;
3067                 i++;
3068         }
3069
3070         rp->conn_count = cpu_to_le16(i);
3071
3072         /* Recalculate length in case of filtered SCO connections, etc */
3073         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3074
3075         err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3076                            rp_len);
3077
3078         kfree(rp);
3079
3080 unlock:
3081         hci_dev_unlock(hdev);
3082         return err;
3083 }
3084
3085 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3086                                    struct mgmt_cp_pin_code_neg_reply *cp)
3087 {
3088         struct pending_cmd *cmd;
3089         int err;
3090
3091         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3092                                sizeof(*cp));
3093         if (!cmd)
3094                 return -ENOMEM;
3095
3096         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3097                            sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3098         if (err < 0)
3099                 mgmt_pending_remove(cmd);
3100
3101         return err;
3102 }
3103
3104 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3105                           u16 len)
3106 {
3107         struct hci_conn *conn;
3108         struct mgmt_cp_pin_code_reply *cp = data;
3109         struct hci_cp_pin_code_reply reply;
3110         struct pending_cmd *cmd;
3111         int err;
3112
3113         BT_DBG("");
3114
3115         hci_dev_lock(hdev);
3116
3117         if (!hdev_is_powered(hdev)) {
3118                 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3119                                  MGMT_STATUS_NOT_POWERED);
3120                 goto failed;
3121         }
3122
3123         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3124         if (!conn) {
3125                 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3126                                  MGMT_STATUS_NOT_CONNECTED);
3127                 goto failed;
3128         }
3129
3130         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3131                 struct mgmt_cp_pin_code_neg_reply ncp;
3132
3133                 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3134
3135                 BT_ERR("PIN code is not 16 bytes long");
3136
3137                 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3138                 if (err >= 0)
3139                         err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3140                                          MGMT_STATUS_INVALID_PARAMS);
3141
3142                 goto failed;
3143         }
3144
3145         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3146         if (!cmd) {
3147                 err = -ENOMEM;
3148                 goto failed;
3149         }
3150
3151         cmd->cmd_complete = addr_cmd_complete;
3152
3153         bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3154         reply.pin_len = cp->pin_len;
3155         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3156
3157         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3158         if (err < 0)
3159                 mgmt_pending_remove(cmd);
3160
3161 failed:
3162         hci_dev_unlock(hdev);
3163         return err;
3164 }
3165
3166 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3167                              u16 len)
3168 {
3169         struct mgmt_cp_set_io_capability *cp = data;
3170
3171         BT_DBG("");
3172
3173         if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3174                 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3175                                     MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3176
3177         hci_dev_lock(hdev);
3178
3179         hdev->io_capability = cp->io_capability;
3180
3181         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3182                hdev->io_capability);
3183
3184         hci_dev_unlock(hdev);
3185
3186         return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3187                             0);
3188 }
3189
3190 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3191 {
3192         struct hci_dev *hdev = conn->hdev;
3193         struct pending_cmd *cmd;
3194
3195         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3196                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3197                         continue;
3198
3199                 if (cmd->user_data != conn)
3200                         continue;
3201
3202                 return cmd;
3203         }
3204
3205         return NULL;
3206 }
3207
3208 static int pairing_complete(struct pending_cmd *cmd, u8 status)
3209 {
3210         struct mgmt_rp_pair_device rp;
3211         struct hci_conn *conn = cmd->user_data;
3212         int err;
3213
3214         bacpy(&rp.addr.bdaddr, &conn->dst);
3215         rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3216
3217         err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3218                            &rp, sizeof(rp));
3219
3220         /* So we don't get further callbacks for this connection */
3221         conn->connect_cfm_cb = NULL;
3222         conn->security_cfm_cb = NULL;
3223         conn->disconn_cfm_cb = NULL;
3224
3225         hci_conn_drop(conn);
3226
3227         /* The device is paired so there is no need to remove
3228          * its connection parameters anymore.
3229          */
3230         clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3231
3232         hci_conn_put(conn);
3233
3234         return err;
3235 }
3236
3237 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3238 {
3239         u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3240         struct pending_cmd *cmd;
3241
3242         cmd = find_pairing(conn);
3243         if (cmd) {
3244                 cmd->cmd_complete(cmd, status);
3245                 mgmt_pending_remove(cmd);
3246         }
3247 }
3248
3249 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3250 {
3251         struct pending_cmd *cmd;
3252
3253         BT_DBG("status %u", status);
3254
3255         cmd = find_pairing(conn);
3256         if (!cmd) {
3257                 BT_DBG("Unable to find a pending command");
3258                 return;
3259         }
3260
3261         cmd->cmd_complete(cmd, mgmt_status(status));
3262         mgmt_pending_remove(cmd);
3263 }
3264
3265 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3266 {
3267         struct pending_cmd *cmd;
3268
3269         BT_DBG("status %u", status);
3270
3271         if (!status)
3272                 return;
3273
3274         cmd = find_pairing(conn);
3275         if (!cmd) {
3276                 BT_DBG("Unable to find a pending command");
3277                 return;
3278         }
3279
3280         cmd->cmd_complete(cmd, mgmt_status(status));
3281         mgmt_pending_remove(cmd);
3282 }
3283
3284 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3285                        u16 len)
3286 {
3287         struct mgmt_cp_pair_device *cp = data;
3288         struct mgmt_rp_pair_device rp;
3289         struct pending_cmd *cmd;
3290         u8 sec_level, auth_type;
3291         struct hci_conn *conn;
3292         int err;
3293
3294         BT_DBG("");
3295
3296         memset(&rp, 0, sizeof(rp));
3297         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3298         rp.addr.type = cp->addr.type;
3299
3300         if (!bdaddr_type_is_valid(cp->addr.type))
3301                 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302                                     MGMT_STATUS_INVALID_PARAMS,
3303                                     &rp, sizeof(rp));
3304
3305         if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3306                 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3307                                     MGMT_STATUS_INVALID_PARAMS,
3308                                     &rp, sizeof(rp));
3309
3310         hci_dev_lock(hdev);
3311
3312         if (!hdev_is_powered(hdev)) {
3313                 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3314                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3315                 goto unlock;
3316         }
3317
3318         sec_level = BT_SECURITY_MEDIUM;
3319         auth_type = HCI_AT_DEDICATED_BONDING;
3320
3321         if (cp->addr.type == BDADDR_BREDR) {
3322                 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3323                                        auth_type);
3324         } else {
3325                 u8 addr_type;
3326
3327                 /* Convert from L2CAP channel address type to HCI address type
3328                  */
3329                 if (cp->addr.type == BDADDR_LE_PUBLIC)
3330                         addr_type = ADDR_LE_DEV_PUBLIC;
3331                 else
3332                         addr_type = ADDR_LE_DEV_RANDOM;
3333
3334                 /* When pairing a new device, it is expected to remember
3335                  * this device for future connections. Adding the connection
3336                  * parameter information ahead of time allows tracking
3337                  * of the slave preferred values and will speed up any
3338                  * further connection establishment.
3339                  *
3340                  * If connection parameters already exist, then they
3341                  * will be kept and this function does nothing.
3342                  */
3343                 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3344
3345                 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3346                                       sec_level, HCI_LE_CONN_TIMEOUT,
3347                                       HCI_ROLE_MASTER);
3348         }
3349
3350         if (IS_ERR(conn)) {
3351                 int status;
3352
3353                 if (PTR_ERR(conn) == -EBUSY)
3354                         status = MGMT_STATUS_BUSY;
3355                 else
3356                         status = MGMT_STATUS_CONNECT_FAILED;
3357
3358                 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3359                                    status, &rp,
3360                                    sizeof(rp));
3361                 goto unlock;
3362         }
3363
3364         if (conn->connect_cfm_cb) {
3365                 hci_conn_drop(conn);
3366                 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3367                                    MGMT_STATUS_BUSY, &rp, sizeof(rp));
3368                 goto unlock;
3369         }
3370
3371         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3372         if (!cmd) {
3373                 err = -ENOMEM;
3374                 hci_conn_drop(conn);
3375                 goto unlock;
3376         }
3377
3378         cmd->cmd_complete = pairing_complete;
3379
3380         /* For LE, just connecting isn't a proof that the pairing finished */
3381         if (cp->addr.type == BDADDR_BREDR) {
3382                 conn->connect_cfm_cb = pairing_complete_cb;
3383                 conn->security_cfm_cb = pairing_complete_cb;
3384                 conn->disconn_cfm_cb = pairing_complete_cb;
3385         } else {
3386                 conn->connect_cfm_cb = le_pairing_complete_cb;
3387                 conn->security_cfm_cb = le_pairing_complete_cb;
3388                 conn->disconn_cfm_cb = le_pairing_complete_cb;
3389         }
3390
3391         conn->io_capability = cp->io_cap;
3392         cmd->user_data = hci_conn_get(conn);
3393
3394         if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3395             hci_conn_security(conn, sec_level, auth_type, true)) {
3396                 cmd->cmd_complete(cmd, 0);
3397                 mgmt_pending_remove(cmd);
3398         }
3399
3400         err = 0;
3401
3402 unlock:
3403         hci_dev_unlock(hdev);
3404         return err;
3405 }
3406
3407 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3408                               u16 len)
3409 {
3410         struct mgmt_addr_info *addr = data;
3411         struct pending_cmd *cmd;
3412         struct hci_conn *conn;
3413         int err;
3414
3415         BT_DBG("");
3416
3417         hci_dev_lock(hdev);
3418
3419         if (!hdev_is_powered(hdev)) {
3420                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3421                                  MGMT_STATUS_NOT_POWERED);
3422                 goto unlock;
3423         }
3424
3425         cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3426         if (!cmd) {
3427                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3428                                  MGMT_STATUS_INVALID_PARAMS);
3429                 goto unlock;
3430         }
3431
3432         conn = cmd->user_data;
3433
3434         if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3435                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3436                                  MGMT_STATUS_INVALID_PARAMS);
3437                 goto unlock;
3438         }
3439
3440         cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3441         mgmt_pending_remove(cmd);
3442
3443         err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3444                            addr, sizeof(*addr));
3445 unlock:
3446         hci_dev_unlock(hdev);
3447         return err;
3448 }
3449
3450 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3451                              struct mgmt_addr_info *addr, u16 mgmt_op,
3452                              u16 hci_op, __le32 passkey)
3453 {
3454         struct pending_cmd *cmd;
3455         struct hci_conn *conn;
3456         int err;
3457
3458         hci_dev_lock(hdev);
3459
3460         if (!hdev_is_powered(hdev)) {
3461                 err = cmd_complete(sk, hdev->id, mgmt_op,
3462                                    MGMT_STATUS_NOT_POWERED, addr,
3463                                    sizeof(*addr));
3464                 goto done;
3465         }
3466
3467         if (addr->type == BDADDR_BREDR)
3468                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3469         else
3470                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3471
3472         if (!conn) {
3473                 err = cmd_complete(sk, hdev->id, mgmt_op,
3474                                    MGMT_STATUS_NOT_CONNECTED, addr,
3475                                    sizeof(*addr));
3476                 goto done;
3477         }
3478
3479         if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3480                 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3481                 if (!err)
3482                         err = cmd_complete(sk, hdev->id, mgmt_op,
3483                                            MGMT_STATUS_SUCCESS, addr,
3484                                            sizeof(*addr));
3485                 else
3486                         err = cmd_complete(sk, hdev->id, mgmt_op,
3487                                            MGMT_STATUS_FAILED, addr,
3488                                            sizeof(*addr));
3489
3490                 goto done;
3491         }
3492
3493         cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3494         if (!cmd) {
3495                 err = -ENOMEM;
3496                 goto done;
3497         }
3498
3499         cmd->cmd_complete = addr_cmd_complete;
3500
3501         /* Continue with pairing via HCI */
3502         if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3503                 struct hci_cp_user_passkey_reply cp;
3504
3505                 bacpy(&cp.bdaddr, &addr->bdaddr);
3506                 cp.passkey = passkey;
3507                 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3508         } else
3509                 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3510                                    &addr->bdaddr);
3511
3512         if (err < 0)
3513                 mgmt_pending_remove(cmd);
3514
3515 done:
3516         hci_dev_unlock(hdev);
3517         return err;
3518 }
3519
3520 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3521                               void *data, u16 len)
3522 {
3523         struct mgmt_cp_pin_code_neg_reply *cp = data;
3524
3525         BT_DBG("");
3526
3527         return user_pairing_resp(sk, hdev, &cp->addr,
3528                                 MGMT_OP_PIN_CODE_NEG_REPLY,
3529                                 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3530 }
3531
3532 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3533                               u16 len)
3534 {
3535         struct mgmt_cp_user_confirm_reply *cp = data;
3536
3537         BT_DBG("");
3538
3539         if (len != sizeof(*cp))
3540                 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3541                                   MGMT_STATUS_INVALID_PARAMS);
3542
3543         return user_pairing_resp(sk, hdev, &cp->addr,
3544                                  MGMT_OP_USER_CONFIRM_REPLY,
3545                                  HCI_OP_USER_CONFIRM_REPLY, 0);
3546 }
3547
3548 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3549                                   void *data, u16 len)
3550 {
3551         struct mgmt_cp_user_confirm_neg_reply *cp = data;
3552
3553         BT_DBG("");
3554
3555         return user_pairing_resp(sk, hdev, &cp->addr,
3556                                  MGMT_OP_USER_CONFIRM_NEG_REPLY,
3557                                  HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3558 }
3559
3560 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3561                               u16 len)
3562 {
3563         struct mgmt_cp_user_passkey_reply *cp = data;
3564
3565         BT_DBG("");
3566
3567         return user_pairing_resp(sk, hdev, &cp->addr,
3568                                  MGMT_OP_USER_PASSKEY_REPLY,
3569                                  HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3570 }
3571
3572 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3573                                   void *data, u16 len)
3574 {
3575         struct mgmt_cp_user_passkey_neg_reply *cp = data;
3576
3577         BT_DBG("");
3578
3579         return user_pairing_resp(sk, hdev, &cp->addr,
3580                                  MGMT_OP_USER_PASSKEY_NEG_REPLY,
3581                                  HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3582 }
3583
3584 static void update_name(struct hci_request *req)
3585 {
3586         struct hci_dev *hdev = req->hdev;
3587         struct hci_cp_write_local_name cp;
3588
3589         memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3590
3591         hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3592 }
3593
3594 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3595 {
3596         struct mgmt_cp_set_local_name *cp;
3597         struct pending_cmd *cmd;
3598
3599         BT_DBG("status 0x%02x", status);
3600
3601         hci_dev_lock(hdev);
3602
3603         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3604         if (!cmd)
3605                 goto unlock;
3606
3607         cp = cmd->param;
3608
3609         if (status)
3610                 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3611                            mgmt_status(status));
3612         else
3613                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3614                              cp, sizeof(*cp));
3615
3616         mgmt_pending_remove(cmd);
3617
3618 unlock:
3619         hci_dev_unlock(hdev);
3620 }
3621
3622 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3623                           u16 len)
3624 {
3625         struct mgmt_cp_set_local_name *cp = data;
3626         struct pending_cmd *cmd;
3627         struct hci_request req;
3628         int err;
3629
3630         BT_DBG("");
3631
3632         hci_dev_lock(hdev);
3633
3634         /* If the old values are the same as the new ones just return a
3635          * direct command complete event.
3636          */
3637         if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3638             !memcmp(hdev->short_name, cp->short_name,
3639                     sizeof(hdev->short_name))) {
3640                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3641                                    data, len);
3642                 goto failed;
3643         }
3644
3645         memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3646
3647         if (!hdev_is_powered(hdev)) {
3648                 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3649
3650                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3651                                    data, len);
3652                 if (err < 0)
3653                         goto failed;
3654
3655                 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3656                                  sk);
3657
3658                 goto failed;
3659         }
3660
3661         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3662         if (!cmd) {
3663                 err = -ENOMEM;
3664                 goto failed;
3665         }
3666
3667         memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3668
3669         hci_req_init(&req, hdev);
3670
3671         if (lmp_bredr_capable(hdev)) {
3672                 update_name(&req);
3673                 update_eir(&req);
3674         }
3675
3676         /* The name is stored in the scan response data and so
3677          * no need to udpate the advertising data here.
3678          */
3679         if (lmp_le_capable(hdev))
3680                 update_scan_rsp_data(&req);
3681
3682         err = hci_req_run(&req, set_name_complete);
3683         if (err < 0)
3684                 mgmt_pending_remove(cmd);
3685
3686 failed:
3687         hci_dev_unlock(hdev);
3688         return err;
3689 }
3690
3691 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3692                                void *data, u16 data_len)
3693 {
3694         struct pending_cmd *cmd;
3695         int err;
3696
3697         BT_DBG("%s", hdev->name);
3698
3699         hci_dev_lock(hdev);
3700
3701         if (!hdev_is_powered(hdev)) {
3702                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3703                                  MGMT_STATUS_NOT_POWERED);
3704                 goto unlock;
3705         }
3706
3707         if (!lmp_ssp_capable(hdev)) {
3708                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3709                                  MGMT_STATUS_NOT_SUPPORTED);
3710                 goto unlock;
3711         }
3712
3713         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3714                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3715                                  MGMT_STATUS_BUSY);
3716                 goto unlock;
3717         }
3718
3719         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3720         if (!cmd) {
3721                 err = -ENOMEM;
3722                 goto unlock;
3723         }
3724
3725         if (bredr_sc_enabled(hdev))
3726                 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3727                                    0, NULL);
3728         else
3729                 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3730
3731         if (err < 0)
3732                 mgmt_pending_remove(cmd);
3733
3734 unlock:
3735         hci_dev_unlock(hdev);
3736         return err;
3737 }
3738
3739 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3740                                void *data, u16 len)
3741 {
3742         struct mgmt_addr_info *addr = data;
3743         int err;
3744
3745         BT_DBG("%s ", hdev->name);
3746
3747         if (!bdaddr_type_is_valid(addr->type))
3748                 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749                                     MGMT_STATUS_INVALID_PARAMS, addr,
3750                                     sizeof(*addr));
3751
3752         hci_dev_lock(hdev);
3753
3754         if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3755                 struct mgmt_cp_add_remote_oob_data *cp = data;
3756                 u8 status;
3757
3758                 if (cp->addr.type != BDADDR_BREDR) {
3759                         err = cmd_complete(sk, hdev->id,
3760                                            MGMT_OP_ADD_REMOTE_OOB_DATA,
3761                                            MGMT_STATUS_INVALID_PARAMS,
3762                                            &cp->addr, sizeof(cp->addr));
3763                         goto unlock;
3764                 }
3765
3766                 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3767                                               cp->addr.type, cp->hash,
3768                                               cp->rand, NULL, NULL);
3769                 if (err < 0)
3770                         status = MGMT_STATUS_FAILED;
3771                 else
3772                         status = MGMT_STATUS_SUCCESS;
3773
3774                 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3775                                    status, &cp->addr, sizeof(cp->addr));
3776         } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3777                 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3778                 u8 *rand192, *hash192;
3779                 u8 status;
3780
3781                 if (bdaddr_type_is_le(cp->addr.type)) {
3782                         /* Enforce zero-valued 192-bit parameters as
3783                          * long as legacy SMP OOB isn't implemented.
3784                          */
3785                         if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3786                             memcmp(cp->hash192, ZERO_KEY, 16)) {
3787                                 err = cmd_complete(sk, hdev->id,
3788                                                    MGMT_OP_ADD_REMOTE_OOB_DATA,
3789                                                    MGMT_STATUS_INVALID_PARAMS,
3790                                                    addr, sizeof(*addr));
3791                                 goto unlock;
3792                         }
3793
3794                         rand192 = NULL;
3795                         hash192 = NULL;
3796                 } else {
3797                         rand192 = cp->rand192;
3798                         hash192 = cp->hash192;
3799                 }
3800
3801                 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3802                                               cp->addr.type, hash192, rand192,
3803                                               cp->hash256, cp->rand256);
3804                 if (err < 0)
3805                         status = MGMT_STATUS_FAILED;
3806                 else
3807                         status = MGMT_STATUS_SUCCESS;
3808
3809                 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3810                                    status, &cp->addr, sizeof(cp->addr));
3811         } else {
3812                 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3813                 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3814                                  MGMT_STATUS_INVALID_PARAMS);
3815         }
3816
3817 unlock:
3818         hci_dev_unlock(hdev);
3819         return err;
3820 }
3821
3822 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3823                                   void *data, u16 len)
3824 {
3825         struct mgmt_cp_remove_remote_oob_data *cp = data;
3826         u8 status;
3827         int err;
3828
3829         BT_DBG("%s", hdev->name);
3830
3831         if (cp->addr.type != BDADDR_BREDR)
3832                 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3833                                     MGMT_STATUS_INVALID_PARAMS,
3834                                     &cp->addr, sizeof(cp->addr));
3835
3836         hci_dev_lock(hdev);
3837
3838         if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3839                 hci_remote_oob_data_clear(hdev);
3840                 status = MGMT_STATUS_SUCCESS;
3841                 goto done;
3842         }
3843
3844         err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3845         if (err < 0)
3846                 status = MGMT_STATUS_INVALID_PARAMS;
3847         else
3848                 status = MGMT_STATUS_SUCCESS;
3849
3850 done:
3851         err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3852                            status, &cp->addr, sizeof(cp->addr));
3853
3854         hci_dev_unlock(hdev);
3855         return err;
3856 }
3857
3858 static bool trigger_discovery(struct hci_request *req, u8 *status)
3859 {
3860         struct hci_dev *hdev = req->hdev;
3861         struct hci_cp_le_set_scan_param param_cp;
3862         struct hci_cp_le_set_scan_enable enable_cp;
3863         struct hci_cp_inquiry inq_cp;
3864         /* General inquiry access code (GIAC) */
3865         u8 lap[3] = { 0x33, 0x8b, 0x9e };
3866         u8 own_addr_type;
3867         int err;
3868
3869         switch (hdev->discovery.type) {
3870         case DISCOV_TYPE_BREDR:
3871                 *status = mgmt_bredr_support(hdev);
3872                 if (*status)
3873                         return false;
3874
3875                 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3876                         *status = MGMT_STATUS_BUSY;
3877                         return false;
3878                 }
3879
3880                 hci_inquiry_cache_flush(hdev);
3881
3882                 memset(&inq_cp, 0, sizeof(inq_cp));
3883                 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3884                 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3885                 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3886                 break;
3887
3888         case DISCOV_TYPE_LE:
3889         case DISCOV_TYPE_INTERLEAVED:
3890                 *status = mgmt_le_support(hdev);
3891                 if (*status)
3892                         return false;
3893
3894                 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3895                     !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3896                         *status = MGMT_STATUS_NOT_SUPPORTED;
3897                         return false;
3898                 }
3899
3900                 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3901                         /* Don't let discovery abort an outgoing
3902                          * connection attempt that's using directed
3903                          * advertising.
3904                          */
3905                         if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3906                                                        BT_CONNECT)) {
3907                                 *status = MGMT_STATUS_REJECTED;
3908                                 return false;
3909                         }
3910
3911                         disable_advertising(req);
3912                 }
3913
3914                 /* If controller is scanning, it means the background scanning
3915                  * is running. Thus, we should temporarily stop it in order to
3916                  * set the discovery scanning parameters.
3917                  */
3918                 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3919                         hci_req_add_le_scan_disable(req);
3920
3921                 memset(&param_cp, 0, sizeof(param_cp));
3922
3923                 /* All active scans will be done with either a resolvable
3924                  * private address (when privacy feature has been enabled)
3925                  * or non-resolvable private address.
3926                  */
3927                 err = hci_update_random_address(req, true, &own_addr_type);
3928                 if (err < 0) {
3929                         *status = MGMT_STATUS_FAILED;
3930                         return false;
3931                 }
3932
3933                 param_cp.type = LE_SCAN_ACTIVE;
3934                 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3935                 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3936                 param_cp.own_address_type = own_addr_type;
3937                 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3938                             &param_cp);
3939
3940                 memset(&enable_cp, 0, sizeof(enable_cp));
3941                 enable_cp.enable = LE_SCAN_ENABLE;
3942                 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3943                 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3944                             &enable_cp);
3945                 break;
3946
3947         default:
3948                 *status = MGMT_STATUS_INVALID_PARAMS;
3949                 return false;
3950         }
3951
3952         return true;
3953 }
3954
3955 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3956                                      u16 opcode)
3957 {
3958         struct pending_cmd *cmd;
3959         unsigned long timeout;
3960
3961         BT_DBG("status %d", status);
3962
3963         hci_dev_lock(hdev);
3964
3965         cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3966         if (!cmd)
3967                 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3968
3969         if (cmd) {
3970                 cmd->cmd_complete(cmd, mgmt_status(status));
3971                 mgmt_pending_remove(cmd);
3972         }
3973
3974         if (status) {
3975                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3976                 goto unlock;
3977         }
3978
3979         hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3980
3981         switch (hdev->discovery.type) {
3982         case DISCOV_TYPE_LE:
3983                 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3984                 break;
3985         case DISCOV_TYPE_INTERLEAVED:
3986                 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3987                 break;
3988         case DISCOV_TYPE_BREDR:
3989                 timeout = 0;
3990                 break;
3991         default:
3992                 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3993                 timeout = 0;
3994                 break;
3995         }
3996
3997         if (timeout)
3998                 queue_delayed_work(hdev->workqueue,
3999                                    &hdev->le_scan_disable, timeout);
4000
4001 unlock:
4002         hci_dev_unlock(hdev);
4003 }
4004
4005 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4006                            void *data, u16 len)
4007 {
4008         struct mgmt_cp_start_discovery *cp = data;
4009         struct pending_cmd *cmd;
4010         struct hci_request req;
4011         u8 status;
4012         int err;
4013
4014         BT_DBG("%s", hdev->name);
4015
4016         hci_dev_lock(hdev);
4017
4018         if (!hdev_is_powered(hdev)) {
4019                 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4020                                    MGMT_STATUS_NOT_POWERED,
4021                                    &cp->type, sizeof(cp->type));
4022                 goto failed;
4023         }
4024
4025         if (hdev->discovery.state != DISCOVERY_STOPPED ||
4026             test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4027                 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4028                                    MGMT_STATUS_BUSY, &cp->type,
4029                                    sizeof(cp->type));
4030                 goto failed;
4031         }
4032
4033         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4034         if (!cmd) {
4035                 err = -ENOMEM;
4036                 goto failed;
4037         }
4038
4039         cmd->cmd_complete = generic_cmd_complete;
4040
4041         /* Clear the discovery filter first to free any previously
4042          * allocated memory for the UUID list.
4043          */
4044         hci_discovery_filter_clear(hdev);
4045
4046         hdev->discovery.type = cp->type;
4047         hdev->discovery.report_invalid_rssi = false;
4048
4049         hci_req_init(&req, hdev);
4050
4051         if (!trigger_discovery(&req, &status)) {
4052                 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4053                                    status, &cp->type, sizeof(cp->type));
4054                 mgmt_pending_remove(cmd);
4055                 goto failed;
4056         }
4057
4058         err = hci_req_run(&req, start_discovery_complete);
4059         if (err < 0) {
4060                 mgmt_pending_remove(cmd);
4061                 goto failed;
4062         }
4063
4064         hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4065
4066 failed:
4067         hci_dev_unlock(hdev);
4068         return err;
4069 }
4070
4071 static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
4072 {
4073         return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4074                             cmd->param, 1);
4075 }
4076
4077 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4078                                    void *data, u16 len)
4079 {
4080         struct mgmt_cp_start_service_discovery *cp = data;
4081         struct pending_cmd *cmd;
4082         struct hci_request req;
4083         const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4084         u16 uuid_count, expected_len;
4085         u8 status;
4086         int err;
4087
4088         BT_DBG("%s", hdev->name);
4089
4090         hci_dev_lock(hdev);
4091
4092         if (!hdev_is_powered(hdev)) {
4093                 err = cmd_complete(sk, hdev->id,
4094                                    MGMT_OP_START_SERVICE_DISCOVERY,
4095                                    MGMT_STATUS_NOT_POWERED,
4096                                    &cp->type, sizeof(cp->type));
4097                 goto failed;
4098         }
4099
4100         if (hdev->discovery.state != DISCOVERY_STOPPED ||
4101             test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4102                 err = cmd_complete(sk, hdev->id,
4103                                    MGMT_OP_START_SERVICE_DISCOVERY,
4104                                    MGMT_STATUS_BUSY, &cp->type,
4105                                    sizeof(cp->type));
4106                 goto failed;
4107         }
4108
4109         uuid_count = __le16_to_cpu(cp->uuid_count);
4110         if (uuid_count > max_uuid_count) {
4111                 BT_ERR("service_discovery: too big uuid_count value %u",
4112                        uuid_count);
4113                 err = cmd_complete(sk, hdev->id,
4114                                    MGMT_OP_START_SERVICE_DISCOVERY,
4115                                    MGMT_STATUS_INVALID_PARAMS, &cp->type,
4116                                    sizeof(cp->type));
4117                 goto failed;
4118         }
4119
4120         expected_len = sizeof(*cp) + uuid_count * 16;
4121         if (expected_len != len) {
4122                 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4123                        expected_len, len);
4124                 err = cmd_complete(sk, hdev->id,
4125                                    MGMT_OP_START_SERVICE_DISCOVERY,
4126                                    MGMT_STATUS_INVALID_PARAMS, &cp->type,
4127                                    sizeof(cp->type));
4128                 goto failed;
4129         }
4130
4131         cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4132                                hdev, data, len);
4133         if (!cmd) {
4134                 err = -ENOMEM;
4135                 goto failed;
4136         }
4137
4138         cmd->cmd_complete = service_discovery_cmd_complete;
4139
4140         /* Clear the discovery filter first to free any previously
4141          * allocated memory for the UUID list.
4142          */
4143         hci_discovery_filter_clear(hdev);
4144
4145         hdev->discovery.type = cp->type;
4146         hdev->discovery.rssi = cp->rssi;
4147         hdev->discovery.uuid_count = uuid_count;
4148
4149         if (uuid_count > 0) {
4150                 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4151                                                 GFP_KERNEL);
4152                 if (!hdev->discovery.uuids) {
4153                         err = cmd_complete(sk, hdev->id,
4154                                            MGMT_OP_START_SERVICE_DISCOVERY,
4155                                            MGMT_STATUS_FAILED,
4156                                            &cp->type, sizeof(cp->type));
4157                         mgmt_pending_remove(cmd);
4158                         goto failed;
4159                 }
4160         }
4161
4162         hci_req_init(&req, hdev);
4163
4164         if (!trigger_discovery(&req, &status)) {
4165                 err = cmd_complete(sk, hdev->id,
4166                                    MGMT_OP_START_SERVICE_DISCOVERY,
4167                                    status, &cp->type, sizeof(cp->type));
4168                 mgmt_pending_remove(cmd);
4169                 goto failed;
4170         }
4171
4172         err = hci_req_run(&req, start_discovery_complete);
4173         if (err < 0) {
4174                 mgmt_pending_remove(cmd);
4175                 goto failed;
4176         }
4177
4178         hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4179
4180 failed:
4181         hci_dev_unlock(hdev);
4182         return err;
4183 }
4184
4185 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4186 {
4187         struct pending_cmd *cmd;
4188
4189         BT_DBG("status %d", status);
4190
4191         hci_dev_lock(hdev);
4192
4193         cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4194         if (cmd) {
4195                 cmd->cmd_complete(cmd, mgmt_status(status));
4196                 mgmt_pending_remove(cmd);
4197         }
4198
4199         if (!status)
4200                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4201
4202         hci_dev_unlock(hdev);
4203 }
4204
4205 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4206                           u16 len)
4207 {
4208         struct mgmt_cp_stop_discovery *mgmt_cp = data;
4209         struct pending_cmd *cmd;
4210         struct hci_request req;
4211         int err;
4212
4213         BT_DBG("%s", hdev->name);
4214
4215         hci_dev_lock(hdev);
4216
4217         if (!hci_discovery_active(hdev)) {
4218                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4219                                    MGMT_STATUS_REJECTED, &mgmt_cp->type,
4220                                    sizeof(mgmt_cp->type));
4221                 goto unlock;
4222         }
4223
4224         if (hdev->discovery.type != mgmt_cp->type) {
4225                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4226                                    MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4227                                    sizeof(mgmt_cp->type));
4228                 goto unlock;
4229         }
4230
4231         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4232         if (!cmd) {
4233                 err = -ENOMEM;
4234                 goto unlock;
4235         }
4236
4237         cmd->cmd_complete = generic_cmd_complete;
4238
4239         hci_req_init(&req, hdev);
4240
4241         hci_stop_discovery(&req);
4242
4243         err = hci_req_run(&req, stop_discovery_complete);
4244         if (!err) {
4245                 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4246                 goto unlock;
4247         }
4248
4249         mgmt_pending_remove(cmd);
4250
4251         /* If no HCI commands were sent we're done */
4252         if (err == -ENODATA) {
4253                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4254                                    &mgmt_cp->type, sizeof(mgmt_cp->type));
4255                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4256         }
4257
4258 unlock:
4259         hci_dev_unlock(hdev);
4260         return err;
4261 }
4262
4263 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4264                         u16 len)
4265 {
4266         struct mgmt_cp_confirm_name *cp = data;
4267         struct inquiry_entry *e;
4268         int err;
4269
4270         BT_DBG("%s", hdev->name);
4271
4272         hci_dev_lock(hdev);
4273
4274         if (!hci_discovery_active(hdev)) {
4275                 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4276                                    MGMT_STATUS_FAILED, &cp->addr,
4277                                    sizeof(cp->addr));
4278                 goto failed;
4279         }
4280
4281         e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4282         if (!e) {
4283                 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4284                                    MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4285                                    sizeof(cp->addr));
4286                 goto failed;
4287         }
4288
4289         if (cp->name_known) {
4290                 e->name_state = NAME_KNOWN;
4291                 list_del(&e->list);
4292         } else {
4293                 e->name_state = NAME_NEEDED;
4294                 hci_inquiry_cache_update_resolve(hdev, e);
4295         }
4296
4297         err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4298                            sizeof(cp->addr));
4299
4300 failed:
4301         hci_dev_unlock(hdev);
4302         return err;
4303 }
4304
4305 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4306                         u16 len)
4307 {
4308         struct mgmt_cp_block_device *cp = data;
4309         u8 status;
4310         int err;
4311
4312         BT_DBG("%s", hdev->name);
4313
4314         if (!bdaddr_type_is_valid(cp->addr.type))
4315                 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4316                                     MGMT_STATUS_INVALID_PARAMS,
4317                                     &cp->addr, sizeof(cp->addr));
4318
4319         hci_dev_lock(hdev);
4320
4321         err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4322                                   cp->addr.type);
4323         if (err < 0) {
4324                 status = MGMT_STATUS_FAILED;
4325                 goto done;
4326         }
4327
4328         mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4329                    sk);
4330         status = MGMT_STATUS_SUCCESS;
4331
4332 done:
4333         err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4334                            &cp->addr, sizeof(cp->addr));
4335
4336         hci_dev_unlock(hdev);
4337
4338         return err;
4339 }
4340
4341 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4342                           u16 len)
4343 {
4344         struct mgmt_cp_unblock_device *cp = data;
4345         u8 status;
4346         int err;
4347
4348         BT_DBG("%s", hdev->name);
4349
4350         if (!bdaddr_type_is_valid(cp->addr.type))
4351                 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4352                                     MGMT_STATUS_INVALID_PARAMS,
4353                                     &cp->addr, sizeof(cp->addr));
4354
4355         hci_dev_lock(hdev);
4356
4357         err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4358                                   cp->addr.type);
4359         if (err < 0) {
4360                 status = MGMT_STATUS_INVALID_PARAMS;
4361                 goto done;
4362         }
4363
4364         mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4365                    sk);
4366         status = MGMT_STATUS_SUCCESS;
4367
4368 done:
4369         err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4370                            &cp->addr, sizeof(cp->addr));
4371
4372         hci_dev_unlock(hdev);
4373
4374         return err;
4375 }
4376
4377 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4378                          u16 len)
4379 {
4380         struct mgmt_cp_set_device_id *cp = data;
4381         struct hci_request req;
4382         int err;
4383         __u16 source;
4384
4385         BT_DBG("%s", hdev->name);
4386
4387         source = __le16_to_cpu(cp->source);
4388
4389         if (source > 0x0002)
4390                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4391                                   MGMT_STATUS_INVALID_PARAMS);
4392
4393         hci_dev_lock(hdev);
4394
4395         hdev->devid_source = source;
4396         hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4397         hdev->devid_product = __le16_to_cpu(cp->product);
4398         hdev->devid_version = __le16_to_cpu(cp->version);
4399
4400         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4401
4402         hci_req_init(&req, hdev);
4403         update_eir(&req);
4404         hci_req_run(&req, NULL);
4405
4406         hci_dev_unlock(hdev);
4407
4408         return err;
4409 }
4410
4411 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4412                                      u16 opcode)
4413 {
4414         struct cmd_lookup match = { NULL, hdev };
4415
4416         hci_dev_lock(hdev);
4417
4418         if (status) {
4419                 u8 mgmt_err = mgmt_status(status);
4420
4421                 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4422                                      cmd_status_rsp, &mgmt_err);
4423                 goto unlock;
4424         }
4425
4426         if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4427                 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4428         else
4429                 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4430
4431         mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4432                              &match);
4433
4434         new_settings(hdev, match.sk);
4435
4436         if (match.sk)
4437                 sock_put(match.sk);
4438
4439 unlock:
4440         hci_dev_unlock(hdev);
4441 }
4442
4443 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4444                            u16 len)
4445 {
4446         struct mgmt_mode *cp = data;
4447         struct pending_cmd *cmd;
4448         struct hci_request req;
4449         u8 val, enabled, status;
4450         int err;
4451
4452         BT_DBG("request for %s", hdev->name);
4453
4454         status = mgmt_le_support(hdev);
4455         if (status)
4456                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4457                                   status);
4458
4459         if (cp->val != 0x00 && cp->val != 0x01)
4460                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4461                                   MGMT_STATUS_INVALID_PARAMS);
4462
4463         hci_dev_lock(hdev);
4464
4465         val = !!cp->val;
4466         enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4467
4468         /* The following conditions are ones which mean that we should
4469          * not do any HCI communication but directly send a mgmt
4470          * response to user space (after toggling the flag if
4471          * necessary).
4472          */
4473         if (!hdev_is_powered(hdev) || val == enabled ||
4474             hci_conn_num(hdev, LE_LINK) > 0 ||
4475             (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4476              hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4477                 bool changed = false;
4478
4479                 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4480                         change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4481                         changed = true;
4482                 }
4483
4484                 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4485                 if (err < 0)
4486                         goto unlock;
4487
4488                 if (changed)
4489                         err = new_settings(hdev, sk);
4490
4491                 goto unlock;
4492         }
4493
4494         if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4495             mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4496                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4497                                  MGMT_STATUS_BUSY);
4498                 goto unlock;
4499         }
4500
4501         cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4502         if (!cmd) {
4503                 err = -ENOMEM;
4504                 goto unlock;
4505         }
4506
4507         hci_req_init(&req, hdev);
4508
4509         if (val)
4510                 enable_advertising(&req);
4511         else
4512                 disable_advertising(&req);
4513
4514         err = hci_req_run(&req, set_advertising_complete);
4515         if (err < 0)
4516                 mgmt_pending_remove(cmd);
4517
4518 unlock:
4519         hci_dev_unlock(hdev);
4520         return err;
4521 }
4522
4523 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4524                               void *data, u16 len)
4525 {
4526         struct mgmt_cp_set_static_address *cp = data;
4527         int err;
4528
4529         BT_DBG("%s", hdev->name);
4530
4531         if (!lmp_le_capable(hdev))
4532                 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4533                                   MGMT_STATUS_NOT_SUPPORTED);
4534
4535         if (hdev_is_powered(hdev))
4536                 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4537                                   MGMT_STATUS_REJECTED);
4538
4539         if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4540                 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4541                         return cmd_status(sk, hdev->id,
4542                                           MGMT_OP_SET_STATIC_ADDRESS,
4543                                           MGMT_STATUS_INVALID_PARAMS);
4544
4545                 /* Two most significant bits shall be set */
4546                 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4547                         return cmd_status(sk, hdev->id,
4548                                           MGMT_OP_SET_STATIC_ADDRESS,
4549                                           MGMT_STATUS_INVALID_PARAMS);
4550         }
4551
4552         hci_dev_lock(hdev);
4553
4554         bacpy(&hdev->static_addr, &cp->bdaddr);
4555
4556         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4557
4558         hci_dev_unlock(hdev);
4559
4560         return err;
4561 }
4562
4563 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4564                            void *data, u16 len)
4565 {
4566         struct mgmt_cp_set_scan_params *cp = data;
4567         __u16 interval, window;
4568         int err;
4569
4570         BT_DBG("%s", hdev->name);
4571
4572         if (!lmp_le_capable(hdev))
4573                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4574                                   MGMT_STATUS_NOT_SUPPORTED);
4575
4576         interval = __le16_to_cpu(cp->interval);
4577
4578         if (interval < 0x0004 || interval > 0x4000)
4579                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4580                                   MGMT_STATUS_INVALID_PARAMS);
4581
4582         window = __le16_to_cpu(cp->window);
4583
4584         if (window < 0x0004 || window > 0x4000)
4585                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4586                                   MGMT_STATUS_INVALID_PARAMS);
4587
4588         if (window > interval)
4589                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4590                                   MGMT_STATUS_INVALID_PARAMS);
4591
4592         hci_dev_lock(hdev);
4593
4594         hdev->le_scan_interval = interval;
4595         hdev->le_scan_window = window;
4596
4597         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4598
4599         /* If background scan is running, restart it so new parameters are
4600          * loaded.
4601          */
4602         if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4603             hdev->discovery.state == DISCOVERY_STOPPED) {
4604                 struct hci_request req;
4605
4606                 hci_req_init(&req, hdev);
4607
4608                 hci_req_add_le_scan_disable(&req);
4609                 hci_req_add_le_passive_scan(&req);
4610
4611                 hci_req_run(&req, NULL);
4612         }
4613
4614         hci_dev_unlock(hdev);
4615
4616         return err;
4617 }
4618
4619 #ifdef CONFIG_TIZEN_WIP
4620 static int le_set_scan_params(struct sock *sk, struct hci_dev *hdev,
4621                            void *data, u16 len)
4622 {
4623         struct mgmt_cp_le_set_scan_params *cp = data;
4624         __u16 interval, window;
4625         int err;
4626
4627         BT_DBG("%s", hdev->name);
4628
4629         if (!lmp_le_capable(hdev))
4630                 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4631                                   MGMT_STATUS_NOT_SUPPORTED);
4632
4633         interval = __le16_to_cpu(cp->interval);
4634
4635         if (interval < 0x0004 || interval > 0x4000)
4636                 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4637                                   MGMT_STATUS_INVALID_PARAMS);
4638
4639         window = __le16_to_cpu(cp->window);
4640
4641         if (window < 0x0004 || window > 0x4000)
4642                 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4643                                   MGMT_STATUS_INVALID_PARAMS);
4644
4645         if (window > interval)
4646                 return cmd_status(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS,
4647                                   MGMT_STATUS_INVALID_PARAMS);
4648
4649         hci_dev_lock(hdev);
4650
4651         hdev->le_scan_type = cp->type;
4652         hdev->le_scan_interval = interval;
4653         hdev->le_scan_window = window;
4654
4655         err = cmd_complete(sk, hdev->id, MGMT_OP_LE_SET_SCAN_PARAMS, 0, NULL, 0);
4656
4657         /* If background scan is running, restart it so new parameters are
4658          * loaded.
4659          */
4660         if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4661             hdev->discovery.state == DISCOVERY_STOPPED) {
4662                 struct hci_request req;
4663
4664                 hci_req_init(&req, hdev);
4665
4666                 hci_req_add_le_scan_disable(&req);
4667                 hci_req_add_le_passive_scan(&req);
4668
4669                 hci_req_run(&req, NULL);
4670         }
4671
4672         hci_dev_unlock(hdev);
4673
4674         return err;
4675 }
4676 #endif
4677
4678 #ifdef CONFIG_TIZEN_WIP /* Adv White List feature */
4679 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4680 {
4681         struct mgmt_cp_add_dev_white_list *cp;
4682         struct pending_cmd *cmd;
4683
4684         BT_DBG("status 0x%02x", status);
4685
4686         hci_dev_lock(hdev);
4687
4688         cmd = mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4689         if (!cmd)
4690                 goto unlock;
4691
4692         cp = cmd->param;
4693
4694         if (status)
4695                 cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4696                            mgmt_status(status));
4697         else
4698                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST, 0,
4699                              cp, sizeof(*cp));
4700
4701         mgmt_pending_remove(cmd);
4702
4703 unlock:
4704         hci_dev_unlock(hdev);
4705 }
4706
4707 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4708                            void *data, u16 len)
4709 {
4710         struct pending_cmd *cmd;
4711         struct mgmt_cp_add_dev_white_list *cp = data;
4712         struct hci_request req;
4713         int err;
4714
4715         BT_DBG("%s", hdev->name);
4716
4717         if (!lmp_le_capable(hdev))
4718                 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4719                                   MGMT_STATUS_NOT_SUPPORTED);
4720
4721         if (!hdev_is_powered(hdev))
4722                 return cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4723                                   MGMT_STATUS_REJECTED);
4724
4725         hci_dev_lock(hdev);
4726
4727         if (mgmt_pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4728                 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4729                                 MGMT_STATUS_BUSY);
4730                 goto unlocked;
4731         }
4732
4733         cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4734         if (!cmd) {
4735                 err = -ENOMEM;
4736                 goto unlocked;
4737         }
4738
4739         hci_req_init(&req, hdev);
4740
4741         hci_req_add(&req, HCI_OP_LE_ADD_DEV_WHITE_LIST, sizeof(*cp), cp);
4742
4743         err = hci_req_run(&req, add_white_list_complete);
4744         if (err < 0) {
4745                 mgmt_pending_remove(cmd);
4746                 goto unlocked;
4747         }
4748
4749 unlocked:
4750         hci_dev_unlock(hdev);
4751
4752         return err;
4753 }
4754
4755 static void remove_from_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4756 {
4757         struct mgmt_cp_remove_dev_from_white_list *cp;
4758         struct pending_cmd *cmd;
4759
4760         BT_DBG("status 0x%02x", status);
4761
4762         hci_dev_lock(hdev);
4763
4764         cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
4765         if (!cmd)
4766                 goto unlock;
4767
4768         cp = cmd->param;
4769
4770         if (status)
4771                 cmd_status(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4772                            mgmt_status(status));
4773         else
4774                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
4775                              cp, sizeof(*cp));
4776
4777         mgmt_pending_remove(cmd);
4778
4779 unlock:
4780         hci_dev_unlock(hdev);
4781 }
4782
4783 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
4784                            void *data, u16 len)
4785 {
4786         struct pending_cmd *cmd;
4787         struct mgmt_cp_remove_dev_from_white_list *cp = data;
4788         struct hci_request req;
4789         int err;
4790
4791         BT_DBG("%s", hdev->name);
4792
4793         if (!lmp_le_capable(hdev))
4794                 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4795                                   MGMT_STATUS_NOT_SUPPORTED);
4796
4797         if (!hdev_is_powered(hdev))
4798                 return cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4799                                   MGMT_STATUS_REJECTED);
4800
4801         hci_dev_lock(hdev);
4802
4803         if (mgmt_pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
4804                 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
4805                                 MGMT_STATUS_BUSY);
4806                 goto unlocked;
4807         }
4808
4809         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev, data, len);
4810         if (!cmd) {
4811                 err = -ENOMEM;
4812                 goto unlocked;
4813         }
4814
4815         hci_req_init(&req, hdev);
4816
4817         hci_req_add(&req, HCI_OP_LE_REMOVE_FROM_DEV_WHITE_LIST, sizeof(*cp), cp);
4818
4819         err = hci_req_run(&req, remove_from_white_list_complete);
4820         if (err < 0) {
4821                 mgmt_pending_remove(cmd);
4822                 goto unlocked;
4823         }
4824
4825 unlocked:
4826         hci_dev_unlock(hdev);
4827
4828         return err;
4829 }
4830
4831 static void clear_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4832 {
4833         struct pending_cmd *cmd;
4834
4835         BT_DBG("status 0x%02x", status);
4836
4837         hci_dev_lock(hdev);
4838
4839         cmd = mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
4840         if (!cmd)
4841                 goto unlock;
4842
4843         if (status)
4844                 cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4845                            mgmt_status(status));
4846         else
4847                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST, 0,
4848                              NULL, 0);
4849
4850         mgmt_pending_remove(cmd);
4851
4852 unlock:
4853         hci_dev_unlock(hdev);
4854 }
4855
4856 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
4857                            void *data, u16 len)
4858 {
4859         struct pending_cmd *cmd;
4860         struct hci_request req;
4861         int err;
4862
4863         BT_DBG("%s", hdev->name);
4864
4865         if (!lmp_le_capable(hdev))
4866                 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4867                                   MGMT_STATUS_NOT_SUPPORTED);
4868
4869         if (!hdev_is_powered(hdev))
4870                 return cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4871                                   MGMT_STATUS_REJECTED);
4872
4873         hci_dev_lock(hdev);
4874
4875         if (mgmt_pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
4876                 err = cmd_status(sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
4877                                 MGMT_STATUS_BUSY);
4878                 goto unlocked;
4879         }
4880
4881         cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev, NULL, 0);
4882         if (!cmd) {
4883                 err = -ENOMEM;
4884                 goto unlocked;
4885         }
4886
4887         hci_req_init(&req, hdev);
4888
4889         hci_req_add(&req, HCI_OP_LE_CLEAR_DEV_WHITE_LIST, 0, NULL);
4890
4891         err = hci_req_run(&req, clear_white_list_complete);
4892         if (err < 0) {
4893                 mgmt_pending_remove(cmd);
4894                 goto unlocked;
4895         }
4896
4897 unlocked:
4898         hci_dev_unlock(hdev);
4899
4900         return err;
4901 }
4902
4903 static int mgmt_start_le_discovery_failed(struct hci_dev *hdev, u8 status)
4904 {
4905         struct pending_cmd *cmd;
4906         u8 type;
4907         int err;
4908
4909         hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
4910
4911         cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
4912         if (!cmd)
4913                 return -ENOENT;
4914
4915         type = hdev->le_discovery.type;
4916
4917         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
4918                            &type, sizeof(type));
4919         mgmt_pending_remove(cmd);
4920
4921         return err;
4922 }
4923
4924 static void start_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4925 {
4926         unsigned long timeout = 0;
4927
4928         BT_DBG("status %d", status);
4929
4930         if (status) {
4931                 hci_dev_lock(hdev);
4932                 mgmt_start_le_discovery_failed(hdev, status);
4933                 hci_dev_unlock(hdev);
4934                 return;
4935         }
4936
4937         hci_dev_lock(hdev);
4938         hci_le_discovery_set_state(hdev, DISCOVERY_FINDING);
4939         hci_dev_unlock(hdev);
4940
4941         switch (hdev->le_discovery.type) {
4942         case DISCOV_TYPE_LE:
4943 /* BEGIN TIZEN_Bluetooth :: Keep going on LE Scan  */
4944 #if 0
4945                 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4946 #endif
4947 /* END TIZEN_Bluetooth */
4948                 break;
4949
4950         default:
4951                 BT_ERR("Invalid discovery type %d", hdev->le_discovery.type);
4952         }
4953
4954         if (!timeout)
4955                 return;
4956
4957         queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
4958 }
4959
4960 static int start_le_discovery(struct sock *sk, struct hci_dev *hdev,
4961                            void *data, u16 len)
4962 {
4963         struct mgmt_cp_start_le_discovery *cp = data;
4964         struct pending_cmd *cmd;
4965         struct hci_cp_le_set_scan_param param_cp;
4966         struct hci_cp_le_set_scan_enable enable_cp;
4967         struct hci_request req;
4968         u8 status, own_addr_type;
4969         int err;
4970
4971         BT_DBG("%s", hdev->name);
4972
4973         hci_dev_lock(hdev);
4974
4975         if (!hdev_is_powered(hdev)) {
4976                 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4977                                  MGMT_STATUS_NOT_POWERED);
4978                 goto failed;
4979         }
4980
4981         if (hdev->le_discovery.state != DISCOVERY_STOPPED) {
4982                 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
4983                                  MGMT_STATUS_BUSY);
4984                 goto failed;
4985         }
4986
4987         cmd = mgmt_pending_add(sk, MGMT_OP_START_LE_DISCOVERY, hdev, NULL, 0);
4988         if (!cmd) {
4989                 err = -ENOMEM;
4990                 goto failed;
4991         }
4992
4993         hdev->le_discovery.type = cp->type;
4994
4995         hci_req_init(&req, hdev);
4996
4997         switch (hdev->le_discovery.type) {
4998         case DISCOV_TYPE_LE:
4999                 status = mgmt_le_support(hdev);
5000                 if (status) {
5001                         err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5002                                          status);
5003                         mgmt_pending_remove(cmd);
5004                         goto failed;
5005                 }
5006
5007                 /* If controller is scanning, it means the background scanning
5008                  * is running. Thus, we should temporarily stop it in order to
5009                  * set the discovery scanning parameters.
5010                  */
5011                 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5012                         hci_req_add_le_scan_disable(&req);
5013
5014                 memset(&param_cp, 0, sizeof(param_cp));
5015
5016                 /* All active scans will be done with either a resolvable
5017                  * private address (when privacy feature has been enabled)
5018                  * or unresolvable private address.
5019                  */
5020                 err = hci_update_random_address(&req, true, &own_addr_type);
5021                 if (err < 0) {
5022                         err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5023                                          MGMT_STATUS_FAILED);
5024                         mgmt_pending_remove(cmd);
5025                         goto failed;
5026                 }
5027
5028                 param_cp.type = hdev->le_scan_type;
5029                 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5030                 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5031                 param_cp.own_address_type = own_addr_type;
5032                 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5033                             &param_cp);
5034
5035                 memset(&enable_cp, 0, sizeof(enable_cp));
5036                 enable_cp.enable = LE_SCAN_ENABLE;
5037                 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
5038
5039                 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5040                             &enable_cp);
5041                 break;
5042
5043         default:
5044                 err = cmd_status(sk, hdev->id, MGMT_OP_START_LE_DISCOVERY,
5045                                  MGMT_STATUS_INVALID_PARAMS);
5046                 mgmt_pending_remove(cmd);
5047                 goto failed;
5048         }
5049
5050         err = hci_req_run(&req, start_le_discovery_complete);
5051         if (err < 0)
5052                 mgmt_pending_remove(cmd);
5053         else
5054                 hci_le_discovery_set_state(hdev, DISCOVERY_STARTING);
5055
5056 failed:
5057         hci_dev_unlock(hdev);
5058         return err;
5059 }
5060
5061 static int mgmt_stop_le_discovery_failed(struct hci_dev *hdev, u8 status)
5062 {
5063         struct pending_cmd *cmd;
5064         int err;
5065
5066         cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
5067         if (!cmd)
5068                 return -ENOENT;
5069
5070         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
5071                            &hdev->le_discovery.type, sizeof(hdev->le_discovery.type));
5072         mgmt_pending_remove(cmd);
5073
5074         return err;
5075 }
5076
5077 static void stop_le_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5078 {
5079         BT_DBG("status %d", status);
5080
5081         hci_dev_lock(hdev);
5082
5083         if (status) {
5084                 mgmt_stop_le_discovery_failed(hdev, status);
5085                 goto unlock;
5086         }
5087
5088         hci_le_discovery_set_state(hdev, DISCOVERY_STOPPED);
5089
5090 unlock:
5091         hci_dev_unlock(hdev);
5092 }
5093
5094 static int stop_le_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5095                           u16 len)
5096 {
5097         struct mgmt_cp_stop_le_discovery *mgmt_cp = data;
5098         struct pending_cmd *cmd;
5099         struct hci_request req;
5100         int err;
5101
5102         BT_DBG("%s", hdev->name);
5103
5104         hci_dev_lock(hdev);
5105
5106         if (!hci_le_discovery_active(hdev)) {
5107                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5108                                    MGMT_STATUS_REJECTED, &mgmt_cp->type,
5109                                    sizeof(mgmt_cp->type));
5110                 goto unlock;
5111         }
5112
5113         if (hdev->le_discovery.type != mgmt_cp->type) {
5114                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5115                                    MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
5116                                    sizeof(mgmt_cp->type));
5117                 goto unlock;
5118         }
5119
5120         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_LE_DISCOVERY, hdev, NULL, 0);
5121         if (!cmd) {
5122                 err = -ENOMEM;
5123                 goto unlock;
5124         }
5125
5126         hci_req_init(&req, hdev);
5127
5128         switch (hdev->le_discovery.state) {
5129         case DISCOVERY_FINDING:
5130                 cancel_delayed_work(&hdev->le_scan_disable);
5131                 hci_req_add_le_scan_disable(&req);
5132                 break;
5133
5134         default:
5135                 BT_DBG("unknown le discovery state %u", hdev->le_discovery.state);
5136
5137                 mgmt_pending_remove(cmd);
5138                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_LE_DISCOVERY,
5139                                    MGMT_STATUS_FAILED, &mgmt_cp->type,
5140                                    sizeof(mgmt_cp->type));
5141                 goto unlock;
5142         }
5143
5144         err = hci_req_run(&req, stop_le_discovery_complete);
5145         if (err < 0)
5146                 mgmt_pending_remove(cmd);
5147         else
5148                 hci_le_discovery_set_state(hdev, DISCOVERY_STOPPING);
5149
5150 unlock:
5151         hci_dev_unlock(hdev);
5152         return err;
5153 }
5154
5155 /* BEGIN TIZEN_Bluetooth :: LE auto connect */
5156 static int disable_le_auto_connect(struct sock *sk, struct hci_dev *hdev,
5157                         void *data, u16 len)
5158 {
5159         int err;
5160
5161         BT_DBG("%s", hdev->name);
5162
5163         hci_dev_lock(hdev);
5164
5165         err = hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
5166         if (err < 0) {
5167                 BT_ERR("HCI_OP_LE_CREATE_CONN_CANCEL is failed");
5168         }
5169
5170         hci_dev_unlock(hdev);
5171
5172         return err;
5173 }
5174 /* END TIZEN_Bluetooth */
5175
5176 /* BEGIN TIZEN_Bluetooth :: LE connection Update */
5177 static int le_conn_update(struct sock *sk, struct hci_dev *hdev, void *data,
5178                         u16 len)
5179 {
5180         struct mgmt_cp_le_conn_update *cp = data;
5181
5182         struct hci_conn *conn;
5183         u16 min, max, latency, supervision_timeout;
5184         int err = -1;
5185
5186         if (!hdev_is_powered(hdev))
5187                 return cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5188                                 MGMT_STATUS_NOT_POWERED);
5189
5190         min     = __le16_to_cpu(cp->conn_interval_min);
5191         max     = __le16_to_cpu(cp->conn_interval_max);
5192         latency     = __le16_to_cpu(cp->conn_latency);
5193         supervision_timeout = __le16_to_cpu(cp->supervision_timeout);
5194
5195         BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x supervision_timeout: 0x%4.4x",
5196                         min, max, latency, supervision_timeout);
5197
5198         err = check_le_conn_update_param(min, max, latency, supervision_timeout);
5199
5200         if (err < 0) {
5201                 err = cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5202                                 MGMT_STATUS_INVALID_PARAMS);
5203
5204                 goto done;
5205         }
5206
5207         hci_dev_lock(hdev);
5208         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
5209
5210         if (!conn) {
5211                 cmd_status(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE,
5212                                 MGMT_STATUS_NOT_CONNECTED);
5213                 goto done;
5214         }
5215
5216         hci_le_conn_update(conn, min, max, latency, supervision_timeout);
5217
5218         err = cmd_complete(sk, hdev->id, MGMT_OP_LE_CONN_UPDATE, 0,
5219                                 NULL, 0);
5220 done:
5221         hci_dev_unlock(hdev);
5222         return err;
5223 }
5224 /* END TIZEN_Bluetooth */
5225 #endif
5226
5227 static void fast_connectable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5228 {
5229         struct pending_cmd *cmd;
5230
5231         BT_DBG("status 0x%02x", status);
5232
5233         hci_dev_lock(hdev);
5234
5235         cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5236         if (!cmd)
5237                 goto unlock;
5238
5239         if (status) {
5240                 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5241                            mgmt_status(status));
5242         } else {
5243                 struct mgmt_mode *cp = cmd->param;
5244
5245                 if (cp->val)
5246                         set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5247                 else
5248                         clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5249
5250                 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5251                 new_settings(hdev, cmd->sk);
5252         }
5253
5254         mgmt_pending_remove(cmd);
5255
5256 unlock:
5257         hci_dev_unlock(hdev);
5258 }
5259
5260 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
5261                                 void *data, u16 len)
5262 {
5263         struct mgmt_mode *cp = data;
5264         struct pending_cmd *cmd;
5265         struct hci_request req;
5266         int err;
5267
5268         BT_DBG("%s", hdev->name);
5269
5270         if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
5271             hdev->hci_ver < BLUETOOTH_VER_1_2)
5272                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5273                                   MGMT_STATUS_NOT_SUPPORTED);
5274
5275         if (cp->val != 0x00 && cp->val != 0x01)
5276                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5277                                   MGMT_STATUS_INVALID_PARAMS);
5278
5279         if (!hdev_is_powered(hdev))
5280                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5281                                   MGMT_STATUS_NOT_POWERED);
5282
5283         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
5284                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5285                                   MGMT_STATUS_REJECTED);
5286
5287         hci_dev_lock(hdev);
5288
5289         if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
5290                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5291                                  MGMT_STATUS_BUSY);
5292                 goto unlock;
5293         }
5294
5295         if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
5296                 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5297                                         hdev);
5298                 goto unlock;
5299         }
5300
5301         cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5302                                data, len);
5303         if (!cmd) {
5304                 err = -ENOMEM;
5305                 goto unlock;
5306         }
5307
5308         hci_req_init(&req, hdev);
5309
5310         write_fast_connectable(&req, cp->val);
5311
5312         err = hci_req_run(&req, fast_connectable_complete);
5313         if (err < 0) {
5314                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5315                                  MGMT_STATUS_FAILED);
5316                 mgmt_pending_remove(cmd);
5317         }
5318
5319 unlock:
5320         hci_dev_unlock(hdev);
5321
5322         return err;
5323 }
5324
5325 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5326 {
5327         struct pending_cmd *cmd;
5328
5329         BT_DBG("status 0x%02x", status);
5330
5331         hci_dev_lock(hdev);
5332
5333         cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
5334         if (!cmd)
5335                 goto unlock;
5336
5337         if (status) {
5338                 u8 mgmt_err = mgmt_status(status);
5339
5340                 /* We need to restore the flag if related HCI commands
5341                  * failed.
5342                  */
5343                 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5344
5345                 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5346         } else {
5347                 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5348                 new_settings(hdev, cmd->sk);
5349         }
5350
5351         mgmt_pending_remove(cmd);
5352
5353 unlock:
5354         hci_dev_unlock(hdev);
5355 }
5356
5357 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5358 {
5359         struct mgmt_mode *cp = data;
5360         struct pending_cmd *cmd;
5361         struct hci_request req;
5362         int err;
5363
5364         BT_DBG("request for %s", hdev->name);
5365
5366         if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5367                 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5368                                   MGMT_STATUS_NOT_SUPPORTED);
5369
5370         if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5371                 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5372                                   MGMT_STATUS_REJECTED);
5373
5374         if (cp->val != 0x00 && cp->val != 0x01)
5375                 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5376                                   MGMT_STATUS_INVALID_PARAMS);
5377
5378         hci_dev_lock(hdev);
5379
5380         if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5381                 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5382                 goto unlock;
5383         }
5384
5385         if (!hdev_is_powered(hdev)) {
5386                 if (!cp->val) {
5387                         clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5388                         clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5389                         clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5390                         clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
5391                         clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5392                 }
5393
5394                 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5395
5396                 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5397                 if (err < 0)
5398                         goto unlock;
5399
5400                 err = new_settings(hdev, sk);
5401                 goto unlock;
5402         }
5403
5404         /* Reject disabling when powered on */
5405         if (!cp->val) {
5406                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5407                                  MGMT_STATUS_REJECTED);
5408                 goto unlock;
5409         } else {
5410                 /* When configuring a dual-mode controller to operate
5411                  * with LE only and using a static address, then switching
5412                  * BR/EDR back on is not allowed.
5413                  *
5414                  * Dual-mode controllers shall operate with the public
5415                  * address as its identity address for BR/EDR and LE. So
5416                  * reject the attempt to create an invalid configuration.
5417                  *
5418                  * The same restrictions applies when secure connections
5419                  * has been enabled. For BR/EDR this is a controller feature
5420                  * while for LE it is a host stack feature. This means that
5421                  * switching BR/EDR back on when secure connections has been
5422                  * enabled is not a supported transaction.
5423                  */
5424                 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5425                     (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5426                      test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
5427                         err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5428                                          MGMT_STATUS_REJECTED);
5429                         goto unlock;
5430                 }
5431         }
5432
5433         if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
5434                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5435                                  MGMT_STATUS_BUSY);
5436                 goto unlock;
5437         }
5438
5439         cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5440         if (!cmd) {
5441                 err = -ENOMEM;
5442                 goto unlock;
5443         }
5444
5445         /* We need to flip the bit already here so that update_adv_data
5446          * generates the correct flags.
5447          */
5448         set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
5449
5450         hci_req_init(&req, hdev);
5451
5452         write_fast_connectable(&req, false);
5453         __hci_update_page_scan(&req);
5454
5455         /* Since only the advertising data flags will change, there
5456          * is no need to update the scan response data.
5457          */
5458         update_adv_data(&req);
5459
5460         err = hci_req_run(&req, set_bredr_complete);
5461         if (err < 0)
5462                 mgmt_pending_remove(cmd);
5463
5464 unlock:
5465         hci_dev_unlock(hdev);
5466         return err;
5467 }
5468
5469 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5470 {
5471         struct pending_cmd *cmd;
5472         struct mgmt_mode *cp;
5473
5474         BT_DBG("%s status %u", hdev->name, status);
5475
5476         hci_dev_lock(hdev);
5477
5478         cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5479         if (!cmd)
5480                 goto unlock;
5481
5482         if (status) {
5483                 cmd_status(cmd->sk, cmd->index, cmd->opcode,
5484                            mgmt_status(status));
5485                 goto remove;
5486         }
5487
5488         cp = cmd->param;
5489
5490         switch (cp->val) {
5491         case 0x00:
5492                 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5493                 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5494                 break;
5495         case 0x01:
5496                 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5497                 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5498                 break;
5499         case 0x02:
5500                 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5501                 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5502                 break;
5503         }
5504
5505         send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5506         new_settings(hdev, cmd->sk);
5507
5508 remove:
5509         mgmt_pending_remove(cmd);
5510 unlock:
5511         hci_dev_unlock(hdev);
5512 }
5513
5514 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5515                            void *data, u16 len)
5516 {
5517         struct mgmt_mode *cp = data;
5518         struct pending_cmd *cmd;
5519         struct hci_request req;
5520         u8 val;
5521         int err;
5522
5523         BT_DBG("request for %s", hdev->name);
5524
5525         if (!lmp_sc_capable(hdev) &&
5526             !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5527                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5528                                   MGMT_STATUS_NOT_SUPPORTED);
5529
5530         if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
5531             !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5532                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5533                                   MGMT_STATUS_REJECTED);
5534
5535         if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5536                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5537                                   MGMT_STATUS_INVALID_PARAMS);
5538
5539         hci_dev_lock(hdev);
5540
5541         if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5542             !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5543                 bool changed;
5544
5545                 if (cp->val) {
5546                         changed = !test_and_set_bit(HCI_SC_ENABLED,
5547                                                     &hdev->dev_flags);
5548                         if (cp->val == 0x02)
5549                                 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
5550                         else
5551                                 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5552                 } else {
5553                         changed = test_and_clear_bit(HCI_SC_ENABLED,
5554                                                      &hdev->dev_flags);
5555                         clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5556                 }
5557
5558                 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5559                 if (err < 0)
5560                         goto failed;
5561
5562                 if (changed)
5563                         err = new_settings(hdev, sk);
5564
5565                 goto failed;
5566         }
5567
5568         if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5569                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5570                                  MGMT_STATUS_BUSY);
5571                 goto failed;
5572         }
5573
5574         val = !!cp->val;
5575
5576         if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5577             (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
5578                 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5579                 goto failed;
5580         }
5581
5582         cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5583         if (!cmd) {
5584                 err = -ENOMEM;
5585                 goto failed;
5586         }
5587
5588         hci_req_init(&req, hdev);
5589         hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5590         err = hci_req_run(&req, sc_enable_complete);
5591         if (err < 0) {
5592                 mgmt_pending_remove(cmd);
5593                 goto failed;
5594         }
5595
5596 failed:
5597         hci_dev_unlock(hdev);
5598         return err;
5599 }
5600
5601 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5602                           void *data, u16 len)
5603 {
5604         struct mgmt_mode *cp = data;
5605         bool changed, use_changed;
5606         int err;
5607
5608         BT_DBG("request for %s", hdev->name);
5609
5610         if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5611                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5612                                   MGMT_STATUS_INVALID_PARAMS);
5613
5614         hci_dev_lock(hdev);
5615
5616         if (cp->val)
5617                 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5618                                             &hdev->dev_flags);
5619         else
5620                 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5621                                              &hdev->dev_flags);
5622
5623         if (cp->val == 0x02)
5624                 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5625                                                 &hdev->dev_flags);
5626         else
5627                 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5628                                                  &hdev->dev_flags);
5629
5630         if (hdev_is_powered(hdev) && use_changed &&
5631             test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5632                 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5633                 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5634                              sizeof(mode), &mode);
5635         }
5636
5637         err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5638         if (err < 0)
5639                 goto unlock;
5640
5641         if (changed)
5642                 err = new_settings(hdev, sk);
5643
5644 unlock:
5645         hci_dev_unlock(hdev);
5646         return err;
5647 }
5648
5649 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5650                        u16 len)
5651 {
5652         struct mgmt_cp_set_privacy *cp = cp_data;
5653         bool changed;
5654         int err;
5655
5656         BT_DBG("request for %s", hdev->name);
5657
5658         if (!lmp_le_capable(hdev))
5659                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5660                                   MGMT_STATUS_NOT_SUPPORTED);
5661
5662         if (cp->privacy != 0x00 && cp->privacy != 0x01)
5663                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5664                                   MGMT_STATUS_INVALID_PARAMS);
5665
5666 /* Not sure why below condition is required; commenting for now,
5667         * since set privacy command is always rejected if this condition is enabled.
5668         */
5669 #ifndef CONFIG_TIZEN_WIP
5670         if (hdev_is_powered(hdev))
5671                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5672                                   MGMT_STATUS_REJECTED);
5673 #endif
5674
5675         hci_dev_lock(hdev);
5676
5677         /* If user space supports this command it is also expected to
5678          * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5679          */
5680         set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5681
5682         if (cp->privacy) {
5683                 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5684                 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5685                 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5686         } else {
5687                 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5688                 memset(hdev->irk, 0, sizeof(hdev->irk));
5689                 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5690         }
5691
5692         err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5693         if (err < 0)
5694                 goto unlock;
5695
5696         if (changed)
5697                 err = new_settings(hdev, sk);
5698
5699 unlock:
5700         hci_dev_unlock(hdev);
5701         return err;
5702 }
5703
5704 static bool irk_is_valid(struct mgmt_irk_info *irk)
5705 {
5706         switch (irk->addr.type) {
5707         case BDADDR_LE_PUBLIC:
5708                 return true;
5709
5710         case BDADDR_LE_RANDOM:
5711                 /* Two most significant bits shall be set */
5712                 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5713                         return false;
5714                 return true;
5715         }
5716
5717         return false;
5718 }
5719
5720 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5721                      u16 len)
5722 {
5723         struct mgmt_cp_load_irks *cp = cp_data;
5724         const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5725                                    sizeof(struct mgmt_irk_info));
5726         u16 irk_count, expected_len;
5727         int i, err;
5728
5729         BT_DBG("request for %s", hdev->name);
5730
5731         if (!lmp_le_capable(hdev))
5732                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5733                                   MGMT_STATUS_NOT_SUPPORTED);
5734
5735         irk_count = __le16_to_cpu(cp->irk_count);
5736         if (irk_count > max_irk_count) {
5737                 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5738                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5739                                   MGMT_STATUS_INVALID_PARAMS);
5740         }
5741
5742         expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5743         if (expected_len != len) {
5744                 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5745                        expected_len, len);
5746                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5747                                   MGMT_STATUS_INVALID_PARAMS);
5748         }
5749
5750         BT_DBG("%s irk_count %u", hdev->name, irk_count);
5751
5752         for (i = 0; i < irk_count; i++) {
5753                 struct mgmt_irk_info *key = &cp->irks[i];
5754
5755                 if (!irk_is_valid(key))
5756                         return cmd_status(sk, hdev->id,
5757                                           MGMT_OP_LOAD_IRKS,
5758                                           MGMT_STATUS_INVALID_PARAMS);
5759         }
5760
5761         hci_dev_lock(hdev);
5762
5763         hci_smp_irks_clear(hdev);
5764
5765         for (i = 0; i < irk_count; i++) {
5766                 struct mgmt_irk_info *irk = &cp->irks[i];
5767                 u8 addr_type;
5768
5769                 if (irk->addr.type == BDADDR_LE_PUBLIC)
5770                         addr_type = ADDR_LE_DEV_PUBLIC;
5771                 else
5772                         addr_type = ADDR_LE_DEV_RANDOM;
5773
5774                 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5775                             BDADDR_ANY);
5776         }
5777
5778         set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5779
5780         err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5781
5782         hci_dev_unlock(hdev);
5783
5784         return err;
5785 }
5786
5787 #ifdef CONFIG_TIZEN_WIP
5788 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
5789                                   void *data, u16 len)
5790 {
5791         struct mgmt_cp_set_advertising_params *cp = data;
5792         __u16 min_interval;
5793         __u16 max_interval;
5794         int err;
5795
5796         BT_DBG("%s", hdev->name);
5797
5798         if (!lmp_le_capable(hdev))
5799                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5800                                 MGMT_STATUS_NOT_SUPPORTED);
5801
5802         if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5803                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5804                                 MGMT_STATUS_BUSY);
5805
5806         min_interval = __le16_to_cpu(cp->interval_min);
5807         max_interval = __le16_to_cpu(cp->interval_max);
5808
5809         if (min_interval > max_interval ||
5810             min_interval < 0x0020 || max_interval > 0x4000)
5811                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS,
5812                                 MGMT_STATUS_INVALID_PARAMS);
5813
5814         hci_dev_lock(hdev);
5815
5816         hdev->le_adv_min_interval = min_interval;
5817         hdev->le_adv_max_interval = max_interval;
5818         hdev->adv_filter_policy = cp->filter_policy;
5819         hdev->adv_type = cp->type;
5820
5821         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
5822
5823         hci_dev_unlock(hdev);
5824
5825         return err;
5826 }
5827
5828 static void set_advertising_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5829 {
5830         struct mgmt_cp_set_advertising_data *cp;
5831         struct pending_cmd *cmd;
5832
5833         BT_DBG("status 0x%02x", status);
5834
5835         hci_dev_lock(hdev);
5836
5837         cmd = mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
5838         if (!cmd)
5839                 goto unlock;
5840
5841         cp = cmd->param;
5842
5843         if (status)
5844                 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5845                            mgmt_status(status));
5846         else
5847                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA, 0,
5848                              cp, sizeof(*cp));
5849
5850         mgmt_pending_remove(cmd);
5851
5852 unlock:
5853         hci_dev_unlock(hdev);
5854 }
5855
5856 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
5857                                 void *data, u16 len)
5858 {
5859         struct pending_cmd *cmd;
5860         struct hci_request req;
5861         struct mgmt_cp_set_advertising_data *cp = data;
5862         struct hci_cp_le_set_adv_data adv;
5863         int err;
5864
5865         BT_DBG("%s", hdev->name);
5866
5867         if (!lmp_le_capable(hdev)) {
5868                 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5869                                 MGMT_STATUS_NOT_SUPPORTED);
5870         }
5871
5872         hci_dev_lock(hdev);
5873
5874         if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
5875                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5876                                 MGMT_STATUS_BUSY);
5877                 goto unlocked;
5878         }
5879
5880         cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
5881                                hdev, data, len);
5882         if (!cmd) {
5883                 err = -ENOMEM;
5884                 goto unlocked;
5885         }
5886
5887         if (len > HCI_MAX_AD_LENGTH) {
5888                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING_DATA,
5889                                  MGMT_STATUS_INVALID_PARAMS);
5890                 goto unlocked;
5891         }
5892
5893         hci_req_init(&req, hdev);
5894
5895         memset(&adv, 0, sizeof(adv));
5896         memcpy(adv.data, cp->data, len);
5897         adv.length = len;
5898
5899         hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
5900
5901         err = hci_req_run(&req, set_advertising_data_complete);
5902         if (err < 0) {
5903                 mgmt_pending_remove(cmd);
5904         }
5905
5906 unlocked:
5907         hci_dev_unlock(hdev);
5908
5909         return err;
5910 }
5911
5912 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5913 {
5914         struct mgmt_cp_set_scan_rsp_data *cp;
5915         struct pending_cmd *cmd;
5916
5917         BT_DBG("status 0x%02x", status);
5918
5919         hci_dev_lock(hdev);
5920
5921         cmd = mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
5922         if (!cmd)
5923                 goto unlock;
5924
5925         cp = cmd->param;
5926
5927         if (status)
5928                 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5929                            mgmt_status(status));
5930         else
5931                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA, 0,
5932                              cp, sizeof(*cp));
5933
5934         mgmt_pending_remove(cmd);
5935
5936 unlock:
5937         hci_dev_unlock(hdev);
5938 }
5939
5940 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
5941                              u16 len)
5942 {
5943         struct pending_cmd *cmd;
5944         struct hci_request req;
5945         struct mgmt_cp_set_scan_rsp_data *cp = data;
5946         struct hci_cp_le_set_scan_rsp_data rsp;
5947         int err;
5948
5949         BT_DBG("%s", hdev->name);
5950
5951         if (!lmp_le_capable(hdev))
5952                 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5953                                 MGMT_STATUS_NOT_SUPPORTED);
5954
5955         hci_dev_lock(hdev);
5956
5957         if (mgmt_pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
5958                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5959                                 MGMT_STATUS_BUSY);
5960                 goto unlocked;
5961         }
5962
5963         cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
5964         if (!cmd) {
5965                 err = -ENOMEM;
5966                 goto unlocked;
5967         }
5968         if (len > HCI_MAX_AD_LENGTH) {
5969                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
5970                                  MGMT_STATUS_INVALID_PARAMS);
5971                 goto unlocked;
5972         }
5973
5974         hci_req_init(&req, hdev);
5975
5976         memset(&rsp, 0, sizeof(rsp));
5977         memcpy(rsp.data, cp->data, len);
5978         rsp.length = len;
5979
5980         hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
5981
5982         err = hci_req_run(&req, set_scan_rsp_data_complete);
5983         if (err < 0) {
5984                 mgmt_pending_remove(cmd);
5985         }
5986
5987 unlocked:
5988         hci_dev_unlock(hdev);
5989
5990         return err;
5991 }
5992
5993 static void set_manufacturer_data_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5994 {
5995         struct mgmt_cp_set_manufacturer_data *cp;
5996         struct pending_cmd *cmd;
5997
5998         BT_DBG("status 0x%02x", status);
5999
6000         hci_dev_lock(hdev);
6001
6002         cmd = mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev);
6003         if (!cmd)
6004                 goto unlock;
6005
6006         cp = cmd->param;
6007
6008         if (status)
6009                 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6010                            mgmt_status(status));
6011         else
6012                 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6013                              cp, sizeof(*cp));
6014
6015         mgmt_pending_remove(cmd);
6016
6017 unlock:
6018         hci_dev_unlock(hdev);
6019 }
6020
6021 static int set_manufacturer_data(struct sock *sk, struct hci_dev *hdev,
6022                                         void *data, u16 len)
6023 {
6024         struct pending_cmd *cmd;
6025         struct hci_request req;
6026         struct mgmt_cp_set_manufacturer_data *cp = data;
6027         u8 old_data[HCI_MAX_EIR_LENGTH] = {0, };
6028         u8 old_len;
6029
6030         int err;
6031
6032         BT_DBG("%s", hdev->name);
6033
6034         if (!lmp_bredr_capable(hdev)) {
6035                 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6036                                 MGMT_STATUS_NOT_SUPPORTED);
6037         }
6038
6039         if (cp->data[0] == 0 ||
6040                         cp->data[0] - 1 > sizeof(hdev->manufacturer_data)) {
6041                 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6042                                 MGMT_STATUS_INVALID_PARAMS);
6043         }
6044
6045         if (cp->data[1] != 0xFF) {
6046                 return cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6047                                 MGMT_STATUS_NOT_SUPPORTED);
6048         }
6049
6050         hci_dev_lock(hdev);
6051
6052         if (mgmt_pending_find(MGMT_OP_SET_MANUFACTURER_DATA, hdev)) {
6053                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA,
6054                                 MGMT_STATUS_BUSY);
6055                 goto unlocked;
6056         }
6057
6058         cmd = mgmt_pending_add(sk, MGMT_OP_SET_MANUFACTURER_DATA, hdev, data, len);
6059         if (!cmd) {
6060                 err = -ENOMEM;
6061                 goto unlocked;
6062         }
6063
6064         hci_req_init(&req, hdev);
6065
6066         /* if new data is same as previous data then return command complete event*/
6067         if (hdev->manufacturer_len == cp->data[0] - 1 &&
6068             !memcmp(hdev->manufacturer_data, cp->data + 2, cp->data[0] - 1)) {
6069                 mgmt_pending_remove(cmd);
6070                 cmd_complete(sk, hdev->id, MGMT_OP_SET_MANUFACTURER_DATA, 0,
6071                                 cp, sizeof(*cp));
6072                 hci_dev_unlock(hdev);
6073                 return 0;
6074         }
6075
6076         old_len = hdev->manufacturer_len;
6077         if (old_len > 0) {
6078                 memcpy(old_data, hdev->manufacturer_data, old_len);
6079         }
6080
6081         hdev->manufacturer_len = cp->data[0] - 1;
6082         if (hdev->manufacturer_len > 0) {
6083                 memcpy(hdev->manufacturer_data, cp->data + 2, hdev->manufacturer_len);
6084         }
6085
6086         update_eir(&req);
6087
6088         err = hci_req_run(&req, set_manufacturer_data_complete);
6089         if (err < 0) {
6090                 mgmt_pending_remove(cmd);
6091                 goto failed;
6092         }
6093
6094 unlocked:
6095         hci_dev_unlock(hdev);
6096
6097         return err;
6098
6099 failed:
6100         memset(hdev->manufacturer_data, 0x00, sizeof(hdev->manufacturer_data));
6101         hdev->manufacturer_len = old_len;
6102         if (hdev->manufacturer_len > 0) {
6103                 memcpy(hdev->manufacturer_data, old_data,
6104                        hdev->manufacturer_len);
6105         }
6106         hci_dev_unlock(hdev);
6107         return err;
6108 }
6109
6110 #ifdef CONFIG_TIZEN_WIP
6111 static int set_voice_setting(struct sock *sk, struct hci_dev *hdev,
6112                                         void *data, u16 len)
6113 {
6114         struct mgmt_cp_set_voice_setting *cp = data;
6115         struct hci_conn *conn;
6116         struct hci_conn *sco_conn;
6117
6118         int err;
6119
6120         BT_DBG("%s", hdev->name);
6121
6122         if (!lmp_bredr_capable(hdev)) {
6123                 return cmd_status(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING,
6124                                 MGMT_STATUS_NOT_SUPPORTED);
6125         }
6126
6127         hci_dev_lock(hdev);
6128
6129         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
6130         if (!conn) {
6131                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6132                                 NULL, 0);
6133                 goto unlock;
6134         }
6135
6136         conn->voice_setting = cp->voice_setting;
6137         conn->sco_role = cp->sco_role;
6138
6139         sco_conn = hci_conn_hash_lookup_sco(hdev);
6140         if (sco_conn && bacmp(&sco_conn->dst, &cp->bdaddr) != 0) {
6141                 BT_ERR("There is other SCO connection.");
6142                 goto done;
6143         }
6144
6145         if (conn->sco_role == MGMT_SCO_ROLE_HANDSFREE) {
6146                 if (conn->voice_setting == 0x0063)
6147                         sco_connect_set_wbc(hdev);
6148                 else
6149                         sco_connect_set_nbc(hdev);
6150         } else {
6151                 if (conn->voice_setting == 0x0063)
6152                         sco_connect_set_gw_wbc(hdev);
6153                 else
6154                         sco_connect_set_gw_nbc(hdev);
6155         }
6156
6157 done:
6158         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_VOICE_SETTING, 0,
6159                         cp, sizeof(cp));
6160
6161 unlock:
6162         hci_dev_unlock(hdev);
6163         return err;
6164 }
6165 #endif
6166
6167 static int get_adv_tx_power(struct sock *sk, struct hci_dev *hdev,
6168                            void *data, u16 len)
6169 {
6170         struct mgmt_rp_get_adv_tx_power *rp;
6171         size_t rp_len;
6172         int err;
6173
6174         BT_DBG("%s", hdev->name);
6175
6176         hci_dev_lock(hdev);
6177
6178         rp_len = sizeof(*rp);
6179         rp = kmalloc(rp_len, GFP_KERNEL);
6180         if (!rp) {
6181                 err = -ENOMEM;
6182                 goto unlock;
6183         }
6184
6185         rp->adv_tx_power= hdev->adv_tx_power;
6186
6187         err = cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_TX_POWER, 0, rp,
6188                            rp_len);
6189
6190         kfree(rp);
6191
6192 unlock:
6193         hci_dev_unlock(hdev);
6194
6195         return err;
6196 }
6197
6198 /* BEGIN TIZEN_Bluetooth :: Apply RSSI changes   */
6199 static void set_rssi_threshold_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6200 {
6201         BT_DBG("status 0x%02x", status);
6202 }
6203
6204 static void set_rssi_disable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6205 {
6206         BT_DBG("status 0x%02x", status);
6207 }
6208
6209 int mgmt_set_rssi_threshold(struct sock *sk, struct hci_dev *hdev,
6210                 void *data, u16 len)
6211 {
6212         int err = 0;
6213         struct hci_cp_set_rssi_threshold th = { 0, };
6214         struct mgmt_cp_set_enable_rssi *cp = data;
6215         struct hci_conn *conn;
6216         struct pending_cmd *cmd;
6217         struct hci_request req;
6218         __u8 dest_type;
6219
6220         hci_dev_lock(hdev);
6221
6222         cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6223         if (!cmd) {
6224                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6225                                 MGMT_STATUS_FAILED);
6226                 goto unlocked;
6227         }
6228
6229         if (!lmp_le_capable(hdev)) {
6230                 mgmt_pending_remove(cmd);
6231                 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6232                                 MGMT_STATUS_NOT_SUPPORTED);
6233         }
6234
6235         if (!hdev_is_powered(hdev)) {
6236                 BT_DBG("%s", hdev->name);
6237                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6238                                 MGMT_STATUS_NOT_POWERED, data, len);
6239                 mgmt_pending_remove(cmd);
6240                 goto unlocked;
6241         }
6242
6243         if (cp->link_type == 0x01)
6244                 dest_type = LE_LINK;
6245         else
6246                 dest_type = ACL_LINK;
6247
6248         /* Get LE/ACL link handle info*/
6249         conn = hci_conn_hash_lookup_ba(hdev,
6250                         dest_type, &cp->bdaddr);
6251
6252         if (conn == NULL) {
6253                 err = cmd_complete(sk, hdev->id,
6254                                 MGMT_OP_SET_RSSI_ENABLE, 1, NULL, 0);
6255                 mgmt_pending_remove(cmd);
6256                 goto unlocked;
6257         }
6258
6259         hci_req_init(&req, hdev);
6260
6261         th.hci_le_ext_opcode = 0x0B;
6262         th.mode = 0x01;
6263         th.conn_handle = conn->handle;
6264         th.alert_mask = 0x07;
6265         th.low_th = cp->low_th;
6266         th.in_range_th = cp->in_range_th;
6267         th.high_th = cp->high_th;
6268
6269         hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6270         err = hci_req_run(&req, set_rssi_threshold_complete);
6271
6272         if (err < 0) {
6273                 mgmt_pending_remove(cmd);
6274                 BT_ERR("Error in requesting hci_req_run");
6275                 goto unlocked;
6276         }
6277
6278 unlocked:
6279         hci_dev_unlock(hdev);
6280         return err;
6281 }
6282
6283 void mgmt_rssi_enable_success(struct sock *sk, struct hci_dev *hdev,
6284                 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6285 {
6286         struct mgmt_cc_rsp_enable_rssi mgmt_rp = { 0, };
6287         struct mgmt_cp_set_enable_rssi *cp = data;
6288         struct pending_cmd *cmd;
6289
6290         if (cp == NULL || rp == NULL)
6291                 goto remove_cmd;
6292
6293         mgmt_rp.status = rp->status;
6294         mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6295         mgmt_rp.bt_address = cp->bdaddr;
6296         mgmt_rp.link_type = cp->link_type;
6297
6298         cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, MGMT_STATUS_SUCCESS,
6299                         &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6300
6301         mgmt_event(MGMT_EV_RSSI_ENABLED, hdev, &mgmt_rp,
6302                         sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6303
6304         hci_conn_rssi_unset_all(hdev, mgmt_rp.link_type);
6305         hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6306                         &mgmt_rp.bt_address, true);
6307
6308 remove_cmd:
6309         hci_dev_lock(hdev);
6310         cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6311         if (cmd)
6312                 mgmt_pending_remove(cmd);
6313
6314         hci_dev_unlock(hdev);
6315 }
6316
6317 void mgmt_rssi_disable_success(struct sock *sk, struct hci_dev *hdev,
6318                 void *data, struct hci_cc_rsp_enable_rssi *rp, int success)
6319 {
6320         struct mgmt_cc_rp_disable_rssi mgmt_rp = { 0, };
6321         struct mgmt_cp_disable_rssi *cp = data;
6322         struct pending_cmd *cmd;
6323
6324         if (cp == NULL || rp == NULL)
6325                 goto remove_cmd;
6326
6327         mgmt_rp.status = rp->status;
6328         mgmt_rp.le_ext_opcode = rp->le_ext_opcode;
6329         mgmt_rp.bt_address = cp->bdaddr;
6330         mgmt_rp.link_type = cp->link_type;
6331
6332         cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, MGMT_STATUS_SUCCESS,
6333                         &mgmt_rp, sizeof(struct mgmt_cc_rsp_enable_rssi));
6334
6335         mgmt_event(MGMT_EV_RSSI_DISABLED, hdev, &mgmt_rp,
6336                         sizeof(struct mgmt_cc_rsp_enable_rssi), NULL);
6337
6338         hci_conn_rssi_state_set(hdev, mgmt_rp.link_type,
6339                         &mgmt_rp.bt_address, false);
6340
6341
6342 remove_cmd:
6343         hci_dev_lock(hdev);
6344         cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6345         if (cmd)
6346                 mgmt_pending_remove(cmd);
6347
6348         hci_dev_unlock(hdev);
6349 }
6350
6351 static int mgmt_set_disable_rssi(struct sock *sk, struct hci_dev *hdev,
6352                 void *data, u16 len)
6353 {
6354         struct pending_cmd *cmd;
6355         struct hci_request req;
6356         struct hci_cp_set_enable_rssi cp_en = { 0, };
6357         int err;
6358
6359         BT_DBG("Set Disable RSSI.");
6360
6361         cp_en.hci_le_ext_opcode = 0x01;
6362         cp_en.le_enable_cs_Features = 0x00;
6363         cp_en.data[0] = 0x00;
6364         cp_en.data[1] = 0x00;
6365         cp_en.data[2] = 0x00;
6366
6367         hci_dev_lock(hdev);
6368
6369         cmd = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6370         if (!cmd) {
6371                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6372                                 MGMT_STATUS_FAILED);
6373                 goto unlocked;
6374         }
6375
6376         if (!lmp_le_capable(hdev)) {
6377                 mgmt_pending_remove(cmd);
6378                 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6379                                 MGMT_STATUS_NOT_SUPPORTED);
6380         }
6381
6382         if (!hdev_is_powered(hdev)) {
6383                 BT_DBG("%s", hdev->name);
6384                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6385                                 MGMT_STATUS_NOT_POWERED, data, len);
6386                 mgmt_pending_remove(cmd);
6387                 goto unlocked;
6388         }
6389
6390         hci_req_init(&req, hdev);
6391
6392         BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6393                         sizeof(struct hci_cp_set_enable_rssi),
6394                         cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6395                         cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6396
6397         hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6398         err = hci_req_run(&req, set_rssi_disable_complete);
6399
6400         if (err < 0) {
6401                 mgmt_pending_remove(cmd);
6402                 BT_ERR("Error in requesting hci_req_run");
6403                 goto unlocked;
6404         }
6405
6406 unlocked:
6407         hci_dev_unlock(hdev);
6408
6409         return err;
6410
6411 }
6412
6413 void mgmt_enable_rssi_cc(struct hci_dev *hdev, void *response, u8 status)
6414 {
6415         struct hci_cc_rsp_enable_rssi *rp = response;
6416         struct pending_cmd *cmd_enable = NULL;
6417         struct pending_cmd *cmd_disable = NULL;
6418         struct mgmt_cp_set_enable_rssi *cp_en;
6419         struct mgmt_cp_disable_rssi *cp_dis;
6420
6421         hci_dev_lock(hdev);
6422         cmd_enable = mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev);
6423         cmd_disable = mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev);
6424         hci_dev_unlock(hdev);
6425
6426         if(cmd_enable)
6427                 BT_DBG("Enable Request");
6428
6429         if(cmd_disable)
6430                 BT_DBG("Disable Request");
6431
6432         if (cmd_enable) {
6433                 cp_en = cmd_enable->param;
6434
6435                 if (status != 0x00)
6436                         return;
6437
6438                 switch (rp->le_ext_opcode) {
6439                 case 0x01:
6440                         BT_DBG("RSSI enabled.. Setting Threshold...");
6441                         mgmt_set_rssi_threshold(cmd_enable->sk, hdev,
6442                                         cp_en, sizeof(*cp_en));
6443                         break;
6444
6445                 case 0x0B:
6446                         BT_DBG("Sending RSSI enable success");
6447                         mgmt_rssi_enable_success(cmd_enable->sk, hdev,
6448                                         cp_en, rp, rp->status);
6449                         break;
6450                 }
6451
6452         } else if (cmd_disable) {
6453                 cp_dis = cmd_disable->param;
6454
6455                 if (status != 0x00)
6456                         return;
6457
6458                 switch (rp->le_ext_opcode) {
6459                 case 0x01:
6460                         BT_DBG("Sending RSSI disable success");
6461                         mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6462                                         cp_dis, rp, rp->status);
6463                         break;
6464
6465                 case 0x0B:
6466                         /* Only unset RSSI Threshold values for the Link if
6467                            RSSI is monitored for other BREDR or LE Links*/
6468                         if (hci_conn_hash_lookup_rssi_count(hdev) > 1) {
6469                                 BT_DBG("Unset Threshold. Other links being monitored");
6470                                 mgmt_rssi_disable_success(cmd_disable->sk, hdev,
6471                                                 cp_dis, rp, rp->status);
6472                         } else {
6473                                 BT_DBG("Unset Threshold. Disabling...");
6474                                 mgmt_set_disable_rssi(cmd_disable->sk, hdev,
6475                                                 cp_dis, sizeof(*cp_dis));
6476                         }
6477                         break;
6478                 }
6479         }
6480 }
6481
6482 static void set_rssi_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6483 {
6484         BT_DBG("status 0x%02x", status);
6485 }
6486
6487 static int set_enable_rssi(struct sock *sk, struct hci_dev *hdev,
6488                 void *data, u16 len)
6489 {
6490         struct pending_cmd *cmd;
6491         struct hci_request req;
6492         struct mgmt_cp_set_enable_rssi *cp = data;
6493         struct hci_cp_set_enable_rssi cp_en = { 0, };
6494         int err;
6495         BT_DBG("Set Enable RSSI.");
6496
6497         cp_en.hci_le_ext_opcode = 0x01;
6498         cp_en.le_enable_cs_Features = 0x04;
6499         cp_en.data[0] = 0x00;
6500         cp_en.data[1] = 0x00;
6501         cp_en.data[2] = 0x00;
6502
6503         if (!lmp_le_capable(hdev))
6504                 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6505                                 MGMT_STATUS_NOT_SUPPORTED);
6506
6507         hci_dev_lock(hdev);
6508         if (!hdev_is_powered(hdev)) {
6509                 BT_DBG("%s", hdev->name);
6510                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE, 0,
6511                                    data, len);
6512
6513                 goto unlocked;
6514         }
6515
6516         if (mgmt_pending_find(MGMT_OP_SET_RSSI_ENABLE, hdev)) {
6517                 BT_DBG("%s", hdev->name);
6518                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_ENABLE,
6519                                 MGMT_STATUS_BUSY);
6520                 goto unlocked;
6521         }
6522
6523         cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_ENABLE, hdev, cp, sizeof(*cp));
6524         if (!cmd) {
6525                 BT_DBG("%s", hdev->name);
6526                 err = -ENOMEM;
6527                 goto unlocked;
6528         }
6529
6530         /* If RSSI is already enabled directly set Threshold values*/
6531         if (hci_conn_hash_lookup_rssi_count(hdev) > 0) {
6532                 hci_dev_unlock(hdev);
6533                 BT_DBG("RSSI Enabled. Directly set Threshold");
6534                 err = mgmt_set_rssi_threshold(sk, hdev, cp, sizeof(*cp));
6535                 return err;
6536         }
6537
6538         hci_req_init(&req, hdev);
6539
6540         BT_DBG("Enable Len: %d [%2.2X %2.2X %2.2X %2.2X %2.2X]",
6541                         sizeof(struct hci_cp_set_enable_rssi),
6542                         cp_en.hci_le_ext_opcode, cp_en.le_enable_cs_Features,
6543                         cp_en.data[0], cp_en.data[1], cp_en.data[2]);
6544
6545         hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(cp_en), &cp_en);
6546         err = hci_req_run(&req, set_rssi_enable_complete);
6547
6548         if (err < 0) {
6549                 mgmt_pending_remove(cmd);
6550                 BT_ERR("Error in requesting hci_req_run");
6551                 goto unlocked;
6552         }
6553
6554 unlocked:
6555         hci_dev_unlock(hdev);
6556
6557         return err;
6558 }
6559
6560 static void get_raw_rssi_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6561 {
6562         struct pending_cmd *cmd;
6563
6564         BT_DBG("status 0x%02x", status);
6565
6566         hci_dev_lock(hdev);
6567
6568         cmd = mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev);
6569         if (!cmd)
6570                 goto unlock;
6571
6572         cmd_complete(cmd->sk, hdev->id, MGMT_OP_GET_RAW_RSSI, MGMT_STATUS_SUCCESS,
6573                         &status, 1);
6574
6575         mgmt_pending_remove(cmd);
6576
6577 unlock:
6578         hci_dev_unlock(hdev);
6579 }
6580
6581 static int get_raw_rssi(struct sock *sk, struct hci_dev *hdev, void *data,
6582                         u16 len)
6583 {
6584         struct pending_cmd *cmd;
6585         struct hci_request req;
6586         struct mgmt_cp_get_raw_rssi *cp = data;
6587         struct hci_cp_get_raw_rssi hci_cp;
6588
6589         struct hci_conn *conn;
6590         int err;
6591         __u8 dest_type;
6592
6593         BT_DBG("Get Raw RSSI.");
6594         if (!lmp_le_capable(hdev))
6595                 return cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6596                                 MGMT_STATUS_NOT_SUPPORTED);
6597
6598         hci_dev_lock(hdev);
6599
6600         if (cp->link_type == 0x01) {
6601                 dest_type = LE_LINK;
6602         } else {
6603                 dest_type = ACL_LINK;
6604         }
6605
6606         /* Get LE/BREDR link handle info*/
6607         conn = hci_conn_hash_lookup_ba(hdev,
6608                         dest_type, &cp->bt_address);
6609         if (conn == NULL) {
6610                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 1,
6611                                                    data, len);
6612                 goto unlocked;
6613         }
6614         hci_cp.conn_handle = conn->handle;
6615
6616         if (!hdev_is_powered(hdev)) {
6617                 BT_DBG("%s", hdev->name);
6618                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_RAW_RSSI, 0,
6619                                    data, len);
6620
6621                 goto unlocked;
6622         }
6623
6624         if (mgmt_pending_find(MGMT_OP_GET_RAW_RSSI, hdev)) {
6625                 BT_DBG("%s", hdev->name);
6626                 err = cmd_status(sk, hdev->id, MGMT_OP_GET_RAW_RSSI,
6627                                 MGMT_STATUS_BUSY);
6628                 goto unlocked;
6629         }
6630
6631         cmd = mgmt_pending_add(sk, MGMT_OP_GET_RAW_RSSI, hdev, data, len);
6632         if (!cmd) {
6633                 BT_DBG("%s", hdev->name);
6634                 err = -ENOMEM;
6635                 goto unlocked;
6636         }
6637
6638         hci_req_init(&req, hdev);
6639
6640         BT_DBG("Connection Handle [%d]", hci_cp.conn_handle);
6641         hci_req_add(&req, HCI_OP_GET_RAW_RSSI, sizeof(hci_cp), &hci_cp);
6642         err = hci_req_run(&req, get_raw_rssi_complete);
6643
6644         if (err < 0) {
6645                 mgmt_pending_remove(cmd);
6646                 BT_ERR("Error in requesting hci_req_run");
6647         }
6648
6649 unlocked:
6650         hci_dev_unlock(hdev);
6651
6652         return err;
6653 }
6654
6655 void mgmt_raw_rssi_response(struct hci_dev *hdev,
6656                 struct hci_cc_rp_get_raw_rssi *rp, int success)
6657 {
6658         struct mgmt_cc_rp_get_raw_rssi mgmt_rp = { 0, };
6659         struct hci_conn *conn;
6660
6661         mgmt_rp.status = rp->status;
6662         mgmt_rp.rssi_dbm = rp->rssi_dbm;
6663
6664         conn = hci_conn_hash_lookup_handle(hdev, rp->conn_handle);
6665         if (conn == NULL)
6666                 return;
6667
6668         bacpy(&mgmt_rp.bt_address, &conn->dst);
6669         if (conn->type == LE_LINK) {
6670                 mgmt_rp.link_type = 0x01;
6671         } else {
6672                 mgmt_rp.link_type = 0x00;
6673         }
6674
6675         mgmt_event(MGMT_EV_RAW_RSSI, hdev, &mgmt_rp,
6676                         sizeof(struct mgmt_cc_rp_get_raw_rssi), NULL);
6677 }
6678
6679 static void set_disable_threshold_complete(struct hci_dev *hdev,
6680                         u8 status, u16 opcode)
6681 {
6682         BT_DBG("status 0x%02x", status);
6683 }
6684
6685 /** Removes monitoring for a link*/
6686 static int set_disable_threshold(struct sock *sk, struct hci_dev *hdev,
6687                 void *data, u16 len)
6688 {
6689         int err = 0;
6690         struct hci_cp_set_rssi_threshold th = { 0, };
6691         struct mgmt_cp_disable_rssi *cp = data;
6692         struct hci_conn *conn;
6693         struct pending_cmd *cmd;
6694         struct hci_request req;
6695         __u8 dest_type;
6696         BT_DBG("Set Disable RSSI.");
6697
6698         if (!lmp_le_capable(hdev)) {
6699                 return cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6700                                 MGMT_STATUS_NOT_SUPPORTED);
6701         }
6702
6703         hci_dev_lock(hdev);
6704
6705         /* Get LE/ACL link handle info*/
6706         if (cp->link_type == 0x01)
6707                 dest_type = LE_LINK;
6708         else
6709                 dest_type = ACL_LINK;
6710
6711         conn = hci_conn_hash_lookup_ba(hdev,
6712                         dest_type, &cp->bdaddr);
6713         if (conn == NULL) {
6714                 err = cmd_complete(sk, hdev->id,
6715                                 MGMT_OP_SET_RSSI_DISABLE, 1, NULL, 0);
6716                 goto unlocked;
6717         }
6718
6719         th.hci_le_ext_opcode = 0x0B;
6720         th.mode = 0x01;
6721         th.conn_handle = conn->handle;
6722         th.alert_mask = 0x00;
6723         th.low_th = 0x00;
6724         th.in_range_th = 0x00;
6725         th.high_th = 0x00;
6726
6727         if (!hdev_is_powered(hdev)) {
6728                 BT_DBG("%s", hdev->name);
6729                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE, 0,
6730                                    data, len);
6731                 goto unlocked;
6732         }
6733
6734         if (mgmt_pending_find(MGMT_OP_SET_RSSI_DISABLE, hdev)) {
6735                 BT_DBG("%s", hdev->name);
6736                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_RSSI_DISABLE,
6737                                 MGMT_STATUS_BUSY);
6738                 goto unlocked;
6739         }
6740
6741         cmd = mgmt_pending_add(sk, MGMT_OP_SET_RSSI_DISABLE, hdev, cp, sizeof(*cp));
6742         if (!cmd) {
6743                 BT_DBG("%s", hdev->name);
6744                 err = -ENOMEM;
6745                 goto unlocked;
6746         }
6747
6748         hci_req_init(&req, hdev);
6749
6750         hci_req_add(&req, HCI_OP_ENABLE_RSSI, sizeof(th), &th);
6751         err = hci_req_run(&req, set_disable_threshold_complete);
6752         if (err < 0) {
6753                 mgmt_pending_remove(cmd);
6754                 BT_ERR("Error in requesting hci_req_run");
6755                 goto unlocked;
6756         }
6757
6758 unlocked:
6759         hci_dev_unlock(hdev);
6760
6761         return err;
6762 }
6763
6764 void mgmt_rssi_alert_evt(struct hci_dev *hdev, struct sk_buff *skb)
6765 {
6766         struct hci_ev_vendor_specific_rssi_alert *ev = (void *) skb->data;
6767         struct mgmt_ev_vendor_specific_rssi_alert mgmt_ev;
6768         struct hci_conn *conn;
6769
6770         BT_DBG("RSSI alert [%2.2X %2.2X %2.2X]",
6771                         ev->conn_handle, ev->alert_type, ev->rssi_dbm);
6772
6773         conn = hci_conn_hash_lookup_handle(hdev, ev->conn_handle);
6774
6775         if (conn == NULL) {
6776                 BT_ERR("RSSI alert Error: Device not found for handle");
6777                 return;
6778         }
6779         bacpy(&mgmt_ev.bdaddr, &conn->dst);
6780
6781         if (conn->type == LE_LINK)
6782                 mgmt_ev.link_type = 0x01;
6783         else
6784                 mgmt_ev.link_type = 0x00;
6785
6786         mgmt_ev.alert_type = ev->alert_type;
6787         mgmt_ev.rssi_dbm = ev->rssi_dbm;
6788
6789         mgmt_event(MGMT_EV_RSSI_ALERT, hdev, &mgmt_ev,
6790                         sizeof(struct mgmt_ev_vendor_specific_rssi_alert), NULL);
6791 }
6792
6793 void mgmt_multi_adv_state_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
6794 {
6795         struct hci_ev_vendor_specific_multi_adv_state *ev = (void *) skb->data;
6796         struct mgmt_ev_vendor_specific_multi_adv_state_changed mgmt_ev;
6797
6798         BT_DBG("Multi adv state changed [%2.2X %2.2X %2.2X]",
6799                         ev->adv_instance, ev->state_change_reason, ev->connection_handle);
6800
6801         mgmt_ev.adv_instance = ev->adv_instance;
6802         mgmt_ev.state_change_reason = ev->state_change_reason;
6803         mgmt_ev.connection_handle = ev->connection_handle;
6804
6805         mgmt_event(MGMT_EV_MULTI_ADV_STATE_CHANGED, hdev, &mgmt_ev,
6806                         sizeof(struct mgmt_ev_vendor_specific_multi_adv_state_changed), NULL);
6807 }
6808
6809 static int enable_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6810                 void *data, u16 len)
6811 {
6812         int err;
6813         struct mgmt_cp_enable_6lowpan *cp = data;
6814
6815         BT_DBG("%s", hdev->name);
6816
6817         hci_dev_lock(hdev);
6818
6819         if (!hdev_is_powered(hdev)) {
6820                 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6821                                       MGMT_STATUS_NOT_POWERED);
6822                 goto unlocked;
6823         }
6824
6825         if (!lmp_le_capable(hdev)) {
6826                 err = cmd_status(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6827                                       MGMT_STATUS_NOT_SUPPORTED);
6828                 goto unlocked;
6829         }
6830
6831         if (cp->enable_6lowpan)
6832                 bt_6lowpan_enable();
6833         else
6834                 bt_6lowpan_disable();
6835
6836         err = cmd_complete(sk, hdev->id, MGMT_OP_ENABLE_6LOWPAN,
6837                                 MGMT_STATUS_SUCCESS, NULL, 0);
6838 unlocked:
6839         hci_dev_unlock(hdev);
6840         return err;
6841 }
6842
6843 static int connect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6844                 void *data, u16 len)
6845 {
6846         struct mgmt_cp_connect_6lowpan *cp = data;
6847         __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6848         int err;
6849
6850         BT_DBG("%s", hdev->name);
6851
6852         hci_dev_lock(hdev);
6853
6854         if (!lmp_le_capable(hdev)) {
6855                 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6856                                       MGMT_STATUS_NOT_SUPPORTED);
6857                 goto unlocked;
6858         }
6859
6860         if (!hdev_is_powered(hdev)) {
6861                 err = cmd_status(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6862                                       MGMT_STATUS_REJECTED);
6863                 goto unlocked;
6864         }
6865
6866         if (bdaddr_type_is_le(cp->addr.type)) {
6867                 if (cp->addr.type == BDADDR_LE_PUBLIC)
6868                         addr_type = ADDR_LE_DEV_PUBLIC;
6869                 else
6870                         addr_type = ADDR_LE_DEV_RANDOM;
6871         } else {
6872                 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6873                                         MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6874                 goto unlocked;
6875         }
6876
6877         hci_dev_unlock(hdev);
6878
6879         /* 6lowpan Connect */
6880         err = _bt_6lowpan_connect(&cp->addr.bdaddr, cp->addr.type);
6881
6882         hci_dev_lock(hdev);
6883
6884         if (err < 0) {
6885                 err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN,
6886                                         MGMT_STATUS_REJECTED, NULL, 0);
6887
6888                 goto unlocked;
6889         }
6890
6891         err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6892                                 NULL, 0);
6893 unlocked:
6894         hci_dev_unlock(hdev);
6895         return err;
6896 }
6897
6898 static int disconnect_bt_6lowpan(struct sock *sk, struct hci_dev *hdev,
6899                 void *data, u16 len)
6900 {
6901         struct mgmt_cp_disconnect_6lowpan *cp = data;
6902         struct hci_conn *conn = NULL;
6903         __u8 addr_type = ADDR_LE_DEV_PUBLIC;
6904         int err;
6905
6906         BT_DBG("%s", hdev->name);
6907
6908         hci_dev_lock(hdev);
6909
6910         if (!lmp_le_capable(hdev)) {
6911                 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6912                                       MGMT_STATUS_NOT_SUPPORTED);
6913                 goto unlocked;
6914         }
6915
6916         if (!hdev_is_powered(hdev)) {
6917                 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT_6LOWPAN,
6918                                       MGMT_STATUS_REJECTED);
6919                 goto unlocked;
6920         }
6921
6922         if (bdaddr_type_is_le(cp->addr.type)) {
6923                 if (cp->addr.type == BDADDR_LE_PUBLIC)
6924                         addr_type = ADDR_LE_DEV_PUBLIC;
6925                 else
6926                         addr_type = ADDR_LE_DEV_RANDOM;
6927         } else {
6928                 err = cmd_complete(sk, hdev->id,
6929                                         MGMT_OP_DISCONNECT_6LOWPAN,
6930                                         MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6931                 goto unlocked;
6932         }
6933
6934         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6935         if (!conn) {
6936                 err = cmd_complete(sk, hdev->id,
6937                                         MGMT_OP_DISCONNECT_6LOWPAN,
6938                                         MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6939                 goto unlocked;
6940         }
6941
6942         if (conn->dst_type != addr_type) {
6943                 err = cmd_complete(sk, hdev->id,
6944                                         MGMT_OP_DISCONNECT_6LOWPAN,
6945                                         MGMT_STATUS_INVALID_PARAMS, NULL, 0);
6946                 goto unlocked;
6947         }
6948
6949         if (conn->state != BT_CONNECTED) {
6950                 err = cmd_complete(sk, hdev->id,
6951                                         MGMT_OP_DISCONNECT_6LOWPAN,
6952                                         MGMT_STATUS_NOT_CONNECTED, NULL, 0);
6953                 goto unlocked;
6954         }
6955
6956         /* 6lowpan Disconnect */
6957         err = _bt_6lowpan_disconnect(conn->l2cap_data, cp->addr.type);
6958         if (err < 0) {
6959                 err = cmd_complete(sk, hdev->id,
6960                                         MGMT_OP_DISCONNECT_6LOWPAN,
6961                                         MGMT_STATUS_REJECTED, NULL, 0);
6962                 goto unlocked;
6963         }
6964
6965         err = cmd_complete(sk, hdev->id, MGMT_OP_CONNECT_6LOWPAN, 0,
6966                                 NULL, 0);
6967
6968 unlocked:
6969         hci_dev_unlock(hdev);
6970         return err;
6971 }
6972
6973 void mgmt_6lowpan_conn_changed(struct hci_dev *hdev, char if_name[16],
6974                 bdaddr_t *bdaddr, u8 addr_type, bool connected)
6975 {
6976         char buf[512];
6977         struct mgmt_ev_6lowpan_conn_state_changed *ev = (void *)buf;
6978         size_t ev_size;
6979
6980         memset(buf, 0, sizeof(buf));
6981         bacpy(&ev->addr.bdaddr, bdaddr);
6982         ev->addr.type = addr_type;
6983         ev->connected = connected;
6984         memcpy(ev->ifname, (__u8 *)if_name, 16);
6985
6986         ev_size = sizeof(*ev);
6987
6988         mgmt_event(MGMT_EV_6LOWPAN_CONN_STATE_CHANGED, hdev, ev, ev_size, NULL);
6989 }
6990 /* END TIZEN_Bluetooth */
6991 #endif
6992
6993 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6994 {
6995         if (key->master != 0x00 && key->master != 0x01)
6996                 return false;
6997
6998         switch (key->addr.type) {
6999         case BDADDR_LE_PUBLIC:
7000                 return true;
7001
7002         case BDADDR_LE_RANDOM:
7003                 /* Two most significant bits shall be set */
7004                 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7005                         return false;
7006                 return true;
7007         }
7008
7009         return false;
7010 }
7011
7012 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
7013                                void *cp_data, u16 len)
7014 {
7015         struct mgmt_cp_load_long_term_keys *cp = cp_data;
7016         const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7017                                    sizeof(struct mgmt_ltk_info));
7018         u16 key_count, expected_len;
7019         int i, err;
7020
7021         BT_DBG("request for %s", hdev->name);
7022
7023         if (!lmp_le_capable(hdev))
7024                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7025                                   MGMT_STATUS_NOT_SUPPORTED);
7026
7027         key_count = __le16_to_cpu(cp->key_count);
7028         if (key_count > max_key_count) {
7029                 BT_ERR("load_ltks: too big key_count value %u", key_count);
7030                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7031                                   MGMT_STATUS_INVALID_PARAMS);
7032         }
7033
7034         expected_len = sizeof(*cp) + key_count *
7035                                         sizeof(struct mgmt_ltk_info);
7036         if (expected_len != len) {
7037                 BT_ERR("load_keys: expected %u bytes, got %u bytes",
7038                        expected_len, len);
7039                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7040                                   MGMT_STATUS_INVALID_PARAMS);
7041         }
7042
7043         BT_DBG("%s key_count %u", hdev->name, key_count);
7044
7045         for (i = 0; i < key_count; i++) {
7046                 struct mgmt_ltk_info *key = &cp->keys[i];
7047
7048                 if (!ltk_is_valid(key))
7049                         return cmd_status(sk, hdev->id,
7050                                           MGMT_OP_LOAD_LONG_TERM_KEYS,
7051                                           MGMT_STATUS_INVALID_PARAMS);
7052         }
7053
7054         hci_dev_lock(hdev);
7055
7056         hci_smp_ltks_clear(hdev);
7057
7058         for (i = 0; i < key_count; i++) {
7059                 struct mgmt_ltk_info *key = &cp->keys[i];
7060                 u8 type, addr_type, authenticated;
7061
7062                 if (key->addr.type == BDADDR_LE_PUBLIC)
7063                         addr_type = ADDR_LE_DEV_PUBLIC;
7064                 else
7065                         addr_type = ADDR_LE_DEV_RANDOM;
7066
7067                 switch (key->type) {
7068                 case MGMT_LTK_UNAUTHENTICATED:
7069                         authenticated = 0x00;
7070                         type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7071                         break;
7072                 case MGMT_LTK_AUTHENTICATED:
7073                         authenticated = 0x01;
7074                         type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
7075                         break;
7076                 case MGMT_LTK_P256_UNAUTH:
7077                         authenticated = 0x00;
7078                         type = SMP_LTK_P256;
7079                         break;
7080                 case MGMT_LTK_P256_AUTH:
7081                         authenticated = 0x01;
7082                         type = SMP_LTK_P256;
7083                         break;
7084                 case MGMT_LTK_P256_DEBUG:
7085                         authenticated = 0x00;
7086                         type = SMP_LTK_P256_DEBUG;
7087                 default:
7088                         continue;
7089                 }
7090
7091                 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
7092                             authenticated, key->val, key->enc_size, key->ediv,
7093                             key->rand);
7094         }
7095
7096         err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
7097                            NULL, 0);
7098
7099         hci_dev_unlock(hdev);
7100
7101         return err;
7102 }
7103
7104 static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7105 {
7106         struct hci_conn *conn = cmd->user_data;
7107         struct mgmt_rp_get_conn_info rp;
7108         int err;
7109
7110         memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
7111
7112         if (status == MGMT_STATUS_SUCCESS) {
7113                 rp.rssi = conn->rssi;
7114                 rp.tx_power = conn->tx_power;
7115                 rp.max_tx_power = conn->max_tx_power;
7116         } else {
7117                 rp.rssi = HCI_RSSI_INVALID;
7118                 rp.tx_power = HCI_TX_POWER_INVALID;
7119                 rp.max_tx_power = HCI_TX_POWER_INVALID;
7120         }
7121
7122         err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7123                            &rp, sizeof(rp));
7124
7125         hci_conn_drop(conn);
7126         hci_conn_put(conn);
7127
7128         return err;
7129 }
7130
7131 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
7132                                        u16 opcode)
7133 {
7134         struct hci_cp_read_rssi *cp;
7135         struct pending_cmd *cmd;
7136         struct hci_conn *conn;
7137         u16 handle;
7138         u8 status;
7139
7140         BT_DBG("status 0x%02x", hci_status);
7141
7142         hci_dev_lock(hdev);
7143
7144         /* Commands sent in request are either Read RSSI or Read Transmit Power
7145          * Level so we check which one was last sent to retrieve connection
7146          * handle.  Both commands have handle as first parameter so it's safe to
7147          * cast data on the same command struct.
7148          *
7149          * First command sent is always Read RSSI and we fail only if it fails.
7150          * In other case we simply override error to indicate success as we
7151          * already remembered if TX power value is actually valid.
7152          */
7153         cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
7154         if (!cp) {
7155                 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
7156                 status = MGMT_STATUS_SUCCESS;
7157         } else {
7158                 status = mgmt_status(hci_status);
7159         }
7160
7161         if (!cp) {
7162                 BT_ERR("invalid sent_cmd in conn_info response");
7163                 goto unlock;
7164         }
7165
7166         handle = __le16_to_cpu(cp->handle);
7167         conn = hci_conn_hash_lookup_handle(hdev, handle);
7168         if (!conn) {
7169                 BT_ERR("unknown handle (%d) in conn_info response", handle);
7170                 goto unlock;
7171         }
7172
7173         cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
7174         if (!cmd)
7175                 goto unlock;
7176
7177         cmd->cmd_complete(cmd, status);
7178         mgmt_pending_remove(cmd);
7179
7180 unlock:
7181         hci_dev_unlock(hdev);
7182 }
7183
7184
7185 #ifdef CONFIG_TIZEN_WIP
7186 /* defination of "prandom_u32_max" is imported from latest kernel,
7187  * so if the kernel is migrated to latest, below defination should be removed
7188  */
7189
7190 /**
7191  * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
7192  * @ep_ro: right open interval endpoint
7193  *
7194  * Returns a pseudo-random number that is in interval [0, ep_ro). Note
7195  * that the result depends on PRNG being well distributed in [0, ~0U]
7196  * u32 space. Here we use maximally equidistributed combined Tausworthe
7197  * generator, that is, prandom_u32(). This is useful when requesting a
7198  * random index of an array containing ep_ro elements, for example.
7199  *
7200  * Returns: pseudo-random number in interval [0, ep_ro)
7201  */
7202 static inline u32 prandom_u32_max(u32 ep_ro)
7203 {
7204         return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
7205 }
7206 #endif
7207
7208 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7209                          u16 len)
7210 {
7211         struct mgmt_cp_get_conn_info *cp = data;
7212         struct mgmt_rp_get_conn_info rp;
7213         struct hci_conn *conn;
7214         unsigned long conn_info_age;
7215         int err = 0;
7216
7217         BT_DBG("%s", hdev->name);
7218
7219         memset(&rp, 0, sizeof(rp));
7220         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7221         rp.addr.type = cp->addr.type;
7222
7223         if (!bdaddr_type_is_valid(cp->addr.type))
7224                 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7225                                     MGMT_STATUS_INVALID_PARAMS,
7226                                     &rp, sizeof(rp));
7227
7228         hci_dev_lock(hdev);
7229
7230         if (!hdev_is_powered(hdev)) {
7231                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7232                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7233                 goto unlock;
7234         }
7235
7236         if (cp->addr.type == BDADDR_BREDR)
7237                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7238                                                &cp->addr.bdaddr);
7239         else
7240                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7241
7242         if (!conn || conn->state != BT_CONNECTED) {
7243                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7244                                    MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
7245                 goto unlock;
7246         }
7247
7248         if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
7249                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7250                                    MGMT_STATUS_BUSY, &rp, sizeof(rp));
7251                 goto unlock;
7252         }
7253
7254         /* To avoid client trying to guess when to poll again for information we
7255          * calculate conn info age as random value between min/max set in hdev.
7256          */
7257         conn_info_age = hdev->conn_info_min_age +
7258                         prandom_u32_max(hdev->conn_info_max_age -
7259                                         hdev->conn_info_min_age);
7260
7261         /* Query controller to refresh cached values if they are too old or were
7262          * never read.
7263          */
7264         if (time_after(jiffies, conn->conn_info_timestamp +
7265                        msecs_to_jiffies(conn_info_age)) ||
7266             !conn->conn_info_timestamp) {
7267                 struct hci_request req;
7268                 struct hci_cp_read_tx_power req_txp_cp;
7269                 struct hci_cp_read_rssi req_rssi_cp;
7270                 struct pending_cmd *cmd;
7271
7272                 hci_req_init(&req, hdev);
7273                 req_rssi_cp.handle = cpu_to_le16(conn->handle);
7274                 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
7275                             &req_rssi_cp);
7276
7277                 /* For LE links TX power does not change thus we don't need to
7278                  * query for it once value is known.
7279                  */
7280                 if (!bdaddr_type_is_le(cp->addr.type) ||
7281                     conn->tx_power == HCI_TX_POWER_INVALID) {
7282                         req_txp_cp.handle = cpu_to_le16(conn->handle);
7283                         req_txp_cp.type = 0x00;
7284                         hci_req_add(&req, HCI_OP_READ_TX_POWER,
7285                                     sizeof(req_txp_cp), &req_txp_cp);
7286                 }
7287
7288                 /* Max TX power needs to be read only once per connection */
7289                 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
7290                         req_txp_cp.handle = cpu_to_le16(conn->handle);
7291                         req_txp_cp.type = 0x01;
7292                         hci_req_add(&req, HCI_OP_READ_TX_POWER,
7293                                     sizeof(req_txp_cp), &req_txp_cp);
7294                 }
7295
7296                 err = hci_req_run(&req, conn_info_refresh_complete);
7297                 if (err < 0)
7298                         goto unlock;
7299
7300                 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
7301                                        data, len);
7302                 if (!cmd) {
7303                         err = -ENOMEM;
7304                         goto unlock;
7305                 }
7306
7307                 hci_conn_hold(conn);
7308                 cmd->user_data = hci_conn_get(conn);
7309                 cmd->cmd_complete = conn_info_cmd_complete;
7310
7311                 conn->conn_info_timestamp = jiffies;
7312         } else {
7313                 /* Cache is valid, just reply with values cached in hci_conn */
7314                 rp.rssi = conn->rssi;
7315                 rp.tx_power = conn->tx_power;
7316                 rp.max_tx_power = conn->max_tx_power;
7317
7318                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7319                                    MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7320         }
7321
7322 unlock:
7323         hci_dev_unlock(hdev);
7324         return err;
7325 }
7326
7327 static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
7328 {
7329         struct hci_conn *conn = cmd->user_data;
7330         struct mgmt_rp_get_clock_info rp;
7331         struct hci_dev *hdev;
7332         int err;
7333
7334         memset(&rp, 0, sizeof(rp));
7335         memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
7336
7337         if (status)
7338                 goto complete;
7339
7340         hdev = hci_dev_get(cmd->index);
7341         if (hdev) {
7342                 rp.local_clock = cpu_to_le32(hdev->clock);
7343                 hci_dev_put(hdev);
7344         }
7345
7346         if (conn) {
7347                 rp.piconet_clock = cpu_to_le32(conn->clock);
7348                 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
7349         }
7350
7351 complete:
7352         err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7353                            sizeof(rp));
7354
7355         if (conn) {
7356                 hci_conn_drop(conn);
7357                 hci_conn_put(conn);
7358         }
7359
7360         return err;
7361 }
7362
7363 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7364 {
7365         struct hci_cp_read_clock *hci_cp;
7366         struct pending_cmd *cmd;
7367         struct hci_conn *conn;
7368
7369         BT_DBG("%s status %u", hdev->name, status);
7370
7371         hci_dev_lock(hdev);
7372
7373         hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
7374         if (!hci_cp)
7375                 goto unlock;
7376
7377         if (hci_cp->which) {
7378                 u16 handle = __le16_to_cpu(hci_cp->handle);
7379                 conn = hci_conn_hash_lookup_handle(hdev, handle);
7380         } else {
7381                 conn = NULL;
7382         }
7383
7384         cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
7385         if (!cmd)
7386                 goto unlock;
7387
7388         cmd->cmd_complete(cmd, mgmt_status(status));
7389         mgmt_pending_remove(cmd);
7390
7391 unlock:
7392         hci_dev_unlock(hdev);
7393 }
7394
7395 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7396                          u16 len)
7397 {
7398         struct mgmt_cp_get_clock_info *cp = data;
7399         struct mgmt_rp_get_clock_info rp;
7400         struct hci_cp_read_clock hci_cp;
7401         struct pending_cmd *cmd;
7402         struct hci_request req;
7403         struct hci_conn *conn;
7404         int err;
7405
7406         BT_DBG("%s", hdev->name);
7407
7408         memset(&rp, 0, sizeof(rp));
7409         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7410         rp.addr.type = cp->addr.type;
7411
7412         if (cp->addr.type != BDADDR_BREDR)
7413                 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7414                                     MGMT_STATUS_INVALID_PARAMS,
7415                                     &rp, sizeof(rp));
7416
7417         hci_dev_lock(hdev);
7418
7419         if (!hdev_is_powered(hdev)) {
7420                 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7421                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
7422                 goto unlock;
7423         }
7424
7425         if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7426                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7427                                                &cp->addr.bdaddr);
7428                 if (!conn || conn->state != BT_CONNECTED) {
7429                         err = cmd_complete(sk, hdev->id,
7430                                            MGMT_OP_GET_CLOCK_INFO,
7431                                            MGMT_STATUS_NOT_CONNECTED,
7432                                            &rp, sizeof(rp));
7433                         goto unlock;
7434                 }
7435         } else {
7436                 conn = NULL;
7437         }
7438
7439         cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7440         if (!cmd) {
7441                 err = -ENOMEM;
7442                 goto unlock;
7443         }
7444
7445         cmd->cmd_complete = clock_info_cmd_complete;
7446
7447         hci_req_init(&req, hdev);
7448
7449         memset(&hci_cp, 0, sizeof(hci_cp));
7450         hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7451
7452         if (conn) {
7453                 hci_conn_hold(conn);
7454                 cmd->user_data = hci_conn_get(conn);
7455
7456                 hci_cp.handle = cpu_to_le16(conn->handle);
7457                 hci_cp.which = 0x01; /* Piconet clock */
7458                 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
7459         }
7460
7461         err = hci_req_run(&req, get_clock_info_complete);
7462         if (err < 0)
7463                 mgmt_pending_remove(cmd);
7464
7465 unlock:
7466         hci_dev_unlock(hdev);
7467         return err;
7468 }
7469
7470 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7471 {
7472         struct hci_conn *conn;
7473
7474         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7475         if (!conn)
7476                 return false;
7477
7478         if (conn->dst_type != type)
7479                 return false;
7480
7481         if (conn->state != BT_CONNECTED)
7482                 return false;
7483
7484         return true;
7485 }
7486
7487 /* This function requires the caller holds hdev->lock */
7488 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
7489                                u8 addr_type, u8 auto_connect)
7490 {
7491         struct hci_dev *hdev = req->hdev;
7492         struct hci_conn_params *params;
7493
7494         params = hci_conn_params_add(hdev, addr, addr_type);
7495         if (!params)
7496                 return -EIO;
7497
7498         if (params->auto_connect == auto_connect)
7499                 return 0;
7500
7501         list_del_init(&params->action);
7502
7503         switch (auto_connect) {
7504         case HCI_AUTO_CONN_DISABLED:
7505         case HCI_AUTO_CONN_LINK_LOSS:
7506                 __hci_update_background_scan(req);
7507                 break;
7508         case HCI_AUTO_CONN_REPORT:
7509                 list_add(&params->action, &hdev->pend_le_reports);
7510                 __hci_update_background_scan(req);
7511                 break;
7512         case HCI_AUTO_CONN_DIRECT:
7513         case HCI_AUTO_CONN_ALWAYS:
7514                 if (!is_connected(hdev, addr, addr_type)) {
7515                         list_add(&params->action, &hdev->pend_le_conns);
7516                         __hci_update_background_scan(req);
7517                 }
7518                 break;
7519         }
7520
7521         params->auto_connect = auto_connect;
7522
7523         BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
7524                auto_connect);
7525
7526         return 0;
7527 }
7528
7529 static void device_added(struct sock *sk, struct hci_dev *hdev,
7530                          bdaddr_t *bdaddr, u8 type, u8 action)
7531 {
7532         struct mgmt_ev_device_added ev;
7533
7534         bacpy(&ev.addr.bdaddr, bdaddr);
7535         ev.addr.type = type;
7536         ev.action = action;
7537
7538         mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7539 }
7540
7541 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7542 {
7543         struct pending_cmd *cmd;
7544
7545         BT_DBG("status 0x%02x", status);
7546
7547         hci_dev_lock(hdev);
7548
7549         cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
7550         if (!cmd)
7551                 goto unlock;
7552
7553         cmd->cmd_complete(cmd, mgmt_status(status));
7554         mgmt_pending_remove(cmd);
7555
7556 unlock:
7557         hci_dev_unlock(hdev);
7558 }
7559
7560 static int add_device(struct sock *sk, struct hci_dev *hdev,
7561                       void *data, u16 len)
7562 {
7563         struct mgmt_cp_add_device *cp = data;
7564         struct pending_cmd *cmd;
7565         struct hci_request req;
7566         u8 auto_conn, addr_type;
7567         int err;
7568
7569         BT_DBG("%s", hdev->name);
7570
7571         if (!bdaddr_type_is_valid(cp->addr.type) ||
7572             !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7573                 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7574                                     MGMT_STATUS_INVALID_PARAMS,
7575                                     &cp->addr, sizeof(cp->addr));
7576
7577         if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7578                 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7579                                     MGMT_STATUS_INVALID_PARAMS,
7580                                     &cp->addr, sizeof(cp->addr));
7581
7582         hci_req_init(&req, hdev);
7583
7584         hci_dev_lock(hdev);
7585
7586         cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
7587         if (!cmd) {
7588                 err = -ENOMEM;
7589                 goto unlock;
7590         }
7591
7592         cmd->cmd_complete = addr_cmd_complete;
7593
7594         if (cp->addr.type == BDADDR_BREDR) {
7595                 /* Only incoming connections action is supported for now */
7596                 if (cp->action != 0x01) {
7597                         err = cmd->cmd_complete(cmd,
7598                                                 MGMT_STATUS_INVALID_PARAMS);
7599                         mgmt_pending_remove(cmd);
7600                         goto unlock;
7601                 }
7602
7603                 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
7604                                           cp->addr.type);
7605                 if (err)
7606                         goto unlock;
7607
7608                 __hci_update_page_scan(&req);
7609
7610                 goto added;
7611         }
7612
7613         if (cp->addr.type == BDADDR_LE_PUBLIC)
7614                 addr_type = ADDR_LE_DEV_PUBLIC;
7615         else
7616                 addr_type = ADDR_LE_DEV_RANDOM;
7617
7618         if (cp->action == 0x02)
7619                 auto_conn = HCI_AUTO_CONN_ALWAYS;
7620         else if (cp->action == 0x01)
7621                 auto_conn = HCI_AUTO_CONN_DIRECT;
7622         else
7623                 auto_conn = HCI_AUTO_CONN_REPORT;
7624
7625         /* If the connection parameters don't exist for this device,
7626          * they will be created and configured with defaults.
7627          */
7628         if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
7629                                 auto_conn) < 0) {
7630                 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
7631                 mgmt_pending_remove(cmd);
7632                 goto unlock;
7633         }
7634
7635 added:
7636         device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7637
7638         err = hci_req_run(&req, add_device_complete);
7639         if (err < 0) {
7640                 /* ENODATA means no HCI commands were needed (e.g. if
7641                  * the adapter is powered off).
7642                  */
7643                 if (err == -ENODATA)
7644                         err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7645                 mgmt_pending_remove(cmd);
7646         }
7647
7648 unlock:
7649         hci_dev_unlock(hdev);
7650         return err;
7651 }
7652
7653 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7654                            bdaddr_t *bdaddr, u8 type)
7655 {
7656         struct mgmt_ev_device_removed ev;
7657
7658         bacpy(&ev.addr.bdaddr, bdaddr);
7659         ev.addr.type = type;
7660
7661         mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7662 }
7663
7664 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7665 {
7666         struct pending_cmd *cmd;
7667
7668         BT_DBG("status 0x%02x", status);
7669
7670         hci_dev_lock(hdev);
7671
7672         cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
7673         if (!cmd)
7674                 goto unlock;
7675
7676         cmd->cmd_complete(cmd, mgmt_status(status));
7677         mgmt_pending_remove(cmd);
7678
7679 unlock:
7680         hci_dev_unlock(hdev);
7681 }
7682
7683 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7684                          void *data, u16 len)
7685 {
7686         struct mgmt_cp_remove_device *cp = data;
7687         struct pending_cmd *cmd;
7688         struct hci_request req;
7689         int err;
7690
7691         BT_DBG("%s", hdev->name);
7692
7693         hci_req_init(&req, hdev);
7694
7695         hci_dev_lock(hdev);
7696
7697         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
7698         if (!cmd) {
7699                 err = -ENOMEM;
7700                 goto unlock;
7701         }
7702
7703         cmd->cmd_complete = addr_cmd_complete;
7704
7705         if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7706                 struct hci_conn_params *params;
7707                 u8 addr_type;
7708
7709                 if (!bdaddr_type_is_valid(cp->addr.type)) {
7710                         err = cmd->cmd_complete(cmd,
7711                                                 MGMT_STATUS_INVALID_PARAMS);
7712                         mgmt_pending_remove(cmd);
7713                         goto unlock;
7714                 }
7715
7716                 if (cp->addr.type == BDADDR_BREDR) {
7717                         err = hci_bdaddr_list_del(&hdev->whitelist,
7718                                                   &cp->addr.bdaddr,
7719                                                   cp->addr.type);
7720                         if (err) {
7721                                 err = cmd->cmd_complete(cmd,
7722                                                         MGMT_STATUS_INVALID_PARAMS);
7723                                 mgmt_pending_remove(cmd);
7724                                 goto unlock;
7725                         }
7726
7727                         __hci_update_page_scan(&req);
7728
7729                         device_removed(sk, hdev, &cp->addr.bdaddr,
7730                                        cp->addr.type);
7731                         goto complete;
7732                 }
7733
7734                 if (cp->addr.type == BDADDR_LE_PUBLIC)
7735                         addr_type = ADDR_LE_DEV_PUBLIC;
7736                 else
7737                         addr_type = ADDR_LE_DEV_RANDOM;
7738
7739                 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7740                                                 addr_type);
7741                 if (!params) {
7742                         err = cmd->cmd_complete(cmd,
7743                                                 MGMT_STATUS_INVALID_PARAMS);
7744                         mgmt_pending_remove(cmd);
7745                         goto unlock;
7746                 }
7747
7748                 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
7749                         err = cmd->cmd_complete(cmd,
7750                                                 MGMT_STATUS_INVALID_PARAMS);
7751                         mgmt_pending_remove(cmd);
7752                         goto unlock;
7753                 }
7754
7755                 list_del(&params->action);
7756                 list_del(&params->list);
7757                 kfree(params);
7758                 __hci_update_background_scan(&req);
7759
7760                 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7761         } else {
7762                 struct hci_conn_params *p, *tmp;
7763                 struct bdaddr_list *b, *btmp;
7764
7765                 if (cp->addr.type) {
7766                         err = cmd->cmd_complete(cmd,
7767                                                 MGMT_STATUS_INVALID_PARAMS);
7768                         mgmt_pending_remove(cmd);
7769                         goto unlock;
7770                 }
7771
7772                 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
7773                         device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7774                         list_del(&b->list);
7775                         kfree(b);
7776                 }
7777
7778                 __hci_update_page_scan(&req);
7779
7780                 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7781                         if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7782                                 continue;
7783                         device_removed(sk, hdev, &p->addr, p->addr_type);
7784                         list_del(&p->action);
7785                         list_del(&p->list);
7786                         kfree(p);
7787                 }
7788
7789                 BT_DBG("All LE connection parameters were removed");
7790
7791                 __hci_update_background_scan(&req);
7792         }
7793
7794 complete:
7795         err = hci_req_run(&req, remove_device_complete);
7796         if (err < 0) {
7797                 /* ENODATA means no HCI commands were needed (e.g. if
7798                  * the adapter is powered off).
7799                  */
7800                 if (err == -ENODATA)
7801                         err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
7802                 mgmt_pending_remove(cmd);
7803         }
7804
7805 unlock:
7806         hci_dev_unlock(hdev);
7807         return err;
7808 }
7809
7810 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7811                            u16 len)
7812 {
7813         struct mgmt_cp_load_conn_param *cp = data;
7814         const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7815                                      sizeof(struct mgmt_conn_param));
7816         u16 param_count, expected_len;
7817         int i;
7818
7819         if (!lmp_le_capable(hdev))
7820                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7821                                   MGMT_STATUS_NOT_SUPPORTED);
7822
7823         param_count = __le16_to_cpu(cp->param_count);
7824         if (param_count > max_param_count) {
7825                 BT_ERR("load_conn_param: too big param_count value %u",
7826                        param_count);
7827                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7828                                   MGMT_STATUS_INVALID_PARAMS);
7829         }
7830
7831         expected_len = sizeof(*cp) + param_count *
7832                                         sizeof(struct mgmt_conn_param);
7833         if (expected_len != len) {
7834                 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
7835                        expected_len, len);
7836                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7837                                   MGMT_STATUS_INVALID_PARAMS);
7838         }
7839
7840         BT_DBG("%s param_count %u", hdev->name, param_count);
7841
7842         hci_dev_lock(hdev);
7843
7844         hci_conn_params_clear_disabled(hdev);
7845
7846         for (i = 0; i < param_count; i++) {
7847                 struct mgmt_conn_param *param = &cp->params[i];
7848                 struct hci_conn_params *hci_param;
7849                 u16 min, max, latency, timeout;
7850                 u8 addr_type;
7851
7852                 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
7853                        param->addr.type);
7854
7855                 if (param->addr.type == BDADDR_LE_PUBLIC) {
7856                         addr_type = ADDR_LE_DEV_PUBLIC;
7857                 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7858                         addr_type = ADDR_LE_DEV_RANDOM;
7859                 } else {
7860                         BT_ERR("Ignoring invalid connection parameters");
7861                         continue;
7862                 }
7863
7864                 min = le16_to_cpu(param->min_interval);
7865                 max = le16_to_cpu(param->max_interval);
7866                 latency = le16_to_cpu(param->latency);
7867                 timeout = le16_to_cpu(param->timeout);
7868
7869                 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7870                        min, max, latency, timeout);
7871
7872                 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7873                         BT_ERR("Ignoring invalid connection parameters");
7874                         continue;
7875                 }
7876
7877                 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7878                                                 addr_type);
7879                 if (!hci_param) {
7880                         BT_ERR("Failed to add connection parameters");
7881                         continue;
7882                 }
7883
7884                 hci_param->conn_min_interval = min;
7885                 hci_param->conn_max_interval = max;
7886                 hci_param->conn_latency = latency;
7887                 hci_param->supervision_timeout = timeout;
7888         }
7889
7890         hci_dev_unlock(hdev);
7891
7892         return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
7893 }
7894
7895 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7896                                void *data, u16 len)
7897 {
7898         struct mgmt_cp_set_external_config *cp = data;
7899         bool changed;
7900         int err;
7901
7902         BT_DBG("%s", hdev->name);
7903
7904         if (hdev_is_powered(hdev))
7905                 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7906                                   MGMT_STATUS_REJECTED);
7907
7908         if (cp->config != 0x00 && cp->config != 0x01)
7909                 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7910                                     MGMT_STATUS_INVALID_PARAMS);
7911
7912         if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7913                 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7914                                   MGMT_STATUS_NOT_SUPPORTED);
7915
7916         hci_dev_lock(hdev);
7917
7918         if (cp->config)
7919                 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
7920                                             &hdev->dev_flags);
7921         else
7922                 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
7923                                              &hdev->dev_flags);
7924
7925         err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7926         if (err < 0)
7927                 goto unlock;
7928
7929         if (!changed)
7930                 goto unlock;
7931
7932         err = new_options(hdev, sk);
7933
7934         if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
7935                 mgmt_index_removed(hdev);
7936
7937                 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
7938                         set_bit(HCI_CONFIG, &hdev->dev_flags);
7939                         set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7940
7941                         queue_work(hdev->req_workqueue, &hdev->power_on);
7942                 } else {
7943                         set_bit(HCI_RAW, &hdev->flags);
7944                         mgmt_index_added(hdev);
7945                 }
7946         }
7947
7948 unlock:
7949         hci_dev_unlock(hdev);
7950         return err;
7951 }
7952
7953 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7954                               void *data, u16 len)
7955 {
7956         struct mgmt_cp_set_public_address *cp = data;
7957         bool changed;
7958         int err;
7959
7960         BT_DBG("%s", hdev->name);
7961
7962         if (hdev_is_powered(hdev))
7963                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7964                                   MGMT_STATUS_REJECTED);
7965
7966         if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7967                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7968                                   MGMT_STATUS_INVALID_PARAMS);
7969
7970         if (!hdev->set_bdaddr)
7971                 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7972                                   MGMT_STATUS_NOT_SUPPORTED);
7973
7974         hci_dev_lock(hdev);
7975
7976         changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7977         bacpy(&hdev->public_addr, &cp->bdaddr);
7978
7979         err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7980         if (err < 0)
7981                 goto unlock;
7982
7983         if (!changed)
7984                 goto unlock;
7985
7986         if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
7987                 err = new_options(hdev, sk);
7988
7989         if (is_configured(hdev)) {
7990                 mgmt_index_removed(hdev);
7991
7992                 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
7993
7994                 set_bit(HCI_CONFIG, &hdev->dev_flags);
7995                 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
7996
7997                 queue_work(hdev->req_workqueue, &hdev->power_on);
7998         }
7999
8000 unlock:
8001         hci_dev_unlock(hdev);
8002         return err;
8003 }
8004
8005 static const struct mgmt_handler {
8006         int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
8007                      u16 data_len);
8008         bool var_len;
8009         size_t data_len;
8010 } mgmt_handlers[] = {
8011         { NULL }, /* 0x0000 (no command) */
8012         { read_version,           false, MGMT_READ_VERSION_SIZE },
8013         { read_commands,          false, MGMT_READ_COMMANDS_SIZE },
8014         { read_index_list,        false, MGMT_READ_INDEX_LIST_SIZE },
8015         { read_controller_info,   false, MGMT_READ_INFO_SIZE },
8016         { set_powered,            false, MGMT_SETTING_SIZE },
8017         { set_discoverable,       false, MGMT_SET_DISCOVERABLE_SIZE },
8018         { set_connectable,        false, MGMT_SETTING_SIZE },
8019         { set_fast_connectable,   false, MGMT_SETTING_SIZE },
8020         { set_bondable,           false, MGMT_SETTING_SIZE },
8021         { set_link_security,      false, MGMT_SETTING_SIZE },
8022         { set_ssp,                false, MGMT_SETTING_SIZE },
8023         { set_hs,                 false, MGMT_SETTING_SIZE },
8024         { set_le,                 false, MGMT_SETTING_SIZE },
8025         { set_dev_class,          false, MGMT_SET_DEV_CLASS_SIZE },
8026         { set_local_name,         false, MGMT_SET_LOCAL_NAME_SIZE },
8027         { add_uuid,               false, MGMT_ADD_UUID_SIZE },
8028         { remove_uuid,            false, MGMT_REMOVE_UUID_SIZE },
8029         { load_link_keys,         true,  MGMT_LOAD_LINK_KEYS_SIZE },
8030         { load_long_term_keys,    true,  MGMT_LOAD_LONG_TERM_KEYS_SIZE },
8031         { disconnect,             false, MGMT_DISCONNECT_SIZE },
8032         { get_connections,        false, MGMT_GET_CONNECTIONS_SIZE },
8033         { pin_code_reply,         false, MGMT_PIN_CODE_REPLY_SIZE },
8034         { pin_code_neg_reply,     false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8035         { set_io_capability,      false, MGMT_SET_IO_CAPABILITY_SIZE },
8036         { pair_device,            false, MGMT_PAIR_DEVICE_SIZE },
8037         { cancel_pair_device,     false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8038         { unpair_device,          false, MGMT_UNPAIR_DEVICE_SIZE },
8039         { user_confirm_reply,     false, MGMT_USER_CONFIRM_REPLY_SIZE },
8040         { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8041         { user_passkey_reply,     false, MGMT_USER_PASSKEY_REPLY_SIZE },
8042         { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8043         { read_local_oob_data,    false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8044         { add_remote_oob_data,    true,  MGMT_ADD_REMOTE_OOB_DATA_SIZE },
8045         { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8046         { start_discovery,        false, MGMT_START_DISCOVERY_SIZE },
8047         { stop_discovery,         false, MGMT_STOP_DISCOVERY_SIZE },
8048         { confirm_name,           false, MGMT_CONFIRM_NAME_SIZE },
8049         { block_device,           false, MGMT_BLOCK_DEVICE_SIZE },
8050         { unblock_device,         false, MGMT_UNBLOCK_DEVICE_SIZE },
8051         { set_device_id,          false, MGMT_SET_DEVICE_ID_SIZE },
8052         { set_advertising,        false, MGMT_SETTING_SIZE },
8053         { set_bredr,              false, MGMT_SETTING_SIZE },
8054         { set_static_address,     false, MGMT_SET_STATIC_ADDRESS_SIZE },
8055         { set_scan_params,        false, MGMT_SET_SCAN_PARAMS_SIZE },
8056         { set_secure_conn,        false, MGMT_SETTING_SIZE },
8057         { set_debug_keys,         false, MGMT_SETTING_SIZE },
8058         { set_privacy,            false, MGMT_SET_PRIVACY_SIZE },
8059         { load_irks,              true,  MGMT_LOAD_IRKS_SIZE },
8060         { get_conn_info,          false, MGMT_GET_CONN_INFO_SIZE },
8061         { get_clock_info,         false, MGMT_GET_CLOCK_INFO_SIZE },
8062         { add_device,             false, MGMT_ADD_DEVICE_SIZE },
8063         { remove_device,          false, MGMT_REMOVE_DEVICE_SIZE },
8064         { load_conn_param,        true,  MGMT_LOAD_CONN_PARAM_SIZE },
8065         { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
8066         { read_config_info,       false, MGMT_READ_CONFIG_INFO_SIZE },
8067         { set_external_config,    false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
8068         { set_public_address,     false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
8069         { start_service_discovery,true,  MGMT_START_SERVICE_DISCOVERY_SIZE },
8070 };
8071
8072 #ifdef CONFIG_TIZEN_WIP
8073 static const struct mgmt_handler tizen_mgmt_handlers[] = {
8074         { NULL }, /* 0x0000 (no command) */
8075         { set_advertising_params,  false, MGMT_SET_ADVERTISING_PARAMS_SIZE },
8076         { set_advertising_data,    true, MGMT_SET_ADV_MIN_APP_DATA_SIZE },
8077         { set_scan_rsp_data,       true, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE },
8078         { add_white_list,          false, MGMT_ADD_DEV_WHITE_LIST_SIZE },
8079         { remove_from_white_list,  false, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
8080         { clear_white_list,        false, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
8081         { set_enable_rssi,         false, MGMT_SET_RSSI_ENABLE_SIZE },
8082         { get_raw_rssi,            false, MGMT_GET_RAW_RSSI_SIZE },
8083         { set_disable_threshold,   false, MGMT_SET_RSSI_DISABLE_SIZE },
8084         { start_le_discovery,      false, MGMT_START_LE_DISCOVERY_SIZE },
8085         { stop_le_discovery,       false, MGMT_STOP_LE_DISCOVERY_SIZE },
8086         { disable_le_auto_connect, false, MGMT_DISABLE_LE_AUTO_CONNECT_SIZE },
8087         { le_conn_update,          false, MGMT_LE_CONN_UPDATE_SIZE},
8088         { set_manufacturer_data,   false, MGMT_SET_MANUFACTURER_DATA_SIZE},
8089         { le_set_scan_params,      false, MGMT_LE_SET_SCAN_PARAMS_SIZE },
8090         { set_voice_setting,       false, MGMT_SET_VOICE_SETTING_SIZE},
8091         { get_adv_tx_power,       false, MGMT_GET_ADV_TX_POWER_SIZE},
8092         { enable_bt_6lowpan,       false, MGMT_ENABLE_BT_6LOWPAN_SIZE },
8093         { disconnect_bt_6lowpan,   false, MGMT_DISCONNECT_6LOWPAN_SIZE },
8094 };
8095 #endif
8096
8097 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
8098 {
8099         void *buf;
8100         u8 *cp;
8101         struct mgmt_hdr *hdr;
8102         u16 opcode, index, len;
8103         struct hci_dev *hdev = NULL;
8104         const struct mgmt_handler *handler;
8105         int err;
8106
8107         BT_DBG("got %zu bytes", msglen);
8108
8109         if (msglen < sizeof(*hdr))
8110                 return -EINVAL;
8111
8112         buf = kmalloc(msglen, GFP_KERNEL);
8113         if (!buf)
8114                 return -ENOMEM;
8115
8116 #ifdef CONFIG_TIZEN_WIP
8117         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
8118 #else
8119         if (memcpy_from_msg(buf, msg, msglen)) {
8120 #endif
8121                 err = -EFAULT;
8122                 goto done;
8123         }
8124
8125         hdr = buf;
8126         opcode = __le16_to_cpu(hdr->opcode);
8127         index = __le16_to_cpu(hdr->index);
8128         len = __le16_to_cpu(hdr->len);
8129
8130         if (len != msglen - sizeof(*hdr)) {
8131                 err = -EINVAL;
8132                 goto done;
8133         }
8134
8135         if (index != MGMT_INDEX_NONE) {
8136                 hdev = hci_dev_get(index);
8137                 if (!hdev) {
8138                         err = cmd_status(sk, index, opcode,
8139                                          MGMT_STATUS_INVALID_INDEX);
8140                         goto done;
8141                 }
8142
8143                 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
8144                     test_bit(HCI_CONFIG, &hdev->dev_flags) ||
8145                     test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
8146                         err = cmd_status(sk, index, opcode,
8147                                          MGMT_STATUS_INVALID_INDEX);
8148                         goto done;
8149                 }
8150
8151                 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
8152                     opcode != MGMT_OP_READ_CONFIG_INFO &&
8153                     opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
8154                     opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
8155                         err = cmd_status(sk, index, opcode,
8156                                          MGMT_STATUS_INVALID_INDEX);
8157                         goto done;
8158                 }
8159         }
8160
8161         if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8162             mgmt_handlers[opcode].func == NULL) {
8163 #ifdef CONFIG_TIZEN_WIP
8164                 u16 tizen_opcode = opcode - TIZEN_OP_CODE_BASE;
8165
8166                 if (tizen_opcode > 0 &&
8167                     tizen_opcode < ARRAY_SIZE(tizen_mgmt_handlers) &&
8168                     tizen_mgmt_handlers[tizen_opcode].func) {
8169
8170                     handler = &tizen_mgmt_handlers[tizen_opcode];
8171                     goto handle_mgmt;
8172                 }
8173 #endif
8174                 BT_DBG("Unknown op %u", opcode);
8175                 err = cmd_status(sk, index, opcode,
8176                                  MGMT_STATUS_UNKNOWN_COMMAND);
8177                 goto done;
8178         }
8179
8180         if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
8181                      opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8182                 err = cmd_status(sk, index, opcode,
8183                                  MGMT_STATUS_INVALID_INDEX);
8184                 goto done;
8185         }
8186
8187         if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
8188                       opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
8189                 err = cmd_status(sk, index, opcode,
8190                                  MGMT_STATUS_INVALID_INDEX);
8191                 goto done;
8192         }
8193
8194         handler = &mgmt_handlers[opcode];
8195
8196 #ifdef CONFIG_TIZEN_WIP
8197 handle_mgmt:
8198 #endif
8199         if ((handler->var_len && len < handler->data_len) ||
8200             (!handler->var_len && len != handler->data_len)) {
8201                 err = cmd_status(sk, index, opcode,
8202                                  MGMT_STATUS_INVALID_PARAMS);
8203                 goto done;
8204         }
8205
8206         if (hdev)
8207                 mgmt_init_hdev(sk, hdev);
8208
8209         cp = buf + sizeof(*hdr);
8210
8211         err = handler->func(sk, hdev, cp, len);
8212         if (err < 0)
8213                 goto done;
8214
8215         err = msglen;
8216
8217 done:
8218         if (hdev)
8219                 hci_dev_put(hdev);
8220
8221         kfree(buf);
8222         return err;
8223 }
8224
8225 void mgmt_index_added(struct hci_dev *hdev)
8226 {
8227         if (hdev->dev_type != HCI_BREDR)
8228                 return;
8229
8230         if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8231                 return;
8232
8233         if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8234                 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
8235         else
8236                 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
8237 }
8238
8239 void mgmt_index_removed(struct hci_dev *hdev)
8240 {
8241         u8 status = MGMT_STATUS_INVALID_INDEX;
8242
8243         if (hdev->dev_type != HCI_BREDR)
8244                 return;
8245
8246         if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8247                 return;
8248
8249         mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8250
8251         if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
8252                 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
8253         else
8254                 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
8255 }
8256
8257 /* This function requires the caller holds hdev->lock */
8258 static void restart_le_actions(struct hci_request *req)
8259 {
8260         struct hci_dev *hdev = req->hdev;
8261         struct hci_conn_params *p;
8262
8263         list_for_each_entry(p, &hdev->le_conn_params, list) {
8264                 /* Needed for AUTO_OFF case where might not "really"
8265                  * have been powered off.
8266                  */
8267                 list_del_init(&p->action);
8268
8269                 switch (p->auto_connect) {
8270                 case HCI_AUTO_CONN_DIRECT:
8271                 case HCI_AUTO_CONN_ALWAYS:
8272                         list_add(&p->action, &hdev->pend_le_conns);
8273                         break;
8274                 case HCI_AUTO_CONN_REPORT:
8275                         list_add(&p->action, &hdev->pend_le_reports);
8276                         break;
8277                 default:
8278                         break;
8279                 }
8280         }
8281
8282         __hci_update_background_scan(req);
8283 }
8284
8285 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8286 {
8287         struct cmd_lookup match = { NULL, hdev };
8288
8289         BT_DBG("status 0x%02x", status);
8290
8291         if (!status) {
8292                 /* Register the available SMP channels (BR/EDR and LE) only
8293                  * when successfully powering on the controller. This late
8294                  * registration is required so that LE SMP can clearly
8295                  * decide if the public address or static address is used.
8296                  */
8297                 smp_register(hdev);
8298         }
8299
8300         hci_dev_lock(hdev);
8301
8302         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8303
8304         new_settings(hdev, match.sk);
8305
8306         hci_dev_unlock(hdev);
8307
8308         if (match.sk)
8309                 sock_put(match.sk);
8310 }
8311
8312 static int powered_update_hci(struct hci_dev *hdev)
8313 {
8314         struct hci_request req;
8315         u8 link_sec;
8316
8317         hci_req_init(&req, hdev);
8318
8319         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
8320             !lmp_host_ssp_capable(hdev)) {
8321                 u8 mode = 0x01;
8322
8323                 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
8324
8325                 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
8326                         u8 support = 0x01;
8327
8328                         hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
8329                                     sizeof(support), &support);
8330                 }
8331         }
8332
8333         if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
8334             lmp_bredr_capable(hdev)) {
8335                 struct hci_cp_write_le_host_supported cp;
8336
8337                 cp.le = 0x01;
8338                 cp.simul = 0x00;
8339
8340                 /* Check first if we already have the right
8341                  * host state (host features set)
8342                  */
8343                 if (cp.le != lmp_host_le_capable(hdev) ||
8344                     cp.simul != lmp_host_le_br_capable(hdev))
8345                         hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
8346                                     sizeof(cp), &cp);
8347         }
8348
8349         if (lmp_le_capable(hdev)) {
8350                 /* Make sure the controller has a good default for
8351                  * advertising data. This also applies to the case
8352                  * where BR/EDR was toggled during the AUTO_OFF phase.
8353                  */
8354                 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
8355                         update_adv_data(&req);
8356                         update_scan_rsp_data(&req);
8357                 }
8358
8359                 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
8360                         enable_advertising(&req);
8361
8362                 restart_le_actions(&req);
8363         }
8364
8365         link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
8366         if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
8367                 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
8368                             sizeof(link_sec), &link_sec);
8369
8370         if (lmp_bredr_capable(hdev)) {
8371                 write_fast_connectable(&req, false);
8372                 __hci_update_page_scan(&req);
8373                 update_class(&req);
8374                 update_name(&req);
8375                 update_eir(&req);
8376         }
8377
8378         return hci_req_run(&req, powered_complete);
8379 }
8380
8381 int mgmt_powered(struct hci_dev *hdev, u8 powered)
8382 {
8383         struct cmd_lookup match = { NULL, hdev };
8384         u8 status, zero_cod[] = { 0, 0, 0 };
8385         int err;
8386
8387         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
8388                 return 0;
8389
8390         if (powered) {
8391                 if (powered_update_hci(hdev) == 0)
8392                         return 0;
8393
8394                 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
8395                                      &match);
8396                 goto new_settings;
8397         }
8398
8399         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8400
8401         /* If the power off is because of hdev unregistration let
8402          * use the appropriate INVALID_INDEX status. Otherwise use
8403          * NOT_POWERED. We cover both scenarios here since later in
8404          * mgmt_index_removed() any hci_conn callbacks will have already
8405          * been triggered, potentially causing misleading DISCONNECTED
8406          * status responses.
8407          */
8408         if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
8409                 status = MGMT_STATUS_INVALID_INDEX;
8410         else
8411                 status = MGMT_STATUS_NOT_POWERED;
8412
8413         mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8414
8415         if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
8416                 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8417                            zero_cod, sizeof(zero_cod), NULL);
8418
8419 new_settings:
8420         err = new_settings(hdev, match.sk);
8421
8422         if (match.sk)
8423                 sock_put(match.sk);
8424
8425         return err;
8426 }
8427
8428 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
8429 {
8430         struct pending_cmd *cmd;
8431         u8 status;
8432
8433         cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8434         if (!cmd)
8435                 return;
8436
8437         if (err == -ERFKILL)
8438                 status = MGMT_STATUS_RFKILLED;
8439         else
8440                 status = MGMT_STATUS_FAILED;
8441
8442         cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
8443
8444         mgmt_pending_remove(cmd);
8445 }
8446
8447 void mgmt_discoverable_timeout(struct hci_dev *hdev)
8448 {
8449         struct hci_request req;
8450
8451         hci_dev_lock(hdev);
8452
8453         /* When discoverable timeout triggers, then just make sure
8454          * the limited discoverable flag is cleared. Even in the case
8455          * of a timeout triggered from general discoverable, it is
8456          * safe to unconditionally clear the flag.
8457          */
8458         clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
8459         clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
8460
8461         hci_req_init(&req, hdev);
8462         if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
8463                 u8 scan = SCAN_PAGE;
8464                 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
8465                             sizeof(scan), &scan);
8466         }
8467         update_class(&req);
8468         update_adv_data(&req);
8469         hci_req_run(&req, NULL);
8470
8471         hdev->discov_timeout = 0;
8472
8473         new_settings(hdev, NULL);
8474
8475         hci_dev_unlock(hdev);
8476 }
8477
8478 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8479                        bool persistent)
8480 {
8481         struct mgmt_ev_new_link_key ev;
8482
8483         memset(&ev, 0, sizeof(ev));
8484
8485         ev.store_hint = persistent;
8486         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8487         ev.key.addr.type = BDADDR_BREDR;
8488         ev.key.type = key->type;
8489         memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
8490         ev.key.pin_len = key->pin_len;
8491
8492         mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
8493 }
8494
8495 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8496 {
8497         switch (ltk->type) {
8498         case SMP_LTK:
8499         case SMP_LTK_SLAVE:
8500                 if (ltk->authenticated)
8501                         return MGMT_LTK_AUTHENTICATED;
8502                 return MGMT_LTK_UNAUTHENTICATED;
8503         case SMP_LTK_P256:
8504                 if (ltk->authenticated)
8505                         return MGMT_LTK_P256_AUTH;
8506                 return MGMT_LTK_P256_UNAUTH;
8507         case SMP_LTK_P256_DEBUG:
8508                 return MGMT_LTK_P256_DEBUG;
8509         }
8510
8511         return MGMT_LTK_UNAUTHENTICATED;
8512 }
8513
8514 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
8515 {
8516         struct mgmt_ev_new_long_term_key ev;
8517
8518         memset(&ev, 0, sizeof(ev));
8519
8520         /* Devices using resolvable or non-resolvable random addresses
8521          * without providing an indentity resolving key don't require
8522          * to store long term keys. Their addresses will change the
8523          * next time around.
8524          *
8525          * Only when a remote device provides an identity address
8526          * make sure the long term key is stored. If the remote
8527          * identity is known, the long term keys are internally
8528          * mapped to the identity address. So allow static random
8529          * and public addresses here.
8530          */
8531         if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8532             (key->bdaddr.b[5] & 0xc0) != 0xc0)
8533                 ev.store_hint = 0x00;
8534         else
8535                 ev.store_hint = persistent;
8536
8537         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
8538         ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
8539         ev.key.type = mgmt_ltk_type(key);
8540         ev.key.enc_size = key->enc_size;
8541         ev.key.ediv = key->ediv;
8542         ev.key.rand = key->rand;
8543
8544         if (key->type == SMP_LTK)
8545                 ev.key.master = 1;
8546
8547         memcpy(ev.key.val, key->val, sizeof(key->val));
8548
8549         mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
8550 }
8551
8552 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
8553 {
8554         struct mgmt_ev_new_irk ev;
8555
8556         memset(&ev, 0, sizeof(ev));
8557
8558         /* For identity resolving keys from devices that are already
8559          * using a public address or static random address, do not
8560          * ask for storing this key. The identity resolving key really
8561          * is only mandatory for devices using resovlable random
8562          * addresses.
8563          *
8564          * Storing all identity resolving keys has the downside that
8565          * they will be also loaded on next boot of they system. More
8566          * identity resolving keys, means more time during scanning is
8567          * needed to actually resolve these addresses.
8568          */
8569         if (bacmp(&irk->rpa, BDADDR_ANY))
8570                 ev.store_hint = 0x01;
8571         else
8572                 ev.store_hint = 0x00;
8573
8574         bacpy(&ev.rpa, &irk->rpa);
8575         bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8576         ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8577         memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8578
8579         mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8580 }
8581
8582 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8583                    bool persistent)
8584 {
8585         struct mgmt_ev_new_csrk ev;
8586
8587         memset(&ev, 0, sizeof(ev));
8588
8589         /* Devices using resolvable or non-resolvable random addresses
8590          * without providing an indentity resolving key don't require
8591          * to store signature resolving keys. Their addresses will change
8592          * the next time around.
8593          *
8594          * Only when a remote device provides an identity address
8595          * make sure the signature resolving key is stored. So allow
8596          * static random and public addresses here.
8597          */
8598         if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8599             (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8600                 ev.store_hint = 0x00;
8601         else
8602                 ev.store_hint = persistent;
8603
8604         bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8605         ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
8606         ev.key.master = csrk->master;
8607         memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8608
8609         mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8610 }
8611
8612 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
8613                          u8 bdaddr_type, u8 store_hint, u16 min_interval,
8614                          u16 max_interval, u16 latency, u16 timeout)
8615 {
8616         struct mgmt_ev_new_conn_param ev;
8617
8618         if (!hci_is_identity_address(bdaddr, bdaddr_type))
8619                 return;
8620
8621         memset(&ev, 0, sizeof(ev));
8622         bacpy(&ev.addr.bdaddr, bdaddr);
8623         ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
8624         ev.store_hint = store_hint;
8625         ev.min_interval = cpu_to_le16(min_interval);
8626         ev.max_interval = cpu_to_le16(max_interval);
8627         ev.latency = cpu_to_le16(latency);
8628         ev.timeout = cpu_to_le16(timeout);
8629
8630         mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8631 }
8632
8633 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
8634                                   u8 data_len)
8635 {
8636         eir[eir_len++] = sizeof(type) + data_len;
8637         eir[eir_len++] = type;
8638         memcpy(&eir[eir_len], data, data_len);
8639         eir_len += data_len;
8640
8641         return eir_len;
8642 }
8643
8644 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8645                            u32 flags, u8 *name, u8 name_len)
8646 {
8647         char buf[512];
8648         struct mgmt_ev_device_connected *ev = (void *) buf;
8649         u16 eir_len = 0;
8650
8651         bacpy(&ev->addr.bdaddr, &conn->dst);
8652         ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8653
8654         ev->flags = __cpu_to_le32(flags);
8655
8656         /* We must ensure that the EIR Data fields are ordered and
8657          * unique. Keep it simple for now and avoid the problem by not
8658          * adding any BR/EDR data to the LE adv.
8659          */
8660         if (conn->le_adv_data_len > 0) {
8661                 memcpy(&ev->eir[eir_len],
8662                        conn->le_adv_data, conn->le_adv_data_len);
8663                 eir_len = conn->le_adv_data_len;
8664         } else {
8665                 if (name_len > 0)
8666                         eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8667                                                   name, name_len);
8668
8669                 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
8670                         eir_len = eir_append_data(ev->eir, eir_len,
8671                                                   EIR_CLASS_OF_DEV,
8672                                                   conn->dev_class, 3);
8673         }
8674
8675         ev->eir_len = cpu_to_le16(eir_len);
8676
8677         mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8678                     sizeof(*ev) + eir_len, NULL);
8679 }
8680
8681 #ifdef CONFIG_TIZEN_WIP
8682 /* BEGIN TIZEN_Bluetooth :: name update changes */
8683 int mgmt_device_name_update(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name,
8684                             u8 name_len)
8685 {
8686         char buf[512];
8687         struct mgmt_ev_device_name_update *ev = (void *) buf;
8688         u16 eir_len = 0;
8689
8690         if (name_len <= 0)
8691                 return -EINVAL;
8692
8693         bacpy(&ev->addr.bdaddr, bdaddr);
8694         ev->addr.type = BDADDR_BREDR;
8695
8696         eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8697                                   name_len);
8698
8699         ev->eir_len = cpu_to_le16(eir_len);
8700
8701         return mgmt_event(MGMT_EV_DEVICE_NAME_UPDATE, hdev, buf,
8702                           sizeof(*ev) + eir_len, NULL);
8703 }
8704 /* END TIZEN_Bluetooth :: name update changes */
8705 #endif
8706
8707 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
8708 {
8709         struct sock **sk = data;
8710
8711         cmd->cmd_complete(cmd, 0);
8712
8713         *sk = cmd->sk;
8714         sock_hold(*sk);
8715
8716         mgmt_pending_remove(cmd);
8717 }
8718
8719 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
8720 {
8721         struct hci_dev *hdev = data;
8722         struct mgmt_cp_unpair_device *cp = cmd->param;
8723
8724         device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8725
8726         cmd->cmd_complete(cmd, 0);
8727         mgmt_pending_remove(cmd);
8728 }
8729
8730 bool mgmt_powering_down(struct hci_dev *hdev)
8731 {
8732         struct pending_cmd *cmd;
8733         struct mgmt_mode *cp;
8734
8735         cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
8736         if (!cmd)
8737                 return false;
8738
8739         cp = cmd->param;
8740         if (!cp->val)
8741                 return true;
8742
8743         return false;
8744 }
8745
8746 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
8747                               u8 link_type, u8 addr_type, u8 reason,
8748                               bool mgmt_connected)
8749 {
8750         struct mgmt_ev_device_disconnected ev;
8751         struct sock *sk = NULL;
8752
8753         /* The connection is still in hci_conn_hash so test for 1
8754          * instead of 0 to know if this is the last one.
8755          */
8756         if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8757                 cancel_delayed_work(&hdev->power_off);
8758                 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8759         }
8760
8761         if (!mgmt_connected)
8762                 return;
8763
8764         if (link_type != ACL_LINK && link_type != LE_LINK)
8765                 return;
8766
8767         mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
8768
8769         bacpy(&ev.addr.bdaddr, bdaddr);
8770         ev.addr.type = link_to_bdaddr(link_type, addr_type);
8771         ev.reason = reason;
8772
8773         mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8774
8775         if (sk)
8776                 sock_put(sk);
8777
8778         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8779                              hdev);
8780 }
8781
8782 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8783                             u8 link_type, u8 addr_type, u8 status)
8784 {
8785         u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8786         struct mgmt_cp_disconnect *cp;
8787         struct pending_cmd *cmd;
8788
8789         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8790                              hdev);
8791
8792         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8793         if (!cmd)
8794                 return;
8795
8796         cp = cmd->param;
8797
8798         if (bacmp(bdaddr, &cp->addr.bdaddr))
8799                 return;
8800
8801         if (cp->addr.type != bdaddr_type)
8802                 return;
8803
8804         cmd->cmd_complete(cmd, mgmt_status(status));
8805         mgmt_pending_remove(cmd);
8806 }
8807
8808 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8809                          u8 addr_type, u8 status)
8810 {
8811         struct mgmt_ev_connect_failed ev;
8812
8813         /* The connection is still in hci_conn_hash so test for 1
8814          * instead of 0 to know if this is the last one.
8815          */
8816         if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8817                 cancel_delayed_work(&hdev->power_off);
8818                 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8819         }
8820
8821         bacpy(&ev.addr.bdaddr, bdaddr);
8822         ev.addr.type = link_to_bdaddr(link_type, addr_type);
8823         ev.status = mgmt_status(status);
8824
8825         mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
8826 }
8827 #ifdef CONFIG_TIZEN_WIP
8828 void mgmt_hardware_error(struct hci_dev *hdev, u8 err_code)
8829 {
8830         struct mgmt_ev_hardware_error ev;
8831
8832         ev.error_code = err_code;
8833         mgmt_event(MGMT_EV_HARDWARE_ERROR, hdev, &ev, sizeof(ev), NULL);
8834 }
8835
8836 void mgmt_tx_timeout_error(struct hci_dev *hdev)
8837 {
8838         mgmt_event(MGMT_EV_TX_TIMEOUT_ERROR, hdev, NULL, 0, NULL);
8839 }
8840 #endif
8841
8842 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
8843 {
8844         struct mgmt_ev_pin_code_request ev;
8845
8846         bacpy(&ev.addr.bdaddr, bdaddr);
8847         ev.addr.type = BDADDR_BREDR;
8848         ev.secure = secure;
8849
8850         mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
8851 }
8852
8853 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8854                                   u8 status)
8855 {
8856         struct pending_cmd *cmd;
8857
8858         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
8859         if (!cmd)
8860                 return;
8861
8862         cmd->cmd_complete(cmd, mgmt_status(status));
8863         mgmt_pending_remove(cmd);
8864 }
8865
8866 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8867                                       u8 status)
8868 {
8869         struct pending_cmd *cmd;
8870
8871         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
8872         if (!cmd)
8873                 return;
8874
8875         cmd->cmd_complete(cmd, mgmt_status(status));
8876         mgmt_pending_remove(cmd);
8877 }
8878
8879 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8880                               u8 link_type, u8 addr_type, u32 value,
8881                               u8 confirm_hint)
8882 {
8883         struct mgmt_ev_user_confirm_request ev;
8884
8885         BT_DBG("%s", hdev->name);
8886
8887         bacpy(&ev.addr.bdaddr, bdaddr);
8888         ev.addr.type = link_to_bdaddr(link_type, addr_type);
8889         ev.confirm_hint = confirm_hint;
8890         ev.value = cpu_to_le32(value);
8891
8892         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
8893                           NULL);
8894 }
8895
8896 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8897                               u8 link_type, u8 addr_type)
8898 {
8899         struct mgmt_ev_user_passkey_request ev;
8900
8901         BT_DBG("%s", hdev->name);
8902
8903         bacpy(&ev.addr.bdaddr, bdaddr);
8904         ev.addr.type = link_to_bdaddr(link_type, addr_type);
8905
8906         return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
8907                           NULL);
8908 }
8909
8910 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8911                                       u8 link_type, u8 addr_type, u8 status,
8912                                       u8 opcode)
8913 {
8914         struct pending_cmd *cmd;
8915
8916         cmd = mgmt_pending_find(opcode, hdev);
8917         if (!cmd)
8918                 return -ENOENT;
8919
8920         cmd->cmd_complete(cmd, mgmt_status(status));
8921         mgmt_pending_remove(cmd);
8922
8923         return 0;
8924 }
8925
8926 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8927                                      u8 link_type, u8 addr_type, u8 status)
8928 {
8929         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8930                                           status, MGMT_OP_USER_CONFIRM_REPLY);
8931 }
8932
8933 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8934                                          u8 link_type, u8 addr_type, u8 status)
8935 {
8936         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8937                                           status,
8938                                           MGMT_OP_USER_CONFIRM_NEG_REPLY);
8939 }
8940
8941 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8942                                      u8 link_type, u8 addr_type, u8 status)
8943 {
8944         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8945                                           status, MGMT_OP_USER_PASSKEY_REPLY);
8946 }
8947
8948 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8949                                          u8 link_type, u8 addr_type, u8 status)
8950 {
8951         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8952                                           status,
8953                                           MGMT_OP_USER_PASSKEY_NEG_REPLY);
8954 }
8955
8956 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8957                              u8 link_type, u8 addr_type, u32 passkey,
8958                              u8 entered)
8959 {
8960         struct mgmt_ev_passkey_notify ev;
8961
8962         BT_DBG("%s", hdev->name);
8963
8964         bacpy(&ev.addr.bdaddr, bdaddr);
8965         ev.addr.type = link_to_bdaddr(link_type, addr_type);
8966         ev.passkey = __cpu_to_le32(passkey);
8967         ev.entered = entered;
8968
8969         return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8970 }
8971
8972 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
8973 {
8974         struct mgmt_ev_auth_failed ev;
8975         struct pending_cmd *cmd;
8976         u8 status = mgmt_status(hci_status);
8977
8978         bacpy(&ev.addr.bdaddr, &conn->dst);
8979         ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8980         ev.status = status;
8981
8982         cmd = find_pairing(conn);
8983
8984         mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8985                     cmd ? cmd->sk : NULL);
8986
8987         if (cmd) {
8988                 cmd->cmd_complete(cmd, status);
8989                 mgmt_pending_remove(cmd);
8990         }
8991 }
8992
8993 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8994 {
8995         struct cmd_lookup match = { NULL, hdev };
8996         bool changed;
8997
8998         if (status) {
8999                 u8 mgmt_err = mgmt_status(status);
9000                 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9001                                      cmd_status_rsp, &mgmt_err);
9002                 return;
9003         }
9004
9005         if (test_bit(HCI_AUTH, &hdev->flags))
9006                 changed = !test_and_set_bit(HCI_LINK_SECURITY,
9007                                             &hdev->dev_flags);
9008         else
9009                 changed = test_and_clear_bit(HCI_LINK_SECURITY,
9010                                              &hdev->dev_flags);
9011
9012         mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9013                              &match);
9014
9015         if (changed)
9016                 new_settings(hdev, match.sk);
9017
9018         if (match.sk)
9019                 sock_put(match.sk);
9020 }
9021
9022 static void clear_eir(struct hci_request *req)
9023 {
9024         struct hci_dev *hdev = req->hdev;
9025         struct hci_cp_write_eir cp;
9026
9027         if (!lmp_ext_inq_capable(hdev))
9028                 return;
9029
9030         memset(hdev->eir, 0, sizeof(hdev->eir));
9031
9032         memset(&cp, 0, sizeof(cp));
9033
9034         hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
9035 }
9036
9037 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
9038 {
9039         struct cmd_lookup match = { NULL, hdev };
9040         struct hci_request req;
9041         bool changed = false;
9042
9043         if (status) {
9044                 u8 mgmt_err = mgmt_status(status);
9045
9046                 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9047                                                  &hdev->dev_flags)) {
9048                         clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9049                         new_settings(hdev, NULL);
9050                 }
9051
9052                 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9053                                      &mgmt_err);
9054                 return;
9055         }
9056
9057         if (enable) {
9058                 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9059         } else {
9060                 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
9061                 if (!changed)
9062                         changed = test_and_clear_bit(HCI_HS_ENABLED,
9063                                                      &hdev->dev_flags);
9064                 else
9065                         clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
9066         }
9067
9068         mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9069
9070         if (changed)
9071                 new_settings(hdev, match.sk);
9072
9073         if (match.sk)
9074                 sock_put(match.sk);
9075
9076         hci_req_init(&req, hdev);
9077
9078         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
9079                 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
9080                         hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9081                                     sizeof(enable), &enable);
9082                 update_eir(&req);
9083         } else {
9084                 clear_eir(&req);
9085         }
9086
9087         hci_req_run(&req, NULL);
9088 }
9089
9090 static void sk_lookup(struct pending_cmd *cmd, void *data)
9091 {
9092         struct cmd_lookup *match = data;
9093
9094         if (match->sk == NULL) {
9095                 match->sk = cmd->sk;
9096                 sock_hold(match->sk);
9097         }
9098 }
9099
9100 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9101                                     u8 status)
9102 {
9103         struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9104
9105         mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9106         mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9107         mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9108
9109         if (!status)
9110                 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
9111                            NULL);
9112
9113         if (match.sk)
9114                 sock_put(match.sk);
9115 }
9116
9117 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9118 {
9119         struct mgmt_cp_set_local_name ev;
9120         struct pending_cmd *cmd;
9121
9122         if (status)
9123                 return;
9124
9125         memset(&ev, 0, sizeof(ev));
9126         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9127         memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9128
9129         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9130         if (!cmd) {
9131                 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9132
9133                 /* If this is a HCI command related to powering on the
9134                  * HCI dev don't send any mgmt signals.
9135                  */
9136                 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
9137                         return;
9138         }
9139
9140         mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9141                    cmd ? cmd->sk : NULL);
9142 }
9143
9144 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
9145                                        u8 *rand192, u8 *hash256, u8 *rand256,
9146                                        u8 status)
9147 {
9148         struct pending_cmd *cmd;
9149
9150         BT_DBG("%s status %u", hdev->name, status);
9151
9152         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
9153         if (!cmd)
9154                 return;
9155
9156         if (status) {
9157                 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
9158                            mgmt_status(status));
9159         } else {
9160                 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
9161                         struct mgmt_rp_read_local_oob_ext_data rp;
9162
9163                         memcpy(rp.hash192, hash192, sizeof(rp.hash192));
9164                         memcpy(rp.rand192, rand192, sizeof(rp.rand192));
9165
9166                         memcpy(rp.hash256, hash256, sizeof(rp.hash256));
9167                         memcpy(rp.rand256, rand256, sizeof(rp.rand256));
9168
9169                         cmd_complete(cmd->sk, hdev->id,
9170                                      MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9171                                      &rp, sizeof(rp));
9172                 } else {
9173                         struct mgmt_rp_read_local_oob_data rp;
9174
9175                         memcpy(rp.hash, hash192, sizeof(rp.hash));
9176                         memcpy(rp.rand, rand192, sizeof(rp.rand));
9177
9178                         cmd_complete(cmd->sk, hdev->id,
9179                                      MGMT_OP_READ_LOCAL_OOB_DATA, 0,
9180                                      &rp, sizeof(rp));
9181                 }
9182         }
9183
9184         mgmt_pending_remove(cmd);
9185 }
9186
9187 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9188 {
9189         int i;
9190
9191         for (i = 0; i < uuid_count; i++) {
9192                 if (!memcmp(uuid, uuids[i], 16))
9193                         return true;
9194         }
9195
9196         return false;
9197 }
9198
9199 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9200 {
9201         u16 parsed = 0;
9202
9203         while (parsed < eir_len) {
9204                 u8 field_len = eir[0];
9205                 u8 uuid[16];
9206                 int i;
9207
9208                 if (field_len == 0)
9209                         break;
9210
9211                 if (eir_len - parsed < field_len + 1)
9212                         break;
9213
9214                 switch (eir[1]) {
9215                 case EIR_UUID16_ALL:
9216                 case EIR_UUID16_SOME:
9217                         for (i = 0; i + 3 <= field_len; i += 2) {
9218                                 memcpy(uuid, bluetooth_base_uuid, 16);
9219                                 uuid[13] = eir[i + 3];
9220                                 uuid[12] = eir[i + 2];
9221                                 if (has_uuid(uuid, uuid_count, uuids))
9222                                         return true;
9223                         }
9224                         break;
9225                 case EIR_UUID32_ALL:
9226                 case EIR_UUID32_SOME:
9227                         for (i = 0; i + 5 <= field_len; i += 4) {
9228                                 memcpy(uuid, bluetooth_base_uuid, 16);
9229                                 uuid[15] = eir[i + 5];
9230                                 uuid[14] = eir[i + 4];
9231                                 uuid[13] = eir[i + 3];
9232                                 uuid[12] = eir[i + 2];
9233                                 if (has_uuid(uuid, uuid_count, uuids))
9234                                         return true;
9235                         }
9236                         break;
9237                 case EIR_UUID128_ALL:
9238                 case EIR_UUID128_SOME:
9239                         for (i = 0; i + 17 <= field_len; i += 16) {
9240                                 memcpy(uuid, eir + i + 2, 16);
9241                                 if (has_uuid(uuid, uuid_count, uuids))
9242                                         return true;
9243                         }
9244                         break;
9245                 }
9246
9247                 parsed += field_len + 1;
9248                 eir += field_len + 1;
9249         }
9250
9251         return false;
9252 }
9253
9254 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9255                        u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9256                        u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9257 {
9258         char buf[512];
9259         struct mgmt_ev_device_found *ev = (void *) buf;
9260         size_t ev_size;
9261         bool match;
9262
9263         /* Don't send events for a non-kernel initiated discovery. With
9264          * LE one exception is if we have pend_le_reports > 0 in which
9265          * case we're doing passive scanning and want these events.
9266          */
9267         if (!hci_discovery_active(hdev)) {
9268                 if (link_type == ACL_LINK)
9269                         return;
9270                 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
9271                         return;
9272         }
9273
9274         /* When using service discovery with a RSSI threshold, then check
9275          * if such a RSSI threshold is specified. If a RSSI threshold has
9276          * been specified, then all results with a RSSI smaller than the
9277          * RSSI threshold will be dropped.
9278          *
9279          * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9280          * the results are also dropped.
9281          */
9282         if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9283             (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
9284                 return;
9285
9286         /* Make sure that the buffer is big enough. The 5 extra bytes
9287          * are for the potential CoD field.
9288          */
9289         if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9290                 return;
9291
9292         memset(buf, 0, sizeof(buf));
9293
9294         /* In case of device discovery with BR/EDR devices (pre 1.2), the
9295          * RSSI value was reported as 0 when not available. This behavior
9296          * is kept when using device discovery. This is required for full
9297          * backwards compatibility with the API.
9298          *
9299          * However when using service discovery, the value 127 will be
9300          * returned when the RSSI is not available.
9301          */
9302         if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9303             link_type == ACL_LINK)
9304                 rssi = 0;
9305
9306         bacpy(&ev->addr.bdaddr, bdaddr);
9307         ev->addr.type = link_to_bdaddr(link_type, addr_type);
9308         ev->rssi = rssi;
9309         ev->flags = cpu_to_le32(flags);
9310
9311         if (eir_len > 0) {
9312                 /* When using service discovery and a list of UUID is
9313                  * provided, results with no matching UUID should be
9314                  * dropped. In case there is a match the result is
9315                  * kept and checking possible scan response data
9316                  * will be skipped.
9317                  */
9318                 if (hdev->discovery.uuid_count > 0)
9319                         match = eir_has_uuids(eir, eir_len,
9320                                               hdev->discovery.uuid_count,
9321                                               hdev->discovery.uuids);
9322                 else
9323                         match = true;
9324
9325                 if (!match && !scan_rsp_len)
9326                         return;
9327
9328                 /* Copy EIR or advertising data into event */
9329                 memcpy(ev->eir, eir, eir_len);
9330         } else {
9331                 /* When using service discovery and a list of UUID is
9332                  * provided, results with empty EIR or advertising data
9333                  * should be dropped since they do not match any UUID.
9334                  */
9335                 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
9336                         return;
9337
9338                 match = false;
9339         }
9340
9341         if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9342                 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9343                                           dev_class, 3);
9344
9345         if (scan_rsp_len > 0) {
9346                 /* When using service discovery and a list of UUID is
9347                  * provided, results with no matching UUID should be
9348                  * dropped if there is no previous match from the
9349                  * advertising data.
9350                  */
9351                 if (hdev->discovery.uuid_count > 0) {
9352                         if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
9353                                                      hdev->discovery.uuid_count,
9354                                                      hdev->discovery.uuids))
9355                                 return;
9356                 }
9357
9358                 /* Append scan response data to event */
9359                 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9360         } else {
9361                 /* When using service discovery and a list of UUID is
9362                  * provided, results with empty scan response and no
9363                  * previous matched advertising data should be dropped.
9364                  */
9365                 if (hdev->discovery.uuid_count > 0 && !match)
9366                         return;
9367         }
9368
9369         ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9370         ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9371
9372         mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9373 }
9374
9375 #ifdef CONFIG_TIZEN_WIP /* TIZEN_Bluetooth :: Pass adv type */
9376 void mgmt_le_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9377                        u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9378                        u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len, u8 adv_type)
9379 {
9380         char buf[512];
9381         struct mgmt_ev_le_device_found *ev = (void *) buf;
9382         size_t ev_size;
9383
9384         if (!hci_discovery_active(hdev) && !hci_le_discovery_active(hdev))
9385                 return;
9386
9387         /* Make sure that the buffer is big enough. The 5 extra bytes
9388          * are for the potential CoD field.
9389          */
9390         if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
9391                 return;
9392
9393         memset(buf, 0, sizeof(buf));
9394
9395         bacpy(&ev->addr.bdaddr, bdaddr);
9396         ev->addr.type = link_to_bdaddr(link_type, addr_type);
9397         ev->rssi = rssi;
9398         ev->flags = cpu_to_le32(flags);
9399         ev->adv_type = adv_type;
9400
9401         if (eir_len > 0)
9402                 memcpy(ev->eir, eir, eir_len);
9403
9404         if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
9405                 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9406                                           dev_class, 3);
9407
9408         if (scan_rsp_len > 0)
9409                 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9410
9411         ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9412         ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
9413
9414         mgmt_event(MGMT_EV_LE_DEVICE_FOUND, hdev, ev, ev_size, NULL);
9415 }
9416 #endif
9417
9418 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9419                       u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9420 {
9421         struct mgmt_ev_device_found *ev;
9422         char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9423         u16 eir_len;
9424
9425         ev = (struct mgmt_ev_device_found *) buf;
9426
9427         memset(buf, 0, sizeof(buf));
9428
9429         bacpy(&ev->addr.bdaddr, bdaddr);
9430         ev->addr.type = link_to_bdaddr(link_type, addr_type);
9431         ev->rssi = rssi;
9432
9433         eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
9434                                   name_len);
9435
9436         ev->eir_len = cpu_to_le16(eir_len);
9437
9438         mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
9439 }
9440
9441 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9442 {
9443         struct mgmt_ev_discovering ev;
9444
9445         BT_DBG("%s discovering %u", hdev->name, discovering);
9446
9447         memset(&ev, 0, sizeof(ev));
9448         ev.type = hdev->discovery.type;
9449         ev.discovering = discovering;
9450
9451         mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9452 }
9453
9454 #ifdef CONFIG_TIZEN_WIP
9455 /* BEGIN TIZEN_Bluetooth :: Seperate LE discovery */
9456 void mgmt_le_discovering(struct hci_dev *hdev, u8 discovering)
9457 {
9458         struct mgmt_ev_discovering ev;
9459         struct pending_cmd *cmd;
9460
9461         BT_DBG("%s le discovering %u", hdev->name, discovering);
9462
9463         if (discovering)
9464                 cmd = mgmt_pending_find(MGMT_OP_START_LE_DISCOVERY, hdev);
9465         else
9466                 cmd = mgmt_pending_find(MGMT_OP_STOP_LE_DISCOVERY, hdev);
9467
9468         if (cmd != NULL) {
9469                 u8 type = hdev->le_discovery.type;
9470
9471                 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
9472                              sizeof(type));
9473                 mgmt_pending_remove(cmd);
9474         }
9475
9476         memset(&ev, 0, sizeof(ev));
9477         ev.type = hdev->le_discovery.type;
9478         ev.discovering = discovering;
9479
9480         mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9481 }
9482 /* END TIZEN_Bluetooth */
9483 #endif
9484
9485 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
9486 {
9487         BT_DBG("%s status %u", hdev->name, status);
9488 }
9489
9490 void mgmt_reenable_advertising(struct hci_dev *hdev)
9491 {
9492         struct hci_request req;
9493
9494         if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
9495                 return;
9496
9497         hci_req_init(&req, hdev);
9498         enable_advertising(&req);
9499         hci_req_run(&req, adv_enable_complete);
9500 }